[gentoo-commits] proj/portage:master commit in: pym/portage/, bin/
commit: c01fdd27473a76d1c8b6edb1b9dfb2c29645b1c2 Author: Zac Medico gentoo org> AuthorDate: Thu Feb 22 02:44:06 2018 + Commit: Zac Medico gentoo org> CommitDate: Thu Feb 22 17:30:27 2018 + URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=c01fdd27 emerge/ebuild: sanitize file descriptors on startup In order to ensure that any unintentionally inherited file descriptors will not be inherited by child processes, set the inheritable flag to False on startup, except for those corresponding to stdin, stdout, and stderr. This mitigates potential problems that might result from making the portage.process.spawn close_fds parameter default to False for versions of python with PEP 446 support. Bug: https://bugs.gentoo.org/648432 bin/ebuild | 2 ++ bin/emerge | 1 + pym/portage/process.py | 24 3 files changed, 27 insertions(+) diff --git a/bin/ebuild b/bin/ebuild index bda746f78..b1ef0573b 100755 --- a/bin/ebuild +++ b/bin/ebuild @@ -58,6 +58,8 @@ import portage.util from _emerge.Package import Package from _emerge.RootConfig import RootConfig +portage.process.sanitize_fds() + description = "See the ebuild(1) man page for more info" usage = "Usage: ebuild [command] ..." parser = argparse.ArgumentParser(description=description, usage=usage) diff --git a/bin/emerge b/bin/emerge index 43cfdcddb..5f08861e5 100755 --- a/bin/emerge +++ b/bin/emerge @@ -46,6 +46,7 @@ try: if __name__ == "__main__": from portage.exception import IsADirectory, ParseError, \ PermissionDenied + portage.process.sanitize_fds() try: retval = emerge_main() except PermissionDenied as e: diff --git a/pym/portage/process.py b/pym/portage/process.py index 4d96f156e..2af783e22 100644 --- a/pym/portage/process.py +++ b/pym/portage/process.py @@ -91,6 +91,30 @@ sandbox_capable = (os.path.isfile(SANDBOX_BINARY) and fakeroot_capable = (os.path.isfile(FAKEROOT_BINARY) and os.access(FAKEROOT_BINARY, os.X_OK)) + +def sanitize_fds(): + """ + Set the inheritable flag to False for all open file descriptors, + except for those corresponding to stdin, stdout, and stderr. This + ensures that any unintentionally inherited file descriptors will + not be inherited by child processes. + """ + if _set_inheritable is not None: + + whitelist = frozenset([ + sys.__stdin__.fileno(), + sys.__stdout__.fileno(), + sys.__stderr__.fileno(), + ]) + + for fd in get_open_fds(): + if fd not in whitelist: + try: + _set_inheritable(fd, False) + except OSError: + pass + + def spawn_bash(mycommand, debug=False, opt_name=None, **keywords): """ Spawns a bash shell running a specific commands
[gentoo-commits] proj/portage:master commit in: pym/portage/, bin/, pym/portage/dbapi/
commit: 3ffdbbe06fab5f3c60d03a77f5a2d08cb94b1869
Author: Arfrever Frehtes Taifersar Arahesis Apache Org>
AuthorDate: Mon Nov 30 23:06:18 2015 +
Commit: Arfrever Frehtes Taifersar Arahesis apache org>
CommitDate: Mon Nov 30 23:06:18 2015 +
URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=3ffdbbe0
ebuild: Do not catch unexpected KeyErrors from aux_get().
bin/ebuild| 5 +++--
pym/portage/dbapi/porttree.py | 20 ++--
pym/portage/exception.py | 5 -
3 files changed, 17 insertions(+), 13 deletions(-)
diff --git a/bin/ebuild b/bin/ebuild
index 59fced0..ed1231f 100755
--- a/bin/ebuild
+++ b/bin/ebuild
@@ -1,5 +1,5 @@
#!/usr/bin/python -bO
-# Copyright 1999-2014 Gentoo Foundation
+# Copyright 1999-2015 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
from __future__ import print_function
@@ -49,6 +49,7 @@ from portage import _shell_quote
from portage import _unicode_decode
from portage import _unicode_encode
from portage.const import VDB_PATH
+from portage.exception import PortageKeyError
from _emerge.Package import Package
from _emerge.RootConfig import RootConfig
@@ -273,7 +274,7 @@ try:
metadata = dict(zip(Package.metadata_keys,
portage.db[portage.settings['EROOT']][mytree].dbapi.aux_get(
cpv, Package.metadata_keys, myrepo=myrepo)))
-except KeyError:
+except PortageKeyError:
# aux_get failure, message should have been shown on stderr.
sys.exit(1)
diff --git a/pym/portage/dbapi/porttree.py b/pym/portage/dbapi/porttree.py
index a954de5..23f3169 100644
--- a/pym/portage/dbapi/porttree.py
+++ b/pym/portage/dbapi/porttree.py
@@ -1,4 +1,4 @@
-# Copyright 1998-2014 Gentoo Foundation
+# Copyright 1998-2015 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
from __future__ import unicode_literals
@@ -23,7 +23,7 @@ from portage.cache import volatile
from portage.cache.cache_errors import CacheError
from portage.cache.mappings import Mapping
from portage.dbapi import dbapi
-from portage.exception import PortageException, \
+from portage.exception import PortageException, PortageKeyError, \
FileNotFound, InvalidAtom, InvalidData, \
InvalidDependString, InvalidPackageName
from portage.localization import _
@@ -435,7 +435,7 @@ class portdbapi(dbapi):
writemsg(_("!!! aux_get(): ebuild for " \
"'%s' does not exist at:\n") % (cpv,),
noiselevel=-1)
writemsg("!!!%s\n" % ebuild_path,
noiselevel=-1)
- raise KeyError(cpv)
+ raise PortageKeyError(cpv)
# Pull pre-generated metadata from the metadata/cache/
# directory if it exists and is valid, otherwise fall
@@ -481,12 +481,12 @@ class portdbapi(dbapi):
def aux_get(self, mycpv, mylist, mytree=None, myrepo=None):
"stub code for returning auxilliary db information, such as
SLOT, DEPEND, etc."
'input: "sys-apps/foo-1.0",["SLOT","DEPEND","HOMEPAGE"]'
- 'return: ["0",">=sys-libs/bar-1.0","http://www.foo.com;] or
raise KeyError if error'
+ 'return: ["0",">=sys-libs/bar-1.0","http://www.foo.com;] or
raise PortageKeyError if error'
cache_me = False
if myrepo is not None:
mytree = self.treemap.get(myrepo)
if mytree is None:
- raise KeyError(myrepo)
+ raise PortageKeyError(myrepo)
if mytree is not None and len(self.porttrees) == 1 \
and mytree == self.porttrees[0]:
@@ -507,22 +507,22 @@ class portdbapi(dbapi):
try:
cat, pkg = mycpv.split("/", 1)
except ValueError:
- # Missing slash. Can't find ebuild so raise KeyError.
- raise KeyError(mycpv)
+ # Missing slash. Can't find ebuild so raise
PortageKeyError.
+ raise PortageKeyError(mycpv)
myebuild, mylocation = self.findname2(mycpv, mytree)
if not myebuild:
writemsg("!!! aux_get(): %s\n" % \
_("ebuild not found for '%s'") % mycpv,
noiselevel=1)
- raise KeyError(mycpv)
+ raise PortageKeyError(mycpv)
mydata, ebuild_hash = self._pull_valid_cache(mycpv, myebuild,
mylocation)
doregen = mydata is None
if doregen:
if myebuild in self._broken_ebuilds:
- raise KeyError(mycpv)
+ raise PortageKeyError(mycpv)
proc = EbuildMetadataPhase(cpv=mycpv,
[gentoo-commits] proj/portage:master commit in: pym/portage/, bin/, pym/portage/util/
commit: b7baeeec3ab6d1e944a2d1f9ab5d4d6ccebd97e8
Author: Zac Medico gentoo org>
AuthorDate: Fri Oct 2 07:09:31 2015 +
Commit: Zac Medico gentoo org>
CommitDate: Sat Oct 3 17:03:33 2015 +
URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=b7baeeec
unpack: use chmod-lite helper for bug 554084
Use the apply_recursive_permissions function to minimize the number of
chmod calls.
Also, fix an UnboundLocalError triggered in portage.data._get_global
by chmod-lite.
X-Gentoo-Bug: 554084
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=554084
Acked-by: Brian Dolbec gentoo.org>
bin/chmod-lite | 10 +
bin/chmod-lite.py| 30 ++
bin/phase-helpers.sh | 2 +-
pym/portage/data.py | 2 +-
pym/portage/util/__init__.py | 93
5 files changed, 92 insertions(+), 45 deletions(-)
diff --git a/bin/chmod-lite b/bin/chmod-lite
new file mode 100755
index 000..ffa8d4d
--- /dev/null
+++ b/bin/chmod-lite
@@ -0,0 +1,10 @@
+#!/bin/bash
+# Copyright 2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+export __PORTAGE_HELPER_CWD=${PWD}
+
+# Use safe cwd, avoiding unsafe import for bug #469338.
+cd "${PORTAGE_PYM_PATH}" || exit 1
+PYTHONPATH=${PORTAGE_PYTHONPATH:-${PORTAGE_PYM_PATH}} \
+ exec "${PORTAGE_PYTHON:-/usr/bin/python}"
"$PORTAGE_BIN_PATH/chmod-lite.py" "$@"
diff --git a/bin/chmod-lite.py b/bin/chmod-lite.py
new file mode 100755
index 000..177be7e
--- /dev/null
+++ b/bin/chmod-lite.py
@@ -0,0 +1,30 @@
+#!/usr/bin/python -b
+# Copyright 2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+import os
+import sys
+
+from portage.util import apply_recursive_permissions
+
+# Change back to original cwd _after_ all imports (bug #469338).
+os.chdir(os.environ["__PORTAGE_HELPER_CWD"])
+
+def main(files):
+
+ if sys.hexversion >= 0x300:
+ # We can't trust that the filesystem encoding (locale dependent)
+ # correctly matches the arguments, so use surrogateescape to
+ # pass through the original argv bytes for Python 3.
+ fs_encoding = sys.getfilesystemencoding()
+ files = [x.encode(fs_encoding, 'surrogateescape') for x in
files]
+
+ for filename in files:
+ # Emulate 'chmod -fR a+rX,u+w,g-w,o-w' with minimal chmod calls.
+ apply_recursive_permissions(filename, filemode=0o644,
+ filemask=0o022, dirmode=0o755, dirmask=0o022)
+
+ return os.EX_OK
+
+if __name__ == "__main__":
+ sys.exit(main(sys.argv[1:]))
diff --git a/bin/phase-helpers.sh b/bin/phase-helpers.sh
index efd2cfa..0c25ffe 100644
--- a/bin/phase-helpers.sh
+++ b/bin/phase-helpers.sh
@@ -532,7 +532,7 @@ unpack() {
# Do not chmod '.' since it's probably ${WORKDIR} and
PORTAGE_WORKDIR_MODE
# should be preserved.
find . -mindepth 1 -maxdepth 1 ! -type l -print0 | \
- ${XARGS} -0 chmod -fR a+rX,u+w,g-w,o-w
+ ${XARGS} -0 "${PORTAGE_BIN_PATH}/chmod-lite"
}
econf() {
diff --git a/pym/portage/data.py b/pym/portage/data.py
index 2fd287d..2c99548 100644
--- a/pym/portage/data.py
+++ b/pym/portage/data.py
@@ -139,7 +139,7 @@ def _get_global(k):
v = 2
elif unprivileged:
v = 2
- elif portage_gid in os.getgroups():
+ elif _get_global('portage_gid') in os.getgroups():
v = 1
elif k in ('portage_gid', 'portage_uid'):
diff --git a/pym/portage/util/__init__.py b/pym/portage/util/__init__.py
index c0b509b..2b7ff8d 100644
--- a/pym/portage/util/__init__.py
+++ b/pym/portage/util/__init__.py
@@ -17,9 +17,9 @@ from copy import deepcopy
import errno
import io
try:
- from itertools import filterfalse
+ from itertools import chain, filterfalse
except ImportError:
- from itertools import ifilterfalse as filterfalse
+ from itertools import chain, ifilterfalse as filterfalse
import logging
import re
import shlex
@@ -1041,6 +1041,23 @@ def unique_everseen(iterable, key=None):
seen_add(k)
yield element
+def _do_stat(filename, follow_links=True):
+ try:
+ if follow_links:
+ return os.stat(filename)
+ else:
+ return os.lstat(filename)
+ except OSError as oe:
+ func_call = "stat('%s')" % filename
+ if oe.errno == errno.EPERM:
+ raise OperationNotPermitted(func_call)
+ elif oe.errno == errno.EACCES:
+ raise PermissionDenied(func_call)
+ elif oe.errno == errno.ENOENT:
+ raise FileNotFound(filename)
+ else:
+
[gentoo-commits] proj/portage:master commit in: pym/portage/, bin/
commit: f9a2d7025e22f5e1711f39c4740a020f6f0d2c8f
Author: Zac Medico zmedico AT gentoo DOT org
AuthorDate: Wed Apr 1 22:27:42 2015 +
Commit: Zac Medico zmedico AT gentoo DOT org
CommitDate: Wed Apr 1 23:14:52 2015 +
URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=f9a2d702
dispatch-conf: fix unicode handling (bug 545270)
This avoids UnicodeDecodeError problems by using UTF-8 encoding
regardless of the locale.
X-Gentoo-Bug: 545270
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=545270
bin/dispatch-conf| 9 +
pym/portage/dispatch_conf.py | 4 +---
2 files changed, 6 insertions(+), 7 deletions(-)
diff --git a/bin/dispatch-conf b/bin/dispatch-conf
index b679910..678a66d 100755
--- a/bin/dispatch-conf
+++ b/bin/dispatch-conf
@@ -11,12 +11,11 @@
# dialog menus
#
-from __future__ import print_function
+from __future__ import print_function, unicode_literals
import atexit
import io
import re
-import shutil
import sys
from stat import ST_GID, ST_MODE, ST_UID
@@ -27,7 +26,7 @@ if
osp.isfile(osp.join(osp.dirname(osp.dirname(osp.realpath(__file__))), .porta
sys.path.insert(0,
osp.join(osp.dirname(osp.dirname(osp.realpath(__file__))), pym))
import portage
portage._internal_caller = True
-from portage import os
+from portage import os, shutil
from portage import _encodings, _unicode_decode
from portage.dispatch_conf import diffstatusoutput, diff_mixed_wrapper
from portage.process import find_binary, spawn
@@ -403,7 +402,9 @@ class dispatch:
newconfigs.sort ()
for nconf in newconfigs:
-nconf = nconf.rstrip ()
+# Use strict mode here, because we want to know if it fails,
+# and portage only merges files with valid UTF-8 encoding.
+nconf = _unicode_decode(nconf, errors='strict').rstrip()
conf = re.sub (r'\._cfg\d+_', '', nconf)
dirname = os.path.dirname(nconf)
conf_map = {
diff --git a/pym/portage/dispatch_conf.py b/pym/portage/dispatch_conf.py
index 790eacb..98939fd 100644
--- a/pym/portage/dispatch_conf.py
+++ b/pym/portage/dispatch_conf.py
@@ -10,15 +10,13 @@ from __future__ import print_function, unicode_literals
import io
import functools
-import os
-import shutil
import stat
import subprocess
import sys
import tempfile
import portage
-from portage import _encodings
+from portage import _encodings, os, shutil
from portage.env.loaders import KeyValuePairFileLoader
from portage.localization import _
from portage.util import shlex_split, varexpand
[gentoo-commits] proj/portage:master commit in: pym/portage/, bin/
commit: f17448317166bfac42dc279b8795cd581c189582
Author: Zac Medico zmedico AT gentoo DOT org
AuthorDate: Sun Oct 26 09:49:02 2014 +
Commit: Zac Medico zmedico AT gentoo DOT org
CommitDate: Sun Nov 2 23:19:46 2014 +
URL:
http://sources.gentoo.org/gitweb/?p=proj/portage.git;a=commit;h=f1744831
dispatch-conf: symlink support for bug #485598
This includes numerous logic adjustments that are needed to support
protected symlinks. The new diff_mixed function is used for diffs
between arbitrary file types. For example, a diff between two symlinks
looks like this:
-SYM: /foo/bar - baz
+SYM: /foo/bar - blah
X-Gentoo-Bug: 485598
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=485598
---
bin/dispatch-conf| 45 -
pym/portage/dispatch_conf.py | 157 +--
2 files changed, 164 insertions(+), 38 deletions(-)
diff --git a/bin/dispatch-conf b/bin/dispatch-conf
index 6d2ae94..8058d6f 100755
--- a/bin/dispatch-conf
+++ b/bin/dispatch-conf
@@ -13,17 +13,23 @@
from __future__ import print_function
+import atexit
+import io
+import re
+import shutil
+import sys
+
from stat import ST_GID, ST_MODE, ST_UID
from random import random
-import atexit, re, shutil, stat, sys
+
from os import path as osp
if osp.isfile(osp.join(osp.dirname(osp.dirname(osp.realpath(__file__))),
.portage_not_installed)):
sys.path.insert(0,
osp.join(osp.dirname(osp.dirname(osp.realpath(__file__))), pym))
import portage
portage._internal_caller = True
from portage import os
-from portage import _unicode_decode
-from portage.dispatch_conf import diffstatusoutput
+from portage import _encodings, _unicode_decode
+from portage.dispatch_conf import diffstatusoutput, diff_mixed_wrapper
from portage.process import find_binary, spawn
FIND_EXTANT_CONFIGS = find '%s' %s -name '._cfg_%s' ! -name '.*~' !
-iname '.*.bak' -print
@@ -72,6 +78,8 @@ def cmd_var_is_valid(cmd):
return find_binary(cmd[0]) is not None
+diff = diff_mixed_wrapper(diffstatusoutput, DIFF_CONTENTS)
+
class dispatch:
options = {}
@@ -89,8 +97,6 @@ class dispatch:
or not os.path.exists(self.options[log-file]):
open(self.options[log-file], 'w').close() # Truncate it
os.chmod(self.options[log-file], 0o600)
-else:
-self.options[log-file] = /dev/null
pager = self.options.get(pager)
if pager is None or not cmd_var_is_valid(pager):
@@ -148,9 +154,6 @@ class dispatch:
portage.util.shlex_split(
portage.settings.get('CONFIG_PROTECT_MASK', '')))
-def diff(file1, file2):
-return diffstatusoutput(DIFF_CONTENTS, file1, file2)
-
#
# Remove new configs identical to current
# and
@@ -166,7 +169,7 @@ class dispatch:
mrgfail = portage.dispatch_conf.rcs_archive(archive,
conf['current'], conf['new'], mrgconf)
else:
mrgfail = portage.dispatch_conf.file_archive(archive,
conf['current'], conf['new'], mrgconf)
-if os.path.exists(archive + '.dist'):
+if os.path.lexists(archive + '.dist'):
unmodified = len(diff(conf['current'], archive + '.dist')[1])
== 0
else:
unmodified = 0
@@ -181,7 +184,7 @@ class dispatch:
if newconf == mrgconf and \
self.options.get('ignore-previously-merged') != 'yes' and \
-os.path.exists(archive+'.dist') and \
+os.path.lexists(archive+'.dist') and \
len(diff(archive+'.dist', conf['new'])[1]) == 0:
# The current update is identical to the archived .dist
# version that has previously been merged.
@@ -254,6 +257,13 @@ class dispatch:
valid_input = qhtnmlezu
+def diff_pager(file1, file2):
+cmd = self.options['diff'] % (file1, file2)
+cmd += pager
+spawn_shell(cmd)
+
+diff_pager = diff_mixed_wrapper(diff_pager)
+
for conf in confs:
count = count + 1
@@ -266,14 +276,10 @@ class dispatch:
while 1:
clear_screen()
if show_new_diff:
-cmd = self.options['diff'] % (conf['new'], mrgconf)
-cmd += pager
-spawn_shell(cmd)
+diff_pager(conf['new'], mrgconf)
show_new_diff = 0
else:
-cmd = self.options['diff'] % (conf['current'], newconf)
-cmd += pager
-spawn_shell(cmd)
+diff_pager(conf['current'], newconf)
print()
print(' (%i of %i) -- %s' % (count, len(confs), conf
['current']))
@@ -357,7 +363,12 @@ class dispatch:
def replace (self, newconf, curconf):
Replace current config
