commit: 683245a4b6f0790212c06eb021642cda484f86d8 Author: Zac Medico <zmedico <AT> gentoo <DOT> org> AuthorDate: Mon Jan 19 03:12:31 2015 +0000 Commit: Zac Medico <zmedico <AT> gentoo <DOT> org> CommitDate: Mon Jan 19 20:49:56 2015 +0000 URL: http://sources.gentoo.org/gitweb/?p=proj/portage.git;a=commit;h=683245a4
update LOGNAME variable when appropriate (534722) Fix userpriv, usersync, and userfetch code to update the LOGNAME variable when dropping privileges, so that tools that rely on it will work properly. Note that bin/save-ebuild-env.sh filters LOGNAME, preventing stale LOGNAME settings from persisting between ebuild phases that run with different privileges. X-Gentoo-Bug: 534722 X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=534722 Acked-by: Brian Dolbec <dolsen <AT> gentoo.org> --- pym/portage/package/ebuild/doebuild.py | 40 ++++++++++++++++++++++++---------- pym/portage/package/ebuild/fetch.py | 7 +++++- pym/portage/sync/controller.py | 18 ++++++++++----- 3 files changed, 46 insertions(+), 19 deletions(-) diff --git a/pym/portage/package/ebuild/doebuild.py b/pym/portage/package/ebuild/doebuild.py index f43dddc..791b5c3 100644 --- a/pym/portage/package/ebuild/doebuild.py +++ b/pym/portage/package/ebuild/doebuild.py @@ -1493,8 +1493,10 @@ def spawn(mystring, mysettings, debug=False, free=False, droppriv=False, fakeroot = fakeroot and uid != 0 and portage.process.fakeroot_capable portage_build_uid = os.getuid() portage_build_gid = os.getgid() + logname = None if uid == 0 and portage_uid and portage_gid and hasattr(os, "setgroups"): if droppriv: + logname = portage.data._portage_username keywords.update({ "uid": portage_uid, "gid": portage_gid, @@ -1579,21 +1581,35 @@ def spawn(mystring, mysettings, debug=False, free=False, droppriv=False, spawn_func = selinux.spawn_wrapper(spawn_func, mysettings["PORTAGE_SANDBOX_T"]) - if keywords.get("returnpid"): - return spawn_func(mystring, env=mysettings.environ(), - **portage._native_kwargs(keywords)) + logname_backup = None + if logname is not None: + logname_backup = mysettings.configdict["env"].get("LOGNAME") + mysettings.configdict["env"]["LOGNAME"] = logname - proc = EbuildSpawnProcess( - background=False, args=mystring, - scheduler=SchedulerInterface(portage._internal_caller and - global_event_loop() or EventLoop(main=False)), - spawn_func=spawn_func, - settings=mysettings, **portage._native_kwargs(keywords)) + try: + if keywords.get("returnpid"): + return spawn_func(mystring, env=mysettings.environ(), + **portage._native_kwargs(keywords)) + + proc = EbuildSpawnProcess( + background=False, args=mystring, + scheduler=SchedulerInterface(portage._internal_caller and + global_event_loop() or EventLoop(main=False)), + spawn_func=spawn_func, + settings=mysettings, **portage._native_kwargs(keywords)) + + proc.start() + proc.wait() - proc.start() - proc.wait() + return proc.returncode - return proc.returncode + finally: + if logname is None: + pass + elif logname_backup is None: + mysettings.configdict["env"].pop("LOGNAME", None) + else: + mysettings.configdict["env"]["LOGNAME"] = logname_backup # parse actionmap to spawn ebuild with the appropriate args def spawnebuild(mydo, actionmap, mysettings, debug, alwaysdep=0, diff --git a/pym/portage/package/ebuild/fetch.py b/pym/portage/package/ebuild/fetch.py index 2424ff3..7b856a2 100644 --- a/pym/portage/package/ebuild/fetch.py +++ b/pym/portage/package/ebuild/fetch.py @@ -73,10 +73,12 @@ def _spawn_fetch(settings, args, **kwargs): 2 : sys.__stdout__.fileno(), } + logname = None if "userfetch" in settings.features and \ os.getuid() == 0 and portage_gid and portage_uid and \ hasattr(os, "setgroups"): kwargs.update(_userpriv_spawn_kwargs) + logname = portage.data._portage_username spawn_func = spawn @@ -93,8 +95,11 @@ def _spawn_fetch(settings, args, **kwargs): # proxy variables, as in bug #315421). phase_backup = settings.get('EBUILD_PHASE') settings['EBUILD_PHASE'] = 'fetch' + env = settings.environ() + if logname is not None: + env["LOGNAME"] = logname try: - rval = spawn_func(args, env=settings.environ(), **kwargs) + rval = spawn_func(args, env=env, **kwargs) finally: if phase_backup is None: settings.pop('EBUILD_PHASE', None) diff --git a/pym/portage/sync/controller.py b/pym/portage/sync/controller.py index 128a38e..d2c606d 100644 --- a/pym/portage/sync/controller.py +++ b/pym/portage/sync/controller.py @@ -205,6 +205,7 @@ class SyncManager(object): user = None group = None home = None + logname = None spl = sync_user.split(':', 1) if spl[0]: @@ -217,10 +218,11 @@ class SyncManager(object): except (ValueError, KeyError): writemsg("!!! User '%s' invalid or does not exist\n" % username, noiselevel=-1) - return (user, group, home) + return (logname, user, group, home) user = pw.pw_uid group = pw.pw_gid home = pw.pw_dir + logname = pw.pw_name if len(spl) > 1: groupname = spl[1] @@ -232,14 +234,15 @@ class SyncManager(object): except (ValueError, KeyError): writemsg("!!! Group '%s' invalid or does not exist\n" % groupname, noiselevel=-1) - return (user, group, home) + return (logname, user, group, home) group = gp.gr_gid - return (user, group, home) + return (logname, user, group, home) # user or user:group - (uid, gid, home) = get_sync_user_data(repo.sync_user) + (logname, uid, gid, home) = get_sync_user_data( + repo.sync_user) if uid is not None: spawn_kwargs["uid"] = uid self.usersync_uid = uid @@ -248,6 +251,8 @@ class SyncManager(object): spawn_kwargs["groups"] = [gid] if home is not None: spawn_kwargs["env"]["HOME"] = home + if logname is not None: + spawn_kwargs["env"]["LOGNAME"] = logname if st is None: perms = {'mode': 0o755} @@ -268,7 +273,7 @@ class SyncManager(object): (st.st_uid != os.getuid() and st.st_mode & 0o700 or st.st_gid != os.getgid() and st.st_mode & 0o070)): try: - homedir = pwd.getpwuid(st.st_uid).pw_dir + pw = pwd.getpwuid(st.st_uid) except KeyError: pass else: @@ -278,7 +283,8 @@ class SyncManager(object): spawn_kwargs["uid"] = st.st_uid spawn_kwargs["gid"] = st.st_gid spawn_kwargs["groups"] = [st.st_gid] - spawn_kwargs["env"]["HOME"] = homedir + spawn_kwargs["env"]["HOME"] = pw.pw_dir + spawn_kwargs["env"]["LOGNAME"] = pw.pw_name umask = 0o002 if not st.st_mode & 0o020: umask = umask | 0o020