diff options
author | Zac Medico <zmedico@gentoo.org> | 2009-01-04 01:09:37 +0000 |
---|---|---|
committer | Zac Medico <zmedico@gentoo.org> | 2009-01-04 01:09:37 +0000 |
commit | 30d9cf0c0c525fe229c941d4082ae5d94ba8c350 (patch) | |
tree | 74b5fb60a8aade5654d2d4e81ac1b1eaee4c4bb8 | |
parent | 540a4a11f8a68e4aa470b40d2522cf3563ce9375 (diff) | |
download | portage-30d9cf0c0c525fe229c941d4082ae5d94ba8c350.tar.gz portage-30d9cf0c0c525fe229c941d4082ae5d94ba8c350.tar.bz2 portage-30d9cf0c0c525fe229c941d4082ae5d94ba8c350.zip |
Inside action_sync(), when running as root, detect if $PORTDIR has non-root
uid/gid bits and drop privileges to match the existing bits if appropriate.
svn path=/main/trunk/; revision=12378
-rw-r--r-- | pym/_emerge/__init__.py | 38 |
1 files changed, 31 insertions, 7 deletions
diff --git a/pym/_emerge/__init__.py b/pym/_emerge/__init__.py index 972caa4fc..110c63630 100644 --- a/pym/_emerge/__init__.py +++ b/pym/_emerge/__init__.py @@ -8,6 +8,7 @@ from collections import deque import fcntl import formatter import logging +import pwd import select import shlex import shutil @@ -11795,9 +11796,32 @@ def action_sync(settings, trees, mtimedb, myopts, myaction): sys.exit(1) if myportdir[-1]=="/": myportdir=myportdir[:-1] - if not os.path.exists(myportdir): + try: + st = os.stat(myportdir) + except OSError: + st = None + if st is None: print ">>>",myportdir,"not found, creating it." os.makedirs(myportdir,0755) + st = os.stat(myportdir) + + spawn_kwargs = {} + spawn_kwargs["env"] = settings.environ() + if portage.data.secpass >= 2 and \ + (st.st_uid != os.getuid() and st.st_mode & 0700 or \ + st.st_gid != os.getgid() and st.st_mode & 0070): + try: + homedir = pwd.getpwuid(st.st_uid).pw_dir + except KeyError: + pass + else: + # Drop privileges when syncing, in order to match + # existing uid/gid settings. + spawn_kwargs["uid"] = st.st_uid + spawn_kwargs["gid"] = st.st_gid + spawn_kwargs["groups"] = [st.st_gid] + spawn_kwargs["env"]["HOME"] = homedir + syncuri = settings.get("SYNC", "").strip() if not syncuri: writemsg_level("!!! SYNC is undefined. Is /etc/make.globals missing?\n", @@ -11821,8 +11845,8 @@ def action_sync(settings, trees, mtimedb, myopts, myaction): msg = ">>> Starting git pull in %s..." % myportdir emergelog(xterm_titles, msg ) writemsg_level(msg + "\n") - exitcode = portage.spawn("cd %s ; git pull" % \ - (portage._shell_quote(myportdir),), settings, free=1) + exitcode = portage.process.spawn_bash("cd %s ; git pull" % \ + (portage._shell_quote(myportdir),), **spawn_kwargs) if exitcode != os.EX_OK: msg = "!!! git pull error in %s." % myportdir emergelog(xterm_titles, msg) @@ -12115,8 +12139,7 @@ def action_sync(settings, trees, mtimedb, myopts, myaction): elif (servertimestamp == 0) or (servertimestamp > mytimestamp): # actual sync mycommand = rsynccommand + [dosyncuri+"/", myportdir] - exitcode = portage.process.spawn(mycommand, - env=settings.environ()) + exitcode = portage.process.spawn(mycommand, **spawn_kwargs) if exitcode in [0,1,3,4,11,14,20,21]: break elif exitcode in [1,3,4,11,14,20,21]: @@ -12199,8 +12222,9 @@ def action_sync(settings, trees, mtimedb, myopts, myaction): else: #cvs update print ">>> Starting cvs update with "+syncuri+"..." - retval = portage.spawn("cd '%s'; cvs -z0 -q update -dP" % \ - myportdir, settings, free=1) + retval = portage.process.spawn_bash( + "cd %s; cvs -z0 -q update -dP" % \ + (portage._shell_quote(myportdir),), **spawn_kwargs) if retval != os.EX_OK: sys.exit(retval) dosyncuri = syncuri |