summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorZac Medico <zmedico@gentoo.org>2009-01-04 01:09:37 +0000
committerZac Medico <zmedico@gentoo.org>2009-01-04 01:09:37 +0000
commit30d9cf0c0c525fe229c941d4082ae5d94ba8c350 (patch)
tree74b5fb60a8aade5654d2d4e81ac1b1eaee4c4bb8
parent540a4a11f8a68e4aa470b40d2522cf3563ce9375 (diff)
downloadportage-30d9cf0c0c525fe229c941d4082ae5d94ba8c350.tar.gz
portage-30d9cf0c0c525fe229c941d4082ae5d94ba8c350.tar.bz2
portage-30d9cf0c0c525fe229c941d4082ae5d94ba8c350.zip
Inside action_sync(), when running as root, detect if $PORTDIR has non-root
uid/gid bits and drop privileges to match the existing bits if appropriate. svn path=/main/trunk/; revision=12378
-rw-r--r--pym/_emerge/__init__.py38
1 files changed, 31 insertions, 7 deletions
diff --git a/pym/_emerge/__init__.py b/pym/_emerge/__init__.py
index 972caa4fc..110c63630 100644
--- a/pym/_emerge/__init__.py
+++ b/pym/_emerge/__init__.py
@@ -8,6 +8,7 @@ from collections import deque
import fcntl
import formatter
import logging
+import pwd
import select
import shlex
import shutil
@@ -11795,9 +11796,32 @@ def action_sync(settings, trees, mtimedb, myopts, myaction):
sys.exit(1)
if myportdir[-1]=="/":
myportdir=myportdir[:-1]
- if not os.path.exists(myportdir):
+ try:
+ st = os.stat(myportdir)
+ except OSError:
+ st = None
+ if st is None:
print ">>>",myportdir,"not found, creating it."
os.makedirs(myportdir,0755)
+ st = os.stat(myportdir)
+
+ spawn_kwargs = {}
+ spawn_kwargs["env"] = settings.environ()
+ if portage.data.secpass >= 2 and \
+ (st.st_uid != os.getuid() and st.st_mode & 0700 or \
+ st.st_gid != os.getgid() and st.st_mode & 0070):
+ try:
+ homedir = pwd.getpwuid(st.st_uid).pw_dir
+ except KeyError:
+ pass
+ else:
+ # Drop privileges when syncing, in order to match
+ # existing uid/gid settings.
+ spawn_kwargs["uid"] = st.st_uid
+ spawn_kwargs["gid"] = st.st_gid
+ spawn_kwargs["groups"] = [st.st_gid]
+ spawn_kwargs["env"]["HOME"] = homedir
+
syncuri = settings.get("SYNC", "").strip()
if not syncuri:
writemsg_level("!!! SYNC is undefined. Is /etc/make.globals missing?\n",
@@ -11821,8 +11845,8 @@ def action_sync(settings, trees, mtimedb, myopts, myaction):
msg = ">>> Starting git pull in %s..." % myportdir
emergelog(xterm_titles, msg )
writemsg_level(msg + "\n")
- exitcode = portage.spawn("cd %s ; git pull" % \
- (portage._shell_quote(myportdir),), settings, free=1)
+ exitcode = portage.process.spawn_bash("cd %s ; git pull" % \
+ (portage._shell_quote(myportdir),), **spawn_kwargs)
if exitcode != os.EX_OK:
msg = "!!! git pull error in %s." % myportdir
emergelog(xterm_titles, msg)
@@ -12115,8 +12139,7 @@ def action_sync(settings, trees, mtimedb, myopts, myaction):
elif (servertimestamp == 0) or (servertimestamp > mytimestamp):
# actual sync
mycommand = rsynccommand + [dosyncuri+"/", myportdir]
- exitcode = portage.process.spawn(mycommand,
- env=settings.environ())
+ exitcode = portage.process.spawn(mycommand, **spawn_kwargs)
if exitcode in [0,1,3,4,11,14,20,21]:
break
elif exitcode in [1,3,4,11,14,20,21]:
@@ -12199,8 +12222,9 @@ def action_sync(settings, trees, mtimedb, myopts, myaction):
else:
#cvs update
print ">>> Starting cvs update with "+syncuri+"..."
- retval = portage.spawn("cd '%s'; cvs -z0 -q update -dP" % \
- myportdir, settings, free=1)
+ retval = portage.process.spawn_bash(
+ "cd %s; cvs -z0 -q update -dP" % \
+ (portage._shell_quote(myportdir),), **spawn_kwargs)
if retval != os.EX_OK:
sys.exit(retval)
dosyncuri = syncuri