diff options
| author | Zac Medico <zmedico@gentoo.org> | 2009-01-12 08:13:24 +0000 |
|---|---|---|
| committer | Zac Medico <zmedico@gentoo.org> | 2009-01-12 08:13:24 +0000 |
| commit | 29bed6e84f637e88bea0e84218f1781964350b39 (patch) | |
| tree | d0eabe6dea5d713171cd65af5eeb9e8f1fdefee7 /pym/_emerge/__init__.py | |
| parent | 3047be67bb42e10d1e4b322fdd5ebb095fc501ea (diff) | |
| download | portage-29bed6e84f637e88bea0e84218f1781964350b39.tar.gz portage-29bed6e84f637e88bea0e84218f1781964350b39.tar.bz2 portage-29bed6e84f637e88bea0e84218f1781964350b39.zip | |
Inside action_sync(), when running as root, detect if $PORTDIR has non-root
uid/gid bits and drop privileges to match the existing bits if appropriate.
(trunk r12378)
svn path=/main/branches/2.1.6/; revision=12448
Diffstat (limited to 'pym/_emerge/__init__.py')
| -rw-r--r-- | pym/_emerge/__init__.py | 38 |
1 files changed, 31 insertions, 7 deletions
diff --git a/pym/_emerge/__init__.py b/pym/_emerge/__init__.py index dffc05ea7..4ea4a3d09 100644 --- a/pym/_emerge/__init__.py +++ b/pym/_emerge/__init__.py @@ -8,6 +8,7 @@ from collections import deque import fcntl import formatter import logging +import pwd import select import shlex import shutil @@ -11619,9 +11620,32 @@ def action_sync(settings, trees, mtimedb, myopts, myaction): sys.exit(1) if myportdir[-1]=="/": myportdir=myportdir[:-1] - if not os.path.exists(myportdir): + try: + st = os.stat(myportdir) + except OSError: + st = None + if st is None: print ">>>",myportdir,"not found, creating it." os.makedirs(myportdir,0755) + st = os.stat(myportdir) + + spawn_kwargs = {} + spawn_kwargs["env"] = settings.environ() + if portage.data.secpass >= 2 and \ + (st.st_uid != os.getuid() and st.st_mode & 0700 or \ + st.st_gid != os.getgid() and st.st_mode & 0070): + try: + homedir = pwd.getpwuid(st.st_uid).pw_dir + except KeyError: + pass + else: + # Drop privileges when syncing, in order to match + # existing uid/gid settings. + spawn_kwargs["uid"] = st.st_uid + spawn_kwargs["gid"] = st.st_gid + spawn_kwargs["groups"] = [st.st_gid] + spawn_kwargs["env"]["HOME"] = homedir + syncuri = settings.get("SYNC", "").strip() if not syncuri: writemsg_level("!!! SYNC is undefined. Is /etc/make.globals missing?\n", @@ -11645,8 +11669,8 @@ def action_sync(settings, trees, mtimedb, myopts, myaction): msg = ">>> Starting git pull in %s..." % myportdir emergelog(xterm_titles, msg ) writemsg_level(msg + "\n") - exitcode = portage.spawn("cd %s ; git pull" % \ - (portage._shell_quote(myportdir),), settings, free=1) + exitcode = portage.process.spawn_bash("cd %s ; git pull" % \ + (portage._shell_quote(myportdir),), **spawn_kwargs) if exitcode != os.EX_OK: msg = "!!! git pull error in %s." % myportdir emergelog(xterm_titles, msg) @@ -11939,8 +11963,7 @@ def action_sync(settings, trees, mtimedb, myopts, myaction): elif (servertimestamp == 0) or (servertimestamp > mytimestamp): # actual sync mycommand = rsynccommand + [dosyncuri+"/", myportdir] - exitcode = portage.process.spawn(mycommand, - env=settings.environ()) + exitcode = portage.process.spawn(mycommand, **spawn_kwargs) if exitcode in [0,1,3,4,11,14,20,21]: break elif exitcode in [1,3,4,11,14,20,21]: @@ -12023,8 +12046,9 @@ def action_sync(settings, trees, mtimedb, myopts, myaction): else: #cvs update print ">>> Starting cvs update with "+syncuri+"..." - retval = portage.spawn("cd '%s'; cvs -z0 -q update -dP" % \ - myportdir, settings, free=1) + retval = portage.process.spawn_bash( + "cd %s; cvs -z0 -q update -dP" % \ + (portage._shell_quote(myportdir),), **spawn_kwargs) if retval != os.EX_OK: sys.exit(retval) dosyncuri = syncuri |