diff options
-rwxr-xr-x | bin/ebuild.sh | 35 |
1 files changed, 27 insertions, 8 deletions
diff --git a/bin/ebuild.sh b/bin/ebuild.sh index 1d364340d..008512b9a 100755 --- a/bin/ebuild.sh +++ b/bin/ebuild.sh @@ -994,8 +994,7 @@ dyn_install() { # the global environment though, in case the user wants to repeat # this phase (like with FEATURES=noauto and the ebuild command). unset S - - save_ebuild_env > environment + save_ebuild_env | filter_readonly_variables --filter-sandbox > environment ) bzip2 -f9 environment @@ -1369,17 +1368,23 @@ READONLY_PORTAGE_VARS="D EBUILD EBUILD_PHASE EBUILD_SH_ARGS FILESDIR \ PORTAGE_BIN_PATH PORTAGE_PYM_PATH PORTAGE_TMPDIR T WORKDIR" # @FUNCTION: filter_readonly_variables -# @DESCRIPTION: +# @DESCRIPTION: [--filter-sandbox] # Read an environment from stdin and echo to stdout while filtering readonly # variables. # +# --filter-sandbox causes all SANDBOX_* variables to be filtered, which +# is only desired in certain cases, such as during preprocessing or when +# saving environment.bz2 for a binary or installed package. +# # In bash-3.2_p20+ an attempt to assign BASH_*, FUNCNAME, GROUPS or any # readonly variable cause the shell to exit while executing the "source" # builtin command. To avoid this problem, this function filters those # variables out and discards them. See bug #190128. filter_readonly_variables() { + local var_prefixes="BASH" + hasq --filter-sandbox $* && var_prefixes="${var_prefixes} SANDBOX" local x var_grep="" - for x in BASH SANDBOX ; do + for x in ${var_prefixes} ; do var_grep="${var_grep}|(^|^declare[[:space:]]+-[^[:space:]]+[[:space:]]+)${x}_[_[:alnum:]]*=.*" done local readonly_bash_vars="DIRSTACK EUID FUNCNAME GROUPS @@ -1405,13 +1410,14 @@ filter_readonly_variables() { # interfering with the current environment. This is useful when an existing # environment needs to be loaded from a binary or installed package. preprocess_ebuild_env() { - filter_readonly_variables < "${T}"/environment > "${T}"/environment.filtered + filter_readonly_variables --filter-sandbox < "${T}"/environment \ + > "${T}"/environment.filtered mv "${T}"/environment.filtered "${T}"/environment ( source "${T}"/environment # Rely on save_ebuild_env() to filter out any remaining variables # and functions that could interfere with the current environment. - save_ebuild_env > "${T}"/environment + save_ebuild_env | filter_readonly_variables > "${T}"/environment ) } @@ -1480,7 +1486,7 @@ save_ebuild_env() { set export - ) | filter_readonly_variables + ) } # === === === === === === === === === === === === === === === === === === @@ -1607,7 +1613,20 @@ elif ! hasq ${EBUILD_PHASE} depend && [ -f "${T}"/environment ] ; then # always preprocess the environment when ${PN} == portage. preprocess_ebuild_env fi + # Colon separated SANDBOX_* variables need to be cumulative. + for x in SANDBOX_DENY SANDBOX_READ SANDBOX_PREDICT SANDBOX_WRITE ; do + eval PORTAGE_${x}="${!x}" + done source "${T}"/environment + for x in SANDBOX_DENY SANDBOX_PREDICT SANDBOX_READ SANDBOX_WRITE ; do + eval y=\${PORTAGE_${x}} + if [ "${y}" != "${!x}" ] ; then + eval export ${x}=$(echo -n "${y}:${!x}" | tr ":" "\0" | \ + sort -z -u | tr "\0" ":") + fi + unset PORTAGE_${x} + done + unset x y source_all_bashrcs else @@ -1803,7 +1822,7 @@ if [ -n "${EBUILD_SH_ARGS}" ] && \ ! hasq ${EBUILD_SH_ARGS} clean help info; then # Save current environment and touch a success file. (echo for success) umask 002 - save_ebuild_env > "${T}/environment" + save_ebuild_env | filter_readonly_variables > "${T}/environment" chown portage:portage "${T}/environment" &>/dev/null chmod g+w "${T}/environment" &>/dev/null fi |