diff options
| -rw-r--r-- | bin/eapi.sh | 8 | ||||
| -rw-r--r-- | bin/phase-functions.sh | 3 | ||||
| -rw-r--r-- | bin/phase-helpers.sh | 12 | ||||
| -rw-r--r-- | bin/save-ebuild-env.sh | 2 | ||||
| -rw-r--r-- | doc/package/ebuild/eapi/5-progress.docbook | 12 | ||||
| -rw-r--r-- | pym/portage/package/ebuild/_config/special_env_vars.py | 3 | ||||
| -rw-r--r-- | pym/portage/package/ebuild/doebuild.py | 22 |
7 files changed, 56 insertions, 6 deletions
diff --git a/bin/eapi.sh b/bin/eapi.sh index d21b69df7..e63f145ee 100644 --- a/bin/eapi.sh +++ b/bin/eapi.sh @@ -84,6 +84,14 @@ ___eapi_has_license_path() { [[ ${1-${EAPI}} =~ ^(5-progress)$ ]] } +___eapi_has_package_manager_build_user() { + [[ ${1-${EAPI}} =~ ^(5-progress)$ ]] +} + +___eapi_has_package_manager_build_group() { + [[ ${1-${EAPI}} =~ ^(5-progress)$ ]] +} + # HELPERS BEHAVIOR ___eapi_best_version_and_has_version_support_--host-root() { diff --git a/bin/phase-functions.sh b/bin/phase-functions.sh index 714f7a609..9de943630 100644 --- a/bin/phase-functions.sh +++ b/bin/phase-functions.sh @@ -16,7 +16,8 @@ PORTAGE_READONLY_VARS="D EBUILD EBUILD_PHASE EBUILD_PHASE_FUNC \ PM_EBUILD_HOOK_DIR \ PORTAGE_ACTUAL_DISTDIR PORTAGE_ARCHLIST PORTAGE_BASHRC \ PORTAGE_BINPKG_FILE PORTAGE_BINPKG_TAR_OPTS PORTAGE_BINPKG_TMPFILE \ - PORTAGE_BIN_PATH PORTAGE_BUILDDIR PORTAGE_BUNZIP2_COMMAND \ + PORTAGE_BIN_PATH PORTAGE_BUILDDIR PORTAGE_BUILD_GROUP \ + PORTAGE_BUILD_USER PORTAGE_BUNZIP2_COMMAND \ PORTAGE_BZIP2_COMMAND PORTAGE_COLORMAP PORTAGE_CONFIGROOT \ PORTAGE_DEBUG PORTAGE_DEPCACHEDIR PORTAGE_EBUILD_EXIT_FILE \ PORTAGE_GID PORTAGE_GRPNAME PORTAGE_INST_GID PORTAGE_INST_UID \ diff --git a/bin/phase-helpers.sh b/bin/phase-helpers.sh index 5055060f7..bc00e44d8 100644 --- a/bin/phase-helpers.sh +++ b/bin/phase-helpers.sh @@ -895,3 +895,15 @@ if ___eapi_has_license_path; then esac } fi + +if ___eapi_has_package_manager_build_user; then + package_manager_build_user() { + echo "${PORTAGE_BUILD_USER}" + } +fi + +if ___eapi_has_package_manager_build_group; then + package_manager_build_group() { + echo "${PORTAGE_BUILD_GROUP}" + } +fi diff --git a/bin/save-ebuild-env.sh b/bin/save-ebuild-env.sh index f6dc2c5e7..5b68b0793 100644 --- a/bin/save-ebuild-env.sh +++ b/bin/save-ebuild-env.sh @@ -82,6 +82,8 @@ __save_ebuild_env() { ___eapi_has_available_eclasses && unset -f available_eclasses ___eapi_has_eclass_path && unset -f eclass_path ___eapi_has_license_path && unset -f license_path + ___eapi_has_package_manager_build_user && unset -f package_manager_build_user + ___eapi_has_package_manager_build_group && unset -f package_manager_build_group unset -f $(compgen -A function ___eapi_) diff --git a/doc/package/ebuild/eapi/5-progress.docbook b/doc/package/ebuild/eapi/5-progress.docbook index bc7c30066..33464644f 100644 --- a/doc/package/ebuild/eapi/5-progress.docbook +++ b/doc/package/ebuild/eapi/5-progress.docbook @@ -35,6 +35,18 @@ New license_path function prints path to specified license for current repository. </para> </section> + <section id='package-ebuild-eapi-5-progress-helpers-package-manager-build-user'> + <title>package_manager_build_user</title> + <para> + New package_manager_build_user function prints name of user used by package manager in build phases. + </para> + </section> + <section id='package-ebuild-eapi-5-progress-helpers-package-manager-build-group'> + <title>package_manager_build_group</title> + <para> + New package_manager_build_group function prints name of group used by package manager in build phases. + </para> + </section> <section id='package-ebuild-eapi-5-progress-helpers-dohtml-extended-default-list-of-extensions'> <title>Extended default list of extensions in dohtml</title> <para> diff --git a/pym/portage/package/ebuild/_config/special_env_vars.py b/pym/portage/package/ebuild/_config/special_env_vars.py index 3ca9687ec..150dafeba 100644 --- a/pym/portage/package/ebuild/_config/special_env_vars.py +++ b/pym/portage/package/ebuild/_config/special_env_vars.py @@ -51,7 +51,8 @@ environ_whitelist += [ "PORTAGE_BINPKG_FILE", "PORTAGE_BINPKG_TAR_OPTS", "PORTAGE_BINPKG_TMPFILE", "PORTAGE_BIN_PATH", - "PORTAGE_BUILDDIR", "PORTAGE_BUNZIP2_COMMAND", "PORTAGE_BZIP2_COMMAND", + "PORTAGE_BUILDDIR", "PORTAGE_BUILD_GROUP", "PORTAGE_BUILD_USER", + "PORTAGE_BUNZIP2_COMMAND", "PORTAGE_BZIP2_COMMAND", "PORTAGE_COLORMAP", "PORTAGE_COMPRESS", "PORTAGE_COMPRESS_EXCLUDE_SUFFIXES", "PORTAGE_CONFIGROOT", "PORTAGE_DEBUG", "PORTAGE_DEPCACHEDIR", diff --git a/pym/portage/package/ebuild/doebuild.py b/pym/portage/package/ebuild/doebuild.py index 0a1f1df0e..5002c5bab 100644 --- a/pym/portage/package/ebuild/doebuild.py +++ b/pym/portage/package/ebuild/doebuild.py @@ -3,12 +3,14 @@ __all__ = ['doebuild', 'doebuild_environment', 'spawn', 'spawnebuild'] +import grp import gzip import errno import io from itertools import chain import logging import os as _os +import pwd import re import signal import stat @@ -1419,10 +1421,22 @@ def spawn(mystring, mysettings, debug=0, free=0, droppriv=0, sesandbox=0, fakero # fake ownership/permissions will have to be converted to real # permissions in the merge phase. fakeroot = fakeroot and uid != 0 and portage.process.fakeroot_capable - if droppriv and uid == 0 and portage_gid and portage_uid and \ - hasattr(os, "setgroups"): - keywords.update({"uid":portage_uid,"gid":portage_gid, - "groups":userpriv_groups,"umask":0o02}) + portage_build_uid = os.getuid() + portage_build_gid = os.getgid() + if uid == 0 and portage_uid and portage_gid and hasattr(os, "setgroups"): + if droppriv: + keywords.update({ + "uid": portage_uid, + "gid": portage_gid, + "groups": userpriv_groups, + "umask": 0o02 + }) + if "userpriv" in features and "userpriv" not in mysettings["PORTAGE_RESTRICT"].split() and secpass >= 2: + portage_build_uid = portage_uid + portage_build_gid = portage_gid + mysettings["PORTAGE_BUILD_USER"] = pwd.getpwuid(portage_build_uid).pw_name + mysettings["PORTAGE_BUILD_GROUP"] = grp.getgrgid(portage_build_gid).gr_name + if not free: free=((droppriv and "usersandbox" not in features) or \ (not droppriv and "sandbox" not in features and \ |