From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 71593138824 for ; Wed, 22 Oct 2014 23:26:53 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id C2215E07FD; Wed, 22 Oct 2014 23:26:52 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 61748E07FD for ; Wed, 22 Oct 2014 23:26:52 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 4905C34034A for ; Wed, 22 Oct 2014 23:26:51 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id E9A7C87FD for ; Wed, 22 Oct 2014 23:26:49 +0000 (UTC) From: "Zac Medico" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Zac Medico" Message-ID: <1414020339.49896208f618817f83cfe9cd9a4a1afc87ac0f4a.zmedico@gentoo> Subject: [gentoo-commits] proj/portage:master commit in: pym/portage/package/ebuild/ X-VCS-Repository: proj/portage X-VCS-Files: pym/portage/package/ebuild/doebuild.py pym/portage/package/ebuild/prepare_build_dirs.py X-VCS-Directories: pym/portage/package/ebuild/ X-VCS-Committer: zmedico X-VCS-Committer-Name: Zac Medico X-VCS-Revision: 49896208f618817f83cfe9cd9a4a1afc87ac0f4a X-VCS-Branch: master Date: Wed, 22 Oct 2014 23:26:49 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: 14ff12a9-73b1-40ad-8ef0-837fc84b794f X-Archives-Hash: 9f8f522061ed2b275913103ca2649f27 commit: 49896208f618817f83cfe9cd9a4a1afc87ac0f4a Author: Zac Medico gentoo org> AuthorDate: Tue Sep 9 20:29:30 2014 +0000 Commit: Zac Medico gentoo org> CommitDate: Wed Oct 22 23:25:39 2014 +0000 URL: http://sources.gentoo.org/gitweb/?p=proj/portage.git;a=commit;h=49896208 Remove g+w bit from $T for TPE bug #519566 Grant permissions to the portage user instead of the group, in order to avoid TPE complaints about the g+w bit. X-Gentoo-Bug: 519566 X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=519566 --- pym/portage/package/ebuild/doebuild.py | 7 ++++--- pym/portage/package/ebuild/prepare_build_dirs.py | 9 ++------- 2 files changed, 6 insertions(+), 10 deletions(-) diff --git a/pym/portage/package/ebuild/doebuild.py b/pym/portage/package/ebuild/doebuild.py index 9516173..28d4f47 100644 --- a/pym/portage/package/ebuild/doebuild.py +++ b/pym/portage/package/ebuild/doebuild.py @@ -1488,7 +1488,7 @@ def spawn(mystring, mysettings, debug=False, free=False, droppriv=False, "uid": portage_uid, "gid": portage_gid, "groups": userpriv_groups, - "umask": 0o02 + "umask": 0o22 }) # Adjust pty ownership so that subprocesses @@ -1646,8 +1646,9 @@ def _post_phase_userpriv_perms(mysettings): """ Privileged phases may have left files that need to be made writable to a less privileged user.""" apply_recursive_permissions(mysettings["T"], - uid=portage_uid, gid=portage_gid, dirmode=0o70, dirmask=0, - filemode=0o60, filemask=0) + uid=portage_uid, gid=portage_gid, dirmode=0o700, dirmask=0, + filemode=0o600, filemask=0) + def _check_build_log(mysettings, out=None): """ diff --git a/pym/portage/package/ebuild/prepare_build_dirs.py b/pym/portage/package/ebuild/prepare_build_dirs.py index 6782160..ce54fdf 100644 --- a/pym/portage/package/ebuild/prepare_build_dirs.py +++ b/pym/portage/package/ebuild/prepare_build_dirs.py @@ -76,17 +76,12 @@ def prepare_build_dirs(myroot=None, settings=None, cleanup=False): ensure_dirs(mydir) try: apply_secpass_permissions(mydir, - gid=portage_gid, uid=portage_uid, mode=0o70, mask=0) + gid=portage_gid, uid=portage_uid, mode=0o700, mask=0) except PortageException: if not os.path.isdir(mydir): raise for dir_key in ("PORTAGE_BUILDDIR", "HOME", "PKG_LOGDIR", "T"): - """These directories don't necessarily need to be group writable. - However, the setup phase is commonly run as a privileged user prior - to the other phases being run by an unprivileged user. Currently, - we use the portage group to ensure that the unprivleged user still - has write access to these directories in any case.""" - ensure_dirs(mysettings[dir_key], mode=0o775) + ensure_dirs(mysettings[dir_key], mode=0o755) apply_secpass_permissions(mysettings[dir_key], uid=portage_uid, gid=portage_gid) except PermissionDenied as e: