From: "Zac Medico" <zmedico@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] proj/portage:master commit in: pym/portage/package/ebuild/, pym/portage/elog/
Date: Fri, 12 Aug 2011 09:47:28 +0000 (UTC) [thread overview]
Message-ID: <e3954bead8d7e37978cac4ae5a5ec7836d3dcd1c.zmedico@gentoo> (raw)
commit: e3954bead8d7e37978cac4ae5a5ec7836d3dcd1c
Author: Zac Medico <zmedico <AT> gentoo <DOT> org>
AuthorDate: Fri Aug 12 09:47:04 2011 +0000
Commit: Zac Medico <zmedico <AT> gentoo <DOT> org>
CommitDate: Fri Aug 12 09:47:04 2011 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/portage.git;a=commit;h=e3954bea
Fix log uid for logrotate-3.8 compat (bug 378451)
If PORT_LOGDIR is writable by the portage group but its uid is not
portage_uid, then set the uid to portage_uid if we have privileges to
do so, and also copy the uid to the logfile. This fixes logrotate
chown failures during the compression phase, when it attempts to copy
the uid from the logfile to a temp file. With the "su portage portage"
directive and logrotate-3.8.0, logrotate's chown call during the
compression phase will only succeed if the log file's uid is
portage_uid.
---
pym/portage/elog/mod_save.py | 25 ++++++++++++++++++++-
pym/portage/elog/mod_save_summary.py | 18 ++++++++++++++-
pym/portage/package/ebuild/prepare_build_dirs.py | 17 ++++++++++++++-
3 files changed, 55 insertions(+), 5 deletions(-)
diff --git a/pym/portage/elog/mod_save.py b/pym/portage/elog/mod_save.py
index 9350a6e..091bbf8 100644
--- a/pym/portage/elog/mod_save.py
+++ b/pym/portage/elog/mod_save.py
@@ -4,13 +4,14 @@
import io
import time
+import portage
from portage import os
from portage import _encodings
from portage import _unicode_decode
from portage import _unicode_encode
from portage.data import portage_gid, portage_uid
from portage.package.ebuild.prepare_build_dirs import _ensure_log_subdirs
-from portage.util import ensure_dirs, normalize_path
+from portage.util import apply_permissions, ensure_dirs, normalize_path
def process(mysettings, key, logentries, fulltext):
@@ -25,7 +26,10 @@ def process(mysettings, key, logentries, fulltext):
# were previously set by the administrator.
# NOTE: These permissions should be compatible with our
# default logrotate config as discussed in bug 374287.
- ensure_dirs(logdir, uid=portage_uid, gid=portage_gid, mode=0o2770)
+ uid = -1
+ if portage.data.secpass >= 2:
+ uid = portage_uid
+ ensure_dirs(logdir, uid=uid, gid=portage_gid, mode=0o2770)
cat = mysettings['CATEGORY']
pf = mysettings['PF']
@@ -48,4 +52,21 @@ def process(mysettings, key, logentries, fulltext):
elogfile.write(_unicode_decode(fulltext))
elogfile.close()
+ # Copy group permission bits from parent directory.
+ elogdir_st = os.stat(log_subdir)
+ elogdir_gid = elogdir_st.st_gid
+ elogdir_grp_mode = 0o060 & elogdir_st.st_mode
+
+ # Copy the uid from the parent directory if we have privileges
+ # to do so, for compatibility with our default logrotate
+ # config (see bug 378451). With the "su portage portage"
+ # directive and logrotate-3.8.0, logrotate's chown call during
+ # the compression phase will only succeed if the log file's uid
+ # is portage_uid.
+ logfile_uid = -1
+ if portage.data.secpass >= 2:
+ logfile_uid = elogdir_st.st_uid
+ apply_permissions(elogfilename, uid=logfile_uid, gid=elogdir_gid,
+ mode=elogdir_grp_mode, mask=0)
+
return elogfilename
diff --git a/pym/portage/elog/mod_save_summary.py b/pym/portage/elog/mod_save_summary.py
index 4adc6f3..ab71724 100644
--- a/pym/portage/elog/mod_save_summary.py
+++ b/pym/portage/elog/mod_save_summary.py
@@ -4,6 +4,7 @@
import io
import time
+import portage
from portage import os
from portage import _encodings
from portage import _unicode_decode
@@ -25,7 +26,10 @@ def process(mysettings, key, logentries, fulltext):
# were previously set by the administrator.
# NOTE: These permissions should be compatible with our
# default logrotate config as discussed in bug 374287.
- ensure_dirs(logdir, uid=portage_uid, gid=portage_gid, mode=0o2770)
+ logdir_uid = -1
+ if portage.data.secpass >= 2:
+ logdir_uid = portage_uid
+ ensure_dirs(logdir, uid=logdir_uid, gid=portage_gid, mode=0o2770)
elogdir = os.path.join(logdir, "elog")
_ensure_log_subdirs(logdir, elogdir)
@@ -40,7 +44,17 @@ def process(mysettings, key, logentries, fulltext):
elogdir_st = os.stat(elogdir)
elogdir_gid = elogdir_st.st_gid
elogdir_grp_mode = 0o060 & elogdir_st.st_mode
- apply_permissions(elogfilename, gid=elogdir_gid,
+
+ # Copy the uid from the parent directory if we have privileges
+ # to do so, for compatibility with our default logrotate
+ # config (see bug 378451). With the "su portage portage"
+ # directive and logrotate-3.8.0, logrotate's chown call during
+ # the compression phase will only succeed if the log file's uid
+ # is portage_uid.
+ logfile_uid = -1
+ if portage.data.secpass >= 2:
+ logfile_uid = elogdir_st.st_uid
+ apply_permissions(elogfilename, uid=logfile_uid, gid=elogdir_gid,
mode=elogdir_grp_mode, mask=0)
time_str = time.strftime("%Y-%m-%d %H:%M:%S %Z",
diff --git a/pym/portage/package/ebuild/prepare_build_dirs.py b/pym/portage/package/ebuild/prepare_build_dirs.py
index 616dc2e..9104d0e 100644
--- a/pym/portage/package/ebuild/prepare_build_dirs.py
+++ b/pym/portage/package/ebuild/prepare_build_dirs.py
@@ -9,6 +9,7 @@ import shutil
import stat
import time
+import portage
from portage import os, _encodings, _unicode_encode, _unicode_decode
from portage.data import portage_gid, portage_uid, secpass
from portage.exception import DirectoryNotFound, FileNotFound, \
@@ -358,13 +359,27 @@ def _ensure_log_subdirs(logdir, subdir):
and subdir are assumed to be normalized absolute paths.
"""
st = os.stat(logdir)
+ uid = -1
gid = st.st_gid
grp_mode = 0o2070 & st.st_mode
+ # If logdir is writable by the portage group but its uid
+ # is not portage_uid, then set the uid to portage_uid if
+ # we have privileges to do so, for compatibility with our
+ # default logrotate config (see bug 378451). With the
+ # "su portage portage" directive and logrotate-3.8.0,
+ # logrotate's chown call during the compression phase will
+ # only succeed if the log file's uid is portage_uid.
+ if grp_mode and gid == portage_gid and \
+ portage.data.secpass >= 2:
+ uid = portage_uid
+ if st.st_uid != portage_uid:
+ ensure_dirs(logdir, uid=uid)
+
logdir_split_len = len(logdir.split(os.sep))
subdir_split = subdir.split(os.sep)[logdir_split_len:]
subdir_split.reverse()
current = logdir
while subdir_split:
current = os.path.join(current, subdir_split.pop())
- ensure_dirs(current, gid=gid, mode=grp_mode, mask=0)
+ ensure_dirs(current, uid=uid, gid=gid, mode=grp_mode, mask=0)
next reply other threads:[~2011-08-12 9:47 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-08-12 9:47 Zac Medico [this message]
-- strict thread matches above, loose matches on Subject: below --
2011-07-11 21:06 [gentoo-commits] proj/portage:master commit in: pym/portage/package/ebuild/, pym/portage/elog/ Zac Medico
2011-07-11 16:55 Zac Medico
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=e3954bead8d7e37978cac4ae5a5ec7836d3dcd1c.zmedico@gentoo \
--to=zmedico@gentoo.org \
--cc=gentoo-commits@lists.gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox