* [gentoo-portage-dev] [PATCH] update LOGNAME variable when appropriate (534722)
@ 2015-01-19 3:13 Zac Medico
2015-01-19 15:36 ` Brian Dolbec
0 siblings, 1 reply; 2+ messages in thread
From: Zac Medico @ 2015-01-19 3:13 UTC (permalink / raw
To: gentoo-portage-dev; +Cc: Zac Medico
Fix userpriv, usersync, and userfetch code to update the LOGNAME
variable when dropping privileges, so that tools that rely on it will
work properly. Note that bin/save-ebuild-env.sh filters LOGNAME,
preventing stale LOGNAME settings from persisting between ebuild phases
that run with different privileges.
X-Gentoo-Bug: 534722
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=534722
---
pym/portage/package/ebuild/doebuild.py | 40 ++++++++++++++++++++++++----------
pym/portage/package/ebuild/fetch.py | 7 +++++-
pym/portage/sync/controller.py | 18 ++++++++++-----
3 files changed, 46 insertions(+), 19 deletions(-)
diff --git a/pym/portage/package/ebuild/doebuild.py b/pym/portage/package/ebuild/doebuild.py
index f43dddc..791b5c3 100644
--- a/pym/portage/package/ebuild/doebuild.py
+++ b/pym/portage/package/ebuild/doebuild.py
@@ -1493,8 +1493,10 @@ def spawn(mystring, mysettings, debug=False, free=False, droppriv=False,
fakeroot = fakeroot and uid != 0 and portage.process.fakeroot_capable
portage_build_uid = os.getuid()
portage_build_gid = os.getgid()
+ logname = None
if uid == 0 and portage_uid and portage_gid and hasattr(os, "setgroups"):
if droppriv:
+ logname = portage.data._portage_username
keywords.update({
"uid": portage_uid,
"gid": portage_gid,
@@ -1579,21 +1581,35 @@ def spawn(mystring, mysettings, debug=False, free=False, droppriv=False,
spawn_func = selinux.spawn_wrapper(spawn_func,
mysettings["PORTAGE_SANDBOX_T"])
- if keywords.get("returnpid"):
- return spawn_func(mystring, env=mysettings.environ(),
- **portage._native_kwargs(keywords))
+ logname_backup = None
+ if logname is not None:
+ logname_backup = mysettings.configdict["env"].get("LOGNAME")
+ mysettings.configdict["env"]["LOGNAME"] = logname
- proc = EbuildSpawnProcess(
- background=False, args=mystring,
- scheduler=SchedulerInterface(portage._internal_caller and
- global_event_loop() or EventLoop(main=False)),
- spawn_func=spawn_func,
- settings=mysettings, **portage._native_kwargs(keywords))
+ try:
+ if keywords.get("returnpid"):
+ return spawn_func(mystring, env=mysettings.environ(),
+ **portage._native_kwargs(keywords))
+
+ proc = EbuildSpawnProcess(
+ background=False, args=mystring,
+ scheduler=SchedulerInterface(portage._internal_caller and
+ global_event_loop() or EventLoop(main=False)),
+ spawn_func=spawn_func,
+ settings=mysettings, **portage._native_kwargs(keywords))
+
+ proc.start()
+ proc.wait()
- proc.start()
- proc.wait()
+ return proc.returncode
- return proc.returncode
+ finally:
+ if logname is None:
+ pass
+ elif logname_backup is None:
+ mysettings.configdict["env"].pop("LOGNAME", None)
+ else:
+ mysettings.configdict["env"]["LOGNAME"] = logname_backup
# parse actionmap to spawn ebuild with the appropriate args
def spawnebuild(mydo, actionmap, mysettings, debug, alwaysdep=0,
diff --git a/pym/portage/package/ebuild/fetch.py b/pym/portage/package/ebuild/fetch.py
index 2424ff3..7b856a2 100644
--- a/pym/portage/package/ebuild/fetch.py
+++ b/pym/portage/package/ebuild/fetch.py
@@ -73,10 +73,12 @@ def _spawn_fetch(settings, args, **kwargs):
2 : sys.__stdout__.fileno(),
}
+ logname = None
if "userfetch" in settings.features and \
os.getuid() == 0 and portage_gid and portage_uid and \
hasattr(os, "setgroups"):
kwargs.update(_userpriv_spawn_kwargs)
+ logname = portage.data._portage_username
spawn_func = spawn
@@ -93,8 +95,11 @@ def _spawn_fetch(settings, args, **kwargs):
# proxy variables, as in bug #315421).
phase_backup = settings.get('EBUILD_PHASE')
settings['EBUILD_PHASE'] = 'fetch'
+ env = settings.environ()
+ if logname is not None:
+ env["LOGNAME"] = logname
try:
- rval = spawn_func(args, env=settings.environ(), **kwargs)
+ rval = spawn_func(args, env=env, **kwargs)
finally:
if phase_backup is None:
settings.pop('EBUILD_PHASE', None)
diff --git a/pym/portage/sync/controller.py b/pym/portage/sync/controller.py
index 128a38e..d2c606d 100644
--- a/pym/portage/sync/controller.py
+++ b/pym/portage/sync/controller.py
@@ -205,6 +205,7 @@ class SyncManager(object):
user = None
group = None
home = None
+ logname = None
spl = sync_user.split(':', 1)
if spl[0]:
@@ -217,10 +218,11 @@ class SyncManager(object):
except (ValueError, KeyError):
writemsg("!!! User '%s' invalid or does not exist\n"
% username, noiselevel=-1)
- return (user, group, home)
+ return (logname, user, group, home)
user = pw.pw_uid
group = pw.pw_gid
home = pw.pw_dir
+ logname = pw.pw_name
if len(spl) > 1:
groupname = spl[1]
@@ -232,14 +234,15 @@ class SyncManager(object):
except (ValueError, KeyError):
writemsg("!!! Group '%s' invalid or does not exist\n"
% groupname, noiselevel=-1)
- return (user, group, home)
+ return (logname, user, group, home)
group = gp.gr_gid
- return (user, group, home)
+ return (logname, user, group, home)
# user or user:group
- (uid, gid, home) = get_sync_user_data(repo.sync_user)
+ (logname, uid, gid, home) = get_sync_user_data(
+ repo.sync_user)
if uid is not None:
spawn_kwargs["uid"] = uid
self.usersync_uid = uid
@@ -248,6 +251,8 @@ class SyncManager(object):
spawn_kwargs["groups"] = [gid]
if home is not None:
spawn_kwargs["env"]["HOME"] = home
+ if logname is not None:
+ spawn_kwargs["env"]["LOGNAME"] = logname
if st is None:
perms = {'mode': 0o755}
@@ -268,7 +273,7 @@ class SyncManager(object):
(st.st_uid != os.getuid() and st.st_mode & 0o700 or
st.st_gid != os.getgid() and st.st_mode & 0o070)):
try:
- homedir = pwd.getpwuid(st.st_uid).pw_dir
+ pw = pwd.getpwuid(st.st_uid)
except KeyError:
pass
else:
@@ -278,7 +283,8 @@ class SyncManager(object):
spawn_kwargs["uid"] = st.st_uid
spawn_kwargs["gid"] = st.st_gid
spawn_kwargs["groups"] = [st.st_gid]
- spawn_kwargs["env"]["HOME"] = homedir
+ spawn_kwargs["env"]["HOME"] = pw.pw_dir
+ spawn_kwargs["env"]["LOGNAME"] = pw.pw_name
umask = 0o002
if not st.st_mode & 0o020:
umask = umask | 0o020
--
2.0.5
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [gentoo-portage-dev] [PATCH] update LOGNAME variable when appropriate (534722)
2015-01-19 3:13 [gentoo-portage-dev] [PATCH] update LOGNAME variable when appropriate (534722) Zac Medico
@ 2015-01-19 15:36 ` Brian Dolbec
0 siblings, 0 replies; 2+ messages in thread
From: Brian Dolbec @ 2015-01-19 15:36 UTC (permalink / raw
To: gentoo-portage-dev
On Sun, 18 Jan 2015 19:13:35 -0800
Zac Medico <zmedico@gentoo.org> wrote:
> Fix userpriv, usersync, and userfetch code to update the LOGNAME
> variable when dropping privileges, so that tools that rely on it will
> work properly. Note that bin/save-ebuild-env.sh filters LOGNAME,
> preventing stale LOGNAME settings from persisting between ebuild
> phases that run with different privileges.
>
> X-Gentoo-Bug: 534722
> X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=534722
> ---
> pym/portage/package/ebuild/doebuild.py | 40
> ++++++++++++++++++++++++----------
> pym/portage/package/ebuild/fetch.py | 7 +++++-
> pym/portage/sync/controller.py | 18 ++++++++++----- 3 files
> changed, 46 insertions(+), 19 deletions(-)
>
Looks good
--
Brian Dolbec <dolsen>
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2015-01-19 15:36 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-01-19 3:13 [gentoo-portage-dev] [PATCH] update LOGNAME variable when appropriate (534722) Zac Medico
2015-01-19 15:36 ` Brian Dolbec
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox