Dnia 2015-01-25, o godz. 13:43:14 Zac Medico napisał(a): > On 01/25/2015 06:00 AM, Michał Górny wrote: > > diff --git a/bin/socks5-server.py b/bin/socks5-server.py > > new file mode 100644 > > index 0000000..c079018 > > --- /dev/null > > +++ b/bin/socks5-server.py > > @@ -0,0 +1,218 @@ > > +#!/usr/bin/env python > > +# SOCKSv5 proxy server for network-sandbox > > +# Copyright 2015 Gentoo Foundation > > +# Distributed under the terms of the GNU General Public License v2 > > + > > +import asyncore > > +import errno > > +import socket > > +import struct > > +import sys > > + > > + > > +class ProxyConnection(asyncore.dispatcher_with_send): > > + _addr = None > > + _connected = False > > + _family = socket.AF_INET > > + _proxy_conn = None > > + > > + def __init__(self, proxy_conn): > > + self._proxy_conn = proxy_conn > > + asyncore.dispatcher_with_send.__init__(self) > > + self.create_socket(self._family, socket.SOCK_STREAM) > > + > > + def start_connection(self, host, port): > > + try: > > + self.connect((host, port)) > > + except: > > + self.handle_error() > > This except handler should at least allow SystemExit and > KeyboardInterrupt to raise. handle_error() has conditional exception reraising code. > > diff --git a/pym/portage/package/ebuild/_config/special_env_vars.py b/pym/portage/package/ebuild/_config/special_env_vars.py > > index 6bb3c95..905d5e7 100644 > > --- a/pym/portage/package/ebuild/_config/special_env_vars.py > > +++ b/pym/portage/package/ebuild/_config/special_env_vars.py > > @@ -71,7 +71,7 @@ environ_whitelist += [ > > "PORTAGE_PYM_PATH", "PORTAGE_PYTHON", > > "PORTAGE_PYTHONPATH", "PORTAGE_QUIET", > > "PORTAGE_REPO_NAME", "PORTAGE_REPOSITORIES", "PORTAGE_RESTRICT", > > - "PORTAGE_SIGPIPE_STATUS", > > + "PORTAGE_SIGPIPE_STATUS", "PORTAGE_SOCKS5_PROXY", > > "PORTAGE_TMPDIR", "PORTAGE_UPDATE_ENV", "PORTAGE_USERNAME", > > "PORTAGE_VERBOSE", "PORTAGE_WORKDIR_MODE", "PORTAGE_XATTR_EXCLUDE", > > "PORTDIR", "PORTDIR_OVERLAY", "PREROOTPATH", > > The DISTCC_SOCKS_PROXY variable should also be added to the whitelist. There's a regexp for DISTCC_* below. > Other than these 2 minor issues, the patch looks to me. I guess there's > no point in using portage's event loop instead of asyncore, since we > want the proxy to drop privileges, and therefore it can't run in the > main portage process. To be honest, I didn't even think about it. Asyncore seemed like the Python way of doing non-blocking socket I/O. -- Best regards, Michał Górny