* [gentoo-portage-dev] [PATCH] PORTAGE_XATTR_EXCLUDE: preserve security.capability (bug 548516)
@ 2015-05-03 19:18 Zac Medico
2015-05-03 23:10 ` [gentoo-portage-dev] [PATCH v2] " Zac Medico
0 siblings, 1 reply; 3+ messages in thread
From: Zac Medico @ 2015-05-03 19:18 UTC (permalink / raw
To: gentoo-portage-dev; +Cc: Zac Medico
Also, fix BinpkgExtractorAsync tar options to preserve
security.capability attributes.
X-Gentoo-Bug: 548516
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=548516
---
cnf/make.globals | 6 ++++--
| 3 ++-
2 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/cnf/make.globals b/cnf/make.globals
index dd99618..5698636 100644
--- a/cnf/make.globals
+++ b/cnf/make.globals
@@ -123,9 +123,11 @@ PORTAGE_ELOG_MAILFROM="portage@localhost"
PORTAGE_GPG_SIGNING_COMMAND="gpg --sign --digest-algo SHA256 --clearsign --yes --default-key \"\${PORTAGE_GPG_KEY}\" --homedir \"\${PORTAGE_GPG_DIR}\" \"\${FILE}\""
# btrfs.* attributes are irrelevant, see bug #527636.
-# Security labels are special, see bug #461868.
+# security.* attributes may be special (see bug 461868), but
+# security.capabilities is specifically not excluded (bug 548516).
# system.nfs4_acl attributes are irrelevant, see bug #475496.
-PORTAGE_XATTR_EXCLUDE="btrfs.* security.* system.nfs4_acl"
+PORTAGE_XATTR_EXCLUDE="btrfs.* security.evm security.ima
+ security.selinux system.nfs4_acl"
# *****************************
# ** DO NOT EDIT THIS FILE **
--git a/pym/_emerge/BinpkgExtractorAsync.py b/pym/_emerge/BinpkgExtractorAsync.py
index 6aaa448..6b5539a 100644
--- a/pym/_emerge/BinpkgExtractorAsync.py
+++ b/pym/_emerge/BinpkgExtractorAsync.py
@@ -23,7 +23,8 @@ class BinpkgExtractorAsync(SpawnProcess):
process = subprocess.Popen(["tar", "--help"], stdout=subprocess.PIPE, stderr=subprocess.PIPE)
output = process.communicate()[0]
if b"--xattrs" in output:
- tar_options = "--xattrs"
+ tar_options = ("--xattrs --xattrs-include='*' --xattrs-exclude="
+ "'%s'" % self.env.get("PORTAGE_XATTR_EXCLUDE", ""))
decomp_cmd = _decompressors.get(
compression_probe(self.pkg_path))
--
2.3.5
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [gentoo-portage-dev] [PATCH v2] PORTAGE_XATTR_EXCLUDE: preserve security.capability (bug 548516)
2015-05-03 19:18 [gentoo-portage-dev] [PATCH] PORTAGE_XATTR_EXCLUDE: preserve security.capability (bug 548516) Zac Medico
@ 2015-05-03 23:10 ` Zac Medico
2015-05-04 3:03 ` Brian Dolbec
0 siblings, 1 reply; 3+ messages in thread
From: Zac Medico @ 2015-05-03 23:10 UTC (permalink / raw
To: gentoo-portage-dev; +Cc: Zac Medico
Also, fix BinpkgExtractorAsync tar options to preserve
security.capability attributes.
X-Gentoo-Bug: 548516
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=548516
---
[PATCH v2] fixes BinpkgExtractorAsync tar --xattrs-exclude arguments to work
correcty (each token must be passed as a separate argument)
cnf/make.globals | 6 ++++--
| 5 ++++-
2 files changed, 8 insertions(+), 3 deletions(-)
diff --git a/cnf/make.globals b/cnf/make.globals
index dd99618..5698636 100644
--- a/cnf/make.globals
+++ b/cnf/make.globals
@@ -123,9 +123,11 @@ PORTAGE_ELOG_MAILFROM="portage@localhost"
PORTAGE_GPG_SIGNING_COMMAND="gpg --sign --digest-algo SHA256 --clearsign --yes --default-key \"\${PORTAGE_GPG_KEY}\" --homedir \"\${PORTAGE_GPG_DIR}\" \"\${FILE}\""
# btrfs.* attributes are irrelevant, see bug #527636.
-# Security labels are special, see bug #461868.
+# security.* attributes may be special (see bug 461868), but
+# security.capabilities is specifically not excluded (bug 548516).
# system.nfs4_acl attributes are irrelevant, see bug #475496.
-PORTAGE_XATTR_EXCLUDE="btrfs.* security.* system.nfs4_acl"
+PORTAGE_XATTR_EXCLUDE="btrfs.* security.evm security.ima
+ security.selinux system.nfs4_acl"
# *****************************
# ** DO NOT EDIT THIS FILE **
--git a/pym/_emerge/BinpkgExtractorAsync.py b/pym/_emerge/BinpkgExtractorAsync.py
index 6aaa448..0bf3c74 100644
--- a/pym/_emerge/BinpkgExtractorAsync.py
+++ b/pym/_emerge/BinpkgExtractorAsync.py
@@ -23,7 +23,10 @@ class BinpkgExtractorAsync(SpawnProcess):
process = subprocess.Popen(["tar", "--help"], stdout=subprocess.PIPE, stderr=subprocess.PIPE)
output = process.communicate()[0]
if b"--xattrs" in output:
- tar_options = "--xattrs"
+ tar_options = ["--xattrs", "--xattrs-include='*'"]
+ for x in portage.util.shlex_split(self.env.get("PORTAGE_XATTR_EXCLUDE", "")):
+ tar_options.append(portage._shell_quote("--xattrs-exclude=%s" % x))
+ tar_options = " ".join(tar_options)
decomp_cmd = _decompressors.get(
compression_probe(self.pkg_path))
--
2.3.5
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [gentoo-portage-dev] [PATCH v2] PORTAGE_XATTR_EXCLUDE: preserve security.capability (bug 548516)
2015-05-03 23:10 ` [gentoo-portage-dev] [PATCH v2] " Zac Medico
@ 2015-05-04 3:03 ` Brian Dolbec
0 siblings, 0 replies; 3+ messages in thread
From: Brian Dolbec @ 2015-05-04 3:03 UTC (permalink / raw
To: gentoo-portage-dev
On Sun, 3 May 2015 16:10:58 -0700
Zac Medico <zmedico@gentoo.org> wrote:
> Also, fix BinpkgExtractorAsync tar options to preserve
> security.capability attributes.
>
> X-Gentoo-Bug: 548516
> X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=548516
> ---
> [PATCH v2] fixes BinpkgExtractorAsync tar --xattrs-exclude arguments
> to work correcty (each token must be passed as a separate argument)
>
> cnf/make.globals | 6 ++++--
> pym/_emerge/BinpkgExtractorAsync.py | 5 ++++-
> 2 files changed, 8 insertions(+), 3 deletions(-)
>
> diff --git a/cnf/make.globals b/cnf/make.globals
> index dd99618..5698636 100644
> --- a/cnf/make.globals
> +++ b/cnf/make.globals
> @@ -123,9 +123,11 @@ PORTAGE_ELOG_MAILFROM="portage@localhost"
> PORTAGE_GPG_SIGNING_COMMAND="gpg --sign --digest-algo SHA256
> --clearsign --yes --default-key \"\${PORTAGE_GPG_KEY}\" --homedir
> \"\${PORTAGE_GPG_DIR}\" \"\${FILE}\"" # btrfs.* attributes are
> irrelevant, see bug #527636. -# Security labels are special, see bug
> #461868. +# security.* attributes may be special (see bug 461868), but
> +# security.capabilities is specifically not excluded (bug 548516).
> # system.nfs4_acl attributes are irrelevant, see bug #475496.
> -PORTAGE_XATTR_EXCLUDE="btrfs.* security.* system.nfs4_acl"
> +PORTAGE_XATTR_EXCLUDE="btrfs.* security.evm security.ima
> + security.selinux system.nfs4_acl"
>
> # *****************************
> # ** DO NOT EDIT THIS FILE **
> diff --git a/pym/_emerge/BinpkgExtractorAsync.py
> b/pym/_emerge/BinpkgExtractorAsync.py index 6aaa448..0bf3c74 100644
> --- a/pym/_emerge/BinpkgExtractorAsync.py
> +++ b/pym/_emerge/BinpkgExtractorAsync.py
> @@ -23,7 +23,10 @@ class BinpkgExtractorAsync(SpawnProcess):
> process = subprocess.Popen(["tar",
> "--help"], stdout=subprocess.PIPE, stderr=subprocess.PIPE) output =
> process.communicate()[0] if b"--xattrs" in output:
> - tar_options = "--xattrs"
> + tar_options = ["--xattrs",
> "--xattrs-include='*'"]
> + for x in
> portage.util.shlex_split(self.env.get("PORTAGE_XATTR_EXCLUDE", "")):
> +
> tar_options.append(portage._shell_quote("--xattrs-exclude=%s" % x))
> + tar_options = " ".join(tar_options)
>
> decomp_cmd = _decompressors.get(
> compression_probe(self.pkg_path))
Merge please :)
--
Brian Dolbec <dolsen>
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2015-05-04 3:04 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-05-03 19:18 [gentoo-portage-dev] [PATCH] PORTAGE_XATTR_EXCLUDE: preserve security.capability (bug 548516) Zac Medico
2015-05-03 23:10 ` [gentoo-portage-dev] [PATCH v2] " Zac Medico
2015-05-04 3:03 ` Brian Dolbec
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox