commit: 1d3d917e6bc71570b00737682306fe8647568a3e
Author: Kerin Millar <kfm <AT> plushkava <DOT> net>
AuthorDate: Mon Jul 7 13:22:16 2025 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sun Jul 13 04:19:05 2025 +0000
URL: https://gitweb.gentoo.org/proj/portage.git/commit/?id=1d3d917e
ebuild.sh: merge sandbox paths without sort -z and elide empty paths
Presently, the "ebuild.sh" utility contains a routine that merges the
colon-separated substrings of the 'SANDBOX_DENY', 'SANDBOX_PREDICT',
'SANDBOX_READ' and 'SANDBOX_WRITE' variables with those of their
counterparts that are prefixed with "PORTAGE_". In the course of doing
so, it executes the sort(1) and tr(1) utilities so as to de-duplicate
the resulting list, effectively producing a set. This routine suffers
from a few minor issues, which are described and addressed herewith.
The sort(1) utility is given the non-standard -z option. I find this to
be distasteful, chiefly because PMS makes no promise that a given
implementation of the utility shall be available. Address this issue by
refraining from using any external utilities whatsoever.
The routine fails to elide empty paths. Address this issue by
consistently disregarding the null string. Consider a scenario in which
the 'SANDBOX_DENY' and 'PORTAGE_SANDBOX_DENY' variables are being
processed, having been set as follows.
SANDBOX_DENY=/foo::/bar
PORTAGE_SANDBOX_DENY=/baz
Prior to this commit, the string representing the final set would be
formed as ":/bar:/baz:/foo". Following this commit, it shall instead be
formed as "/baz:/foo:/bar".
It should be noted that the revised code employs the ${param@Q} form of
expansion. Doing so is acceptable, given a target of >=bash-4.4.
Signed-off-by: Kerin Millar <kfm <AT> plushkava.net>
Signed-off-by: Sam James <sam <AT> gentoo.org>
bin/ebuild.sh | 28 ++++++++++++++++------------
1 file changed, 16 insertions(+), 12 deletions(-)
diff --git a/bin/ebuild.sh b/bin/ebuild.sh
index c81f4436e1..ff2527146d 100755
--- a/bin/ebuild.sh
+++ b/bin/ebuild.sh
@@ -576,20 +576,24 @@ then
# may be unusable (triggering in spurious sandbox violations)
# until we've merged them with our current values.
export SANDBOX_ON=0
- for x in SANDBOX_DENY SANDBOX_PREDICT SANDBOX_READ SANDBOX_WRITE ; do
- y="PORTAGE_${x}"
- if [[ -z "${!x}" ]]; then
- export ${x}="${!y}"
- elif [[ -n "${!y}" && "${!y}" != "${!x}" ]]; then
- # Filter out dupes
- export ${x}="$(printf '%s:%s' "${!y}" "${!x}" | tr ":"
"\0" | \
- sort -z -u | tr "\0" ":")"
- fi
- export ${x}="${!x%:}"
- unset PORTAGE_${x}
+ declare -A seen
+ for x in SANDBOX_DENY SANDBOX_PREDICT SANDBOX_READ SANDBOX_WRITE; do
+ {
+ export "${x}="
+ seen=()
+ i=0
+ while IFS= read -rd : path; do
+ if [[ ${path} && ! ${seen[$path]} ]]; then
+ (( i++ > 0 )) && eval "${x}+=:"
+ eval "${x}+=${path@Q}"
+ seen[$path]=1
+ fi
+ done
+ } < <(y="PORTAGE_${x}"; printf '%s:%s:' "${!y}" "${!x}")
+ unset "PORTAGE_${x}"
done
- unset x y
+ unset path seen i x
export SANDBOX_ON=${PORTAGE_SANDBOX_ON}
unset PORTAGE_SANDBOX_ON
[[ -n ${EAPI} ]] || EAPI=0
