commit: b7baeeec3ab6d1e944a2d1f9ab5d4d6ccebd97e8 Author: Zac Medico <zmedico <AT> gentoo <DOT> org> AuthorDate: Fri Oct 2 07:09:31 2015 +0000 Commit: Zac Medico <zmedico <AT> gentoo <DOT> org> CommitDate: Sat Oct 3 17:03:33 2015 +0000 URL: https://gitweb.gentoo.org/proj/portage.git/commit/?id=b7baeeec
unpack: use chmod-lite helper for bug 554084 Use the apply_recursive_permissions function to minimize the number of chmod calls. Also, fix an UnboundLocalError triggered in portage.data._get_global by chmod-lite. X-Gentoo-Bug: 554084 X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=554084 Acked-by: Brian Dolbec <dolsen <AT> gentoo.org> bin/chmod-lite | 10 +++++ bin/chmod-lite.py | 30 ++++++++++++++ bin/phase-helpers.sh | 2 +- pym/portage/data.py | 2 +- pym/portage/util/__init__.py | 93 ++++++++++++++++++++++++-------------------- 5 files changed, 92 insertions(+), 45 deletions(-) diff --git a/bin/chmod-lite b/bin/chmod-lite new file mode 100755 index 0000000..ffa8d4d --- /dev/null +++ b/bin/chmod-lite @@ -0,0 +1,10 @@ +#!/bin/bash +# Copyright 2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +export __PORTAGE_HELPER_CWD=${PWD} + +# Use safe cwd, avoiding unsafe import for bug #469338. +cd "${PORTAGE_PYM_PATH}" || exit 1 +PYTHONPATH=${PORTAGE_PYTHONPATH:-${PORTAGE_PYM_PATH}} \ + exec "${PORTAGE_PYTHON:-/usr/bin/python}" "$PORTAGE_BIN_PATH/chmod-lite.py" "$@" diff --git a/bin/chmod-lite.py b/bin/chmod-lite.py new file mode 100755 index 0000000..177be7e --- /dev/null +++ b/bin/chmod-lite.py @@ -0,0 +1,30 @@ +#!/usr/bin/python -b +# Copyright 2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +import os +import sys + +from portage.util import apply_recursive_permissions + +# Change back to original cwd _after_ all imports (bug #469338). +os.chdir(os.environ["__PORTAGE_HELPER_CWD"]) + +def main(files): + + if sys.hexversion >= 0x3000000: + # We can't trust that the filesystem encoding (locale dependent) + # correctly matches the arguments, so use surrogateescape to + # pass through the original argv bytes for Python 3. + fs_encoding = sys.getfilesystemencoding() + files = [x.encode(fs_encoding, 'surrogateescape') for x in files] + + for filename in files: + # Emulate 'chmod -fR a+rX,u+w,g-w,o-w' with minimal chmod calls. + apply_recursive_permissions(filename, filemode=0o644, + filemask=0o022, dirmode=0o755, dirmask=0o022) + + return os.EX_OK + +if __name__ == "__main__": + sys.exit(main(sys.argv[1:])) diff --git a/bin/phase-helpers.sh b/bin/phase-helpers.sh index efd2cfa..0c25ffe 100644 --- a/bin/phase-helpers.sh +++ b/bin/phase-helpers.sh @@ -532,7 +532,7 @@ unpack() { # Do not chmod '.' since it's probably ${WORKDIR} and PORTAGE_WORKDIR_MODE # should be preserved. find . -mindepth 1 -maxdepth 1 ! -type l -print0 | \ - ${XARGS} -0 chmod -fR a+rX,u+w,g-w,o-w + ${XARGS} -0 "${PORTAGE_BIN_PATH}/chmod-lite" } econf() { diff --git a/pym/portage/data.py b/pym/portage/data.py index 2fd287d..2c99548 100644 --- a/pym/portage/data.py +++ b/pym/portage/data.py @@ -139,7 +139,7 @@ def _get_global(k): v = 2 elif unprivileged: v = 2 - elif portage_gid in os.getgroups(): + elif _get_global('portage_gid') in os.getgroups(): v = 1 elif k in ('portage_gid', 'portage_uid'): diff --git a/pym/portage/util/__init__.py b/pym/portage/util/__init__.py index c0b509b..2b7ff8d 100644 --- a/pym/portage/util/__init__.py +++ b/pym/portage/util/__init__.py @@ -17,9 +17,9 @@ from copy import deepcopy import errno import io try: - from itertools import filterfalse + from itertools import chain, filterfalse except ImportError: - from itertools import ifilterfalse as filterfalse + from itertools import chain, ifilterfalse as filterfalse import logging import re import shlex @@ -1041,6 +1041,23 @@ def unique_everseen(iterable, key=None): seen_add(k) yield element +def _do_stat(filename, follow_links=True): + try: + if follow_links: + return os.stat(filename) + else: + return os.lstat(filename) + except OSError as oe: + func_call = "stat('%s')" % filename + if oe.errno == errno.EPERM: + raise OperationNotPermitted(func_call) + elif oe.errno == errno.EACCES: + raise PermissionDenied(func_call) + elif oe.errno == errno.ENOENT: + raise FileNotFound(filename) + else: + raise + def apply_permissions(filename, uid=-1, gid=-1, mode=-1, mask=-1, stat_cached=None, follow_links=True): """Apply user, group, and mode bits to a file if the existing bits do not @@ -1058,21 +1075,7 @@ def apply_permissions(filename, uid=-1, gid=-1, mode=-1, mask=-1, gid = int(gid) if stat_cached is None: - try: - if follow_links: - stat_cached = os.stat(filename) - else: - stat_cached = os.lstat(filename) - except OSError as oe: - func_call = "stat('%s')" % filename - if oe.errno == errno.EPERM: - raise OperationNotPermitted(func_call) - elif oe.errno == errno.EACCES: - raise PermissionDenied(func_call) - elif oe.errno == errno.ENOENT: - raise FileNotFound(filename) - else: - raise + stat_cached = _do_stat(filename, follow_links=follow_links) if (uid != -1 and uid != stat_cached.st_uid) or \ (gid != -1 and gid != stat_cached.st_gid): @@ -1177,22 +1180,40 @@ def apply_recursive_permissions(top, uid=-1, gid=-1, else: raise + # For bug 554084, always apply permissions to a directory before + # that directory is traversed. all_applied = True - for dirpath, dirnames, filenames in os.walk(top): - try: - applied = apply_secpass_permissions(dirpath, - uid=uid, gid=gid, mode=dirmode, mask=dirmask, - follow_links=follow_links) - if not applied: - all_applied = False - except PortageException as e: + + try: + stat_cached = _do_stat(top, follow_links=follow_links) + except FileNotFound: + # backward compatibility + return True + + if stat.S_ISDIR(stat_cached.st_mode): + mode = dirmode + mask = dirmask + else: + mode = filemode + mask = filemask + + try: + applied = apply_secpass_permissions(top, + uid=uid, gid=gid, mode=mode, mask=mask, + stat_cached=stat_cached, follow_links=follow_links) + if not applied: all_applied = False - onerror(e) + except PortageException as e: + all_applied = False + onerror(e) - for name in filenames: + for dirpath, dirnames, filenames in os.walk(top): + for name, mode, mask in chain( + ((x, filemode, filemask) for x in filenames), + ((x, dirmode, dirmask) for x in dirnames)): try: applied = apply_secpass_permissions(os.path.join(dirpath, name), - uid=uid, gid=gid, mode=filemode, mask=filemask, + uid=uid, gid=gid, mode=mode, mask=mask, follow_links=follow_links) if not applied: all_applied = False @@ -1216,21 +1237,7 @@ def apply_secpass_permissions(filename, uid=-1, gid=-1, mode=-1, mask=-1, unapplied.""" if stat_cached is None: - try: - if follow_links: - stat_cached = os.stat(filename) - else: - stat_cached = os.lstat(filename) - except OSError as oe: - func_call = "stat('%s')" % filename - if oe.errno == errno.EPERM: - raise OperationNotPermitted(func_call) - elif oe.errno == errno.EACCES: - raise PermissionDenied(func_call) - elif oe.errno == errno.ENOENT: - raise FileNotFound(filename) - else: - raise + stat_cached = _do_stat(filename, follow_links=follow_links) all_applied = True