[gentoo-portage-dev] [PATCH v2] unpack: use chmod-lite helper for bug 554084

[Zac Medico]

Use the apply_recursive_permissions function to minimize the number of
chmod calls.

Also, fix an UnboundLocalError triggered in portage.data._get_global
by chmod-lite.

X-Gentoo-Bug: 554084
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=554084
---
[PATCH v2] fixes apply_recursive_permissions to apply permissions to
a directory before that directory is traversed.

 bin/chmod-lite               | 10 ++++++++++
 bin/chmod-lite.py            | 30 ++++++++++++++++++++++++++++++
 bin/phase-helpers.sh         |  2 +-
 pym/portage/data.py          |  2 +-
 pym/portage/util/__init__.py | 30 +++++++++++++++++-------------
 5 files changed, 59 insertions(+), 15 deletions(-)
 create mode 100755 bin/chmod-lite
 create mode 100755 bin/chmod-lite.py

diff --git a/bin/chmod-lite b/bin/chmod-lite
new file mode 100755
index 0000000..ffa8d4d
--- /dev/null
+++ b/bin/chmod-lite
@@ -0,0 +1,10 @@
+#!/bin/bash
+# Copyright 2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+export __PORTAGE_HELPER_CWD=${PWD}
+
+# Use safe cwd, avoiding unsafe import for bug #469338.
+cd "${PORTAGE_PYM_PATH}" || exit 1
+PYTHONPATH=${PORTAGE_PYTHONPATH:-${PORTAGE_PYM_PATH}} \
+       exec "${PORTAGE_PYTHON:-/usr/bin/python}" 
"$PORTAGE_BIN_PATH/chmod-lite.py" "$@"
diff --git a/bin/chmod-lite.py b/bin/chmod-lite.py
new file mode 100755
index 0000000..a552b25
--- /dev/null
+++ b/bin/chmod-lite.py
@@ -0,0 +1,30 @@
+#!/usr/bin/python -b
+# Copyright 2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+import os
+import sys
+
+from portage.util import apply_recursive_permissions
+
+# Change back to original cwd _after_ all imports (bug #469338).
+os.chdir(os.environ["__PORTAGE_HELPER_CWD"])
+
+def main(files):
+
+       if sys.hexversion >= 0x3000000:
+               # We can't trust that the filesystem encoding (locale dependent)
+               # correctly matches the arguments, so use surrogateescape to
+               # pass through the original argv bytes for Python 3.
+               fs_encoding = sys.getfilesystemencoding()
+               files = [x.encode(fs_encoding, 'surrogateescape') for x in 
files]
+
+       for filename in files:
+               # Emulate 'chmod -fR a+rX,u+w,g-w,o-w' with mininal chmod calls.
+               apply_recursive_permissions(filename, filemode=0o644,
+                       filemask=0o022, dirmode=0o755, dirmask=0o022)
+
+       return os.EX_OK
+
+if __name__ == "__main__":
+       sys.exit(main(sys.argv[1:]))
diff --git a/bin/phase-helpers.sh b/bin/phase-helpers.sh
index efd2cfa..0c25ffe 100644
--- a/bin/phase-helpers.sh
+++ b/bin/phase-helpers.sh
@@ -532,7 +532,7 @@ unpack() {
        # Do not chmod '.' since it's probably ${WORKDIR} and 
PORTAGE_WORKDIR_MODE
        # should be preserved.
        find . -mindepth 1 -maxdepth 1 ! -type l -print0 | \
-               ${XARGS} -0 chmod -fR a+rX,u+w,g-w,o-w
+               ${XARGS} -0 "${PORTAGE_BIN_PATH}/chmod-lite"
 }
 
 econf() {
diff --git a/pym/portage/data.py b/pym/portage/data.py
index 2fd287d..2c99548 100644
--- a/pym/portage/data.py
+++ b/pym/portage/data.py
@@ -139,7 +139,7 @@ def _get_global(k):
                        v = 2
                elif unprivileged:
                        v = 2
-               elif portage_gid in os.getgroups():
+               elif _get_global('portage_gid') in os.getgroups():
                        v = 1
 
        elif k in ('portage_gid', 'portage_uid'):
diff --git a/pym/portage/util/__init__.py b/pym/portage/util/__init__.py
index c0b509b..2dcd5b6 100644
--- a/pym/portage/util/__init__.py
+++ b/pym/portage/util/__init__.py
@@ -17,9 +17,9 @@ from copy import deepcopy
 import errno
 import io
 try:
-       from itertools import filterfalse
+       from itertools import chain, filterfalse
 except ImportError:
-       from itertools import ifilterfalse as filterfalse
+       from itertools import chain, ifilterfalse as filterfalse
 import logging
 import re
 import shlex
@@ -1177,22 +1177,26 @@ def apply_recursive_permissions(top, uid=-1, gid=-1,
                        else:
                                raise
 
+       # For bug 554084, always apply permissions to a directory before
+       # that directory is traversed.
        all_applied = True
-       for dirpath, dirnames, filenames in os.walk(top):
-               try:
-                       applied = apply_secpass_permissions(dirpath,
-                               uid=uid, gid=gid, mode=dirmode, mask=dirmask,
-                               follow_links=follow_links)
-                       if not applied:
-                               all_applied = False
-               except PortageException as e:
+
+       try:
+               applied = apply_secpass_permissions(top,
+                       uid=uid, gid=gid, mode=dirmode, mask=dirmask,
+                       follow_links=follow_links)
+               if not applied:
                        all_applied = False
-                       onerror(e)
+       except PortageException as e:
+               all_applied = False
+               onerror(e)
 
-               for name in filenames:
+       for dirpath, dirnames, filenames in os.walk(top):
+               for name, mode in chain(((x, filemode) for x in filenames),
+                       ((x, dirmode) for x in dirnames)):
                        try:
                                applied = 
apply_secpass_permissions(os.path.join(dirpath, name),
-                                       uid=uid, gid=gid, mode=filemode, 
mask=filemask,
+                                       uid=uid, gid=gid, mode=mode, 
mask=filemask,
                                        follow_links=follow_links)
                                if not applied:
                                        all_applied = False
-- 
2.4.6