[gentoo-portage-dev] [PATCH] sync: allow overriding sync-user for the repository

2014-12-07 Thread Michał Górny 
---
Changes:
* manpage entry
* perform username lookup before UID lookup (POSIX agrees)
* support specifying ':group' only
* fix ValueError on errors

 man/portage.5| 12 ++
 pym/portage/repository/config.py | 13 +++---
 pym/portage/sync/controller.py   | 51 +++-
 3 files changed, 72 insertions(+), 4 deletions(-)

diff --git a/man/portage.5 b/man/portage.5
index 8c3d389..4a02c64 100644
--- a/man/portage.5
+++ b/man/portage.5
@@ -934,6 +934,18 @@ ssh://ssh\-user@192.168.0.1:22/\\${HOME}/portage\-storage
 .TP
 Note: For the ssh:// scheme, key\-based authentication might be of interest.
 .RE
+.TP
+.B sync\-user
+Specifies the credentials used to perform the synchronization.
+.br
+Syntax: [user][:group]
+.br
+If only user is provided, the primary group of the user will be used.
+If only group is provided, the current user will be preserved and only
+group id will be changed.
+.br
+This key takes precedence over FEATURES=userpriv. If user or group id
+is provided, Portage no longer uses owner of the directory.
 .RE
 
 .I Example:
diff --git a/pym/portage/repository/config.py b/pym/portage/repository/config.py
index 678cc68..f45684b 100644
--- a/pym/portage/repository/config.py
+++ b/pym/portage/repository/config.py
@@ -85,7 +85,7 @@ class RepoConfig(object):
'main_repo', 'manifest_hashes', 'masters', 'missing_repo_name',
'name', 'portage1_profiles', 'portage1_profiles_compat', 
'priority',
'profile_formats', 'sign_commit', 'sign_manifest', 
'sync_cvs_repo',
-   'sync_type', 'sync_umask', 'sync_uri', 'thin_manifest',
+   'sync_type', 'sync_umask', 'sync_uri', 'sync_user', 
'thin_manifest',
'update_changelog', 'user_location', '_eapis_banned',
'_eapis_deprecated', '_masters_orig')
 
@@ -165,6 +165,11 @@ class RepoConfig(object):
sync_uri = sync_uri.strip()
self.sync_uri = sync_uri or None
 
+   sync_user = repo_opts.get('sync-user')
+   if sync_user is not None:
+   sync_user = sync_user.strip()
+   self.sync_user = sync_user or None
+
auto_sync = repo_opts.get('auto-sync')
if auto_sync is not None:
auto_sync = auto_sync.strip().lower()
@@ -385,6 +390,8 @@ class RepoConfig(object):
repo_msg.append(indent + sync-umask:  + 
self.sync_umask)
if self.sync_uri:
repo_msg.append(indent + sync-uri:  + self.sync_uri)
+   if self.sync_user:
+   repo_msg.append(indent + sync-user:  + self.sync_user)
if self.masters:
repo_msg.append(indent + masters:  +  
.join(master.name for master in self.masters))
if self.priority is not None:
@@ -472,7 +479,7 @@ class RepoConfigLoader(object):
# repos.conf is allowed to 
override.
for k in ('aliases', 
'auto_sync', 'eclass_overrides',
'force', 'masters', 
'priority', 'sync_cvs_repo',
-   'sync_type', 
'sync_umask', 'sync_uri',
+   'sync_type', 
'sync_umask', 'sync_uri', 'sync_user',
):
v = 
getattr(repos_conf_opts, k, None)
if v is not None:
@@ -923,7 +930,7 @@ class RepoConfigLoader(object):
def config_string(self):
str_or_int_keys = (auto_sync, format, location,
main_repo, priority, sync_cvs_repo,
-   sync_type, sync_umask, sync_uri)
+   sync_type, sync_umask, sync_uri, 'sync_user')
str_tuple_keys = (aliases, eclass_overrides, force)
repo_config_tuple_keys = (masters,)
keys = str_or_int_keys + str_tuple_keys + repo_config_tuple_keys
diff --git a/pym/portage/sync/controller.py b/pym/portage/sync/controller.py
index 1c8c756..de803b7 100644
--- a/pym/portage/sync/controller.py
+++ b/pym/portage/sync/controller.py
@@ -6,6 +6,7 @@ from __future__ import print_function
 
 import sys
 import logging
+import grp
 import pwd
 
 import portage
@@ -201,7 +202,55 @@ class SyncManager(object):
self.usersync_uid = None
spawn_kwargs = {}
spawn_kwargs[env] = self.settings.environ()
-   if ('usersync' in self.settings.features and
+   if repo.sync_user is not None:
+   def get_sync_user_data(sync_user):
+   user = None
+   group = None
+

Re: [gentoo-portage-dev] [PATCH] sync: allow overriding sync-user for the repository

2014-12-07 Thread Michał Górny 
Dnia 2014-12-07, o godz. 10:01:23
Michał Górny mgo...@gentoo.org napisał(a):

 + if uid is not None

Missing ':' here, I won't resend the patch for it :P.

 + spawn_kwargs[uid] = uid
 + self.usersync_uid = uid
 + if gid is not None:
 + spawn_kwargs[gid] = gid
 + spawn_kwargs[groups] = [gid]
 + if home is not None:
 + spawn_kwargs[env][HOME] = home
 + elif ('usersync' in self.settings.features and
   portage.data.secpass = 2 and
   (st.st_uid != os.getuid() and st.st_mode  0o700 or
   st.st_gid != os.getgid() and st.st_mode  0o070)):



-- 
Best regards,
Michał Górny


pgpfAH2D5JsIO.pgp
Description: OpenPGP digital signature

Re: [gentoo-portage-dev] [PATCH] sync: allow overriding sync-user for the repository

2014-12-07 Thread Zac Medico 
On 12/07/2014 01:07 AM, Michał Górny wrote:
 Dnia 2014-12-07, o godz. 10:01:23
 Michał Górny mgo...@gentoo.org napisał(a):
 
 +if uid is not None
 
 Missing ':' here, I won't resend the patch for it :P.
 
 +spawn_kwargs[uid] = uid
 +self.usersync_uid = uid
 +if gid is not None:
 +spawn_kwargs[gid] = gid
 +spawn_kwargs[groups] = [gid]
 +if home is not None:
 +spawn_kwargs[env][HOME] = home
 +elif ('usersync' in self.settings.features and
  portage.data.secpass = 2 and
  (st.st_uid != os.getuid() and st.st_mode  0o700 or
  st.st_gid != os.getgid() and st.st_mode  0o070)):
 
 
 

LGTM.
-- 
Thanks,
Zac

Re: [gentoo-portage-dev] [PATCH] sync: allow overriding sync-user for the repository

2014-12-07 Thread Arfrever Frehtes Taifersar Arahesis 
I would suggest to have a separate sync-group attribute and to support only 
user in sync-user attribute.


signature.asc
Description: This is a digitally signed message part.