Bug #201506 - Make preprocess_ebuild_env() preserve
authorZac Medico <zmedico@gentoo.org>
Thu, 6 Dec 2007 22:23:52 +0000 (22:23 -0000)
committerZac Medico <zmedico@gentoo.org>
Thu, 6 Dec 2007 22:23:52 +0000 (22:23 -0000)
SANDBOX_{DENY,PREDICT,READ,WRITE} between all phases,
except when the environment comes directly from
environment.bz2.

svn path=/main/trunk/; revision=8853

bin/ebuild.sh
pym/portage/__init__.py

index 666b26be985006bf35456d1856ca5361efe6ff64..5fcf27794c37c97ff7f22e64b63738b136d73b40 100755 (executable)
@@ -1433,12 +1433,16 @@ filter_readonly_variables() {
 # interfering with the current environment. This is useful when an existing
 # environment needs to be loaded from a binary or installed package.
 preprocess_ebuild_env() {
-       filter_readonly_variables --filter-sandbox < "${T}"/environment \
+       local filter_opts=""
+       if [ -f "${T}/environment.raw" ] ; then
+               # This is a signal from the python side, indicating that the
+               # environment may contain stale SANDBOX_{DENY,PREDICT,READ,WRITE}
+               # variables that should be filtered out. Between phases, these
+               # variables are normally preserved.
+               filter_opts="--filter-sandbox ${filter_opts}"
+       fi
+       filter_readonly_variables ${filter_opts} < "${T}"/environment \
                > "${T}"/environment.filtered
-       if [ $? -ne 0 ] ; then
-               rm -f "${T}/environment.filtered"
-               return 1
-       fi
        mv "${T}"/environment.filtered "${T}"/environment || return $?
        rm -f "${T}/environment.success" || return $?
        # WARNING: Code inside this subshell should avoid making assumptions
@@ -1460,13 +1464,13 @@ preprocess_ebuild_env() {
                touch "${T}/environment.success" || exit $?
        ) | filter_readonly_variables > "${T}/environment.filtered"
        if [ -e "${T}/environment.success" ] ; then
-               rm "${T}/environment.success"
                mv "${T}/environment.filtered" "${T}/environment"
-               return $?
+               retval=$?
        else
-               rm -f "${T}/environment.filtered"
+               retval=1
        fi
-       return 1
+       rm -f "${T}"/environment.{filtered,raw,success}
+       return ${retval}
 }
 
 # === === === === === === === === === === === === === === === === === ===
index 7652612492b419d45bd55f94b18a301fcc11ba61..e5c73d1163cbe6ddfb6cc05c1ba081a703726a3b 100644 (file)
@@ -4422,7 +4422,10 @@ def doebuild(myebuild, mydo, myroot, mysettings, debug=0, listonly=0,
                                if os.WIFEXITED(retval) and \
                                        os.WEXITSTATUS(retval) == os.EX_OK and \
                                        env_stat and env_stat.st_size > 0:
-                                       pass
+                                       # This is a signal to ebuild.sh, so that it knows to filter
+                                       # out things like SANDBOX_{DENY,PREDICT,READ,WRITE} that
+                                       # would be preserved between normal phases.
+                                       open(env_file + ".raw", "w")
                                else:
                                        writemsg(("!!! Error extracting saved " + \
                                                "environment: '%s'\n") % \