Use a new 'usersync' feature to control dropping of privileges for --sync,

since it's fairly common for people to have inconsistent permissions between
$PORTDIR and contained files/directories.

svn path=/main/trunk/; revision=12496

diff --git a/man/make.conf.5 b/man/make.conf.5
index 9a0261e2553fbe178461f25bb335d302795ca95e..83b7fa3ba896836b4202a41ade1b92e44010dd39 100644 (file)
--- a/man/make.conf.5
+++ b/man/make.conf.5
@@ -360,6 +360,10 @@ portage:portage without a sandbox (unless \fIusersandbox\fR is also used).
 .B usersandbox
 Enable the sandbox in the compile phase, when running without root privs (\fIuserpriv\fR).
 .TP
+.B usersync
+Drop privileges to the owner of \fBPORTDIR\fR for \fBemerge(1) --sync\fR
+operations.
+.TP
 .B webrsync-gpg
 Enable GPG verification when using \fIemerge\-webrsync\fR.
 .RE

diff --git a/pym/_emerge/__init__.py b/pym/_emerge/__init__.py
index 796275588b3df332c8641240f64eb86b9f337be8..991cb2d85be28a32e64540d9a5deadb6ad2d41cc 100644 (file)
--- a/pym/_emerge/__init__.py
+++ b/pym/_emerge/__init__.py
@@ -12068,7 +12068,8 @@ def action_sync(settings, trees, mtimedb, myopts, myaction):
 
        spawn_kwargs = {}
        spawn_kwargs["env"] = settings.environ()
-       if portage.data.secpass >= 2 and \
+       if 'usersync' in settings.features and \
+               portage.data.secpass >= 2 and \
                (st.st_uid != os.getuid() and st.st_mode & 0700 or \
                st.st_gid != os.getgid() and st.st_mode & 0070):
                try: