From bd44f336801fbd818fab568349dc4117950cd051 Mon Sep 17 00:00:00 2001 From: Zac Medico Date: Thu, 6 Dec 2007 22:29:48 +0000 Subject: [PATCH] Bug #201506 - Make preprocess_ebuild_env() preserve SANDBOX_{DENY,PREDICT,READ,WRITE} between all phases, except when the environment comes directly from environment.bz2. (trunk r8853) svn path=/main/branches/2.1.2/; revision=8854 --- bin/ebuild.sh | 22 +++++++++++++--------- pym/portage.py | 5 ++++- 2 files changed, 17 insertions(+), 10 deletions(-) diff --git a/bin/ebuild.sh b/bin/ebuild.sh index 6ea534de4..b23fe0ab2 100755 --- a/bin/ebuild.sh +++ b/bin/ebuild.sh @@ -1433,12 +1433,16 @@ filter_readonly_variables() { # interfering with the current environment. This is useful when an existing # environment needs to be loaded from a binary or installed package. preprocess_ebuild_env() { - filter_readonly_variables --filter-sandbox < "${T}"/environment \ + local filter_opts="" + if [ -f "${T}/environment.raw" ] ; then + # This is a signal from the python side, indicating that the + # environment may contain stale SANDBOX_{DENY,PREDICT,READ,WRITE} + # variables that should be filtered out. Between phases, these + # variables are normally preserved. + filter_opts="--filter-sandbox ${filter_opts}" + fi + filter_readonly_variables ${filter_opts} < "${T}"/environment \ > "${T}"/environment.filtered - if [ $? -ne 0 ] ; then - rm -f "${T}/environment.filtered" - return 1 - fi mv "${T}"/environment.filtered "${T}"/environment || return $? rm -f "${T}/environment.success" || return $? # WARNING: Code inside this subshell should avoid making assumptions @@ -1460,13 +1464,13 @@ preprocess_ebuild_env() { touch "${T}/environment.success" || exit $? ) | filter_readonly_variables > "${T}/environment.filtered" if [ -e "${T}/environment.success" ] ; then - rm "${T}/environment.success" mv "${T}/environment.filtered" "${T}/environment" - return $? + retval=$? else - rm -f "${T}/environment.filtered" + retval=1 fi - return 1 + rm -f "${T}"/environment.{filtered,raw,success} + return ${retval} } # === === === === === === === === === === === === === === === === === === diff --git a/pym/portage.py b/pym/portage.py index 60c873550..6538e0135 100644 --- a/pym/portage.py +++ b/pym/portage.py @@ -4402,7 +4402,10 @@ def doebuild(myebuild, mydo, myroot, mysettings, debug=0, listonly=0, if os.WIFEXITED(retval) and \ os.WEXITSTATUS(retval) == os.EX_OK and \ env_stat and env_stat.st_size > 0: - pass + # This is a signal to ebuild.sh, so that it knows to filter + # out things like SANDBOX_{DENY,PREDICT,READ,WRITE} that + # would be preserved between normal phases. + open(env_file + ".raw", "w") else: writemsg(("!!! Error extracting saved " + \ "environment: '%s'\n") % \ -- 2.26.2