pthbs_genpkgpy

Template engine for producing packages for pthbs written using Python and Jinja
git clone https://ccx.te2000.cz/git/pthbs_genpkgpy
Log | Files | Refs | Submodules | README

commit 2120abd6c216b080ea8d682c03f492f828a56d39
parent d53fb00aba69a46fd511d9cfd5a225b52a6c3c76
Author: ccx <ccx@te2000.cz>
Date:   Mon, 26 Feb 2024 18:15:19 +0000

Set default installation umask to 022, install as root

Diffstat:
Mcommand/pthbs-build | 4+++-
Mcommand/pthbs-install | 3+++
Mns_sandbox.py | 8++++++--
3 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/command/pthbs-build b/command/pthbs-build @@ -39,9 +39,11 @@ fi mkdir -p "$workdir" case $(id -u) in (0) + sandbox_mode=root export pthbs_uid=$(id -u pthbs) || exit $? export pthbs_gid=$(id -g pthbs) || exit $? - sandbox_mode=root + export pthbs_install_uid=0 || exit $? + export pthbs_install_gid=0 || exit $? ;; (*) sandbox_mode=userns diff --git a/command/pthbs-install b/command/pthbs-install @@ -18,6 +18,9 @@ if ! test -f "$pthbs_destdir/${pthbs_versions%/}/$pthbs_package/.install-links"; exit 1 fi +if test -n "$pthbs_install_uid"; then + chown -R "$pthbs_install_uid:$pthbs_install_gid" "$pthbs_destdir/${pthbs_versions%/}/$pthbs_package" +fi pthbs-digest-tree >"$pthbs_destdir/pthbs-digest" "$pthbs_destdir/${pthbs_versions%/}/$pthbs_package/" || exit $? mv "$pthbs_destdir/pthbs-digest" "$pthbs_destdir/${pthbs_versions%/}/$pthbs_package/.pthbs-digest" || exit $? diff --git a/ns_sandbox.py b/ns_sandbox.py @@ -11,7 +11,6 @@ import pathlib import select import stat import subprocess -import sys libc = ctypes.CDLL(None, use_errno=True) CLONE_NEWNS = 0x00020000 # New mount namespace group @@ -460,7 +459,11 @@ class Settings: vars=v, command=tuple(args.command), extra_mount=tuple(args.extra_mount) if args.extra_mount is not None else (), - drop_to=(int(env['pthbs_uid']), int(env['pthbs_gid'])) if args.mode == 'root' else None, + drop_to=( + (int(env['pthbs_uid']), int(env['pthbs_gid'])) + if args.mode == 'root' + else None + ), untar=args.untar and pathlib.PosixPath(args.untar), ) @@ -575,6 +578,7 @@ def main(args, env): ) unshare(CLONE_NEWNS) root_sandbox_setup(settings) + os.umask(0o022) exec_command(settings.command)