commit: a1afeb15d5897c6bdc2991bcb3dcbc8fdc47a045 Author: Zac Medico <zmedico <AT> gentoo <DOT> org> AuthorDate: Mon Nov 10 03:20:02 2025 +0000 Commit: Zac Medico <zmedico <AT> gentoo <DOT> org> CommitDate: Mon Nov 10 03:44:50 2025 +0000 URL: https://gitweb.gentoo.org/proj/portage.git/commit/?id=a1afeb15
EbuildBinpkg: use tempfile module for pid namespace safety Bug: https://bugs.gentoo.org/851015 Signed-off-by: Zac Medico <zmedico <AT> gentoo.org> lib/_emerge/EbuildBinpkg.py | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/lib/_emerge/EbuildBinpkg.py b/lib/_emerge/EbuildBinpkg.py index 26d828e4d2..b774a6a8ca 100644 --- a/lib/_emerge/EbuildBinpkg.py +++ b/lib/_emerge/EbuildBinpkg.py @@ -1,8 +1,9 @@ -# Copyright 1999-2024 Gentoo Authors +# Copyright 1999-2025 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 import io import sys +import tempfile from _emerge.CompositeTask import CompositeTask from _emerge.EbuildPhase import EbuildPhase @@ -32,7 +33,15 @@ class EbuildBinpkg(CompositeTask): bintree._ensure_dir(os.path.dirname(pkg_allocated_path)) self.pkg_allocated_path = pkg_allocated_path - self._binpkg_tmpfile = self.pkg_allocated_path + "." + str(portage.getpid()) + + with tempfile.NamedTemporaryFile( + prefix=os.path.basename(pkg_allocated_path), + suffix="." + str(portage.getpid()), + dir=os.path.dirname(pkg_allocated_path), + delete=False, + ) as binpkg_tmpfile: + os.fchmod(binpkg_tmpfile.fileno(), 0o644) + self._binpkg_tmpfile = binpkg_tmpfile.name self.settings["PORTAGE_BINPKG_TMPFILE"] = self._binpkg_tmpfile if "binpkg-multi-instance" in self.settings.features:
