[gentoo-commits] proj/portage:master commit in: lib/portage/cache/

[Zac Medico]

commit:     12706b32b34923c4a44df61d3b810bb9908208f5
Author:     Zac Medico <zmedico <AT> gentoo <DOT> org>
AuthorDate: Mon Nov 10 05:01:38 2025 +0000
Commit:     Zac Medico <zmedico <AT> gentoo <DOT> org>
CommitDate: Mon Nov 10 05:32:25 2025 +0000
URL:        https://gitweb.gentoo.org/proj/portage.git/commit/?id=12706b32

cache/metadata: use tempfile module for pid namespace safety

This is the old PMS cache format which is not really used anymore
except in PortdbCacheTestCase.

Bug: https://bugs.gentoo.org/851015
Signed-off-by: Zac Medico <zmedico <AT> gentoo.org>

 lib/portage/cache/metadata.py | 29 +++++++++++++++++++----------
 1 file changed, 19 insertions(+), 10 deletions(-)

diff --git a/lib/portage/cache/metadata.py b/lib/portage/cache/metadata.py
index 791ad8344e..40630e0b8a 100644
--- a/lib/portage/cache/metadata.py
+++ b/lib/portage/cache/metadata.py
@@ -1,10 +1,11 @@
-# Copyright 2005-2021 Gentoo Authors
+# Copyright 2005-2025 Gentoo Authors
 # Author(s): Brian Harring (ferri...@gentoo.org)
 # License: GPL2
 
 import errno
 import re
 import stat
+import tempfile
 from operator import attrgetter
 
 import portage
@@ -149,21 +150,29 @@ class database(flat_hash.database):
                     )
 
         s = cpv.rfind("/")
-        fp = os.path.join(
-            self.location, cpv[:s], ".update.%i.%s" % (portage.getpid(), cpv[s 
+ 1 :])
+        tempfile_kwargs = dict(
+            prefix=_unicode_encode(
+                f".update.{portage.getpid()}.{cpv[s + 1:]}",
+                encoding=_encodings["fs"],
+                errors="strict",
+            ),
+            dir=_unicode_encode(
+                os.path.join(self.location, cpv[:s]),
+                encoding=_encodings["fs"],
+                errors="strict",
+            ),
+            delete=False,
+            mode="wb",
         )
         try:
-            myf = open(
-                _unicode_encode(fp, encoding=_encodings["fs"], 
errors="strict"), "wb"
-            )
+            myf = tempfile.NamedTemporaryFile(**tempfile_kwargs)
+            fp = myf.name
         except OSError as e:
             if errno.ENOENT == e.errno:
                 try:
                     self._ensure_dirs(cpv)
-                    myf = open(
-                        _unicode_encode(fp, encoding=_encodings["fs"], 
errors="strict"),
-                        "wb",
-                    )
+                    myf = tempfile.NamedTemporaryFile(**tempfile_kwargs)
+                    fp = myf.name
                 except OSError as e:
                     raise cache_errors.CacheCorruption(cpv, e)
             else: