[gentoo-commits] proj/portage:master commit in: lib/portage/

Wed, 12 Nov 2025 20:01:35 -0800 

commit:     eb90705826d796f95539a312d888777254cb416b
Author:     Zac Medico <zmedico <AT> gentoo <DOT> org>
AuthorDate: Tue Nov 11 05:47:26 2025 +0000
Commit:     Zac Medico <zmedico <AT> gentoo <DOT> org>
CommitDate: Thu Nov 13 03:32:17 2025 +0000
URL:        https://gitweb.gentoo.org/proj/portage.git/commit/?id=eb907058

gpkg: use tempfile module for pid namespace safety

Bug: https://bugs.gentoo.org/851015
Signed-off-by: Zac Medico <zmedico <AT> gentoo.org>

 lib/portage/gpkg.py | 38 +++++++++++++++++++++++++++++---------
 1 file changed, 29 insertions(+), 9 deletions(-)

diff --git a/lib/portage/gpkg.py b/lib/portage/gpkg.py
index 9791b339e2..3d18d3b5eb 100644
--- a/lib/portage/gpkg.py
+++ b/lib/portage/gpkg.py
@@ -1,4 +1,4 @@
-# Copyright 2001-2024 Gentoo Authors
+# Copyright 2001-2025 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 import tarfile
@@ -1053,10 +1053,20 @@ class gpkg:
                 raise InvalidBinaryPackageFormat("Cannot identify tar format")
 
         # container
-        tmp_gpkg_file_name = f"{self.gpkg_file}.{os.getpid()}"
-        with tarfile.TarFile(
-            name=tmp_gpkg_file_name, mode="w", format=container_tar_format
-        ) as container:
+        with (
+            tempfile.NamedTemporaryFile(
+                dir=os.path.dirname(self.gpkg_file),
+                
prefix=f"{os.path.basename(self.gpkg_file)}.{portage.getpid()}",
+                delete=False,
+            ) as tmp_gpkg_file,
+            tarfile.TarFile(
+                name=tmp_gpkg_file.name, mode="w", format=container_tar_format
+            ) as container,
+        ):
+            os.fchmod(tmp_gpkg_file.fileno(), 0o644)
+            tmp_gpkg_file_name = tmp_gpkg_file.name
+            tmp_gpkg_file.close()
+
             # gpkg version
             gpkg_version_file = tarfile.TarInfo(
                 os.path.join(new_basename, self.gpkg_version)
@@ -1121,10 +1131,20 @@ class gpkg:
                 raise InvalidBinaryPackageFormat("Cannot identify tar format")
 
         # container
-        tmp_gpkg_file_name = f"{self.gpkg_file}.{os.getpid()}"
-        with tarfile.TarFile(
-            name=tmp_gpkg_file_name, mode="w", format=container_tar_format
-        ) as container:
+        with (
+            tempfile.NamedTemporaryFile(
+                dir=os.path.dirname(self.gpkg_file),
+                
prefix=f"{os.path.basename(self.gpkg_file)}.{portage.getpid()}",
+                delete=False,
+            ) as tmp_gpkg_file,
+            tarfile.TarFile(
+                name=tmp_gpkg_file.name, mode="w", format=container_tar_format
+            ) as container,
+        ):
+            os.fchmod(tmp_gpkg_file.fileno(), 0o644)
+            tmp_gpkg_file_name = tmp_gpkg_file.name
+            tmp_gpkg_file.close()
+
             # gpkg version
             gpkg_version_file = tarfile.TarInfo(
                 os.path.join(self.prefix, self.gpkg_version)

Reply via email to