[gentoo-commits] proj/portage:master commit in: cnf/, pym/_emerge/

[Zac Medico]

commit:     8018584e78fa8b2714122eb2fda8488c94e7cc77
Author:     Zac Medico <zmedico <AT> gentoo <DOT> org>
AuthorDate: Sun May  3 19:18:16 2015 +0000
Commit:     Zac Medico <zmedico <AT> gentoo <DOT> org>
CommitDate: Mon May  4 06:26:48 2015 +0000
URL:        https://gitweb.gentoo.org/proj/portage.git/commit/?id=8018584e

PORTAGE_XATTR_EXCLUDE: preserve security.capability (bug 548516)

Also, fix BinpkgExtractorAsync tar options to preserve
security.capability attributes.

X-Gentoo-Bug: 548516
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=548516
Acked-by: Brian Dolbec <dolsen <AT> gentoo.org>

 cnf/make.globals                    | 6 ++++--
 pym/_emerge/BinpkgExtractorAsync.py | 5 ++++-
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/cnf/make.globals b/cnf/make.globals
index dd99618..82d8cc1 100644
--- a/cnf/make.globals
+++ b/cnf/make.globals
@@ -123,9 +123,11 @@ PORTAGE_ELOG_MAILFROM="portage@localhost"
 PORTAGE_GPG_SIGNING_COMMAND="gpg --sign --digest-algo SHA256 --clearsign --yes 
--default-key \"\${PORTAGE_GPG_KEY}\" --homedir \"\${PORTAGE_GPG_DIR}\" 
\"\${FILE}\""
 
 # btrfs.* attributes are irrelevant, see bug #527636.
-# Security labels are special, see bug #461868.
+# security.* attributes may be special (see bug 461868), but
+# security.capability is specifically not excluded (bug 548516).
 # system.nfs4_acl attributes are irrelevant, see bug #475496.
-PORTAGE_XATTR_EXCLUDE="btrfs.* security.* system.nfs4_acl"
+PORTAGE_XATTR_EXCLUDE="btrfs.* security.evm security.ima
+       security.selinux system.nfs4_acl"
 
 #            *****************************
 #            **  DO NOT EDIT THIS FILE  **

diff --git a/pym/_emerge/BinpkgExtractorAsync.py 
b/pym/_emerge/BinpkgExtractorAsync.py
index 6aaa448..0bf3c74 100644
--- a/pym/_emerge/BinpkgExtractorAsync.py
+++ b/pym/_emerge/BinpkgExtractorAsync.py
@@ -23,7 +23,10 @@ class BinpkgExtractorAsync(SpawnProcess):
                        process = subprocess.Popen(["tar", "--help"], 
stdout=subprocess.PIPE, stderr=subprocess.PIPE)
                        output = process.communicate()[0]
                        if b"--xattrs" in output:
-                               tar_options = "--xattrs"
+                               tar_options = ["--xattrs", 
"--xattrs-include='*'"]
+                               for x in 
portage.util.shlex_split(self.env.get("PORTAGE_XATTR_EXCLUDE", "")):
+                                       
tar_options.append(portage._shell_quote("--xattrs-exclude=%s" % x))
+                               tar_options = " ".join(tar_options)
 
                decomp_cmd = _decompressors.get(
                        compression_probe(self.pkg_path))