[gentoo-commits] proj/portage:master commit in: man/, pym/portage/package/ebuild/, pym/portage/

Wed, 06 May 2015 10:27:07 -0700 

commit:     1f94508e9adeffd7170cb23852ae40fc1f8b6c98
Author:     Nikoli <nikoli <AT> gmx <DOT> us>
AuthorDate: Wed May  6 14:02:28 2015 +0000
Commit:     Brian Dolbec <dolsen <AT> gentoo <DOT> org>
CommitDate: Wed May  6 17:26:13 2015 +0000
URL:        https://gitweb.gentoo.org/proj/portage.git/commit/?id=1f94508e

Disable SOCKSv5-over-UNIX-socket proxy by default, bug #548710

 man/make.conf.5                        | 4 ++++
 pym/portage/const.py                   | 1 +
 pym/portage/package/ebuild/doebuild.py | 3 ++-
 3 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/man/make.conf.5 b/man/make.conf.5
index 1b71b97..298eb80 100644
--- a/man/make.conf.5
+++ b/man/make.conf.5
@@ -463,6 +463,10 @@ from putting 64bit libraries into anything other than 
(/usr)/lib64.
 .B network\-sandbox
 Isolate the ebuild phase functions from host network interfaces.
 Supported only on Linux. Requires network namespace support in kernel.
+.TP
+.B network\-sandbox\-proxy
+Enable escaping network-sandbox through SOCKSv5 proxy. Enabling distcc
+feature also enables the proxy.
 
 If asyncio Python module is available (requires Python 3.3, built-in
 since Python 3.4) Portage will additionally spawn an isolated SOCKSv5

diff --git a/pym/portage/const.py b/pym/portage/const.py
index 6c1201d..617cd96 100644
--- a/pym/portage/const.py
+++ b/pym/portage/const.py
@@ -158,6 +158,7 @@ SUPPORTED_FEATURES       = frozenset([
        "mirror",
        "multilib-strict",
        "network-sandbox",
+       "network-sandbox-proxy",
        "news",
        "noauto",
        "noclean",

diff --git a/pym/portage/package/ebuild/doebuild.py 
b/pym/portage/package/ebuild/doebuild.py
index 4d926c7..5e4d7b1 100644
--- a/pym/portage/package/ebuild/doebuild.py
+++ b/pym/portage/package/ebuild/doebuild.py
@@ -1505,7 +1505,8 @@ def spawn(mystring, mysettings, debug=False, free=False, 
droppriv=False,
                keywords['unshare_net'] = not networked
                keywords['unshare_ipc'] = not ipc
 
-               if not networked and mysettings.get("EBUILD_PHASE") != 
"nofetch":
+               if not networked and mysettings.get("EBUILD_PHASE") != 
"nofetch" and \
+                       ("network-sandbox-proxy" in features or "distcc" in 
features):
                        # Provide a SOCKS5-over-UNIX-socket proxy to escape 
sandbox
                        # Don't do this for pkg_nofetch, since the spawn_nofetch
                        # function creates a private PORTAGE_TMPDIR.

Reply via email to