diff options
author | Michał Górny <mgorny@gentoo.org> | 2015-01-25 12:25:24 +0100 |
---|---|---|
committer | Michał Górny <mgorny@gentoo.org> | 2015-02-01 10:06:41 +0100 |
commit | 8fd09dc9a25fb673426340a23794df7f11a44010 (patch) | |
tree | 58a8d178d75c8da8d5ac3a9b64a0b26b1498ec81 /bin/save-ebuild-env.sh | |
parent | lockfile: handle EINTR for bug #538314 (diff) | |
download | portage-8fd09dc9a25fb673426340a23794df7f11a44010.tar.gz portage-8fd09dc9a25fb673426340a23794df7f11a44010.tar.bz2 portage-8fd09dc9a25fb673426340a23794df7f11a44010.zip |
Support escaping network-sandbox through SOCKSv5 proxy
Add a minimal SOCKSv5-over-UNIX-socket proxy to Portage, and start it
whenever ebuilds are started with network-sandbox enabled. Pass the
socket address in PORTAGE_SOCKS5_PROXY and DISTCC_SOCKS_PROXY variables.
The proxy can be used to escape the network sandbox whenever network
access is really desired, e.g. in distcc.
The proxy is based on asynchronous I/O using the asyncio module.
Therefore, it requires the asyncio module that is built-in in Python 3.4
and available stand-alone for Python 3.3. Escaping the sandbox is not
supported with older versions of Python.
The proxy supports connecting to IPv6 & IPv4 TCP hosts. UDP and socket
binding are not supported. SOCKSv5 authentication schemes are not
supported (UNIX sockets provide a security layer).
Diffstat (limited to 'bin/save-ebuild-env.sh')
-rw-r--r-- | bin/save-ebuild-env.sh | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/bin/save-ebuild-env.sh b/bin/save-ebuild-env.sh index c6bffb530..477ed28ed 100644 --- a/bin/save-ebuild-env.sh +++ b/bin/save-ebuild-env.sh @@ -92,7 +92,7 @@ __save_ebuild_env() { # portage config variables and variables set directly by portage unset ACCEPT_LICENSE BAD BRACKET BUILD_PREFIX COLS \ - DISTCC_DIR DISTDIR DOC_SYMLINKS_DIR \ + DISTCC_DIR DISTCC_SOCKS5_PROXY DISTDIR DOC_SYMLINKS_DIR \ EBUILD_FORCE_TEST EBUILD_MASTER_PID \ ECLASS_DEPTH ENDCOL FAKEROOTKEY \ GOOD HILITE HOME \ @@ -105,7 +105,8 @@ __save_ebuild_env() { PORTAGE_DOHTML_WARN_ON_SKIPPED_FILES \ PORTAGE_NONFATAL PORTAGE_QUIET \ PORTAGE_SANDBOX_DENY PORTAGE_SANDBOX_PREDICT \ - PORTAGE_SANDBOX_READ PORTAGE_SANDBOX_WRITE PREROOTPATH \ + PORTAGE_SANDBOX_READ PORTAGE_SANDBOX_WRITE \ + PORTAGE_SOCKS5_PROXY PREROOTPATH \ QA_INTERCEPTORS \ RC_DEFAULT_INDENT RC_DOT_PATTERN RC_ENDCOL RC_INDENTATION \ ROOT ROOTPATH RPMDIR TEMP TMP TMPDIR USE_EXPAND \ |