Gentoo Base System version 1.12.4 Portage 2.1.1_pre5-r1 (default-linux/x86/2006.0, gcc-4.1.1/hardened, glibc-2.4-r3, 2.6.15-vs2.0.1-gentoo-r5-killerghost i586) ================================================================= System uname: 2.6.15-vs2.0.1-gentoo-r5-killerghost i586 AMD-K6(tm) 3D processor Last Sync: Sun, 20 Aug 2006 20:50:01 +0000 ccache version 2.3 [enabled] app-admin/eselect-compiler: 2.0.0_rc2-r1 dev-lang/python: 2.2.3-r1, 2.3.4, 2.4.3-r1 dev-python/pycrypto: 2.0.1-r5 dev-util/ccache: 2.3 dev-util/confcache: [Not Present] sys-apps/sandbox: 1.2.18.1 sys-devel/autoconf: 2.13, 2.60 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2 sys-devel/binutils: 2.17 sys-devel/gcc-config: 2.0.0_rc1 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.4.19-r1, 2.6.17 ACCEPT_KEYWORDS="x86 ~x86" AUTOCLEAN="yes" CBUILD="i586-pc-linux-gnu" CFLAGS="-march=i586 -O3 -pipe -fomit-frame-pointer" CHOST="i586-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/3.1/share/config /usr/kde/3.3/share/config /usr/lib/mozilla/defaults/pref /usr/share/X11/xkb /usr /share/config /usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/ /usr/share/texmf/tex/generic/config/ /usr/share/t exmf/tex/platex/config/ /usr/share/texmf/xdvi/ /var/bind" CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/eselect/compiler /etc/gconf /etc/java-config/vms/ /etc/revdep-rebuild /et c/terminfo" CXXFLAGS="-march=i586 -O3 -pipe -fomit-frame-pointer" DISTDIR="/usr/portage/distfiles" FEATURES="autoaddcvs autoconfig ccache distlocks metadata-transfer sandbox sfperms strict userpriv" GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/linux/distributions/gentoo" LANG="de_DE" LINGUAS="" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after -- stats --timeout=180 --exclude='/distfiles' --exclude='/local' --exclude='/packages'" PORTAGE_TMPDIR="/usr/tmp2" PORTDIR="/usr/portage" SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage" USE="x86 3dnow X X509 Xaw3d aalib acpi alsa apache2 apm arts audiofile avi berkdb bindist bitmap-fonts chroot cli crypt cscope cups curl curlwrappers dedicated dlloader dri dvd dvdr eds elibc_glibc emboss encode esd ethereal fastcgi flac flash foomaticdb fortran freetds gcj gd gdbm ggi gif gmp gphoto2 gpm gstreamer gtk gtk2 hardened icc imagemagick imap imlib innodb input_device s_keyboard input_devices_mouse ipv6 isdnlog java jikes jpeg kde kernel_linux lcms ldap lesstif libg++ libwww mad maildir mbox m cal memlimit mikmod mmx motif mozilla mp3 mpeg mpi mysql nas ncurses nhc98 nls nocd nptl nptlonly odbc offensive ogg oggvorbis opengl oss pam pcre pda pdflib perl png postgres ppds pppd prelude python qt qt3 qt4 quicktime readline reflection samba sasl s dl serial session skey slang slp snmp socks5 speex spell spl ssl tcltk tcpd theora threads tiff truetype truetype-fonts type1-f onts udev unicode usb userland_GNU video_cards_fbdev video_cards_vesa videos vorbis wmf wxwindows xml xml2 xmms xorg xosd xv zl ib" Unset: CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LC_ALL, LDFLAGS, MAKEOPTS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY I always configured my kernels by hand, but today I need to make an initrd, so I had to install genkernel the very first time. I left the default genkernel configure untouched (which would have been a mistake by the way if genkernel would have finished succesfully, because _this_ shifts your pretty .config file to /dev/null, would'nt it? Maybe you consider to change this, but this has nothing to do with my bugreport). As I only needed an initrd file I executed `genkernel initrd`, which almost immediately failed with the following error, which is the same at the error log and won't change even if I change the debug level to 5: ---snip-on--- * CMD_DEBUGLEVEL: 5 * Gentoo Linux Genkernel; Version 3.4.0 * Running with options: --debuglevel=5 initrd * Linux Kernel 2.6.15-vs2.0.1-gentoo-r5-killerghost for x86... * module-init-tools: >> Configuring * ERROR: Configure of module-init-tools failed! * -- Grepping log... -- /usr/share/genkernel/gen_compile.sh: ./configure: /bin/sh: bad interpreter: Permission denied * CMD_DEBUGLEVEL: 5 * Gentoo Linux Genkernel; Version 3.4.0 * Running with options: --debuglevel=5 initrd * ERROR: Configure of module-init-tools failed! * -- End log... -- * Please consult /var/log/genkernel.log for more information and any * errors that were reported above. * Report any genkernel bugs to bugs.gentoo.org and * assign your bug to genkernel@gentoo.org. Please include * as much information as you can in your bug report; attaching * /var/log/genkernel.log so that your issue can be dealt with effectively. * * Please do *not* report compilation failures as genkernel bugs! * ---snip-off--- The search of the configure file which caused the error didn't last very long: It is at /usr/share/genkernel/pkg/module-init-tools-0.9.15-pre4.tar.bz2 which I extracted by `tar xjvf /usr/share/genkernel/pkg/module-init-tools-0.9.15-pre4.tar.bz2 module-init-tools-0.9.15-pre4/configure`, see the head here: ---head-on--- #! /bin/sh # Guess values for system-dependent variables and create Makefiles. # Generated by GNU Autoconf 2.58. # # Copyright (C) 2003 Free Software Foundation, Inc. # This configure script is free software; the Free Software Foundation # gives unlimited permission to copy, distribute and modify it. ## --------------------- ## ## M4sh Initialization. ## ## --------------------- ## ---head-off--- As you might notice, a small typo, a misplaced space had been put into the she-bang. I don't know, if this bz2 file is shipped with the ebuild or built from the system environment, so additional info follows: module-init-tools is at v3.2.2-r1 I expect this a minor problem to fix and am looking forward to the new build.
this is not a typo: #! /bin/sh
Hi SpanKY, you are right. But the reason for the problem is near: I have mounted /tmp rw,noexec,mode=1777. This is seldom and not the gentoo default, but a security mean genkernel scripst should accept. Do you agree? If not, teach me.
What filesystem is /var and /?
/dev/hda3 on / type xfs (rw,noatime) /dev/hda4 on /var type xfs (rw,noexec,noatime)
Is /var/tmp a separate partition? If so, what's the info on it? If not, how does *anything* merge properly on your system with noexec on /var?
$ mount /dev/hda3 on / type xfs (rw,noatime) proc on /proc type proc (rw) sysfs on /sys type sysfs (rw,nosuid,nodev,noexec) udev on /dev type tmpfs (rw,nosuid) devpts on /dev/pts type devpts (rw) /dev/hda4 on /var type xfs (rw,noexec,noatime) /dev/hdd2 on /home type xfs (rw,noatime) /dev/hdd3 on /root type xfs (rw,noatime) /dev/hdc2 on /mnt/hdc2 type xfs (rw,noatime) /dev/hdc3 on /mnt/hdc3 type xfs (rw,noatime) /dev/hdc4 on /usr type xfs (rw,noatime) tmpfs on /dev/shm type tmpfs (rw) tmpfs on /tmp type tmpfs (rw,noexec,mode=1777) usbfs on /proc/bus/usb type usbfs (rw,noexec,nosuid,devmode=0664,devgid=85) automount(pid8060) on /misc type autofs (rw,fd=5,pgrp=8060,minproto=2,maxproto=3 ) capifs on /dev/capi type capifs (rw,mode=0666) rpc_pipefs on /var/lib/rpc_pipes type rpc_pipefs (rw) nfsd on /proc/fs/nfs type nfsd (rw) /mnt/hdc2/cd/Knoppix/v4.0.2_2005-09-23 on /cdrom type none (ro,bind) to answer almost _all_ mount questions. The final answer is this from my make.conf: PORTAGE_TMPDIR="/usr/tmp2" ...which I created a _really_ _very_ _long_ time ago, because my /var had run full because of ebuilds (/usr/tmp is a symlink to /var/tmp) those days. Must have mounted /var noexec later on when having read about mounting /tmp noexec was a good idea for security reasons and then I must have thought, hey, why not /var, too - there are also only data files to reside. - Which was right for a couple of years until now. Of course I could change that. But hey, what about the gentoo security concept about? And the genkernel-maintainer(s), too should think about it, don't you agree? I could append a really long list of applikations running fine at my system. Only emerge wants /var to be executable and now genkernel /tmp. As for now the problem is clear and the solution is near, what do you suggest?
Well, genkernel doesn't need /tmp executable so much as /var, since it does its builds under /var/tmp, like portage does normally. We probably need to do a few things. First, we would need to patch genkernel to allow people to set the tmp directory, like portage does. Next, we would need to make sure genkernel does checks to ensure that this directory allows us to execute scripts. This really is annoying, and seems more like a waste of time to work around a problem that really shouldn't exist, but I digress. I'm sure we'll get to it eventually, but it definitely won't be a high priority.
All ebuild-scripts I have used before, evaluate /etc/make.conf to get the PORTAGE_TMPDIR, "/usr/tmp2" in my case which is a mountpoint to a big partition. Only your package has "/var/tmp" which is the default PORTAGE_TMPDIR hard coded. But PORTAGE_TMPDIR is free changeable by the root user, so you have a major bug in your package and hard coded paths are basic mistakes where environment variables are in use, do you agree with that? I am really looking forward, if you would honor the facts that PORTAGE_TMPDIR is freely configurable and /var/tmp can be mountet nonexecutable - and that hardcoding paths where not matching all cases is a bad thing.
(In reply to comment #8) > All ebuild-scripts I have used before, evaluate /etc/make.conf to get the > PORTAGE_TMPDIR, "/usr/tmp2" in my case which is a mountpoint to a big > partition. > Only your package has "/var/tmp" which is the default PORTAGE_TMPDIR hard > coded. > But PORTAGE_TMPDIR is free changeable by the root user, so you have a major bug > in your package and hard coded paths are basic mistakes where environment > variables are in use, do you agree with that? Only genkernel isn't an ebuild script. It's not tied to (well, shouldn't be) Portage in any way shape or form. Just use "genkernel --tempdir=/usr/blah/whatever". It's in the --help but not the manpage so I need to document this I guess.
As Tim mentioned, genkernel is a "Gentoo Hosted Project" but doesn't necessarily *have* to run on Gentoo. In fact, it works perfectly fine on lots of non-Gentoo Linux machines. Because of this, we cannot rely on *anything* from make.conf, but we could make it an option in genkernel.conf, instead.
If anyone has a patch for genkernel.conf (and genkernel to honor it) for this, that would be great. Otherwise, it's probably not going to happen until I get time to work on features like this (which will be a *long* time).
This is in SVN now with the patch from bug #180161
Please test genkernel 3.4.9_prer1 or better. This should be fixed now.
