Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 492648 - dev-lang/parrot-5.10.0 bump / sandbox violation
Summary: dev-lang/parrot-5.10.0 bump / sandbox violation
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: New packages (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Perl team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks: 492650
  Show dependency tree
 
Reported: 2013-11-27 03:18 UTC by Patrick Lauer
Modified: 2013-12-01 07:46 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments
perldoc_5.10.patch (perldoc_5.10.patch,2.97 KB, patch)
2013-11-28 09:27 UTC, Kent Fredric (IRC: kent\n) (RETIRED)
Details | Diff
perldoc_5.10.patch (perldoc_5.10.patch,2.95 KB, patch)
2013-11-28 09:46 UTC, Kent Fredric (IRC: kent\n) (RETIRED)
Details | Diff
perldoc_5.10.patch (ppo,4.44 KB, patch)
2013-11-28 10:34 UTC, Kent Fredric (IRC: kent\n) (RETIRED)
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Patrick Lauer gentoo-dev 2013-11-27 03:18:31 UTC
>>> Install parrot-5.10.0 into /var/tmp/portage/dev-lang/parrot-5.10.0/image/ category dev-lang
make -j4 -j1 install-dev DESTDIR=/var/tmp/portage/dev-lang/parrot-5.10.0/image/ DOC_DIR=/usr/share/doc/parrot-5.10.0 
gmake -C docs
gmake[1]: Entering directory '/var/tmp/portage/dev-lang/parrot-5.10.0/work/parrot-5.10.0/docs'
/usr/bin/perl5.18.1 -MExtUtils::Command -e mkpath ops
/usr/bin/perl5.18.1 -MExtUtils::Command -e touch doc-prep
/usr/bin/perldoc -ud packfile-c.pod ../src/packfile/api.c
 * ACCESS DENIED:  open_rd:      ../src/packfile/src/packfile/api.c
 * ISE:write_logfile: unable to append logfile: /var/log/sandbox/sandbox-20216.log
 * ../../sandbox-2.6/libsandbox/libsandbox.c:check_syscall():879: failure (Bad file descriptor):
 * ISE:
        abs_path: ../src/packfile/src/packfile/api.c
        res_path: ../src/packfile/src/packfile/api.c
/usr/lib64/libsandbox.so(+0xac32)[0x7f1f3d600c32]
/usr/lib64/libsandbox.so(+0xad25)[0x7f1f3d600d25]
/usr/lib64/libsandbox.so(+0x552e)[0x7f1f3d5fb52e]
/usr/lib64/libsandbox.so(open64+0x6c)[0x7f1f3d60006c]
/usr/lib64/perl5/5.18.1/x86_64-linux/CORE/libperl.so.5.18.1(PerlIOUnix_open+0x9f)[0x7f1f3d39ef8f]
/usr/lib64/perl5/5.18.1/x86_64-linux/CORE/libperl.so.5.18.1(PerlIOBuf_open+0x18f)[0x7f1f3d39e42f]
/usr/lib64/perl5/5.18.1/x86_64-linux/CORE/libperl.so.5.18.1(PerlIO_openn+0x248)[0x7f1f3d39ff28]
/usr/lib64/perl5/5.18.1/x86_64-linux/CORE/libperl.so.5.18.1(Perl_do_openn+0x8b6)[0x7f1f3d37af86]
/usr/lib64/perl5/5.18.1/x86_64-linux/CORE/libperl.so.5.18.1(Perl_pp_open+0x176)[0x7f1f3d36a5e6]
/usr/lib64/perl5/5.18.1/x86_64-linux/CORE/libperl.so.5.18.1(Perl_runops_standard+0x13)[0x7f1f3d329253]
/proc/20247/cmdline: /usr/bin/perl /usr/bin/perldoc -ud packfile-c.pod ../src/packfile/api.c 

Makefile:69: recipe for target 'packfile-c.pod' failed
gmake[1]: *** [packfile-c.pod] Aborted
gmake[1]: Leaving directory '/var/tmp/portage/dev-lang/parrot-5.10.0/work/parrot-5.10.0/docs'
Makefile:8690: recipe for target 'docs.dummy' failed
make: *** [docs.dummy] Error 2
emake failed
 * ERROR: dev-lang/parrot-5.10.0::gentoo failed (install phase):
 *   (no error message)

This is a variation of the bug that the existing files/perldoc.patch fixed, I haven't been able to figure out how to avoid triggering it.
Comment 1 Kent Fredric (IRC: kent\n) (RETIRED) gentoo-dev 2013-11-27 05:43:01 UTC
Looks like the patch is just not applied.

This line of code will not ever work until upstream for perldoc fix perldoc being stupid with UID=0 ( Which is always the case during src_install )

> /usr/bin/perldoc -ud packfile-c.pod ../src/packfile/api.c

The code should say

> /usr/bin/perldoc -u ../src/packfile/api.c > packfile-c.pod

because perldoc gets downgraded to UID=nobody, and it can't do IO to files as UID  nobody.

However, it can still do IO to STDOUT as UID=nobody, so the container, bash, doing the shell redirection still runs with the right privelages, and thus, can write the file without being subject to stupid problems.
Comment 2 Kent Fredric (IRC: kent\n) (RETIRED) gentoo-dev 2013-11-28 09:27:30 UTC
Created attachment 364124 [details, diff]
perldoc_5.10.patch

Attached is a patch that "Works for me".

It works by providing a new utility in the build/ directory, which simply calls the parts of `perldoc` that are actually required to perform `perldoc -u`.

For instance, `perldoc` normally does a lot of magic path resolution to make `perldoc perldoc` work using env-specified docs, but that magic is not nessecary to read a locally specified file, and thus, the security that is added by perldoc to make automatic traversal of %ENV safe , is also not nessecary because %ENV traversal is avoided. 

Thus, any imagined need to drop root is negated, and it only uses the utility that does the parsing and formatting, directly.

And relevant Makefile and Makefile generation tools are likewise patched to call the new utility instead of perldoc.

Strangely however, I don't see any additional *.pod files in parrot. Not sure if this is always the case, or if the generation of *.pod is  only a precursor to generating the *.pod.html files.
Comment 3 Kent Fredric (IRC: kent\n) (RETIRED) gentoo-dev 2013-11-28 09:46:21 UTC
Created attachment 364126 [details, diff]
perldoc_5.10.patch

Buh, accidentally had residual debug code in the last patch.

And it seems *.pod are only intermediary.

1. Under USE=-doc , they're not used anywhere
2. Under USE=doc, they're transformed into html prior to final install.
Comment 4 Kent Fredric (IRC: kent\n) (RETIRED) gentoo-dev 2013-11-28 10:34:05 UTC
Created attachment 364130 [details, diff]
perldoc_5.10.patch

Reupdating the patch with the exact copy from git diff that I've supplied to upstream: https://github.com/parrot/parrot/pull/1028 

Its slightly larger, only because I added some documentation to the utility I added with the patch.
Comment 5 Patrick Lauer gentoo-dev 2013-12-01 07:46:36 UTC
Thanks!