The compile stage fails with (from log): /var/tmp/portage/dev-util/boost-build-1.61.0/temp/environment: ./build.sh: /bin/sh: bad interpreter: Permission denied There is a corresponding entry in system logs of: ... grsec: denied untrusted exec (due to file in group-writable directory) of /var/tmp/portage/dev-util/boost-build-1.61.0/work/boost_1_61_0/tools/build/src/engine/build.sh by /var/tmp/portage/dev-util/boost-build-1.61.0/work/boost_1_61_0/tools/build/src/engine/build.sh[ebuild.sh: ... My kernel config has GRsecurity's "Partially restrict all non-root users (GRKERNSEC_TPE_ALL [=y])" enabled, and "Under this restriction, all non-root users will only be allowed to execute files in directories they own that are not group or world-writable, ..." dev-util/boost-build-1.60.0 compiles successfully. This is apparently due to Upstream changing the permissions between 1.60.0 and 1.61.0 as shown by running "tar xjpf ..." (where the 'p' flag preserves permissions). The latter produces group-writable directories while the former does not. Recommended action is to modify the 1.61.0 ebuild (and possibly future ebuilds) to account for this and prepare either all package directories or, at minimum, tools/build/src/engine with disabled group-writable permissions. Reproducible: Always
I've found the culprit to be the custom src_unpack, as it manually uses tar where unpack should be used instead (according to <https://devmanual.gentoo.org/ebuild-writing/functions/src_unpack/index.html>). Removing the src_unpack section from the ebuild and instead using the default src_unpack resolves the issue.
YEAH THIS SUCKS
(In reply to Sergey 'L29Ah' Alirzaev from comment #2) > YEAH THIS SUCKS Please keep it friendly. commit a8b4d6695d6d05156145caacb3273ddd7d0870e0 Author: Sergey Alirzaev <zl29ah@gmail.com> Date: Tue Oct 11 23:45:44 2016 +0300 dev-util/boost-build: remove seemingly harmful -p (#588712) Closes: https://github.com/gentoo/gentoo/pull/2529
