Bug 162542 - portage doesn't fix CCACHE_DIR permissions w/ userpriv/usersandbox in FEATURES
|
Bug#:
162542
|
Product: Portage Development
|
Version: unspecified
|
Platform: x86
|
|
OS/Version: Linux
|
Status: RESOLVED
|
Severity: normal
|
Priority: P2
|
|
Resolution: FIXED
|
Assigned To: dev-portage@gentoo.org
|
Reported By: k@191a.net
|
|
Component: Core - External Interaction
|
|
|
URL:
|
|
Summary: portage doesn't fix CCACHE_DIR permissions w/ userpriv/usersandbox in FEATURES
|
|
Keywords: InSVN, REGRESSION
|
|
Status Whiteboard:
|
|
Opened: 2007-01-17 15:37 0000
|
I'm using ccache and trying to check it's efficacy by doing
# CCACHE_DIR=/var/tmp/ccache ccache -s as the ccache ebuild recommends. This
works fine, as long as FEATURES in make.conf does not include userpriv or
usersandbox.
If only usersandbox is enabled, the following fields update:
1. cache hit
2. cache miss
3. autoconf compile/link
4. files in cache
If usersandbox is enabled, no fields update.
Reproducible: Always
emerge --info
bodhi ~ # emerge --info
Portage 2.1.2 (default-linux/x86/2006.1, gcc-4.1.1, glibc-2.5-r0,
2.6.19-gentoo-r4 i686)
=================================================================
System uname: 2.6.19-gentoo-r4 i686 AMD Athlon(tm) 64 Processor 3000+
Gentoo Base System version 1.12.8
Timestamp of tree: Wed, 17 Jan 2007 04:30:01 +0000
ccache version 2.4 [enabled]
dev-java/java-config: 1.3.7, 2.0.31-r3
dev-lang/python: 2.4.4
dev-python/pycrypto: 2.0.1-r5
dev-util/ccache: 2.4-r6
sys-apps/sandbox: 1.2.18.1
sys-devel/autoconf: 2.13, 2.61
sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10
sys-devel/binutils: 2.17
sys-devel/gcc-config: 1.3.14
sys-devel/libtool: 1.5.22
virtual/os-headers: 2.6.19.2-r1
ACCEPT_KEYWORDS="x86 ~x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-O2 -march=athlon-xp -pipe"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config
/usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config"
CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf
/etc/java-config/vms/ /etc/revdep-rebuild /etc/terminfo"
CXXFLAGS="-O2 -march=athlon-xp -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig ccache distlocks metadata-transfer parallel-fetch sandbox
sfperms strict usersandbox"
GENTOO_MIRRORS="http://gentoo.blueyonder.co.uk
http://gentoo.mirrors.tds.net/gentoo
http://mirrors.sec.informatik.tu-darmstadt.de/gentoo/"
LINGUAS="en_GB en hi_IN hi"
MAKEOPTS="-j2"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress
--force --whole-file --delete --delete-after --stats --timeout=180
--exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="3dnow 3dnowext X a52 aac aalib alsa apache2 bash-completion berkdb
bitmap-fonts bzip2 cairo cdda cddb cli cpudetection cracklib crypt dbus dhcp
dlloader dri dts dv dvd encode ffmpeg flac fortran gdbm gif glitz gnutls gpm
hal iconv ieee1394 imagemagick imlib isdnlog java javascript jbig jce jpeg kde
kdeenablefinal kdexdeltas lame libcaca libg++ libnotify lm_sensors mad mikmod
mmap mmx mmxext mng mp3 mp4 mpeg msn musicbrainz mysql ncurses network nls nptl
nptlonly nsplugin nvidia offensive ogg opengl pam pcre perl php png ppds pppd
python qt3 qt3support qt4 quicktime readline real reflection rtc samba sdl
sensord session skins socks5 speex spell spl sqlite sse sse2 ssl
startup-notification svg tcpd theora tiff tk truetype truetype-fonts
type1-fonts udev unicode utempter vcd visualization vorbis win32codecs wmf x264
x86 xforms xinerama xorg xscreensaver xv xvid xvmc zlib" ALSA_CARDS="ali5451
als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938
es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx
via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop
empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi
null plug rate route share shm softvol" ELIBC="glibc" INPUT_DEVICES="keyboard
mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780
lb216 lcdm001 mtxorb ncurses text" LINGUAS="en_GB en hi_IN hi" USERLAND="GNU"
VIDEO_CARDS="nv nvidia vesa vga"
Unset: CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LDFLAGS,
PORTAGE_RSYNC_EXTRA_OPTS
--------------------------------------------------------------------------
make.conf
CFLAGS="-O2 -march=athlon-xp -pipe"
CHOST="i686-pc-linux-gnu"
CXXFLAGS="${CFLAGS}"
ACCEPT_KEYWORDS=~x86
FEATURES="parallel-fetch ccache metadata-transfer usersandbox"
USE=" 3dnow 3dnowext a52 aac aalib alsa apache2 bash-completion \
bzip2 cairo cdda cddb cpudetection -cups dbus dhcp dts dv \
dvd encode ffmpeg flac gif glitz gnutls hal ieee1394 \
imagemagick imlib -ipv6 java javascript jbig jce jpeg kde \
kdeenablefinal kdexdeltas lame libcaca libnotify lm_sensors \
mad mikmod mmap mmx mmxext mng mp3 mp4 mpeg msn \
musicbrainz mysql network nsplugin nvidia offensive ogg \
opengl php png qt3 qt3support qt4 quicktime real rtc samba \
sdl sensord skins socks5 speex spell sqlite sse sse2 \
startup-notification svg theora tiff tk truetype utempter vcd \
visualization vorbis win32codecs wmf X x264 xforms xinerama \
xscreensaver xv xvid xvmc"
#VIDEO_CARDS="-i810 -mga -s3virge -savage -sis -tdfx -trident -via"
VIDEO_CARDS="nv nvidia vesa vga"
MAKEOPTS="-j2"
PORTAGE_ELOG_CLASSES="warn error log info"
PORTAGE_ELOG_SYSTEM="save mail"
LINGUAS="en_GB en hi_IN hi"
#FETCHCOMMAND="/usr/bin/axel -a -o \${DISTDIR}/\${FILE} \${URI}"
FETCHCOMMAND="/usr/bin/getdelta.sh \${URI}"
#RESUMECOMMAND="/usr/bin/axel -a -o \${DISTDIR}/\${FILE} \${URI}"
PORTAGE_TMPFS="/dev/shm"
GENTOO_MIRRORS="http://gentoo.blueyonder.co.uk
http://gentoo.mirrors.tds.net/gentoo
http://mirrors.sec.informatik.tu-darmstadt.de/gentoo/"
#EMERGE_DEFAULT_OPTS=with-bdeps
PORTDIR_OVERLAY=/usr/local/portage
#CCACHE_LOGFILE=/var/log/portage/ccache.log
CCACHE_SIZE="2048M"
---------------------------------------------------------------------
/var/tmp/ccache has the following permissions:
drwxrwsr-x 18 root portage 565248 Jan 17 20:52 ccache
(In reply to comment #0)
> If only usersandbox is enabled, the following fields update:
>
> 1. cache hit
> 2. cache miss
> 3. autoconf compile/link
> 4. files in cache
>
> If usersandbox is enabled, no fields update.
There is a contradiction here, I assume one of those should be "userpriv"
instead of "usersandbox", but which one?
Whoops - my error. The comment should read like this:
I'm using ccache and trying to check it's efficacy by doing
# CCACHE_DIR=/var/tmp/ccache ccache -s as the ccache ebuild recommends. This
works fine, as long as FEATURES in make.conf does not include userpriv or
usersandbox.
If only usersandbox is enabled, the following fields update:
1. cache hit
2. cache miss
3. autoconf compile/link
4. files in cache
If userpriv is enabled, no fields update.
(In reply to comment #2)
> Whoops - my error. The comment should read like this:
>
> I'm using ccache and trying to check it's efficacy by doing
> # CCACHE_DIR=/var/tmp/ccache ccache -s as the ccache ebuild recommends. This
> works fine, as long as FEATURES in make.conf does not include userpriv or
> usersandbox.
>
> If only usersandbox is enabled, the following fields update:
>
> 1. cache hit
> 2. cache miss
> 3. autoconf compile/link
> 4. files in cache
>
> If userpriv is enabled, no fields update.
>
I've just come across this bug also. The problem is that when the 'userpriv'
flag is enabled, portage drops the privileges to the 'portage' user when
compiling. Unfortunately, the permissions for the ccache cache folders are not
set to allow writing by this user, but only to allow reading.
The workaround I'm using is to change the permissions using:
chmod -R g+w /var/tmp/ccache
It works for me now. This shouldn't introduce any security problems, as you are
already allowing the portage group to compile your packages.
I also had this problem, see http://forums.gentoo.org/viewtopic-p-4079380.html
(german). I think someone should add "If you are using ccache together with
userfretch/usersandbox, please do a chmod -R g+w /var/tmp/ccache or ccache wont
work" to the ccache ebuild ewarn/einfo.
Even though the current bug summary is unrelated to /var/tmp/ccache
permissions, I can confirm, that for some reason the group write perm gets
lost. While looking for the reason why Portage and ccache didn't work on my
system (userpriv/usersandbox set the whole time), I often flushed the cache
completely -- both
rm -r /var/tmp/ccache/*
and with
CCACHE_DIR=/var/tmp/ccache ccache -Cz,
yet that had no impact. Only later did I apply chmod g+w to the ccache dir's
contents (emerging still appeared to create some empty tmp files).
I'm quite certain /var/tmp/ccache itself was 2775 the whole time. After a few
emerges with ccache finally "working", I again saw some not group write perm'ed
files -- though I presume at that time they were owned by portage and not root.
But why some files were owned by root in the beginning is strange -- I've used
userpriv long before ccache was emerged, and after ccache I didn't not run any
of my own compilations with ccache/nor had the CCACHE_DIR env-var set globally.
Issue needs reviewing, but I'm a bit lazy at the moment to unmerge ccache and
test everything cleanly :-)
Perhaps Portage runs ./configure occasionally under root with ccache support,
and hence those root owned empty dirs?
It may help as another possibility:
chown -cR portage:portage /var/tmp/ccache
`CCACHE_DIR=/var/tmp/ccache ccache -s` work perfectly fine w/ FEATURES="ccache
userpriv usersandbox" enabled. Been using it like this for ages.
Correct permissions have been set by portage since Bug 99120 was fixed - which
is back in portage-2.0.53 days, years ago (i.e. 02755 portage:portage).
Unfortunately, the permissions fix seems to have vanished somewhere, I can't
see portage adjusting the permissions any more anywhere by a simple grep in
/usr/$(get_libdir)/portage.
Looks like a Bug 99120 regression to me unless I've missed something.
(In reply to comment #7)
> (i.e. 02755 portage:portage).
Sigh, typos--. I meant 02775 portage:portage obviously
Created an attachment (id=140638) [details]
detect userpriv permission problems and fix
If this patch is saved as /tmp/droppriv.patch then it can be applied as
follows:
patch /usr/lib/portage/pym/portage.py /tmp/droppriv.patch
This has been released in 2.1.4.
i don't think this is working correctly. there are still a number of problems
i'm running into.
when portage creates CCACHE_DIR (with or without userpriv enabled) it sets it
up as:
halo /var/cache/ccache # ll
total 4.0K
drwxrwsr-x 18 root portage 456 2008-04-04 11:11 .
drwxr-xr-x 8 root root 200 2008-04-04 11:10 ..
drwxr-sr-x 2 root portage 72 2008-04-04 11:10 0
drwxr-sr-x 2 root portage 72 2008-04-04 11:10 1
drwxr-sr-x 2 root portage 72 2008-04-04 11:10 2
drwxr-sr-x 2 root portage 72 2008-04-04 11:10 3
drwxr-sr-x 2 root portage 72 2008-04-04 11:10 4
drwxr-sr-x 2 root portage 72 2008-04-04 11:10 5
drwxr-sr-x 2 root portage 72 2008-04-04 11:10 6
drwxr-sr-x 2 root portage 72 2008-04-04 11:10 7
drwxr-sr-x 2 root portage 72 2008-04-04 11:10 8
drwxr-sr-x 2 root portage 72 2008-04-04 11:10 9
drwxr-sr-x 2 root portage 72 2008-04-04 11:10 a
drwxr-sr-x 2 root portage 72 2008-04-04 11:10 b
drwxr-sr-x 2 root portage 72 2008-04-04 11:10 c
drwxr-sr-x 2 root portage 72 2008-04-04 11:10 d
drwxr-sr-x 2 root portage 72 2008-04-04 11:10 e
drwxr-sr-x 2 root portage 72 2008-04-04 11:10 f
-rw-r--r-- 1 root portage 49 2008-04-04 11:11 stats
building as root works of course. changing to userpriv does not cache any data
and as an added bonus leaves piles of useless temp files behind when it finds
it can't write to the hash dirs.
testcase:
(assuming CCACHE_DIR=/var/cache/ccache)
halo ~ # rm -r /var/cache/ccache
halo ~ # FEATURES=-userpriv emerge zlib
halo ~ # ccache -s
cache directory /var/cache/ccache
cache hit 0
cache miss 34
called for link 4
not a C/C++ file 1
unsupported compiler option 4
no input file 1
files in cache 68
cache size 748 Kbytes
max cache size 2.0 Gbytes
halo ~ # FEATURES=-userpriv emerge zlib
halo ~ # ccache -s
cache directory /var/cache/ccache
cache hit 26
cache miss 42
called for link 8
not a C/C++ file 2
unsupported compiler option 8
no input file 2
files in cache 84
cache size 788 Kbytes
max cache size 2.0 Gbytes
halo ~ # FEATURES=userpriv emerge zlib
halo ~ # ccache -s
cache directory /var/cache/ccache
cache hit 26
cache miss 42
called for link 8
not a C/C++ file 2
unsupported compiler option 12
no input file 3
files in cache 84
cache size 788 Kbytes
max cache size 2.0 Gbytes
halo ~ # FEATURES=userpriv emerge zlib
halo ~ # ccache -s
cache directory /var/cache/ccache
cache hit 26
cache miss 42
called for link 8
not a C/C++ file 2
unsupported compiler option 16
no input file 4
files in cache 84
cache size 788 Kbytes
max cache size 2.0 Gbytes
halo ~ # ll /var/cache/ccache/
total 13K
drwxrwsr-x 18 root portage 536 2008-04-04 11:24 .
drwxr-xr-x 8 root root 200 2008-04-04 11:23 ..
drwxr-sr-x 6 root portage 168 2008-04-04 11:23 0
drwxr-sr-x 4 root portage 120 2008-04-04 11:23 1
drwxr-sr-x 4 root portage 120 2008-04-04 11:23 2
drwxr-sr-x 6 root portage 168 2008-04-04 11:23 3
drwxr-sr-x 2 root portage 72 2008-04-04 11:23 4
drwxr-sr-x 7 root portage 192 2008-04-04 11:23 5
drwxr-sr-x 2 root portage 72 2008-04-04 11:23 6
drwxr-sr-x 5 root portage 144 2008-04-04 11:23 7
drwxr-sr-x 4 root portage 120 2008-04-04 11:23 8
drwxr-sr-x 4 root portage 120 2008-04-04 11:23 9
drwxr-sr-x 6 root portage 168 2008-04-04 11:23 a
drwxr-sr-x 3 root portage 96 2008-04-04 11:23 b
drwxr-sr-x 4 root portage 120 2008-04-04 11:23 c
drwxr-sr-x 7 root portage 192 2008-04-04 11:23 d
drwxr-sr-x 3 root portage 96 2008-04-04 11:23 e
drwxr-sr-x 3 root portage 96 2008-04-04 11:23 f
-rw-r--r-- 1 root portage 50 2008-04-04 11:24 stats
-rw-r--r-- 1 portage portage 7.3K 2008-04-04 11:23 tmp.hash.halo.16191.o
-rw-r--r-- 1 portage portage 0 2008-04-04 11:23 tmp.stderr.halo.16191
Setting group write permissions recursively on CCACHE_DIR would fix this.
I did this on a box with portage-2.1.4.4 installed, but I originally hit it
with 2.2_pre5 so same problem there as well.
Portage 2.2_pre5 (default/linux/amd64/2008.0/developer, gcc-4.3.1-pre20080402,
glibc-2.7-r2, 2.6.24-gentoo-r4 x86_64)
=================================================================
System uname: 2.6.24-gentoo-r4 x86_64 Intel(R) Core(TM)2 Duo CPU T9300 @
2.50GHz
Timestamp of tree: Fri, 04 Apr 2008 04:00:01 +0000
ccache version 2.4 [enabled]
app-shells/bash: 3.2_p33
dev-java/java-config: 1.3.7, 2.1.5
dev-lang/python: 2.5.1-r5
dev-python/pycrypto: 2.0.1-r6
dev-util/ccache: 2.4-r7
sys-apps/baselayout: 2.0.0
sys-apps/sandbox: 1.2.18.1-r2
sys-devel/autoconf: 2.13, 2.61-r1
sys-devel/automake: 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10.1
sys-devel/binutils: 2.18-r1
sys-devel/gcc-config: 1.4.0-r4
sys-devel/libtool: 1.5.26
virtual/os-headers: 2.6.24
ACCEPT_KEYWORDS="amd64 ~amd64"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-O2 -g -march=core2 -fomit-frame-pointer -pipe -fdirectives-only"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config
/usr/kde/3.5/shutdown /usr/share/config"
CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf
/etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/terminfo
/etc/udev/rules.d"
CXXFLAGS="-O2 -g -march=core2 -fomit-frame-pointer -pipe -fdirectives-only"
DISTDIR="/usr/portage/distfiles"
FEATURES="assume-digests ccache collision-protect cvs digest distlocks
fixpackages metadata-transfer multilib-strict parallel-fetch preserve-libs
sandbox sfperms sign strict unmerge-orphans userfetch userpriv usersandbox"
GENTOO_MIRRORS="http://gentoo.mirrors.tera-byte.com/ http://gentoo.osuosl.org
http://distfiles.gentoo.org"
LANG="en_US.utf8"
LDFLAGS="-Wl,-O1"
LINGUAS="en"
MAKEOPTS="-j4"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress
--force --whole-file --delete --stats --timeout=180 --exclude=/distfiles
--exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/layman/mozilla /home/dirtyepic/overlay
/home/dirtyepic/svn/dirtyepic /home/dirtyepic/svn/gcc-porting"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LC_ALL,
PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
e.g.
chmod -cR g+w /var/tmp/ccache
chown -cR portage:portage /var/tmp/ccache
if in "/etc/env.d/99local" -> CCACHE_DIR="/var/tmp/ccache"
This is fixed in 2.1.5_rc3.
