I'm using ccache and trying to check it's efficacy by doing # CCACHE_DIR=/var/tmp/ccache ccache -s as the ccache ebuild recommends. This works fine, as long as FEATURES in make.conf does not include userpriv or usersandbox. If only usersandbox is enabled, the following fields update: 1. cache hit 2. cache miss 3. autoconf compile/link 4. files in cache If usersandbox is enabled, no fields update. Reproducible: Always emerge --info bodhi ~ # emerge --info Portage 2.1.2 (default-linux/x86/2006.1, gcc-4.1.1, glibc-2.5-r0, 2.6.19-gentoo-r4 i686) ================================================================= System uname: 2.6.19-gentoo-r4 i686 AMD Athlon(tm) 64 Processor 3000+ Gentoo Base System version 1.12.8 Timestamp of tree: Wed, 17 Jan 2007 04:30:01 +0000 ccache version 2.4 [enabled] dev-java/java-config: 1.3.7, 2.0.31-r3 dev-lang/python: 2.4.4 dev-python/pycrypto: 2.0.1-r5 dev-util/ccache: 2.4-r6 sys-apps/sandbox: 1.2.18.1 sys-devel/autoconf: 2.13, 2.61 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10 sys-devel/binutils: 2.17 sys-devel/gcc-config: 1.3.14 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.19.2-r1 ACCEPT_KEYWORDS="x86 ~x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-O2 -march=athlon-xp -pipe" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config" CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf /etc/java-config/vms/ /etc/revdep-rebuild /etc/terminfo" CXXFLAGS="-O2 -march=athlon-xp -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig ccache distlocks metadata-transfer parallel-fetch sandbox sfperms strict usersandbox" GENTOO_MIRRORS="http://gentoo.blueyonder.co.uk http://gentoo.mirrors.tds.net/gentoo http://mirrors.sec.informatik.tu-darmstadt.de/gentoo/" LINGUAS="en_GB en hi_IN hi" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="3dnow 3dnowext X a52 aac aalib alsa apache2 bash-completion berkdb bitmap-fonts bzip2 cairo cdda cddb cli cpudetection cracklib crypt dbus dhcp dlloader dri dts dv dvd encode ffmpeg flac fortran gdbm gif glitz gnutls gpm hal iconv ieee1394 imagemagick imlib isdnlog java javascript jbig jce jpeg kde kdeenablefinal kdexdeltas lame libcaca libg++ libnotify lm_sensors mad mikmod mmap mmx mmxext mng mp3 mp4 mpeg msn musicbrainz mysql ncurses network nls nptl nptlonly nsplugin nvidia offensive ogg opengl pam pcre perl php png ppds pppd python qt3 qt3support qt4 quicktime readline real reflection rtc samba sdl sensord session skins socks5 speex spell spl sqlite sse sse2 ssl startup-notification svg tcpd theora tiff tk truetype truetype-fonts type1-fonts udev unicode utempter vcd visualization vorbis win32codecs wmf x264 x86 xforms xinerama xorg xscreensaver xv xvid xvmc zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en_GB en hi_IN hi" USERLAND="GNU" VIDEO_CARDS="nv nvidia vesa vga" Unset: CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, PORTAGE_RSYNC_EXTRA_OPTS -------------------------------------------------------------------------- make.conf CFLAGS="-O2 -march=athlon-xp -pipe" CHOST="i686-pc-linux-gnu" CXXFLAGS="${CFLAGS}" ACCEPT_KEYWORDS=~x86 FEATURES="parallel-fetch ccache metadata-transfer usersandbox" USE=" 3dnow 3dnowext a52 aac aalib alsa apache2 bash-completion \ bzip2 cairo cdda cddb cpudetection -cups dbus dhcp dts dv \ dvd encode ffmpeg flac gif glitz gnutls hal ieee1394 \ imagemagick imlib -ipv6 java javascript jbig jce jpeg kde \ kdeenablefinal kdexdeltas lame libcaca libnotify lm_sensors \ mad mikmod mmap mmx mmxext mng mp3 mp4 mpeg msn \ musicbrainz mysql network nsplugin nvidia offensive ogg \ opengl php png qt3 qt3support qt4 quicktime real rtc samba \ sdl sensord skins socks5 speex spell sqlite sse sse2 \ startup-notification svg theora tiff tk truetype utempter vcd \ visualization vorbis win32codecs wmf X x264 xforms xinerama \ xscreensaver xv xvid xvmc" #VIDEO_CARDS="-i810 -mga -s3virge -savage -sis -tdfx -trident -via" VIDEO_CARDS="nv nvidia vesa vga" MAKEOPTS="-j2" PORTAGE_ELOG_CLASSES="warn error log info" PORTAGE_ELOG_SYSTEM="save mail" LINGUAS="en_GB en hi_IN hi" #FETCHCOMMAND="/usr/bin/axel -a -o \${DISTDIR}/\${FILE} \${URI}" FETCHCOMMAND="/usr/bin/getdelta.sh \${URI}" #RESUMECOMMAND="/usr/bin/axel -a -o \${DISTDIR}/\${FILE} \${URI}" PORTAGE_TMPFS="/dev/shm" GENTOO_MIRRORS="http://gentoo.blueyonder.co.uk http://gentoo.mirrors.tds.net/gentoo http://mirrors.sec.informatik.tu-darmstadt.de/gentoo/" #EMERGE_DEFAULT_OPTS=with-bdeps PORTDIR_OVERLAY=/usr/local/portage #CCACHE_LOGFILE=/var/log/portage/ccache.log CCACHE_SIZE="2048M" --------------------------------------------------------------------- /var/tmp/ccache has the following permissions: drwxrwsr-x 18 root portage 565248 Jan 17 20:52 ccache
(In reply to comment #0) > If only usersandbox is enabled, the following fields update: > > 1. cache hit > 2. cache miss > 3. autoconf compile/link > 4. files in cache > > If usersandbox is enabled, no fields update. There is a contradiction here, I assume one of those should be "userpriv" instead of "usersandbox", but which one?
Whoops - my error. The comment should read like this: I'm using ccache and trying to check it's efficacy by doing # CCACHE_DIR=/var/tmp/ccache ccache -s as the ccache ebuild recommends. This works fine, as long as FEATURES in make.conf does not include userpriv or usersandbox. If only usersandbox is enabled, the following fields update: 1. cache hit 2. cache miss 3. autoconf compile/link 4. files in cache If userpriv is enabled, no fields update.
(In reply to comment #2) > Whoops - my error. The comment should read like this: > > I'm using ccache and trying to check it's efficacy by doing > # CCACHE_DIR=/var/tmp/ccache ccache -s as the ccache ebuild recommends. This > works fine, as long as FEATURES in make.conf does not include userpriv or > usersandbox. > > If only usersandbox is enabled, the following fields update: > > 1. cache hit > 2. cache miss > 3. autoconf compile/link > 4. files in cache > > If userpriv is enabled, no fields update. > I've just come across this bug also. The problem is that when the 'userpriv' flag is enabled, portage drops the privileges to the 'portage' user when compiling. Unfortunately, the permissions for the ccache cache folders are not set to allow writing by this user, but only to allow reading. The workaround I'm using is to change the permissions using: chmod -R g+w /var/tmp/ccache It works for me now. This shouldn't introduce any security problems, as you are already allowing the portage group to compile your packages.
I also had this problem, see http://forums.gentoo.org/viewtopic-p-4079380.html (german). I think someone should add "If you are using ccache together with userfretch/usersandbox, please do a chmod -R g+w /var/tmp/ccache or ccache wont work" to the ccache ebuild ewarn/einfo.
Even though the current bug summary is unrelated to /var/tmp/ccache permissions, I can confirm, that for some reason the group write perm gets lost. While looking for the reason why Portage and ccache didn't work on my system (userpriv/usersandbox set the whole time), I often flushed the cache completely -- both rm -r /var/tmp/ccache/* and with CCACHE_DIR=/var/tmp/ccache ccache -Cz, yet that had no impact. Only later did I apply chmod g+w to the ccache dir's contents (emerging still appeared to create some empty tmp files). I'm quite certain /var/tmp/ccache itself was 2775 the whole time. After a few emerges with ccache finally "working", I again saw some not group write perm'ed files -- though I presume at that time they were owned by portage and not root. But why some files were owned by root in the beginning is strange -- I've used userpriv long before ccache was emerged, and after ccache I didn't not run any of my own compilations with ccache/nor had the CCACHE_DIR env-var set globally. Issue needs reviewing, but I'm a bit lazy at the moment to unmerge ccache and test everything cleanly :-) Perhaps Portage runs ./configure occasionally under root with ccache support, and hence those root owned empty dirs?
It may help as another possibility: chown -cR portage:portage /var/tmp/ccache
`CCACHE_DIR=/var/tmp/ccache ccache -s` work perfectly fine w/ FEATURES="ccache userpriv usersandbox" enabled. Been using it like this for ages. Correct permissions have been set by portage since Bug 99120 was fixed - which is back in portage-2.0.53 days, years ago (i.e. 02755 portage:portage). Unfortunately, the permissions fix seems to have vanished somewhere, I can't see portage adjusting the permissions any more anywhere by a simple grep in /usr/$(get_libdir)/portage. Looks like a Bug 99120 regression to me unless I've missed something.
(In reply to comment #7) > (i.e. 02755 portage:portage). Sigh, typos--. I meant 02775 portage:portage obviously
Created attachment 140638 [details, diff] detect userpriv permission problems and fix If this patch is saved as /tmp/droppriv.patch then it can be applied as follows: patch /usr/lib/portage/pym/portage.py /tmp/droppriv.patch
This has been released in 2.1.4.
i don't think this is working correctly. there are still a number of problems i'm running into. when portage creates CCACHE_DIR (with or without userpriv enabled) it sets it up as: halo /var/cache/ccache # ll total 4.0K drwxrwsr-x 18 root portage 456 2008-04-04 11:11 . drwxr-xr-x 8 root root 200 2008-04-04 11:10 .. drwxr-sr-x 2 root portage 72 2008-04-04 11:10 0 drwxr-sr-x 2 root portage 72 2008-04-04 11:10 1 drwxr-sr-x 2 root portage 72 2008-04-04 11:10 2 drwxr-sr-x 2 root portage 72 2008-04-04 11:10 3 drwxr-sr-x 2 root portage 72 2008-04-04 11:10 4 drwxr-sr-x 2 root portage 72 2008-04-04 11:10 5 drwxr-sr-x 2 root portage 72 2008-04-04 11:10 6 drwxr-sr-x 2 root portage 72 2008-04-04 11:10 7 drwxr-sr-x 2 root portage 72 2008-04-04 11:10 8 drwxr-sr-x 2 root portage 72 2008-04-04 11:10 9 drwxr-sr-x 2 root portage 72 2008-04-04 11:10 a drwxr-sr-x 2 root portage 72 2008-04-04 11:10 b drwxr-sr-x 2 root portage 72 2008-04-04 11:10 c drwxr-sr-x 2 root portage 72 2008-04-04 11:10 d drwxr-sr-x 2 root portage 72 2008-04-04 11:10 e drwxr-sr-x 2 root portage 72 2008-04-04 11:10 f -rw-r--r-- 1 root portage 49 2008-04-04 11:11 stats building as root works of course. changing to userpriv does not cache any data and as an added bonus leaves piles of useless temp files behind when it finds it can't write to the hash dirs. testcase: (assuming CCACHE_DIR=/var/cache/ccache) halo ~ # rm -r /var/cache/ccache halo ~ # FEATURES=-userpriv emerge zlib halo ~ # ccache -s cache directory /var/cache/ccache cache hit 0 cache miss 34 called for link 4 not a C/C++ file 1 unsupported compiler option 4 no input file 1 files in cache 68 cache size 748 Kbytes max cache size 2.0 Gbytes halo ~ # FEATURES=-userpriv emerge zlib halo ~ # ccache -s cache directory /var/cache/ccache cache hit 26 cache miss 42 called for link 8 not a C/C++ file 2 unsupported compiler option 8 no input file 2 files in cache 84 cache size 788 Kbytes max cache size 2.0 Gbytes halo ~ # FEATURES=userpriv emerge zlib halo ~ # ccache -s cache directory /var/cache/ccache cache hit 26 cache miss 42 called for link 8 not a C/C++ file 2 unsupported compiler option 12 no input file 3 files in cache 84 cache size 788 Kbytes max cache size 2.0 Gbytes halo ~ # FEATURES=userpriv emerge zlib halo ~ # ccache -s cache directory /var/cache/ccache cache hit 26 cache miss 42 called for link 8 not a C/C++ file 2 unsupported compiler option 16 no input file 4 files in cache 84 cache size 788 Kbytes max cache size 2.0 Gbytes halo ~ # ll /var/cache/ccache/ total 13K drwxrwsr-x 18 root portage 536 2008-04-04 11:24 . drwxr-xr-x 8 root root 200 2008-04-04 11:23 .. drwxr-sr-x 6 root portage 168 2008-04-04 11:23 0 drwxr-sr-x 4 root portage 120 2008-04-04 11:23 1 drwxr-sr-x 4 root portage 120 2008-04-04 11:23 2 drwxr-sr-x 6 root portage 168 2008-04-04 11:23 3 drwxr-sr-x 2 root portage 72 2008-04-04 11:23 4 drwxr-sr-x 7 root portage 192 2008-04-04 11:23 5 drwxr-sr-x 2 root portage 72 2008-04-04 11:23 6 drwxr-sr-x 5 root portage 144 2008-04-04 11:23 7 drwxr-sr-x 4 root portage 120 2008-04-04 11:23 8 drwxr-sr-x 4 root portage 120 2008-04-04 11:23 9 drwxr-sr-x 6 root portage 168 2008-04-04 11:23 a drwxr-sr-x 3 root portage 96 2008-04-04 11:23 b drwxr-sr-x 4 root portage 120 2008-04-04 11:23 c drwxr-sr-x 7 root portage 192 2008-04-04 11:23 d drwxr-sr-x 3 root portage 96 2008-04-04 11:23 e drwxr-sr-x 3 root portage 96 2008-04-04 11:23 f -rw-r--r-- 1 root portage 50 2008-04-04 11:24 stats -rw-r--r-- 1 portage portage 7.3K 2008-04-04 11:23 tmp.hash.halo.16191.o -rw-r--r-- 1 portage portage 0 2008-04-04 11:23 tmp.stderr.halo.16191 Setting group write permissions recursively on CCACHE_DIR would fix this. I did this on a box with portage-2.1.4.4 installed, but I originally hit it with 2.2_pre5 so same problem there as well. Portage 2.2_pre5 (default/linux/amd64/2008.0/developer, gcc-4.3.1-pre20080402, glibc-2.7-r2, 2.6.24-gentoo-r4 x86_64) ================================================================= System uname: 2.6.24-gentoo-r4 x86_64 Intel(R) Core(TM)2 Duo CPU T9300 @ 2.50GHz Timestamp of tree: Fri, 04 Apr 2008 04:00:01 +0000 ccache version 2.4 [enabled] app-shells/bash: 3.2_p33 dev-java/java-config: 1.3.7, 2.1.5 dev-lang/python: 2.5.1-r5 dev-python/pycrypto: 2.0.1-r6 dev-util/ccache: 2.4-r7 sys-apps/baselayout: 2.0.0 sys-apps/sandbox: 1.2.18.1-r2 sys-devel/autoconf: 2.13, 2.61-r1 sys-devel/automake: 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10.1 sys-devel/binutils: 2.18-r1 sys-devel/gcc-config: 1.4.0-r4 sys-devel/libtool: 1.5.26 virtual/os-headers: 2.6.24 ACCEPT_KEYWORDS="amd64 ~amd64" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-O2 -g -march=core2 -fomit-frame-pointer -pipe -fdirectives-only" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/config" CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/terminfo /etc/udev/rules.d" CXXFLAGS="-O2 -g -march=core2 -fomit-frame-pointer -pipe -fdirectives-only" DISTDIR="/usr/portage/distfiles" FEATURES="assume-digests ccache collision-protect cvs digest distlocks fixpackages metadata-transfer multilib-strict parallel-fetch preserve-libs sandbox sfperms sign strict unmerge-orphans userfetch userpriv usersandbox" GENTOO_MIRRORS="http://gentoo.mirrors.tera-byte.com/ http://gentoo.osuosl.org http://distfiles.gentoo.org" LANG="en_US.utf8" LDFLAGS="-Wl,-O1" LINGUAS="en" MAKEOPTS="-j4" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/layman/mozilla /home/dirtyepic/overlay /home/dirtyepic/svn/dirtyepic /home/dirtyepic/svn/gcc-porting" SYNC="rsync://rsync.gentoo.org/gentoo-portage" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LC_ALL, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
Created attachment 149140 [details, diff] check permissions inside CCACHE_DIR
e.g. chmod -cR g+w /var/tmp/ccache chown -cR portage:portage /var/tmp/ccache if in "/etc/env.d/99local" -> CCACHE_DIR="/var/tmp/ccache"
This is fixed in 2.1.5_rc3.
