Emerging app-crypt/gnupg-1.4.2.2 with FEATURES=test results in sandbox access violations: [...] make check-TESTS make[2]: Entering directory `/var/tmp/portage/gnupg-1.4.2.2/work/gnupg-1.4.2.2/checks' ACCESS DENIED open_wr: /dev/stderr ./defs.inc: line 159: /dev/stderr: Permission denied FAIL: version.test [...] ACCESS DENIED open_wr: /dev/stderr ./defs.inc: line 159: /dev/stderr: Permission denied FAIL: verify.test ================================== 26 of 26 tests failed The tests of the previous version (gnupg-1.4.2.1) are run still without a hitch. Emerge --info: Gentoo Base System version 1.12.0_pre15 Portage 2.0.54 (default-linux/x86/2005.1, gcc-3.4.5, glibc-2.3.6-r3, 2.6.15 i686) ================================================================= System uname: 2.6.15 i686 AMD Athlon(tm) XP 2800+ dev-lang/python: 2.4.2 sys-apps/sandbox: 1.2.12 sys-devel/autoconf: 2.13, 2.59-r6 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r1 sys-devel/binutils: 2.16.1 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.11-r2 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-march=athlon-xp -Os -pipe -fomit-frame-pointer" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/kde/3/share/config /usr/lib/X11/xkb /usr/share/config /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d" CXXFLAGS="-march=athlon-xp -O2 -pipe -fomit-frame-pointer" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig distlocks notitles sandbox sfperms strict test userpriv usersandbox" LINGUAS="en eo es nl" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" USE="x86 3dnow X aac aim alsa apm arts asf audiofile avi bash-completion berkdb bitmap-fonts bzip2 cdparanoia cdr crypt curl dga dio dri dv dvb eds emboss encode esd ethereal exif expat fam fbcon ffmpeg flac gd gdbm gif glut glx gpm gstreamer gtk gtk2 gtkhtml hardened icq idn imagemagick imap imlib jabber jpeg jpeg2k kde kdeenablefinal lcms libg++ libwww lm_sensors lua mad mbox mbrola memlimit mikmod mime mmap mmx mng mp3 mpeg musepack nas ncurses nls nptl nsplugin ogg openal opengl oscar pam pcre pdflib pic png python qt quicktime readline recode sasl scanner sdl shorten slang sndfile sox speex spell sqlite sse ssl svg svga tcltk test theora threads tidy tiff truetype truetype-fonts type1-fonts unicode usb vcd vorbis win32codecs wmf xface xine xml xml2 xmms xpm xsl xv xvid yahoo zlib video_cards_via linguas_en linguas_eo linguas_es linguas_nl userland_GNU kernel_linux elibc_glibc" Unset: ASFLAGS, CTARGET, LANG, LC_ALL, LDFLAGS
While upgrading to app-crypt/gnupg-1.4.2.2 today, I encountered similar sandbox errors during the src_test() phase. It seems that the tests direct some output to /dev/stderr. Since that should be a safe place to allow writing (and is redirected under Portage, anyway), I figure that this is likely to be safe. The attached trivial patch to gnupg-1.4.2.2.ebuild eliminates the error. The attached patch to the source tree should also eliminate the error, but I have not tested it. I have logs available, if they would be the least bit useful.
Created attachment 81844 [details, diff] trivial patch to gnupg-1.4.2.2.ebuild
Created attachment 81845 [details, diff] patch to gnupg-1.4.2.2 source tree I have not tested this patch.
Patch #81844 will fail for FEATURES=userpriv; "addwrite /dev/stderr" is not enough in that case as /dev/stderr typically doesn't have write permission for the portage user. Patch #81845 (redirecting output fd 5 to fd 2) works fine when FEATURES=userpriv (and all other situations, I think).
Patch 81845 works for me, i'd like to see this in the tree.
Added patch to cvs, thanks everyone!
