I am getting the error listed below while running the tests. Running them manually in the build directory as root works fine, so it looks like FEATURES=userpriv is to blame. I have confirmed this by removing userpriv from FEATURES and had a clean install with all tests passing. make[1]: Entering directory `/var/tmp/portage/net-misc/openssh-5.2_p1-r1/work/openssh-5.2p1/regress' ssh-keygen -if /var/tmp/portage/net-misc/openssh-5.2_p1-r1/work/openssh-5.2p1/regress/rsa_ssh2.prv | diff - /var/tmp/portage/net-misc/openssh-5.2_p1-r1/work/openssh-5.2p1/regress/rsa_openssh.prv cat /var/tmp/portage/net-misc/openssh-5.2_p1-r1/work/openssh-5.2p1/regress/rsa_openssh.prv > /var/tmp/portage/net-misc/openssh-5.2_p1-r1/work/openssh-5.2p1/regress//t2.out chmod 600 /var/tmp/portage/net-misc/openssh-5.2_p1-r1/work/openssh-5.2p1/regress//t2.out ssh-keygen -yf /var/tmp/portage/net-misc/openssh-5.2_p1-r1/work/openssh-5.2p1/regress//t2.out | diff - /var/tmp/portage/net-misc/openssh-5.2_p1-r1/work/openssh-5.2p1/regress/rsa_openssh.pub ssh-keygen -ef /var/tmp/portage/net-misc/openssh-5.2_p1-r1/work/openssh-5.2p1/regress/rsa_openssh.pub >/var/tmp/portage/net-misc/openssh-5.2_p1-r1/work/openssh-5.2p1/regress//rsa_secsh.pub ssh-keygen -if /var/tmp/portage/net-misc/openssh-5.2_p1-r1/work/openssh-5.2p1/regress//rsa_secsh.pub | diff - /var/tmp/portage/net-misc/openssh-5.2_p1-r1/work/openssh-5.2p1/regress/rsa_openssh.pub rm -f /var/tmp/portage/net-misc/openssh-5.2_p1-r1/work/openssh-5.2p1/regress/rsa_secsh.pub ssh-keygen -lf /var/tmp/portage/net-misc/openssh-5.2_p1-r1/work/openssh-5.2p1/regress/rsa_openssh.pub |\ awk '{print $2}' | diff - /var/tmp/portage/net-misc/openssh-5.2_p1-r1/work/openssh-5.2p1/regress/t4.ok ssh-keygen -Bf /var/tmp/portage/net-misc/openssh-5.2_p1-r1/work/openssh-5.2p1/regress/rsa_openssh.pub |\ awk '{print $2}' | diff - /var/tmp/portage/net-misc/openssh-5.2_p1-r1/work/openssh-5.2p1/regress/t5.ok ssh-keygen -if /var/tmp/portage/net-misc/openssh-5.2_p1-r1/work/openssh-5.2p1/regress/dsa_ssh2.prv > /var/tmp/portage/net-misc/openssh-5.2_p1-r1/work/openssh-5.2p1/regress//t6.out1 ssh-keygen -if /var/tmp/portage/net-misc/openssh-5.2_p1-r1/work/openssh-5.2p1/regress/dsa_ssh2.pub > /var/tmp/portage/net-misc/openssh-5.2_p1-r1/work/openssh-5.2p1/regress//t6.out2 chmod 600 /var/tmp/portage/net-misc/openssh-5.2_p1-r1/work/openssh-5.2p1/regress//t6.out1 ssh-keygen -yf /var/tmp/portage/net-misc/openssh-5.2_p1-r1/work/openssh-5.2p1/regress//t6.out1 | diff - /var/tmp/portage/net-misc/openssh-5.2_p1-r1/work/openssh-5.2p1/regress//t6.out2 ssh-keygen -q -t rsa -N '' -f /var/tmp/portage/net-misc/openssh-5.2_p1-r1/work/openssh-5.2p1/regress//t7.out ssh-keygen -lf /var/tmp/portage/net-misc/openssh-5.2_p1-r1/work/openssh-5.2p1/regress//t7.out > /dev/null ssh-keygen -Bf /var/tmp/portage/net-misc/openssh-5.2_p1-r1/work/openssh-5.2p1/regress//t7.out > /dev/null run test connect.sh ... ssh connect with protocol 1 failed ssh connect with protocol 2 failed failed simple connect make[1]: *** [t-exec] Error 1 make[1]: Target `tests' not remade because of errors. make[1]: Leaving directory `/var/tmp/portage/net-misc/openssh-5.2_p1-r1/work/openssh-5.2p1/regress'
Created attachment 187291 [details] Complete build log
Same problem here. emerge --info output follows. The build.log is attached. The FEATURES=-userpriv also makes emerge works fine for me. Portage 2.1.6.7 (default/linux/x86/2008.0/desktop, gcc-4.1.2, glibc-2.8_p20080602-r1, 2.6.29-rc7 i686) ================================================================= System uname: Linux-2.6.29-rc7-i686-Intel-R-_Core-TM-2_CPU_T5500_@_1.66GHz-with-glibc2.0 Timestamp of tree: Sat, 04 Apr 2009 11:15:01 +0000 app-shells/bash: 3.2_p39 dev-java/java-config: 1.3.7-r1, 2.1.7 dev-lang/python: 2.5.2-r7 dev-python/pycrypto: 2.0.1-r8 dev-util/cmake: 2.4.8 sys-apps/baselayout: 1.12.11.1 sys-apps/sandbox: 1.2.18.1-r2 sys-devel/autoconf: 2.13, 2.63 sys-devel/automake: 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10.2 sys-devel/binutils: 2.18-r3 sys-devel/gcc-config: 1.4.0-r4 sys-devel/libtool: 1.5.26 virtual/os-headers: 2.6.27-r2 ACCEPT_KEYWORDS="x86" CBUILD="i686-pc-linux-gnu" CFLAGS="-march=prescott -O2 -pipe" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/config /var/qmail/alias /var/qmail/control" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/splash /etc/terminfo /etc/texmf/web2c /etc/udev/rules.d" CXXFLAGS="-march=prescott -O2 -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="distlocks fixpackages parallel-fetch protect-owned sandbox sfperms splitdebug strict test unmerge-orphans userfetch userpriv usersandbox" GENTOO_MIRRORS="ftp://mirror.ovh.net/gentoo-distfiles/ http://ftp.club-internet.fr/pub/mirrors/gentoo ftp://ftp.free.fr/mirrors/ftp.gentoo.org/ " LANG="C" LC_ALL="C" LDFLAGS="-Wl,-O1" LINGUAS="fr en" MAKEOPTS="-j3" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage" USE="X acl acpi alsa berkdb branding bzip2 cairo cdr cjk cli cracklib crypt cups dbus dri dvd dvdr dvdread eds emboss encode esd evo fam firefox fortran gdbm gif gnome gnome-print gpm gstreamer gtk2 hal iconv ipv6 isdnlog jpeg laptop libnotify mad midi mikmod mmx mp3 mpeg mudflap ncurses nls nptl nptlonly ogg opengl openmp pam pcre pdf perl png ppds pppd pulseaudio python qt3support quicktime readline reflection sdl session spell spl sse ssl startup-notification svg sysfs tcpd tiff truetype unicode usb vorbis win32codecs x86 xinerama xml xorg xulrunner xv zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1 emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CAMERAS="all" ELIBC="glibc" INPUT_DEVICES="evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="fr en" USERLAND="GNU" VIDEO_CARDS="intel" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY
Same here - additionally I think that sandbox also has to be disabled. FEATURES="-userpriv -sandbox" emerge --oneshot =net-misc/openssh-5.2_p1-r1 passed the tests for me. During the tests, it mucks around in /root/.ssh, which is forbidden by the sandbox, and fails if userpriv is set. Since my root user doesn't have any ssh keys, I just removed /root/.ssh after the event.
No. The test suite is not broken. But I'd like to know if you are running any firewall on that machine, and what rules you have in place? It runs and completes with success here on my box, WITH both sandbox and userpriv enabled. Here's my machine where it runs fine: Portage 2.2_rc27 (default/linux/amd64/2008.0, gcc-4.2.4, glibc-2.9_p20081201-r2, 2.6.29-07356-g8fe74cf x86_64) ================================================================= System uname: Linux-2.6.29-07356-g8fe74cf-x86_64-Intel-R-_Core-TM-2_Quad_CPU_Q6600_@_2.40GHz-with-glibc2.2.5 Timestamp of tree: Sun, 13 Jul 2008 00:00:01 +0000 ccache version 2.4 [enabled] app-shells/bash: 4.0_p10-r1 dev-java/java-config: 1.3.7-r1, 2.1.7 dev-lang/python: 2.5.4-r2 dev-python/pycrypto: 2.0.1-r8 dev-util/ccache: 2.4-r8 dev-util/cmake: 2.6.3 sys-apps/baselayout: 2.0.0 sys-apps/openrc: 0.4.3-r1 sys-apps/sandbox: 1.6 sys-devel/autoconf: 2.13, 2.63 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10.2 sys-devel/binutils: 2.19.1-r1 sys-devel/gcc-config: 1.4.1 sys-devel/libtool: 2.2.6a virtual/os-headers: 2.6.28-r1 ACCEPT_KEYWORDS="amd64 ~amd64" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=nocona -O2 -pipe -g" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /var/bind /var/spool/torque" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/eselect/postgresql /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/splash /etc/terminfo /etc/texmf/web2c /etc/udev/rules.d" CXXFLAGS="-march=nocona -O2 -pipe -g" DISTDIR="/home/gentoo/distfiles" FEATURES="assume-digests autoaddcvs buildpkg ccache collision-protect cvs distlocks fixpackages lmirror mirror multilib-strict parallel-fetch preserve-libs protect-owned sandbox sfperms splitdebug strict unmerge-orphans userfetch userpriv" GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/linux/distributions/gentoo" LANG="en_US.UTF-8" LDFLAGS="-Wl,-O1" LINGUAS="en en_CA en_US en_GB en_ZA" MAKEOPTS="-j4" PKGDIR="/home/gentoo/packages/grubb-int/" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/dev/shm" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="" USE="3dnow aalib acl acpi adns aio alsa amd amd64 apache2 apm audit berkdb bzip2 cairo cdr cgi clearpasswd cli cracklib crypt cups curl dbus divx4linux dri dvd dvdr encode f77 fam foomaticdb fortran frxp gcj gd gdbm geoip gif glitz gpgme hpn iconv idn imap innodb ipalias ipv6 isdnlog jikes jpeg junit latex libwww logrotate mad maildir mcal md5sum midi mikmod mmx mp3 mpeg mpm-prefork mudflap multicall multilib multitarget mysql ncurses nptl nptlonly objc offensive ogg openmp pam pcap pcre pdf pdflib perl pic plotutils png pnp ppds pppd python qmail readline reflection samba scanner session slp smime snmp socks5 spell spl sse sse2 ssl svg sysfs tetex threads tiff truetype truetype-fonts type1 type1-fonts udev ungif unicode usb userlocales v4l v4l2 vhosts vim-syntax vorbis xcb xml xml2 xorg xvid zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias asis auth_digest imagemap log_forensic proxy proxy_ajp proxy_balancer proxy_connect proxy_ftp proxy_http" APACHE2_MPMS="prefork" ELIBC="glibc" FOO2ZJS_DEVICES="hp1020" INPUT_DEVICES="evdev keyboard mouse void" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en en_CA en_US en_GB en_ZA" USERLAND="GNU" VIDEO_CARDS="dummy fbdev nv v4l vga vesa i810" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, LC_ALL, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
perhaps related to /etc/ssh/ settings ... i dunno, but the `make check` in openssh has always failed for me. and no, there is 0 firewall rules on my desktop (it's on a private lan behind a firewall, so i dont sweat it).
vapier: could you anatomise your /etc/ssh/ settings and paste in here, so I can test them out? or test them individually yourself.
i tried looking through the tests, but their test system is a frickin mess it's simpler to just unpack the vanilla tarball and do `./configure && make` because i get the same errors (running as non-root and outside of sandbox of course) as i do with trying to emerge it
my /etc/ssh/ssh_config is simple: Host * ForwardAgent yes StrictHostKeyChecking no and my /etc/ssh/sshd_config (with comments removed): Port 22 Port 443 Protocol 2 X11Forwarding yes UseDNS no Subsystem sftp /usr/lib64/misc/sftp-server openssh emerged with: USE="X hpn libedit skey smartcard tcpd -X509 -kerberos -ldap -pam -pkcs11 (-selinux) -static"
For comparision: My /etc/ssh/ssh_config is empty, and here's my sshd_config: ===== Protocol 2 PasswordAuthentication no UsePAM yes X11Forwarding yes X11UseLocalhost yes PrintMotd no PrintLastLog no Subsystem sftp /usr/lib64/misc/sftp-server Match User portage HostbasedAuthentication yes =====
And my openssh: [ebuild R ] net-misc/openssh-5.2_p1-r1 USE="hpn pam -X -X509 -kerberos -ldap -libedit -pkcs11 (-selinux) -skey -smartcard -static -tcpd" 0 kB
vapier: can you force it without tcp-wrappers and see what happens? (I know it automagics if you don't pass the arg to configure)
didnt make a difference running `./configure --without-tcp-wrappers`
vapier: Thanks anyway. I'm going away for a few days, but I'll continue to debug next weekend.
i wouldnt sweat it too much ... iirc, openssh has failed the same way for me for a couple of versions, and ive never noticed any misbehavior in actual usage
Content of /etc/ssh/ssh_config: ====================== Host * ForwardAgent no ForwardX11 no ====================== Content of /etc/ssh/sshd_config: ====================== Protocol 2 AllowUsers didier LoginGraceTime 30 PermitRootLogin no StrictModes yes MaxAuthTries 2 PasswordAuthentication yes UsePAM yes AllowTcpForwarding yes GatewayPorts no X11Forwarding no PrintMotd no PrintLastLog no UsePrivilegeSeparation yes MaxStartups 2 PermitTunnel no Subsystem sftp /usr/lib/misc/sftp-server ====================== OpenSSH emerges with: USE="X pam tcpd -X509 -hpn -kerberos -ldap -libedit -pkcs11 (-selinux) -skey -smartcard -static"
didier: thanks for that. that shows in your sshd_config there's nothing that both of you and vapier have but I don't. However, I do see that BOTH of you are using tcpd. On a lark, can you you explore possibilities with tcpd interactions with the testcase? vapier ran the configure for --without-tcp-wrappers, but i'm wondering if it still got used. Try to confirm that, and also see what happens if you put explicit allow from any into your tcp wrapper rules.
> However, I do see that BOTH of you are using tcpd. On a lark, can you you > explore possibilities with tcpd interactions with the testcase? vapier ran the > configure for --without-tcp-wrappers, but i'm wondering if it still got used. > Try to confirm that, and also see what happens if you put explicit allow from > any into your tcp wrapper rules. I tried with USE=-tcpd and tests failed in that case too. I also tested with 'ALL: ALL' in /etc/hosts.allow. However, I changed the shell of the portage user in /etc/passwd from /bin/false to /bin/bash and it worked. To summarize, if I use FEATURES=-userpriv or I change the portage shell, the tests succeed. Otherwise, they fail. I hope that may help you...
Fixed in the tree now.
(In reply to comment #18) > Fixed in the tree now. > + portage_shell="$(getent passwd portage |cut -d: -f7)" Any chance this line could use ${UID} or similar, so as not to assume any particular user?
levertond: done
Confirmed that this fixes the original test failure I reported. Thanks!
(In reply to comment #18) > Fixed in the tree now. > It works fine for me too. Thank you for the fix.