ebuild is causing a sandbox violation during emerge. --------------------------- ACCESS VIOLATION SUMMARY --------------------------- LOG FILE "/var/log/sandbox/sandbox-4782.log" VERSION 1.0 FORMAT: F - Function called FORMAT: S - Access Status FORMAT: P - Path as passed to function FORMAT: A - Absolute Path (not canonical) FORMAT: R - Canonical Path FORMAT: C - Command Line F: chmod S: deny P: /var/cache/fontconfig A: /var/cache/fontconfig R: /var/cache/fontconfig C: /usr/bin/fc-cache /var/tmp/portage/media-fonts/font-adobe-utopia-type1-1.0.1/image//usr/share/fonts/Type1 -------------------------------------------------------------------------------- Reproducible: Always Steps to Reproduce: 1.emerge font-adobe-utopia-type1 2.see the emerge fail 3.works fine with FEATURES="-sandbox" ctc-gray ~ # emerge --info Portage 2.2_rc33 (default/linux/x86/2008.0, gcc-4.3.3, glibc-2.9_p20081201-r2, 2.6.30-gentoo-r2 i686) ================================================================= System uname: Linux-2.6.30-gentoo-r2-i686-Intel-R-_Core-TM-2_CPU_T7200_@_2.00GHz-with-gentoo-2.0.0 Timestamp of tree: Wed, 15 Jul 2009 06:00:02 +0000 app-shells/bash: 4.0_p24 dev-java/java-config: 2.1.8-r1 dev-lang/python: 2.6.2-r1 sys-apps/baselayout: 2.0.0-r2 sys-apps/openrc: 0.4.2-r1 sys-apps/sandbox: 2.0 sys-devel/autoconf: 2.13, 2.63-r1 sys-devel/automake: 1.5, 1.8.5-r3, 1.9.6-r2, 1.10.2, 1.11 sys-devel/binutils: 2.19.1-r1 sys-devel/gcc-config: 1.4.1 sys-devel/libtool: 2.2.6a virtual/os-headers: 2.6.29 ACCEPT_KEYWORDS="x86 ~x86" CBUILD="i686-pc-linux-gnu" CFLAGS="-march=prescott -mtune=prescott -O2 -pipe" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/splash /etc/terminfo /etc/udev/rules.d" CXXFLAGS="-march=prescott -mtune=prescott -O2 -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="distlocks fixpackages parallel-fetch preserve-libs protect-owned sandbox sfperms strict unmerge-orphans userfetch" GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/linux/distributions/gentoo" LC_ALL="en_US.UTF-8" LDFLAGS="-Wl,-O1 -Wl,--sort-common -Wl,--as-needed" LINGUAS="en en_US" MAKEOPTS="-j3 --silent" PKGDIR="/usr/portage/packages" PORTAGE_COMPRESS="lzma" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="X acl acpi adns alsa apm archive ares audit autoipd avahi bash-completion bashlogger bdf berkdb branding bzip2 cairo caps cdr cjk cleartype cli consolekit cracklib crypt cscope cups custom-cflags custom-optimization dbus dell dga dri dvd dvdr dvdread encode fam fbcondecor fontconfig fortran fpx fuse gcrypt gdbm geoip gif glitz gmp gnome gnome-keyring gnutls gpm graphviz gs gtk guile hal hdri iconv idn imlib ipafont ipv6 isdnlog ithreads java jpeg jpeg2k kerberos lcms libnl libnotify logrotate logwatch lzma lzo mad mdnsresponder-compat midi mmx mp3 mpeg mudflap multiuser nautilus ncurses network-cron networking networkmanager nls nptl nptlonly ogg opengl openmp openssl pam pango pcre perl png policykit portaudio pppd python raw readline reflection restrict-javascript ruby session smi smime spl sse2 ssl startup-notification svg sysfs tcpd threads tiff truetype unicode vim-syntax vorbis win32codecs wmf x86 xattr xcb xml xmp xorg xpm xulrunner zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1 emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="evdev keyboard mouse" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en en_US" USERLAND="GNU" VIDEO_CARDS="fbdev glint vesa nv nvidia" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, LANG, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
Same issue with media-fonts/font-ibm-type1. This "blocks" users from installing xorg-x11 metapkg, had some users complaining it today on Freenode and reproduced it.
dirtyepic, this is the issue I mailed you today about
helps to cc me. ;) it looks like this only affects fonts that do their own `make install`, (ie. the xorg fonts). fonts using font.eclass work like they should because they run fc-cache during pkg_post{inst|rm}. the commit that triggers this is: http://cgit.freedesktop.org/fontconfig/commit/?id=8ae1e3d5dc323542e7def06a42deea62c7ba7027 x11, can you add an addpredict to your eclass, or do you have another idea how to prevent this?
Created attachment 198442 [details, diff] x-modular.eclass.diff this is what i'm thinking of. i'll run a test build on everything in media-fonts.
looks like it works.
Patch works on my system for font-adobe-utopia-type1.
*** Bug 277839 has been marked as a duplicate of this bug. ***
ACK on the patch, but please add a comment with a big "FIXME" so I can easily look it up. The fonts' makefiles run fc-cache even if DESTDIR is set, which sounds really useless to me. So, I was planning to patch all of those out and release new fonts. In any case, putting it all in the eclass sounds fine for now. Thanks
that sounds ideal. if you don't get around to it i can probably provide a patch. in the meantime, can i get you to apply the eclass patch for me? i'm stuck in a cheap motel room on the company laptop until next week. :/
*** Bug 278476 has been marked as a duplicate of this bug. ***
Since resolution was already found I've applied patch with big FIXME. Thank you guys!
that's the spirit!
*** Bug 279218 has been marked as a duplicate of this bug. ***
*** Bug 279365 has been marked as a duplicate of this bug. ***