This bug is here "for the records" as an analysis of what can go wrong when defining our unpack_cmd as "tar --acls ..." which we've been doing as of commit 2fea87234ffc48c3dd96f1204b27f667f5ade3a3. The easiest way to see the problem is to reproduce it manually: 1. Get stage3-i686-20141209.tar.bz2 or any stage3 tarball. 2. mkdir stage3-i686 ; cd stage3-i686 3. tar --xattrs --xattrs-include=security.capability --xattrs-include=user.pax.flags --acls --selinux -I lbzip2 -xpf ../stage3-i686-20141209.tar.bz2 4. If you don't have selinux enabled you'll get a warning about that. Its not relevant. 5. ls -al gives total 152K drwxr-xr-x+ 19 root root 4.0K Dec 9 00:37 . drwxrwxrwt 16 root root 76K Jan 16 07:42 .. drwxr-xr-x+ 2 root root 4.0K Dec 9 03:18 bin drwxr-xr-x+ 2 root root 4.0K Dec 9 00:37 boot drwxr-xr-x+ 3 root root 4.0K Dec 9 00:42 dev drwxr-xr-x+ 30 root root 4.0K Dec 9 03:21 etc drwxr-xr-x+ 2 root root 4.0K Dec 9 00:37 home drwxr-xr-x+ 8 root root 4.0K Dec 9 03:18 lib drwxr-xr-x+ 2 root root 4.0K Dec 9 00:37 media drwxr-xr-x+ 2 root root 4.0K Dec 9 00:37 mnt drwxr-xr-x+ 2 root root 4.0K Dec 9 00:37 opt drwxr-xr-x+ 2 root root 4.0K Dec 9 00:31 proc drwx------+ 2 root root 4.0K Dec 9 00:37 root drwxr-xr-x+ 3 root root 4.0K Dec 9 03:17 run drwxr-xr-x+ 2 root root 4.0K Dec 9 03:21 sbin drwxr-xr-x+ 2 root root 4.0K Dec 9 00:37 sys drwxrwxrwt+ 2 root root 4.0K Dec 9 03:21 tmp drwxr-xr-x+ 11 root root 4.0K Dec 9 03:21 usr drwxr-xr-x+ 9 root root 4.0K Dec 9 00:37 var The +'s mean there are acls. It is the same in the subdirectories. Let's look at the acls for var/tmp: 6. getfacl var/tmp/ # file: var/tmp/ # owner: root # group: root # flags: --t user::rwx group::rwx other::rwx default:user::rwx default:group::rwx default:other::rwx Looks okay but don't forget that acls are inherited by child directories sooo .... 7. cd var/tmp/ ; ls # there's nothing there, let's simulate what portage does 8. mkdir portage ; ls -al total 12 drwxrwxrwt+ 3 root root 4096 Jan 16 07:46 . drwxr-xr-x+ 9 root root 4096 Dec 9 00:37 .. -rw-r--r-- 1 root root 0 Dec 9 00:37 .keep drwxrwxrwx+ 2 root root 4096 Jan 16 07:46 portage So the directory portage has inherited the acls!!! What are they? 9. getfacl portage/ # file: portage/ # owner: root # group: root user::rwx group::rwx other::rwx default:user::rwx default:group::rwx default:other::rwx Probably not what we wanted, but okay ... let's try to live with it 10. (This part you have to chroot into the stage3-i686 directory ) Try to `emerge =dev-lang/python-3.3.5-r1` and it fails with a check during install which says "mode 777 != expected mode 755" because the directory was created by the build system under /var/tmp and inherited those acls which then failed the check. Here's the final death throws of the build during installation: >>> Install python-3.3.5-r1 into /var/tmp/portage/dev-lang/python-3.3.5-r1/image/ category dev-lang make DESTDIR=/var/tmp/portage/dev-lang/python-3.3.5-r1/image/ altinstall Creating directory /usr/bin Creating directory /usr/lib /usr/bin/install -c python /var/tmp/portage/dev-lang/python-3.3.5-r1/image//usr/bin/python3.3 if test "3.3" != "3.3"; then \ if test -f /var/tmp/portage/dev-lang/python-3.3.5-r1/image//usr/bin/python3.3 -o -h /var/tmp/portage/dev-lang/python-3.3.5-r1/image//usr/bin/python3.3; \ then rm -f /var/tmp/portage/dev-lang/python-3.3.5-r1/image//usr/bin/python3.3; \ fi; \ (cd /var/tmp/portage/dev-lang/python-3.3.5-r1/image//usr/bin; ln python3.3 python3.3); \ fi if test -f libpython3.3.so; then \ if test -n "" ; then \ /usr/bin/install -c -m 555 /var/tmp/portage/dev-lang/python-3.3.5-r1/image//usr/bin; \ else \ /usr/bin/install -c -m 555 libpython3.3.so /var/tmp/portage/dev-lang/python-3.3.5-r1/image//usr/lib/libpython3.3.so.1.0; \ if test libpython3.3.so != libpython3.3.so.1.0; then \ (cd /var/tmp/portage/dev-lang/python-3.3.5-r1/image//usr/lib; ln -sf libpython3.3.so.1.0 libpython3.3.so) \ fi \ fi; \ if test -n "libpython3.so"; then \ /usr/bin/install -c -m 555 libpython3.so /var/tmp/portage/dev-lang/python-3.3.5-r1/image//usr/lib/libpython3.so; \ fi; \ else true; \ fi LD_LIBRARY_PATH=/var/tmp/portage/dev-lang/python-3.3.5-r1/work/i686-pc-linux-gnu: ./python -E -S -m sysconfig --generate-posix-vars Traceback (most recent call last): File "/var/tmp/portage/dev-lang/python-3.3.5-r1/work/Python-3.3.5/Lib/runpy.py", line 160, in _run_module_as_main "__main__", fname, loader, pkg_name) File "/var/tmp/portage/dev-lang/python-3.3.5-r1/work/Python-3.3.5/Lib/runpy.py", line 73, in _run_code exec(code, run_globals) File "/var/tmp/portage/dev-lang/python-3.3.5-r1/work/Python-3.3.5/Lib/sysconfig.py", line 721, in <module> _main() File "/var/tmp/portage/dev-lang/python-3.3.5-r1/work/Python-3.3.5/Lib/sysconfig.py", line 709, in _main _generate_posix_vars() File "/var/tmp/portage/dev-lang/python-3.3.5-r1/work/Python-3.3.5/Lib/sysconfig.py", line 414, in _generate_posix_vars os.makedirs(pybuilddir, exist_ok=True) File "/var/tmp/portage/dev-lang/python-3.3.5-r1/work/Python-3.3.5/Lib/os.py", line 269, in makedirs mkdir(name, mode) FileExistsError: [Errno 17] File exists (mode 777 != expected mode 755): 'build/lib.linux-x86_64-3.3' Makefile:502: recipe for target 'pybuilddir.txt' failed make: *** [pybuilddir.txt] Error 1 * ERROR: dev-lang/python-3.3.5-r1::gentoo failed (install phase): * emake failed * * If you need support, post the output of `emerge --info '=dev-lang/python-3.3.5-r1::gentoo'`, * the complete build log and the output of `emerge -pqv '=dev-lang/python-3.3.5-r1::gentoo'`. * The complete build log is located at '/var/tmp/portage/dev-lang/python-3.3.5-r1/temp/build.log'. * The ebuild environment file is located at '/var/tmp/portage/dev-lang/python-3.3.5-r1/temp/environment'. * Working directory: '/var/tmp/portage/dev-lang/python-3.3.5-r1/work/i686-pc-linux-gnu' * S: '/var/tmp/portage/dev-lang/python-3.3.5-r1/work/Python-3.3.5' >>> Failed to emerge dev-lang/python-3.3.5-r1, Log file: >>> '/var/tmp/portage/dev-lang/python-3.3.5-r1/temp/build.log' * Messages for package dev-lang/python-3.3.5-r1: * ERROR: dev-lang/python-3.3.5-r1::gentoo failed (install phase): * emake failed * * If you need support, post the output of `emerge --info '=dev-lang/python-3.3.5-r1::gentoo'`, * the complete build log and the output of `emerge -pqv '=dev-lang/python-3.3.5-r1::gentoo'`. * The complete build log is located at '/var/tmp/portage/dev-lang/python-3.3.5-r1/temp/build.log'. * The ebuild environment file is located at '/var/tmp/portage/dev-lang/python-3.3.5-r1/temp/environment'. * Working directory: '/var/tmp/portage/dev-lang/python-3.3.5-r1/work/i686-pc-linux-gnu' * S: '/var/tmp/portage/dev-lang/python-3.3.5-r1/work/Python-3.3.5' Reproducible: Always
I have commit to the catalyst repo. After reviewing this, I'll keep commit 2fea87234ffc48c3dd96f1204b27f667f5ade3a3 but remove the --acls stuff. We're probably safe with the --selinux and with the other xattr stuff because unlike acls, they aren't inherited in this way.
Okay I fixed this with commit 45286727a63d16d0688a88bf7cf68289efd26861 in the 2.X branch.