Comment 1 Jeroen Roovers (RETIRED) 2015-07-08 19:58:24 UTC

Where did your pkg_postinst() go wrong?

Comment 2 Jeroen Roovers (RETIRED) 2015-07-08 20:01:34 UTC

No emerge --info, no build.log.

Comment 3 Christian Ruppert (idl0r) 2015-07-09 15:00:11 UTC

Created attachment 406410 [details]
build.log

Comment 4 Christian Ruppert (idl0r) 2015-07-09 15:00:38 UTC

# emerge --info arpwatch
Portage 2.2.20 (python 3.3.5-final-0, default/linux/amd64/13.0/desktop, gcc-4.8.4, glibc-2.20-r2, 3.19.8-gentoo x86_64)
=================================================================
                         System Settings
=================================================================
System uname: Linux-3.19.8-gentoo-x86_64-Intel-R-_Core-TM-_i5-3450_CPU_@_3.10GHz-with-gentoo-2.2
KiB Mem:    16396320 total,   9079132 free
KiB Swap:    2097148 total,   2097148 free
Timestamp of repository gentoo: Tue, 07 Jul 2015 11:45:01 +0000
sh bash 4.3_p33-r2
ld GNU ld (Gentoo 2.24 p1.4) 2.24
app-shells/bash:          4.3_p33-r2::gentoo
dev-java/java-config:     2.2.0::gentoo
dev-lang/perl:            5.20.2::gentoo
dev-lang/python:          2.7.9-r1::gentoo, 3.3.5-r1::gentoo, 3.4.1::gentoo
dev-util/cmake:           3.2.2::gentoo
dev-util/pkgconfig:       0.28-r2::gentoo
sys-apps/baselayout:      2.2::gentoo
sys-apps/openrc:          0.13.11::gentoo
sys-apps/sandbox:         2.6-r1::gentoo
sys-devel/autoconf:       2.13::gentoo, 2.69::gentoo
sys-devel/automake:       1.11.6-r1::gentoo, 1.12.6::gentoo, 1.13.4::gentoo, 1.14.1::gentoo
sys-devel/binutils:       2.24-r3::gentoo
sys-devel/gcc:            4.8.4::gentoo
sys-devel/gcc-config:     1.7.3::gentoo
sys-devel/libtool:        2.4.6::gentoo
sys-devel/make:           4.1-r1::gentoo
sys-kernel/linux-headers: 3.18::gentoo (virtual/os-headers)
sys-libs/glibc:           2.20-r2::gentoo
Repositories:

gentoo
    location: /usr/portage
    sync-type: rsync
    sync-uri: rsync://rsync.qasl.de/gentoo-portage
    priority: -1000

local-overlay
    location: /home/c.ruppert/portage/overlay
    masters: gentoo
    priority: 0

ACCEPT_KEYWORDS="amd64"
ACCEPT_LICENSE="* -@EULA Oracle-BCLA-JavaSE AdobeFlash-10.3 AdobeFlash-11.x google-chrome"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-march=native -O2 -pipe"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/share/config /usr/share/gnupg/qualified.txt"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php5.4/ext-active/ /etc/php/apache2-php5.5/ext-active/ /etc/php/cgi-php5.4/ext-active/ /etc/php/cgi-php5.5/ext-active/ /etc/php/cli-php5.4/ext-active/ /etc/php/cli-php5.5/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c"
CXXFLAGS="-march=native -O2 -pipe"
DISTDIR="/usr/portage/distfiles"
EMERGE_DEFAULT_OPTS="--with-bdeps y --columns"
FCFLAGS="-O2 -pipe"
FEATURES="assume-digests binpkg-logs collision-protect config-protect-if-modified distlocks ebuild-locks fail-clean fakeroot fixlafiles merge-sync news parallel-fetch preserve-libs protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr"
FFLAGS="-O2 -pipe"
GENTOO_MIRRORS="http://de-mirror.org/gentoo/ http://mirror.netcologne.de/gentoo/ http://linux.rz.ruhr-uni-bochum.de/download/gentoo-mirror/ http://ftp.halifax.rwth-aachen.de/gentoo/ http://ftp.spline.inf.fu-berlin.de/mirrors/gentoo/ http://ftp.uni-erlangen.de/pub/mirrors/gentoo http://ftp-stud.hs-esslingen.de/pub/Mirrors/gentoo/"
LANG="en_US.UTF-8"
LDFLAGS="-Wl,-O1 -Wl,--as-needed -Wl,-z,now -Wl,--sort-common"
MAKEOPTS="-j2"
PKGDIR="/usr/portage/packages"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_EXTRA_OPTS="--exclude lost+found"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/var/tmp"
USE="256-color X a52 aac acl acpi alsa amd64 bash-completion berkdb bzip2 cairo caps cdda cdr cli consolekit cracklib crypt cscope cups cxx dbus device-mapper dri dts dvd dvdr egl emboss encode eselect exif faac fam firefox flac fortran gallium gdbm gif glamor glib gnutls gpg gpm gtk gtk3 iconv inotify introspection ipc ipv6 jpeg lcms libnotify lzma mad mmx mmxext mng modules mp3 mp4 mpeg mudflap multilib ncurses network-cron nptl ogg opengl openmp pam pango pcre pdf png policykit ppds qt3support qt4 readline rtmp sdl session sha512 sound spell sqlite sse sse2 ssl startup-notification svg theora threads tiff truetype udev udisks unicode upower usb vaapi vdpau vim-syntax vorbis webm wxwidgets x264 xattr xcb xinerama xv xvid zlib zsh-completion" ABI_X86="64" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" APACHE2_MODULES="actions alias asis autoindex cache charset_lite deflate dir disk_cache dumpio env expires ext_filter file_cache filter headers ident include info log_config log_forensic logio mime mime_magic negotiation reqtimeout rewrite setenvif status substitute userdir usertrack version vhost_alias auth_basic authz_host cgi cgid auth_digest authn_alias authn_anon authn_dbd authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_owner authz_user" APACHE2_MPMS="worker" CALLIGRA_FEATURES="kexi words flow plan sheets stage tables krita karbon braindump author" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="aes avx mmx mmxext popcnt sse sse2 sse3 sse4_1 sse4_2 ssse3" CURL_SSL="openssl" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ublox ubx" INPUT_DEVICES="evdev keyboard" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php5-5" PYTHON_SINGLE_TARGET="python2_7" PYTHON_TARGETS="python2_7 python3_3" QEMU_SOFTMMU_TARGETS="i386 x86_64" QEMU_USER_TARGETS="i386 x86_64" RUBY_TARGETS="ruby19 ruby20" USERLAND="GNU" VIDEO_CARDS="radeon r600 nouveau nvidia" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account"
Unset:  CPPFLAGS, CTARGET, INSTALL_MASK, LC_ALL, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, USE_PYTHON

=================================================================
                        Package Settings
=================================================================

net-analyzer/arpwatch-2.1.15-r6::gentoo was built with the following:
USE="(-selinux)" ABI_X86="64"

Comment 5 Christian Ruppert (idl0r) 2015-07-09 15:05:41 UTC

# ebuild arpwatch-2.1.15-r6.ebuild clean install
...
# find /var/tmp/portage/net-analyzer/arpwatch-2.1.15-r6/image/ -ls
...
1051894    4 drwxr-xr-x   2 root     root         4096 Jul  9 17:04 /var/tmp/portage/net-analyzer/arpwatch-2.1.15-r6/image/var/lib/arpwatch
...

Comment 6 Jeroen Roovers (RETIRED) 2015-07-10 07:26:07 UTC

(In reply to Christian Ruppert (idl0r) from comment #5)
> # ebuild arpwatch-2.1.15-r6.ebuild clean install
> ...
> # find /var/tmp/portage/net-analyzer/arpwatch-2.1.15-r6/image/ -ls
> ...
> 1051894    4 drwxr-xr-x   2 root     root         4096 Jul  9 17:04
> /var/tmp/portage/net-analyzer/arpwatch-2.1.15-r6/image/var/lib/arpwatch
> ...

That's before pkg_postinst().

Ping:)

Comment 8 Michael Orlitzky 2017-10-22 17:47:06 UTC

This is probably "fixed" with -r10:

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6739ee69e69a954bc27a3040ab59d46b82582229

(I suspect that the root of the problem is that portage will not change ownership of an existing directory, so if you have an old /var/lib/arpwatch owned by root:root, then the staged copy of that path created in pkg_postinst won't overwrite it.)

Comment 9 Michael Orlitzky 2017-10-22 17:54:33 UTC

(In reply to Michael Orlitzky from comment #8)
> 
> (I suspect that the root of the problem is that portage will not change
> ownership of an existing directory, so if you have an old /var/lib/arpwatch
> owned by root:root, then the staged copy of that path created in
> pkg_postinst won't overwrite it.)

On second thought, the "staged" copy isn't what they wanted to affect in the first place:

  pkg_postinst() {
	fowners arpwatch:0 "${ROOT}"/var/lib/arpwatch
  }

That's supposed to affect the live filesystem, but to do that, it would have to be a "chown" and not "fowners". The "fowners" call prepends $D to its argument.

So my -r10 probably *doesn't* fix this, since it's a problem experienced by upgraders who need their live permissions tightened. That's hard to do safely: I would tell those people to remove /var/lib/arpwatch and reinstall arpwatch. That's simple and safe even if it sounds a bit crude.

Comment 10 Michael Orlitzky 2018-01-09 20:43:06 UTC

I just took another look at this, and I think that there were TWO problems:

  1. During installation, ${D}/var/lib/arpwatch should have been owned by
     the "arpwatch" user.

  2. When upgrading, ${ROOT}/var/lib/arpwatch should have been tweaked
     to have owner "arpwatch".

The second item was necessary because portage won't mess with existing directory ownership. Neither was being done. In the -r9, we have...

  src_install () {
    ...
    keepdir /var/lib/arpwatch
  }

  pkg_postinst() {
    fowners arpwatch:0 "${ROOT}"/var/lib/arpwatch
  }

The "keepdir" installs the directory into $D with owner root:root. But then, in pkg_postinst, the wrong function is called. The "fowners" function will try to act on $D, but that won't work post-installation. The result is that new directories are installed as root:root, and old ones are left alone.

I thought that people were hitting this error during upgrades, but now I think it's far more likely that they were hitting #1 above. My -r10 does in fact fix that issue, by creating ${D}/var/lib/arpwatch as root:arpwatch and mode 0770.

So, modulo the upgrade issue, I think this is fixed. Buuuuuuutttttttttt since -r9 and -r8 were still installing the directory with the wrong ownership, I think I'll replace the pkg_postinst phase to support an upgrade path.

Comment 11 Larry the Git Cow 2018-01-09 21:07:45 UTC

The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b1bab70c44f772993901189cfe8eab4324db544e

commit b1bab70c44f772993901189cfe8eab4324db544e
Author:     Michael Orlitzky <mjo@gentoo.org>
AuthorDate: 2018-01-09 20:54:39 +0000
Commit:     Michael Orlitzky <mjo@gentoo.org>
CommitDate: 2018-01-09 20:56:35 +0000

    net-analyzer/arpwatch: new revision to fix the upgrade path.
    
    All revisions before -r10 install /var/lib/arpwatch with the wrong
    ownership. The -r10 revision fixes that for new installs, but doesn't
    modify ${ROOT}/var/lib/arpwatch for upgraders. This new -r11 adds a
    pkg_postinst function to correct the issue for upgraders.
    
    The revision also changes one "dodir" back to "keepdir", fixing a
    mistake that I made in -r10.
    
    Closes: https://bugs.gentoo.org/554222
    Package-Manager: Portage-2.3.13, Repoman-2.3.3

 ...2.1.15-r10.ebuild => arpwatch-2.1.15-r11.ebuild} | 21 +++++++++++++++++++--
 1 file changed, 19 insertions(+), 2 deletions(-)