A build log is not available (it probably was cleaned after postinst failed), but this is the complete related message from the console: >>> Installing (108 of 200) sys-libs/libsemanage-2.7::gentoo to $ROOT >>> Setting SELinux security labels * Migrating store strict (without policy rebuild). You must install libselinux-python and libsemanage-python before running this tool * ERROR: sys-libs/libsemanage-2.7::gentoo failed (postinst phase): * Failed to migrate store strict * * Call stack: * ebuild.sh, line 124: Called pkg_postinst * environment, line 1692: Called die * The specific snippet of code: * /usr/libexec/selinux/semanage_migrate_store -n -s "${POLICY_TYPE}" || die "Failed to migrate store ${POLICY_TYPE}"; * * If you need support, post the output of `emerge --info '=sys-libs/libsemanage-2.7::gentoo'`, * the complete build log and the output of `emerge -pqv '=sys-libs/libsemanage-2.7::gentoo'`. * The complete build log is located at '/var/tmp/portage/sys-libs/libsemanage-2.7/temp/build.log'. * The ebuild environment file is located at '/var/tmp/portage/sys-libs/libsemanage-2.7/temp/environment'. * Working directory: '/var/tmp/portage/sys-libs/libsemanage-2.7/homedir' * S: '/var/tmp/portage/sys-libs/libsemanage-2.7/work/libsemanage-2.7' * FAILED postinst: 1 >>> Failed to execute postinst for sys-libs/libsemanage-2.7 for $ROOT Running /usr/libexec/selinux/semanage_migrate_store manually also produces the error message. Running it with python2.7 explicitly makes the error message vanish and allows the tool to operate normally. Given that it only supports python2.7 and python3.5, according to PYTHON_TARGETS, I assume that the default Python interpreter python3.6 is being used for this tool, despite python3.6 not being listed in PYTHON_TARGETS. # emerge --info selinux-python libsemanage Portage 2.3.13 (python 3.5.4-final-0, default/linux/amd64/17.0/hardened/selinux, gcc-6.4.0, glibc-2.25-r9, 4.12.12-gentoo x86_64) ================================================================= System Settings ================================================================= System uname: Linux-4.12.12-gentoo-x86_64-AMD_Athlon-tm-_64_Processor_3700+-with-gentoo-2.4.1 KiB Mem: 2051752 total, 685912 free KiB Swap: 4194300 total, 3523580 free Timestamp of repository gentoo: Thu, 28 Dec 2017 07:45:01 +0000 Head commit of repository gentoo: f2d6aff8b3303d0bf4214cf7d39e5c4698970b05 sh bash 4.3_p48-r1 ld GNU ld (Gentoo 2.26.1 p1.0) 2.26.1 distcc 3.2rc1 x86_64-pc-linux-gnu [disabled] app-shells/bash: 4.3_p48-r1::gentoo dev-lang/perl: 5.24.3::gentoo dev-lang/python: 2.7.14-r1::gentoo, 3.4.5-r1::gentoo, 3.5.4-r1::gentoo, 3.6.3-r1::gentoo dev-util/cmake: 3.9.6::gentoo sys-apps/baselayout: 2.4.1-r2::gentoo sys-apps/sandbox: 2.10-r4::gentoo sys-devel/autoconf: 2.69::gentoo sys-devel/automake: 1.13.4::gentoo, 1.15.1-r1::gentoo sys-devel/binutils: 2.26.1::gentoo, 2.28-r2::gentoo, 2.28.1::gentoo, 2.29.1-r1::gentoo sys-devel/gcc: 5.4.0-r3::gentoo, 6.4.0::gentoo sys-devel/gcc-config: 1.8-r1::gentoo sys-devel/libtool: 2.4.6-r3::gentoo sys-devel/make: 4.2.1::gentoo sys-kernel/linux-headers: 4.4::gentoo (virtual/os-headers) sys-libs/glibc: 2.25-r9::gentoo Repositories: gentoo location: /var/cache/portage/gentoo sync-type: rsync sync-uri: rsync://rsync.europe.gentoo.org/gentoo-portage priority: -1000 sync-rsync-extra-opts: local location: /var/cache/portage/local masters: gentoo ACCEPT_KEYWORDS="amd64" ACCEPT_LICENSE="* -@EULA" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-pipe -mtune=generic -O2" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/share/gnupg/qualified.txt" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/gconf /etc/gentoo-release /etc/php/apache2-php5.6/ext-active/ /etc/php/apache2-php7.1/ext-active/ /etc/php/cgi-php5.6/ext-active/ /etc/php/cgi-php7.1/ext-active/ /etc/php/cli-php5.6/ext-active/ /etc/php/cli-php 7.1/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo" CXXFLAGS="-pipe -mtune=generic -O2" DISTDIR="/var/cache/portage/distfiles" EMERGE_DEFAULT_OPTS="--keep-going --nospinner --usepkg --buildpkg --binpkg-respect-use --binpkg-changed-deps=y --rebuilt-binaries=y --rebuild-if-unbuilt=y --verbose-conflicts" FCFLAGS="-O2 -pipe" FEATURES="assume-digests binpkg-logs buildpkg compressdebug config-protect-if-modified distlocks ebuild-locks fixlafiles merge-sync multilib-strict news parallel-fetch parallel-install preserve-libs protect-owned sandbox selinux sesandbox sfperms strict unknown-features-wa rn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr" FFLAGS="-O2 -pipe" GENTOO_MIRRORS="http://ftp.spline.inf.fu-berlin.de/mirrors/gentoo/ http://ftp-stud.fht-esslingen.de/pub/Mirrors/gentoo/ http://distfiles.gentoo.org" LANG="en_GB.UTF-8" LDFLAGS="-Wl,-O1 -Wl,--as-needed -Wl,--hash-style=gnu" MAKEOPTS="-j2" PKGDIR="/var/cache/portage/packages" PORTAGE_COMPRESS="xz" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --exclude=/.git" PORTAGE_TMPDIR="/var/tmp" USE="acl amd64 audit berkdb bzip2 caps cracklib crypt cxx gpg hardened iconv idn ipv6 jemalloc jit libidn2 luajit lz4 lzma lzo multilib ncurses nls nptl open_perms openmp pam pcre pcre2 pie readline sctp seccomp selinux ssl ssp systemd udev unconfined unicode utempter vhos ts xattr xtpax xz zlib" ABI_X86="64" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" APACHE2_MODULES="authn_core authz_cor e socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter fil e_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="kexi words flow plan sheets stage tables krita karbon braindump author" COLLECTD_PLUGINS=" df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="3dnow 3dnowext mmx mmxext sse sse2 sse3" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock isync itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104 v2 rtcm104v3 sirf skytraq superstar2 timing tsip tripmate tnt ublox ubx" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" OFFICE_IMPLEMENTATION="libreoffice" PH P_TARGETS="php5-6 php7-0 php7-1" POSTGRES_TARGETS="postgres9_5" PYTHON_SINGLE_TARGET="python3_5" PYTHON_TARGETS="python2_7 python3_5 pypy pypy3" RUBY_TARGETS="ruby22" USERLAND="GNU" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy c ondition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" Unset: CC, CPPFLAGS, CTARGET, CXX, INSTALL_MASK, LC_ALL, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS ================================================================= Package Settings ================================================================= sys-apps/selinux-python-2.7::gentoo was built with the following: USE="audit pam -dbus" ABI_X86="(64)" PYTHON_TARGETS="python2_7 python3_5 -python3_4" sys-libs/libsemanage-2.7::gentoo was built with the following: USE="(python)" ABI_X86="(64) -32 (-x32)" PYTHON_TARGETS="python2_7 python3_5 -python3_4" # eselect python list Available Python interpreters, in order of preference: [1] python3.6 (fallback) [2] python3.5 (fallback) [3] python3.4 (fallback) [4] python2.7 (fallback) [5] pypy3 (fallback) [6] pypy (fallback)
A couple of problems here: 1) semanage_migrate_store gets installed with python3 in its shebang, so it is prone to failure if the runtime python preference doesn't match what's enabled in PYTHON_TARGETS on this package. 2) semanage_migrate_store is installed unconditionally, and run unconditionally, but the tool is not functional at all unless USE=python is set. We may also want to consider whether the "|| die" is warranted here, does the full package install need to die if this step fails?
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a79a655cab347b276fcd15c20bc83aaa0a4fe78b commit a79a655cab347b276fcd15c20bc83aaa0a4fe78b Author: Ben Kohler <bkohler@gentoo.org> AuthorDate: 2020-07-02 12:26:21 +0000 Commit: Ben Kohler <bkohler@gentoo.org> CommitDate: 2020-07-02 12:26:34 +0000 sys-libs/libsemanage: revbump for python fixes A python_fix_shebang was needed. Also it's clear that this ebuild has never really been tested with USE="-python", so python is no longer optional. With these fixes, the script run in pkg_postinst can be run with || die again. Bug: https://bugs.gentoo.org/642634 Package-Manager: Portage-2.3.103, Repoman-2.3.23 Signed-off-by: Ben Kohler <bkohler@gentoo.org> sys-libs/libsemanage/libsemanage-3.0-r1.ebuild | 138 +++++++++++++++++++++++++ 1 file changed, 138 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0c730666252a75f3360f974e429f9fd210072c6d commit 0c730666252a75f3360f974e429f9fd210072c6d Author: Ben Kohler <bkohler@gentoo.org> AuthorDate: 2020-07-02 11:35:06 +0000 Commit: Ben Kohler <bkohler@gentoo.org> CommitDate: 2020-07-02 12:26:33 +0000 sys-libs/libsemanage: don't die in pkg_postinst Bug: https://bugs.gentoo.org/642634 Package-Manager: Portage-2.3.103, Repoman-2.3.23 Signed-off-by: Ben Kohler <bkohler@gentoo.org> sys-libs/libsemanage/libsemanage-3.0.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
