=games-simulation/firestorm-bin-6.3.2-r2::lmiphay recently had the following lines added to its ebuild: > # a hardwired fallback font in LLWindowSDL::getDynamicFallbackFontList > mkdir -p "${D}/usr/share/fonts/truetype/kochi/" > dosym /usr/share/fonts/kochi-substitute/kochi-gothic-subst.ttf \ > /usr/share/fonts/truetype/kochi/kochi-gothic.ttf This ebuild itself installs successfully, but causes media-video/mpv::gentoo to error out while emerging with a sandbox violation. I don't know why exactly as I couldn't find the sandbox.log file at the location cited in the error, but it seems to be due to trying to create a temporary file at the location of the symlink. I'll attach the build.log of the mpv install. It's possible that this is a bug in Gentoo which just hasn't come to light before, but I figured I'd file it first as an overlay bug as I don't know exactly where to start. Reproducible: Didn't try Steps to Reproduce: 1. emerge -av =games-simulation/firestorm-bin-6.3.2-r2::lmiphay 2. emerge -av media/video::gentoo Actual Results: The mpv merge fails with a sandbox violation. Expected Results: The mpv merge should have succeeded. home ~ # emerge -p1v mpv These are the packages that would be merged, in order: Calculating dependencies... done! [ebuild U ] media-video/mpv-0.31.0-r1::gentoo [0.31.0::gentoo] USE="X alsa bluray cdda cli doc dvb dvd egl iconv jpeg libass libmpv lua opengl rubberband uchardet vdpau vulkan xv zlib (-aqua) -archive (-coreaudio) -cplugins (-cuda) -debug -drm -gamepad -gbm -jack -javascript -lcms -libcaca -luajit -openal -oss -pulseaudio (-raspberry-pi) -samba -sdl (-selinux) -test -tools -vaapi -wayland -zimg" PYTHON_TARGETS="python3_6 -python3_7" 0 KiB Total: 1 package (1 upgrade), Size of downloads: 0 KiB --- home ~ # emerge --info firestorm-bin mpv Portage 2.3.89 (python 3.6.10-final-0, default/linux/amd64/17.0, gcc-9.2.0, glibc-2.29-r7, 4.19.66-gentoo x86_64) ================================================================= System Settings ================================================================= System uname: Linux-4.19.66-gentoo-x86_64-Intel-R-_Core-TM-_i7-5820K_CPU_@_3.30GHz-with-gentoo-2.6 KiB Mem: 32913724 total, 5330432 free KiB Swap: 8191996 total, 6311088 free Timestamp of repository gentoo: Sat, 14 Mar 2020 00:45:01 +0000 sh bash 4.4_p23-r1 ld GNU ld (Gentoo 2.32 p2) 2.32.0 ccache version 3.7.7 [disabled] app-shells/bash: 4.4_p23-r1::gentoo dev-java/java-config: 2.2.0-r4::gentoo dev-lang/perl: 5.30.1::gentoo dev-lang/python: 2.7.17-r1::gentoo, 3.6.10::gentoo, 3.7.6::gentoo dev-util/ccache: 3.7.7::gentoo dev-util/cmake: 3.14.6::gentoo dev-util/pkgconfig: 0.29.2::gentoo sys-apps/baselayout: 2.6-r1::gentoo sys-apps/openrc: 0.42.1::gentoo sys-apps/sandbox: 2.13::gentoo sys-devel/autoconf: 2.13-r1::gentoo, 2.69-r4::gentoo sys-devel/automake: 1.11.6-r3::gentoo, 1.13.4-r2::gentoo, 1.15.1-r2::gentoo, 1.16.1-r1::gentoo sys-devel/binutils: 2.32-r1::gentoo, 2.33.1-r1::gentoo sys-devel/gcc: 6.5.0-r1::gentoo, 8.3.0-r3::gentoo, 9.2.0-r2::gentoo sys-devel/gcc-config: 2.2.1::gentoo sys-devel/libtool: 2.4.6-r6::gentoo sys-devel/make: 4.2.1-r4::gentoo sys-kernel/linux-headers: 4.19::gentoo (virtual/os-headers) sys-libs/glibc: 2.29-r7::gentoo Repositories: gentoo location: /usr/portage sync-type: webrsync sync-uri: rsync://rsync.gentoo.org/gentoo-portage priority: -1000 sync-webrsync-verify-signature: true sph-local location: /opt/portage-overlay masters: gentoo priority: 0 abendbrot location: /var/lib/layman/abendbrot masters: gentoo priority: 50 anomen location: /var/lib/layman/anomen masters: gentoo priority: 50 gambas-overlay location: /var/lib/layman/gambas-overlay masters: gentoo priority: 50 jorgicio location: /var/lib/layman/jorgicio masters: gentoo priority: 50 lmiphay location: /var/lib/layman/lmiphay masters: gentoo priority: 50 netfab-overlay location: /var/lib/layman/netfab-overlay masters: gentoo priority: 50 palemoon location: /var/lib/layman/palemoon masters: gentoo priority: 50 pentoo location: /var/lib/layman/pentoo masters: gentoo priority: 50 roslin location: /var/lib/layman/roslin masters: gentoo priority: 50 stuff location: /var/lib/layman/stuff masters: gentoo priority: 50 vapoursynth location: /var/lib/layman/vapoursynth masters: gentoo priority: 50 wine location: /var/lib/layman/wine masters: gentoo priority: 50 x11 location: /var/lib/layman/x11 masters: gentoo priority: 50 ACCEPT_KEYWORDS="amd64" ACCEPT_LICENSE="@FREE" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=native -O2 -pipe" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/lib64/avfs/extfs /usr/share/gnupg/qualified.txt /var/bind" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c" CXXFLAGS="-march=native -O2 -pipe" DISTDIR="/usr/portage/distfiles" EMERGE_DEFAULT_OPTS="--ask-enter-invalid --autounmask-keep-masks y" ENV_UNSET="DBUS_SESSION_BUS_ADDRESS DISPLAY GOBIN PERL5LIB PERL5OPT PERLPREFIX PERL_CORE PERL_MB_OPT PERL_MM_OPT XAUTHORITY XDG_CACHE_HOME XDG_CONFIG_HOME XDG_DATA_HOME XDG_RUNTIME_DIR" FCFLAGS="-O2 -pipe" FEATURES="assume-digests binpkg-docompress binpkg-dostrip binpkg-logs distlocks ebuild-locks fixlafiles ipc-sandbox merge-sync multilib-strict network-sandbox news parallel-fetch pid-sandbox preserve-libs protect-owned qa-unresolved-soname-deps sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr" FFLAGS="-O2 -pipe" GENTOO_MIRRORS="https://ftp-stud.hs-esslingen.de/pub/Mirrors/gentoo/" LANG="en_GB.utf8" LDFLAGS="-Wl,-O1 -Wl,--as-needed" LINGUAS="en en-GB" MAKEOPTS="-j13" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --exclude=/.git" PORTAGE_TMPDIR="/var/tmp" USE="X a52 aac aacplus acl acpi alsa amd64 amr berkdb bluray bzip2 cairo cdda cddb cdio cdparanoia cli crypt cups cxx dbus dri dts dvd flac fluidsynth fontconfig fortran gdbm gpm gtk ibus iconv icu ipv6 jpeg libnotify libtirpc lzma mad mmx modplug mp3 mtp multilib ncurses nls nptl ogg opengl openmp pam pcre png qt3support qt5 readline seccomp sound split-usr sse sse2 ssl startup-notification svg tcl tcpd theora tk truetype unicode v4l vdpau vim-syntax vorbis vulkan xattr xv xvmc zlib" ABI_X86="64" ADA_TARGET="gnat_2018" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="karbon sheets words" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="mmx mmxext sse sse2 aes avx avx2 f16c fma3 pclmul popcnt sse3 sse4_1 sse4_2 ssse3" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock greis isync itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf skytraq superstar2 timing tsip tripmate tnt ublox ubx" INPUT_DEVICES="libinput keyboard mouse" KERNEL="linux" L10N="en en-GB" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php7-2" POSTGRES_TARGETS="postgres10 postgres11" PYTHON_SINGLE_TARGET="python3_6" PYTHON_TARGETS="python2_7 python3_6" QEMU_SOFTMMU_TARGETS="x86_64 arm i386 mips mipsel ppc sparc" QEMU_USER_TARGETS="aarch64 alpha arm i386 m68k mips mipsel ppc sparc x86_64" RUBY_TARGETS="ruby24 ruby25" USERLAND="GNU" VIDEO_CARDS="nouveau amdgpu radeonsi" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" Unset: CC, CPPFLAGS, CTARGET, CXX, INSTALL_MASK, LC_ALL, PORTAGE_BINHOST, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS ================================================================= Package Settings ================================================================= games-simulation/firestorm-bin-6.3.2-r2::lmiphay was built with the following: USE="" ABI_X86="(64)" FEATURES="assume-digests binpkg-docompress binpkg-dostrip binpkg-logs distlocks ebuild-locks fixlafiles ipc-sandbox merge-sync multilib-strict network-sandbox news parallel-fetch pid-sandbox preserve-libs protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr" media-video/mpv-0.31.0::gentoo was built with the following: USE="X alsa bluray cdda cli doc dvb dvd egl iconv jpeg libass libmpv lua opengl rubberband uchardet vdpau vulkan xv zlib (-aqua) -archive (-coreaudio) -cplugins (-cuda) -debug -drm -gamepad -gbm -jack -javascript -lcms -libcaca -luajit -openal -oss -pulseaudio (-raspberry-pi) -samba -sdl (-selinux) -test -tools -vaapi -wayland -zimg" ABI_X86="(64)" PYTHON_TARGETS="python3_6 -python3_7" FEATURES="unknown-features-warn binpkg-logs sandbox pid-sandbox multilib-strict news unmerge-logs distlocks usersync protect-owned unmerge-orphans userpriv ipc-sandbox strict assume-digests binpkg-docompress preserve-libs merge-sync usersandbox parallel-fetch userfetch sfperms binpkg-dostrip network-sandbox fixlafiles xattr ebuild-locks"
Created attachment 619278 [details] build.log for media-video/mpv::gentoo
Sorry, I must have been tired when filing this bug. Obviously step 2 in my steps to reproduce is wrong. The steps to reproduce are: Steps to Reproduce: 1. emerge -av =games-simulation/firestorm-bin-6.3.2-r2::lmiphay 2. emerge -av media-video/mpv::gentoo
Hi, I can't reproduce this here - installing mpv-0.31.0-r1 with firestorm-bin-6.3.2-r2 already installed works as expected. Also uninstalling firestorm-bin, reinstalling it, and immediately installing mpv also works as expected. fc-list isn't present in the mpv tarball, nor in any eclass in /usr/portage/eclass - do you have anything relevant in /etc/portage/bashrc, or is fc-list mentioned anywhere under /etc/portage? ( grep -r fc-list /etc/portage/ ) Thanks, Paul
I don't even *have* a /etc/portage/bashrc, and "grep -r fc-list /etc/portage" turns up nothing. (looking for "fc-" turns up some unrelated matches in /etc/portage/savedconfig/sys-kernel/linux-firmware-20200302, matching filenames like "s5p-mfc-v6.fw", but nothing else). I tried compiling with MAKEOPTS="-j1" in order to see which step was actually triggering the sandbox violation. It turns out to be this step: > [429/430] Compiling DOCS/man/mpv.rst > 20:01:50 runner ' /usr/bin/rst2pdf -c -b 1 --repeat-table-rows ../DOCS/man/mpv.rst -o DOCS/man/mpv.pdf ' > * ACCESS DENIED: mkostemp: /usr/share/fonts/truetype/.uuid.TMP-XXXXXX > * ACCESS DENIED: mkostemp: /usr/share/fonts/truetype/kochi/.uuid.TMP-XXXXXX This would explain why there's no matches - because it's not a Portage thing, but something triggered by rst2pdf. After some investigation, it looks like rst2pdf (a Python application) uses the matplotlib library, which is what is actually calling fc-list and causing the error. Judging from these results, I imagine the 'bug', such that it is, lies somewhere in fc-list itself. I don't understand why you're not getting the same problem, though. I wonder if fc-list is making some sort of cache somewhere, and you already have that cache and so aren't seeing this error? I'll try doing this on a new Gentoo chroot and report back on whether this still happens. If so, that's probably the best way to see it in action.
We are still missing something. I didn't have rst2pdf installed. I installed it, and merging mpv still works as expected here (no sandbox violation). I then added the extra sandbox features you have in FEATURES and mpv still installs as expected (I added "ipc-sandbox sandbox usersandbox" - some of these are enabled by default). Finally using exactly your FEATURE settings also allows mpv to be installed. Other ideas welcome... Paul
Oh, that's valuable information - if you didn't have rst2pdf installed then that would suggest you don't have the "doc" USE flag for media-video/mpv enabled, and I do. Give that a go? I'll try it on my chroot as well. (It installed fine on the chroot, but I didn't have the doc USE flag enabled. I'll let you know what happens.)
Okay, I tried enabling the "doc" USE flag for media-video/mpv in my fresh chroot, but it still successfully installed. Hmm. Something doesn't add up here.
I didn't have doc use flag on - I enabled that, and I am still able to install mpv. Also confirmed that rst2pdf is called as part of the build: [211/213] Compiling DOCS/man/mpv.rst 21:06:14 runner ' /usr/bin/rst2html.py ../DOCS/man/mpv.rst DOCS/man/mpv.html ' [212/213] Compiling DOCS/man/mpv.rst 21:06:16 runner ' /usr/bin/rst2man.py --strip-elements-with-class=contents ../DOCS/man/mpv.rst DOCS/man/mpv.1 ' [213/213] Compiling DOCS/man/mpv.rst 21:06:18 runner ' /usr/bin/rst2pdf -c -b 1 --repeat-table-rows ../DOCS/man/mpv.rst -o DOCS/man/mpv.pdf '
So I copied my make.conf, package.accept_keywords, package.license and package.use wholesale from my host system into the chroot, and no matter what I do, I couldn't reproduce the sandbox violation error in the chroot. Going off of my idea that this might be a fontconfig cache issue, I first tried using "fc-cache -rfv" to reconstruct the fontconfig cache in the chroot, and that didn't change anything. Then I wondered if this might be a problem with *my* fontconfig cache somehow, so I took a backup of my /var/cache/fontconfig directory and ran "fc-cache -rfv" on the host. This ended up resolving the issue, and I can now emerge mpv successfully. I'm not altogether sure how my fontconfig cache got into a state where it needed reconstruction like this, but it appears to have done the trick. It seems like Portage should take care of something like that though. Is there a way you can signal in the ebuild that Portage should update the fontconfig cache after emerging firestorm-bin? In any case, thanks for your help in diagnosing! I'm not sure what you'd like me to do with this bug, but I do still have my backup fontconfig cache directory if we need to investigate this more.
Okay, I investigated a little and it looks like the easiest way to solve this is by including "inherit font" in the ebuild. The font eclass rebuilds the cache in font_pkg_postinst unconditionally, so I believe this should be all you need to do.
mpv is irrelevant, firestorm-bin does not handle global fontcache properly.
mpv was incidental as it turned out, yes, but I had filed this bug against the ebuild in the 'lmiphay' repository, using the Overlays component to do so. My suggestion to do 'inherit font' to rebuild the font cache after merge was intended for the firestorm-bin ebuild, not mpv. As far as I know there isn't another place for me to file bugs against the 'lmiphay' repository, and I thought this was the correct place to do so in that case. Should I file another bug without mentioning mpv this time, now that we know the cause? If not, what can/should I do?
So I tried & failed to recreate this both with: 1. emerge -C =firestorm-bin-6.3.2-r2 fc-cache -rfv emerge =firestorm-bin-6.3.2-r2 emerge mpv and 2. emerge -C =firestorm-bin-6.3.2-r2 cd /var/cache && mv fontconfig fontconfig.orig && mkdir fontconfig fc-cache -rfv emerge =firestorm-bin-6.3.2-r2 emerge mpv In both cases mpv built and installed without a sandbox violation. Since it seems reasonable and doesn't appear to break anything else, I have added an inherit font to rev -3 and pushed that as: https://cgit.gentoo.org/user/lmiphay.git/commit/?id=99c0de2ebab9a047a2ed2d499b4c0335a533d8f6 Confirm that you see as part of the merge output: "* Updating global fontcache ..." Thanks! Paul
