This one is sneaky. NEw ebuilds place their /bin/sh only if nothing was there ( no previous link or something else), so things might work fine if bash is just being upgraded from say 4.x version. But once that /bin/sh is missing, link gets installed with context portage_tmp_t instead of default bin_t. With systemd, this makes things like setting fonts and locale on bootup faile without any good trace that points to the reason. I suspect there are plenty of other situations, too. Here is my ebuild for latest portage version at the moment and patch for it, which might apply for previous 5.x versions. Reproducible: Always Steps to Reproduce: 1.bootstrap Gentoo from non-selinux stage3 to working selinux profile 2.emerge friggin bash-5x 3. reboot and try to find your keys on your supposedly non-EN keyboard layout 4. do few days worth of headsratching, trying to understand, why systemd fails to set the locale on bootup.
Created attachment 693858 [details] my ebuild
Created attachment 693888 [details, diff] resulting patch
Can confirm this is an issue for =app-shells/bash-5.1_p8 emerge -1 bash && ls -Z /bin/sh shows portage_tmp_t context which breaks a few (lot of?) thing
Comment on attachment 693888 [details, diff] resulting patch There's a typo: > restorecon /bnin/sh died Personally, I would drop the message entirely. The restorecon call should occur within the "if" block; if we are not creating the symlink, we don't need to restore its context. Is restorecon smart enough to set the proper context when ${ROOT} != ""? Also, I would prefer to see one of the following implemented: 1. Drop IUSE=selinux, and simply try to call restorecon if it exists. OR 2. Add "selinux? ( sys-apps/policycoreutils )" to BDEPEND and RDEPEND (IDEPEND once we switch to EAPI 8).
The issue is in the pkg_preinst and not the pkg_postinst. Context would be correct if pkg_postinst created the symlink. Patch should remove the whole mtime-changing part of pkg_preinst and put in inside pkg_postinst. It should also either use mv -Z (if selinux is on), or "touch -h /bin/sh" I assume touch -h was not used because of compatibility issues? openbsd does not seem to support it. Not sure why the mtime is being changed on the symlink though, seems useless but I assume its because of a bug? Git blame on gentoo tree sucks
Btw, rewriting the symlink using mv still causes temporary absence of /bin/sh if /var/tmp/portage is on a different filesystem than /bin (which on my system is the case).
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=89b32081e7c8404b35f7d3cf82f105877331454b commit 89b32081e7c8404b35f7d3cf82f105877331454b Author: Mike Gilbert <floppym@gentoo.org> AuthorDate: 2021-06-21 14:20:40 +0000 Commit: Mike Gilbert <floppym@gentoo.org> CommitDate: 2021-06-21 18:16:14 +0000 app-shells/bash: remove /bin/sh logic from pkg_preinst This was added back in 2008 to handle some migration in file ownership. I expect all users have upgraded many times since then. Closes: https://bugs.gentoo.org/778311 Signed-off-by: Mike Gilbert <floppym@gentoo.org> app-shells/bash/bash-5.0_p18.ebuild | 9 --------- app-shells/bash/bash-5.1_p8.ebuild | 9 --------- 2 files changed, 18 deletions(-)
