https://blogs.gentoo.org/ago/2020/07/04/gentoo-tinderbox/ Issue: net-analyzer/fail2ban-0.11.2 fails to compile. Discovered on: amd64 (internal ref: ci) NOTE: This machine uses GCC-11: https://gcc.gnu.org/gcc-11/porting_to.html If you think this is a GCC-11 related issue, please block bug 732706.
Created attachment 708609 [details] build.log build log and emerge --info
I can’t reproduce this and interestingly nothing related changed today.
My wild guess would be that something installs one of the directories early with wrong permissions. If you still have a snapshot of the original image, could you verify permissions all the way down to: /usr/lib/python3.8/site-packages/fail2ban-0.11.2-py3.8.egg-info/PKG-INFO ?
ci has reproduced this issue with version 0.11.2-r1 - Updating summary.
ci has reproduced this issue with version 0.11.2-r2 - Updating summary.
ci has reproduced this issue with version 0.11.2-r3 - Updating summary.
(In reply to Michał Górny from comment #3) > My wild guess would be that something installs one of the directories early > with wrong permissions. If you still have a snapshot of the original image, > could you verify permissions all the way down to: > > /usr/lib/python3.8/site-packages/fail2ban-0.11.2-py3.8.egg-info/PKG-INFO > > ? I'm running into this right now after a fail2ban update: -rw------- 1 root root 496 Jan 21 16:08 /usr/lib/python3.9/site-packages/fail2ban-0.11.2-py3.9.egg-info/PKG-INFO This makes it impossible to install a lot of other packages who now all fail with: File "/usr/lib/python3.9/site-packages/pkg_resources/__init__.py", line 1412, in get_metadata value = self._get(path) File "/usr/lib/python3.9/site-packages/pkg_resources/__init__.py", line 1616, in _get with open(path, 'rb') as stream: PermissionError: [Errno 13] Permission denied: '/usr/lib/python3.9/site-packages/fail2ban-0.11.2-py3.9.egg-info/PKG-INFO'
I think I can reproduce this if I run emerge with 'umask 077'.
(In reply to Michał Górny from comment #8) > I think I can reproduce this if I run emerge with 'umask 077'. Ok, that seems to have been a red herring. It seems as it might only happen on the first install on a given system.
Ok, found the culprit -- it's the test suite. If you don't run tests, the package files are installed correctly. If you run the test suite, it happens to create a fail2ban.egg-info directory with wrong permissions inside ${S}. Apparently 'setup.py install' picks this directory up and copies it straight to image without adjusting permissions. I guess the blame goes to: fail2ban/server/server.py- def start(self, sock, pidfile, force=False, observer=True, conf={}): fail2ban/server/server.py- # First set the mask to only allow access to owner fail2ban/server/server.py: os.umask(0o077) i.e. the test suite sets umask at some point and never resets it. As a result, the .egg-info directory is created with umask 077. I suppose the cleanest workaround for this would be to: rm -r fail2ban.egg-info || die at the end of src_test(). (NB: I haven't generated whether the test-generated .egg-info matches the one normally generated through install command)
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c2f936993e512259febd1361c64579350071301d commit c2f936993e512259febd1361c64579350071301d Author: Sam James <sam@gentoo.org> AuthorDate: 2022-01-23 00:50:14 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-01-23 15:19:55 +0000 net-analyzer/fail2ban: fix installation of .egg-info if tests used Need to revbump as anyone who ran tests will have a dodgy installation of fail2ban. mgorny explains fully in the bug (and thanks to him for investigating this), but the gist is that the test runner sets umask but never unsets it/reverts it, so it ends up affecting the rest of the installed files by the package. Closes: https://bugs.gentoo.org/790251 Thanks-to: Michał Górny <mgorny@gentoo.org> Signed-off-by: Sam James <sam@gentoo.org> .../fail2ban/{fail2ban-0.11.2-r3.ebuild => fail2ban-0.11.2-r4.ebuild} | 3 +++ 1 file changed, 3 insertions(+)
I'm afraid the fix is buggy; 0.11.2-r4 now fails (during PYTHON_SINGLE_TARGET 3.9 -> 3.10 rebuild) with rm: cannot remove 'fail2ban.egg-info': No such file or directory * ERROR: net-analyzer/fail2ban-0.11.2-r4::gentoo failed (test phase): * (no error message) * * Call stack: * ebuild.sh, line 127: Called src_test * environment, line 3483: Called distutils-r1_src_test * environment, line 1667: Called _distutils-r1_run_foreach_impl 'python_test' * environment, line 737: Called distutils-r1_run_phase 'python_test' * environment, line 1590: Called python_test * environment, line 3450: Called die * The specific snippet of code: * rm -r fail2ban.egg-info || die * * If you need support, post the output of `emerge --info '=net-analyzer/fail2ban-0.11.2-r4::gentoo'`, * the complete build log and the output of `emerge -pqv '=net-analyzer/fail2ban-0.11.2-r4::gentoo'`. * The complete build log is located at '/tmp/portage/portage/net-analyzer/fail2ban-0.11.2-r4/temp/build.log'. * The ebuild environment file is located at '/tmp/portage/portage/net-analyzer/fail2ban-0.11.2-r4/temp/environment'. * Working directory: '/tmp/portage/portage/net-analyzer/fail2ban-0.11.2-r4/work/fail2ban-0.11.2' * S: '/tmp/portage/portage/net-analyzer/fail2ban-0.11.2-r4/work/fail2ban-0.11.2'
(In reply to ahudson.news from comment #12) > I'm afraid the fix is buggy; 0.11.2-r4 now fails (during > PYTHON_SINGLE_TARGET 3.9 -> 3.10 rebuild) with > > rm: cannot remove 'fail2ban.egg-info': No such file or directory > * ERROR: net-analyzer/fail2ban-0.11.2-r4::gentoo failed (test phase): > * (no error message) > * > * Call stack: > * ebuild.sh, line 127: Called src_test > * environment, line 3483: Called distutils-r1_src_test > * environment, line 1667: Called _distutils-r1_run_foreach_impl > 'python_test' > * environment, line 737: Called distutils-r1_run_phase 'python_test' > * environment, line 1590: Called python_test > * environment, line 3450: Called die > * The specific snippet of code: > * rm -r fail2ban.egg-info || die > * > * If you need support, post the output of `emerge --info > '=net-analyzer/fail2ban-0.11.2-r4::gentoo'`, > * the complete build log and the output of `emerge -pqv > '=net-analyzer/fail2ban-0.11.2-r4::gentoo'`. > * The complete build log is located at > '/tmp/portage/portage/net-analyzer/fail2ban-0.11.2-r4/temp/build.log'. > * The ebuild environment file is located at > '/tmp/portage/portage/net-analyzer/fail2ban-0.11.2-r4/temp/environment'. > * Working directory: > '/tmp/portage/portage/net-analyzer/fail2ban-0.11.2-r4/work/fail2ban-0.11.2' > * S: > '/tmp/portage/portage/net-analyzer/fail2ban-0.11.2-r4/work/fail2ban-0.11.2' Please file a new bug with the full build.log and emerge --info.
> Please file a new bug with the full build.log and emerge --info. https://bugs.gentoo.org/856727
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=56503f6777856b3e3b37ae6046c2ef39d4addbb8 commit 56503f6777856b3e3b37ae6046c2ef39d4addbb8 Author: Sam James <sam@gentoo.org> AuthorDate: 2023-07-02 20:31:54 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-07-02 20:32:52 +0000 net-analyzer/fail2ban: avoid test umask affecting installed files Bug: https://bugs.gentoo.org/790251 Closes: https://bugs.gentoo.org/907350 Signed-off-by: Sam James <sam@gentoo.org> net-analyzer/fail2ban/fail2ban-1.0.2-r2.ebuild | 129 +++++++++++++++++++++ net-analyzer/fail2ban/fail2ban-9999.ebuild | 1 + .../files/fail2ban-1.0.2-umask-tests.patch | 45 +++++++ 3 files changed, 175 insertions(+)
