[ ok ] >>> Source prepared. >>> Configuring source in /var/tmp/portage/app-containers/docker-23.0.1/work/docker-23.0.1/src/github.com/docker/docker ... >>> Source configured. >>> Compiling source in /var/tmp/portage/app-containers/docker-23.0.1/work/docker-23.0.1/src/github.com/docker/docker ... * ERROR: app-containers/docker-23.0.1::gentoo failed (compile phase): * hardened sed failed * * Call stack: ------------------------------------------------------------------- This is an unstable amd64 chroot image at a tinderbox (==build bot) name: 17.1_hardened-j5-20230310-100009 ------------------------------------------------------------------- gcc-config -l: [1] x86_64-pc-linux-gnu-13 * clang/llvm (if any): Python 3.10.10 Available Ruby profiles: [1] ruby27 (with Rubygems) [2] ruby30 (with Rubygems) * Available Rust versions: [1] rust-bin-1.67.1 [2] rust-1.67.1 * The following VMs are available for generation-2: 1) Eclipse Temurin JDK 11.0.18_p10 [openjdk-bin-11] *) Eclipse Temurin JDK 17.0.6_p10 [openjdk-bin-17] 3) Eclipse Temurin JDK 8.362_p09 [openjdk-bin-8] Available Java Virtual Machines: [1] openjdk-bin-8 [2] openjdk-bin-11 [3] openjdk-bin-17 system-vm php cli (if any): [1] php7.4 [2] php8.0 [3] php8.2 * HEAD of ::gentoo commit 7c26b5849010e5941e7efa51f554b92ea49e32df Author: Repository mirror & CI <repomirrorci@gentoo.org> Date: Fri Mar 10 23:02:05 2023 +0000 2023-03-10 23:02:05 UTC emerge -qpvO app-containers/docker [ebuild N ] app-containers/docker-23.0.1 USE="container-init hardened -apparmor -aufs -btrfs -device-mapper -overlay -seccomp (-selinux)"
Created attachment 857267 [details] emerge-info.txt
Created attachment 857269 [details] app-containers:docker-23.0.1:20230310-231657.log
Created attachment 857271 [details] emerge-history.txt
Created attachment 857273 [details] environment
Created attachment 857275 [details] etc.portage.tar.bz2
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=68d4571e78f348eac41d64ba306ec2a8226ad17c commit 68d4571e78f348eac41d64ba306ec2a8226ad17c Author: Sam James <sam@gentoo.org> AuthorDate: 2023-03-11 18:48:14 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-03-11 18:50:28 +0000 app-containers/docker: drop USE=hardened hacks 1. These aren't needed on hardened systems anyway (we've had default PIE on normal, non-hardened systems for years); 2. The relevant variables are gone upstream, see https://github.com/moby/moby/commit/877baae03e1810b6a6afaa8b767b8df25f5c5cae, which fails because of the grep sanity check in the ebuild (correctly); 3. If we did need to keep this check, we would need to do it based on a e.g. toolchain-funcs function to check if the toolchain defaults to PIE, but not based on USE=hardened. Closes: https://bugs.gentoo.org/900849 Signed-off-by: Sam James <sam@gentoo.org> app-containers/docker/docker-23.0.1.ebuild | 8 -------- 1 file changed, 8 deletions(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2911d5ba5878e82ee45ae45bca1666d580b3a3b9 commit 2911d5ba5878e82ee45ae45bca1666d580b3a3b9 Author: Sam James <sam@gentoo.org> AuthorDate: 2025-01-25 10:35:23 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2025-01-25 10:39:55 +0000 app-containers/runc: drop hardened/PIC hacks ... as done in Docker some time ago, see 68d4571e78f348eac41d64ba306ec2a8226ad17c. But we didn't even have the proper sanity check that we did in Docker! Thanks to parona for the nudge. Bug: https://bugs.gentoo.org/900849 Closes: https://bugs.gentoo.org/935459 Signed-off-by: Sam James <sam@gentoo.org> app-containers/runc/runc-1.2.4.ebuild | 5 ----- 1 file changed, 5 deletions(-)
