Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 174596

Summary: "sys-libs/glibc" has been masked for "hardened"-profile
Product: Gentoo Linux Reporter: Matthias Vill <gentoo>
Component: HardenedAssignee: The Gentoo Linux Hardened Team <hardened>
Status: VERIFIED INVALID    
Severity: blocker    
Priority: Highest    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description Matthias Vill 2007-04-14 15:05:33 UTC
I just tried to update my x86 system wich has /usr/portage/profiles/hardened/x86/2.6/ as profile and got this message:

---

!!! All ebuilds that could satisfy "sys-libs/glibc" have been masked.
!!! One of the following masked packages is required to complete your request:
- sys-libs/glibc-2.4-r4 (masked by: package.mask)
# Mask off glibc-2.4 until the approach for SSP compatibilty is
# resolved in a way that doesn't break running systems, and we
# have a sensible upgrade path.  Advise having a static busybox
# around if you try it in a live system.
# 2006-03-13 kevquinn

- sys-libs/glibc-2.3.6-r4 (masked by: package.mask)
- sys-libs/glibc-2.3.6-r5 (masked by: package.mask)
- sys-libs/glibc-2.3.2-r12 (masked by: package.mask)
- sys-libs/glibc-2.3.5-r3 (masked by: package.mask)
- sys-libs/glibc-2.3.5-r2 (masked by: package.mask)
- sys-libs/glibc-2.2.5-r10 (masked by: package.mask)
- sys-libs/glibc-2.5 (masked by: package.mask)
# Mask off glibc-2.4 until the approach for SSP compatibilty is
# resolved in a way that doesn't break running systems, and we
# have a sensible upgrade path.  Advise having a static busybox
# around if you try it in a live system.
# 2006-03-13 kevquinn
# And 2.5...
# 2006-10-09 kevquinn

- sys-libs/glibc-2.5-r1 (masked by: package.mask, ~x86 keyword)

---

And true, there is now ebuild left unmasked for hardened, so now I either have to unmask a package or can't world-update. Also I guess nobody can do a fresh install right now.

Any sugestions?
Comment 1 Christian Heim (RETIRED) gentoo-dev 2007-04-14 15:30:15 UTC
(In reply to comment #0)
> I just tried to update my x86 system wich has
> /usr/portage/profiles/hardened/x86/2.6/ as profile and got this message:
> 
> ---
> 
> !!! All ebuilds that could satisfy "sys-libs/glibc" have been masked.
> !!! One of the following masked packages is required to complete your request:
> - sys-libs/glibc-2.4-r4 (masked by: package.mask)
> # Mask off glibc-2.4 until the approach for SSP compatibilty is
> # resolved in a way that doesn't break running systems, and we
> # have a sensible upgrade path.  Advise having a static busybox
> # around if you try it in a live system.
> # 2006-03-13 kevquinn
> 
> - sys-libs/glibc-2.3.6-r4 (masked by: package.mask)
> - sys-libs/glibc-2.3.6-r5 (masked by: package.mask)
> - sys-libs/glibc-2.3.2-r12 (masked by: package.mask)
> - sys-libs/glibc-2.3.5-r3 (masked by: package.mask)
> - sys-libs/glibc-2.3.5-r2 (masked by: package.mask)
> - sys-libs/glibc-2.2.5-r10 (masked by: package.mask)
> - sys-libs/glibc-2.5 (masked by: package.mask)
> # Mask off glibc-2.4 until the approach for SSP compatibilty is
> # resolved in a way that doesn't break running systems, and we
> # have a sensible upgrade path.  Advise having a static busybox
> # around if you try it in a live system.
> # 2006-03-13 kevquinn
> # And 2.5...
> # 2006-10-09 kevquinn
> 
> - sys-libs/glibc-2.5-r1 (masked by: package.mask, ~x86 keyword)

Could you please paste the output of emerge --info ? I suspect you changed the profile from default-linux/x86 to hardened/x86/2.6 recently ..
Comment 2 Matthias Vill 2007-04-14 23:30:08 UTC
Portage 2.1.1-r2 (hardened/x86/2.6, gcc-4.1.1, glibc-2.4-r3, 2.6.18-hardenedTCQS1 i686)
=================================================================
System uname: 2.6.18-hardenedTCQS1 i686 Intel(R) Xeon(TM) CPU 1700MHz
Gentoo Base System version 1.12.6
Last Sync: Sat, 14 Apr 2007 13:50:01 +0000
distcc 2.18.3 i686-pc-linux-gnu (protocols 1 and 2) (default port 3632) [enabled]
app-admin/eselect-compiler: [Not Present]
dev-java/java-config: [Not Present]
dev-lang/python:     2.4.3-r4
dev-python/pycrypto: 2.0.1-r5
dev-util/ccache:     [Not Present]
dev-util/confcache:  [Not Present]
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.60
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10
sys-devel/binutils:  2.16.1-r3
sys-devel/gcc-config: 1.3.14
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.17-r2
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-march=pentium4 -O2 -pipe"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config /var/bind"
CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/revdep-rebuild /etc/terminfo"
CXXFLAGS="-march=pentium4 -O2 -pipe"
DISTDIR="/usr/portage/distfiles"
EMERGE_DEFAULT_OPTS="--alphabetical"
FEATURES="ccache distcc distlock distlocks metadata-transfer parallel-fetch sandbox sfperms strict"
GENTOO_MIRRORS="ftp://sunsite.informatik.rwth-aachen.de/pub/Linux/gentoo http://linux.rz.ruhr-uni-bochum.de/download/gentoo-mirror/ ftp://linux.rz.ruhr-uni-bochum.de/gentoo-mirror/ http://ftp.uni-erlangen.de/pub/mirrors/gentoo ftp://ftp.uni-erlangen.de/pub/mirrors/gentoo ftp://ftp.join.uni-muenster.de/pub/linux/distributions/gentoo ftp://ftp.wh2.tu-dresden.de/pub/mirrors/gentoo ftp://ftp.join.uni-muenster.de/pub/linux/distributions/gentoo ftp://ftp6.uni-muenster.de/pub/linux/distributions/gentoo http://mirrors.sec.informatik.tu-darmstadt.de/gentoo/ http://ftp-stud.fht-esslingen.de/pub/Mirrors/gentoo/ ftp://ftp-stud.fht-esslingen.de/pub/Mirrors/gentoo/ ftp://ftp.gentoo.mesh-solutions.com/gentoo/ http://pandemonium.tiscali.de/pub/gentoo/ ftp://pandemonium.tiscali.de/pub/gentoo/"
LANG="de_DE@euro"
LC_ALL="de_DE@euro"
LINGUAS="de en"
MAKEOPTS="-j5"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude='/distfiles' --exclude='/local' --exclude='/packages'"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage /usr/portage/local/layman/php-testing"
SYNC="rsync://rsync.de.gentoo.org/gentoo-portage"
USE="x86 S3TC X X509 a52 aac aalib acl acpi activefilter aim aimextras alsa alsa_pcm_plugins_adpcm alsa_pcm_plugins_alaw alsa_pcm_plugins_asym alsa_pcm_plugins_copy alsa_pcm_plugins_dmix alsa_pcm_plugins_dshare alsa_pcm_plugins_dsnoop alsa_pcm_plugins_empty alsa_pcm_plugins_extplug alsa_pcm_plugins_file alsa_pcm_plugins_hooks alsa_pcm_plugins_iec958 alsa_pcm_plugins_ioplug alsa_pcm_plugins_ladspa alsa_pcm_plugins_lfloat alsa_pcm_plugins_linear alsa_pcm_plugins_meter alsa_pcm_plugins_mulaw alsa_pcm_plugins_multi alsa_pcm_plugins_null alsa_pcm_plugins_plug alsa_pcm_plugins_rate alsa_pcm_plugins_route alsa_pcm_plugins_share alsa_pcm_plugins_shm alsa_pcm_plugins_softvol amarok amazon apache2 aqua_theme arts artworkextra asterisk async atm audiofile auth authdaemond authfile authlib avahi avi bash-completion bcmath berkdb big-tables binary-drivers bitmap-fonts bittorrent bl bonjour bootsplash branding bzip2 cairo carbone_theme ccache cdb cdda cddb cdinstall cdio cdparanoia cdr cdrom cdsound cg cgi chroot cjk ck-server clamav clamd cli cluster cracklib crosscompile crypt css csv cups curl curlwrappers customlog daap daemon dbus dedicated dhcp directfb dlopen dlz dmx domain-aware dri dts dv dvb dvbplayer dvd dvdr dvdread dvi dx dxr3 dxr3-audio-denoise dynagraph eap-tls eds effects elf elibc_glibc emboss emoticon encode esd ethereal examples exif exscalibar extensions extraengine extrafilters extraicons extramodules extras fam fame fastcgi fbcon fbdev fbsplash festival ffmpeg finger firefox flac flash follow-xff font-server fontconfig fortran fping fpx ftp fuse gadu gaim gd gdbm geldkarte geoip gg gif glitz glut gmail gmailtimestamps gnome gphoto2 gpm gps graphicsmagick gs gsm gstreamer gtalk gtk gtk2 gtkhtml gtkspell gzip h323 hal hardened hash howl howl-compat html http httpd hub icq id3 idea idn ieee1394 ifp imagemagick imap imlib imlib2 immqt-bc inifile input_devices_evdev input_devices_keyboard input_devices_mouse ipalias ipfilter ipod iproute2 ipsec ipv6 ipv6arpa irc isdnlog jad javascript john jpeg jpeg2k jpgraph junit kde kdeenablefinal kerberos kernel_linux krb4 lame large-domain largenet largeterminal latin1 lcd_devices_bayrad lcd_devices_cfontz lcd_devices_cfontz633 lcd_devices_glk lcd_devices_hd44780 lcd_devices_lb216 lcd_devices_lcdm001 lcd_devices_mtxorb lcd_devices_ncurses lcd_devices_text ldap ldapsam libcaca libclamav libdsk libg++ libgd libnotify libvisual libwww lids lights lighttpd linguas_de linguas_en lm_sensors login-watch logrotate logwatch lynxkeymap lzo lzw m17n-lib mad maildir mdnsresponder-compat meanwhile mem-cache memcache memlimit messages mgetty mhash midi mikmod milter mime mimencode ming mjpeg mmap mmx mod_irc mode-owner modperl modplug mods module motif mp3 mp4 mp4live mpd-mad mpe mpe-sdk mpeg mpeg2 mplayer msession msn msnextras multipath multiuser musepack music musicbrainz mysql mysqlfriends mysqli mythtv nagios-dns nagios-game nagios-ntp nagios-ping nagios-ssh nat ncurses netserver network nfs nls nptl nptlonly nsplugin ntfs nvtv objc objc++ objc-gc offensive ogg oggvorbis on-the-fly-crypt openal openexr opengl opera oscar oss overlays pam password patented pcre pdflib perl php pic pmount png posix postfix ppds pppd procmail ps python qt3 qt4 quicktime quotas radius rar rdesktop readline real realms reflection rpc samba sametime sasl scenarios scp screen sdl sensord server session sftp sftplogging sharedext skey snmp soap spell spl sse sse-filters sse2 ssl subtitles subversion svn-mirror swat taglib tagwriting tcl tcltk tcp tcp-zebra tcpd tcpmd5 themes theora threads tk tokenizer transcode transparent-proxy truetype truetype-fonts type1 type1-fonts udev underscores unicode usb user-homedirs userland_GNU vda video_cards_fbdev video_cards_nv video_cards_vesa video_cards_vga vnc vorbis webservices win32codecs wma wmf x11vnc x264 xanim xchat xface xfs xine xinerama xinetd xml xorg xpm xprint xscreensaver xv xvid zeroconf zip zlib"
Unset:  CTARGET, INSTALL_MASK, LDFLAGS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
Comment 3 solar (RETIRED) gentoo-dev 2007-04-15 04:12:20 UTC
(In reply to comment #2)
> Portage 2.1.1-r2 (hardened/x86/2.6, gcc-4.1.1, glibc-2.4-r3,
> 2.6.18-hardenedTCQS1 i686)

And it looks as if you did indeed change as he thought.
At this time gcc-4.x and glibc-2.4.x are not supported hardened items. We mask 
both of those. Our suggestion for you would be to switch back to the other 
profile you were using before but still run with a hardened kernel till 
hardened supports the a newer toolchain. Or you can do a fresh install using 
proper hardened stages.

Note: Your system will break if you force a downgrade of glibc.
Comment 4 Matthias Vill 2007-04-15 10:27:39 UTC
Actually I installed this system using hardened profile one or two months ago.
And till one month or so ago I could do world -avuDN world, so I'm really wondering why this is happening.
Still I guess you're right and just found that there is a /etc/portage/package.mask/glibc against the glibcs used by hardened... As I never used the directory-syntax I'm still wondering, but it seems to be my fault.

Sorry for any inconvenience I caused.