Summary: | sys-apps/sandbox-2.11 ignores LD_LIBRARY_PATH correctly set for xpcshell (called during src_install() of mail-client/thunderbird, www-client/firefox, www-client/seamonkey), resulting in using of previously installed libxul.so, resulting in ld.so error | ||
---|---|---|---|
Product: | Portage Development | Reporter: | Mike Gilbert <floppym> |
Component: | Sandbox | Assignee: | Sandbox Maintainers <sandbox> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | 1i5t5.duncan, andreasgick, arfrever.fta, awaters, axelfischer12, captaincrutches, dan, dlan, josef64, kredba, LaughingJudge, leio, mads, mozilla, niranjan.public, patrick, plevine457, shark, smorg, tka, toralf, totktonada.ru, ua_gentoo_bugzilla, wschlich |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Attachments: |
Build log
Build log with MAKEOPTS="-j1" diff build.log for firefox-48 with sandbox-2.12 sandbox-2.11-keep-ld_library_path.patch |
Description
Mike Gilbert
2016-04-21 13:15:04 UTC
Portage 2.2.28 (python 3.5.1-final-0, default/linux/amd64/13.0/desktop/plasma/systemd, gcc-5.3.0, glibc-2.23-r2, 4.3.6+ x86_64) ================================================================= System Settings ================================================================= System uname: Linux-4.3.6+-x86_64-AMD_Phenom-tm-_II_X6_1055T_Processor-with-gentoo-2.2 KiB Mem: 32949840 total, 5345784 free KiB Swap: 0 total, 0 free sh bash 4.3_p42-r2 ld GNU ld (Gentoo 2.25.1 p1.1) 2.25.1 app-shells/bash: 4.3_p42-r2::gentoo dev-java/java-config: 2.2.0-r3::gentoo dev-lang/perl: 5.22.1::gentoo dev-lang/python: 2.7.11-r2::gentoo, 3.3.5-r7::gentoo, 3.4.3-r7::gentoo, 3.5.1-r2::gentoo dev-util/cmake: 3.5.2::gentoo sys-apps/baselayout: 2.2::gentoo sys-apps/sandbox: 2.11-r2::gentoo sys-devel/autoconf: 2.13::gentoo, 2.69-r2::gentoo sys-devel/automake: 1.11.6-r2::gentoo, 1.13.4-r1::gentoo, 1.14.1-r1::gentoo, 1.15-r2::gentoo sys-devel/binutils: 2.25.1-r1::gentoo sys-devel/gcc: 4.7.4::gentoo, 4.8.5::gentoo, 4.9.3::gentoo, 5.3.0::gentoo sys-devel/gcc-config: 1.8-r1::gentoo sys-devel/libtool: 2.4.6-r2::gentoo sys-devel/make: 4.1-r1::gentoo sys-kernel/linux-headers: 4.5::gentoo (virtual/os-headers) sys-libs/glibc: 2.23-r2::gentoo Repositories: gentoo location: /home/floppym/repos/gentoo sync-type: git sync-uri: ssh://git@git.gentoo.org/repo/gentoo.git priority: -1000 crossdev location: /home/floppym/repos/crossdev masters: gentoo priority: 10 python location: /home/floppym/repos/python sync-type: git sync-uri: ssh://git@git.gentoo.org/proj/python.git masters: gentoo priority: 20 floppym location: /home/floppym/repos/floppym masters: gentoo priority: 30 local location: /home/floppym/repos/local masters: gentoo priority: 40 ACCEPT_KEYWORDS="amd64 ~amd64" ACCEPT_LICENSE="*" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-O2 -pipe -march=native -frecord-gcc-switches" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/bin/startx /usr/share/config /usr/share/gnupg/qualified.txt /usr/share/themes/oxygen-gtk/gtk-2.0 /usr/share/themes/oxygen-gtk/gtk-3.0" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/ssl/certs /etc/terminfo /usr/share/themes" CXXFLAGS="-O2 -pipe -march=native -frecord-gcc-switches" DISTDIR="/var/portage/distfiles" EMERGE_DEFAULT_OPTS="--autounmask=n --binpkg-respect-use=y --binpkg-changed-deps=y --dynamic-deps=n --quiet-build=n --quiet-fail=y --with-bdeps=y --jobs=6" FCFLAGS="-O2 -pipe -march=native -frecord-gcc-switches" FEATURES="assume-digests binpkg-logs buildpkg cgroup clean-logs config-protect-if-modified distlocks ebuild-locks fakeroot fixlafiles ipc-sandbox network-sandbox news parallel-fetch parallel-install preserve-libs protect-owned sandbox sfperms sign strict unknown-features-warn unmerge-orphans userfetch userpriv usersandbox usersync" FFLAGS="-O2 -pipe -march=native -frecord-gcc-switches" GENTOO_MIRRORS="http://distfiles.gentoo.org" LANG="en_US.UTF-8" LDFLAGS="-Wl,-O1 -Wl,--as-needed" MAKEOPTS="-j6" PKGDIR="/var/portage/packages" PORTAGE_COMPRESS="xz" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_EXTRA_OPTS="--ipv4" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --exclude=/.git" PORTAGE_TMPDIR="/tmp" USE="3dnow 3dnowext X a52 aac acl acpi alsa amd64 berkdb branding bzip2 cairo caps cdda cdr cli cracklib crypt css cups cxx dbus declarative dri dts dvd dvdr emboss encode exif fam ffmpeg filecaps firefox flac fontconfig fortran gdbm gif glamor gpm gtk iconv idn imap ipv6 jpeg kde kipi lcms libnotify lzma mad mmx mmxext mng modules mp3 mp4 mpeg mtp multilib ncurses nls nptl offensive ogg opengl openmp pam pango pcre pdf phonon plasma png policykit ppds pulseaudio qml qt3support qt4 qt5 readline sdl seccomp semantic-desktop session spell sse sse2 sse3 sse4a ssl startup-notification suid svg systemd taglib theora threads tiff truetype udev udisks unicode upower usb vaapi vdpau vim-syntax vorbis widgets wxwidgets x264 xattr xcb xcomposite xft xinerama xml xv xvid zlib zsh-completion" ABI_X86="64 32" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias proxy proxy_fcgi" CALLIGRA_FEATURES="kexi words flow plan sheets stage tables krita karbon braindump author" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="mmx mmxext sse sse2 3dnow 3dnowext popcnt sse3 sse4a" DRACUT_MODULES="btrfs systemd" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ublox ubx" GRUB_PLATFORMS="efi-64 emu pc" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" LINGUAS="en en_US" OFFICE_IMPLEMENTATION="libreoffice" PYTHON_SINGLE_TARGET="python2_7" PYTHON_TARGETS="python2_7 python3_3 python3_4 python3_5" QEMU_SOFTMMU_TARGETS="alpha arm i386 x86_64" QEMU_USER_TARGETS="arm i386 x86_64" RUBY_TARGETS="ruby23" USERLAND="GNU" VIDEO_CARDS="nouveau" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" USE_PYTHON="2.7 3.3" Unset: CC, CPPFLAGS, CTARGET, CXX, INSTALL_MASK, LC_ALL, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS_FLAGS ================================================================= Package Settings ================================================================= mail-client/thunderbird-38.7.1::gentoo was built with the following: USE="crypt dbus jemalloc3 jit minimal pulseaudio startup-notification -bindist -custom-cflags -custom-optimization -debug -gstreamer -gstreamer-0 -hardened -ldap -lightning -mozdom (-neon) (-selinux) -system-cairo -system-icu -system-jpeg -system-libvpx -system-sqlite" ABI_X86="64" LINGUAS="-ar -ast -be -bg -bn_BD -br -ca -cs -cy -da -de -el -en_GB -es_AR -es_ES -et -eu -fi -fr -fy_NL -ga_IE -gd -gl -he -hr -hsb -hu -hy_AM -id -is -it -ja -ko -lt -nb_NO -nl -nn_NO -pa_IN -pl -pt_BR -pt_PT -rm -ro -ru -si -sk -sl -sq -sr -sv_SE -ta_LK -tr -uk -vi -zh_CN -zh_TW" CFLAGS="-pipe -march=native -frecord-gcc-switches -Wno-return-type -w" CXXFLAGS="-pipe -march=native -frecord-gcc-switches -Wno-return-type -w" LDFLAGS="-Wl,-O1 -Wl,--as-needed -Wl,-rpath=/usr/lib64/thunderbird" Same issue here. Relevant part of the build log is identical. Portage 2.2.26 (python 2.7.11-final-0, funtoo/1.0/linux-gnu/arch/x86-64bit, gcc-4.9.3, glibc-2.21, 4.4.6-hardened-r2 x86_64) ================================================================= System uname: Linux-4.4.6-hardened-r2-x86_64-Intel-R-_Core-TM-_i7-3930K_CPU_@_3.20GHz-with-gentoo-2.2.0 KiB Mem: 65954200 total, 19644412 free KiB Swap: 2283348 total, 2283348 free sh bash 4.3_p42 ld GNU ld (Funtoo 2.25) 2.25.0 app-shells/bash: 4.3_p42::gentoo dev-java/java-config: 2.2.0-r3::gentoo dev-lang/perl: 5.22.1::gentoo dev-lang/python: 2.7.11-r2::gentoo, 3.4.3-r7::gentoo dev-util/cmake: 3.5.2::gentoo sys-apps/baselayout: 2.2.0-r6::gentoo sys-apps/openrc: 0.18.3-r2::gentoo sys-apps/sandbox: 2.10-r2::gentoo sys-devel/autoconf: 2.13::gentoo, 2.69-r2::gentoo sys-devel/automake: 1.11.6-r2::gentoo, 1.13.4-r1::gentoo, 1.14.1-r1::gentoo, 1.15-r2::gentoo sys-devel/binutils: 2.25-r2::gentoo sys-devel/gcc: 4.9.3-r3::gentoo sys-devel/gcc-config: 1.8-r1::gentoo sys-devel/libtool: 2.4.6-r2::gentoo sys-devel/make: 4.1-r1::gentoo sys-kernel/linux-headers: 4.3::gentoo (virtual/os-headers) sys-libs/glibc: 2.21::gentoo Repositories: gentoo location: /usr/portage sync-type: git sync-uri: git://github.com/funtoo/ports-2012.git priority: -1000 mrueg location: /var/lib/layman/mrueg masters: gentoo priority: 0 obs-studio-overlay location: /var/lib/layman/obs-studio-overlay masters: gentoo priority: 1 kde location: /var/lib/layman/kde masters: gentoo priority: 50 steam-overlay location: /var/lib/layman/steam-overlay masters: gentoo priority: 50 sunrise location: /var/lib/layman/sunrise masters: gentoo priority: 50 Installed sets: @toolchain ACCEPT_KEYWORDS="amd64 ~amd64" ACCEPT_LICENSE="* -@EULA Oracle-BCLA-JavaSE" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=corei7 -O2 -pipe -maes -fomit-frame-pointer -fno-stack-protector -freorder-blocks-and-partition -frename-registers -fweb -fgcse-las -fgcse-sm -fgcse-after-reload -fpredictive-commoning -fipa-pta -ftree-loop-ivcanon -ftree-loop-im -fivopts -ftracer -ftree-partial-pre -ftree-loop-distribution -ftree-loop-distribute-patterns -ftree-loop-if-convert -ftree-vectorize " CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/lib64/libreoffice/program/sofficerc /usr/share/config /usr/share/gnupg/qualified.txt" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo" CXXFLAGS="-march=corei7 -O2 -pipe -maes -fomit-frame-pointer -fno-stack-protector -freorder-blocks-and-partition -frename-registers -fweb -fgcse-las -fgcse-sm -fgcse-after-reload -fpredictive-commoning -fipa-pta -ftree-loop-ivcanon -ftree-loop-im -fivopts -ftracer -ftree-partial-pre -ftree-loop-distribution -ftree-loop-distribute-patterns -ftree-loop-if-convert -ftree-vectorize " DISTDIR="/usr/portage/distfiles" FEATURES="assume-digests binpkg-logs config-protect-if-modified distlocks ebuild-locks fixlafiles merge-sync news parallel-fetch preserve-libs protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr" FFLAGS="-march=corei7 -O2 -pipe" GENTOO_MIRRORS="http://distfiles.gentoo.org" INSTALL_MASK="/etc/systemd/ /usr/lib/systemd/ /lib/systemd/" LANG="en_US.UTF-8" LDFLAGS="-Wl,-O1 -Wl,--sort-common -Wl,--as-needed -fuse-linker-plugin -s -Wl,-z,now" MAKEOPTS="-j13" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_TMPDIR="/var/tmp" USE="X a52 aac acl alsa amd64 apng berkdb bluray bzip2 cdda cddb cdio cdr consolekit cracklib crypt cups cxx dbus declarative dri dts dvd dvdr dvdread encode exif faac faad ffmpeg flac fontconfig gdbm gif gpm gstreamer hardened ico iconv icu ieee1394 introspection ios ipod ipv6 jpeg jpeg2k kde kipi lame libass libguess libmpeg2 lm_sensors lzma mad matroska mjpeg mmx modules mp3 mpeg mtp mudflap multilib ncurses nls nptl nsplugin ogg openal opencl opengl openmp osmesa pam pax_kernel pcre pdf phonon pic plasma png policykit postproc pppd pulseaudio python qml qt3support qt4 qt5 quicktime readline resolvconf scanner sdl semantic-desktop sndfile sse sse2 ssl svg taglib tcpd theora tiff truetype twolame udev unicode urandom usb v4l vorbis vpx wav wavpack webp widgets win32codecs wmf x264 x265 xattr xcomposite xinerama xml xscreensaver xtpax xvid zlib" ABI_X86="64" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel ice1724 intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias authn_core authz_core socache_shmcb unixd" CALLIGRA_FEATURES="kexi words flow plan sheets stage tables krita karbon braindump author" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="mmx mmxext popcnt sse sse2 sse3 sse4_1 sse4_2 ssse3" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ublox ubx" GRUB_PLATFORMS="efi-64 pc" INPUT_DEVICES="evdev synaptics keyboard mouse" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php5-6 php5-5" PYTHON_SINGLE_TARGET="python3_4" PYTHON_TARGETS="python2_7 python3_4" QEMU_SOFTMMU_TARGETS="i386 x86_64" QEMU_USER_TARGETS="i386 x86_64" RUBY_TARGETS="ruby20 ruby21 ruby22" USERLAND="GNU" VIDEO_CARDS="fglrx" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, LC_ALL, LINGUAS, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS Created attachment 431460 [details]
Build log with MAKEOPTS="-j1"
I've also run into the issue reported here, and in Funtoo bug FL-3192 (I'm running Funtoo). Specifically, removing the install of mail-client/thunderbird-38.7.1 first allows the install of mail-client/thunderbird-45.0. Apparently, the install process is seeing the previously-installed Thunderbird libxul.so, and not the newly built libxul.so. Perhaps some tweak of LD_LIBRARY_PATH [during the install phase] would solve the problem, at least on systems without security modules that inhibit its use? (In reply to Isaac Richter from comment #4) > I've also run into the issue reported here, and in Funtoo bug FL-3192 (I'm > running Funtoo). > > Specifically, removing the install of mail-client/thunderbird-38.7.1 first > allows the install of mail-client/thunderbird-45.0. Apparently, the install > process is seeing the previously-installed Thunderbird libxul.so, and not > the newly built libxul.so. > > Perhaps some tweak of LD_LIBRARY_PATH [during the install phase] would solve > the problem, at least on systems without security modules that inhibit its > use? I agree that this must somehow be the issue, but at the same time I have not beel able to reproduce it on my system despite multiple attempts. On Gentoo, libxul.so is explicitly installed outside of LD_LIBRARY_PATH, and although the build instructions does explicitly set the rpath to /usr/lib64/thunderbird this does not on my tests cause the libxul.so from the live system to be used. seems libxul building system massively changed in newer release. Attaching diff, which may (or may not) enlighten the situation. Created attachment 432208 [details]
diff
(In reply to Oleg from comment #7) > Created attachment 432208 [details] > diff Oh I know all about the moz.build changes, don't worry about that.. :) However from what I can tell the changes to the build system do not relate to this issue. The failure is occurring due to a tool (tbird/dist/bin/xpcshell), built earlier in the codebase, being called by the build system and attempting to use libxul.so from the base system instead of from the codebase, but ONLY in certian cases. I just can't figure out what those cases are. If it was a build system problem I would expect it would happen for everyone that had thunderbird-38.x installed while building 45.x, but it doesn't. Until I can reproduce the failure myself I can't isolate the trigger. *** Bug 581636 has been marked as a duplicate of this bug. *** any progress here? (In reply to Oleg from comment #10) > any progress here? None. I cannot reproduce this on my systems. I have also compared the objdump of a successful and failed tool, and they are identical. The runpath is correct in the failed case; and according to all documentation I can find the LD_LIBRARY_PATH overrides it, and I have confirmed the LD_LIBRARY_PATH *is* set in the calling environment. So I'm at a complete loss and have no idea what can be done to address this. I get this (or possible a similar error) if the installed thunderbird was compiled with gtk3 and i attempt to switch back to gtk2 (for the update or reinstall). The gtk2 build then results in the "Error while running startup cache precompilation". But then again this is likely due to the mismatch between gtk2 and gtk3 and does not relate to as of why the tool of the installed tbird is used. I also experience this. Hi Everyone! The trigger for this issue has finally been discovered! sys-apps/sandbox: 2.11-r2::gentoo All of you running sys-apps/sandbox-2.11 and newer, please downgrade. Nais... I'm running 2.12... I was hoping it might fix #553092, but it didn't. Seems there hasn't been any activity in https://gitweb.gentoo.org/proj/sandbox.git/ since 2016-03-30 :( Running sandbox 2.10-r1, still having this issue. Downgrading sandbox worked for me, and nobody else has actually provided a build log or any debugging information. I think it is likely they are experiencing a different problem that looks similar. (In reply to Mike Gilbert from comment #17) > Downgrading sandbox worked for me, and nobody else has actually provided a > build log or any debugging information. I think it is likely they are > experiencing a different problem that looks similar. https://pste.pw/v/XdBAu/raw (In reply to Lee Watson from comment #18) Don't use pastebins for build logs. Attach it to the bug report. Your log is missing "/usr/lib64/firefox/libxul.so: version `xul48' not found", which might indicate a different sort of failure. xpcshell could be failing for any other reason; the log doesn't contain enough information to diagnose it. Downgrading sandbox to 2.10-r1 also worked for me -- firefox was emerged successfully afterwards. Created attachment 443030 [details]
build.log for firefox-48 with sandbox-2.12
*** Bug 592924 has been marked as a duplicate of this bug. *** *** Bug 598824 has been marked as a duplicate of this bug. *** do you have a reduced test case ? "emerge firefox" is not a reduced test case by any stretch of the imagination :). (In reply to SpanKY from comment #24) > do you have a reduced test case ? "emerge firefox" is not a reduced test > case by any stretch of the imagination :). I thought leio had put one together. You can reproduce this via: 1. compile a library 2. compile a binary, link it with said library but have -Wl,-rpath= set to the location of where that lib will be on / (note, relevant for said lib to not exist in the system ldpath) 3. run the binary from within ${S}, overriding RUNPATH via setting LD_LIBRARY_PATH=${S}/path/to/libdir sandbox >= 2.11 tosses LD_LIBRARY_PATH from the environment somehow, which results in the RUNPATH being used. In this case, that means using libxul.so from the previous mozilla package installation. i can confirm that downgrading sandbox form 2.11 to 2.10 resolves the problem, i believe https://gitweb.gentoo.org/repo/gentoo.git/commit/profiles/package.mask?id=89f9110b9af390b48d8a0c85bb5d02cce8e42df4 has to be reverted. it's any good to play with this essential package. *** Bug 600120 has been marked as a duplicate of this bug. *** *** Bug 600428 has been marked as a duplicate of this bug. *** (In reply to Ian Stakenvicius from comment #25) > (In reply to SpanKY from comment #24) > > do you have a reduced test case ? "emerge firefox" is not a reduced test > > case by any stretch of the imagination :). > > I thought leio had put one together. You can reproduce this via: nah, I was working on the opendir abort with long path (gnome-builder and graphicsmagick sandbox error during linking in bug 553092). > 1. compile a library > > 2. compile a binary, link it with said library but have -Wl,-rpath= set to > the location of where that lib will be on / (note, relevant for said lib to > not exist in the system ldpath) > > 3. run the binary from within ${S}, overriding RUNPATH via setting > LD_LIBRARY_PATH=${S}/path/to/libdir > > sandbox >= 2.11 tosses LD_LIBRARY_PATH from the environment somehow, which > results in the RUNPATH being used. In this case, that means using libxul.so > from the previous mozilla package installation. I can't reproduce this with a too trivial testcase. This is what I did: $ cat lib.c int test_symbol(int val) { return val; } gcc -shared lib.c -o ../libtest.so $ cat exe.c #include <stdio.h> extern int test_symbol(int); int main() { printf("test_symbol(5) returns %d\n", test_symbol(5)); } gcc exe.c -o exe -Wl,-rpath=/usr/lib/foo/ -L.. -ltest $ readelf -d exe Dynamic section at offset 0xe08 contains 26 entries: Tag Type Name/Value 0x0000000000000001 (NEEDED) Shared library: [libtest.so] 0x0000000000000001 (NEEDED) Shared library: [libc.so.6] 0x000000000000001d (RUNPATH) Library runpath: [/usr/lib/foo/] <snip> ~/gentoo/sandbox/leio $ ../src/sandbox.sh ============================= Gentoo path sandbox ============================== Detection of the support files. Verification of the required files. Setting up the required environment variables. The protected environment has been started. -------------------------------------------------------------------------------- Process being started in forked instance. [s] ~/gentoo/sandbox/leio $ LD_LIBRARY_PATH=/home/leio/gentoo/sandbox/libsandbox/.libs:/home/leio/gentoo/sandbox ./exe test_symbol(5) returns 5 (LD_LIBRARY_PATH is set by sandbox.sh for testing the git version, so appending the path I put libtest.so in to that for the call) So a dumb test works fine, this is on 2.11 sandbox tag. What is this xpcshell build stuff doing different? If I mangle stuff up a bit to make that test_symbol have symbol versioning with a version script and some .symver asm to get it to "test_symbol@@VERS_48" in the library, I still can't reproduce with my small testcase :( I guess we'll have to go through firefox compile and see what more it's doing. So, we haven't been able to make a minimal test case, but using thunderbird's failed build and some manual hackery, I was able to git bisect sandbox to discover the issue begins as of commit 55087abd8dc9802cf68cade776fe612a3f19f6a1 Steps to reproduce: 1. emerge a mozilla product (firefox, thunderbird) whose major version is NOT already installed 2. when it fails, cd "${S}", type 'sandbox' to enter the sandbox env, and then run the 'xpcshell' command that it failed on by prefixing it with a couple of variables: LD_DEBUG=libs LD_LIBRARY_PATH="${BUILD_OBJ_DIR}/dist/bin:${LD_LIBRARY_PATH}" ${BUILD_OBJ_DIR}/dist/bin/xpcshell -g ${BUILD_OBJ_DIR}/dist/bin/ -a ${BUILD_OBJ_DIR}/dist/bin/ -f ${S}/mozilla/toolkit/mozapps/installer/precompile_cache.js -e precompile_startupcache\("resource://gre/"\) (by default BUILD_OBJ_DIR=${S}/tbird in case it's not set in the sandbox env) *** Bug 605300 has been marked as a duplicate of this bug. *** *** Bug 615906 has been marked as a duplicate of this bug. *** *** Bug 617178 has been marked as a duplicate of this bug. *** *** Bug 622904 has been marked as a duplicate of this bug. *** (In reply to Ian Stakenvicius from comment #31) > I was able to git bisect sandbox to discover the issue begins as of commit > 55087abd8dc9802cf68cade776fe612a3f19f6a1 Hmm... That resolves to: https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=55087abd8dc9802cf68cade776fe612a3f19f6a1 Excerpts from the git log, interspersing my own comments: >> libsandbox: use ptrace on apps that interpose their own allocator >> If an app installs its own memory allocator by overriding the internal >> glibc symbols [we can hit an unbreakable loop] ... which firefox does, at least with the jemalloc USE flag (but I have it off and am still seeing this bug) >> Change the exec checking logic to scan the ELF instead. If it exports >> these glibc symbols, then we have to assume it can trigger a loop, so >> scrub the sandbox environment to prevent us from being loaded. Then we >> use the out-of-process tracer (i.e. ptrace). This should generally be >> as robust anyways ... if it's not, that's a bug we want to fix as this >> is the same code used for static apps. So it's apparently not as robust in this case as expected. Which isn't after all too surprising, given the amount of testing the in-process sandbox code has had by this point, compared to the new the out-of-process trace usage, at least for this particular case. So yeah, it's "a bug we want to fix", for sure. =:^) >> URL: http://crbug.com/586444 >> Reported-by: Ryo Hashimoto <hashimoto@chromium.org> Of course they'd be running chromium, not firefox, and while I believe chromium uses its own custom memory alloc as well, it's obviously different enough not to have triggered the particular bug we're seeing with mozilla/gecko on their side. Meanwhile, as mentioned I have USE=-jemalloc. I wonder if enabling it changes anything... Created attachment 496426 [details, diff] sandbox-2.11-keep-ld_library_path.patch (In reply to Peter Levine from comment #37) > PR: https://github.com/gentoo/gentoo/pull/5794 Actually, I only tested it with www-client/seamonkey-2.49.3.0_p0 so I'd appreciate if someone else can merge ~sandbox-2.11 with the patch and confirm it resolves the issue. (In reply to Peter Levine from comment #38) > Created attachment 496426 [details, diff] [details, diff] > sandbox-2.11-keep-ld_library_path.patch > > (In reply to Peter Levine from comment #37) > > PR: https://github.com/gentoo/gentoo/pull/5794 > > Actually, I only tested it with www-client/seamonkey-2.49.3.0_p0 so I'd > appreciate if someone else can merge ~sandbox-2.11 with the patch and > confirm it resolves the issue. Tested successfully with firefox-52.3.0 here as well, and I fully expect thunderbird-52.3 will also succeed. The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9f089d8f7ac269caae913866fe7fce7291ebcad3 commit 9f089d8f7ac269caae913866fe7fce7291ebcad3 Author: Michał Górny <mgorny@gentoo.org> AuthorDate: 2017-10-03 18:20:03 +0000 Commit: Michał Górny <mgorny@gentoo.org> CommitDate: 2017-10-03 19:09:26 +0000 sys-apps/sandbox: Bump to 2.12 Closes: https://bugs.gentoo.org/553092 Closes: https://bugs.gentoo.org/580726 sys-apps/sandbox/Manifest | 1 + sys-apps/sandbox/sandbox-2.12.ebuild | 70 ++++++++++++++++++++++++++++++++++++ 2 files changed, 71 insertions(+) |