Bug 688310

Summary:	dev-ruby/rubygems-3.0.4 : sandbox issue in ebuilds (e.g. dev-ruby/packetfu-1.1.13)
Product:	Gentoo Linux	Reporter:	Toralf Förster <toralf>
Component:	Current packages	Assignee:	Gentoo Ruby Team <ruby>
Status:	RESOLVED OBSOLETE
Severity:	normal	CC:	chris.murtagh1, Christopher.Lundgren, hlein, sam, zerochaos
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
See Also:	https://bugs.gentoo.org/show_bug.cgi?id=688314
Whiteboard:
Package list:		Runtime testing required:	---
Attachments:	emerge-info.txt dev-ruby:packetfu-1.1.13:20190618-104355.log emerge-history.txt etc.portage.tbz2 logs.tbz2 sandbox-4.log

Description Toralf Förster gentoo-dev

2019-06-18 19:21:41 UTC

VERSION 1.0
FORMAT: F - Function called
FORMAT: S - Access Status
FORMAT: P - Path as passed to function
FORMAT: A - Absolute Path (not canonical)
FORMAT: R - Canonical Path
FORMAT: C - Command Line

F: open_wr
S: deny

  -------------------------------------------------------------------

  This is an unstable amd64 chroot image at a tinderbox (==build bot)
  name: 17.1-no-multilib-hardened_libressl_20190616-210615

  -------------------------------------------------------------------

gcc-config -l:
 [1] x86_64-pc-linux-gnu-9.1.0 *

Available Python interpreters, in order of preference:
  [1]   python3.6
  [2]   python2.7 (fallback)
Available Ruby profiles:
  [1]   ruby24 (with Rubygems) *
Available Rust versions:
  [1]   rust-1.35.0 *



emerge -qpvO dev-ruby/packetfu
[ebuild  N    ] dev-ruby/packetfu-1.1.13  USE="-doc -test" RUBY_TARGETS="ruby24 -ruby25 -ruby26"

Comment 1 Toralf Förster gentoo-dev

2019-06-18 19:21:43 UTC

Created attachment 580104 [details]
emerge-info.txt

Comment 2 Toralf Förster gentoo-dev

2019-06-18 19:21:46 UTC

Created attachment 580106 [details]
dev-ruby:packetfu-1.1.13:20190618-104355.log

Comment 3 Toralf Förster gentoo-dev

2019-06-18 19:21:49 UTC

Created attachment 580108 [details]
emerge-history.txt

Comment 4 Toralf Förster gentoo-dev

2019-06-18 19:21:52 UTC

Created attachment 580110 [details]
etc.portage.tbz2

Comment 5 Toralf Förster gentoo-dev

2019-06-18 19:21:54 UTC

Created attachment 580112 [details]
logs.tbz2

Comment 6 Toralf Förster gentoo-dev

2019-06-18 19:21:57 UTC

Created attachment 580114 [details]
sandbox-4.log

Comment 7 Hans de Graaff gentoo-dev

2019-06-24 05:18:42 UTC

Reassigning this to ruby since this is caused by the changes in rubygems 3.0.4. Use rubygems 3.0.3 as a workaround.

Comment 8 Hank Leininger 2019-08-28 15:44:44 UTC

Confirmed that this still happens with the current rubygems in the tree, 3.0.6.

Downgrading to 3.0.3 per https://bugs.gentoo.org/688310#c7 is still an effective workaround to build packetfu without a sandbox violation.

Comment 9 Hank Leininger 2019-10-13 21:12:50 UTC

[It seems I can't directly edit See Also:'s, so just adding this comment.]

This still seems to be a problem; see https://bugs.gentoo.org/688314 - pg_array_parser died with a sandbox error until I masked >=dev-ruby/rubygems-3.0.4

Comment 10 Michel Ganguin 2020-01-30 23:03:01 UTC

There are few ruby ebuilds including packetfu that make use of `bundle install --local` which result in the sandbox violation, `grep -r 'bundle install' dev-ruby`:

```
dev-ruby/metasploit-model
dev-ruby/postgres_ext
dev-ruby/metasploit_data_models
dev-ruby/packetfu
dev-ruby/pg_array_parser
dev-ruby/metasm
```

You can patch the ebuilds to not do the `bundle install --local`. However, I'm not sure which would be the best way to do that, but by just deleting the line in the ebuild, everything seems to work fine (it is following by a `bundle check` which seems to be enough).

Comment 11 Anton Bolshakov 2021-03-04 16:56:15 UTC

I narrowed down the problem: it is a gentoo custom "os default" file located in the files/gentoo-defaults.rb (getting installed into /usr/lib64/ruby/site_ruby/2.6.0/rubygems/defaults/operating_system.rb)

there are 2 functions missing in gentoo-defaults-3.rb:
  undef :default_dir
  def default_dir
and
  under :default_bindir
  def default_bindir

I copied it from gentoo-defaults.rb and it "install --local" trick started to work again. Somebody need to review it.

Comment 12 Rick Farina (Zero_Chaos) gentoo-dev

2021-03-04 17:13:19 UTC

ruby team, do you want to fix this like suggested in https://bugs.gentoo.org/688310#c11 or do you want me to addpredict in every ebuild?

Comment 13 Anton Bolshakov 2021-03-05 00:51:49 UTC

So I spent a couple of hours figuring out how to fix it. Here it is:

GEM_HOME="${S}" BUNDLE_GEMFILE=Gemfile ruby -S bundle install --local || die

GEM_HOME is the additional variable

Comment 14 Rick Farina (Zero_Chaos) gentoo-dev

2021-03-05 16:11:52 UTC

it looks like the ruby team removed all the safety checks from my ebuilds, so this isn't present in gentoo anymore.  Cool, introduce a bug and then remove other maintainers safety checks.