Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 688310

Summary: dev-ruby/rubygems-3.0.4 : sandbox issue in ebuilds (e.g. dev-ruby/packetfu-1.1.13)
Product: Gentoo Linux Reporter: Toralf Förster <toralf>
Component: Current packagesAssignee: Gentoo Ruby Team <ruby>
Severity: normal CC: chris.murtagh1, Christopher.Lundgren, hlein, sam, zerochaos
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
See Also:
Package list:
Runtime testing required: ---
Attachments: emerge-info.txt

Description Toralf Förster gentoo-dev 2019-06-18 19:21:41 UTC
FORMAT: F - Function called
FORMAT: S - Access Status
FORMAT: P - Path as passed to function
FORMAT: A - Absolute Path (not canonical)
FORMAT: R - Canonical Path
FORMAT: C - Command Line

F: open_wr
S: deny


  This is an unstable amd64 chroot image at a tinderbox (==build bot)
  name: 17.1-no-multilib-hardened_libressl_20190616-210615


gcc-config -l:
 [1] x86_64-pc-linux-gnu-9.1.0 *

Available Python interpreters, in order of preference:
  [1]   python3.6
  [2]   python2.7 (fallback)
Available Ruby profiles:
  [1]   ruby24 (with Rubygems) *
Available Rust versions:
  [1]   rust-1.35.0 *

emerge -qpvO dev-ruby/packetfu
[ebuild  N    ] dev-ruby/packetfu-1.1.13  USE="-doc -test" RUBY_TARGETS="ruby24 -ruby25 -ruby26"
Comment 1 Toralf Förster gentoo-dev 2019-06-18 19:21:43 UTC
Created attachment 580104 [details]
Comment 2 Toralf Förster gentoo-dev 2019-06-18 19:21:46 UTC
Created attachment 580106 [details]
Comment 3 Toralf Förster gentoo-dev 2019-06-18 19:21:49 UTC
Created attachment 580108 [details]
Comment 4 Toralf Förster gentoo-dev 2019-06-18 19:21:52 UTC
Created attachment 580110 [details]
Comment 5 Toralf Förster gentoo-dev 2019-06-18 19:21:54 UTC
Created attachment 580112 [details]
Comment 6 Toralf Förster gentoo-dev 2019-06-18 19:21:57 UTC
Created attachment 580114 [details]
Comment 7 Hans de Graaff gentoo-dev 2019-06-24 05:18:42 UTC
Reassigning this to ruby since this is caused by the changes in rubygems 3.0.4. Use rubygems 3.0.3 as a workaround.
Comment 8 Hank Leininger 2019-08-28 15:44:44 UTC
Confirmed that this still happens with the current rubygems in the tree, 3.0.6.

Downgrading to 3.0.3 per is still an effective workaround to build packetfu without a sandbox violation.
Comment 9 Hank Leininger 2019-10-13 21:12:50 UTC
[It seems I can't directly edit See Also:'s, so just adding this comment.]

This still seems to be a problem; see - pg_array_parser died with a sandbox error until I masked >=dev-ruby/rubygems-3.0.4
Comment 10 Michel Ganguin 2020-01-30 23:03:01 UTC
There are few ruby ebuilds including packetfu that make use of `bundle install --local` which result in the sandbox violation, `grep -r 'bundle install' dev-ruby`:


You can patch the ebuilds to not do the `bundle install --local`. However, I'm not sure which would be the best way to do that, but by just deleting the line in the ebuild, everything seems to work fine (it is following by a `bundle check` which seems to be enough).
Comment 11 Anton Bolshakov 2021-03-04 16:56:15 UTC
I narrowed down the problem: it is a gentoo custom "os default" file located in the files/gentoo-defaults.rb (getting installed into /usr/lib64/ruby/site_ruby/2.6.0/rubygems/defaults/operating_system.rb)

there are 2 functions missing in gentoo-defaults-3.rb:
  undef :default_dir
  def default_dir
  under :default_bindir
  def default_bindir

I copied it from gentoo-defaults.rb and it "install --local" trick started to work again. Somebody need to review it.
Comment 12 Rick Farina (Zero_Chaos) gentoo-dev 2021-03-04 17:13:19 UTC
ruby team, do you want to fix this like suggested in or do you want me to addpredict in every ebuild?
Comment 13 Anton Bolshakov 2021-03-05 00:51:49 UTC
So I spent a couple of hours figuring out how to fix it. Here it is:

GEM_HOME="${S}" BUNDLE_GEMFILE=Gemfile ruby -S bundle install --local || die

GEM_HOME is the additional variable
Comment 14 Rick Farina (Zero_Chaos) gentoo-dev 2021-03-05 16:11:52 UTC
it looks like the ruby team removed all the safety checks from my ebuilds, so this isn't present in gentoo anymore.  Cool, introduce a bug and then remove other maintainers safety checks.