Summary: | app-crypt/gpgme-1.13.1 : sandbox violation: gpg-connect-agent --no-autostart --dirmngr KILLDIRMNGR: /run/user/250/gnupg | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Michael Weiser <michael> |
Component: | Current packages | Assignee: | Gentoo's Team for Core System packages <base-system> |
Status: | UNCONFIRMED --- | ||
Severity: | normal | CC: | base-system, mike, nemunaire |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | AMD64 | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Michael Weiser
2019-10-10 18:37:01 UTC
The relevant part of build output reads: libtool: link: x86_64-pc-linux-gnu-gcc -O2 -march=native -pipe -fomit-frame-pointer -Wall -Wcast-align -Wshadow -Wstrict-prototypes -Wno-format-y2k -Wno-missing-field-initializers -Wno-sign-compare -Wno-format-zero-length -Wno-format-truncation -Wno-sizeof-pointer-div -Wl,-O1 -o t-thread-keylist-verify t-thread-keylist-verify.o -Wl,--as-needed ../../src/.libs/libgpgme.so -lpthread -Wl,-rpath -Wl,/var/tmp/portage/app-crypt/gpgme-1.13.1/work/b/src/.libs make[3]: Leaving directory '/var/tmp/portage/app-crypt/gpgme-1.13.1/work/gpgme-1.13.1/tests/gpg' make[2]: Leaving directory '/var/tmp/portage/app-crypt/gpgme-1.13.1/work/gpgme-1.13.1/tests/gpg' Making all in json make[2]: Entering directory '/var/tmp/portage/app-crypt/gpgme-1.13.1/work/gpgme-1.13.1/tests/json' echo no-force-v3-sigs > ./gpg.conf echo pinentry-program /var/tmp/portage/app-crypt/gpgme-1.13.1/work/b/tests/json/../gpg/pinentry > ./gpg-agent.conf GNUPGHOME=/var/tmp/portage/app-crypt/gpgme-1.13.1/work/b/tests/json LC_ALL=C GPG_AGENT_INFO= top_srcdir=../.. gpgme_json=/var/tmp/portage/app-crypt/gpgme-1.13.1/work/b/tests/json/../../src/gpgme-json gpgconf --kill all echo disable-scdaemon >> ./gpg-agent.conf * ACCESS DENIED: mkdir: /run/user/250/gnupg * ACCESS DENIED: mkdir: /run/user/250/gnupg * ACCESS DENIED: mkdir: /run/user/250/gnupg /bin/mkdir -p ./private-keys-v1.d for k in ../../tests/gpg/13CD0F3BDF24BE53FE192D62F18737256FF6E4FD ../../tests/gpg/76F7E2B35832976B50A27A282D9B87E44577EB66 ../../tests/gpg/A0747D5F9425E6664F4FFBEED20FBCA79FDED2BD ../../tests/gpg/13CBE3758AFE42B5E5E2AE4CED27AFA455E3F87F ../../tests/gpg/7A030357C0F253A5BBCD282FFC4E521B37558F5C; do \ cp $k private-keys-v1.d/$(basename $k).key; \ done echo x > ./gpg-sample.stamp GNUPGHOME=/var/tmp/portage/app-crypt/gpgme-1.13.1/work/b/tests/json LC_ALL=C GPG_AGENT_INFO= top_srcdir=../.. gpgme_json=/var/tmp/portage/app-crypt/gpgme-1.13.1/work/b/tests/json/../../src/gpgme-json gpg --batch --no-permission-warning \ --import ../../tests/gpg/pubdemo.asc gpg: keybox '/var/tmp/portage/app-crypt/gpgme-1.13.1/work/b/tests/json/pubring.kbx' created gpg: /var/tmp/portage/app-crypt/gpgme-1.13.1/work/b/tests/json/trustdb.gpg: trustdb created gpg: key 2D727CC768697734: public key "Alfa Test (demo key) <alfa@example.net>" imported * ACCESS DENIED: mkdir: /run/user/250/gnupg * ACCESS DENIED: mkdir: /run/user/250/gnupg gpg: key FE180B1DA9E3B0B2: public key "Bob (demo key)" imported gpg: key 413F4AF31AFDAB6C: public key "Charlie Test (demo key) <charlie@example.net>" imported gpg: key EBA9F240EB9DC9E6: public key "Delta Test (demo key) <delta@example.net>" imported gpg: key 318C1FAEFAEF6D1B: public key "Echelon (demo key)" imported gpg: key D4BF57F37372E243: public key "Foxtrot Test (demo key) <foxtrot@example.net>" imported gpg: key 168410A48FC282E6: public key "Golf Test (demo key) <golf@example.net>" imported gpg: key 13DB965534C6E3F1: public key "Hotel Test (demo key) <hotel@example.net>" imported gpg: key 1FE8FC6F04259677: public key "India Test (demo key) <india@example.net>" imported gpg: key 0C820C71D2699313: public key "Juliet Test (demo key) <juliet@example.net>" imported gpg: key AD1B0FAD43C2D0C7: public key "Kilo Test (demo key) <kilo@example.net>" imported gpg: key 37CAB51FB79103F8: public key "Lima Test (demo key) <lima@example.net>" imported gpg: key BE794852BE5CF886: public key "Mallory (demo key)" imported gpg: key 25B00FD430CEC684: public key "November Test (demo key) <november@example.net>" imported gpg: key 5F6356BA6D9732AC: public key "Oscar Test (demo key) <oscar@example.net>" imported gpg: key 5D15E01D3FF13206: public key "Papa test (demo key) <papa@example.net>" imported gpg: key 1C67EC133C661C84: public key "Quebec Test (demo key) <quebec@example.net>" imported gpg: key 3BDBEDB1777FBED3: public key "Romeo Test (demo key) <romeo@example.net>" imported gpg: key A5E67F7FA3AE3EA1: public key "Sierra Test (demo key) <sierra@example.net>" imported gpg: key 58CB9A4C85A81F38: public key "Tango Test (demo key) <tango@example.net>" imported gpg: key A94C0F75653244D6: public key "Uniform Test (demo key) <uniform@example.net>" imported gpg: key 47AF4B6961F04784: public key "Victor Test (demo key) <victor@example.org>" imported gpg: key DEF0F7B8EC67DBDE: public key "Whisky Test (demo key) <whisky@example.net>" imported gpg: key 8979A6C5567FB34A: public key "XRay Test (demo key) <xray@example.net>" imported gpg: key 9EEF34CD4B11B25F: public key "Yankee Test (demo key) <yankee@example.net>" imported gpg: key 6BC4778054ACD246: public key "Zulu Test (demo key) <zulu@example.net>" imported gpg: Total number processed: 26 gpg: imported: 26 GNUPGHOME=/var/tmp/portage/app-crypt/gpgme-1.13.1/work/b/tests/json LC_ALL=C GPG_AGENT_INFO= top_srcdir=../.. gpgme_json=/var/tmp/portage/app-crypt/gpgme-1.13.1/work/b/tests/json/../../src/gpgme-json gpg --batch --no-permission-warning \ --import ../../tests/gpg/secdemo.asc gpg: key 2D727CC768697734: "Alfa Test (demo key) <alfa@example.net>" 1 new signature * ACCESS DENIED: mkdir: /run/user/250/gnupg gpg: key 2D727CC768697734: secret key imported gpg: key 6BC4778054ACD246: "Zulu Test (demo key) <zulu@example.net>" 1 new signature gpg: key 6BC4778054ACD246: secret key imported gpg: Total number processed: 2 gpg: new signatures: 2 gpg: secret keys read: 2 gpg: secret keys unchanged: 2 echo x > ./pubring-stamp make all-am make[3]: Entering directory '/var/tmp/portage/app-crypt/gpgme-1.13.1/work/gpgme-1.13.1/tests/json' x86_64-pc-linux-gnu-gcc -DHAVE_CONFIG_H -I. -I../../conf -I../../src -O2 -march=native -pipe -fomit-frame-pointer -Wall -Wcast-align -Wshadow -Wstrict-prototypes -Wno-format-y2k -Wno-missing-field-initializers -Wno-sign-compare -Wno-format-zero-length -Wno-format-truncation -Wno-sizeof-pointer-div -c -o t-json.o t-json.c Workaround: Skip agent tests by setting SKIP_TESTS=1 in emerge environment. Does not happen on an OpenRC system. The difference lies in the existence of /run/user/<uid> (uid==250 for portage user) on a systemd system: OpenRC system: # su - portage -s /bin/bash -c "strace -f gpg-connect-agent KILLAGENT /bye 2>&1 | grep /run/user" stat("/run/user/250", 0x7fff3b77fd30) = -1 ENOENT (No such file or directory) stat("/var/run/user/250", 0x7fff3b77fd30) = -1 ENOENT (No such file or directory) systemd system: # su - portage -s /bin/bash -c "strace -f gpg-connect-agent KILLAGENT /bye 2>&1 | grep /run/user" stat("/run/user/250", {st_mode=S_IFDIR|0700, st_size=80, ...}) = 0 stat("/run/user/250/gnupg", 0x7fff579636c0) = -1 ENOENT (No such file or directory) mkdir("/run/user/250/gnupg", 0700) = 0 stat("/run/user/250/gnupg", {st_mode=S_IFDIR|0700, st_size=40, ...}) = 0 stat("/run/user/250/gnupg/S.gpg-agent", 0x7fff57963630) = -1 ENOENT (No such file or directory) stat("/run/user/250/gnupg/S.gpg-agent", 0x7fff57963630) = -1 ENOENT (No such file or directory) connect(3, {sa_family=AF_UNIX, sun_path="/run/user/250/gnupg/S.gpg-agent"}, 33) = -1 ENOENT (No such file or directory) Relevant code in gnupg: gnupg-2.2.17/common/homedir.c:_gnupg_socketdir_internal() # rmdir /run/user/1000/gnupg ; gdb gpg-connect-agent [...] (gdb) break mkdir Breakpoint 1 at 0x41a0 (gdb) run KILLAGENT /bye Starting program: /usr/bin/gpg-connect-agent KILLAGENT /bye Breakpoint 1, mkdir () at ../sysdeps/unix/syscall-template.S:78 78 ../sysdeps/unix/syscall-template.S: No such file or directory. (gdb) bt #0 mkdir () at ../sysdeps/unix/syscall-template.S:78 #1 0x0000555555564a55 in _gnupg_socketdir_internal () #2 0x0000555555564bb4 in gnupg_socketdir () #3 0x0000555555566fd3 in start_new_gpg_agent () #4 0x0000555555559e6a in main () (gdb) Not sure who to blame here: gpgme, gnupg, sandbox or the ebuild. I'd argue the gpgme build system should not as a side effect of running the tests create directories elsewhere on the system. I have also bumped into this issue, it blocks updates on my machine. Could you please prioritize this? Seeing the same issue for some time now. I've a OpenRC system. Portage 3.0.8 (python 3.7.9-final-0, default/linux/amd64/17.1/desktop/plasma, gcc-9.3.0, glibc-2.32-r2, 5.4.60-gentoo-x86_64 x86_64) ================================================================= System uname: Linux-5.4.60-gentoo-x86_64-x86_64-Intel-R-_Core-TM-_i7-7500U_CPU_@_2.70GHz-with-gentoo-2.7 KiB Mem: 16223880 total, 3061232 free KiB Swap: 8388600 total, 8097864 free Timestamp of repository gentoo: Wed, 04 Nov 2020 08:30:01 +0000 Head commit of repository gentoo: fd8755daa52e306f03ae3bc44360b41d008b9eee sh bash 5.0_p18 ld GNU ld (Gentoo 2.34 p6) 2.34.0 ccache version 3.7.12 [enabled] app-shells/bash: 5.0_p18::gentoo dev-java/java-config: 2.3.1::gentoo dev-lang/perl: 5.30.3::gentoo dev-lang/python: 2.7.18-r4::gentoo, 3.6.12::gentoo, 3.7.9::gentoo, 3.8.5::gentoo dev-util/ccache: 3.7.12::gentoo dev-util/cmake: 3.17.4-r1::gentoo dev-util/pkgconfig: 0.29.2::gentoo sys-apps/baselayout: 2.7::gentoo sys-apps/openrc: 0.42.1::gentoo sys-apps/sandbox: 2.20::gentoo sys-devel/autoconf: 2.13-r1::gentoo, 2.69-r5::gentoo sys-devel/automake: 1.13.4-r2::gentoo, 1.16.1-r1::gentoo sys-devel/binutils: 2.34-r2::gentoo sys-devel/gcc: 9.3.0-r1::gentoo sys-devel/gcc-config: 2.3.2::gentoo sys-devel/libtool: 2.4.6-r6::gentoo sys-devel/make: 4.2.1-r4::gentoo sys-kernel/linux-headers: 5.4-r1::gentoo (virtual/os-headers) sys-libs/glibc: 2.32-r2::gentoo Same with gpgme-1.14.0 |