Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 838658

Summary: dev-ml/opam: tries to use bubblewrap (was: dev-ml/opam-2.1.2 fails test)
Product: Gentoo Linux Reporter: yongxiang <tanekliang>
Component: Current packagesAssignee: Gentoo Team for the ML programming language family <ml>
Status: UNCONFIRMED ---    
Severity: normal CC: gienah, kingjon3377, sam
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 865737    
Attachments: build.log
emerge-info.txt

Description yongxiang 2022-04-15 18:05:23 UTC 
Sandboxing is not working on your platform gentoo 
bwrap: setting up uid map: Permission denied
Comment 1 yongxiang 2022-04-15 18:07:25 UTC 
Created attachment 770936 [details]
build.log

build.log
Comment 2 yongxiang 2022-04-15 18:08:31 UTC 
Created attachment 770939 [details]
emerge-info.txt

emerge-info
Comment 3 Larry the Git Cow gentoo-dev 2022-07-20 11:53:38 UTC 
The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a08fcfc37414028a3600023457fc7957c5add4a8

commit a08fcfc37414028a3600023457fc7957c5add4a8
Author:     Alfredo Tupone <tupone@gentoo.org>
AuthorDate: 2022-07-20 11:52:44 +0000
Commit:     Alfredo Tupone <tupone@gentoo.org>
CommitDate: 2022-07-20 11:53:17 +0000

    dev-ml/opam: RESTRICT test
    
    Closes: https://bugs.gentoo.org/838658
    Package-Manager: Portage-3.0.30, Repoman-3.0.3
    Signed-off-by: Alfredo Tupone <tupone@gentoo.org>

 dev-ml/opam/opam-2.1.2.ebuild | 1 +
 1 file changed, 1 insertion(+)
Comment 4 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2022-07-23 23:43:52 UTC 
1. opam seems to now want to use bwrap in general(!): https://github.com/ocaml/opam/blob/65ea1c39ee753134580babd68d1f6dd92cad2e62/doc/pages/FAQ.md#--why-does-opam-require-bwrap. So, in theory, it might need to become an RDEPEND, but an optfeature is probably better, as we don't need it for our purposes (we already sandbox)

2. We should find some way of disabling this sandboxing (it's automagic based on when bubblewrap is installed) as it'll lead to build failures in consumers possibly too.
Comment 5 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2022-09-18 00:22:06 UTC 
(In reply to Larry the Git Cow from comment #3)
> The bug has been closed via the following commit(s):
> 
> https://gitweb.gentoo.org/repo/gentoo.git/commit/
> ?id=a08fcfc37414028a3600023457fc7957c5add4a8
> 
> commit a08fcfc37414028a3600023457fc7957c5add4a8
> Author:     Alfredo Tupone <tupone@gentoo.org>
> AuthorDate: 2022-07-20 11:52:44 +0000
> Commit:     Alfredo Tupone <tupone@gentoo.org>
> CommitDate: 2022-07-20 11:53:17 +0000
> 
>     dev-ml/opam: RESTRICT test
>     
>     Closes: https://bugs.gentoo.org/838658
>     Package-Manager: Portage-3.0.30, Repoman-3.0.3
>     Signed-off-by: Alfredo Tupone <tupone@gentoo.org>
> 
>  dev-ml/opam/opam-2.1.2.ebuild | 1 +
>  1 file changed, 1 insertion(+)

The same change is needed for all opam* :(