When sys-devel/prelink is installed and enabled (PRELINKING="yes" in /etc/conf.d/prelink), the portage core checksum verification functionality fails when not running as root (even if running as a member of the portage group). Files modified by prelink (that is, binaries and shared libraries) fail the checksum verification when they should pass. For example, running "equery check vim" as an unprivileged user (belonging to the portage group) results in: $ equery check vim [ Checking app-editors/vim-7.1.042 ] !!! /usr/bin/vim has incorrect md5sum * 14 out of 15 files good (running as root the checksum is shown to be correct for all files) The problem is in the file /usr/lib/portage/pym/portage_checksum.py, in the function perform_checksum. prelink is being run with --undo -o, to create a temporary non-prelinked file, which will then be checksummed. However, when run with --undo, prelink always tries to do a fchown() of the newly created file to its original owner (root, in this case), which will fail when not being run as root. Therefore, the prelinked file is checksummed instead, resulting in a checksum error. The solution is to use prelink --verify instead (which undoes the prelink and outputs original non-prelinked file to stdout), and redirect the output to a file. That way, as long as the user can write to /$PRIVATE_PATH/ (/var/lib/portage by default), which members of the portage group can, he will be able to perform the check successfully. I am attaching a patch below, to solve the problem. Reproducible: Always Steps to Reproduce: On a system with sys-devel/prelink installed and enabled, do equery check of some package, as an unprivileged user who's a member of the portage group. Actual Results: Any file altered by prelink will be identified as failing the checksum. Expected Results: All files should pass the checksum. $ ls -la /etc/make.profile lrwxrwxrwx 1 root root 56 Aug 4 04:12 /etc/make.profile -> /usr/portage/profiles/default-linux/amd64/2007.0/desktop/ $ emerge --info Portage 2.1.2.12 (default-linux/amd64/2007.0/desktop, gcc-4.1.2, glibc-2.5-r4, 2.6.21-gentoo-r4 x86_64) ================================================================= System uname: 2.6.21-gentoo-r4 x86_64 AMD Athlon(tm) 64 X2 Dual Core Processor 5200+ Gentoo Base System release 1.12.9 Timestamp of tree: Fri, 24 Aug 2007 19:50:01 +0000 dev-java/java-config: 1.3.7, 2.0.33-r1 dev-lang/python: 2.4.4-r4 dev-python/pycrypto: 2.0.1-r6 sys-apps/sandbox: 1.2.17 sys-devel/autoconf: 2.13, 2.61 sys-devel/automake: 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10 sys-devel/binutils: 2.17 sys-devel/gcc-config: 1.3.16 sys-devel/libtool: 1.5.24 virtual/os-headers: 2.6.21 ACCEPT_KEYWORDS="amd64" AUTOCLEAN="yes" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-O2 -march=k8 -mfpmath=sse -pipe" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config" CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf /etc/revdep-rebuild /etc/terminfo" CXXFLAGS="-O2 -march=k8 -mfpmath=sse -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="distlocks metadata-transfer parallel-fetch sandbox sfperms strict" GENTOO_MIRRORS="http://darkstar.ist.utl.pt/gentoo/ ftp://ftp.rnl.ist.utl.pt/pub/gentoo/ http://cesium.di.uminho.pt/pub/gentoo/ ftp://cesium.di.uminho.pt/pub/gentoo/ http://ftp.dei.uc.pt/pub/linux/gentoo/ ftp://ftp.dei.uc.pt/pub/linux/gentoo/ http://linuv.uv.es/mirror/gentoo/ ftp://darkstar.ist.utl.pt/pub/gentoo/" LINGUAS="en" MAKEOPTS="-j3" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --filter=H_**/files/digest-*" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage" USE="3dnow 3dnowext X a52 aac aalib acl acpi adns alsa amd64 amr arts bash-completion berkdb bitmap-fonts bzip2 cairo cdda cddb cdparanoia cdr cli cracklib crypt css cups curl dbus dri dts dvd dvdr dvdread eds emboss encode esd evo exif fam fame ffmpeg fftw firefox flac fortran gdbm gif glib gphoto2 gpm gstreamer gtk hal iconv ieee1394 imlib ipv6 isdnlog jbig jpeg kde kdeenablefinal kdehiddenvisibility libcaca lm_sensors logrotate lzo mad matroska midi mikmod mjpeg mmx mmxext mng motif mp3 mpeg mudflap musepack ncurses nls nptl nptlonly nvidia ogg oggvorbis openexr opengl openmp oss pam pch pcre pda pdf perl png pnm portaudio ppds pppd python qt qt3 qt3support qt4 quicktime rar readline reflection scanner sdl session speex spell spl sqlite srt sse sse2 ssl svg tcpd theora threads tiff timidity truetype truetype-fonts tta type1-fonts unicode usb vcd vim-syntax vorbis wavpack wma wmf x264 xanim xml xorg xpm xv xvid xvmc zlib zoran" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" ELIBC="glibc" INPUT_DEVICES="evdev keyboard mouse" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en" USERLAND="GNU" VIDEO_CARDS="nv nvidia vesa" Unset: CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY
Created attachment 129160 [details, diff] patch to fix the problem (use "prelink --verify > tmpfile" instead of "prelink --undo -o tmpfile") ChangeLog entry: 2007-08-25 Israel G. Lugo <israel.lugo@lugosys.com> * pym/portage_checksum.py (perform_checksum): Make prelink summing work even as non-root user.
Created attachment 131800 [details, diff] use prelink --verify and also use mkstemp to avoid need for lock file Thanks, I slightly modified your patch to use mkstemp to avoid the need for a lock file. It's in svn r7801.
This has been released in 2.1.3.10.
