Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 238276 - [gnome-overlay] =gnome-base/gnome-keyring-2.24.0 sandbox issue (gconf writeability)
Summary: [gnome-overlay] =gnome-base/gnome-keyring-2.24.0 sandbox issue (gconf writeab...
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: [OLD] GNOME (show other bugs)
Hardware: All Linux
: High major (vote)
Assignee: Gentoo Linux Gnome Desktop Team
: 238438 242258 (view as bug list)
Depends on:
Blocks: 243288
  Show dependency tree
Reported: 2008-09-21 13:01 UTC by Kobboi
Modified: 2010-10-12 15:20 UTC (History)
8 users (show)

See Also:
Package list:
Runtime testing required: ---

build.log (build.log,192.76 KB, text/plain)
2008-09-22 11:23 UTC, Edward Hervey
gconf-2.23.2-disable-writetest.patch (gconf-2.23.2-disable-writetest.patch,937 bytes, patch)
2008-09-23 16:28 UTC, Mike Auty (RETIRED)
Details | Diff
gconftool-disable-makefile.patch (gconftool-disable-makefile.patch,686 bytes, patch)
2008-09-23 23:38 UTC, Ed Catmur
Details | Diff
gnome-applets- failed build log with MAKEOPTS="-j1" (build.log,289.60 KB, text/plain)
2008-09-28 10:01 UTC, Mike Auty (RETIRED)
Details (gnome-power-manager-2.24.0.log,220.23 KB, text/plain)
2008-09-28 10:10 UTC, Maciej Piechotka

Note You need to log in before you can comment on or make changes to this bug.
Description Kobboi 2008-09-21 13:01:17 UTC
I can't upgrade gnome-keyring-2.23.91 to 2.23.92. The logging shows

ACCESS DENIED  open_wr:   /root/.gconf/.testing.writeability
ACCESS DENIED  unlink:    /root/.gconf/.testing.writeability

(gconftool-2:29033): GConf-WARNING **: None of the resolved addresses are writable; saving configuration settings will not be possible

and the emerge ends with the notification:

--------------------------- ACCESS VIOLATION SUMMARY ---------------------------
LOG FILE = "/var/log/sandbox/sandbox-28570.log"

open_wr:   /root/.gconf/.testing.writeability
unlink:    /root/.gconf/.testing.writeability

Reproducible: Always
Comment 1 Kobboi 2008-09-21 13:46:59 UTC
Same issue with seahorse-2.23.92
Comment 2 Edward Hervey 2008-09-22 11:22:40 UTC
Same issue with gnome-keyring-2.24.0

Portage 2.2_rc9 (default/linux/amd64/2008.0, gcc-4.3.1, glibc-2.8_p20080602-r0, 2.6.26-gentoo-r1 x86_64)
System uname: Linux-2.6.26-gentoo-r1-x86_64-AMD_Athlon-tm-_64_X2_Dual_Core_Processor_4600+-with-glibc2.2.5
Timestamp of tree: Mon, 22 Sep 2008 09:05:01 +0000
distcc 2.18.3 x86_64-pc-linux-gnu (protocols 1 and 2) (default port 3632) [disabled]
app-shells/bash:     3.2_p39
dev-java/java-config: 1.3.7, 2.1.6-r1
dev-lang/python:     2.4.4-r14, 2.5.2-r8
dev-python/pycrypto: 2.0.1-r6
sys-apps/baselayout: 2.0.0
sys-apps/openrc:     0.2.5
sys-devel/autoconf:  2.13, 2.63
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10.1-r1
sys-devel/binutils:  2.18-r3
sys-devel/gcc-config: 1.4.0-r4
sys-devel/libtool:   2.2.6a
virtual/os-headers:  2.6.26
ACCEPT_KEYWORDS="amd64 ~amd64"
CFLAGS="-march=athlon64 -pipe -g2 -O2 -msse3"
CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/config"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/terminfo /etc/texmf/web2c /etc/udev/rules.d"
CXXFLAGS="-march=athlon64 -pipe -g2 -O2 -msse3"
FEATURES="distlocks parallel-fetch preserve-libs protect-owned sandbox sfperms splitdebug strict unmerge-orphans userfetch"
LINGUAS="en en_GB es_ES es fr it de"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
USE="3dnow 3dnowext X a52 aac aalib accessibility acl acpi adns alsa amd64 amr apm asf atm audioscrobbler avahi berkdb bzip2 cairo cdr cli cracklib crypt cups curl daap dbus dhcp dri dv dvb dvd dvdr dvdread edl eds emacs exif fat ffmpeg firefox flac fortran freetts fuse galago gdbm gif gimp glitz gnome gnome-keyring gnuplot gnutls gphoto2 gpm graphviz gstreamer gstreamer10 gtk gtkhtml hal iconv ieee1394 ipv6 isdnlog java joystick jpeg jpeg2k keyring libcaca libffi libnotify lirc live lm_sensors mad matroska midi mmx mmxext mono msn mtp mudflap multilib musicbrainz mysql nautilus ncurses network nfs nls nntp nptl nptlonly nsplugin ntfs nvidia ogg oggvorbis openexr opengl openmp pam pcmcia pcre pdf perl png ppds pppd python quicktime readline reflection reiserfs samba session silc snmp speex spell spl sqlite sqlite3 sse sse2 ssl svg sysfs tagwriting tcpd theora tiff tk truetype unicode v4l vorbis x264 xinerama xorg xv xvid xvmc zeroconf zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="keyboard mouse vmmouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en en_GB es_ES es fr it de" USERLAND="GNU" VIDEO_CARDS="nvidia vesa"
Comment 3 Edward Hervey 2008-09-22 11:23:28 UTC
Created attachment 166082 [details]
Comment 4 Edward Hervey 2008-09-22 12:48:21 UTC
just noticed the error was mangled in the build.log because I'm using -j3. Here's the actual line without -j3

Making install in data
make[2]: Entering directory `/var/tmp/portage/gnome-base/gnome-keyring-2.24.0/work/gnome-keyring-2.24.0/daemon/data'
make[3]: Entering directory `/var/tmp/portage/gnome-base/gnome-keyring-2.24.0/work/gnome-keyring-2.24.0/daemon/data'
make[3]: Nothing to be done for `install-exec-am'.
GCONF_DISABLE_MAKEFILE_SCHEMA_INSTALL is set, not installing schemas
ACCESS DENIED  open_wr:   /root/.gconf/.testing.writeability
ACCESS DENIED  unlink:    /root/.gconf/.testing.writeability

(gconftool-2:12446): GConf-WARNING **: None of the resolved addresses are writable; saving configuration settings will not be possible
test -z "/etc/gconf/schemas" || /bin/mkdir -p "/var/tmp/portage/gnome-base/gnome-keyring-2.24.0/image//etc/gconf/schemas"
 /usr/bin/install -c -m 644 'gnome-keyring.schemas' '/var/tmp/portage/gnome-base/gnome-keyring-2.24.0/image//etc/gconf/schemas/gnome-keyring.schemas'
make[3]: Leaving directory `/var/tmp/portage/gnome-base/gnome-keyring-2.24.0/work/gnome-keyring-2.24.0/daemon/data'
Comment 5 Albert W. Hopkins 2008-09-22 19:22:37 UTC
Same issue for deskbar-applet-2.23.92
Comment 6 Dawid Węgliński (RETIRED) gentoo-dev 2008-09-23 00:51:54 UTC
*** Bug 238438 has been marked as a duplicate of this bug. ***
Comment 7 Maciej Piechotka 2008-09-23 01:01:04 UTC
May someone include gconf to title? I've searched by gconf as I had this issue with several packages.
Comment 8 Rémi Cardona (RETIRED) gentoo-dev 2008-09-23 08:28:18 UTC
Like everyone else, I can reproduce. I'm trying to look into it, but it all looks good at first glance... I'm sure about 2 things though:

1) finding the cause will take lots of time,
2) the fix will be a one-liner.

Comment 9 Maciej Piechotka 2008-09-23 11:17:36 UTC
Comment 10 Mike Auty (RETIRED) gentoo-dev 2008-09-23 13:44:33 UTC
Ok, just some more information to add:

I had gnome-keyring-2.23.91 built, and failures started to happen when building gnome-keyring-2.23.92.  I just rolled back the ebuild (which git says is identical) to gnome-keyring-2.23.91 and it failed with the same error.  This suggests that the problem was introduced in a different package, but seems to be manifesting in these four packages.  My guess is gconf, so I'm off to poke and prod that a bit more...
Comment 11 Mike Auty (RETIRED) gentoo-dev 2008-09-23 16:28:43 UTC
Created attachment 166186 [details, diff]

Ok, so, after a *lot* of stracing and some code diffing...

The only change made between 2.22.0 and 2.23.2 to the gconftool-2 source (besides including config.h) is to add in some error detection for if a running gconf instance can't be found.  If it can't, it tries to look for one, and in so doing calls gconf_engine_get_local_for_addresses -> gconf_sources_new_from_addresses -> gconf_resolve_address which carries out the writability test.  Since the original call never used to happen, the sandbox never got triggered.  Why it doesn't happen on *every* package, I've no idea...

Either way, the following patch reverts this behaviour and allows compilation of gnome-keyring, seahorse and I assume all the others.

Not sure whether this should be taken upstream or not, they're probably doing the right thing, just in the wrong way.  Anyway, let me know if you need any further information on this...
Comment 12 Mart Raudsepp gentoo-dev 2008-09-23 18:25:16 UTC
This basically reverts the change that's supposed to make gconftool-2 work outside of X I believe
Comment 13 Ed Catmur 2008-09-23 23:38:52 UTC
Created attachment 166223 [details, diff]

Please try this patch.  It is probably safer (and more likely to get accepted upstream?), as it only affects the gcalctool utility.

It makes the --makefile-install-rule and --makefile-uninstall-rule options terminate early if GCONF_DISABLE_MAKEFILE_SCHEMA_INSTALL / GCONF_DISABLE_MAKEFILE_SCHEMA_UNINSTALL is set, which should be OK as they cannot be combined with other options anyway.
Comment 14 Rémi Cardona (RETIRED) gentoo-dev 2008-09-24 06:31:10 UTC
Meh, sorry for not keeping you guys in the loop, but we already figured this out yesterday and Daniel committed a patch that's 100% like Ed's.

So just update the overlay and rebuild gconf before any other package.

(In reply to comment #11)
> Why it doesn't happen on *every* package, I've no idea...

That's because most packages don't actually call gconftool-2 at all. Most packages (ie, gedit) check for DESTDIR and only run gconftool-2 if it is empty. And since gnome2_src_install does "emake DESTDIR=$D install", that explains why almost all packages just went around this major pothole.

Thanks to all of you for your work :)

Note to self (and other gnomers): post the patch upstream
Comment 15 Mike Auty (RETIRED) gentoo-dev 2008-09-27 11:26:53 UTC

Still running into issues with evince-2.24.0 and gnome-applets-2.23.92.  This seems to be because gconftool-2 --shutdown gets called.  Since the recent patch only fixes --makefile-install-rule and --makefile-uninstall-rule, --shutdown still does the writability test...

Any chance of a similar patch for this one?
Comment 16 Maciej Piechotka 2008-09-28 09:36:36 UTC
The patch do not work with gconf 2.24:

>>> Completed installing gnome-applets- into /var/tmp/portage/gnome-base/gnome-applets-

--------------------------- ACCESS VIOLATION SUMMARY ---------------------------
LOG FILE = "/var/log/sandbox/sandbox-7127.log"

open_wr:   /root/.gconf/.testing.writeability
unlink:    /root/.gconf/.testing.writeability
 * QA Notice: Unrecognized configure options:
 * 	configure: WARNING: Unrecognized options: --disable-gtk-doc
 * 	configure: WARNING: Unrecognized options: --disable-gtk-doc

>>> Failed to emerge gnome-base/gnome-applets-, Log file:

Comment 17 Rémi Cardona (RETIRED) gentoo-dev 2008-09-28 09:52:44 UTC
(In reply to comment #16)
> The patch do not work with gconf 2.24:

Could you post a full build.log, preferably with MAKEOPTS="-j1"?

Comment 18 Mike Auty (RETIRED) gentoo-dev 2008-09-28 10:01:15 UTC
Created attachment 166666 [details]
gnome-applets- failed build log with MAKEOPTS="-j1"

As I mentioned in comment 15, it seems to be the --shutdown command (although I'm no longer showing the problem with evince-2.24.0):

GCONF_DISABLE_MAKEFILE_SCHEMA_INSTALL is set, not installing schemas
/usr/bin/gconftool-2 --shutdown
ACCESS DENIED  open_wr:   /root/.gconf/.testing.writeability
ACCESS DENIED  unlink:    /root/.gconf/.testing.writeability
Comment 19 Maciej Piechotka 2008-09-28 10:10:57 UTC
Created attachment 166668 [details]

May be the option '--force-writability' or equivalent should be added?
Comment 20 Maciej Piechotka 2008-09-29 00:45:59 UTC
Gnome applets seems to be fixed in overlay. What with GPM?
Comment 21 Rémi Cardona (RETIRED) gentoo-dev 2008-09-29 05:57:38 UTC
(In reply to comment #20)
> What with GPM?

It's not failing because of gconf. Please open another bug so that we can further help you. Let's keep this bug focused, shall we? :)

Comment 22 Rémi Cardona (RETIRED) gentoo-dev 2008-10-07 13:46:07 UTC
Closing fixed, nothing left to do here since gnome-applets is taken care of.

Comment 23 Kobboi 2008-10-08 11:37:37 UTC
Still having gconf writeability issues with ekiga-2.0.12 :-(
Comment 24 Rémi Cardona (RETIRED) gentoo-dev 2008-10-08 13:54:57 UTC
(In reply to comment #23)
> Still having gconf writeability issues with ekiga-2.0.12 :-(

Please open a new bug so that we can better keep track of it. :)

Comment 25 Gilles Dartiguelongue gentoo-dev 2008-10-15 20:30:32 UTC
*** Bug 242258 has been marked as a duplicate of this bug. ***
Comment 26 Sipingal Liu 2008-11-05 06:57:02 UTC
(In reply to comment #0)
> I can't upgrade gnome-keyring-2.23.91 to 2.23.92. The logging shows
> ACCESS DENIED  open_wr:   /root/.gconf/.testing.writeability
> ACCESS DENIED  unlink:    /root/.gconf/.testing.writeability
> (gconftool-2:29033): GConf-WARNING **: None of the resolved addresses are
> writable; saving configuration settings will not be possible
> and the emerge ends with the notification:
> --------------------------- ACCESS VIOLATION SUMMARY
> ---------------------------
> LOG FILE = "/var/log/sandbox/sandbox-28570.log"
> open_wr:   /root/.gconf/.testing.writeability
> unlink:    /root/.gconf/.testing.writeability
> --------------------------------------------------------------------------------
> Reproducible: Always

I encoutered this error. My solution was disable sandbox for those packages. I think the test program didn't create the "/root" directory in the sandbox. That caused this problem.