Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 420623 - net-print/foo2zjs-99999999 fails emerge with permission denied, access attempt outside the sandbox
Summary: net-print/foo2zjs-99999999 fails emerge with permission denied, access attemp...
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: [OLD] Printing (show other bugs)
Hardware: x86 Linux
: Normal normal with 2 votes (vote)
Assignee: Printing Team
Depends on:
Reported: 2012-06-11 03:45 UTC by Branko
Modified: 2013-12-18 16:12 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---

log output from the emerge (foo2zjs-99999999:20120610-174042.log,107.32 KB, text/plain)
2012-06-11 03:47 UTC, Branko
sandbox log after the emerge (sandbox-10592.log,3.98 KB, text/plain)
2012-06-11 03:48 UTC, Branko
Makefile from the work directory after the failure (Makefile,52.01 KB, text/plain)
2012-06-11 03:50 UTC, Branko
hplj1000 shell script from the work directory (hplj1000,7.52 KB, text/plain)
2012-06-11 03:56 UTC, Branko
build.log (build.log,101.07 KB, text/plain)
2013-02-21 19:10 UTC, Michael Mol
Fixed ebuild (foo2zjs-99999999.ebuild,1.72 KB, text/plain)
2013-12-18 16:05 UTC, Ian Stakenvicius (RETIRED)

Note You need to log in before you can comment on or make changes to this bug.
Description Branko 2012-06-11 03:45:56 UTC
emerge of foo2zjs failed with multiple ACCESS DENIED errors in the logs.

Analysis of the emerge as follows:

Makefile ran the bash script "hplj1000" several times starting at line 986.

hplj1000 attempted to remove a file directly from /lib/udev/rules.d rather than from the applicable work directory; at lines 157 and 158.

This resulted in sandbox errors from portage.

PS. hplj1000 is not my printer, its just one of many which foo2zjs installs.

Reproducible: Always

Steps to Reproduce:
I did emerge --newuse --emptytree system world 
The error was waiting for me in the morning.

I think it would happen with emerge foo2zjs (but I haven't tried this yet because I'm keeping the logs and $work directory intact for analysis and reporting this bug).

Actual Results:  
emerge terminated with exit status "1"
File /var/log/sandbox/sandbox-10592.log exists

Expected Results:  
Wish the emerge would work ;-)

I will attach Makefile, hplj1000 and error log/s in a moment.

Here is the output of emerge --info

Portage (default/linux/x86/10.0/desktop/kde, gcc-4.5.3, glibc-2.14.1-r3, 3.2.12-Pegasus-15 i686)
System uname: Linux-3.2.12-Pegasus-15-i686-Intel-R-_Core-TM-_i5_CPU_760_@_2.80GHz-with-gentoo-2.1
Timestamp of tree: Thu, 07 Jun 2012 11:05:01 +0000
app-shells/bash:          4.2_p20
dev-java/java-config:     2.1.11-r3
dev-lang/python:          2.7.3-r1, 3.1.5, 3.2.3
dev-util/cmake:           2.8.7-r5
dev-util/pkgconfig:       0.26
sys-apps/baselayout:      2.1-r1
sys-apps/sandbox:         2.5
sys-devel/autoconf:       2.13, 2.68
sys-devel/automake:       1.11.1
sys-devel/binutils:       2.21.1-r1
sys-devel/gcc:            4.4.5, 4.5.3-r2
sys-devel/gcc-config:     1.6
sys-devel/libtool:        2.4-r1
sys-devel/make:           3.82-r1
sys-kernel/linux-headers: 3.1 (virtual/os-headers)
sys-libs/glibc:           2.14.1-r3
Repositories: gentoo sabayon
CFLAGS="-march=prescott -O2 -fomit-frame-pointer -pipe"
CONFIG_PROTECT="/etc /usr/share/config /usr/share/gnupg/qualified.txt"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo"
CXXFLAGS="-march=prescott -O2 -fomit-frame-pointer -pipe"
FEATURES="assume-digests binpkg-logs distlocks ebuild-locks fixlafiles news parallel-fetch protect-owned sandbox sfperms split-elog split-log strict unknown-features-warn unmerge-logs unmerge-orphans userfetch"
GENTOO_MIRRORS="ftp://pegasus/ "
LDFLAGS="-Wl,-O1 -Wl,--as-needed"
MAKEOPTS="--jobs=6 --load-average=8"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
USE="X a52 aac acl acpi alsa avi bluetooth branding bzip2 cairo cdda cdr cli consolekit cracklib crypt cups cxx dbus declarative dri dts dvd dvdr emboss encode encoded exif fam ffmpeg firefox flac fortran gdbm gif gpm gtk iconv java jpeg jpeg2k kde kipi lcms ldap libnotify mad mailwrapper mbox mmx mng modules mp3 mp4 mpeg mudflap ncurses nptl nsplugin ogg opengl openmp pam pango pcre pdf phonon plasma png policykit ppds pppd pulseaudio python qt3support qt4 readline sdl semantic-desktop session spell sse sse2 sse3 sse4 ssl ssse3 startup-notification svg tcpd theora tiff tk truetype udev udisks unicode upower usb vdpau vlc vorbis win32codecs wxwidgets x264 x86 xcb xcomposite xine xinerama xinetd xml xorg xscreensaver xulrunner xv xvid zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1 emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="kexi words flow plan sheets stage tables krita karbon braindump" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" ELIBC="glibc" FOO2ZJS_DEVICES="hp1215" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ubx" INPUT_DEVICES="evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" PHP_TARGETS="php5-3" PYTHON_TARGETS="python3_2 python2_7" RUBY_TARGETS="ruby18 ruby19" USERLAND="GNU" VIDEO_CARDS="nvidia" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account"
Comment 1 Branko 2012-06-11 03:47:42 UTC
Created attachment 314931 [details]
log output from the emerge
Comment 2 Branko 2012-06-11 03:48:42 UTC
Created attachment 314933 [details]
sandbox log after the emerge
Comment 3 Branko 2012-06-11 03:50:52 UTC
Created attachment 314935 [details]
Makefile from the work directory after the failure
Comment 4 Branko 2012-06-11 03:56:04 UTC
Created attachment 314937 [details]
hplj1000 shell script from the work directory

This installs many support files.  Most of them are correctly loaded into the image directory under $work.  However, lines 157 and 158 attempt to remove files from /lib/udev

Thanks for supporting my printer under gentoo.
Comment 5 Achim Derigs 2012-06-13 08:08:41 UTC
To get it installed, call:

   # FEATURES="-sandbox" emerge -av foo2zjs
Comment 6 Branko 2012-06-13 10:35:36 UTC
Thanks, I can confirm that "-sandbox" works.

Hope a permanent fix can be made so that _emerge world_ can run unattended.

Thanks for your support.
Comment 7 Cecil Pierce 2012-10-20 00:55:22 UTC
The files that the compile is trying to delete are part of the HPLIP package (HP Linux Imaging and Printing).  I believe the compile is crashing if the files are NOT present, ie, HPLIP is not installed.  I have not tried the compile with HPLIP installed to confirm.  However, I verified that the files do not exist on my system before compilation.
Comment 8 Sergey Kivi 2012-11-13 09:07:54 UTC
Next patch close the problem of this bug id=420623 and bug id=375397

--- /usr/portage/net-print/foo2zjs/foo2zjs-99999999.ebuild	2012-01-19 04:01:33.000000000 +0700
+++ foo2zjs-99999999.ebuild	2012-11-13 14:31:57.000000000 +0700
@@ -52,7 +52,7 @@
 src_prepare() {
 	# Prevent an access violation.
 	sed -e "s~/etc~${D}/etc~g" -i Makefile
-	sed -e "s~/etc~${D}/etc~g" -i hplj1000
+#	sed -e "s~/etc~${D}/etc~g" -i hplj1000
 	# Prevent an access violation, do not create symlinks on live file system
 	# during installation.
@@ -68,5 +68,61 @@
 	# for them.
 	mkdir -p "${D}/usr/share/ppd"
-	emake DESTDIR="${D}" -j1 install install-hotplug
+	emake DESTDIR="${D}" -j1 install
+        insinto /etc/udev/rules.d/
+        insopts -m0644
+        newins hplj10xx.rules 11-hplj10xx.rules || die
+        exeinto /etc/hotplug/usb/
+        doexe hplj1000 || die
+        dosym /etc/hotplug/usb/hplj1000 /etc/hotplug/usb/hplj1005
+        dosym /etc/hotplug/usb/hplj1000 /etc/hotplug/usb/hplj1018
+        dosym /etc/hotplug/usb/hplj1000 /etc/hotplug/usb/hplj1020
+        dosym /etc/hotplug/usb/hplj1000 /etc/hotplug/usb/hpljP1005
+        dosym /etc/hotplug/usb/hplj1000 /etc/hotplug/usb/hpljP1006
+        dosym /etc/hotplug/usb/hplj1000 /etc/hotplug/usb/hpljP1007
+        dosym /etc/hotplug/usb/hplj1000 /etc/hotplug/usb/hpljP1008
+        dosym /etc/hotplug/usb/hplj1000 /etc/hotplug/usb/hpljP1505
+  echo "" >foo2zjs.usermap
+  echo "hplj$MODEL 0x0003 $USB1 $USB2 0x0000 0x0000 0x00 0x00 0x00 0x00 0x00 0x00 0x00000000" >>foo2zjs.usermap
+  echo "hplj$MODEL 0x0003 $USB1 $USB2 0x0000 0x0000 0x00 0x00 0x00 0x00 0x00 0x00 0x00000000" >>foo2zjs.usermap
+  echo "hplj$MODEL 0x0003 $USB1 $USB2 0x0000 0x0000 0x00 0x00 0x00 0x00 0x00 0x00 0x00000000" >>foo2zjs.usermap
+  echo "hplj$MODEL 0x0003 $USB1 $USB2 0x0000 0x0000 0x00 0x00 0x00 0x00 0x00 0x00 0x00000000" >>foo2zjs.usermap
+  echo "hplj$MODEL 0x0003 $USB1 $USB2 0x0000 0x0000 0x00 0x00 0x00 0x00 0x00 0x00 0x00000000" >>foo2zjs.usermap
+  echo "hplj$MODEL 0x0003 $USB1 $USB2 0x0000 0x0000 0x00 0x00 0x00 0x00 0x00 0x00 0x00000000" >>foo2zjs.usermap
+  echo "hplj$MODEL 0x0003 $USB1 $USB2 0x0000 0x0000 0x00 0x00 0x00 0x00 0x00 0x00 0x00000000" >>foo2zjs.usermap
+  echo "hplj$MODEL 0x0003 $USB1 $USB2 0x0000 0x0000 0x00 0x00 0x00 0x00 0x00 0x00 0x00000000" >>foo2zjs.usermap
+  echo "hplj$MODEL 0x0003 $USB1 $USB2 0x0000 0x0000 0x00 0x00 0x00 0x00 0x00 0x00 0x00000000" >>foo2zjs.usermap
+    insinto /etc/hotplug/usb/
+    insopts -m0664
+    doins foo2zjs.usermap || die
Comment 9 Paul McDermott 2013-01-27 23:07:16 UTC
Same issue for me.

I can confirm that FEATURES="-sandbox" works for me as a workaround.

I do not have the files that the script was trying to delete on my system. This is a system that previously had HPLIP installed, but I had to removed it as foo2zjs is blocked by hplip.
Comment 10 Michael Mol 2013-02-21 19:10:53 UTC
Created attachment 339624 [details]

Happens for me, too. I do not have hplip installed. build.log attached.
Comment 11 Michael Mol 2013-02-21 19:22:24 UTC
Similarly, FEATURES="${FEATURES} -sandbox" worked for me as well.
Comment 12 eroen 2013-09-03 17:06:43 UTC
I also see an access violation on attempting to install foo2zjs today. The following patch to the ebuild neuters the remaining problematic (and misguided) sections of the build system. (the current ebuild handles some, but not all the problem bits)

The build system attempts to delete the files to be installed before installing them, and does not take DESTINATION into account when doing this. It makes no difference for us, since we always install to an empty location and clean up completely when uninstalling/upgrading. That is, assuming no obsolete rules have been installed outside of portage's sandbox.

--- a/net-print/foo2zjs/foo2zjs-99999999.ebuild
+++ b/net-print/foo2zjs/foo2zjs-99999999.ebuild
@@ -51,8 +51,12 @@ src_unpack() {
 src_prepare() {
 	# Prevent an access violation.
-	sed -e "s~/etc~${D}/etc~g" -i Makefile
-	sed -e "s~/etc~${D}/etc~g" -i hplj1000
+	sed -e "s~/etc~${D}/etc~g" \
+		-e "s~rm -f \$(LIBUDEVDIR)~rm -f${D}\$(LIBUDEVDIR)~" \
+		-i Makefile
+	sed -e "s~/etc~${D}/etc~g" \
+		-e "s~rm -f /lib/udev/rules.d~rm -f ${D}/lib/udev/rules.d~" \
+		-i hplj1000
 	# Prevent an access violation, do not create symlinks on live file system
 	# during installation.
Comment 13 Ian Stakenvicius (RETIRED) gentoo-dev 2013-12-18 16:05:29 UTC
Created attachment 365606 [details]
Fixed ebuild

Attached is an updated ebuild that uses a more minimal set of sed commands to take care of the offending lines.
Comment 14 Ian Stakenvicius (RETIRED) gentoo-dev 2013-12-18 16:12:36 UTC
+  18 Dec 2013; Ian Stakenvicius <> foo2zjs-99999999.ebuild:
+  fix access violations, bug 420623