Created attachment 397048 [details] emerge log make[1]: *** [/var/tmp/portage/net-libs/nodejs-0.12.0/work/node-v0.12.0/out/Release/obj.target/v8_snapshot/geni/snapshot.cc] Error 139 make[1]: Leaving directory '/var/tmp/portage/net-libs/nodejs-0.12.0/work/node-v0.12.0/out' Makefile:45: recipe for target 'node' failed make: *** [node] Error 2 * ERROR: net-libs/nodejs-0.12.0::gentoo failed (compile phase): * emake failed * * If you need support, post the output of `emerge --info '=net-libs/nodejs-0.12.0::gentoo'`, * the complete build log and the output of `emerge -pqv '=net-libs/nodejs-0.12.0::gentoo'`. * The complete build log is located at '/var/log/portage/net-libs:nodejs-0.12.0:20150220-051626.log'. * For convenience, a symlink to the build log is located at '/var/tmp/portage/net-libs/nodejs-0.12.0/temp/build.log'. * The ebuild environment file is located at '/var/tmp/portage/net-libs/nodejs-0.12.0/temp/environment'. * Working directory: '/var/tmp/portage/net-libs/nodejs-0.12.0/work/node-v0.12.0' * S: '/var/tmp/portage/net-libs/nodejs-0.12.0/work/node-v0.12.0' This is a built bot chroot >> hardened-unstable << image located at a hardened stable host. Portage 2.2.14 (python 2.7.9-final-0, hardened/linux/amd64, gcc-4.8.3, glibc-2.19-r1, 3.18.5-hardened-r1 x86_64) ================================================================= System Settings ================================================================= System uname: Linux-3.18.5-hardened-r1-x86_64-Intel-R-_Core-TM-_i7-3770_CPU_@_3.40GHz-with-gentoo-2.2 KiB Mem: 16166860 total, 1786472 free KiB Swap: 16777212 total, 16735716 free Timestamp of tree: Fri, 20 Feb 2015 02:00:02 +0000 ld GNU ld (Gentoo 2.24 p1.4) 2.24 app-shells/bash: 4.2_p53 dev-java/java-config: 2.2.0 dev-lang/perl: 5.20.2 dev-lang/python: 2.7.9-r2, 3.3.5-r1 dev-util/cmake: 3.1.0 dev-util/pkgconfig: 0.28-r1 sys-apps/baselayout: 2.2 sys-apps/openrc: 0.12.4 sys-apps/sandbox: 2.6-r1 sys-devel/autoconf: 2.13, 2.69 sys-devel/automake: 1.11.6-r1, 1.13.4 sys-devel/binutils: 2.24-r3 sys-devel/gcc: 4.8.3, 4.9.2 sys-devel/gcc-config: 1.7.3 sys-devel/libtool: 2.4.2-r1 sys-devel/make: 4.0-r1 sys-kernel/linux-headers: 3.16 (virtual/os-headers) sys-libs/glibc: 2.19-r1 Repositories: gentoo ACCEPT_KEYWORDS="amd64 ~amd64" ACCEPT_LICENSE="*" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=native -O2 -pipe" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/share/gnupg/qualified.txt /var/lib/hsqldb" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/sandbox.d /etc/terminfo" CXXFLAGS="-march=native -O2 -pipe" DISTDIR="/usr/portage/distfiles" EMERGE_DEFAULT_OPTS="--nospinner --tree --quiet-build --quiet --deep --jobs 1" FCFLAGS="-O2 -pipe" FEATURES="assume-digests binpkg-logs config-protect-if-modified distlocks ebuild-locks fixlafiles merge-sync news parallel-fetch preserve-libs protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr" FFLAGS="-O2 -pipe" GENTOO_MIRRORS="http://ftp.uni-erlangen.de/pub/mirrors/gentoo" LANG="en_US.utf8" LDFLAGS="-Wl,-O1 -Wl,--as-needed" MAKEOPTS="-j1" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="" USE="X acl aes-ni alsa amd64 apache2 avx avx2 berkdb bzip2 cli corefonts cracklib crypt cups cxx dbus dnssec dri drmkms dvd ecc extraengine ffmpeg fontconfig fortran fpm gdbm gtk gudev gui hardened iconv isag jpeg justify libav libvirtd logrotate macvtap mbox minizip mmx modules multilib mysql ncurses nls nptl ogg opengl openmp pam pax_kernel pcre plasma png policykit qemu qt3support qt4 readline session spice sse sse2 sse4 sse4_1 sse4_2 ssh-askpass ssl ssse3 tcpd theora thinkpad threads tk tls truetype uml unicode urandom usb usbredir uxa v4l v4l2 video vorbis xa xattr xmp xscreensaver xtpax xvfb xvmc zenmap zlib" ABI_X86="64" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="kexi words flow plan sheets stage tables krita karbon braindump author" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="aes avx mmx mmxext popcnt sse sse2 sse3 sse4_1 sse4_2 ssse3" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ublox ubx" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php5-5" PYTHON_ SINGLE_TARGET="python2_7" PYTHON_TARGETS="python2_7 python3_3" RUBY_TARGETS="ruby19 ruby20" USERLAND="GNU" VIDEO_CARDS="fbdev glint intel mach64 mga nouveau nv r128 radeon savage sis tdfx trident vesa via vmware dummy v4l" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" Unset: CPPFLAGS, CTARGET, INSTALL_MASK, LC_ALL, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, SYNC, USE_PYTHON reasons seems to be : # grep nodejs /var/log/messages Feb 20 06:26:57 tor-relay kernel: [1074303.841631] grsec: From 78.54.136.23: denied RWX mmap of <anonymous mapping> by /mnt/qa/tinderbox/amd64-hardened-unstable/var/tmp/portage/net-libs/nodejs-0.12.0/work/node-v0.12.0/out/Release/mksnapshot[mksnapshot:11066] uid/euid:250/250 gid/egid:250/250, parent /mnt/qa/tinderbox/amd64-hardened-unstable/bin/bash[sh:11062] uid/euid:250/250 gid/egid:250/250 Feb 20 06:26:57 tor-relay kernel: [1074303.842408] grsec: From 78.54.136.23: denied RWX mmap of <anonymous mapping> by /mnt/qa/tinderbox/amd64-hardened-unstable/var/tmp/portage/net-libs/nodejs-0.12.0/work/node-v0.12.0/out/Release/mksnapshot[mksnapshot:11066] uid/euid:250/250 gid/egid:250/250, parent /mnt/qa/tinderbox/amd64-hardened-unstable/bin/bash[sh:11062] uid/euid:250/250 gid/egid:250/250 Feb 20 06:26:57 tor-relay kernel: [1074303.842417] grsec: From 78.54.136.23: denied RWX mmap of <anonymous mapping> by /mnt/qa/tinderbox/amd64-hardened-unstable/var/tmp/portage/net-libs/nodejs-0.12.0/work/node-v0.12.0/out/Release/mksnapshot[mksnapshot:11066] uid/euid:250/250 gid/egid:250/250, parent /mnt/qa/tinderbox/amd64-hardened-unstable/bin/bash[sh:11062] uid/euid:250/250 gid/egid:250/250 Feb 20 06:26:57 tor-relay kernel: [1074303.842424] grsec: From 78.54.136.23: denied RWX mmap of <anonymous mapping> by /mnt/qa/tinderbox/amd64-hardened-unstable/var/tmp/portage/net-libs/nodejs-0.12.0/work/node-v0.12.0/out/Release/mksnapshot[mksnapshot:11066] uid/euid:250/250 gid/egid:250/250, parent /mnt/qa/tinderbox/amd64-hardened-unstable/bin/bash[sh:11062] uid/euid:250/250 gid/egid:250/250 Feb 20 06:26:57 tor-relay kernel: [1074303.842543] grsec: From 78.54.136.23: denied RWX mmap of <anonymous mapping> by /mnt/qa/tinderbox/amd64-hardened-unstable/var/tmp/portage/net-libs/nodejs-0.12.0/work/node-v0.12.0/out/Release/mksnapshot[mksnapshot:11066] uid/euid:250/250 gid/egid:250/250, parent /mnt/qa/tinderbox/amd64-hardened-unstable/bin/bash[sh:11062] uid/euid:250/250 gid/egid:250/250 Feb 20 06:26:57 tor-relay kernel: [1074303.842559] grsec: From 78.54.136.23: Segmentation fault occurred at 00000000000002bf in /mnt/qa/tinderbox/amd64-hardened-unstable/var/tmp/portage/net-libs/nodejs-0.12.0/work/node-v0.12.0/out/Release/mksnapshot[mksnapshot:11066] uid/euid:250/250 gid/egid:250/250, parent /mnt/qa/tinderbox/amd64-hardened-unstable/bin/bash[sh:11062] uid/euid:250/250 gid/egid:250/250 Feb 20 06:26:57 tor-relay kernel: [1074303.842604] grsec: From 78.54.136.23: denied resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 for /mnt/qa/tinderbox/amd64-hardened-unstable/var/tmp/portage/net-libs/nodejs-0.12.0/work/node-v0.12.0/out/Release/mksnapshot[mksnapshot:11066] uid/euid:250/250 gid/egid:250/250, parent /mnt/qa/tinderbox/amd64-hardened-unstable/bin/bash[sh:11062] uid/euid:250/250 gid/egid:250/250
Still applicable to 0.12.2. Btw, I just discussed with Hardened Team and they suggested to patch buildsystem to use paxmark.sh for paxmarking mksnapshot. (I guess, they mean paxmark.sh from elfix package).
(In reply to Vadim A. Misbakh-Soloviov (mva) from comment #1) > Still applicable to 0.12.2. > > Btw, I just discussed with Hardened Team and they suggested to patch > buildsystem to use paxmark.sh for paxmarking mksnapshot. > (I guess, they mean paxmark.sh from elfix package). Yes. These annoying bugs require pax marking during build under a pax kernel. So if you were to build this under a vanilla kernl, and pax mark at the end, it would work too, the problem is *during* the build. I don't know nodejs internals, but I assume that if you can figure out where in the build system it runs mksnapshot the first time, just do `paxmark.sh m mksnapshot` the line before and you should be good.
(In reply to Anthony Basile from comment #2) > (In reply to Vadim A. Misbakh-Soloviov (mva) from comment #1) > > Still applicable to 0.12.2. > > > > Btw, I just discussed with Hardened Team and they suggested to patch > > buildsystem to use paxmark.sh for paxmarking mksnapshot. > > (I guess, they mean paxmark.sh from elfix package). > > Yes. These annoying bugs require pax marking during build under a pax > kernel. So if you were to build this under a vanilla kernl, and pax mark at > the end, it would work too, the problem is *during* the build. > > I don't know nodejs internals, but I assume that if you can figure out where > in the build system it runs mksnapshot the first time, just do `paxmark.sh m > mksnapshot` the line before and you should be good. I'll have a look at this.
Here's a work in progress of an ebuild that means to address these problems (and all other open nodejs issues). It's the latest version of iojs and once this is merge I'll port it back to the nodejs 0.12.x branch. Please let me know if pax-marking works for you: https://github.com/gentoo/gentoo-portage-rsync-mirror/pull/95
(In reply to Johan Bergström from comment #4) > Here's a work in progress of an ebuild that means to address these problems > (and all other open nodejs issues). It's the latest version of iojs and once > this is merge I'll port it back to the nodejs 0.12.x branch. Please let me > know if pax-marking works for you: > https://github.com/gentoo/gentoo-portage-rsync-mirror/pull/95 So, you're suggesting to try to install iojs-1.6.4 from PR instead of nodejs?
(In reply to Vadim A. Misbakh-Soloviov (mva) from comment #5) > So, you're suggesting to try to install iojs-1.6.4 from PR instead of nodejs? Correct. As you may or may not know, iojs is a fork of nodejs with a much more active community. If the PR ebuild works for you, I'll port all changes to a nodejs 0.12.x ebuild as well.
It seems to install fine with both enabled and disabled "snapshot" USE flag ;)
(In reply to Vadim A. Misbakh-Soloviov (mva) from comment #7) > It seems to install fine with both enabled and disabled "snapshot" USE flag > ;) great news.
*** Bug 539342 has been marked as a duplicate of this bug. ***
WIP here: https://github.com/gentoo/gentoo-portage-rsync-mirror/pull/118
This should be fixed since 0.12.2-r2.
