mail-client/thunderbird-38.5.0 with USE="" needs comm-esr38/tbird/dist/bin/xpcshell paxmarked with the -m flag before the install phase as otherwise the install will fail with xpcsheel saying out of memory. Reproducible: Always Steps to Reproduce: On a Gentoo Hardened system: 1. USE="crypt custom-optimization dbus gstreamer hardened jemalloc3 jit ldap lightning mozdom system-cairo system-icu system-jpeg system-libvpx system-sqlite -bindist -custom-cflags -debug -gstreamer-0 -minimal -pulseaudio -startup-notification" emerge -va =mail-client/thunderbird-38.5.0 Actual Results: >>> Install thunderbird-38.5.0 into /var/tmp/portage/mail-client/thunderbird-38.5.0/image/ category mail-client * XATTR_PAX marking -m /var/tmp/portage/mail-client/thunderbird-38.5.0/work/comm-esr38/tbird/mozilla/dist/bin/xpcshell with paxctl-ng make -j6 DESTDIR=/var/tmp/portage/mail-client/thunderbird-38.5.0/image/ install make[1]: Entering directory '/var/tmp/portage/mail-client/thunderbird-38.5.0/work/comm-esr38/tbird/mail/installer' OMNIJAR_NAME=omni.ja \ /var/tmp/portage/mail-client/thunderbird-38.5.0/work/comm-esr38/tbird/_virtualenv/bin/python /var/tmp/portage/mail-client/thunderbird-38.5.0/work/comm-esr38/mozilla/toolkit/mozapps/installer/packager.py -DMOZ_GLUE_IN_PROGRAM -DAB_CD=en-US -DNO_NSPR_10_SUPPORT -DAB_CD=en-US -DMOZ_APP_NAME=thunderbird -DPREF_DIR=defaults/pref -DMOZ_CALENDAR=1 -DMOZ_ENABLE_GNOME_COMPONENT=1 -DMOZ_GTK2=1 -DJAREXT= -DMOZ_NATIVE_NSPR=1 -DMOZ_NATIVE_NSS=1 -DMOZ_CHILD_PROCESS_NAME=plugin-container -DDLL_PREFIX=lib -DDLL_SUFFIX=.so -DBIN_SUFFIX= -DDIR_MACOS= -DDIR_RESOURCES= -DBINPATH=bin -DRESPATH=bin -DAB=en -DMOZ_ICU_VERSION=52 -DMOZ_NATIVE_ICU -DMOZ_SHARED_ICU -DMOZ_ICU_DBG_SUFFIX= \ --format omni \ --removals /var/tmp/portage/mail-client/thunderbird-38.5.0/work/comm-esr38/mail/installer/removed-files.in \ --ignore-errors \ \ \ \ --optimizejars \ \ package-manifest ../../dist ../../dist/thunderbird \ --non-resource defaults/messenger/mailViews.dat Executing /var/tmp/portage/mail-client/thunderbird-38.5.0/work/comm-esr38/tbird/dist/bin/xpcshell -g /var/tmp/portage/mail-client/thunderbird-38.5.0/work/comm-esr38/tbird/dist/bin/ -a /var/tmp/portage/mail-client/thunderbird-38.5.0/work/comm-esr38/tbird/dist/bin/ -f /var/tmp/portage/mail-client/thunderbird-38.5.0/work/comm-esr38/mozilla/toolkit/mozapps/installer/precompile_cache.js -e precompile_startupcache("resource://gre/"); out of memory out of memory Traceback (most recent call last): File "/var/tmp/portage/mail-client/thunderbird-38.5.0/work/comm-esr38/mozilla/toolkit/mozapps/installer/packager.py", line 403, in <module> main() File "/var/tmp/portage/mail-client/thunderbird-38.5.0/work/comm-esr38/mozilla/toolkit/mozapps/installer/packager.py", line 397, in main args.source, gre_path, base) File "/var/tmp/portage/mail-client/thunderbird-38.5.0/work/comm-esr38/mozilla/toolkit/mozapps/installer/packager.py", line 156, in precompile_cache errors.fatal('Error while running startup cache precompilation') File "/var/tmp/portage/mail-client/thunderbird-38.5.0/work/comm-esr38/mozilla/python/mozbuild/mozpack/errors.py", line 101, in fatal self._handle(self.FATAL, msg) File "/var/tmp/portage/mail-client/thunderbird-38.5.0/work/comm-esr38/mozilla/python/mozbuild/mozpack/errors.py", line 96, in _handle raise ErrorMessage(msg) mozpack.errors.ErrorMessage: Error: Error while running startup cache precompilation /var/tmp/portage/mail-client/thunderbird-38.5.0/work/comm-esr38/mozilla/toolkit/mozapps/installer/packager.mk:36: recipe for target 'stage-package' failed make[1]: *** [stage-package] Error 1 make[1]: Leaving directory '/var/tmp/portage/mail-client/thunderbird-38.5.0/work/comm-esr38/tbird/mail/installer' /var/tmp/portage/mail-client/thunderbird-38.5.0/work/comm-esr38/mozilla/../mail/build.mk:19: recipe for target 'install' failed make: *** [install] Error 2 * ERROR: mail-client/thunderbird-38.5.0::gentoo failed (install phase): * emake failed * * If you need support, post the output of `emerge --info '=mail-client/thunderbird-38.5.0::gentoo'`, * the complete build log and the output of `emerge -pqv '=mail-client/thunderbird-38.5.0::gentoo'`. * The complete build log is located at '/var/tmp/portage/mail-client/thunderbird-38.5.0/temp/build.log'. * The ebuild environment file is located at '/var/tmp/portage/mail-client/thunderbird-38.5.0/temp/environment'. * Working directory: '/var/tmp/portage/mail-client/thunderbird-38.5.0/work/comm-esr38/tbird' * S: '/var/tmp/portage/mail-client/thunderbird-38.5.0/work/comm-esr38' Expected Results: Install phase completes sucessfully. I suspect there is a path issue here, the following binary is paxmarked -m: /var/tmp/portage/mail-client/thunderbird-38.5.0/work/comm-esr38/tbird/mozilla/dist/bin/xpcshell But we should instead paxmark this path: /var/tmp/portage/mail-client/thunderbird-38.5.0/work/comm-esr38/tbird/dist/bin/xpcshell You'll notice that mozilla is out of the path here.
Created attachment 421146 [details, diff] Patch to the ebuild for fixing the paxmarking issue This patch should use the right path for the xpcshell binary..
A single report can not confirm a bug. I for one an unable to duplicate on my hardened system.
As this is a trivial fix, I have pushed it. Please refer to the link I provided in hardened channel for exactly as it was committed, or review the commit on master.
Thanks Jory, the applied fix definitively solves the build issue on thunderbird :)
