Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 662460 - app-shells/bash-4.4_p12: incorrect failglob handling causes sys-apps/portage to not reject ebuilds with failglob failures
Summary: app-shells/bash-4.4_p12: incorrect failglob handling causes sys-apps/portage ...
Status: CONFIRMED
Alias: None
Product: Portage Development
Classification: Unclassified
Component: Core - Ebuild Support (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo's Team for Core System packages
URL: http://lists.gnu.org/archive/html/bug...
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2018-07-30 11:13 UTC by Michał Górny
Modified: 2018-08-03 15:14 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2018-07-30 11:13:39 UTC
Example: dev-python/xlutils-2.0.0 as of db7b97a87c3a4f1a112a99229b828424ffa47a94.

Attempting to install this ebuild results only in a few mild errors that are ignored by Portage, e.g.:

 * xlutils-2.0.0.tar.gz BLAKE2B SHA512 size ;-) ...                                                                                         [ ok ]
/usr/src/gentoo/dev-python/xlutils/xlutils-2.0.0.ebuild: line 34: no match: docs/*.txt
>>> Unpacking source...
>>> Unpacking xlutils-2.0.0.tar.gz to /tmp/portage/dev-python/xlutils-2.0.0/work
>>> Source unpacked in /tmp/portage/dev-python/xlutils-2.0.0/work
>>> Preparing source in /tmp/portage/dev-python/xlutils-2.0.0/work/xlutils-2.0.0 ...


However, at the same time the ebuild crashes cache generation and kills the whole git mirror pipeline.  The intent of failglob errors were to be fatal, so Portage should reject any ebuild that suffers those errors to prevent careless developers from committing them.
Comment 1 Zac Medico gentoo-dev 2018-07-30 19:13:00 UTC
I can reproduce the issue with my installed instance of app-shells/bash-4.4_p12, and it seems like bash must be in a corrupt state when it happens. If I put shopt -p in the ebuild, I can clearly seen that failglob is enabled, but the shell does not exit.

$ emerge -pv --nodeps bash

These are the packages that would be merged, in order:

[ebuild   R    ] app-shells/bash-4.4_p12::gentoo  USE="net nls (readline) -afs -bashlogger -examples -mem-scramble -plugins" 0 KiB

Total: 1 package (1 reinstall), Size of downloads: 0 KiB
Comment 2 Zac Medico gentoo-dev 2018-07-30 19:25:08 UTC
Apparently the problem is fixed in app-shells/bash-4.4_p18 and later.
Comment 3 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2018-07-30 19:31:47 UTC
I have reproduced it with 4.4_p23 today.
Comment 4 Zac Medico gentoo-dev 2018-07-30 19:47:01 UTC
Yeah, I see it with bash-4.4_p23 now too, and also with bash-4.2_p53. So it seems that all usable versions are affected, though it's not always reproducible.
Comment 5 Thomas Deutschmann gentoo-dev Security 2018-08-02 01:32:04 UTC
Do you have a reproducer we can share with bash upstream?
Comment 6 Zac Medico gentoo-dev 2018-08-02 03:32:47 UTC
I don't see any documentation indicating that failglob is supposed to make the shell exit, but anyway I found this interesting difference between semicolons an newlines:

> $ echo "shopt -s failglob; echo /foo/bar/*; echo hi; " | bash
> bash: line 1: no match: /foo/bar/*
> $ echo "shopt -s failglob; echo /foo/bar/*; echo hi; " | sed 's:; :\n:g' | bash
> bash: line 2: no match: /foo/bar/*
> hi
> $ echo "set -e; shopt -s failglob; echo /foo/bar/*; echo hi; " | sed 's:; :\n:g' | bash
> bash: line 3: no match: /foo/bar/*
> $
Comment 7 Zac Medico gentoo-dev 2018-08-02 21:04:19 UTC
If we have to use set -e to make the make bash consistently exit for failglob errors, I guess it would require an EAPI bump.
Comment 8 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2018-08-02 21:12:30 UTC
I guess parsing log in that case would be simpler.
Comment 9 Thomas Deutschmann gentoo-dev Security 2018-08-03 15:14:24 UTC
I posted your finding on upstream's mailing list, see $URL.