Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 671948 - dev-python/cryptography: sandbox violation: pycparser/__pycache__/c_ast.cpython-37.pyc
Summary: dev-python/cryptography: sandbox violation: pycparser/__pycache__/c_ast.cpyth...
Status: CONFIRMED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Python Gentoo Team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2018-11-26 11:43 UTC by Thomas Deutschmann
Modified: 2018-11-26 16:17 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments
build.log (build.log,280.06 KB, text/plain)
2018-11-26 11:43 UTC, Thomas Deutschmann
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Deutschmann gentoo-dev Security 2018-11-26 11:43:43 UTC
Created attachment 556284 [details]
build.log

Emerge of =dev-python/cryptography-2.3.1 with Py3.7 is currently failing with a sandbox violation:

 * --------------------------- ACCESS VIOLATION SUMMARY ---------------------------
 * LOG FILE: "/var/log/sandbox/sandbox-20819.log"
 *
VERSION 1.0
FORMAT: F - Function called
FORMAT: S - Access Status
FORMAT: P - Path as passed to function
FORMAT: A - Absolute Path (not canonical)
FORMAT: R - Canonical Path
FORMAT: C - Command Line

F: open_wr
S: deny
P: /usr/lib/python3.7/site-packages/pycparser/__pycache__/c_ast.cpython-37.pyc.140383680698032
A: /usr/lib/python3.7/site-packages/pycparser/__pycache__/c_ast.cpython-37.pyc.140383680698032
R: /usr/lib/python3.7/site-packages/pycparser/__pycache__/c_ast.cpython-37.pyc.140383680698032
C: python3.7 setup.py install --root=/var/tmp/portage/dev-python/cryptography-2.3.1/image/_python3.7
 * --------------------------------------------------------------------------------


This error persists even after I have reinstalled =dev-python/pycparser-2.19:

dev-python/pycparser-2.19::gentoo was built with the following:
USE="-test" ABI_X86="(64)" PYTHON_TARGETS="python2_7 python3_6 python3_7 -pypy -pypy3 -python3_4 -python3_5"


Note: This system has installed =dev-libs/openssl-1.1.1a.


Portage 2.3.52 (python 3.6.6-final-0, default/linux/amd64/17.1, gcc-8.2.0, glibc-2.28-r2, 4.9.136-gentoo x86_64)
=================================================================
                         System Settings
=================================================================
System uname: Linux-4.9.136-gentoo-x86_64-Intel-R-_Xeon-R-_CPU_E5-2620_0_@_2.00GHz-with-gentoo-2.6
KiB Mem:     2051428 total,    155484 free
KiB Swap:    2097148 total,   1865796 free
Timestamp of repository gentoo: Mon, 26 Nov 2018 10:44:33 +0000
Head commit of repository gentoo: 6657f1a142bb8287fdea494785ebaced2de11802

sh bash 4.4_p23
ld GNU ld (Gentoo 2.31.1 p3) 2.31.1
distcc 3.2rc1 x86_64-pc-linux-gnu [enabled]
app-shells/bash:          4.4_p23::gentoo
dev-lang/perl:            5.26.2::gentoo
dev-lang/python:          2.7.15::gentoo, 3.6.6::gentoo, 3.7.0::gentoo
dev-util/cmake:           3.13.0::gentoo
dev-util/pkgconfig:       0.29.2::gentoo
sys-apps/baselayout:      2.6-r1::gentoo
sys-apps/openrc:          0.39.2::gentoo
sys-apps/sandbox:         2.13::gentoo
sys-devel/autoconf:       2.69-r4::gentoo
sys-devel/automake:       1.16.1-r1::gentoo
sys-devel/binutils:       2.31.1-r1::gentoo
sys-devel/gcc:            8.2.0-r4::gentoo
sys-devel/gcc-config:     2.0::gentoo
sys-devel/libtool:        2.4.6-r5::gentoo
sys-devel/make:           4.2.1-r4::gentoo
sys-kernel/linux-headers: 4.19::gentoo (virtual/os-headers)
sys-libs/glibc:           2.28-r2::gentoo
Repositories:

gentoo
    location: /usr/portage
    sync-type: git
    sync-uri: https://github.com/gentoo-mirror/gentoo.git
    priority: -1000
    sync-git-verify-commit-signature: true

ABI="amd64"
ABI_X86="64"
ACCEPT_KEYWORDS="amd64 ~amd64"
ACCEPT_LICENSE="* -@EULA"
ACCEPT_PROPERTIES="*"
ACCEPT_RESTRICT="*"
ARCH="amd64"
AUTOCLEAN="yes"
BOOTSTRAP_USE="cxx unicode internal-glib split-usr python_targets_python3_6 python_targets_python2_7 multilib"
BROOT=""
CALLIGRA_FEATURES="karbon plan sheets stage words"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-O2 -pipe -march=sandybridge -mtune=sandybridge"
CFLAGS_amd64="-m64"
CFLAGS_x32="-mx32"
CFLAGS_x86="-m32"
CHOST="x86_64-pc-linux-gnu"
CHOST_amd64="x86_64-pc-linux-gnu"
CHOST_x32="x86_64-pc-linux-gnux32"
CHOST_x86="i686-pc-linux-gnu"
CLEAN_DELAY="5"
COLLISION_IGNORE="/lib/modules/*"
CONFIG_PROTECT="/etc /usr/share/gnupg/qualified.txt"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php5.6/ext-active/ /etc/php/apache2-php7.2/ext-active/ /etc/php/cgi-php5.6/ext-active/ /etc/php/cgi-php7.2/ext-active/ /etc/php/cli-php5.6/ext-active/ /etc/php/cli-php7.2/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo"
CPU_FLAGS_X86="aes avx mmx mmxext popcnt sse sse2 sse3 sse4_1 sse4_2 ssse3"
CXXFLAGS="-O2 -pipe -march=sandybridge -mtune=sandybridge"
DCC_EMAILLOG_WHOM_TO_BLAME=""
DEFAULT_ABI="amd64"
DISTCC_ENABLE_DISCREPANCY_EMAIL=""
DISTCC_FALLBACK="1"
DISTCC_SAVE_TEMPS="0"
DISTCC_SSH=""
DISTCC_TCP_CORK=""
DISTCC_VERBOSE="0"
DISTDIR="/var/cache/portage/distfiles"
EDITOR="/usr/bin/mcedit"
ELIBC="glibc"
EMERGE_DEFAULT_OPTS=" --verbose --with-bdeps=y --misspell-suggestions=n"
EMERGE_WARNING_DELAY="10"
ENV_UNSET="DBUS_SESSION_BUS_ADDRESS DISPLAY GOBIN PERL5LIB PERL5OPT PERLPREFIX PERL_CORE PERL_MB_OPT PERL_MM_OPT XAUTHORITY XDG_CACHE_HOME XDG_CONFIG_HOME XDG_DATA_HOME XDG_RUNTIME_DIR"
EPREFIX=""
EROOT="/"
ESYSROOT="/"
FCFLAGS="-O2 -pipe"
FEATURES="assume-digests binpkg-docompress binpkg-dostrip binpkg-logs cgroup config-protect-if-modified distcc distcc-pump distlocks downgrade-backup ebuild-locks fixlafiles lmirror merge-sync mirror multilib-strict news parallel-fetch preserve-libs protect-owned sandbox sfperms split-elog split-log strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr"
FETCHCOMMAND="wget -t 3 -T 60 --passive-ftp -O "${DISTDIR}/${FILE}" "${URI}""
FETCHCOMMAND_RSYNC="rsync -avP "${URI}" "${DISTDIR}/${FILE}""
FETCHCOMMAND_SFTP="bash -c "x=\${2#sftp://} ; host=\${x%%/*} ; port=\${host##*:} ; host=\${host%:*} ; [[ \${host} = \${port} ]] && port= ; eval \"declare -a ssh_opts=(\${3})\" ; exec sftp \${port:+-P \${port}} \"\${ssh_opts[@]}\" \"\${host}:/\${x#*/}\" \"\$1\"" sftp "${DISTDIR}/${FILE}" "${URI}" "${PORTAGE_SSH_OPTS}""
FETCHCOMMAND_SSH="bash -c "x=\${2#ssh://} ; host=\${x%%/*} ; port=\${host##*:} ; host=\${host%:*} ; [[ \${host} = \${port} ]] && port= ; exec rsync --rsh=\"ssh \${port:+-p\${port}} \${3}\" -avP \"\${host}:/\${x#*/}\" \"\$1\"" rsync "${DISTDIR}/${FILE}" "${URI}" "${PORTAGE_SSH_OPTS}""
FFLAGS="-O2 -pipe"
GCC_SPECS=""
GENTOO_MIRRORS=" http://mirror.deutschmann.io/gentoo/ http://ftp.uni-erlangen.de/pub/mirrors/gentoo/ http://mirror.netcologne.de/gentoo/ http://ftp.halifax.rwth-aachen.de/gentoo/ http://mirror.deutschmann.io/gentoo/ http://ftp.uni-kl.de/pub/linux/gentoo/ http://distfiles.gentoo.org"
GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock isync itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf skytraq superstar2 timing tsip tripmate tnt ublox ubx"
GRUB_PLATFORMS="pc"
HISTFILESIZE="10000"
HISTSIZE="5000"
HISTTIMEFORMAT="[[36m%F %T[m]: "
HOME="/root"
INFOPATH="/usr/share/gcc-data/x86_64-pc-linux-gnu/8.2.0/info:/usr/share/binutils-data/x86_64-pc-linux-gnu/2.31.1/info:/usr/share/info"
INPUT_DEVICES="libinput keyboard mouse"
INSTALL_MASK=" /etc/nginx/fastcgi_params"
IUSE_IMPLICIT="abi_x86_64 prefix prefix-chain prefix-guest"
KERNEL="linux"
L10N="en en-US de de-DE"
LANG="en_US.UTF-8"
LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text"
LC_MESSAGES="C"
LC_NUMERIC="de_DE.UTF-8"
LC_PAPER="de_DE.UTF-8"
LDFLAGS="-Wl,-O1 -Wl,--as-needed"
LDFLAGS_amd64="-m elf_x86_64"
LDFLAGS_x32="-m elf32_x86_64"
LDFLAGS_x86="-m elf_i386"
LESS="-R -M --shift 5"
LESSCOLOR="yes"
LESSCOLORIZER="pygmentize"
LESSOPEN="|lesspipe %s"
LIBDIR_amd64="lib64"
LIBDIR_x32="libx32"
LIBDIR_x86="lib"
LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer"
LINGUAS="en de"
LOGNAME="root"
MAIL="/var/mail/root"
MAKEOPTS="--jobs 5"
MANPATH="/usr/share/gcc-data/x86_64-pc-linux-gnu/8.2.0/man:/usr/share/binutils-data/x86_64-pc-linux-gnu/2.31.1/man:/usr/lib64/php5.6/man/:/usr/lib64/php7.2/man/:/usr/local/share/man:/usr/share/man"
MULTILIB_ABIS="amd64 x86"
MULTILIB_STRICT_DENY="64-bit.*shared object"
MULTILIB_STRICT_DIRS="/lib32 /lib /usr/lib32 /usr/lib /usr/kde/*/lib32 /usr/kde/*/lib /usr/qt/*/lib32 /usr/qt/*/lib /usr/X11R6/lib32 /usr/X11R6/lib"
MULTILIB_STRICT_EXEMPT="(perl5|gcc|gcc-lib|binutils|eclipse-3|debug|portage|udev|systemd|clang|python-exec|llvm)"
NETBEANS="apisupport cnd groovy gsf harness ide identity j2ee java mobility nb php profiler soa visualweb webcommon websvccommon xml"
NOCOLOR="true"
PAGER="/usr/bin/less"
PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin"
PHP_TARGETS="php5-6 php7-2"
PKGDIR="/var/cache/portage/packages"
PORTAGE_ARCHLIST="alpha amd64 amd64-fbsd amd64-linux arm arm-linux arm64 arm64-linux hppa ia64 m68k m68k-mint mips ppc ppc-aix ppc-macos ppc64 ppc64-linux s390 sh sparc sparc-solaris sparc64-solaris x64-cygwin x64-macos x64-solaris x86 x86-cygwin x86-fbsd x86-linux x86-macos x86-solaris x86-winnt"
PORTAGE_BIN_PATH="/usr/lib/portage/python3.6"
PORTAGE_COMPRESS_EXCLUDE_SUFFIXES="css gif htm[l]? jp[e]?g js pdf png"
PORTAGE_CONFIGROOT="/"
PORTAGE_DEBUG="0"
PORTAGE_DEPCACHEDIR="/var/cache/edb/dep"
PORTAGE_ELOG_CLASSES="warn error info log qa"
PORTAGE_ELOG_MAILFROM="portage@localhost"
PORTAGE_ELOG_MAILSUBJECT="[portage] ebuild log for ${PACKAGE} on ${HOST}"
PORTAGE_ELOG_MAILURI="root"
PORTAGE_ELOG_SYSTEM="save"
PORTAGE_FETCH_CHECKSUM_TRY_MIRRORS="5"
PORTAGE_FETCH_RESUME_MIN_SIZE="350K"
PORTAGE_GID="250"
PORTAGE_GPG_SIGNING_COMMAND="gpg --sign --digest-algo SHA256 --clearsign --yes --default-key "${PORTAGE_GPG_KEY}" --homedir "${PORTAGE_GPG_DIR}" "${FILE}""
PORTAGE_INST_GID="0"
PORTAGE_INST_UID="0"
PORTAGE_INTERNAL_CALLER="1"
PORTAGE_OVERRIDE_EPREFIX=""
PORTAGE_PYM_PATH="/usr/lib64/python3.6/site-packages"
PORTAGE_PYTHONPATH="/usr/lib64/python3.6/site-packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --exclude=/.git"
PORTAGE_RSYNC_RETRIES="-1"
PORTAGE_SYNC_STALE="30"
PORTAGE_TMPDIR="/var/tmp"
PORTAGE_VERBOSE="1"
PORTAGE_WORKDIR_MODE="0700"
PORTAGE_XATTR_EXCLUDE="btrfs.* security.evm security.ima 	security.selinux system.nfs4_acl user.apache_handler 	user.Beagle.* user.dublincore.* user.mime_encoding user.xdg.*"
PORT_LOGDIR_CLEAN="find "${PORT_LOGDIR}" -type f ! -name "summary.log*" -mtime +7 -delete"
POSTGRES_TARGETS="postgres9_5 postgres10"
PROFILE_ONLY_VARIABLES="ARCH ELIBC IUSE_IMPLICIT KERNEL USERLAND USE_EXPAND_IMPLICIT USE_EXPAND_UNPREFIXED USE_EXPAND_VALUES_ARCH USE_EXPAND_VALUES_ELIBC USE_EXPAND_VALUES_KERNEL USE_EXPAND_VALUES_USERLAND"
PWD="/root"
PYTHONDONTWRITEBYTECODE="1"
PYTHON_SINGLE_TARGET="python3_6"
PYTHON_TARGETS="python2_7 python3_6 python3_7"
RESUMECOMMAND="wget -c -t 3 -T 60 --passive-ftp -O "${DISTDIR}/${FILE}" "${URI}""
RESUMECOMMAND_RSYNC="rsync -avP "${URI}" "${DISTDIR}/${FILE}""
RESUMECOMMAND_SSH="bash -c "x=\${2#ssh://} ; host=\${x%%/*} ; port=\${host##*:} ; host=\${host%:*} ; [[ \${host} = \${port} ]] && port= ; exec rsync --rsh=\"ssh \${port:+-p\${port}} \${3}\" -avP \"\${host}:/\${x#*/}\" \"\$1\"" rsync "${DISTDIR}/${FILE}" "${URI}" "${PORTAGE_SSH_OPTS}""
ROOT="/"
ROOTPATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin"
RPMDIR="/usr/portage/rpm"
RUBY_TARGETS="ruby23 ruby24"
SHELL="/bin/bash"
SHLVL="2"
SSH_AUTH_SOCK="/tmp/ssh-p7PZNPbvvr/agent.334"
SSH_CLIENT="..."
SSH_CONNECTION="..."
SSH_TTY="/dev/pts/0"
SYMLINK_LIB="no"
SYSROOT="/"
TERM="screen"
TMUX="/tmp//tmux-0/default,26939,1"
TMUX_PANE="%2"
TWISTED_DISABLE_WRITING_OF_PLUGIN_CACHE="1"
UNCACHED_ERR_FD=""
UNINSTALL_IGNORE="/lib/modules/* /var/run /var/lock"
USE="acl amd64 berkdb bzip2 cli crypt cxx dri fortran gdbm gnutls iconv idn ipv6 libtirpc mmx multilib ncurses nls nptl openmp pam pcre readline seccomp sse sse2 sse3 sse4 ssl tcpd threads udev unicode xattr zlib" ABI_X86="64" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="karbon plan sheets stage words" COLLECTD_PLUGINS="df interface irq load memory swap syslog cgroups cpu disk dns ethstat network nginx ntpd ping uptime rrdcached filecount powerdns iptables conntrack tail processes entropy match_empty_counter match_hashed match_regex match_timediff match_value notify_email threshold memcached lvm curl curl_json contextswitch exec fhcount ipc" CPU_FLAGS_X86="aes avx mmx mmxext popcnt sse sse2 sse3 sse4_1 sse4_2 ssse3" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock isync itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf skytraq superstar2 timing tsip tripmate tnt ublox ubx" GRUB_PLATFORMS="pc" INPUT_DEVICES="libinput keyboard mouse" KERNEL="linux" L10N="en en-US de de-DE" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" NGINX_MODULES_HTTP="access auth_basic autoindex browser charset empty_gif fancyindex fastcgi gzip gzip_static limit_conn limit_req map referer rewrite sub syslog proxy stub_status brotli vhost_traffic_status" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php5-6 php7-2" POSTGRES_TARGETS="postgres9_5 postgres10" PYTHON_SINGLE_TARGET="python3_6" PYTHON_TARGETS="python2_7 python3_6 python3_7" RUBY_TARGETS="ruby23 ruby24" USERLAND="GNU" VIDEO_CARDS="intel" XTABLES_ADDONS="geoip"
USER="root"
USERLAND="GNU"
VIDEO_CARDS="intel"
XTABLES_ADDONS="geoip"
Comment 1 Thomas Deutschmann gentoo-dev Security 2018-11-26 12:42:52 UTC
I can reproduce with all dev-python/cryptography ebuilds in repository.
Comment 2 Thomas Deutschmann gentoo-dev Security 2018-11-26 12:49:15 UTC
When you unmerge dev-python/pycparser-2.19, `emerge -a1 dev-python/cryptography` will fail with


Would you like to merge these packages? [Yes/No] y

>>> Verifying ebuild manifests

>>> Emerging (1 of 1) dev-python/cryptography-2.3.1::gentoo
 * cryptography-2.3.1.tar.gz BLAKE2B SHA512 size ;-) ...                                                         [ ok ]
>>> Unpacking source...
>>> Unpacking cryptography-2.3.1.tar.gz to /var/tmp/portage/dev-python/cryptography-2.3.1/work
>>> Source unpacked in /var/tmp/portage/dev-python/cryptography-2.3.1/work
>>> Preparing source in /var/tmp/portage/dev-python/cryptography-2.3.1/work/cryptography-2.3.1 ...
>>> Source prepared.
>>> Configuring source in /var/tmp/portage/dev-python/cryptography-2.3.1/work/cryptography-2.3.1 ...
 * python3_7: running distutils-r1_run_phase python_configure_all
>>> Source configured.
>>> Compiling source in /var/tmp/portage/dev-python/cryptography-2.3.1/work/cryptography-2.3.1 ...
 * python2_7: running distutils-r1_run_phase distutils-r1_python_compile
python2.7 setup.py build
warning: no previously-included files found matching 'setup.pyc'
warning: no previously-included files matching 'yacctab.*' found under directory 'tests'
warning: no previously-included files matching 'lextab.*' found under directory 'tests'
warning: no previously-included files matching 'yacctab.*' found under directory 'examples'
warning: no previously-included files matching 'lextab.*' found under directory 'examples'
Traceback (most recent call last):
  File "setup.py", line 318, in <module>
    **keywords_with_side_effects(sys.argv)
  File "/usr/lib64/python2.7/site-packages/setuptools/__init__.py", line 142, in setup
    _install_setup_requires(attrs)
  File "/usr/lib64/python2.7/site-packages/setuptools/__init__.py", line 137, in _install_setup_requires
    dist.fetch_build_eggs(dist.setup_requires)
  File "/usr/lib64/python2.7/site-packages/setuptools/dist.py", line 586, in fetch_build_eggs
    replace_conflicting=True,
  File "/usr/lib64/python2.7/site-packages/pkg_resources/__init__.py", line 780, in resolve
    replace_conflicting=replace_conflicting
  File "/usr/lib64/python2.7/site-packages/pkg_resources/__init__.py", line 1063, in best_match
    return self.obtain(req, installer)
  File "/usr/lib64/python2.7/site-packages/pkg_resources/__init__.py", line 1075, in obtain
    return installer(requirement)
  File "/usr/lib64/python2.7/site-packages/setuptools/dist.py", line 653, in fetch_build_egg
    return cmd.easy_install(req)
  File "/usr/lib64/python2.7/site-packages/setuptools/command/easy_install.py", line 679, in easy_install
    return self.install_item(spec, dist.location, tmpdir, deps)
  File "/usr/lib64/python2.7/site-packages/setuptools/command/easy_install.py", line 705, in install_item
    dists = self.install_eggs(spec, download, tmpdir)
  File "/usr/lib64/python2.7/site-packages/setuptools/command/easy_install.py", line 890, in install_eggs
    return self.build_and_install(setup_script, setup_base)
  File "/usr/lib64/python2.7/site-packages/setuptools/command/easy_install.py", line 1158, in build_and_install
    self.run_setup(setup_script, setup_base, args)
  File "/usr/lib64/python2.7/site-packages/setuptools/command/easy_install.py", line 1146, in run_setup
    raise DistutilsError("Setup script exited with %s" % (v.args[0],))
distutils.errors.DistutilsError: Setup script exited with error: SandboxViolation: mkdir('/var/tmp/portage/dev-python/cr
yptography-2.3.1/work/cryptography-2.3.1-python2_7/lib/pycparser', 511) {}

The package setup script has attempted to modify files on your system
that are not within the EasyInstall build area, and has been aborted.

This package cannot be safely installed by EasyInstall, and may not
support alternate installation locations even if you run its setup
script by hand.  Please inform the package's author and the EasyInstall
maintainers to find out if a fix or workaround is available.

 * ERROR: dev-python/cryptography-2.3.1::gentoo failed (compile phase):
 *   (no error message)
Comment 3 Matthew Thode ( prometheanfire ) archtester Gentoo Infrastructure gentoo-dev Security 2018-11-26 14:59:23 UTC
This is just a guess at this point, but it seems like it's a missing dep for python packages utilizing c like this.  I already had dev-python/pycparser installed (along with cryptography).

I installed =dev-python/pycparser-2.19 and =dev-python/cffi-1.11.5 then clean merged =dev-python/cryptography-2.3.1 without error.
Comment 4 Larry the Git Cow gentoo-dev 2018-11-26 15:11:15 UTC
The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=76e7a21981368a77cbcdb198a91d63baebc1760e

commit 76e7a21981368a77cbcdb198a91d63baebc1760e
Author:     Matthew Thode <prometheanfire@gentoo.org>
AuthorDate: 2018-11-26 15:10:44 +0000
Commit:     Matthew Thode <prometheanfire@gentoo.org>
CommitDate: 2018-11-26 15:11:01 +0000

    dev-python/cryptography: add missing pycparser dep
    
    Fixes: https://bugs.gentoo.org/671948
    Package-Manager: Portage-2.3.51, Repoman-2.3.12
    Signed-off-by: Matthew Thode <prometheanfire@gentoo.org>

 dev-python/cryptography/cryptography-2.2.2-r1.ebuild | 3 ++-
 dev-python/cryptography/cryptography-2.3.1.ebuild    | 1 +
 dev-python/cryptography/cryptography-2.3.ebuild      | 3 ++-
 3 files changed, 5 insertions(+), 2 deletions(-)
Comment 5 Larry the Git Cow gentoo-dev 2018-11-26 15:57:32 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9d3277a5199c609627f126311021435b87f5f640

commit 9d3277a5199c609627f126311021435b87f5f640
Author:     Mike Gilbert <floppym@gentoo.org>
AuthorDate: 2018-11-26 15:55:25 +0000
Commit:     Mike Gilbert <floppym@gentoo.org>
CommitDate: 2018-11-26 15:56:17 +0000

    Revert "dev-python/cryptography: add missing pycparser dep"
    
    This reverts commit 76e7a21981368a77cbcdb198a91d63baebc1760e.
    
    cryptography does not depend on pycparser directly.
    
    Bug: https://bugs.gentoo.org/671948
    Signed-off-by: Mike Gilbert <floppym@gentoo.org>

 dev-python/cryptography/cryptography-2.2.2-r1.ebuild | 3 +--
 dev-python/cryptography/cryptography-2.3.1.ebuild    | 1 -
 dev-python/cryptography/cryptography-2.3.ebuild      | 3 +--
 3 files changed, 2 insertions(+), 5 deletions(-)
Comment 6 Mike Gilbert gentoo-dev 2018-11-26 16:00:31 UTC
Whissi: Could you attach a build log for pycparser? I want to verify if the c_ast module is getting compiled correctly.
Comment 7 Mike Gilbert gentoo-dev 2018-11-26 16:04:20 UTC
Hmm, looks like I can reproduce this locally. It only happens for python3.7.
Comment 8 Mike Gilbert gentoo-dev 2018-11-26 16:12:47 UTC
distutils-r1_python_install() has this:

    # python likes to compile any module it sees, which triggers sandbox
    # failures if some packages haven't compiled their modules yet.
    addpredict "${EPREFIX}/usr/$(get_libdir)/${EPYTHON}"
    addpredict /usr/lib/portage/pym
    addpredict /usr/local # bug 498232

python3.7 gets installed in /usr/lib/${EPYTHON} instead of /usr/$(get_libdir)/${EPYTHON}, so the addpredict is ineffective.

However, that addpredict is really just a workaround for buggy software; it would be good to investigate why python is trying to re-compile the c_ast module.
Comment 9 Larry the Git Cow gentoo-dev 2018-11-26 16:17:12 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=47f35700de86b896c91a5431870dd7b798187f5f

commit 47f35700de86b896c91a5431870dd7b798187f5f
Author:     Mike Gilbert <floppym@gentoo.org>
AuthorDate: 2018-11-26 16:14:36 +0000
Commit:     Mike Gilbert <floppym@gentoo.org>
CommitDate: 2018-11-26 16:14:36 +0000

    distutils-r1.eclass: addpredict /usr/lib/${EPYTHON}
    
    This works around sandbox failures with python3.7, which moved from
    /usr/$(get_libdir) to /usr/lib.
    
    Bug: https://bugs.gentoo.org/671948
    Signed-off-by: Mike Gilbert <floppym@gentoo.org>

 eclass/distutils-r1.eclass | 1 +
 1 file changed, 1 insertion(+)