VERSION 1.0 FORMAT: F - Function called FORMAT: S - Access Status FORMAT: P - Path as passed to function FORMAT: A - Absolute Path (not canonical) FORMAT: R - Canonical Path FORMAT: C - Command Line F: open_wr S: deny ------------------------------------------------------------------- This is an unstable amd64 chroot image at a tinderbox (==build bot) name: 17.1-no-multilib-hardened_libressl_20190616-210615 ------------------------------------------------------------------- gcc-config -l: [1] x86_64-pc-linux-gnu-9.1.0 * Available Python interpreters, in order of preference: [1] python3.6 [2] python2.7 (fallback) Available Ruby profiles: [1] ruby24 (with Rubygems) * Available Rust versions: [1] rust-1.35.0 * emerge -qpvO dev-ruby/packetfu [ebuild N ] dev-ruby/packetfu-1.1.13 USE="-doc -test" RUBY_TARGETS="ruby24 -ruby25 -ruby26"
Created attachment 580104 [details] emerge-info.txt
Created attachment 580106 [details] dev-ruby:packetfu-1.1.13:20190618-104355.log
Created attachment 580108 [details] emerge-history.txt
Created attachment 580110 [details] etc.portage.tbz2
Created attachment 580112 [details] logs.tbz2
Created attachment 580114 [details] sandbox-4.log
Reassigning this to ruby since this is caused by the changes in rubygems 3.0.4. Use rubygems 3.0.3 as a workaround.
Confirmed that this still happens with the current rubygems in the tree, 3.0.6. Downgrading to 3.0.3 per https://bugs.gentoo.org/688310#c7 is still an effective workaround to build packetfu without a sandbox violation.
[It seems I can't directly edit See Also:'s, so just adding this comment.] This still seems to be a problem; see https://bugs.gentoo.org/688314 - pg_array_parser died with a sandbox error until I masked >=dev-ruby/rubygems-3.0.4
There are few ruby ebuilds including packetfu that make use of `bundle install --local` which result in the sandbox violation, `grep -r 'bundle install' dev-ruby`: ``` dev-ruby/metasploit-model dev-ruby/postgres_ext dev-ruby/metasploit_data_models dev-ruby/packetfu dev-ruby/pg_array_parser dev-ruby/metasm ``` You can patch the ebuilds to not do the `bundle install --local`. However, I'm not sure which would be the best way to do that, but by just deleting the line in the ebuild, everything seems to work fine (it is following by a `bundle check` which seems to be enough).
I narrowed down the problem: it is a gentoo custom "os default" file located in the files/gentoo-defaults.rb (getting installed into /usr/lib64/ruby/site_ruby/2.6.0/rubygems/defaults/operating_system.rb) there are 2 functions missing in gentoo-defaults-3.rb: undef :default_dir def default_dir and under :default_bindir def default_bindir I copied it from gentoo-defaults.rb and it "install --local" trick started to work again. Somebody need to review it.
ruby team, do you want to fix this like suggested in https://bugs.gentoo.org/688310#c11 or do you want me to addpredict in every ebuild?
So I spent a couple of hours figuring out how to fix it. Here it is: GEM_HOME="${S}" BUNDLE_GEMFILE=Gemfile ruby -S bundle install --local || die GEM_HOME is the additional variable
it looks like the ruby team removed all the safety checks from my ebuilds, so this isn't present in gentoo anymore. Cool, introduce a bug and then remove other maintainers safety checks.