Created attachment 634846 [details] build.log.gz >>> Install app-misc/cmatrix-2.0-r1 into /var/tmp/portage/app-misc/cmatrix-2.0-r1/image * Working in BUILD_DIR: "/var/tmp/portage/app-misc/cmatrix-2.0-r1/work/cmatrix-2.0_build" [0/1] Install the project... -- Install configuration: "Gentoo" -- Installing: /var/tmp/portage/app-misc/cmatrix-2.0-r1/image/usr/bin/cmatrix -- Installing: /var/tmp/portage/app-misc/cmatrix-2.0-r1/image/usr/share/consolefonts/matrix.fnt -- Installing: /var/tmp/portage/app-misc/cmatrix-2.0-r1/image/usr/share/consolefonts/matrix.psf.gz -- Installing: /var/tmp/portage/app-misc/cmatrix-2.0-r1/image/usr/lib/kbd/consolefonts/matrix.fnt -- Installing: /var/tmp/portage/app-misc/cmatrix-2.0-r1/image/usr/lib/kbd/consolefonts/matrix.psf.gz -- Installing: /var/tmp/portage/app-misc/cmatrix-2.0-r1/image/usr/X11R6/lib/X11/fonts/misc/mtx.pcf -- Running mkfontdir /usr/X11R6/lib/X11/fonts/misc ... * ACCESS DENIED: fopen_wr: /usr/X11R6/lib/X11/fonts/misc/fonts.dir /usr/X11R6/lib/X11/fonts/misc/fonts.dir: fopen(w): Permission denied -- If this is the first time you have installed CMatrix you will probably have to restart X window in order to use the mtx.pcf font. * Creating fonts.scale & fonts.dir in cmatrix >>> Completed installing app-misc/cmatrix-2.0-r1 into /var/tmp/portage/app-misc/cmatrix-2.0-r1/image .. * --------------------------- ACCESS VIOLATION SUMMARY --------------------------- * LOG FILE: "/var/tmp/portage/app-misc/cmatrix-2.0-r1/temp/sandbox.log" * VERSION 1.0 FORMAT: F - Function called FORMAT: S - Access Status FORMAT: P - Path as passed to function FORMAT: A - Absolute Path (not canonical) FORMAT: R - Canonical Path FORMAT: C - Command Line F: fopen_wr S: deny P: /usr/X11R6/lib/X11/fonts/misc/fonts.dir A: /usr/X11R6/lib/X11/fonts/misc/fonts.dir R: /usr/share/fonts/misc/fonts.dir C: mkfontscale -b -s -l /usr/X11R6/lib/X11/fonts/misc emerge --info =app-misc/cmatrix-2.0-r1 Portage 2.3.97 (python 3.7.7-final-0, default/linux/amd64/17.1, gcc-9.3.0, glibc-2.30-r8, 5.2.7-gentoo x86_64) ================================================================= System Settings ================================================================= System uname: Linux-5.2.7-gentoo-x86_64-Intel-R-_Core-TM-_i5-2410M_CPU_@_2.30GHz-with-gentoo-2.7 KiB Mem: 8004420 total, 768244 free KiB Swap: 20478972 total, 18896168 free Timestamp of repository gentoo: Sun, 26 Apr 2020 12:00:01 +0000 Head commit of repository gentoo: 6b23429fbba376447d8e8949d0714d94fe2fd332 Timestamp of repository rust: Sat, 25 Apr 2020 06:36:44 +0000 Head commit of repository rust: 425abb3cafdb21cc503636a2c7d461264ad392a0 Head commit of repository rust-dev: b59d4991426194f9408f37df2c868fedde680bdf sh bash 5.0_p17 ld GNU ld (Gentoo 2.34 p1) 2.34.0 ccache version 3.7.9 [enabled] app-shells/bash: 5.0_p17::gentoo dev-java/java-config: 2.2.0-r4::gentoo dev-lang/perl: 5.30.2::gentoo dev-lang/python: 2.7.17-r2::gentoo, 3.6.10-r1::gentoo, 3.7.7-r1::gentoo, 3.8.2-r1::gentoo dev-util/ccache: 3.7.9::gentoo dev-util/cmake: 3.17.1::gentoo dev-util/pkgconfig: 0.29.2::gentoo sys-apps/baselayout: 2.7::gentoo sys-apps/openrc: 0.42.1::gentoo sys-apps/sandbox: 2.18::gentoo sys-devel/autoconf: 2.69-r5::gentoo sys-devel/automake: 1.16.2::gentoo sys-devel/binutils: 2.34::gentoo sys-devel/gcc: 8.3.0-r3::gentoo, 9.2.0-r4::gentoo, 9.3.0::gentoo sys-devel/gcc-config: 2.2.1::gentoo sys-devel/libtool: 2.4.6-r6::gentoo sys-devel/make: 4.3::gentoo sys-kernel/linux-headers: 5.6::gentoo (virtual/os-headers) sys-libs/glibc: 2.30-r8::gentoo Repositories: gentoo location: /usr/portage sync-type: rsync sync-uri: rsync://rsync.gentoo.org/gentoo-portage/ priority: -1000 sync-rsync-extra-opts: --no-i-r --delete-delay --fuzzy --temp-dir=/var/tmp/rsync/ sync-rsync-verify-metamanifest: yes sync-rsync-verify-jobs: 1 sync-rsync-verify-max-age: 24 <overlays stripped> ACCEPT_KEYWORDS="amd64 ~amd64" ACCEPT_LICENSE="@FREE" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-O2 -pipe -mtune=native -march=native" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/lib64/libreoffice/program/sofficerc /usr/share/config /usr/share/gnupg/qualified.txt" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php7.4/ext-active/ /etc/php/cgi-php7.4/ext-active/ /etc/php/cli-php7.4/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c" CXXFLAGS="-O2 -pipe -mtune=native -march=native" DISTDIR="/var/cache/distfiles" EMERGE_DEFAULT_OPTS="--alert y --changed-deps y --changed-use --complete-graph=n --with-bdeps=n --deep --dynamic-deps n --keep-going y --newuse --verbose-conflicts --unordered-display --autounmask n --backtrack=0 --autounmask-write n" ENV_UNSET="DBUS_SESSION_BUS_ADDRESS DISPLAY GOBIN PERL5LIB PERL5OPT PERLPREFIX PERL_CORE PERL_MB_OPT PERL_MM_OPT XAUTHORITY XDG_CACHE_HOME XDG_CONFIG_HOME XDG_DATA_HOME XDG_RUNTIME_DIR" FCFLAGS="-O2 -pipe" FEATURES="assume-digests binpkg-docompress binpkg-dostrip binpkg-logs ccache cgroup clean-logs compress-build-logs compressdebug config-protect-if-modified distlocks fixlafiles ipc-sandbox merge-sync metadata-transfer multilib-strict network-sandbox news parallel-fetch parallel-install pid-sandbox preserve-libs protect-owned qa-unresolved-soname-deps sandbox sfperms sign split-elog split-log splitdebug strict strict-keepdir unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr" FFLAGS="-O2 -pipe" GENTOO_MIRRORS="http://distfiles.gentoo.org" INSTALL_MASK="/usr/lib/debug/.build-id/" LANG="en_NZ.UTF8" LDFLAGS="-Wl,-O1 -Wl,--as-needed" MAKEOPTS=" -j3 --load-average=4" PKGDIR="/var/cache/binpkgs" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_EXTRA_OPTS="--no-i-r --delete-delay --fuzzy --temp-dir=/var/tmp/rsync/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --exclude=/.git" PORTAGE_TMPDIR="/var/tmp" USE="X acl amd64 avx berkdb bzip2 cli crypt dbus dri elogind fortran gdbm iconv ipv6 jpeg jpeg2k libtirpc mmx multilib ncurses netlink2 nls nptl opengl openmp pam pcre png qml qt4 readline seccomp split-usr sse sse2 sse4_1 sse4_2 ssl ssse3 tcpd tiff unicode vim-syntax xattr xinerama zlib" ABI_X86="32 64" ADA_TARGET="gnat_2018" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="karbon sheets words" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="aes avx mmx mmxext pclmul popcnt sse sse2 sse3 sse4_1 sse4_2 ssse3" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock greis isync itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf skytraq superstar2 timing tsip tripmate tnt ublox ubx" INPUT_DEVICES="libinput keyboard mouse" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" LLVM_TARGETS="BPF NVPTX" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php7-2" POSTGRES_TARGETS="postgres10 postgres11" PYTHON_SINGLE_TARGET="python3_8" PYTHON_TARGETS="python3_7 python3_8" RUBY_TARGETS="ruby25 ruby26 ruby27" USERLAND="GNU" VIDEO_CARDS="amdgpu fbdev intel nouveau radeon radeonsi vesa dummy v4l" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" Unset: CC, CPPFLAGS, CTARGET, CXX, LC_ALL, LINGUAS, PORTAGE_BINHOST, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS
I can't reproduce that. Anything special about your version of cmake? Does it help to set MKFONTDIR=true?
(In reply to Jeroen Roovers from comment #1) > I can't reproduce that. Anything special about your version of cmake? Not that I'm aware of. dev-util/cmake-3.17.1::gentoo was built with the following: USE="ncurses qt5 -doc -emacs -test" ABI_X86="(64)" FEATURES="preserve-libs compress-build-logs sfperms ccache binpkg-dostrip strict fixlafiles parallel-fetch userpriv pid-sandbox usersync config-protect-if-modified unmerge-orphans binpkg-docompress usersandbox sandbox parallel-install qa-unresolved-soname-deps assume-digests unmerge-logs split-elog protect-owned splitdebug compressdebug unknown-features-warn cgroup ipc-sandbox xattr news split-log clean-logs metadata-transfer multilib-strict sign strict-keepdir distlocks merge-sync network-sandbox userfetch binpkg-logs" Not sure if this output is helpful: qfile -o /usr/X11R6/lib/X11/fonts/misc/* /usr/X11R6/lib/X11/fonts/misc/fonts.dir /usr/X11R6/lib/X11/fonts/misc/fonts.scale qfile -v /usr/X11R6/lib/X11/fonts/misc/* | cut -f 1 -d":" | sort | uniq -c | sort -n -k 1 1 app-misc/cmatrix-1.2a-r4 1 media-fonts/font-alias-1.0.3-r1 8 media-fonts/font-mutt-misc-1.0.3-r1 334 media-fonts/font-misc-misc-1.1.2-r1 app-misc/cmatrix-1.2a-r4::gentoo was built with the following: USE="X" ABI_X86="(64)" FEATURES="assume-digests binpkg-docompress binpkg-dostrip binpkg-logs ccache cgroup clean-logs compress-build-logs compressdebug config-protect-if-modified distlocks fixlafiles ipc-sandbox merge-sync metadata-transfer multilib-strict network-sandbox news parallel-fetch parallel-install pid-sandbox preserve-libs protect-owned sandbox sfperms sign split-elog split-log splitdebug strict strict-keepdir unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr" media-fonts/font-alias-1.0.3-r1::gentoo was built with the following: USE="" ABI_X86="(64)" FEATURES="assume-digests binpkg-docompress binpkg-dostrip binpkg-logs ccache cgroup clean-logs compress-build-logs compressdebug config-protect-if-modified distlocks fail-clean fixlafiles ipc-sandbox merge-sync metadata-transfer multilib-strict network-sandbox news parallel-fetch parallel-install pid-sandbox preserve-libs protect-owned sandbox sfperms sign split-elog split-log splitdebug strict strict-keepdir unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr" media-fonts/font-mutt-misc-1.0.3-r1::gentoo was built with the following: USE="X" ABI_X86="(64)" FEATURES="assume-digests binpkg-docompress binpkg-dostrip binpkg-logs cgroup clean-logs compress-build-logs compressdebug config-protect-if-modified distlocks fixlafiles ipc-sandbox merge-sync metadata-transfer multilib-strict network-sandbox news parallel-fetch parallel-install pid-sandbox preserve-libs protect-owned sandbox sfperms sign split-elog split-log splitdebug strict strict-keepdir unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr" media-fonts/font-misc-misc-1.1.2-r1::gentoo was built with the following: USE="X nls" ABI_X86="(64)" FEATURES="assume-digests binpkg-docompress binpkg-dostrip binpkg-logs cgroup clean-logs compress-build-logs compressdebug config-protect-if-modified distlocks fixlafiles ipc-sandbox merge-sync metadata-transfer multilib-strict network-sandbox news parallel-fetch parallel-install pid-sandbox preserve-libs protect-owned sandbox sfperms sign split-elog split-log splitdebug strict strict-keepdir unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr" > > Does it help to set MKFONTDIR=true No change in behaviour Also tested with: MKFONTDIR=1 MKFONTDIR=0 MKFONTDIR=false For completeness, all did the same thing. I might try reinstalling all the packages with files in that dir just to see if it smokes out something.
- Reinstalled app-misc/cmatrix-1.2a-r4 without issue - app-misc/cmatrix-2.0-r1 still fails - Reinstalled media-fonts/font-alias-1.0.3-r1 without issue - app-misc/cmatrix-2.0-r1 still fails - Reinstalled media-fonts/font-mutt-misc-1.0.3-r1 without issue - app-misc/cmatrix-2.0-r1 still fails - Reinstalled media-fonts/font-misc-misc-1.1.2-r1 without issue - app-misc/cmatrix-2.0-r1 still fails So, trying some more aggressive options: - emerge -C app-misc/cmatrix - app-misc/cmatrix-2.0-r1 still fails - USE="-X" emerge =app-misc/cmatrix-2.0-r1 also fails. > cd /usr/X11R6/lib/X11/fonts/ > mv misc misc.old > mkdir misc *still fails* ( And no warnings from Sort of suspecting we're using different FEATURES= :) Clearly no code *should* be invoking mkfontscale for that dir during src_install, the code in pkg_postinst is supposed to handle it. But I can't for the life of me find any code in ${WORKDIR} pertaining to invoking mkfontscale, so my ability to be helpful here is quite limited. The only place I can see mkfontscale mentioned anywhere obvious is in temp/environment's font_xfont_config() > ./temp/environment-font_xfont_config () > ./temp/environment-{ > ./temp/environment- local dir_name; > ./temp/environment- if in_iuse X && use X; then > ./temp/environment- dir_name="${1:-${FONT_PN}}"; > ./temp/environment- rm -f "${ED%/}/${FONTDIR}/${1//${S}/}"/{fonts.{dir,scale},encodings.dir} || die "failed to prepare ${FONTDIR}/${1//${S}/}"; > ./temp/environment- einfo "Creating fonts.scale & fonts.dir in ${dir_name##*/}"; > ./temp/environment: mkfontscale "${ED%/}/${FONTDIR}/${1//${S}/}" || eerror "failed to create fonts.scale"; > ./temp/environment- mkfontdir -e ${EPREFIX}/usr/share/fonts/encodings -e ${EPREFIX}/usr/share/fonts/encodings/large "${ED%/}/${FONTDIR}/${1//${S}/}" || eerror "failed to create fonts.dir"; > ./temp/environment- [[ -e fonts.alias ]] && doins fonts.alias; > ./temp/environment- fi > ./temp/environment-} Which is called in font_src_install But the parameters reported by sandbox don't come from this invocation either ... Which is called in src_install: > ./build-info/cmatrix-2.0-r1.ebuild-src_install() { > ./build-info/cmatrix-2.0-r1.ebuild- cmake_src_install > ./build-info/cmatrix-2.0-r1.ebuild: font_src_install > ./build-info/cmatrix-2.0-r1.ebuild- doman ${PN}.1 > ./build-info/cmatrix-2.0-r1.ebuild-}
Oh, I see, that's .... helpful, 'mkfontsdir' is just a script that calls mkfontscale. Thanks sandbox for giving a useless stacktrace. I'd be patching that whole Makefile.am not to do that, it looks clearly wrong to do this on gentoo during src_install: > $(MKFONTDIR) /usr/lib/X11/fonts/misc Like, the only way I can see that not causing a sandbox violation, is if you have sandboxing disabled.
(In reply to Kent Fredric (IRC: kent\n) from comment #4) > Oh, I see, that's .... helpful, 'mkfontsdir' is just a script that calls > mkfontscale. > > Thanks sandbox for giving a useless stacktrace. > > I'd be patching that whole Makefile.am not to do that, Only we aren't using autotools in the 2.0 ebuild, but cmake. :-)
Created attachment 634980 [details, diff] files/cmatrix-2.0-mkfontdir.patch Does this help?
Created attachment 635078 [details, diff] patch.diff (In reply to Jeroen Roovers from comment #6) > Created attachment 634980 [details, diff] [details, diff] > files/cmatrix-2.0-mkfontdir.patch > > Does this help? Nope :/ -- Running mkfontdir //usr/X11R6/lib/X11/fonts/misc ... * ACCESS DENIED: fopen_wr: /usr/X11R6/lib/X11/fonts/misc/fonts.dir //usr/X11R6/lib/X11/fonts/misc/fonts.dir: fopen(w): Permission denied It does the exact same thing, but with an extra "/" , and that's naturally because "${DESTDIR}" is still resolving to a path outside the sandbox. Even assuming this code could be reworked to modify a path under ${D} instead, it would be useless, because portage installing a "fonts.dir" from ${D} to ${ROOT} can't be imagined to be useful. That file would have to be nuked prior to portage doing the copy, hence why it seems more logical to just remove this code. After doing what's in the attached patch, it does install just fine. The only residual problems are: * The ebuild is installing to one or more unexpected paths: * * /usr/X11R6 * * Please fix the ebuild to use correct FHS/Gentoo policy paths. * QA Notice: This ebuild installs into the following deprecated directories: * * usr/X11R6 * Which is reasonably bad. And I can't do anything to get either cmatrix -x or cmatrix -l to work, though, cmatrix -x never seemed to work for me, but cmatrix -l did.
Hmm, I may have just stumbled onto why you can't reproduce under sandbox. I had, for some reason: /usr/X11R6/lib/X11/ Which contained a symlink "fonts" to /usr/share/fonts After applying my patch, and installing cmatrix, and removing cmatrix, portage reaped that symlink and its parent dirs. After that, cmatrix wouldn't fail ( but it would also never install mtx.pcf )
(In reply to Kent Fredric (IRC: kent\n) from comment #8) > Hmm, I may have just stumbled onto why you can't reproduce under sandbox. > > I had, for some reason: > > /usr/X11R6/lib/X11/ > > Which contained a symlink "fonts" to /usr/share/fonts How old is that install? :-) > > After applying my patch, and installing cmatrix, and removing cmatrix, > portage reaped that symlink and its parent dirs. > > After that, cmatrix wouldn't fail ( but it would also never install mtx.pcf ) I would rather not take out the mkfontdir stuff. Perhaps it would help to limit X_FONTS_DIRS to just the (currently) canonical directory?
(In reply to Jeroen Roovers from comment #9) > (In reply to Kent Fredric (IRC: kent\n) from comment #8) > > Hmm, I may have just stumbled onto why you can't reproduce under sandbox. > > > > I had, for some reason: > > > > /usr/X11R6/lib/X11/ > > > > Which contained a symlink "fonts" to /usr/share/fonts > > How old is that install? :-) I've had it since 2008, with incremental updates :) But I suspect at some point I *may* have created that directory myself to appease some program that was looking in the wrong place that I couldn't otherwise fix. > I would rather not take out the mkfontdir stuff. Perhaps it would help to > limit X_FONTS_DIRS to just the (currently) canonical directory? Well, as I mentioned: > it would also never install mtx.pcf Without this symlink/dir in place, it doesn't install mtx.pcf at all, as _none_ of the paths in CMakeLists.txt exist. If I create the only one which is a subdir of our accepted paths: > sudo mkdir -p /usr/share/fonts/X11/misc Then the sandbox violation comes straight back. So the patching as you suggest probably won't fix the problem. -- Installing: /var/tmp/portage/app-misc/cmatrix-2.0-r1/image/usr/share/fonts/X11/misc/mtx.pcf -- Running mkfontdir /usr/share/fonts/X11/misc ... * ACCESS DENIED: fopen_wr: /usr/share/fonts/X11/misc/fonts.dir /usr/share/fonts/X11/misc/fonts.dir: fopen(w): Permission denied Are you sure you can demonstrate mtx.pcf getting installed for you at all under sandbox? Perhaps it needs to install to ${D}/usr/share/fonts/cmatrix/ And run mkfontsdir ${D}/usr/share/fonts/cmatrix/ And then at least you don't have to worry about multiple packages trying to "own" those files. app-misc/cmatrix: /usr/share/fonts/cmatrix/fonts.dir app-misc/cmatrix: /usr/share/fonts/cmatrix/fonts.scale app-misc/cmatrix: /usr/share/fonts/cmatrix/encodings.dir ^ just needs a file in here :)
