I am trying to build harfbuzz using a recent gentooo docker image. I've attached a build.log that shows the error Reproducible: Didn't try Steps to Reproduce: 1. emerge harfbuzz Actual Results: build fails Expected Results: build does not fail Some of the dependencies were installed as binpkgs - I've attached the emerge output that shows all the packages that were installed.
Created attachment 793244 [details] build.log
Created attachment 793247 [details] emerge plan
ldd: exited with unknown exit code (134) Traceback (most recent call last): File "/usr/bin/g-ir-scanner", line 99, in <module> sys.exit(scanner_main(sys.argv)) File "/usr/lib64/gobject-introspection/giscanner/scannermain.py", line 609, in scanner_main shlibs = create_binary(transformer, options, args) File "/usr/lib64/gobject-introspection/giscanner/scannermain.py", line 434, in create_binary shlibs = resolve_shlibs(options, binary, options.libraries) File "/usr/lib64/gobject-introspection/giscanner/shlibs.py", line 170, in resolve_shlibs _resolve_non_libtool(options, binary, non_libtool)) File "/usr/lib64/gobject-introspection/giscanner/shlibs.py", line 106, in _resolve_non_libtool output = subprocess.check_output(args) File "/usr/lib/python3.10/subprocess.py", line 420, in check_output return run(*popenargs, stdout=PIPE, timeout=timeout, check=True, File "/usr/lib/python3.10/subprocess.py", line 524, in run raise CalledProcessError(retcode, process.args, subprocess.CalledProcessError: Command '['ldd', '/var/tmp/portage/media-libs/harfbuzz-4.3.0/work/harfbuzz-4.3.0-abi_x86_64.amd64/tmp-introspect54xkr0qj/HarfBuzz-0.0']' returned non-zero exit status 1. ldd exited with.. SIGABRT? Check dmesg/coredumpctl? What happens if you run that command manually: ldd /var/tmp/portage/media-libs/harfbuzz-4.3.0/work/harfbuzz-4.3.0-abi_x86_64.amd64/tmp-introspect54xkr0qj/HarfBuzz-0.0
oh, right, ionen pointed out the sandbox issues: * /var/tmp/portage/sys-apps/sandbox-2.29/work/sandbox-2.29/libsandbox/trace.c:do_peekstr():134: failure (Operation not permitted): * ISE:do_peekstr:process_vm_readv(139434, 0x00007ffdb82dddc0{0x00007fe0185df010, 0x640}, 1, 0x00007ffdb82dddd0{0x00000000f7f6d9c0, 0x640}, 1, 0) failed: Operation not permitted * /var/tmp/portage/sys-apps/sandbox-2.29/work/sandbox-2.29/libsandbox/trace.c:do_peekstr():134: failure (Operation not permitted): * ISE:do_peekstr:process_vm_readv(139436, 0x00007ffdb82dddc0{0x00007fe0185df010, 0xde0}, 1, 0x00007ffdb82dddd0{0x00007f1ffa4fa220, 0xde0}, 1, 0) failed: Operation not permitted Depending on the settings used w/ Docker, you'll need to disable some sandboxing.
> ldd exited with.. SIGABRT? Check dmesg/coredumpctl? I also found this very surprising > What happens if you run that command manually: Seems to work fine - this is a different run, so the hash in the `tmp-XXXX` folder is different, but I had the same build failure in this run as in the build.log I posted. For posterity, I'll upload this second build.log as well dd2d1ad221d4 / # ldd /var/tmp/portage/media-libs/harfbuzz-4.3.0/work/harfbuzz-4.3.0-abi_x86_64.amd64/tmp-introspecta21oobev/HarfBuzz-0.0 linux-vdso.so.1 (0x00007ffd647f4000) libharfbuzz-gobject.so.0 => /var/tmp/portage/media-libs/harfbuzz-4.3.0/work/harfbuzz-4.3.0-abi_x86_64.amd64/src/libharfbuzz-gobject.so.0 (0x00007f938ba05000) libharfbuzz.so.0 => /var/tmp/portage/media-libs/harfbuzz-4.3.0/work/harfbuzz-4.3.0-abi_x86_64.amd64/src/libharfbuzz.so.0 (0x00007f938b900000) libglib-2.0.so.0 => /usr/lib64/libglib-2.0.so.0 (0x00007f938b7c0000) libgobject-2.0.so.0 => /usr/lib64/libgobject-2.0.so.0 (0x00007f938b760000) libm.so.6 => /lib64/libm.so.6 (0x00007f938b685000) libfreetype.so.6 => /usr/lib64/libfreetype.so.6 (0x00007f938b5ba000) libgraphite2.so.3 => /usr/lib64/libgraphite2.so.3 (0x00007f938b594000) libgirepository-1.0.so.1 => /usr/lib64/libgirepository-1.0.so.1 (0x00007f938b55c000) libgio-2.0.so.0 => /usr/lib64/libgio-2.0.so.0 (0x00007f938b37b000) libgmodule-2.0.so.0 => /usr/lib64/libgmodule-2.0.so.0 (0x00007f938b375000) libc.so.6 => /lib64/libc.so.6 (0x00007f938b17c000) libpcre.so.1 => /lib64/libpcre.so.1 (0x00007f938b103000) libffi.so.8 => /usr/lib64/libffi.so.8 (0x00007f938b0f7000) /lib64/ld-linux-x86-64.so.2 (0x00007f938ba2d000) libbz2.so.1 => /lib64/libbz2.so.1 (0x00007f938b0e4000) libpng16.so.16 => /usr/lib64/libpng16.so.16 (0x00007f938b0ac000) libz.so.1 => /lib64/libz.so.1 (0x00007f938b092000) libmount.so.1 => /lib64/libmount.so.1 (0x00007f938b032000) libblkid.so.1 => /lib64/libblkid.so.1 (0x00007f938afda000)
Created attachment 793250 [details] second build.log
Haven't went through this much but probably some info in $URL, seems to be the same do_peekstr (thought was ptrace at first).
> Depending on the settings used w/ Docker, you'll need to disable some sandboxing. I can confirm that disabling "some sanboxing" fixes the build error. Not sure which of these fixed it: FEATURES="-sandbox -network-sandbox -ipc-sandbox -pid-sandbox -usersandbox" I think it was pid-sandbox but I can't be certain.
> Haven't went through this much but probably some info in $URL, seems to be the same do_peekstr (thought was ptrace at first). I was able to resolve my issue by disabling some sandboxing (see https://bugs.gentoo.org/860153#c8) I'm not sure if based on your comment I should keep this bug open or not though.
