Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 88683 - dev-php/PEAR-DB-1.6.8 and other PEAR packages sandbox violation
Summary: dev-php/PEAR-DB-1.6.8 and other PEAR packages sandbox violation
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: New packages (show other bugs)
Hardware: All Linux
: Highest normal (vote)
Assignee: PHP Bugs
: 88849 88857 90315 90524 (view as bug list)
Depends on:
Reported: 2005-04-11 00:59 UTC by Jakub Moc (RETIRED)
Modified: 2005-05-08 22:42 UTC (History)
11 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Jakub Moc (RETIRED) gentoo-dev 2005-04-11 00:59:52 UTC
>>> Install PEAR-DB-1.6.8 into /var/tmp/portage/PEAR-DB-1.6.8/image/ category dev-php
install ok: DB 1.6.8
ACCESS DENIED  rename:    /var/lib/net-snmp/snmpapp.conf
No log handling enabled - turning on stderr logging
Cannot rename //var/lib/net-snmp/snmpapp.conf to //var/lib/net-snmp/snmpapp.0.conf
ACCESS DENIED  unlink:    /var/lib/net-snmp/snmpapp.conf
Cannot unlink //var/lib/net-snmp/snmpapp.conf
ACCESS DENIED  open_wr:   /var/lib/net-snmp/snmpapp.conf
read_config_store open failure on //var/lib/net-snmp/snmpapp.conf
ACCESS DENIED  open_wr:   /var/lib/net-snmp/snmpapp.conf
read_config_store open failure on //var/lib/net-snmp/snmpapp.conf
ACCESS DENIED  open_wr:   /var/lib/net-snmp/snmpapp.conf
read_config_store open failure on //var/lib/net-snmp/snmpapp.conf
strip: i686-pc-linux-gnu-strip --strip-unneeded
>>> Completed installing PEAR-DB-1.6.8 into /var/tmp/portage/PEAR-DB-1.6.8/image/

--------------------------- ACCESS VIOLATION SUMMARY ---------------------------
LOG FILE = "/tmp/sandbox-dev-php_-_PEAR-DB-1.6.8-15030.log"

rename:    /var/lib/net-snmp/snmpapp.conf
unlink:    /var/lib/net-snmp/snmpapp.conf
open_wr:   /var/lib/net-snmp/snmpapp.conf
open_wr:   /var/lib/net-snmp/snmpapp.conf
open_wr:   /var/lib/net-snmp/snmpapp.conf

Reproducible: Always
Steps to Reproduce:
1. emerge =dev-php/PEAR-DB-1.6.8

Actual Results:  
PEAR-DB not installed. 

Expected Results:  
Emerge successfully. ;-)

# emerge info
Portage (default-linux/x86/2005.0, gcc-3.3.5-20050130,
glibc-, 2.6.11-gentoo-r4 i686)
System uname: 2.6.11-gentoo-r4 i686 AMD Athlon(tm) XP 2200+
Gentoo Base System version 1.6.10
Python:              dev-lang/python-2.3.4-r1 [2.3.4 (#2, Feb  7 2005, 10:01:40)]
ccache version 2.3 [enabled]
dev-lang/python:     2.3.4-r1
sys-devel/autoconf:  2.59-r6, 2.13
sys-devel/automake:  1.7.9-r1, 1.8.5-r3, 1.5, 1.4_p6, 1.6.3, 1.9.4
sys-devel/libtool:   1.5.14
CFLAGS="-O3 -march=athlon-xp -pipe -fomit-frame-pointer"
CONFIG_PROTECT="/etc /opt/glftpd/etc /usr/kde/2/share/config
/usr/kde/3/share/config /usr/share/config /var/bind /var/qmail/control"
CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d"
CXXFLAGS="-O3 -march=athlon-xp -pipe -fomit-frame-pointer"
FEATURES="autoaddcvs autoconfig ccache collision-protect distlocks makecheck
sandbox sfperms userpriv usersandbox"
USE="x86 3dnow acpi alsa apache2 apm arts avi bash-completion berkdb
bitmap-fonts crypt curl emboss encode fbcon firebird foomaticdb fortran gd
gd-external gdbm gif gpm gtk2 imap imlib innodb java jpeg junit libg++ libwww
mad maildir mikmod mmx motif mp3 mpeg mysql ncurses nls nptl nptlonly odbc
oggvorbis opengl oss pam pdflib perl png pnp postgres python quicktime readline
sasl sdl slang snmp socks5 spell sqlite sse ssl svga tcpd tiff truetype
truetype-fonts type1-fonts unicode xml xml2 xmms xv zlib"
Comment 1 Jakub Moc (RETIRED) gentoo-dev 2005-04-11 01:17:38 UTC
Same result for PEAR-Auth_SASL-1.0.1, PEAR-Net_SMTP-1.2.6 and probably many other PEAR packages. :-/
Comment 2 Sebastian Bergmann (RETIRED) gentoo-dev 2005-04-11 01:24:41 UTC
I cannot reproduce with

  FEATURES="sandbox" emerge PEAR-DB

Besides that, the PECL and PEAR ebuilds only act as a wrapper for the PEAR Installer an call "pear install <package>". To the best of my knowledge the PEAR Installer will not touch and file it did not install itself and certainly not files like /var/lib/net-snmp/snmpapp.conf.
Comment 3 Jakub Moc (RETIRED) gentoo-dev 2005-04-11 01:34:41 UTC
I tried without userpriv and usersandbox, but it does not help - same result. 

This is after upgrade to 4.3.11. Upgrading to 4.3.11 unmerges a lot of PEAR packages. This is what I get with 4.3.10 and 4.3.10-r1:

 # pear list
Installed packages:
Package        Version State
Archive_Tar    1.1     stable
Console_Getopt 1.2     stable
DB             1.6.2   stable
HTTP           1.2.2   stable
Mail           1.1.3   stable
Net_SMTP       1.2.6   stable
Net_Socket     1.0.1   stable
PEAR           1.3.2   stable
XML_Parser     1.0.1   stable
XML_RPC        1.1.0   stable

Now with 4.3.11:

# pear list
Installed packages:
Package              Version State
Archive_Tar          1.1     stable
Console_Getopt       1.2     stable
HTML_Template_IT     1.1     stable
Net_UserAgent_Detect 2.0.1   stable
PEAR                 1.3.5   stable
XML_RPC              1.2.2   stable

Itself this would not be a problem (some advice on this result of upgrade would be useful though) but the sandbox violation is bad. This probably seems related to php/mod_php emerged USE="snmp". 
Comment 4 Stuart Herbert (RETIRED) gentoo-dev 2005-04-11 02:02:36 UTC
This problem is related to php-4.3.11.  I spent a couple of hours digging into it last night, but didn't track down the culprit code.  I'm still looking, and hopefully will get to the bottom of it soon.

In the meantime, add this:

    addpredict /var/lib/net-snmp/

to the pear eclass's src_install() as a workaround.  PHP won't be able to write to the file (so you'll see some warnings on the screen), but the install will succeed.

Best regards,
Comment 5 Jakub Moc (RETIRED) gentoo-dev 2005-04-11 02:13:38 UTC
Wow, thanks, Stuart! 

Now it f*cks up on FEATURES="collision-protect" but this can be easily "fixed" ;-)

* checking 63 files for package collisions
existing file /usr/lib/php/php/.filemap is not owned by this package
existing file /usr/lib/php/php/.lock is not owned by this package
* spent 0.0195341110229 seconds checking for file collisions
* This package is blocked because it wants to overwrite
* files belonging to other packages (see messages above).
* If you have no clue what this is all about report it
* as a bug for this package on

package dev-php/PEAR-DB-1.6.8 NOT merged

Now I finally got success, emerged it and cron stopped spitting out an annoying email with error message every five minutes (I am using a PHP script to move spam to DB email quarantine).
Comment 6 Sebastian Bergmann (RETIRED) gentoo-dev 2005-04-11 02:24:01 UTC
The issue with FEATURES="collision-protect" should be gone once we have separated PECL and PEAR from PHP itself.
Comment 7 Jakub Moc (RETIRED) gentoo-dev 2005-04-11 02:33:26 UTC
Sebastian: Sure, no problem. You can close this bug if you want - or wait until Stuart figures it out ;-)

Thanks to everyone.
Comment 8 Jakub Moc (RETIRED) gentoo-dev 2005-04-12 08:37:46 UTC
Found a link to fix in Bug 88857. Upstream does not consider this to be a bug so this probably won
Comment 9 Jakub Moc (RETIRED) gentoo-dev 2005-04-12 08:37:46 UTC
Found a link to fix in Bug 88857. Upstream does not consider this to be a bug so this probably won´t be fixed there. 

Besides, mod_php-{4.3.11,4.3.11-r1} should depend on >=net-snmp-5.2.1.
Comment 10 Seth Robertson 2005-04-12 09:19:19 UTC
*** Bug 88849 has been marked as a duplicate of this bug. ***
Comment 11 Jakub Moc (RETIRED) gentoo-dev 2005-04-13 16:14:04 UTC
*** Bug 88857 has been marked as a duplicate of this bug. ***
Comment 12 Hunter Cook 2005-04-25 19:45:45 UTC
Ok, sorry for coming up here sounding like a fool, but what's the story here? I've got my system screwed up the same way, or maybe more, but anyway I'm getting the same errors when I try to install PEAR-DB, which is new on my system but now required. I see that you all seem to have maybe fixed them yourselves, but not for the general public? I don't quite understand how to perform the fix (well, ok, more specifically I don't know where "the pear eclass's src_install()" is), but I also can't decide from the bug whether I should just sit back and wait until it gets fixed by the package maintainers. Is it something that's going to be fixed directly, and I should just wait, or do I need to go ahead and work around it, and if the latter, how?

Also, do you guys figure this is related to the php weirdness I've been having? I upgraded to 4.3.11 when it came into x86, and about a week later I noticed all my previously-working php was segfaulting. So was 'php -i' and anything else php from the command line (mod_php was working fine). I tried to remerge, and that segfaulted too. Nothing I tried to fix it worked, until I rebooted the box on a whim. Then the remerge worked fine and it didn't segfault. So I went on about my business...that was about a week ago, and nothing bad happened until this morning, when I noticed that everything segfaulted again. Rebooting the box fixed it, and was the first thing I tried. How crazy is that?

But anyway, that whole time (well, starting right after the successful php build following the first reboot) I haven't been able to build PEAR-DB for the same reasons cited by this bug.
Comment 13 Jakub Moc (RETIRED) gentoo-dev 2005-04-26 02:30:09 UTC
Comment #11: See Comment #4 - just pust that line into /usr/portage/eclass/php-pear.eclass to php_pear_src_install ()

P.S. If you have PHP randomly segfaulting then it is not this bug but possibly a broken hardware.
Comment 14 Jakub Moc (RETIRED) gentoo-dev 2005-04-26 02:33:24 UTC
PHP herd - could someone implement the eclass workaround now? Does not look like a real fix will be available anytime soon and Stuart is probably away now.
Comment 15 Jakub Moc (RETIRED) gentoo-dev 2005-04-26 12:53:57 UTC
*** Bug 90524 has been marked as a duplicate of this bug. ***
Comment 16 Hunter Cook 2005-04-26 19:29:35 UTC
Thanks Jakub, that was just the clarification I was looking for; built fine with that edit.

Figured it was a long shot on the PHP weirdness, but thought I'd ask anyhow. Don't know about the hardware failure; there has been absolutely no other strange behavior on the box. But I'm looking into it; too bad it's a colo that I lack physical access to.

Anyway, thanks again for the help.
Comment 17 Jesse Adelman 2005-05-02 15:30:48 UTC
So, can the fix be placed in Portage sometime soon? Thanks!
Comment 18 Daniel Webert 2005-05-05 07:32:10 UTC
ping - a fix plz

net-analyzer/net-snmp-5.2.1 stable
dev-php/mod_php-4.3.11 stable
alot dev-php/pear-pkg stable, but NOT working

and a open bug for 4 weeks :(
Comment 19 Sebastian Bergmann (RETIRED) gentoo-dev 2005-05-05 21:39:14 UTC
I committed Stuart's patch for the php-pear.eclass.
Comment 20 Sebastian Bergmann (RETIRED) gentoo-dev 2005-05-08 22:42:12 UTC
Comment 21 Sebastian Bergmann (RETIRED) gentoo-dev 2005-05-08 22:42:24 UTC
*** Bug 90315 has been marked as a duplicate of this bug. ***