| View previous topic :: View next topic |
| Author |
Message |
Guest
|
 Posted: Tue May 07, 2002 4:21 pm Post subject: Major texmf problems lately |
 |
|
I'm not sure what's been going on with all the problems in the texmf system lately. I've been getting tons of "ACCESS DENIED" errors when trying to do an "emerge --update world" while trying to install t1lib. It looks as if texmf is trying to update some fonts or something. Why should access to anything be denied to root? Is the ebuild process for texmf su-ing to another user?
Also guys, what's with the almost daily updates to Portage lately? Are there still that many bugs being squashed that we need to be drastically rebuilding the OS every day like this?
I love the speed and (overall) stability of my gentoo system, but ever time I do an "emerge --update system", I get a little bit nervous seeing messages that Gentoo is switching database formats. I mean, it's fine when a distro is new to go through a little upheaval every now and then, but I've been using Gentoo for about 3 months now, and I think in order for it to become a mature and respected distro you guys are going to need to focus on setting standards that won't change randomly whenever a package maintainer decides to randomly fuck up his configuration.
I just wish sometimes that major architecture changes would go through some type of change management process. Last month when you guys decided to re-architect the whole Apache/PHP structure you majorly fucked up my box. Doing an emerge --update should _NEVER_ break configs... Turns out the new Apache located config files under /etc/apache instead of /etc/httpd, so even though my config files hadn't changed or been moved, they may as well have been because the next time I restarted Apache my config was not being read.
I will admit the new Apache structure works better than the old way, but you guys should understand that some of us use Gentoo on production systems (yeah, I know, how foolish of us...  ) Anyhow, props for running the best distro out there, let's just take it to the next level and make it stable, ok? 
Thanks guys. |
|
| Back to top |
|
 |
Guest
|
| Posted: Tue May 07, 2002 8:19 pm Post subject: No ideas? |
|
|
Any ideas yet? This is the output from my "emerge t1lib". Note, this also happens when I try to "emerge gocr", the OCR software that I'd also like to use:
The "make" completes succesfully, then during the install, I get this:
>>> Install t1lib-1.3.1 into /home/tmp/portage/t1lib-1.3.1/image/ category media
-libs
X
strip:
/home/tmp/portage/t1lib-1.3.1/image/usr/lib/libt1x.so.1.3.1
/home/tmp/portage/t1lib-1.3.1/image/usr/lib/libt1.so.1.3.1
>>> Completed installing into /home/tmp/portage/t1lib-1.3.1/image/
--------------------------- ACCESS VIOLATION SUMMARY ---------------------------
LOG FILE = "/tmp/sandbox-t1lib-1.3.1-27010.log"
rename: /usr/share/texmf/fonts/pk/ljfour/public/cm/pk28605.tmp
open_wr: /usr/share/texmf/fonts/pk/ljfour/public/cm/pk28605.tmp
rename: /usr/share/texmf/fonts/pk/ljfour/public/cm/pk28763.tmp
open_wr: /usr/share/texmf/fonts/pk/ljfour/public/cm/pk28763.tmp
rename: /usr/share/texmf/fonts/pk/ljfour/public/cm/pk28965.tmp
open_wr: /usr/share/texmf/fonts/pk/ljfour/public/cm/pk28965.tmp
rename: /usr/share/texmf/fonts/pk/ljfour/public/cm/pk29145.tmp
open_wr: /usr/share/texmf/fonts/pk/ljfour/public/cm/pk29145.tmp
rename: /usr/share/texmf/fonts/pk/ljfour/public/cm/pk29234.tmp
open_wr: /usr/share/texmf/fonts/pk/ljfour/public/cm/pk29234.tmp
rename: /usr/share/texmf/fonts/pk/ljfour/public/cm/pk29365.tmp
open_wr: /usr/share/texmf/fonts/pk/ljfour/public/cm/pk29365.tmp
rename: /usr/share/texmf/fonts/pk/ljfour/public/cm/pk29503.tmp
open_wr: /usr/share/texmf/fonts/pk/ljfour/public/cm/pk29503.tmp
rename: /usr/share/texmf/fonts/pk/ljfour/public/cm/pk29683.tmp
open_wr: /usr/share/texmf/fonts/pk/ljfour/public/cm/pk29683.tmp
rename: /usr/share/texmf/fonts/pk/ljfour/public/cm/pk29772.tmp
open_wr: /usr/share/texmf/fonts/pk/ljfour/public/cm/pk29772.tmp
rename: /usr/share/texmf/fonts/pk/ljfour/public/cm/pk29952.tmp
open_wr: /usr/share/texmf/fonts/pk/ljfour/public/cm/pk29952.tmp
rename: /usr/share/texmf/fonts/pk/ljfour/public/cm/pk30132.tmp
open_wr: /usr/share/texmf/fonts/pk/ljfour/public/cm/pk30132.tmp
rename: /usr/share/texmf/fonts/pk/ljfour/public/cm/pk30312.tmp
open_wr: /usr/share/texmf/fonts/pk/ljfour/public/cm/pk30312.tmp
rename: /usr/share/texmf/fonts/pk/ljfour/public/cm/pk30583.tmp
open_wr: /usr/share/texmf/fonts/pk/ljfour/public/cm/pk30583.tmp
rename: /usr/share/texmf/fonts/pk/ljfour/public/cm/pk30672.tmp
open_wr: /usr/share/texmf/fonts/pk/ljfour/public/cm/pk30672.tmp
rename: /usr/share/texmf/fonts/pk/ljfour/public/cm/pk30852.tmp
open_wr: /usr/share/texmf/fonts/pk/ljfour/public/cm/pk30852.tmp
rename: /usr/share/texmf/fonts/pk/ljfour/public/cm/pk30941.tmp
open_wr: /usr/share/texmf/fonts/pk/ljfour/public/cm/pk30941.tmp
rename: /usr/share/texmf/fonts/pk/ljfour/public/cm/pk31030.tmp
open_wr: /usr/share/texmf/fonts/pk/ljfour/public/cm/pk31030.tmp
rename: /usr/share/texmf/fonts/pk/ljfour/public/cm/pk31119.tmp
open_wr: /usr/share/texmf/fonts/pk/ljfour/public/cm/pk31119.tmp
rename: /usr/share/texmf/fonts/pk/ljfour/public/cm/pk31213.tmp
open_wr: /usr/share/texmf/fonts/pk/ljfour/public/cm/pk31213.tmp
rename: /usr/share/texmf/fonts/pk/ljfour/public/cm/pk31302.tmp
open_wr: /usr/share/texmf/fonts/pk/ljfour/public/cm/pk31302.tmp
rename: /usr/share/texmf/fonts/pk/ljfour/public/cm/pk31477.tmp
open_wr: /usr/share/texmf/fonts/pk/ljfour/public/cm/pk31477.tmp
--------------------------------------------------------------------------------
!!! emerge aborting on /usr/portage/media-libs/t1lib/t1lib-1.3.1.ebuild . |
|
| Back to top |
|
|
chadh
Moderator
Joined: 21 Apr 2002
Posts: 137
Location: Atlanta, GA
|
| Posted: Tue May 07, 2002 9:07 pm Post subject: |
|
|
Please submit this on https://bugs.gentoo.org if it is not already there (you can also take a look there to see just how many bugs remain that need to be squished). No ebuild should try to write outside of the sandbox (/var/tmp/portage), and that is what is happening here. It is not a matter of root not having permissions; if you want to install this package anyway, then just edit your FEATURES var in /etc/make.conf to read FEATURES="-sandbox". If you still get the errors, then rm /etc/ld.so.preload and try again.
_________________
Chad |
|
| Back to top |
|
|
Guest
|
| Posted: Wed May 08, 2002 1:08 am Post subject: texmf and Sandbox |
|
|
This makes sense to me. It appears that texmf and other packages need to "recompile" (or whatever it is that they do) some fonts. They of course try to access the ordinary root partition and don't honor the build-time arguments that emerge is passing to tell the package to use a sandbox.
My proposed solution: Run the build process in a chrooted jail. Has this been thought of before? It looks like the developer of this ebuild either has -sandbox already set, or just never bothered to test the ebuild process. Isn't this very insecure, and basically invalidates all security you might gain from using a build-time sandbox in the first place? Gentoo right now will allow any runtime makefile to say, patch a rootkit into my root filesystem!?!? 
This is bad.... |
|
| Back to top |
|
|
chadh
Moderator
Joined: 21 Apr 2002
Posts: 137
Location: Atlanta, GA
|
| Posted: Wed May 08, 2002 2:02 am Post subject: |
|
|
The sandbox is essentially that. It prevents packages from touching your actual filesystem. The fix for this ebuild will probably be to do the font twiddling in post_install, which is a routine in the ebuild that can be allowed to write outside the sandbox. The idea is that we (the Gentoo dev team) write anything that goes in post_install, so it won't be malicious.
You are right, though, that it appears that whoever committed that ebuild did not have the sandbox set, which is a problem. I'll look into it.
_________________
Chad |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Portage & Programming
