Re: [gentoo-alt] rap prefix - glibc-2.26-r3

Tue, 28 Nov 2017 20:11:47 -0800 

Hi Steven,

Steven Trogdon <[email protected]> writes:

> Upgraded my prefix rap today doing:
>
> emerge -1 portage
> emerge -uDN system
>
> I don't think the portage upgrade is the issue since the system proceeded to
> upgrade, although with numerous warnings like:
>
> portage: 'portage' user or group missing.
>          For the defaults, line 1 goes into passwd, and 2 into group.
>          portage:x:250:250:portage:/var/tmp/portage:/bin/false
>          portage::250:portage
> *** WARNING ***  For security reasons, only system administrators should be
> *** WARNING ***  allowed in the portage group.  Untrusted users or processes
> *** WARNING ***  can potentially exploit the portage group for attacks such as
> *** WARNING ***  local privilege escalation.

The two seem to be related.

> I'm now unable to emerge anything. I think the culprit is the upgrade
> of glibc from 2.25-r9 -> 2.26-r3 although it could be something else. Prior to
> the upgrade getent <group | passwd> was parsing EPREFIX/etc/<group | passwd> 
> for
> group and passwd info. It clearly is now parsing /etc/<group | passwd>. And I
> have no control over what is under /etc. 

Do you have a binary backup of glibc-2.25 to rollback?  If so, it can be
used to rollback.  Otherwise another possible fix is available below.

> In fact the host getent parses db files in a non-standard location to
> get group/passwd info. When I attempt to emerge I get things like
>
> !!! Directory initialization failed:
> '/storage/strogdon/gentoo-rap/var/lib/portage' !!!
> chown('/storage/strogdon/gentoo-rap/var/lib/portage', -1, 0) !!! Directory
> initialization failed: '/storage/strogdon/gentoo-rap/var/cache/edb' !!!
> chown('/storage/strogdon/gentoo-rap/var/cache/edb', -1, 0) [Errno 1] Operation
> not permitted:
> [...]
> done!
>
> and the emerge fails.
>
> From within prefix
> id
> uid=105600 gid=925 groups=925
>
> From the host
> id
> uid=105600(strogdon) gid=925(math) groups=925(math)
>
> Looking for things to try without re-installing prefix[rap].

From glibc-2.26, the path /etc/passwd is handled by another file.  I
have just made a fix at 

  
https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ab2e3a4026e093e0cf17b46b5bcc308a861f93c8

To recover with the fixed glibc-2.26, one solution has been explored in the
IRC:

  export PORTAGE_INST_UID=105600 PORTAGE_INST_GID=925 PORTAGE_GRPNAME=math
  emerge --oneshot sys-libs/glibc

Yours,
Benda

Attachment: signature.asc
Description: PGP signature

Reply via email to