1 |
Thanks Benda for the suggestions. However, to get things to work here I had to |
2 |
get the system admin to modify the host /etc/{group, passwd} files and that |
3 |
enabled me to emerge sys-libs/glibc with your prefixify changes through |
4 |
modification to linux-standalone/profile.bashrc. Things seem to be 'good' now. |
5 |
By the way, I'm just over the border relative to kernels on the host |
6 |
|
7 |
uname -a |
8 |
Linux blitzen 3.2.0-4-amd64 #1 SMP Debian 3.2.88-1 x86_64 Intel(R) Xeon(R) CPU |
9 |
E5-1650 0 @ 3.20GHz GenuineIntel GNU/Linux |
10 |
|
11 |
Steve |
12 |
|
13 |
On Wed, 29 Nov 2017 13:11:05 +0900 |
14 |
Benda Xu <heroxbd@g.o> wrote: |
15 |
|
16 |
> Hi Steven, |
17 |
> |
18 |
> Steven Trogdon <strogdon@×××××.edu> writes: |
19 |
> |
20 |
> > Upgraded my prefix rap today doing: |
21 |
> > |
22 |
> > emerge -1 portage |
23 |
> > emerge -uDN system |
24 |
> > |
25 |
> > I don't think the portage upgrade is the issue since the system proceeded to |
26 |
> > upgrade, although with numerous warnings like: |
27 |
> > |
28 |
> > portage: 'portage' user or group missing. |
29 |
> > For the defaults, line 1 goes into passwd, and 2 into group. |
30 |
> > portage:x:250:250:portage:/var/tmp/portage:/bin/false |
31 |
> > portage::250:portage |
32 |
> > *** WARNING *** For security reasons, only system administrators should be |
33 |
> > *** WARNING *** allowed in the portage group. Untrusted users or processes |
34 |
> > *** WARNING *** can potentially exploit the portage group for attacks such |
35 |
> > as *** WARNING *** local privilege escalation. |
36 |
> |
37 |
> The two seem to be related. |
38 |
> |
39 |
> > I'm now unable to emerge anything. I think the culprit is the upgrade |
40 |
> > of glibc from 2.25-r9 -> 2.26-r3 although it could be something else. Prior |
41 |
> > to the upgrade getent <group | passwd> was parsing EPREFIX/etc/<group | |
42 |
> > passwd> for group and passwd info. It clearly is now parsing /etc/<group | |
43 |
> > passwd> passwd>. And I |
44 |
> > have no control over what is under /etc. |
45 |
> |
46 |
> Do you have a binary backup of glibc-2.25 to rollback? If so, it can be |
47 |
> used to rollback. Otherwise another possible fix is available below. |
48 |
> |
49 |
> > In fact the host getent parses db files in a non-standard location to |
50 |
> > get group/passwd info. When I attempt to emerge I get things like |
51 |
> > |
52 |
> > !!! Directory initialization failed: |
53 |
> > '/storage/strogdon/gentoo-rap/var/lib/portage' !!! |
54 |
> > chown('/storage/strogdon/gentoo-rap/var/lib/portage', -1, 0) !!! Directory |
55 |
> > initialization failed: '/storage/strogdon/gentoo-rap/var/cache/edb' !!! |
56 |
> > chown('/storage/strogdon/gentoo-rap/var/cache/edb', -1, 0) [Errno 1] |
57 |
> > Operation not permitted: |
58 |
> > [...] |
59 |
> > done! |
60 |
> > |
61 |
> > and the emerge fails. |
62 |
> > |
63 |
> > From within prefix |
64 |
> > id |
65 |
> > uid=105600 gid=925 groups=925 |
66 |
> > |
67 |
> > From the host |
68 |
> > id |
69 |
> > uid=105600(strogdon) gid=925(math) groups=925(math) |
70 |
> > |
71 |
> > Looking for things to try without re-installing prefix[rap]. |
72 |
> |
73 |
> From glibc-2.26, the path /etc/passwd is handled by another file. I |
74 |
> have just made a fix at |
75 |
> |
76 |
> https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ab2e3a4026e093e0cf17b46b5bcc308a861f93c8 |
77 |
> |
78 |
> To recover with the fixed glibc-2.26, one solution has been explored in the |
79 |
> IRC: |
80 |
> |
81 |
> export PORTAGE_INST_UID=105600 PORTAGE_INST_GID=925 PORTAGE_GRPNAME=math |
82 |
> emerge --oneshot sys-libs/glibc |
83 |
> |
84 |
> Yours, |
85 |
> Benda |