| 1 |
Hi Steven, |
| 2 |
|
| 3 |
Steven Trogdon <strogdon@×××××.edu> writes: |
| 4 |
|
| 5 |
> Upgraded my prefix rap today doing: |
| 6 |
> |
| 7 |
> emerge -1 portage |
| 8 |
> emerge -uDN system |
| 9 |
> |
| 10 |
> I don't think the portage upgrade is the issue since the system proceeded to |
| 11 |
> upgrade, although with numerous warnings like: |
| 12 |
> |
| 13 |
> portage: 'portage' user or group missing. |
| 14 |
> For the defaults, line 1 goes into passwd, and 2 into group. |
| 15 |
> portage:x:250:250:portage:/var/tmp/portage:/bin/false |
| 16 |
> portage::250:portage |
| 17 |
> *** WARNING *** For security reasons, only system administrators should be |
| 18 |
> *** WARNING *** allowed in the portage group. Untrusted users or processes |
| 19 |
> *** WARNING *** can potentially exploit the portage group for attacks such as |
| 20 |
> *** WARNING *** local privilege escalation. |
| 21 |
|
| 22 |
The two seem to be related. |
| 23 |
|
| 24 |
> I'm now unable to emerge anything. I think the culprit is the upgrade |
| 25 |
> of glibc from 2.25-r9 -> 2.26-r3 although it could be something else. Prior to |
| 26 |
> the upgrade getent <group | passwd> was parsing EPREFIX/etc/<group | passwd> for |
| 27 |
> group and passwd info. It clearly is now parsing /etc/<group | passwd>. And I |
| 28 |
> have no control over what is under /etc. |
| 29 |
|
| 30 |
Do you have a binary backup of glibc-2.25 to rollback? If so, it can be |
| 31 |
used to rollback. Otherwise another possible fix is available below. |
| 32 |
|
| 33 |
> In fact the host getent parses db files in a non-standard location to |
| 34 |
> get group/passwd info. When I attempt to emerge I get things like |
| 35 |
> |
| 36 |
> !!! Directory initialization failed: |
| 37 |
> '/storage/strogdon/gentoo-rap/var/lib/portage' !!! |
| 38 |
> chown('/storage/strogdon/gentoo-rap/var/lib/portage', -1, 0) !!! Directory |
| 39 |
> initialization failed: '/storage/strogdon/gentoo-rap/var/cache/edb' !!! |
| 40 |
> chown('/storage/strogdon/gentoo-rap/var/cache/edb', -1, 0) [Errno 1] Operation |
| 41 |
> not permitted: |
| 42 |
> [...] |
| 43 |
> done! |
| 44 |
> |
| 45 |
> and the emerge fails. |
| 46 |
> |
| 47 |
> From within prefix |
| 48 |
> id |
| 49 |
> uid=105600 gid=925 groups=925 |
| 50 |
> |
| 51 |
> From the host |
| 52 |
> id |
| 53 |
> uid=105600(strogdon) gid=925(math) groups=925(math) |
| 54 |
> |
| 55 |
> Looking for things to try without re-installing prefix[rap]. |
| 56 |
|
| 57 |
From glibc-2.26, the path /etc/passwd is handled by another file. I |
| 58 |
have just made a fix at |
| 59 |
|
| 60 |
https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ab2e3a4026e093e0cf17b46b5bcc308a861f93c8 |
| 61 |
|
| 62 |
To recover with the fixed glibc-2.26, one solution has been explored in the |
| 63 |
IRC: |
| 64 |
|
| 65 |
export PORTAGE_INST_UID=105600 PORTAGE_INST_GID=925 PORTAGE_GRPNAME=math |
| 66 |
emerge --oneshot sys-libs/glibc |
| 67 |
|
| 68 |
Yours, |
| 69 |
Benda |
Archives