Gentoo Archives: gentoo-announce

From: Geert Bevin <gbevin@×××××××.be>
To: gentoo-announce@g.o
Subject: [gentoo-announce] Portage 1.8.7 released + sandbox explanation
Date: Wed, 30 Jan 2002 13:39:46
Message-Id: 1012419531.777.77.camel@inspiron.theleaf.office
1 Hi all,
2
3 Portage 1.8.7 has been released. Since I kinda forgot making an
4 announcement for v1.8.6, I'm listing here all new features since
5 Drobbin's last announcement of v1.8.5.
6
7 * Emerge now supports package names that are provided without their
8 category. This means that 'emerge sys-apps/portage' is the same as
9 'emerge portage'.
10 * New 'emerge --search' command that searches the portage tree for the
11 provided regular expression. Several search expressions can be
12 provided one after the other in the same command. Type 'emerge --help'
13 for detailed information.
14 * Sadly filesizes were wrongly recorded in the digests files, this bug
15 has been fixed and all digests should have been updated or will be
16 very soon.
17 * Removal of unnecessary warnings about missing paths that are config
18 protected.
19 * New 'dojar' command to make it easy for ebuild authors to install java
20 jars in a system unified manner.
21 * Bugfixes to the version comparison code which should now work
22 correctly with package versions that contain '_pre' suffixes.
23 * Sandbox bugfixes and speedups.
24
25 Thanks a lot to everyone who has helped to make these features and
26 bugfixes being supplied so quickly!
27
28 ---
29
30 What follows is intendend for ebuild authors only, don't feel bad if
31 there's stuff you don't understand ;-)
32
33 Since we've been having a lot of questions on the irc channel from
34 ebuild authors about the recently added sandbox functionality, here's a
35 short explanation of its use and features.
36
37 The sandbox pulls a protective shield around what happens during the
38 unpack, compile and install phases of an ebuild. This safeguards the
39 integrity of the filesystem. In fact, during these phases nothing may be
40 written outside of the PORTAGE_TMPDIR directory and the sandbox prevents
41 this from happening.
42 Before, a package could install files directly to the filesystem without
43 ebuild authors noticing it. Portage needs packages to install into a
44 temporary staging directory (called the image dir) to be able to keep
45 track of all the related files. Broken ebuilds not only created
46 corrupted binary packages (since not all files were collected in the
47 binary archive), but also left orphaned files dangling on the harddisk
48 when the package was unmerged.
49
50 Whenever such an unauthorized filesystem access occurs, we speak of a
51 sandbox violation. During these occasions, the sandbox prints out a red
52 error message and reports a permission denied error to whatever command
53 executed the action. The ebuild is interrupted and a summary is shown of
54 all detected violations. This is also saved into a unique logfile whose
55 name it given in the header of the summary. During the interruption of
56 the ebuild, several speaker beeps are emitted. This can be configured by
57 setting the SANDBOX_BEEP variable in /etc/make.conf. It defaults to 3,
58 but can be set to any value and zero disables the beeps.
59
60 To enable the sandbox, all you have to do is add 'sandbox' to the
61 MAINTAINER variable in make.conf. From that moment onwards, it will be
62 active for *every* package you unpack, install or compile.
63
64 The sandbox is configured through environment variables which contain
65 path prefixes. The default setup has been carefully examined to allow
66 some accesses outside of the PORTAGE_TMPDIR directory since certain
67 languages and procedures need to create temporary files or touch
68 existing files (python, scrollkeeper, some autoconf scripts, ...). It's
69 best to leave these settings alone. However sometimes they need to be
70 changed and the sandbox has to be opened up for certain paths. This can
71 be done by using the following dedicated ebuild functions :
72 - addread()
73 this has not much use since by default everything is readable
74 - addwrite()
75 add a path prefix to those that are writable
76 - adddeny()
77 revokes any access to the added path prefix
78 - addpredict()
79 denies write access to the added path prefix but isn't seen as a
80 violation, this is occasionally handy when for example permission
81 checks are being made by writing a temporary file into a system
82 directory
83
84 Remember, only change the sandbox behaviour when you are absolutely sure
85 there is no other way around the violation and that nothing is installed
86 that is part of the actual package distribution, otherwise you will be
87 creating broken packages again! You are supposed to *extensively try
88 everything* that's possible to fix the makefiles or whatever other
89 installation method before even thinking about using the above
90 functions.
91
92 Finally if there is a package violating the sandbox and you do want to
93 merge it without changing the MAINTAINER flags in /etc/make.conf and
94 without fixing the ebuild. The sandbox can be completely disabled by
95 setting the SANDBOX_DISABLED variable to 1. Example :
96 if this creates violations :
97 emerge category/package
98 this will not:
99 SANDBOX_DISABLED="1" emerge category/package
100
101 I hope this will clarify this topic a bit. It's planned that the
102 development docs are updated in a near future.
103
104 Best regards,
105
106 --
107 Geert Bevin
108 the Leaf sprl/bvba
109 "Use what you need" Pierre Theunisstraat 1/47
110 http://www.theleaf.be 1030 Brussels
111 gbevin@×××××××.be Tel & Fax +32 2 241 19 98