| 1 |
commit: 1a196bdef62565e377e90807b8b324547e7d4814 |
| 2 |
Author: Sam James <sam <AT> gentoo <DOT> org> |
| 3 |
AuthorDate: Mon Sep 20 21:13:21 2021 +0000 |
| 4 |
Commit: Sam James <sam <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Wed Sep 29 14:32:18 2021 +0000 |
| 6 |
URL: https://gitweb.gentoo.org/data/gentoo-news.git/commit/?id=1a196bde |
| 7 |
|
| 8 |
2021-09-24-possible-failure-to-preserve-libraries: add item |
| 9 |
|
| 10 |
Bug: https://bugs.gentoo.org/811462 |
| 11 |
Signed-off-by: Hank Leininger <hlein <AT> korelogic.com> |
| 12 |
Signed-off-by: Sam James <sam <AT> gentoo.org> |
| 13 |
|
| 14 |
...9-possible-failure-to-preserve-libraries.en.txt | 101 +++++++++++++++++++++ |
| 15 |
1 file changed, 101 insertions(+) |
| 16 |
|
| 17 |
diff --git a/2021-09-29-possible-failure-to-preserve-libraries/2021-09-29-possible-failure-to-preserve-libraries.en.txt b/2021-09-29-possible-failure-to-preserve-libraries/2021-09-29-possible-failure-to-preserve-libraries.en.txt |
| 18 |
new file mode 100644 |
| 19 |
index 0000000..904c54a |
| 20 |
--- /dev/null |
| 21 |
+++ b/2021-09-29-possible-failure-to-preserve-libraries/2021-09-29-possible-failure-to-preserve-libraries.en.txt |
| 22 |
@@ -0,0 +1,101 @@ |
| 23 |
+Title: Possible failure to preserve libraries |
| 24 |
+Author: Sam James <sam@g.o> |
| 25 |
+Author: Hank Leininger <hlein@×××××××××.com> |
| 26 |
+Posted: 2021-09-29 |
| 27 |
+Revision: 1 |
| 28 |
+News-Item-Format: 2.0 |
| 29 |
+Display-If-Installed: sys-apps/portage |
| 30 |
+ |
| 31 |
+We have observed in some cases corruption of Portage's internal database |
| 32 |
+(VDB), where the libraries provided by a package are not recorded. This |
| 33 |
+can break the "preserve-libs" functionality, and thus in rare cases |
| 34 |
+break your system during much later updates (even if you do not use |
| 35 |
+"preseved-libs" now, but decide to switch it on later). |
| 36 |
+ |
| 37 |
+The underlying problem occurs usually when glibc has been upgraded to a |
| 38 |
+new major version, but pax-utils has not yet been upgraded to a version |
| 39 |
+compatible with it (but at that moment stays undetected). |
| 40 |
+ |
| 41 |
+The full technical details and investigation can be found on a Wiki page |
| 42 |
+[0] and on Bugzilla [1]. Work is underway to prevent this happening |
| 43 |
+again both within Portage [2] (possibly more to come) and within the |
| 44 |
+glibc and pax-utils ebuilds [3][4]. |
| 45 |
+ |
| 46 |
+To detect whether a system is affected, emerge the |
| 47 |
+app-portage/recover-broken-vdb package: |
| 48 |
+``` |
| 49 |
+$ emerge --ask --verbose --oneshot app-portage/recover-broken-vdb |
| 50 |
+``` |
| 51 |
+which provides two tools: recover-broken-vdb-find-broken.sh and |
| 52 |
+recover-broken-vdb. |
| 53 |
+ |
| 54 |
+Then run recover-broken-vdb-find-broken.sh: |
| 55 |
+``` |
| 56 |
+$ recover-broken-vdb-find-broken.sh | tee broken_vdb_packages |
| 57 |
+``` |
| 58 |
+ |
| 59 |
+This check should be run on all Gentoo systems. |
| 60 |
+ |
| 61 |
+If you have any output, read on. |
| 62 |
+ |
| 63 |
+Fixing a broken system is not always straightforward. It is strongly |
| 64 |
+recommended to take a backup of your full system before proceeding, |
| 65 |
+as well as a copy of /var/db/pkg (the VDB): |
| 66 |
+ |
| 67 |
+1. A tool has been developed [5] to attempt to fix the consistency |
| 68 |
+ of the Portage database. Using this tool to modify the VDB is NOT |
| 69 |
+ mandatory (read the full news item before proceeding) - you can skip |
| 70 |
+ to Step 2 if you wish, but fixing the integrity of the VDB |
| 71 |
+ makes it as safe as reasonably possible to proceed with |
| 72 |
+ rebuilding packages. |
| 73 |
+ |
| 74 |
+ Run: |
| 75 |
+ ``` |
| 76 |
+ # Take a backup of /var/db/pkg before proceeding, such as by doing: |
| 77 |
+ $ cp -a /var/db/pkg /var/db/pkg.orig |
| 78 |
+ |
| 79 |
+ # And then: |
| 80 |
+ $ emerge --ask --verbose --oneshot --noreplace \ |
| 81 |
+ app-portage/recover-broken-vdb |
| 82 |
+ |
| 83 |
+ $ recover-broken-vdb |
| 84 |
+ |
| 85 |
+ # The tool will output to a random temporary directory. |
| 86 |
+ # Inspect the results, and then update the real /var/db/pkg/ |
| 87 |
+ # by doing either: |
| 88 |
+ |
| 89 |
+ $ recover-broken-vdb --output /var/db/pkg |
| 90 |
+ |
| 91 |
+ # Or, manually copying the new files from the temporary directory tree |
| 92 |
+ # into your real /var/db/pkg/ directory tree. |
| 93 |
+ ``` |
| 94 |
+ |
| 95 |
+2. Attempt to rebuild the affected packages, first upgrading |
| 96 |
+ app-portage/pax-utils to the latest version: |
| 97 |
+ ``` |
| 98 |
+ $ emerge --ask --verbose --oneshot ">=app-misc/pax-utils-1.3.3" |
| 99 |
+ $ emerge --ask --verbose --oneshot --usepkg=n $(cat broken_vdb_packages) |
| 100 |
+ ``` |
| 101 |
+ |
| 102 |
+Given that there are possible other side-effects of the corruption/bug, |
| 103 |
+it is strongly recommended that if any corruption is detected, all |
| 104 |
+packages on the system should be rebuilt, after following the above |
| 105 |
+steps: |
| 106 |
+``` |
| 107 |
+$ emerge --ask --emptytree --usepkg=n @world |
| 108 |
+``` |
| 109 |
+ |
| 110 |
+Note that binary packages may need to be discarded given they may |
| 111 |
+contain corrupt metadata. |
| 112 |
+ |
| 113 |
+Please see the wiki [0] for a full description of the background |
| 114 |
+of this problem and handling corner cases such as e.g. already |
| 115 |
+being affected by system breakage [6] as a result of the bug. |
| 116 |
+ |
| 117 |
+[0] https://wiki.gentoo.org/wiki/Project:Toolchain/Corrupt_VDB_ELF_files |
| 118 |
+[1] https://bugs.gentoo.org/811462 |
| 119 |
+[2] https://github.com/gentoo/portage/pull/744 |
| 120 |
+[3] https://bugs.gentoo.org/811462#c6 |
| 121 |
+[4] https://bugs.gentoo.org/811462#c7 |
| 122 |
+[5] https://github.com/thesamesam/recover-broken-vdb |
| 123 |
+[6] https://wiki.gentoo.org/wiki/Fix_my_Gentoo |
Archives