From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp2 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id mD4EG8VybF9FcwAA0tVLHw (envelope-from ) for ; Thu, 24 Sep 2020 10:19:49 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp2 with LMTPS id mI/QFsVybF9tCgAAB5/wlQ (envelope-from ) for ; Thu, 24 Sep 2020 10:19:49 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 8D3139406A5 for ; Thu, 24 Sep 2020 10:19:48 +0000 (UTC) Received: from localhost ([::1]:56516 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kLOLp-00085Q-QD for larch@yhetil.org; Thu, 24 Sep 2020 06:19:45 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:44750) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kLNt4-0004La-FV for bug-guix@gnu.org; Thu, 24 Sep 2020 05:50:02 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:55330) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1kLNt4-0000rm-4A for bug-guix@gnu.org; Thu, 24 Sep 2020 05:50:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1kLNt4-0000z5-2p for bug-guix@gnu.org; Thu, 24 Sep 2020 05:50:02 -0400 X-Loop: help-debbugs@gnu.org Subject: bug#43491: Fakechroot execution engine can fail to find libraries Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Thu, 24 Sep 2020 09:50:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 43491 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: 43491@debbugs.gnu.org Received: via spool by 43491-submit@debbugs.gnu.org id=B43491.16009409583728 (code B ref 43491); Thu, 24 Sep 2020 09:50:02 +0000 Received: (at 43491) by debbugs.gnu.org; 24 Sep 2020 09:49:18 +0000 Received: from localhost ([127.0.0.1]:38643 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kLNsL-0000y4-Mg for submit@debbugs.gnu.org; Thu, 24 Sep 2020 05:49:18 -0400 Received: from eggs.gnu.org ([209.51.188.92]:37838) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kLNsJ-0000xq-HB for 43491@debbugs.gnu.org; Thu, 24 Sep 2020 05:49:16 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:58466) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kLNsE-0000oV-79 for 43491@debbugs.gnu.org; Thu, 24 Sep 2020 05:49:10 -0400 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=55882 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1kLNsD-0001y6-PL for 43491@debbugs.gnu.org; Thu, 24 Sep 2020 05:49:09 -0400 From: Ludovic =?UTF-8?Q?Court=C3=A8s?= References: <87mu1nw6x9.fsf@inria.fr> <87d02jvzo5.fsf@gnu.org> <87k0wprcs6.fsf@gnu.org> Date: Thu, 24 Sep 2020 11:49:07 +0200 In-Reply-To: <87k0wprcs6.fsf@gnu.org> ("Ludovic =?UTF-8?Q?Court=C3=A8s?="'s message of "Sat, 19 Sep 2020 17:45:13 +0200") Message-ID: <87v9g3a4j0.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" X-Spam-Score: -2.3 (--) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-Spam-Score: -3.3 (---) X-BeenThere: bug-guix@gnu.org List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+larch=yhetil.org@gnu.org Sender: "bug-Guix" X-Scanner: scn0 Authentication-Results: aspmx1.migadu.com; dkim=none; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of bug-guix-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=bug-guix-bounces@gnu.org X-Spam-Score: -1.51 X-TUID: lJeYc0f5EFoZ --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Ludovic Court=C3=A8s skribis: > Ludovic Court=C3=A8s skribis: > >> Indeed, we can see =E2=80=98stat=E2=80=99 calls passed raw /gnu/store fi= le names from >> RUNPATH entries (instead of /tmp/fakechroot-test/gnu/store), suggesting >> that =E2=80=98la_objsearch=E2=80=99 didn=E2=80=99t have a chance to rewr= ite them: > > This is probably an ld.so bug: > > https://sourceware.org/bugzilla/show_bug.cgi?id=3D26634 The patch below provides a fix/workaround for glibc, confirming the hypothesis above. (I don=E2=80=99t think we should apply this patch though, rather we=E2=80=99ll work around the issue in =E2=80=98guix pack=E2=80=99.) Ludo=E2=80=99. --=-=-= Content-Type: text/x-patch Content-Disposition: inline diff --git a/gnu/packages/base.scm b/gnu/packages/base.scm index c83775d8ee..fa4da801af 100644 --- a/gnu/packages/base.scm +++ b/gnu/packages/base.scm @@ -685,6 +685,7 @@ the store.") (package (name "glibc") (version "2.31") + (replacement glibc-2.31/fixed) (source (origin (method url-fetch) (uri (string-append "mirror://gnu/glibc/glibc-" version ".tar.xz")) @@ -933,6 +934,15 @@ with the Linux kernel.") (license lgpl2.0+) (home-page "https://www.gnu.org/software/libc/"))) +(define-public glibc-2.31/fixed + (package + (inherit glibc) + (version "2.3A") + (source (origin + (inherit (package-source glibc)) + (patches (append (search-patches "glibc-audit-stat.patch") + (origin-patches (package-source glibc)))))))) + ;; Below are old libc versions, which we use mostly to build locale data in ;; the old format (which the new libc cannot cope with.) --- /dev/null +++ b/gnu/packages/patches/glibc-audit-stat.patch @@ -0,0 +1,126 @@ +diff --git a/elf/dl-load.c b/elf/dl-load.c +index a6b80f9395..9daa32f76b 100644 +--- a/elf/dl-load.c ++++ b/elf/dl-load.c +@@ -1461,11 +1461,15 @@ print_search_path (struct r_search_path_elem **list, + user might want to know about this. + + If FD is not -1, then the file is already open and FD refers to it. +- In that case, FD is consumed for both successful and error returns. */ ++ In that case, FD is consumed for both successful and error returns. ++ ++ Set *CHANGED_BY_AUDIT to true if the audit module provided a file name ++ different from NAME. */ + static int + open_verify (const char *name, int fd, + struct filebuf *fbp, struct link_map *loader, +- int whatcode, int mode, bool *found_other_class, bool free_name) ++ int whatcode, int mode, bool *found_other_class, bool free_name, ++ bool *changed_by_audit) + { + /* This is the expected ELF header. */ + #define ELF32_CLASS ELFCLASS32 +@@ -1500,6 +1504,8 @@ open_verify (const char *name, int fd, + const char *errstring = NULL; + int errval = 0; + ++ *changed_by_audit = false; ++ + #ifdef SHARED + /* Give the auditing libraries a chance. */ + if (__glibc_unlikely (GLRO(dl_naudit) > 0) && whatcode != 0 +@@ -1521,12 +1527,19 @@ open_verify (const char *name, int fd, + afct = afct->next; + } + +- if (fd != -1 && name != original_name && strcmp (name, original_name)) ++ if (name != original_name && strcmp (name, original_name)) + { +- /* An audit library changed what we're supposed to open, +- so FD no longer matches it. */ +- __close_nocancel (fd); +- fd = -1; ++ /* Tell the caller we're looking at something different from ++ ORIGINAL_NAME. */ ++ *changed_by_audit = true; ++ ++ if (fd != -1) ++ { ++ /* An audit library changed what we're supposed to open, so FD ++ no longer matches it. */ ++ __close_nocancel (fd); ++ fd = -1; ++ } + } + } + #endif +@@ -1782,6 +1795,7 @@ open_path (const char *name, size_t namelen, int mode, + char *edp; + int here_any = 0; + int err; ++ bool changed_by_audit; + + /* If we are debugging the search for libraries print the path + now if it hasn't happened now. */ +@@ -1810,16 +1824,19 @@ open_path (const char *name, size_t namelen, int mode, + _dl_debug_printf (" trying file=%s\n", buf); + + fd = open_verify (buf, -1, fbp, loader, whatcode, mode, +- found_other_class, false); ++ found_other_class, false, ++ &changed_by_audit); + if (this_dir->status[cnt] == unknown) + { + if (fd != -1) + this_dir->status[cnt] = existing; + /* Do not update the directory information when loading + auditing code. We must try to disturb the program as +- little as possible. */ +- else if (loader == NULL +- || GL(dl_ns)[loader->l_ns]._ns_loaded->l_auditing == 0) ++ little as possible. Additionally, if the audit module ++ change the file name, keep directory information as is. */ ++ else if ((loader == NULL ++ || GL(dl_ns)[loader->l_ns]._ns_loaded->l_auditing == 0) ++ && !changed_by_audit) + { + /* We failed to open machine dependent library. Let's + test whether there is any directory at all. */ +@@ -2064,10 +2081,11 @@ _dl_map_object (struct link_map *loader, const char *name, + realname = _dl_sysdep_open_object (name, namelen, &fd); + if (realname != NULL) + { ++ bool changed_by_audit; + fd = open_verify (realname, fd, + &fb, loader ?: GL(dl_ns)[nsid]._ns_loaded, + LA_SER_CONFIG, mode, &found_other_class, +- false); ++ false, &changed_by_audit); + if (fd == -1) + free (realname); + } +@@ -2118,10 +2136,11 @@ _dl_map_object (struct link_map *loader, const char *name, + + if (cached != NULL) + { ++ bool changed_by_audit; + fd = open_verify (cached, -1, + &fb, loader ?: GL(dl_ns)[nsid]._ns_loaded, + LA_SER_CONFIG, mode, &found_other_class, +- false); ++ false, &changed_by_audit); + if (__glibc_likely (fd != -1)) + realname = cached; + else +@@ -2153,9 +2172,10 @@ _dl_map_object (struct link_map *loader, const char *name, + fd = -1; + else + { ++ bool changed_by_audit; + fd = open_verify (realname, -1, &fb, + loader ?: GL(dl_ns)[nsid]._ns_loaded, 0, mode, +- &found_other_class, true); ++ &found_other_class, true, &changed_by_audit); + if (__glibc_unlikely (fd == -1)) + free (realname); + } --=-=-=--