1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
|
# Copyright 1999-2015 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
glibc_compile_test() {
local ret save_cflags=${CFLAGS}
CFLAGS+=" $1"
shift
pushd "${T}" >/dev/null
rm -f glibc-test*
printf '%b' "$*" > glibc-test.c
_nonfatal emake -s glibc-test
ret=$?
popd >/dev/null
CFLAGS=${save_cflags}
return ${ret}
}
glibc_run_test() {
local ret
if [[ ${EMERGE_FROM} == "binary" ]] ; then
# ignore build failures when installing a binary package #324685
glibc_compile_test "" "$@" 2>/dev/null || return 0
else
if ! glibc_compile_test "" "$@" ; then
ewarn "Simple build failed ... assuming this is desired #324685"
return 0
fi
fi
pushd "${T}" >/dev/null
./glibc-test
ret=$?
rm -f glibc-test*
popd >/dev/null
return ${ret}
}
check_devpts() {
# Make sure devpts is mounted correctly for use w/out setuid pt_chown.
# If merely building the binary package, then there's nothing to verify.
[[ ${MERGE_TYPE} == "buildonly" ]] && return
# Only sanity check when installing the native glibc.
[[ ${ROOT} != "/" ]] && return
# Older versions always installed setuid, so no need to check.
in_iuse suid || return
# If they're opting in to the old suid code, then no need to check.
use suid && return
if awk '$3 == "devpts" && $4 ~ /[, ]gid=5[, ]/ { exit 1 }' /proc/mounts ; then
eerror "In order to use glibc with USE=-suid, you must make sure that"
eerror "you have devpts mounted at /dev/pts with the gid=5 option."
eerror "Openrc should do this for you, so you should check /etc/fstab"
eerror "and make sure you do not have any invalid settings there."
# Do not die on older kernels as devpts did not export these settings #489520.
if version_is_at_least 2.6.25 $(uname -r) ; then
die "mount & fix your /dev/pts settings"
fi
fi
}
eblit-glibc-pkg_pretend() {
# For older EAPIs, this is run in pkg_preinst.
if [[ ${EAPI:-0} != [0123] ]] ; then
check_devpts
fi
# Prevent native builds from downgrading.
if [[ ${MERGE_TYPE} != "buildonly" ]] && \
[[ ${ROOT} == "/" ]] && \
[[ ${CBUILD} == ${CHOST} ]] && \
[[ ${CHOST} == ${CTARGET} ]] ; then
# The high rev # is to allow people to downgrade between -r# versions.
# We want to block 2.20->2.19, but 2.20-r3->2.20-r2 should be fine.
# Hopefully we never actually use a r# this high.
if has_version ">${CATEGORY}/${P}-r10000" ; then
eerror "Sanity check to keep you from breaking your system:"
eerror " Downgrading glibc is not supported and a sure way to destruction"
die "aborting to save your system"
fi
if ! glibc_run_test '#include <pwd.h>\nint main(){return getpwuid(0)==0;}\n'
then
eerror "Your patched vendor kernel is broken. You need to get an"
eerror "update from whoever is providing the kernel to you."
eerror "https://sourceware.org/bugzilla/show_bug.cgi?id=5227"
eerror "http://bugs.gentoo.org/262698"
die "keeping your system alive, say thank you"
fi
if ! glibc_run_test '#include <unistd.h>\n#include <sys/syscall.h>\nint main(){return syscall(1000)!=-1;}\n'
then
eerror "Your old kernel is broken. You need to update it to"
eerror "a newer version as syscall(<bignum>) will break."
eerror "http://bugs.gentoo.org/279260"
die "keeping your system alive, say thank you"
fi
fi
# users have had a chance to phase themselves, time to give em the boot
if [[ -e ${EROOT}/etc/locale.gen ]] && [[ -e ${EROOT}/etc/locales.build ]] ; then
eerror "You still haven't deleted ${EROOT}/etc/locales.build."
eerror "Do so now after making sure ${EROOT}/etc/locale.gen is kosher."
die "lazy upgrader detected"
fi
if [[ ${CTARGET} == i386-* ]] ; then
eerror "i386 CHOSTs are no longer supported."
eerror "Chances are you don't actually want/need i386."
eerror "Please read http://www.gentoo.org/doc/en/change-chost.xml"
die "please fix your CHOST"
fi
if [[ -e /proc/xen ]] && [[ $(tc-arch) == "x86" ]] && ! is-flag -mno-tls-direct-seg-refs ; then
ewarn "You are using Xen but don't have -mno-tls-direct-seg-refs in your CFLAGS."
ewarn "This will result in a 50% performance penalty when running with a 32bit"
ewarn "hypervisor, which is probably not what you want."
fi
use hardened && ! gcc-specs-pie && \
ewarn "PIE hardening not applied, as your compiler doesn't default to PIE"
# Make sure host system is up to date #394453
if has_version '<sys-libs/glibc-2.13' && \
[[ -n $(scanelf -qys__guard -F'#s%F' "${EROOT}"/lib*/l*-*.so) ]]
then
ebegin "Scanning system for __guard to see if you need to rebuild first ..."
local files=$(
scanelf -qys__guard -F'#s%F' \
"${EROOT}"/*bin/ \
"${EROOT}"/lib* \
"${EROOT}"/usr/*bin/ \
"${EROOT}"/usr/lib* | \
egrep -v \
-e "^${EROOT}/lib.*/(libc|ld)-2.*.so$" \
-e "^${EROOT}/sbin/(ldconfig|sln)$"
)
[[ -z ${files} ]]
if ! eend $? ; then
eerror "Your system still has old SSP __guard symbols. You need to"
eerror "rebuild all the packages that provide these files first:"
eerror "${files}"
die "old __guard detected"
fi
fi
}
|