[opensuse-factory] openSUSE:Factory - Build fail notification
![](https://seccdn.libravatar.org/avatar/5cdd10d836bdda3796cf6bc1ab2d5a78.jpg?s=120&d=mm&r=g)
Dear Package maintainers and hackers. Below package(s) in openSUSE:Factory have been failing to build for at least 4 weeks. We tried to send out notifications to the configured bugowner/maintainers of the package(s), but so far no fix has been submitted. This probably means that the maintainer/bugowner did not yet find the time to look into the matter and he/she would certainly appreciate help to get this sorted. - perl-Math-BigInt-GMP - pocl - python-python-prctl - python-sphinx-autodoc-typehints Unless somebody is stepping up and submitting fixes, the listed package(s) are going to be removed from openSUSE:Factory. Kind regards, DimStar / Dominique Leuenberger <dimstar@opensuse.org>
![](https://seccdn.libravatar.org/avatar/6f6fbc374057ef3b4dc6f80f02442680.jpg?s=120&d=mm&r=g)
Fix for poct build -> https://build.opensuse.org/request/show/843703 Kind regards, Ondřej Súkup-- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
![](https://seccdn.libravatar.org/avatar/b0800dcbf275b3090f3d88043b6aaea1.jpg?s=120&d=mm&r=g)
On Fri, 23 Oct 2020 22:02:05 +0000 DimStar / Dominique Leuenberger <dimstar@opensuse.org> wrote:
There is something wrong with the build process in Factory for perl-Math-BigInt-GMP: https://build.opensuse.org/package/live_build_log/openSUSE:Factory/perl-Math... ... [ 13s] [105/136] cumulate perl-Math-BigInt-1.999818-1.4 [ 16s] Warning: prerequisite Math::BigInt 1.999817 not found. We have 1.999816. Everywhere else it works.
![](https://seccdn.libravatar.org/avatar/cb2aaf49f775c94d4056311eef22be7b.jpg?s=120&d=mm&r=g)
Am 24.10.20 um 07:20 schrieb Carsten Ziepke:
perl-Math-BigInt is built against perl 5.30.1 and ignored in 5.30.3 - can perl-Math-BigInt please be rebuilt to fix BigInt-GMP? Greetings, Stephan -- Lighten up, just enjoy life, smile more, laugh more, and don't get so worked up about things. Kenneth Branagh -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
![](https://seccdn.libravatar.org/avatar/cb2aaf49f775c94d4056311eef22be7b.jpg?s=120&d=mm&r=g)
Am 24.10.20 um 13:28 schrieb Dominique Leuenberger / DimStar:
Jein - it looks there *if* it doesn't find anything in 5.30.3. Problem is that the version in 5.30.3 is outdated. Greetings, Stephan -- Lighten up, just enjoy life, smile more, laugh more, and don't get so worked up about things. Kenneth Branagh -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
![](https://seccdn.libravatar.org/avatar/519d17ce2fff16336e7a07ce8ccd4609.jpg?s=120&d=mm&r=g)
Am Samstag, 24. Oktober 2020, 00:02:05 CEST schrieb DimStar / Dominique Leuenberger:
Okay, here's my current state diving into this issue: The PR_{GET,SET}_NO_NEW_PRIVS capability test fails for TW, because limiting the caps in order to disallow ping fails for some reason. Could it be, that TW handles capabilities differently? Here's a strace excerpt: 27605 prctl(PR_GET_NO_NEW_PRIVS, 0, 0, 0, 0) = 0 27605 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID| SIGCHLD, child_tidptr=0x7fa5ed092a10) = 27606 27606 set_robust_list(0x7fa5ed092a20, 24) = 0 27605 write(1</dev/pts/52>, "pid: 27606\n", 11) = 11 27605 wait4(27606, <unfinished ...> 27606 write(1</dev/pts/52>, "pid: 0\n", 7) = 7 27606 write(1</dev/pts/52>, "fork..\n", 7) = 7 27606 prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) = 0 27606 prctl(PR_GET_NO_NEW_PRIVS, 0, 0, 0, 0) = 1 Obviously, PR_SET_NO_NEW_PRIVS succeeds. 27606 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID| SIGCHLD, child_tidptr=0x7fa5ed092a10) = 27607 [...] but ping succeeds, even if it should not: 27607 prctl(PR_CAPBSET_READ, CAP_MAC_OVERRIDE) = 1 27607 prctl(PR_CAPBSET_READ, 0x30 /* CAP_??? */) = -1 EINVAL (Das Argument ist ungültig) 27607 prctl(PR_CAPBSET_READ, CAP_CHECKPOINT_RESTORE) = 1 27607 prctl(PR_CAPBSET_READ, 0x2c /* CAP_??? */) = -1 EINVAL (Das Argument ist ungültig) 27607 prctl(PR_CAPBSET_READ, 0x2a /* CAP_??? */) = -1 EINVAL (Das Argument ist ungültig) 27607 prctl(PR_CAPBSET_READ, 0x29 /* CAP_??? */) = -1 EINVAL (Das Argument ist ungültig) 27607 brk(NULL) = 0x55b43b2b0000 27607 brk(0x55b43b2d1000) = 0x55b43b2d1000 27607 capget({version=_LINUX_CAPABILITY_VERSION_3, pid=0}, NULL) = 0 27607 capget({version=_LINUX_CAPABILITY_VERSION_3, pid=0}, {effective=0, permitted=0, inheritable=0}) = 0 27607 capget({version=_LINUX_CAPABILITY_VERSION_3, pid=0}, NULL) = 0 27607 capset({version=_LINUX_CAPABILITY_VERSION_3, pid=0}, {effective=0, permitted=0, inheritable=0}) = 0 27607 prctl(PR_SET_KEEPCAPS, 1) = 0 27607 getuid() = 1000 27607 setuid(1000) = 0 27607 prctl(PR_SET_KEEPCAPS, 0) = 0 27607 getuid() = 1000 [...] 27607 write(1</dev/pts/52>, "64 Bytes von localhost (::1): icmp_seq=1 ttl=64 Zeit=0.042 ms\n", 62) = 62 Ideas? Just disable the test for TW might be feasible, but I would like to understand, what's going wrong here.. If somebody want to play with this, here's some debug code applied: home:frispete:python/python-python-prctl Cheers, Pete -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
![](https://seccdn.libravatar.org/avatar/3af26b63955b9162f06c0f82c86231ac.jpg?s=120&d=mm&r=g)
On 26/10/2020 21.10, Hans-Peter Jansen wrote:
ping probably works, because filesystem flags tell the kernel to give it caps when the binary gets executed: grep -2 bin/ping /etc/permissions.easy /usr/bin/ping root:root 0755 +capabilities cap_net_raw=ep # attr -l /usr/bin/ping Attribute "capability" has a 20 byte value for /usr/bin/ping in our build env, these permissions were not always consistently applied. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
![](https://seccdn.libravatar.org/avatar/3dc81acdcf9c61bb064496a770bc500b.jpg?s=120&d=mm&r=g)
On Sat, 2020-10-24 at 19:41 +0200, Hans-Peter Jansen wrote:
Ping was recently changed so that it doesn't require capabilities anymore (boo#1174504). Best, Malte -- Malte Kraus <malte.kraus@suse.com> Security Engineer PGP Key: 8AFC 3C58 6880 2DDD 4792 C3C2 FDBD 2984 D4C3 C2F0 SUSE Software Solutions Germany GmbH / Maxfeldstr. 5 / 90409 Nürnberg / Germany / (HRB 36809, AG Nürnberg) / Geschäftsführer: Felix Imendörffer -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
![](https://seccdn.libravatar.org/avatar/519d17ce2fff16336e7a07ce8ccd4609.jpg?s=120&d=mm&r=g)
Am Dienstag, 27. Oktober 2020, 10:00:04 CET schrieb Malte Kraus:
Duh, obviously, I'm dancing on too many parties. Sorry. https://build.opensuse.org/request/show/844242 Cheers, Pete -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
participants (8)
-
Bernhard M. Wiedemann
-
Carsten Ziepke
-
DimStar / Dominique Leuenberger
-
Dominique Leuenberger / DimStar
-
Hans-Peter Jansen
-
Malte Kraus
-
Ondřej Súkup
-
Stephan Kulow