| View previous topic :: View next topic |
| Author |
Message |
papu
l33t
Joined: 25 Jan 2008
Posts: 709
Location: Sota algun pi o alzina...
|
 Posted: Tue Dec 20, 2016 2:43 pm Post subject: CONFIG_PROTECT is not doing his job... |
 |
|
some files insite of /etc changed without my permision : like sudoers /etc/conf.d/consolefont /etc/conf.d/keymaps /etc/eixrc/00-eixrc
and i don't know why
this is from emege --info CONFIG_PROTECT="/etc /usr/lib64/libreoffice/program/sofficerc /usr/share/config /usr/share/gnupg/qualified.txt"
| Quote: | $ echo $CONFIG_PROTECT
/usr/share/gnupg/qualified.txt /usr/share/config /usr/lib64/libreoffice/program/sofficerc |
is this ok?
_________________
"~amd64" --cpu 7700 non-x --DDR5 2x16GB 6000MHz --gpu RX 470 |
|
| Back to top |
|
 |
krinn
Watchman
Joined: 02 May 2003
Posts: 7470
|
| Posted: Tue Dec 20, 2016 4:40 pm Post subject: |
|
|
You have CONFIG_PROTECT to set protection but also CONFIG_PROTECT_MASK to remove it.
Also because your profile have them too, it's not enough to just check your $CONFIG_PROTECT(_MASK) variable value.
You can check it fine with emerge --info | grep CONFIG_PROTECT because emerge --info will show their value with your make.conf choice but include also the value set by your profile. |
|
| Back to top |
|
|
khayyam
Watchman
Joined: 07 Jun 2012
Posts: 6227
Location: Room 101
|
| Posted: Tue Dec 20, 2016 4:42 pm Post subject: Re: CONFIG_PROTECT is not doing his job... |
|
|
| papu wrote: | | Code: | $ echo $CONFIG_PROTECT
/usr/share/gnupg/qualified.txt /usr/share/config /usr/lib64/libreoffice/program/sofficerc |
is this ok? |
papu ... no, you shouldn't have CONFIG_PROTECT defined in your shell, it is a variable internal to portage. The above shows '/etc' isn't in $CONFIG_PROTECT and as this variable will overide that defined by portage internally (much the same as USE, or ACCEPT_KEYWORDS, will if defined on the commandline) those files will not be protected. So, why are you defining it?
best ... khay |
|
| Back to top |
|
|
krinn
Watchman
Joined: 02 May 2003
Posts: 7470
|
| Posted: Tue Dec 20, 2016 5:01 pm Post subject: |
|
|
it comes from /etc/env.d khayyam, you don't need to do anything yourself.
| Code: | grep CONFIG /etc/env.d/*
/etc/env.d/00basic:CONFIG_PROTECT_MASK="/etc/gentoo-release"
/etc/env.d/09sandbox:CONFIG_PROTECT_MASK="/etc/sandbox.d"
/etc/env.d/30gnupg:CONFIG_PROTECT=/usr/share/gnupg/qualified.txt
/etc/env.d/30xdg-data-local:COLON_SEPARATED="XDG_DATA_DIRS XDG_CONFIG_DIRS"
/etc/env.d/35hsqldb:CONFIG_PROTECT="/var/lib/hsqldb"
/etc/env.d/37fontconfig:CONFIG_PROTECT_MASK="/etc/fonts/fonts.conf"
/etc/env.d/43kdepaths:CONFIG_PROTECT="/usr/share/config"
/etc/env.d/50gconf:CONFIG_PROTECT_MASK="/etc/gconf"
/etc/env.d/50ncurses:CONFIG_PROTECT_MASK="/etc/terminfo"
/etc/env.d/51dconf:CONFIG_PROTECT_MASK="/etc/dconf"
/etc/env.d/90xdg-data-base:XDG_CONFIG_DIRS="/etc/xdg"
/etc/env.d/98ca-certificates:CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"
/etc/env.d/99gentoolkit-env:CONFIG_PROTECT_MASK="/etc/revdep-rebuild"
|
|
|
| Back to top |
|
|
Logicien
Veteran
Joined: 16 Sep 2005
Posts: 1555
Location: Montréal
|
| Posted: Tue Dec 20, 2016 5:13 pm Post subject: |
|
|
I do not define the variables CONFIG_PROTECT and CONFIG_PROTECT_MASK anywhere in my users Bash shell configuration files for all users including root but, these variables are define for normal users but not for root even of the contain of the /etc/env.d/ directory. Verified with these commands for all users
| Code: | printenv | grep -i config
set | grep -i config |
papu,
do you use sudo to execute emerge or you open a root session, in other words are you in a normal user shell environment or in the root shell environment when use execute emerge? Which commands interpreter do you use with emerge?
_________________
Paul |
|
| Back to top |
|
|
papu
l33t
Joined: 25 Jan 2008
Posts: 709
Location: Sota algun pi o alzina...
|
| Posted: Tue Dec 20, 2016 6:47 pm Post subject: |
|
|
hi, all i respond all of you:
| Code: | $ emerge --info | grep CONFIG_PROTECT
CONFIG_PROTECT="/etc /usr/lib64/libreoffice/program/sofficerc /usr/share/config /usr/share/gnupg/qualified.txt"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo" |
| Code: | $ sudo grep CONFIG /etc/env.d/*
/etc/env.d/00basic:CONFIG_PROTECT_MASK="/etc/gentoo-release"
/etc/env.d/09sandbox:CONFIG_PROTECT_MASK="/etc/sandbox.d"
/etc/env.d/30gnupg:CONFIG_PROTECT=/usr/share/gnupg/qualified.txt
/etc/env.d/30xdg-data-local:COLON_SEPARATED="XDG_DATA_DIRS XDG_CONFIG_DIRS"
/etc/env.d/37fontconfig:CONFIG_PROTECT_MASK="/etc/fonts/fonts.conf"
/etc/env.d/50gconf:CONFIG_PROTECT_MASK="/etc/gconf"
/etc/env.d/50ncurses:CONFIG_PROTECT_MASK="/etc/terminfo"
/etc/env.d/51dconf:CONFIG_PROTECT_MASK="/etc/dconf"
/etc/env.d/78kf:CONFIG_PROTECT=/usr/share/config
/etc/env.d/90xdg-data-base:XDG_CONFIG_DIRS="/etc/xdg"
/etc/env.d/98ca-certificates:CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"
/etc/env.d/99gentoolkit-env:CONFIG_PROTECT_MASK="/etc/revdep-rebuild"
/etc/env.d/99libreoffice:CONFIG_PROTECT=/usr/lib64/libreoffice/program/sofficerc
|
| Code: | $ set | grep -i config
CONFIG_PROTECT='/usr/share/gnupg/qualified.txt /usr/share/config /usr/lib64/libreoffice/program/sofficerc'
CONFIG_PROTECT_MASK='/etc/gentoo-release /etc/sandbox.d /etc/fonts/fonts.conf /etc/gconf /etc/terminfo /etc/dconf /etc/ca-certificates.conf /etc/revdep-rebuild'
GTK2_RC_FILES=/etc/gtk-2.0/gtkrc:/home/papu/.gtkrc-2.0:/home/papu/.config/gtkrc-2.0
GTK_RC_FILES=/etc/gtk/gtkrc:/home/papu/.gtkrc:/home/papu/.config/gtkrc
JAVAC=/etc/java-config-2/current-system-vm/bin/javac
JAVA_HOME=/etc/java-config-2/current-system-vm
JDK_HOME=/etc/java-config-2/current-system-vm
MANPATH=/etc/java-config-2/current-system-vm/man:/usr/local/share/man:/usr/share/man:/usr/share/gcc-data/x86_64-pc-linux-gnu/5.4.0/man:/usr/share/binutils-data/x86_64-pc-linux-gnu/2.27/man:/etc/java-config-2/current-system-vm/man/
XDG_CONFIG_DIRS=/etc/xdg
cmd="iwconfig";
cmd="{ ifconfig || ip link show up; }";
cmd="{ ifconfig -a || ip link show; }";
if ! grep --colour=auto -F -x -q -s "${1##*/}" ~/.config/bash_completion.whitelist; then
if grep --colour=auto -F -x -q -s "${1##*/}" ~/.config/bash_completion.blacklist; then
_configured_interfaces ()
COMPREPLY=($( compgen -W "$( printf '%s\n' /etc/sysconfig/network/ifcfg-* | command sed -ne 's|.*ifcfg-\(.*\)|\1|p' )" -- "$cur" ));
COMPREPLY=($( compgen -W "$( command ls -B /etc/sysconfig/interfaces | command sed -ne 's|.*ifcfg-\(.*\)|\1|p' )" -- "$cur" ));
COMPREPLY=($( compgen -W "$( printf '%s\n' /etc/sysconfig/network-scripts/ifcfg-* | command sed -ne 's|.*ifcfg-\(.*\)|\1|p' )" -- "$cur" ));
COMPREPLY+=($( compgen -W "$( { LC_ALL=C ifconfig -a || ip addr show; } 2>/dev/null | command sed -ne 's/.*addr:\([^[:space:]]*\).*/\1/p' -ne 's|.*inet[[:space:]]\{1,\}\([^[:space:]/]*\).*|\1|p' )" -- "$cur" ))
local configfile flag prefix;
local -a kh khd config;
configfile=$OPTARG
if [[ -n $configfile ]]; then
[[ -r $configfile ]] && config+=("$configfile");
for i in /etc/ssh/ssh_config ~/.ssh/config ~/.ssh2/config;
[[ -r $i ]] && config+=("$i");
if [[ ${#config[@]} -gt 0 ]]; then
tmpkh=($( awk 'sub("^[ \t]*([Gg][Ll][Oo][Bb][Aa][Ll]|[Uu][Ss][Ee][Rr])[Kk][Nn][Oo][Ww][Nn][Hh][Oo][Ss][Tt][Ss][Ff][Ii][Ll][Ee][ \t]+", "") { print $0 }' "${config[@]}" | sort -u ));
if [[ -z $configfile ]]; then
if [[ ${#config[@]} -gt 0 && -n "$aliases" ]]; then
local hosts=$( command sed -ne 's/^[[:blank:]]*[Hh][Oo][Ss][Tt][[:blank:]]\{1,\}\([^#*?%]*\)\(#.*\)\{0,1\}$/\1/p' "${config[@]}" );
COMPREPLY+=($( { LC_ALL=C ifconfig -a || ip link show; } 2>/dev/null | command sed -ne "s/.*[[:space:]]HWaddr[[:space:]]\{1,\}\($re\)[[:space:]].*/\1/p" -ne "s/.*[[:space:]]HWaddr[[:space:]]\{1,\}\($re\)[[:space:]]*$/\1/p" -ne "s|.*[[:space:]]\(link/\)\{0,1\}ether[[:space:]]\{1,\}\($re\)[[:space:]].*|\2|p" -ne "s|.*[[:space:]]\(link/\)\{0,1\}ether[[:space:]]\{1,\}\($re\)[[:space:]]*$|\2|p" |
| Code: | CFLAGS="-march=native -O2 -pipe"
CXXFLAGS="${CFLAGS}"
CHOST="x86_64-pc-linux-gnu"
MAKEOPTS="-j5 -l4"
ABI_X86="64 32"
ACCEPT_LICENSE="*"
ACCEPT_KEYWORDS="~amd64"
CPU_FLAGS_X86="aes avx avx2 fma3 f16c mmx mmxext popcnt sse sse2 sse3 sse4_1 sse4_2 ssse3"
CURL_SSL="libressl"
EMERGE_DEFAULT_OPTS="${EMERGE_DEFAULT_OPTS} --autounmask-write=y --complete-graph=y --color=y --load-average=4 --keep-going -v --verbose-conflicts --with-bdeps=y"
FEATURES="${FEATURES} candy cgroup nodoc noinfo parallel-fetch parallel-install split-elog"
DISTDIR="/mnt/sources/distfiles/"
INPUT_DEVICES="evdev"
GRUB_PLATFORMS="efi-64"
L10N="ca"
LINGUAS="ca"
PKGDIR="/mnt/sources/packages/"
PORTAGE_ELOG_SYSTEM="save"
PORTAGE_TMPDIR="/tmp"
RUBY_TARGETS="ruby22 ruby23"
positive="cacert ffmpeg fontconfig libressl lzma lzo openal opencl v4l tools vdpau x265"
negativa="-bluetooth -geolocation -gnome -gstreamer010 -handbook -openssl -kde -qt3support -qt4 -webkit -wireless"
USE="${positive} ${negativa}"
VIDEO_CARDS="amdgpu radeonsi" |
normaly use sudo emerge , but sometimes i am in root with sudo su
with a full update i use this sequence:
| Code: | | sudo eix-sync && sudo emerge -uNDt world -j4 && sudo emerge -ac && sudo revdep-rebuild -i && sudo emerge @preserved-rebuild && sudo qcheck —update && sudo emaint -c all |
but don't know why sometimes some /etc files reseting without my permision, but seems not always... , but for example every time i compile eix this /etc/eixrc/00-eixrc is reseting Without warnings.
_________________
"~amd64" --cpu 7700 non-x --DDR5 2x16GB 6000MHz --gpu RX 470
Last edited by papu on Wed Dec 21, 2016 5:24 pm; edited 2 times in total |
|
| Back to top |
|
|
Logicien
Veteran
Joined: 16 Sep 2005
Posts: 1555
Location: Montréal
|
| Posted: Tue Dec 20, 2016 7:15 pm Post subject: |
|
|
You are better to open an independant session for root from a login shell (tty1 to 6) than use sudo and su. To go to a root shell session from a normal user shell session I do
Than you have to give the root password to be in the root environment. The dash - specifiy that you want to be in the root environment. See
_________________
Paul |
|
| Back to top |
|
|
khayyam
Watchman
Joined: 07 Jun 2012
Posts: 6227
Location: Room 101
|
| Posted: Tue Dec 20, 2016 9:47 pm Post subject: |
|
|
| krinn wrote: | | it comes from /etc/env.d khayyam, you don't need to do anything yourself. |
krinn ... CONFIG_PROTECT doesn't ... and that is what the OP echo'ed above.
| Code: | # echo $CONFIG_PROTECT
# |
|
|
| Back to top |
|
|
papu
l33t
Joined: 25 Jan 2008
Posts: 709
Location: Sota algun pi o alzina...
|
| Posted: Wed Dec 21, 2016 5:11 pm Post subject: |
|
|
| Logicien wrote: | You are better to open an independant session for root from a login shell (tty1 to 6) than use sudo and su. To go to a root shell session from a normal user shell session I do
Than you have to give the root password to be in the root environment. The dash - specifiy that you want to be in the root environment. See
|
then, for updating it's better enter to a root environment with su - that using sudo su or sudo emerge?
then the CONFIG_PROTECT it's well configured, isen't it?
| Quote: | $ cat /usr/share/portage/config/make.globals
...
# Minimal CONFIG_PROTECT
CONFIG_PROTECT="/etc"
CONFIG_PROTECT_MASK="/etc/env.d"
... |
_________________
"~amd64" --cpu 7700 non-x --DDR5 2x16GB 6000MHz --gpu RX 470
Last edited by papu on Wed Dec 21, 2016 10:12 pm; edited 1 time in total |
|
| Back to top |
|
|
Logicien
Veteran
Joined: 16 Sep 2005
Posts: 1555
Location: Montréal
|
| Posted: Wed Dec 21, 2016 9:25 pm Post subject: |
|
|
What I see is that CONFIG_PROTECT and CONFIG_PROTECT_MASK variables are not set in the root environment so, the cannot interfer with the value they have in make.conf. In normal user environment those variables are set and differently then in make.conf.
If you want to use emerge with sudo in normal user environment, you have to explicitely set CONFIG_PROTECT and CONFIG_PROTECT_MASK for this user the same as they are in make.conf. Than I think it will be ok.
Il always use /dev/tty1 as the terminal for root and emerge. I login as nornal user than I do su - or sudo bash to be in the root environment.
_________________
Paul |
|
| Back to top |
|
|
|
Other Things Gentoo
