From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 6622136737823981568 X-Received: by 2002:a2e:3910:: with SMTP id g16-v6mr45244lja.13.1542017369423; Mon, 12 Nov 2018 02:09:29 -0800 (PST) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a2e:5d9d:: with SMTP id v29-v6ls627762lje.12.gmail; Mon, 12 Nov 2018 02:09:28 -0800 (PST) X-Google-Smtp-Source: AJdET5dn3Dfj2DkhDUYpEL7Zo/YOje/3oURvdCgUouT1z4hNuNbe5xVLS9XpyQDx4gZ2RW4Pf85Z X-Received: by 2002:a2e:8887:: with SMTP id k7-v6mr46507lji.3.1542017368837; Mon, 12 Nov 2018 02:09:28 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1542017368; cv=none; d=google.com; s=arc-20160816; b=S+5pYuiEKsTGdTPrF4/6q4bOarverfxbcoFwfceJsPe0d5wR2Nx9X/ySLeucXU69RA rbaQhShyqAvhhap8mLM0gn3Z8EgpoyCI7Rh3n+v0V+IWErv1YOj08bPYC8dSyo8eRuGk nUvkrr0sAr5iOjLq3UkDhOkdGv61VMzg25OSjUu32sJhszu3ioZJQEV6qKKXxpkmYZvf /VZQhprmZCaox+yTeXprN55aRrwGAOYdCP/U0RWSEds2F9H58a3DI2990SlQHAhhdXCd TQHGBPj6bHSv10yoIxcIcNCWg0irERR6PXVk+t469CmA/ON/qlcJoC+7M/AXaiA0bI+/ E+hw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:content-language:in-reply-to:mime-version :user-agent:date:message-id:from:references:cc:to:subject; bh=B1Ra5aQ6/sNhxfHYAWsuTPITBJNEp3JdVOYkOWE2QKE=; b=s1ZY/7LsjDA3Z03AYCjnMYaIHMoqHAbsxt8NBt5BU/JRemzgf10TuzZajoaQ0vFkmL OK9fVTai4cyGS0POV0ikQLZtfY/hMgi/+ZJs+PJSLgLEVQNeCn4Hc9Tos1Vfn/Lscbmr uH6BDxYhKcSwPbW0CZqC+Ygy7SnZGB5RUykHnx2vT9OQPzkyFxV9TuCC1MekToda667M 5wGaNKOwZwNQwHmIvA0rI98sQqS/n7vCtKje4ebFinmmrJCdmBX/TukzKP6i0YFaW7N0 D6VNsn1nYzwAx/uBouxzgCTVRQqHpX/gIqIJbNAOjzhPpjEqT9rSdDztKayeteBrymh3 YoCw== ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=pass (google.com: domain of jan.kiszka@siemens.com designates 194.138.37.39 as permitted sender) smtp.mailfrom=jan.kiszka@siemens.com Return-Path: Received: from lizzard.sbs.de (lizzard.sbs.de. [194.138.37.39]) by gmr-mx.google.com with ESMTPS id a192si258338lfa.4.2018.11.12.02.09.28 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 12 Nov 2018 02:09:28 -0800 (PST) Received-SPF: pass (google.com: domain of jan.kiszka@siemens.com designates 194.138.37.39 as permitted sender) client-ip=194.138.37.39; Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of jan.kiszka@siemens.com designates 194.138.37.39 as permitted sender) smtp.mailfrom=jan.kiszka@siemens.com Received: from mail2.sbs.de (mail2.sbs.de [192.129.41.66]) by lizzard.sbs.de (8.15.2/8.15.2) with ESMTPS id wACA9S5C025742 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for ; Mon, 12 Nov 2018 11:09:28 +0100 Received: from [139.22.32.14] ([139.22.32.14]) by mail2.sbs.de (8.15.2/8.15.2) with ESMTP id wACA9RZW011789; Mon, 12 Nov 2018 11:09:27 +0100 Subject: Re: [PATCH] buildchroot: Align UID and GID of builder user with caller To: Henning Schild Cc: isar-users References: <0ec8a678-7297-4ad9-4a9b-49d87f504061@web.de> <20181112101648.051ce0ed@md1za8fc.ad001.siemens.net> <680671b8-2c63-3447-ca15-35431178b266@siemens.com> <20181112104255.464bdf54@md1za8fc.ad001.siemens.net> <7acfa387-b037-af81-82a3-748edd97c008@siemens.com> <20181112110625.1f55f7a5@md1za8fc.ad001.siemens.net> From: Jan Kiszka Message-ID: <0cae7837-9c01-d87b-dd65-851c670caced@siemens.com> Date: Mon, 12 Nov 2018 11:09:27 +0100 User-Agent: Mozilla/5.0 (X11; U; Linux i686 (x86_64); de; rv:1.8.1.12) Gecko/20080226 SUSE/2.0.0.12-1.1 Thunderbird/2.0.0.12 Mnenhy/0.7.5.666 MIME-Version: 1.0 In-Reply-To: <20181112110625.1f55f7a5@md1za8fc.ad001.siemens.net> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-TUID: 05bB7q4rvQ/E On 12.11.18 11:06, Henning Schild wrote: > Am Mon, 12 Nov 2018 10:52:22 +0100 > schrieb Jan Kiszka : > >> On 12.11.18 10:42, Henning Schild wrote: >>> Am Mon, 12 Nov 2018 10:19:54 +0100 >>> schrieb Jan Kiszka : >>> >>>> On 12.11.18 10:16, [ext] Henning Schild wrote: >>>>> I am afraid that this is not correct. The ids you are taking from >>>>> the "host" might be taken inside the chroot. As a result creating >>>>> the user/group would fail. Chances might be low ... This also >>>>> assumes that >>>> >>>> Really? I thought that these commands are run very early during >>>> bootstrap where there are no other users - if not, that would be a >>>> bug. >>> >>> I think the only uid/gid you can really be sure about is 0. 1 could >>> already be a regular user on the host, and 1 is "daemon" on a >>> current debian ... probably there right after debootstrap. >> >> Let me check if we can move the ID assignment earlier, to reduce that >> risk. > > I will look into it. Knowing a problem and reducing the risk is not > good enough. > >>> >>> 1000 being the first "user" is more a convention than something you >>> can rely on for any host. (/etc/login.defs UID_MIN/MAX etc.) >> >> We are talking about transferring the ID's from the host Debian to >> the buildchroot Debian - is there really a realistic risk of friction? > > Now you are assuming that everyone is using your container ;). While No, this is not about the container. We already solved the problem for the container long ago (by aligning IDs). This breakage is about the host (in the container or on your host) and the buildchroot. > this is helpful i would like to allow anyone to build without docker, > given they have a few debian utils on their machine. > >> If we can't solve that sync problem, we need to revert to running as >> root, I'm afraid. The current model is broken. > > I will send a follow up patch ... maybe today. The reproduction build > is already running. TIA! > > Did you see it in any other package than u-boot? Maybe the u-boot > recipes are broken? I still do not see how a file formerly owned > by root:root can cause problems as 1000:1000 ... but i guess i will > understand that once i can reproduce. U-boot is exposing it, but you see the breakage earlier by getting funny UIDs of the artifacts after running a dpkg build. Jan -- Siemens AG, Corporate Technology, CT RDA IOT SES-DE Corporate Competence Center Embedded Linux