From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 6616615978640867328 X-Received: by 2002:a17:906:25c1:: with SMTP id n1-v6mr385758ejb.12.1540550957524; Fri, 26 Oct 2018 03:49:17 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a17:906:e2d9:: with SMTP id gr25-v6ls245950ejb.4.gmail; Fri, 26 Oct 2018 03:49:17 -0700 (PDT) X-Google-Smtp-Source: AJdET5eB6cSekXATJgvNchI8PTBVgvTjjKMuJm6HbohfdMyukffff6gOmABPjFk/YImtXwEgYZdK X-Received: by 2002:a17:906:28cf:: with SMTP id p15-v6mr379376ejd.11.1540550956930; Fri, 26 Oct 2018 03:49:16 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1540550956; cv=none; d=google.com; s=arc-20160816; b=UZw2Qi5IJ01yjAco44Zx5u9Vm6lOBlWugTnLGORZNMlGZJUV3LNFayJW4vAYyJnGvP psWD074y5ka1Zyu+yiuHyboFLSk9FH4aE64QwGfjs8BdrlQe/4k3zBS/zalJ/f8QVSHJ BuiynFjwpYifksjIU/nB+4oKuA1aTmZoYoP7JWqx78mlekR99q80LFvir4ZTBk829Vlk mBWtorvtfigqiWBlni+VyUGuiygs49CfkwOkq6+o1YtWDFC2Hxeysi2arBDkQEkmjbuS BqoK7P+8zk0bK0MU4953GiUnAeVgeueu/JZS29bbHJ7Znamzo+j9+Kkq1FZ4Nu5xr4J6 cQ7g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from; bh=w+3b9p4KISJRv6XxA9i/r1WnnXVoSsFchwANdUBaWP4=; b=ZxmnlVA1Q+ndS0qmdiVGoDowgJjz51Hm2BEFqVj7BVjOoXyiVbvk1eJGJuIE2XAJJF ns1GQc6Vj8SeLwudBve1nqGuK2W5uOup1IKdQN9qEtNqA677CSymiF4m7vP75HJ6/7fV c+WED4ydUauSCb5kWgDR1RSYzAdMWalaXLhvnGDglSjYMPmFGua5Ul4dU7uNXBENQsJg Awx/ukbF9tE5pQ+ho64Gudd+Uh7BGNcgFxhSeKhKy0OJjRIT7fstWMakzi9uto7YcGeO 8BH5p8uoxmM30g8cDDkbHx2cVGFjJEEO1QFHDZL+X8gXpJG0+w9Khoi+7sE4c7WPihav oUnQ== ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=pass (google.com: domain of henning.schild@siemens.com designates 194.138.37.40 as permitted sender) smtp.mailfrom=henning.schild@siemens.com Return-Path: Received: from gecko.sbs.de (gecko.sbs.de. [194.138.37.40]) by gmr-mx.google.com with ESMTPS id n20-v6si206370edt.3.2018.10.26.03.49.16 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 26 Oct 2018 03:49:16 -0700 (PDT) Received-SPF: pass (google.com: domain of henning.schild@siemens.com designates 194.138.37.40 as permitted sender) client-ip=194.138.37.40; Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of henning.schild@siemens.com designates 194.138.37.40 as permitted sender) smtp.mailfrom=henning.schild@siemens.com Received: from mail1.sbs.de (mail1.sbs.de [192.129.41.35]) by gecko.sbs.de (8.15.2/8.15.2) with ESMTPS id w9QAnGeH022135 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for ; Fri, 26 Oct 2018 12:49:16 +0200 Received: from md1pvb1c.ad001.siemens.net (md1pvb1c.ad001.siemens.net [139.25.68.40]) by mail1.sbs.de (8.15.2/8.15.2) with ESMTP id w9QAnGLW029839; Fri, 26 Oct 2018 12:49:16 +0200 From: Henning Schild To: isar-users@googlegroups.com Cc: Henning Schild Subject: [PATCH] buildchroot: build debian packages as "builder" not "root" Date: Fri, 26 Oct 2018 12:49:14 +0200 Message-Id: <20181026104914.25581-1-henning.schild@siemens.com> X-Mailer: git-send-email 2.19.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-TUID: d4KS8HyFso9i We used to build packages as "root" and now do that as a regular user. Not building as "root" allows us to find mistakes in debian/rules where privileged operations are used while they should not (a sudo was found in a rules-file). Further some build steps might actually expect to not run as root (seen in openssl test suite). Not building as root should increase overall quality and brings us closer to how debian packages are build by others. Signed-off-by: Henning Schild --- meta/recipes-devtools/buildchroot/buildchroot-target.bb | 3 ++- meta/recipes-devtools/buildchroot/files/build.sh | 6 ++++-- meta/recipes-devtools/buildchroot/files/configscript.sh | 4 ++++ 3 files changed, 10 insertions(+), 3 deletions(-) diff --git a/meta/recipes-devtools/buildchroot/buildchroot-target.bb b/meta/recipes-devtools/buildchroot/buildchroot-target.bb index 42f47fc..c342625 100644 --- a/meta/recipes-devtools/buildchroot/buildchroot-target.bb +++ b/meta/recipes-devtools/buildchroot/buildchroot-target.bb @@ -18,6 +18,7 @@ BUILDCHROOT_PREINSTALL ?= "gcc \ apt \ automake \ devscripts \ - equivs" + equivs \ + adduser" do_build[depends] = "isar-apt:do_cache_config isar-bootstrap-target:do_bootstrap" diff --git a/meta/recipes-devtools/buildchroot/files/build.sh b/meta/recipes-devtools/buildchroot/files/build.sh index e74bc14..d98eb2e 100644 --- a/meta/recipes-devtools/buildchroot/files/build.sh +++ b/meta/recipes-devtools/buildchroot/files/build.sh @@ -14,5 +14,7 @@ for i in configure aclocal.m4 Makefile.am Makefile.in; do fi done -# Build the package -dpkg-buildpackage -a$target_arch -d --source-option=-I +# Build the package as user "builder" +chown -R builder:builder $1 # the sources +chown builder:builder $1/.. # the output +su - builder -c "cd $1; dpkg-buildpackage -a$target_arch -d --source-option=-I" diff --git a/meta/recipes-devtools/buildchroot/files/configscript.sh b/meta/recipes-devtools/buildchroot/files/configscript.sh index d591c2a..30660e7 100644 --- a/meta/recipes-devtools/buildchroot/files/configscript.sh +++ b/meta/recipes-devtools/buildchroot/files/configscript.sh @@ -9,3 +9,7 @@ debconf-set-selections <