From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 6616615978640867328 X-Received: by 2002:a17:906:7084:: with SMTP id b4-v6mr291483ejk.9.1541756056226; Fri, 09 Nov 2018 01:34:16 -0800 (PST) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a17:906:1903:: with SMTP id a3-v6ls197176eje.3.gmail; Fri, 09 Nov 2018 01:34:15 -0800 (PST) X-Google-Smtp-Source: AJdET5cMIRSLs7LUh6/KuxkYTcZV/U4lvvgruS2p1G2O1HJKwwjlAqcT11YkfNq6fdXNYHfD2buO X-Received: by 2002:a17:906:1603:: with SMTP id m3-v6mr289190ejd.16.1541756055916; Fri, 09 Nov 2018 01:34:15 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1541756055; cv=none; d=google.com; s=arc-20160816; b=vUAj2ZiftZoS8Rr0sJcgIxFLZ1CNVRytwYUKyAmLXVHBKtXcuDII3kPQ3GW8vbozpp iwhQaJQk/atXDDeDk7GkkE11HhAYOVgn21cNI4FZFE6ruCXHcIQCv9obm8lcX2fBp02M oUxSyw6MHRbgiUbjEhoo1X8NGBMajgQHz0olKmSFHEzDKjCF07KP0DENKptZM5uxMnwu Wk3o/UNaWYhOrPRGG6hcZLgCT+xFDE0moFW1sgkYBYzWZA0NUWS8pdC9AlcZA/k5CbI6 wonY1nqRaMdhW86eJ0azYzb7nKftfFXpIAxqxYbiejRt6OAAJOxONqMRhP9i+GQjYSoo VFGQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:subject:cc:to:from:date; bh=IZG1+jCzy0ug2YVTxzNDnOAmzN4MnVH0XGGgIVzxWpg=; b=HHjGT0IwcNSJT5Y9F+YlBqF8MM7FYbqCUKZOlaD/SRUyYUbUj8XOilYNrfF37yVq7q 4IB5Due07v54Ei7EQB9ooWhkSfRZEfAYOzukwtMMPHr8wZFTQOdvm8XX52Crq3dW/5kQ 8YeOWTUMI+SZY6cnZLXcyvwjGdBU0HRCeL2MD0ZVkSWwY1HDT8VRRkQYoddgYifHu1tH mHWq7/urlVU7Okm4QXl9M3dj5GPIB4Ftba5aeDdHE+inuVCaYJ87Br0SHhs5HTlMro33 ng/MtTQeoF+6zf34UHdUvpL780znh7QHecNG5DfxAWwztTomq7A7y6CU3CNTrxxNduxm AiGw== ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=pass (google.com: domain of henning.schild@siemens.com designates 192.35.17.14 as permitted sender) smtp.mailfrom=henning.schild@siemens.com Return-Path: Received: from david.siemens.de (david.siemens.de. [192.35.17.14]) by gmr-mx.google.com with ESMTPS id n20-v6si206413edt.3.2018.11.09.01.34.15 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 09 Nov 2018 01:34:15 -0800 (PST) Received-SPF: pass (google.com: domain of henning.schild@siemens.com designates 192.35.17.14 as permitted sender) client-ip=192.35.17.14; Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of henning.schild@siemens.com designates 192.35.17.14 as permitted sender) smtp.mailfrom=henning.schild@siemens.com Received: from mail1.sbs.de (mail1.sbs.de [192.129.41.35]) by david.siemens.de (8.15.2/8.15.2) with ESMTPS id wA99YF2j004767 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 9 Nov 2018 10:34:15 +0100 Received: from md1za8fc.ad001.siemens.net ([139.25.68.181]) by mail1.sbs.de (8.15.2/8.15.2) with ESMTP id wA99YFr4026363; Fri, 9 Nov 2018 10:34:15 +0100 Date: Fri, 9 Nov 2018 10:34:12 +0100 From: Henning Schild To: Jan Kiszka Cc: Maksim Osipov , Subject: Re: [PATCH] buildchroot: build debian packages as "builder" not "root" Message-ID: <20181109103412.7eca6a2a@md1za8fc.ad001.siemens.net> In-Reply-To: <72142f4d-4ce4-b4a2-9fe4-8199a8fb6fa2@siemens.com> References: <20181026104914.25581-1-henning.schild@siemens.com> <9fc6082e-49ae-2e9c-6331-90b80b66baf0@siemens.com> <20181108155423.590f43de@md1za8fc.ad001.siemens.net> <72142f4d-4ce4-b4a2-9fe4-8199a8fb6fa2@siemens.com> X-Mailer: Claws Mail 3.15.0-dirty (GTK+ 2.24.32; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-TUID: XgdKzOn/E0cX Am Fri, 9 Nov 2018 10:14:51 +0100 schrieb Jan Kiszka : > On 08.11.18 15:54, Henning Schild wrote: > > Am Thu, 8 Nov 2018 14:32:42 +0100 > > schrieb Jan Kiszka : > > > >> On 26.10.18 12:49, [ext] Henning Schild wrote: > >>> We used to build packages as "root" and now do that as a regular > >>> user. Not building as "root" allows us to find mistakes in > >>> debian/rules where privileged operations are used while they > >>> should not (a sudo was found in a rules-file). Further some build > >>> steps might actually expect to not run as root (seen in openssl > >>> test suite). > >>> > >>> Not building as root should increase overall quality and brings us > >>> closer to how debian packages are build by others. > >> > >> I strongly suspect this is the cause for more and more rebuild > >> errors of this kind: > >> > >> | make[1]: Leaving directory '/home/builder/u-boot/u-boot-v2018.09' > >> | dh_clean -O--parallel > >> | dpkg-source -I -b u-boot-v2018.09 > >> | dpkg-source: warning: no source format specified in > >> debian/source/format, see dpkg-source(1) | dpkg-source: warning: > >> source directory 'u-boot-v2018.09' is not > >> - 'u-boot-2018.09' | dpkg-source: > >> info: using source format '1.0' | dpkg-source: info: building > >> u-boot in u-boot_2018.09.tar.gz | dpkg-source: error: cannot write > >> u-boot_2018.09.dsc: Permission denied | dpkg-source: info: building > >> u-boot in u-boot_2018.09.dsc | dpkg-buildpackage: error: > >> dpkg-source -I -b u-boot-v2018.09 gave error exit status 13 | > >> WARNING: exit code 13 from a shell command. | ERROR: Function > >> failed: do_build (log file is located > >> at /work/build/tmp/work/long-life-ebsy-armhf/u-boot-2018.09-r0/temp/log.do_build.15761) > >> > >> Are we missing some cleandirs in dpkg[-base].class? > > > > Does the file exist and can not be written by builder, or does it > > not exist and the dir must not receive new files. I am guessing the > > former but have not clue why. > > Maybe you can tell be how to reproduce this. > > The breakage comes from the UID and GID of builder inside the chroot. > They are not in sync with the IDs used on the host side, so we can > end up chown'ing to unknown user:group from host perspective. I am not sure i get that. Before it was "root:root" so whatever the host (the thing where isar runs?) is doing must have been privileged and should be able to deal with any uids. The user and group names are only used within the buildchroot(s). What i see is a dpkg-source ... so my guess is we are talking about cross compile and the two chroots are not sync ... id-wise. Will the WORKDIR be mounted first in one chroot and later in another? > Either ensure that the IDs are synchronized or revert this commit for > now. I will send a patch once i have understood the problem. Still do not know how to reproduce ... Henning > Jan >