From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 6622136737823981568 X-Received: by 2002:a2e:5c43:: with SMTP id q64-v6mr27867ljb.2.1542014210828; Mon, 12 Nov 2018 01:16:50 -0800 (PST) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a19:c347:: with SMTP id t68ls53914lff.16.gmail; Mon, 12 Nov 2018 01:16:50 -0800 (PST) X-Google-Smtp-Source: AJdET5fEjHPPz3b9txF7ywnvAUOGCX23RjaTlrJnhRm6EpuBWSuXFR2HQTqJgT/SAGF+2Hzi7o23 X-Received: by 2002:a19:2d47:: with SMTP id t7-v6mr19290lft.13.1542014210320; Mon, 12 Nov 2018 01:16:50 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1542014210; cv=none; d=google.com; s=arc-20160816; b=UU1H7ZfVZlJgiQKDKZyZhCuyC6mvRLRLFPwZWxCWZuGnbMDp5zqMVGpMZn3zheNRdD i1pPhGNvrYBklPrCWc+0+UkufrbpUKxEFas4fKLliMqI8T+EsdzBc9wBp8twCc17zCC1 PTDQncr2i6wlsbd9k1x1674wUsu8gnXfzq2WcXK1MQpr+vas5WhEw0EJBOQv27nTGvWb C+jQX8Pa132Ze8Fed4r4RxHkccj0UX9Qbj0jNnK64l/EUlK94tbkFcraX9c8/UtfJbp3 sBZmhzkYm/5Ytu0P/hriRR5NXGnh6p9TZzCbetX6JcaiDMVtyB9hXx0vNt9BMByjdsex Ib1A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:subject:cc:to:from:date; bh=gzJpRJOe4rInyf7eJ5RCNAHQrTKaQZ+SNz2PGKjQq9Q=; b=0Q4rT/7YN7MoqfZM0EwGotYSAN2EfmfjAJb/tf/1CBoWyjqigJwHo/l/1HQEdFf/Ah DgAi7Kchp4eWIacJuYuhuBRdZ1Rbe1kgLd6kg8J0k0FO13GWxNOM7gty+7/pu68ELZXA 3pPLcDB33+fBMn5jYY2S97rPgBrCNmpMitsMrsTgdY8yVTOPuvhDkUaaAu3kMbM9cAFE u7ttGTGZZBsr+x9gP2t71/cYipRjr9K2DZi7km3SaBCQ0FoOQHimdDVeoKBCGyyZLh77 Ggi8jte9KGW3hZk3z1AXPb5D80YnkEeOqfYWZJVg9E3Y1yyacMv/+pBE5fdE49VrdIu3 ozWg== ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=pass (google.com: domain of henning.schild@siemens.com designates 192.35.17.28 as permitted sender) smtp.mailfrom=henning.schild@siemens.com Return-Path: Received: from goliath.siemens.de (goliath.siemens.de. [192.35.17.28]) by gmr-mx.google.com with ESMTPS id 73-v6si437766ljc.5.2018.11.12.01.16.50 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 12 Nov 2018 01:16:50 -0800 (PST) Received-SPF: pass (google.com: domain of henning.schild@siemens.com designates 192.35.17.28 as permitted sender) client-ip=192.35.17.28; Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of henning.schild@siemens.com designates 192.35.17.28 as permitted sender) smtp.mailfrom=henning.schild@siemens.com Received: from mail1.sbs.de (mail1.sbs.de [192.129.41.35]) by goliath.siemens.de (8.15.2/8.15.2) with ESMTPS id wAC9GnKK026467 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 12 Nov 2018 10:16:49 +0100 Received: from md1za8fc.ad001.siemens.net ([139.25.69.119]) by mail1.sbs.de (8.15.2/8.15.2) with ESMTP id wAC9Gnoq018219; Mon, 12 Nov 2018 10:16:49 +0100 Date: Mon, 12 Nov 2018 10:16:48 +0100 From: Henning Schild To: Jan Kiszka Cc: isar-users Subject: Re: [PATCH] buildchroot: Align UID and GID of builder user with caller Message-ID: <20181112101648.051ce0ed@md1za8fc.ad001.siemens.net> In-Reply-To: <0ec8a678-7297-4ad9-4a9b-49d87f504061@web.de> References: <0ec8a678-7297-4ad9-4a9b-49d87f504061@web.de> X-Mailer: Claws Mail 3.15.0-dirty (GTK+ 2.24.32; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-TUID: 5YASeOXEx1Pt I am afraid that this is not correct. The ids you are taking from the "host" might be taken inside the chroot. As a result creating the user/group would fail. Chances might be low ... This also assumes that ids/hosts will never change and breaks migrating a build to another host. If the host fails to remove/overwrite the files, we will have to use sudo on the host. Henning Am Sat, 10 Nov 2018 08:52:38 +0100 schrieb Jan Kiszka : > From: Jan Kiszka > > This fixes EPERM on rebuild and also some clean builds: We have to > align the IDs of the builder user with the user in the host > environment. Otherwise, files and directories can become unaccessible > during the build. > > Fixes: be291cd991bd ("buildchroot: build debian packages as "builder" > not "root"") Signed-off-by: Jan Kiszka > --- > meta/recipes-devtools/buildchroot/buildchroot.inc | 4 +++- > meta/recipes-devtools/buildchroot/files/configscript.sh | 4 ++-- > 2 files changed, 5 insertions(+), 3 deletions(-) > > diff --git a/meta/recipes-devtools/buildchroot/buildchroot.inc > b/meta/recipes-devtools/buildchroot/buildchroot.inc index > 7dd909e..2c44db9 100644 --- > a/meta/recipes-devtools/buildchroot/buildchroot.inc +++ > b/meta/recipes-devtools/buildchroot/buildchroot.inc @@ -36,7 +36,9 @@ > do_build() { > # Configure root filesystem > sudo install -m 755 ${WORKDIR}/configscript.sh ${BUILDCHROOT_DIR} > - sudo chroot ${BUILDCHROOT_DIR} /configscript.sh > + USER_ID=$(id -u) > + GROUP_ID=$(id -g) > + sudo chroot ${BUILDCHROOT_DIR} /configscript.sh $USER_ID > $GROUP_ID > sudo mount --bind ${DL_DIR} ${BUILDCHROOT_DIR}/downloads > } > diff --git a/meta/recipes-devtools/buildchroot/files/configscript.sh > b/meta/recipes-devtools/buildchroot/files/configscript.sh index > 30660e7..7e49385 100644 --- > a/meta/recipes-devtools/buildchroot/files/configscript.sh +++ > b/meta/recipes-devtools/buildchroot/files/configscript.sh @@ -10,6 > +10,6 @@ locales locales/locales_to_be_generated multiselect > en_US.UTF-8 UTF-8 locales locales/default_environment_locale select > en_US.UTF-8 END > -addgroup --quiet --system builder > -useradd --system --gid builder --no-create-home --home /home/builder > --no-user-group --comment "Isar buildchroot build user" builder > +addgroup --quiet --system builder --gid $2 +useradd --system --uid > $1 --gid builder --no-create-home --home /home/builder > --no-user-group --comment "Isar buildchroot build user" builder chown > -R builder:builder /home/builder