From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 6622940919445323776 X-Received: by 2002:a1c:cc9:: with SMTP id 192-v6mr2237832wmm.8.1542032307002; Mon, 12 Nov 2018 06:18:27 -0800 (PST) X-BeenThere: isar-users@googlegroups.com Received: by 2002:adf:a391:: with SMTP id l17-v6ls990028wrb.4.gmail; Mon, 12 Nov 2018 06:18:26 -0800 (PST) X-Google-Smtp-Source: AJdET5cOqLDM2S2HW6EbwFE8W8H3NEuWWLmhI3l86xYf+nGKuAj9uLv8hNpVSmlY+/AccXdhCEdg X-Received: by 2002:adf:e948:: with SMTP id m8-v6mr229138wrn.6.1542032306584; Mon, 12 Nov 2018 06:18:26 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1542032306; cv=none; d=google.com; s=arc-20160816; b=zmbk9fAO7xrsR59lHBTolvAHnJL1/8zCwYStYUaHgYzlvGo9jM3mFNAWUIvy/BHfMq 5vsudxaqdzvp8z7TWAa8Yl21AHFO9IzTnC6asnqo30OP/VYFnI3t9iV4hbVEa6hNCnpk Sx0rbbNqOBF7vEz60pYr24RGJQTbDx/lwIRMGKLT3BWKH1smjZp6FYybjN+ZyCmQrMuX xA+qw/55jfuIF3DFkpCKVRD1TltwWV6WRGqxBqYD4zBpbeT8o9qIIIKhPbWWRutkO48I AeCnOmg0a3AbMbp6HR9sjH59Tb0uFBIfmMqNDVZb4DdM1ZdiPaH7FadHZaUKhQsRFFRq xmHw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:subject:cc:to:from:date; bh=kTqXBhg4xrx2NFwfFQtUK9Rf/V3TFWejAZL6KOLibqQ=; b=beYESRw5SHvtIqogoee1dpC1ZSHBdjtAJPthi0s2I4+YHV+Igayj9OO95ry5L25P/N ag2cKoIp0Pba8aBOyp/7GoUu6vpBEcxEDluDqInQ3OrR9Q3cpjn5H+32DCOmyYakT/JR ytZVZ83AR5lynptlctlJfXPldCCceryrztsTwp+OjIEfuRSRO2cH2NsHHlNeQ3h1jGTd 46SQBg1Tw2yvHZ/cEko4yj42mNhSsicSC6G8zKc+72sAKU1BkeYbvbR7d0TW2UBFejN/ KfS4RKpwSwGephQFjdLtF4CAVGhUxRnoLjFufVkTMSn2p2XlED7IdPQAh4w71nDJn5sh q3Mg== ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=pass (google.com: domain of henning.schild@siemens.com designates 192.35.17.2 as permitted sender) smtp.mailfrom=henning.schild@siemens.com Return-Path: Received: from thoth.sbs.de (thoth.sbs.de. [192.35.17.2]) by gmr-mx.google.com with ESMTPS id b12-v6si303983wme.1.2018.11.12.06.18.26 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 12 Nov 2018 06:18:26 -0800 (PST) Received-SPF: pass (google.com: domain of henning.schild@siemens.com designates 192.35.17.2 as permitted sender) client-ip=192.35.17.2; Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of henning.schild@siemens.com designates 192.35.17.2 as permitted sender) smtp.mailfrom=henning.schild@siemens.com Received: from mail1.sbs.de (mail1.sbs.de [192.129.41.35]) by thoth.sbs.de (8.15.2/8.15.2) with ESMTPS id wACEIP74014027 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for ; Mon, 12 Nov 2018 15:18:25 +0100 Received: from md1za8fc.ad001.siemens.net ([139.25.69.119]) by mail1.sbs.de (8.15.2/8.15.2) with ESMTP id wACEIPLg032099; Mon, 12 Nov 2018 15:18:25 +0100 Date: Mon, 12 Nov 2018 15:18:25 +0100 From: Henning Schild To: Jan Kiszka Cc: isar-users Subject: Re: [PATCH] buildchroot: chown the whole WORKDIR to builder:builder Message-ID: <20181112151825.2440e739@md1za8fc.ad001.siemens.net> In-Reply-To: <17de5954-55a5-bdb7-88b6-e7daebb880e5@siemens.com> References: <20181112115315.17647-1-henning.schild@siemens.com> <20181112144624.0cd92d18@md1za8fc.ad001.siemens.net> <17de5954-55a5-bdb7-88b6-e7daebb880e5@siemens.com> X-Mailer: Claws Mail 3.15.0-dirty (GTK+ 2.24.32; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-TUID: AjIeaegh/Zeg Am Mon, 12 Nov 2018 14:55:30 +0100 schrieb Jan Kiszka : > On 12.11.18 14:46, [ext] Henning Schild wrote: > > This is truly wrong, because now we chown temp/ and other bitbake > > owned files. > > The real fix probably is reverting 624b7c484bf5, will send another > > patch. > > Please finally accept: We need alignment of the ownership rights (and > that implies user IDs) between the bitbake and the chroot build > environment. Then and only then we can revert that commit. I can confirm that just reverting this one will also not be correct. And yes i would now also conclude that aligning the ids is probably what we should do. The reason is that we access several folders inside WORKDIR as non-root from both inside and outside chroot. The alternative to alignment would be chowning back and forth as we enter/leave ... not even thinking about parallel jobs. I will send a series where i will include your alignment patch, to propose a merging order of patches. Henning > Jan > > > > > Henning > > > > Am Mon, 12 Nov 2018 12:53:15 +0100 > > schrieb Henning Schild : > > > >> The initial idea was to chown as little as possible, but there is a > >> "chown -R" in do_unpack that we need to work against when > >> rebuilding a package. > >> > >> Fixes: be291cd991bd ("buildchroot: build debian packages as > >> "builder" not "root"") Signed-off-by: Henning Schild > >> --- > >> meta/recipes-devtools/buildchroot/files/build.sh | 3 +-- > >> 1 file changed, 1 insertion(+), 2 deletions(-) > >> > >> diff --git a/meta/recipes-devtools/buildchroot/files/build.sh > >> b/meta/recipes-devtools/buildchroot/files/build.sh index > >> 66b1a77..112aac3 100644 --- > >> a/meta/recipes-devtools/buildchroot/files/build.sh +++ > >> b/meta/recipes-devtools/buildchroot/files/build.sh @@ -15,6 +15,5 > >> @@ for i in configure aclocal.m4 Makefile.am Makefile.in; do done > >> > >> # Build the package as user "builder" > >> -chown -R builder:builder $1 # the sources > >> -chown builder:builder $1/.. # the output > >> +chown -R builder:builder $1/.. # the whole WORKDIR > >> su builder -c "cd $1; dpkg-buildpackage -a$target_arch -d > >> --source-option=-I" > > >