From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 6623002413686063104 X-Received: by 2002:a17:906:2352:: with SMTP id m18-v6mr186237eja.9.1542180773545; Tue, 13 Nov 2018 23:32:53 -0800 (PST) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a50:bc02:: with SMTP id j2-v6ls3182526edh.3.gmail; Tue, 13 Nov 2018 23:32:53 -0800 (PST) X-Google-Smtp-Source: AJdET5f6ZazmAK2L2eCS1wkZXlBZ8lSIiwcinpautbKEkKrW0SN7lF40zBGrgN2kifhmJTc0JYYK X-Received: by 2002:a50:c982:: with SMTP id w2-v6mr217877edh.12.1542180773028; Tue, 13 Nov 2018 23:32:53 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1542180772; cv=none; d=google.com; s=arc-20160816; b=jCcI7crjQzCKqncklsciG8BGKjNMDZqKQCI868F2cEcLJQoOOx7mCkpI5yz9GotuUB vaXIui3cCC8XaUlT2HL1xzw/hocSqH/WYxOTsFTNbwCrUylRef8thyTkXdWdeBWrRcCc o4/lp+RAtzrNCETm732arXovfZ4N74/SZ+OggGFFSuFefoNHFbshMw3NVbW544wVz8zS ev5VnnXH1m0MDm2BKf5K1EzPB0tg6GoRLUma6Ao3tFU9/Ie9cFzsTXHVNdT1kyld1Hz4 VM5ASZ/qdkWtpmLWnftP5qy1zZki5wqnGW+yrXqdlaOdwVJeKrcj/kbzXEhcGE/KFWZk dMDw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:subject:cc:to:from:date; bh=r3rXS4WynkGgNmPiFPFkNuuwrFh7bwhGWmCPpRF2HSI=; b=adCMKAYTv4K1lD17RoCpFPb/mLGfhIEdvCWEHaMkbNOowXKESNdpDPbv2vLMvUl+mp W+vDhZTLB3nh8RfsyuxtmBr2ZyyRzDMmNRzA8Dag3j9tvwpn0Y0MFuIGGYMbcJGVAimc SaPeFYvByikDg4qPKLJzj9UWkmx/DBHIMm8OyJN8plKwMyK7WHf5ONqOTPzqlh6Dferu QboRn+Be0Ys8eB5QYezGcU/IRI1uXGv2SfwSnu7aN4xIsG4gdXyby2GKBwl+N1uuvFNB pe8t5ba9SG6fBO+UdYKyaQGf9hXHopp7zPXZYV327ziqVBvQ+1iN9AsbuTYl0H6w+xyy 6CkQ== ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=pass (google.com: domain of henning.schild@siemens.com designates 194.138.37.40 as permitted sender) smtp.mailfrom=henning.schild@siemens.com Return-Path: Received: from gecko.sbs.de (gecko.sbs.de. [194.138.37.40]) by gmr-mx.google.com with ESMTPS id c7-v6si451086edi.2.2018.11.13.23.32.52 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 13 Nov 2018 23:32:52 -0800 (PST) Received-SPF: pass (google.com: domain of henning.schild@siemens.com designates 194.138.37.40 as permitted sender) client-ip=194.138.37.40; Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of henning.schild@siemens.com designates 194.138.37.40 as permitted sender) smtp.mailfrom=henning.schild@siemens.com Received: from mail2.sbs.de (mail2.sbs.de [192.129.41.66]) by gecko.sbs.de (8.15.2/8.15.2) with ESMTPS id wAE7WpW2023214 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for ; Wed, 14 Nov 2018 08:32:51 +0100 Received: from md1za8fc.ad001.siemens.net ([167.87.40.82]) by mail2.sbs.de (8.15.2/8.15.2) with ESMTP id wAE7WovX002239; Wed, 14 Nov 2018 08:32:51 +0100 Date: Wed, 14 Nov 2018 08:32:49 +0100 From: Henning Schild To: Jan Kiszka Cc: isar-users Subject: Re: [PATCH 1/3] buildchroot: Align UID and GID of builder user with caller Message-ID: <20181114083249.37e0aa26@md1za8fc.ad001.siemens.net> In-Reply-To: <7d205eef-33f9-ff7b-b267-d5bc92048e02@siemens.com> References: <20181112155149.24215-1-henning.schild@siemens.com> <20181112155149.24215-2-henning.schild@siemens.com> <7d205eef-33f9-ff7b-b267-d5bc92048e02@siemens.com> X-Mailer: Claws Mail 3.15.0-dirty (GTK+ 2.24.32; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-TUID: elvEJM468uk0 Am Tue, 13 Nov 2018 08:53:03 +0100 schrieb Jan Kiszka : > On 12.11.18 16:51, Henning Schild wrote: > > From: Jan Kiszka > > > > This fixes EPERM on rebuild and also some clean builds: We have to > > align the IDs of the builder user with the user in the host > > environment. Otherwise, files and directories can become > > unaccessible during the build. > > > > Fixes: be291cd991bd ("buildchroot: build debian packages as > > "builder" not "root"") Signed-off-by: Jan Kiszka > > --- > > meta/recipes-devtools/buildchroot/buildchroot.inc | 4 +++- > > meta/recipes-devtools/buildchroot/files/configscript.sh | 4 ++-- > > 2 files changed, 5 insertions(+), 3 deletions(-) > > > > diff --git a/meta/recipes-devtools/buildchroot/buildchroot.inc > > b/meta/recipes-devtools/buildchroot/buildchroot.inc index > > 7dd909e..2c44db9 100644 --- > > a/meta/recipes-devtools/buildchroot/buildchroot.inc +++ > > b/meta/recipes-devtools/buildchroot/buildchroot.inc @@ -36,7 +36,9 > > @@ do_build() { > > # Configure root filesystem > > sudo install -m 755 ${WORKDIR}/configscript.sh > > ${BUILDCHROOT_DIR} > > - sudo chroot ${BUILDCHROOT_DIR} /configscript.sh > > + USER_ID=$(id -u) > > + GROUP_ID=$(id -g) > > + sudo chroot ${BUILDCHROOT_DIR} /configscript.sh $USER_ID > > $GROUP_ID > > sudo mount --bind ${DL_DIR} ${BUILDCHROOT_DIR}/downloads > > } > > diff --git > > a/meta/recipes-devtools/buildchroot/files/configscript.sh > > b/meta/recipes-devtools/buildchroot/files/configscript.sh index > > 30660e7..7e49385 100644 --- > > a/meta/recipes-devtools/buildchroot/files/configscript.sh +++ > > b/meta/recipes-devtools/buildchroot/files/configscript.sh @@ -10,6 > > +10,6 @@ locales locales/locales_to_be_generated multiselect > > en_US.UTF-8 UTF-8 locales locales/default_environment_locale select > > en_US.UTF-8 END -addgroup --quiet --system builder > > -useradd --system --gid builder --no-create-home > > --home /home/builder --no-user-group --comment "Isar buildchroot > > build user" builder +addgroup --quiet --system builder --gid $2 > > +useradd --system --uid $1 --gid builder --no-create-home > > --home /home/builder --no-user-group --comment "Isar buildchroot > > build user" builder chown -R builder:builder /home/builder > > -o ? Not sure that would be the best idea. And we still have the problem with the GID. In that version the commands should fail on a clash, and that situation is actually highly unlikely. So i would rather wait for that odd situation before applying even more hacks. If you still want to change that patch, reply your v2 in this thread. Henning > Jan >