From: Andreas Naumann <anaumann@emlix.com>
To: Cedric Hombourger <cedric.hombourger@siemens.com>,
isar-users@googlegroups.com
Subject: Re: [PATCH v4 3/4] bootstrap: create lock for downloads/deb without sudo
Date: Wed, 1 Oct 2025 09:22:53 +0200 [thread overview]
Message-ID: <3a8541e0-c79d-4b50-bbf4-ab5c1198a94f@emlix.com> (raw)
In-Reply-To: <20250925065433.4180883-4-cedric.hombourger@siemens.com>
Am 25.09.25 um 08:54 schrieb 'Cedric Hombourger' via isar-users:
> From: "cedric.hombourger@siemens.com" <cedric.hombourger@siemens.com>
>
> The syncin/syncout commands passed to mmdebstrap will create a lock
> file in downloads/deb if it does not exist. As mmdebstrap is being
> executed as root, the lock would also be owned by root and this will
> cause problems for rootless commands that may be executed later (such
> as downloading of Debian packages). Create the lock file without
> sudo prior to running mmdebstrap for it to be owned by the build user
> rather than root.
>
> Signed-off-by: Cedric Hombourger <cedric.hombourger@siemens.com>
> ---
> meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc b/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc
> index 931f6f13..b2de61ad 100644
> --- a/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc
> +++ b/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc
> @@ -181,6 +181,10 @@ do_bootstrap() {
> && sudo umount $base_apt_tmp \
> && rm -rf --one-file-system $base_apt_tmp' EXIT
>
> + # Create lock file so that it is owned by the user running the build (not root)
> + mkdir -p ${DEBDIR}
> + touch ${DEB_DL_LOCK}
> +
Tested-by: Andreas Naumann <anaumann@emlix.com>
Actually by a collegue of mine.
> sudo TMPDIR="${BOOTSTRAP_TMPDIR}" mmdebstrap $bootstrap_args \
> $arch_param \
> --mode=unshare \
--
Andreas Naumann
emlix GmbH
Headquarters: Berliner Str. 12, 37073 Goettingen, Germany
Phone +49 (0)551 30664-0, e-mail info@emlix.com
District Court of Goettingen, Registry Number HR B 3160
Managing Directors: Heike Jordan, Dr. Uwe Kracke
VAT ID No. DE 205 198 055
Office Berlin: Panoramastr. 1, 10178 Berlin, Germany
Office Bonn: Bachstr. 6, 53115 Bonn, Germany
http://www.emlix.com
--
You received this message because you are subscribed to the Google Groups "isar-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to isar-users+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/isar-users/3a8541e0-c79d-4b50-bbf4-ab5c1198a94f%40emlix.com.
next prev parent reply other threads:[~2025-10-01 7:23 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-09-25 6:54 [PATCH v4 0/4] non-privileged commands in chroot 'Cedric Hombourger' via isar-users
2025-09-25 6:54 ` [PATCH v4 1/4] rootfs: introduce wrapper to run commands against a rootfs 'Cedric Hombourger' via isar-users
2025-10-01 7:21 ` Andreas Naumann
2025-09-25 6:54 ` [PATCH v4 2/4] deb-dl-dir: optimize caching of source packages using apt natively 'Cedric Hombourger' via isar-users
2025-09-25 9:07 ` 'MOESSBAUER, Felix' via isar-users
2025-09-25 6:54 ` [PATCH v4 3/4] bootstrap: create lock for downloads/deb without sudo 'Cedric Hombourger' via isar-users
2025-10-01 7:22 ` Andreas Naumann [this message]
2025-09-25 6:54 ` [PATCH v4 4/4] rootfs: do not get elevated privileges when downloading packages 'Cedric Hombourger' via isar-users
2025-09-25 9:08 ` [PATCH v4 0/4] non-privileged commands in chroot 'MOESSBAUER, Felix' via isar-users
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3a8541e0-c79d-4b50-bbf4-ab5c1198a94f@emlix.com \
--to=anaumann@emlix.com \
--cc=cedric.hombourger@siemens.com \
--cc=isar-users@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox