* [PATCH 0/3] "root" to "builder" repair series
@ 2018-11-12 15:51 Henning Schild
2018-11-12 15:51 ` [PATCH 1/3] buildchroot: Align UID and GID of builder user with caller Henning Schild
` (3 more replies)
0 siblings, 4 replies; 15+ messages in thread
From: Henning Schild @ 2018-11-12 15:51 UTC (permalink / raw)
To: isar-users; +Cc: Jan Kiszka, Henning Schild
These three patches should be applied in the given order. The one from
Jan has been taken off the Mailinglist and has started the discussion
about reverting the other one and not doing chowning anymore.
Henning Schild (2):
Revert "Change ownership of WORKDIR prior to unpacking"
buildchroot: do not chown to builder:builder anymore
Jan Kiszka (1):
buildchroot: Align UID and GID of builder user with caller
meta/classes/base.bbclass | 5 -----
meta/recipes-devtools/buildchroot/buildchroot.inc | 4 +++-
meta/recipes-devtools/buildchroot/files/build.sh | 2 --
meta/recipes-devtools/buildchroot/files/configscript.sh | 4 ++--
4 files changed, 5 insertions(+), 10 deletions(-)
--
2.19.1
^ permalink raw reply [flat|nested] 15+ messages in thread
* [PATCH 1/3] buildchroot: Align UID and GID of builder user with caller
2018-11-12 15:51 [PATCH 0/3] "root" to "builder" repair series Henning Schild
@ 2018-11-12 15:51 ` Henning Schild
2018-11-13 7:53 ` Jan Kiszka
2018-11-12 15:51 ` [PATCH 2/3] Revert "Change ownership of WORKDIR prior to unpacking" Henning Schild
` (2 subsequent siblings)
3 siblings, 1 reply; 15+ messages in thread
From: Henning Schild @ 2018-11-12 15:51 UTC (permalink / raw)
To: isar-users; +Cc: Jan Kiszka
From: Jan Kiszka <jan.kiszka@siemens.com>
This fixes EPERM on rebuild and also some clean builds: We have to align
the IDs of the builder user with the user in the host environment.
Otherwise, files and directories can become unaccessible during the
build.
Fixes: be291cd991bd ("buildchroot: build debian packages as "builder" not "root"")
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
---
meta/recipes-devtools/buildchroot/buildchroot.inc | 4 +++-
meta/recipes-devtools/buildchroot/files/configscript.sh | 4 ++--
2 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/meta/recipes-devtools/buildchroot/buildchroot.inc b/meta/recipes-devtools/buildchroot/buildchroot.inc
index 7dd909e..2c44db9 100644
--- a/meta/recipes-devtools/buildchroot/buildchroot.inc
+++ b/meta/recipes-devtools/buildchroot/buildchroot.inc
@@ -36,7 +36,9 @@ do_build() {
# Configure root filesystem
sudo install -m 755 ${WORKDIR}/configscript.sh ${BUILDCHROOT_DIR}
- sudo chroot ${BUILDCHROOT_DIR} /configscript.sh
+ USER_ID=$(id -u)
+ GROUP_ID=$(id -g)
+ sudo chroot ${BUILDCHROOT_DIR} /configscript.sh $USER_ID $GROUP_ID
sudo mount --bind ${DL_DIR} ${BUILDCHROOT_DIR}/downloads
}
diff --git a/meta/recipes-devtools/buildchroot/files/configscript.sh b/meta/recipes-devtools/buildchroot/files/configscript.sh
index 30660e7..7e49385 100644
--- a/meta/recipes-devtools/buildchroot/files/configscript.sh
+++ b/meta/recipes-devtools/buildchroot/files/configscript.sh
@@ -10,6 +10,6 @@ locales locales/locales_to_be_generated multiselect en_US.UTF-8 UTF-8
locales locales/default_environment_locale select en_US.UTF-8
END
-addgroup --quiet --system builder
-useradd --system --gid builder --no-create-home --home /home/builder --no-user-group --comment "Isar buildchroot build user" builder
+addgroup --quiet --system builder --gid $2
+useradd --system --uid $1 --gid builder --no-create-home --home /home/builder --no-user-group --comment "Isar buildchroot build user" builder
chown -R builder:builder /home/builder
--
2.19.1
^ permalink raw reply [flat|nested] 15+ messages in thread
* [PATCH 2/3] Revert "Change ownership of WORKDIR prior to unpacking"
2018-11-12 15:51 [PATCH 0/3] "root" to "builder" repair series Henning Schild
2018-11-12 15:51 ` [PATCH 1/3] buildchroot: Align UID and GID of builder user with caller Henning Schild
@ 2018-11-12 15:51 ` Henning Schild
2018-11-14 13:10 ` Jan Kiszka
2018-11-12 15:51 ` [PATCH 3/3] buildchroot: do not chown to builder:builder anymore Henning Schild
2018-11-14 12:55 ` [PATCH 0/3] "root" to "builder" repair series Maxim Yu. Osipov
3 siblings, 1 reply; 15+ messages in thread
From: Henning Schild @ 2018-11-12 15:51 UTC (permalink / raw)
To: isar-users; +Cc: Jan Kiszka, Henning Schild
We do not build as root anymore and the non-root uid/gid are now in sync
between inside and outside the chroot.
This reverts commit 624b7c484bf59940ac2a4114018f7d56892dc05e.
---
meta/classes/base.bbclass | 5 -----
1 file changed, 5 deletions(-)
diff --git a/meta/classes/base.bbclass b/meta/classes/base.bbclass
index fce1084..d4082de 100644
--- a/meta/classes/base.bbclass
+++ b/meta/classes/base.bbclass
@@ -120,17 +120,12 @@ do_unpack[stamp-extra-info] = "${DISTRO}-${DISTRO_ARCH}"
# Unpack package and put it into working directory
python do_unpack() {
- import subprocess
-
src_uri = (d.getVar('SRC_URI', True) or "").split()
if len(src_uri) == 0:
return
rootdir = d.getVar('WORKDIR', True)
- uid = str(os.getuid())
- subprocess.call('sudo chown -R ' + uid + ' ' + rootdir, shell=True)
-
try:
fetcher = bb.fetch2.Fetch(src_uri, d)
fetcher.unpack(rootdir)
--
2.19.1
^ permalink raw reply [flat|nested] 15+ messages in thread
* [PATCH 3/3] buildchroot: do not chown to builder:builder anymore
2018-11-12 15:51 [PATCH 0/3] "root" to "builder" repair series Henning Schild
2018-11-12 15:51 ` [PATCH 1/3] buildchroot: Align UID and GID of builder user with caller Henning Schild
2018-11-12 15:51 ` [PATCH 2/3] Revert "Change ownership of WORKDIR prior to unpacking" Henning Schild
@ 2018-11-12 15:51 ` Henning Schild
2018-11-14 12:55 ` [PATCH 0/3] "root" to "builder" repair series Maxim Yu. Osipov
3 siblings, 0 replies; 15+ messages in thread
From: Henning Schild @ 2018-11-12 15:51 UTC (permalink / raw)
To: isar-users; +Cc: Jan Kiszka, Henning Schild
builder:builder is aligned with the user running Isar outside the
chroot, all files should be owned by this user naturally.
Signed-off-by: Henning Schild <henning.schild@siemens.com>
---
meta/recipes-devtools/buildchroot/files/build.sh | 2 --
1 file changed, 2 deletions(-)
diff --git a/meta/recipes-devtools/buildchroot/files/build.sh b/meta/recipes-devtools/buildchroot/files/build.sh
index 66b1a77..f977b16 100644
--- a/meta/recipes-devtools/buildchroot/files/build.sh
+++ b/meta/recipes-devtools/buildchroot/files/build.sh
@@ -15,6 +15,4 @@ for i in configure aclocal.m4 Makefile.am Makefile.in; do
done
# Build the package as user "builder"
-chown -R builder:builder $1 # the sources
-chown builder:builder $1/.. # the output
su builder -c "cd $1; dpkg-buildpackage -a$target_arch -d --source-option=-I"
--
2.19.1
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [PATCH 1/3] buildchroot: Align UID and GID of builder user with caller
2018-11-12 15:51 ` [PATCH 1/3] buildchroot: Align UID and GID of builder user with caller Henning Schild
@ 2018-11-13 7:53 ` Jan Kiszka
2018-11-14 7:32 ` Henning Schild
0 siblings, 1 reply; 15+ messages in thread
From: Jan Kiszka @ 2018-11-13 7:53 UTC (permalink / raw)
To: Henning Schild, isar-users
On 12.11.18 16:51, Henning Schild wrote:
> From: Jan Kiszka <jan.kiszka@siemens.com>
>
> This fixes EPERM on rebuild and also some clean builds: We have to align
> the IDs of the builder user with the user in the host environment.
> Otherwise, files and directories can become unaccessible during the
> build.
>
> Fixes: be291cd991bd ("buildchroot: build debian packages as "builder" not "root"")
> Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
> ---
> meta/recipes-devtools/buildchroot/buildchroot.inc | 4 +++-
> meta/recipes-devtools/buildchroot/files/configscript.sh | 4 ++--
> 2 files changed, 5 insertions(+), 3 deletions(-)
>
> diff --git a/meta/recipes-devtools/buildchroot/buildchroot.inc b/meta/recipes-devtools/buildchroot/buildchroot.inc
> index 7dd909e..2c44db9 100644
> --- a/meta/recipes-devtools/buildchroot/buildchroot.inc
> +++ b/meta/recipes-devtools/buildchroot/buildchroot.inc
> @@ -36,7 +36,9 @@ do_build() {
>
> # Configure root filesystem
> sudo install -m 755 ${WORKDIR}/configscript.sh ${BUILDCHROOT_DIR}
> - sudo chroot ${BUILDCHROOT_DIR} /configscript.sh
> + USER_ID=$(id -u)
> + GROUP_ID=$(id -g)
> + sudo chroot ${BUILDCHROOT_DIR} /configscript.sh $USER_ID $GROUP_ID
>
> sudo mount --bind ${DL_DIR} ${BUILDCHROOT_DIR}/downloads
> }
> diff --git a/meta/recipes-devtools/buildchroot/files/configscript.sh b/meta/recipes-devtools/buildchroot/files/configscript.sh
> index 30660e7..7e49385 100644
> --- a/meta/recipes-devtools/buildchroot/files/configscript.sh
> +++ b/meta/recipes-devtools/buildchroot/files/configscript.sh
> @@ -10,6 +10,6 @@ locales locales/locales_to_be_generated multiselect en_US.UTF-8 UTF-8
> locales locales/default_environment_locale select en_US.UTF-8
> END
>
> -addgroup --quiet --system builder
> -useradd --system --gid builder --no-create-home --home /home/builder --no-user-group --comment "Isar buildchroot build user" builder
> +addgroup --quiet --system builder --gid $2
> +useradd --system --uid $1 --gid builder --no-create-home --home /home/builder --no-user-group --comment "Isar buildchroot build user" builder
> chown -R builder:builder /home/builder
>
-o ?
Jan
--
Siemens AG, Corporate Technology, CT RDA IOT SES-DE
Corporate Competence Center Embedded Linux
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [PATCH 1/3] buildchroot: Align UID and GID of builder user with caller
2018-11-13 7:53 ` Jan Kiszka
@ 2018-11-14 7:32 ` Henning Schild
2018-11-14 8:31 ` [PATCH v2 " Jan Kiszka
0 siblings, 1 reply; 15+ messages in thread
From: Henning Schild @ 2018-11-14 7:32 UTC (permalink / raw)
To: Jan Kiszka; +Cc: isar-users
Am Tue, 13 Nov 2018 08:53:03 +0100
schrieb Jan Kiszka <jan.kiszka@siemens.com>:
> On 12.11.18 16:51, Henning Schild wrote:
> > From: Jan Kiszka <jan.kiszka@siemens.com>
> >
> > This fixes EPERM on rebuild and also some clean builds: We have to
> > align the IDs of the builder user with the user in the host
> > environment. Otherwise, files and directories can become
> > unaccessible during the build.
> >
> > Fixes: be291cd991bd ("buildchroot: build debian packages as
> > "builder" not "root"") Signed-off-by: Jan Kiszka
> > <jan.kiszka@siemens.com> ---
> > meta/recipes-devtools/buildchroot/buildchroot.inc | 4 +++-
> > meta/recipes-devtools/buildchroot/files/configscript.sh | 4 ++--
> > 2 files changed, 5 insertions(+), 3 deletions(-)
> >
> > diff --git a/meta/recipes-devtools/buildchroot/buildchroot.inc
> > b/meta/recipes-devtools/buildchroot/buildchroot.inc index
> > 7dd909e..2c44db9 100644 ---
> > a/meta/recipes-devtools/buildchroot/buildchroot.inc +++
> > b/meta/recipes-devtools/buildchroot/buildchroot.inc @@ -36,7 +36,9
> > @@ do_build() {
> > # Configure root filesystem
> > sudo install -m 755 ${WORKDIR}/configscript.sh
> > ${BUILDCHROOT_DIR}
> > - sudo chroot ${BUILDCHROOT_DIR} /configscript.sh
> > + USER_ID=$(id -u)
> > + GROUP_ID=$(id -g)
> > + sudo chroot ${BUILDCHROOT_DIR} /configscript.sh $USER_ID
> > $GROUP_ID
> > sudo mount --bind ${DL_DIR} ${BUILDCHROOT_DIR}/downloads
> > }
> > diff --git
> > a/meta/recipes-devtools/buildchroot/files/configscript.sh
> > b/meta/recipes-devtools/buildchroot/files/configscript.sh index
> > 30660e7..7e49385 100644 ---
> > a/meta/recipes-devtools/buildchroot/files/configscript.sh +++
> > b/meta/recipes-devtools/buildchroot/files/configscript.sh @@ -10,6
> > +10,6 @@ locales locales/locales_to_be_generated multiselect
> > en_US.UTF-8 UTF-8 locales locales/default_environment_locale select
> > en_US.UTF-8 END -addgroup --quiet --system builder
> > -useradd --system --gid builder --no-create-home
> > --home /home/builder --no-user-group --comment "Isar buildchroot
> > build user" builder +addgroup --quiet --system builder --gid $2
> > +useradd --system --uid $1 --gid builder --no-create-home
> > --home /home/builder --no-user-group --comment "Isar buildchroot
> > build user" builder chown -R builder:builder /home/builder
>
> -o ?
Not sure that would be the best idea. And we still have the problem
with the GID. In that version the commands should fail on a clash, and
that situation is actually highly unlikely. So i would rather wait for
that odd situation before applying even more hacks.
If you still want to change that patch, reply your v2 in this thread.
Henning
> Jan
>
^ permalink raw reply [flat|nested] 15+ messages in thread
* [PATCH v2 1/3] buildchroot: Align UID and GID of builder user with caller
2018-11-14 7:32 ` Henning Schild
@ 2018-11-14 8:31 ` Jan Kiszka
0 siblings, 0 replies; 15+ messages in thread
From: Jan Kiszka @ 2018-11-14 8:31 UTC (permalink / raw)
To: isar-users; +Cc: Henning Schild
This fixes EPERM on rebuild and also some clean builds: We have to align
the IDs of the builder user with the user in the host environment.
Otherwise, files and directories can become unaccessible during the
build.
Fixes: be291cd991bd ("buildchroot: build debian packages as "builder" not "root"")
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
---
Changes in v2:
- permit duplicate UID and GID inside buildchroot
meta/recipes-devtools/buildchroot/buildchroot.inc | 4 +++-
meta/recipes-devtools/buildchroot/files/configscript.sh | 4 ++--
2 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/meta/recipes-devtools/buildchroot/buildchroot.inc b/meta/recipes-devtools/buildchroot/buildchroot.inc
index 7dd909e..2c44db9 100644
--- a/meta/recipes-devtools/buildchroot/buildchroot.inc
+++ b/meta/recipes-devtools/buildchroot/buildchroot.inc
@@ -36,7 +36,9 @@ do_build() {
# Configure root filesystem
sudo install -m 755 ${WORKDIR}/configscript.sh ${BUILDCHROOT_DIR}
- sudo chroot ${BUILDCHROOT_DIR} /configscript.sh
+ USER_ID=$(id -u)
+ GROUP_ID=$(id -g)
+ sudo chroot ${BUILDCHROOT_DIR} /configscript.sh $USER_ID $GROUP_ID
sudo mount --bind ${DL_DIR} ${BUILDCHROOT_DIR}/downloads
}
diff --git a/meta/recipes-devtools/buildchroot/files/configscript.sh b/meta/recipes-devtools/buildchroot/files/configscript.sh
index 30660e7..25a21ef 100644
--- a/meta/recipes-devtools/buildchroot/files/configscript.sh
+++ b/meta/recipes-devtools/buildchroot/files/configscript.sh
@@ -10,6 +10,6 @@ locales locales/locales_to_be_generated multiselect en_US.UTF-8 UTF-8
locales locales/default_environment_locale select en_US.UTF-8
END
-addgroup --quiet --system builder
-useradd --system --gid builder --no-create-home --home /home/builder --no-user-group --comment "Isar buildchroot build user" builder
+groupadd --system builder -o --gid $2
+useradd --system -o --uid $1 --gid builder --no-create-home --home /home/builder --no-user-group --comment "Isar buildchroot build user" builder
chown -R builder:builder /home/builder
--
2.16.4
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [PATCH 0/3] "root" to "builder" repair series
2018-11-12 15:51 [PATCH 0/3] "root" to "builder" repair series Henning Schild
` (2 preceding siblings ...)
2018-11-12 15:51 ` [PATCH 3/3] buildchroot: do not chown to builder:builder anymore Henning Schild
@ 2018-11-14 12:55 ` Maxim Yu. Osipov
3 siblings, 0 replies; 15+ messages in thread
From: Maxim Yu. Osipov @ 2018-11-14 12:55 UTC (permalink / raw)
To: Henning Schild, isar-users; +Cc: Jan Kiszka
On 11/12/18 6:51 PM, Henning Schild wrote:
> These three patches should be applied in the given order. The one from
> Jan has been taken off the Mailinglist and has started the discussion
> about reverting the other one and not doing chowning anymore.
Applied to the 'next'.
Note: v2 of patch 1/3 "buildchroot: Align UID and GID of builder user
with caller" was applied.
Thanks,
Maxim.
> Henning Schild (2):
> Revert "Change ownership of WORKDIR prior to unpacking"
> buildchroot: do not chown to builder:builder anymore
>
> Jan Kiszka (1):
> buildchroot: Align UID and GID of builder user with caller
>
> meta/classes/base.bbclass | 5 -----
> meta/recipes-devtools/buildchroot/buildchroot.inc | 4 +++-
> meta/recipes-devtools/buildchroot/files/build.sh | 2 --
> meta/recipes-devtools/buildchroot/files/configscript.sh | 4 ++--
> 4 files changed, 5 insertions(+), 10 deletions(-)
>
--
Maxim Osipov
ilbers GmbH
Maria-Merian-Str. 8
85521 Ottobrunn
Germany
+49 (151) 6517 6917
mosipov@ilbers.de
http://ilbers.de/
Commercial register Munich, HRB 214197
General Manager: Baurzhan Ismagulov
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [PATCH 2/3] Revert "Change ownership of WORKDIR prior to unpacking"
2018-11-12 15:51 ` [PATCH 2/3] Revert "Change ownership of WORKDIR prior to unpacking" Henning Schild
@ 2018-11-14 13:10 ` Jan Kiszka
2018-11-14 13:23 ` Jan Kiszka
0 siblings, 1 reply; 15+ messages in thread
From: Jan Kiszka @ 2018-11-14 13:10 UTC (permalink / raw)
To: Henning Schild, isar-users
On 12.11.18 16:51, Henning Schild wrote:
> We do not build as root anymore and the non-root uid/gid are now in sync
> between inside and outside the chroot.
>
> This reverts commit 624b7c484bf59940ac2a4114018f7d56892dc05e.
> ---
> meta/classes/base.bbclass | 5 -----
> 1 file changed, 5 deletions(-)
>
> diff --git a/meta/classes/base.bbclass b/meta/classes/base.bbclass
> index fce1084..d4082de 100644
> --- a/meta/classes/base.bbclass
> +++ b/meta/classes/base.bbclass
> @@ -120,17 +120,12 @@ do_unpack[stamp-extra-info] = "${DISTRO}-${DISTRO_ARCH}"
>
> # Unpack package and put it into working directory
> python do_unpack() {
> - import subprocess
> -
> src_uri = (d.getVar('SRC_URI', True) or "").split()
> if len(src_uri) == 0:
> return
>
> rootdir = d.getVar('WORKDIR', True)
>
> - uid = str(os.getuid())
> - subprocess.call('sudo chown -R ' + uid + ' ' + rootdir, shell=True)
> -
> try:
> fetcher = bb.fetch2.Fetch(src_uri, d)
> fetcher.unpack(rootdir)
>
This possibly causes this regression:
ERROR: expand-on-first-boot-1.0-r0 do_install: Function failed: do_install (log file is located at /work/build/tmp/work/ebsy-arm64/expand-on-first-boot-1.0-r0/temp/log.do_install.263)
ERROR: Logfile of failure stored in: /work/build/tmp/work/ebsy-arm64/expand-on-first-boot-1.0-r0/temp/log.do_install.263
Log data follows:
| DEBUG: Executing shell function do_install
| install: cannot remove '/work/build/tmp/work/ebsy-arm64/expand-on-first-boot-1.0-r0/image//lib/systemd/system/expand-on-first-boot.service': Permission denied
| WARNING: exit code 1 from a shell command.
| ERROR: Function failed: do_install (log file is located at /work/build/tmp/work/ebsy-arm64/expand-on-first-boot-1.0-r0/temp/log.do_install.263)
Jan
--
Siemens AG, Corporate Technology, CT RDA IOT SES-DE
Corporate Competence Center Embedded Linux
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [PATCH 2/3] Revert "Change ownership of WORKDIR prior to unpacking"
2018-11-14 13:10 ` Jan Kiszka
@ 2018-11-14 13:23 ` Jan Kiszka
2018-11-14 13:58 ` Jan Kiszka
0 siblings, 1 reply; 15+ messages in thread
From: Jan Kiszka @ 2018-11-14 13:23 UTC (permalink / raw)
To: Henning Schild, isar-users
On 14.11.18 14:10, Jan Kiszka wrote:
> On 12.11.18 16:51, Henning Schild wrote:
>> We do not build as root anymore and the non-root uid/gid are now in sync
>> between inside and outside the chroot.
>>
>> This reverts commit 624b7c484bf59940ac2a4114018f7d56892dc05e.
>> ---
>> meta/classes/base.bbclass | 5 -----
>> 1 file changed, 5 deletions(-)
>>
>> diff --git a/meta/classes/base.bbclass b/meta/classes/base.bbclass
>> index fce1084..d4082de 100644
>> --- a/meta/classes/base.bbclass
>> +++ b/meta/classes/base.bbclass
>> @@ -120,17 +120,12 @@ do_unpack[stamp-extra-info] = "${DISTRO}-${DISTRO_ARCH}"
>>
>> # Unpack package and put it into working directory
>> python do_unpack() {
>> - import subprocess
>> -
>> src_uri = (d.getVar('SRC_URI', True) or "").split()
>> if len(src_uri) == 0:
>> return
>>
>> rootdir = d.getVar('WORKDIR', True)
>>
>> - uid = str(os.getuid())
>> - subprocess.call('sudo chown -R ' + uid + ' ' + rootdir, shell=True)
>> -
>> try:
>> fetcher = bb.fetch2.Fetch(src_uri, d)
>> fetcher.unpack(rootdir)
>>
>
> This possibly causes this regression:
>
> ERROR: expand-on-first-boot-1.0-r0 do_install: Function failed: do_install (log file is located at /work/build/tmp/work/ebsy-arm64/expand-on-first-boot-1.0-r0/temp/log.do_install.263)
> ERROR: Logfile of failure stored in: /work/build/tmp/work/ebsy-arm64/expand-on-first-boot-1.0-r0/temp/log.do_install.263
> Log data follows:
> | DEBUG: Executing shell function do_install
> | install: cannot remove '/work/build/tmp/work/ebsy-arm64/expand-on-first-boot-1.0-r0/image//lib/systemd/system/expand-on-first-boot.service': Permission denied
> | WARNING: exit code 1 from a shell command.
> | ERROR: Function failed: do_install (log file is located at /work/build/tmp/work/ebsy-arm64/expand-on-first-boot-1.0-r0/temp/log.do_install.263)
>
OK, that wasn't a "clean" re-build (rather a rebuild after the Isar update).
Retesting with the same Isar version for build 1 and 2.
Jan
--
Siemens AG, Corporate Technology, CT RDA IOT SES-DE
Corporate Competence Center Embedded Linux
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [PATCH 2/3] Revert "Change ownership of WORKDIR prior to unpacking"
2018-11-14 13:23 ` Jan Kiszka
@ 2018-11-14 13:58 ` Jan Kiszka
2018-11-14 14:11 ` Henning Schild
0 siblings, 1 reply; 15+ messages in thread
From: Jan Kiszka @ 2018-11-14 13:58 UTC (permalink / raw)
To: Henning Schild, isar-users
On 14.11.18 14:23, Jan Kiszka wrote:
> On 14.11.18 14:10, Jan Kiszka wrote:
>> On 12.11.18 16:51, Henning Schild wrote:
>>> We do not build as root anymore and the non-root uid/gid are now in sync
>>> between inside and outside the chroot.
>>>
>>> This reverts commit 624b7c484bf59940ac2a4114018f7d56892dc05e.
>>> ---
>>> meta/classes/base.bbclass | 5 -----
>>> 1 file changed, 5 deletions(-)
>>>
>>> diff --git a/meta/classes/base.bbclass b/meta/classes/base.bbclass
>>> index fce1084..d4082de 100644
>>> --- a/meta/classes/base.bbclass
>>> +++ b/meta/classes/base.bbclass
>>> @@ -120,17 +120,12 @@ do_unpack[stamp-extra-info] = "${DISTRO}-${DISTRO_ARCH}"
>>> # Unpack package and put it into working directory
>>> python do_unpack() {
>>> - import subprocess
>>> -
>>> src_uri = (d.getVar('SRC_URI', True) or "").split()
>>> if len(src_uri) == 0:
>>> return
>>> rootdir = d.getVar('WORKDIR', True)
>>> - uid = str(os.getuid())
>>> - subprocess.call('sudo chown -R ' + uid + ' ' + rootdir, shell=True)
>>> -
>>> try:
>>> fetcher = bb.fetch2.Fetch(src_uri, d)
>>> fetcher.unpack(rootdir)
>>>
>>
>> This possibly causes this regression:
>>
>> ERROR: expand-on-first-boot-1.0-r0 do_install: Function failed: do_install
>> (log file is located at
>> /work/build/tmp/work/ebsy-arm64/expand-on-first-boot-1.0-r0/temp/log.do_install.263)
>>
>> ERROR: Logfile of failure stored in:
>> /work/build/tmp/work/ebsy-arm64/expand-on-first-boot-1.0-r0/temp/log.do_install.263
>>
>> Log data follows:
>> | DEBUG: Executing shell function do_install
>> | install: cannot remove
>> '/work/build/tmp/work/ebsy-arm64/expand-on-first-boot-1.0-r0/image//lib/systemd/system/expand-on-first-boot.service':
>> Permission denied
>> | WARNING: exit code 1 from a shell command.
>> | ERROR: Function failed: do_install (log file is located at
>> /work/build/tmp/work/ebsy-arm64/expand-on-first-boot-1.0-r0/temp/log.do_install.263)
>>
>>
>
> OK, that wasn't a "clean" re-build (rather a rebuild after the Isar update).
> Retesting with the same Isar version for build 1 and 2.
>
It persists, at least for dpkg-raw, and that is likely because of the chroot we
do for that package.
How does normal dpkg get away without chroot now and still produce the right
ownership when installing a package? Can we adopt that?
Jan
--
Siemens AG, Corporate Technology, CT RDA IOT SES-DE
Corporate Competence Center Embedded Linux
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [PATCH 2/3] Revert "Change ownership of WORKDIR prior to unpacking"
2018-11-14 13:58 ` Jan Kiszka
@ 2018-11-14 14:11 ` Henning Schild
2018-11-14 15:43 ` Henning Schild
0 siblings, 1 reply; 15+ messages in thread
From: Henning Schild @ 2018-11-14 14:11 UTC (permalink / raw)
To: Jan Kiszka; +Cc: isar-users
Am Wed, 14 Nov 2018 14:58:57 +0100
schrieb Jan Kiszka <jan.kiszka@siemens.com>:
> On 14.11.18 14:23, Jan Kiszka wrote:
> > On 14.11.18 14:10, Jan Kiszka wrote:
> >> On 12.11.18 16:51, Henning Schild wrote:
> >>> We do not build as root anymore and the non-root uid/gid are now
> >>> in sync between inside and outside the chroot.
> >>>
> >>> This reverts commit 624b7c484bf59940ac2a4114018f7d56892dc05e.
> >>> ---
> >>> meta/classes/base.bbclass | 5 -----
> >>> 1 file changed, 5 deletions(-)
> >>>
> >>> diff --git a/meta/classes/base.bbclass b/meta/classes/base.bbclass
> >>> index fce1084..d4082de 100644
> >>> --- a/meta/classes/base.bbclass
> >>> +++ b/meta/classes/base.bbclass
> >>> @@ -120,17 +120,12 @@ do_unpack[stamp-extra-info] =
> >>> "${DISTRO}-${DISTRO_ARCH}" # Unpack package and put it into
> >>> working directory python do_unpack() {
> >>> - import subprocess
> >>> -
> >>> src_uri = (d.getVar('SRC_URI', True) or "").split()
> >>> if len(src_uri) == 0:
> >>> return
> >>> rootdir = d.getVar('WORKDIR', True)
> >>> - uid = str(os.getuid())
> >>> - subprocess.call('sudo chown -R ' + uid + ' ' + rootdir,
> >>> shell=True) -
> >>> try:
> >>> fetcher = bb.fetch2.Fetch(src_uri, d)
> >>> fetcher.unpack(rootdir)
> >>>
> >>
> >> This possibly causes this regression:
> >>
> >> ERROR: expand-on-first-boot-1.0-r0 do_install: Function failed:
> >> do_install (log file is located at
> >> /work/build/tmp/work/ebsy-arm64/expand-on-first-boot-1.0-r0/temp/log.do_install.263)
> >>
> >> ERROR: Logfile of failure stored in:
> >> /work/build/tmp/work/ebsy-arm64/expand-on-first-boot-1.0-r0/temp/log.do_install.263
> >>
> >> Log data follows:
> >> | DEBUG: Executing shell function do_install
> >> | install: cannot remove
> >> '/work/build/tmp/work/ebsy-arm64/expand-on-first-boot-1.0-r0/image//lib/systemd/system/expand-on-first-boot.service':
> >> Permission denied
> >> | WARNING: exit code 1 from a shell command.
> >> | ERROR: Function failed: do_install (log file is located at
> >> /work/build/tmp/work/ebsy-arm64/expand-on-first-boot-1.0-r0/temp/log.do_install.263)
> >>
> >>
> >
> > OK, that wasn't a "clean" re-build (rather a rebuild after the Isar
> > update). Retesting with the same Isar version for build 1 and 2.
> >
Arghh ... on a side-note. I have a few Isar-CI partial rebuild patches
in a queue, they target both dpkg and dpkg-raw.
> It persists, at least for dpkg-raw, and that is likely because of the
> chroot we do for that package.
Yes.
> How does normal dpkg get away without chroot now and still produce
> the right ownership when installing a package? Can we adopt that?
Probably fakeroot, i will look into using that for creating the raw
package.
Henning
> Jan
>
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [PATCH 2/3] Revert "Change ownership of WORKDIR prior to unpacking"
2018-11-14 14:11 ` Henning Schild
@ 2018-11-14 15:43 ` Henning Schild
2018-11-14 15:45 ` Jan Kiszka
0 siblings, 1 reply; 15+ messages in thread
From: Henning Schild @ 2018-11-14 15:43 UTC (permalink / raw)
To: Jan Kiszka; +Cc: isar-users
Am Wed, 14 Nov 2018 15:11:39 +0100
schrieb "[ext] Henning Schild" <henning.schild@siemens.com>:
> Am Wed, 14 Nov 2018 14:58:57 +0100
> schrieb Jan Kiszka <jan.kiszka@siemens.com>:
>
> > On 14.11.18 14:23, Jan Kiszka wrote:
> > > On 14.11.18 14:10, Jan Kiszka wrote:
> > >> On 12.11.18 16:51, Henning Schild wrote:
> > >>> We do not build as root anymore and the non-root uid/gid are now
> > >>> in sync between inside and outside the chroot.
> > >>>
> > >>> This reverts commit 624b7c484bf59940ac2a4114018f7d56892dc05e.
> > >>> ---
> > >>> meta/classes/base.bbclass | 5 -----
> > >>> 1 file changed, 5 deletions(-)
> > >>>
> > >>> diff --git a/meta/classes/base.bbclass
> > >>> b/meta/classes/base.bbclass index fce1084..d4082de 100644
> > >>> --- a/meta/classes/base.bbclass
> > >>> +++ b/meta/classes/base.bbclass
> > >>> @@ -120,17 +120,12 @@ do_unpack[stamp-extra-info] =
> > >>> "${DISTRO}-${DISTRO_ARCH}" # Unpack package and put it into
> > >>> working directory python do_unpack() {
> > >>> - import subprocess
> > >>> -
> > >>> src_uri = (d.getVar('SRC_URI', True) or "").split()
> > >>> if len(src_uri) == 0:
> > >>> return
> > >>> rootdir = d.getVar('WORKDIR', True)
> > >>> - uid = str(os.getuid())
> > >>> - subprocess.call('sudo chown -R ' + uid + ' ' + rootdir,
> > >>> shell=True) -
> > >>> try:
> > >>> fetcher = bb.fetch2.Fetch(src_uri, d)
> > >>> fetcher.unpack(rootdir)
> > >>>
> > >>
> > >> This possibly causes this regression:
> > >>
> > >> ERROR: expand-on-first-boot-1.0-r0 do_install: Function failed:
> > >> do_install (log file is located at
> > >> /work/build/tmp/work/ebsy-arm64/expand-on-first-boot-1.0-r0/temp/log.do_install.263)
> > >>
> > >> ERROR: Logfile of failure stored in:
> > >> /work/build/tmp/work/ebsy-arm64/expand-on-first-boot-1.0-r0/temp/log.do_install.263
> > >>
> > >> Log data follows:
> > >> | DEBUG: Executing shell function do_install
> > >> | install: cannot remove
> > >> '/work/build/tmp/work/ebsy-arm64/expand-on-first-boot-1.0-r0/image//lib/systemd/system/expand-on-first-boot.service':
> > >> Permission denied
> > >> | WARNING: exit code 1 from a shell command.
> > >> | ERROR: Function failed: do_install (log file is located at
> > >> /work/build/tmp/work/ebsy-arm64/expand-on-first-boot-1.0-r0/temp/log.do_install.263)
> > >>
> > >>
> > >
> > > OK, that wasn't a "clean" re-build (rather a rebuild after the
> > > Isar update). Retesting with the same Isar version for build 1
> > > and 2.
>
> Arghh ... on a side-note. I have a few Isar-CI partial rebuild patches
> in a queue, they target both dpkg and dpkg-raw.
>
> > It persists, at least for dpkg-raw, and that is likely because of
> > the chroot we do for that package.
>
> Yes.
That actually revealed that we kept collecting changes in ${D} and
never cleaned it before install. I just sent a patch fixing that.
Next step will probably be to make the raw class use standard
debian/rules and just take the long dpkg-buildpkg route. Should not be
too hard to just write a debian/ folder that just does "make install".
Will look into that ...
Henning
> > How does normal dpkg get away without chroot now and still produce
> > the right ownership when installing a package? Can we adopt that?
>
> Probably fakeroot, i will look into using that for creating the raw
> package.
>
> Henning
>
> > Jan
> >
>
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [PATCH 2/3] Revert "Change ownership of WORKDIR prior to unpacking"
2018-11-14 15:43 ` Henning Schild
@ 2018-11-14 15:45 ` Jan Kiszka
2018-11-15 8:28 ` Henning Schild
0 siblings, 1 reply; 15+ messages in thread
From: Jan Kiszka @ 2018-11-14 15:45 UTC (permalink / raw)
To: Henning Schild; +Cc: isar-users
On 14.11.18 16:43, Henning Schild wrote:
> Am Wed, 14 Nov 2018 15:11:39 +0100
> schrieb "[ext] Henning Schild" <henning.schild@siemens.com>:
>
>> Am Wed, 14 Nov 2018 14:58:57 +0100
>> schrieb Jan Kiszka <jan.kiszka@siemens.com>:
>>
>>> On 14.11.18 14:23, Jan Kiszka wrote:
>>>> On 14.11.18 14:10, Jan Kiszka wrote:
>>>>> On 12.11.18 16:51, Henning Schild wrote:
>>>>>> We do not build as root anymore and the non-root uid/gid are now
>>>>>> in sync between inside and outside the chroot.
>>>>>>
>>>>>> This reverts commit 624b7c484bf59940ac2a4114018f7d56892dc05e.
>>>>>> ---
>>>>>> meta/classes/base.bbclass | 5 -----
>>>>>> 1 file changed, 5 deletions(-)
>>>>>>
>>>>>> diff --git a/meta/classes/base.bbclass
>>>>>> b/meta/classes/base.bbclass index fce1084..d4082de 100644
>>>>>> --- a/meta/classes/base.bbclass
>>>>>> +++ b/meta/classes/base.bbclass
>>>>>> @@ -120,17 +120,12 @@ do_unpack[stamp-extra-info] =
>>>>>> "${DISTRO}-${DISTRO_ARCH}" # Unpack package and put it into
>>>>>> working directory python do_unpack() {
>>>>>> - import subprocess
>>>>>> -
>>>>>> src_uri = (d.getVar('SRC_URI', True) or "").split()
>>>>>> if len(src_uri) == 0:
>>>>>> return
>>>>>> rootdir = d.getVar('WORKDIR', True)
>>>>>> - uid = str(os.getuid())
>>>>>> - subprocess.call('sudo chown -R ' + uid + ' ' + rootdir,
>>>>>> shell=True) -
>>>>>> try:
>>>>>> fetcher = bb.fetch2.Fetch(src_uri, d)
>>>>>> fetcher.unpack(rootdir)
>>>>>>
>>>>>
>>>>> This possibly causes this regression:
>>>>>
>>>>> ERROR: expand-on-first-boot-1.0-r0 do_install: Function failed:
>>>>> do_install (log file is located at
>>>>> /work/build/tmp/work/ebsy-arm64/expand-on-first-boot-1.0-r0/temp/log.do_install.263)
>>>>>
>>>>> ERROR: Logfile of failure stored in:
>>>>> /work/build/tmp/work/ebsy-arm64/expand-on-first-boot-1.0-r0/temp/log.do_install.263
>>>>>
>>>>> Log data follows:
>>>>> | DEBUG: Executing shell function do_install
>>>>> | install: cannot remove
>>>>> '/work/build/tmp/work/ebsy-arm64/expand-on-first-boot-1.0-r0/image//lib/systemd/system/expand-on-first-boot.service':
>>>>> Permission denied
>>>>> | WARNING: exit code 1 from a shell command.
>>>>> | ERROR: Function failed: do_install (log file is located at
>>>>> /work/build/tmp/work/ebsy-arm64/expand-on-first-boot-1.0-r0/temp/log.do_install.263)
>>>>>
>>>>>
>>>>
>>>> OK, that wasn't a "clean" re-build (rather a rebuild after the
>>>> Isar update). Retesting with the same Isar version for build 1
>>>> and 2.
>>
>> Arghh ... on a side-note. I have a few Isar-CI partial rebuild patches
>> in a queue, they target both dpkg and dpkg-raw.
>>
>>> It persists, at least for dpkg-raw, and that is likely because of
>>> the chroot we do for that package.
>>
>> Yes.
>
> That actually revealed that we kept collecting changes in ${D} and
> never cleaned it before install. I just sent a patch fixing that.
>
> Next step will probably be to make the raw class use standard
> debian/rules and just take the long dpkg-buildpkg route. Should not be
> too hard to just write a debian/ folder that just does "make install".
> Will look into that ...
>
Thanks, looking forward to test everything.
Jan
--
Siemens AG, Corporate Technology, CT RDA IOT SES-DE
Corporate Competence Center Embedded Linux
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [PATCH 2/3] Revert "Change ownership of WORKDIR prior to unpacking"
2018-11-14 15:45 ` Jan Kiszka
@ 2018-11-15 8:28 ` Henning Schild
0 siblings, 0 replies; 15+ messages in thread
From: Henning Schild @ 2018-11-15 8:28 UTC (permalink / raw)
To: Jan Kiszka; +Cc: isar-users
Am Wed, 14 Nov 2018 16:45:36 +0100
schrieb Jan Kiszka <jan.kiszka@siemens.com>:
> On 14.11.18 16:43, Henning Schild wrote:
> > Am Wed, 14 Nov 2018 15:11:39 +0100
> > schrieb "[ext] Henning Schild" <henning.schild@siemens.com>:
> >
> >> Am Wed, 14 Nov 2018 14:58:57 +0100
> >> schrieb Jan Kiszka <jan.kiszka@siemens.com>:
> >>
> >>> On 14.11.18 14:23, Jan Kiszka wrote:
> >>>> On 14.11.18 14:10, Jan Kiszka wrote:
> >>>>> On 12.11.18 16:51, Henning Schild wrote:
> >>>>>> We do not build as root anymore and the non-root uid/gid are
> >>>>>> now in sync between inside and outside the chroot.
> >>>>>>
> >>>>>> This reverts commit 624b7c484bf59940ac2a4114018f7d56892dc05e.
> >>>>>> ---
> >>>>>> meta/classes/base.bbclass | 5 -----
> >>>>>> 1 file changed, 5 deletions(-)
> >>>>>>
> >>>>>> diff --git a/meta/classes/base.bbclass
> >>>>>> b/meta/classes/base.bbclass index fce1084..d4082de 100644
> >>>>>> --- a/meta/classes/base.bbclass
> >>>>>> +++ b/meta/classes/base.bbclass
> >>>>>> @@ -120,17 +120,12 @@ do_unpack[stamp-extra-info] =
> >>>>>> "${DISTRO}-${DISTRO_ARCH}" # Unpack package and put it into
> >>>>>> working directory python do_unpack() {
> >>>>>> - import subprocess
> >>>>>> -
> >>>>>> src_uri = (d.getVar('SRC_URI', True) or "").split()
> >>>>>> if len(src_uri) == 0:
> >>>>>> return
> >>>>>> rootdir = d.getVar('WORKDIR', True)
> >>>>>> - uid = str(os.getuid())
> >>>>>> - subprocess.call('sudo chown -R ' + uid + ' ' + rootdir,
> >>>>>> shell=True) -
> >>>>>> try:
> >>>>>> fetcher = bb.fetch2.Fetch(src_uri, d)
> >>>>>> fetcher.unpack(rootdir)
> >>>>>>
> >>>>>
> >>>>> This possibly causes this regression:
> >>>>>
> >>>>> ERROR: expand-on-first-boot-1.0-r0 do_install: Function failed:
> >>>>> do_install (log file is located at
> >>>>> /work/build/tmp/work/ebsy-arm64/expand-on-first-boot-1.0-r0/temp/log.do_install.263)
> >>>>>
> >>>>> ERROR: Logfile of failure stored in:
> >>>>> /work/build/tmp/work/ebsy-arm64/expand-on-first-boot-1.0-r0/temp/log.do_install.263
> >>>>>
> >>>>> Log data follows:
> >>>>> | DEBUG: Executing shell function do_install
> >>>>> | install: cannot remove
> >>>>> '/work/build/tmp/work/ebsy-arm64/expand-on-first-boot-1.0-r0/image//lib/systemd/system/expand-on-first-boot.service':
> >>>>> Permission denied
> >>>>> | WARNING: exit code 1 from a shell command.
> >>>>> | ERROR: Function failed: do_install (log file is located at
> >>>>> /work/build/tmp/work/ebsy-arm64/expand-on-first-boot-1.0-r0/temp/log.do_install.263)
> >>>>>
> >>>>>
> >>>>
> >>>> OK, that wasn't a "clean" re-build (rather a rebuild after the
> >>>> Isar update). Retesting with the same Isar version for build 1
> >>>> and 2.
> >>
> >> Arghh ... on a side-note. I have a few Isar-CI partial rebuild
> >> patches in a queue, they target both dpkg and dpkg-raw.
> >>
> >>> It persists, at least for dpkg-raw, and that is likely because of
> >>> the chroot we do for that package.
> >>
> >> Yes.
> >
> > That actually revealed that we kept collecting changes in ${D} and
> > never cleaned it before install. I just sent a patch fixing that.
> >
> > Next step will probably be to make the raw class use standard
> > debian/rules and just take the long dpkg-buildpkg route. Should not
> > be too hard to just write a debian/ folder that just does "make
> > install". Will look into that ...
> >
>
> Thanks, looking forward to test everything.
I have a working prototype of the idea, where dpkg-raw is basically
dpkg with a debianization step in front of it. Still looking into the
details because we now have a lot of debhelpers enforcing quality
standards.
And the debianization looks like it could make it into a general lib
that could be reused to debianize random sources.
Henning
> Jan
>
^ permalink raw reply [flat|nested] 15+ messages in thread
end of thread, other threads:[~2018-11-15 8:28 UTC | newest]
Thread overview: 15+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-11-12 15:51 [PATCH 0/3] "root" to "builder" repair series Henning Schild
2018-11-12 15:51 ` [PATCH 1/3] buildchroot: Align UID and GID of builder user with caller Henning Schild
2018-11-13 7:53 ` Jan Kiszka
2018-11-14 7:32 ` Henning Schild
2018-11-14 8:31 ` [PATCH v2 " Jan Kiszka
2018-11-12 15:51 ` [PATCH 2/3] Revert "Change ownership of WORKDIR prior to unpacking" Henning Schild
2018-11-14 13:10 ` Jan Kiszka
2018-11-14 13:23 ` Jan Kiszka
2018-11-14 13:58 ` Jan Kiszka
2018-11-14 14:11 ` Henning Schild
2018-11-14 15:43 ` Henning Schild
2018-11-14 15:45 ` Jan Kiszka
2018-11-15 8:28 ` Henning Schild
2018-11-12 15:51 ` [PATCH 3/3] buildchroot: do not chown to builder:builder anymore Henning Schild
2018-11-14 12:55 ` [PATCH 0/3] "root" to "builder" repair series Maxim Yu. Osipov
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox