From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 6622136737823981568 X-Received: by 2002:ac2:4150:: with SMTP id c16mr25396lfi.2.1542014397488; Mon, 12 Nov 2018 01:19:57 -0800 (PST) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a2e:8551:: with SMTP id u17-v6ls201318ljj.3.gmail; Mon, 12 Nov 2018 01:19:56 -0800 (PST) X-Google-Smtp-Source: AJdET5cc1UU1sbCZwIzCD0sOBrVd/aHInfI88aRB34GXLxEzEpv6hunOIMBCHYgEZRh9Y0dSA6i4 X-Received: by 2002:a2e:5d0c:: with SMTP id r12-v6mr28189ljb.8.1542014396454; Mon, 12 Nov 2018 01:19:56 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1542014396; cv=none; d=google.com; s=arc-20160816; b=npPjsBNHmu7yk3MBJ2ldwJNb5rZ/eCrRoVJ858TYdsCb2X+q/SGxsoMe6SEhZPk+Ga 6WULQeaWTB1ovBgBXmAQtc1Uho2Ze5yW9z5vPTfCV9tQR+Jp8OlW4sG+qk0TbyXRUnU5 x+MOOt4zaxy3zTvMxo9bpHjaLHAi4seHB8yEu6uUkASWnCbv2NLOqKcPj/L/zOBMKBGR ozWvKoAh01GcBgadxP0nh+qPZLabE+GU3MCBMWoqfY9B7hr3uxw9ql5X6LNGxoWmGrPh ek6Jvc/KS3fAiX5E65cYIlNd6tiOSNu2WIzZAZxIF/n1vTNim5ttfTxkwfcIQKUEkmBa RxRQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:content-language:in-reply-to:mime-version :user-agent:date:message-id:from:references:cc:to:subject; bh=XaqzAoH63r/1IRaxLpMPKrrB+ekKBK8O1i4614Xbkm8=; b=E82BNo0vpBfGqmggkRMmk0wRtGNtVBsTzUWrIfFQyfc0dv5PUVIsBqBpt8ysQ+3EVc f3m0FXJS1hpe1+Qtp7ZVdJLEh4ZQ5uNy75xVj+21SSwvzMbbzN3Mnr1uTEJ+W9FrJAkB tEuVxP2TlqLt4lgzN7tq/qeOybSbjd+U7IuYPeZO2vtMwtCC1VvkSPuJ9w0aJOmiFUA5 sli+tP6RyY1EKpt1+WOQFne8pKx4sLT/zWpI35JwzxFfiCXCgGeJFI8flP58xHYlYClu gsuRKnUka6s9NU0ewUEVW170y/VkDhM9qfGO1fFVoNhRybqIjbl5vYcENUTdvk62psYA rSZw== ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=pass (google.com: domain of jan.kiszka@siemens.com designates 194.138.37.40 as permitted sender) smtp.mailfrom=jan.kiszka@siemens.com Return-Path: Received: from gecko.sbs.de (gecko.sbs.de. [194.138.37.40]) by gmr-mx.google.com with ESMTPS id l5-v6si699070ljh.4.2018.11.12.01.19.56 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 12 Nov 2018 01:19:56 -0800 (PST) Received-SPF: pass (google.com: domain of jan.kiszka@siemens.com designates 194.138.37.40 as permitted sender) client-ip=194.138.37.40; Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of jan.kiszka@siemens.com designates 194.138.37.40 as permitted sender) smtp.mailfrom=jan.kiszka@siemens.com Received: from mail2.sbs.de (mail2.sbs.de [192.129.41.66]) by gecko.sbs.de (8.15.2/8.15.2) with ESMTPS id wAC9Jtdr004490 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 12 Nov 2018 10:19:55 +0100 Received: from [167.87.50.65] ([167.87.50.65]) by mail2.sbs.de (8.15.2/8.15.2) with ESMTP id wAC9Js4L029028; Mon, 12 Nov 2018 10:19:55 +0100 Subject: Re: [PATCH] buildchroot: Align UID and GID of builder user with caller To: "[ext] Henning Schild" , Jan Kiszka Cc: isar-users References: <0ec8a678-7297-4ad9-4a9b-49d87f504061@web.de> <20181112101648.051ce0ed@md1za8fc.ad001.siemens.net> From: Jan Kiszka Message-ID: <680671b8-2c63-3447-ca15-35431178b266@siemens.com> Date: Mon, 12 Nov 2018 10:19:54 +0100 User-Agent: Mozilla/5.0 (X11; U; Linux i686 (x86_64); de; rv:1.8.1.12) Gecko/20080226 SUSE/2.0.0.12-1.1 Thunderbird/2.0.0.12 Mnenhy/0.7.5.666 MIME-Version: 1.0 In-Reply-To: <20181112101648.051ce0ed@md1za8fc.ad001.siemens.net> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-TUID: Ny6Lr+A8+6K1 On 12.11.18 10:16, [ext] Henning Schild wrote: > I am afraid that this is not correct. The ids you are taking from the > "host" might be taken inside the chroot. As a result creating the > user/group would fail. Chances might be low ... This also assumes that Really? I thought that these commands are run very early during bootstrap where there are no other users - if not, that would be a bug. Jan > ids/hosts will never change and breaks migrating a build to another > host. > If the host fails to remove/overwrite the files, we will have to use > sudo on the host. > > Henning > > Am Sat, 10 Nov 2018 08:52:38 +0100 > schrieb Jan Kiszka : > >> From: Jan Kiszka >> >> This fixes EPERM on rebuild and also some clean builds: We have to >> align the IDs of the builder user with the user in the host >> environment. Otherwise, files and directories can become unaccessible >> during the build. >> >> Fixes: be291cd991bd ("buildchroot: build debian packages as "builder" >> not "root"") Signed-off-by: Jan Kiszka >> --- >> meta/recipes-devtools/buildchroot/buildchroot.inc | 4 +++- >> meta/recipes-devtools/buildchroot/files/configscript.sh | 4 ++-- >> 2 files changed, 5 insertions(+), 3 deletions(-) >> >> diff --git a/meta/recipes-devtools/buildchroot/buildchroot.inc >> b/meta/recipes-devtools/buildchroot/buildchroot.inc index >> 7dd909e..2c44db9 100644 --- >> a/meta/recipes-devtools/buildchroot/buildchroot.inc +++ >> b/meta/recipes-devtools/buildchroot/buildchroot.inc @@ -36,7 +36,9 @@ >> do_build() { >> # Configure root filesystem >> sudo install -m 755 ${WORKDIR}/configscript.sh ${BUILDCHROOT_DIR} >> - sudo chroot ${BUILDCHROOT_DIR} /configscript.sh >> + USER_ID=$(id -u) >> + GROUP_ID=$(id -g) >> + sudo chroot ${BUILDCHROOT_DIR} /configscript.sh $USER_ID >> $GROUP_ID >> sudo mount --bind ${DL_DIR} ${BUILDCHROOT_DIR}/downloads >> } >> diff --git a/meta/recipes-devtools/buildchroot/files/configscript.sh >> b/meta/recipes-devtools/buildchroot/files/configscript.sh index >> 30660e7..7e49385 100644 --- >> a/meta/recipes-devtools/buildchroot/files/configscript.sh +++ >> b/meta/recipes-devtools/buildchroot/files/configscript.sh @@ -10,6 >> +10,6 @@ locales locales/locales_to_be_generated multiselect >> en_US.UTF-8 UTF-8 locales locales/default_environment_locale select >> en_US.UTF-8 END >> -addgroup --quiet --system builder >> -useradd --system --gid builder --no-create-home --home /home/builder >> --no-user-group --comment "Isar buildchroot build user" builder >> +addgroup --quiet --system builder --gid $2 +useradd --system --uid >> $1 --gid builder --no-create-home --home /home/builder >> --no-user-group --comment "Isar buildchroot build user" builder chown >> -R builder:builder /home/builder > -- Siemens AG, Corporate Technology, CT RDA IOT SES-DE Corporate Competence Center Embedded Linux