From mboxrd@z Thu Jan  1 00:00:00 1970
X-GM-THRID: 6622136737823981568
X-Received: by 2002:a19:740a:: with SMTP id v10mr35540lfe.16.1542016344991;
        Mon, 12 Nov 2018 01:52:24 -0800 (PST)
X-BeenThere: isar-users@googlegroups.com
Received: by 2002:a2e:4214:: with SMTP id p20-v6ls621427lja.26.gmail; Mon, 12
 Nov 2018 01:52:24 -0800 (PST)
X-Google-Smtp-Source: AJdET5dYhTzNkltLtYcuRE2xqNCholPOk4nr9E1DWYzhv5a8x+zForIqqPXl2Lym444ffC3GMTMC
X-Received: by 2002:a2e:86ce:: with SMTP id n14-v6mr36879ljj.21.1542016344097;
        Mon, 12 Nov 2018 01:52:24 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1542016344; cv=none;
        d=google.com; s=arc-20160816;
        b=JElt41olEKTlUbJBIsw4UF20vQrm9Vi9EYJe1aavuQLvPzycgLl8vr04DiZE4ntiZl
         THloA4ZGsifg7DbTYRhVghEAPK8qW2QqxNhhpY1pyR8E2oPnjSXnh/NM3aFLHbbnvb2U
         7BpMHMr1xpAL+3FEPraLhwCBmAyurE5oqiCK+1VMqq8ETDt3bA6JNxisXq4RYl75fe5D
         w8HoA5gMjoED7xhZoTSUuP+t4Vv3+zl4V/aoPtXQFdelm9hLN3YVbg545Kr+tbbFxFfG
         aPioPIR//NDRlGC819AV3f5q6D/u7TVbdkqyNfEn0r+wyYfjppJ4+bGYNwlLjWTBSxs8
         WeCg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:content-language:in-reply-to:mime-version
         :user-agent:date:message-id:from:references:cc:to:subject;
        bh=MeMN5Xf+f18O/P1zh+qHEOwbllqc/KlrVdZb0h1wE5k=;
        b=Vs5ER2m6ERSbB3vIt3yvTRZMSerDivWbzSaKrlCHHZmZDNwKPnjCYzc0r9ELtAfp2m
         Wv8eOMr9fEFo7PIR5htzxbv8/3QqivgiD0vUPaoueOfAko4VpGL0xfWtlg5uUURptNdN
         dyK930StkH5TAt9qUXOLDLUN1Tm+LgnM9Vbu7s4EmLYDheAZ9I+ww61H+4ML/I3PkAgs
         e7co5TztdjWt83UxSG+R0R6fpY7jTL4RsDHJ0YcWq+NqS6He3FHmHT/l67pklQf7ELtO
         305T7p9R6qWr1stcgOczLyICC5+TmVjIO146KkZQiqWoik+WAKd66fktozQaZm8Zbsx8
         cQdQ==
ARC-Authentication-Results: i=1; gmr-mx.google.com;
       spf=pass (google.com: domain of jan.kiszka@siemens.com designates 192.35.17.2 as permitted sender) smtp.mailfrom=jan.kiszka@siemens.com
Return-Path: <jan.kiszka@siemens.com>
Received: from thoth.sbs.de (thoth.sbs.de. [192.35.17.2])
        by gmr-mx.google.com with ESMTPS id t5-v6si620742lje.3.2018.11.12.01.52.23
        for <isar-users@googlegroups.com>
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Mon, 12 Nov 2018 01:52:24 -0800 (PST)
Received-SPF: pass (google.com: domain of jan.kiszka@siemens.com designates 192.35.17.2 as permitted sender) client-ip=192.35.17.2;
Authentication-Results: gmr-mx.google.com;
       spf=pass (google.com: domain of jan.kiszka@siemens.com designates 192.35.17.2 as permitted sender) smtp.mailfrom=jan.kiszka@siemens.com
Received: from mail2.sbs.de (mail2.sbs.de [192.129.41.66])
	by thoth.sbs.de (8.15.2/8.15.2) with ESMTPS id wAC9qM5O014107
	(version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK)
	for <isar-users@googlegroups.com>; Mon, 12 Nov 2018 10:52:23 +0100
Received: from [139.22.32.14] ([139.22.32.14])
	by mail2.sbs.de (8.15.2/8.15.2) with ESMTP id wAC9qMNb020585;
	Mon, 12 Nov 2018 10:52:22 +0100
Subject: Re: [PATCH] buildchroot: Align UID and GID of builder user with
 caller
To: Henning Schild <henning.schild@siemens.com>
Cc: isar-users <isar-users@googlegroups.com>
References: <0ec8a678-7297-4ad9-4a9b-49d87f504061@web.de>
 <20181112101648.051ce0ed@md1za8fc.ad001.siemens.net>
 <680671b8-2c63-3447-ca15-35431178b266@siemens.com>
 <20181112104255.464bdf54@md1za8fc.ad001.siemens.net>
From: Jan Kiszka <jan.kiszka@siemens.com>
Message-ID: <7acfa387-b037-af81-82a3-748edd97c008@siemens.com>
Date: Mon, 12 Nov 2018 10:52:22 +0100
User-Agent: Mozilla/5.0 (X11; U; Linux i686 (x86_64); de; rv:1.8.1.12)
 Gecko/20080226 SUSE/2.0.0.12-1.1 Thunderbird/2.0.0.12 Mnenhy/0.7.5.666
MIME-Version: 1.0
In-Reply-To: <20181112104255.464bdf54@md1za8fc.ad001.siemens.net>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-TUID: bfNRjH2CQUrY

On 12.11.18 10:42, Henning Schild wrote:
> Am Mon, 12 Nov 2018 10:19:54 +0100
> schrieb Jan Kiszka <jan.kiszka@siemens.com>:
> 
>> On 12.11.18 10:16, [ext] Henning Schild wrote:
>>> I am afraid that this is not correct. The ids you are taking from
>>> the "host" might be taken inside the chroot. As a result creating
>>> the user/group would fail. Chances might be low ... This also
>>> assumes that
>>
>> Really? I thought that these commands are run very early during
>> bootstrap where there are no other users - if not, that would be a
>> bug.
> 
> I think the only uid/gid you can really be sure about is 0. 1 could
> already be a regular user on the host, and 1 is "daemon" on a current
> debian ... probably there right after debootstrap.

Let me check if we can move the ID assignment earlier, to reduce that risk.

> 
> 1000 being the first "user" is more a convention than something you can
> rely on for any host. (/etc/login.defs UID_MIN/MAX etc.)

We are talking about transferring the ID's from the host Debian to the 
buildchroot Debian - is there really a realistic risk of friction?

If we can't solve that sync problem, we need to revert to running as root, I'm 
afraid. The current model is broken.

Jan

-- 
Siemens AG, Corporate Technology, CT RDA IOT SES-DE
Corporate Competence Center Embedded Linux