From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Thu, 17 Jul 2025 12:37:01 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-pj1-f64.google.com (mail-pj1-f64.google.com [209.85.216.64]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 56HAaxR2025355 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 17 Jul 2025 12:37:00 +0200 Received: by mail-pj1-f64.google.com with SMTP id 98e67ed59e1d1-31cb5c75e00sf457732a91.0 for ; Thu, 17 Jul 2025 03:37:00 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1752748613; cv=pass; d=google.com; s=arc-20240605; b=gZDmd7WRNQA8NSpMC8Fwh079dHEPACTb4mSj1q/IYVgRMBhsZB0KconSFilhcCMaxR 3M16nxh3KDC6ooYHnxmx0Z/z391VRn35YXQSKMW9YlVCstvhSqZfQcRCGVYMyswqU1lX 7mUoxqdAKeu1v0eh2qdRcsVA+8eRG1MzL4tNqnsmGQ5ghSRoe9RhCzHQx8/GVsfODF2a LaL2XB6C/upXWb98T4qV7p5h2m6N20ASRSgW2OpDIaRSA+LxmCU/CHdg8Aq7/imEJyiy IwvRel01dBq8BaVwKfjW6yq2Oo8nijqxpyjbk6nqzsAL4JNj9SSxSZ39n3fi/UDzciNE mtrA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:in-reply-to:content-disposition :mime-version:references:mail-followup-to:message-id:subject:to:from :date:sender:dkim-signature; bh=qWmuOkYidTjfHqKPoX9HR9QcAYyYdpYcrpzKqeEalBs=; fh=b3Bcro0xviHmBSI54hj9lC0f92ETEBaaM4w7O4gIfNw=; b=NUw8wUeiXw6EJqu+rmQMbbkTTaMN201D+/JeLbuYt9T0iH5XLIltqgBWW/PXPu2I4U ivuQQpJLBM4o60ppHntL+Otn7DrL2dph6yVws/Yfhme9gYjB8j8n/9B9lflVQT3asqSR 3oT346Ro23ZsQEQsyxksOtdLKnhe7WIYuePrDigKd1Ww1zK9ejSdiF/A+FgC7Ih6s3EP 6LXzKrMWSeMkv7b56Uqw3vVkZPxtbxfeXSbwpTYZDui14fbGccQCqrdAZS0Z4NDKN6Qd VS02KPj/qhxucYL6VrSWinYrfImcvQGYv0N9E+ukhhGrXqlz18dt6bSbWg9oJfPPL1+s BZ2g==; darn=ilbers.de ARC-Authentication-Results: i=2; gmr-mx.google.com; spf=pass (google.com: domain of ibr@radix50.net designates 85.214.156.166 as permitted sender) smtp.mailfrom=ibr@radix50.net DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1752748613; x=1753353413; darn=ilbers.de; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:in-reply-to:content-disposition:mime-version :references:mail-followup-to:message-id:subject:to:from:date:sender :from:to:cc:subject:date:message-id:reply-to; bh=qWmuOkYidTjfHqKPoX9HR9QcAYyYdpYcrpzKqeEalBs=; b=m4XSMRTtdeeUcqQQlT3O3KbtQwqqU2uaWdCavth01PzVPu4DQjhwX43dRLadAfGUfn 087JFVL1LW+i3P+uX/eRKZJiz0CCGK4xtQh06Ziddpok3VeGYkhZ8TQE+GbKBKsY97Sj 5zAp89lWEinMuAl3REJNT0PIMQv4N4WVwsAKWZjpPa8ZRnUUmAwTFcvvtT8D5cTBNMu/ 4dxrVxXEEv5Pk4qme6cd5bSw85j3vGxnRfgniqf5fRNlnfyydu+g3idWv5Pxh8SwCvQj Qzr+xSslwK7LUEhWwFxRvOoL5IuRmIqaSryuW9u55QTuE6ktjVm0rBfvuazk3kXatNI1 FWIQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1752748613; x=1753353413; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence :x-original-authentication-results:x-original-sender:in-reply-to :content-disposition:mime-version:references:mail-followup-to :message-id:subject:to:from:date:x-beenthere:x-gm-message-state :sender:from:to:cc:subject:date:message-id:reply-to; bh=qWmuOkYidTjfHqKPoX9HR9QcAYyYdpYcrpzKqeEalBs=; b=J4QhJDZWwpBEwNxCuftGzChyUyFC+O5nb3EhfV16by/wtonkL4CqRZfIz7SK9ETQ8l i8HluSFNiZAJtSNo1QoA/esWMd9J7+cZyXmK3MPhsH5yOJ9TfPKzP8tXT7/3//AOWzAX YVNK00Tu58pDb7skUA9wHh29glSNSR0VV3uqv/wI1Eggi0z49RdWgwTpG2LHOEkr+e0H 73r7AjvTAq1HehdTzTbE5q1h8as5CcBTW6euYaIKJ3dP7tnnyfIAxVeDXaxBy2d4T+7+ khUw6RwS3iLyffRjrkl1DA7jy8FXM90c83f47/0P9lSgIqJDnEoVPadQcRoE4mUnIYAX /6Pw== Sender: isar-users@googlegroups.com X-Forwarded-Encrypted: i=2; AJvYcCU9rQYgBDq+oO/bgFJGuFs07bbFjRWCeLOVD54dzCjcoabuvwpI5qh//re/Lp9DUGdq+uHW@ilbers.de X-Gm-Message-State: AOJu0YxXkKkxoGrNh1fZbZ6vHx8EO4Jfj18zbhgCJIXoqtK2wybl3LnV squgq490ZMH0Y6cMPIh3FZ0UdwuGSBRUyOEx6MrLAZIFozk5BFD9ZJ9K X-Google-Smtp-Source: AGHT+IFHV4zZ/0QsContMy8AJpWTuLW+T2m5rPkvR2BVsYoAbhRPnvRQUctDqEIMTXWocjI0f+Zezw== X-Received: by 2002:a17:90b:33d0:b0:313:d342:448c with SMTP id 98e67ed59e1d1-31caebbca7emr4116613a91.17.1752748613163; Thu, 17 Jul 2025 03:36:53 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h=AZMbMZfmHdsnGMmAgTpr3mvcOFEhsyaITz9PuoiteHrUplWThQ== Received: by 2002:a17:90a:c41:b0:311:d055:850d with SMTP id 98e67ed59e1d1-31cae6e1ccdls389973a91.2.-pod-prod-00-us; Thu, 17 Jul 2025 03:36:51 -0700 (PDT) X-Received: by 2002:a17:90b:3d81:b0:312:e73e:cded with SMTP id 98e67ed59e1d1-31caea21526mr4007276a91.16.1752748610774; Thu, 17 Jul 2025 03:36:50 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1752748610; cv=none; d=google.com; s=arc-20240605; b=W9qxwcJlGhQAJS7oU5WWcanJhv1ktsMMIor/ANnL+R5ULRtCUiFFVXJ886aDgIbqgz /+bLc81TyyisOjela4xFMmbtzRGUbfzE8Imbi4mlLBXo9nBZ7ud1jx5CsTtWKT1sco4y q4y8J5uiYs4Gx+9MhP6A22OOsqdjmXtUCcyANY+1zx87bL2NMGKnQU3SHGAJroGEI9EY qeiGPGEKuZFFVwJrkBjfyQzggQB5SHPpAgJku4Pk0fh4Ofg48h5ahHY/TBJQzplfdkkP uTuTkXSnaTpUhK0oVlNJ+SPcEsVwOS/vMHhHkl6kgM8pOXa17UnPqrywzTmvfw6/9CCb K5Ag== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=in-reply-to:content-disposition:mime-version:references :mail-followup-to:message-id:subject:to:from:date; bh=B346UUxhPacK2dMYXEgtXKdBQjRLtKZacRDuORUa+rc=; fh=7tclEdh7YbwSQowgJ6LNq720O7H5HTEaqj22NJWRE2E=; b=Tm7xXXCDhwNK61ZAEFnQV88DZtjAng9RbBJjmMuRbob7BeY3InUwt7I5n/eUkNvjVF n6QcfMeuJeE7XaNWKDzd45fzX/+Mb3ugdfu4zWNLX2j8KQoA/8R6sIVyX4jD/vHUk6V2 dXvfRH+b3Gl00OkkBPNLlxY/oxQwX0kGDggJ9kTbeGYAIyLQa6gKkpYT+1uSQNAz1sVf nKzGoDvHjRyYOeetEam9YINZBq50AtkFKf41RMULt19E8c2shrUWCLhaoarmCGaNl0e2 EXJgHVXQ4GoEzw4bne4OQ1QHCl9aqOrFBUYlVBb1u0kPAhAh9TRMFBFJdvvoVNwMU0Qc exvg==; dara=google.com ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=pass (google.com: domain of ibr@radix50.net designates 85.214.156.166 as permitted sender) smtp.mailfrom=ibr@radix50.net Received: from shymkent.ilbers.de (shymkent.ilbers.de. [85.214.156.166]) by gmr-mx.google.com with ESMTPS id 98e67ed59e1d1-31c9f1d9743si160216a91.1.2025.07.17.03.36.50 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Thu, 17 Jul 2025 03:36:50 -0700 (PDT) Received-SPF: pass (google.com: domain of ibr@radix50.net designates 85.214.156.166 as permitted sender) client-ip=85.214.156.166; Received: from abai.de ([88.130.203.42]) (authenticated bits=0) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPSA id 56HAakIa025339 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 17 Jul 2025 12:36:48 +0200 Date: Thu, 17 Jul 2025 12:36:46 +0200 From: Baurzhan Ismagulov To: isar-users@googlegroups.com Subject: Re: [PATCH 1/1] wic: disable generation of python bytecode cache Message-ID: Mail-Followup-To: isar-users@googlegroups.com References: <20250605145837.1384007-1-felix.moessbauer@siemens.com> MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Disposition: inline In-Reply-To: <20250605145837.1384007-1-felix.moessbauer@siemens.com> X-Spam-Status: No, score=-4.6 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2, RCVD_IN_RP_CERTIFIED,RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-Original-Sender: ibr@radix50.net X-Original-Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of ibr@radix50.net designates 85.214.156.166 as permitted sender) smtp.mailfrom=ibr@radix50.net Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-TUID: 9y/9q4gBUSIa On 2025-06-05 16:58, 'Felix Moessbauer' via isar-users wrote: > Wic is executed as root, so the python bytecode cache is also > created as root. This is problematic as the cache is created inside the > source tree in a folder__pycache__ next to the python script itself. By > that, we end up with files belonging to root inside the repo source > tree, which makes it impossible to delete the source tree as a regular > user. > > This problem became visible with the kas purge plugin that removes the > fetched layers as a regular user (these layers are fetched and managed > by kas). Also the read-only mounting of repos in kas does not help here, > as the fetched repos are not mounted ro for obvious reasons. > > Anyways, we should not create files inside the source tree that do not > belong to the calling user. To fix this, we just disable the python > cache for the wic task. This is the only task that executes a python > script from the source tree as root. Applied to next, thanks. With kind regards, Baurzhan -- You received this message because you are subscribed to the Google Groups "isar-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to isar-users+unsubscribe@googlegroups.com. To view this discussion visit https://groups.google.com/d/msgid/isar-users/aHjSPtropZcZrzro%40abai.de.