Bug 1659588

Summary: repotrack --repofrompath and --repoid parameters with -t or --tempcache options don't work as non-root user
Product: Red Hat Enterprise Linux 7 Reporter: afox <afox>
Component: yum-utilsAssignee: Michal Domonkos <mdomonko>
Status: CLOSED ERRATA QA Contact: Jan Blazek <jblazek>
Severity: high Docs Contact:
Priority: high    
Version: 7.6CC: kabbott, kwalker, mdomonko, mnk, packaging-team-maint
Target Milestone: rcKeywords: Triaged
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: yum-utils-1.1.31-53.el7 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-03-31 20:07:41 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
repotrack: Move the setCacheDir operation to after repofrompath none

Description afox@redhat.com 2018-12-14 18:01:15 UTC 
Description of problem:
When repotrack --repofrompath and --repoid parameters with -t or --tempcache options are used by non-root user, then command fails with error. 

$ repotrack --repofrompath=oo,http://openopen.nam.nsroot.net/openopen/not-cert/rhel7-x86_64/latest/RPMS.all/ --repoid=oo --urls bash
Added oo repo from http://openopen.nam.nsroot.net/openopen/not-cert/rhel7-x86_64/latest/RPMS.all/
Traceback (most recent call last):
  File "/bin/repotrack", line 285, in <module>
    main()
  File "/bin/repotrack", line 197, in main
    my._getSacks(archlist=archlist)
  File "/usr/lib/python2.7/site-packages/yum/__init__.py", line 778, in _getSacks
    self.repos.populateSack(which=repos)
  File "/usr/lib/python2.7/site-packages/yum/repos.py", line 386, in populateSack
    sack.populate(repo, mdtype, callback, cacheonly)
  File "/usr/lib/python2.7/site-packages/yum/yumRepo.py", line 227, in populate
    if self._check_db_version(repo, mydbtype):
  File "/usr/lib/python2.7/site-packages/yum/yumRepo.py", line 319, in _check_db_version
    return repo._check_db_version(mdtype)
  File "/usr/lib/python2.7/site-packages/yum/yumRepo.py", line 1515, in _check_db_version
    repoXML = self.repoXML
  File "/usr/lib/python2.7/site-packages/yum/yumRepo.py", line 1701, in <lambda>
    repoXML = property(fget=lambda self: self._getRepoXML(),
  File "/usr/lib/python2.7/site-packages/yum/yumRepo.py", line 1697, in _getRepoXML
    self._loadRepoXML(text=self.ui_id)
  File "/usr/lib/python2.7/site-packages/yum/yumRepo.py", line 1688, in _loadRepoXML
    return self._groupLoadRepoXML(text, self._mdpolicy2mdtypes())
  File "/usr/lib/python2.7/site-packages/yum/yumRepo.py", line 1662, in _groupLoadRepoXML
    if self._commonLoadRepoXML(text):
  File "/usr/lib/python2.7/site-packages/yum/yumRepo.py", line 1477, in _commonLoadRepoXML
    if self._latestRepoXML(local):
  File "/usr/lib/python2.7/site-packages/yum/yumRepo.py", line 1446, in _latestRepoXML
    oxml = self._saveOldRepoXML(local)
  File "/usr/lib/python2.7/site-packages/yum/yumRepo.py", line 1303, in _saveOldRepoXML
    shutil.copy2(local, old_local)
  File "/usr/lib64/python2.7/shutil.py", line 130, in copy2
    copyfile(src, dst)
  File "/usr/lib64/python2.7/shutil.py", line 83, in copyfile
    with open(dst, 'wb') as fdst:
IOError: [Errno 13] Permission denied: '/var/cache/yum/x86_64/7Server/oo/repomd.xml.old.tmp'

$ repotrack --repofrompath=oo,http://openopen.nam.nsroot.net/openopen/not-cert/rhel7-x86_64/latest/RPMS.all/ --repoid=oo --urls --tempcache  bash
Added oo repo from http://openopen.nam.nsroot.net/openopen/not-cert/rhel7-x86_64/latest/RPMS.all/
Traceback (most recent call last):
  File "/bin/repotrack", line 285, in <module>
    main()
  File "/bin/repotrack", line 197, in main
    my._getSacks(archlist=archlist)
  File "/usr/lib/python2.7/site-packages/yum/__init__.py", line 778, in _getSacks
    self.repos.populateSack(which=repos)
  File "/usr/lib/python2.7/site-packages/yum/repos.py", line 386, in populateSack
    sack.populate(repo, mdtype, callback, cacheonly)
  File "/usr/lib/python2.7/site-packages/yum/yumRepo.py", line 227, in populate
    if self._check_db_version(repo, mydbtype):
  File "/usr/lib/python2.7/site-packages/yum/yumRepo.py", line 319, in _check_db_version
    return repo._check_db_version(mdtype)
  File "/usr/lib/python2.7/site-packages/yum/yumRepo.py", line 1515, in _check_db_version
    repoXML = self.repoXML
  File "/usr/lib/python2.7/site-packages/yum/yumRepo.py", line 1701, in <lambda>
    repoXML = property(fget=lambda self: self._getRepoXML(),
  File "/usr/lib/python2.7/site-packages/yum/yumRepo.py", line 1697, in _getRepoXML
    self._loadRepoXML(text=self.ui_id)
  File "/usr/lib/python2.7/site-packages/yum/yumRepo.py", line 1688, in _loadRepoXML
    return self._groupLoadRepoXML(text, self._mdpolicy2mdtypes())
  File "/usr/lib/python2.7/site-packages/yum/yumRepo.py", line 1662, in _groupLoadRepoXML
    if self._commonLoadRepoXML(text):
  File "/usr/lib/python2.7/site-packages/yum/yumRepo.py", line 1477, in _commonLoadRepoXML
    if self._latestRepoXML(local):
  File "/usr/lib/python2.7/site-packages/yum/yumRepo.py", line 1446, in _latestRepoXML
    oxml = self._saveOldRepoXML(local)
  File "/usr/lib/python2.7/site-packages/yum/yumRepo.py", line 1303, in _saveOldRepoXML
    shutil.copy2(local, old_local)
  File "/usr/lib64/python2.7/shutil.py", line 130, in copy2
    copyfile(src, dst)
  File "/usr/lib64/python2.7/shutil.py", line 83, in copyfile
    with open(dst, 'wb') as fdst:
IOError: [Errno 13] Permission denied: '/var/cache/yum/x86_64/7Server/oo/repomd.xml.old.tmp'

Version-Release number of selected component (if applicable):
yum-utils-1.1.31-50.el7 and above

How reproducible:
Always

Steps to Reproduce:
1. Run command as shown above in description 

Actual results:
IOError: [Errno 13] Permission denied: '/var/cache/yum/x86_64/7Server/oo/repomd.xml.old.tmp'

Expected results:
No error.
Comment 7 Kyle Walker 2019-07-10 17:36:23 UTC 
Created attachment 1589175 [details]
repotrack: Move the setCacheDir operation to after  repofrompath

On further inspection, it looks like this should be pretty simple to fix... The difficulty is the following:

    # do the happy tmpdir thing if we're not root
    if os.geteuid() != 0 or opts.tempcache:
        cachedir = getCacheDir()
        if cachedir is None:
            print >> sys.stderr, "Error: Could not make cachedir, exiting"
            sys.exit(50)

        my.repos.setCacheDir(cachedir)


This creates a temporary cache directory named for the current user.

    $ ll /var/tmp/yum-vagrant-Fl8ySL/


However, the key to the problem is that EPERM is coming from the /var/cache/yum/ directory.

    IOError: [Errno 13] Permission denied: '/var/cache/yum/x86_64/7Server/oo/repomd.xml.old.tmp'


This is due to the above cachedir variable not being applied to repofrompath repos in subsequent operations:

    if opts.repofrompath:
        for repo in opts.repofrompath:
            tmp = tuple(repo.split(','))
            if len(tmp) != 2:
                my.logger.error("Error: Bad repofrompath argument: %s" %repo)
                continue
            repoid, repopath = tmp
            if repopath and repopath[0] == '/':
                baseurl = 'file://' + repopath
            else:
                baseurl = repopath
            try:
                my.add_enable_repo(repoid, baseurls=[baseurl],
                                   basecachedir=my.conf.cachedir,
                                   timestamp_check=False)
            except yum.Errors.DuplicateRepoError, e:
                my.logger.error(e)
                sys.exit(1)
            if not opts.quiet:
                my.logger.info("Added %s repo from %s" % (repoid, repopath))



I've attached a patch that fixes the condition.
Comment 19 errata-xmlrpc 2020-03-31 20:07:41 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:1158