Description of problem: A few days ago, something in Koji changed which started breaking certain builds. After investigating this, we have found that if 'fontconfig' is used as a build dependency, $HOME/.config is created and owned by root.root, which means that no user program can create any directory under $HOME/.config: + ls -al /builddir total 36 drwx------. 5 mockbuild mockbuild 4096 Sep 1 22:35 . dr-xr-xr-x. 18 root root 4096 Sep 1 22:23 .. -rwxr-xr-x. 1 mockbuild mockbuild 18 Aug 9 12:08 .bash_logout -rwxr-xr-x. 1 mockbuild mockbuild 193 Aug 9 12:08 .bash_profile -rwxr-xr-x. 1 mockbuild mockbuild 231 Aug 9 12:08 .bashrc drwxr-xr-x. 3 mockbuild mockbuild 4096 Sep 1 22:35 .cache drwxr-xr-x. 3 root root 4096 Sep 1 22:24 .config -rw-rw-r--. 1 mockbuild mockbuild 211 Sep 1 22:23 .rpmmacros drwxr-xr-x. 9 mockbuild mockbuild 4096 Sep 1 22:23 build + ls -al /builddir/.config total 12 drwxr-xr-x. 3 root root 4096 Sep 1 22:24 . drwx------. 5 mockbuild mockbuild 4096 Sep 1 22:35 .. drwxr-xr-x. 2 root root 4096 Sep 1 22:24 fontconfig This seems to be related to this build change: commit 48deb947abd85d2f00c04d0f22c42fbe43d87cee Author: Akira TAGOH <tagoh> Date: Fri Aug 30 15:12:07 2013 +0900 New upstream release. - migrate the configuration for XDG Base Directory spec automatically (bug 882267) Version-Release number of selected component (if applicable): fontconfig-2.10.95-1.fc21 How reproducible: 100% Steps to Reproduce: 1. See the steps in bug 1003088. Actual results: Programs fail to run %check sections, if they rely on anything that creates files in $HOME/.config Expected results: $HOME/.config should not be created as root.root by anything. Additional info:
Does anyone run any process using fontconfig with root? and/or mock overrides XDG_CONFIG_HOME to that for root?
Created attachment 792774 [details] test.spec The attachment is a minimal test which demonstrates the problem. You will need to have a Fedora packager account in order to run this test. After downloading 'test.spec', do: rpmbuild -ba --define "_sourcedir $(pwd)" test.spec koji build --scratch rawhide $HOME/rpmbuild/SRPMS/test-0-6.src.rpm You will see a scratch build in Koji (which will fail), like this one: http://koji.fedoraproject.org/koji/taskinfo?taskID=5881569 If you then examine the build.log file, you will see this output showing the $HOME/.config file with bad ownership: + ls -al /builddir total 32 drwx------. 4 mockbuild mockbuild 4096 Sep 2 09:15 . dr-xr-xr-x. 18 root root 4096 Sep 2 09:15 .. -rwxr-xr-x. 1 mockbuild mockbuild 18 Aug 9 12:08 .bash_logout -rwxr-xr-x. 1 mockbuild mockbuild 193 Aug 9 12:08 .bash_profile -rwxr-xr-x. 1 mockbuild mockbuild 231 Aug 9 12:08 .bashrc drwxr-xr-x. 3 root root 4096 Sep 2 09:15 .config -rw-rw-r--. 1 mockbuild mockbuild 211 Sep 2 09:15 .rpmmacros drwxr-xr-x. 9 mockbuild mockbuild 4096 Sep 2 09:15 build + mkdir -p /builddir/.config/test mkdir: cannot create directory '/builddir/.config/test': Permission denied
(In reply to Akira TAGOH from comment #1) > Does anyone run any process using fontconfig with root? and/or mock > overrides XDG_CONFIG_HOME to that for root? Apparently yes. Almost every fonts package has a %post script that does: %post { umask 133 mkfontscale %{fontdir} || : mkfontdir %{fontdir} || : fc-cache %{_datadir}/fonts } &> /dev/null || : (that is taken from urw-fonts, but there are many other fonts-related packages doing the same thing)
Looking at the changelog for fontconfig, I'd point to this change as a likely culprint, since it was made at about the time we saw the first libguestfs failure and involves the XDG directories we have problems with here +* Fri Aug 30 2013 Akira TAGOH <tagoh> - 2.10.94-1 +- New upstream release. +- migrate the configuration for XDG Base Directory spec automatically (#882267)
just set XDG_CONFIG_HOME at %post to run fc-cache in 2.0.95-2. I'm not sure if it really helps since as you said at Bug#1003088, it works on mock for me too. so waiting for deploying this update to buildroot.
(In reply to Richard W.M. Jones from comment #3) > Apparently yes. Almost every fonts package has a %post > script that does: Hmm, but who is requiring a font package to build a package? Is it a case for libvirt too?
(In reply to Akira TAGOH from comment #6) > (In reply to Richard W.M. Jones from comment #3) > > Apparently yes. Almost every fonts package has a %post > > script that does: > > Hmm, but who is requiring a font package to build a package? > Is it a case for libvirt too? It's pulled in as an indirect dependency of something. I would guess something to do with texlive or other documentation generation. However that's hardly the point -- there are no limits on what can be BuildRequire'd, and in any case I suspect this would be just as broken on a 'fedup' Fedora install.
(In reply to Daniel Berrange from comment #4) > Looking at the changelog for fontconfig, I'd point to this change as a > likely culprint, since it was made at about the time we saw the first > libguestfs failure and involves the XDG directories we have problems with > here > > +* Fri Aug 30 2013 Akira TAGOH <tagoh> - 2.10.94-1 > +- New upstream release. > +- migrate the configuration for XDG Base Directory spec automatically > (#882267) That oblique comment seems to refer to: http://cgit.freedesktop.org/fontconfig/commit/?id=041deb0cc541692e260b93232b9957c2538e3bb9
(In reply to Akira TAGOH from comment #5) > just set XDG_CONFIG_HOME at %post to run fc-cache in 2.0.95-2. I'm not sure > if it really helps since as you said at Bug#1003088, it works on mock for me > too. so waiting for deploying this update to buildroot. This doesn't work. Please test changes using the minimal test case I have posted (comment 2). In this case, same error as before: http://koji.fedoraproject.org/koji/taskinfo?taskID=5881952
(In reply to Richard W.M. Jones from comment #7) > (In reply to Akira TAGOH from comment #6) > > (In reply to Richard W.M. Jones from comment #3) > > > Apparently yes. Almost every fonts package has a %post > > > script that does: > > > > Hmm, but who is requiring a font package to build a package? > > Is it a case for libvirt too? > > It's pulled in as an indirect dependency of something. > I would guess something to do with texlive or other > documentation generation. Turns out to be java-1.7.0-openjdk (which we need to build Java bindings), which depends on fontconfig.
To fix fundamental, the process being used fontconfig has to have the proper $HOME or $XDG_CONFIG_HOME IMHO. I can patch out fontconfig not to create a directory if there are no old config file nor dir. that may works for this case because it's unlikely to see on mock. but we may need to update the template in fontpackages to be safe perhaps.
(In reply to Akira TAGOH from comment #11) > To fix fundamental, the process being used fontconfig has to have the proper > $HOME or $XDG_CONFIG_HOME IMHO. I can patch out fontconfig not to create a > directory if there are no old config file nor dir. that may works for this > case because it's unlikely to see on mock. but we may need to update the > template in fontpackages to be safe perhaps. Not a good idea, $XDG* is not fonts-specific. If something in our build environment makes $XDG* unsafe to use, it should be fixed at the build env level. $XDG* use will only increase in the future in all apps
Okay, worked around with -3. the test package seems working. http://koji.fedoraproject.org/koji/taskinfo?taskID=5882429