Description of problem: I'm new to trying out the scm integration for mock but if I'm reading the code right my SSH_AUTH_SOCK env var should be passed along to the git command within mock and it should also set my HOME env var as well during the scm operations. What I see in the debug output however is that the vars are getting set to values for root causing my clones to fail. DEBUG: Executing command: ['git', 'clone', 'git', '----'] with env {'LANG': 'en_US.UTF-8', 'USERHELPER_UID': '1000', 'TERM': 'xterm-256color', 'SHELL': '/bin/bash', 'SSH_AUTH_SOCK': '/root/.ssh/auth_sock', 'CVS_RSH': 'ssh', 'LOGNAME': 'root', 'USER': 'root', 'PATH': '/usr/sbin:/usr/bin:/sbin:/bin:/root/bin', 'HOME': '/root', 'DISPLAY': ':0'} and shell False My var is set: $ echo $SSH_AUTH_SOCK /run/user/1000/keyring/ssh Version-Release number of selected component (if applicable): I have tried this on f21 and epel7 mock-1.2.7-1.el7.noarch mock-scm-1.2.7-1.el7.noarch mock-1.2.7-1.fc21.noarch mock-scm-1.2.7-1.fc21.noarch How reproducible: always Steps to Reproduce: 1. configure mock to clone a git repo 2. run a mock build 3. Actual results: The env vars are set for root Expected results: The env vars should be passed in from my environment Additional info:
A bit of background for developers. In the 1.1.41 sources, where this worked, all the SCM actions were taken before SSH_AUTH_SOCK was purged from the environment. Now it is purged from the environment, and then *all* actions are handled, including SCM. The SCM code has always tried to accommodate this possibility by setting SSH_AUTH_SOCK to a default value (~/.ssh/auth_sock), but that is not the value used by most desktop environments, or even ssh-agent.
A proposed solution for problem is the attached patch. It moves the purging of SSH_AUTH_SOCK into run_commands, following the scm processing. This mimics the flow that was used in 1.1.41 and earlier. In following the code paths between where SSH_AUTH_SOCK was previously purged and where it is now purged, I saw no indications that the environment variable being available would cause problems.
Created attachment 1006981 [details] Patch to allow SSH_AUTH_SOCK to be propagated to the SCM processing
Patch looks good. Thanks for the initial work. However it is just another hack. I recently stumbled upon another issue with environment. So I enhanced uidManager and it now (re)store environment when dropping and restoring Privs. So it preserve all variables, not just SSH_AUTH_SOCK. This way you have untouched enviroment in get_sources(), because of: buildroot.uid_manager.dropPrivsTemp() scmWorker.get_sources() buildroot.uid_manager.restorePrivs() Commited as: * 5bfbd5d save/restore os.environ when dropping/restoring Privs [RHBZ#1204395]
mock-1.2.8-1.fc22 has been submitted as an update for Fedora 22. https://admin.fedoraproject.org/updates/mock-1.2.8-1.fc22
mock-1.2.8-1.fc21 has been submitted as an update for Fedora 21. https://admin.fedoraproject.org/updates/mock-1.2.8-1.fc21
mock-1.2.8-1.fc20 has been submitted as an update for Fedora 20. https://admin.fedoraproject.org/updates/mock-1.2.8-1.fc20
mock-1.2.8-1.el7 has been submitted as an update for Fedora EPEL 7. https://admin.fedoraproject.org/updates/mock-1.2.8-1.el7
mock-1.2.8-1.el6 has been submitted as an update for Fedora EPEL 6. https://admin.fedoraproject.org/updates/mock-1.2.8-1.el6
Package mock-1.2.8-1.el7: * should fix your issue, * was pushed to the Fedora EPEL 7 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=epel-testing mock-1.2.8-1.el7' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-6057/mock-1.2.8-1.el7 then log in and leave karma (feedback).
I just installed mock-1.2.8 from testing and this issue is not resolved. It looks like it is now pulling in the environment of the mockuser from within the chroot as the SSH_AUTH_SOCK var is missing and the HOME is set to /builddir: DEBUG: Executing command: ['git', 'clone', 'git', '----'] with env {'LANG': 'en_US.utf8', 'USERHELPER_UID': '1000', 'TERM': 'xterm-256color', 'SHELL': '/bin/bash', 'LOGNAME': 'root', 'USER': 'root', 'PATH': '/usr/sbin:/usr/bin:/sbin:/bin:/root/bin', 'HOME': '/builddir', 'DISPLAY': ':0'} and shell False The git clone failed to find the ssh key and mock errored out. I tried this on rhel7. --Roy
It actually looks like the environment is getting set in scmWorker before the droppriv happens. As a test I grabbed the environment again inside scmWorker.get_sources() and that has what it needs. --Roy
mock-1.2.8-1.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.
This bug just closed when it moved out of testing but the issue still exists as noted in comment 12. --Roy
mock-1.2.8-1.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.
Should be fixed by commit: * f0fa116 scm: do not keep copy of environ, this is now handled by uidmanager [RHBZ#1204395]
mock-1.2.8-1.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
mock-1.2.9-1.fc21 has been submitted as an update for Fedora 21. https://admin.fedoraproject.org/updates/mock-1.2.9-1.fc21
mock-1.2.9-1.fc20 has been submitted as an update for Fedora 20. https://admin.fedoraproject.org/updates/mock-1.2.9-1.fc20
mock-1.2.9-1.fc22 has been submitted as an update for Fedora 22. https://admin.fedoraproject.org/updates/mock-1.2.9-1.fc22
mock-1.2.9-1.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
mock-1.2.9-1.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.
mock-1.2.10-1.el7 has been submitted as an update for Fedora EPEL 7. https://admin.fedoraproject.org/updates/mock-1.2.10-1.el7
mock-1.2.10-1.el6 has been submitted as an update for Fedora EPEL 6. https://admin.fedoraproject.org/updates/mock-1.2.10-1.el6
mock-1.2.9-1.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.
mock-1.2.10-1.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.
mock-1.2.10-1.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.