Bug 1270053 - brp-java-repack-jars doesn't preserve UID / GID on jar files
Summary: brp-java-repack-jars doesn't preserve UID / GID on jar files
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: redhat-rpm-config
Version: 7.1
Hardware: All
OS: Linux
medium
medium
Target Milestone: rc
: ---
Assignee: Florian Festi
QA Contact: Karel Srot
URL:
Whiteboard:
Depends On: 1270052
Blocks: 1203710 1289025
TreeView+ depends on / blocked
 
Reported: 2015-10-08 22:26 UTC by Ryan Sawhill
Modified: 2016-11-04 04:46 UTC (History)
4 users (show)

Fixed In Version: redhat-rpm-config-9.1.0-69.el7
Doc Type: Bug Fix
Doc Text:
Clone Of: 1270052
Environment:
Last Closed: 2016-11-04 04:46:33 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2016:2372 0 normal SHIPPED_LIVE redhat-rpm-config bug fix and enhancement update 2016-11-03 13:51:20 UTC

Description Ryan Sawhill 2015-10-08 22:26:26 UTC
+++ This bug was initially created as a clone of Bug #1270052 +++

Description of problem:

  The UID and GID of any jar files gets reset by brp-java-repack-jars.

  I think few people notice this because it's extremely common to manually set those attributes in the %files section.

  If however you configure the ownership & perms in the %install section (e.g., with chown, chgrp, chmod) and use "%defattr(-,-,-,-)"  in the %files section ... well, then this hurts bad.


Version-Release number of selected component (if applicable):

  All. Tried the version of redhat-rpm-config shipped in every RHEL 6 and RHEL 7 release DVD. I didn't try RHEL 5 but I suspect it would be the same.


How reproducible:

  100%


Steps to Reproduce:

~~~~~~~~
yum -y install zip rpm-build rpmdevtools
user=mockbuild      # or whatever
group=OTHERGRP      # or whatever

cat >/tmp/jartest.spec <<EOF
%define __jar_repack %{nil}
Name:           jartest
Version:        1.0
Release:        1
Summary:        Demonstrate how brp-java-repack-jars messes w/GID
License:        GPLv3
Source0:        %{name}-%{version}.tar
%description
%{summary}
%prep
%setup -q
%install
rm -vrf %{buildroot}
mkdir -vp %{buildroot}
chgrp -v ${group} number1.jar
mv -v * %{buildroot}
%files
%defattr(-,-,-,-)
/*
EOF

groupadd ${group}
useradd -G ${group} ${user}
su - ${user}
rpmdev-setuptree
cd rpmbuild
mkdir SOURCES/jartest-1.0
zip SOURCES/jartest-1.0/number1.jar /etc/issue
zip SOURCES/jartest-1.0/number2.jar /etc/yum.conf
tar -C SOURCES -cf SOURCES/jartest-1.0.tar jartest-1.0
cp /tmp/jartest.spec SPECS/

rpmbuild -bb SPECS/jartest.spec
rpm -qplv RPMS/x86_64/jartest-1.0-1.x86_64.rpm

   # The two jar files are owned by different groups
   # Now remove the line disabling java_repack and try again

sed -i.bak 1d SPECS/jartest.spec
rpmbuild -bb SPECS/jartest.spec
rpm -qplv RPMS/x86_64/jartest-1.0-1.x86_64.rpm

   # Notice that the jar files are both owned by user's primary group
~~~~~~~~


Additional info:

  The latest version of rpm-build added redhat-rpm-config as a dependency which means that some folks are only now running into this.

Comment 5 errata-xmlrpc 2016-11-04 04:46:33 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-2372.html


Note You need to log in before you can comment on or make changes to this bug.