Bug 1298751 - Permission issues when building from an external source directory [NEEDINFO]
Permission issues when building from an external source directory
Status: NEW
Product: Fedora EPEL
Classification: Fedora
Component: mock (Show other bugs)
el6
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Miroslav Suchý
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2016-01-14 17:29 EST by Jon McKenzie
Modified: 2016-08-08 18:45 EDT (History)
7 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
msuchy: needinfo? (jcmcken)


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Bugzilla 1178576 None None None 2016-01-14 17:29 EST

  None (edit)
Description Jon McKenzie 2016-01-14 17:29:55 EST
Description of problem:

There still seems to be permissions issues with the SRPM build process (similar to RHBZ#1178576). If you prebuild a source tarball, owned 0600 as yourself, and try to run a build using an external source dir, the source tarball is copied into /tmp using 0600 perms except owned root:root. Later on, mock attempts to copy the /tmp src tarball (now owned by root) into your chroot, except this is run as yourself, resulting in an EACCES. If you then chmod the original src tarball as 0644 (rather than 0600), the tarball copied into /tmp then has 0644 root:root permissions, allowing you to read it, and the build succeeds.

Explicitly:

Say you have a src tarball /path/to/your/SOURCES/somepkg-1.0.0.tar.gz owned by your mock build user (say, johndoe:johndoe) with 0600 permissions.

Now run mock using that ext_src_dir:

mock --scm-enable --scm-option method=git --scm-option git_get="git clone git@gitserver:somepkg.git" --scm-option branch=master --scm-option spec=somepkg.spec --scm-option package=somepkg --scm-option ext_src_dir=/path/to/your/SOURCES -v

The build will fail with an EACCES on a shutil.copytree copying the tarball from /tmp into your chroot /builddir/build/SOURCES

(I'm building on a disconnected network, so sorry I don't have a full traceback, but here's a truncated version:

...snip...
/usr/sbin/mock, line 511, in do_buildsrpm
/usr/lib/python2.6/site-packages/mockbuild/trace_decorator.py, line 84, in trace
/usr/sbin/mock, line 440, in rebuild_generic
/usr/sbin/mock, line 509, in cmd
/usr/lib/python2.6/site-packages/mockbuild/trace_decorator.py, line 84, in trace
/usr/lib/python2.6/site-packages/mockbuild/backend.py, line 325, in buildsrpm
/usr/lib64/python2.6/shutil.py, line 173, in copytree
)


Version-Release number of selected component (if applicable):

mock-1.2.13
Comment 2 Tomas Smetana 2016-04-11 09:56:14 EDT
Hi,
  mock is not supported on RHEL, this bug should have been filed for EPEL.
Comment 3 Miroslav Suchý 2016-08-08 18:45:33 EDT
I believe this is duplicate of bug 1301985. Which has been resolved in mock-1.2.18.

I cannot reproduce it anymore.

Can you please try it with recent mock and confirm that it is resolved now?

Note You need to log in before you can comment on or make changes to this bug.