Cannot build SPEC file as non-root user

Bug #857700 reported by Andrew Bovill
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
mach (Ubuntu)
New
Undecided
Unassigned

Bug Description

After setting up my user in the mach group
uid=1001(abovill) gid=130(mach) groups=20(dialout),40(src),46(plugdev),130(mach),1001(abovill)
I tried to build a package from a spec file.

mach build pkg/myprog.spec
...
DEBUG: locking root
DEBUG: Build options to rpmbuild: []
Building .src.rpm from myprog.spec
DEBUG: build: quoted options_string:
DEBUG: Spec.__init__: opening spec pkg/myprog.spec
DEBUG: Executing /usr/lib/mach/sbin/mach-helper chroot /var/lib/mach/roots/centos-5-i386-updates /sbin/runuser - root -c "rm -f /tmp/myprog.spec"
DEBUG: copying 'pkg/myprog.spec' to '/var/lib/mach/roots/centos-5-i386-updates/tmp'
DEBUG: Spec:__init__: command: rpmbuild -bp --nodeps --force --define '__spec_prep_pre exit 0' --define 'setup :' /tmp/myprog.spec
DEBUG: Executing /usr/lib/mach/sbin/mach-helper chroot /var/lib/mach/roots/centos-5-i386-updates /sbin/runuser - root -c "rpmbuild -bp --nodeps --force --define '__spec_prep_pre exit 0' --define 'setup :' /tmp/myprog.spec"
DEBUG: Spec:__init__: command: rpmbuild -bp --nodeps --force --define '__spec_prep_pre echo %name; exit 0' --define 'setup :' /tmp/myprog.spec
DEBUG: Executing /usr/lib/mach/sbin/mach-helper chroot /var/lib/mach/roots/centos-5-i386-updates /sbin/runuser - root -c "rpmbuild -bp --nodeps --force --define '__spec_prep_pre echo %name; exit 0' --define 'setup :' /tmp/myprog.spec"
DEBUG: result for name: myprog
DEBUG: Spec:__init__: command: rpmbuild -bp --nodeps --force --define '__spec_prep_pre echo %version; exit 0' --define 'setup :' /tmp/myprog.spec
DEBUG: Executing /usr/lib/mach/sbin/mach-helper chroot /var/lib/mach/roots/centos-5-i386-updates /sbin/runuser - root -c "rpmbuild -bp --nodeps --force --define '__spec_prep_pre echo %version; exit 0' --define 'setup :' /tmp/myprog.spec"
DEBUG: result for version: 0.0.1
DEBUG: Spec:__init__: command: rpmbuild -bp --nodeps --force --define '__spec_prep_pre echo %release; exit 0' --define 'setup :' /tmp/myprog.spec
DEBUG: Executing /usr/lib/mach/sbin/mach-helper chroot /var/lib/mach/roots/centos-5-i386-updates /sbin/runuser - root -c "rpmbuild -bp --nodeps --force --define '__spec_prep_pre echo %release; exit 0' --define 'setup :' /tmp/myprog.spec"
DEBUG: result for release: 1
DEBUG: scanning spec file for %define's
DEBUG: Spec:__init__: command: rpmbuild -bp --nodeps --force --define '__spec_prep_pre echo %SOURCEURL0; exit 0' --define 'setup :' /tmp/myprog.spec
DEBUG: Executing /usr/lib/mach/sbin/mach-helper chroot /var/lib/mach/roots/centos-5-i386-updates /sbin/runuser - root -c "rpmbuild -bp --nodeps --force --define '__spec_prep_pre echo %SOURCEURL0; exit 0' --define 'setup :' /tmp/myprog.spec"
DEBUG: result for Source: myprog-0.0.1.tar.gz
DEBUG: ensuring dir /var/tmp/mach/tmp/centos-5-i386-updates/myprog-0.0.1-1
DEBUG: build: files to download: ['myprog-0.0.1.tar.gz']
DEBUG: build: paths to check: ['/var/tmp/mach/tmp/centos-5-i386-updates/myprog-0.0.1-1', '.', 'pkg']
Using ./myprog-0.0.1.tar.gz
DEBUG: Getting file ./myprog-0.0.1.tar.gz into SOURCES
DEBUG: copying './myprog-0.0.1.tar.gz' to '/var/lib/mach/roots/centos-5-i386-updates/tmp'
DEBUG: Executing /usr/lib/mach/sbin/mach-helper chroot /var/lib/mach/roots/centos-5-i386-updates /sbin/runuser - root -c "cd / && mv tmp/myprog-0.0.1.tar.gz usr/src/rpm/SOURCES"
DEBUG: Executing /usr/lib/mach/sbin/mach-helper chroot /var/lib/mach/roots/centos-5-i386-updates /sbin/runuser - root -c "cd / && rm -f tmp/myprog.spec"
DEBUG: copying 'pkg/myprog.spec' to '/var/lib/mach/roots/centos-5-i386-updates/tmp'
DEBUG: Executing /usr/lib/mach/sbin/mach-helper chroot /var/lib/mach/roots/centos-5-i386-updates /sbin/runuser - root -c "cd / && mv tmp/myprog.spec usr/src/rpm/SPECS"
DEBUG: Executing /usr/lib/mach/sbin/mach-helper chroot /var/lib/mach/roots/centos-5-i386-updates /sbin/runuser - root -c "cd /usr/src/rpm && chown -R machbuild:machbuild *"
Creating .src.rpm ...DEBUG: Executing /usr/lib/mach/sbin/mach-helper chroot /var/lib/mach/roots/centos-5-i386-updates /sbin/runuser - root -c "cd / && rpmbuild -bs --nodeps usr/src/rpm/SPECS/myprog.spec"
.
DEBUG: resulting srpm: myprog-0.0.1-1.src.rpm
DEBUG: copying '/var/lib/mach/roots/centos-5-i386-updates/usr/src/rpm/SRPMS/myprog-0.0.1-1.src.rpm' to '/var/tmp/mach/tmp/centos-5-i386-updates/myprog-0.0.1-1/myprog-0.0.1-1.src.rpm'
Traceback (most recent call last):
  File "/usr/bin/mach", line 2444, in <module>
    main (config, sys.argv[1:])
  File "/usr/bin/mach", line 2413, in main
    output = Root.__dict__[command] (root, args[1:])
  File "/usr/bin/mach", line 951, in build
    os.unlink (srpmfile)
OSError: [Errno 13] Permission denied: '/var/lib/mach/roots/centos-5-i386-updates/usr/src/rpm/SRPMS/myprog-0.0.1-1.src.rpm'

I think the error is that line 951 is simply os.unlink(srpmfile) and is not wrapped by anything.
The file in question is owned by root:root, so my normal user cannot unlink it.

I think a solution would be to either handle the unlink command inside the chroot environment, or to make sure the generated srpm is at least group owned by mach.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.