"type: os" should prevent stage and prime stages from mangling content

Bug #1605903 reported by Oliver Grawert on 2016-07-23
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Snapcraft
Critical
Joe Talbott
snapcraft (Ubuntu)
Critical
Joe Talbott

Bug Description

creating an os snap via launchpad makes me end up with a squashfs where all directories are owned by root. snaps (and build logs) can be found at https://code.launchpad.net/~ogra/+snap/os-snap-test

as you can see in the build log there is a "chown -R 1000:1000 /home/ubuntu" in the build process, yet the resulting snap has:

ubuntu@localhost:~$ ls -nl /snap/ubuntu-core/current/home/
total 0
drwxr-xr-x 2 0 0 66 Jul 22 13:31 ubuntu

this also breaks various daemons that use system users

summary: - type: os does not unset --all-root option for mksquashfs when coming fro
- snapcraft.yaml
+ type: os does not unset --all-root option for mksquashfs when coming
+ from snapcraft.yaml
Oliver Grawert (ogra) wrote :

this seems to not be related to -all-root but actually something in the prime step seems to mangle the permissions.
i have checked with a snapcraft where i hardcoded -all-root and also added debug output that checks the permissions before the stage and prime steps run.

the permissions in $(DESTDIR) are still correct before stage and prime run. seems we need some more recognition of "type: os" in these steps so it doesnt modify the rootfs.

Oliver Grawert (ogra) wrote :

https://launchpadlibrarian.net/274818642/buildlog_snap_ubuntu_xenial_amd64_os-snap-test_BUILDING.txt.gz has calls to

find binary/boot/filesystem.dir/ \! -user root -print

and

find binary/boot/filesystem.dir/ \! -group root -print

output at the end of the log ... most of these file ownerships do not exist any more in the resulting snap of https://code.launchpad.net/~ogra/+snap/os-snap-test/+build/1864

the log also show some library dependency errors at the very end that seem to be related to teh prime step.

summary: - type: os does not unset --all-root option for mksquashfs when coming
- from snapcraft.yaml
+ "type: os" should prevent stage and prime stages from mangling content
Oliver Grawert (ogra) wrote :

(setting to critical since this actually blocks ubuntu-core snap builds now)

Changed in snapcraft (Ubuntu):
importance: Undecided → Critical
Oliver Grawert (ogra) wrote :

a test build with https://github.com/snapcore/snapcraft/pull/690 applied confirms that this PR fixes the bugs properly.

Kyle Fazzari (kyrofa) on 2016-07-28
Changed in snapcraft (Ubuntu):
status: New → In Progress
assignee: nobody → Joe Talbott (joetalbott)
Oliver Grawert (ogra) wrote :

to reproduce:

create a blank PPA and copy the livecd-rootfs package from https://launchpad.net/~snappy-dev/+archive/ubuntu/image to it ...

branch lp:ubuntu-core-snap, edit the ENV variable in the Makefile and replace snappy-dev/ubuntu/image in the EXTRA_PPAS variable with your own PPA, then just run "sudo snapcraft" and compare the file ownerships to the actual ownerships in parts/livebuild/build/binary/boot/filesystem.dir/

Oliver Grawert (ogra) wrote :

Note that the above PPA fiddling is necessary because the patch is already backported to a snapcraft package in the ~snappy-dev/ubuntu/image PPA (to unblock builds)

resulting builds can be found at https://code.launchpad.net/~snappy-dev/+snap/ubuntu-core

Changed in snapcraft (Ubuntu):
status: In Progress → Fix Committed
Changed in snapcraft:
importance: Undecided → Critical
status: New → Fix Committed
assignee: nobody → Joe Talbott (joetalbott)
milestone: none → 2.14
Changed in snapcraft:
status: Fix Committed → Fix Released
Oliver Grawert (ogra) wrote :

i sadly have to re-open this one, whatever changed since the first commit of the patch (which i used in the PPA) broke it again ... broke it again ...

https://code.launchpad.net/~snappy-dev/+snap/ubuntu-core/+build/2660 is todays build (after the new snapcraft (2.14) landed in xenial-updates) and has:

ubuntu@localhost:~$ ls -lh /home/
total 4.0K
drwxr-xr-x 3 root root 4.0K Aug 11 08:17 ubuntu
ubuntu@localhost:~$

so $HOME is root owned again ...
the first commit of https://github.com/snapcore/snapcraft/pull/690 worked fine ...

Changed in snapcraft:
status: Fix Released → Confirmed
Joe Talbott (joetalbott) wrote :

I've filed a PR to resolve this.

https://github.com/snapcore/snapcraft/pull/721

Changed in snapcraft:
status: Confirmed → In Progress
Joe Talbott (joetalbott) wrote :

https://github.com/snapcore/snapcraft/pull/723 is the latest PR for this bug.

Kyle Fazzari (kyrofa) wrote :

Now stay closed!

Changed in snapcraft:
status: In Progress → Fix Committed
milestone: 2.14 → 2.15
Changed in snapcraft:
status: Fix Committed → Fix Released
Changed in snapcraft (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers