git ubuntu build fails when user's uid doesn't match ubuntu user in container

Bug #1749609 reported by Ryan Harper on 2018-02-14
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
usd-importer
Medium
Unassigned

Bug Description

1. lsb_release: Xenial
2. % snap info git-ubuntu
name: git-ubuntu
summary: Ubuntu development git tooling
publisher: nacc
description: |
  Imports, clones, etc. a source package in a git tree
snap-id: VAGSRAriUyDDlqsLunShJTe7503Uw4GF
commands:
  - git-ubuntu
  - git-ubuntu.man
  - git-ubuntu.merge-changelogs
  - git-ubuntu.reconstruct-changelog
tracking: edge
installed: 0.6.2+git81.94dbfe1 (357) 99MB classic
refreshed: 2018-02-14 05:17:41 -0600 CST
channels:
  stable: 0.2.2+git11.9fa9149 (291) 110MB classic
  candidate: 0.6.2+git49.967f050 (346) 99MB classic
  beta: ↑
  edge: 0.6.2+git81.94dbfe1 (357) 99MB classic

3. git ubuntu build should produce a deb for me

4. git ubuntu build throws errors like:

02/14/2018 16:43:47 - ERROR:Command exited 2: /usr/bin/lxc exec valid-piglet -- sudo -s -H -u ubuntu tar zxCf /tmp /tmp/tmpyltomljn.tar.gz
02/14/2018 16:43:47 - ERROR:stdout:
02/14/2018 16:43:47 - ERROR:stderr: tar (child): /tmp/tmpyltomljn.tar.gz: Cannot open: Permission denied
  tar (child): Error is not recoverable: exiting now
  tar: Child returned status 2
  tar: Error is not recoverable: exiting now

https://paste.ubuntu.com/p/q235rHvvjv/

Looking into the build environment, I can see a mismatch of uids:

(neipa) bionic % whoami
rharper
(neipa) bionic % echo $UID
1001
(neipa) bionic % lxc exec normal-urchin /bin/bash
root@normal-urchin:~# su - ubuntu
To run a command as administrator (user "root"), use "sudo <command>".
See "man sudo_root" for details.

ubuntu@normal-urchin:~$ whoami
ubuntu
ubuntu@normal-urchin:~$ echo $UID
1000
ubuntu@normal-urchin:~$ ls -al /tmp/bcache-tools_1.0.8.orig.tar.gz /tmp/tmp1k_sj6kn.tar.gz
-rw-rw-r-- 1 1001 1001 22039 Feb 14 23:16 /tmp/bcache-tools_1.0.8.orig.tar.gz
-rw------- 1 1001 1001 28516 Feb 14 23:16 /tmp/tmp1k_sj6kn.tar.gz

User with UID != <uid of the ubuntu user> will encounter an issue when running build or build-source which ends up pushing files with the UID of the host's user which aren't readable by the in-container ubuntu user.

% git ubuntu build --keep-build-env
02/14/2018 17:14:36 - INFO:Started build container normal-urchin
02/14/2018 17:14:36 - INFO:Not cleaning up build container, it will need to be manually stopped with:
 lxc stop --force normal-urchin
02/14/2018 17:14:36 - ERROR:Command exited 100: /usr/bin/lxc exec normal-urchin -- apt-get install -y devscripts equivs sudo
02/14/2018 17:14:36 - ERROR:stdout: Reading package lists...
  Building dependency tree...
  Reading state information...
  Package equivs is not available, but is referred to by another package.
  This may mean that the package is missing, has been obsoleted, or
  is only available from another source

02/14/2018 17:14:36 - ERROR:stderr: E: Package 'equivs' has no installation candidate

02/14/2018 17:14:36 - ERROR:Failed to run apt-get in ephemeral build container (attempt 1/6)
02/14/2018 17:14:37 - ERROR:Command exited 100: /usr/bin/lxc exec normal-urchin -- apt-get install -y devscripts equivs sudo
02/14/2018 17:14:37 - ERROR:stdout: Reading package lists...
  Building dependency tree...
  Reading state information...
  Package equivs is not available, but is referred to by another package.
  This may mean that the package is missing, has been obsoleted, or
  is only available from another source

02/14/2018 17:14:37 - ERROR:stderr: E: Package 'equivs' has no installation candidate

02/14/2018 17:14:37 - ERROR:Failed to run apt-get in ephemeral build container (attempt 2/6)
02/14/2018 17:14:40 - ERROR:Command exited 100: /usr/bin/lxc exec normal-urchin -- apt-get install -y devscripts equivs sudo
02/14/2018 17:14:40 - ERROR:stdout: Reading package lists...
  Building dependency tree...
  Reading state information...
  Package equivs is not available, but is referred to by another package.
  This may mean that the package is missing, has been obsoleted, or
  is only available from another source

02/14/2018 17:14:40 - ERROR:stderr: E: Package 'equivs' has no installation candidate

02/14/2018 17:14:40 - ERROR:Failed to run apt-get in ephemeral build container (attempt 3/6)

02/14/2018 17:16:18 - INFO:Copied build files to normal-urchin
02/14/2018 17:16:19 - ERROR:Command exited 2: /usr/bin/lxc exec normal-urchin -- sudo -s -H -u ubuntu tar zxCf /tmp /tmp/tmp1k_sj6kn.tar.gz
02/14/2018 17:16:19 - ERROR:stdout:
02/14/2018 17:16:19 - ERROR:stderr: tar (child): /tmp/tmp1k_sj6kn.tar.gz: Cannot open: Permission denied
  tar (child): Error is not recoverable: exiting now
  tar: Child returned status 2
  tar: Error is not recoverable: exiting now

02/14/2018 17:16:19 - ERROR:Failed to build
Traceback (most recent call last):
  File "/snap/git-ubuntu/357/lib/python3.6/site-packages/gitubuntu/build.py", line 1054, in do_build_lxd_exitstack
    user='ubuntu',
  File "/snap/git-ubuntu/357/lib/python3.6/site-packages/gitubuntu/build.py", line 939, in _run_in_lxd
    return run_lxc(_args, **kwargs)
  File "/snap/git-ubuntu/357/lib/python3.6/site-packages/gitubuntu/run.py", line 143, in run_lxc
    return run(cmd, env=env_unset_SNAP, **kwargs)
  File "/snap/git-ubuntu/357/lib/python3.6/site-packages/gitubuntu/run.py", line 88, in run
    raise e
  File "/snap/git-ubuntu/357/lib/python3.6/site-packages/gitubuntu/run.py", line 67, in run
    stdout=stdout, stderr=stderr, stdin=stdin)
  File "/snap/git-ubuntu/357/usr/lib/python3.6/subprocess.py", line 418, in run
    output=stdout, stderr=stderr)
subprocess.CalledProcessError: Command '['/usr/bin/lxc', 'exec', 'normal-urchin', '--', 'sudo', '-s', '-H', '-u', 'ubuntu', 'tar', 'zxCf', '/tmp', '/tmp/tmp1k_sj6kn.tar.gz']' returned non-zero exit status 2.

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "/snap/git-ubuntu/357/lib/python3.6/site-packages/gitubuntu/build.py", line 1221, in fetch_orig_and_build
    retry_backoffs,
  File "/snap/git-ubuntu/357/lib/python3.6/site-packages/gitubuntu/build.py", line 819, in do_build
    stack,
  File "/snap/git-ubuntu/357/lib/python3.6/site-packages/gitubuntu/build.py", line 1059, in do_build_lxd_exitstack
    ) from e
RuntimeError: Failed to untar archive tarball in container

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "/snap/git-ubuntu/357/lib/python3.6/site-packages/gitubuntu/build.py", line 493, in main
    retry_backoffs,
  File "/snap/git-ubuntu/357/lib/python3.6/site-packages/gitubuntu/build.py", line 1230, in fetch_orig_and_build
    )) from e
RuntimeError: Unable to build using fetch_orig_from_parent_dir(source=None)

Related branches

Nish Aravamudan (nacc) on 2018-02-14
Changed in usd-importer:
status: New → Confirmed
milestone: none → future
tags: added: build
Scott Moser (smoser) on 2018-09-11
Changed in usd-importer:
importance: Undecided → Medium
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers