| Message ID | 20250625193748.2681-6-cedric.hombourger@siemens.com |
|---|---|
| State | New |
| Headers | show
Return-Path: <isar-users+bncBDB6LLF7YUBRBYNA6HBAMGQETFS7FPI@googlegroups.com>
Received: from shymkent.ilbers.de ([unix socket])
by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA;
Wed, 25 Jun 2025 21:40:03 +0200
X-Sieve: CMU Sieve 2.4
Received: from mail-pj1-f64.google.com (mail-pj1-f64.google.com
[209.85.216.64])
by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id
55PJdKkD007353
(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT)
for <iupwgm@isar-build.org>; Wed, 25 Jun 2025 21:39:21 +0200
Received: by mail-pj1-f64.google.com with SMTP id
98e67ed59e1d1-3138e64b3f1sf217321a91.3
for <iupwgm@isar-build.org>; Wed, 25 Jun 2025 12:39:21 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1750880354; cv=pass;
d=google.com; s=arc-20240605;
b=C9L19+VZYfHIGyJccaL6EP4Gm6ZP0OYr3C1yGMgsVMBfcbFYX1NbbQA4WBvwJlt+y6
9UALTGgMs+tmAiXZySWHHFykaJTLHkMY2Z1eGUIucBBj0KfocS7YBcI02lo8Kj0svape
yRzyrzlW+BfjMz+bm/Msi8xAAHLg1ND9MV4htTYODMxK9zEkex3nzhZpFaR9GIYFo9ff
0+Ifiyw14ZHl859nASi2DqEl4pmlRtcdgNpBew7ZDlA7oBFUFQBImXFYtgVtm0Q9fQPi
M+O4y6Gp2b1mJOGdgsMASqDb8gfB1vZftbkZfr+nBocsNlElM/8tOCZr5wTJi+gWWGI/
9M3g==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20240605;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:reply-to:feedback-id:mime-version
:references:in-reply-to:message-id:date:subject:cc:to:from
:dkim-signature;
bh=mtPm83gL+IkYDcqIvwvKg6ktO93v07q4/vgJazVa8Vw=;
fh=eXNSaMJ8it/swvSPXW1K1LC2lNXE4bYrML9AMyg6i1E=;
b=J7bZTGp/dNhBzxFKFPEHoC/Uhq+TuuBKCe4kYTk0pTj+WvY7qEr2ZauN0Z8a2U0d8d
NOw2+MjRR9iAZYCLA/UaHRAYji0xPitmb8BvJt+BYUgBScUjrxqGRWOWWosGOJ4goE/b
1GqOXG/b8CiNixCV2ltt9hhmz7px1Eo2BqCkQy2KO67KDiI/hvompfE9pQNSFffELMGu
VtntRW6pl4AM0/BOC5/eiERt+lc11/1UYtXjXb/gibjelwhYlSnZpjoAv8tQBkqQT90U
DJEjlYOIyB4i8+bEtpEOo78fR7MABTaSijZRHNz8430yWI17q6ufO2Y8kIZu93oksWN9
R73A==;
darn=isar-build.org
ARC-Authentication-Results: i=2; gmr-mx.google.com;
dkim=pass header.i=@siemens.com header.s=fm2 header.b=RcvLLmR+;
spf=pass (google.com: domain of
fm-1212295-2025062519391045f2ec8a40f31b06b8-1_hkut@rts-flowmailer.siemens.com
designates 185.136.64.226 as permitted sender)
smtp.mailfrom=fm-1212295-2025062519391045f2ec8a40f31b06b8-1_HkUt@rts-flowmailer.siemens.com;
dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=googlegroups.com; s=20230601; t=1750880354; x=1751485154;
darn=isar-build.org;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:reply-to
:x-original-authentication-results:x-original-sender:feedback-id
:mime-version:references:in-reply-to:message-id:date:subject:cc:to
:from:from:to:cc:subject:date:message-id:reply-to;
bh=mtPm83gL+IkYDcqIvwvKg6ktO93v07q4/vgJazVa8Vw=;
b=grzPSovx490AETs9UMrvi4LecnbcOKvWcbQ9y21kNJhNM0U/czKfcevT0dIZ0u5kPH
ForctgwxZFTN1cWtGhQb4AgGECaOtZPyeELo2DeuC7fwuQo6tXf6ZHGlZsxAWv9dQHOq
xA5ZzFVit2OtjVuq1T8eT44PA/OPgGjNg7JWBeO0aPuIZrtFAoCUo7pK99812UsrVFe9
6s/xBoznoMT5PTnnyVmTFg2tIIM79y4YYMfjgVat9uDBRnscKpx4XToZjF7IVX9JL8o+
UZ8lHa6YTsMErWe+G6C4nWDv0hLZ5Hc/+j1PKoNe8iKkIaA8S2KvqLbDRKkGwxW+sIY8
4ofA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1750880354; x=1751485154;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to
:x-original-authentication-results:x-original-sender:feedback-id
:mime-version:references:in-reply-to:message-id:date:subject:cc:to
:from:x-beenthere:x-gm-message-state:from:to:cc:subject:date
:message-id:reply-to;
bh=mtPm83gL+IkYDcqIvwvKg6ktO93v07q4/vgJazVa8Vw=;
b=cMQtlVL561yhR/dzQHJHtyAvgZua8Db64XLDCf1NrqEZiAvCy9dbZw18e8gI2k4iRS
Ng0GUxeKpGckLWPSq25krcodTYSTdWNzxeicTGg1C2Cuw55pMQo27KpBP9PZH+LPfdAV
57E8pi/OLixyZnYmdl7Dima01w3KHg4K6gY5+6oS2+oqv9xet/WbsIlb9lzUxeY/6by5
pER8x7uqsVTdfHTv3g2XBIDl/YS6PAOvzHL0u7r66pcDvkX3USeNElMoY5c6BUd/R9nP
cbLxWiYarXkpiJFtkKijlBjQMlTV3xHe/k9+Voq0BH/d9OoVTBQhSj0XdFwCD84VXzso
xRsQ==
X-Forwarded-Encrypted: i=2;
AJvYcCUM2KD+gn/apf8nSg7HGM9mciUHt2/5wnuKhtAJ7L8WhQd70z+4BOxp3aXnrAixZYHxcT5vReU=@isar-build.org
X-Gm-Message-State: AOJu0Yz/HxvgaEmiWdsqcxinZ/gBQMjZDzdOtzCkTCRVYIChjE9zEwI4
tSnRAcYSJv6vBChP3P0MGtPxR1+WGJKrR7a2vg2sgYsjK6axvbslVf2H
X-Google-Smtp-Source:
AGHT+IFRDoknkZ75Vldt5Lj8MwLjI5Gva6v6XaoO79HE6iR/qKqGwbzy+0L9p1YmrYs6QUJ8Z+hsqw==
X-Received: by 2002:a17:90a:d888:b0:311:f2f6:44ff with SMTP id
98e67ed59e1d1-315f26965b3mr6890968a91.17.1750880353776;
Wed, 25 Jun 2025 12:39:13 -0700 (PDT)
X-BeenThere: isar-users@googlegroups.com;
h=AZMbMZdsLVuufPVNiTJv+6T3v2CrAtL3rQdSmDlPB6hceQrulA==
Received: by 2002:a17:90b:164e:b0:315:d222:ae43 with SMTP id
98e67ed59e1d1-3166c04c6a7ls325265a91.0.-pod-prod-08-us; Wed, 25 Jun 2025
12:39:12 -0700 (PDT)
X-Received: by 2002:a17:90b:38d0:b0:314:2840:8b21 with SMTP id
98e67ed59e1d1-315f26c1e43mr5932618a91.32.1750880352357;
Wed, 25 Jun 2025 12:39:12 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1750880352; cv=none;
d=google.com; s=arc-20240605;
b=Ggws9qqNRAG5IHg217J7SkQAryl1S/Pjy9UdcbJfuLLhIHi/rF0YhQhMwM/2Pm/8QU
WoKzhyOYaLt3JOE7s1zCxUPnSF5W2YpLbn7wZwNRPU6vTGlOWhGGPBwmLSIaFM2q11Tf
jFusCb56SKCHWYqiZJ7p0cK26f9H2wNvfPllKULs/Dyk/jSeN5Tywlk3g50iAmxgzJsy
EejiwfRxFBuVDvddXw8XOWNWeUau/3LMJgxJ14mMFtcPGcAqWdrTqL8FUvPLs/MdNZFx
xdqnaHW8cq3nKJERsvY8S1Vv3ZCyxYrJUuFkWIQkGql7msiNKTTpoP40BAletVqCH1/4
2yaQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20240605;
h=feedback-id:content-transfer-encoding:mime-version:references
:in-reply-to:message-id:date:subject:cc:to:from:dkim-signature;
bh=+iBcG6XtaZZoAmge/blCrj6Y3E/aSMtJO0qFccA6EUM=;
fh=D/q4xMKxZDyLo2GtmwQ/2prSr9aCFD3HVqTCj43epLY=;
b=jlvAAMRwhINIWp9YCu/eaPGudCMYaJUObDmbIUEs3lP4tev2k8WHiELJKGCGfvbiAN
O/WbDAQJSsKv/ghcaIZeTMHq+NTXcf8kXVjKE2tYiFosBSd9Oj9ClIrdOGz+0rKuhOdn
8BN8PMHQLKpkpVWt2xj5Y4an9++Q1UBBipMPfojRnBbXpx/Q7ejoH0ef2w9WECYqwaA6
1hpCAkFf3PFzbIMe+vEeQOVArEdLeEfpKMA3Js1RthNEajH80vpyumMY5CyN6aAeadc9
nZVz9+5Szzs+THXxr6RRD6sW/ePUxEb/yPt6dKi6XgZeFRLYhLmVC6Fvu7ga1fTInQn8
VW8w==;
dara=google.com
ARC-Authentication-Results: i=1; gmr-mx.google.com;
dkim=pass header.i=@siemens.com header.s=fm2 header.b=RcvLLmR+;
spf=pass (google.com: domain of
fm-1212295-2025062519391045f2ec8a40f31b06b8-1_hkut@rts-flowmailer.siemens.com
designates 185.136.64.226 as permitted sender)
smtp.mailfrom=fm-1212295-2025062519391045f2ec8a40f31b06b8-1_HkUt@rts-flowmailer.siemens.com;
dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com
Received: from mta-64-226.siemens.flowmailer.net
(mta-64-226.siemens.flowmailer.net. [185.136.64.226])
by gmr-mx.google.com with ESMTPS id
98e67ed59e1d1-315e9e5acfdsi168208a91.0.2025.06.25.12.39.12
for <isar-users@googlegroups.com>
(version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
Wed, 25 Jun 2025 12:39:12 -0700 (PDT)
Received-SPF: pass (google.com: domain of
fm-1212295-2025062519391045f2ec8a40f31b06b8-1_hkut@rts-flowmailer.siemens.com
designates 185.136.64.226 as permitted sender) client-ip=185.136.64.226;
Received: by mta-64-226.siemens.flowmailer.net with ESMTPSA id
2025062519391045f2ec8a40f31b06b8
for <isar-users@googlegroups.com>;
Wed, 25 Jun 2025 21:39:10 +0200
From: "'Cedric Hombourger' via isar-users" <isar-users@googlegroups.com>
To: isar-users@googlegroups.com
Cc: felix.moessbauer@siemens.com,
Cedric Hombourger <cedric.hombourger@siemens.com>
Subject: [PATCH v3 5/6] bootstrap: create lock for downloads/deb without sudo
Date: Thu, 26 Jun 2025 03:37:47 +0800
Message-Id: <20250625193748.2681-6-cedric.hombourger@siemens.com>
In-Reply-To: <20250625193748.2681-1-cedric.hombourger@siemens.com>
References: <20250625193748.2681-1-cedric.hombourger@siemens.com>
MIME-Version: 1.0
X-Flowmailer-Platform: Siemens
Feedback-ID: 519:519-1212295:519-21489:flowmailer
X-Original-Sender: cedric.hombourger@siemens.com
X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass
header.i=@siemens.com header.s=fm2 header.b=RcvLLmR+; spf=pass
(google.com: domain of
fm-1212295-2025062519391045f2ec8a40f31b06b8-1_hkut@rts-flowmailer.siemens.com
designates 185.136.64.226 as permitted sender)
smtp.mailfrom=fm-1212295-2025062519391045f2ec8a40f31b06b8-1_HkUt@rts-flowmailer.siemens.com;
dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com
X-Original-From: Cedric Hombourger <cedric.hombourger@siemens.com>
Reply-To: Cedric Hombourger <cedric.hombourger@siemens.com>
Content-Type: text/plain; charset="UTF-8"
Precedence: list
Mailing-list: list isar-users@googlegroups.com;
contact isar-users+owners@googlegroups.com
List-ID: <isar-users.googlegroups.com>
X-Spam-Checked-In-Group: isar-users@googlegroups.com
X-Google-Group-Id: 914930254986
List-Post: <https://groups.google.com/group/isar-users/post>,
<mailto:isar-users@googlegroups.com>
List-Help: <https://groups.google.com/support/>,
<mailto:isar-users+help@googlegroups.com>
List-Archive: <https://groups.google.com/group/isar-users
List-Subscribe: <https://groups.google.com/group/isar-users/subscribe>,
<mailto:isar-users+subscribe@googlegroups.com>
List-Unsubscribe:
<mailto:googlegroups-manage+914930254986+unsubscribe@googlegroups.com>,
<https://groups.google.com/group/isar-users/subscribe>
X-Spam-Status: No, score=-2.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED,
DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI,
RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,RCVD_IN_RP_CERTIFIED,
RCVD_IN_RP_RNBL,SPF_PASS autolearn=unavailable autolearn_force=no
version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
|
| Series |
non-privileged commands in chroot
|
expand
|
diff --git a/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc b/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc index 931f6f13..b2de61ad 100644 --- a/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc +++ b/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc @@ -181,6 +181,10 @@ do_bootstrap() { && sudo umount $base_apt_tmp \ && rm -rf --one-file-system $base_apt_tmp' EXIT + # Create lock file so that it is owned by the user running the build (not root) + mkdir -p ${DEBDIR} + touch ${DEB_DL_LOCK} + sudo TMPDIR="${BOOTSTRAP_TMPDIR}" mmdebstrap $bootstrap_args \ $arch_param \ --mode=unshare \
The syncin/syncout commands passed to mmdebstrap will create a lock file in downloads/deb if it does not exist. As mmdebstrap is being executed as root, the lock would also be owned by root and this will cause problems for rootless commands that may be executed later (such as downloading of Debian packages). Create the lock file without sudo prior to running mmdebstrap for it to be owned by the build user rather than root. Signed-off-by: Cedric Hombourger <cedric.hombourger@siemens.com> --- meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc | 4 ++++ 1 file changed, 4 insertions(+)