diff mbox series

[v4,3/4] bootstrap: create lock for downloads/deb without sudo

Message ID 20250925065433.4180883-4-cedric.hombourger@siemens.com
State Under Review
Headers show
Series non-privileged commands in chroot | expand

Commit Message

cedric.hombourger@siemens.com Sept. 25, 2025, 6:54 a.m. UTC 
From: "cedric.hombourger@siemens.com" <cedric.hombourger@siemens.com>

The syncin/syncout commands passed to mmdebstrap will create a lock
file in downloads/deb if it does not exist. As mmdebstrap is being
executed as root, the lock would also be owned by root and this will
cause problems for rootless commands that may be executed later (such
as downloading of Debian packages). Create the lock file without
sudo prior to running mmdebstrap for it to be owned by the build user
rather than root.

Signed-off-by: Cedric Hombourger <cedric.hombourger@siemens.com>
---
 meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc | 4 ++++
 1 file changed, 4 insertions(+)

Comments

Andreas Naumann Oct. 1, 2025, 7:22 a.m. UTC | #1 
Am 25.09.25 um 08:54 schrieb 'Cedric Hombourger' via isar-users:
> From: "cedric.hombourger@siemens.com" <cedric.hombourger@siemens.com>
>
> The syncin/syncout commands passed to mmdebstrap will create a lock
> file in downloads/deb if it does not exist. As mmdebstrap is being
> executed as root, the lock would also be owned by root and this will
> cause problems for rootless commands that may be executed later (such
> as downloading of Debian packages). Create the lock file without
> sudo prior to running mmdebstrap for it to be owned by the build user
> rather than root.
>
> Signed-off-by: Cedric Hombourger <cedric.hombourger@siemens.com>
> ---
>   meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc | 4 ++++
>   1 file changed, 4 insertions(+)
>
> diff --git a/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc b/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc
> index 931f6f13..b2de61ad 100644
> --- a/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc
> +++ b/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc
> @@ -181,6 +181,10 @@ do_bootstrap() {
>                                    && sudo umount $base_apt_tmp \
>                                    && rm -rf --one-file-system $base_apt_tmp' EXIT
>   
> +    # Create lock file so that it is owned by the user running the build (not root)
> +    mkdir -p ${DEBDIR}
> +    touch ${DEB_DL_LOCK}
> +

Tested-by: Andreas Naumann <anaumann@emlix.com>

Actually by a collegue of mine.

>       sudo TMPDIR="${BOOTSTRAP_TMPDIR}" mmdebstrap $bootstrap_args \
>                      $arch_param \
>                      --mode=unshare \
diff mbox series

Patch

diff --git a/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc b/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc
index 931f6f13..b2de61ad 100644
--- a/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc
+++ b/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc
@@ -181,6 +181,10 @@  do_bootstrap() {
                                  && sudo umount $base_apt_tmp \
                                  && rm -rf --one-file-system $base_apt_tmp' EXIT
 
+    # Create lock file so that it is owned by the user running the build (not root)
+    mkdir -p ${DEBDIR}
+    touch ${DEB_DL_LOCK}
+
     sudo TMPDIR="${BOOTSTRAP_TMPDIR}" mmdebstrap $bootstrap_args \
                    $arch_param \
                    --mode=unshare \