mock: allow pre-creating users in chroot #1103
Conversation
mock/py/mockbuild/buildroot.py
Outdated
| @@ -466,6 +468,9 @@ def _fixup_build_user(self): | |||
| @traceLog() | |||
| @noop_in_bootstrap | |||
| def _make_build_user(self): | |||
| self.shadow_utils.create_user("pesign", copy_from_host=True) | |||
| self.shadow_utils.create_user("random-user") | |||
There was a problem hiding this comment.
This part likely needs to be done elsewhere and needs to be configurable! This is just a dummy preview for experiments.
|
This fixes #1091 without having to set up ACLs. |
|
@praiskup please check buildroot._make_build_user() for historical knowledge. Like deleting the user first, because it may exists from previous run. And fixing the uid. |
|
Yes, I've seen the history - in this case, I think we can afford to keep it simple, at least at the beginning; if this logic fails, it fails for misconfiguration (which is not very likely because we do this only when the chroot is first initialized). |
The trick is that the {user,group}{add,del} commands can be executed
on host with `--prefix <chroot>` nowadays.
This commit removes one unnecessary dependency from the minimal
buildroot, so the 'shadow-utils' are removed from all the configs.
The good thing is also that we don't need a hacks around the potentially
obsolescent '/sbin/useradd' utility (the `config_opts['useradd']`
option) because since Mock v3 we support only RHEL 8 hosts and newer.
The `_make_build_user()` was renamed to `_make_users()`, but the
unnecessary side-effect of homedir cleanup was cut-out as a separate
method `_cleanup_homedir` that needs to be called only before build, not
for normal `mock --init` or `mock --shell`. But we can otherwise
re-create the users in-chroot for every single mock run to assure the
UID/GID match the requirements.
The `chown_home_dir` used to be called in some unclear conditions, but
that call can not cause any harm and gives us guarantees that homedir is
readable by `mockbuilder`. We newly call it everytime.
The `_setup_build_dirs()` is called a bit later for the `prebuild ==
True` case to align with `not self.chroot_was_initialized`. But this
shouldn't have any real consequence (we call `chown_home_dir()` anyway).
There's one different thing. We we don't do `userdel -r` anymore for
mockbuilder. This shouldn't be needed, because when user is really
re-created (prebuild == True), we already did `_cleanup_homedir()`.
The other thing is that before we `useradd`, we already have `/builddir`
pre-created -> so useradd doesn't create `.bashrc`, etc. We can iterate
on this, but it doesn't seem to be Mock's responsibility.
Fixes: rpm-software-management#1102
Closes: rpm-software-management#1103
praiskup
force-pushed
the
praiskup-shadow-utils
branch
from
272545f
to
523e9d6
Compare
I changed my opinion about this, and I agree that removing the user first is better (makes me more confident that UID/GIDs are aligned). While doing this quite complex feature, I also propose changing the default way of handling Ready for the review. |
The trick is that the {user,group}{add,del} commands can be executed
on host with `--prefix <chroot>` nowadays.
This commit removes one unnecessary dependency from the minimal
buildroot, so the 'shadow-utils' are removed from all the configs.
The good thing is also that we don't need a hacks around the potentially
obsolescent '/sbin/useradd' utility (the `config_opts['useradd']`
option) because since Mock v3 we support only RHEL 8 hosts and newer.
The `_make_build_user()` was renamed to `_make_users()`, but the
unnecessary side-effect of homedir cleanup was cut-out as a separate
method `_cleanup_homedir` that needs to be called only before build, not
for normal `mock --init` or `mock --shell`. But we can otherwise
re-create the users in-chroot for every single mock run to assure the
UID/GID match the requirements.
The `chown_home_dir` used to be called in some unclear conditions, but
that call can not cause any harm and gives us guarantees that homedir is
readable by `mockbuilder`. We newly call it everytime.
The `_setup_build_dirs()` is called a bit later for the `prebuild ==
True` case to align with `not self.chroot_was_initialized`. But this
shouldn't have any real consequence (we call `chown_home_dir()` anyway).
There's one different thing. We we don't do `userdel -r` anymore for
mockbuilder. This shouldn't be needed, because when user is really
re-created (prebuild == True), we already did `_cleanup_homedir()`.
The other thing is that before we `useradd`, we already have `/builddir`
pre-created -> so useradd doesn't create `.bashrc`, etc. We can iterate
on this, but it doesn't seem to be Mock's responsibility.
Fixes: rpm-software-management#1102
Closes: rpm-software-management#1103
praiskup
force-pushed
the
praiskup-shadow-utils
branch
from
523e9d6
to
9e0928b
Compare
|
I tested the updated code and it works as expected, pesign works correctly. |
The trick is that the {user,group}{add,del} commands can be executed
on host with `--prefix <chroot>` nowadays.
This commit removes one unnecessary dependency from the minimal
buildroot, so the 'shadow-utils' are removed from all the configs.
The good thing is also that we don't need a hacks around the potentially
obsolescent '/sbin/useradd' utility (the `config_opts['useradd']`
option) because since Mock v3 we support only RHEL 8 hosts and newer.
The `_make_build_user()` was renamed to `_make_users()`, but the
unnecessary side-effect of homedir cleanup was cut-out as a separate
method `_cleanup_homedir` that needs to be called only before build, not
for normal `mock --init` or `mock --shell`. But we can otherwise
re-create the users in-chroot for every single mock run to assure the
UID/GID match the requirements.
The `chown_home_dir` used to be called in some unclear conditions, but
that call can not cause any harm and gives us guarantees that homedir is
readable by `mockbuilder`. We newly call it everytime.
The `_setup_build_dirs()` is called a bit later for the `prebuild ==
True` case to align with `not self.chroot_was_initialized`. But this
shouldn't have any real consequence (we call `chown_home_dir()` anyway).
There's one different thing. We we don't do `userdel -r` anymore for
mockbuilder. This shouldn't be needed, because when user is really
re-created (prebuild == True), we already did `_cleanup_homedir()`.
The other thing is that before we `useradd`, we already have `/builddir`
pre-created -> so useradd doesn't create `.bashrc`, etc. We can iterate
on this, but it doesn't seem to be Mock's responsibility.
Fixes: rpm-software-management#1102
Closes: rpm-software-management#1103
The trick is that the {user,group}{add,del} commands can be executed
on host with `--prefix <chroot>` nowadays.
This commit removes one unnecessary dependency from the minimal
buildroot, so the 'shadow-utils' are removed from all the configs.
The good thing is also that we don't need a hacks around the potentially
obsolescent '/sbin/useradd' utility (the `config_opts['useradd']`
option) because since Mock v3 we support only RHEL 8 hosts and newer.
The `_make_build_user()` was renamed to `_make_users()`, but the
unnecessary side-effect of homedir cleanup was cut-out as a separate
method `_cleanup_homedir` that needs to be called only before build, not
for normal `mock --init` or `mock --shell`. But we can otherwise
re-create the users in-chroot for every single mock run to assure the
UID/GID match the requirements.
The `chown_home_dir` used to be called in some unclear conditions, but
that call can not cause any harm and gives us guarantees that homedir is
readable by `mockbuilder`. We newly call it everytime.
The `_setup_build_dirs()` is called a bit later for the `prebuild ==
True` case to align with `not self.chroot_was_initialized`. But this
shouldn't have any real consequence (we call `chown_home_dir()` anyway).
There's one different thing. We we don't do `userdel -r` anymore for
mockbuilder. This shouldn't be needed, because when user is really
re-created (prebuild == True), we already did `_cleanup_homedir()`.
The other thing is that before we `useradd`, we already have `/builddir`
pre-created -> so useradd doesn't create `.bashrc`, etc. We can iterate
on this, but it doesn't seem to be Mock's responsibility.
Fixes: rpm-software-management#1102
Closes: rpm-software-management#1103
The trick is that the {user,group}{add,del} commands can be executed
on host with `--prefix <chroot>` nowadays.
This commit removes one unnecessary dependency from the minimal
buildroot, so the 'shadow-utils' are removed from all the configs.
The good thing is also that we don't need a hacks around the potentially
obsolescent '/sbin/useradd' utility (the `config_opts['useradd']`
option) because since Mock v3 we support only RHEL 8 hosts and newer.
The `_make_build_user()` was renamed to `_make_users()`, but the
unnecessary side-effect of homedir cleanup was cut-out as a separate
method `_cleanup_homedir` that needs to be called only before build, not
for normal `mock --init` or `mock --shell`. But we can otherwise
re-create the users in-chroot for every single mock run to assure the
UID/GID match the requirements.
The `chown_home_dir` used to be called in some unclear conditions, but
that call can not cause any harm and gives us guarantees that homedir is
readable by `mockbuilder`. We newly call it everytime.
The `_setup_build_dirs()` is called a bit later for the `prebuild ==
True` case to align with `not self.chroot_was_initialized`. But this
shouldn't have any real consequence (we call `chown_home_dir()` anyway).
There's one different thing. We we don't do `userdel -r` anymore for
mockbuilder. This shouldn't be needed, because when user is really
re-created (prebuild == True), we already did `_cleanup_homedir()`.
The other thing is that before we `useradd`, we already have `/builddir`
pre-created -> so useradd doesn't create `.bashrc`, etc. We can iterate
on this, but it doesn't seem to be Mock's responsibility.
Fixes: rpm-software-management#1102
Closes: rpm-software-management#1103
mock/mock.spec
Outdated
| @@ -9,7 +9,7 @@ | |||
|
|
|||
| Summary: Builds packages inside chroots | |||
| Name: mock | |||
| Version: 4.1 | |||
| Version: 4.1.post | |||
There was a problem hiding this comment.
This is an experiment (likely I should use post1) that I don't insist on,
but seems really attractive.
Simply, this way I can signalize that the Version is higher than the one
released in Fedora, always beating the NVR there (even if Release goes up due
to rebuilds) and in mock-core-configs I still can require the version newer
then the one from this PR.
There was a problem hiding this comment.
I moved this experiment into #1138, it was rather disturbing change in this PR.
I do not get this. When you call mock with |
I don't think --no-clean works this way. That's executed unconditionally (note that |
|
But honestly, I'm a bit confused, don't ask me what the effect of |
The trick is that the {user,group}{add,del} commands can be executed
on host with `--prefix <chroot>` nowadays.
This commit removes one unnecessary dependency from the minimal
buildroot, so the 'shadow-utils' are removed from all the configs.
The good thing is also that we don't need a hacks around the potentially
obsolescent '/sbin/useradd' utility (the `config_opts['useradd']`
option) because since Mock v3 we support only RHEL 8 hosts and newer.
The `_make_build_user()` was renamed to `_make_users()`, but the
unnecessary side-effect of homedir cleanup was cut-out as a separate
method `_cleanup_homedir` that needs to be called only before build, not
for normal `mock --init` or `mock --shell`. But we can otherwise
re-create the users in-chroot for every single mock run to assure the
UID/GID match the requirements.
The `chown_home_dir` used to be called in some unclear conditions, but
that call can not cause any harm and gives us guarantees that homedir is
readable by `mockbuilder`. We newly call it everytime.
The `_setup_build_dirs()` is called a bit later for the `prebuild ==
True` case to align with `not self.chroot_was_initialized`. But this
shouldn't have any real consequence (we call `chown_home_dir()` anyway).
There's one different thing. We we don't do `userdel -r` anymore for
mockbuilder. This shouldn't be needed, because when user is really
re-created (prebuild == True), we already did `_cleanup_homedir()`.
The other thing is that before we `useradd`, we already have `/builddir`
pre-created -> so useradd doesn't create `.bashrc`, etc. We can iterate
on this, but it doesn't seem to be Mock's responsibility.
Fixes: rpm-software-management#1102
Closes: rpm-software-management#1103
praiskup
force-pushed
the
praiskup-shadow-utils
branch
from
9e0928b
to
7f50e77
Compare
The trick is that the {user,group}{add,del} commands can be executed
on host with `--prefix <chroot>` nowadays.
This commit removes one unnecessary dependency from the minimal
buildroot, so the 'shadow-utils' are removed from all the configs.
The good thing is also that we don't need a hacks around the potentially
obsolescent '/sbin/useradd' utility (the `config_opts['useradd']`
option) because since Mock v3 we support only RHEL 8 hosts and newer.
The `_make_build_user()` was renamed to `_make_users()`, but the
unnecessary side-effect of homedir cleanup was cut-out as a separate
method `_cleanup_homedir` that needs to be called only before build, not
for normal `mock --init` or `mock --shell`. But we can otherwise
re-create the users in-chroot for every single mock run to assure the
UID/GID match the requirements.
The `chown_home_dir` used to be called in some unclear conditions, but
that call can not cause any harm and gives us guarantees that homedir is
readable by `mockbuilder`. We newly call it everytime.
The `_setup_build_dirs()` is called a bit later for the `prebuild ==
True` case to align with `not self.chroot_was_initialized`. But this
shouldn't have any real consequence (we call `chown_home_dir()` anyway).
There's one different thing. We we don't do `userdel -r` anymore for
mockbuilder. This shouldn't be needed, because when user is really
re-created (prebuild == True), we already did `_cleanup_homedir()`.
The other thing is that before we `useradd`, we already have `/builddir`
pre-created -> so useradd doesn't create `.bashrc`, etc. We can iterate
on this, but it doesn't seem to be Mock's responsibility.
Fixes: rpm-software-management#1102
Closes: rpm-software-management#1103
praiskup
force-pushed
the
praiskup-shadow-utils
branch
2 times, most recently
from
83ce4b6
to
c576130
Compare
The trick is that the {user,group}{add,del} commands can be executed
on host with `--prefix <chroot>` nowadays.
This commit removes one unnecessary dependency from the minimal
buildroot, so the 'shadow-utils' are removed from all the configs.
The good thing is also that we don't need a hacks around the potentially
obsolescent '/sbin/useradd' utility (the `config_opts['useradd']`
option) because since Mock v3 we support only RHEL 8 hosts and newer.
The `_make_build_user()` was renamed to `_make_users()`, but the
unnecessary side-effect of homedir cleanup was cut-out as a separate
method `_cleanup_homedir` that needs to be called only before build, not
for normal `mock --init` or `mock --shell`. But we can otherwise
re-create the users in-chroot for every single mock run to assure the
UID/GID match the requirements.
The `chown_home_dir` used to be called in some unclear conditions, but
that call can not cause any harm and gives us guarantees that homedir is
readable by `mockbuilder`. We newly call it everytime.
The `_setup_build_dirs()` is called a bit later for the `prebuild ==
True` case to align with `not self.chroot_was_initialized`. But this
shouldn't have any real consequence (we call `chown_home_dir()` anyway).
There's one different thing. We we don't do `userdel -r` anymore for
mockbuilder. This shouldn't be needed, because when user is really
re-created (prebuild == True), we already did `_cleanup_homedir()`.
The other thing is that before we `useradd`, we already have `/builddir`
pre-created -> so useradd doesn't create `.bashrc`, etc. We can iterate
on this, but it doesn't seem to be Mock's responsibility.
Fixes: rpm-software-management#1102
Closes: rpm-software-management#1103
The trick is that the {user,group}{add,del} commands can be executed
on host with `--prefix <chroot>` nowadays.
This commit removes one unnecessary dependency from the minimal
buildroot, so the 'shadow-utils' are removed from all the configs.
The good thing is also that we don't need a hacks around the potentially
obsolescent '/sbin/useradd' utility (the `config_opts['useradd']`
option) because since Mock v3 we support only RHEL 8 hosts and newer.
The `_make_build_user()` was renamed to `_make_users()`, but the
unnecessary side-effect of homedir cleanup was cut-out as a separate
method `_cleanup_homedir` that needs to be called only before build, not
for normal `mock --init` or `mock --shell`. But we can otherwise
re-create the users in-chroot for every single mock run to assure the
UID/GID match the requirements.
The `chown_home_dir` used to be called in some unclear conditions, but
that call can not cause any harm and gives us guarantees that homedir is
readable by `mockbuilder`. We newly call it everytime.
The `_setup_build_dirs()` is called a bit later for the `prebuild ==
True` case to align with `not self.chroot_was_initialized`. But this
shouldn't have any real consequence (we call `chown_home_dir()` anyway).
There's one different thing. We we don't do `userdel -r` anymore for
mockbuilder. This shouldn't be needed, because when user is really
re-created (prebuild == True), we already did `_cleanup_homedir()`.
The other thing is that before we `useradd`, we already have `/builddir`
pre-created -> so useradd doesn't create `.bashrc`, etc. We can iterate
on this, but it doesn't seem to be Mock's responsibility.
Fixes: rpm-software-management#1102
Closes: rpm-software-management#1103
praiskup
force-pushed
the
praiskup-shadow-utils
branch
from
c576130
to
f8588fb
Compare
|
So, the consequence here is that e.g. manual Per documentation So keeping the old behavior for the "non build" use case seems like we |
|
We know that @voxik and @mkoncek are heavy |
|
Sure, can start tomorrow.
I hope this is how it is intended to be used. |
I use |
|
I use But I think rewriting |
|
Thank you for responding here! @hobbes1069 wrote
Indeed, this behavior of --no-clean shouldn't be affected by this PR. @fweimer-rh wrote
Good point. There already are other things that Mock sets up for every run no matter
Well, in theory at least (we may e.g. do |
The trick is that the {user,group}{add,del} commands can be executed
on host with `--prefix <chroot>` nowadays.
This commit removes one unnecessary dependency from the minimal
buildroot, so the 'shadow-utils' are removed from all the configs.
The good thing is also that we don't need a hacks around the potentially
obsolescent '/sbin/useradd' utility (the `config_opts['useradd']`
option) because since Mock v3 we support only RHEL 8 hosts and newer.
The `_make_build_user()` was renamed to `_make_users()`, but the
unnecessary side-effect of homedir cleanup was cut-out as a separate
method `_cleanup_homedir` that needs to be called only before build, not
for normal `mock --init` or `mock --shell`. But we can otherwise
re-create the users in-chroot for every single mock run to assure the
UID/GID match the requirements.
The `chown_home_dir` used to be called in some unclear conditions, but
that call can not cause any harm and gives us guarantees that homedir is
readable by `mockbuilder`. We newly call it everytime.
The `_setup_build_dirs()` is called a bit later for the `prebuild ==
True` case to align with `not self.chroot_was_initialized`. But this
shouldn't have any real consequence (we call `chown_home_dir()` anyway).
There's one different thing. We we don't do `userdel -r` anymore for
mockbuilder. This shouldn't be needed, because when user is really
re-created (prebuild == True), we already did `_cleanup_homedir()`.
The other thing is that before we `useradd`, we already have `/builddir`
pre-created -> so useradd doesn't create `.bashrc`, etc. We can iterate
on this, but it doesn't seem to be Mock's responsibility.
Fixes: #1102
Closes: #1103
No description provided.