Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   EPEL Development (http://www.linux-archive.org/epel-development/)
-   -   Mock problem in EPEL 5? (http://www.linux-archive.org/epel-development/566954-mock-problem-epel-5-a.html)

Jonathan Underwood 08-22-2011 03:37 PM
Mock problem in EPEL 5?
 
Hi,

I am seeing a package build fail in EPEL 5 that builds fine in EPEL6
and Fedora. Specifically there seems to be a problem writing to /sbin
in the build root:

Installing Shorewall Version 4.4.22.3
install: cannot create regular file `/sbin/shorewall': Permission denied
ERROR: Failed to install -T -o root -g root -m 0755 shorewall /sbin/shorewall

See http://koji.fedoraproject.org/koji/getfile?taskID=3291843&name=build.log

Any ideas?

Cheers,
Jonathan

_______________________________________________
epel-devel-list mailing list
epel-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/epel-devel-list

Paul Howarth 08-22-2011 03:59 PM
Mock problem in EPEL 5?
 
On 08/22/2011 04:37 PM, Jonathan Underwood wrote:

Hi,

I am seeing a package build fail in EPEL 5 that builds fine in EPEL6
and Fedora. Specifically there seems to be a problem writing to /sbin
in the build root:

Installing Shorewall Version 4.4.22.3
install: cannot create regular file `/sbin/shorewall': Permission denied
ERROR: Failed to install -T -o root -g root -m 0755 shorewall /sbin/shorewall

See http://koji.fedoraproject.org/koji/getfile?taskID=3291843&name=build.log

Any ideas?


I'm surprised this builds at all in mock: it's trying to give away
ownership of the file to root, which is a privileged operation. If you
patch it not to try to do "-o root -g root" then it should work OK, and
the resulting files will be owned by root anyway.


Paul.

_______________________________________________
epel-devel-list mailing list
epel-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/epel-devel-list

Jonathan Underwood 08-22-2011 04:12 PM
Mock problem in EPEL 5?
 
On 22 August 2011 16:59, Paul Howarth <paul@city-fan.org> wrote:
> I'm surprised this builds at all in mock: it's trying to give away ownership
> of the file to root, which is a privileged operation. If you patch it not to
> try to do "-o root -g root" then it should work OK, and the resulting files
> will be owned by root anyway.

Looking a little closer at the install script, it actually performs a
check to see if it is running as root, and if not doesn't set those
owner/group permissions - in other branches, this check works
correctly. So the question is, why does mock in EPEL 5 run as root,
but not in EPEL6 and Fedora? This seems like a bit of a security
issue!

_______________________________________________
epel-devel-list mailing list
epel-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/epel-devel-list

Paul Howarth 08-24-2011 01:50 PM
Mock problem in EPEL 5?
 
On 08/22/2011 05:12 PM, Jonathan Underwood wrote:

On 22 August 2011 16:59, Paul Howarth<paul@city-fan.org> wrote:

I'm surprised this builds at all in mock: it's trying to give away ownership
of the file to root, which is a privileged operation. If you patch it not to
try to do "-o root -g root" then it should work OK, and the resulting files
will be owned by root anyway.


Looking a little closer at the install script, it actually performs a
check to see if it is running as root, and if not doesn't set those
owner/group permissions - in other branches, this check works
correctly. So the question is, why does mock in EPEL 5 run as root,
but not in EPEL6 and Fedora? This seems like a bit of a security
issue!


It's not. Your spec file is missing a BuildRoot: tag, which is still
needed for EPEL-5. Without it, $RPM_BUILD_ROOT is not set and PREFIX
(which upstream has renamed to DESTDIR) is thus empty, and the check for
root never happens.


Paul.

_______________________________________________
epel-devel-list mailing list
epel-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/epel-devel-list

Jonathan Underwood 08-24-2011 02:06 PM
Mock problem in EPEL 5?
 
Oh yes, you're right. Thanks. Feeling dumb now.


sent from my phone.

On 24 Aug 2011 14:51, "Paul Howarth" <paul@city-fan.org> wrote:> On 08/22/2011 05:12 PM, Jonathan Underwood wrote:

>> On 22 August 2011 16:59, Paul Howarth<paul@city-fan.org> wrote:
>>> I'm surprised this builds at all in mock: it's trying to give away ownership

>>> of the file to root, which is a privileged operation. If you patch it not to
>>> try to do "-o root -g root" then it should work OK, and the resulting files
>>> will be owned by root anyway.

>>
>> Looking a little closer at the install script, it actually performs a
>> check to see if it is running as root, and if not doesn't set those
>> owner/group permissions - in other branches, this check works

>> correctly. So the question is, why does mock in EPEL 5 run as root,
>> but not in EPEL6 and Fedora? This seems like a bit of a security
>> issue!
>
> It's not. Your spec file is missing a BuildRoot: tag, which is still

> needed for EPEL-5. Without it, $RPM_BUILD_ROOT is not set and PREFIX
> (which upstream has renamed to DESTDIR) is thus empty, and the check for
> root never happens.
>
> Paul.
>
> _______________________________________________

> epel-devel-list mailing list
> epel-devel-list@redhat.com
> https://www.redhat.com/mailman/listinfo/epel-devel-list


_______________________________________________
epel-devel-list mailing list
epel-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/epel-devel-list


All times are GMT. The time now is 02:13 AM.

VBulletin, Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.