Re: Cross compiling user applications for armv7

In reply to: Michał_Kruszewski : "Re: Cross compiling user applications for armv7"
Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Mark Millard <marklmi_at_yahoo.com>
Date: Sat, 20 Sep 2025 07:39:02 UTC
On Sep 19, 2025, at 22:28, Michał Kruszewski <mkru@protonmail.com> wrote:

>> make installworld DESTDIR=PATH DB_FROM_SRC=1
>> make distrib-dirs DESTDIR=PATH DB_FROM_SRC=1
>> make distribution DESTDIR=PATH DB_FROM_SRC=1
> 
> It didn't help.
> I still get permission and ownership errors when running poudriere bulk.

Your older and newer reports:

expected 0/0 versus actual 1001/100
vs.
expected 0/0 versus actual 1001/0

Looking for the code in pkg finds it in pkgdb.c :

	if (wrong_owner) {
		pkg_emit_error("%s wrong user or group ownership"
			       " (expected %d/%d versus actual %d/%d)",
			       path, fileowner, filegroup, sb.st_uid, sb.st_gid);
		return (EPKG_INSECURE);
	}

So: the group id changed to 0 but the user id did not:
still 1001 on the directory or file being checked.

But our reports both say: . wrong user or group ownership,
so here it is the (potential) containing directory: ".".

I'm not making claims about what lead to sb.st_gid==0 for
"." , just noting that it did change to that.

Looking around the code seems to be used for
local.sqlite or its containing directory, here the
directory.

Might this be related to the "NO_ROOT=YES" usage that
you originally reported?


For reference:

static int
pkgdb_is_insecure_mode(int dbdirfd, const char *path, bool install_as_user)
{
	uid_t		fileowner;
	gid_t		filegroup;
	bool		bad_perms = false;
	bool		wrong_owner = false;
	struct stat	sb;

	if (dbdirfd == -1)
		return (EPKG_ENODB);

	if (install_as_user) {
		fileowner = geteuid();
		filegroup = getegid();
	} else {
		fileowner = 0;
		filegroup = 0;
	}

	if (fstatat(dbdirfd, path, &sb, 0) != 0) {
		if (errno == EACCES)
			return (EPKG_ENOACCESS);
		else if (errno == ENOENT)
			return (EPKG_ENODB);
		else
			return (EPKG_FATAL);
	}

	/* if fileowner == 0, root ownership and no group or other
	   read access.  if fileowner != 0, require no other read
	   access and group read access IFF the group ownership ==
	   filegroup */

	if ( fileowner == 0 ) {
		if ((sb.st_mode & (S_IWGRP|S_IWOTH)) != 0)
			bad_perms = true;
		if (sb.st_uid != fileowner)
			wrong_owner = true;
	} else {
		if ((sb.st_mode & S_IWOTH) != 0)
			bad_perms = true;
		if (sb.st_gid != filegroup && (sb.st_mode & S_IWGRP) != 0)
			bad_perms = true;
		if (sb.st_uid != 0 && sb.st_uid != fileowner && sb.st_gid != filegroup)
			wrong_owner = true;
	}

	if (bad_perms) {
		pkg_emit_error("%s permissions (%#o) too lax", path,
			       (sb.st_mode & (S_IRWXU|S_IRWXG|S_IRWXO)));
		return (EPKG_INSECURE);
	}
	if (wrong_owner) {
		pkg_emit_error("%s wrong user or group ownership"
			       " (expected %d/%d versus actual %d/%d)",
			       path, fileowner, filegroup, sb.st_uid, sb.st_gid);
		return (EPKG_INSECURE);
	}

	return (EPKG_OK);
}


===
Mark Millard
marklmi at yahoo.com