[Bug 228023] databases/ruby-bdb: Allow poudriere run with BUILD_AS_NON_ROOT=no on ZFS

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Sun May 6 12:48:48 UTC 2018 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=228023

            Bug ID: 228023
           Summary: databases/ruby-bdb: Allow poudriere run with
                    BUILD_AS_NON_ROOT=no on ZFS
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: Individual Port(s)
          Assignee: knu at FreeBSD.org
          Reporter: loader at FreeBSD.org
                CC: koobs at FreeBSD.org
          Assignee: knu at FreeBSD.org
             Flags: maintainer-feedback?(knu at FreeBSD.org)

Created attachment 193087
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=193087&action=edit
ruby24-bdb-0.6.6_5.log

I just got these errors in attached poudriere log
ruby24-bdb-0.6.6_5.log:
chmod: ./css/fonts.css: Operation not permitted
chmod: ./css/rdoc.css: Operation not permitted
chmod: ./js/jquery.js: Operation not permitted
chmod: ./js/darkfish.js: Operation not permitted
chmod: ./js/search.js: Operation not permitted

These files are installed by lang/ruby24 and located in
${LOCALBASE}/lib/ruby/2.4/rdoc/generator/template/darkfish/

They would be copied into ${WRKSRC}/docs/doc of database/ruby-bdb 
while running the rdoc target. Actually, rdoc creates hard links for
them:

https://svn.ruby-lang.org/cgi-bin/viewvc.cgi/tags/v2_4_4/lib/rdoc/generator/darkfish.rb?revision=63013&view=markup#l557
563           begin
564                   FileUtils.ln source, destination, options

Hard links preserve the ownership of these files, even when poudriere
runs building/staging as a regular user.

% stat -f '%Sp %Su:%Sg %N' docs/doc/css/
drwxr-xr-x nobody:wheel docs/doc/css/

% stat -f '%Sp %Su:%Sg %N' docs/doc/css/*.css
-rw-r--r-- root:wheel docs/doc/css/fonts.css
-rw-r--r-- root:wheel docs/doc/css/rdoc.css

databases/ruby-bdb uses ${COPYTREE_SHARE} to copy theses files
from ${WRKSRC}/docs/doc to ${STAGEDIR}${DOCSDIR}/doc

https://svnweb.freebsd.org/ports/head/databases/ruby-bdb/Makefile?revision=458847&view=markup#l65
65      post-install-DOCS-on:
66              ${MKDIR} ${STAGEDIR}${DOCSDIR}/doc
67              (cd ${WRKSRC} && ${INSTALL_DATA} ${DOCS} ${STAGEDIR}${DOCSDIR})
68              (cd ${WRKSRC}/docs/doc && ${COPYTREE_SHARE} .
${STAGEDIR}${DOCSDIR}/doc)

The cpio -l option in ${COPYTREE_SHARE} creates links instead of copying files
that also preserve the ownership root:wheel

https://svnweb.freebsd.org/ports/head/Mk/bsd.port.mk?revision=468917&view=markup#l2205
2205    COPYTREE_SHARE= ${SH} -c '(${FIND} -Ed $$1 $$3 | ${CPIO} -dumpl $$2
>/dev/null 2>&1) && \
2206                                                       ${FIND} -Ed $$1 $$3
\(   -type d -exec ${SH} -c '\''cd '\''$$2'\'' && chmod 755 "$$@"'\'' . {} + \
2207                                                                           
                                                                            -o
-type f -exec ${SH} -c '\''cd '\''$$2'\'' && chmod ${_SHAREMODE} "$$@"'\'' . {}
+ \)' COPYTREE_SHARE

It's the chmod ${_SHAREMODE} command in ${COPYTREE_SHARE}
that wrote the error message in poudriere log:
chmod: ./css/fonts.css: Operation not permitted
chmod: ./css/rdoc.css: Operation not permitted
...

On UFS, running "chmod 644 docs/doc/css/fonts.css" as a regular user "nobody"
and that file has the identical mode (-rw-r--r--) owned by root doesn't
raise an error.

on ZFS, may_have_nfs4acl() returns 1 and then it runs fchmodat()
https://svnweb.freebsd.org/base/head/bin/chmod/chmod.c?revision=326025&view=markup#l197
197                     /*
198                      * With NFSv4 ACLs, it is possible that applying a mode
199                      * identical to the one computed from an ACL will
change
200                      * that ACL.
201                      */
202                     if (may_have_nfs4acl(p, hflag) == 0 &&
203                         (newmode & ALLPERMS) == (p->fts_statp->st_mode &
ALLPERMS))
204                                     continue;
205                     if (fchmodat(AT_FDCWD, p->fts_accpath, newmode, atflag)
== -1

databases/ruby-bdb is a RUN_DEPENDS of ports-mgmt/portupgrade, I'm not aware if
there
are other ports that also use rdoc + ${COPYTREE_SHARE} which might cause the
similar
problem on ZFS, so I just attached a patch to databases/ruby-bdb rather than
modifying
the ${COPYTREE_SHARE} in bsd.port.mk.

I've searched freebsd-pkg-fallout@ lists but didn't find anything about
databases/ruby-bdb,
it seems poudriere.conf has BUILD_AS_NON_ROOT=no enabled on the package cluster
:)

% fetch -q -o -
http://beefy5.nyi.freebsd.org/data/104i386-default/468751/logs/bash-4.4.19.log
| grep 'root[[:space:]]+wheel'
-rwxr-xr-x  1 root  wheel  1036686 May  1 01:18 bash

-- 
You are receiving this mail because:
You are the assignee for the bug.

More information about the freebsd-ports-bugs mailing list