Date: Mon, 15 Jan 2024 07:07:17 +0900 From: Tomoaki AOKI <junchoon@dec.sakura.ne.jp> To: Craig Leres <leres@freebsd.org> Cc: freebsd-hackers@freebsd.org Subject: Re: poudriere 3.4.0 regression: -i runs as NON_ROOT user Message-ID: <20240115070717.90a337c666aaa86003e7c231@dec.sakura.ne.jp> In-Reply-To: <0b1ea9f1-4ed6-42c9-af21-844da9fb5c63@freebsd.org> References: <bbd3b92d-40f3-41f6-a802-001610b35c8b@freebsd.org> <ZaGC8pOtQ-cQV05A@ircbsd.lifeofadishwasher.com> <c1a8b664-317d-446d-b2f7-9ee7511dcff9@freebsd.org> <ZaIq79Rph8laIN28@ircbsd.lifeofadishwasher.com> <0b1ea9f1-4ed6-42c9-af21-844da9fb5c63@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 14 Jan 2024 13:31:57 -0800 Craig Leres <leres@freebsd.org> wrote: > On 1/12/24 22:17, Derek Schrock wrote: > > It seems like you have PORTBUILD_UID set in poudriere.conf? UID is just > > id -u and pw useradd command uses that var. But it's 65534 for me (the > > default) I'm using -devel though. > > Nope: > > zinc 363 # fgrep PORTBUILD_UID /usr/local/etc/poudriere.conf > # Default: nobody (uid PORTBUILD_UID) > #PORTBUILD_UID=65534 > > But I find it interesting that poudriere.conf.sample says the default > user/gid is nobody/65534 but when I poudriere bulk (non interactively) > the jobs run as root! > > On 1/12/24 23:49, Gleb Popov wrote: > > Now you mentioned that, I wonder if this change will fix the problem > > https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=276259 > > My testing shows it does not fix the problem. I think that even as > poudriere is creating the -i shell as user nobody it also defines UID to > 0 in make. So this change: > > +UID?= ${.MAKE.UID} > > has no effect. > > It seems poudriere intends to run as a non-root user now. But what I see > happening is that it runs as root for non-interactive bulk builds and as > nobody for interactive. And either way UID is defined in make as 0. Even > when make itself knows it's running with UID 65534. > > Craig > > [with the patch from 276259 applied] > zinc 188 # poudriere bulk -i -j 13release -p current ports-mgmt/pkg > [...] > nobody@zinc:/usr/ports/ports-mgmt/pkg % whoami > nobody > nobody@zinc:/usr/ports/ports-mgmt/pkg % cd /usr/ports/ports-mgmt/pkg > nobody@zinc:/usr/ports/ports-mgmt/pkg % make -V UID > 0 > nobody@zinc:/usr/ports/ports-mgmt/pkg % make -V .MAKE.UID > 65534 IIRC, poudriere[-devel] ran as nobody (65534) initially, but it started running as root (0) when I started using ccache. -- Tomoaki AOKI <junchoon@dec.sakura.ne.jp>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20240115070717.90a337c666aaa86003e7c231>