log file permissions when running as non-root

[ctr49]

When running as non-root user, there may be permission issues with the redirect_target logfile. Although executing the script as user, the log and elog within log were owned by root. The package specific logfiles in log are owned by portage:portage.

This leads to an error in the final phase of image construction, i.e.:

»»»»»[namespace/image]» exec docker build -t namespace/image:20240212
DEPRECATED: The legacy builder is deprecated and will be removed in a future release.
            Install the buildx component to build images with BuildKit:
            https://docs.docker.com/go/buildx/

error checking context: no permission to read from '/home/user/namespace/images/image/log/app-arch:brotli-1.1.0:20240213-080829.log'
»[✘]»[namespace/image]» fatal: exec docker build -t namespace/image:20240212

A simple chown to the running user and reinvocation of kubler resolves the issue for the moment. But any additional packages let the error resurface.

[edannenberg]

Hmm could you add some more details how these logs are created?

[ctr49]

Those are logs created by kubler itself (when BOB_KEEP_BUILD_LOG=true is set). I noticed a few other places (distfile, packages, Packages) that are not owned by the running user, hence running kubler as non-privileged user is severely limited right now. Not sure if it's possible to chown them to BOB_HOST_UID/BOB_HOST_GID on exit as this would have to be performed inside the container (having elevated priviliges) as the user itself obviously lacks these outside the container.