container-common-scripts icon indicating copy to clipboard operation
container-common-scripts copied to clipboard

Published 20 hours ago verified publisher icon sclorg

Find Umask issue soon

Open hhorak opened this issue 6 years ago • 6 comments

With umask set to 077, the image build and test might fail. While we might not fix this properly, it would be good to find out that the umask is the cause soon by having explicit check for umask during:

  • make build
  • a new function in test-lib.sh to be called in every test/run

hhorak avatar Aug 07 '19 08:08 hhorak

This is probably broken in docker, for buildah, I reported https://github.com/containers/buildah/issues/1305 some time ago.

praiskup avatar Aug 08 '19 05:08 praiskup

But of course, ADD sth somewhere files which are manually created files by make can cause problems as well.

praiskup avatar Aug 08 '19 05:08 praiskup

Just to sum up what issues we hit when investigating rhel8 CI issues (which had umask 077):

  • when generating source files distgen only explicitly sets permissions for files, not for directories the files are located in
  • when changing permissions during assemble the fix-permission script needs to run before any further cp commands are called (via hooks for example) to avoid missing permissions outside directories on which the fix-permission script is called
  • when copying files into new locations -a should be used to keep permissions in tact after ^ happens

@kubco2 I hope did not forget anything

pkubatrh avatar Aug 08 '19 08:08 pkubatrh

Just to sum up what issues we hit when investigating rhel8 CI issues (which had umask 077):

* when generating source files distgen only explicitly sets permissions for files, not for directories the files are located in

* when changing permissions during `assemble` the `fix-permission` script needs to run before any further cp/mv commands are called (via hooks for example) to avoid missing permissions outside directories on which the `fix-permission` script is called

@pkubatrh I guess, fix-permission script has to be run after mv commands if you want to fix permissions otherwise mv will not have correct permissions. For cp command -a is enough. Am I right?

* when copying files into new locations `-a` should be used to keep permissions in tact after ^ happens

@kubco2 I hope did not forget anything

phracek avatar Sep 19 '19 12:09 phracek

@pkubatrh I guess, fix-permission script has to be run after mv commands if you want to fix permissions otherwise mv will not have correct permissions

Afaik mv does not alter the inode of the file moved in any way so fix-permission should not need to be re-run after the move.

Edit: I noticed I had a mention of mv in my previous comment for some reason so I removed it to avoid further confusion.

pkubatrh avatar Sep 23 '19 05:09 pkubatrh

On Sun, Sep 22, 2019 at 10:56:09PM -0700, Petr Kubat wrote:

Afaik mv does not alter the inode of the file moved in any way so fix-permission should not need to be re-run after the move.

Only true when the source and the target live on the same file system. /tmp is usually a tmpfs on Fedora.

ppisar avatar Sep 23 '19 10:09 ppisar