romm icon indicating copy to clipboard operation
romm copied to clipboard

Published 20 hours ago verified publisher icon rommapp

[Bug] Fix fixture permissions

Open CygnusHyoga opened this issue 1 year ago • 8 comments

RomM version RomM 2.3.1

Describe the bug By default the permission of the directory /backend/handler/fixtures/ are for user root and group root with drwxr-xr-x, where only the root user can write to it.

This directory is used to update Scheduled Switch TitleDB update and Scheduled MAME XML update, and it is impossible to write to this directory in containers that run as rootless.

To Reproduce Steps to reproduce the behavior:

Run Scheduled Switch TitleDB update or Scheduled MAME XML update

Example Error:

INFO:	  [RomM][2024-01-29 09:04:35] Scheduled mame xml update started...
INFO:      - "POST /tasks/run HTTP/1.0" 500 Internal Server Error
INFO:	  [nginx][2024-01-29 09:04:35]	10.42.0.229 - - "POST /api/tasks/run HTTP/1.1" 500 21 "https://romm.apps.multiverse.buenhost.com.ar/settings/control-panel" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.2.1 Safari/605.1.15" rt=0.631 uct="0.000" uht="0.632" urt="0.632"
ERROR:    Exception in ASGI application
Traceback (most recent call last):
  File "/backend/lib/python3.10/site-packages/uvicorn/protocols/http/h11_impl.py", line 428, in run_asgi
    result = await app(  # type: ignore[func-returns-value]
  File "/backend/lib/python3.10/site-packages/uvicorn/middleware/proxy_headers.py", line 78, in __call__
    return await self.app(scope, receive, send)
  File "/backend/lib/python3.10/site-packages/fastapi/applications.py", line 292, in __call__
    await super().__call__(scope, receive, send)
  File "/backend/lib/python3.10/site-packages/starlette/applications.py", line 122, in __call__
    await self.middleware_stack(scope, receive, send)
  File "/backend/lib/python3.10/site-packages/starlette/middleware/errors.py", line 184, in __call__
    raise exc
  File "/backend/lib/python3.10/site-packages/starlette/middleware/errors.py", line 162, in __call__
    await self.app(scope, receive, _send)
  File "/backend/lib/python3.10/site-packages/starlette/middleware/sessions.py", line 86, in __call__
    await self.app(scope, receive, send_wrapper)
  File "/backend/lib/python3.10/site-packages/starlette/middleware/authentication.py", line 48, in __call__
    await self.app(scope, receive, send)
  File "/backend/lib/python3.10/site-packages/starlette/middleware/cors.py", line 91, in __call__
    await self.simple_response(scope, receive, send, request_headers=headers)
  File "/backend/lib/python3.10/site-packages/starlette/middleware/cors.py", line 146, in simple_response
    await self.app(scope, receive, send)
  File "/backend/lib/python3.10/site-packages/starlette/middleware/exceptions.py", line 79, in __call__
    raise exc
  File "/backend/lib/python3.10/site-packages/starlette/middleware/exceptions.py", line 68, in __call__
    await self.app(scope, receive, sender)
  File "/backend/lib/python3.10/site-packages/fastapi/middleware/asyncexitstack.py", line 20, in __call__
    raise e
  File "/backend/lib/python3.10/site-packages/fastapi/middleware/asyncexitstack.py", line 17, in __call__
    await self.app(scope, receive, send)
  File "/backend/lib/python3.10/site-packages/starlette/routing.py", line 718, in __call__
    await route.handle(scope, receive, send)
  File "/backend/lib/python3.10/site-packages/starlette/routing.py", line 276, in handle
    await self.app(scope, receive, send)
  File "/backend/lib/python3.10/site-packages/starlette/routing.py", line 66, in app
    response = await func(request)
  File "/backend/lib/python3.10/site-packages/fastapi/routing.py", line 273, in app
    raw_response = await run_endpoint_function(
  File "/backend/lib/python3.10/site-packages/fastapi/routing.py", line 190, in run_endpoint_function
    return await dependant.call(**values)
  File "/backend/lib/python3.10/site-packages/starlette/authentication.py", line 76, in async_wrapper
    return await func(*args, **kwargs)
  File "/backend/endpoints/tasks.py", line 12, in run_tasks
    await update_mame_xml_task.run()
  File "/backend/tasks/utils.py", line 98, in run
    with open(self.file_path, "wb") as fixture:
PermissionError: [Errno 13] Permission denied: '/backend/handler/fixtures/mame.xml'

Verify permission of dir:

/romm $ ls -l /backend/handler
total 32
-rw-r--r--    1 root     root           231 Jan  8 23:14 __init__.py
-rw-r--r--    1 root     root          6111 Jan  8 23:14 db_handler.py
drwxr-xr-x    2 root     root            32 Jan  8 23:14 fixtures
-rw-r--r--    1 root     root         14627 Jan  8 23:14 igdb_handler.py
-rw-r--r--    1 root     root          1274 Jan  8 23:14 sgdb_handler.py
drwxr-xr-x    3 root     root           115 Jan  8 23:14 tests
/romm $

Expected behavior Be able to execute Scheduled Switch TitleDB update and Scheduled MAME XML update, without writing permission errors in container that run as rootless.

Desktop (please complete the following information):

  • OS: MacOS 14.2.1
  • Browser: safari
  • Version: 17.2.1

Additional context A possible solution would be to apply more flexible permissions to this directory in the dockerfile.

Another possible solution that occurs to me is to unify it into one of the persistent volumes or define a new persistent volume. One of the problems I see is that the ps2_opl_index.json file already exists by default.

CygnusHyoga avatar Jan 29 '24 08:01 CygnusHyoga

We are thinking on adding some more dumps of game lists, so maybe it would be a good idea to make a new volume binding to store there all the static files. @gantoine thoughts?

zurdi15 avatar Jan 31 '24 09:01 zurdi15

I mean we could, but I don't expect users to upload their own dumps (though maybe that'll change?). Setting permissions would require accepting PUIG/GUID env variables and using them in the Dockerfile.

Honestly for now we should do whatever is easiest/simplest for the default setup when running rootless.

gantoine avatar Jan 31 '24 13:01 gantoine

Honestly for now we should do whatever is easiest/simplest for the default setup when running rootless.

I think the same, that's why I think having a mounted volume can help with that being so simple?

zurdi15 avatar Jan 31 '24 15:01 zurdi15

Fine by me 👍🏼 backlogged it so it gets done eventually lol

gantoine avatar Jan 31 '24 16:01 gantoine

I got something similar but not the exact error. Version 3.0.3

03/28/2024 12:23:39 PM INFO:	  [RomM][2024-03-28 12:23:39]   9 roms found
03/28/2024 12:23:39 PM WARNING:   [RomM][2024-03-28 12:23:39] Fetching the Switch titleDB index file...
03/28/2024 12:23:39 PM INFO:	  [RomM][2024-03-28 12:23:39] Scheduled switch titledb update started...
03/28/2024 12:23:45 PM ERROR:	  [RomM][2024-03-28 12:23:45] [Errno 13] Permission denied: '/backend/handler/fixtures/switch_titledb.json'

Bronom avatar Mar 28 '24 16:03 Bronom

Yep this will be fixed in 3.1!

gantoine avatar Mar 28 '24 16:03 gantoine

I am hitting this issue as well, when is 3.1 going to be released? Is there an approximate ETA? Not requesting one, just YMI to plan an upgrade... :) Great job people.

gardiol avatar Apr 08 '24 06:04 gardiol

@gardiol You can try the latest 3.1-RC.2, or wait for RC.3 to be release (which will have even more fixes!)

gantoine avatar Apr 09 '24 01:04 gantoine

This has been addressed in 3.1.0.

gantoine avatar May 27 '24 03:05 gantoine