New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix non-root build and signing for rpm packages #47545
Conversation
9bd6292
to
45fa27a
Compare
45fa27a
to
a36de5c
Compare
re-run py2 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
One small problem here. Also, I thought we standardized on using user
instead of runas
everywhere else beside cmdmod.py
.
salt/modules/rpmbuild.py
Outdated
srpms = os.path.join(tree_base, 'SRPMS') | ||
ret = [] | ||
if not os.path.isdir(dest_dir): | ||
os.makedirs(dest_dir) | ||
__salt__['file.chown'](path=dest_dir, user=runas, group='mock') |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This appears to be chown'ing a directory that doesn't exist, since you have removed the os.makedirs(dest_dir)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the catch, that looks like it should have been makedirs_perms, will fix
a36de5c
to
220f887
Compare
@terminalmage There is a change coming from a contributor see #47056, so minimizing merge (user vs runas) when that is delivered. Post merge can update both debbuild.py and rpmbuild.py, as the contributor is also updating debbuild.py. Also reluctant to change preexisting code for new naming scheme in minor release, fix up in develop after merge. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Was not aware that runas was already used elsewhere in the module. That's fine, then. I just didn't want to be introducing new usage of runas if we were moving away from it.
re-run py2 |
What does this PR do?
Restores the ability to build and sign packages for rpm builds as a non-root user
This ability was changed in the Nitrogen release.
What issues does this PR fix or reference?
vmware-archive/salt-pack#545
Previous Behavior
Could only perform builds and signing for rpm packages as root since 2017.7.0
New Behavior
Restores ability to perform builds and signing for rpm packages as non-root user, for example: builder, with Salt minions as prior to the 2017.7.0 release.
Tests written?
No, built and signed Centos 7 packages.
Commits signed with GPG?
No
Please review Salt's Contributing Guide for best practices.
See GitHub's page on GPG signing for more information about signing commits with GPG.