Bug 199396 - mail/mailman poudriere build fails as non-root
Summary: mail/mailman poudriere build fails as non-root
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Dan Langille
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-04-12 14:11 UTC by Dan Langille
Modified: 2015-04-23 17:05 UTC (History)
1 user (show)

See Also:
mandree: maintainer-feedback+


Attachments
poudriere testport output (39.27 KB, text/plain)
2015-04-12 14:11 UTC, Dan Langille
no flags Details
Building with 'BUILD_AS_NON_ROOT=no' in poudriere.conf succeeds (92.31 KB, text/plain)
2015-04-22 20:56 UTC, Dan Langille
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Dan Langille freebsd_committer 2015-04-12 14:11:14 UTC
Created attachment 155517 [details]
poudriere testport output

Full build output in the attachment.

In brief:

===>  Staging for mailman-2.1.20
===>   Generating temporary packing list
===> Creating users and/or groups.
Creating architecture independent directories...
Creating directory hierarchy /wrkdirs/usr/ports/mail/mailman/work/stage/usr/local/mailman/logs
mkdir /wrkdirs/usr/ports/mail/mailman/work/stage/usr/local/mailman
mkdir /wrkdirs/usr/ports/mail/mailman/work/stage/usr/local/mailman/logs
chmod: /wrkdirs/usr/ports/mail/mailman/work/stage/usr/local/mailman/logs: Operation not permitted
*** [doinstall] Error code 1

Stop in /wrkdirs/usr/ports/mail/mailman/work/mailman-2.1.20.
*** [do-install] Error code 1

Stop in /usr/ports/mail/mailman.
====>> Cleaning up wrkdir
===>  Cleaning for mailman-2.1.20
build of mail/mailman ended at Sun Apr 12 13:52:47 UTC 2015
build time: 00:00:17
!!! build failure encountered !!!
Comment 1 Dan Langille freebsd_committer 2015-04-12 14:12:32 UTC
FYI when running with testport -i, I noticed this:

# ls -l /wrkdirs/usr/ports/mail/mailman/work/stage/usr/local/mailman
total 0
drwxrwxr-x  2 nobody  wheel  0 Apr 12 13:57 logs
Comment 2 Dan Langille freebsd_committer 2015-04-12 16:37:27 UTC
The original build was done via:

poudriere testport -v -j 93amd64 -p default -z master-list -i -o mail/mailman

Here are the options I used:

er/           mail_postfix/              mail_spamassassin/         mbmon/                     
[dan@slocum:/usr/local/etc/poudriere.d] $ cat master-list-options/mail_mailman/options 
# This file is auto-generated by 'make config'.
# Options for mailman-2.1.20
_OPTIONS_READ=mailman-2.1.20
_FILE_COMPLETE_OPTIONS_LIST=DOCS HTDIG NAMAZU2 NLS COURIER EXIM4 OPENSMTPD POSTFIX SENDMAIL
OPTIONS_FILE_UNSET+=DOCS
OPTIONS_FILE_UNSET+=HTDIG
OPTIONS_FILE_UNSET+=NAMAZU2
OPTIONS_FILE_SET+=NLS
OPTIONS_FILE_UNSET+=COURIER
OPTIONS_FILE_UNSET+=EXIM4
OPTIONS_FILE_UNSET+=OPENSMTPD
OPTIONS_FILE_SET+=POSTFIX
OPTIONS_FILE_UNSET+=SENDMAIL

Differences from default config:

DOCS    off
POSTFIX on
Comment 3 Dan Langille freebsd_committer 2015-04-12 17:04:36 UTC
These are the poudriere the jails I have tried:

FreeBSD 101amd64-default-master-list 10.1-RELEASE-p6 FreeBSD 10.1-RELEASE-p6 amd64
FreeBSD 93amd64-default-master-list 9.3-RELEASE-p7 FreeBSD 9.3-RELEASE-p7 amd64

A full poudriere run is here: http://services.unixathome.org/poudriere/build.html?mastername=93amd64-default-master-list&build=2015-04-12_16h51m15s
Comment 4 Dan Langille freebsd_committer 2015-04-12 17:19:33 UTC
I notice this, but have to stop working for a bit:

root@93amd64-default-master-list:/usr/ports/mail/mailman # grep -ri chmod *                                                                                                                  
files/pkg-install.in:    /bin/chmod u+rwx,g+rwsx,o-w "{}" +
files/pkg-install.in:  /bin/chmod 02775 "%%MAILMANDIR%%" \
files/pkg-install.in:  /bin/chmod u+rwx,g+srwx      "%%MAILMANDIR%%/archives/private"
files/pkg-install.in:  /bin/chmod u+rwx,g+srwx,o+rx "%%MAILMANDIR%%/logs"
files/pkg-install.in:    -exec chmod 02775 '{}' +
root@93amd64-default-master-list:/usr/ports/mail/mailman #
Comment 5 Dan Langille freebsd_committer 2015-04-12 18:16:12 UTC
I'm using zfs.

One of the testports I ran was in these jails:

   927  127.0.0.1       93amd64-default-master-list   /usr/local/poudriere/data/.m/93amd64-default-master-list/ref
   928  -               93amd64-default-master-list   /usr/local/poudriere/data/.m/93amd64-default-master-list/ref

The host system is:
 10.1-RELEASE-p9 FreeBSD 10.1-RELEASE-p9 #0: Tue Apr  7 01:09:46 UTC 2015     root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC  amd64
Comment 6 Matthias Andree freebsd_committer 2015-04-15 23:20:51 UTC
I'm using UFS2+SOFTDEP here, 10.1 amd64 host, and am not seeing such trouble.

The relevant code from Mailman's Makefile is:

# Modes for directories and executables created by the install
# process.  Default to group-writable directories but
# user-only-writable for executables.
DIRMODE=        775
EXEMODE=        755
FILEMODE=       644
INSTALL_PROGRAM=$(INSTALL) -m $(EXEMODE)
DIRSETGID=      chmod g+s
...
doinstall: $(SUBDIRS)
        @echo "Creating architecture independent directories..."
        @for d in $(VAR_DIRS); \
        do \
            dir=$(DESTDIR)$(var_prefix)/$$d; \
            if test ! -d $$dir; then \
                echo "Creating directory hierarchy $$dir"; \
                $(srcdir)/mkinstalldirs $$dir; \
                chmod $(DIRMODE) $$dir; \
                $(DIRSETGID) $$dir; \
            else true; \
            fi; \
        done

Looks pretty innocent, and from the screen output, the pkg-install script has not yet been run at that time.

Is there anything (particular lock-down) on your system that prevents mode 0775o or 02775o (set-gid) on the directories?  Anything in your umask?  

Are you using a plain build, or poudriered?
Comment 7 Dan Langille freebsd_committer 2015-04-15 23:24:53 UTC
I am building with poudriere.

As for "Is there anything (particular lock-down) on your system that prevents mode 0775o or 02775o (set-gid) on the directories?  Anything in your umask?  "

Not that I'm aware of.  What things can I check / search for?  Everything is run as root.
Comment 8 Matthias Andree freebsd_committer 2015-04-15 23:29:35 UTC
I am currently scratching my head, but that does not trigger many new ideas.  
Any security levels imposed on the kernel?

I can build with poudriere just fine, or on a plain system, but I get the staged directories (Comment #1) owned by root, not nobody.  I am not sure if that is worth investigating, or a red herring, and I am not sure if ZFS makes a difference versus UFS2 here.
Comment 9 Dan Langille freebsd_committer 2015-04-15 23:46:16 UTC
No security levels.  Running GENERIC.

FreeBSD slocum.int.unixathome.org 10.1-RELEASE-p9 FreeBSD 10.1-RELEASE-p9 #0: Tue Apr  7 01:09:46 UTC 2015     root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC  amd64

I am sure it is something specific to my setup.  I've had another person build with ZFS fine.  I'm confused...
Comment 10 Dan Langille freebsd_committer 2015-04-22 17:41:52 UTC
Please try building with poudriere and this option in poudriere.conf:

BUILD_AS_NON_ROOT=yes
Comment 11 Dan Langille freebsd_committer 2015-04-22 20:56:10 UTC
Created attachment 155877 [details]
Building with 'BUILD_AS_NON_ROOT=no' in poudriere.conf succeeds

Building with 'BUILD_AS_NON_ROOT=no' in poudriere.conf succeeds
Comment 12 Matthias Andree freebsd_committer 2015-04-22 21:25:31 UTC
I've never tested in poudriere with that option. In a live system build, I can "make stage" and "make package" as unprivileged user, and poudriere 3.1.3 and 3.1.4 builds on 9.3/10.1 amd64 succeed with more or less default configuration.

I am wondering how the port is to fault here, or if this is a poudriere issue...
Comment 13 Dan Langille freebsd_committer 2015-04-22 21:47:03 UTC
That port or poudriere question is best answered by someone else.

For what it's worth, all my other builds are OK.  Only mailman fails this way.

I noe that files/pkg-install.in contains many chmod

Can / should that be done via pkg-plist instead? 

For example, sysutils/bacula-server/pkg-plist has lines such as:

@sample(,bacula,) %%ETCDIR%%/bacula-sd.conf.sample
@dir(bacula,bacula,)  %%BACULA_DIR%%

re https://www.freebsd.org/doc/en/books/porters-handbook/plist-keywords.html
Comment 14 commit-hook freebsd_committer 2015-04-22 22:17:12 UTC
A commit references this bug:

Author: mandree
Date: Wed Apr 22 22:16:22 UTC 2015
New revision: 384524
URL: https://svnweb.freebsd.org/changeset/ports/384524

Log:
  USE_AUTOTOOLS -> USES=autoreconf, GNU_CONFIGURE=yes

  Add USES=fakeroot to permit non-root builds if user is not in wheel
  group. [1]

  PR:		199396 [1]
  Submitted by:	dvl [1]

Changes:
  head/mail/mailman/Makefile
Comment 15 Matthias Andree freebsd_committer 2015-04-22 22:17:51 UTC
I've been through pkg-install.in vs. pkg-plist, and the latter did not work due to libarchive bugs that were unfixable in the older FreeBSD releases, so the pkg-install.in chmod stuff cannot go away for now.

I have added USES=fakeroot and modernized to USES=autoreconf.

Please update to a ports tree r384524 or newer and retry, then close this PR or report back to me.
Comment 16 Dan Langille freebsd_committer 2015-04-23 17:05:36 UTC
Works for me now. Thank you.