Bug 645182

Summary:	vcs-snapshot.eclass: tar tries to unpack files preserving owners (missing -o option?)
Product:	Gentoo Linux	Reporter:	Sergei Trofimovich (RETIRED) <slyfox>
Component:	Current packages	Assignee:	Michał Górny <mgorny>
Status:	RESOLVED FIXED
Severity:	normal
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:
Package list:		Runtime testing required:	---
Attachments:	dev-python-pycparser-2.14-build.log

Description Sergei Trofimovich (RETIRED) gentoo-dev

2018-01-20 21:39:17 UTC

Created attachment 515524 [details]
dev-python-pycparser-2.14-build.log

I am trying to use unprivileged user namespaces for stage3 chroots for most of development.

In this case =dev-python/pycparser-2.14 failed to unpack as:

^[[32;01m * ^[[39;49;00mPackage:    dev-python/pycparser-2.14
^[[32;01m * ^[[39;49;00mRepository: gentoo
^[[32;01m * ^[[39;49;00mMaintainer: python@gentoo.org
^[[32;01m * ^[[39;49;00mUSE:        elibc_glibc hppa kernel_linux python_targets_python2_7 python_targets_python3_5 userland_GNU
^[[32;01m * ^[[39;49;00mFEATURES:   preserve-libs sandbox userpriv usersandbox
>>> Unpacking source...
tar: CHANGES: Cannot change ownership to uid 1000, gid 1000: Invalid argument
...

Other packages unpack and install just fine. I've compared why portage works as-is. I think it's due to missing '-o' option:

portage:
    bin/phase-helpers.sh: $1 -c -- "$srcdir$x" | tar xof -

    https://github.com/gentoo/portage/blob/fe09b49fd09f42b9b6956f6c299bd325c62f0e83/bin/phase-helpers.sh#L317

vcs-snapshot.eclass:
    tar -C "${destdir}" -x --strip-components 1 \
        -f "${DISTDIR}/${f}" || die

'o' is (man tar follows)
   Compatibility options
       -o     When creating, same as --old-archive.  When extracting, same as --no-same-owner.
       --no-same-owner
              Extract files as yourself (default for ordinary users).

Unprivileged containers allow only one-to-one mapping between UIDs in and outside containers. It basically means I need to run everything as a single user in container.

I chose to map my normal user to uid root (--user --map-root-user) and running everything as container's root (changing uid is forbidden by kernel).

Running everything as uid=0 works fine as long as everything wants to stay uid=0: newly created files should be root-owned, etc.

By default tar when ran as root tries to restore owner's UID/GID.
That's the place where things break.

The following patch makes pycparser unpack just fine:

--- a/eclass/vcs-snapshot.eclass
+++ b/eclass/vcs-snapshot.eclass
@@ -70 +70 @@ vcs-snapshot_src_unpack() {
-                               tar -C "${destdir}" -x --strip-components 1 \
+                               tar -C "${destdir}" -xo --strip-components 1 \

Comment 1 Michał Górny archtester

2018-01-20 22:29:23 UTC

WFM. Could you submit to gentoo-dev@ for completeness? But you don't have to elaborate that much on it ;-P.

Comment 2 Sergei Trofimovich (RETIRED) gentoo-dev

2018-01-21 00:20:06 UTC

Sent https://archives.gentoo.org/gentoo-dev/message/9c59c75e482a7a0bd8348c5257af80ef for review.

Comment 3 Larry the Git Cow gentoo-dev

2018-03-17 23:18:41 UTC

The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a10a1bf072ae90445fb6d238659a799d3bf55375

commit a10a1bf072ae90445fb6d238659a799d3bf55375
Author:     Sergei Trofimovich <slyfox@gentoo.org>
AuthorDate: 2018-01-21 00:01:59 +0000
Commit:     Sergei Trofimovich <slyfox@gentoo.org>
CommitDate: 2018-03-17 23:18:35 +0000

    vcs-snapshot.eclass: set -o (--no-same-owner) when unpacking, bug #645182
    
    Fixes build failures in unprivileged containers like bug #645182:
      Package:    dev-python/pycparser-2.14
      >>> Unpacking source...
      tar: CHANGES: Cannot change ownership to uid 1000, gid 1000: Invalid argument
    
    In such containers uid=0 can't really change file ownership.
    
    Closes: https://bugs.gentoo.org/645182
    Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org>

 eclass/vcs-snapshot.eclass | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)