Ubuntu
snapcraft package

"type: os" should prevent stage and prime stages from mangling content

Bug #1605903 reported by Oliver Grawert
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Snapcraft
Fix Released
Critical
Joe Talbott
Snapcraft 2.15
snapcraft (Ubuntu)
Fix Released
Critical
Joe Talbott

Bug Description

creating an os snap via launchpad makes me end up with a squashfs where all directories are owned by root. snaps (and build logs) can be found at https://code.launchpad.net/~ogra/+snap/os-snap-test

as you can see in the build log there is a "chown -R 1000:1000 /home/ubuntu" in the build process, yet the resulting snap has:

ubuntu@localhost:~$ ls -nl /snap/ubuntu-core/current/home/
total 0
drwxr-xr-x 2 0 0 66 Jul 22 13:31 ubuntu

Revision history for this message
Oliver Grawert (ogra) wrote : Re: type: os does not unset --all-root option for mksquashfs when coming from snapcraft.yaml

this also breaks various daemons that use system users

summary: - type: os does not unset --all-root option for mksquashfs when coming fro
- snapcraft.yaml
+ type: os does not unset --all-root option for mksquashfs when coming
+ from snapcraft.yaml
Revision history for this message
Oliver Grawert (ogra) wrote :

this seems to not be related to -all-root but actually something in the prime step seems to mangle the permissions.
i have checked with a snapcraft where i hardcoded -all-root and also added debug output that checks the permissions before the stage and prime steps run.

the permissions in $(DESTDIR) are still correct before stage and prime run. seems we need some more recognition of "type: os" in these steps so it doesnt modify the rootfs.

Revision history for this message
Oliver Grawert (ogra) wrote :

https://launchpadlibrarian.net/274818642/buildlog_snap_ubuntu_xenial_amd64_os-snap-test_BUILDING.txt.gz has calls to

find binary/boot/filesystem.dir/ \! -user root -print

and

find binary/boot/filesystem.dir/ \! -group root -print

output at the end of the log ... most of these file ownerships do not exist any more in the resulting snap of https://code.launchpad.net/~ogra/+snap/os-snap-test/+build/1864

the log also show some library dependency errors at the very end that seem to be related to teh prime step.

summary: - type: os does not unset --all-root option for mksquashfs when coming
- from snapcraft.yaml
+ "type: os" should prevent stage and prime stages from mangling content
Revision history for this message
Oliver Grawert (ogra) wrote :

(setting to critical since this actually blocks ubuntu-core snap builds now)

Changed in snapcraft (Ubuntu):
importance: Undecided → Critical
Revision history for this message
Oliver Grawert (ogra) wrote :

a test build with https://github.com/snapcore/snapcraft/pull/690 applied confirms that this PR fixes the bugs properly.

Kyle Fazzari (kyrofa)
Changed in snapcraft (Ubuntu):
status: New → In Progress
assignee: nobody → Joe Talbott (joetalbott)
Revision history for this message
Oliver Grawert (ogra) wrote :

to reproduce:

create a blank PPA and copy the livecd-rootfs package from https://launchpad.net/~snappy-dev/+archive/ubuntu/image to it ...

branch lp:ubuntu-core-snap, edit the ENV variable in the Makefile and replace snappy-dev/ubuntu/image in the EXTRA_PPAS variable with your own PPA, then just run "sudo snapcraft" and compare the file ownerships to the actual ownerships in parts/livebuild/build/binary/boot/filesystem.dir/

Revision history for this message
Oliver Grawert (ogra) wrote :

Note that the above PPA fiddling is necessary because the patch is already backported to a snapcraft package in the ~snappy-dev/ubuntu/image PPA (to unblock builds)

resulting builds can be found at https://code.launchpad.net/~snappy-dev/+snap/ubuntu-core

Sergio Schvezov (sergiusens)
Changed in snapcraft (Ubuntu):
status: In Progress → Fix Committed
Changed in snapcraft:
importance: Undecided → Critical
status: New → Fix Committed
assignee: nobody → Joe Talbott (joetalbott)
milestone: none → 2.14
Sergio Schvezov (sergiusens)
Changed in snapcraft:
status: Fix Committed → Fix Released
Revision history for this message
Oliver Grawert (ogra) wrote :

i sadly have to re-open this one, whatever changed since the first commit of the patch (which i used in the PPA) broke it again ... broke it again ...

https://code.launchpad.net/~snappy-dev/+snap/ubuntu-core/+build/2660 is todays build (after the new snapcraft (2.14) landed in xenial-updates) and has:

ubuntu@localhost:~$ ls -lh /home/
total 4.0K
drwxr-xr-x 3 root root 4.0K Aug 11 08:17 ubuntu
ubuntu@localhost:~$

so $HOME is root owned again ...
the first commit of https://github.com/snapcore/snapcraft/pull/690 worked fine ...

Changed in snapcraft:
status: Fix Released → Confirmed
Revision history for this message
Joe Talbott (joetalbott) wrote :

I've filed a PR to resolve this.

https://github.com/snapcore/snapcraft/pull/721

Changed in snapcraft:
status: Confirmed → In Progress
Revision history for this message
Joe Talbott (joetalbott) wrote :

https://github.com/snapcore/snapcraft/pull/723 is the latest PR for this bug.

Revision history for this message
Kyle Fazzari (kyrofa) wrote :

Now stay closed!

Changed in snapcraft:
status: In Progress → Fix Committed
milestone: 2.14 → 2.15
Sergio Schvezov (sergiusens)
Changed in snapcraft:
status: Fix Committed → Fix Released
Sergio Schvezov (sergiusens)
Changed in snapcraft (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.