From 5e1334a4d05a5eea9b9e1125b4faee18b38e5292 Mon Sep 17 00:00:00 2001 From: Pavel Raiskup Date: Thu, 18 Jul 2024 18:22:46 +0200 Subject: [PATCH] Respect `nspawn_args` whenever `doChroot` is called MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This also includes all `doOutChroot()` calls, as that method internally calls `doChroot()`. The issue was identified when trying to work around a problem [1] where the SELinux policy prevented `systemd-machined` from creating a varlink socket, causing it to fail to start. As a result, `systemd-nspawn` could not register the machine. Tomáš tried the following configuration: config_opts['nspawn_args'] = ['--register=no'] This was intended to ensure that `systemd-nspawn` does not attempt to register the machine with `systemd-machined`. However, the configuration had no effect (the argument was not visible in the `systemd-nspawn` command line, and the original issue persisted). [1] https://issues.redhat.com/browse/RHEL-49567 Co-authored-by: Tomáš Hozza Closes: #1410 Closes: #1456 --- mock/py/mockbuild/backend.py | 16 ++-------------- mock/py/mockbuild/buildroot.py | 12 +++++++++++- mock/py/mockbuild/plugins/rpkg_preprocessor.py | 1 - mock/py/mockbuild/plugins/rpmautospec.py | 1 - mock/tests/plugins/test_rpmautospec.py | 1 - .../nspawn-args-chroot-bootstrap.bugfix | 5 +++++ 6 files changed, 18 insertions(+), 18 deletions(-) create mode 100644 releng/release-notes-next/nspawn-args-chroot-bootstrap.bugfix diff --git a/mock/py/mockbuild/backend.py b/mock/py/mockbuild/backend.py index 9649529d3..200709bde 100644 --- a/mock/py/mockbuild/backend.py +++ b/mock/py/mockbuild/backend.py @@ -65,12 +65,6 @@ def __init__(self, config, uid_manager, plugins, state, buildroot, bootstrap_bui self.private_network = not config['rpmbuild_networking'] self.rpmbuild_noclean_option = None - def _get_nspawn_args(self): - nspawn_args = [] - if util.USE_NSPAWN: - nspawn_args.extend(self.config['nspawn_args']) - return nspawn_args - @traceLog() def backup_results(self): srcdir = os.path.join(self.buildroot.basedir, "result") @@ -370,7 +364,7 @@ def shell(self, options, cmd=None): ret = util.doshell(chrootPath=self.buildroot.make_chroot_path(), environ=self.buildroot.env, uid=uid, gid=gid, cwd=cwd, - nspawn_args=self._get_nspawn_args(), + nspawn_args=self.config.get("nspawn_args", []), unshare_net=self.private_network, cmd=cmd) finally: @@ -400,11 +394,10 @@ def chroot(self, args, options): result = self.buildroot.doChroot(args, shell=shell, printOutput=True, uid=self.buildroot.chrootuid, gid=self.buildroot.chrootgid, user=self.buildroot.chrootuser, cwd=options.cwd, - nspawn_args=self._get_nspawn_args(), raiseExc=False, + raiseExc=False, unshare_net=self.private_network)[1] else: result = self.buildroot.doChroot(args, shell=shell, cwd=options.cwd, - nspawn_args=self._get_nspawn_args(), unshare_net=self.private_network, printOutput=True, raiseExc=False)[1] finally: @@ -644,7 +637,6 @@ def copy_spec_into_chroot(self, spec_path): def get_specfile_name(self, srpm_path): files = self.buildroot.doChroot([self.config['rpm_command'], "-qpl", srpm_path], shell=False, uid=self.buildroot.chrootuid, gid=self.buildroot.chrootgid, - nspawn_args=self._get_nspawn_args(), unshare_net=self.private_network, user=self.buildroot.chrootuser, returnOutput=True @@ -661,7 +653,6 @@ def install_srpm(self, srpm_path): output, return_code = self.buildroot.doChroot( command, shell=False, uid=self.buildroot.chrootuid, gid=self.buildroot.chrootgid, user=self.buildroot.chrootuser, - nspawn_args=self._get_nspawn_args(), unshare_net=self.private_network, returnOutput=True, returnStderr=True, raiseExc=False) if return_code: @@ -704,7 +695,6 @@ def rebuild_installed_srpm(self, spec_path, timeout): shell=False, logger=self.buildroot.build_log, timeout=timeout, uid=self.buildroot.chrootuid, gid=self.buildroot.chrootgid, user=self.buildroot.chrootuser, - nspawn_args=self._get_nspawn_args(), unshare_net=self.private_network, printOutput=self.config['print_main_output'] ) @@ -766,7 +756,6 @@ def get_command(mode, checkdeps=False): shell=False, logger=self.buildroot.build_log, timeout=timeout, uid=self.buildroot.chrootuid, gid=self.buildroot.chrootgid, user=self.buildroot.chrootuser, - nspawn_args=self._get_nspawn_args(), unshare_net=self.private_network, raiseExc=False, printOutput=self.config['print_main_output']) if returncode > 0 and returncode != 11: @@ -816,7 +805,6 @@ def get_command(mode, checkdeps=False): shell=False, logger=self.buildroot.build_log, timeout=timeout, uid=self.buildroot.chrootuid, gid=self.buildroot.chrootgid, user=self.buildroot.chrootuser, - nspawn_args=self._get_nspawn_args(), unshare_net=self.private_network, printOutput=self.config['print_main_output']) results = glob.glob(bd_out + '/RPMS/*.rpm') diff --git a/mock/py/mockbuild/buildroot.py b/mock/py/mockbuild/buildroot.py index 936a15835..becdbaf2e 100644 --- a/mock/py/mockbuild/buildroot.py +++ b/mock/py/mockbuild/buildroot.py @@ -389,9 +389,16 @@ def doOutChroot(self, command, *args, **kwargs): Execute the command in bootstrap chroot (when bootstrap is enabled) or on host. Return (output, exit_status) tuple. """ + + # the chrootPath would imply running chroot within containers, as well + # as on host (where we would have to setup nspawn_args, which is not + # implemented). + assert "chrootPath" not in kwargs + if self.bootstrap_buildroot: with self.mounts.buildroot_in_bootstrap_mounted(): - return self.bootstrap_buildroot.doChroot(command, *args, **kwargs) + return self.bootstrap_buildroot.doChroot( + command, *args, **kwargs) return util.do_with_status(command, *args, **kwargs) @@ -408,6 +415,9 @@ def doChroot(self, command, nosync=False, *args, **kargs): kargs['gid'] = uid.getresgid()[1] self.uid_manager.becomeUser(0, 0) + kargs.setdefault("nspawn_args", []) + kargs["nspawn_args"].extend(self.config.get("nspawn_args", [])) + try: result = util.do_with_status(command, chrootPath=self.make_chroot_path(), env=env, *args, **kargs) diff --git a/mock/py/mockbuild/plugins/rpkg_preprocessor.py b/mock/py/mockbuild/plugins/rpkg_preprocessor.py index 0eeb4516a..878a08775 100644 --- a/mock/py/mockbuild/plugins/rpkg_preprocessor.py +++ b/mock/py/mockbuild/plugins/rpkg_preprocessor.py @@ -117,6 +117,5 @@ def _preprocess(self, host_chroot_spec, host_chroot_sources): gid=self.buildroot.chrootgid, user=self.buildroot.chrootuser, unshare_net=private_network, - nspawn_args=self.config.get('nspawn_args', []), printOutput=self.config.get('print_main_output', True) ) diff --git a/mock/py/mockbuild/plugins/rpmautospec.py b/mock/py/mockbuild/plugins/rpmautospec.py index f8ab38667..3d8fc195f 100644 --- a/mock/py/mockbuild/plugins/rpmautospec.py +++ b/mock/py/mockbuild/plugins/rpmautospec.py @@ -123,6 +123,5 @@ def attempt_process_distgit( gid=self.buildroot.chrootgid, user=self.buildroot.chrootuser, unshare_net=not self.config.get("rpmbuild_networking", False), - nspawn_args=self.config.get("nspawn_args", []), printOutput=self.config.get("print_main_output", True), ) diff --git a/mock/tests/plugins/test_rpmautospec.py b/mock/tests/plugins/test_rpmautospec.py index 2c28ce090..53be74954 100644 --- a/mock/tests/plugins/test_rpmautospec.py +++ b/mock/tests/plugins/test_rpmautospec.py @@ -167,7 +167,6 @@ def test_attempt_process_distgit( gid=plugin.buildroot.chrootgid, user=plugin.buildroot.chrootuser, unshare_net=not plugin.config.get("rpmbuild_networking", False), - nspawn_args=plugin.config.get("nspawn_args", []), printOutput=plugin.config.get("print_main_output", True), ) else: diff --git a/releng/release-notes-next/nspawn-args-chroot-bootstrap.bugfix b/releng/release-notes-next/nspawn-args-chroot-bootstrap.bugfix new file mode 100644 index 000000000..30b9a7e3a --- /dev/null +++ b/releng/release-notes-next/nspawn-args-chroot-bootstrap.bugfix @@ -0,0 +1,5 @@ +Previously, the `nspawn_args` configuration value was not applied in multiple +internal `doChroot()` calls. This could cause issues when custom nspawn +arguments were needed everywhere (see [PR#1410][]). Now, `doChroot()` +automatically applies `nspawn_args`, shifting the responsibility from callers to +callee.