Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

test: prevent rpmbuild from writing to system rpmdb #1234

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

test: prevent rpmbuild from writing to system rpmdb #1234

wants to merge 1 commit into from

Conversation

pastalian
Copy link

rpmbuild with default dbpath will write to /var/lib/rpm. Set it to the temporary directory.

Conan-Kudo
Conan-Kudo requested changes Feb 12, 2024
View reviewed changes
test/data/build-rpms-and-repos.sh
@@ -32,6 +32,7 @@ function build_rpms() {

# Note: _build_name_fmt requires escaped %% for use in headerSprintf()
rpmbuild -ba \
--dbpath "${RPMBUILD_TOPDIR}" \
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This means it cannot read dependencies installed on the system for building packages.

Copy link
Member

@Conan-Kudo Conan-Kudo Feb 12, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

And this is a problem because we don't use --nodeps, so we actually do expect to have build deps installed.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there a possibility to add build-time dependencies to test packages? They don't have any and testcases will pass right now.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe? I'm not sure.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In my opinion, DNF5 tests should be self-contained, i.e. independent from the system RPM database. But I worry many of them are not. If rpmbuild --dbpath breaks the tests, the tests needs to be fixed in the pull request or before this pull request.

@pastalian
test: prevent rpmbuild from writing to system rpmdb
256508b 
rpmbuild with default dbpath will write to /var/lib/rpm. Set it to the
temporary directory.
@pmatilai
Copy link
Member

Eh, rpmbuild does not write to rpmdb. It will only read from it, and the only situation where that will result in actual writing is when the database doesn't exist at all.

What is the actual problem you're experiencing?

@pastalian
Copy link
Author

@pmatilai The main rpmdb itself does not get written as you say, but its WAL related files rpmdb.sqlite-{shm,wal} do.
I found this issue when trying to build dnf5 with Gentoo, which detects sandbox violations.

detail 
 * ----------------------- SANDBOX ACCESS VIOLATION SUMMARY -----------------------
 * LOG FILE: "/var/tmp/portage/sys-apps/dnf5-5.1.12/temp/sandbox.log"
 * 
VERSION 1.0
FORMAT: F - Function called
FORMAT: S - Access Status
FORMAT: P - Path as passed to function
FORMAT: A - Absolute Path (not canonical)
FORMAT: R - Canonical Path
FORMAT: C - Command Line

F: open_wr
S: deny
P: /var/lib/rpm/rpmdb.sqlite-wal
A: /var/lib/rpm/rpmdb.sqlite-wal
R: /var/lib/rpm/rpmdb.sqlite-wal
C: rpmbuild -ba --define=_topdir /var/tmp/portage/sys-apps/dnf5-5.1.12/temp/tmp.3Nm4YQBFMS --define=_srcrpmdir /var/tmp/portage/sys-apps/dnf5-5.1.12/work/dnf5-5.1.12_build/test/data/cmdline-rpms --define=_rpmdir /var/tmp/portage/sys-apps/dnf5-5.1.12/work/dnf5-5.1.12_build/test/data/cmdline-rpms --define=_build_name_fmt %%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}.rpm --define=_source_payload w1.gzdio --define=_binary_payload w1.gzdio /var/tmp/portage/sys-apps/dnf5-5.1.12/work/dnf5-5.1.12/test/data/cmdline-rpms/cmdline-1.2-3.spec

F: open_wr
S: deny
P: /var/lib/rpm/rpmdb.sqlite-shm
A: /var/lib/rpm/rpmdb.sqlite-shm
R: /var/lib/rpm/rpmdb.sqlite-shm
C: rpmbuild -ba --define=_topdir /var/tmp/portage/sys-apps/dnf5-5.1.12/temp/tmp.3Nm4YQBFMS --define=_srcrpmdir /var/tmp/portage/sys-apps/dnf5-5.1.12/work/dnf5-5.1.12_build/test/data/cmdline-rpms --define=_rpmdir /var/tmp/portage/sys-apps/dnf5-5.1.12/work/dnf5-5.1.12_build/test/data/cmdline-rpms --define=_build_name_fmt %%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}.rpm --define=_source_payload w1.gzdio --define=_binary_payload w1.gzdio /var/tmp/portage/sys-apps/dnf5-5.1.12/work/dnf5-5.1.12/test/data/cmdline-rpms/cmdline-1.2-3.spec

@pmatilai
Copy link
Member

There wouldn't be any system rpmdb on Gentoo.

@ppisar ppisar added RFE Request For Enhancement (as opposed to a bug) Priority: LOW labels Feb 14, 2024
ppisar
ppisar reviewed Feb 14, 2024
View reviewed changes
test/data/build-rpms-and-repos.sh
--define="_topdir ${RPMBUILD_TOPDIR}" \
--define="_srcrpmdir ${TARGET_DIR}" \
--define="_rpmdir ${TARGET_DIR}" \
--define="_build_name_fmt %%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}.rpm" \
--define="_source_payload w1.gzdio" \
--define="_binary_payload w1.gzdio" \
--nodeps \
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

--nodeps is not good. The tests needs to be adapted to resolve all dependencies from a nonsystem --dbpath.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ppisar ppisar ppisar left review comments

@Conan-Kudo Conan-Kudo Conan-Kudo requested changes

Assignees
No one assigned
Labels
Priority: LOW RFE Request For Enhancement (as opposed to a bug)
Projects
DNF team
Status: Backlog
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@pastalian @pmatilai @Conan-Kudo @ppisar