On 12/22/2017 08:31 AM, Manuel Reimer wrote: > My autobuild process runs as root. It also directly updates the chroot > which also needs root permissions so it's the best to start with "root" > and then drop privileges for the tasks that shouldn't run with root > privileges. The whole system is a dedicated build VM, so there is no > reason to not use "root" for the main purpose of this machine. makechrootpkg already runs systemd-nspawn to enter the chroot and run pacman -Syu as the root user, so this isn't strictly necessary. >> That is the first time the makepkg command is run. The second time, is >> inside the chroot, which should automatically be run as the "builduser" >> user inside a systemd-nspawn container (we don't actually use chroot). > > And this one fails. But why? Does makechrootpkg for some reason miss to > drop privileges if the "-U" parameter is used? The -U parameter is completely ignored in the chroot. Once sources are downloaded, it runs systemd-nspawn to enter the chroot as root, then runs /chrootbuild, which uses a hardcoded command: sudo -iu builduser bash -c 'cd /startdir; makepkg "$@"' -bash "$@" Once you enter the chroot, nothing you do should matter, unless the chroot itself is completely damaged. -- Eli Schwartz
Attachment:
signature.asc
Description: OpenPGP digital signature
