search

containers / build

another build tool for container images (archived, see https://github.com/rkt/rkt/issues/4024)
Apache License 2.0
342 stars 80 forks source link

acbuild begin silently does nothing when run not by root #272

Closed dimas closed 7 years ago

dimas commented 7 years ago

I created rootfs folder with debootstrap, played with acbuild with no luck. Spent a lot of time before realised that "acbuild begin" actually copies files under .acbuild/currentaci/ and it fails to do so unless run under root user. I assume this is because it tries to keep file ownership and just cannot create root-owned files. But it definitely makes sense to alert user when you cannot do something not just swallow problems. To me, failure to copy a single file already warrants non-zero exit code. Maybe with a command line option to change that behaviour. Cheers

cgonyeo commented 7 years ago

Huh, I would expect it to create the files with the current user's permissions. This is definitely an issue.

dimas commented 7 years ago

To be honest, I know very little on how these things should work as I am very new to this. But if keeping original file owners/groups is important and files end up with these owners/groups in the image, then it is probably not the best idea to lose this information and if "acbuild begin" cannot keep that information even for a single file - it should really complain because it can be important as user will end up not with the files/permissions he thinks but with something else. No?

cgonyeo commented 7 years ago

Yeah you're right. Acbuild doesn't choke on it right now for convenience. It should spit out a warning though. If you're feeling up to it feel free to add a PR, otherwise I'll get to it in a couple days.

On Mon, Nov 28, 2016 at 3:34 PM, Dmitry Andrianov notifications@github.com wrote:

To be honest, I know very little on how these things should work as I am very new to this. But if keeping original file owners/groups is important and files end up with these owners/groups in the image, then it is probably not the best idea to lose this information and if "acbuild begin" cannot keep that information even for a single file - it should really complain because it can be important as user will end up not with the files/permissions he thinks but with something else. No?

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/containers/build/issues/272#issuecomment-263386124, or mute the thread https://github.com/notifications/unsubscribe-auth/ACU49VbrbMmDUO6US7r_VsvolIc46kluks5rCzrQgaJpZM4K9Jcq .