Installing goa to read-only location results in signature verification failure

[blitz]

When trying to run goa build for the first time, it tries to copy the default depot into the source directory. If goa was installed in a read-only location, the resulting files will also be read-only. This issue came up during packaging of goa.

%  find .
./src
./src/Makefile
./src/hello.cc
./used_apis
% goa build 
download nfeske/api/base/2019-11-23.tar.xz
download nfeske/api/base/2019-11-23.tar.xz.sig
Error: could not verify 'nfeske/api/base/2019-11-23', signature does not match
       public key '/home/julian/src/own/genode-hello/var/depot/nfeske/pubkey'
Error: failed to download the following depot archives:
 nfeske/api/base/2019-11-23

The reason is that gpg cannot create the key in the read-only directories goa created:

gpg: can't create '/home/julian/src/own/genode-hello/var/depot/nfeske/pubkey.dearmored': Permission denied

% ls -lh var/depot
total 8.0K
dr-xr-xr-x 2 julian users 4.0K Jan  1  1970 genodelabs
dr-xr-xr-x 2 julian users 4.0K Jan  1  1970 nfeske

This can be hotfixed by running chmod -R +w var.

The real fix seems to be fixing this Tcl code:

proc prepare_depot_with_archives { archive_list } {
    global depot_dir public_dir tool_dir jobs

    if {![depot_exists]} {

        if {[customized_variable depot_dir]} {
            exit_with_error "cannot install APIs because" \
                            "there is no depot at $depot_dir" }

        # create default depot local to the project at var/depot/
        file mkdir var
        file copy [file join $tool_dir default_depot] $depot_dir # <- This needs to be fixed
    }

Unfortunately, my Tcl skills are zero. :(

[nfeske]

This is not just a problem for the depot but also for any other files generated by goa.

The easiest fix is probably to instruct goa to place the var directory at another (writeable) location outside the src directory. With the minor fix https://github.com/nfeske/goa/commit/73f7b40af02687927d301177d0e9cde3482c34ea in place, this can be done by either using the --common-var-dir argument, e.g.,

goa run --common-var-dir /tmp/var

or by defining the common var directory in a .goarc file:

set common_var_dir /tmp/var

[blitz]

Thanks for the quick response!

I'm not quite sure we are talking about the same problem here. My problem is that goa populates the default depot config from wherever it is installed. If that happens to be read-only the new var/depot/nfeske/ will also be read-only, because the copy operation preserves the file and directory modes. Afterwards we fail to create files in the read-only directories created by goa.

For me, it seems that the best solution is to populate depot from the templates shipped with goa as cp --no-preserve=all would do.

I can give this a shot and try implementing this in tcl, but I fear it's going to be horrible. :-)

[nfeske]

Now I get it. Thanks for the clarification. The problem is just the inheritance of the read-only attribute. That's funny. It would be good to find a clean Tcl way to doing this.

[blitz]

Sorry for the somewhat confused initial description. It was late...

[blitz]

I'm working around it like this. Seems to work.

diff --git a/bin/goa b/bin/goa
index a5c23ae..d7f8882 100755
--- a/bin/goa
+++ b/bin/goa
@@ -356,6 +356,10 @@ proc prepare_depot_with_archives { archive_list } {
        # create default depot local to the project at var/depot/
        file mkdir [file dirname $depot_dir]
        file copy [file join $tool_dir default_depot] $depot_dir
+
+       # Copy preserves attributes, so we might have created
+       # read-only files.
+       exec chmod -R +w $depot_dir
    }

    # create list of depot users without duplicates

[nfeske]

This issue should be fixed by https://github.com/nfeske/goa/commit/adbcf8bdfdaca6cafddd008de681cd2b39ead134, which uses Tcl builtin functions.