kduret commented 9 months ago

What happened?

When I package a RPM, subdirectories has root:root even if I set file_info.owner and file_info.group to apache

When using type: tree, all files and subdirectories are root:root instead of apache:apache

How can we reproduce this?

Create following file structure :
- A/B/C.txt
- X/Y/Z.txt

Create my-package.yaml :


name: my-package
arch: "all"
platform: "linux"
version_schema: "none"
version: "1.0.0"
release: "1"
section: "default"
priority: "optional"
maintainer: "kduret"
description: |
This is a test package.
Commit: my-commit-hash
vendor: "kduret"
homepage: "https://www.google.com"
license: "Apache-2.0"

contents:

src: "./A/" dst: "/usr/share/A" type: tree file_info: mode: 0644 owner: "apache" group: "apache"
src: "./B" dst: "/usr/share/B" file_info: mode: 0644 owner: "apache" group: "apache"

run following nfpm command : nfpm package --config my-package.yaml --packager rpm
Install httpd to create apache user : dnf install httpd
Install generated rpm : rpm -Uvh my-package-1.0.0-1.rpm
Received result :
- all directories and files in /usr/share/A are root:root
- all directories in /usr/share/B are root:root
- all files in /usr/share/B are apache:apache
Expected result :
- all directories and files in /usr/share/A are apache:apache
- all directories and files in /usr/share/B are apache:apache

nfpm version

# nfpm --version
       _____ ____  __  __
 _ __ |  ___|  _ \|  \/  |
| '_ \| |_  | |_) | |\/| |
| | | |  _| |  __/| |  | |
|_| |_|_|   |_|   |_|  |_|
nfpm: a simple and 0-dependencies deb, rpm, apk and arch linux packager written in Go
https://nfpm.goreleaser.com

GitVersion:    2.33.1
GitCommit:     bb6d0b9839c71ebd5d9d9bc0cf4088b3b933dc09
GitTreeState:  false
BuildDate:     2023-09-22T02:48:09Z
BuiltBy:       goreleaser
GoVersion:     go1.21.1
Compiler:      gc
ModuleSum:     h1:EkdAzZyVhAI9JC1vjmjjbmnNzyH1J6Cu4JCsA7YcQuc=
Platform:      linux/amd64

Search

[X] I did search for other open and closed issues before opening this.

Code of Conduct

[X] I agree to follow this project's Code of Conduct

Additional context

I have not tested with deb packages
Same issue with nfpm version 2.29.0

caarlos0 commented 9 months ago

I still need to investigate properly, but I think part of the issue is files.addParents which adds the implicit parent dirs with root/root/0o755.

That's not the full story though... as rpms do not add the implicit dirs - and I don't remember why)

cc/ @goreleaser/nfpm if anyone has more ideas

erikgeiser commented 9 months ago

@caarlos0 If an rpm explicitly adds a directory, the package takes ownership of the directory. If /etc/ was added implicitly when adding /etc/program.conf, the package would take ownership of /etc. However, the correct owner of /etc is the filesystem package. This can result in conflicts as seen here: https://github.com/google/rpmpack/issues/62

This is also documented here: https://github.com/goreleaser/nfpm/blob/a8707cd42874f46a192ec2ef9918d3a75631afb6/www/docs/configuration.md?plain=1#L244-L254

Other tools such as fpm use a workaround where some directories such as /etc are blacklisted. I use a custom wrapper around nfpm that does this, too. My list works for my use case but I don't think there is a list that fits all needs.

kduret commented 9 months ago

Thank you for your answers

But if I claim explicitely the directory ownership using following instructions :

contents:
  - dst: "/usr/share/A"
    type: dir
    file_info:
      mode: 0755
      owner: "apache"
      group: "apache"

  - src: "./A"
    dst: "/usr/share/A"
    file_info:
      mode: 0644
      owner: "apache"
      group: "apache"

The subdirectories in /usr/share/A/ remain root:root

ccb1900 commented 8 months ago

I also encountered the same problem.

- dst: /var/lib/test
    type: tree
    file_info:
      mode: 0755
      owner: test
      group: test

subdirectories got "root",expected "test:test"

ccb1900 commented 8 months ago

Thank you for your answers

But if I claim explicitely the directory ownership using following instructions :
contents:
  - dst: "/usr/share/A"
    type: dir
    file_info:
      mode: 0755
      owner: "apache"
      group: "apache"

  - src: "./A"
    dst: "/usr/share/A"
    file_info:
      mode: 0644
      owner: "apache"
      group: "apache"
The subdirectories in /usr/share/A/ remain root:root

because the code

ower and group are invalid, as @caarlos0 said

@kduret

caarlos0 commented 8 months ago

754 should fix it I think

kduret commented 8 months ago

Thanks for your work @caarlos0 ❤️ I will test it soon

ccb1900 commented 8 months ago

754 should fix it I think

"/ etc / var" and other system directory permissions?

caarlos0 commented 8 months ago

ah, I forgot about that... will fix

caarlos0 commented 8 months ago

check #760

goreleaser / nfpm

Bad rights on created subdirectories #738

What happened?

How can we reproduce this?

nfpm version

Search

Code of Conduct

Additional context

754 should fix it I think

754 should fix it I think