[libarchive-3.6.0] Bad UID/GID in recent packages

Problems with packages? Post here, using [tags] of the package name.
Topic locked

[libarchive-3.6.0] Bad UID/GID in recent packages

Postby vaar » Sat Feb 12, 2022 9:42 am

Today's packages (opus-1.3.1-3-aarch64.pkg.tar.xz and opus-1.3.1-3-armv7h.pkg.tar.xz, for example) have bad UID/GIDs. 1001/1001 in armv7h, 1000/1000 in aarch64. They list as builduser/builduser in the tar.xz.

The same happens with custom packages built with MAKEPKG from source. Instead of root/root, they have the UID/GID from the user that builds them. Bug in makepkg?

This only happens in Arch Arm. In Arch (x86) everything's ok.
Last edited by vaar on Sat Feb 12, 2022 10:36 am, edited 1 time in total.
vaar
 
Posts: 10
Joined: Sat Nov 09, 2019 9:05 am
Top

Re: Bad UID/GID in recent packages

Postby zebul666 » Sat Feb 12, 2022 9:46 am

Yes. I can confirm that on armv7h (rpi3b) opus package comes with files with uid/gid 1000/1000

qt5-base, gtk3 and gtk-update-icon-cache are affected here too

and glibc seems affected too, but for less files and binutils, gcc.
zebul666
 
Posts: 55
Joined: Fri Jul 10, 2015 4:55 pm
Top

Re: Bad UID/GID in recent packages

Postby vaar » Sat Feb 12, 2022 10:36 am

Ok, it's a problem with libarchive-3.6.0. Yesterday all my makepkg packages were ok. Today, all bad. I looked at my /var/cache/pacman/pkg/ directory and the only suspect package between yesterday and today was libarchive-3.6.0. Downgraded to 3.5.3 and voila, all my makepkg packages are root/root again.

The buildbot should also downgrade before more packages are b0rked.
vaar
 
Posts: 10
Joined: Sat Nov 09, 2019 9:05 am
Top

Re: [libarchive-3.6.0] Bad UID/GID in recent packages

Postby graysky » Sat Feb 12, 2022 11:10 am

$this->bbcode_second_pass_quote('vaar', 'T')oday's packages (opus-1.3.1-3-aarch64.pkg.tar.xz and opus-1.3.1-3-armv7h.pkg.tar.xz, for example) have bad UID/GIDs. 1001/1001 in armv7h, 1000/1000 in aarch64. They list as builduser/builduser in the tar.xz.


I don't understand what you're reporting... you run pacman as root, all downloaded files will be owned by root. Is that not the case for you?

$this->bbcode_second_pass_code('', '% stat /var/cache/pacman/pkg/opus-1.3.1-3-aarch64.pkg.tar.xz
File: /var/cache/pacman/pkg/opus-1.3.1-3-aarch64.pkg.tar.xz
Size: 236212 Blocks: 464 IO Block: 4096 regular file
Device: 179,2 Inode: 1444848 Links: 1
Access: (0644/-rw-r--r--) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2022-02-12 06:06:18.829623593 -0500
Modify: 2022-02-11 18:41:08.000000000 -0500
Change: 2022-02-12 06:06:18.705625855 -0500
Birth: 2022-02-12 06:06:18.497629650 -0500
')

$this->bbcode_second_pass_quote('vaar', 'T')he same happens with custom packages built with MAKEPKG from source. Instead of root/root, they have the UID/GID from the user that builds them. Bug in makepkg?


This is the expected behavior. You built the package, you own the corresponding tar.pkg.xxx.
graysky
Developer
 
Posts: 1880
Joined: Sun Jun 26, 2011 6:56 am
Location: /run/user/1000
Top

Re: [libarchive-3.6.0] Bad UID/GID in recent packages

Postby vaar » Sat Feb 12, 2022 11:16 am

The files installed by the package, not the package itself.

$this->bbcode_second_pass_code('', '$ ls -l /usr/include/opus/
total 172
-rw-r--r-- 1 1001 1001 48429 Feb 12 00:40 opus.h
-rw-r--r-- 1 1001 1001 14750 Feb 12 00:40 opus_custom.h
-rw-r--r-- 1 1001 1001 34903 Feb 12 00:40 opus_defines.h
-rw-r--r-- 1 1001 1001 33539 Feb 12 00:40 opus_multistream.h
-rw-r--r-- 1 1001 1001 28240 Feb 12 00:40 opus_projection.h
-rw-r--r-- 1 1001 1001 5157 Feb 12 00:40 opus_types.h
')

1001/1001 instead of root/root. Do a tar tvf /var/cache/pacman/pkg/opus-1.3.1-3-aarch64.pkg.tar.xz and see for yourself:

$this->bbcode_second_pass_code('', '$ tar tvf /var/cache/pacman/pkg/opus-1.3.1-3-aarch64.pkg.tar.xz
-rw-r--r-- builduser/builduser 4661 2022-02-12 00:40 .BUILDINFO
-rw-r--r-- builduser/builduser 2329 2022-02-12 00:40 .MTREE
-rw-r--r-- builduser/builduser 410 2022-02-12 00:40 .PKGINFO
drwxr-xr-x builduser/builduser 0 2022-02-12 00:40 usr/
drwxr-xr-x builduser/builduser 0 2022-02-12 00:40 usr/include/
drwxr-xr-x builduser/builduser 0 2022-02-12 00:40 usr/include/opus/
-rw-r--r-- builduser/builduser 48429 2022-02-12 00:40 usr/include/opus/opus.h
-rw-r--r-- builduser/builduser 14750 2022-02-12 00:40 usr/include/opus/opus_custom.h
-rw-r--r-- builduser/builduser 34903 2022-02-12 00:40 usr/include/opus/opus_defines.h
-rw-r--r-- builduser/builduser 33539 2022-02-12 00:40 usr/include/opus/opus_multistream.h
-rw-r--r-- builduser/builduser 28240 2022-02-12 00:40 usr/include/opus/opus_projection.h
-rw-r--r-- builduser/builduser 5157 2022-02-12 00:40 usr/include/opus/opus_types.h
drwxr-xr-x builduser/builduser 0 2022-02-12 00:40 usr/lib/
lrwxrwxrwx builduser/builduser 0 2022-02-12 00:40 usr/lib/libopus.so -> libopus.so.0.8.0
lrwxrwxrwx builduser/builduser 0 2022-02-12 00:40 usr/lib/libopus.so.0 -> libopus.so.0.8.0
-rwxr-xr-x builduser/builduser 354152 2022-02-12 00:40 usr/lib/libopus.so.0.8.0
drwxr-xr-x builduser/builduser 0 2022-02-12 00:40 usr/lib/pkgconfig/
-rw-r--r-- builduser/builduser 365 2022-02-12 00:40 usr/lib/pkgconfig/opus.pc
drwxr-xr-x builduser/builduser 0 2022-02-12 00:40 usr/share/
drwxr-xr-x builduser/builduser 0 2022-02-12 00:40 usr/share/aclocal/
-rw-r--r-- builduser/builduser 4079 2022-02-12 00:40 usr/share/aclocal/opus.m4
drwxr-xr-x builduser/builduser 0 2022-02-12 00:40 usr/share/licenses/
drwxr-xr-x builduser/builduser 0 2022-02-12 00:40 usr/share/licenses/opus/
-rw-r--r-- builduser/builduser 1928 2022-02-12 00:40 usr/share/licenses/opus/COPYING
drwxr-xr-x builduser/builduser 0 2022-02-12 00:40 usr/share/man/
drwxr-xr-x builduser/builduser 0 2022-02-12 00:40 usr/share/man/man3/
-rw-r--r-- builduser/builduser 1111 2022-02-12 00:40 usr/share/man/man3/opus_ctlvalues.3.gz
-rw-r--r-- builduser/builduser 3210 2022-02-12 00:40 usr/share/man/man3/opus_custom.3.gz
-rw-r--r-- builduser/builduser 984 2022-02-12 00:40 usr/share/man/man3/opus_custom.h.3.gz
-rw-r--r-- builduser/builduser 3984 2022-02-12 00:40 usr/share/man/man3/opus_decoder.3.gz
-rw-r--r-- builduser/builduser 954 2022-02-12 00:40 usr/share/man/man3/opus_decoderctls.3.gz
-rw-r--r-- builduser/builduser 2178 2022-02-12 00:40 usr/share/man/man3/opus_defines.h.3.gz
-rw-r--r-- builduser/builduser 3709 2022-02-12 00:40 usr/share/man/man3/opus_encoder.3.gz
-rw-r--r-- builduser/builduser 4293 2022-02-12 00:40 usr/share/man/man3/opus_encoderctls.3.gz
-rw-r--r-- builduser/builduser 629 2022-02-12 00:40 usr/share/man/man3/opus_errorcodes.3.gz
-rw-r--r-- builduser/builduser 1712 2022-02-12 00:40 usr/share/man/man3/opus_genericctls.3.gz
-rw-r--r-- builduser/builduser 540 2022-02-12 00:40 usr/share/man/man3/opus_libinfo.3.gz
-rw-r--r-- builduser/builduser 4445 2022-02-12 00:40 usr/share/man/man3/opus_multistream.3.gz
-rw-r--r-- builduser/builduser 1044 2022-02-12 00:40 usr/share/man/man3/opus_multistream.h.3.gz
-rw-r--r-- builduser/builduser 811 2022-02-12 00:40 usr/share/man/man3/opus_multistream_ctls.3.gz
-rw-r--r-- builduser/builduser 4195 2022-02-12 00:40 usr/share/man/man3/opus_repacketizer.3.gz
-rw-r--r-- builduser/builduser 510 2022-02-12 00:40 usr/share/man/man3/opus_types.h.3.gz')

This happens with any package built with libarchive-3.6.0. Downgrading libarchive to 3.5.3 sets the correct UID/GID for the files, checked in my custom PKGBUILD packages.
vaar
 
Posts: 10
Joined: Sat Nov 09, 2019 9:05 am
Top

Re: [libarchive-3.6.0] Bad UID/GID in recent packages

Postby graysky » Sat Feb 12, 2022 11:30 am

I understand now. Confirmed on my aarch64 system too. Being looked in to. Package building has been paused until solved.
graysky
Developer
 
Posts: 1880
Joined: Sun Jun 26, 2011 6:56 am
Location: /run/user/1000
Top

Re: [libarchive-3.6.0] Bad UID/GID in recent packages

Postby vaar » Sun Feb 13, 2022 7:45 am

Nice, seems to have been fixed. Thanks.
vaar
 
Posts: 10
Joined: Sat Nov 09, 2019 9:05 am
Top

Re: [libarchive-3.6.0] Bad UID/GID in recent packages

Postby zebul666 » Sun Feb 13, 2022 10:07 am

Are you sure this is fixed ?

fakeroot-1.27-1.1 contains files that do not belong to root.

glibc has not been updated, yet on armv7h. and gcc
Last edited by zebul666 on Sun Feb 13, 2022 10:13 am, edited 1 time in total.
zebul666
 
Posts: 55
Joined: Fri Jul 10, 2015 4:55 pm
Top

Re: [libarchive-3.6.0] Bad UID/GID in recent packages

Postby graysky » Sun Feb 13, 2022 10:10 am

Yes, root cause was more complex than just libarchive... a blend of that and a few of the toolchain packages. We think the affected packages have been identified and rebuilt. Please update and report back any other incorrect packages in this thread.
graysky
Developer
 
Posts: 1880
Joined: Sun Jun 26, 2011 6:56 am
Location: /run/user/1000
Top

Re: [libarchive-3.6.0] Bad UID/GID in recent packages

Postby vaar » Sun Feb 13, 2022 6:21 pm

With 'fixed' I meant that building packages with makepkg resulted in root/root for all files, not that all the packages in all the repos were already fixed :). They were clearly in the process of being rebuilt when I wrote that, since there were already new versions for some of the broken ones with the correct owner.

FWIW (my installations are quite minimal) right now I don't have any broken package installed, either in aarch64 or in armv7h. All the files in /usr have the correct permissions.
vaar
 
Posts: 10
Joined: Sat Nov 09, 2019 9:05 am
Top
Topic locked

Return to Packages

Who is online

Users browsing this forum: No registered users and 17 guests

Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group    © Arch Linux ARM