From 075b5fe146c4fb30ce9a1bdd17a8d739dd2af9e3 Mon Sep 17 00:00:00 2001 From: Scott Moser Date: Thu, 14 Nov 2024 16:19:59 -0500 Subject: [PATCH] Create sub-package directories in WorkDir before building subpackage Moving the creation of the subpackage dir before running the pipelines means that the subpackage directory was created as the user that ran melange rather than the user that is doing the build. Those uids can be different depending on the runner. SBOMs are written as the uid that invoked melange. It assumes that it can create Workspace/package-dir/var/lib/db/sbom . Previously, the 'package-dir' portion of that would sometimes get created by the uid inside the build (probably as a result of 'mkdir -p ${{targets.contextdir}}/usr/bin' or the like). The result was that the uid running melange could not create var/lib/db/sbom because it did not have write perms to package-dir. By creating package-dir first, we (mostly) ensure that we can later create var/lib/db/sbom, and this will succeed more often. There is still a problem in that we assume that we can write there. Some part of the build might create var/lib/db and have all those tokens as 755 with a different uid. The right solution is probably to do the population from inside the Runner. This improves the situation for https://github.com/chainguard-dev/melange/issues/1254, but does not entirely fix it. Signed-off-by: Scott Moser --- pkg/build/build.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/pkg/build/build.go b/pkg/build/build.go index aefce564..c81fd48f 100644 --- a/pkg/build/build.go +++ b/pkg/build/build.go @@ -860,6 +860,10 @@ func (b *Build) BuildPackage(ctx context.Context) error { // run any pipelines for subpackages for _, sp := range b.Configuration.Subpackages { sp := sp + if err := os.MkdirAll(filepath.Join(b.WorkspaceDir, melangeOutputDirName, sp.Name), 0o755); err != nil { + return err + } + if !b.isBuildLess() { log.Infof("running pipeline for subpackage %s", sp.Name) @@ -870,10 +874,6 @@ func (b *Build) BuildPackage(ctx context.Context) error { } } - if err := os.MkdirAll(filepath.Join(b.WorkspaceDir, melangeOutputDirName, sp.Name), 0o755); err != nil { - return err - } - // add the main package to the linter queue lintTarget := linterTarget{ pkgName: sp.Name,