[Bug 350806] New: ati-packager.sh requires root privileges
![](https://seccdn.libravatar.org/avatar/3035b38ff33cf86f480bb169b8500b80.jpg?s=120&d=mm&r=g)
https://bugzilla.novell.com/show_bug.cgi?id=350806 User jarl@softace.dk added comment https://bugzilla.novell.com/show_bug.cgi?id=350806#c228523 Summary: ati-packager.sh requires root privileges Product: openSUSE 10.3 Version: Final Platform: All OS/Version: openSUSE 10.3 Status: NEW Severity: Normal Priority: P5 - None Component: X11 3rd Party Driver AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: jarl@softace.dk QAContact: sndirsch@novell.com CC: jarl@softace.dk Found By: Customer When trying to build the latest ATI driver using the command: /ati-driver-installer-8.443.1-x86.x86_64.run --buildpkg SuSE/SUSE103-AMD64 The result is a 'Package build failed!' It seems to be caused by the ati-packager.sh to now uses /usr/src/packages/BUILD/ during building the RPM. But this location requires root privileges to write to. So it fails. I wish it would be possible to build these rpms without being root. See also bug#228523 Jarl -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
![](https://seccdn.libravatar.org/avatar/3035b38ff33cf86f480bb169b8500b80.jpg?s=120&d=mm&r=g)
https://bugzilla.novell.com/show_bug.cgi?id=350806
User sndirsch@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=350806#c1
Stefan Dirsch
![](https://seccdn.libravatar.org/avatar/3035b38ff33cf86f480bb169b8500b80.jpg?s=120&d=mm&r=g)
https://bugzilla.novell.com/show_bug.cgi?id=350806
User jarl@softace.dk added comment
https://bugzilla.novell.com/show_bug.cgi?id=350806#c2
--- Comment #2 from Jarl Friis
Looks like you're using secure or paranoid setting. See /etc/permissions*. These are settings which disallow to build any RPMs without being root.
Not the case... In /etc/sysconfig/security I have CHECK_PERMISSIONS="set" PERMISSION_SECURITY="easy local" But /etc/permissions.easy contains lines like /usr/src/packages/SOURCES/ root:root 1777 /usr/src/packages/BUILD/ root:root 1777 /usr/src/packages/RPMS/ root:root 1777 .. Is that intentionally? Your comment sounds like if i PERMISSION_SECURITY="easy local" then these dirs should be read-write for non-roots... -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
![](https://seccdn.libravatar.org/avatar/3035b38ff33cf86f480bb169b8500b80.jpg?s=120&d=mm&r=g)
https://bugzilla.novell.com/show_bug.cgi?id=350806
User jarl@softace.dk added comment
https://bugzilla.novell.com/show_bug.cgi?id=350806#c3
Jarl Friis
![](https://seccdn.libravatar.org/avatar/3035b38ff33cf86f480bb169b8500b80.jpg?s=120&d=mm&r=g)
https://bugzilla.novell.com/show_bug.cgi?id=350806
User sndirsch@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=350806#c4
Stefan Dirsch
Your comment sounds like if i PERMISSION_SECURITY="easy local" then these dirs should be read-write for non-roots...
They are when set to 1777. Could you run 'SuSEconfig --module permissions' and (afterwards) add the output of "ls -l /usr/src/packages"? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
![](https://seccdn.libravatar.org/avatar/3035b38ff33cf86f480bb169b8500b80.jpg?s=120&d=mm&r=g)
https://bugzilla.novell.com/show_bug.cgi?id=350806
User jarl@softace.dk added comment
https://bugzilla.novell.com/show_bug.cgi?id=350806#c5
Jarl Friis
They are when set to 1777. Could you run 'SuSEconfig --module permissions' and (afterwards) add the output of "ls -l /usr/src/packages"?
Both before and after the SuSEconfig command the output is this: totalt 0 drwxrwxrwt 2 root root 80 4 okt 23:42 BUILD drwxrwxrwt 4 root root 96 4 okt 22:14 RPMS drwxrwxrwt 2 root root 48 21 sep 20:27 SOURCES drwxrwxrwt 2 root root 48 21 sep 20:27 SPECS drwxrwxrwt 2 root root 48 21 sep 20:27 SRPMS So there seems to be nothing wrong with that, it seems that it should be writeable. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
![](https://seccdn.libravatar.org/avatar/3035b38ff33cf86f480bb169b8500b80.jpg?s=120&d=mm&r=g)
https://bugzilla.novell.com/show_bug.cgi?id=350806
User jarl@softace.dk added comment
https://bugzilla.novell.com/show_bug.cgi?id=350806#c6
--- Comment #6 from Jarl Friis
![](https://seccdn.libravatar.org/avatar/3035b38ff33cf86f480bb169b8500b80.jpg?s=120&d=mm&r=g)
https://bugzilla.novell.com/show_bug.cgi?id=350806
User jarl@softace.dk added comment
https://bugzilla.novell.com/show_bug.cgi?id=350806#c7
--- Comment #7 from Jarl Friis
![](https://seccdn.libravatar.org/avatar/3035b38ff33cf86f480bb169b8500b80.jpg?s=120&d=mm&r=g)
https://bugzilla.novell.com/show_bug.cgi?id=350806
User sndirsch@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=350806#c8
Stefan Dirsch
![](https://seccdn.libravatar.org/avatar/3035b38ff33cf86f480bb169b8500b80.jpg?s=120&d=mm&r=g)
https://bugzilla.novell.com/show_bug.cgi?id=350806
User jarl@softace.dk added comment
https://bugzilla.novell.com/show_bug.cgi?id=350806#c9
Jarl Friis
What are you doing ??? Either use
I am trying to help you debug the scripts.
./ati-driver-installer-8-01-x86.x86_64.run --buildpkg SuSE/SUSE103-AMD64
Yes and that results in: "Package build failed!", very informative...
or after extracting the installer
./ati-installer.sh 8.45.4 --buildpkg SuSE/SUSE103-AMD64
Yes, and that results in "Package build failed!", very informative... The script ends with calling "./packages/SuSE/ati-packager.sh --buildpkg SUSE103-AMD64" which fails, the details can be found in attachment in comment 6 The command in ./packages/SuSE/ati-packager.sh which fails is the line "rpmbuild -bb --root ${TmpDrvFilesDir} --target ${ARCH} ${TmpPkgSpec} > ${TmpPkgBuildOut} 2>&1" To get an idea of why that line is failing, I removed the "2>&1" at the end of the line, and the output is attached in comment 7 Have you really tryed building it as non-root? Jarl -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
![](https://seccdn.libravatar.org/avatar/3035b38ff33cf86f480bb169b8500b80.jpg?s=120&d=mm&r=g)
https://bugzilla.novell.com/show_bug.cgi?id=350806
User sndirsch@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=350806#c10
Stefan Dirsch
![](https://seccdn.libravatar.org/avatar/3035b38ff33cf86f480bb169b8500b80.jpg?s=120&d=mm&r=g)
https://bugzilla.novell.com/show_bug.cgi?id=350806
User jarl@softace.dk added comment
https://bugzilla.novell.com/show_bug.cgi?id=350806#c11
Jarl Friis
rpmbuild fails in this specfile line
echo > files.fglrx
So "echo > /usr/src/packages/BUILD/files.fglrx" doesn't work on your system - for whatever reasons. Please verify.
No! it says /usr/src/packages/BUILD/files.fglrx: File exists. Because: # ll /usr/src/packages/BUILD/files.fglrx -rw-r--r-- 1 root root 342 20 jan 20:50 /usr/src/packages/BUILD/files.fglrx Aparantly this file has not been cleaned up after an earlier build (by root). It seems like this is not the only file that has not been clean up, the resulting rpm files themself has not been clean up after builds. # tree /usr/src/packages/ /usr/src/packages/ |-- BUILD | `-- files.fglrx |-- RPMS | |-- noarch | `-- x86_64 | |-- fglrx64_7_1_0_SUSE102-8.40.4-1.x86_64.rpm | |-- fglrx64_7_1_0_SUSE103-8.443.1-1.x86_64.rpm | `-- fglrx64_7_1_0_SUSE103-8.452.1-1.x86_64.rpm |-- SOURCES |-- SPECS `-- SRPMS And they are also only writeable by root (because I have once built them as root. # ll /usr/src/packages/RPMS/x86_64/ totalt 55298 -rw-r--r-- 1 root root 14444637 4 okt 23:42 fglrx64_7_1_0_SUSE102-8.40.4-1.x86_64.rpm -rw-r--r-- 1 root root 20595374 27 dec 13:21 fglrx64_7_1_0_SUSE103-8.443.1-1.x86_64.rpm -rw-r--r-- 1 root root 21522202 20 jan 20:50 fglrx64_7_1_0_SUSE103-8.452.1-1.x86_64.rpm After having cleaned up this stuff, I can now build as non-root. However the build procedure leaves some traces: # tree /usr/src/packages/ /usr/src/packages/ |-- BUILD | `-- files.fglrx |-- RPMS | |-- noarch | `-- x86_64 | `-- fglrx64_7_1_0_SUSE103-8.452.1-1.x86_64.rpm |-- SOURCES |-- SPECS `-- SRPMS I will suggest that these two files should be removed at the end of build procedure... Right? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
![](https://seccdn.libravatar.org/avatar/3035b38ff33cf86f480bb169b8500b80.jpg?s=120&d=mm&r=g)
https://bugzilla.novell.com/show_bug.cgi?id=350806
User sndirsch@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=350806#c12
Stefan Dirsch
participants (1)
-
bugzilla_noreply@novell.com