Learn more about these different git repos.
Other Git URLs
We use make srpm method to build packages from our git repo on each commit: https://copr.fedorainfracloud.org/coprs/g/389ds/389-ds-base-nightly/
make srpm
After 2022-01-27 builds started to fail during srpm generation step, here's our Makefile: https://github.com/389ds/389-ds-base/blob/master/.copr/Makefile
It fails during npm ci execution:
npm ci
npm ERR! code EPERM npm ERR! syscall spawn npm ERR! errno -1 npm ERR! Error: spawn EPERM npm ERR! at ChildProcess.spawn (node:internal/child_process:413:11) npm ERR! at spawn (node:child_process:700:9) npm ERR! at /usr/lib/node_modules/npm/node_modules/@npmcli/promise-spawn/index.js:36:12 npm ERR! at new Promise (<anonymous>) npm ERR! at promiseSpawnUid (/usr/lib/node_modules/npm/node_modules/@npmcli/promise-spawn/index.js:35:13) npm ERR! at promiseSpawn (/usr/lib/node_modules/npm/node_modules/@npmcli/promise-spawn/index.js:15:10) npm ERR! at runScriptPkg (/usr/lib/node_modules/npm/node_modules/@npmcli/run-script/lib/run-script-pkg.js:54:13) npm ERR! at runScript (/usr/lib/node_modules/npm/node_modules/@npmcli/run-script/lib/run-script.js:9:16) npm ERR! at Array.<anonymous> (/usr/lib/node_modules/npm/node_modules/@npmcli/arborist/lib/arborist/rebuild.js:320:17) npm ERR! at run (/usr/lib/node_modules/npm/node_modules/promise-call-limit/index.js:30:26) npm ERR! Error: spawn EPERM npm ERR! at ChildProcess.spawn (node:internal/child_process:413:11) npm ERR! at spawn (node:child_process:700:9) npm ERR! at /usr/lib/node_modules/npm/node_modules/@npmcli/promise-spawn/index.js:36:12 npm ERR! at new Promise (<anonymous>) npm ERR! at promiseSpawnUid (/usr/lib/node_modules/npm/node_modules/@npmcli/promise-spawn/index.js:35:13) npm ERR! at promiseSpawn (/usr/lib/node_modules/npm/node_modules/@npmcli/promise-spawn/index.js:15:10) npm ERR! at runScriptPkg (/usr/lib/node_modules/npm/node_modules/@npmcli/run-script/lib/run-script-pkg.js:54:13) npm ERR! at runScript (/usr/lib/node_modules/npm/node_modules/@npmcli/run-script/lib/run-script.js:9:16) npm ERR! at Array.<anonymous> (/usr/lib/node_modules/npm/node_modules/@npmcli/arborist/lib/arborist/rebuild.js:320:17) npm ERR! at run (/usr/lib/node_modules/npm/node_modules/promise-call-limit/index.js:30:26) { npm ERR! errno: -1, npm ERR! code: 'EPERM', npm ERR! syscall: 'spawn' npm ERR! } npm ERR! npm ERR! The operation was rejected by your operating system. npm ERR! It is likely you do not have the permissions to access this file as the current user npm ERR! npm ERR! If you believe this might be a permissions issue, please double-check the npm ERR! permissions of the file and its containing directories, or try running npm ERR! the command again as root/Administrator.
As I don't have shell access to the copr builders, I've spinned a F35 VM with copr (via docker-compose) to troubleshoot further and get more logs, but to my surprise it worked there.
Same steps to generate srpm work on a clean F35 VM too.
Please help me to investigate this failure. Thanks.
As I don't have shell access to the copr builders
Ping me on #buildsys-build, I can give you a testing machine.
I've spinned a F35 VM with copr (via docker-compose) to troubleshoot further and get more logs, but to my surprise it worked there.
The difference might be that our builders are VMs, that run mock with systemd nspawn ON. When you run the task in container (compose), Mock automatically fallbacks to --isolation=simple. It is weird (I would expect failure vice versa) but I'm not sure what the EPERM actually means here ... and there can be any peculiarity.
--isolation=simple
Metadata Update from @praiskup: - Issue tagged with: question
copr-rpmbuild executes mock with mock-source-build.cfg config that drops a lot of capabilities: https://pagure.io/copr/copr/blob/main/f/rpmbuild/mock-source-build.cfg#_9 I've installed bcc-tools and monitored npm ci with /usr/share/bcc/tools/capable to detect what capabilities they use. CAP_SETGID was the one that caused EPERM.
copr-rpmbuild
mock-source-build.cfg
bcc-tools
/usr/share/bcc/tools/capable
CAP_SETGID
Turns out, this is a behaviour change in NPM since 7.x: https://github.com/npm/cli/blob/latest/changelogs/CHANGELOG-7.md#all-lifecycle-scripts
The user, group, uid, gid, and unsafe-perms configurations are no longer relevant. When npm is run as root, scripts are always run with the effective uid and gid of the working directory owner.
Files had root:mockbuild ownership, so npm tried to set gid to mockbuild user and was denied. I've added a line to our Makefile to always chown files in $CWD to root:root and now make srpm step works.
root:mockbuild
npm
mockbuild
root:root
Metadata Update from @vashirov: - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.