Mock: loss of login shell

Michael E Brown Michael_E_Brown at dell.com
Wed Dec 19 22:22:54 UTC 2007


On Wed, Dec 19, 2007 at 02:14:05PM -0600, Steve Conklin wrote:
> This was covered briefly in a couple of emails on this list a couple of
> weeks ago but I see this as a bug, further discussion please . . .
> 
> Mock no longer uses a login shell for builds.

Incorrect. Mock *NEVER* used a login shell for builds.

It *just* *so* *happened* that your personal account's environment
variables *leaked* into the chroot.

This is wrong on so many different levels it's not even funny. If your
host environment variables were different from the chroot's (building
F-9 packages on F-7 host, for instance) and any of the paths were
changed, then your build would silently get the wrong results.

The new mock behaviour is that the environment is cleaned, and host
environment variables wont get leaked into the chroot.

> The way I discovered this is that the ipsec-tools package stopped
> building. The reason is that it has a BuildRequires for the krb5-devel
> package, from which it uses krb5-config.
> 
> krb5-config is installed in /usr/kerberos/bin/, and the user's path is
> provided by /etc/profile.d/krb5-devel.sh
> 
> No user shell, therefore no path, and configure fails to find krb5-config.
> 
> The simple solution for this is to add the following to the %build
> section of the spec file for ipsec-tools:
> 
> source /etc/profile.d/krb5-devel.sh

Seems to me pkgconfig or some other such mechanism should be preferred
over /etc/profile.d/. What happens to those poor users who use an
alternate shell?

> Having put that into the spec file, there's potential for what would
> otherwise be a perfectly acceptable change to the krb5 package to break
> builds of other packages that have a BuildRequire for it.

pkgconfig.

> I'm afraid that this might lead to a proliferation of small changes to
> spec files that create unneeded dependencies.
> 
> I'm interested in what other people think about this.

A) We wont ever again let host env vars pollute the chroot. period.

B) Why not just do a %post -p '/bin/bash -l'?
--
Michael




More information about the fedora-devel-list mailing list