[git-buildpackage] Permission denied when building package

Travis Wrightsman travis at wrightsman.org
Thu Sep 30 01:21:51 CEST 2021 

Hi Guido,
On Wed, Sep 29, 2021 at 09:47:51AM +0200, Guido Günther wrote:
> Hi,
> On Tue, Sep 28, 2021 at 05:24:18PM -0400, Travis Wrightsman wrote:
> > Hello everyone,
> > 
> > I'm fairly new to Debian packaging and I've been trying to learn how to
> > use git-buildpackage as part of the process. I can't seem to get
> > cowbuilder working properly, which is unfortunate because I'd like to
> > eventually cross-build for my Pinephone (arm64) from my laptop (amd64).
> > 
> > Here are the exact commands I'm running to test packaging yad, followed
> > by the error:
> > 
> > wget https://github.com/v1cont/yad/releases/download/v10.1/yad-10.1.tar.xz
> > tar -xvf yad-10.1.tar.xz
> > cd yad-10.1
> > git init
> > gbp import-orig -u 10.1 --pristine-tar ../yad-10.1.tar.xz
> > debmake -zx
> > git add debian/
> > git commit -m "Initial packaging"
> > sudo DIST=bullseye ARCH=amd64 git-pbuilder create
> > sudo gbp buildpackage --git-pbuilder --git-dist=bullseye --git-arch=amd64
> 
> Don't use sudo in either of these. This should happen transparently and using
> sudo might already trigger the problem. You can remove the create chroot
> in /var/cache/pbuilder/base-bullseye
> 

Thank you for the tips here. I removed the old chroot and re-ran the
creation step without sudo.

> > 
> > [...]
> > I: Extracting source
> > /sbin/start-stop-daemon: unable to start /bin/sh (Permission denied)
> > E: pbuilder: Failed extracting the source
> > [...]
> 
> That's pbuilder/cowbuilder failing (which gets invoked by `gbp
> buildpackage so it should be reproducible without gbp when
> using cowbuilder to build (just to remove some layers of indirection
> for debuggins).
> 
> Look at the chroot generated in `/var/cache/pbuilder/base-bullseye` if
> the `/bin/sh` there looks sane. You can also enter the chroot via
> `cowbuilder login` and looks around there (e.g. run the command
> manually). Also check logs in case a security module interferes.
> 

I tried looking at the perms on /bin/sh but they seem fine and I can execute it.

DIST=bullseye ARCH=amd64 git-pbuilder login
root at laptop:/# ls -alh /bin/sh
lrwxrwxrwx 2 root root 4 Sep 29 10:50 /bin/sh -> dash
root at laptop:/# ls -alh /bin/dash
-rwxr-xr-x 2 root root 123K Dec 10  2020 /bin/dash
root at laptop:/# ./bin/sh
#

Next I tried adding --debug to pbuilder to see if I can find where it fails.

sudo cp -al /var/cache/pbuilder/base-bullseye-amd64.cow /var/cache/pbuilder/build/cow.101000
sudo pbuilder build --debug --debbuildopts  --debbuildopts  --buildplace /var/cache/pbuilder/build/cow.101000 --buildresult /home/twrightsman/Code/yad-packaging --mirror http://deb.debian.org/debian --architecture amd64 --distribution sid --no-targz --internal-chrootexec 'chroot /var/cache/pbuilder/build/cow.101000 cow-shell' /home/twrightsman/Code/yad-packaging/yad_10.1-1.dsc
[...]
+ unshare -n -- /usr/lib/pbuilder/pbuilder-unshare-wrapper chroot /var/cache/pbuilder/build/cow.101000 cow-shell env LD_PRELOAD= LOGNAME=pbuilder USER=pbuilder /sbin/start-stop-daemon --start --pidfile /dev/null
 --chuid pbuilder --startas /bin/sh
++ basename /home/twrightsman/Code/yad-packaging/yad_10.1-1.dsc
++ '[' -z '' ']'
++ echo yad-10.1
+ echo '( cd /build; env PATH="/usr/sbin:/usr/bin:/sbin:/bin" dpkg-source -x yad_10.1-1.dsc yad-10.1 )'
/sbin/start-stop-daemon: unable to start /bin/sh (Permission denied)
[...]

Knowing the full command that fails, I tried running it a few ways.

sudo unshare -n -- /usr/lib/pbuilder/pbuilder-unshare-wrapper chroot /var/cache/pbuilder/build/cow.101000 cow-shell env LD_PRELOAD= LOGNAME=pbuilder USER=pbuilder /sbin/start-stop-daemon --start --pidfile /dev/null --chuid pbuilder --startas /bin/sh
/sbin/start-stop-daemon: unable to start /bin/sh (Permission denied)
git-pbuilder login --basepath /var/cache/pbuilder/build/cow.101000
root at laptop:/# cow-shell env LD_PRELOAD= LOGNAME=pbuilder USER=pbuilder /sbin/start-stop-daemon --start --pidfile /dev/null --chuid pbuilder --startas /bin/sh
/sbin/start-stop-daemon: unable to start /bin/sh (Permission denied)
root at laptop:/# cow-shell env LD_PRELOAD= LOGNAME=pbuilder USER=pbuilder /sbin/start-stop-daemon --start --pidfile /dev/null --startas /bin/sh
#

So it seems that the pbuilder user in the chroot doesn't have permissions to start /bin/sh.
Even stranger, I can't change to the pbuilder user in the chroot:

root at laptop:/# su pbuilder
su: failed to execute /bin/sh: Permission denied

At this point I suspected it is an issue with my laptop's specific
Debian configuration. I tested everything on another Debian machine and
the package built perfectly and I was even able to cross-compile to
arm64.
The only potential problem I can think of is my umask of 027 in
/etc/{profile,bash.bashrc}.

Any other ideas?

> Cheers,
>  -- Guido
> 
> > 
> > Any guidance on this would be much appreciated. I can build the package
> > just fine with a simple "debuild".
> > 
> > Best,
> > Travis
> > _______________________________________________
> > git-buildpackage mailing list
> > git-buildpackage at lists.sigxcpu.org
> > http://lists.sigxcpu.org/mailman/listinfo/git-buildpackage

More information about the git-buildpackage mailing list