Make results of runroot tasks world readable

0001-Revert-Move-ostree-phase-and-pipelines-for-running-p.patch

@@ -1,7 +1,7 @@
 From c6bb04041867c242629c9becd83d47f2722b2432 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Lubom=C3=ADr=20Sedl=C3=A1=C5=99?= <lsedlar@redhat.com>
 Date: Wed, 11 Apr 2018 09:18:59 +0200
-Subject: [PATCH 1/3] Revert "Move ostree phase and pipelines for running
+Subject: [PATCH 1/4] Revert "Move ostree phase and pipelines for running
  phases"
 
 This reverts commit 660c04368ba1abed310f121d01f0fa029eea5f11.

0002-Revert-Other-repo-for-OstreeInstaller.patch

@@ -1,7 +1,7 @@
 From 376f52f1c18e5c8500fa8afd9c91ba9a6e4c4ae0 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Lubom=C3=ADr=20Sedl=C3=A1=C5=99?= <lsedlar@redhat.com>
 Date: Wed, 11 Apr 2018 09:19:53 +0200
-Subject: [PATCH 2/3] Revert "Other repo for OstreeInstaller"
+Subject: [PATCH 2/4] Revert "Other repo for OstreeInstaller"
 
 This reverts commit 5c081cb545715c2a912ff50fa57554e89d905868.
 ---

0003-Revert-Ostree-can-use-pkgset-repos.patch

@@ -1,7 +1,7 @@
 From 836750b9c53aa4c6330b986e7fb28f92d940df55 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Lubom=C3=ADr=20Sedl=C3=A1=C5=99?= <lsedlar@redhat.com>
 Date: Wed, 11 Apr 2018 09:20:51 +0200
-Subject: [PATCH 3/3] Revert "Ostree can use pkgset repos"
+Subject: [PATCH 3/4] Revert "Ostree can use pkgset repos"
 
 This reverts commit c7cc200246300c6a3946b2e3a9f5f7693896a7d6.
 ---

0004-kojiwrapper-Make-result-of-runroot-world-readable.patch

@@ -0,0 +1,107 @@
+From c8e03cfba196719e80c953c3d197653ef84716ed Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Lubom=C3=ADr=20Sedl=C3=A1=C5=99?= <lsedlar@redhat.com>
+Date: Tue, 29 May 2018 08:38:09 +0200
+Subject: [PATCH 4/4] kojiwrapper: Make result of runroot world readable
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The commands in runroot run as root every time. If they create files
+that are not readable to other users, the reset of compose could have
+problems with it if it does not run as root too. Particularly updates
+composes in Bodhi run under apache user.
+
+Relates: https://pagure.io/pungi/issue/932
+Signed-off-by: Lubomír Sedlář <lsedlar@redhat.com>
+---
+ pungi/phases/ostree_installer.py     |  3 ++-
+ pungi/wrappers/kojiwrapper.py        |  7 ++++++-
+ tests/test_koji_wrapper.py           | 18 ++++++++++++++++++
+ tests/test_ostree_installer_phase.py |  3 ++-
+ 4 files changed, 28 insertions(+), 3 deletions(-)
+
+diff --git a/pungi/phases/ostree_installer.py b/pungi/phases/ostree_installer.py
+index abcb1572..572edbbb 100644
+--- a/pungi/phases/ostree_installer.py
++++ b/pungi/phases/ostree_installer.py
+@@ -174,7 +174,8 @@ class OstreeInstallerThread(WorkerThread):
+                                         channel=runroot_channel,
+                                         use_shell=True, task_id=True,
+                                         packages=packages, mounts=[compose.topdir],
+-                                        weight=compose.conf['runroot_weights'].get('ostree_installer'))
++                                        weight=compose.conf['runroot_weights'].get('ostree_installer'),
++                                        destdir=output_dir)
+         output = koji.run_runroot_cmd(koji_cmd, log_file=log_file)
+         if output["retcode"] != 0:
+             raise RuntimeError("Runroot task failed: %s. See %s for more details."
+diff --git a/pungi/wrappers/kojiwrapper.py b/pungi/wrappers/kojiwrapper.py
+index f89640ca..b8d56791 100644
+--- a/pungi/wrappers/kojiwrapper.py
++++ b/pungi/wrappers/kojiwrapper.py
+@@ -66,7 +66,9 @@ class KojiWrapper(object):
+     def _get_cmd(self, *args):
+         return ["koji", "--profile=%s" % self.profile] + list(args)
+ 
+-    def get_runroot_cmd(self, target, arch, command, quiet=False, use_shell=True, channel=None, packages=None, mounts=None, weight=None, task_id=True, new_chroot=False):
++    def get_runroot_cmd(self, target, arch, command, quiet=False, use_shell=True,
++                        channel=None, packages=None, mounts=None, weight=None,
++                        task_id=True, new_chroot=False, destdir=None):
+         cmd = self._get_cmd("runroot")
+ 
+         if quiet:
+@@ -109,6 +111,9 @@ class KojiWrapper(object):
+ 
+         # HACK: remove rpmdb and yum cache
+         command = "rm -f /var/lib/rpm/__db*; rm -rf /var/cache/yum/*; set -x; " + command
++
++        if destdir:
++            command += "; chmod a+r %s" % shlex_quote(destdir)
+         cmd.append(command)
+ 
+         return cmd
+diff --git a/tests/test_koji_wrapper.py b/tests/test_koji_wrapper.py
+index 7bf13773..4a14aed6 100644
+--- a/tests/test_koji_wrapper.py
++++ b/tests/test_koji_wrapper.py
+@@ -416,6 +416,24 @@ class RunrootKojiWrapperTest(KojiWrapperBaseTestCase):
+                                '--task-id', '--weight=1000', '--package=some_other_package',
+                                '--package=lorax', '--mount=/tmp'])
+ 
++    def test_with_destdir(self):
++        cmd = self.koji.get_runroot_cmd('tgt', 's390x', ['/bin/echo', '&'],
++                                        quiet=True, channel='chan',
++                                        packages=['lorax', 'some_other_package'],
++                                        mounts=['/tmp'], weight=1000, destdir="/output dir")
++        self.assertEqual(len(cmd), 14)
++        self.assertEqual(cmd[:3], ['koji', '--profile=custom-koji', 'runroot'])
++        self.assertEqual(cmd[-3], 'tgt')
++        self.assertEqual(cmd[-2], 's390x')
++        self.assertEqual(
++            cmd[-1],
++            "rm -f /var/lib/rpm/__db*; rm -rf /var/cache/yum/*; set -x; /bin/echo '&'; chmod a+r '/output dir'"
++        )
++        self.assertItemsEqual(cmd[3:-3],
++                              ['--channel-override=chan', '--quiet', '--use-shell',
++                               '--task-id', '--weight=1000', '--package=some_other_package',
++                               '--package=lorax', '--mount=/tmp'])
++
+     @mock.patch('pungi.wrappers.kojiwrapper.run')
+     def test_run_runroot_cmd_no_task_id(self, run):
+         cmd = ['koji', 'runroot']
+diff --git a/tests/test_ostree_installer_phase.py b/tests/test_ostree_installer_phase.py
+index f44ca4ef..859b18da 100644
+--- a/tests/test_ostree_installer_phase.py
++++ b/tests/test_ostree_installer_phase.py
+@@ -142,7 +142,8 @@ class OstreeThreadTest(helpers.PungiTestCase):
+                                     'rm -rf %s && %s' % (outdir, ' '.join(lorax_cmd)),
+                                     channel=None, mounts=[self.topdir],
+                                     packages=['pungi', 'lorax', 'ostree'],
+-                                    task_id=True, use_shell=True, weight=weight)])
++                                    task_id=True, use_shell=True, weight=weight,
++                                    destdir=outdir)])
+         self.assertEqual(koji.run_runroot_cmd.call_args_list,
+                          [mock.call(koji.get_runroot_cmd.return_value,
+                                     log_file='%s/%s/runroot.log' % (self.topdir, LOG_PATH))])
+-- 
+2.14.3
+

pungi.spec

@@ -1,6 +1,6 @@
 Name:           pungi
 Version:        4.1.25
-Release:        1%{?dist}
+Release:        2%{?dist}
 Summary:        Distribution compose tool
 
 Group:          Development/Tools
@@ -10,6 +10,7 @@ Source0:        https://pagure.io/releases/%{name}/%{name}-%{version}.tar.bz2
 Patch0:         0001-Revert-Move-ostree-phase-and-pipelines-for-running-p.patch
 Patch1:         0002-Revert-Other-repo-for-OstreeInstaller.patch
 Patch2:         0003-Revert-Ostree-can-use-pkgset-repos.patch
+Patch3:         0004-kojiwrapper-Make-result-of-runroot-world-readable.patch
 
 BuildRequires:  python3-nose
 BuildRequires:  python3-mock
@@ -176,6 +177,9 @@ nosetests-3 --exe
 %{_bindir}/%{name}-wait-for-signed-ostree-handler
 
 %changelog
+* Wed May 30 2018 Lubomír Sedlář <lsedlar@redhat.com> - 4.1.25-2
+- Make results of runroot tasks world readable
+
 * Tue May 22 2018 Lubomír Sedlář <lsedlar@redhat.com> - 4.1.25-1
 - comps-wrapper: Make tests pass on EL6 (lsedlar)
 - pkgset: Add option to ignore noarch in ExclusiveArch (lsedlar)