Avoid use of '/tmp' for pip operations

`ipa-run-tests` is not an entry_point script, so pip during an installation of ipatests package checks if the file path is executable. If not - just don't set the executable permission bits. pip's working directory defaults to /tmp/xxx. Thus, if /tmp is mounted with noexec such scripts lose their executable ability after an installation into virtualenv. This was found on Travis + freeipa/freeipa-test-runner:master-latest docker image. Build directory of pip could be changed via env variable PIP_BUILD, for example. Fixes: https://pagure.io/freeipa/issue/8009 Signed-off-by: Stanislav Levin <slev@altlinux.org> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2025-02-25 18:55:28 -06:00 · 2019-07-11 22:12:54 +03:00 · 2019-07-11 22:12:54 +03:00 · c7500220c4
commit c7500220c4
parent a2d4e2a61f
2 changed files with 18 additions and 6 deletions
--- a/.tox-install.sh
+++ b/.tox-install.sh
@ -4,8 +4,9 @@ set -ex
 FLAVOR="$1"
 ENVPYTHON="$(realpath "$2")"
 ENVSITEPACKAGESDIR="$(realpath "$3")"
-# 3...end are package requirements
-shift 3
+ENVDIR="$4"
+# 4...end are package requirements
+shift 4

 TOXINIDIR="$(cd "$(dirname "$0")" && pwd)"

@ -25,10 +26,21 @@ if [ ! -f "${TOXINIDIR}/tox.ini" ]; then
    exit 3
 fi

+if [ ! -d "${ENVDIR}" ]; then
+    echo "${ENVDIR}: no such directory"
+    exit 4
+fi
+
 # https://pip.pypa.io/en/stable/user_guide/#environment-variables
 export PIP_CACHE_DIR="${TOXINIDIR}/.tox/cache"
 mkdir -p "${PIP_CACHE_DIR}"

+# /tmp could be mounted with noexec option.
+# pip checks if path is executable and if not then doesn't set such
+# permission bits
+export PIP_BUILD="${ENVDIR}/pip_build"
+rm -rf "${PIP_BUILD}"
+
 DISTBUNDLE="${TOXINIDIR}/dist/bundle"
 mkdir -p "${DISTBUNDLE}"

--- a/tox.ini
+++ b/tox.ini
@ -8,7 +8,7 @@ skipsdist=true
 # always re-create virtual env. A special install helper is used to configure,
 # build and install packages.
 recreate=True
-install_command={toxinidir}/.tox-install.sh wheel_bundle {envpython} {envsitepackagesdir} {packages}
+install_command={toxinidir}/.tox-install.sh wheel_bundle {envpython} {envsitepackagesdir} {envdir} {packages}
 changedir={envdir}
 setenv=
    HOME={envtmpdir}
@ -17,7 +17,7 @@ deps=
    ipatests
 commands=
    {envbindir}/ipa --help
-    {envpython} -bb {envbindir}/ipa-run-tests --ipaclient-unittests --junitxml={envdir}/junit-{envname}.xml
+    {envbindir}/ipa-run-tests --junitxml={envdir}/junit-{envname}.xml {posargs:--ipaclient-unittests}

 [testenv:pylint3]
 basepython=python3
@ -34,7 +34,7 @@ commands=

 [testenv:pypi]
 recreate=True
-install_command={toxinidir}/.tox-install.sh pypi_packages {envpython} {envsitepackagesdir} {packages}
+install_command={toxinidir}/.tox-install.sh pypi_packages {envpython} {envsitepackagesdir} {envdir} {packages}
 changedir={envdir}
 setenv=
    HOME={envtmpdir}
@ -46,7 +46,7 @@ deps=
    ipaserver
    ipatests
 commands=
-    {envpython} -m pytest {toxinidir}/pypi/test_placeholder.py
+    {envpython} -m pytest {posargs:{toxinidir}/pypi/test_placeholder.py}

 [pycodestyle]
 # E402 module level import not at top of file