The problem is that Fedora-Review checks for current user being in mock
group and if that's not true it fails with "No mock group". I have already
reported this issue some time ago in ticket #78 , but the solution
(improved message) doesn't really satisfy me.
Mock uses PAM for user authentication. It's configuration file is
/etc/pam.d/mock and users are allowed to customize it. PAM supports many
authentication schemes (password, hardware keys, group presence and much,
*much* more). PAM is much more flexible and secure that checking group
If a user is member of mock group then it's trivial to gain root access.
$ cat foo.cfg
$ mock -r ../..$PWD/foo
# Here we go! We have root prompt now!
Therefore adding my user to mock group opens a local security hole.
Anyone gaining access to my account can have root access immediately.
For this reason I don't want to add my user account to mock group and
use PAM authentication instead.
Because of the above I have two choices: compromise mu system security
by adding myself to mock group or maintain private patchset for
Fedora-Review and rebase it with every upstream release. None of the
above is perfect.
Because of the above I would like you to reconsider the possibility of
disabling the check for mock group (by default or if some command-line
option is given).
First of all I would like to apologize for the build spam lately in this
list. Had some problems with the build server. The problems should now
be fixed, although we might spamming the IRC channel instead. We'll see.
0.4.1 is in updates-testing thanks to sochotni and pingou. Would
appreciate if you could test and give it some karma!
Started by user Alec Leamas
Building remotely on EL6 in workspace <http://jenkins.cloud.fedoraproject.org/job/FedoraReview_EL6_py2.6/ws/>
Checkout:FedoraReview_EL6_py2.6 / <http://jenkins.cloud.fedoraproject.org/job/FedoraReview_EL6_py2.6/ws/> - hudson.remoting.Channel@4d3945c0:EL6
Using strategy: Default
Last Built Revision: Revision 62624524f8085636c08797ab3aef0f40903652d1 (origin/HEAD, origin/master)
Fetching changes from 1 remote Git repository
Fetching upstream changes from http://git.fedorahosted.org/git/FedoraReview.git
Seen branch in repository origin/0.1.x
Seen branch in repository origin/0.2.x
Seen branch in repository origin/HEAD
Seen branch in repository origin/deps
Seen branch in repository origin/devel
Seen branch in repository origin/master
Seen branch in repository origin/release-0.2.0
Seen branch in repository origin/release-0.2.1
Seen branch in repository origin/release-0.2.2
Seen branch in repository origin/release-0.3.0
Seen branch in repository origin/release-0.3.1
Seen branch in repository origin/release-0.4.0
Seen branch in repository origin/release-2.0
Commencing build of Revision 595b5a178ef8a5549d94798bc40134f589602d04 (origin/deps)
Checking out Revision 595b5a178ef8a5549d94798bc40134f589602d04 (origin/deps)
No change to record in branch origin/deps
[FedoraReview_EL6_py2.6] $ /bin/sh -xe /tmp/hudson2740743856718809616.sh
+ /make_release -b
/tmp/hudson2740743856718809616.sh: line 2: /make_release: No such file or directory
Build step 'Execute shell' marked build as failure