Avoid use of '/tmp' for pip operations

`ipa-run-tests` is not an entry_point script, so pip during an installation of ipatests package checks if the file path is executable. If not - just don't set the executable permission bits. pip's working directory defaults to /tmp/xxx. Thus, if /tmp is mounted with noexec such scripts lose their executable ability after an installation into virtualenv. This was found on Travis + freeipa/freeipa-test-runner:master-latest docker image. Build directory of pip could be changed via env variable PIP_BUILD, for example. Fixes: https://pagure.io/freeipa/issue/8009 Signed-off-by: Stanislav Levin <slev@altlinux.org>
flo-renaud · Jul 15, 2019 · 17d571c · 17d571c
1 parent c7ccbc4
commit 17d571c
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 6 deletions.
diff --git a/.tox-install.sh b/.tox-install.sh
@@ -4,8 +4,9 @@ set -ex
 FLAVOR="$1"
 ENVPYTHON="$(realpath "$2")"
 ENVSITEPACKAGESDIR="$(realpath "$3")"
-# 3...end are package requirements
-shift 3
+ENVDIR="$4"
+# 4...end are package requirements
+shift 4
 
 TOXINIDIR="$(cd "$(dirname "$0")" && pwd)"
 
@@ -25,10 +26,21 @@ if [ ! -f "${TOXINIDIR}/tox.ini" ]; then
     exit 3
 fi
 
+if [ ! -d "${ENVDIR}" ]; then
+    echo "${ENVDIR}: no such directory"
+    exit 4
+fi
+
 # https://pip.pypa.io/en/stable/user_guide/#environment-variables
 export PIP_CACHE_DIR="${TOXINIDIR}/.tox/cache"
 mkdir -p "${PIP_CACHE_DIR}"
 
+# /tmp could be mounted with noexec option.
+# pip checks if path is executable and if not then doesn't set such
+# permission bits
+export PIP_BUILD="${ENVDIR}/pip_build"
+rm -rf "${PIP_BUILD}"
+
 DISTBUNDLE="${TOXINIDIR}/dist/bundle"
 mkdir -p "${DISTBUNDLE}"
 

diff --git a/tox.ini b/tox.ini
@@ -8,7 +8,7 @@ skipsdist=true
 # always re-create virtual env. A special install helper is used to configure,
 # build and install packages.
 recreate=True
-install_command={toxinidir}/.tox-install.sh wheel_bundle {envpython} {envsitepackagesdir} {packages}
+install_command={toxinidir}/.tox-install.sh wheel_bundle {envpython} {envsitepackagesdir} {envdir} {packages}
 changedir={envdir}
 setenv=
     HOME={envtmpdir}
@@ -17,7 +17,7 @@ deps=
     ipatests
 commands=
     {envbindir}/ipa --help
-    {envpython} -bb {envbindir}/ipa-run-tests --ipaclient-unittests --junitxml={envdir}/junit-{envname}.xml
+    {envbindir}/ipa-run-tests --junitxml={envdir}/junit-{envname}.xml {posargs:--ipaclient-unittests}
 
 [testenv:pylint2]
 basepython=python2.7
@@ -39,7 +39,7 @@ commands={[testenv:pylint2]commands}
 
 [testenv:pypi]
 recreate=True
-install_command={toxinidir}/.tox-install.sh pypi_packages {envpython} {envsitepackagesdir} {packages}
+install_command={toxinidir}/.tox-install.sh pypi_packages {envpython} {envsitepackagesdir} {envdir} {packages}
 changedir={envdir}
 setenv=
     HOME={envtmpdir}
@@ -51,7 +51,7 @@ deps=
     ipaserver
     ipatests
 commands=
-    {envpython} -m pytest {toxinidir}/pypi/test_placeholder.py
+    {envpython} -m pytest {posargs:{toxinidir}/pypi/test_placeholder.py}
 
 [pycodestyle]
 # E402 module level import not at top of file