← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #88665

[Bug 1968877] [NEW] Pip fails installing keystone package

  Thread PreviousDate PreviousThread Next 
Public bug reported:

The issue I found is probably related with
https://ubuntu.com/security/CVE-2022-24765

When trying to install a python package from a git local directory that
is being installed as root using PBR, because PBR is being executing as
root, git fails to execute commands on target directory when the
directory is owned by another user.

The issue can be reproduced as follow:

 git clone https://opendev.org/openstack/keystone.git
 cd keystone
 sudo pip install -e . 

Produces an error (posted at the bottom).

The known workaround for this issue is by executing below command:
 sudo git config --global --add safe.directory /path/to/git/directory


Error message printed out by PiP

       File "/usr/local/lib/python3.8/dist-packages/pbr/packaging.py", line 872, in get_version
        raise Exception("Versioning for this project requires either an sdist"
    Exception: Versioning for this project requires either an sdist tarball, or access to an upstream git repository. It's also possible that there is a mismatch between the package name in setup.cfg and the argument given to pbr.version.VersionInfo. Project name keystone was given, but was not able to be found.
    error in setup command: Error parsing /home/vagrant/keystone/setup.cfg: Exception: Versioning for this project requires either an sdist tarball, or access to an upstream git repository. It's also possible that there is a mismatch between the package name in setup.cfg and the argument given to pbr.version.VersionInfo. Project name keystone was given, but was not able to be found.
    ----------------------------------------
ERROR: Command errored out with exit status 1: python setup.py egg_info Check the logs for full command output.

** Affects: devstack
     Importance: Undecided
         Status: In Progress

** Affects: keystone
     Importance: Undecided
         Status: New

** Affects: pbr
     Importance: Undecided
         Status: New

** Also affects: devstack
   Importance: Undecided
       Status: New

** Also affects: keystone
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1968877

Title:
  Pip fails installing keystone package

Status in devstack:
  In Progress
Status in OpenStack Identity (keystone):
  New
Status in PBR:
  New

Bug description:
  The issue I found is probably related with
  https://ubuntu.com/security/CVE-2022-24765

  When trying to install a python package from a git local directory
  that is being installed as root using PBR, because PBR is being
  executing as root, git fails to execute commands on target directory
  when the directory is owned by another user.

  The issue can be reproduced as follow:

   git clone https://opendev.org/openstack/keystone.git
   cd keystone
   sudo pip install -e . 

  Produces an error (posted at the bottom).

  The known workaround for this issue is by executing below command:
   sudo git config --global --add safe.directory /path/to/git/directory

  
  Error message printed out by PiP

         File "/usr/local/lib/python3.8/dist-packages/pbr/packaging.py", line 872, in get_version
          raise Exception("Versioning for this project requires either an sdist"
      Exception: Versioning for this project requires either an sdist tarball, or access to an upstream git repository. It's also possible that there is a mismatch between the package name in setup.cfg and the argument given to pbr.version.VersionInfo. Project name keystone was given, but was not able to be found.
      error in setup command: Error parsing /home/vagrant/keystone/setup.cfg: Exception: Versioning for this project requires either an sdist tarball, or access to an upstream git repository. It's also possible that there is a mismatch between the package name in setup.cfg and the argument given to pbr.version.VersionInfo. Project name keystone was given, but was not able to be found.
      ----------------------------------------
  ERROR: Command errored out with exit status 1: python setup.py egg_info Check the logs for full command output.

To manage notifications about this bug go to:
https://bugs.launchpad.net/devstack/+bug/1968877/+subscriptions
  Thread PreviousDate PreviousThread Next