rpm is built but status says it's failed

I can’t figure what’s going on. The rpm seems to be built according to the log but it still has a failed status:


   64s] + STATUS=0
   64s] + '' 0 -ne 0 ']'
   64s] + cd mintstick
   64s] + /usr/bin/chmod -Rf a+rX,u+w,g-w,o-w .
   64s] + exit 0
   64s] Executing(%build): /bin/sh -e /var/tmp/rpm-tmp.Ue13bi
   64s] + umask 022
   64s] + cd /home/abuild/rpmbuild/BUILD
   64s] + /usr/bin/rm -rf /home/abuild/rpmbuild/BUILDROOT/mintstick-1.2.1-39.1.i386
   64s] ++ dirname /home/abuild/rpmbuild/BUILDROOT/mintstick-1.2.1-39.1.i386
   64s] + /usr/bin/mkdir -p /home/abuild/rpmbuild/BUILDROOT
   64s] + /usr/bin/mkdir /home/abuild/rpmbuild/BUILDROOT/mintstick-1.2.1-39.1.i386
   64s] + cd mintstick
   64s] + exit 0
   64s] Executing(%install): /bin/sh -e /var/tmp/rpm-tmp.N6AoRU
   64s] + umask 022
   64s] + cd /home/abuild/rpmbuild/BUILD
   64s] + cd mintstick
   64s] + LIBFILES='mintstick.py raw_write.py raw_format.py mountutils.py'
   64s] + DATAFILES=mintstick.ui
   64s] + mkdir -p /home/abuild/rpmbuild/BUILDROOT/mintstick-1.2.1-39.1.i386/usr/share/applications/
   64s] + mkdir -p /home/abuild/rpmbuild/BUILDROOT/mintstick-1.2.1-39.1.i386/usr/share/polkit-1/actions
   64s] + mkdir -p /home/abuild/rpmbuild/BUILDROOT/mintstick-1.2.1-39.1.i386/usr/share/kde4/apps/solid/actions
   64s] + mkdir -p /home/abuild/rpmbuild/BUILDROOT/mintstick-1.2.1-39.1.i386/usr/share/nemo/actions
   64s] + mkdir -p /home/abuild/rpmbuild/BUILDROOT/mintstick-1.2.1-39.1.i386/usr/bin/
   64s] + mkdir -p /home/abuild/rpmbuild/BUILDROOT/mintstick-1.2.1-39.1.i386/usr/share/mintstick
   64s] + mkdir -p /home/abuild/rpmbuild/BUILDROOT/mintstick-1.2.1-39.1.i386/usr/share/pixmaps/
   64s] + cp /home/abuild/rpmbuild/SOURCES/mintstick.svg /home/abuild/rpmbuild/BUILDROOT/mintstick-1.2.1-39.1.i386/usr/share/pixmaps/usb-creator.svg
   64s] + /usr/lib/rpm/suse_update_desktop_file.sh -i -n -r -G 'USB Disk tool' mintstick Utility Filesystem
   64s] '/home/abuild/rpmbuild/BUILD/mintstick/share/applications/mintstick.desktop' -> '/home/abuild/rpmbuild/BUILDROOT/mintstick-1.2.1-39.1.i386/usr/share/applications/mintstick.desktop'
   64s] grep: //home/abuild/rpmbuild/BUILDROOT/mintstick-1.2.1-39.1.i386/usr/share/applications/mintstick.desktop_: No such file or directory
   64s] + /usr/lib/rpm/suse_update_desktop_file.sh -i -n -r -G 'USB Disk tool' mintstick-format Utility Filesystem
   64s] '/home/abuild/rpmbuild/BUILD/mintstick/share/applications/mintstick-format.desktop' -> '/home/abuild/rpmbuild/BUILDROOT/mintstick-1.2.1-39.1.i386/usr/share/applications/mintstick-format.desktop'
   64s] grep: //home/abuild/rpmbuild/BUILDROOT/mintstick-1.2.1-39.1.i386/usr/share/applications/mintstick-format.desktop_: No such file or directory
   64s] + cp /home/abuild/rpmbuild/BUILD/mintstick/share/applications/mintstick-kde.desktop /home/abuild/rpmbuild/BUILDROOT/mintstick-1.2.1-39.1.i386/usr/share/applications/
   64s] + cp /home/abuild/rpmbuild/BUILD/mintstick/share/applications/mintstick-format-kde.desktop /home/abuild/rpmbuild/BUILDROOT/mintstick-1.2.1-39.1.i386/usr/share/applications/
   64s] + cp /home/abuild/rpmbuild/BUILD/mintstick/share/polkit/org.linuxmint.im.policy /home/abuild/rpmbuild/BUILDROOT/mintstick-1.2.1-39.1.i386/usr/share/polkit-1/actions
   64s] + cp /home/abuild/rpmbuild/BUILD/mintstick/share/kde4/mintstick-format_action.desktop /home/abuild/rpmbuild/BUILDROOT/mintstick-1.2.1-39.1.i386/usr/share/kde4/apps/solid/actions
   64s] + cp /home/abuild/rpmbuild/BUILD/mintstick/share/nemo/actions/mintstick.nemo_action /home/abuild/rpmbuild/BUILDROOT/mintstick-1.2.1-39.1.i386/usr/share/nemo/actions
   64s] + cp /home/abuild/rpmbuild/BUILD/mintstick/share/nemo/actions/mintstick-format.nemo_action /home/abuild/rpmbuild/BUILDROOT/mintstick-1.2.1-39.1.i386/usr/share/nemo/actions
   64s] + cp /home/abuild/rpmbuild/BUILD/mintstick/mintstick /home/abuild/rpmbuild/BUILDROOT/mintstick-1.2.1-39.1.i386/usr/bin/
   64s] + mkdir -p /home/abuild/rpmbuild/BUILDROOT/mintstick-1.2.1-39.1.i386/usr/lib/mintstick
   64s] + for item in '$LIBFILES'
   64s] + cp /home/abuild/rpmbuild/BUILD/mintstick/lib/mintstick.py /home/abuild/rpmbuild/BUILDROOT/mintstick-1.2.1-39.1.i386/usr/lib/mintstick/
   64s] + for item in '$LIBFILES'
   64s] + cp /home/abuild/rpmbuild/BUILD/mintstick/lib/raw_write.py /home/abuild/rpmbuild/BUILDROOT/mintstick-1.2.1-39.1.i386/usr/lib/mintstick/
   64s] + for item in '$LIBFILES'
   64s] + cp /home/abuild/rpmbuild/BUILD/mintstick/lib/raw_format.py /home/abuild/rpmbuild/BUILDROOT/mintstick-1.2.1-39.1.i386/usr/lib/mintstick/
   64s] + for item in '$LIBFILES'
   64s] + cp /home/abuild/rpmbuild/BUILD/mintstick/lib/mountutils.py /home/abuild/rpmbuild/BUILDROOT/mintstick-1.2.1-39.1.i386/usr/lib/mintstick/
   64s] + for item in '$DATAFILES'
   64s] + cp /home/abuild/rpmbuild/BUILD/mintstick/share/mintstick/mintstick.ui /home/abuild/rpmbuild/BUILDROOT/mintstick-1.2.1-39.1.i386/usr/share/mintstick/
   64s] + /usr/lib/rpm/brp-compress
   64s] + /usr/lib/rpm/brp-suse
   64s] calling /usr/lib/rpm/brp-suse.d/brp-05-permissions
   64s] setting / to root:root 0755. (wrong owner/group abuild:abuild)
   64s] setting /usr/ to root:root 0755. (wrong owner/group abuild:abuild)
   64s] calling /usr/lib/rpm/brp-suse.d/brp-15-strip-debug
   64s] calling /usr/lib/rpm/brp-suse.d/brp-25-symlink
   64s] calling /usr/lib/rpm/brp-suse.d/brp-30-desktop
   64s] WARNING: '/usr/lib/rpm/brp-desktop.data/suse-screensavers.menu' does not exist
   65s] WARNING: '/usr/lib/rpm/brp-desktop.data/preferences-gnome.menu' does not exist
   65s] WARNING: '/usr/lib/rpm/brp-desktop.data/applications-kmenuedit.menu' does not exist
   65s] calling /usr/lib/rpm/brp-suse.d/brp-35-rpath
   65s] calling /usr/lib/rpm/brp-suse.d/brp-40-rootfs
   65s] calling /usr/lib/rpm/brp-suse.d/brp-45-tcl
   65s] calling /usr/lib/rpm/brp-suse.d/brp-50-check-python
   65s] calling /usr/lib/rpm/brp-suse.d/brp-55-boot-scripts
   65s] calling /usr/lib/rpm/brp-suse.d/brp-60-hook
   65s] calling /usr/lib/rpm/brp-suse.d/brp-72-extract-appdata
   65s] Processing files: mintstick-1.2.1-39.1.noarch
   65s] warning: File listed twice: /usr/lib/mintstick/mintstick.py
   65s] warning: File listed twice: /usr/lib/mintstick/mountutils.py
   65s] warning: File listed twice: /usr/lib/mintstick/raw_format.py
   65s] warning: File listed twice: /usr/lib/mintstick/raw_write.py
   65s] warning: File listed twice: /usr/share/mintstick/mintstick.ui
   65s] Provides: application() application(mintstick-format-kde.desktop) application(mintstick-format.desktop) application(mintstick-kde.desktop) application(mintstick.desktop) mintstick = 1.2.1-39.1
   65s] Requires(interp): /bin/sh
   65s] Requires(rpmlib): rpmlib(CompressedFileNames) <= 3.0.4-1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1
   65s] Requires(post): /bin/sh
   65s] Requires: /bin/sh /usr/bin/python
   65s] Checking for unpackaged file(s): /usr/lib/rpm/check-files /home/abuild/rpmbuild/BUILDROOT/mintstick-1.2.1-39.1.i386
   65s] Wrote: /home/abuild/rpmbuild/SRPMS/mintstick-1.2.1-39.1.src.rpm
   65s] Wrote: /home/abuild/rpmbuild/RPMS/noarch/mintstick-1.2.1-39.1.noarch.rpm
   65s] Executing(%clean): /bin/sh -e /var/tmp/rpm-tmp.exKlR4
   65s] + umask 022
   65s] + cd /home/abuild/rpmbuild/BUILD
   65s] + cd mintstick
   65s] + rm -rf /home/abuild/rpmbuild/BUILDROOT/mintstick-1.2.1-39.1.i386
   65s] + rm -rf /var/tmp/mintstick
   65s] + rm -rf /home/abuild/rpmbuild/BUILD/mintstick
   65s] + exit 0
   65s] ... checking for files with abuild user/group
   65s] ... running 00-check-install-rpms
   65s] ... installing all built rpms
   65s] Preparing packages...
   65s] mintstick-1.2.1-39.1.noarch
   65s] ... running 01-check-debuginfo
   65s] ... testing for empty debuginfo packages
   66s] ... running 02-check-gcc-output
   66s] ... testing for serious compiler warnings
   66s]     (using /usr/lib/build/checks-data/check_gcc_output)
   66s]     (using //.build.log)
   66s] ... running 03-check-binary-kernel-log
   66s] ... running 04-check-filelist
   66s] ... checking filelist
   66s] mintstick-1.2.1-39.1.noarch.rpm: directories not owned by a package:
   66s]  - /usr/share/kde4
   66s]  - /usr/share/kde4/apps
   66s]  - /usr/share/kde4/apps/solid
   66s]  - /usr/share/kde4/apps/solid/actions
   66s]  - /usr/share/nemo
   66s]  - /usr/share/nemo/actions
   66s]  - /usr/share/polkit-1
   66s]  - /usr/share/polkit-1/actions
   66s] ### WATCHDOG MARKER START ###
   69s]    43.735542] SysRq : Power Off
   69s]    43.768284] reboot: Power down
   74s] ### WATCHDOG MARKER END ###

My package also depends on another that is not in any of the official repos but it’s here:

http://software.opensuse.org/download/package?project=home:cbosdonnat&package=python-parted

This is the package I’m working on:

https://build.opensuse.org/package/show/home:silviucc/mintstick

Some post-build checks fail:


   66s] ... checking filelist
   66s] mintstick-1.2.1-39.1.noarch.rpm: directories not owned by a package:
   66s]  - /usr/share/kde4
   66s]  - /usr/share/kde4/apps
   66s]  - /usr/share/kde4/apps/solid
   66s]  - /usr/share/kde4/apps/solid/actions
   66s]  - /usr/share/nemo
   66s]  - /usr/share/nemo/actions
   66s]  - /usr/share/polkit-1
   66s]  - /usr/share/polkit-1/actions

You either have to make your package own those directories (add them to the %files section), and/or add other packages that own those directories as BuildRequires.
In your case that could be BuildRequires: polkit, kde4-filesystem and whatever contains /usr/share/nemo, and add “%dir /usr/share/kde4/apps/solid/actions” to the %filelist.

Thank you. That allowed me to inch further. Now I get this:


  107s] RPMLINT report:
  107s] ===============
  108s] (none): E: badness 10000 exceeds threshold 1000, aborting.
  108s] mintstick.noarch: E: polkit-unauthorized-privilege (Badness: 10000) org.freedesktop.policykit.pkexec.run-im (no:no:auth_self_keep)
  108s] The package allows unprivileged users to carry out privileged operations
  108s] without authentication. This could cause security problems if not done
  108s] carefully. If the package is intended for inclusion in any SUSE product please
  108s] open a bug report to request review of the package by the security team
  108s] 
  108s] mintstick.noarch: I: polkit-cant-acquire-privilege org.freedesktop.policykit.pkexec.run-im (no:no:auth_self_keep)
  108s] Usability can be improved by allowing users to acquire privileges via
  108s] authentication. Use e.g. 'auth_admin' instead of 'no' and make sure to define
  108s] 'allow_any'. This is an issue only if the privilege is not listed in /etc
  108s] /polkit-default-privs.*

The thing is that the application runs just fine. It asks for a password when it tries to (un-mount) and format USB flash drives and also when trying to write .ISOs. It uses python polkit bindings so it asks for elevated privileges only when needed.

But it contains and installs a polkit action file (org.linuxmint.im.policy) that allow a user to gain root privileges without asking for the root password.
It has the following content:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE policyconfig PUBLIC 
 "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN" 
 "http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
<policyconfig>
  <vendor>linuxmint</vendor>
  <vendor_url>http://hal.freedesktop.org/docs/PolicyKit/</vendor_url>
  <action id="org.freedesktop.policykit.pkexec.run-im">
    <description>USB Image Writer Authentication dialog</description>
    <message>This will destroy all data on the target device, are you sure you want to proceed?</message>
    <message xml:lang="fr">Toutes les données contenues sur ce périphérique vont être détruites. Souhaitez-vous continuer ?</message>
    <icon_name>system-run</icon_name>
    <defaults>
      <allow_any>no</allow_any>
      <allow_inactive>no</allow_inactive>
      <allow_active>auth_self_keep</allow_active>
    </defaults>
    <annotate key="org.freedesktop.policykit.exec.path">/usr/bin/python</annotate>
    <annotate key="org.freedesktop.policykit.exec.argv1">/usr/lib/linuxmint/mintstick/raw_write.py</annotate>
    <annotate key="org.freedesktop.policykit.exec.argv1">/usr/lib/linuxmint/mintstick/raw_format.py</annotate>
  </action>

</policyconfig>

As you can see, this sets “auth_self_keep”, which means polkit asks for the user’s password, not root’s to gain root privileges.
You could patch that to say “auth_admin_keep” to make it openSUSE conform, or disable that check via an rpmlintrc file:
https://en.opensuse.org/openSUSE:Packaging_checks#Building_Packages_despite_of_errors
In particular:
https://en.opensuse.org/openSUSE:Packaging_checks#Disarming_Fatal_Errors

Ah, I see. This is developed by the Linux Mint project so I suspect that’s part of the problem since on Ubuntu and derivatives elevated privileges are usually obtained by using your own password(this can be changed ofc). But then again, that also seems to be the case on a stock install of OpenSUSE.

Thanks again for helping me. I’ll probably add a “custom” polkit file as source until I’m more comfortable with patches.

No. On a stock openSUSE installation you need the root password to gain root privileges. With polkit as well as sudo.
And the post-build checks enforce that policy.

Thanks again for helping me. I’ll probably add a “custom” polkit file as source until I’m more comfortable with patches.

Well, that’s another possibility of course.

I guess what I was trying to say was that, on my stock install, the root password is the same as my user’s.

Yes, but still: auth_self_keep asks for the user’s password, auth_admin_keep asks for the root password, just as sudo does on a stock openSUSE installation.
And openSUSE’s policy (and the OBS checks) enforce auth_admin_keep for openSUSE.

If you have more than user, probably not all user passwords will be the same as the root password any more.
And normally you would change the root password to make the system more secure.

Finally, how should OBS know whether the user’s password is the same as the root password on the system the package is installed on? :stuck_out_tongue:

Anyway, as said you have two possibilities: change the policy to auth_admin_keep, or add an rpmlintrc to ignore that “error”.
As long as you are not going to submit your package to Factory it’s your decision.