From Fedora Project Wiki

Revision as of 14:27, 2 June 2011 by Fab (talk | contribs) (layout changes)

Mock

Mock creates chroots and builds packages in them. Its only task is to reliably populate a chroot and attempt to build a package in that chroot.

Status

Mock is currently being used for all Fedora builds. It is called by Plague (<=FC-6) and Koji (>=F-7) to build chroots and packages.

Download

https://fedorahosted.org/mock/ has all the latest builds. It can be installed with "yum install mock".

To check out the current code:

Setup

All users that are to use mock must be added to the 'mock' group.

usermod -a G mock [User name] && newgrp mock

Configuration files are in /etc/mock. Mock versions 0.8.0 and higher cache the downloaded rpm packages (via the yum_cache plugin), which speeds up subsequent builds by a considerable margin. Nevertheless, you may wish to change the default configuration to point to local repositories to speed up builds.

By default, builds are done in /var/lib/mock, so be sure you have room. Starting with mock 0.8.0 and higher, you can change this via the 'basedir' config option.

Using Mock outside your CVS sandbox

Create your SRPM using 'rpmbuild -bs'. Then change to the directory where your srpm was created.

Now you can start mock with

mock -r <configfile> rebuild package-1.2-3.src.rpm

where <configfile> is the name of a configuration from /etc/mock/.

If using mock version older than 0.8.8 or on a system with python 2.4, and building i386 packages on x86_64, prepend setarch i386 to the mock command line: setarch i386 mock -r <configfile> rebuild package-1.2-3.src.rpm. Newer versions of mock no longer need the setarch command, although it does not hurt anything if it is there.

Note that you can track the progress of mock using the logs stored in /var/lib/mock/<configfile>/result

Using Mock inside your CVS sandbox

You only need to type 'make mockbuild' to start a mock build. The used architecture depends on the directory where you start the mock build.


Security Considerations

Build User

It's recommended you use a user account other than your normal user account to do the builds, just to be safe. You wouldn't want the build user to "accidentally" have access to your GPG or SSH keys.

To create the user, and put them into the mock group, run:

adduser -m -G mock build

Then remember to 'su' - build prior to running mock.

Untrusted Users Using Mock

Beware that adding a user to the mock group means that the user can easily get root access on the machine without providing a password:

$ /usr/bin/mock --init -r fedora-10-i386
$ /usr/bin/mock --shell -r fedora-10-i386
mock-chroot> chmod u+s bin/bash
$ /var/lib/mock/fedora-10-i386/root/bin/bash -p
# cat /etc/shadow

Using

Usage:
usage:
mock [options]  {init|clean}
mock [options]  [rebuild]  /path/to/srpm(s)
mock [options]  {shell|chroot} <cmd>
mock [options]  installdeps {SRPM|RPM}
mock [options]  install PACKAGE
commands:
rebuild     - build the specified SRPM(s) [default command] 
chroot      - run the specified command within the chroot
shell       - run an interactive shell within specified chroot
clean       - clean out the specified chroot
init        - initialize the chroot, do not build anything
installdeps - install build dependencies for a specified SRPM
install     - install packages using yum

Options:
--version             show program's version number and exit
-h, --help            show this help message and exit
-r CHROOT             chroot name/config file name default: default
--no-clean            do not clean chroot before building
--cleanup-after       Clean chroot after building. Use with --resultdir.
Only active for 'rebuild'.
--no-cleanup-after    Dont clean chroot after building. If automatic cleanup
is enabled, use this to disable.
--arch=ARCH           target build arch
--resultdir=RESULTDIR
path for resulting files to be put
--uniqueext=UNIQUEEXT
Arbitrary, unique extension to append to buildroot
directory name
--configdir=CONFIGDIR
Change where config files are found
--rpmbuild_timeout=RPMBUILD_TIMEOUT
Fail build if rpmbuild takes longer than 'timeout'
seconds
--enable-plugin=ENABLED_PLUGINS
Enable plugin. Currently-available plugins: ('ccache',
'yum_cache', 'root_cache', 'bind_mount')
--disable-plugin=DISABLED_PLUGINS
Disable plugin. Currently-available plugins:
('ccache', 'yum_cache', 'root_cache', 'bind_mount')

For example, to rebuild a package for i386 on the development branch of Fedora:

  • mock rebuild -r fedora-devel-i386 /path/to/rpm

See /etc/mock for the available targets. If you have the bash-completion package installed, it will tab complete the targets for you.

Problems

If you encounter a bug running mock, please file it in Bugzilla, product "Fedora", component mock (Open Bugs).

If your problem is specific to EPEL, then file it against the "Fedora EPEL" product instead (Open Bugs).

See Also