Skip to content

Back up on scrub #1660

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
sergiomb2 wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Back up on scrub #1660

sergiomb2 wants to merge 1 commit into from

Conversation

@sergiomb2
Copy link
Contributor

@sergiomb2 sergiomb2 commented Nov 26, 2025

Add a reference to related issue - preferably in the git commit message
Fixes: #1639

Add release note. See https://rpm-software-management.github.io/mock/Release-Notes-New-Entry
or let us know to add label no-release-notes if you think the change does
not deserve a release note.

  • make mock --scrub=all correctly back up build directory
  • Use 'mv' instead of 'cp' for backing up builds

github-advanced-security[bot]
github-advanced-security bot found potential problems Nov 26, 2025
View reviewed changes
gemini-code-assist[bot]
gemini-code-assist bot reviewed Nov 26, 2025
View reviewed changes
Copy link

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request refactors the backup logic by moving it from backend.py to buildroot.py and changing the operation from copy (cp) to move (mv). This is a good refactoring as the logic is now closer to where the buildroot is actually deleted. However, I've found a critical security vulnerability related to command injection when moving the RPM files. The way the mv command is constructed is unsafe and could allow for arbitrary code execution if a filename contains special shell characters. I've provided a suggestion to fix this using Python's shutil module, which is the safer and more idiomatic approach. I also found a minor style issue where a multi-line string is used for a comment inside a method, which should be a regular hash-prefixed comment. Please address the critical security issue.

@sergiomb2 sergiomb2 force-pushed the back_up_on_scrub branch 2 times, most recently from 57d76c8 to 2f02a9d Compare November 26, 2025 02:40
github-advanced-security[bot]
github-advanced-security bot found potential problems Nov 26, 2025
View reviewed changes
xsuchy
xsuchy reviewed Nov 26, 2025
View reviewed changes
Copy link
Member

@xsuchy xsuchy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM
Can you add release entry as described in https://rpm-software-management.github.io/mock/Release-Notes-New-Entry please?

@sergiomb2
Copy link
Contributor Author

sergiomb2 commented Nov 26, 2025

Done. Let me know if I can improve anything else.
Thank you

@sergiomb2
Copy link
Contributor Author

sergiomb2 commented Nov 27, 2025

I found a bug "shutil.Error: Destination path '/var/lib/mock/backup/fedora-43-x86_64/javapackages-compat-6.4.1-5.fc43.noarch.rpm' already exists"
I will try fix it soon

github-advanced-security[bot]
github-advanced-security bot found potential problems Nov 28, 2025
View reviewed changes
@sergiomb2 sergiomb2 force-pushed the back_up_on_scrub branch 2 times, most recently from daf4800 to 3089847 Compare November 28, 2025 00:45
@praiskup
Copy link
Member

praiskup commented Dec 15, 2025

Can you please rebase on top of main? Thank you.

@sergiomb2
Copy link
Contributor Author

sergiomb2 commented Dec 15, 2025

Lint Python issues / python-lint-job (pull_request)Failing after 46s

I'm working on another solution

github-advanced-security[bot]
github-advanced-security bot found potential problems Dec 16, 2025
View reviewed changes
@sergiomb2 sergiomb2 force-pushed the back_up_on_scrub branch 2 times, most recently from 2f9cdbf to 3879063 Compare December 16, 2025 00:49
@praiskup
Copy link
Member

praiskup commented Dec 16, 2025

/packit test

praiskup
praiskup reviewed Jan 15, 2026
View reviewed changes
praiskup
praiskup requested changes Jan 15, 2026
View reviewed changes
Copy link
Member

@praiskup praiskup left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry for the delay. Otherwise looks good, thank you for the fix.

praiskup
praiskup reviewed Jan 15, 2026
View reviewed changes
praiskup
praiskup reviewed Jan 15, 2026
View reviewed changes
@sergiomb2
mock --scrub=all now correctly backs up successful builds from the …
cb07a9a 
…buildroot. Fixes issue rpm-software-management#1639.

The backup process now uses `mv` semantics instead of `cp`, avoiding file duplication,
preserving timestamps, and improving performance. Gemini Code Assist flagged the
use of `util.run` as unsafe, so it was replaced with `os.replace` to safely overwrite
existing files.

Improve logs and comments in backup_build_results for clarity.
@sergiomb2 sergiomb2 requested review from praiskup and xsuchy February 1, 2026 17:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@praiskup praiskup Awaiting requested review from praiskup

@xsuchy xsuchy Awaiting requested review from xsuchy

1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

mock --scrub=all doesn’t back up builds

3 participants

@sergiomb2 @praiskup @xsuchy