[PATCH] tests/docker: tolerate chmod EPERM when unpacking hexagon toolchain

Thu, 18 Jun 2026 21:32:48 -0700 

The debian-hexagon-cross image unpacks the codelinaro clang+llvm hexagon
toolchain tarball into /opt. The archive contains symlinks (the .so/.a
library aliases) and directories whose stored modes GNU tar restores via
chmod()/lchmod(). Under docker, where the build runs as real root, those
calls succeed. Under rootless podman the build runs in a user namespace
on overlay storage, which rejects the chmod()/lchmod() calls with EPERM:

  tar: .../libclang_rt.builtins.a: Cannot change mode to rwxrwxrwx: \
       Operation not permitted
  tar: .../x86_64-linux-gnu: Cannot change mode to rwxr-xr-x: \
       Operation not permitted
  tar: Exiting with failure status due to previous errors

tar then exits non-zero and aborts the build. The mode metadata on these
symlinks and directories is irrelevant for our use, and neither
--no-same-permissions nor extracting as a non-root user stops GNU tar
1.35 from attempting the lchmod on the symlinks.

Download the tarball to a file and ignore tar errors during extraction
with --no-same-owner and --no-same-permissions.

Signed-off-by: Brian Cain <[email protected]>
---
 tests/docker/dockerfiles/debian-hexagon-cross.docker | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/tests/docker/dockerfiles/debian-hexagon-cross.docker 
b/tests/docker/dockerfiles/debian-hexagon-cross.docker
index 23e8bb2fb26..817c903246a 100644
--- a/tests/docker/dockerfiles/debian-hexagon-cross.docker
+++ b/tests/docker/dockerfiles/debian-hexagon-cross.docker
@@ -49,7 +49,12 @@ ENV 
TOOLCHAIN_BASENAME=clang+llvm-${TOOLCHAIN_RELEASE}-cross-hexagon-unknown-lin
 ENV 
TOOLCHAIN_URL=https://artifacts.codelinaro.org/artifactory/codelinaro-toolchain-for-hexagon/${TOOLCHAIN_RELEASE}_/${TOOLCHAIN_BASENAME}.tar.zst
 ENV CCACHE_WRAPPERSDIR=/usr/libexec/ccache-wrappers
 
-RUN curl -#SL "$TOOLCHAIN_URL" | tar --zstd -xC "$TOOLCHAIN_INSTALL"
+# Ignore tar's chmod/lchmod EPERM on the toolchain symlinks and directories,
+# which rootless podman's overlay storage rejects (harmless mode metadata).
+RUN curl -#SLo /tmp/toolchain.tar.zst "$TOOLCHAIN_URL" && \
+    { tar --zstd --no-same-owner --no-same-permissions \
+          -xf /tmp/toolchain.tar.zst -C "$TOOLCHAIN_INSTALL" || true; } && \
+    rm -f /tmp/toolchain.tar.zst
 ENV PATH=$PATH:${TOOLCHAIN_INSTALL}/${TOOLCHAIN_BASENAME}/x86_64-linux-gnu/bin
 ENV MAKE=/usr/bin/make
 # As a final step configure the user (if env is defined)
-- 
2.34.1

Reply via email to