Skip to content

GH-50358: [Release] Fix permission issues on Dockerfile on new binary signing image#50359

Open
raulcd wants to merge 1 commit into
apache:mainfrom
raulcd:GH-50358
Open

GH-50358: [Release] Fix permission issues on Dockerfile on new binary signing image#50359
raulcd wants to merge 1 commit into
apache:mainfrom
raulcd:GH-50358

Conversation

@raulcd

@raulcd raulcd commented Jul 3, 2026

Copy link
Copy Markdown
Member

Rationale for this change

We updated from bookworm to trixie our binary signing image. When trying to sign the packages it failed with the following error:

Downloading: centos - 100.0% [63/63] 00:01:26 00:00:00  0/s
error: Unable to open sqlite database /var/lib/rpm/rpmdb.sqlite: unable to open database file
error: cannot open Packages index using sqlite - Operation not permitted (1)
error: cannot open Packages database in /var/lib/rpm
error: can't create transaction lock on /var/lib/rpm/.rpm.lock (No such file or directory)
error: /tmp/apache-arrow-binary20260703-49-htq2me.asc: key 1 import failed.

What changes are included in this PR?

Change permissions for /var/lib/rpm inside container.

Are these changes tested?

Yes, I've used that to upload and sign binaries.

Are there any user-facing changes?

No

Copilot AI review requested due to automatic review settings July 3, 2026 14:16
@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown

⚠️ GitHub issue #50358 has been automatically assigned in GitHub to PR creator.

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR addresses a release-blocking failure in the Debian trixie-based binary signing image where rpm --import cannot write to the RPM database under /var/lib/rpm, preventing RPM artifact signing/upload during release automation.

Changes:

  • Adjusts filesystem permissions in the signing Docker image to allow RPM DB writes during signing.


RUN gem install apt-dists-merge -v ">= 1.0.2"

RUN chmod 1777 /var/lib/rpm
@kou

kou commented Jul 3, 2026

Copy link
Copy Markdown
Member

Thanks! But I want to try the following:

diff --git a/dev/release/binary-task.rb b/dev/release/binary-task.rb
index 254ca547fa..ce2bb3f15b 100644
--- a/dev/release/binary-task.rb
+++ b/dev/release/binary-task.rb
@@ -1930,7 +1930,8 @@ APT::FTPArchive::Release::Description "#{apt_repository_description}";
          "--export", gpg_key_id,
          out: gpg_key.path,
          verbose: verbose?)
-      sh("rpm",
+      sh("sudo",
+         "rpm",
          "--import", gpg_key.path,
          out: default_output,
          verbose: verbose?)

Can we try the sudo approach instead of the chmod approach in the next release?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

awaiting committer review Awaiting committer review

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants