Permissions issue when running build-locally.py: Permission denied: '/home/conda/.cache/conda'

[corneliusroemer]

Bug:

I've worked around #26779 by removing the line that errors.

But now, it seems that build-locally.py gets permission errors for the cache directory.

Repro similar to #26779, just with the line that errors there removed.

Full log:

python build-locally.py
valid configs are {'win64', 'linux64_cuda120', 'linux64', 'linux64_cuda118', 'osx64'}
config not selected, please choose from the following:

1. linux64
2. linux64_cuda118
3. linux64_cuda120
4. osx64
5. win64

> 1
selected linux64
Configure Docker
+++ dirname .scripts/run_docker_build.sh
++ cd .scripts/..
++ pwd
+ REPO_ROOT=/Users/corneliusromer/code/staged-recipes
+ ARTIFACTS=/Users/corneliusromer/code/staged-recipes/build_artifacts
+++ dirname .scripts/run_docker_build.sh
++ cd .scripts
++ pwd
+ THISDIR=/Users/corneliusromer/code/staged-recipes/.scripts
++ basename /Users/corneliusromer/code/staged-recipes/.scripts
+ PROVIDER_DIR=.scripts
+ AZURE=False
+ docker info
Client:
 Version:    26.1.4
 Context:    desktop-linux
 Debug Mode: false
 Plugins:
  buildx: Docker Buildx (Docker Inc.)
    Version:  v0.14.1-desktop.1
    Path:     /Users/corneliusromer/.docker/cli-plugins/docker-buildx
  compose: Docker Compose (Docker Inc.)
    Version:  v2.27.1-desktop.1
    Path:     /Users/corneliusromer/.docker/cli-plugins/docker-compose
  debug: Get a shell into any image or container (Docker Inc.)
    Version:  0.0.32
    Path:     /Users/corneliusromer/.docker/cli-plugins/docker-debug
  dev: Docker Dev Environments (Docker Inc.)
    Version:  v0.1.2
    Path:     /Users/corneliusromer/.docker/cli-plugins/docker-dev
  extension: Manages Docker extensions (Docker Inc.)
    Version:  v0.2.24
    Path:     /Users/corneliusromer/.docker/cli-plugins/docker-extension
  feedback: Provide feedback, right in your terminal! (Docker Inc.)
    Version:  v1.0.5
    Path:     /Users/corneliusromer/.docker/cli-plugins/docker-feedback
  init: Creates Docker-related starter files for your project (Docker Inc.)
    Version:  v1.2.0
    Path:     /Users/corneliusromer/.docker/cli-plugins/docker-init
  sbom: View the packaged-based Software Bill Of Materials (SBOM) for an image (Anchore Inc.)
    Version:  0.6.0
    Path:     /Users/corneliusromer/.docker/cli-plugins/docker-sbom
  scout: Docker Scout (Docker Inc.)
    Version:  v1.9.3
    Path:     /Users/corneliusromer/.docker/cli-plugins/docker-scout

Server:
 Containers: 48
  Running: 1
  Paused: 0
  Stopped: 47
 Images: 21
 Server Version: 26.1.4
 Storage Driver: stargz
  driver-type: io.containerd.snapshotter.v1
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Cgroup Version: 2
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: d2d58213f83a351ca8f528a95fbd145f5654e957
 runc version: v1.1.12-0-g51d5e94
 init version: de40ad0
 Security Options:
  seccomp
   Profile: unconfined
  cgroupns
 Kernel Version: 6.6.31-linuxkit
 Operating System: Docker Desktop
 OSType: linux
 Architecture: aarch64
 CPUs: 10
 Total Memory: 17.54GiB
 Name: docker-desktop
 ID: 2d9717eb-dd17-47cb-b40b-576d50e76161
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 HTTP Proxy: http.docker.internal:3128
 HTTPS Proxy: http.docker.internal:3128
 No Proxy: hubproxy.docker.internal
 Labels:
  com.docker.desktop.address=unix:///Users/corneliusromer/Library/Containers/com.docker.docker/Data/docker-cli.sock
 Experimental: true
 Insecure Registries:
  hubproxy.docker.internal:5555
  127.0.0.0/8
 Live Restore Enabled: false

WARNING: daemon is not using the default seccomp profile
++ id -u
+ HOST_USER_ID=501
+ hash docker-machine
+ '[' -z '' ']'
++ shyaml -h
.scripts/run_docker_build.sh: line 30: shyaml: command not found
++ echo NO
+ SHYAML_INSTALLED=NO
+ '[' NO == NO ']'
+ echo 'WARNING: DOCKER_IMAGE variable not set and shyaml not installed. Trying to parse with coreutils'
WARNING: DOCKER_IMAGE variable not set and shyaml not installed. Trying to parse with coreutils
++ cat .ci_support/linux64.yaml
++ grep '^docker_image:$' -A 1
++ tail -n 1
++ cut -b 3-
+ DOCKER_IMAGE=quay.io/condaforge/linux-anvil-cos7-x86_64
+ '[' quay.io/condaforge/linux-anvil-cos7-x86_64 = '' ']'
+ mkdir -p /Users/corneliusromer/code/staged-recipes/build_artifacts
+ DONE_CANARY=/Users/corneliusromer/code/staged-recipes/build_artifacts/conda-forge-build-done
+ rm -f /Users/corneliusromer/code/staged-recipes/build_artifacts/conda-forge-build-done
+ DOCKER_RUN_ARGS=-it
+ '[' False == True ']'
Start Docker
+ docker pull quay.io/condaforge/linux-anvil-cos7-x86_64
Using default tag: latest
latest: Pulling from condaforge/linux-anvil-cos7-x86_64
Digest: sha256:e3969b835458ba999261c2c390178e57b4633c2c91addee636e5c8658da88241
Status: Image is up to date for quay.io/condaforge/linux-anvil-cos7-x86_64:latest
quay.io/condaforge/linux-anvil-cos7-x86_64:latest

What's next:
    View a summary of image vulnerabilities and recommendations → docker scout quickview quay.io/condaforge/linux-anvil-cos7-x86_64
+ docker run -it -v /Users/corneliusromer/code/staged-recipes:/home/conda/staged-recipes -e HOST_USER_ID=501 -e AZURE=False -e CONFIG -e CI -e CPU_COUNT -e DEFAULT_LINUX_VERSION quay.io/condaforge/linux-anvil-cos7-x86_64 bash /home/conda/staged-recipes/.scripts/build_steps.sh
useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.
+ export FEEDSTOCK_ROOT=/home/conda/staged-recipes
+ FEEDSTOCK_ROOT=/home/conda/staged-recipes
+ source /home/conda/staged-recipes/.scripts/logging_utils.sh
Configuring conda
+ export PYTHONUNBUFFERED=1
+ PYTHONUNBUFFERED=1
+ export CI_SUPPORT=/home/conda/staged-recipes-copy/.ci_support
+ CI_SUPPORT=/home/conda/staged-recipes-copy/.ci_support
+ cat
+ cp -r /home/conda/staged-recipes /home/conda/staged-recipes-copy
+ find /home/conda/staged-recipes-copy/recipes -maxdepth 1 -name .DS_Store -delete
+ echo 'Pending recipes.'
Pending recipes.
+ ls -la /home/conda/staged-recipes-copy/recipes
total 16
drwxr-xr-x  4 conda conda 4096 Jun 27 11:57 .
drwxr-xr-x 10 conda conda 4096 Jun 27 11:57 ..
drwxr-xr-x  2 conda conda 4096 Jun 27 11:57 example
drwxr-xr-x  2 conda conda 4096 Jun 27 11:57 tsv-utils
+ echo 'Finding recipes merged in main and removing them from the build.'
Finding recipes merged in main and removing them from the build.
+ pushd /home/conda/staged-recipes/recipes
+ popd
+ conda install --quiet --file /home/conda/staged-recipes/.ci_support/requirements.txt

CondaError: Error encountered while attempting to create cache directory.
  Directory: /home/conda/.cache/conda/notices
  Exception: [Errno 13] Permission denied: '/home/conda/.cache/conda'

Traceback (most recent call last):
  File "/Users/corneliusromer/code/staged-recipes/build-locally.py", line 101, in <module>
    main()
  File "/Users/corneliusromer/code/staged-recipes/build-locally.py", line 95, in main
    run_docker_build(ns)
  File "/Users/corneliusromer/code/staged-recipes/build-locally.py", line 33, in run_docker_build
    subprocess.check_call([script])
  File "/opt/homebrew/Caskroom/miniforge/base/envs/py11/lib/python3.11/subprocess.py", line 413, in check_call
    raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command '['.scripts/run_docker_build.sh']' returned non-zero exit status 1.

@conda-forge/staged-recipes

[corneliusroemer]

There seems to be an issue with user permissions, see for example the warning at the start of the docker run command. Here are user ids:

docker run -it -v /Users/corneliusromer/code/staged-recipes:/home/conda/staged-recipes  -e HOST_USER_ID=501 -e AZURE=False -e CONFIG -e CI -e CPU_COUNT -e DEFAULT_LINUX_VERSION quay.io/condaforge/linux-anvil-cos7-x86_64 bash -c "id" 

useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.
uid=501(conda) gid=32767(conda) groups=32767(conda),32766(lucky)

[tpburns]

I was also experiencing this error and the one in #26779, and eventually determined that for me it was due to running docker in rootless mode. However, if I'm reading your docker info output correctly, neither the Client Context nor the Server Security Options indicate that you're running in rootless, though I don't know if those are the only possible indications of it.

I was planning to submit a PR adjusting the local build configuration so that rootless docker worked out of the box, but if it doesn't fix this symptom for other people, I'm not sure I'm taking the right approach. Did you ever figure out what the issue was for you?