fix: handle permissionerror during walking over tree

Previously it tried to look into 700 directories (e.g. .gnupg) which
breaks running as non-ahriman user

src/ahriman/application/lock.py

@@ -158,7 +158,7 @@ class Lock(LazyLogging):
         """
         check if current user is actually owner of ahriman root
         """
-        check_user(self.paths, unsafe=self.unsafe)
+        check_user(self.paths.root, unsafe=self.unsafe)
         self.paths.tree_create()
 
     def check_version(self) -> None:

src/ahriman/core/utils.py

@@ -35,7 +35,6 @@ from pwd import getpwuid
 from typing import Any, IO, TypeVar
 
 from ahriman.core.exceptions import CalledProcessError, OptionError, UnsafeRunError
-from ahriman.models.repository_paths import RepositoryPaths
 
 
 __all__ = [
@@ -47,6 +46,7 @@ __all__ = [
     "filter_json",
     "full_version",
     "minmax",
+    "owner",
     "package_like",
     "parse_version",
     "partition",
@@ -54,6 +54,7 @@ __all__ = [
     "pretty_interval",
     "pretty_size",
     "safe_filename",
+    "safe_iterdir",
     "srcinfo_property",
     "srcinfo_property_list",
     "trim_package",
@@ -170,12 +171,13 @@ def check_output(*args: str, exception: Exception | Callable[[int, list[str], st
         return stdout
 
 
-def check_user(paths: RepositoryPaths, *, unsafe: bool) -> None:
+def check_user(root: Path, *, unsafe: bool) -> None:
     """
     check if current user is the owner of the root
 
     Args:
-        paths(RepositoryPaths): repository paths object
+        root(Path): path to root directory (e.g. repository root
+            :attr:`ahriman.models.repository_paths.RepositoryPaths.root`)
         unsafe(bool): if set no user check will be performed before path creation
 
     Raises:
@@ -184,14 +186,16 @@ def check_user(paths: RepositoryPaths, *, unsafe: bool) -> None:
     Examples:
         Simply run function with arguments::
 
-            >>> check_user(paths, unsafe=False)
+            >>> check_user(root, unsafe=False)
     """
-    if not paths.root.exists():
+    if not root.exists():
         return  # no directory found, skip check
     if unsafe:
         return  # unsafe flag is enabled, no check performed
+
     current_uid = os.getuid()
-    root_uid, _ = paths.root_owner
+    root_uid, _ = owner(root)
+
     if current_uid != root_uid:
         raise UnsafeRunError(current_uid, root_uid)
 
@@ -289,6 +293,20 @@ def minmax(source: Iterable[T], *, key: Callable[[T], Any] | None = None) -> tup
     return min(first_iter, key=key), max(second_iter, key=key)  # type: ignore
 
 
+def owner(path: Path) -> tuple[int, int]:
+    """
+    retrieve owner information by path
+
+    Args:
+        path(Path): path for which extract ids
+
+    Returns:
+        tuple[int, int]: owner user and group ids of the directory
+    """
+    stat = path.stat()
+    return stat.st_uid, stat.st_gid
+
+
 def package_like(filename: Path) -> bool:
     """
     check if file looks like package
@@ -431,6 +449,22 @@ def safe_filename(source: str) -> str:
     return re.sub(r"[^A-Za-z\d\-._~:\[\]@]", "-", source)
 
 
+def safe_iterdir(path: Path) -> Iterator[Path]:
+    """
+    wrapper around :func:`pathlib.Path.iterdir`, which suppresses :exc:`PermissionError`
+
+    Args:
+        path(Path): path to iterate
+
+    Yields:
+        Path: content of the directory
+    """
+    try:
+        yield from path.iterdir()
+    except PermissionError:
+        pass
+
+
 def srcinfo_property(key: str, srcinfo: Mapping[str, Any], package_srcinfo: Mapping[str, Any], *,
                      default: Any = None) -> Any:
     """

src/ahriman/models/repository_paths.py

@@ -29,6 +29,7 @@ from pwd import getpwuid
 
 from ahriman.core.exceptions import PathError
 from ahriman.core.log import LazyLogging
+from ahriman.core.utils import owner, safe_iterdir
 from ahriman.models.repository_id import RepositoryId
 
 
@@ -93,7 +94,7 @@ class RepositoryPaths(LazyLogging):
         Returns:
             Path: path to directory in which build process is run
         """
-        uid, _ = self.owner(self.root)
+        uid, _ = owner(self.root)
         return self.chroot / f"{self.repository_id.name}-{self.repository_id.architecture}" / getpwuid(uid).pw_name
 
     @property
@@ -155,7 +156,7 @@ class RepositoryPaths(LazyLogging):
         Returns:
             tuple[int, int]: owner user and group of the root directory
         """
-        return self.owner(self.root)
+        return owner(self.root)
 
     # pylint: disable=protected-access
     @classmethod
@@ -208,20 +209,6 @@ class RepositoryPaths(LazyLogging):
 
         return set(walk(instance))
 
-    @staticmethod
-    def owner(path: Path) -> tuple[int, int]:
-        """
-        retrieve owner information by path
-
-        Args:
-            path(Path): path for which extract ids
-
-        Returns:
-            tuple[int, int]: owner user and group ids of the directory
-        """
-        stat = path.stat()
-        return stat.st_uid, stat.st_gid
-
     def _chown(self, path: Path) -> None:
         """
         set owner of path recursively (from root) to root owner
@@ -237,7 +224,7 @@ class RepositoryPaths(LazyLogging):
             PathError: if path does not belong to root
         """
         def set_owner(current: Path) -> None:
-            uid, gid = self.owner(current)
+            uid, gid = owner(current)
             if uid == root_uid and gid == root_gid:
                 return
             os.chown(current, root_uid, root_gid, follow_symlinks=False)
@@ -283,10 +270,10 @@ class RepositoryPaths(LazyLogging):
 
         def walk(root: Path) -> Iterator[Path]:
             # basically walk, but skipping some content
-            for child in root.iterdir():
+            for child in safe_iterdir(root):
                 yield child
                 if child in (self.chroot.parent,):
-                    yield from child.iterdir()  # we only yield top-level in chroot directory
+                    yield from safe_iterdir(child)  # we only yield top-level in chroot directory
                 elif child.is_dir():
                     yield from walk(child)