[meta-selinux][PATCH] busybox: explicitly set temporary shell scripts to be executable

All of lore.kernel.org
 help / color / mirror / Atom feed

* [meta-selinux][PATCH] busybox: explicitly set temporary shell scripts to be executable
@ 2016-02-19 22:45 Alejandro del Castillo
  2016-03-01 22:58 ` Alejandro del Castillo
  0 siblings, 1 reply; 4+ messages in thread
From: Alejandro del Castillo @ 2016-02-19 22:45 UTC (permalink / raw)
  To: yocto

During an on target upgrade, the postinst script is creating scripts
that call buysbox, to avoid missing commands errors. However, the
scripts permissions are not set explicitly, relying on the mask.

Signed-off-by: Alejandro del Castillo <alejandro.delcastillo@ni.com>
---
 recipes-core/busybox/busybox_%.bbappend | 1 +
 1 file changed, 1 insertion(+)

diff --git a/recipes-core/busybox/busybox_%.bbappend b/recipes-core/busybox/busybox_%.bbappend
index b4935b2..2e806af 100644
--- a/recipes-core/busybox/busybox_%.bbappend
+++ b/recipes-core/busybox/busybox_%.bbappend
@@ -78,6 +78,7 @@ pkg_postinst_${PN} () {
 						# we can use busybox here because even if we are using splitted busybox
 						# we've made a symlink from /bin/busybox to /bin/busybox.nosuid.
 						busybox echo "#!/bin/busybox$suffix" > $link
+                                                /bin/busybox.nosuid chmod 755 $link
 					fi
 				done < /etc/busybox.links$suffix
 			fi
-- 
1.9.1



^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [meta-selinux][PATCH] busybox: explicitly set temporary shell scripts to be executable
  2016-02-19 22:45 [meta-selinux][PATCH] busybox: explicitly set temporary shell scripts to be executable Alejandro del Castillo
@ 2016-03-01 22:58 ` Alejandro del Castillo
  2016-03-02  5:43   ` Philip Tricca
  0 siblings, 1 reply; 4+ messages in thread
From: Alejandro del Castillo @ 2016-03-01 22:58 UTC (permalink / raw)
  To: yocto, Xin.Ouyang, flihp

I first started looking at busybox postinst (modified on meta-selinux) since I
am getting errors during "opkg upgrade buysbox". The errors that I am getting
are of the form:

update-alternatives: Error: not linking /bin/gunzip to
/usr/lib/busybox/bin/gunzip since /bin/gunzip exists and is not a link

Which only happen for utilities that don't have any alternative installed after
removing busybox, hence no symlink. Utilities that do have an alternative
installed are correctly processed, for example:

update-alternatives: Linking /usr/bin/ar to /usr/bin/x86_64-nilrt-linux-ar

The root problem is that meta-selinux on commit
521ca9c9cf370840e9f8c808a7955aa5da7c356e replaced the temporary symlink creation
on postinst with sh wrappers, which breaks update-alternatives when it tries to
update symlinks (which are now sh wrappers).

Is there a reason why the postinst needs to be different on the selinux version
of busybox? If the postinst is just creating temporary symlinks which will go
away once the update-alternatives block later on the script runs, do we need the
sh wrappers?

On 02/19/2016 04:45 PM, Alejandro del Castillo wrote:
> During an on target upgrade, the postinst script is creating scripts
> that call buysbox, to avoid missing commands errors. However, the
> scripts permissions are not set explicitly, relying on the mask.
> 
> Signed-off-by: Alejandro del Castillo <alejandro.delcastillo@ni.com>
> ---
>  recipes-core/busybox/busybox_%.bbappend | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/recipes-core/busybox/busybox_%.bbappend b/recipes-core/busybox/busybox_%.bbappend
> index b4935b2..2e806af 100644
> --- a/recipes-core/busybox/busybox_%.bbappend
> +++ b/recipes-core/busybox/busybox_%.bbappend
> @@ -78,6 +78,7 @@ pkg_postinst_${PN} () {
>  						# we can use busybox here because even if we are using splitted busybox
>  						# we've made a symlink from /bin/busybox to /bin/busybox.nosuid.
>  						busybox echo "#!/bin/busybox$suffix" > $link
> +                                                /bin/busybox.nosuid chmod 755 $link
>  					fi
>  				done < /etc/busybox.links$suffix
>  			fi
> 

-- 
Cheers,

Alejandro

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [meta-selinux][PATCH] busybox: explicitly set temporary shell scripts to be executable
  2016-03-01 22:58 ` Alejandro del Castillo
@ 2016-03-02  5:43   ` Philip Tricca
  2016-03-07 15:59     ` Alejandro del Castillo
  0 siblings, 1 reply; 4+ messages in thread
From: Philip Tricca @ 2016-03-02  5:43 UTC (permalink / raw)
  To: Alejandro del Castillo; +Cc: yocto, Xin.Ouyang

On 03/01/2016 02:58 PM, Alejandro del Castillo wrote:
> I first started looking at busybox postinst (modified on meta-selinux) since I
> am getting errors during "opkg upgrade buysbox". The errors that I am getting
> are of the form:
> 
> update-alternatives: Error: not linking /bin/gunzip to
> /usr/lib/busybox/bin/gunzip since /bin/gunzip exists and is not a link
> 
> Which only happen for utilities that don't have any alternative installed after
> removing busybox, hence no symlink. Utilities that do have an alternative
> installed are correctly processed, for example:
> 
> update-alternatives: Linking /usr/bin/ar to /usr/bin/x86_64-nilrt-linux-ar
> 
> The root problem is that meta-selinux on commit
> 521ca9c9cf370840e9f8c808a7955aa5da7c356e replaced the temporary symlink creation
> on postinst with sh wrappers, which breaks update-alternatives when it tries to
> update symlinks (which are now sh wrappers).
> 
> Is there a reason why the postinst needs to be different on the selinux version
> of busybox? If the postinst is just creating temporary symlinks which will go
> away once the update-alternatives block later on the script runs, do we need the
> sh wrappers?

Thanks for the additional context Alejandro. I don't have enough history
yet to pull answers to stuff like this out at will though. Hopefully
someone with the right background will chime in. Either way I'll circle
back once the easy stuff in the backlog is done and we'll try to sort
something out.

Philip

> On 02/19/2016 04:45 PM, Alejandro del Castillo wrote:
>> During an on target upgrade, the postinst script is creating scripts
>> that call buysbox, to avoid missing commands errors. However, the
>> scripts permissions are not set explicitly, relying on the mask.
>>
>> Signed-off-by: Alejandro del Castillo <alejandro.delcastillo@ni.com>
>> ---
>>  recipes-core/busybox/busybox_%.bbappend | 1 +
>>  1 file changed, 1 insertion(+)
>>
>> diff --git a/recipes-core/busybox/busybox_%.bbappend b/recipes-core/busybox/busybox_%.bbappend
>> index b4935b2..2e806af 100644
>> --- a/recipes-core/busybox/busybox_%.bbappend
>> +++ b/recipes-core/busybox/busybox_%.bbappend
>> @@ -78,6 +78,7 @@ pkg_postinst_${PN} () {
>>  						# we can use busybox here because even if we are using splitted busybox
>>  						# we've made a symlink from /bin/busybox to /bin/busybox.nosuid.
>>  						busybox echo "#!/bin/busybox$suffix" > $link
>> +                                                /bin/busybox.nosuid chmod 755 $link
>>  					fi
>>  				done < /etc/busybox.links$suffix
>>  			fi
>>
> 



^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [meta-selinux][PATCH] busybox: explicitly set temporary shell scripts to be executable
  2016-03-02  5:43   ` Philip Tricca
@ 2016-03-07 15:59     ` Alejandro del Castillo
  0 siblings, 0 replies; 4+ messages in thread
From: Alejandro del Castillo @ 2016-03-07 15:59 UTC (permalink / raw)
  To: Philip Tricca; +Cc: yocto, Xin.Ouyang



On 03/01/2016 11:43 PM, Philip Tricca wrote:
> On 03/01/2016 02:58 PM, Alejandro del Castillo wrote:
>> I first started looking at busybox postinst (modified on meta-selinux) since I
>> am getting errors during "opkg upgrade buysbox". The errors that I am getting
>> are of the form:
>>
>> update-alternatives: Error: not linking /bin/gunzip to
>> /usr/lib/busybox/bin/gunzip since /bin/gunzip exists and is not a link
>>
>> Which only happen for utilities that don't have any alternative installed after
>> removing busybox, hence no symlink. Utilities that do have an alternative
>> installed are correctly processed, for example:
>>
>> update-alternatives: Linking /usr/bin/ar to /usr/bin/x86_64-nilrt-linux-ar
>>
>> The root problem is that meta-selinux on commit
>> 521ca9c9cf370840e9f8c808a7955aa5da7c356e replaced the temporary symlink creation
>> on postinst with sh wrappers, which breaks update-alternatives when it tries to
>> update symlinks (which are now sh wrappers).
>>
>> Is there a reason why the postinst needs to be different on the selinux version
>> of busybox? If the postinst is just creating temporary symlinks which will go
>> away once the update-alternatives block later on the script runs, do we need the
>> sh wrappers?
> 
> Thanks for the additional context Alejandro. I don't have enough history
> yet to pull answers to stuff like this out at will though. Hopefully
> someone with the right background will chime in. Either way I'll circle
> back once the easy stuff in the backlog is done and we'll try to sort
> something out.

Sounds good, I hope someone can provide background since it looks to me like the
postinst is wrong, but I don't have historic context.

Let me know if I can help in any way.

-- 
Cheers,

Alejandro


^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2016-03-07 16:00 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-02-19 22:45 [meta-selinux][PATCH] busybox: explicitly set temporary shell scripts to be executable Alejandro del Castillo
2016-03-01 22:58 ` Alejandro del Castillo
2016-03-02  5:43   ` Philip Tricca
2016-03-07 15:59     ` Alejandro del Castillo

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.