[meta-virtualization][PATCH] image-oci-umoci: preserve file modes in rootfs

[meta-virtualization][PATCH] image-oci-umoci: preserve file modes in rootfs

[Florian Wickert]

cp does not preserve file modes by default.
This will break sudo (among others) which needs the suid flag to do its
work.

This patch adds the --preserve=mode flag to the cp call to fix this.

Signed-off-by: Florian Wickert <FlorianWickert@gmail.com>
---
 classes/image-oci-umoci.inc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/classes/image-oci-umoci.inc b/classes/image-oci-umoci.inc
index c77750fb..bbea2add 100644
--- a/classes/image-oci-umoci.inc
+++ b/classes/image-oci-umoci.inc
@@ -49,8 +49,8 @@ IMAGE_CMD:oci() {
     fi
 
     bbdebug 1 "OCI: populating rootfs"
-    bbdebug 1 "OCI: cp -r ${IMAGE_ROOTFS}/* $image_bundle_name/rootfs/"
-    cp -r ${IMAGE_ROOTFS}/* $image_bundle_name/rootfs
+    bbdebug 1 "OCI: cp -r --preserve=mode ${IMAGE_ROOTFS}/* $image_bundle_name/rootfs/"
+    cp -r --preserve=mode ${IMAGE_ROOTFS}/* $image_bundle_name/rootfs
 
     bbdebug 1 "OCI: umoci repack --image $image_name:${OCI_IMAGE_TAG} $image_bundle_name"
     umoci repack --image $image_name:${OCI_IMAGE_TAG} $image_bundle_name
-- 
2.43.0

Re: [meta-virtualization][PATCH] image-oci-umoci: preserve file modes in rootfs

[Bruce Ashfield]

In message: [meta-virtualization][PATCH] image-oci-umoci: preserve file modes in rootfs
on 07/01/2025 Florian Wickert via lists.yoctoproject.org wrote:

> cp does not preserve file modes by default.
> This will break sudo (among others) which needs the suid flag to do its
> work.
> 
> This patch adds the --preserve=mode flag to the cp call to fix this.
> 
> Signed-off-by: Florian Wickert <FlorianWickert@gmail.com>
> ---
>  classes/image-oci-umoci.inc | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/classes/image-oci-umoci.inc b/classes/image-oci-umoci.inc
> index c77750fb..bbea2add 100644
> --- a/classes/image-oci-umoci.inc
> +++ b/classes/image-oci-umoci.inc
> @@ -49,8 +49,8 @@ IMAGE_CMD:oci() {
>      fi
>  
>      bbdebug 1 "OCI: populating rootfs"
> -    bbdebug 1 "OCI: cp -r ${IMAGE_ROOTFS}/* $image_bundle_name/rootfs/"
> -    cp -r ${IMAGE_ROOTFS}/* $image_bundle_name/rootfs
> +    bbdebug 1 "OCI: cp -r --preserve=mode ${IMAGE_ROOTFS}/* $image_bundle_name/rootfs/"
> +    cp -r --preserve=mode ${IMAGE_ROOTFS}/* $image_bundle_name/rootfs

Is it just the mode that we are concerned with ? We could
either use install vs cp, or just use -a

I remember thinking that pseudo would fix this up when I
was writing the code, but clearly that is not the case.

Bruce

>  
>      bbdebug 1 "OCI: umoci repack --image $image_name:${OCI_IMAGE_TAG} $image_bundle_name"
>      umoci repack --image $image_name:${OCI_IMAGE_TAG} $image_bundle_name
> -- 
> 2.43.0
> 

> 
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#9073): https://lists.yoctoproject.org/g/meta-virtualization/message/9073
> Mute This Topic: https://lists.yoctoproject.org/mt/110474242/1050810
> Group Owner: meta-virtualization+owner@lists.yoctoproject.org
> Unsubscribe: https://lists.yoctoproject.org/g/meta-virtualization/unsub [bruce.ashfield@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
> 

Re: [PATCH] image-oci-umoci: preserve file modes in rootfs

[Florian Wickert]

[-- Attachment #1: Type: text/plain, Size: 373 bytes --]

I initially tried to use cp -a but that gave permission errors and I decided to just
preserve the modes instead because that's what caused the problems in my case.
But I agree that something like cp -a would be even better.
Maybe even a hardlink would do the job, instead of copying all the files into the
rootfs directory, avoiding the problem altogether.

Florian

[-- Attachment #2: Type: text/html, Size: 449 bytes --]

Re: [meta-virtualization] [PATCH] image-oci-umoci: preserve file modes in rootfs

[Bruce Ashfield]

[-- Attachment #1: Type: text/plain, Size: 1618 bytes --]

On Wed, Jan 8, 2025 at 3:59 AM Florian Wickert via lists.yoctoproject.org
<FlorianWickert=gmail.com@lists.yoctoproject.org> wrote:

> I initially tried to use cp -a but that gave permission errors and I
> decided to just
> preserve the modes instead because that's what caused the problems in my
> case.
> But I agree that something like cp -a would be even better.
> Maybe even a hardlink would do the job, instead of copying all the files
> into the
> rootfs directory, avoiding the problem altogether.
>

Looking at the other IMAGE_CMDs in oe-core, it jumped out that it was
mainly the ownership / user IDs that were the issue. When something
like tar is used, --numeric-owner seems to avoid the issue.

We could switch to something like tar, or use rsync, but for now, I'm
trying a middle ground of sticking with cp, adding -a and using
--no-preserve=ownership.

That seems to work in my tests. I've joined our two commits, and
pushed them to master-next.

Bruce



>
> Florian
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#9078):
> https://lists.yoctoproject.org/g/meta-virtualization/message/9078
> Mute This Topic: https://lists.yoctoproject.org/mt/110474242/1050810
> Group Owner: meta-virtualization+owner@lists.yoctoproject.org
> Unsubscribe: https://lists.yoctoproject.org/g/meta-virtualization/unsub [
> bruce.ashfield@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
>

-- 
- Thou shalt not follow the NULL pointer, for chaos and madness await thee
at its end
- "Use the force Harry" - Gandalf, Star Trek II

[-- Attachment #2: Type: text/html, Size: 3581 bytes --]