* [Buildroot] [v2] package/quagga: Fix directories and permissions
@ 2016-05-12 7:17 Nathaniel Roach
2016-05-12 7:17 ` [Buildroot] package/audit: Remove redundant mkdir Nathaniel Roach
2016-05-12 13:27 ` [Buildroot] [v2] package/quagga: Fix directories and permissions Thomas Petazzoni
0 siblings, 2 replies; 4+ messages in thread
From: Nathaniel Roach @ 2016-05-12 7:17 UTC (permalink / raw)
To: buildroot
Quagga runs as the "quagga" user, but it also needs to modify files
in /etc and /var - config files, pid files and vty sockets for vtysh.
Tell the configure script the right folders to use, create the
user, fix the permissions, and then let systemd know (if needed).
Signed-off-by: Nathaniel Roach <nroach44@gmail.com>
---
Changes v1 -> v2:
- Minor nits (Thomas)
- Add some comments about why permissions are changed as such
Signed-off-by: Nathaniel Roach <nroach44@gmail.com>
---
package/quagga/quagga.mk | 29 ++++++++++++++++++++++++++++-
package/quagga/quagga_tmpfiles.conf | 2 ++
2 files changed, 30 insertions(+), 1 deletion(-)
create mode 100644 package/quagga/quagga_tmpfiles.conf
diff --git a/package/quagga/quagga.mk b/package/quagga/quagga.mk
index 6b98367..312a7db 100644
--- a/package/quagga/quagga.mk
+++ b/package/quagga/quagga.mk
@@ -10,7 +10,14 @@ QUAGGA_SITE = http://download.savannah.gnu.org/releases/quagga
QUAGGA_DEPENDENCIES = host-gawk
QUAGGA_LICENSE = GPLv2+
QUAGGA_LICENSE_FILES = COPYING
-QUAGGA_CONF_OPTS = --program-transform-name=''
+
+# We need to override these directories so that quagga can create
+# files as the quagga user without extra intervention
+QUAGGA_CONF_OPTS = \
+ --program-transform-name='' \
+ --sysconfdir=/etc/quagga \
+ --localstatedir=/var/run/quagga
+
# 0002-configure-fix-static-linking-with-readline.patch
QUAGGA_AUTORECONF = YES
@@ -33,6 +40,21 @@ QUAGGA_CONF_OPTS += $(if $(BR2_PACKAGE_QUAGGA_ISISD),--enable-isisd,--disable-is
QUAGGA_CONF_OPTS += $(if $(BR2_PACKAGE_QUAGGA_BGP_ANNOUNCE),--enable-bgp-announce,--disable-bgp-announce)
QUAGGA_CONF_OPTS += $(if $(BR2_PACKAGE_QUAGGA_TCP_ZERBRA),--enable-tcp-zebra,--disable-tcp-zebra)
+define QUAGGA_USERS
+ quagga -1 quagga -1 * - - - Quagga priv drop user
+endef
+
+# Set the permissions of /etc/quagga such that quagga (through vtysh) can
+# save the configuration - set the folder recursively as the files need to
+# be 600, and then set the folder (non-recursively) to 755 so it can used.
+# Quagga also needs to write to the folder as it moves and creates, rather
+# than overwriting.
+define QUAGGA_PERMISSIONS
+ /etc/quagga r 600 quagga quagga - - - - -
+ /etc/quagga d 755 quagga quagga - - - - -
+ /var/run/quagga d 755 quagga quagga - - - - -
+endef
+
ifeq ($(BR2_PACKAGE_QUAGGA_SNMP),y)
QUAGGA_CONF_ENV += ac_cv_path_NETSNMP_CONFIG=$(STAGING_DIR)/usr/bin/net-snmp-config
QUAGGA_CONF_OPTS += --enable-snmp=agentx
@@ -50,4 +72,9 @@ ifeq ($(BR2_arc),y)
QUAGGA_CONF_OPTS += --disable-pie
endif
+define QUAGGA_INSTALL_INIT_SYSTEMD
+ $(INSTALL) -D -m 644 package/quagga/quagga_tmpfiles.conf \
+ $(TARGET_DIR)/usr/lib/tmpfiles.d/quagga.conf
+endef
+
$(eval $(autotools-package))
diff --git a/package/quagga/quagga_tmpfiles.conf b/package/quagga/quagga_tmpfiles.conf
new file mode 100644
index 0000000..ad82cc6
--- /dev/null
+++ b/package/quagga/quagga_tmpfiles.conf
@@ -0,0 +1,2 @@
+d /var/run/quagga/ 1755 quagga quagga -
+
--
2.8.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [Buildroot] package/audit: Remove redundant mkdir
2016-05-12 7:17 [Buildroot] [v2] package/quagga: Fix directories and permissions Nathaniel Roach
@ 2016-05-12 7:17 ` Nathaniel Roach
2016-05-12 11:27 ` Peter Korsgaard
2016-05-12 13:27 ` [Buildroot] [v2] package/quagga: Fix directories and permissions Thomas Petazzoni
1 sibling, 1 reply; 4+ messages in thread
From: Nathaniel Roach @ 2016-05-12 7:17 UTC (permalink / raw)
To: buildroot
install -D creates the folder, so we don't need the mkdir command
Signed-off-by: Nathaniel Roach <nroach44@gmail.com>
---
package/audit/audit.mk | 1 -
1 file changed, 1 deletion(-)
diff --git a/package/audit/audit.mk b/package/audit/audit.mk
index 329f8c5..1fbc623 100644
--- a/package/audit/audit.mk
+++ b/package/audit/audit.mk
@@ -46,7 +46,6 @@ define AUDIT_INSTALL_INIT_SYSTEMD
ln -fs ../../../../usr/lib/systemd/system/auditd.service \
$(TARGET_DIR)/etc/systemd/system/multi-user.target.wants/auditd.service
- mkdir -p $(TARGET_DIR)/usr/lib/tmpfiles.d
$(INSTALL) -D -m 644 package/audit/audit_tmpfiles.conf \
$(TARGET_DIR)/usr/lib/tmpfiles.d/audit.conf
endef
--
2.8.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [Buildroot] package/audit: Remove redundant mkdir
2016-05-12 7:17 ` [Buildroot] package/audit: Remove redundant mkdir Nathaniel Roach
@ 2016-05-12 11:27 ` Peter Korsgaard
0 siblings, 0 replies; 4+ messages in thread
From: Peter Korsgaard @ 2016-05-12 11:27 UTC (permalink / raw)
To: buildroot
>>>>> "Nathaniel" == Nathaniel Roach <nroach44@gmail.com> writes:
> install -D creates the folder, so we don't need the mkdir command
> Signed-off-by: Nathaniel Roach <nroach44@gmail.com>
Committed to next, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Buildroot] [v2] package/quagga: Fix directories and permissions
2016-05-12 7:17 [Buildroot] [v2] package/quagga: Fix directories and permissions Nathaniel Roach
2016-05-12 7:17 ` [Buildroot] package/audit: Remove redundant mkdir Nathaniel Roach
@ 2016-05-12 13:27 ` Thomas Petazzoni
1 sibling, 0 replies; 4+ messages in thread
From: Thomas Petazzoni @ 2016-05-12 13:27 UTC (permalink / raw)
To: buildroot
Hello,
On Thu, 12 May 2016 15:17:19 +0800, Nathaniel Roach wrote:
> Quagga runs as the "quagga" user, but it also needs to modify files
> in /etc and /var - config files, pid files and vty sockets for vtysh.
>
> Tell the configure script the right folders to use, create the
> user, fix the permissions, and then let systemd know (if needed).
>
> Signed-off-by: Nathaniel Roach <nroach44@gmail.com>
Thanks for this new iteration. However, there's one thing that I missed
in my review of the previous iteration.
> +define QUAGGA_PERMISSIONS
> + /etc/quagga r 600 quagga quagga - - - - -
> + /etc/quagga d 755 quagga quagga - - - - -
> + /var/run/quagga d 755 quagga quagga - - - - -
> +endef
I think setting permissions on /var/run/quagga here is useless.
Indeed, /var/run is a symbolic link to /run, which is mounted at boot
time as a tmpfs filesystem. I.e, the permissions set in
<pkg>_PERMISSIONS (which affect the generated filesystem image) have no
affect to the contents of /run.
Thanks to your tmpfiles.d thing, you probably haven't seen this if
you're using systemd. But if you try to use the Busybox init, it won't
work. Only an init script can adjust the permissions in /run.
So I believe this line should be removed.
BTW, what about adding a systemd service file and an init script for
Quagga? Of course, I'm fine if it's done as part of a separate change,
submitted later.
> diff --git a/package/quagga/quagga_tmpfiles.conf b/package/quagga/quagga_tmpfiles.conf
> new file mode 100644
> index 0000000..ad82cc6
> --- /dev/null
> +++ b/package/quagga/quagga_tmpfiles.conf
> @@ -0,0 +1,2 @@
> +d /var/run/quagga/ 1755 quagga quagga -
> +
While you're at it, remove this extra empty line at the end of the
file, I don't think it is needed.
Thanks!
Thomas
--
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux, Kernel and Android engineering
http://free-electrons.com
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2016-05-12 13:27 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-05-12 7:17 [Buildroot] [v2] package/quagga: Fix directories and permissions Nathaniel Roach
2016-05-12 7:17 ` [Buildroot] package/audit: Remove redundant mkdir Nathaniel Roach
2016-05-12 11:27 ` Peter Korsgaard
2016-05-12 13:27 ` [Buildroot] [v2] package/quagga: Fix directories and permissions Thomas Petazzoni
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox