[Buildroot] Some files to be copied to root file systems such as openvpn keys, conf

Buildroot Archive on lore.kernel.org
 help / color / mirror / Atom feed

* [Buildroot] Some files to be copied to root file systems such as openvpn keys, conf
@ 2014-06-10  9:23 cem akpolat
  2014-06-10  9:33 ` Jeremy Rosen
  2014-06-10  9:38 ` Samuel Martin
  0 siblings, 2 replies; 9+ messages in thread
From: cem akpolat @ 2014-06-10  9:23 UTC (permalink / raw)
  To: buildroot

Dear all,

I am attempting right now to copy some files through Root overlay to my
file system image, however, as some of them requires root permission I
cannot copy them to the related place. For instance, openvpn files such as
server.key, ta.keys, etc raise the following issue:

cp: cannot access
?/home/cem/buildroot/board/myboard/root-additions/etc/openvpn/easy-rsa/2.0/keys?:
Permission denied
cp: cannot access
?/home/cem/buildroot/board/myboard/root-additions/etc/openvpn/openvpn/easy-rsa/2.0/keys?:
Permission denied
cp: cannot open
?/home/cem/buildroot/board/myboard/root-additions/etc/openvpn/openvpn/server.conf?
for reading: Permission denied
cp: cannot open
?/home/cem/buildroot/board/myboard/root-additions/etc/openvpn/openvpn/server.key?
for reading: Permission denied
cp: cannot open
?/home/cem/buildroot/board/myboard/root-additions/etc/openvpn/openvpn/samples/client.conf?
for reading: Permission denied
cp: cannot open
?/home/cem/buildroot/board/myboard/root-additions/etc/openvpn/openvpn/ta.key?
for reading: Permission denied
cp: cannot open
?/home/cem/buildroot/board/myboard/root-additions/etc/openvpn/server.key?
for reading: Permission denied
cp: cannot open
?/home/cem/buildroot/board/myboard/root-additions/etc/openvpn/samples/client.conf?
for reading: Permission denied

The script that I have written in post-build.sh as below:

fakeroot cp -r $BOARD_DIR/root-additions/etc/openvpn $TARGET_DIR/etc/
fakeroot cp -r $BOARD_DIR/root-additions/etc/snmp $TARGET_DIR/etc/

Obviously, there is a permission issue, but I have no idea how to handle
it. it seems that sudo doesn't work, since buildroot uses fakeroot.

Thanks
Cem

Cem Akpolat
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.busybox.net/pipermail/buildroot/attachments/20140610/9a390d62/attachment.html>

^ permalink raw reply	[flat|nested] 9+ messages in thread

* [Buildroot] Some files to be copied to root file systems such as openvpn keys, conf
  2014-06-10  9:23 [Buildroot] Some files to be copied to root file systems such as openvpn keys, conf cem akpolat
@ 2014-06-10  9:33 ` Jeremy Rosen
  2014-06-10  9:48   ` Thomas Petazzoni
  2014-06-10  9:38 ` Samuel Martin
  1 sibling, 1 reply; 9+ messages in thread
From: Jeremy Rosen @ 2014-06-10  9:33 UTC (permalink / raw)
  To: buildroot


All file ownership are given to root in the fakeroot container,

the fakeroot container is applied after the overlay


So, (assuming I understant correctly what's going on) you don't neet to have these files owned by root in the overlay. Ownership will be changed while the final image is built
----- Mail original -----
> 
> 
> 
> Dear all,
> 
> 
> I am attempting right now to copy some files through Root overlay to
> my file system image, however, as some of them requires root
> permission I cannot copy them to the related place. For instance,
> openvpn files such as server.key, ta.keys, etc raise the following
> issue:
> 
> 
> 
> cp: cannot access
> ?/home/cem/buildroot/board/myboard/root-additions/etc/openvpn/easy-rsa/2.0/keys?:
> Permission denied
> cp: cannot access
> ?/home/cem/buildroot/board/myboard/root-additions/etc/openvpn/openvpn/easy-rsa/2.0/keys?:
> Permission denied
> cp: cannot open
> ?/home/cem/buildroot/board/myboard/root-additions/etc/openvpn/openvpn/server.conf?
> for reading: Permission denied
> cp: cannot open
> ?/home/cem/buildroot/board/myboard/root-additions/etc/openvpn/openvpn/server.key?
> for reading: Permission denied
> cp: cannot open
> ?/home/cem/buildroot/board/myboard/root-additions/etc/openvpn/openvpn/samples/client.conf?
> for reading: Permission denied
> cp: cannot open
> ?/home/cem/buildroot/board/myboard/root-additions/etc/openvpn/openvpn/ta.key?
> for reading: Permission denied
> cp: cannot open
> ?/home/cem/buildroot/board/myboard/root-additions/etc/openvpn/server.key?
> for reading: Permission denied
> cp: cannot open
> ?/home/cem/buildroot/board/myboard/root-additions/etc/openvpn/samples/client.conf?
> for reading: Permission denied
> 
> 
> The script that I have written in post-build.sh as below:
> 
> 
> 
> fakeroot cp -r $BOARD_DIR/root-additions/etc/openvpn $TARGET_DIR/etc/
> fakeroot cp -r $BOARD_DIR/root-additions/etc/snmp $TARGET_DIR/etc/
> 
> 
> 
> 
> Obviously, there is a permission issue, but I have no idea how to
> handle it. it seems that sudo doesn't work, since buildroot uses
> fakeroot.
> 
> 
> Thanks
> Cem
> 
> 
> 
> 
> 
> Cem Akpolat
> _______________________________________________
> buildroot mailing list
> buildroot at busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot

^ permalink raw reply	[flat|nested] 9+ messages in thread

* [Buildroot] Some files to be copied to root file systems such as openvpn keys, conf
  2014-06-10  9:33 ` Jeremy Rosen
@ 2014-06-10  9:48   ` Thomas Petazzoni
  0 siblings, 0 replies; 9+ messages in thread
From: Thomas Petazzoni @ 2014-06-10  9:48 UTC (permalink / raw)
  To: buildroot

Dear Jeremy Rosen,

On Tue, 10 Jun 2014 11:33:37 +0200 (CEST), Jeremy Rosen wrote:
> 
> All file ownership are given to root in the fakeroot container,
> 
> the fakeroot container is applied after the overlay
> 
> 
> So, (assuming I understant correctly what's going on) you don't neet to have these files owned by root in the overlay. Ownership will be changed while the final image is built

Could you please learn about the usual rules about replying on mailing
lists, and make sure to not top-post, and to use an e-mail that wraps
lines to a reasonable length.

As a hint, I would suggest to not use Zimbra as your e-mail client,
from what I've seen all the people using it can only send e-mails
improperly formatted.

Thanks,

Thomas
-- 
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux, Kernel and Android engineering
http://free-electrons.com

^ permalink raw reply	[flat|nested] 9+ messages in thread

* [Buildroot] Some files to be copied to root file systems such as openvpn keys, conf
  2014-06-10  9:23 [Buildroot] Some files to be copied to root file systems such as openvpn keys, conf cem akpolat
  2014-06-10  9:33 ` Jeremy Rosen
@ 2014-06-10  9:38 ` Samuel Martin
       [not found]   ` <CAMm5YqotyZ9y6c3vFXME+rh860RiB1X0RUFE=10k40yrzbM+fg@mail.gmail.com>
  1 sibling, 1 reply; 9+ messages in thread
From: Samuel Martin @ 2014-06-10  9:38 UTC (permalink / raw)
  To: buildroot

Hi Cem,

On Tue, Jun 10, 2014 at 11:23 AM, cem akpolat <akpolatcem@gmail.com> wrote:
> Dear all,
>
> I am attempting right now to copy some files through Root overlay to my file
> system image, however, as some of them requires root permission I cannot
> copy them to the related place. For instance, openvpn files such as
> server.key, ta.keys, etc raise the following issue:
>
> cp: cannot access
> '/home/cem/buildroot/board/myboard/root-additions/etc/openvpn/easy-rsa/2.0/keys':
> Permission denied
> cp: cannot access
> '/home/cem/buildroot/board/myboard/root-additions/etc/openvpn/openvpn/easy-rsa/2.0/keys':
> Permission denied
> cp: cannot open
> '/home/cem/buildroot/board/myboard/root-additions/etc/openvpn/openvpn/server.conf'
> for reading: Permission denied
> cp: cannot open
> '/home/cem/buildroot/board/myboard/root-additions/etc/openvpn/openvpn/server.key'
> for reading: Permission denied
> cp: cannot open
> '/home/cem/buildroot/board/myboard/root-additions/etc/openvpn/openvpn/samples/client.conf'
> for reading: Permission denied
> cp: cannot open
> '/home/cem/buildroot/board/myboard/root-additions/etc/openvpn/openvpn/ta.key'
> for reading: Permission denied
> cp: cannot open
> '/home/cem/buildroot/board/myboard/root-additions/etc/openvpn/server.key'
> for reading: Permission denied
> cp: cannot open
> '/home/cem/buildroot/board/myboard/root-additions/etc/openvpn/samples/client.conf'
> for reading: Permission denied
>
> The script that I have written in post-build.sh as below:
>
> fakeroot cp -r $BOARD_DIR/root-additions/etc/openvpn $TARGET_DIR/etc/
> fakeroot cp -r $BOARD_DIR/root-additions/etc/snmp $TARGET_DIR/etc/

Here is how I would handle such a use-case:
1- make sure the source files can be accessed (i.e. you can read
everything in $BOARD_DIR/root-additions/etc/{openvpn,snmp})
2- create dummy package containing the install rules of these files
(you can also move these files under this package directory)
3- use the _PERMISSION infra, as explained at [1].

(I have not tested this myself)

Hope this help.
Regards,


[1] http://nightly.buildroot.org/manual.html#_the_literal_mk_literal_file

-- 
Samuel

^ permalink raw reply	[flat|nested] 9+ messages in thread

[parent not found: <CAMm5YqotyZ9y6c3vFXME+rh860RiB1X0RUFE=10k40yrzbM+fg@mail.gmail.com>]

* [Buildroot] Some files to be copied to root file systems such as openvpn keys, conf
       [not found]   ` <CAMm5YqotyZ9y6c3vFXME+rh860RiB1X0RUFE=10k40yrzbM+fg@mail.gmail.com>
@ 2014-06-10  9:53     ` cem akpolat
  2014-06-10 10:06       ` Samuel Martin
  2014-06-10 10:21       ` Thomas Petazzoni
  0 siblings, 2 replies; 9+ messages in thread
From: cem akpolat @ 2014-06-10  9:53 UTC (permalink / raw)
  To: buildroot

Hi Samuel,

The way that you explained is quite logical, however, I want to ask at that
point what is the main reason behind the creation of the "Root Overlay",
because for all packages and files , it is clearly seen that your defined
method will work. for instance I can easily create a package called
"toBeInstalledToRootFs" and then put all of them under this folder along
with an appropriate Makefile.

Best Regards,
Cem
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.busybox.net/pipermail/buildroot/attachments/20140610/5d04bd5e/attachment.html>

^ permalink raw reply	[flat|nested] 9+ messages in thread

* [Buildroot] Some files to be copied to root file systems such as openvpn keys, conf
  2014-06-10  9:53     ` cem akpolat
@ 2014-06-10 10:06       ` Samuel Martin
  2014-06-10 10:23         ` Thomas Petazzoni
  2014-06-10 10:21       ` Thomas Petazzoni
  1 sibling, 1 reply; 9+ messages in thread
From: Samuel Martin @ 2014-06-10 10:06 UTC (permalink / raw)
  To: buildroot

Cem, all,

On Tue, Jun 10, 2014 at 11:53 AM, cem akpolat <akpolatcem@gmail.com> wrote:
> Hi Samuel,
>
> The way that you explained is quite logical, however, I want to ask at that
> point what is the main reason behind the creation of the "Root Overlay",
> because for all packages and files , it is clearly seen that your defined
> method will work. for instance I can easily create a package called
> "toBeInstalledToRootFs" and then put all of them under this folder along
> with an appropriate Makefile.

Unfortunately, you hit a limitation of the "Root Overlay": files are
copied, but permissions are not set.

AFAIK, there is no way to set permissions on files outside a package's
*.mk files :-(
However, a package can set permission on any target files, even on
files provided by another package.

Regards,

-- 
Samuel

^ permalink raw reply	[flat|nested] 9+ messages in thread

* [Buildroot] Some files to be copied to root file systems such as openvpn keys, conf
  2014-06-10 10:06       ` Samuel Martin
@ 2014-06-10 10:23         ` Thomas Petazzoni
  2014-06-10 11:34           ` Samuel Martin
  0 siblings, 1 reply; 9+ messages in thread
From: Thomas Petazzoni @ 2014-06-10 10:23 UTC (permalink / raw)
  To: buildroot

Dear Samuel Martin,

On Tue, 10 Jun 2014 12:06:44 +0200, Samuel Martin wrote:

> AFAIK, there is no way to set permissions on files outside a package's
> *.mk files :-(

Huh? I guess you should have a look at the BR2_ROOTFS_DEVICE_TABLE
option then. It is precisely meant to allow that: set file permissions.

I know the name of the option is not really appropriate (we kept it as
is for backward compatibility reasons), but the prompt and description
are pretty clear:

config BR2_ROOTFS_DEVICE_TABLE
        string "Path to the permission tables"
        default "system/device_table.txt"
        help
          Specify a space-separated list of permission table locations,
          that will be passed to the makedevs utility to assign
          correct owners and permissions on various files in the
          target filesystem.

          See package/makedevs/README for details on the usage and
          syntax of these files.

Best regards,

Thomas
-- 
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux, Kernel and Android engineering
http://free-electrons.com

^ permalink raw reply	[flat|nested] 9+ messages in thread

* [Buildroot] Some files to be copied to root file systems such as openvpn keys, conf
  2014-06-10 10:23         ` Thomas Petazzoni
@ 2014-06-10 11:34           ` Samuel Martin
  0 siblings, 0 replies; 9+ messages in thread
From: Samuel Martin @ 2014-06-10 11:34 UTC (permalink / raw)
  To: buildroot

On Tue, Jun 10, 2014 at 12:23 PM, Thomas Petazzoni
<thomas.petazzoni@free-electrons.com> wrote:
> Dear Samuel Martin,
>
> On Tue, 10 Jun 2014 12:06:44 +0200, Samuel Martin wrote:
>
>> AFAIK, there is no way to set permissions on files outside a package's
>> *.mk files :-(
>
> Huh? I guess you should have a look at the BR2_ROOTFS_DEVICE_TABLE
> option then. It is precisely meant to allow that: set file permissions.

Arf! I forgot about this one ;-)

-- 
Samuel

^ permalink raw reply	[flat|nested] 9+ messages in thread

* [Buildroot] Some files to be copied to root file systems such as openvpn keys, conf
  2014-06-10  9:53     ` cem akpolat
  2014-06-10 10:06       ` Samuel Martin
@ 2014-06-10 10:21       ` Thomas Petazzoni
  1 sibling, 0 replies; 9+ messages in thread
From: Thomas Petazzoni @ 2014-06-10 10:21 UTC (permalink / raw)
  To: buildroot

Hello,

On Tue, 10 Jun 2014 11:53:36 +0200, cem akpolat wrote:

> The way that you explained is quite logical, however, I want to ask at that
> point what is the main reason behind the creation of the "Root Overlay",
> because for all packages and files , it is clearly seen that your defined
> method will work. for instance I can easily create a package called
> "toBeInstalledToRootFs" and then put all of them under this folder along
> with an appropriate Makefile.

The reason for having the "rootfs overlay" feature was simply to
factorize what a lot of people were doing in their post-build script:
copy a entire overlay of files to $(TARGET_DIR). Just like the
post-build script, it may not address *all* use-cases, but it certainly
address a good number of use cases.

I believe you can continue to use the rootfs overlay mechanism to copy
your files, and set use a custom permission table to adjust their
permission when the root filesystem image is created. It's probably
better than creating a complete package just for your files.

Thanks,

Thomas
-- 
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux, Kernel and Android engineering
http://free-electrons.com

^ permalink raw reply	[flat|nested] 9+ messages in thread

end of thread, other threads:[~2014-06-10 11:34 UTC | newest]

Thread overview: 9+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-06-10  9:23 [Buildroot] Some files to be copied to root file systems such as openvpn keys, conf cem akpolat
2014-06-10  9:33 ` Jeremy Rosen
2014-06-10  9:48   ` Thomas Petazzoni
2014-06-10  9:38 ` Samuel Martin
     [not found]   ` <CAMm5YqotyZ9y6c3vFXME+rh860RiB1X0RUFE=10k40yrzbM+fg@mail.gmail.com>
2014-06-10  9:53     ` cem akpolat
2014-06-10 10:06       ` Samuel Martin
2014-06-10 10:23         ` Thomas Petazzoni
2014-06-10 11:34           ` Samuel Martin
2014-06-10 10:21       ` Thomas Petazzoni

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox