[Buildroot] Some files to be copied to root file systems such as openvpn keys, conf

[Buildroot] Some files to be copied to root file systems such as openvpn keys, conf

[cem akpolat]

Dear all,

I am attempting right now to copy some files through Root overlay to my
file system image, however, as some of them requires root permission I
cannot copy them to the related place. For instance, openvpn files such as
server.key, ta.keys, etc raise the following issue:

cp: cannot access
?/home/cem/buildroot/board/myboard/root-additions/etc/openvpn/easy-rsa/2.0/keys?:
Permission denied
cp: cannot access
?/home/cem/buildroot/board/myboard/root-additions/etc/openvpn/openvpn/easy-rsa/2.0/keys?:
Permission denied
cp: cannot open
?/home/cem/buildroot/board/myboard/root-additions/etc/openvpn/openvpn/server.conf?
for reading: Permission denied
cp: cannot open
?/home/cem/buildroot/board/myboard/root-additions/etc/openvpn/openvpn/server.key?
for reading: Permission denied
cp: cannot open
?/home/cem/buildroot/board/myboard/root-additions/etc/openvpn/openvpn/samples/client.conf?
for reading: Permission denied
cp: cannot open
?/home/cem/buildroot/board/myboard/root-additions/etc/openvpn/openvpn/ta.key?
for reading: Permission denied
cp: cannot open
?/home/cem/buildroot/board/myboard/root-additions/etc/openvpn/server.key?
for reading: Permission denied
cp: cannot open
?/home/cem/buildroot/board/myboard/root-additions/etc/openvpn/samples/client.conf?
for reading: Permission denied

The script that I have written in post-build.sh as below:

fakeroot cp -r $BOARD_DIR/root-additions/etc/openvpn $TARGET_DIR/etc/
fakeroot cp -r $BOARD_DIR/root-additions/etc/snmp $TARGET_DIR/etc/


Obviously, there is a permission issue, but I have no idea how to handle
it. it seems that sudo doesn't work, since buildroot uses fakeroot.

Thanks
Cem



Cem Akpolat
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.busybox.net/pipermail/buildroot/attachments/20140610/9a390d62/attachment.html>

[Buildroot] Some files to be copied to root file systems such as openvpn keys, conf

[Jeremy Rosen]

All file ownership are given to root in the fakeroot container,

the fakeroot container is applied after the overlay


So, (assuming I understant correctly what's going on) you don't neet to have these files owned by root in the overlay. Ownership will be changed while the final image is built
----- Mail original -----
> 
> 
> 
> Dear all,
> 
> 
> I am attempting right now to copy some files through Root overlay to
> my file system image, however, as some of them requires root
> permission I cannot copy them to the related place. For instance,
> openvpn files such as server.key, ta.keys, etc raise the following
> issue:
> 
> 
> 
> cp: cannot access
> ?/home/cem/buildroot/board/myboard/root-additions/etc/openvpn/easy-rsa/2.0/keys?:
> Permission denied
> cp: cannot access
> ?/home/cem/buildroot/board/myboard/root-additions/etc/openvpn/openvpn/easy-rsa/2.0/keys?:
> Permission denied
> cp: cannot open
> ?/home/cem/buildroot/board/myboard/root-additions/etc/openvpn/openvpn/server.conf?
> for reading: Permission denied
> cp: cannot open
> ?/home/cem/buildroot/board/myboard/root-additions/etc/openvpn/openvpn/server.key?
> for reading: Permission denied
> cp: cannot open
> ?/home/cem/buildroot/board/myboard/root-additions/etc/openvpn/openvpn/samples/client.conf?
> for reading: Permission denied
> cp: cannot open
> ?/home/cem/buildroot/board/myboard/root-additions/etc/openvpn/openvpn/ta.key?
> for reading: Permission denied
> cp: cannot open
> ?/home/cem/buildroot/board/myboard/root-additions/etc/openvpn/server.key?
> for reading: Permission denied
> cp: cannot open
> ?/home/cem/buildroot/board/myboard/root-additions/etc/openvpn/samples/client.conf?
> for reading: Permission denied
> 
> 
> The script that I have written in post-build.sh as below:
> 
> 
> 
> fakeroot cp -r $BOARD_DIR/root-additions/etc/openvpn $TARGET_DIR/etc/
> fakeroot cp -r $BOARD_DIR/root-additions/etc/snmp $TARGET_DIR/etc/
> 
> 
> 
> 
> Obviously, there is a permission issue, but I have no idea how to
> handle it. it seems that sudo doesn't work, since buildroot uses
> fakeroot.
> 
> 
> Thanks
> Cem
> 
> 
> 
> 
> 
> Cem Akpolat
> _______________________________________________
> buildroot mailing list
> buildroot at busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot

[Buildroot] Some files to be copied to root file systems such as openvpn keys, conf

[Samuel Martin]

Hi Cem,

On Tue, Jun 10, 2014 at 11:23 AM, cem akpolat <akpolatcem@gmail.com> wrote:
> Dear all,
>
> I am attempting right now to copy some files through Root overlay to my file
> system image, however, as some of them requires root permission I cannot
> copy them to the related place. For instance, openvpn files such as
> server.key, ta.keys, etc raise the following issue:
>
> cp: cannot access
> '/home/cem/buildroot/board/myboard/root-additions/etc/openvpn/easy-rsa/2.0/keys':
> Permission denied
> cp: cannot access
> '/home/cem/buildroot/board/myboard/root-additions/etc/openvpn/openvpn/easy-rsa/2.0/keys':
> Permission denied
> cp: cannot open
> '/home/cem/buildroot/board/myboard/root-additions/etc/openvpn/openvpn/server.conf'
> for reading: Permission denied
> cp: cannot open
> '/home/cem/buildroot/board/myboard/root-additions/etc/openvpn/openvpn/server.key'
> for reading: Permission denied
> cp: cannot open
> '/home/cem/buildroot/board/myboard/root-additions/etc/openvpn/openvpn/samples/client.conf'
> for reading: Permission denied
> cp: cannot open
> '/home/cem/buildroot/board/myboard/root-additions/etc/openvpn/openvpn/ta.key'
> for reading: Permission denied
> cp: cannot open
> '/home/cem/buildroot/board/myboard/root-additions/etc/openvpn/server.key'
> for reading: Permission denied
> cp: cannot open
> '/home/cem/buildroot/board/myboard/root-additions/etc/openvpn/samples/client.conf'
> for reading: Permission denied
>
> The script that I have written in post-build.sh as below:
>
> fakeroot cp -r $BOARD_DIR/root-additions/etc/openvpn $TARGET_DIR/etc/
> fakeroot cp -r $BOARD_DIR/root-additions/etc/snmp $TARGET_DIR/etc/

Here is how I would handle such a use-case:
1- make sure the source files can be accessed (i.e. you can read
everything in $BOARD_DIR/root-additions/etc/{openvpn,snmp})
2- create dummy package containing the install rules of these files
(you can also move these files under this package directory)
3- use the _PERMISSION infra, as explained at [1].

(I have not tested this myself)

Hope this help.
Regards,


[1] http://nightly.buildroot.org/manual.html#_the_literal_mk_literal_file

-- 
Samuel

[Buildroot] Some files to be copied to root file systems such as openvpn keys, conf

[Thomas Petazzoni]

Dear Jeremy Rosen,

On Tue, 10 Jun 2014 11:33:37 +0200 (CEST), Jeremy Rosen wrote:
> 
> All file ownership are given to root in the fakeroot container,
> 
> the fakeroot container is applied after the overlay
> 
> 
> So, (assuming I understant correctly what's going on) you don't neet to have these files owned by root in the overlay. Ownership will be changed while the final image is built

Could you please learn about the usual rules about replying on mailing
lists, and make sure to not top-post, and to use an e-mail that wraps
lines to a reasonable length.

As a hint, I would suggest to not use Zimbra as your e-mail client,
from what I've seen all the people using it can only send e-mails
improperly formatted.

Thanks,

Thomas
-- 
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux, Kernel and Android engineering
http://free-electrons.com

[Buildroot] Some files to be copied to root file systems such as openvpn keys, conf

[cem akpolat]

Hi Samuel,

The way that you explained is quite logical, however, I want to ask at that
point what is the main reason behind the creation of the "Root Overlay",
because for all packages and files , it is clearly seen that your defined
method will work. for instance I can easily create a package called
"toBeInstalledToRootFs" and then put all of them under this folder along
with an appropriate Makefile.

Best Regards,
Cem
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.busybox.net/pipermail/buildroot/attachments/20140610/5d04bd5e/attachment.html>

[Buildroot] Some files to be copied to root file systems such as openvpn keys, conf

[Samuel Martin]

Cem, all,

On Tue, Jun 10, 2014 at 11:53 AM, cem akpolat <akpolatcem@gmail.com> wrote:
> Hi Samuel,
>
> The way that you explained is quite logical, however, I want to ask at that
> point what is the main reason behind the creation of the "Root Overlay",
> because for all packages and files , it is clearly seen that your defined
> method will work. for instance I can easily create a package called
> "toBeInstalledToRootFs" and then put all of them under this folder along
> with an appropriate Makefile.

Unfortunately, you hit a limitation of the "Root Overlay": files are
copied, but permissions are not set.

AFAIK, there is no way to set permissions on files outside a package's
*.mk files :-(
However, a package can set permission on any target files, even on
files provided by another package.

Regards,

-- 
Samuel

[Buildroot] Some files to be copied to root file systems such as openvpn keys, conf

[Thomas Petazzoni]

Hello,

On Tue, 10 Jun 2014 11:53:36 +0200, cem akpolat wrote:

> The way that you explained is quite logical, however, I want to ask at that
> point what is the main reason behind the creation of the "Root Overlay",
> because for all packages and files , it is clearly seen that your defined
> method will work. for instance I can easily create a package called
> "toBeInstalledToRootFs" and then put all of them under this folder along
> with an appropriate Makefile.

The reason for having the "rootfs overlay" feature was simply to
factorize what a lot of people were doing in their post-build script:
copy a entire overlay of files to $(TARGET_DIR). Just like the
post-build script, it may not address *all* use-cases, but it certainly
address a good number of use cases.

I believe you can continue to use the rootfs overlay mechanism to copy
your files, and set use a custom permission table to adjust their
permission when the root filesystem image is created. It's probably
better than creating a complete package just for your files.

Thanks,

Thomas
-- 
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux, Kernel and Android engineering
http://free-electrons.com

[Buildroot] Some files to be copied to root file systems such as openvpn keys, conf

[Thomas Petazzoni]

Dear Samuel Martin,

On Tue, 10 Jun 2014 12:06:44 +0200, Samuel Martin wrote:

> AFAIK, there is no way to set permissions on files outside a package's
> *.mk files :-(

Huh? I guess you should have a look at the BR2_ROOTFS_DEVICE_TABLE
option then. It is precisely meant to allow that: set file permissions.

I know the name of the option is not really appropriate (we kept it as
is for backward compatibility reasons), but the prompt and description
are pretty clear:

config BR2_ROOTFS_DEVICE_TABLE
        string "Path to the permission tables"
        default "system/device_table.txt"
        help
          Specify a space-separated list of permission table locations,
          that will be passed to the makedevs utility to assign
          correct owners and permissions on various files in the
          target filesystem.

          See package/makedevs/README for details on the usage and
          syntax of these files.

Best regards,

Thomas
-- 
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux, Kernel and Android engineering
http://free-electrons.com

[Buildroot] Some files to be copied to root file systems such as openvpn keys, conf

[Samuel Martin]

On Tue, Jun 10, 2014 at 12:23 PM, Thomas Petazzoni
<thomas.petazzoni@free-electrons.com> wrote:
> Dear Samuel Martin,
>
> On Tue, 10 Jun 2014 12:06:44 +0200, Samuel Martin wrote:
>
>> AFAIK, there is no way to set permissions on files outside a package's
>> *.mk files :-(
>
> Huh? I guess you should have a look at the BR2_ROOTFS_DEVICE_TABLE
> option then. It is precisely meant to allow that: set file permissions.

Arf! I forgot about this one ;-)

-- 
Samuel