[Buildroot] [PATCH 1/5] dash: bump to version 0.5.8-1

[Buildroot] [PATCH 1/5] dash: bump to version 0.5.8-1

[Gustavo Zacarias]

Add hash file, make the /bin/sh -> dash symlink and build after busybox and
use $(INSTALL) instead of cp for proper mode handling.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
---
 ...r-helpers.patch => dash-0001-no-config.h-for-helpers.patch} |  0
 package/dash/dash.hash                                         |  3 +++
 package/dash/dash.mk                                           | 10 +++++++---
 3 files changed, 10 insertions(+), 3 deletions(-)
 rename package/dash/{dash-0.5.7-no-config.h-for-helpers.patch => dash-0001-no-config.h-for-helpers.patch} (100%)
 create mode 100644 package/dash/dash.hash

diff --git a/package/dash/dash-0.5.7-no-config.h-for-helpers.patch b/package/dash/dash-0001-no-config.h-for-helpers.patch
similarity index 100%
rename from package/dash/dash-0.5.7-no-config.h-for-helpers.patch
rename to package/dash/dash-0001-no-config.h-for-helpers.patch
diff --git a/package/dash/dash.hash b/package/dash/dash.hash
new file mode 100644
index 0000000..0198cd8
--- /dev/null
+++ b/package/dash/dash.hash
@@ -0,0 +1,3 @@
+# From http://ftp.debian.org/debian/pool/main/d/dash/dash_0.5.8-1.dsc
+sha256	c6db3a237747b02d20382a761397563d813b306c020ae28ce25a1c3915fac60f	dash_0.5.8.orig.tar.gz
+sha256	d751769cc1ef8b825a177e782f1cd3e35bde7c268107fa4febf8d235e12c64d9	dash_0.5.8-1.diff.gz
diff --git a/package/dash/dash.mk b/package/dash/dash.mk
index 5bc0835..cc71337 100644
--- a/package/dash/dash.mk
+++ b/package/dash/dash.mk
@@ -4,15 +4,19 @@
 #
 ################################################################################
 
-DASH_VERSION = 0.5.7
+DASH_VERSION = 0.5.8
 DASH_SOURCE = dash_$(DASH_VERSION).orig.tar.gz
 DASH_SITE = $(BR2_DEBIAN_MIRROR)/debian/pool/main/d/dash
-DASH_PATCH = dash_$(DASH_VERSION)-3.diff.gz
+DASH_PATCH = dash_$(DASH_VERSION)-1.diff.gz
+# Build after since dash is better than busybox shells
+DASH_DEPENDENCIES = $(if $(BR2_PACKAGE_BUSYBOX),busybox)
 DASH_LICENSE = BSD-3c, GPLv2+ (mksignames.c)
 DASH_LICENSE_FILES = COPYING
 
+# Make /bin/sh -> dash (no other shell, better than busybox shells)
 define DASH_INSTALL_TARGET_CMDS
-	cp -a $(@D)/src/dash $(TARGET_DIR)/bin/dash
+	$(INSTALL) -m 0755 $(@D)/src/dash $(TARGET_DIR)/bin/dash
+	ln -sf dash $(TARGET_DIR)/bin/sh
 endef
 
 $(eval $(autotools-package))
-- 
2.0.4

[Buildroot] [PATCH 2/5] zsh: security bump to version 5.0.7

[Gustavo Zacarias]

Fixes shellshock-alike exploits.
Add /bin/sh -> zsh symlink, install binary to /bin as all shells should
be, add hash file and build after busybox.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
---
 package/zsh/Config.in |  2 +-
 package/zsh/zsh.hash  |  2 ++
 package/zsh/zsh.mk    | 17 ++++++++++++++---
 3 files changed, 17 insertions(+), 4 deletions(-)
 create mode 100644 package/zsh/zsh.hash

diff --git a/package/zsh/Config.in b/package/zsh/Config.in
index 6853249..261df42 100644
--- a/package/zsh/Config.in
+++ b/package/zsh/Config.in
@@ -8,4 +8,4 @@ config BR2_PACKAGE_ZSH
 	  ksh, and tcsh were incorporated into zsh; many original features
 	  were added.
 
-	  http://zsh.sourceforge.net/
+	  http://www.zsh.org/
diff --git a/package/zsh/zsh.hash b/package/zsh/zsh.hash
new file mode 100644
index 0000000..358033f
--- /dev/null
+++ b/package/zsh/zsh.hash
@@ -0,0 +1,2 @@
+# From http://www.zsh.org/pub/MD5SUM
+md5	76726ff50309e628de670476e0508b3a	zsh-5.0.7.tar.gz
diff --git a/package/zsh/zsh.mk b/package/zsh/zsh.mk
index f4daeeb..87c24af 100644
--- a/package/zsh/zsh.mk
+++ b/package/zsh/zsh.mk
@@ -4,10 +4,21 @@
 #
 ################################################################################
 
-ZSH_VERSION = 5.0.6
-ZSH_SITE = http://downloads.sourceforge.net/project/zsh/zsh/$(ZSH_VERSION)
+ZSH_VERSION = 5.0.7
+ZSH_SITE = http://www.zsh.org/pub
+# Build after since zsh is better than busybox shells
+ZSH_DEPENDENCIES = $(if $(BR2_PACKAGE_BUSYBOX),busybox) \
+	ncurses
+ZSH_CONF_OPTS = --bindir=/bin
 ZSH_LICENSE = MIT-like
 ZSH_LICENSE_FILES = LICENCE
-ZSH_DEPENDENCIES = ncurses
+
+# Make /bin/sh -> zsh (no other shell, better than busybox shells)
+# Remove versioned zsh-x.y.z binary taking up space
+define ZSH_TARGET_INSTALL_FIXUPS
+	ln -sf zsh $(TARGET_DIR)/bin/sh
+	rm -f $(TARGET_DIR)/bin/zsh-$(ZSH_VERSION)
+endef
+ZSH_POST_INSTALL_TARGET_HOOKS += ZSH_TARGET_INSTALL_FIXUPS
 
 $(eval $(autotools-package))
-- 
2.0.4

[Buildroot] [PATCH 3/5] bash: minor install tweaks

[Gustavo Zacarias]

Remove the old symlink backup since we don't do uninstalls now.
Make the busybox dependency conditional shorter.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
---
 package/bash/bash.mk | 14 ++++----------
 1 file changed, 4 insertions(+), 10 deletions(-)

diff --git a/package/bash/bash.mk b/package/bash/bash.mk
index acd64f1..6510af5 100644
--- a/package/bash/bash.mk
+++ b/package/bash/bash.mk
@@ -6,7 +6,9 @@
 
 BASH_VERSION = 4.3
 BASH_SITE = $(BR2_GNU_MIRROR)/bash
-BASH_DEPENDENCIES = ncurses readline host-bison
+# Build after since bash is better than busybox shells
+BASH_DEPENDENCIES = ncurses readline host-bison \
+	$(if $(BR2_PACKAGE_BUSYBOX),busybox)
 BASH_CONF_OPTS = --with-installed-readline
 BASH_LICENSE = GPLv3+
 BASH_LICENSE_FILES = COPYING
@@ -28,19 +30,11 @@ ifeq ($(BR2_PREFER_STATIC_LIB),y)
 BASH_CONF_OPTS += --enable-static-link --without-bash-malloc
 endif
 
-# Make sure we build after busybox so that /bin/sh links to bash
-ifeq ($(BR2_PACKAGE_BUSYBOX),y)
-BASH_DEPENDENCIES += busybox
-endif
-
-# Save the old sh file/link if there is one and symlink bash->sh
+# Make /bin/sh -> bash (no other shell, better than busybox shells)
 define BASH_INSTALL_TARGET_CMDS
 	$(TARGET_MAKE_ENV) $(MAKE) -C $(@D) \
 		DESTDIR=$(TARGET_DIR) exec_prefix=/ install
 	rm -f $(TARGET_DIR)/bin/bashbug
-	if [ -e $(TARGET_DIR)/bin/sh ]; then \
-		mv -f $(TARGET_DIR)/bin/sh $(TARGET_DIR)/bin/sh.prebash; \
-	fi
 	ln -sf bash $(TARGET_DIR)/bin/sh
 endef
 
-- 
2.0.4

[Buildroot] [PATCH 4/5] procps-ng: bump to version 3.3.10

[Gustavo Zacarias]

Also add hash file.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
---
 package/procps-ng/procps-ng.hash | 3 +++
 package/procps-ng/procps-ng.mk   | 2 +-
 2 files changed, 4 insertions(+), 1 deletion(-)
 create mode 100644 package/procps-ng/procps-ng.hash

diff --git a/package/procps-ng/procps-ng.hash b/package/procps-ng/procps-ng.hash
new file mode 100644
index 0000000..e011356
--- /dev/null
+++ b/package/procps-ng/procps-ng.hash
@@ -0,0 +1,3 @@
+# From http://sourceforge.net/projects/procps-ng/files/Production/
+md5	1fb7f3f6bf92ce6c5c9ed9949ae858fe	procps-ng-3.3.10.tar.xz
+sha1	484db198d6a18a42b4011d5ecb2cb784a81b0e4f	procps-ng-3.3.10.tar.xz
diff --git a/package/procps-ng/procps-ng.mk b/package/procps-ng/procps-ng.mk
index d82db76..71e32dd 100644
--- a/package/procps-ng/procps-ng.mk
+++ b/package/procps-ng/procps-ng.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-PROCPS_NG_VERSION = 3.3.9
+PROCPS_NG_VERSION = 3.3.10
 PROCPS_NG_SOURCE = procps-ng-$(PROCPS_NG_VERSION).tar.xz
 PROCPS_NG_SITE = http://downloads.sourceforge.net/project/procps-ng/Production
 PROCPS_NG_LICENSE = GPLv2+, libproc and libps LGPLv2+
-- 
2.0.4

[Buildroot] [PATCH 5/5] sysklogd: security bump to version 1.5.1

[Gustavo Zacarias]

Fixes CVE-2014-3634 - invalid priority values between 192 and 1023
(directly or arrived at via overflow wraparound) can propagate through
code causing out-of-bounds access to the f_pmask array within the
'filed' structure by up to 104 bytes past its end.

Switch to vanilla since Debian hasn't handled this yet and add hash
file.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
---
 package/sysklogd/Config.in     |  2 +-
 package/sysklogd/sysklogd.hash |  2 ++
 package/sysklogd/sysklogd.mk   | 14 ++------------
 3 files changed, 5 insertions(+), 13 deletions(-)
 create mode 100644 package/sysklogd/sysklogd.hash

diff --git a/package/sysklogd/Config.in b/package/sysklogd/Config.in
index 6339d76..4a0ac13 100644
--- a/package/sysklogd/Config.in
+++ b/package/sysklogd/Config.in
@@ -5,7 +5,7 @@ config BR2_PACKAGE_SYSKLOGD
 	help
 	  System log daemons syslogd and klogd.
 
-	  http://www.infodrom.org/products/sysklogd/
+	  http://www.infodrom.org/projects/sysklogd/
 
 comment "syslogd needs a toolchain w/ largefile"
 	depends on !BR2_LARGEFILE
diff --git a/package/sysklogd/sysklogd.hash b/package/sysklogd/sysklogd.hash
new file mode 100644
index 0000000..dd5b89a
--- /dev/null
+++ b/package/sysklogd/sysklogd.hash
@@ -0,0 +1,2 @@
+# Locally calculated from download (no sig, hash)
+sha256	5166c185ae23c92e8b9feee66a6e3d0bc944bf673112f53e3ecf62e08ce7c201	sysklogd-1.5.1.tar.gz
diff --git a/package/sysklogd/sysklogd.mk b/package/sysklogd/sysklogd.mk
index 37293da..efc5a4d 100644
--- a/package/sysklogd/sysklogd.mk
+++ b/package/sysklogd/sysklogd.mk
@@ -4,10 +4,8 @@
 #
 ################################################################################
 
-SYSKLOGD_VERSION = 1.5
-SYSKLOGD_SOURCE = sysklogd_$(SYSKLOGD_VERSION).orig.tar.gz
-SYSKLOGD_PATCH = sysklogd_$(SYSKLOGD_VERSION)-6.diff.gz
-SYSKLOGD_SITE = $(BR2_DEBIAN_MIRROR)/debian/pool/main/s/sysklogd
+SYSKLOGD_VERSION = 1.5.1
+SYSKLOGD_SITE = http://www.infodrom.org/projects/sysklogd/download
 SYSKLOGD_LICENSE = GPLv2+
 SYSKLOGD_LICENSE_FILES = COPYING
 
@@ -16,14 +14,6 @@ ifeq ($(BR2_PACKAGE_BUSYBOX),y)
 SYSKLOGD_DEPENDENCIES = busybox
 endif
 
-define SYSKLOGD_DEBIAN_PATCHES
-	if [ -d $(@D)/debian/patches ]; then \
-		support/scripts/apply-patches.sh $(@D) $(@D)/debian/patches \*.patch; \
-	fi
-endef
-
-SYSKLOGD_POST_PATCH_HOOKS = SYSKLOGD_DEBIAN_PATCHES
-
 define SYSKLOGD_BUILD_CMDS
 	$(MAKE) $(TARGET_CONFIGURE_OPTS) -C $(@D)
 endef
-- 
2.0.4

[Buildroot] [PATCH 1/5] dash: bump to version 0.5.8-1

[Peter Korsgaard]

>>>>> "Gustavo" == Gustavo Zacarias <gustavo@zacarias.com.ar> writes:

 > Add hash file, make the /bin/sh -> dash symlink and build after busybox and
 > use $(INSTALL) instead of cp for proper mode handling.

 > Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
 > ---
 >  ...r-helpers.patch => dash-0001-no-config.h-for-helpers.patch} |  0
 >  package/dash/dash.hash                                         |  3 +++
 >  package/dash/dash.mk                                           | 10 +++++++---
 >  3 files changed, 10 insertions(+), 3 deletions(-)
 >  rename package/dash/{dash-0.5.7-no-config.h-for-helpers.patch => dash-0001-no-config.h-for-helpers.patch} (100%)
 >  create mode 100644 package/dash/dash.hash

 > diff --git a/package/dash/dash-0.5.7-no-config.h-for-helpers.patch b/package/dash/dash-0001-no-config.h-for-helpers.patch
 > similarity index 100%
 > rename from package/dash/dash-0.5.7-no-config.h-for-helpers.patch
 > rename to package/dash/dash-0001-no-config.h-for-helpers.patch
 > diff --git a/package/dash/dash.hash b/package/dash/dash.hash
 > new file mode 100644
 > index 0000000..0198cd8
 > --- /dev/null
 > +++ b/package/dash/dash.hash
 > @@ -0,0 +1,3 @@
 > +# From http://ftp.debian.org/debian/pool/main/d/dash/dash_0.5.8-1.dsc
 > +sha256	c6db3a237747b02d20382a761397563d813b306c020ae28ce25a1c3915fac60f	dash_0.5.8.orig.tar.gz
 > +sha256	d751769cc1ef8b825a177e782f1cd3e35bde7c268107fa4febf8d235e12c64d9	dash_0.5.8-1.diff.gz
 > diff --git a/package/dash/dash.mk b/package/dash/dash.mk
 > index 5bc0835..cc71337 100644
 > --- a/package/dash/dash.mk
 > +++ b/package/dash/dash.mk
 > @@ -4,15 +4,19 @@
 >  #
 >  ################################################################################
 
 > -DASH_VERSION = 0.5.7
 > +DASH_VERSION = 0.5.8
 >  DASH_SOURCE = dash_$(DASH_VERSION).orig.tar.gz
 >  DASH_SITE = $(BR2_DEBIAN_MIRROR)/debian/pool/main/d/dash
 > -DASH_PATCH = dash_$(DASH_VERSION)-3.diff.gz
 > +DASH_PATCH = dash_$(DASH_VERSION)-1.diff.gz
 > +# Build after since dash is better than busybox shells
 > +DASH_DEPENDENCIES = $(if $(BR2_PACKAGE_BUSYBOX),busybox)
 >  DASH_LICENSE = BSD-3c, GPLv2+ (mksignames.c)
 >  DASH_LICENSE_FILES = COPYING
 
 > +# Make /bin/sh -> dash (no other shell, better than busybox shells)
 >  define DASH_INSTALL_TARGET_CMDS
 > -	cp -a $(@D)/src/dash $(TARGET_DIR)/bin/dash
 > +	$(INSTALL) -m 0755 $(@D)/src/dash $(TARGET_DIR)/bin/dash
 > +	ln -sf dash $(TARGET_DIR)/bin/sh

So what about bash? Which one should "win"? bash?

-- 
Bye, Peter Korsgaard

[Buildroot] [PATCH 1/5] dash: bump to version 0.5.8-1

[Gustavo Zacarias]

On 10/08/2014 02:27 PM, Peter Korsgaard wrote:
> So what about bash? Which one should "win"? bash?

We can't make that determination on the user behalf if he selected
multiple shells, random order will prevail.
However we can say that any of these is more feature-complete than what
busybox has to offer.
Regards.

[Buildroot] [PATCH 3/5] bash: minor install tweaks

[Peter Korsgaard]

>>>>> "Gustavo" == Gustavo Zacarias <gustavo@zacarias.com.ar> writes:

 > Remove the old symlink backup since we don't do uninstalls now.
 > Make the busybox dependency conditional shorter.

 > Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>

Committed, thanks.

-- 
Bye, Peter Korsgaard

[Buildroot] [PATCH 4/5] procps-ng: bump to version 3.3.10

[Peter Korsgaard]

>>>>> "Gustavo" == Gustavo Zacarias <gustavo@zacarias.com.ar> writes:

 > Also add hash file.
 > Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>

Committed, thanks.

-- 
Bye, Peter Korsgaard

[Buildroot] [PATCH 2/5] zsh: security bump to version 5.0.7

[Gustavo Zacarias]

On 10/08/2014 02:31 PM, Peter Korsgaard wrote:

> Sigh, what is it about shells for the moment?
> 
> Same comment as for dash, who should "win" the /bin/sh symlink?
> 
> maybe busybox -> dash -> zsh -> bash?

Forgot to cc the list ;)
It's not really/only a matter of which one wins, it's an init system
nightmare that i'm solving.
Say you've got:

busybox-init + some better shell = the better shell should win.
sysvinit + busybox + some better shell = same as above
sysvinit + no busybox + some better shell = oops since there's no /bin/sh

I don't care which of the better is "betterer", it's pretty subjective,
i just want the crazy combinations to work :)
Of course there's sysvinit + no busybox + no shell but that's another
problem.

Regards.

[Buildroot] [PATCH 5/5] sysklogd: security bump to version 1.5.1

[Peter Korsgaard]

>>>>> "Gustavo" == Gustavo Zacarias <gustavo@zacarias.com.ar> writes:

 > Fixes CVE-2014-3634 - invalid priority values between 192 and 1023
 > (directly or arrived at via overflow wraparound) can propagate through
 > code causing out-of-bounds access to the f_pmask array within the
 > 'filed' structure by up to 104 bytes past its end.

 > Switch to vanilla since Debian hasn't handled this yet and add hash
 > file.

 > Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>

Committed, thanks.

-- 
Bye, Peter Korsgaard

[Buildroot] [PATCH 1/5] dash: bump to version 0.5.8-1

[Peter Korsgaard]

>>>>> "Gustavo" == Gustavo Zacarias <gustavo@zacarias.com.ar> writes:

 > On 10/08/2014 02:27 PM, Peter Korsgaard wrote:
 >> So what about bash? Which one should "win"? bash?

 > We can't make that determination on the user behalf if he selected
 > multiple shells, random order will prevail.
 > However we can say that any of these is more feature-complete than what
 > busybox has to offer.

Random is not good, so I suggest we either:

- Only do it for bash like today
- Provide an option for the user to select
- Decide on a fixed priority order (E.G. busybox->dash->zsh->bash) and
  tell people to use a post-build script if they are not happy with it

-- 
Bye, Peter Korsgaard

[Buildroot] [PATCH 1/5] dash: bump to version 0.5.8-1

[Gustavo Zacarias]

On 10/08/2014 03:05 PM, Peter Korsgaard wrote:

> Random is not good, so I suggest we either:
> 
> - Only do it for bash like today

That's not an option: non-usable default rootfs if there's no /bin/sh.

> - Provide an option for the user to select

It's possible, probably best in System Configuration an option that
selects the appropiate package.
I wouldn't pull in busybox though, only make the option available if
BR2_PACKAGE_BUSYBOX.
And make the symlink in target-finalize to avoid touching the packages
much (actually making them simpler).

> - Decide on a fixed priority order (E.G. busybox->dash->zsh->bash) and
>   tell people to use a post-build script if they are not happy with it

It's a pretty arbitrary decision, many people would balk at the idea of
having bash as default yet they may need it for other uses.
Regards.

[Buildroot] [PATCH 2/5] zsh: security bump to version 5.0.7

[Peter Korsgaard]

>>>>> "Gustavo" == Gustavo Zacarias <gustavo@zacarias.com.ar> writes:

Hi,

 >> Same comment as for dash, who should "win" the /bin/sh symlink?
 >> 
 >> maybe busybox -> dash -> zsh -> bash?

 > Forgot to cc the list ;)

Ups, apparently - Sorry.

 > It's not really/only a matter of which one wins, it's an init system
 > nightmare that i'm solving.
 > Say you've got:

 > busybox-init + some better shell = the better shell should win.

Agreed.

 > sysvinit + busybox + some better shell = same as above

Agreed.

 > sysvinit + no busybox + some better shell = oops since there's no /bin/sh

As long as all shells install a /bin/sh (symlink), that should be fine -
But it should also be reproducible, so with a fixed priority.

 > I don't care which of the better is "betterer", it's pretty subjective,
 > i just want the crazy combinations to work :)
 > Of course there's sysvinit + no busybox + no shell but that's another
 > problem.

Such a setup is pretty unlikely to ever happen on purpose imho.

-- 
Bye, Peter Korsgaard

[Buildroot] [PATCH 1/5] dash: bump to version 0.5.8-1

[Peter Korsgaard]

>>>>> "Gustavo" == Gustavo Zacarias <gustavo@zacarias.com.ar> writes:

Hi,

 > On 10/08/2014 03:05 PM, Peter Korsgaard wrote:
 >> Random is not good, so I suggest we either:
 >> 
 >> - Only do it for bash like today

 > That's not an option: non-usable default rootfs if there's no /bin/sh.

But a buildroot config without busybox is quite unlikely.


 >> - Provide an option for the user to select

 > It's possible, probably best in System Configuration an option that
 > selects the appropiate package.
 > I wouldn't pull in busybox though, only make the option available if
 > BR2_PACKAGE_BUSYBOX.
 > And make the symlink in target-finalize to avoid touching the packages
 > much (actually making them simpler).

Yes, we can do something like that if there's interest / need. I
personally don't care enough about it do it myself, but I do want
reproducible builds.

A real config with multiple (non busybox) shells is imho quite unlikely
though.


 >> - Decide on a fixed priority order (E.G. busybox->dash->zsh->bash) and
 >> tell people to use a post-build script if they are not happy with it

 > It's a pretty arbitrary decision, many people would balk at the idea of
 > having bash as default yet they may need it for other uses.

Sure it is arbitrary, but that's what we have today and I haven't heard
anybody complaining.

-- 
Bye, Peter Korsgaard

[Buildroot] [PATCH 1/5] dash: bump to version 0.5.8-1

[Gustavo Zacarias]

On 10/08/2014 03:46 PM, Peter Korsgaard wrote:

> But a buildroot config without busybox is quite unlikely.

Well that's what i'm testing here and other than the other patches
that's the only big broken thing that i've found.
For a basic boot the required packages are:

coreutils -> cat, echo, and a ton of other tiny utils
net-tools -> hostname, ifconfig and such
util-linux (agetty, fsck, kill, login utils, mount/umount)
some shell (bash, dash, zsh)

Optional but nice:

sysklogd -> a logger, not strictly necessary but convenient.
procps-ng -> ps utils.
and many others for the usual complete shell experience.

Not covered yet:

ifdown/ifup - we can package it.
start-stop-daemon - we can probably get away without it by tweaking
initscripts.

The problem is that we allow busybox to be turned off for
systemv/systemd so we've gotta cover those use cases.

>  > It's possible, probably best in System Configuration an option that
>  > selects the appropiate package.
>  > I wouldn't pull in busybox though, only make the option available if
>  > BR2_PACKAGE_BUSYBOX.
>  > And make the symlink in target-finalize to avoid touching the packages
>  > much (actually making them simpler).
> 
> Yes, we can do something like that if there's interest / need. I
> personally don't care enough about it do it myself, but I do want
> reproducible builds.
> 
> A real config with multiple (non busybox) shells is imho quite unlikely
> though.

I'll give it a shot, it shouldn't be hard.
Yes it would be odd for multiple non-busybox shells to exist, that was
my reasoning that any full shell would step on /bin/sh, see? ;)

> Sure it is arbitrary, but that's what we have today and I haven't heard
> anybody complaining.

Well, we can evolve it a bit, once the selection option is done it will
be quite easy to add new shell options which, contrary to adding a ton
of ifeqs, is nicer.
It might be interesting in the long run since we'll have to deal with
/etc/shells (not quite the same but still in the same area) for
non-busybox scenarios.

Regards.

[Buildroot] [PATCH 1/5] dash: bump to version 0.5.8-1

[Arnout Vandecappelle]

On 08/10/14 21:16, Gustavo Zacarias wrote:
> On 10/08/2014 03:46 PM, Peter Korsgaard wrote:
> 
[snip]
>>  > It's possible, probably best in System Configuration an option that
>>  > selects the appropiate package.
>>  > I wouldn't pull in busybox though, only make the option available if
>>  > BR2_PACKAGE_BUSYBOX.
>>  > And make the symlink in target-finalize to avoid touching the packages
>>  > much (actually making them simpler).
>>
>> Yes, we can do something like that if there's interest / need. I
>> personally don't care enough about it do it myself, but I do want
>> reproducible builds.
>>
>> A real config with multiple (non busybox) shells is imho quite unlikely
>> though.
> 
> I'll give it a shot, it shouldn't be hard.
> Yes it would be odd for multiple non-busybox shells to exist, that was
> my reasoning that any full shell would step on /bin/sh, see? ;)

 Hi Gustavo,

 We discussed the sh stuff at the BR developer meeting and it would be nice if
we had:

- a config option in the system menu that lets the user select the shell: none,
busybox, dash, bash, zsh (default busybox);

- the config option selects the appropriate package;

- target-finalize creates the symlink;

- if sh is busybox, then it's up to the user to choose the appropriate
FEATURE_SH_IS_* option in busybox; we will still create the symlink to busybox
from buildroot.


 Will you take this up? Thanks!


 Regards,
 Arnout


[snip]


-- 
Arnout Vandecappelle                          arnout at mind be
Senior Embedded Software Architect            +32-16-286500
Essensium/Mind                                http://www.mind.be
G.Geenslaan 9, 3001 Leuven, Belgium           BE 872 984 063 RPR Leuven
LinkedIn profile: http://www.linkedin.com/in/arnoutvandecappelle
GPG fingerprint:  7CB5 E4CC 6C2E EFD4 6E3D A754 F963 ECAB 2450 2F1F

[Buildroot] [PATCH 1/5] dash: bump to version 0.5.8-1

[Peter Korsgaard]

>>>>> "Gustavo" == Gustavo Zacarias <gustavo@zacarias.com.ar> writes:

 > Add hash file, make the /bin/sh -> dash symlink and build after busybox and
 > use $(INSTALL) instead of cp for proper mode handling.

 > Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>

Committed with the /bin/sh handling removed as we'll handle it globally
instead, thanks.

-- 
Bye, Peter Korsgaard

[Buildroot] [PATCH 2/5] zsh: security bump to version 5.0.7

[Peter Korsgaard]

>>>>> "Gustavo" == Gustavo Zacarias <gustavo@zacarias.com.ar> writes:

 > Fixes shellshock-alike exploits.
 > Add /bin/sh -> zsh symlink, install binary to /bin as all shells should
 > be, add hash file and build after busybox.

 > Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>

Committed with the /bin/sh handling removed as we'll handle it globally
instead, thanks.

-- 
Bye, Peter Korsgaard