[Buildroot] initramfs doesn't need root to create an image

[Buildroot] initramfs doesn't need root to create an image

[Nigel Kukard]

Attached a patch which removes the requirement on fakeroot & makedevs
and prevents files from being created in /dev instead of devices when
one builds buildroot as a non-priv user.

Initramfs doesn't require a priv user to create the image. A perl script
merges the devices.txt into the initramfs list, fixes the permissions,
fixes ownership, orders directories to be created first and spits out a
clean list.

-N
-------------- next part --------------
A non-text attachment was scrubbed...
Name: initramfs-rework-noroot.patch
Type: text/x-patch
Size: 8028 bytes
Desc: not available
Url : http://busybox.net/lists/buildroot/attachments/20080329/ca2de3e9/attachment.bin 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://busybox.net/lists/buildroot/attachments/20080329/ca2de3e9/attachment.pgp 

[Buildroot] initramfs doesn't need root to create an image

[Hamish Moffatt]

On Sat, Mar 29, 2008 at 06:59:01AM +0000, Nigel Kukard wrote:
> Attached a patch which removes the requirement on fakeroot & makedevs
> and prevents files from being created in /dev instead of devices when
> one builds buildroot as a non-priv user.

Why? Was there a problem with fakeroot?

The ext2 and jffs2 targets both use fakeroot, although the generator
tools can do privilege squashing and handle device tables themselves.
Next week I need to add ubifs support, and currently the generator tool
does not have device table support fwiw.

Thanks,
Hamish
-- 
Hamish Moffatt VK3SB <hamish@debian.org> <hamish@cloud.net.au>

[Buildroot] initramfs doesn't need root to create an image

[Nigel Kukard]

> > Attached a patch which removes the requirement on fakeroot & makedevs
> > and prevents files from being created in /dev instead of devices when
> > one builds buildroot as a non-priv user.
> 
> Why? Was there a problem with fakeroot?

Not fakeroot itself, but you cannot create a device if you're a non-priv
user. So ... nothing fails, makedevs generates lovely zero size files
instead of devices & fakeroot appears to hide the errors.

My patch is initramfs specific and doesn't touch, remove or alter any of
the other target root filesystem types. It removes the requirement for
both fakeroot and makedevs for initramfs image generation. Real devices
aren't created, the cpio manifest is modified in such a way that the
result cpio archive contains the devices. The manifest is normally
generated from the actual files/devices found. My patch takes the
manifest (minus the devices as makedevs isn't run) parses the device
table and outputs the manifest with what makedevs would of generated,
with the uid/gid defaulting to 0 if not overridden by makedevs.

> The ext2 and jffs2 targets both use fakeroot, although the generator
> tools can do privilege squashing and handle device tables themselves.
> Next week I need to add ubifs support, and currently the generator tool
> does not have device table support fwiw.

I only touched initramfs image generation. If you see something I
missed, or error in my perl script, feel free to let me know so I can
fix it  :)  I've tested it with both the generic device list, my own
device list, as root and as a non-priv user with no errors, the
resulting initramfs image when booted contains all the devices
specified.

-N

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://busybox.net/lists/buildroot/attachments/20080329/bd44a0d2/attachment.pgp 

[Buildroot] initramfs doesn't need root to create an image

[Peter Korsgaard]

>>>>> "Nigel" == Nigel Kukard <nkukard@lbsd.net> writes:

 >> > Attached a patch which removes the requirement on fakeroot & makedevs
 >> > and prevents files from being created in /dev instead of devices when
 >> > one builds buildroot as a non-priv user.
 >> 
 >> Why? Was there a problem with fakeroot?

 Nigel> Not fakeroot itself, but you cannot create a device if you're
 Nigel> a non-priv user. So ... nothing fails, makedevs generates
 Nigel> lovely zero size files instead of devices & fakeroot appears
 Nigel> to hide the errors.

But that's the point of fakeroot. Applications run from within
fakeroot believes the trickery and sees the (fake) device nodes. I
haven't looked into the initramfs stuff, but why wouldn't that work
there as well?

-- 
Bye, Peter Korsgaard

[Buildroot] initramfs doesn't need root to create an image

[Nigel Kukard]

>  >> > Attached a patch which removes the requirement on fakeroot & makedevs
>  >> > and prevents files from being created in /dev instead of devices when
>  >> > one builds buildroot as a non-priv user.
>  >> 
>  >> Why? Was there a problem with fakeroot?
> 
>  Nigel> Not fakeroot itself, but you cannot create a device if you're
>  Nigel> a non-priv user. So ... nothing fails, makedevs generates
>  Nigel> lovely zero size files instead of devices & fakeroot appears
>  Nigel> to hide the errors.
> 
> But that's the point of fakeroot. Applications run from within
> fakeroot believes the trickery and sees the (fake) device nodes. I
> haven't looked into the initramfs stuff, but why wouldn't that work
> there as well?

Does fakeroot keep device-special information if you create devices
inside its environment? ie. if you create a /dev/hda inside a fakeroot
using mknod, tar it up, exit fakeroot, untar it with admin privs, is it
still a device special file?

If it is (which would be damn awesome), then with a few less lines of
modifications and minus my perl script we can take the cpio file
generation out of the kernel build and do it ourselves in the fakeroot.

-N
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://busybox.net/lists/buildroot/attachments/20080329/3e0cca85/attachment.pgp 

[Buildroot] initramfs doesn't need root to create an image

[Hamish Moffatt]

On Sat, Mar 29, 2008 at 02:56:50PM +0000, Nigel Kukard wrote:
> >  >> > Attached a patch which removes the requirement on fakeroot & makedevs
> >  >> > and prevents files from being created in /dev instead of devices when
> >  >> > one builds buildroot as a non-priv user.
> >  >> 
> >  >> Why? Was there a problem with fakeroot?
> > 
> >  Nigel> Not fakeroot itself, but you cannot create a device if you're
> >  Nigel> a non-priv user. So ... nothing fails, makedevs generates
> >  Nigel> lovely zero size files instead of devices & fakeroot appears
> >  Nigel> to hide the errors.
> > 
> > But that's the point of fakeroot. Applications run from within
> > fakeroot believes the trickery and sees the (fake) device nodes. I
> > haven't looked into the initramfs stuff, but why wouldn't that work
> > there as well?
> 
> Does fakeroot keep device-special information if you create devices
> inside its environment? ie. if you create a /dev/hda inside a fakeroot
> using mknod, tar it up, exit fakeroot, untar it with admin privs, is it
> still a device special file?

Yes. The ext2 and jffs2 targets use it for that purpose: they use
makedevs to process the device table, then call genext2fs/mkfs.jffs2
within the fakeroot session to create the image.

You can even have the special devices persist across fakeroot sessions
if you tell it to save/load its session to file.


Hamish
-- 
Hamish Moffatt VK3SB <hamish@debian.org> <hamish@cloud.net.au>

[Buildroot] initramfs doesn't need root to create an image

[Nigel Kukard]

> > > But that's the point of fakeroot. Applications run from within
> > > fakeroot believes the trickery and sees the (fake) device nodes. I
> > > haven't looked into the initramfs stuff, but why wouldn't that work
> > > there as well?
> > 
> > Does fakeroot keep device-special information if you create devices
> > inside its environment? ie. if you create a /dev/hda inside a fakeroot
> > using mknod, tar it up, exit fakeroot, untar it with admin privs, is it
> > still a device special file?
> 
> Yes. The ext2 and jffs2 targets use it for that purpose: they use
> makedevs to process the device table, then call genext2fs/mkfs.jffs2
> within the fakeroot session to create the image.
> 
> You can even have the special devices persist across fakeroot sessions
> if you tell it to save/load its session to file.

Well then, there we go ... a even better solution to my perl script  :)

Let me see what I can hack up. The reason why the kernel's cpio image
generation does not work is because its run from outside fakeroot.

Moving the cpio archive generation out of the kernel builds' hands (by
merely providing it a .cpio to use for the initramfs) is going to more
than likely make the initramfs target very very similar to the cpio one,
with the exception of the kernel config changes of course. As you said,
fakeroot does everything the kernel scripts do and actually better.

Anyone got any thoughts on cpio & initramfs being merged into one target
(directory)? a pseudo target of sorts where initramfs's config option is
added to cpio's config.in, when selected enables cpio and sets the path
of the cpio archive?

-N
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://busybox.net/lists/buildroot/attachments/20080329/ed6aef41/attachment-0001.pgp 

[Buildroot] initramfs doesn't need root to create an image

[Peter Korsgaard]

>>>>> "Nigel" == Nigel Kukard <nkukard@lbsd.net> writes:

 Nigel> Not fakeroot itself, but you cannot create a device if you're
 Nigel> a non-priv user. So ... nothing fails, makedevs generates
 Nigel> lovely zero size files instead of devices & fakeroot appears
 Nigel> to hide the errors.
 >> 
 >> But that's the point of fakeroot. Applications run from within
 >> fakeroot believes the trickery and sees the (fake) device nodes. I
 >> haven't looked into the initramfs stuff, but why wouldn't that work
 >> there as well?

 Nigel> Does fakeroot keep device-special information if you create
 Nigel> devices inside its environment? ie. if you create a /dev/hda
 Nigel> inside a fakeroot using mknod, tar it up, exit fakeroot, untar
 Nigel> it with admin privs, is it still a device special file?

Yes, that's the point of fakeroot.

-- 
Bye, Peter Korsgaard

[Buildroot] initramfs doesn't need root to create an image

[Nigel Kukard]

>  Nigel> Does fakeroot keep device-special information if you create
>  Nigel> devices inside its environment? ie. if you create a /dev/hda
>  Nigel> inside a fakeroot using mknod, tar it up, exit fakeroot, untar
>  Nigel> it with admin privs, is it still a device special file?
> 
> Yes, that's the point of fakeroot.

A day doesn't pass when I don't learn something new  ;)

*thinks of ways to use fakeroot*

-N
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://busybox.net/lists/buildroot/attachments/20080329/5a3932d0/attachment.pgp