From: "Paul Barker" <pbarker@konsulko.com>
To: Ricardo Ribalda Delgado <ricardo@ribalda.com>
Cc: Richard Purdie <richard.purdie@linuxfoundation.org>,
openembedded-core <openembedded-core@lists.openembedded.org>
Subject: Re: [OE-core] [PATCH 1/2] wic: Fix permissions when using exclude or include path
Date: Tue, 7 Apr 2020 19:12:56 +0100 [thread overview]
Message-ID: <20200407191256.6cb45445@ub1910> (raw)
In-Reply-To: <CAPybu_03RzN3zyQuoHJorcnbqWfvC+cGvGo5yNiVC8pHP-MQ=g@mail.gmail.com>
On Fri, 3 Apr 2020 21:53:39 +0200
Ricardo Ribalda Delgado <ricardo@ribalda.com> wrote:
> ping?
I think that '../pseudo' should not be used here. I'll explain inline...
> >
> > This results in a rootfs owned by the user that is running the wic
> > command (usually UID 1000), which makes some rootfs unbootable.
> >
> > To fix this we copy the content of the pseudo folders to the new folder
> > and modify the pseudo database using the "pseudo -B" command.
> >
> > Signed-off-by: Ricardo Ribalda Delgado <ricardo@ribalda.com>
> > ---
> > scripts/lib/wic/plugins/source/rootfs.py | 22 +++++++++++++++++++---
> > 1 file changed, 19 insertions(+), 3 deletions(-)
> >
> > diff --git a/scripts/lib/wic/plugins/source/rootfs.py b/scripts/lib/wic/plugins/source/rootfs.py
> > index 705aeb5563..40419a64b3 100644
> > --- a/scripts/lib/wic/plugins/source/rootfs.py
> > +++ b/scripts/lib/wic/plugins/source/rootfs.py
> > @@ -16,11 +16,11 @@ import os
> > import shutil
> > import sys
> >
> > -from oe.path import copyhardlinktree
> > +from oe.path import copyhardlinktree, copytree
> >
> > from wic import WicError
> > from wic.pluginbase import SourcePlugin
> > -from wic.misc import get_bitbake_var
> > +from wic.misc import get_bitbake_var, exec_native_cmd
> >
> > logger = logging.getLogger('wic')
> >
> > @@ -44,6 +44,15 @@ class RootfsPlugin(SourcePlugin):
> >
> > return os.path.realpath(image_rootfs_dir)
> >
> > + @staticmethod
> > + def __get_pseudo(native_sysroot, rootfs):
> > + pseudo = "export PSEUDO_PREFIX=%s/usr;" % native_sysroot
> > + pseudo += "export PSEUDO_LOCALSTATEDIR=%s;" % os.path.join(rootfs, "../pseudo")
> > + pseudo += "export PSEUDO_PASSWD=%s;" % rootfs
> > + pseudo += "export PSEUDO_NOSYMLINKEXP=1;"
> > + pseudo += "%s " % get_bitbake_var("FAKEROOTCMD")
> > + return pseudo
> > +
> > @classmethod
> > def do_prepare_partition(cls, part, source_params, cr, cr_workdir,
> > oe_builddir, bootimg_dir, kernel_dir,
> > @@ -78,9 +87,16 @@ class RootfsPlugin(SourcePlugin):
> >
> > if os.path.lexists(new_rootfs):
> > shutil.rmtree(os.path.join(new_rootfs))
> > -
> > copyhardlinktree(part.rootfs_dir, new_rootfs)
> >
> > + if os.path.lexists(os.path.join(new_rootfs, "../pseudo")):
new_rootfs is set by the following statement a few lines above:
new_rootfs = os.path.realpath(os.path.join(cr_workdir, "rootfs%d" % part.lineno))
Consider that `cr_workdir` may contain multiple rootfs staging directories
corresponding to multiple lines in the wks file, for example if a rootfs
image is duplicated into multiple partitions for redundancy. In that case
`os.path.join(new_rootfs, "../pseudo")` will clash between these different
rootfs copies.
Let's use an explicit path instead, such as:
new_pseudo = os.path.realpath(os.path.join(cr_workdir, "pseudo%d" % part.lineno))
> > + shutil.rmtree(os.path.join(new_rootfs, "../pseudo"))
> > + copytree(os.path.join(part.rootfs_dir, "../pseudo"),
part.rootfs_dir is whatever is given as the option to `--rootfs-dir`. There
is no guarantee that `../psuedo` is valid or if it corresponds to the rootfs
directory given. It's unsafe to step up the directory tree and make
assumptions like this.
> > + os.path.join(new_rootfs, "../pseudo"))
> > + pseudo_cmd = "%s -B -m %s -M %s" % (cls.__get_pseudo(native_sysroot,new_rootfs),
> > + part.rootfs_dir, new_rootfs)
> > + exec_native_cmd(pseudo_cmd, native_sysroot)
> > +
> > for path in part.include_path or []:
> > copyhardlinktree(path, new_rootfs)
--
Paul Barker
Konsulko Group
next prev parent reply other threads:[~2020-04-07 18:13 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-03-04 8:34 [PATCH 1/2] wic: Fix permissions when using exclude or include path Ricardo Ribalda Delgado
2020-03-04 8:34 ` [PATCH 2/2] wic: Add --embed-rootfs argument Ricardo Ribalda Delgado
2020-03-04 9:42 ` Paul Barker
2020-03-04 9:56 ` Ricardo Ribalda Delgado
2020-03-04 10:08 ` Paul Barker
2020-03-04 10:14 ` Ricardo Ribalda Delgado
2020-03-04 13:49 ` Ricardo Ribalda Delgado
2020-03-04 14:31 ` Joshua Watt
2020-03-04 9:53 ` [PATCH 1/2] wic: Fix permissions when using exclude or include path Paul Barker
2020-03-04 10:02 ` Ricardo Ribalda Delgado
2020-03-05 9:28 ` Paul Barker
2020-03-05 9:46 ` Ricardo Ribalda Delgado
2020-04-03 19:53 ` [OE-core] " Ricardo Ribalda
2020-04-07 18:12 ` Paul Barker [this message]
2020-04-07 18:40 ` Ricardo Ribalda
2020-04-07 19:02 ` Paul Barker
2020-04-07 19:19 ` Ricardo Ribalda
2020-04-07 19:43 ` Paul Barker
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200407191256.6cb45445@ub1910 \
--to=pbarker@konsulko.com \
--cc=openembedded-core@lists.openembedded.org \
--cc=ricardo@ribalda.com \
--cc=richard.purdie@linuxfoundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox