[PATCH 4/8] classes/package_rpm: write file permissions and ownership explicitly into .spec

public inbox for openembedded-core@lists.openembedded.org
 help / color / mirror / Atom feed

From: Alexander Kanavin <alex.kanavin@gmail.com>
To: openembedded-core@lists.openembedded.org
Cc: Alexander Kanavin <alex@linutronix.de>
Subject: [PATCH 4/8] classes/package_rpm: write file permissions and ownership explicitly into .spec
Date: Fri, 26 Jan 2024 14:34:51 +0100	[thread overview]
Message-ID: <20240126133455.2609378-4-alex@linutronix.de> (raw)
In-Reply-To: <20240126133455.2609378-1-alex@linutronix.de>

Per https://github.com/rpm-software-management/rpm/commit/77d3529c31ca090a40b8d3959a0bcdd721a556d6
rpm 4.19.1+ will not consider actual filesystem permissions and ownership, and will quietly default
to root if not expictly set otherwise in .spec file.

There's also additional diagnostics (printing what is in passwd/group)
when user/group name lookup against the sysroot fails.
That is never supposed to happen, and yet there was one report that it did:
https://autobuilder.yoctoproject.org/typhoon/#/builders/44/builds/8493/steps/23/logs/stdio

Investigating that issue led to the first three commits in this patchset:

sysroot user management postinsts: run with /bin/sh -e to report errors when they happen
classes/multilib: expand PACKAGE_WRITE_DEPS in addition to DEPENDS
classes/staging: capture output of sysroot postinsts into logs

Signed-off-by: Alexander Kanavin <alex@linutronix.de>
---
 meta/classes-global/package_rpm.bbclass | 34 ++++++++++++++++++++-----
 1 file changed, 28 insertions(+), 6 deletions(-)

diff --git a/meta/classes-global/package_rpm.bbclass b/meta/classes-global/package_rpm.bbclass
index 2fc18fe98c1..a641dbdb299 100644
--- a/meta/classes-global/package_rpm.bbclass
+++ b/meta/classes-global/package_rpm.bbclass
@@ -103,6 +103,7 @@ def write_rpm_perfiledata(srcname, d):
 
 python write_specfile () {
     import oe.packagedata
+    import os,pwd,grp,stat
 
     # append information for logs and patches to %prep
     def add_prep(d, spec_files_bottom):
@@ -198,6 +199,23 @@ python write_specfile () {
         # of the walk, the isdir() test would then fail and the walk code would assume its a file
         # hence we check for the names in files too.
         for rootpath, dirs, files in os.walk(walkpath):
+            def get_attr(path):
+                stat_f = os.stat(rootpath + "/" + path, follow_symlinks=False)
+                mode = stat.S_IMODE(stat_f.st_mode)
+                try:
+                    owner = pwd.getpwuid(stat_f.st_uid).pw_name
+                except Exception as e:
+                    bb.error("Content of /etc/passwd in sysroot:\n{}".format(
+                        open(d.getVar("RECIPE_SYSROOT") +"/etc/passwd").read()))
+                    raise e
+                try:
+                    group = grp.getgrgid(stat_f.st_gid).gr_name
+                except Exception as e:
+                    bb.error("Content of /etc/group in sysroot:\n{}".format(
+                        open(d.getVar("RECIPE_SYSROOT") +"/etc/group").read()))
+                    raise e
+                return "%attr({:o},{},{}) ".format(mode, owner, group)
+
             path = rootpath.replace(walkpath, "")
             if path.endswith("DEBIAN") or path.endswith("CONTROL"):
                 continue
@@ -221,24 +239,28 @@ python write_specfile () {
                     if dir == "CONTROL" or dir == "DEBIAN":
                         continue
                     dir = dir.replace("%", "%%%%%%%%")
+                    p = path + '/' + dir
                     # All packages own the directories their files are in...
-                    target.append('%dir "' + path + '/' + dir + '"')
+                    target.append(get_attr(dir) + '%dir "' + p + '"')
             else:
                 # packages own only empty directories or explict directory.
                 # This will prevent the overlapping of security permission.
+                attr = get_attr(path)
                 if path and not files and not dirs:
-                    target.append('%dir "' + path + '"')
+                    target.append(attr + '%dir "' + path + '"')
                 elif path and path in dirfiles:
-                    target.append('%dir "' + path + '"')
+                    target.append(attr + '%dir "' + path + '"')
 
             for file in files:
                 if file == "CONTROL" or file == "DEBIAN":
                     continue
                 file = file.replace("%", "%%%%%%%%")
-                if conffiles.count(path + '/' + file):
-                    target.append('%config "' + path + '/' + file + '"')
+                attr = get_attr(file)
+                p = path + '/' + file
+                if conffiles.count(p):
+                    target.append(attr + '%config "' + p + '"')
                 else:
-                    target.append('"' + path + '/' + file + '"')
+                    target.append(attr + '"' + p + '"')
 
     # Prevent the prerm/postrm scripts from being run during an upgrade
     def wrap_uninstall(scriptvar):
-- 
2.39.2

next prev parent reply	other threads:[~2024-01-26 13:35 UTC|newest]

Thread overview: 20+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-01-26 13:34 [PATCH 1/8] sysroot user management postinsts: run with /bin/sh -e to report errors when they happen Alexander Kanavin
2024-01-26 13:34 ` [PATCH 2/8] classes/multilib: expand PACKAGE_WRITE_DEPS in addition to DEPENDS Alexander Kanavin
2024-01-26 13:34 ` [PATCH 3/8] classes/staging: capture output of sysroot postinsts into logs Alexander Kanavin
2024-01-26 13:34 ` Alexander Kanavin [this message]
2024-01-26 13:34 ` [PATCH 5/8] classes/package_rpm: use weak user/group dependencies Alexander Kanavin
2024-01-26 13:34 ` [PATCH 6/8] classes/package_rpm: set bogus locations for passwd/group files Alexander Kanavin
2024-01-26 13:34 ` [PATCH 7/8] oeqa/runtime/rpm: fail tests if test rpm file cannot be found Alexander Kanavin
2024-01-26 14:11   ` [OE-core] " Richard Purdie
2024-01-26 14:21     ` Alexander Kanavin
2024-01-26 13:34 ` [PATCH 8/8] rpm: update 4.18.1 -> 4.19.1 Alexander Kanavin
2024-01-28 16:53   ` [OE-core] " Khem Raj
2024-01-28 19:04     ` Alexander Kanavin
     [not found]     ` <17AE983A55179990.23935@lists.openembedded.org>
2024-01-29 11:57       ` Alexander Kanavin
2024-01-29 12:11         ` Matt Madison
2024-01-29 12:22           ` Alexander Kanavin
2024-01-29 16:30             ` Matt Madison
2024-01-29 16:44         ` Mark Hatle
2024-02-01 21:10   ` Alexandre Belloni
2024-02-01 21:19     ` Alexander Kanavin
     [not found]     ` <17AFD9EAEAF14DA0.1968@lists.openembedded.org>
2024-02-02 12:27       ` Alexander Kanavin

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:2fc18fe98c dfblob:a641dbdb29 )
 OR (
bs:"[PATCH 4/8] classes/package_rpm: write file permissions and ownership explicitly into .spec" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20240126133455.2609378-4-alex@linutronix.de \
    --to=alex.kanavin@gmail.com \
    --cc=alex@linutronix.de \
    --cc=openembedded-core@lists.openembedded.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox