From: <Qi.Chen@windriver.com>
To: <openembedded-core@lists.openembedded.org>
Cc: qingtao.cao@windriver.com
Subject: [PATCH V2 0/9] busybox miscellaneous fixes
Date: Mon, 17 Jun 2013 13:49:26 +0800 [thread overview]
Message-ID: <cover.1371447869.git.Qi.Chen@windriver.com> (raw)
From: Chen Qi <Qi.Chen@windriver.com>
This patchset mainly serves two purposes.
1) Switch to using busybox as the default login manager.
2) Fix to support FEATURE_INDIVIDUAL in busybox.
I'd really appreciate it if you could review it. And any comment or suggest is
really welcome.
In this cover letter, I'll describe why we switch to using busybox instead of
tiny login, how we do it and the final result of this change.
The reason is well explaned by Saul's comment in bug#4207.
(https://bugzilla.yoctoproject.org/show_bug.cgi?id=4207)
So I quote it here.
'''
tinylogin has been deprecated and the functionality ported into busybox, the
size is smaller than tinybox. The issue to be concerned about is having busybox
being setuid, a possibility is to use busybox as a separate binary.
'''
That's exactly what this patchset does.
*) switch to using busybox as the default login manager
*) remove tinylogin as it's deprecated
*) add the ability to split the busybox binary into two parts, one with suid and the other not.
Following's a brief design. You could also see it on the bugzilla.
(https://bugzilla.yoctoproject.org/show_bug.cgi?id=4207)
Design:
1) Add a configuration fragment to the SRC_URI. The configuration fragment will
be called login-utilities.cfg, as its main purpose is to enable the login utility
of busybox.
2) set the default login manager to 'busybox' instead of 'tinylogin'
3) Add a variable, BUSYBOX_SPLIT_SUID, to control whether to split the busybox
binary into two parts, one with suid and the other not. We default it to "1"
to enable the splitting, but users could still override it to disable the
splitting. After all, busybox has no internal support for this suid apps splitting,
so there might be users out there who trust busybox and want just one busybox binary.
4) Patch busybox to make it able to list configuration items of suid apps and non-suid
apps. These two lists are used to separate the busybox binary.
5) Busybox supports building individual apps, so the change above should still
support this feature.
Here's the final result of this change:
1) FEATURE_INDIVIDUAL enabled
We'll have links on target like below.
/bin/ls -> /bin/ls.busybox
/bin/cat -> /bin/cat.busybox
/bin/su -> /bin/su.busybox
2) FEATURE_INDIVIDUAL disabled (this is the default behavior) and BUSYBOX_SPLIT_SUID enabled
/bin/ls -> /bin/busybox.nosuid
/bin/cat -> /bin/busybox.nosuid
/bin/su -> /bin/busybox.suid
3) FEATURE_INDIVIDUAL disabled and BUSYBOX_SPLIT_SUID disabled
/bin/ls -> /bin/busybox
/bin/cat -> /bin/busybox
/bin/su -> /bin/busybox
//Chen Qi
The following changes since commit a62aed41f2d8f874f7ae24d0e5be5dbc66ea2199:
lrzsz: check locale.h in configure (2013-06-04 15:55:46 +0100)
are available in the git repository at:
git://git.pokylinux.org/poky-contrib ChenQi/busybox-fixes
http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=ChenQi/busybox-fixes
Chen Qi (9):
busybox: remove the postinst part of the recipe
busybox: add support for CONFIG_FEATURE_INDIVIDUAL
busybox: add a config fragment to enable login utilities
busybox: enable to list suid and non-suid app configs
busybox: add the ability to split the busybox binary
packagegroup-core-boot: use busybox as the default login manager
packagegroup-core-basic: set the default login manager
mingetty: lower the ALTERNATIVE_PRIORITY
tinylogin: remove recipe
...usybox-list-suid-and-non-suid-app-configs.patch | 179 +++++
.../busybox/busybox-1.20.2/login-utilities.cfg | 13 +
meta/recipes-core/busybox/busybox.inc | 105 ++-
meta/recipes-core/busybox/busybox_1.20.2.bb | 4 +-
.../packagegroups/packagegroup-core-boot.bb | 2 +-
.../tinylogin/tinylogin-1.4/add-system.patch | 117 ---
.../tinylogin-1.4/adduser-empty_pwd.patch | 45 --
.../tinylogin/tinylogin-1.4/avoid_static.patch | 33 -
.../tinylogin/tinylogin-1.4/cvs-20040608.patch | 823 --------------------
.../tinylogin/tinylogin-1.4/glibc_crypt_fix.patch | 23 -
.../tinylogin-1.4/passwd_rotate_check.patch | 41 -
.../tinylogin/tinylogin-1.4/remove-index.patch | 13 -
.../tinylogin/tinylogin-1.4/use_O2_option.patch | 21 -
meta/recipes-core/tinylogin/tinylogin_1.4.bb | 45 --
meta/recipes-extended/mingetty/mingetty_1.08.bb | 2 +-
.../packagegroups/packagegroup-core-basic.bb | 3 +-
16 files changed, 268 insertions(+), 1201 deletions(-)
create mode 100644 meta/recipes-core/busybox/busybox-1.20.2/busybox-list-suid-and-non-suid-app-configs.patch
create mode 100644 meta/recipes-core/busybox/busybox-1.20.2/login-utilities.cfg
delete mode 100644 meta/recipes-core/tinylogin/tinylogin-1.4/add-system.patch
delete mode 100644 meta/recipes-core/tinylogin/tinylogin-1.4/adduser-empty_pwd.patch
delete mode 100644 meta/recipes-core/tinylogin/tinylogin-1.4/avoid_static.patch
delete mode 100644 meta/recipes-core/tinylogin/tinylogin-1.4/cvs-20040608.patch
delete mode 100644 meta/recipes-core/tinylogin/tinylogin-1.4/glibc_crypt_fix.patch
delete mode 100644 meta/recipes-core/tinylogin/tinylogin-1.4/passwd_rotate_check.patch
delete mode 100644 meta/recipes-core/tinylogin/tinylogin-1.4/remove-index.patch
delete mode 100644 meta/recipes-core/tinylogin/tinylogin-1.4/use_O2_option.patch
delete mode 100644 meta/recipes-core/tinylogin/tinylogin_1.4.bb
--
1.7.9.5
next reply other threads:[~2013-06-17 5:49 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-06-17 5:49 Qi.Chen [this message]
2013-06-17 5:49 ` [PATCH V2 1/9] busybox: remove the postinst part of the recipe Qi.Chen
2013-06-17 17:52 ` Otavio Salvador
2013-06-18 1:37 ` ChenQi
2013-06-18 12:06 ` Otavio Salvador
2013-06-17 5:49 ` [PATCH V2 2/9] busybox: add support for CONFIG_FEATURE_INDIVIDUAL Qi.Chen
2013-06-17 5:49 ` [PATCH V2 3/9] busybox: add a config fragment to enable login utilities Qi.Chen
2013-06-17 5:49 ` [PATCH V2 4/9] busybox: enable to list suid and non-suid app configs Qi.Chen
2013-06-17 5:49 ` [PATCH V2 5/9] busybox: add the ability to split the busybox binary Qi.Chen
2013-06-17 5:49 ` [PATCH V2 6/9] packagegroup-core-boot: use busybox as the default login manager Qi.Chen
2013-06-17 5:49 ` [PATCH V2 7/9] packagegroup-core-basic: set " Qi.Chen
2013-06-17 5:49 ` [PATCH V2 8/9] mingetty: lower the ALTERNATIVE_PRIORITY Qi.Chen
2013-06-17 5:49 ` [PATCH V2 9/9] tinylogin: remove recipe Qi.Chen
2013-06-17 10:17 ` Phil Blundell
2013-06-17 10:28 ` Richard Purdie
2013-06-17 10:59 ` Phil Blundell
2013-06-17 11:06 ` Richard Purdie
2013-06-17 11:15 ` Phil Blundell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cover.1371447869.git.Qi.Chen@windriver.com \
--to=qi.chen@windriver.com \
--cc=openembedded-core@lists.openembedded.org \
--cc=qingtao.cao@windriver.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox