* [Buildroot] [RFC PATCH v3 1/2] makedevs: only warn when xattr support disabled
@ 2019-07-30 20:31 Petr Vorel
2019-07-30 20:31 ` [Buildroot] [RFC PATCH v3 2/2] iputils: add capability for clockdiff, ping, traceroute6 Petr Vorel
2019-07-30 20:57 ` [Buildroot] [RFC PATCH v3 1/2] makedevs: only warn when xattr support disabled Yann E. MORIN
0 siblings, 2 replies; 4+ messages in thread
From: Petr Vorel @ 2019-07-30 20:31 UTC (permalink / raw)
To: buildroot
Previously makedevs failed when xattr configuration defined while
disabled BR2_ROOTFS_DEVICE_TABLE_SUPPORTS_EXTENDED_ATTRIBUTES.
Therefore check for this configuration would be required
in each use. Therefore only print warning with number of discharged lines.
No package is using this feature so far (it's used only in tests),
thus no need to change any package config.
Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
---
Changes v2->v3:
* print warning only once at the end, print number of discharged lines
* put into single line (feel free to add new line)
package/makedevs/makedevs.c | 14 +++++++++++---
1 file changed, 11 insertions(+), 3 deletions(-)
diff --git a/package/makedevs/makedevs.c b/package/makedevs/makedevs.c
index c57b964f5c..aa0b4b4cba 100644
--- a/package/makedevs/makedevs.c
+++ b/package/makedevs/makedevs.c
@@ -493,6 +493,7 @@ int main(int argc, char **argv)
printf("table=<stdin>\n");
}
+ unsigned int xattr_warned = 0;
while ((line = bb_get_chomped_line_from_file(table))) {
char type;
unsigned int mode = 0755;
@@ -518,9 +519,7 @@ int main(int argc, char **argv)
if (bb_set_xattr(full_name, xattr) < 0)
bb_error_msg_and_die("can't set cap %s on file %s\n", xattr, full_name);
#else
- bb_error_msg_and_die("line %d not supported: '%s'\nDid you forget to enable "
- "BR2_ROOTFS_DEVICE_TABLE_SUPPORTS_EXTENDED_ATTRIBUTES?\n",
- linenum, line);
+ xattr_warned++;
#endif /* EXTENDED_ATTRIBUTES */
continue;
}
@@ -641,6 +640,15 @@ int main(int argc, char **argv)
loop:
free(line);
}
+
+ if (xattr_warned) {
+ bb_error_msg("%u lines with xattr configuration discharged, enable "
+ "BR2_ROOTFS_DEVICE_TABLE_SUPPORTS_EXTENDED_ATTRIBUTES "
+ "to get xattr support\n",
+ xattr_warned);
+ ret = EXIT_FAILURE;
+ }
+
fclose(table);
return ret;
--
2.22.0
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [Buildroot] [RFC PATCH v3 2/2] iputils: add capability for clockdiff, ping, traceroute6
2019-07-30 20:31 [Buildroot] [RFC PATCH v3 1/2] makedevs: only warn when xattr support disabled Petr Vorel
@ 2019-07-30 20:31 ` Petr Vorel
2019-07-30 20:57 ` [Buildroot] [RFC PATCH v3 1/2] makedevs: only warn when xattr support disabled Yann E. MORIN
1 sibling, 0 replies; 4+ messages in thread
From: Petr Vorel @ 2019-07-30 20:31 UTC (permalink / raw)
To: buildroot
Not setting for arping as it can be used for ARP Poisoning.
Use cap_net_raw+p (drop +e) as upstream sets that via
cap_set_flag(), see https://github.com/iputils/iputils/issues/194
Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
---
Same as v2.
package/iputils/iputils.mk | 3 +++
1 file changed, 3 insertions(+)
diff --git a/package/iputils/iputils.mk b/package/iputils/iputils.mk
index 8e6a3e2fc5..f1d3e1fc6a 100644
--- a/package/iputils/iputils.mk
+++ b/package/iputils/iputils.mk
@@ -76,8 +76,11 @@ IPUTILS_CONF_OPTS += -DNO_SETCAP_OR_SUID=true
define IPUTILS_PERMISSIONS
/usr/sbin/arping f 4755 0 0 - - - - -
/usr/bin/clockdiff f 4755 0 0 - - - - -
+ |xattr cap_net_raw+p
/bin/ping f 4755 0 0 - - - - -
+ |xattr cap_net_raw+p
/usr/bin/traceroute6 f 4755 0 0 - - - - -
+ |xattr cap_net_raw+p
endef
$(eval $(meson-package))
--
2.22.0
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [Buildroot] [RFC PATCH v3 1/2] makedevs: only warn when xattr support disabled
2019-07-30 20:31 [Buildroot] [RFC PATCH v3 1/2] makedevs: only warn when xattr support disabled Petr Vorel
2019-07-30 20:31 ` [Buildroot] [RFC PATCH v3 2/2] iputils: add capability for clockdiff, ping, traceroute6 Petr Vorel
@ 2019-07-30 20:57 ` Yann E. MORIN
2019-07-30 21:42 ` Petr Vorel
1 sibling, 1 reply; 4+ messages in thread
From: Yann E. MORIN @ 2019-07-30 20:57 UTC (permalink / raw)
To: buildroot
Petr, All,
On 2019-07-30 22:31 +0200, Petr Vorel spake thusly:
> Previously makedevs failed when xattr configuration defined while
> disabled BR2_ROOTFS_DEVICE_TABLE_SUPPORTS_EXTENDED_ATTRIBUTES.
> Therefore check for this configuration would be required
> in each use. Therefore only print warning with number of discharged lines.
>
> No package is using this feature so far (it's used only in tests),
> thus no need to change any package config.
>
> Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
[--SNIP--]
> @@ -641,6 +640,15 @@ int main(int argc, char **argv)
> loop:
> free(line);
> }
> +
> + if (xattr_warned) {
> + bb_error_msg("%u lines with xattr configuration discharged, enable "
"discharged" is not the most appropriate term. I'd have just said
"ignored".
> + "BR2_ROOTFS_DEVICE_TABLE_SUPPORTS_EXTENDED_ATTRIBUTES "
> + "to get xattr support\n",
> + xattr_warned);
Yes, that's nice! :-)
> + ret = EXIT_FAILURE;
Why do you want to exit in failure?
When makedevs exits in error, then whole fakeroot script aborts even
before attempting to generate the image.
I can see two problems with that:
- first, when iputils is enabled, then the build will by default fail,
as xattr support is by default disabled,
- I can very well see a scenario where xattr, and thus capabilities,
are not desired. For example, if I need iputils, but will only ever
call clockdiff as root, then I don't care about its capabilities.
So, I think it is nice that we warn that xattrs are dropped, but we
should not fail the build.
Regards,
Yann E. MORIN.
> + }
> +
> fclose(table);
>
> return ret;
> --
> 2.22.0
>
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Buildroot] [RFC PATCH v3 1/2] makedevs: only warn when xattr support disabled
2019-07-30 20:57 ` [Buildroot] [RFC PATCH v3 1/2] makedevs: only warn when xattr support disabled Yann E. MORIN
@ 2019-07-30 21:42 ` Petr Vorel
0 siblings, 0 replies; 4+ messages in thread
From: Petr Vorel @ 2019-07-30 21:42 UTC (permalink / raw)
To: buildroot
Hi Yann, others,
> Why do you want to exit in failure?
> When makedevs exits in error, then whole fakeroot script aborts even
> before attempting to generate the image.
> I can see two problems with that:
> - first, when iputils is enabled, then the build will by default fail,
> as xattr support is by default disabled,
> - I can very well see a scenario where xattr, and thus capabilities,
> are not desired. For example, if I need iputils, but will only ever
> call clockdiff as root, then I don't care about its capabilities.
> So, I think it is nice that we warn that xattrs are dropped, but we
> should not fail the build.
Good point, I've sent v4 with this change.
Thanks for your review!
Regards to xattr support by default disabled, could you please have a look at
other my patch, which set default according to xattr support of used rootfs?
https://patchwork.ozlabs.org/project/buildroot/list/?series=120582
NOTE to reviewers: I've cleaned up previous versions in patchwork (set superseded)
Kind regards,
Petr
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2019-07-30 21:42 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-07-30 20:31 [Buildroot] [RFC PATCH v3 1/2] makedevs: only warn when xattr support disabled Petr Vorel
2019-07-30 20:31 ` [Buildroot] [RFC PATCH v3 2/2] iputils: add capability for clockdiff, ping, traceroute6 Petr Vorel
2019-07-30 20:57 ` [Buildroot] [RFC PATCH v3 1/2] makedevs: only warn when xattr support disabled Yann E. MORIN
2019-07-30 21:42 ` Petr Vorel
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.