* [meta-oe][PATCH 1/2] sanlock: Use python3 and add sanlock user/group
@ 2019-11-22 1:25 Khem Raj
2019-11-22 1:25 ` [meta-oe][PATCH 2/2] sanlock: Replace cp -a with cp -R --no-dereference Khem Raj
0 siblings, 1 reply; 2+ messages in thread
From: Khem Raj @ 2019-11-22 1:25 UTC (permalink / raw)
To: openembedded-devel
Signed-off-by: Khem Raj <raj.khem@gmail.com>
---
meta-oe/recipes-extended/sanlock/sanlock_3.8.0.bb | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/meta-oe/recipes-extended/sanlock/sanlock_3.8.0.bb b/meta-oe/recipes-extended/sanlock/sanlock_3.8.0.bb
index 9f7ce9c570..8e411e4969 100644
--- a/meta-oe/recipes-extended/sanlock/sanlock_3.8.0.bb
+++ b/meta-oe/recipes-extended/sanlock/sanlock_3.8.0.bb
@@ -17,7 +17,7 @@ S = "${WORKDIR}/git"
DEPENDS = "libaio util-linux"
-inherit distutils
+inherit distutils3 useradd
do_configure[noexec] = "1"
@@ -32,3 +32,11 @@ do_install_prepend () {
oe_runmake -C src DESTDIR=${D} LIBDIR=${libdir} install
cd ${S}/python
}
+
+SANLOCKGROUP ?= "sanlock"
+SANLOCKUSER ?= "sanlock"
+USERADD_PACKAGES = "${PN}"
+GROUPADD_PARAM_${PN} = "--system ${SANLOCKGROUP}"
+USERADD_PARAM_${PN} = "--system -g ${SANLOCKGROUP} -G disk \
+ --home-dir /run/${SANLOCKUSER} --no-create-home \
+ --shell /sbin/nologin ${SANLOCKUSER}"
--
2.24.0
^ permalink raw reply related [flat|nested] 2+ messages in thread
* [meta-oe][PATCH 2/2] sanlock: Replace cp -a with cp -R --no-dereference
2019-11-22 1:25 [meta-oe][PATCH 1/2] sanlock: Use python3 and add sanlock user/group Khem Raj
@ 2019-11-22 1:25 ` Khem Raj
0 siblings, 0 replies; 2+ messages in thread
From: Khem Raj @ 2019-11-22 1:25 UTC (permalink / raw)
To: openembedded-devel
helps to stop leaking builder's UID into sstate cache
Fixes
Exception: KeyError: 'getpwuid(): uid not found: 6000'
Signed-off-by: Khem Raj <raj.khem@gmail.com>
---
...cp-a-with-cp-R-no-dereference-preser.patch | 51 +++++++++++++++++++
.../recipes-extended/sanlock/sanlock_3.8.0.bb | 4 +-
2 files changed, 54 insertions(+), 1 deletion(-)
create mode 100644 meta-oe/recipes-extended/sanlock/sanlock/0001-sanlock-Replace-cp-a-with-cp-R-no-dereference-preser.patch
diff --git a/meta-oe/recipes-extended/sanlock/sanlock/0001-sanlock-Replace-cp-a-with-cp-R-no-dereference-preser.patch b/meta-oe/recipes-extended/sanlock/sanlock/0001-sanlock-Replace-cp-a-with-cp-R-no-dereference-preser.patch
new file mode 100644
index 0000000000..a0b721c466
--- /dev/null
+++ b/meta-oe/recipes-extended/sanlock/sanlock/0001-sanlock-Replace-cp-a-with-cp-R-no-dereference-preser.patch
@@ -0,0 +1,51 @@
+From 78a9cffb1c760466933bbbcbae7ecb9b30a3e6a5 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Thu, 21 Nov 2019 13:47:42 -0800
+Subject: [PATCH] sanlock: Replace "cp -a" with "cp -R --no-dereference
+ --preserve=mode, links"
+
+Using "cp -a" leaks UID of user running the builds
+
+Upstream-Status: Pending
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ src/Makefile | 8 ++++----
+ wdmd/Makefile | 4 ++--
+ 2 files changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/src/Makefile b/src/Makefile
+index 533dd79..2fc9ba5 100644
+--- a/src/Makefile
++++ b/src/Makefile
+@@ -127,9 +127,9 @@ install: all
+ $(INSTALL) -c -m 755 $(LIBSO_CLIENT_TARGET) $(DESTDIR)/$(LIBDIR)
+ $(INSTALL) -c -m 644 $(LIBPC_ENTIRE_TARGET) $(DESTDIR)/$(LIBDIR)/pkgconfig
+ $(INSTALL) -c -m 644 $(LIBPC_CLIENT_TARGET) $(DESTDIR)/$(LIBDIR)/pkgconfig
+- cp -a $(LIB_ENTIRE_TARGET).so $(DESTDIR)/$(LIBDIR)
+- cp -a $(LIB_CLIENT_TARGET).so $(DESTDIR)/$(LIBDIR)
+- cp -a $(LIB_ENTIRE_TARGET).so.$(SOMAJOR) $(DESTDIR)/$(LIBDIR)
+- cp -a $(LIB_CLIENT_TARGET).so.$(SOMAJOR) $(DESTDIR)/$(LIBDIR)
++ cp -R --no-dereference --preserve=mode,links $(LIB_ENTIRE_TARGET).so $(DESTDIR)/$(LIBDIR)
++ cp -R --no-dereference --preserve=mode,links $(LIB_CLIENT_TARGET).so $(DESTDIR)/$(LIBDIR)
++ cp -R --no-dereference --preserve=mode,links $(LIB_ENTIRE_TARGET).so.$(SOMAJOR) $(DESTDIR)/$(LIBDIR)
++ cp -R --no-dereference --preserve=mode,links $(LIB_CLIENT_TARGET).so.$(SOMAJOR) $(DESTDIR)/$(LIBDIR)
+ $(INSTALL) -c -m 644 $(HEADER_TARGET) $(DESTDIR)/$(HEADIR)
+ $(INSTALL) -m 644 $(MAN_TARGET) $(DESTDIR)/$(MANDIR)/man8/
+diff --git a/wdmd/Makefile b/wdmd/Makefile
+index 5849efc..4894517 100644
+--- a/wdmd/Makefile
++++ b/wdmd/Makefile
+@@ -68,7 +68,7 @@ install: all
+ $(INSTALL) -d $(DESTDIR)/$(MANDIR)/man8
+ $(INSTALL) -c -m 755 $(CMD_TARGET) $(DESTDIR)/$(BINDIR)
+ $(INSTALL) -c -m 755 $(SHLIB_TARGET) $(DESTDIR)/$(LIBDIR)
+- cp -a $(LIB_TARGET).so $(DESTDIR)/$(LIBDIR)
+- cp -a $(LIB_TARGET).so.$(SOMAJOR) $(DESTDIR)/$(LIBDIR)
++ cp -R --no-dereference --preserve=mode,links $(LIB_TARGET).so $(DESTDIR)/$(LIBDIR)
++ cp -R --no-dereference --preserve=mode,links $(LIB_TARGET).so.$(SOMAJOR) $(DESTDIR)/$(LIBDIR)
+ $(INSTALL) -c -m 644 $(HEADER_TARGET) $(DESTDIR)/$(HEADIR)
+ $(INSTALL) -m 644 $(MAN_TARGET) $(DESTDIR)/$(MANDIR)/man8
+--
+2.24.0
+
diff --git a/meta-oe/recipes-extended/sanlock/sanlock_3.8.0.bb b/meta-oe/recipes-extended/sanlock/sanlock_3.8.0.bb
index 8e411e4969..bf7eaf4111 100644
--- a/meta-oe/recipes-extended/sanlock/sanlock_3.8.0.bb
+++ b/meta-oe/recipes-extended/sanlock/sanlock_3.8.0.bb
@@ -11,7 +11,9 @@ SECTION = "utils"
LICENSE = "LGPLv2+ & GPLv2 & GPLv2+"
LIC_FILES_CHKSUM = "file://README.license;md5=60487bf0bf429d6b5aa72b6d37a0eb22"
-SRC_URI = "git://pagure.io/sanlock.git;protocol=http"
+SRC_URI = "git://pagure.io/sanlock.git;protocol=http \
+ file://0001-sanlock-Replace-cp-a-with-cp-R-no-dereference-preser.patch \
+ "
SRCREV = "7afe0e66f5c7f24894896fad20ffa6f39733d80f"
S = "${WORKDIR}/git"
--
2.24.0
^ permalink raw reply related [flat|nested] 2+ messages in thread
end of thread, other threads:[~2019-11-22 1:25 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-11-22 1:25 [meta-oe][PATCH 1/2] sanlock: Use python3 and add sanlock user/group Khem Raj
2019-11-22 1:25 ` [meta-oe][PATCH 2/2] sanlock: Replace cp -a with cp -R --no-dereference Khem Raj
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.