From: "Paul Barker" <pbarker@konsulko.com>
To: Ricardo Ribalda Delgado <ricardo@ribalda.com>
Cc: Richard Purdie <richard.purdie@linuxfoundation.org>,
openembedded-core <openembedded-core@lists.openembedded.org>
Subject: Re: [OE-core] [PATCH 1/2] wic: Fix permissions when using exclude or include path
Date: Tue, 7 Apr 2020 19:12:56 +0100 [thread overview]
Message-ID: <20200407191256.6cb45445@ub1910> (raw)
In-Reply-To: <CAPybu_03RzN3zyQuoHJorcnbqWfvC+cGvGo5yNiVC8pHP-MQ=g@mail.gmail.com>
On Fri, 3 Apr 2020 21:53:39 +0200
Ricardo Ribalda Delgado <ricardo@ribalda.com> wrote:
> ping?
I think that '../pseudo' should not be used here. I'll explain inline...
> >
> > This results in a rootfs owned by the user that is running the wic
> > command (usually UID 1000), which makes some rootfs unbootable.
> >
> > To fix this we copy the content of the pseudo folders to the new folder
> > and modify the pseudo database using the "pseudo -B" command.
> >
> > Signed-off-by: Ricardo Ribalda Delgado <ricardo@ribalda.com>
> > ---
> > scripts/lib/wic/plugins/source/rootfs.py | 22 +++++++++++++++++++---
> > 1 file changed, 19 insertions(+), 3 deletions(-)
> >
> > diff --git a/scripts/lib/wic/plugins/source/rootfs.py b/scripts/lib/wic/plugins/source/rootfs.py
> > index 705aeb5563..40419a64b3 100644
> > --- a/scripts/lib/wic/plugins/source/rootfs.py
> > +++ b/scripts/lib/wic/plugins/source/rootfs.py
> > @@ -16,11 +16,11 @@ import os
> > import shutil
> > import sys
> >
> > -from oe.path import copyhardlinktree
> > +from oe.path import copyhardlinktree, copytree
> >
> > from wic import WicError
> > from wic.pluginbase import SourcePlugin
> > -from wic.misc import get_bitbake_var
> > +from wic.misc import get_bitbake_var, exec_native_cmd
> >
> > logger = logging.getLogger('wic')
> >
> > @@ -44,6 +44,15 @@ class RootfsPlugin(SourcePlugin):
> >
> > return os.path.realpath(image_rootfs_dir)
> >
> > + @staticmethod
> > + def __get_pseudo(native_sysroot, rootfs):
> > + pseudo = "export PSEUDO_PREFIX=%s/usr;" % native_sysroot
> > + pseudo += "export PSEUDO_LOCALSTATEDIR=%s;" % os.path.join(rootfs, "../pseudo")
> > + pseudo += "export PSEUDO_PASSWD=%s;" % rootfs
> > + pseudo += "export PSEUDO_NOSYMLINKEXP=1;"
> > + pseudo += "%s " % get_bitbake_var("FAKEROOTCMD")
> > + return pseudo
> > +
> > @classmethod
> > def do_prepare_partition(cls, part, source_params, cr, cr_workdir,
> > oe_builddir, bootimg_dir, kernel_dir,
> > @@ -78,9 +87,16 @@ class RootfsPlugin(SourcePlugin):
> >
> > if os.path.lexists(new_rootfs):
> > shutil.rmtree(os.path.join(new_rootfs))
> > -
> > copyhardlinktree(part.rootfs_dir, new_rootfs)
> >
> > + if os.path.lexists(os.path.join(new_rootfs, "../pseudo")):
new_rootfs is set by the following statement a few lines above:
new_rootfs = os.path.realpath(os.path.join(cr_workdir, "rootfs%d" % part.lineno))
Consider that `cr_workdir` may contain multiple rootfs staging directories
corresponding to multiple lines in the wks file, for example if a rootfs
image is duplicated into multiple partitions for redundancy. In that case
`os.path.join(new_rootfs, "../pseudo")` will clash between these different
rootfs copies.
Let's use an explicit path instead, such as:
new_pseudo = os.path.realpath(os.path.join(cr_workdir, "pseudo%d" % part.lineno))
> > + shutil.rmtree(os.path.join(new_rootfs, "../pseudo"))
> > + copytree(os.path.join(part.rootfs_dir, "../pseudo"),
part.rootfs_dir is whatever is given as the option to `--rootfs-dir`. There
is no guarantee that `../psuedo` is valid or if it corresponds to the rootfs
directory given. It's unsafe to step up the directory tree and make
assumptions like this.
> > + os.path.join(new_rootfs, "../pseudo"))
> > + pseudo_cmd = "%s -B -m %s -M %s" % (cls.__get_pseudo(native_sysroot,new_rootfs),
> > + part.rootfs_dir, new_rootfs)
> > + exec_native_cmd(pseudo_cmd, native_sysroot)
> > +
> > for path in part.include_path or []:
> > copyhardlinktree(path, new_rootfs)
--
Paul Barker
Konsulko Group
next prev parent reply other threads:[~2020-04-07 18:13 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-03-04 8:34 [PATCH 1/2] wic: Fix permissions when using exclude or include path Ricardo Ribalda Delgado
2020-03-04 8:34 ` [PATCH 2/2] wic: Add --embed-rootfs argument Ricardo Ribalda Delgado
2020-03-04 9:42 ` Paul Barker
2020-03-04 9:56 ` Ricardo Ribalda Delgado
2020-03-04 10:08 ` Paul Barker
2020-03-04 10:14 ` Ricardo Ribalda Delgado
2020-03-04 13:49 ` Ricardo Ribalda Delgado
2020-03-04 14:31 ` Joshua Watt
2020-03-04 9:53 ` [PATCH 1/2] wic: Fix permissions when using exclude or include path Paul Barker
2020-03-04 10:02 ` Ricardo Ribalda Delgado
2020-03-05 9:28 ` Paul Barker
2020-03-05 9:46 ` Ricardo Ribalda Delgado
2020-04-03 19:53 ` [OE-core] " Ricardo Ribalda
2020-04-07 18:12 ` Paul Barker [this message]
2020-04-07 18:40 ` Ricardo Ribalda
2020-04-07 19:02 ` Paul Barker
2020-04-07 19:19 ` Ricardo Ribalda
2020-04-07 19:43 ` Paul Barker
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200407191256.6cb45445@ub1910 \
--to=pbarker@konsulko.com \
--cc=openembedded-core@lists.openembedded.org \
--cc=ricardo@ribalda.com \
--cc=richard.purdie@linuxfoundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.