* [Buildroot] [PATCH 1/3] package/linux: don't leak host timezone into linux version string
@ 2022-10-04 11:15 Nuno Gonçalves via buildroot
2022-10-04 11:15 ` [Buildroot] [PATCH 2/3] package/sudo: explicitly disable tzdir and tmpfiles as otherwise they are based on build host directories Nuno Gonçalves
` (3 more replies)
0 siblings, 4 replies; 9+ messages in thread
From: Nuno Gonçalves via buildroot @ 2022-10-04 11:15 UTC (permalink / raw)
To: buildroot; +Cc: Nuno Gonçalves
Signed-off-by: Nuno Gonçalves <nunog@fr24.com>
---
linux/linux.mk | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/linux/linux.mk b/linux/linux.mk
index efdc21eff2..6b547a68ed 100644
--- a/linux/linux.mk
+++ b/linux/linux.mk
@@ -162,7 +162,7 @@ LINUX_MAKE_ENV += \
KBUILD_BUILD_VERSION=1 \
KBUILD_BUILD_USER=buildroot \
KBUILD_BUILD_HOST=buildroot \
- KBUILD_BUILD_TIMESTAMP="$(shell LC_ALL=C date -d @$(SOURCE_DATE_EPOCH))"
+ KBUILD_BUILD_TIMESTAMP="$(shell LC_ALL=C TZ='UTC' date -d @$(SOURCE_DATE_EPOCH))"
endif
# gcc-8 started warning about function aliases that have a
--
2.37.3
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [Buildroot] [PATCH 2/3] package/sudo: explicitly disable tzdir and tmpfiles as otherwise they are based on build host directories
2022-10-04 11:15 [Buildroot] [PATCH 1/3] package/linux: don't leak host timezone into linux version string Nuno Gonçalves via buildroot
@ 2022-10-04 11:15 ` Nuno Gonçalves
2022-11-05 14:44 ` Yann E. MORIN
2022-10-04 11:15 ` [Buildroot] [PATCH 3/3] package/libopenssl: don't build afalgeng Nuno Gonçalves
` (2 subsequent siblings)
3 siblings, 1 reply; 9+ messages in thread
From: Nuno Gonçalves @ 2022-10-04 11:15 UTC (permalink / raw)
To: buildroot; +Cc: Nuno Gonçalves
Signed-off-by: Nuno Gonçalves <nunog@fr24.com>
---
package/sudo/sudo.mk | 2 ++
1 file changed, 2 insertions(+)
diff --git a/package/sudo/sudo.mk b/package/sudo/sudo.mk
index 4f9fdb4b2c..97f83d9f6f 100644
--- a/package/sudo/sudo.mk
+++ b/package/sudo/sudo.mk
@@ -16,6 +16,8 @@ SUDO_SELINUX_MODULES = sudo
# This is to avoid sudo's make install from chown()ing files which fails
SUDO_INSTALL_TARGET_OPTS = INSTALL_OWNER="" DESTDIR="$(TARGET_DIR)" install
SUDO_CONF_OPTS = \
+ --with-tzdir=no \
+ --enable-tmpfiles.d=no \
--without-lecture \
--without-sendmail \
--without-umask \
--
2.37.3
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [Buildroot] [PATCH 3/3] package/libopenssl: don't build afalgeng
2022-10-04 11:15 [Buildroot] [PATCH 1/3] package/linux: don't leak host timezone into linux version string Nuno Gonçalves via buildroot
2022-10-04 11:15 ` [Buildroot] [PATCH 2/3] package/sudo: explicitly disable tzdir and tmpfiles as otherwise they are based on build host directories Nuno Gonçalves
@ 2022-10-04 11:15 ` Nuno Gonçalves
2022-11-05 15:07 ` Yann E. MORIN
2022-11-14 10:41 ` Peter Korsgaard
2022-11-05 14:10 ` [Buildroot] [PATCH 1/3] package/linux: don't leak host timezone into linux version string Yann E. MORIN
2022-11-14 10:40 ` Peter Korsgaard
3 siblings, 2 replies; 9+ messages in thread
From: Nuno Gonçalves @ 2022-10-04 11:15 UTC (permalink / raw)
To: buildroot; +Cc: Nuno Gonçalves
Afalgeng is not cross-compiled so is useless and leaks build host info
Signed-off-by: Nuno Gonçalves <nunog@fr24.com>
---
package/libopenssl/libopenssl.mk | 1 +
1 file changed, 1 insertion(+)
diff --git a/package/libopenssl/libopenssl.mk b/package/libopenssl/libopenssl.mk
index c7a2d65cc4..50d41a6533 100644
--- a/package/libopenssl/libopenssl.mk
+++ b/package/libopenssl/libopenssl.mk
@@ -83,6 +83,7 @@ define LIBOPENSSL_CONFIGURE_CMDS
no-tests \
no-fuzz-libfuzzer \
no-fuzz-afl \
+ no-afalgeng \
$(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_CHACHA),,no-chacha) \
$(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_RC5),,no-rc5) \
$(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_RC2),,no-rc2) \
--
2.37.3
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 9+ messages in thread
* Re: [Buildroot] [PATCH 1/3] package/linux: don't leak host timezone into linux version string
2022-10-04 11:15 [Buildroot] [PATCH 1/3] package/linux: don't leak host timezone into linux version string Nuno Gonçalves via buildroot
2022-10-04 11:15 ` [Buildroot] [PATCH 2/3] package/sudo: explicitly disable tzdir and tmpfiles as otherwise they are based on build host directories Nuno Gonçalves
2022-10-04 11:15 ` [Buildroot] [PATCH 3/3] package/libopenssl: don't build afalgeng Nuno Gonçalves
@ 2022-11-05 14:10 ` Yann E. MORIN
2022-11-14 10:40 ` Peter Korsgaard
3 siblings, 0 replies; 9+ messages in thread
From: Yann E. MORIN @ 2022-11-05 14:10 UTC (permalink / raw)
To: Nuno Gonçalves; +Cc: buildroot
Nuno, All,
On 2022-10-04 12:15 +0100, Nuno Gonçalves via buildroot spake thusly:
> Signed-off-by: Nuno Gonçalves <nunog@fr24.com>
Applied to master, thanks.
Regards,
Yann E. MORIN.
> ---
> linux/linux.mk | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/linux/linux.mk b/linux/linux.mk
> index efdc21eff2..6b547a68ed 100644
> --- a/linux/linux.mk
> +++ b/linux/linux.mk
> @@ -162,7 +162,7 @@ LINUX_MAKE_ENV += \
> KBUILD_BUILD_VERSION=1 \
> KBUILD_BUILD_USER=buildroot \
> KBUILD_BUILD_HOST=buildroot \
> - KBUILD_BUILD_TIMESTAMP="$(shell LC_ALL=C date -d @$(SOURCE_DATE_EPOCH))"
> + KBUILD_BUILD_TIMESTAMP="$(shell LC_ALL=C TZ='UTC' date -d @$(SOURCE_DATE_EPOCH))"
> endif
>
> # gcc-8 started warning about function aliases that have a
> --
> 2.37.3
>
> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [Buildroot] [PATCH 2/3] package/sudo: explicitly disable tzdir and tmpfiles as otherwise they are based on build host directories
2022-10-04 11:15 ` [Buildroot] [PATCH 2/3] package/sudo: explicitly disable tzdir and tmpfiles as otherwise they are based on build host directories Nuno Gonçalves
@ 2022-11-05 14:44 ` Yann E. MORIN
2022-11-08 19:30 ` Nuno Gonçalves via buildroot
0 siblings, 1 reply; 9+ messages in thread
From: Yann E. MORIN @ 2022-11-05 14:44 UTC (permalink / raw)
To: Nuno Gonçalves; +Cc: buildroot
Nuno, All,
On 2022-10-04 12:15 +0100, Nuno Gonçalves spake thusly:
> Signed-off-by: Nuno Gonçalves <nunog@fr24.com>
Commit title is way too long.
Also, I am not sure I understand what's going on, so it would be nice if
you could respin with a better commit log.
But see below...
> ---
> package/sudo/sudo.mk | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/package/sudo/sudo.mk b/package/sudo/sudo.mk
> index 4f9fdb4b2c..97f83d9f6f 100644
> --- a/package/sudo/sudo.mk
> +++ b/package/sudo/sudo.mk
> @@ -16,6 +16,8 @@ SUDO_SELINUX_MODULES = sudo
> # This is to avoid sudo's make install from chown()ing files which fails
> SUDO_INSTALL_TARGET_OPTS = INSTALL_OWNER="" DESTDIR="$(TARGET_DIR)" install
> SUDO_CONF_OPTS = \
> + --with-tzdir=no \
As I understand the code, this path is only used at runtime, to sanitize
the TZ environment variable. So, we should be able to pass the proper
path, but only if tzdata is enabled:
--with-tzdir=$(if $(BR2_PACKAGE_TZDATA),/usr/share/zoneinfo,no)
(note that /usr/share/zoneinfo is where we install TZ data in the tzdata
package).
> + --enable-tmpfiles.d=no \
Ditto, I am not sure it makes sense to ubnconditionally disable support
for tmpfiles, especially when systemd is actually used as the init
system.
Indeed, the code defaults to looking on the host to find where they
should be, and of course tht does not work in cross-compilation. But
that path is used to install files, so there is probably no reason not
tell sudo where to install its files:
--enable-tmpfiles.d=$(if $(BR2_PACAKGE_SYSTEMD),/usr/lib/tmpfiles.d,no)
Could you look into this and respin a patch, please?
Regards,
Yann E. MORIN.
> --without-lecture \
> --without-sendmail \
> --without-umask \
> --
> 2.37.3
>
> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [Buildroot] [PATCH 3/3] package/libopenssl: don't build afalgeng
2022-10-04 11:15 ` [Buildroot] [PATCH 3/3] package/libopenssl: don't build afalgeng Nuno Gonçalves
@ 2022-11-05 15:07 ` Yann E. MORIN
2022-11-14 10:41 ` Peter Korsgaard
1 sibling, 0 replies; 9+ messages in thread
From: Yann E. MORIN @ 2022-11-05 15:07 UTC (permalink / raw)
To: Nuno Gonçalves; +Cc: buildroot
Nuno, All,
On 2022-10-04 12:15 +0100, Nuno Gonçalves spake thusly:
> Afalgeng is not cross-compiled so is useless and leaks build host info
Looking at the configure script for libopenssl, afalgeng should already
be forcibly disabled because of cross-compilation:
1557 if ($config{CROSS_COMPILE} eq "") {
1558 my $verstr = `uname -r`;
1559 my ($ma, $mi1, $mi2) = split("\\.", $verstr);
1560 ($mi2) = $mi2 =~ /(\d+)/;
1561 my $ver = $ma*10000 + $mi1*100 + $mi2;
1562 if ($ver < $minver) {
1563 disable('too-old-kernel', 'afalgeng');
1564 } else {
1565 push @{$config{engdirs}}, "afalg";
1566 }
1567 } else {
1568 disable('cross-compiling', 'afalgeng');
1569 }
However, we never set CROSS_COMPILE...
So, I've extended the commit log to explain the situation better.
> Signed-off-by: Nuno Gonçalves <nunog@fr24.com>
Applied to master, thanks.
Regards,
Yann E. MORIN.
> ---
> package/libopenssl/libopenssl.mk | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/package/libopenssl/libopenssl.mk b/package/libopenssl/libopenssl.mk
> index c7a2d65cc4..50d41a6533 100644
> --- a/package/libopenssl/libopenssl.mk
> +++ b/package/libopenssl/libopenssl.mk
> @@ -83,6 +83,7 @@ define LIBOPENSSL_CONFIGURE_CMDS
> no-tests \
> no-fuzz-libfuzzer \
> no-fuzz-afl \
> + no-afalgeng \
> $(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_CHACHA),,no-chacha) \
> $(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_RC5),,no-rc5) \
> $(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_RC2),,no-rc2) \
> --
> 2.37.3
>
> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [Buildroot] [PATCH 2/3] package/sudo: explicitly disable tzdir and tmpfiles as otherwise they are based on build host directories
2022-11-05 14:44 ` Yann E. MORIN
@ 2022-11-08 19:30 ` Nuno Gonçalves via buildroot
0 siblings, 0 replies; 9+ messages in thread
From: Nuno Gonçalves via buildroot @ 2022-11-08 19:30 UTC (permalink / raw)
To: Yann E. MORIN; +Cc: buildroot
[-- Attachment #1.1: Type: text/plain, Size: 1348 bytes --]
Hi Yann,
On Sat, Nov 5, 2022 at 2:44 PM Yann E. MORIN <yann.morin.1998@free.fr>
wrote:
> As I understand the code, this path is only used at runtime, to sanitize
> the TZ environment variable. So, we should be able to pass the proper
> path, but only if tzdata is enabled:
>
> --with-tzdir=$(if $(BR2_PACKAGE_TZDATA),/usr/share/zoneinfo,no)
>
> (note that /usr/share/zoneinfo is where we install TZ data in the tzdata
> package).
>
> > + --enable-tmpfiles.d=no \
>
> Ditto, I am not sure it makes sense to ubnconditionally disable support
> for tmpfiles, especially when systemd is actually used as the init
> system.
>
> Indeed, the code defaults to looking on the host to find where they
> should be, and of course tht does not work in cross-compilation. But
> that path is used to install files, so there is probably no reason not
> tell sudo where to install its files:
>
> --enable-tmpfiles.d=$(if $(BR2_PACAKGE_SYSTEMD),/usr/lib/tmpfiles.d,no)
>
> Yes, it seems it is as you said.
My approach was just "if it is broken" (as it looks for host paths only),
then let's just disable it.
I am using systemd so your solution also likely fixes tmpfiles sudo support
for me (which I would only have depending if my build host/container used
systemd).
I will provide now the patches with your suggestions to fix it
Thanks,
Nuno
>
>
[-- Attachment #1.2: Type: text/html, Size: 1969 bytes --]
[-- Attachment #2: Type: text/plain, Size: 150 bytes --]
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [Buildroot] [PATCH 1/3] package/linux: don't leak host timezone into linux version string
2022-10-04 11:15 [Buildroot] [PATCH 1/3] package/linux: don't leak host timezone into linux version string Nuno Gonçalves via buildroot
` (2 preceding siblings ...)
2022-11-05 14:10 ` [Buildroot] [PATCH 1/3] package/linux: don't leak host timezone into linux version string Yann E. MORIN
@ 2022-11-14 10:40 ` Peter Korsgaard
3 siblings, 0 replies; 9+ messages in thread
From: Peter Korsgaard @ 2022-11-14 10:40 UTC (permalink / raw)
To: Nuno Gonçalves via buildroot; +Cc: Nuno Gonçalves
>>>>> "Nuno" == Nuno Gonçalves via buildroot <buildroot@buildroot.org> writes:
> Signed-off-by: Nuno Gonçalves <nunog@fr24.com>
Committed to 2022.08.x and 2022.02.x, thanks.
--
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [Buildroot] [PATCH 3/3] package/libopenssl: don't build afalgeng
2022-10-04 11:15 ` [Buildroot] [PATCH 3/3] package/libopenssl: don't build afalgeng Nuno Gonçalves
2022-11-05 15:07 ` Yann E. MORIN
@ 2022-11-14 10:41 ` Peter Korsgaard
1 sibling, 0 replies; 9+ messages in thread
From: Peter Korsgaard @ 2022-11-14 10:41 UTC (permalink / raw)
To: Nuno Gonçalves; +Cc: buildroot
>>>>> "Nuno" == Nuno Gonçalves <nunog@fr24.com> writes:
> Afalgeng is not cross-compiled so is useless and leaks build host info
> Signed-off-by: Nuno Gonçalves <nunog@fr24.com>
Committed to 2022.08.x and 2022.02.x, thanks.
--
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2022-11-14 10:41 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-10-04 11:15 [Buildroot] [PATCH 1/3] package/linux: don't leak host timezone into linux version string Nuno Gonçalves via buildroot
2022-10-04 11:15 ` [Buildroot] [PATCH 2/3] package/sudo: explicitly disable tzdir and tmpfiles as otherwise they are based on build host directories Nuno Gonçalves
2022-11-05 14:44 ` Yann E. MORIN
2022-11-08 19:30 ` Nuno Gonçalves via buildroot
2022-10-04 11:15 ` [Buildroot] [PATCH 3/3] package/libopenssl: don't build afalgeng Nuno Gonçalves
2022-11-05 15:07 ` Yann E. MORIN
2022-11-14 10:41 ` Peter Korsgaard
2022-11-05 14:10 ` [Buildroot] [PATCH 1/3] package/linux: don't leak host timezone into linux version string Yann E. MORIN
2022-11-14 10:40 ` Peter Korsgaard
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.