On Thu 11/06/20 07:46, Michael Olbrich wrote:
On Wed, Jun 10, 2020 at 01:42:25PM +0200, Nico Lastzka wrote:
On Wed 10/06/20 11:32, Bruno Thomsen wrote:
> > From: ptxdist <[email protected]> on behalf of Nico Lastzka 
<[email protected]>
> > Sent: Wednesday, June 10, 2020 11:35
> > To: [email protected] <[email protected]>
> > Subject: [ptxdist] Hard-coded directory permissions
> >
> > Hi,
> >
> > I ran into a problem with the latest ptxdist 2020.06 when trying to install 
an ssh key to
> > "/root/.ssh/authorized_keys".
> >
> >
> > Here, the "image-enhancements rule" contains the following code which 
breaks the image creation:
> >
> >      @$(call install_copy, image_enhancements, 0, 0, 0400, 
$(PTXDIST_PLATFORMCONFIGDIR)/access/key-develop_id_ed25519.pub, 
/root/.ssh/authorized_keys )
>
> I think you need to create the parent directory first with correct 
permissions.
>
> @$(call install_copy, image_enhancements, 0, 0, 0400, /root/.ssh)
>

Already tried that without success.

You need to explicitly create the directory, the error complains about,
with the correct permissions:

        @$(call install_copy, image_enhancements, 0, 0, 0700, /root)


Thanks for the quick reply. I tried your solution but it did not work either. 
Although I can create
folders like '/root' and '/root/.ssh' without a problem, the issue comes from 
the fact that the awk
script uses hardcoded permissions for folders within a given file path. Now I 
have the following in
my rule:

--8<--------------------
@$(call install_copy, image_enhancements, 0, 0, 0700, /root)
@$(call install_copy, image_enhancements, 0, 0, 0700, /root/.ssh)
@$(call install_copy, image_enhancements, 0, 0, 0400, 
$(PTXDIST_PLATFORMCONFIGDIR)/access/key-develop_id_ed25519.pub, 
/root/.ssh/authorized_keys )
-------------------->8--

This leads to the following results:

1. '/root' is checked ok, since it uses the same permissions as defined by the 
rootfs
2. '/root/.ssh is checked ok, since it is not included by any other package (I 
can even change
permissions here)
3. '/root/.ssh/authorized_keys' is split into the following checks by the 
script:
  3a. '/root/.ssh/authorized_keys' is checked ok because no other package 
defines it
  3b. '/root/.ssh is checked ok although the permissions checked for are now 
0755, since it is not included by any other package
  3c. '/root' check fails, since it now uses the hardcoded permissions 0755, 
whereas the rootfs defines 0700)

I think rather to use the hardcoded values for these folders the script should 
try to look it up
from 'perms[path]' first and only use the 0755 as a fallback.

Michael

--
Pengutronix e.K.                           |                             |
Steuerwalder Str. 21                       | http://www.pengutronix.de/  |
31137 Hildesheim, Germany                  | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |

_______________________________________________
ptxdist mailing list
[email protected]
To unsubscribe, send a mail with subject "unsubscribe" to 
[email protected]




_______________________________________________
ptxdist mailing list
[email protected]
To unsubscribe, send a mail with subject "unsubscribe" to 
[email protected]

Reply via email to