[OE-core] HA: HA: [PATCH] util-linux: fix owner and group for binaries in resulting image
Good day! Sorry guys, It looks like that the problem is not in recipe but somehow conected with host distro: we can not reproduce problem on linux mint 19.1 host distro but steel face problem with permissions on CentOS Linux release 7.6.1810 (Core) requested output of package content: dpkg -c util-linux-mount_2.30-r0_mipsel.deb drwxrwxrwx root/root 0 2019-05-08 14:58 ./ drwxr-xr-x root/root 0 2019-05-08 14:58 ./bin/ -rwsr-xr-x 1000/1000 27956 2019-05-08 14:58 ./bin/mount.util-linux With best regards, Popov Anton От: Burton, Ross [ross.bur...@intel.com] Отправлено: 7 мая 2019 г. 23:08 Кому: Popov Anton Копия: Jacob Kroon; openembedded-core@lists.openembedded.org Тема: Re: [OE-core] HA: [PATCH] util-linux: fix owner and group for binaries in resulting image On Tue, 7 May 2019 at 13:47, Popov Anton wrote: > I don't think so. At the moment we are using rocko release and found this > problem in util-linux-2.30 recipe. > > the problem is that util-linux builds with regular user permissions and > result files are owned by user with uid 1000 in our case. for most of > binaries in /bin and /sbin generated by util-linux this permissions issue is > not a problem (Because all binaries has o+x set). But for those of them who > have suid bit setted it became a real trouble. Can you give an example of a concrete filename and demonstrate this by e.g. listing the contents of a package from deploy? For example with master: $ dpkg-deb -c util-linux-mount_2.32.1-r0_corei7-64.ipk -rwsr-xr-x root/root 47152 2019-05-07 14:40 ./bin/mount.util-linux Permissions look right to me. Ross -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] HA: [PATCH] util-linux: fix owner and group for binaries in resulting image
Hi, I don't think so. At the moment we are using rocko release and found this problem in util-linux-2.30 recipe. the problem is that util-linux builds with regular user permissions and result files are owned by user with uid 1000 in our case. for most of binaries in /bin and /sbin generated by util-linux this permissions issue is not a problem (Because all binaries has o+x set). But for those of them who have suid bit setted it became a real trouble. With best regards, Anton Popov От: Jacob Kroon [jacob.kr...@gmail.com] Отправлено: 7 мая 2019 г. 8:04 Кому: Popov Anton Копия: openembedded-core@lists.openembedded.org Тема: Re: [OE-core] [PATCH] util-linux: fix owner and group for binaries in resulting image Hi, Are we sure this is not caused by the new glibc2.29/pseudo problems that has been seen previously ? Which distro are you building on, and which version of poky/oe are you using ? /Jacob On Mon, May 6, 2019 at 5:46 PM Popov Anton wrote: > > util-linux source produce some binaries with setuid bit set > > do_install function produce binaries in /sbin and /bin with uid:gid > of user who build image this lead to messages like this: > mount /dev/sdb1 /mnt/flash > mount: only root can do that (effective UID is 1000) > this patch changing owner of binaries in /bin and /sbin to 0:0 > > Signed-off-by: Anton Popov > --- > meta/recipes-core/util-linux/util-linux.inc | 21 + > 1 file changed, 21 insertions(+) > > diff --git a/meta/recipes-core/util-linux/util-linux.inc > b/meta/recipes-core/util-linux/util-linux.inc > index 34255a2dec..d75a2dd399 100644 > --- a/meta/recipes-core/util-linux/util-linux.inc > +++ b/meta/recipes-core/util-linux/util-linux.inc > @@ -201,6 +201,27 @@ do_install () { > fi > } > > +# when building yocto image with non-root user some binaries appears in > resulting > +# image with rights of user who build image. This behaviour may lead to > misfunction > +# of some binaries like mount because of setuid bit on them: > +# mount /dev/sdb1 /mnt/flash > +# mount: only root can do that (effective UID is 1000) > +# ls -ld which mount > +# lrwxrwxrwx1 root root21 Jan 2 1970 /bin/mount -> > /bin/mount.util-linux > # root@mitx-fp32:/mnt/system/initrd# ls -ld > /bin/mount.util-linux ># -rwsr-xr-x1 > 1000 1000 28020 Apr 23 12:49 /bin/mount.util-linux > +do_install_append_class-target () { > +for p in $sbinprogs $sbinprogs_a; do > +if [ -f "${D}${base_sbindir}/$p" ]; then > +chown 0:0 "${D}${base_sbindir}/$p" > +fi > +done > +for p in $binprogs_a; do > +if [ -f "${D}${base_bindir}/$p" ]; then > +chown 0:0 "${D}${base_bindir}/$p" > +fi > +done > +} > + > + > # nologin causes a conflict with shadow-native > # kill causes a conflict with coreutils-native (if ${bindir}==${base_bindir}) > do_install_append_class-native () { > -- > 2.20.1 > -- > ___ > Openembedded-core mailing list > Openembedded-core@lists.openembedded.org > http://lists.openembedded.org/mailman/listinfo/openembedded-core -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH] util-linux: fix owner and group for binaries in resulting image
util-linux source produce some binaries with setuid bit set do_install function produce binaries in /sbin and /bin with uid:gid of user who build image this lead to messages like this: mount /dev/sdb1 /mnt/flash mount: only root can do that (effective UID is 1000) this patch changing owner of binaries in /bin and /sbin to 0:0 Signed-off-by: Anton Popov --- meta/recipes-core/util-linux/util-linux.inc | 21 + 1 file changed, 21 insertions(+) diff --git a/meta/recipes-core/util-linux/util-linux.inc b/meta/recipes-core/util-linux/util-linux.inc index 34255a2dec..d75a2dd399 100644 --- a/meta/recipes-core/util-linux/util-linux.inc +++ b/meta/recipes-core/util-linux/util-linux.inc @@ -201,6 +201,27 @@ do_install () { fi } +# when building yocto image with non-root user some binaries appears in resulting +# image with rights of user who build image. This behaviour may lead to misfunction +# of some binaries like mount because of setuid bit on them: +# mount /dev/sdb1 /mnt/flash +# mount: only root can do that (effective UID is 1000) +# ls -ld which mount +# lrwxrwxrwx1 root root21 Jan 2 1970 /bin/mount -> /bin/mount.util-linux # root@mitx-fp32:/mnt/system/initrd# ls -ld /bin/mount.util-linux # -rwsr-xr-x1 1000 1000 28020 Apr 23 12:49 /bin/mount.util-linux +do_install_append_class-target () { +for p in $sbinprogs $sbinprogs_a; do +if [ -f "${D}${base_sbindir}/$p" ]; then +chown 0:0 "${D}${base_sbindir}/$p" +fi +done +for p in $binprogs_a; do +if [ -f "${D}${base_bindir}/$p" ]; then +chown 0:0 "${D}${base_bindir}/$p" +fi +done +} + + # nologin causes a conflict with shadow-native # kill causes a conflict with coreutils-native (if ${bindir}==${base_bindir}) do_install_append_class-native () { -- 2.20.1 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core