[OE-core] HA: HA: [PATCH] util-linux: fix owner and group for binaries in resulting image
Good day! Sorry guys, It looks like that the problem is not in recipe but somehow conected with host distro: we can not reproduce problem on linux mint 19.1 host distro but steel face problem with permissions on CentOS Linux release 7.6.1810 (Core) requested output of package content: dpkg -c util-linux-mount_2.30-r0_mipsel.deb drwxrwxrwx root/root 0 2019-05-08 14:58 ./ drwxr-xr-x root/root 0 2019-05-08 14:58 ./bin/ -rwsr-xr-x 1000/1000 27956 2019-05-08 14:58 ./bin/mount.util-linux With best regards, Popov Anton От: Burton, Ross [ross.bur...@intel.com] Отправлено: 7 мая 2019 г. 23:08 Кому: Popov Anton Копия: Jacob Kroon; openembedded-core@lists.openembedded.org Тема: Re: [OE-core] HA: [PATCH] util-linux: fix owner and group for binaries in resulting image On Tue, 7 May 2019 at 13:47, Popov Anton wrote: > I don't think so. At the moment we are using rocko release and found this > problem in util-linux-2.30 recipe. > > the problem is that util-linux builds with regular user permissions and > result files are owned by user with uid 1000 in our case. for most of > binaries in /bin and /sbin generated by util-linux this permissions issue is > not a problem (Because all binaries has o+x set). But for those of them who > have suid bit setted it became a real trouble. Can you give an example of a concrete filename and demonstrate this by e.g. listing the contents of a package from deploy? For example with master: $ dpkg-deb -c util-linux-mount_2.32.1-r0_corei7-64.ipk -rwsr-xr-x root/root 47152 2019-05-07 14:40 ./bin/mount.util-linux Permissions look right to me. Ross -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] HA: [PATCH] util-linux: fix owner and group for binaries in resulting image
Hi,
I don't think so. At the moment we are using rocko release and found this
problem in util-linux-2.30 recipe.
the problem is that util-linux builds with regular user permissions and result
files are owned by user with uid 1000 in our case. for most of binaries in /bin
and /sbin generated by util-linux this permissions issue is not a problem
(Because all binaries has o+x set). But for those of them who have suid bit
setted it became a real trouble.
With best regards,
Anton Popov
От: Jacob Kroon [jacob.kr...@gmail.com]
Отправлено: 7 мая 2019 г. 8:04
Кому: Popov Anton
Копия: openembedded-core@lists.openembedded.org
Тема: Re: [OE-core] [PATCH] util-linux: fix owner and group for binaries in
resulting image
Hi,
Are we sure this is not caused by the new glibc2.29/pseudo problems
that has been seen previously ?
Which distro are you building on, and which version of poky/oe are you using ?
/Jacob
On Mon, May 6, 2019 at 5:46 PM Popov Anton wrote:
>
> util-linux source produce some binaries with setuid bit set
>
> do_install function produce binaries in /sbin and /bin with uid:gid
> of user who build image this lead to messages like this:
> mount /dev/sdb1 /mnt/flash
> mount: only root can do that (effective UID is 1000)
> this patch changing owner of binaries in /bin and /sbin to 0:0
>
> Signed-off-by: Anton Popov
> ---
> meta/recipes-core/util-linux/util-linux.inc | 21 +
> 1 file changed, 21 insertions(+)
>
> diff --git a/meta/recipes-core/util-linux/util-linux.inc
> b/meta/recipes-core/util-linux/util-linux.inc
> index 34255a2dec..d75a2dd399 100644
> --- a/meta/recipes-core/util-linux/util-linux.inc
> +++ b/meta/recipes-core/util-linux/util-linux.inc
> @@ -201,6 +201,27 @@ do_install () {
> fi
> }
>
> +# when building yocto image with non-root user some binaries appears in
> resulting
> +# image with rights of user who build image. This behaviour may lead to
> misfunction
> +# of some binaries like mount because of setuid bit on them:
> +# mount /dev/sdb1 /mnt/flash
> +# mount: only root can do that (effective UID is 1000)
> +# ls -ld which mount
> +# lrwxrwxrwx1 root root21 Jan 2 1970 /bin/mount ->
> /bin/mount.util-linux
> # root@mitx-fp32:/mnt/system/initrd# ls -ld
> /bin/mount.util-linux
># -rwsr-xr-x1
> 1000 1000 28020 Apr 23 12:49 /bin/mount.util-linux
> +do_install_append_class-target () {
> +for p in $sbinprogs $sbinprogs_a; do
> +if [ -f "${D}${base_sbindir}/$p" ]; then
> +chown 0:0 "${D}${base_sbindir}/$p"
> +fi
> +done
> +for p in $binprogs_a; do
> +if [ -f "${D}${base_bindir}/$p" ]; then
> +chown 0:0 "${D}${base_bindir}/$p"
> +fi
> +done
> +}
> +
> +
> # nologin causes a conflict with shadow-native
> # kill causes a conflict with coreutils-native (if ${bindir}==${base_bindir})
> do_install_append_class-native () {
> --
> 2.20.1
> --
> ___
> Openembedded-core mailing list
> Openembedded-core@lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-core
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH] util-linux: fix owner and group for binaries in resulting image
util-linux source produce some binaries with setuid bit set
do_install function produce binaries in /sbin and /bin with uid:gid
of user who build image this lead to messages like this:
mount /dev/sdb1 /mnt/flash
mount: only root can do that (effective UID is 1000)
this patch changing owner of binaries in /bin and /sbin to 0:0
Signed-off-by: Anton Popov
---
meta/recipes-core/util-linux/util-linux.inc | 21 +
1 file changed, 21 insertions(+)
diff --git a/meta/recipes-core/util-linux/util-linux.inc
b/meta/recipes-core/util-linux/util-linux.inc
index 34255a2dec..d75a2dd399 100644
--- a/meta/recipes-core/util-linux/util-linux.inc
+++ b/meta/recipes-core/util-linux/util-linux.inc
@@ -201,6 +201,27 @@ do_install () {
fi
}
+# when building yocto image with non-root user some binaries appears in
resulting
+# image with rights of user who build image. This behaviour may lead to
misfunction
+# of some binaries like mount because of setuid bit on them:
+# mount /dev/sdb1 /mnt/flash
+# mount: only root can do that (effective UID is 1000)
+# ls -ld which mount
+# lrwxrwxrwx1 root root21 Jan 2 1970 /bin/mount ->
/bin/mount.util-linux
# root@mitx-fp32:/mnt/system/initrd# ls -ld
/bin/mount.util-linux
# -rwsr-xr-x1 1000
1000 28020 Apr 23 12:49 /bin/mount.util-linux
+do_install_append_class-target () {
+for p in $sbinprogs $sbinprogs_a; do
+if [ -f "${D}${base_sbindir}/$p" ]; then
+chown 0:0 "${D}${base_sbindir}/$p"
+fi
+done
+for p in $binprogs_a; do
+if [ -f "${D}${base_bindir}/$p" ]; then
+chown 0:0 "${D}${base_bindir}/$p"
+fi
+done
+}
+
+
# nologin causes a conflict with shadow-native
# kill causes a conflict with coreutils-native (if ${bindir}==${base_bindir})
do_install_append_class-native () {
--
2.20.1
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
