From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 6489319872694059008 X-Received: by 10.46.84.87 with SMTP id y23mr43725ljd.4.1511165651900; Mon, 20 Nov 2017 00:14:11 -0800 (PST) X-BeenThere: isar-users@googlegroups.com Received: by 10.25.78.27 with SMTP id c27ls177550lfb.18.gmail; Mon, 20 Nov 2017 00:14:11 -0800 (PST) X-Google-Smtp-Source: AGs4zMY879k+e/lQ4AwLM6lc0+DVNvmvyDbtOnDv2sV0MNyMzkyeExIvERgiWkPCK2lJ0TnlwctB X-Received: by 10.46.66.10 with SMTP id p10mr431433lja.39.1511165651536; Mon, 20 Nov 2017 00:14:11 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1511165651; cv=none; d=google.com; s=arc-20160816; b=0/8st3fqEXSeiczwtTg3sR++brYYoOKJhsAZCoEbqj/Eufiuh7dQ8adnPiJIa0KfH6 /hzkT/xqGwFLZCHI59pBMCa/iYpwqHY5XJ8a7ojSedMpB8opeJ/ndp+xkMMUOT38sY7H EHKgy0941lNGLb9S5ze3l3DvkVX6n50Lf5DCcnl4DeKsZUgP94ZQCnvtAysk+yrJkiic XWOhO9lg3y+n5jVgQsY4S9cPRjS0IvKvSuyS7Mo8RjTeoGD3VY3efIL9WB9XA7XbtS0Z F/I9sdshajcnrQV3TV9gG1w1NMU2LV2BEKuNOvHGwbxe7q4JCuNlS9Yqtf9LUKej2l0s TgWQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=user-agent:in-reply-to:content-transfer-encoding :content-disposition:mime-version:mail-followup-to:message-id :subject:to:from:date:arc-authentication-results; bh=dKluqDPY40+IjTIo9ceKXLeVjzZxFhn+LlHLN6ysupk=; b=ZaBQsXcAcO1BDaQaXvE7vz9M/+QJdQNEczHjaj1qdNeFENkWLQzBp/DmKSKIU7BuvD 3aCjGrTQhsPOGG//quZCNMDbaiUCXgLiyLta3D1+hkALcqTgJL1pt+SHKHH8M9gu0jzr On0udmli7hly7SALK4JnTQs2qSUnmiUlFE6tNlxCxAWvUhK4i3a2UNWqTfA05G/faj0v fxHauNLgFJF9jXB21Xhh+poeDtOVtJ14mUD3aBoDFTm0mYoeVm3n26w6pMxOPI3yOvJC aRcB9sIxubWJqAWo/+VtxsNHjsKb8y9vlOPc/4FvsDCcb/WrY/uECtkG+k0FkyINUmoH fwuA== ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=pass (google.com: domain of christian.storm@siemens.com designates 192.35.17.14 as permitted sender) smtp.mailfrom=christian.storm@siemens.com Return-Path: Received: from david.siemens.de (david.siemens.de. [192.35.17.14]) by gmr-mx.google.com with ESMTPS id q27si739187lfd.0.2017.11.20.00.14.11 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 20 Nov 2017 00:14:11 -0800 (PST) Received-SPF: pass (google.com: domain of christian.storm@siemens.com designates 192.35.17.14 as permitted sender) client-ip=192.35.17.14; Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of christian.storm@siemens.com designates 192.35.17.14 as permitted sender) smtp.mailfrom=christian.storm@siemens.com Received: from mail1.siemens.de (mail1.siemens.de [139.23.33.14]) by david.siemens.de (8.15.2/8.15.2) with ESMTPS id vAK8EA8W026452 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for ; Mon, 20 Nov 2017 09:14:10 +0100 Received: from localhost ([139.25.69.251]) by mail1.siemens.de (8.15.2/8.15.2) with ESMTPS id vAK8EAMM019625 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Mon, 20 Nov 2017 09:14:10 +0100 Date: Mon, 20 Nov 2017 09:12:52 +0100 From: Christian Storm To: isar-users@googlegroups.com Subject: Re: [PATCH] isar-image-base: fix owner and group of /proc Message-ID: <20171120081252.4cm4tycudbqtjaoj@MD1KR9XC.ww002.siemens.net> Mail-Followup-To: isar-users@googlegroups.com MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <4777ea65-8495-faa9-9910-0e58bc62dbdc@ilbers.de> User-Agent: Mutt/20170113 (1.7.2) X-TUID: 3S4PfRaWfgg7 > >>>>> Signed-off-by: Christian Storm > >>>>> --- > >>>>> meta-isar/recipes-core/images/isar-image-base.bb | 2 +- > >>>>> meta/recipes-devtools/buildchroot/buildchroot.bb | 2 +- > >>>>> 2 files changed, 2 insertions(+), 2 deletions(-) > >>>>> > >>>>> diff --git a/meta-isar/recipes-core/images/isar-image-base.bb b/meta-isar/recipes-core/images/isar-image-base.bb > >>>>> index c2150b1..a6906c6 100644 > >>>>> --- a/meta-isar/recipes-core/images/isar-image-base.bb > >>>>> +++ b/meta-isar/recipes-core/images/isar-image-base.bb > >>>>> @@ -52,7 +52,7 @@ do_rootfs() { > >>>>> -e 's|##ISAR_DISTRO_SUITE##|${DEBDISTRONAME}|g' \ > >>>>> "${WORKDIR}/multistrap.conf.in" > "${WORKDIR}/multistrap.conf" > >>>>> > >>>>> - [ ! -d ${IMAGE_ROOTFS}/proc ] && install -d -m 555 ${IMAGE_ROOTFS}/proc > >>>>> + [ ! -d ${IMAGE_ROOTFS}/proc ] && sudo install -d -o 0 -g 0 -m 555 ${IMAGE_ROOTFS}/proc > >>>> > >>>> What is the requirement for doing so? And what is the benefit? > >>> > >>> In the resulting image, /proc was created with my build user's ownership > >>> != root as it was non-existent. To create the directory belonging to > >>> root, sudo is required here... > >>> > >> > >> Thanks, got it! But I don't think it's also required for buildchroot. > > > > Nope, not strictly required but for cosmetics and symmetry reasons I put > > it in there as well. Doesn't do harm either.. > > > > So I'm going to apply the first part of the patch (related to image) to > avoid adding new 'sudo' without real usecase. Fine with me. > Also in context of dropping 'sudo' from Isar, image generation and > buildchroot generation are not so symmetric. buildchroot has less strict > requirements (like out of GID/UID support) what makes it possible to use > PRoot to completely drop 'sudo' around buildchroot operations. So > keeping image and buildchroot generation processes synchronized could > bring unnecessary difficulties. Well, currently they are quite similar in what they do. So, maybe the other way round would also give some benefits, namely less duplication in terms of code and logics. Having just the buildchroot sudo-less while the image needs it doesn't give you any benefit in my opinion. Everything has to work sudo-less or you still need to rely on it, and be it only eventually for image generation. In this case, at least for me, some more sprinkled sudos cause no harm as I would have to run Isar in a VM or some other safe build environment anyway. So, I'd rather have a more concise code base without duplication in logics and code. But of course, your mileage may vary on this... Kind regards, Christian -- Dr. Christian Storm Siemens AG, Corporate Technology, CT RDA ITP SES-DE Otto-Hahn-Ring 6, 81739 M�nchen, Germany