From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 6517242303530139648 X-Received: by 10.25.79.74 with SMTP id a10mr2402971lfk.40.1517414038377; Wed, 31 Jan 2018 07:53:58 -0800 (PST) X-BeenThere: isar-users@googlegroups.com Received: by 10.25.195.141 with SMTP id t135ls781178lff.4.gmail; Wed, 31 Jan 2018 07:53:57 -0800 (PST) X-Google-Smtp-Source: AH8x225TFB/iqamC+LxpPGbwjijs3h8Pn+pBZkevOoEsv5S7+A1LiIBl1JITbaXHc0M/3g0SVdqK X-Received: by 10.25.196.67 with SMTP id u64mr2391832lff.38.1517414037859; Wed, 31 Jan 2018 07:53:57 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1517414037; cv=none; d=google.com; s=arc-20160816; b=OznzBf0/Yo/dgrNBfbudjb1rtcP+IDei0d1ZnAcd4j/pRSpgts4FiCF0Iolvap3INU 3Xao218dTQ5guAGX1dhFTpiGan5igHVc4rmxReqrW12huu+LQqSRX4wAVwPrXd2FzDFc 58h6VEx67LwSJgIduMfso2b0gvxkFFA+sPacS8EB6TE9dd9MgLtruOdVczutr0eNk48m 8aEYRckBiDAzsx0MrULeOhwOIxFE8u0cGyyQQ34QpZQ9qSBM9LtbwWbo5lz7AYzoqN+P DexG669xzPu0W86Gr9QdhTSU5R8rL7XWA+czhi9CAAAH6cWVINpGUszaSTrjQBfW+fA7 CHHQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:subject:to:from:date:arc-authentication-results; bh=CqwGdDOk4XAczpicLvVdJNgxr5R7iFuJob8P50VBFjg=; b=K0pivYRL1klMok5Cz9Z1UOGqrs8QHUTxvcFo9BHaoRedhoU3aAc3V3b11KMXyd7EtU hDOjISZRoGsNWWb/LBF+RpKfJON5KJeM71+9PLcMZkbrhgQ/B596mslppp7d9bIew9ln 9fXDS/RzbbeaDbfIL9Cl+Dyndu6ReYf5ZystAKuJi88Ot6lirD62pvi+reftuwNae//r IRNQS3yAi5qLK5ZlSuXvetiDidB9WV7eyvPvGAsur5hXSnBqG7PXCXwxxT+vvq/RjLYl nICNDlH3znZefUUhMTnMU41lgJ9RPyR3br/7+DNIMAEzu8huwCmMGic0tAnDaC/ZftTe QDOA== ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=pass (google.com: domain of henning.schild@siemens.com designates 192.35.17.14 as permitted sender) smtp.mailfrom=henning.schild@siemens.com Return-Path: Received: from david.siemens.de (david.siemens.de. [192.35.17.14]) by gmr-mx.google.com with ESMTPS id w29si154005lfc.5.2018.01.31.07.53.57 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 31 Jan 2018 07:53:57 -0800 (PST) Received-SPF: pass (google.com: domain of henning.schild@siemens.com designates 192.35.17.14 as permitted sender) client-ip=192.35.17.14; Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of henning.schild@siemens.com designates 192.35.17.14 as permitted sender) smtp.mailfrom=henning.schild@siemens.com Received: from mail1.siemens.de (mail1.siemens.de [139.23.33.14]) by david.siemens.de (8.15.2/8.15.2) with ESMTPS id w0VFrvqM005234 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for ; Wed, 31 Jan 2018 16:53:57 +0100 Received: from mmd1pvb1c.ad001.siemens.net (md1pvb1c.ad001.siemens.net [139.25.68.40] (may be forged)) by mail1.siemens.de (8.15.2/8.15.2) with ESMTP id w0VFruTC011270 for ; Wed, 31 Jan 2018 16:53:56 +0100 Date: Wed, 31 Jan 2018 16:53:56 +0100 From: Henning Schild To: Subject: Re: [PATCH 2/2] images: wic: do not call wic with sudo anymore Message-ID: <20180131165356.4323538c@mmd1pvb1c.ad001.siemens.net> In-Reply-To: <20180131154838.14707-2-henning.schild@siemens.com> References: <20180131154838.14707-1-henning.schild@siemens.com> <20180131154838.14707-2-henning.schild@siemens.com> X-Mailer: Claws Mail 3.15.0-dirty (GTK+ 2.24.31; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-TUID: E0OZar/VkJ0o I still prefer the almighty big sudo, this patch adds complexity and is a hack. But i also think that touching contrib code in _any_ way is so evil that any hack should be considered to avoid it. Henning Am Wed, 31 Jan 2018 16:48:38 +0100 schrieb Henning Schild : > Issues: > 1. wic was called under sudo > 2. wic and its plugins can use sudo to do whatever they want > > Impact: > Issue 1 is addressed, but Issue 2 has always been there and has > come to stay. > > Signed-off-by: Henning Schild > --- > meta/classes/wic-img.bbclass | 17 ++++++++++++++++- > scripts/wic_fakeroot | 37 > ++++++++++++++++++++++--------------- 2 files changed, 38 > insertions(+), 16 deletions(-) > > diff --git a/meta/classes/wic-img.bbclass > b/meta/classes/wic-img.bbclass index 72779eb..444e003 100644 > --- a/meta/classes/wic-img.bbclass > +++ b/meta/classes/wic-img.bbclass > @@ -59,7 +59,22 @@ do_wic_image() { > export BUILDDIR="${BUILDDIR}" > export MTOOLS_SKIP_CHECK=1 > > - sudo -E > PATH="$PATH:/builder/isar/bitbake/bin:/builder/isar/scripts" /builder/isar/scripts/wic > create ${WKS_FILE} --vars "${STAGING_DIR}/${MACHINE}/imgdata/" -o > ${DEPLOY_DIR_IMAGE} -e ${IMAGE_BASENAME} ${WIC_CREATE_EXTRA_ARGS} > + # Play a dirty trick to redirect "du" and "mkfs.*" to FAKEROOTCMD > + WTOOLS_SYSROOT="${TMPDIR}/trick_wic/" > + mkdir -p ${WTOOLS_SYSROOT}/sbin > + mkdir -p ${WTOOLS_SYSROOT}/usr/bin > + for fstype in btrfs ext2 ext3 ext4 vfat; do > + ln -sf /builder/isar/scripts/${FAKEROOTCMD} \ > + ${WTOOLS_SYSROOT}/sbin/mkfs.${fstype} > + done > + ln -sf /builder/isar/scripts/${FAKEROOTCMD} \ > + ${WTOOLS_SYSROOT}/usr/bin/du > + > + echo "RECIPE_SYSROOT_NATIVE=\"${WTOOLS_SYSROOT}\"" >> \ > + ${STAGING_DIR}/${MACHINE}/imgdata/wic-tools.env > + > + export > PATH="${WTOOLS_SYSROOT}/sbin:${WTOOLS_SYSROOT}/usr/sbin:${WTOOLS_SYSROOT}/usr/bin:${PATH}" > + /builder/isar/scripts/wic create ${WKS_FILE} --vars > "${STAGING_DIR}/${MACHINE}/imgdata/" -o ${DEPLOY_DIR_IMAGE} -e > ${IMAGE_BASENAME} ${WIC_CREATE_EXTRA_ARGS} } > addtask wic_image before do_build after do_copy_boot_files > diff --git a/scripts/wic_fakeroot b/scripts/wic_fakeroot > index 9e01c38..01865a0 100755 > --- a/scripts/wic_fakeroot > +++ b/scripts/wic_fakeroot > @@ -1,10 +1,11 @@ > #!/usr/bin/env python3 > # > # wic needs a FAKEROOT cmd to run, the default is pseudo. In Isar we > do/can not -# use pseudo. And we call wic as root to begin with, so > this script could be a -# dummy doing nothing. It is almost a > dummy ... -# > -# If the fsck hack ever becomes obsolete, FAKEROOTCMD ?= "true;" can > be used +# use pseudo at the moment. > +# All wic calls to exec_native_cmd will end up here, if they wanted > pseudo. +# They will get executed under sudo. > +# In addition we prepend "du"s and "mkfs"s with a sudo, just like a > Isar +# specific patch did before. > # > # This software is a part of Isar. > # Copyright (C) 2018 Siemens AG > @@ -15,23 +16,29 @@ import shutil > import subprocess > > args = sys.argv > -args.pop(0) > -cmd = args[0] > +args[0] = os.path.basename(args[0]) > + > +if not (args[0].startswith('mkfs.') or args[0] == 'du'): > + # the wrapper was not called directly and not for one of the > known > + # hacks > + if args[0] != 'wic_fakeroot': > + sys.exit(1) > + args.pop(0) > > -# expect to be running as root > -# we could loosen that and execv(sudo, args) but even some early > -# "du"s fail, which do not use the fakeroot-wrapper > -# i.e. in wics partition.py the "du -ks" fails on > -# var/cache/apt/archives/partial > -# rootfs/root ... > -assert 'root' == os.environ["USER"] > +cmd = args[0] > > # e2fsck <= 1.43.5 returns 1 on non-errors (stretch and before > affected) # treat 1 as safe ... the filesystem was successfully > repaired and is OK if cmd.startswith('fsck.'): > - ret = subprocess.call(args) > + ret = subprocess.call(['sudo'] + args) > if ret == 0 or ret == 1: > sys.exit(0) > sys.exit(ret) > > -os.execv(shutil.which(cmd), args) > +# now remove the previous 3 entries from PATH, the ones we used to > trick some guys in here +path = > ':'.join(os.environ['PATH'].split(':')[3:]) +path += > ":/builder/isar/bitbake/bin:/builder/isar/scripts" + > +args = ['-E', 'PATH="%s"' % path ] + args > + > +os.execv(shutil.which('sudo'), args)