From: Baurzhan Ismagulov <ibr@radix50.net>
To: isar-users@googlegroups.com
Subject: Re: [PATCH v5 0/5] Debootstrap integration
Date: Wed, 4 Apr 2018 22:34:34 +0200 [thread overview]
Message-ID: <20180404203434.GC3164@yssyq.radix50.net> (raw)
In-Reply-To: <20180403100802.30710-1-claudius.heine.ext@siemens.com>
On Tue, Apr 03, 2018 at 12:07:57PM +0200, claudius.heine.ext@siemens.com wrote:
> this is the new version of this patchset, that fixes the
> generate_keyring task in isar-bootstrap for systems with read-only
> homedir.
Thanks, worked fine on my host. CI still in progress.
It's unfortunate that the series introduces regressions you wrote about
(changing mirrors, setting hostname). It's always better to fix the issues on
the spot. If there are no objections, I'd like to add TODOs to the patches.
Please let me know whether it's ok, or you would like to address those before
the merge.
What I'd really like to see is an update to doc/user_manual.md. Would you have
time for that in the next days?
If I understand the code correctly, there is also a security issue:
On Tue, Apr 03, 2018 at 12:08:00PM +0200, claudius.heine.ext@siemens.com wrote:
> + CDIRS="${@d.expand(d.getVarFlags("do_build").get("root_cleandirs", ""))}"
> + if [ -n "$CDIRS" ]; then
> + sudo rm -rf $CDIRS
> + mkdir -p $CDIRS
> + fi
Should root_cleandirs items be checked for directory traversal ("/", "..") and
mounted filesystems in the subdirectories? If yes, do we want to drop the
feature from this series and address the issue in a separate step?
With kind regards,
Baurzhan.
next prev parent reply other threads:[~2018-04-04 20:34 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-04-03 10:07 claudius.heine.ext
2018-04-03 10:07 ` [PATCH v5 1/5] implement isar-bootstrap using debootstrap claudius.heine.ext
2018-04-03 10:07 ` [PATCH v5 2/5] meta/isar-bootstrap-helper.bbclass: handle rfs customization centrally claudius.heine.ext
2018-04-03 10:08 ` [PATCH v5 3/5] meta/buildchroot: switch to using isar-bootstrap claudius.heine.ext
2018-04-03 10:08 ` [PATCH v5 4/5] meta-isar/isar-image-base: " claudius.heine.ext
2018-04-03 10:08 ` [PATCH v5 5/5] meta-isar/multiconfig: remove multistrap references claudius.heine.ext
2018-04-04 20:34 ` Baurzhan Ismagulov [this message]
2018-04-05 8:03 ` [PATCH v5 0/5] Debootstrap integration Claudius Heine
2018-04-05 9:16 ` Jan Kiszka
2018-04-11 6:28 ` Baurzhan Ismagulov
2018-04-11 6:58 ` Jan Kiszka
2018-04-11 7:04 ` Claudius Heine
2018-04-09 10:50 ` Jan Kiszka
2018-04-09 12:48 ` Baurzhan Ismagulov
2018-04-09 14:47 ` Jan Kiszka
2018-04-10 11:38 ` Claudius Heine
2018-04-10 20:49 ` Baurzhan Ismagulov
2018-04-11 5:59 ` Baurzhan Ismagulov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180404203434.GC3164@yssyq.radix50.net \
--to=ibr@radix50.net \
--cc=isar-users@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox