From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 6641861376070385664 X-Received: by 2002:a2e:8842:: with SMTP id z2-v6mr3982343ljj.29.1546887368525; Mon, 07 Jan 2019 10:56:08 -0800 (PST) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a19:ee0d:: with SMTP id g13ls127588lfb.7.gmail; Mon, 07 Jan 2019 10:56:07 -0800 (PST) X-Google-Smtp-Source: AFSGD/UX2OEEcBxmBZUl7ALCCiieJ1+6WQ8WH0KMyu8tiWoqhAyyvsaHqFladp2bOCbz6hB6EBL1 X-Received: by 2002:a19:5519:: with SMTP id n25mr3492950lfe.1.1546887367889; Mon, 07 Jan 2019 10:56:07 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1546887367; cv=none; d=google.com; s=arc-20160816; b=dVl200IzU6RwZFggBkU32Gsoir6taWElnkpHNadBWVySgNxBgjVo7GKBEmHLAuqooq qghRXgYpimNOwooI06GhA1Ieif3tENNEkybniF6X1p9Kbmw1zM14dAhNnA57GqcAoB7I uGdejFhhxJgHS5aQEI8Dp97KoVfOdkzeW26l1xilBbtiykhZexG64imguclTVLlAibAS RQK33Vd+sQQHPUF7UDqLJU6TQxo5zPIk52KqXIhh7liuRaG3iE8Anj+Omo7UQyzz7i+N 233MZy5aXTNgu7jX3ucp2F+ZLUR9D2I+TmG5R9NdoJF36BGn6LpenIjR7DhIxWs1N0Kb HH9g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:content-language:in-reply-to:mime-version :user-agent:date:message-id:from:references:cc:to:subject; bh=y0MPiq96Gk5wcmwHhLDvXRMtlr69Dpr82gf8dmlM9X4=; b=XRaU8D0vicqO/fFRXhSTPlvBinJI8H4jalVrf+JYHoKve6PW7BoVMuD81gmLyDwl2n iqYPDHVMJ1aFjia7krbpVhiyGap9b06MUNWTVX4bVoe+Havn2tDlZLDNwa4LINQ4fY7m VbZ59/LxdRx9bfhO6boasd34cSmhNOpMK12vz7Ml04zjIYYlEwYAuOzr6gDJhwyO9MeA AYnUyS3eg59FDjY8ohn88a1Olc3H5qd7CHUl1fZwJHjvXdl1A02ia2NLO3xk3wIbw7Ft JB6ZStdd5K7KGYEZ/Q0rtw34G++Z3fPFmym2HQpyIxg47bfDFzitlFpVi7HHOEgT69pP BvSQ== ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=pass (google.com: domain of jan.kiszka@siemens.com designates 194.138.37.40 as permitted sender) smtp.mailfrom=jan.kiszka@siemens.com Return-Path: Received: from gecko.sbs.de (gecko.sbs.de. [194.138.37.40]) by gmr-mx.google.com with ESMTPS id w10si2843464lfc.5.2019.01.07.10.56.07 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 07 Jan 2019 10:56:07 -0800 (PST) Received-SPF: pass (google.com: domain of jan.kiszka@siemens.com designates 194.138.37.40 as permitted sender) client-ip=194.138.37.40; Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of jan.kiszka@siemens.com designates 194.138.37.40 as permitted sender) smtp.mailfrom=jan.kiszka@siemens.com Received: from mail1.sbs.de (mail1.sbs.de [192.129.41.35]) by gecko.sbs.de (8.15.2/8.15.2) with ESMTPS id x07Iu6MT004811 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for ; Mon, 7 Jan 2019 19:56:07 +0100 Received: from [167.87.37.27] ([167.87.37.27]) by mail1.sbs.de (8.15.2/8.15.2) with ESMTP id x07Iu5Ch006462; Mon, 7 Jan 2019 19:56:06 +0100 Subject: Re: [PATCH 1/7] dpkg-raw: Respect file permissions defined by recipe To: Henning Schild Cc: isar-users References: <20190107142049.0c5426a3@md1za8fc.ad001.siemens.net> <20190107151959.2627fcd8@md1za8fc.ad001.siemens.net> <1552f87b-a193-fca2-6496-e94554b21d6f@siemens.com> <30994991-d72e-1a54-6f90-1a89e926e121@siemens.com> <20190107172810.10e0178b@md1za8fc.ad001.siemens.net> <73e2f06f-9ece-1c7c-739f-b572a109179c@siemens.com> <20190107185153.48ff9b83@md1za8fc.ad001.siemens.net> From: Jan Kiszka Message-ID: <504cb0ab-b762-f63a-a077-343ae9012682@siemens.com> Date: Mon, 7 Jan 2019 19:56:03 +0100 User-Agent: Mozilla/5.0 (X11; U; Linux i686 (x86_64); de; rv:1.8.1.12) Gecko/20080226 SUSE/2.0.0.12-1.1 Thunderbird/2.0.0.12 Mnenhy/0.7.5.666 MIME-Version: 1.0 In-Reply-To: <20190107185153.48ff9b83@md1za8fc.ad001.siemens.net> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit X-TUID: nze5cBc2cVD8 On 07.01.19 18:51, Henning Schild wrote: > Am Mon, 7 Jan 2019 17:54:26 +0100 > schrieb Jan Kiszka : > >> On 07.01.19 17:28, Henning Schild wrote: >>> Am Mon, 7 Jan 2019 15:26:16 +0100 >>> schrieb Jan Kiszka : >>> >>>> On 07.01.19 15:20, Jan Kiszka wrote: >>>>> On 07.01.19 15:19, Henning Schild wrote: >>>>>> Am Mon, 7 Jan 2019 14:28:47 +0100 >>>>>> schrieb Jan Kiszka : >>>>>> >>>>>>> On 07.01.19 14:20, Henning Schild wrote: >>>>>>>> Am Wed, 2 Jan 2019 12:34:11 +0100 >>>>>>>> schrieb Jan Kiszka : >>>>>>>>> From: Jan Kiszka >>>>>>>>> >>>>>>>>> dh_fixperms overwrites the permissions do_install defined >>>>>>>>> carefully. Skip this step to avoid that. >>>>>>>>> >>>>>>>>> Fixes: f301ccb2b5b1 ("meta/dpkg-raw: build raw packages like >>>>>>>>> all others") CC: Henning Schild >>>>>>>>> Signed-off-by: Jan Kiszka >>>>>>>>> --- >>>>>>>>>    meta/classes/dpkg-raw.bbclass | 4 +++- >>>>>>>>>    1 file changed, 3 insertions(+), 1 deletion(-) >>>>>>>>> >>>>>>>>> diff --git a/meta/classes/dpkg-raw.bbclass >>>>>>>>> b/meta/classes/dpkg-raw.bbclass index 8d11433..10fb1b9 100644 >>>>>>>>> --- a/meta/classes/dpkg-raw.bbclass >>>>>>>>> +++ b/meta/classes/dpkg-raw.bbclass >>>>>>>>> @@ -56,9 +56,11 @@ EOF >>>>>>>>>    deb_create_rules() { >>>>>>>>>        cat << EOF > ${S}/debian/rules >>>>>>>>>    #!/usr/bin/make -f >>>>>>>>> + >>>>>>>>> +override_dh_fixperms: >>>>>>>>> + >>>>>>>>>    %: >>>>>>>>>        dh \$@ >>>>>>>>> - >>>>>>>> >>>>>>>> I think it is not a good idea to do that in general. While you >>>>>>>> might have found an example where dh_fixperms caused problems, >>>>>>>> there are probably many where it helps. Say people use "cp" to >>>>>>>> fill ${D} or "echo" to fill ${D}/bin/ >>>>>>> >>>>>>> I'm open for better suggestions. >>>>>> >>>>>> The suggestion is to do that in the one recipe that you need it >>>>>> for, and not touch the general case. >>>>> >>>>> ...except for causing that regression: Keep in mind that we used >>>>> to respect permissions defined by the user before the switch to >>>>> packaging via Debian! >>> >>> True, but there is a changelog section that even tells users how to >>> disable certain dhs for their recipes. >>> >>>> To make my issue more concrete: Consider you want to package >>>> secrets this way. Then it would be rather ugly to even temporary >>>> have them group or even work readable during packaging and >>>> installation - in case you suggestion should be to adjust the >>>> permissions in a postinst. >>> >>> Having secrets in your repo and build process would be ugly as well, >>> many spots where they could leak. So i do not think that is a good >>> example. >>> And i am not talking about a postinst, but a rules file that does >>> exactly what yours does. See what example-raw does for dh_usrlocal, >>> if you bring your rules you do not get the defaults. >>> Looking at the man-page i see a lot of "removes permission", where >>> documentation seems to be the only exception. Again secret does not >>> seem to be a good example. (except you place it in >>> usr/share/doc ;) ) >>> >>> What exactly is your motivation for the change? >> >> Allow to ship files that are not world-readable by defaults. That's a >> pretty common pattern, e.g. to add pre-generated keys, certificates, >> wifi passwords etc. > > I think i got that but i am not sure how they would become world > readable, not from the man-page nor from the code. Except you got the > location "wrong". So a full path example with the permissions before > and after is what i was asking for. > I started the patch for packages that populate {/home/$USER,/root}/.ssh, but I'm sure you can reproduce that with any file targeting /etc as well - e.g. one that exploits [1]. I'm now deploying wifi keys via such an unversioned local.inc. Jan [1] https://github.com/siemens/jailhouse-images/commit/ad96bb52835fb4b2723733b49b6dca3fc19e81de -- Siemens AG, Corporate Technology, CT RDA IOT SES-DE Corporate Competence Center Embedded Linux