From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 6906006289225089024 X-Received: by 2002:adf:8b5a:: with SMTP id v26mr25154206wra.138.1608024181627; Tue, 15 Dec 2020 01:23:01 -0800 (PST) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a5d:6812:: with SMTP id w18ls4541431wru.1.gmail; Tue, 15 Dec 2020 01:23:00 -0800 (PST) X-Google-Smtp-Source: ABdhPJyBY6hWQGanOqhiRKitpPdQkfB7JBMfu7TSIYtWGl/2FaRKs/l/6Zol3mbnr+RJWzQq4xmV X-Received: by 2002:adf:eb08:: with SMTP id s8mr1792792wrn.12.1608024180671; Tue, 15 Dec 2020 01:23:00 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1608024180; cv=none; d=google.com; s=arc-20160816; b=V6cpbgBQo6hFiVuqoee8uDNi8rYsxOvOl1ZeKa8MVI49XZBAqKnRjgLdY7olWs6MUd EKNaIWoMvvYygoUn/FWwlISmN5T6iP/gh3ROqNwexErpNHMgvv5DUMnvueCJKzF6mHax cVV2sjjuaXarq2T+YhdEZjeR3KVEA0P1WdijzdqaA5ugDZhyBRaThUZzVQpjegY3HpGR 8aajLR+cdmTuSKsZTR4r13AeNZKigbSgnTwH6PZ1rykl53KEwyDtz+jXTcpucdR1rRbE kHCWw+00RkEPpPxjT2dOoqiy+gPzEICWN3uDWcE3iCBfqXNzOzxKGsEdk3l7Bd3mWFwl aVqQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:content-language:in-reply-to:mime-version :user-agent:date:message-id:from:references:cc:to:subject; bh=3hUr+OB5/ZWf2YbYOgUWU0vhs/Jar5HjdVklm3o1JHM=; b=E4H78eA46dHcPbBE6LPIeIxbpHQuPC/2Dxq+zy5d4m4HA7lP9HDhUk1w5lq1KcIMad 3FWSVul5Njo5wEuJfkKa9tJEd6ayLgI3WM1QqFzU+05ZA244s5QoH1EYPibLkKoU52wh 89F4KuLdDaL1p4HNOT1CAbYbi5s63yKPj5f9E/S+gnHnpaeS1llb7B1hSggCjL8LhK1Q eD5lWFmkdnkgXiZ4QgtGxLg1XfGoq+Tpk2kTboiYLnQUzvTk9a4TVRzo1wkZnJMhuD5o lEpdERybi2K80JScWqNVJlJJJhvyNzlnQXBmfWQRZDrSjui2JDj/327rSxQCEYZIc//h yuhg== ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=pass (google.com: domain of jan.kiszka@siemens.com designates 192.35.17.28 as permitted sender) smtp.mailfrom=jan.kiszka@siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com Return-Path: Received: from goliath.siemens.de (goliath.siemens.de. [192.35.17.28]) by gmr-mx.google.com with ESMTPS id i206si645943wmi.0.2020.12.15.01.23.00 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 15 Dec 2020 01:23:00 -0800 (PST) Received-SPF: pass (google.com: domain of jan.kiszka@siemens.com designates 192.35.17.28 as permitted sender) client-ip=192.35.17.28; Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of jan.kiszka@siemens.com designates 192.35.17.28 as permitted sender) smtp.mailfrom=jan.kiszka@siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com Received: from mail2.sbs.de (mail2.sbs.de [192.129.41.66]) by goliath.siemens.de (8.15.2/8.15.2) with ESMTPS id 0BF9N0ir026844 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for ; Tue, 15 Dec 2020 10:23:00 +0100 Received: from [167.87.38.225] ([167.87.38.225]) by mail2.sbs.de (8.15.2/8.15.2) with ESMTP id 0BF9Mxsr010930; Tue, 15 Dec 2020 10:22:59 +0100 Subject: Re: [PATCH 1/6] meta: image: Account for Ubuntu differences in do_copy_boot_files To: Henning Schild Cc: isar-users References: <20201214131630.0dd0f131@md1za8fc.ad001.siemens.net> <20201214133637.58f89677@md1za8fc.ad001.siemens.net> <20201214174057.717ea24a@md1za8fc.ad001.siemens.net> From: Jan Kiszka Message-ID: <84af84db-4de8-8f94-67a6-0dcdd4d49a82@siemens.com> Date: Tue, 15 Dec 2020 10:22:59 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.5.0 MIME-Version: 1.0 In-Reply-To: <20201214174057.717ea24a@md1za8fc.ad001.siemens.net> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-TUID: 5aRtxkXG7A8f On 14.12.20 17:40, Henning Schild wrote: > Am Mon, 14 Dec 2020 17:39:28 +0100 > schrieb Jan Kiszka : > >> On 14.12.20 13:36, Henning Schild wrote: >>> Am Mon, 14 Dec 2020 13:27:30 +0100 >>> schrieb Jan Kiszka : >>> >>>> On 14.12.20 13:16, Henning Schild wrote: >>>>> Am Mon, 14 Dec 2020 08:11:22 +0100 >>>>> schrieb Jan Kiszka : >>>>> >>>>>> From: Jan Kiszka >>>>>> >>>>>> Ubuntu places kernel and initrd links under /boot. Furthermore, >>>>>> it makes the kernel unreadable for non-root users. Account for >>>>>> the latter by cat'ing the kernel under sudo, redirecting the >>>>>> output to the deployment artifact so that it is owned by the >>>>>> building user. >>>>>> >>>>>> Signed-off-by: Jan Kiszka >>>>>> --- >>>>>> meta/classes/image.bbclass | 9 ++++++--- >>>>>> 1 file changed, 6 insertions(+), 3 deletions(-) >>>>>> >>>>>> diff --git a/meta/classes/image.bbclass >>>>>> b/meta/classes/image.bbclass index 74fc8500..eddc4449 100644 >>>>>> --- a/meta/classes/image.bbclass >>>>>> +++ b/meta/classes/image.bbclass >>>>>> @@ -132,15 +132,18 @@ EOF >>>>>> >>>>>> do_copy_boot_files[dirs] = "${DEPLOY_DIR_IMAGE}" >>>>>> do_copy_boot_files() { >>>>>> - kernel="$(realpath -q '${IMAGE_ROOTFS}/vmlinuz')" >>>>>> + kernel="$(realpath -q '${IMAGE_ROOTFS}'/vmlinu[xz])" >>>>>> if [ ! -f "$kernel" ]; then >>>>>> - kernel="$(realpath -q '${IMAGE_ROOTFS}/vmlinux')" >>>>>> + kernel="$(realpath -q >>>>>> '${IMAGE_ROOTFS}'/boot/vmlinu[xz])" fi >>>>>> if [ -f "$kernel" ]; then >>>>>> - cp -f "$kernel" '${DEPLOY_DIR_IMAGE}/${KERNEL_IMAGE}' >>>>>> + sudo cat "$kernel" > >>>>>> "${DEPLOY_DIR_IMAGE}/${KERNEL_IMAGE}" >>>>> >>>>> Why "cat" instead of "cp"? I think the real trick is the sudo >>>>> anyways. >>>> >>>> "Furthermore, it >>>> makes the kernel unreadable for non-root users. Account for the >>>> latter by cat'ing the kernel under sudo, redirecting the output to >>>> the deployment artifact so that it is owned by the building user." >>>> >>> >>> I think i would prefer "--no-preserve=mode" to make that explicit in >>> the code ... instead of the commit message. Sorry for my quick >>> shots on this series. >> >> --no-preserve=mode and also --no-preserve=ownership do not help. Any >> other trick I miss? Would prefer something explicit as well. > > sudo cp && chmod && chown > That's not a trick. Than this solution here is simpler. Jan -- Siemens AG, T RDA IOT Corporate Competence Center Embedded Linux