From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 6621153044585250816 X-Received: by 2002:adf:fa82:: with SMTP id h2-v6mr210892wrr.18.1541608045599; Wed, 07 Nov 2018 08:27:25 -0800 (PST) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a1c:a782:: with SMTP id q124-v6ls443862wme.14.gmail; Wed, 07 Nov 2018 08:27:25 -0800 (PST) X-Google-Smtp-Source: AJdET5fjKDufAH3F/BY7Jzjyz4u+l+39j6vG2JsyeVoZYTS1NXw1UFomRkbhvncd9r6KdYxgpCl2 X-Received: by 2002:a1c:496:: with SMTP id 144-v6mr204215wme.18.1541608045203; Wed, 07 Nov 2018 08:27:25 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1541608045; cv=none; d=google.com; s=arc-20160816; b=BCABvxmo2QWpZkSyYk37jG2tYVBekjKB1Pd3YqTVcwH6OrAGvEPTNygg/edxcO49cN NIjahGuYmmTf6bhGdDovw9sz++Eva0vEi1jIu6Qtd2pJqU9gIk1NI3Bq0punvT+eJecG qrduUJPaFA95UmOH3icWIuwDfP0LJreHoEwP8WyM91GHZag2HTYZeAVd1XoKsSrDiqnL atTEEdl5wrBIiIxkgUmUaZjSq4ZAnlI02pZuRa4+jZ3ShIqUBtEXJddCBViXscjZQlHD vbodR0b/BrdEByPH2P6Mcflpj0V5l/8/euGTexkzMM3qXJjDDGd1wdGuT0mz+dzkSHO2 I86g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:content-language:in-reply-to:mime-version :user-agent:date:message-id:from:references:cc:to:subject; bh=3p9TDfUX2On469X9aEvh6rpU1h6dJKvOrVA1FnYbpCQ=; b=O3OsQHamDl/MHAKtY+FHGXhjiBezI4wxHwHQ8wlpsLc0vItTItUTMHfXQO0+8R1+/i Of7bYxGyLBDU4E634eDQ1tGgau8jAuxj60Z0CjwkVjSFROvb+vNtr5QiTD1ND944F1Lp 7U20cacsuxI3CR1FRzHGUY/HoWkFjTIzcfIxW4Ifv0FmK53lXz0l2Mh0eEz7pGD0Ulwv t7qTR811Tr5ycVA2WTGQ0TMI13j1iY9y2Y0W2JjPy85zI7s9cZTzs+2UN70sz5rjsN5g YsSU8g/NAruNervRI1vDPA20SNWjjzMgfyMeXGwe9FYD43VwtVJqTr/yPs3NnauZav/d ZgIw== ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=pass (google.com: domain of jan.kiszka@siemens.com designates 192.35.17.14 as permitted sender) smtp.mailfrom=jan.kiszka@siemens.com Return-Path: Received: from david.siemens.de (david.siemens.de. [192.35.17.14]) by gmr-mx.google.com with ESMTPS id v6-v6si45423wrn.0.2018.11.07.08.27.25 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 07 Nov 2018 08:27:25 -0800 (PST) Received-SPF: pass (google.com: domain of jan.kiszka@siemens.com designates 192.35.17.14 as permitted sender) client-ip=192.35.17.14; Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of jan.kiszka@siemens.com designates 192.35.17.14 as permitted sender) smtp.mailfrom=jan.kiszka@siemens.com Received: from mail2.sbs.de (mail2.sbs.de [192.129.41.66]) by david.siemens.de (8.15.2/8.15.2) with ESMTPS id wA7GROJf021887 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for ; Wed, 7 Nov 2018 17:27:24 +0100 Received: from [139.25.68.37] (md1q0hnc.ad001.siemens.net [139.25.68.37] (may be forged)) by mail2.sbs.de (8.15.2/8.15.2) with ESMTP id wA7GRO6K003424; Wed, 7 Nov 2018 17:27:24 +0100 Subject: Re: [PATCH] meta/dpkg-raw: fix raw package file ownership To: Henning Schild Cc: isar-users , Adriaan Schmidt References: <20181107161519.16595-1-henning.schild@siemens.com> <20181107172509.59d1d663@md1za8fc.ad001.siemens.net> From: Jan Kiszka Message-ID: <93563efe-776b-af38-9576-3ea57ab729c7@siemens.com> Date: Wed, 7 Nov 2018 17:27:24 +0100 User-Agent: Mozilla/5.0 (X11; U; Linux i686 (x86_64); de; rv:1.8.1.12) Gecko/20080226 SUSE/2.0.0.12-1.1 Thunderbird/2.0.0.12 Mnenhy/0.7.5.666 MIME-Version: 1.0 In-Reply-To: <20181107172509.59d1d663@md1za8fc.ad001.siemens.net> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-TUID: 3Rc1rRuuu+D5 On 07.11.18 17:25, Henning Schild wrote: > Am Wed, 7 Nov 2018 17:19:14 +0100 > schrieb Jan Kiszka : > >> On 07.11.18 17:15, [ext] Henning Schild wrote: >>> Make sure the whole content of the package defaults to ownership >>> "root:root", deviations will have to be done in postinst. >>> Before the file ownership was coming from our build environment and >>> typically was "1000:1000". >>> >>> Reported-by: Adriaan Schmidt >>> Signed-off-by: Henning Schild >>> --- >>> meta/classes/dpkg-raw.bbclass | 2 +- >>> 1 file changed, 1 insertion(+), 1 deletion(-) >>> >>> diff --git a/meta/classes/dpkg-raw.bbclass >>> b/meta/classes/dpkg-raw.bbclass index c848f3d..d662422 100644 >>> --- a/meta/classes/dpkg-raw.bbclass >>> +++ b/meta/classes/dpkg-raw.bbclass >>> @@ -54,6 +54,6 @@ do_prepare_build() { >>> } >>> >>> dpkg_runbuild() { >>> - sudo chown -R root:root ${D}/DEBIAN/ >>> + sudo chown -R root:root ${D} >>> sudo chroot ${BUILDCHROOT_DIR} dpkg-deb --build >>> ${PP}/image ${PP} } >>> >> >> That will overwrite potentially different settings of derived recipes >> - not optimal. > > I think the only sane way of chowning inside a package is in postinst, > because you never know the id before-hand. Maybe there are a few exotic > hard-coded users/groups ... > So my assumption is that any package doing chowning does that in > postinst and otherwise all files belong to root. This commit implement > the assumption. It might be wrong but in that case i want a > counter-example from you ;). Fair enough. I only have use case where I can now remove the "chown root:root". Should still be documented, specifically in RECIPE-API-CHANGELOG. Jan -- Siemens AG, Corporate Technology, CT RDA IOT SES-DE Corporate Competence Center Embedded Linux