From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 6906006289225089024 X-Received: by 2002:aa7:c3c2:: with SMTP id l2mr25424857edr.15.1607963970528; Mon, 14 Dec 2020 08:39:30 -0800 (PST) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a50:fd15:: with SMTP id i21ls1400202eds.1.gmail; Mon, 14 Dec 2020 08:39:29 -0800 (PST) X-Google-Smtp-Source: ABdhPJw3N1ne1GcQPWZkSuSWRlrpOZNIkcxmuSYOGJnoG8bBZRVCD7yB4n+2cbCSoz0krOX2PmEY X-Received: by 2002:a50:8b22:: with SMTP id l31mr10317210edl.149.1607963969486; Mon, 14 Dec 2020 08:39:29 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1607963969; cv=none; d=google.com; s=arc-20160816; b=vwVAC7g+7HFPTM7BlFbfAygMYl4Uaye3sw01p8wUNgY+EeQpZEtPypF5Txa1fF5wgP 6VrOQKX3NBzzFbq0hPs7aGX8tUzWepgV4y7lHZZjoPBzdLZrACB+e5ePOmHZX7H5WGpR OVBfRwrFlYZft5YAsnVKrVRl0kh4PcKziflpr3pX3IB7eCxQub7+yOo+UXxODE9tbOAu lD8xGBjeQZke6MSyr6bcvF8eaRH1DFbRRe7KtMWtineXjeUnry6qvgQ1EJoLl7cxsMUJ NqzFFKS4N+32k3b4fh81dEJJFnvrlT41/RmZft7OqD6V5NT20QY7sIgI7CxYXJxB5qxs FLNw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:content-language:in-reply-to:mime-version :user-agent:date:message-id:from:references:cc:to:subject; bh=yBAayanOr3ubwD9TayEu34VHORnzW5unS0iEIArXqIg=; b=Y8ZuOe5sPE1B1i/VK+sMoEK0tXMZ76jIG6kWw6OwYN+1yH10zjTAiCC1IvW6K/JG/M qNj9xsYrE8G/qDFgVbAmhXBu9WmWMD/PVbwxSfJHMXnJjOr21JFi39KlncpDD1TGdLUu 2qR5DmnqmIuY5mmeFg8FJTCg3jB+18412g0Xyma1Ju55mAXFAvovbF3c5KgszJD6yqMB ms84lcGCIGnGaz2Hr47Fz4+Y2V4QIFtHz3gRAPh/HEQXFfX0S7xRxgx9goo66tL2vuph mJUf1ju5SF2EEFHyZpGsqPFyH5nr/1dHLZ04kBA8qV1hjA0wE6RbYkgrAfBkR6w7qArS SLnA== ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=pass (google.com: domain of jan.kiszka@siemens.com designates 192.35.17.14 as permitted sender) smtp.mailfrom=jan.kiszka@siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com Return-Path: Received: from david.siemens.de (david.siemens.de. [192.35.17.14]) by gmr-mx.google.com with ESMTPS id i3si515841edy.3.2020.12.14.08.39.29 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 14 Dec 2020 08:39:29 -0800 (PST) Received-SPF: pass (google.com: domain of jan.kiszka@siemens.com designates 192.35.17.14 as permitted sender) client-ip=192.35.17.14; Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of jan.kiszka@siemens.com designates 192.35.17.14 as permitted sender) smtp.mailfrom=jan.kiszka@siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com Received: from mail2.sbs.de (mail2.sbs.de [192.129.41.66]) by david.siemens.de (8.15.2/8.15.2) with ESMTPS id 0BEGdSr9006342 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for ; Mon, 14 Dec 2020 17:39:29 +0100 Received: from [167.87.38.225] ([167.87.38.225]) by mail2.sbs.de (8.15.2/8.15.2) with ESMTP id 0BEGdSIv032494; Mon, 14 Dec 2020 17:39:28 +0100 Subject: Re: [PATCH 1/6] meta: image: Account for Ubuntu differences in do_copy_boot_files To: Henning Schild Cc: isar-users References: <20201214131630.0dd0f131@md1za8fc.ad001.siemens.net> <20201214133637.58f89677@md1za8fc.ad001.siemens.net> From: Jan Kiszka Message-ID: Date: Mon, 14 Dec 2020 17:39:28 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.5.0 MIME-Version: 1.0 In-Reply-To: <20201214133637.58f89677@md1za8fc.ad001.siemens.net> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-TUID: lwQetHW+P0fX On 14.12.20 13:36, Henning Schild wrote: > Am Mon, 14 Dec 2020 13:27:30 +0100 > schrieb Jan Kiszka : > >> On 14.12.20 13:16, Henning Schild wrote: >>> Am Mon, 14 Dec 2020 08:11:22 +0100 >>> schrieb Jan Kiszka : >>> >>>> From: Jan Kiszka >>>> >>>> Ubuntu places kernel and initrd links under /boot. Furthermore, it >>>> makes the kernel unreadable for non-root users. Account for the >>>> latter by cat'ing the kernel under sudo, redirecting the output to >>>> the deployment artifact so that it is owned by the building user. >>>> >>>> Signed-off-by: Jan Kiszka >>>> --- >>>> meta/classes/image.bbclass | 9 ++++++--- >>>> 1 file changed, 6 insertions(+), 3 deletions(-) >>>> >>>> diff --git a/meta/classes/image.bbclass >>>> b/meta/classes/image.bbclass index 74fc8500..eddc4449 100644 >>>> --- a/meta/classes/image.bbclass >>>> +++ b/meta/classes/image.bbclass >>>> @@ -132,15 +132,18 @@ EOF >>>> >>>> do_copy_boot_files[dirs] = "${DEPLOY_DIR_IMAGE}" >>>> do_copy_boot_files() { >>>> - kernel="$(realpath -q '${IMAGE_ROOTFS}/vmlinuz')" >>>> + kernel="$(realpath -q '${IMAGE_ROOTFS}'/vmlinu[xz])" >>>> if [ ! -f "$kernel" ]; then >>>> - kernel="$(realpath -q '${IMAGE_ROOTFS}/vmlinux')" >>>> + kernel="$(realpath -q '${IMAGE_ROOTFS}'/boot/vmlinu[xz])" >>>> fi >>>> if [ -f "$kernel" ]; then >>>> - cp -f "$kernel" '${DEPLOY_DIR_IMAGE}/${KERNEL_IMAGE}' >>>> + sudo cat "$kernel" > >>>> "${DEPLOY_DIR_IMAGE}/${KERNEL_IMAGE}" >>> >>> Why "cat" instead of "cp"? I think the real trick is the sudo >>> anyways. >> >> "Furthermore, it >> makes the kernel unreadable for non-root users. Account for the >> latter by cat'ing the kernel under sudo, redirecting the output to >> the deployment artifact so that it is owned by the building user." > > I think i would prefer "--no-preserve=mode" to make that explicit in > the code ... instead of the commit message. Sorry for my quick shots on > this series. --no-preserve=mode and also --no-preserve=ownership do not help. Any other trick I miss? Would prefer something explicit as well. Jan -- Siemens AG, T RDA IOT Corporate Competence Center Embedded Linux