[PATCH] meta/dpkg-raw: fix raw package file ownership

[PATCH] meta/dpkg-raw: fix raw package file ownership

[Henning Schild]

Make sure the whole content of the package defaults to ownership
"root:root", deviations will have to be done in postinst.
Before the file ownership was coming from our build environment and
typically was "1000:1000".

Reported-by: Adriaan Schmidt <adriaan.schmidt@siemens.com>
Signed-off-by: Henning Schild <henning.schild@siemens.com>
---
 meta/classes/dpkg-raw.bbclass | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/classes/dpkg-raw.bbclass b/meta/classes/dpkg-raw.bbclass
index c848f3d..d662422 100644
--- a/meta/classes/dpkg-raw.bbclass
+++ b/meta/classes/dpkg-raw.bbclass
@@ -54,6 +54,6 @@ do_prepare_build() {
 }
 
 dpkg_runbuild() {
-	sudo chown -R root:root ${D}/DEBIAN/
+	sudo chown -R root:root ${D}
 	sudo chroot ${BUILDCHROOT_DIR} dpkg-deb --build ${PP}/image ${PP}
 }
-- 
2.19.1

Re: [PATCH] meta/dpkg-raw: fix raw package file ownership

[Jan Kiszka]

On 07.11.18 17:15, [ext] Henning Schild wrote:
> Make sure the whole content of the package defaults to ownership
> "root:root", deviations will have to be done in postinst.
> Before the file ownership was coming from our build environment and
> typically was "1000:1000".
> 
> Reported-by: Adriaan Schmidt <adriaan.schmidt@siemens.com>
> Signed-off-by: Henning Schild <henning.schild@siemens.com>
> ---
>   meta/classes/dpkg-raw.bbclass | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/meta/classes/dpkg-raw.bbclass b/meta/classes/dpkg-raw.bbclass
> index c848f3d..d662422 100644
> --- a/meta/classes/dpkg-raw.bbclass
> +++ b/meta/classes/dpkg-raw.bbclass
> @@ -54,6 +54,6 @@ do_prepare_build() {
>   }
>   
>   dpkg_runbuild() {
> -	sudo chown -R root:root ${D}/DEBIAN/
> +	sudo chown -R root:root ${D}
>   	sudo chroot ${BUILDCHROOT_DIR} dpkg-deb --build ${PP}/image ${PP}
>   }
> 

That will overwrite potentially different settings of derived recipes - not optimal.

Jan

-- 
Siemens AG, Corporate Technology, CT RDA IOT SES-DE
Corporate Competence Center Embedded Linux

Re: [PATCH] meta/dpkg-raw: fix raw package file ownership

[Henning Schild]

Am Wed, 7 Nov 2018 17:19:14 +0100
schrieb Jan Kiszka <jan.kiszka@siemens.com>:

> On 07.11.18 17:15, [ext] Henning Schild wrote:
> > Make sure the whole content of the package defaults to ownership
> > "root:root", deviations will have to be done in postinst.
> > Before the file ownership was coming from our build environment and
> > typically was "1000:1000".
> > 
> > Reported-by: Adriaan Schmidt <adriaan.schmidt@siemens.com>
> > Signed-off-by: Henning Schild <henning.schild@siemens.com>
> > ---
> >   meta/classes/dpkg-raw.bbclass | 2 +-
> >   1 file changed, 1 insertion(+), 1 deletion(-)
> > 
> > diff --git a/meta/classes/dpkg-raw.bbclass
> > b/meta/classes/dpkg-raw.bbclass index c848f3d..d662422 100644
> > --- a/meta/classes/dpkg-raw.bbclass
> > +++ b/meta/classes/dpkg-raw.bbclass
> > @@ -54,6 +54,6 @@ do_prepare_build() {
> >   }
> >   
> >   dpkg_runbuild() {
> > -	sudo chown -R root:root ${D}/DEBIAN/
> > +	sudo chown -R root:root ${D}
> >   	sudo chroot ${BUILDCHROOT_DIR} dpkg-deb --build
> > ${PP}/image ${PP} }
> >   
> 
> That will overwrite potentially different settings of derived recipes
> - not optimal.

I think the only sane way of chowning inside a package is in postinst,
because you never know the id before-hand. Maybe there are a few exotic
hard-coded users/groups ...
So my assumption is that any package doing chowning does that in
postinst and otherwise all files belong to root. This commit implement
the assumption. It might be wrong but in that case i want a
counter-example from you ;).

Henning

> Jan
> 

Re: [PATCH] meta/dpkg-raw: fix raw package file ownership

[Jan Kiszka]

On 07.11.18 17:25, Henning Schild wrote:
> Am Wed, 7 Nov 2018 17:19:14 +0100
> schrieb Jan Kiszka <jan.kiszka@siemens.com>:
> 
>> On 07.11.18 17:15, [ext] Henning Schild wrote:
>>> Make sure the whole content of the package defaults to ownership
>>> "root:root", deviations will have to be done in postinst.
>>> Before the file ownership was coming from our build environment and
>>> typically was "1000:1000".
>>>
>>> Reported-by: Adriaan Schmidt <adriaan.schmidt@siemens.com>
>>> Signed-off-by: Henning Schild <henning.schild@siemens.com>
>>> ---
>>>    meta/classes/dpkg-raw.bbclass | 2 +-
>>>    1 file changed, 1 insertion(+), 1 deletion(-)
>>>
>>> diff --git a/meta/classes/dpkg-raw.bbclass
>>> b/meta/classes/dpkg-raw.bbclass index c848f3d..d662422 100644
>>> --- a/meta/classes/dpkg-raw.bbclass
>>> +++ b/meta/classes/dpkg-raw.bbclass
>>> @@ -54,6 +54,6 @@ do_prepare_build() {
>>>    }
>>>    
>>>    dpkg_runbuild() {
>>> -	sudo chown -R root:root ${D}/DEBIAN/
>>> +	sudo chown -R root:root ${D}
>>>    	sudo chroot ${BUILDCHROOT_DIR} dpkg-deb --build
>>> ${PP}/image ${PP} }
>>>    
>>
>> That will overwrite potentially different settings of derived recipes
>> - not optimal.
> 
> I think the only sane way of chowning inside a package is in postinst,
> because you never know the id before-hand. Maybe there are a few exotic
> hard-coded users/groups ...
> So my assumption is that any package doing chowning does that in
> postinst and otherwise all files belong to root. This commit implement
> the assumption. It might be wrong but in that case i want a
> counter-example from you ;).

Fair enough. I only have use case where I can now remove the "chown root:root". 
Should still be documented, specifically in RECIPE-API-CHANGELOG.

Jan

-- 
Siemens AG, Corporate Technology, CT RDA IOT SES-DE
Corporate Competence Center Embedded Linux