From mboxrd@z Thu Jan  1 00:00:00 1970
X-GM-THRID: 6540161972509343744
X-Received: by 10.80.245.132 with SMTP id u4mr5224666edm.2.1523271057990;
        Mon, 09 Apr 2018 03:50:57 -0700 (PDT)
X-BeenThere: isar-users@googlegroups.com
Received: by 10.80.243.141 with SMTP id g13ls4654126edm.8.gmail; Mon, 09 Apr
 2018 03:50:57 -0700 (PDT)
X-Google-Smtp-Source: AIpwx4/tl+dnCckdppEuc6Uadf1HXUI0M2drwSphSdf2WcnJEZNBoomS+DwLhDWNAsJZjXRp/am6
X-Received: by 10.80.190.71 with SMTP id b7mr5205714edi.7.1523271057368;
        Mon, 09 Apr 2018 03:50:57 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1523271057; cv=none;
        d=google.com; s=arc-20160816;
        b=yB0FpDzJiQTw63KGaZHuNp+YH0D7B16sQpWoAMwFQwUwLXIzOFGBr/BMkpd+ch0WeA
         4kzwPHJiJMcc6htJdC+y1ivJjDfgl7ZamCIm79StfGRSXmEb37MvAqV8Bx2sbMdLDnEK
         3bPCdhFMdc5rOCyYkxfvBI/8cbFZMH9Ccrya/WPkTowWQPqEsChdVFTCtzu9TQ01lF+H
         6fWZMAbUSqkyMxykmTBIKOtaJO/qZfaETFfbkyHFXTAzEJyKl1O6NYbWRv7PhWKMUG1T
         TsWNIqYApZxc0qOj6PRYhCEVS3Ymi+o3YNjseEJxbri+3eM/sGJ4NkyhDCVdRMiSLiTt
         8I2w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:content-language:in-reply-to:mime-version
         :user-agent:date:message-id:openpgp:from:cc:references:to:subject
         :arc-authentication-results;
        bh=ZYCIl0wuvWFyvJ5t7mmCH/x+wuXGCVRgxfCI0cr4Gmw=;
        b=GrnJXuqHcOW5Rfm7Q1VPdJvGXk4jvC1EzDIQVEoWMByNwd3TKYeODObhjr1Xu41Jpb
         k7hJZP7EJBTjeF5cYeisGA/bD4cp5ztk+YItkXIjVMZI75b9MtnLRFSQfE42yYxQsto5
         XZvva3s4dWuq2HSYAmSeiA1/Uo8JFiISGkXbDgWW6Eqx2w+qLp+0EOyfICiSm95f+Y5q
         oCYkCCTtvgJ+8bG8Xc4RZpucQr4FYB1nbLSmaBHsAp88FD6iHQ8kkFI6fx8x+Ay7dq2J
         N2o4Iza/mB3mvGP3Ud2tvh3QeBsv68SdS2qMAZU0NiSXTW2yQTSoSFtxrHnQu+1GAlaI
         l6NQ==
ARC-Authentication-Results: i=1; gmr-mx.google.com;
       spf=pass (google.com: domain of jan.kiszka@siemens.com designates 192.35.17.2 as permitted sender) smtp.mailfrom=jan.kiszka@siemens.com
Return-Path: <jan.kiszka@siemens.com>
Received: from thoth.sbs.de (thoth.sbs.de. [192.35.17.2])
        by gmr-mx.google.com with ESMTPS id r7si11355edc.5.2018.04.09.03.50.57
        for <isar-users@googlegroups.com>
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Mon, 09 Apr 2018 03:50:57 -0700 (PDT)
Received-SPF: pass (google.com: domain of jan.kiszka@siemens.com designates 192.35.17.2 as permitted sender) client-ip=192.35.17.2;
Authentication-Results: gmr-mx.google.com;
       spf=pass (google.com: domain of jan.kiszka@siemens.com designates 192.35.17.2 as permitted sender) smtp.mailfrom=jan.kiszka@siemens.com
Received: from mail3.siemens.de (mail3.siemens.de [139.25.208.14])
	by thoth.sbs.de (8.15.2/8.15.2) with ESMTPS id w39AoumJ020230
	(version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK);
	Mon, 9 Apr 2018 12:50:57 +0200
Received: from [139.25.68.37] (md1q0hnc.ad001.siemens.net [139.25.68.37] (may be forged))
	by mail3.siemens.de (8.15.2/8.15.2) with ESMTP id w39AoucF028851;
	Mon, 9 Apr 2018 12:50:56 +0200
Subject: Re: [PATCH v5 0/5] Debootstrap integration
To: isar-users@googlegroups.com, Alexander Smirnov <asmirnov@ilbers.de>,
        Baurzhan Ismagulov <ibr@ilbers.de>
References: <20180403100802.30710-1-claudius.heine.ext@siemens.com>
 <20180404203434.GC3164@yssyq.radix50.net>
 <df5af38d-b01f-f85f-f77e-2cf84fc9f2af@siemens.com>
Cc: "[ext] Claudius Heine" <claudius.heine.ext@siemens.com>
From: Jan Kiszka <jan.kiszka@siemens.com>
Openpgp: preference=signencrypt
Message-ID: <c0c09318-ffbe-591b-69b2-7aa29b9b96f0@siemens.com>
Date: Mon, 9 Apr 2018 12:50:56 +0200
User-Agent: Mozilla/5.0 (X11; U; Linux i686 (x86_64); de; rv:1.8.1.12)
 Gecko/20080226 SUSE/2.0.0.12-1.1 Thunderbird/2.0.0.12 Mnenhy/0.7.5.666
MIME-Version: 1.0
In-Reply-To: <df5af38d-b01f-f85f-f77e-2cf84fc9f2af@siemens.com>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-TUID: pUmeRAJeoykA

Hi all,

On 2018-04-05 10:03, [ext] Claudius Heine wrote:
> Hi Baurzhan,
> 
> On 04/04/2018 10:34 PM, Baurzhan Ismagulov wrote:
>> On Tue, Apr 03, 2018 at 12:07:57PM +0200,
>> claudius.heine.ext@siemens.com wrote:
>>> this is the new version of this patchset, that fixes the
>>> generate_keyring task in isar-bootstrap for systems with read-only
>>> homedir.
>>
>> Thanks, worked fine on my host. CI still in progress.
>>
>>
>> It's unfortunate that the series introduces regressions you wrote about
>> (changing mirrors, setting hostname). It's always better to fix the
>> issues on
>> the spot. If there are no objections, I'd like to add TODOs to the
>> patches.
>> Please let me know whether it's ok, or you would like to address those
>> before
>> the merge.
> 
> I don't know about you, but I prefer having TODOs somewhere outside the
> project, maybe in the github issue tracker. At least in my experience
> TODOs together with code or in a separate file inside the repo are
> seldom updated and easily forgotten. If this project prefers having
> TODOs inside the repo, then sure, I have nothing against adding them
> somewhere.
> 
> I do plan of adding more features to this once this is merged. This
> patchset just provides the baseline.
> 
>> What I'd really like to see is an update to doc/user_manual.md. Would
>> you have
>> time for that in the next days?
> 
> I'll try.
> 
>>
>>
>> If I understand the code correctly, there is also a security issue:
> 
> Not sure if security is really a concern for isar yet. But I get your
> point that we should prevent possible accidents. :)
> 
>>
>> On Tue, Apr 03, 2018 at 12:08:00PM +0200,
>> claudius.heine.ext@siemens.com wrote:
>>> +   
>>> CDIRS="${@d.expand(d.getVarFlags("do_build").get("root_cleandirs",
>>> ""))}"
>>> +    if [ -n "$CDIRS" ]; then
>>> +        sudo rm -rf $CDIRS
>>> +        mkdir -p $CDIRS
>>> +    fi
>>
>> Should root_cleandirs items be checked for directory traversal ("/",
>> "..") and
>> mounted filesystems in the subdirectories? If yes, do we want to drop the
>> feature from this series and address the issue in a separate step?
> 
> This isn't really a new feature of isar yet. Its just the start of a
> general interface, that could be use everywhere when its acknowledged by
> the community and fully implemented. So it has to be improved anyway.
> 
> So I would say its good enough in this case, since setting those
> directories in the flag and removing them is currently bundled together
> in the same file. If we later centralized this step somewhere
> (base.bbclass) to make it available for every task, then checking it
> more thoroughly has to be done there.
> So maybe add centralization of the 'root_cleandirs' task flag to the
> TODO list as well.
> 
> Cheers,
> Claudius
> 

what's the status of this series from upstream perspective now? Claudius
sent a documentation update. Any further requirements that need to be
fulfilled prior to this becoming ready for merge?

Thanks,
Jan

-- 
Siemens AG, Corporate Technology, CT RDA IOT SES-DE
Corporate Competence Center Embedded Linux