From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 6540161972509343744 X-Received: by 10.223.188.141 with SMTP id g13mr851216wrh.20.1522915383170; Thu, 05 Apr 2018 01:03:03 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com Received: by 10.223.189.4 with SMTP id j4ls1274947wrh.1.gmail; Thu, 05 Apr 2018 01:03:02 -0700 (PDT) X-Google-Smtp-Source: AIpwx4+ByHQwm+i5XD0yO6jAoYJ5RQ9j1JW6g31teJZhTMW4bfblOQs1IYUe8TzHMeuWOI4ep/JO X-Received: by 10.223.189.4 with SMTP id j4mr1256996wrh.25.1522915382654; Thu, 05 Apr 2018 01:03:02 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1522915382; cv=none; d=google.com; s=arc-20160816; b=D7vaRSQuoaIFeD5Vqv2MO8f85UOLdZz6fJK1nyJ1gpgYe3apKrrTAOsHbHUyY1CSCh zi1N2jK2aSjZenUcqNSuQ3gKYKp7d1v+vt9mz51dUTz2cCQ5xeXAEovUk/gVtAW5kyJp xoHrfCBxlMwE7XNpz3CnCLXF5ZwMHgu+tAVf/ZeAEMPfr3HnquLT6STWzkeYmDVUro7H 3kq76Oszc3dfiZZGyY7Ff2FeIIr6BWC0YadnfZrj7Sgk2fb3/iPqtMsWL8kNnO4hBd4J pO8ONrJMArPg6vNCa53RfZmXmPupvbgeAjR8mEk/pRkAfmQIeFECrY2souNpFKle2Bkv ACSg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:content-language:in-reply-to:mime-version :user-agent:date:message-id:from:references:to:subject :arc-authentication-results; bh=c44Y2GOPKlIYYIMnsbt6YAm9dly99nzpmwWN3G/59sc=; b=yhK4ul75lk61wD6uHuKL9UqSaluZqcTnuKErff+XAWL0pTxbOeCmeThUrsJT3YELOJ A/Mjs/38s2uJfMXRcbtAvc719BCQ4h8AtCT2+MB68IhMI0ke2UAYMZ8hPpGsRExZ98bU nLYSzo/FD79i4vH6zYjr+LBp7zLupDD0Camg/tzSDcz5Sdg1iPXiJR8RUebU0ioTnxa+ hBhCx9SmgmopDi/+RxthmALiUX53T0ITmhUjmpfa/UOBNZaRee5PZG4LvoGaK1tZoGLu 1Yq7LnZwPSsPLEf+m8wf2o+QipcLswuB7lBTrRLiZw7mCybglDFCdS4JFXP+3P9YfWQx whGg== ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=pass (google.com: domain of claudius.heine.ext@siemens.com designates 192.35.17.14 as permitted sender) smtp.mailfrom=claudius.heine.ext@siemens.com Return-Path: Received: from david.siemens.de (david.siemens.de. [192.35.17.14]) by gmr-mx.google.com with ESMTPS id v13si21416wmc.4.2018.04.05.01.03.02 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 05 Apr 2018 01:03:02 -0700 (PDT) Received-SPF: pass (google.com: domain of claudius.heine.ext@siemens.com designates 192.35.17.14 as permitted sender) client-ip=192.35.17.14; Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of claudius.heine.ext@siemens.com designates 192.35.17.14 as permitted sender) smtp.mailfrom=claudius.heine.ext@siemens.com Received: from mail2.sbs.de (mail2.sbs.de [192.129.41.66]) by david.siemens.de (8.15.2/8.15.2) with ESMTPS id w35832CV011488 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for ; Thu, 5 Apr 2018 10:03:02 +0200 Received: from [139.25.69.226] (linux-ses-ext02.ppmd.siemens.net [139.25.69.226]) by mail2.sbs.de (8.15.2/8.15.2) with ESMTP id w35831Zt032767 for ; Thu, 5 Apr 2018 10:03:02 +0200 Subject: Re: [PATCH v5 0/5] Debootstrap integration To: isar-users@googlegroups.com References: <20180403100802.30710-1-claudius.heine.ext@siemens.com> <20180404203434.GC3164@yssyq.radix50.net> From: Claudius Heine Message-ID: Date: Thu, 5 Apr 2018 10:03:01 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: <20180404203434.GC3164@yssyq.radix50.net> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-TUID: qsCInrD8CD7t Hi Baurzhan, On 04/04/2018 10:34 PM, Baurzhan Ismagulov wrote: > On Tue, Apr 03, 2018 at 12:07:57PM +0200, claudius.heine.ext@siemens.com wrote: >> this is the new version of this patchset, that fixes the >> generate_keyring task in isar-bootstrap for systems with read-only >> homedir. > > Thanks, worked fine on my host. CI still in progress. > > > It's unfortunate that the series introduces regressions you wrote about > (changing mirrors, setting hostname). It's always better to fix the issues on > the spot. If there are no objections, I'd like to add TODOs to the patches. > Please let me know whether it's ok, or you would like to address those before > the merge. I don't know about you, but I prefer having TODOs somewhere outside the project, maybe in the github issue tracker. At least in my experience TODOs together with code or in a separate file inside the repo are seldom updated and easily forgotten. If this project prefers having TODOs inside the repo, then sure, I have nothing against adding them somewhere. I do plan of adding more features to this once this is merged. This patchset just provides the baseline. > What I'd really like to see is an update to doc/user_manual.md. Would you have > time for that in the next days? I'll try. > > > If I understand the code correctly, there is also a security issue: Not sure if security is really a concern for isar yet. But I get your point that we should prevent possible accidents. :) > > On Tue, Apr 03, 2018 at 12:08:00PM +0200, claudius.heine.ext@siemens.com wrote: >> + CDIRS="${@d.expand(d.getVarFlags("do_build").get("root_cleandirs", ""))}" >> + if [ -n "$CDIRS" ]; then >> + sudo rm -rf $CDIRS >> + mkdir -p $CDIRS >> + fi > > Should root_cleandirs items be checked for directory traversal ("/", "..") and > mounted filesystems in the subdirectories? If yes, do we want to drop the > feature from this series and address the issue in a separate step? This isn't really a new feature of isar yet. Its just the start of a general interface, that could be use everywhere when its acknowledged by the community and fully implemented. So it has to be improved anyway. So I would say its good enough in this case, since setting those directories in the flag and removing them is currently bundled together in the same file. If we later centralized this step somewhere (base.bbclass) to make it available for every task, then checking it more thoroughly has to be done there. So maybe add centralization of the 'root_cleandirs' task flag to the TODO list as well. Cheers, Claudius -- DENX Software Engineering GmbH, Managing Director: Wolfgang Denk HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany Phone: (+49)-8142-66989-54 Fax: (+49)-8142-66989-80 Email: ch@denx.de