From mboxrd@z Thu Jan 1 00:00:00 1970 Return-path: Received: from ptx.hi.pengutronix.de ([2001:67c:670:100:1d::c0]) by metis.ext.pengutronix.de with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1jskUY-0007Uf-QJ for ptxdist@pengutronix.de; Tue, 07 Jul 2020 12:06:22 +0200 Received: from mol by ptx.hi.pengutronix.de with local (Exim 4.92) (envelope-from ) id 1jskUY-0005Oo-Gs for ptxdist@pengutronix.de; Tue, 07 Jul 2020 12:06:22 +0200 Date: Tue, 7 Jul 2020 12:06:22 +0200 From: Michael Olbrich Message-ID: <20200707100622.GI25134@pengutronix.de> References: <20200706152441.4200-1-bruno.thomsen@gmail.com> <20200706165610.GD19479@pengutronix.de> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: Subject: Re: [ptxdist] [PATCH] bugfix: kernel: install modules with 755 permission List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: ptxdist@pengutronix.de Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: ptxdist-bounces@pengutronix.de Sender: "ptxdist" To: ptxdist@pengutronix.de On Tue, Jul 07, 2020 at 08:26:37AM +0200, Bruno Thomsen wrote: > Den man. 6. jul. 2020 kl. 18.56 skrev Michael Olbrich > : > > On Mon, Jul 06, 2020 at 05:24:41PM +0200, Bruno Thomsen wrote: > > > Added install_copy fixes errors like this: > > > > > > Incompatible ownership or permissions for '/usr/lib/modules/5.6.13-gb44726ddbb7c': > > > kernel-modules: 0.0 0755 (implicit from /usr/lib/modules/5.6.13-gb44726ddbb7c/kernel/net/ipv6/ip6_udp_tunnel.ko) > > > kernel-modules: 0.0 0775 > > > > Hmmm, you're running ptxdist with a 0002 umask, right?[1] > > > > Also, the fix is not clear to me. The error is for > > /usr/lib/modules/5.6.13-gb44726ddbb7c but you're creating > > /usr/lib/modules explicitly. How does that fix the problem? > > > > I have done some more testing and you are right, the added install_copy > can be dropped. It also works with only the updated install_globs. > > Yes, I am running ptxdist with 0002 umask as a user. > > On Fedora users run with 0002 umask and root runs with 0022 umask, > but ptxdist does not support building as root, e.g. rootless > containers (podman). > > $ podman run --rm -it fedora:32 > [root@7940c80a5df2 /]# whoami > root > [root@7940c80a5df2 /]# umask > 0022 > > So requiring that umask seems a little counter intuitive to me. The problem is, that a lot of packages don't explicitly set the permissions when creating files or directories during 'make install'. Especially directories are often created with a simple 'mkdir'. As a result, the permissions depend on your current umask. And then install_tree looks just takes that permission. At that point PTXdist cannot know, if the permission was explicitly set like this or not, so we cannot do a fixup. We could change the umask during the ptxdist run, but I'm reluctant to do this because the umask is a security feature and just changing it feels wrong to me. Hmm, maybe we could just make it strikter: mask="$(umask)" if [ "$(( (mask | 0022) & 0755))" -eq 0 ]; then umask 0022 else # fail here? fi or something like that? Michael -- Pengutronix e.K. | | Steuerwalder Str. 21 | http://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | _______________________________________________ ptxdist mailing list ptxdist@pengutronix.de To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de