Message ID | af2f24e9869059ef0328f7fc77d8c055900d5062.1607929886.git.jan.kiszka@siemens.com |
---|---|
State | Accepted, archived |
Headers | show |
Series | Add support for Ubuntu | expand |
Am Mon, 14 Dec 2020 08:11:22 +0100 schrieb Jan Kiszka <jan.kiszka@siemens.com>: > From: Jan Kiszka <jan.kiszka@siemens.com> > > Ubuntu places kernel and initrd links under /boot. Furthermore, it > makes the kernel unreadable for non-root users. Account for the > latter by cat'ing the kernel under sudo, redirecting the output to > the deployment artifact so that it is owned by the building user. > > Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> > --- > meta/classes/image.bbclass | 9 ++++++--- > 1 file changed, 6 insertions(+), 3 deletions(-) > > diff --git a/meta/classes/image.bbclass b/meta/classes/image.bbclass > index 74fc8500..eddc4449 100644 > --- a/meta/classes/image.bbclass > +++ b/meta/classes/image.bbclass > @@ -132,15 +132,18 @@ EOF > > do_copy_boot_files[dirs] = "${DEPLOY_DIR_IMAGE}" > do_copy_boot_files() { > - kernel="$(realpath -q '${IMAGE_ROOTFS}/vmlinuz')" > + kernel="$(realpath -q '${IMAGE_ROOTFS}'/vmlinu[xz])" > if [ ! -f "$kernel" ]; then > - kernel="$(realpath -q '${IMAGE_ROOTFS}/vmlinux')" > + kernel="$(realpath -q '${IMAGE_ROOTFS}'/boot/vmlinu[xz])" > fi > if [ -f "$kernel" ]; then > - cp -f "$kernel" '${DEPLOY_DIR_IMAGE}/${KERNEL_IMAGE}' > + sudo cat "$kernel" > "${DEPLOY_DIR_IMAGE}/${KERNEL_IMAGE}" Why "cat" instead of "cp"? I think the real trick is the sudo anyways. Henning > fi > > initrd="$(realpath -q '${IMAGE_ROOTFS}/initrd.img')" > + if [ ! -f "$initrd" ]; then > + initrd="$(realpath -q '${IMAGE_ROOTFS}/boot/initrd.img')" > + fi > if [ -f "$initrd" ]; then > cp -f "$initrd" '${DEPLOY_DIR_IMAGE}/${INITRD_IMAGE}' > fi
On 14.12.20 13:16, Henning Schild wrote: > Am Mon, 14 Dec 2020 08:11:22 +0100 > schrieb Jan Kiszka <jan.kiszka@siemens.com>: > >> From: Jan Kiszka <jan.kiszka@siemens.com> >> >> Ubuntu places kernel and initrd links under /boot. Furthermore, it >> makes the kernel unreadable for non-root users. Account for the >> latter by cat'ing the kernel under sudo, redirecting the output to >> the deployment artifact so that it is owned by the building user. >> >> Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> >> --- >> meta/classes/image.bbclass | 9 ++++++--- >> 1 file changed, 6 insertions(+), 3 deletions(-) >> >> diff --git a/meta/classes/image.bbclass b/meta/classes/image.bbclass >> index 74fc8500..eddc4449 100644 >> --- a/meta/classes/image.bbclass >> +++ b/meta/classes/image.bbclass >> @@ -132,15 +132,18 @@ EOF >> >> do_copy_boot_files[dirs] = "${DEPLOY_DIR_IMAGE}" >> do_copy_boot_files() { >> - kernel="$(realpath -q '${IMAGE_ROOTFS}/vmlinuz')" >> + kernel="$(realpath -q '${IMAGE_ROOTFS}'/vmlinu[xz])" >> if [ ! -f "$kernel" ]; then >> - kernel="$(realpath -q '${IMAGE_ROOTFS}/vmlinux')" >> + kernel="$(realpath -q '${IMAGE_ROOTFS}'/boot/vmlinu[xz])" >> fi >> if [ -f "$kernel" ]; then >> - cp -f "$kernel" '${DEPLOY_DIR_IMAGE}/${KERNEL_IMAGE}' >> + sudo cat "$kernel" > "${DEPLOY_DIR_IMAGE}/${KERNEL_IMAGE}" > > Why "cat" instead of "cp"? I think the real trick is the sudo anyways. > "Furthermore, it makes the kernel unreadable for non-root users. Account for the latter by cat'ing the kernel under sudo, redirecting the output to the deployment artifact so that it is owned by the building user." Jan > Henning > >> fi >> >> initrd="$(realpath -q '${IMAGE_ROOTFS}/initrd.img')" >> + if [ ! -f "$initrd" ]; then >> + initrd="$(realpath -q '${IMAGE_ROOTFS}/boot/initrd.img')" >> + fi >> if [ -f "$initrd" ]; then >> cp -f "$initrd" '${DEPLOY_DIR_IMAGE}/${INITRD_IMAGE}' >> fi >
Am Mon, 14 Dec 2020 13:27:30 +0100 schrieb Jan Kiszka <jan.kiszka@siemens.com>: > On 14.12.20 13:16, Henning Schild wrote: > > Am Mon, 14 Dec 2020 08:11:22 +0100 > > schrieb Jan Kiszka <jan.kiszka@siemens.com>: > > > >> From: Jan Kiszka <jan.kiszka@siemens.com> > >> > >> Ubuntu places kernel and initrd links under /boot. Furthermore, it > >> makes the kernel unreadable for non-root users. Account for the > >> latter by cat'ing the kernel under sudo, redirecting the output to > >> the deployment artifact so that it is owned by the building user. > >> > >> Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> > >> --- > >> meta/classes/image.bbclass | 9 ++++++--- > >> 1 file changed, 6 insertions(+), 3 deletions(-) > >> > >> diff --git a/meta/classes/image.bbclass > >> b/meta/classes/image.bbclass index 74fc8500..eddc4449 100644 > >> --- a/meta/classes/image.bbclass > >> +++ b/meta/classes/image.bbclass > >> @@ -132,15 +132,18 @@ EOF > >> > >> do_copy_boot_files[dirs] = "${DEPLOY_DIR_IMAGE}" > >> do_copy_boot_files() { > >> - kernel="$(realpath -q '${IMAGE_ROOTFS}/vmlinuz')" > >> + kernel="$(realpath -q '${IMAGE_ROOTFS}'/vmlinu[xz])" > >> if [ ! -f "$kernel" ]; then > >> - kernel="$(realpath -q '${IMAGE_ROOTFS}/vmlinux')" > >> + kernel="$(realpath -q '${IMAGE_ROOTFS}'/boot/vmlinu[xz])" > >> fi > >> if [ -f "$kernel" ]; then > >> - cp -f "$kernel" '${DEPLOY_DIR_IMAGE}/${KERNEL_IMAGE}' > >> + sudo cat "$kernel" > > >> "${DEPLOY_DIR_IMAGE}/${KERNEL_IMAGE}" > > > > Why "cat" instead of "cp"? I think the real trick is the sudo > > anyways. > > "Furthermore, it > makes the kernel unreadable for non-root users. Account for the > latter by cat'ing the kernel under sudo, redirecting the output to > the deployment artifact so that it is owned by the building user." I think i would prefer "--no-preserve=mode" to make that explicit in the code ... instead of the commit message. Sorry for my quick shots on this series. Henning > Jan > > > Henning > > > >> fi > >> > >> initrd="$(realpath -q '${IMAGE_ROOTFS}/initrd.img')" > >> + if [ ! -f "$initrd" ]; then > >> + initrd="$(realpath -q '${IMAGE_ROOTFS}/boot/initrd.img')" > >> + fi > >> if [ -f "$initrd" ]; then > >> cp -f "$initrd" '${DEPLOY_DIR_IMAGE}/${INITRD_IMAGE}' > >> fi > > > >
On 14.12.20 13:36, Henning Schild wrote: > Am Mon, 14 Dec 2020 13:27:30 +0100 > schrieb Jan Kiszka <jan.kiszka@siemens.com>: > >> On 14.12.20 13:16, Henning Schild wrote: >>> Am Mon, 14 Dec 2020 08:11:22 +0100 >>> schrieb Jan Kiszka <jan.kiszka@siemens.com>: >>> >>>> From: Jan Kiszka <jan.kiszka@siemens.com> >>>> >>>> Ubuntu places kernel and initrd links under /boot. Furthermore, it >>>> makes the kernel unreadable for non-root users. Account for the >>>> latter by cat'ing the kernel under sudo, redirecting the output to >>>> the deployment artifact so that it is owned by the building user. >>>> >>>> Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> >>>> --- >>>> meta/classes/image.bbclass | 9 ++++++--- >>>> 1 file changed, 6 insertions(+), 3 deletions(-) >>>> >>>> diff --git a/meta/classes/image.bbclass >>>> b/meta/classes/image.bbclass index 74fc8500..eddc4449 100644 >>>> --- a/meta/classes/image.bbclass >>>> +++ b/meta/classes/image.bbclass >>>> @@ -132,15 +132,18 @@ EOF >>>> >>>> do_copy_boot_files[dirs] = "${DEPLOY_DIR_IMAGE}" >>>> do_copy_boot_files() { >>>> - kernel="$(realpath -q '${IMAGE_ROOTFS}/vmlinuz')" >>>> + kernel="$(realpath -q '${IMAGE_ROOTFS}'/vmlinu[xz])" >>>> if [ ! -f "$kernel" ]; then >>>> - kernel="$(realpath -q '${IMAGE_ROOTFS}/vmlinux')" >>>> + kernel="$(realpath -q '${IMAGE_ROOTFS}'/boot/vmlinu[xz])" >>>> fi >>>> if [ -f "$kernel" ]; then >>>> - cp -f "$kernel" '${DEPLOY_DIR_IMAGE}/${KERNEL_IMAGE}' >>>> + sudo cat "$kernel" > >>>> "${DEPLOY_DIR_IMAGE}/${KERNEL_IMAGE}" >>> >>> Why "cat" instead of "cp"? I think the real trick is the sudo >>> anyways. >> >> "Furthermore, it >> makes the kernel unreadable for non-root users. Account for the >> latter by cat'ing the kernel under sudo, redirecting the output to >> the deployment artifact so that it is owned by the building user." > > I think i would prefer "--no-preserve=mode" to make that explicit in > the code ... instead of the commit message. Sorry for my quick shots on > this series. --no-preserve=mode and also --no-preserve=ownership do not help. Any other trick I miss? Would prefer something explicit as well. Jan
Am Mon, 14 Dec 2020 17:39:28 +0100 schrieb Jan Kiszka <jan.kiszka@siemens.com>: > On 14.12.20 13:36, Henning Schild wrote: > > Am Mon, 14 Dec 2020 13:27:30 +0100 > > schrieb Jan Kiszka <jan.kiszka@siemens.com>: > > > >> On 14.12.20 13:16, Henning Schild wrote: > >>> Am Mon, 14 Dec 2020 08:11:22 +0100 > >>> schrieb Jan Kiszka <jan.kiszka@siemens.com>: > >>> > >>>> From: Jan Kiszka <jan.kiszka@siemens.com> > >>>> > >>>> Ubuntu places kernel and initrd links under /boot. Furthermore, > >>>> it makes the kernel unreadable for non-root users. Account for > >>>> the latter by cat'ing the kernel under sudo, redirecting the > >>>> output to the deployment artifact so that it is owned by the > >>>> building user. > >>>> > >>>> Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> > >>>> --- > >>>> meta/classes/image.bbclass | 9 ++++++--- > >>>> 1 file changed, 6 insertions(+), 3 deletions(-) > >>>> > >>>> diff --git a/meta/classes/image.bbclass > >>>> b/meta/classes/image.bbclass index 74fc8500..eddc4449 100644 > >>>> --- a/meta/classes/image.bbclass > >>>> +++ b/meta/classes/image.bbclass > >>>> @@ -132,15 +132,18 @@ EOF > >>>> > >>>> do_copy_boot_files[dirs] = "${DEPLOY_DIR_IMAGE}" > >>>> do_copy_boot_files() { > >>>> - kernel="$(realpath -q '${IMAGE_ROOTFS}/vmlinuz')" > >>>> + kernel="$(realpath -q '${IMAGE_ROOTFS}'/vmlinu[xz])" > >>>> if [ ! -f "$kernel" ]; then > >>>> - kernel="$(realpath -q '${IMAGE_ROOTFS}/vmlinux')" > >>>> + kernel="$(realpath -q > >>>> '${IMAGE_ROOTFS}'/boot/vmlinu[xz])" fi > >>>> if [ -f "$kernel" ]; then > >>>> - cp -f "$kernel" '${DEPLOY_DIR_IMAGE}/${KERNEL_IMAGE}' > >>>> + sudo cat "$kernel" > > >>>> "${DEPLOY_DIR_IMAGE}/${KERNEL_IMAGE}" > >>> > >>> Why "cat" instead of "cp"? I think the real trick is the sudo > >>> anyways. > >> > >> "Furthermore, it > >> makes the kernel unreadable for non-root users. Account for the > >> latter by cat'ing the kernel under sudo, redirecting the output to > >> the deployment artifact so that it is owned by the building user." > >> > > > > I think i would prefer "--no-preserve=mode" to make that explicit in > > the code ... instead of the commit message. Sorry for my quick > > shots on this series. > > --no-preserve=mode and also --no-preserve=ownership do not help. Any > other trick I miss? Would prefer something explicit as well. sudo cp && chmod && chown Henning > Jan >
On 14.12.20 17:40, Henning Schild wrote: > Am Mon, 14 Dec 2020 17:39:28 +0100 > schrieb Jan Kiszka <jan.kiszka@siemens.com>: > >> On 14.12.20 13:36, Henning Schild wrote: >>> Am Mon, 14 Dec 2020 13:27:30 +0100 >>> schrieb Jan Kiszka <jan.kiszka@siemens.com>: >>> >>>> On 14.12.20 13:16, Henning Schild wrote: >>>>> Am Mon, 14 Dec 2020 08:11:22 +0100 >>>>> schrieb Jan Kiszka <jan.kiszka@siemens.com>: >>>>> >>>>>> From: Jan Kiszka <jan.kiszka@siemens.com> >>>>>> >>>>>> Ubuntu places kernel and initrd links under /boot. Furthermore, >>>>>> it makes the kernel unreadable for non-root users. Account for >>>>>> the latter by cat'ing the kernel under sudo, redirecting the >>>>>> output to the deployment artifact so that it is owned by the >>>>>> building user. >>>>>> >>>>>> Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> >>>>>> --- >>>>>> meta/classes/image.bbclass | 9 ++++++--- >>>>>> 1 file changed, 6 insertions(+), 3 deletions(-) >>>>>> >>>>>> diff --git a/meta/classes/image.bbclass >>>>>> b/meta/classes/image.bbclass index 74fc8500..eddc4449 100644 >>>>>> --- a/meta/classes/image.bbclass >>>>>> +++ b/meta/classes/image.bbclass >>>>>> @@ -132,15 +132,18 @@ EOF >>>>>> >>>>>> do_copy_boot_files[dirs] = "${DEPLOY_DIR_IMAGE}" >>>>>> do_copy_boot_files() { >>>>>> - kernel="$(realpath -q '${IMAGE_ROOTFS}/vmlinuz')" >>>>>> + kernel="$(realpath -q '${IMAGE_ROOTFS}'/vmlinu[xz])" >>>>>> if [ ! -f "$kernel" ]; then >>>>>> - kernel="$(realpath -q '${IMAGE_ROOTFS}/vmlinux')" >>>>>> + kernel="$(realpath -q >>>>>> '${IMAGE_ROOTFS}'/boot/vmlinu[xz])" fi >>>>>> if [ -f "$kernel" ]; then >>>>>> - cp -f "$kernel" '${DEPLOY_DIR_IMAGE}/${KERNEL_IMAGE}' >>>>>> + sudo cat "$kernel" > >>>>>> "${DEPLOY_DIR_IMAGE}/${KERNEL_IMAGE}" >>>>> >>>>> Why "cat" instead of "cp"? I think the real trick is the sudo >>>>> anyways. >>>> >>>> "Furthermore, it >>>> makes the kernel unreadable for non-root users. Account for the >>>> latter by cat'ing the kernel under sudo, redirecting the output to >>>> the deployment artifact so that it is owned by the building user." >>>> >>> >>> I think i would prefer "--no-preserve=mode" to make that explicit in >>> the code ... instead of the commit message. Sorry for my quick >>> shots on this series. >> >> --no-preserve=mode and also --no-preserve=ownership do not help. Any >> other trick I miss? Would prefer something explicit as well. > > sudo cp && chmod && chown > That's not a trick. Than this solution here is simpler. Jan
diff --git a/meta/classes/image.bbclass b/meta/classes/image.bbclass index 74fc8500..eddc4449 100644 --- a/meta/classes/image.bbclass +++ b/meta/classes/image.bbclass @@ -132,15 +132,18 @@ EOF do_copy_boot_files[dirs] = "${DEPLOY_DIR_IMAGE}" do_copy_boot_files() { - kernel="$(realpath -q '${IMAGE_ROOTFS}/vmlinuz')" + kernel="$(realpath -q '${IMAGE_ROOTFS}'/vmlinu[xz])" if [ ! -f "$kernel" ]; then - kernel="$(realpath -q '${IMAGE_ROOTFS}/vmlinux')" + kernel="$(realpath -q '${IMAGE_ROOTFS}'/boot/vmlinu[xz])" fi if [ -f "$kernel" ]; then - cp -f "$kernel" '${DEPLOY_DIR_IMAGE}/${KERNEL_IMAGE}' + sudo cat "$kernel" > "${DEPLOY_DIR_IMAGE}/${KERNEL_IMAGE}" fi initrd="$(realpath -q '${IMAGE_ROOTFS}/initrd.img')" + if [ ! -f "$initrd" ]; then + initrd="$(realpath -q '${IMAGE_ROOTFS}/boot/initrd.img')" + fi if [ -f "$initrd" ]; then cp -f "$initrd" '${DEPLOY_DIR_IMAGE}/${INITRD_IMAGE}' fi