| Message ID | 20260218115827.3947145-3-felix.moessbauer@siemens.com |
|---|---|
| State | New |
| Headers | show |
| Series | add support to build isar unprivileged | expand |
On 18.02.26 12:58, 'Felix Moessbauer' via isar-users wrote: > The archive is world readable, so we can access it without root > privileges. By that, the files in the download dir are also owned by the > calling user, making the additional chown obsolete. > > Signed-off-by: Felix Moessbauer <felix.moessbauer@siemens.com> > --- > meta/classes-recipe/deb-dl-dir.bbclass | 5 ++--- > 1 file changed, 2 insertions(+), 3 deletions(-) > > diff --git a/meta/classes-recipe/deb-dl-dir.bbclass b/meta/classes-recipe/deb-dl-dir.bbclass > index 7ebc3526..76c2435f 100644 > --- a/meta/classes-recipe/deb-dl-dir.bbclass > +++ b/meta/classes-recipe/deb-dl-dir.bbclass > @@ -153,7 +153,7 @@ deb_dl_dir_export() { > isar_debs="$(${SCRIPTSDIR}/lockrun.py -r -f '${REPO_ISAR_DIR}/isar.lock' -c \ > "find '${REPO_ISAR_DIR}/${DISTRO}' -name '*.deb' -print")" > > - flock "${pc}".lock sudo -Es << 'EOSUDO' > + flock "${pc}".lock /bin/bash -s << 'EOF' Do we need bash here or would /bin/sh suffice? Jan > set -e > printenv | grep -q BB_VERBOSE_LOGS && set -x > > @@ -170,6 +170,5 @@ deb_dl_dir_export() { > ln -Pf "${p}" "${pc}" 2>/dev/null || > cp -n "${p}" "${pc}" > done > - chown -R ${owner} "${pc}" > -EOSUDO > +EOF > }
On Wed, 2026-02-18 at 15:01 +0100, Jan Kiszka wrote: > On 18.02.26 12:58, 'Felix Moessbauer' via isar-users wrote: > > The archive is world readable, so we can access it without root > > privileges. By that, the files in the download dir are also owned by the > > calling user, making the additional chown obsolete. > > > > Signed-off-by: Felix Moessbauer <felix.moessbauer@siemens.com> > > --- > > meta/classes-recipe/deb-dl-dir.bbclass | 5 ++--- > > 1 file changed, 2 insertions(+), 3 deletions(-) > > > > diff --git a/meta/classes-recipe/deb-dl-dir.bbclass b/meta/classes-recipe/deb-dl-dir.bbclass > > index 7ebc3526..76c2435f 100644 > > --- a/meta/classes-recipe/deb-dl-dir.bbclass > > +++ b/meta/classes-recipe/deb-dl-dir.bbclass > > @@ -153,7 +153,7 @@ deb_dl_dir_export() { > > isar_debs="$(${SCRIPTSDIR}/lockrun.py -r -f '${REPO_ISAR_DIR}/isar.lock' -c \ > > "find '${REPO_ISAR_DIR}/${DISTRO}' -name '*.deb' -print")" > > > > - flock "${pc}".lock sudo -Es << 'EOSUDO' > > + flock "${pc}".lock /bin/bash -s << 'EOF' > > Do we need bash here or would /bin/sh suffice? The executed here document is not POSIX shell compatible. It could probably be written in a sh compatible style, but that's out of scope of this series. Felix > > Jan > > > set -e > > printenv | grep -q BB_VERBOSE_LOGS && set -x > > > > @@ -170,6 +170,5 @@ deb_dl_dir_export() { > > ln -Pf "${p}" "${pc}" 2>/dev/null || > > cp -n "${p}" "${pc}" > > done > > - chown -R ${owner} "${pc}" > > -EOSUDO > > +EOF > > } > > -- > Siemens AG, Foundational Technologies > Linux Expert Center
diff --git a/meta/classes-recipe/deb-dl-dir.bbclass b/meta/classes-recipe/deb-dl-dir.bbclass index 7ebc3526..76c2435f 100644 --- a/meta/classes-recipe/deb-dl-dir.bbclass +++ b/meta/classes-recipe/deb-dl-dir.bbclass @@ -153,7 +153,7 @@ deb_dl_dir_export() { isar_debs="$(${SCRIPTSDIR}/lockrun.py -r -f '${REPO_ISAR_DIR}/isar.lock' -c \ "find '${REPO_ISAR_DIR}/${DISTRO}' -name '*.deb' -print")" - flock "${pc}".lock sudo -Es << 'EOSUDO' + flock "${pc}".lock /bin/bash -s << 'EOF' set -e printenv | grep -q BB_VERBOSE_LOGS && set -x @@ -170,6 +170,5 @@ deb_dl_dir_export() { ln -Pf "${p}" "${pc}" 2>/dev/null || cp -n "${p}" "${pc}" done - chown -R ${owner} "${pc}" -EOSUDO +EOF }
The archive is world readable, so we can access it without root privileges. By that, the files in the download dir are also owned by the calling user, making the additional chown obsolete. Signed-off-by: Felix Moessbauer <felix.moessbauer@siemens.com> --- meta/classes-recipe/deb-dl-dir.bbclass | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-)