diff mbox series

[v4,07/17] rootfs_generate_initramfs: rework deployment to avoid chowning

Message ID 20260601113505.2898877-8-felix.moessbauer@siemens.com
State New
Headers show
Series add support to build isar unprivileged | expand

Commit Message

Felix Moessbauer June 1, 2026, 11:34 a.m. UTC 
Previously the initrd was deployed as root and later chowned in the
deploy dir. This involves privileged operations which will no longer be
possible when running rootless. To prepare for that, we deploy via a
stdout and create the target file by the correct user.

While doing this, we also remove a useless sudo invocation when listing
the ROOTFS/boot dir, as this can be listed by all users.

Signed-off-by: Felix Moessbauer <felix.moessbauer@siemens.com>
---
 meta/classes-recipe/rootfs.bbclass | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)
diff mbox series

Patch

diff --git a/meta/classes-recipe/rootfs.bbclass b/meta/classes-recipe/rootfs.bbclass
index aa65cec4..ca179392 100644
--- a/meta/classes-recipe/rootfs.bbclass
+++ b/meta/classes-recipe/rootfs.bbclass
@@ -620,18 +620,17 @@  python do_generate_initramfs_setscene () {
 
 rootfs_generate_initramfs[progress] = "custom:rootfs_progress.InitrdProgressHandler"
 rootfs_generate_initramfs() {
-    if [ -n "$(sudo find '${ROOTFSDIR}/boot' -type f -name 'vmlinu[xz]*')" ]; then
+    if [ -n "$(find '${ROOTFSDIR}/boot' -type f -name 'vmlinu[xz]*')" ]; then
         for kernel in ${ROOTFSDIR}/boot/vmlinu[xz]-*; do
             export kernel_version=$(basename $kernel | cut -d'-' -f2-)
             mods_total="$(find ${ROOTFSDIR}/usr/lib/modules/$kernel_version -type f -name '*.ko*' | wc -l)"
             echo "Total number of modules: $mods_total"
             echo "Generating initrd for kernel version: $kernel_version"
-            run_in_chroot "${ROOTFSDIR}" sh -ec ' \
-                ${ROOTFS_INITRAMFS_GENERATOR_CMDLINE}; \
-                find /boot -name "initrd.img-$kernel_version*" -exec install --mode 0644 {} /isar-work/initrd.img \; \
-                '
+            run_in_chroot "${ROOTFSDIR}" sh -ec '${ROOTFS_INITRAMFS_GENERATOR_CMDLINE}'
+            # on dracut, the initrd is not world-readable
+            run_privileged find ${ROOTFSDIR}/boot -name "initrd.img-$kernel_version*" -exec cat {} \; \
+                > ${DEPLOYDIR}/${INITRD_DEPLOY_FILE}
         done
-        install --owner $(id -u) --group $(id -g) ${WORKDIR}/initrd.img ${DEPLOYDIR}/${INITRD_DEPLOY_FILE}
     else
         echo "no kernel in this rootfs, do not generate initrd"
     fi