[Buildroot] [PATCH v9 04/15] busybox: applets as individual binaries
Yann E. MORIN
yann.morin.1998 at free.fr
Sat Jul 18 14:26:31 UTC 2015
Clayton, Thomas, All,
On 2015-07-18 14:46 +0200, Thomas Petazzoni spake thusly:
> On Tue, 14 Jul 2015 15:20:16 -0500, Clayton Shotwell wrote:
[--SNIP--]
> > diff --git a/package/busybox/busybox.mk b/package/busybox/busybox.mk
> > index 6b2abca..4942e75 100644
> > --- a/package/busybox/busybox.mk
> > +++ b/package/busybox/busybox.mk
> > @@ -50,9 +50,37 @@ BUSYBOX_KCONFIG_FRAGMENT_FILES = $(call qstrip,$(BR2_PACKAGE_BUSYBOX_CONFIG_FRAG
> > BUSYBOX_KCONFIG_EDITORS = menuconfig xconfig gconfig
> > BUSYBOX_KCONFIG_OPTS = $(BUSYBOX_MAKE_OPTS)
> >
> > +ifeq ($(BR2_PACKAGE_BUSYBOX_INDIVIDUAL_BINARIES),y)
> > +define BUSYBOX_PERMISSIONS
> > + /usr/share/udhcpc/default.script f 755 0 0 - - - - -
> > +endef
> > +
> > +# Set permissions on all applets with BB_SUID_REQUIRE and BB_SUID_MAYBE. The
> > +# permissions are pulled from the applets.h file that is generated during
> > +# the build and used to determine all of the possible applets. The permissions
> > +# file is generated and added to the list of device tables used by makedevs to
> > +# set file permissions.
> > +define BUSYBOX_MAKEDEV_PERMISSIONS
> > + if [ -f $(@D)/.buildroot_permissions ]; then \
> > + rm $(@D)/.buildroot_permissions; \
> > + fi; \
> > + touch $(@D)/.buildroot_permissions; \
> > + for app in `grep -r -e "APPLET.*BB_SUID_REQUIRE\|APPLET.*BB_SUID_MAYBE" $(@D)/include/applets.h \
> > + | sed -e 's/,.*//' -e 's/.*(//'`; \
> > + do \
> > + temp=`grep -w $${app} $(@D)/busybox.links`; \
> > + if [ -n "$${temp}" ]; then \
> > + echo "$${temp} f 4755 0 0 - - - - -" >> $(@D)/.buildroot_permissions; \
> > + fi; \
> > + done
> > +endef
> > +BUSYBOX_POST_INSTALL_TARGET_HOOKS += BUSYBOX_MAKEDEV_PERMISSIONS
> > +BR2_ROOTFS_DEVICE_TABLE += $(BUSYBOX_DIR)/.buildroot_permissions
> > +else
>
> I'm sorry but I don't like this. I don't think any Buildroot package
> *modifies* a BR2_<something> option, that's really a hack. I think the
> only reasonable solution is to have a real permission table, containing
> the list of all applets that may need SUID root. However, I don't
> remember if we error out when a file mentioned in a permission table
> does not exist. I've added Yann in Cc to discuss that further. Maybe we
> need a special syntax in the permission table to say "change the
> permission of this file if it exists, otherwise ignore".
Well, I had a cursory look at makedev.c, and it seems a missing file is
treated as an error:
482 } else if (type == 'f') {
483 struct stat st;
484 if ((stat(full_name, &st) < 0 || !S_ISREG(st.st_mode))) {
485 bb_perror_msg("line %d: regular file '%s' does not exist", linenum, full_name);
486 ret = EXIT_FAILURE;
487 goto loop;
488 }
So, either we filter-out missing applets (Hurck!) or we add a mode to
makedev to ignore missing files, something along the lines of:
diff --git a/package/makedevs/makedevs.c b/package/makedevs/makedevs.c
index 53ff6fe..8a66fa3 100644
--- a/package/makedevs/makedevs.c
+++ b/package/makedevs/makedevs.c
@@ -479,9 +479,11 @@ int main(int argc, char **argv)
ret = EXIT_FAILURE;
goto loop;
}
- } else if (type == 'f') {
+ } else if (type == 'f' || type == 'F') {
struct stat st;
if ((stat(full_name, &st) < 0 || !S_ISREG(st.st_mode))) {
+ if (type == 'F')
+ continue; /* Ignore optional files */
bb_perror_msg("line %d: regular file '%s' does not exist", linenum, full_name);
ret = EXIT_FAILURE;
goto loop;
(Of course 'F' is just a place-holder, we might need a better type...)
Totally untested; needs update in the documentation as well. Might be
worth sending to Busybox too (like for the recursive option) sicne
Busybox is our upstream for that makedev.c file (but was a long time
ago, might no longer apply cleanly...)
Regards,
Yann E. MORIN.
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 223 225 172 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
More information about the buildroot
mailing list