diff options
author | Matthias Schiffer <mschiffer@universe-factory.net> | 2016-09-26 15:25:37 +0200 |
---|---|---|
committer | Matthias Schiffer <mschiffer@universe-factory.net> | 2016-09-26 17:57:56 +0200 |
commit | a16a8814ead80984ce4ef7bed756434119b3aafa (patch) | |
tree | 8c0f95376ab484d1734d2915860c08ed6f713fcf | |
parent | 6c1542787d135de358710254e71fe926f8676954 (diff) | |
download | upstream-a16a8814ead80984ce4ef7bed756434119b3aafa.tar.gz upstream-a16a8814ead80984ce4ef7bed756434119b3aafa.tar.bz2 upstream-a16a8814ead80984ce4ef7bed756434119b3aafa.zip |
image: don't modify file permissions before rootfs generation
Modifying the file permissions can be harmful, as it would make files
world-readable even if they weren't in the ipk packages. The
Image/mkfs/prepare step is removed completely, as it is redundant now (/tmp
and /overlay are already provided by base-files with the correct
permissions).
It has been verified that this change does not affect any permissions of
files in the default package set except /etc/ppp/chap-secrets, which was
world-readable before. All packages not in the default set are more likely
to be installed via opkg than being part of a base image and thus were
usually not affected by the permission modification anyways.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
-rw-r--r-- | include/image-legacy.mk | 4 | ||||
-rw-r--r-- | include/image.mk | 21 |
2 files changed, 3 insertions, 22 deletions
diff --git a/include/image-legacy.mk b/include/image-legacy.mk index 9960caba0c..edbee4c831 100644 --- a/include/image-legacy.mk +++ b/include/image-legacy.mk @@ -41,7 +41,7 @@ define LegacyDevice/Check _TARGET := $$(if $$(_PROFILE_SET),legacy-images,install-disabled) $$(if $$(_PROFILE_SET),install: legacy-images-make) ifndef IB - $$(if $$(_PROFILE_SET),mkfs_prepare: legacy-images-prepare-make) + $$(if $$(_PROFILE_SET),kernel_prepare: legacy-images-prepare-make) endif endef @@ -90,5 +90,3 @@ define LegacyDevice $(call LegacyDevice/$(if $(DUMP),Dump,Build),$(1)) endef - - diff --git a/include/image.mk b/include/image.mk index d48b1f6abf..13874bec34 100644 --- a/include/image.mk +++ b/include/image.mk @@ -251,19 +251,6 @@ define Image/mkfs/ext4 $@ $(call mkfs_target_dir,$(1))/ endef -define Image/mkfs/prepare/default - # Use symbolic permissions to avoid clobbering SUID/SGID/sticky bits - - $(FIND) $(1) -type f -not -perm /0100 -not -name 'ssh_host*' -not -name 'shadow' -print0 | $(XARGS) -0 chmod u+rw,g+r,o+r - - $(FIND) $(1) -type f -perm /0100 -print0 | $(XARGS) -0 chmod u+rwx,g+rx,o+rx - - $(FIND) $(1) -type d -print0 | $(XARGS) -0 chmod u+rwx,g+rx,o+rx - $(INSTALL_DIR) $(1)/tmp $(1)/overlay - chmod 1777 $(1)/tmp -endef - -define Image/mkfs/prepare - $(call Image/mkfs/prepare/default,$(1)) -endef - define Image/Manifest $(STAGING_DIR_HOST)/bin/opkg \ --offline-root $(TARGET_DIR) \ @@ -307,7 +294,6 @@ target-dir-%: FORCE $(if $(mkfs_packages_remove), \ $(call opkg,$(mkfs_cur_target_dir)) remove \ $(mkfs_packages_remove)) - $(call Image/mkfs/prepare,$(mkfs_cur_target_dir)) $(call prepare_rootfs,$(mkfs_cur_target_dir)) -mv $(mkfs_cur_target_dir).opkg $(mkfs_cur_target_dir)/etc/opkg rm -f $(mkfs_cur_target_dir).conf @@ -530,7 +516,7 @@ define BuildImage image_prepare: ifeq ($(IB),) - .PHONY: download prepare compile clean image_prepare mkfs_prepare kernel_prepare install install-images + .PHONY: download prepare compile clean image_prepare kernel_prepare install install-images compile: $(call Build/Compile) @@ -549,10 +535,7 @@ define BuildImage mkdir -p $(BIN_DIR) $(KDIR)/tmp endif - mkfs_prepare: image_prepare - $(call Image/mkfs/prepare,$(TARGET_DIR)) - - kernel_prepare: mkfs_prepare + kernel_prepare: image_prepare $(call Image/Build/targz) $(call Image/Build/cpiogz) $(call Image/BuildKernel) |