aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMatthias Schiffer <mschiffer@universe-factory.net>2016-09-26 15:25:37 +0200
committerMatthias Schiffer <mschiffer@universe-factory.net>2016-09-26 17:57:56 +0200
commita16a8814ead80984ce4ef7bed756434119b3aafa (patch)
tree8c0f95376ab484d1734d2915860c08ed6f713fcf
parent6c1542787d135de358710254e71fe926f8676954 (diff)
downloadupstream-a16a8814ead80984ce4ef7bed756434119b3aafa.tar.gz
upstream-a16a8814ead80984ce4ef7bed756434119b3aafa.tar.bz2
upstream-a16a8814ead80984ce4ef7bed756434119b3aafa.zip
image: don't modify file permissions before rootfs generation
Modifying the file permissions can be harmful, as it would make files world-readable even if they weren't in the ipk packages. The Image/mkfs/prepare step is removed completely, as it is redundant now (/tmp and /overlay are already provided by base-files with the correct permissions). It has been verified that this change does not affect any permissions of files in the default package set except /etc/ppp/chap-secrets, which was world-readable before. All packages not in the default set are more likely to be installed via opkg than being part of a base image and thus were usually not affected by the permission modification anyways. Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
-rw-r--r--include/image-legacy.mk4
-rw-r--r--include/image.mk21
2 files changed, 3 insertions, 22 deletions
diff --git a/include/image-legacy.mk b/include/image-legacy.mk
index 9960caba0c..edbee4c831 100644
--- a/include/image-legacy.mk
+++ b/include/image-legacy.mk
@@ -41,7 +41,7 @@ define LegacyDevice/Check
_TARGET := $$(if $$(_PROFILE_SET),legacy-images,install-disabled)
$$(if $$(_PROFILE_SET),install: legacy-images-make)
ifndef IB
- $$(if $$(_PROFILE_SET),mkfs_prepare: legacy-images-prepare-make)
+ $$(if $$(_PROFILE_SET),kernel_prepare: legacy-images-prepare-make)
endif
endef
@@ -90,5 +90,3 @@ define LegacyDevice
$(call LegacyDevice/$(if $(DUMP),Dump,Build),$(1))
endef
-
-
diff --git a/include/image.mk b/include/image.mk
index d48b1f6abf..13874bec34 100644
--- a/include/image.mk
+++ b/include/image.mk
@@ -251,19 +251,6 @@ define Image/mkfs/ext4
$@ $(call mkfs_target_dir,$(1))/
endef
-define Image/mkfs/prepare/default
- # Use symbolic permissions to avoid clobbering SUID/SGID/sticky bits
- - $(FIND) $(1) -type f -not -perm /0100 -not -name 'ssh_host*' -not -name 'shadow' -print0 | $(XARGS) -0 chmod u+rw,g+r,o+r
- - $(FIND) $(1) -type f -perm /0100 -print0 | $(XARGS) -0 chmod u+rwx,g+rx,o+rx
- - $(FIND) $(1) -type d -print0 | $(XARGS) -0 chmod u+rwx,g+rx,o+rx
- $(INSTALL_DIR) $(1)/tmp $(1)/overlay
- chmod 1777 $(1)/tmp
-endef
-
-define Image/mkfs/prepare
- $(call Image/mkfs/prepare/default,$(1))
-endef
-
define Image/Manifest
$(STAGING_DIR_HOST)/bin/opkg \
--offline-root $(TARGET_DIR) \
@@ -307,7 +294,6 @@ target-dir-%: FORCE
$(if $(mkfs_packages_remove), \
$(call opkg,$(mkfs_cur_target_dir)) remove \
$(mkfs_packages_remove))
- $(call Image/mkfs/prepare,$(mkfs_cur_target_dir))
$(call prepare_rootfs,$(mkfs_cur_target_dir))
-mv $(mkfs_cur_target_dir).opkg $(mkfs_cur_target_dir)/etc/opkg
rm -f $(mkfs_cur_target_dir).conf
@@ -530,7 +516,7 @@ define BuildImage
image_prepare:
ifeq ($(IB),)
- .PHONY: download prepare compile clean image_prepare mkfs_prepare kernel_prepare install install-images
+ .PHONY: download prepare compile clean image_prepare kernel_prepare install install-images
compile:
$(call Build/Compile)
@@ -549,10 +535,7 @@ define BuildImage
mkdir -p $(BIN_DIR) $(KDIR)/tmp
endif
- mkfs_prepare: image_prepare
- $(call Image/mkfs/prepare,$(TARGET_DIR))
-
- kernel_prepare: mkfs_prepare
+ kernel_prepare: image_prepare
$(call Image/Build/targz)
$(call Image/Build/cpiogz)
$(call Image/BuildKernel)