[Buildroot] [PATCH 2/4] core: allow packages to declare a permission file
Arnout Vandecappelle
arnout at mind.be
Mon Jul 3 16:11:46 UTC 2017
On 03-07-17 18:03, Arnout Vandecappelle wrote:
> Hi all,
>
> On 29-03-17 08:43, Arnout Vandecappelle wrote:
>>
>>
>> On 29-03-17 00:12, Arnout Vandecappelle wrote:
>> [snip]
>>> define BUSYBOX_PERMISSIONS
>>> $(foreach app,$(shell \
>>> for app in `grep -r -e "APPLET.*BB_SUID_REQUIRE\|APPLET.*BB_SUID_MAYBE"
>>> $(BUSYBOX_DIR)/include/applets.h \
>>> | sed -e 's/,.*//' -e 's/.*(//'`; \
>>> do \
>>> grep -w $${app} $(BUSYBOX_DIR)/busybox.links; \
>>> done #) ),$(app) f 4755 0 0 - - - - -$(sep))
>>> endef
>>>
>>> For that to work, the condition around PACKAGES_PERMISSIONS_TABLES += must be
>>> removed, but that's fine IMO (just adds a lot of empty lines to the device
>>> table, but that doesn't hurt). The #) is a bit ugly but I'm sure a better
>>> solution can be found.
>>>
>>> With that solution, patches 2 and 3 wouldn't be needed.
>>
>> And an even simpler approach would be to always run the installation commands
>> under fakeroot (with the -i -s options of course) That would simplify a lot of
>> things. But there are probably problems with that approach as well - e.g.
>> nothing should install/remove anything in target outside of the install-target step.
>
> We finally got around to discussing this at the Summer Camp. The conclusion is
> that the simplest option is in fact to go back to your earlier solution, where
> makedevs would be extended with a file type that ignores files that don't exist,
> and the BUSYBOX_PERMISSIONS are set statically for all potential busybox
> applets. Yann doesn't like it but he's a minority :-).
>
> Bryce, Adam, do you think you could reconstruct such a series?
Thomas gently suggested that I should do this instead, so don't bother :-)
Regards,
Arnout
--
Arnout Vandecappelle arnout at mind be
Senior Embedded Software Architect +32-16-286500
Essensium/Mind http://www.mind.be
G.Geenslaan 9, 3001 Leuven, Belgium BE 872 984 063 RPR Leuven
LinkedIn profile: http://www.linkedin.com/in/arnoutvandecappelle
GPG fingerprint: 7493 020B C7E3 8618 8DEC 222C 82EB F404 F9AC 0DDF
More information about the buildroot
mailing list