summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorWaldemar Brodkorb <wbx@uclibc-ng.org>2016-09-23 14:43:56 +0200
committerWaldemar Brodkorb <wbx@uclibc-ng.org>2016-09-23 14:46:14 +0200
commitcc2f3ef0e48483f8909f6f29f58bcb984ea27682 (patch)
tree38fee6682a9745cbbae0ae913bd9676028778aa0
parent58eeb548906799709ffe076a90923a62efbcd83d (diff)
add support for permission fixups when using genimage
Add suid-bit to Xorg as an example. Create simple *.perm files with relative path to the files. You can use any command available on the host. (f.e. chmod/chown)
-rw-r--r--mk/image.mk17
-rw-r--r--mk/package.mk3
-rw-r--r--package/fakeroot/Makefile1
-rw-r--r--package/libcap/Makefile21
-rw-r--r--package/libcap/patches/patch-Make_Rules53
-rw-r--r--package/libcap/patches/patch-Makefile31
-rw-r--r--package/libcap/patches/patch-libcap_Makefile50
-rw-r--r--package/libcap/patches/patch-progs_Makefile12
-rw-r--r--package/xorg-server/files/xorg-server.perm1
-rw-r--r--target/config/Config.in.runtime7
-rw-r--r--target/config/Config.in.tools4
11 files changed, 87 insertions, 113 deletions
diff --git a/mk/image.mk b/mk/image.mk
index dfd32f3f3..a3e044fde 100644
--- a/mk/image.mk
+++ b/mk/image.mk
@@ -1,6 +1,12 @@
# This file is part of the OpenADK project. OpenADK is copyrighted
# material, please see the LICENCE file in the top-level directory.
+ifeq ($(ADK_RUNTIME_FIX_PERMISSION),y)
+FAKEROOT:=$(STAGING_HOST_DIR)/usr/bin/fakeroot --
+else
+FAKEROOT:=
+endif
+
ifeq ($(ADK_TARGET_OS_LINUX),y)
# relative paths, like 'mksh' or '../usr/bin/foosh'
ifeq (${ADK_BINSH_ASH},y)
@@ -276,7 +282,16 @@ ${FW_DIR}/${GENIMAGE}: ${TARGET_DIR} kernel-package
@mkdir -p ${FW_DIR}/temp
@$(CP) $(KERNEL) $(FW_DIR)/kernel
@dd if=/dev/zero of=${FW_DIR}/cfgfs.img bs=16384 count=1 $(MAKE_TRACE)
- PATH='${HOST_PATH}' mke2img \
+ifeq ($(ADK_RUNTIME_FIX_PERMISSION),y)
+ echo '#!/bin/sh' > $(ADK_TOPDIR)/scripts/fakeroot.sh
+ echo "chown -R 0:0 $(TARGET_DIR)" >> $(ADK_TOPDIR)/scripts/fakeroot.sh
+ echo 'cd $(TARGET_DIR)' >> $(ADK_TOPDIR)/scripts/fakeroot.sh
+ -@cat $(STAGING_TARGET_DIR)/scripts/permissions.sh >> $(ADK_TOPDIR)/scripts/fakeroot.sh 2>/dev/null
+ chmod 755 $(ADK_TOPDIR)/scripts/fakeroot.sh
+ PATH='$(HOST_PATH)' $(FAKEROOT) $(ADK_TOPDIR)/scripts/fakeroot.sh
+ rm $(ADK_TOPDIR)/scripts/fakeroot.sh $(STAGING_TARGET_DIR)/scripts/permissions.sh
+endif
+ PATH='${HOST_PATH}' $(FAKEROOT) mke2img \
-G 4 \
-d "$(TARGET_DIR)" \
-o $(FW_DIR)/rootfs.ext $(MAKE_TRACE)
diff --git a/mk/package.mk b/mk/package.mk
index 768b845ed..88c08cba9 100644
--- a/mk/package.mk
+++ b/mk/package.mk
@@ -230,6 +230,9 @@ endif
endif
@mkdir -p $${PACKAGE_DIR} '$${STAGING_PKG_DIR}/stamps' \
'$${STAGING_TARGET_DIR}/scripts'
+ @for file in $$$$(ls ./files/*.perm 2>/dev/null); do \
+ cat $$$$file >> $${STAGING_TARGET_DIR}/scripts/permissions.sh; \
+ done
ifeq (,$(filter noremove,$(7)))
@if test -s '$${STAGING_PKG_DIR}/$(1)'; then \
cd '$${STAGING_TARGET_DIR}'; \
diff --git a/package/fakeroot/Makefile b/package/fakeroot/Makefile
index f0654d696..3900198b3 100644
--- a/package/fakeroot/Makefile
+++ b/package/fakeroot/Makefile
@@ -10,6 +10,7 @@ PKG_HASH:= 7c0a164d19db3efa9e802e0fc7cdfeff70ec6d26cdbdc4338c9c2823c5ea230c
PKG_DESCR:= fake root permissions
PKG_SECTION:= sys/utils
PKG_SITES:= http://http.debian.net/debian/pool/main/f/fakeroot/
+HOST_BUILDDEP:= libcap-host
PKG_CFLINE_FAKEROOT:= depends on ADK_HOST_ONLY
diff --git a/package/libcap/Makefile b/package/libcap/Makefile
index 59ce0e965..99f23695c 100644
--- a/package/libcap/Makefile
+++ b/package/libcap/Makefile
@@ -4,18 +4,22 @@
include $(ADK_TOPDIR)/rules.mk
PKG_NAME:= libcap
-PKG_VERSION:= 2.24
+PKG_VERSION:= 2.25
PKG_RELEASE:= 1
-PKG_HASH:= cee4568f78dc851d726fc93f25f4ed91cc223b1fe8259daa4a77158d174e6c65
+PKG_HASH:= 693c8ac51e983ee678205571ef272439d83afe62dd8e424ea14ad9790bc35162
PKG_DESCR:= capabilities library
PKG_SECTION:= libs/misc
PKG_URL:= http://www.friedhoff.org/posixfilecaps.html
PKG_SITES:= https://www.kernel.org/pub/linux/libs/security/linux-privs/libcap2/
PKG_OPTS:= dev
+include $(ADK_TOPDIR)/mk/host.mk
include $(ADK_TOPDIR)/mk/package.mk
-$(eval $(call PKG_template,LIBCAP,libcap,$(PKG_VERSION)-${PKG_RELEASE},${PKG_DEPENDS},${PKG_DESCR},${PKG_SECTION},${PKG_OPTS}))
+$(eval $(call HOST_template,LIBCAP,libcap,$(PKG_VERSION)-$(PKG_RELEASE)))
+$(eval $(call PKG_template,LIBCAP,libcap,$(PKG_VERSION)-$(PKG_RELEASE),$(PKG_DEPENDS),$(PKG_DESCR),$(PKG_SECTION),$(PKG_OPTS)))
+
+HOST_STYLE:= manual
# for Darwin hosts
CPPFLAGS_FOR_BUILD+= -I$(STAGING_TARGET_DIR)/usr/include
@@ -29,9 +33,18 @@ ALL_TARGET:= shared progs
INSTALL_TARGET:= install-shared
endif
+host-build:
+ (cd ${WRKBUILD} && env ${HOST_MAKE_ENV} ${MAKE} -f ${MAKE_FILE} \
+ ${HOST_MAKE_FLAGS} ${HOST_ALL_TARGET}) $(MAKE_TRACE)
+
+libcap-hostinstall:
+ cd ${WRKBUILD} && env ${HOST_MAKE_ENV} ${MAKE} -f ${MAKE_FILE} \
+ ${HOST_FAKE_FLAGS} DESTDIR='${STAGING_HOST_DIR}' ${HOST_INSTALL_TARGET} $(MAKE_TRACE)
+
libcap-install:
$(INSTALL_DIR) $(IDIR_LIBCAP)/usr/lib
$(CP) $(WRKINST)/usr/lib/libcap*.so* \
$(IDIR_LIBCAP)/usr/lib
-include ${ADK_TOPDIR}/mk/pkg-bottom.mk
+include $(ADK_TOPDIR)/mk/host-bottom.mk
+include $(ADK_TOPDIR)/mk/pkg-bottom.mk
diff --git a/package/libcap/patches/patch-Make_Rules b/package/libcap/patches/patch-Make_Rules
index a6a637d3b..57b0e9425 100644
--- a/package/libcap/patches/patch-Make_Rules
+++ b/package/libcap/patches/patch-Make_Rules
@@ -1,20 +1,19 @@
---- libcap-2.24.orig/Make.Rules 2014-01-06 02:16:21.000000000 +0100
-+++ libcap-2.24/Make.Rules 2015-02-26 14:01:28.000000000 +0100
-@@ -12,22 +12,12 @@ FAKEROOT=$(DESTDIR)
- # These choices are motivated by the fact that getcap and setcap are
+--- libcap-2.25.orig/Make.Rules 2016-01-31 02:14:53.000000000 +0100
++++ libcap-2.25/Make.Rules 2016-09-23 10:37:16.179167139 +0200
+@@ -13,21 +13,14 @@ FAKEROOT=$(DESTDIR)
# administrative operations that could be needed to recover a system.
--ifndef lib
+ ifndef lib
-lib=$(shell ldd /usr/bin/ld|egrep "ld-linux|ld.so"|cut -d/ -f2)
--endif
--
++lib=lib
+ endif
+
-ifdef prefix
-exec_prefix=$(prefix)
-lib_prefix=$(exec_prefix)
-inc_prefix=$(lib_prefix)
-man_prefix=$(prefix)/share
-else
-+lib=lib
prefix=/usr
-exec_prefix=
+exec_prefix=$(prefix)
@@ -25,41 +24,3 @@
# Target directories
-@@ -48,28 +38,28 @@ MINOR=24
- KERNEL_HEADERS := $(topdir)/libcap/include/uapi
- IPATH += -fPIC -I$(KERNEL_HEADERS) -I$(topdir)/libcap/include
-
--CC := gcc
--CFLAGS := -O2 -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64
-+CC ?= gcc
-+CFLAGS ?= -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64
- BUILD_CC := $(CC)
- BUILD_CFLAGS := $(CFLAGS) $(IPATH)
--AR := ar
--RANLIB := ranlib
--DEBUG = -g #-DDEBUG
-+AR ?= ar
-+RANLIB ?= ranlib
-+DEBUG =
- WARNINGS=-Wall -Wwrite-strings \
- -Wpointer-arith -Wcast-qual -Wcast-align \
- -Wstrict-prototypes -Wmissing-prototypes \
- -Wnested-externs -Winline -Wshadow
--LD=$(CC) -Wl,-x -shared
--LDFLAGS := #-g
-+LD=$(CC) -shared
-+LDFLAGS ?= #-g
-
- SYSTEM_HEADERS = /usr/include
- INCS=$(topdir)/libcap/include/sys/capability.h
- LDFLAGS += -L$(topdir)/libcap
- CFLAGS += -Dlinux $(WARNINGS) $(DEBUG)
--PAM_CAP := $(shell if [ -f /usr/include/security/pam_modules.h ]; then echo yes ; else echo no ; fi)
-+PAM_CAP := no
- INDENT := $(shell if [ -n "$(which indent 2>/dev/null)" ]; then echo "| indent -kr" ; fi)
- DYNAMIC := $(shell if [ ! -d "$(topdir)/.git" ]; then echo yes; fi)
--LIBATTR := yes
-+LIBATTR := no
-
- # When installing setcap, set its inheritable bit to be able to place
- # capabilities on files. It can be used in conjunction with pam_cap
diff --git a/package/libcap/patches/patch-Makefile b/package/libcap/patches/patch-Makefile
index 8e2f8415b..51603e650 100644
--- a/package/libcap/patches/patch-Makefile
+++ b/package/libcap/patches/patch-Makefile
@@ -1,25 +1,14 @@
---- libcap-2.24.orig/Makefile 2013-12-27 19:17:17.000000000 +0100
-+++ libcap-2.24/Makefile 2015-02-26 20:36:58.000000000 +0100
-@@ -16,6 +16,22 @@ endif
+--- libcap-2.25.orig/Makefile 2014-05-31 22:11:05.000000000 +0200
++++ libcap-2.25/Makefile 2016-09-23 10:32:34.156211429 +0200
+@@ -10,11 +10,7 @@ include Make.Rules
+
+ all install clean: %: %-here
+ $(MAKE) -C libcap $@
+-ifneq ($(PAM_CAP),no)
+- $(MAKE) -C pam_cap $@
+-endif
$(MAKE) -C progs $@
- $(MAKE) -C doc $@
+- $(MAKE) -C doc $@
-+progs:
-+ $(MAKE) -C progs all
-+
-+shared:
-+ $(MAKE) -C libcap shared
-+
-+static:
-+ $(MAKE) -C libcap static
-+
-+install-shared:
-+ $(MAKE) -C libcap install-shared
-+
-+install-static:
-+ $(MAKE) -C libcap install-static
-+
-+
all-here:
- install-here:
diff --git a/package/libcap/patches/patch-libcap_Makefile b/package/libcap/patches/patch-libcap_Makefile
index cf7703a43..5b1823e64 100644
--- a/package/libcap/patches/patch-libcap_Makefile
+++ b/package/libcap/patches/patch-libcap_Makefile
@@ -1,42 +1,10 @@
---- libcap-2.24.orig/libcap/Makefile 2014-01-06 01:55:03.000000000 +0100
-+++ libcap-2.24/libcap/Makefile 2015-02-26 20:34:47.000000000 +0100
-@@ -28,6 +28,9 @@ GPERF_OUTPUT = _caps_output.gperf
-
- all: $(MINLIBNAME) $(STALIBNAME) libcap.pc
-
-+static: $(STALIBNAME)
-+shared: $(MINLIBNAME)
-+
- ifeq ($(shell gperf --version > /dev/null 2>&1 && echo yes),yes)
- USE_GPERF_OUTPUT = $(GPERF_OUTPUT)
- INCLUDE_GPERF_OUTPUT = -include $(GPERF_OUTPUT)
-@@ -43,7 +46,7 @@ libcap.pc: libcap.pc.in
- $< >$@
-
- _makenames: _makenames.c cap_names.list.h
-- $(BUILD_CC) $(BUILD_CFLAGS) $< -o $@
-+ $(CC_FOR_BUILD) $(CPPFLAGS_FOR_BUILD) $(CFLAGS_FOR_BUILD) $< -o $@
-
- cap_names.h: _makenames
- ./_makenames > cap_names.h
-@@ -70,6 +73,20 @@ $(MINLIBNAME): $(OBJS)
- cap_text.o: cap_text.c $(USE_GPERF_OUTPUT) $(INCLS)
- $(CC) $(CFLAGS) $(IPATH) $(INCLUDE_GPERF_OUTPUT) -c $< -o $@
-
-+install-shared: install-headers
-+ mkdir -p -m 0755 $(LIBDIR)
-+ install -m 0644 $(MINLIBNAME) $(LIBDIR)/$(MINLIBNAME)
-+ ln -sf $(MINLIBNAME) $(LIBDIR)/$(MAJLIBNAME)
-+ ln -sf $(MAJLIBNAME) $(LIBDIR)/$(LIBNAME)
-+
-+install-static: install-headers
-+ mkdir -p -m 0755 $(LIBDIR)
-+ install -m 0644 $(STALIBNAME) $(LIBDIR)/$(STALIBNAME)
-+
-+install-headers:
-+ mkdir -p -m 0755 $(INCDIR)/sys
-+ install -m 0644 include/sys/capability.h $(INCDIR)/sys
-+
+--- libcap-2.25.orig/libcap/Makefile 2016-01-31 01:01:41.000000000 +0100
++++ libcap-2.25/libcap/Makefile 2016-09-23 10:34:12.564023450 +0200
+@@ -65,7 +65,6 @@ cap_text.o: cap_text.c $(USE_GPERF_OUTPU
install: all
- mkdir -p -m 0755 $(INCDIR)/sys
- install -m 0644 include/sys/capability.h $(INCDIR)/sys
+ mkdir -p -m 0755 $(FAKEROOT)$(INCDIR)/sys
+ install -m 0644 include/sys/capability.h $(FAKEROOT)$(INCDIR)/sys
+- mkdir -p -m 0755 $(FAKEROOT)$(LIBDIR)
+ install -m 0644 $(STALIBNAME) $(FAKEROOT)$(LIBDIR)/$(STALIBNAME)
+ install -m 0644 $(MINLIBNAME) $(FAKEROOT)$(LIBDIR)/$(MINLIBNAME)
+ ln -sf $(MINLIBNAME) $(FAKEROOT)$(LIBDIR)/$(MAJLIBNAME)
diff --git a/package/libcap/patches/patch-progs_Makefile b/package/libcap/patches/patch-progs_Makefile
new file mode 100644
index 000000000..c13d1ddd8
--- /dev/null
+++ b/package/libcap/patches/patch-progs_Makefile
@@ -0,0 +1,12 @@
+--- libcap-2.25.orig/progs/Makefile 2016-01-31 01:01:41.000000000 +0100
++++ libcap-2.25/progs/Makefile 2016-09-23 10:37:55.480689559 +0200
+@@ -26,9 +26,6 @@ install: all
+ for p in $(PROGS) ; do \
+ install -m 0755 $$p $(FAKEROOT)$(SBINDIR) ; \
+ done
+-ifeq ($(RAISE_SETFCAP),yes)
+- $(FAKEROOT)$(SBINDIR)/setcap cap_setfcap=i $(FAKEROOT)$(SBINDIR)/setcap
+-endif
+
+ clean:
+ $(LOCALCLEAN)
diff --git a/package/xorg-server/files/xorg-server.perm b/package/xorg-server/files/xorg-server.perm
new file mode 100644
index 000000000..8a12248a9
--- /dev/null
+++ b/package/xorg-server/files/xorg-server.perm
@@ -0,0 +1 @@
+chmod u+s usr/bin/Xorg
diff --git a/target/config/Config.in.runtime b/target/config/Config.in.runtime
index c9b488360..901718de7 100644
--- a/target/config/Config.in.runtime
+++ b/target/config/Config.in.runtime
@@ -51,6 +51,13 @@ config ADK_RUNTIME_DEV_STATIC
endchoice
+config ADK_RUNTIME_FIX_PERMISSION
+ bool "Fix permissions for target files (suid bit, ..)"
+ select ADK_HOST_BUILD_FAKEROOT
+ help
+ Use fakeroot to fix permissions for target dir before image
+ creation.
+
config ADK_RUNTIME_SSH_PUBKEY
string "SSH public key (root user only)"
depends on ADK_PACKAGE_OPENSSH_SERVER || ADK_PACKAGE_DROPBEAR
diff --git a/target/config/Config.in.tools b/target/config/Config.in.tools
index 81913f0f1..b01becf42 100644
--- a/target/config/Config.in.tools
+++ b/target/config/Config.in.tools
@@ -23,6 +23,10 @@ config ADK_HOST_BUILD_BISON
bool
default y
+config ADK_HOST_BUILD_FAKEROOT
+ bool
+ default n
+
config ADK_HOST_BUILD_FLEX
bool
default y