diff mbox series

[2/4] classes/package_rpm: write file permissions and ownership explicitly into .spec

Message ID 20240118102409.2680941-2-alex@linutronix.de
State New
Headers show
Series [1/4] oeqa/runtime/rpm: raise exception if test rpm file cannot be found | expand

Commit Message

Alexander Kanavin Jan. 18, 2024, 10:24 a.m. UTC 
Per https://github.com/rpm-software-management/rpm/commit/77d3529c31ca090a40b8d3959a0bcdd721a556d6
rpm 4.19.1+ will not consider actual filesystem permissions and ownership, and will quietly default
to root if not expictly set otherwise in .spec file.

Signed-off-by: Alexander Kanavin <alex@linutronix.de>
---
 meta/classes-global/package_rpm.bbclass | 24 ++++++++++++++++++------
 1 file changed, 18 insertions(+), 6 deletions(-)

Comments

Alexandre Belloni Jan. 19, 2024, 10:01 a.m. UTC | #1 
I got this failure:

https://autobuilder.yoctoproject.org/typhoon/#/builders/44/builds/8493/steps/23/logs/stdio

On 18/01/2024 11:24:07+0100, Alexander Kanavin wrote:
> Per https://github.com/rpm-software-management/rpm/commit/77d3529c31ca090a40b8d3959a0bcdd721a556d6
> rpm 4.19.1+ will not consider actual filesystem permissions and ownership, and will quietly default
> to root if not expictly set otherwise in .spec file.
> 
> Signed-off-by: Alexander Kanavin <alex@linutronix.de>
> ---
>  meta/classes-global/package_rpm.bbclass | 24 ++++++++++++++++++------
>  1 file changed, 18 insertions(+), 6 deletions(-)
> 
> diff --git a/meta/classes-global/package_rpm.bbclass b/meta/classes-global/package_rpm.bbclass
> index 2fc18fe98c1..09cc7d62681 100644
> --- a/meta/classes-global/package_rpm.bbclass
> +++ b/meta/classes-global/package_rpm.bbclass
> @@ -103,6 +103,7 @@ def write_rpm_perfiledata(srcname, d):
>  
>  python write_specfile () {
>      import oe.packagedata
> +    import os,pwd,grp,stat
>  
>      # append information for logs and patches to %prep
>      def add_prep(d, spec_files_bottom):
> @@ -198,6 +199,13 @@ python write_specfile () {
>          # of the walk, the isdir() test would then fail and the walk code would assume its a file
>          # hence we check for the names in files too.
>          for rootpath, dirs, files in os.walk(walkpath):
> +            def get_attr(path):
> +                stat_f = os.stat(rootpath + "/" + path, follow_symlinks=False)
> +                mode = stat.S_IMODE(stat_f.st_mode)
> +                owner = pwd.getpwuid(stat_f.st_uid).pw_name
> +                group = grp.getgrgid(stat_f.st_gid).gr_name
> +                return "%attr({:o},{},{}) ".format(mode, owner, group)
> +
>              path = rootpath.replace(walkpath, "")
>              if path.endswith("DEBIAN") or path.endswith("CONTROL"):
>                  continue
> @@ -221,24 +229,28 @@ python write_specfile () {
>                      if dir == "CONTROL" or dir == "DEBIAN":
>                          continue
>                      dir = dir.replace("%", "%%%%%%%%")
> +                    p = path + '/' + dir
>                      # All packages own the directories their files are in...
> -                    target.append('%dir "' + path + '/' + dir + '"')
> +                    target.append(get_attr(dir) + '%dir "' + p + '"')
>              else:
>                  # packages own only empty directories or explict directory.
>                  # This will prevent the overlapping of security permission.
> +                attr = get_attr(path)
>                  if path and not files and not dirs:
> -                    target.append('%dir "' + path + '"')
> +                    target.append(attr + '%dir "' + path + '"')
>                  elif path and path in dirfiles:
> -                    target.append('%dir "' + path + '"')
> +                    target.append(attr + '%dir "' + path + '"')
>  
>              for file in files:
>                  if file == "CONTROL" or file == "DEBIAN":
>                      continue
>                  file = file.replace("%", "%%%%%%%%")
> -                if conffiles.count(path + '/' + file):
> -                    target.append('%config "' + path + '/' + file + '"')
> +                attr = get_attr(file)
> +                p = path + '/' + file
> +                if conffiles.count(p):
> +                    target.append(attr + '%config "' + p + '"')
>                  else:
> -                    target.append('"' + path + '/' + file + '"')
> +                    target.append(attr + '"' + p + '"')
>  
>      # Prevent the prerm/postrm scripts from being run during an upgrade
>      def wrap_uninstall(scriptvar):
> -- 
> 2.39.2
> 

> 
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#193970): https://lists.openembedded.org/g/openembedded-core/message/193970
> Mute This Topic: https://lists.openembedded.org/mt/103805482/3617179
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [alexandre.belloni@bootlin.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
diff mbox series

Patch

diff --git a/meta/classes-global/package_rpm.bbclass b/meta/classes-global/package_rpm.bbclass
index 2fc18fe98c1..09cc7d62681 100644
--- a/meta/classes-global/package_rpm.bbclass
+++ b/meta/classes-global/package_rpm.bbclass
@@ -103,6 +103,7 @@  def write_rpm_perfiledata(srcname, d):
 
 python write_specfile () {
     import oe.packagedata
+    import os,pwd,grp,stat
 
     # append information for logs and patches to %prep
     def add_prep(d, spec_files_bottom):
@@ -198,6 +199,13 @@  python write_specfile () {
         # of the walk, the isdir() test would then fail and the walk code would assume its a file
         # hence we check for the names in files too.
         for rootpath, dirs, files in os.walk(walkpath):
+            def get_attr(path):
+                stat_f = os.stat(rootpath + "/" + path, follow_symlinks=False)
+                mode = stat.S_IMODE(stat_f.st_mode)
+                owner = pwd.getpwuid(stat_f.st_uid).pw_name
+                group = grp.getgrgid(stat_f.st_gid).gr_name
+                return "%attr({:o},{},{}) ".format(mode, owner, group)
+
             path = rootpath.replace(walkpath, "")
             if path.endswith("DEBIAN") or path.endswith("CONTROL"):
                 continue
@@ -221,24 +229,28 @@  python write_specfile () {
                     if dir == "CONTROL" or dir == "DEBIAN":
                         continue
                     dir = dir.replace("%", "%%%%%%%%")
+                    p = path + '/' + dir
                     # All packages own the directories their files are in...
-                    target.append('%dir "' + path + '/' + dir + '"')
+                    target.append(get_attr(dir) + '%dir "' + p + '"')
             else:
                 # packages own only empty directories or explict directory.
                 # This will prevent the overlapping of security permission.
+                attr = get_attr(path)
                 if path and not files and not dirs:
-                    target.append('%dir "' + path + '"')
+                    target.append(attr + '%dir "' + path + '"')
                 elif path and path in dirfiles:
-                    target.append('%dir "' + path + '"')
+                    target.append(attr + '%dir "' + path + '"')
 
             for file in files:
                 if file == "CONTROL" or file == "DEBIAN":
                     continue
                 file = file.replace("%", "%%%%%%%%")
-                if conffiles.count(path + '/' + file):
-                    target.append('%config "' + path + '/' + file + '"')
+                attr = get_attr(file)
+                p = path + '/' + file
+                if conffiles.count(p):
+                    target.append(attr + '%config "' + p + '"')
                 else:
-                    target.append('"' + path + '/' + file + '"')
+                    target.append(attr + '"' + p + '"')
 
     # Prevent the prerm/postrm scripts from being run during an upgrade
     def wrap_uninstall(scriptvar):