diff options
author | Michael Olbrich <m.olbrich@pengutronix.de> | 2020-03-27 08:40:04 +0100 |
---|---|---|
committer | Michael Olbrich <m.olbrich@pengutronix.de> | 2020-03-27 08:40:04 +0100 |
commit | d18c4893b47855780cbcb2d98ad714ae90f0ecb8 (patch) | |
tree | f0d588933bf51f97dfd3d9e404fc7ec22e0d9cdb /scripts | |
parent | 9f43d872553694f8221745890a067b197b312c83 (diff) | |
download | ptxdist-d18c4893b47855780cbcb2d98ad714ae90f0ecb8.tar.gz ptxdist-d18c4893b47855780cbcb2d98ad714ae90f0ecb8.tar.xz |
ptxd_make_xpkg_pkg: generate permission metadata files
Introduce a new option to generate permission metadata files.
The format of the files is defined by qemu: For each file or directory, an
additional file .virtfs_metadata/<filename> is created. It contains the
real ownership, permissions and information on special files (device nodes,
sockets, fifos).
With this extra data, qemu can use the nfsroot as a 9p filesystem and the
option 'security_model=mapped-file' to provide the correct ownership,
permissions etc. to the guest system.
The NFS server run by 'ptxdist nfsroot' will also use this data. This has
some advantages over the current fakeroot + permission fixup:
- A running fakeroot often gets confused if the underlying files are
changed. As a result, the wrong type or permissions may be used.
Handling everything inside the NFS server avoids this problem.
- The metadata of newly created files are preserved across NFS server
restarts.
- The NFS server starts faster because it is not necessary to change the
permissions of all files first
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
Diffstat (limited to 'scripts')
-rw-r--r-- | scripts/lib/ptxd_make_nfsd.sh | 14 | ||||
-rw-r--r-- | scripts/lib/ptxd_make_xpkg_pkg.sh | 96 |
2 files changed, 97 insertions, 13 deletions
diff --git a/scripts/lib/ptxd_make_nfsd.sh b/scripts/lib/ptxd_make_nfsd.sh index 4a68dcb0b..5e5a841ec 100644 --- a/scripts/lib/ptxd_make_nfsd.sh +++ b/scripts/lib/ptxd_make_nfsd.sh @@ -25,7 +25,7 @@ ptxd_make_nfsd_exec() { echo echo "/ ${client_specifications}" > "${PTXDIST_TEMPDIR}/exports" && - UNFS_BASE="${base}" unfsd -e "${PTXDIST_TEMPDIR}/exports" -n ${port} -m ${port} -p -d + UNFS_BASE="${base}" unfsd -e "${PTXDIST_TEMPDIR}/exports" -n ${port} -m ${port} -p -d "${@}" } export -f ptxd_make_nfsd_exec @@ -34,10 +34,14 @@ ptxd_make_nfsd() { ptxd_get_ipkg_files ${image_pkgs_selected_target} && cd "${ptx_nfsroot}" && - { - ptxd_dopermissions "${ptxd_reply_perm_files[@]}" - echo ptxd_make_nfsd_exec - } | fakeroot -- + if [ "${PTXCONF_SETUP_NFS_VIRTFS}" = "y" ]; then + ptxd_make_nfsd_exec -V + else + { + ptxd_dopermissions "${ptxd_reply_perm_files[@]}" + echo ptxd_make_nfsd_exec + } | fakeroot -- + fi } export -f ptxd_make_nfsd diff --git a/scripts/lib/ptxd_make_xpkg_pkg.sh b/scripts/lib/ptxd_make_xpkg_pkg.sh index dac202271..c5332002f 100644 --- a/scripts/lib/ptxd_make_xpkg_pkg.sh +++ b/scripts/lib/ptxd_make_xpkg_pkg.sh @@ -224,8 +224,73 @@ ptxd_install_setup_src() { } export -f ptxd_install_setup_src -ptxd_install_dir() { +ptxd_install_virtfs() { + local mod_virtfs="$(( 0${mod} | ${mod_type} ))" + local d dir + + if [ "${PTXCONF_SETUP_NFS_VIRTFS}" != "y" ]; then + return + fi + + for d in "${ndirs[@]/%/${dst}}"; do + dir="$(dirname "${d}")/.virtfs_metadata" && + mkdir -p "${dir}" && + cat <<- EOF > "${dir}/$(basename "${d}")" + virtfs.uid=${usr} + virtfs.gid=${grp} + virtfs.mode=${mod_virtfs} + EOF + if [ -n "${major}" -a -n "${minor}" ]; then + local rdev=$[ ${major} << 8 | ${minor} ] && + echo "virtfs.rdev=${rdev}" >> "${dir}/$(basename "${d}")" + fi || break + done +} +export -f ptxd_install_virtfs + +ptxd_install_dir_impl() { local sep="$(echo -e "\x1F")" + local mod_type=0040000 + + if [ "${dst}" != "/" ]; then + ptxd_ensure_dir "$(dirname "${dst}")" + fi && + + install -m "${mod_nfs}" -d "${ndirs[@]/%/${dst}}" && + install -m "${mod}" -o "${usr}" -g "${grp}" -d "${pdirs[@]/%/${dst}}" && + + ptxd_install_virtfs && + + echo "f${sep}${dst}${sep}${usr}${sep}${grp}${sep}${mod}" >> "${pkg_xpkg_perms}" +} +export -f ptxd_install_dir_impl + +ptxd_ensure_dir() { + local dst="$1" + local usr="0" + local grp="0" + local mod="0755" + local mod_nfs mod_rw + local dir + local no_skip + + ptxd_install_setup && + for dir in "${ndirs[@]/%/${dst}}"; do + if [ ! -d "${dir}" -o ! -e "$(dirname "${dir}")/.virtfs_metadata/$(basename "${dir}")" ]; then + no_skip=1 + break + fi + done + if [ "${no_skip}" != 1 ]; then + # just create the rest and continue if virtfs data already exists + install -d "${dirs[@]/%/${dst}}" && + return + fi && + ptxd_install_dir_impl +} +export -f ptxd_ensure_dir + +ptxd_install_dir() { local dst="$1" local usr="$2" local grp="$3" @@ -241,10 +306,7 @@ install directory: permissions=${mod} " && - install -m "${mod_nfs}" -d "${ndirs[@]/%/${dst}}" && - install -m "${mod}" -o "${usr}" -g "${grp}" -d "${pdirs[@]/%/${dst}}" && - - echo "f${sep}${dst}${sep}${usr}${sep}${grp}${sep}${mod}" >> "${pkg_xpkg_perms}" || + ptxd_install_dir_impl || ptxd_install_error "install_dir failed!" } export -f ptxd_install_dir @@ -348,6 +410,7 @@ ptxd_install_file_impl() { local grp="$4" local mod="$5" local strip="$6" + local mod_type=0100000 local mod_nfs mod_rw local gdb_src @@ -384,6 +447,8 @@ install ${cmd}: fi fi && + ptxd_ensure_dir "$(dirname "${dst}")" && + case "${strip}" in 0|n|no|N|NO) for d in "${dirs[@]/%/${dst}}"; do @@ -425,6 +490,8 @@ Usually, just remove the 6th parameter and everything works fine. # now change to requested user and group chown "${usr}:${grp}" "${pdirs[@]/%/${dst}}" && + ptxd_install_virtfs && + echo "f${sep}${dst}${sep}${usr}${sep}${grp}${sep}${mod}" >> "${pkg_xpkg_perms}" } export -f ptxd_install_file_impl @@ -434,6 +501,8 @@ ptxd_install_ln() { local dst="$2" local usr="${3:-0}" local grp="${4:-0}" + local mod="0777" + local mod_type=0120000 local mod_nfs mod_rw rel ptxd_install_setup && @@ -453,7 +522,7 @@ install link: esac && rm -f "${dirs[@]/%/${dst}}" && - install -d "${dirs[@]/%/$(dirname "${dst}")}" && + ptxd_ensure_dir "$(dirname "${dst}")" && for d in "${ndirs[@]/%/${dst}}"; do ln -s "${rel}${src}" "${d}" || return done && @@ -461,6 +530,8 @@ install link: ln -s "${src}" "${d}" || return done && + ptxd_install_virtfs + chown --no-dereference "${usr}:${grp}" "${dirs[@]/%/${dst}}" } export -f ptxd_install_ln @@ -474,7 +545,13 @@ ptxd_install_mknod() { local type="$5" local major="$6" local minor="$7" - local mod_nfs mod_rw + local mod_nfs mod_rw mod_type + + case "${type}" in + c) mod_type=0020000 ;; + b) mod_type=0060000 ;; + p) mod_type=0010000 ;; + esac && ptxd_install_setup && echo "\ @@ -489,12 +566,15 @@ install device node: " && rm -f "${pdirs[@]/%/${dst}}" && - install -d "${dirs[@]/%/$(dirname "${dst}")}" && + ptxd_ensure_dir "$(dirname "${dst}")" && for d in "${pdirs[@]/%/${dst}}"; do mknod -m "${mod}" "${d}" "${type}" ${major} ${minor} || return done && + touch "${ndirs[@]/%/${dst}}" && chown "${usr}:${grp}" "${pdirs[@]/%/${dst}}" && + ptxd_install_virtfs && + echo "n${sep}${dst}${sep}${usr}${sep}${grp}${sep}${mod}${sep}${type}${sep}${major}${sep}${minor}" >> "${pkg_xpkg_perms}" } export -f ptxd_install_mknod |