FS#58473 - archiso - umask 0077 on build machine causes permission denied in the iso on any binary execution.
Attached to Project:
Release Engineering
Opened by Anton Hvornum (Torxed) - Sunday, 06 May 2018, 11:06 GMT
Last edited by Gerardo Exequiel Pozzi (djgera) - Saturday, 23 June 2018, 22:50 GMT
Opened by Anton Hvornum (Torxed) - Sunday, 06 May 2018, 11:06 GMT
Last edited by Gerardo Exequiel Pozzi (djgera) - Saturday, 23 June 2018, 22:50 GMT
|
Details
If the machine building the iso has a umask of 0077,
when modifying customize_rootfs.sh (from config/releng) and adding any binary execution (whomai for instance, anywhere in the .sh file) - the execution will return with: permission denied: /bin/bash The only way to correct this is to (in customize_rootfs.sh) add: chmod 755 / Among other folders, in order to regain execution privileges from within customize_rootfs.sh. The default chmod is 0022 on a default arch machine, but any "hardening" will mess up the archiso build. I'm aware that this script was built and tested on a default arch install, and maybe it adds to much complexity to the build script taking care of all the odd edge cases that people set up on their own. But perhaps a second chmod on the airootfs file structure isn't a bad idea? |
This task depends upon
Closed by Gerardo Exequiel Pozzi (djgera)
Saturday, 23 June 2018, 22:50 GMT
Reason for closing: Fixed
Additional comments about closing: v35
Saturday, 23 June 2018, 22:50 GMT
Reason for closing: Fixed
Additional comments about closing: v35
Temporary set `umask 0022` throughout the execution of archiso build scripts?
Instead of chmod on the file structure, since there might be a lot of places along the way that touches the filesystem and potentially changes it for the worse again.
umask is supposed to affect the operation of the system in question, not things which are built on the system but used elsewhere.
https://git.archlinux.org/pacman.git/tree/scripts/makepkg.sh.in?h=v5.0.2#n1776
100% agree. Good point!. I will add such change. Thanks.