diff options
author | Mark Hatle <mark.hatle@windriver.com> | 2011-06-20 10:57:49 -0500 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2011-06-30 22:51:26 +0100 |
commit | 8c720efa053f81dc8d2bb604cdbdb25de9a6efab (patch) | |
tree | 7c49543c6a65ea12c62ae18e7bdcfc595b4a1375 /meta/files | |
parent | 207a9013670560d62c793a66f01e19f4760a71a8 (diff) | |
download | openembedded-core-8c720efa053f81dc8d2bb604cdbdb25de9a6efab.tar.gz openembedded-core-8c720efa053f81dc8d2bb604cdbdb25de9a6efab.tar.bz2 openembedded-core-8c720efa053f81dc8d2bb604cdbdb25de9a6efab.zip |
classes/package.bbclass: Add fixup_perms
Add a new function that is responsible for fixing directory and file
permissions, owners and groups during the packaging process. This will fix
various issues where two packages may create the same directory and end up
with different permissions, owner and/or group.
The issue being resolved is that if two packages conflict in their ownership
of a directory, the first installed into the rootfs sets the permissions.
This leads to a least potentially non-deterministic filesystems, at worst
security defects.
The user can specify their own settings via the configuration files
specified in FILESYSTEM_PERMS_TABLES. If this is not defined, it will
fall back to loading files/fs-perms.txt from BBPATH. The format of this
file is documented within the file.
By default all of the system directories, specified in bitbake.conf, will
be fixed to be 0755, root, root.
The fs-perms.txt contains a few default entries to correct documentation,
locale, headers and debug sources. It was discovered these are often
incorrect due to being directly copied from the build user environment.
The entries needed to match the base-files package have also been added.
Also tweak a couple of warnings to provide more diagnostic information.
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
Diffstat (limited to 'meta/files')
-rw-r--r-- | meta/files/fs-perms.txt | 69 |
1 files changed, 69 insertions, 0 deletions
diff --git a/meta/files/fs-perms.txt b/meta/files/fs-perms.txt new file mode 100644 index 0000000000..f5a2b696e0 --- /dev/null +++ b/meta/files/fs-perms.txt @@ -0,0 +1,69 @@ +# This file contains a list of files and directories with known permissions. +# It is used by the packaging class to ensure that the permissions, owners and +# group of listed files and directories are in sync across the system. +# +# The format of this file +# +#<path> <mode> <uid> <gid> <walk> <fmode> <fuid> <fgid> +# +# or +# +#<path> link <target> +# +# <path>: directory path +# <mode>: mode for directory +# <uid>: uid for directory +# <gid>: gid for directory +# <walk>: recursively walk the directory? true or false +# <fmode>: if walking, new mode for files +# <fuid>: if walking, new uid for files +# <fgid>: if walking, new gid for files +# <target>: turn the directory into a symlink point to target +# +# in mode, uid or gid, a "-" means don't change any existing values +# +# /usr/src 0755 root root false - - - +# /usr/share/man 0755 root root true 0644 root root + +# Note: all standard config directories are automatically assigned "0755 root root false - - -" + +# Documentation should always be corrected +${mandir} 0755 root root true 0644 root root +${infodir} 0755 root root true 0644 root root +${docdir} 0755 root root true 0644 root root +${datadir}/gtk-doc 0755 root root true 0644 root root + +# Fixup locales +${datadir}/locale 0755 root root true 0644 root root + +# Cleanup headers +${includedir} 0755 root root true 0644 root root +${oldincludedir} 0755 root root true 0644 root root + +# Cleanup debug src +/usr/src/debug 0755 root root true 0644 root root + +# Items from base-files +# Links +${localstatedir}/cache link volatile/cache +${localstatedir}/run link volatile/run +${localstatedir}/log link volatile/log +${localstatedir}/lock link volatile/lock +${localstatedir}/tmp link volatile/tmp + +# Special permissions from base-files +# Set 1777 +/tmp 01777 root root false - - - +${localstatedir}/volatile/lock 01777 root root false - - - +${localstatedir}/volatile/tmp 01777 root root false - - - + +# Set 2775 +/home 02755 root root false - - - +${prefix}/src 02755 root root false - - - +${localstatedir}/local 02755 root root false - - - + +# Set 3755 +/srv 0755 root root false - - - + +# Set 4775 +/var/mail 02755 root root false - - - |