NetBSD-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: misc/58196: [RB] Install ISO images leak local user/group information
The following reply was made to PR misc/58196; it has been noted by GNATS.
From: Jan-Benedict Glaw <jbglaw%lug-owl.de@localhost>
To: gnats-bugs%netbsd.org@localhost
Cc: misc-bug-people%netbsd.org@localhost, gnats-admin%netbsd.org@localhost,
netbsd-bugs%netbsd.org@localhost
Subject: Re: misc/58196: [RB] Install ISO images leak local user/group
information
Date: Fri, 3 May 2024 21:03:30 +0200
--ni93GHxFvA+th69W
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Fri, 2024-05-03 16:20:02 +0000, Christos Zoulas <christos%zoulas.com@localhost> wr=
ote:
> I think that the simplest way to fix this is to always pass -N
> ${DESTDIR}/etc to the makefs invocation so that it uses the
> appropriate group and master.passwd files.
The install ISOs seem to be generated from
[src]/distrib/common/Makefile.image ; its `makefs` call already has
"-N ${NETBSDSRCDIR}/etc".
For example:
root@lili:/var/cache/laminar# ./compare_tarballs.sh {,n}netbsd-arc-mipsel-r=
el.tar.gz=20
--- /tmp/tmp.LOzRMiQmXe 2024-05-03 20:53:41.848137167 +0200
+++ /tmp/tmp.jgng3HwfMC 2024-05-03 20:53:43.719990220 +0200
@@ -23,4 +23,4 @@
86ddeb6da8b49b6745ef58d991f737be ./release-arc-mipsel/arc/INSTALL.more
c510fdb48ce5a5fbc521e5870d41ede0 ./release-arc-mipsel/arc/INSTALL.ps
b30b0c47e2b8dda815c3916e4dedd3ef ./release-arc-mipsel/arc/INSTALL.txt
-90a3d5e451d1f480c97d642b87505283 ./release-arc-mipsel/images/NetBSD-10.99=
=2E10-arc.iso
+7ae7f6c75e9e0e3ebcfa3f285b972369 ./release-arc-mipsel/images/NetBSD-10.99=
=2E10-arc.iso
(...comparing an arc/mipsel build, Linux left, NetBSD right.)
Differences in the ISO image are like this:
-0000a130: 0000 0003 e603 0000 0000 03e6 e603 0000 ................
+0000a130: 0000 0003 0000 0000 0000 0000 e603 0000 ................
(several others as well)
0x03e6 =3D 998, which is the UID/GIT the Linux (Docker) based builds are
running as. From looking at the code, I think that it's just keeping
numeric owner information from a stat/lstat call IFF there isn't an
override in the manifest. I don't think it's resolving names, esp. not
for UID numbers like 998 which are just from the building user, with
IMHO no additional code mapping any non-zero UID to zero (or any
specific other value.) I can give a different -N a try, but I doubt
it'll fix the issue.
MfG, JBG
--=20
--ni93GHxFvA+th69W
Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iF0EABECAB0WIQQlDTvPcScNjKREqWEdvV51g5nhuwUCZjU0/wAKCRAdvV51g5nh
u3nXAJwOhUS4VlhaPLkt6t9Gm/13H53fwgCcC/etn6SlleANmgxzc6ytr0afoiE=
=UZSW
-----END PGP SIGNATURE-----
--ni93GHxFvA+th69W--
Home |
Main Index |
Thread Index |
Old Index