lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20190307190530.GA25561@cello>
Date:   Thu, 7 Mar 2019 22:05:30 +0300
From:   Arseny Maslennikov <ar@...msu.ru>
To:     Masahiro Yamada <yamada.masahiro@...ionext.com>
Cc:     Michal Marek <michal.lkml@...kovi.net>,
        Linux Kbuild mailing list <linux-kbuild@...r.kernel.org>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        Riku Voipio <riku.voipio@...aro.org>
Subject: Re: [PATCH] scripts/package/Makefile: put proper config in source
 tarball

On Fri, Mar 08, 2019 at 12:32:11AM +0900, Masahiro Yamada wrote:
> On Fri, Feb 22, 2019 at 7:19 AM Arseny Maslennikov <ar@...msu.ru> wrote:
> >
> > It is widely known that one can build a kernel without a .config in the
> > source tree
> 
> "without a .config in the source file"  means
> KCONFIG_CONFIG will probably contain '..' or absolute path.
> 
> 
> 
> ex1)  KCONFIG_CONFIG=../my_dir/.config
> 
> ex2)  KCONFIG_CONFIG=/absolute/pass/to/my/.config
> 

Hmm, I did not consider that; my bad, sorry.

> 
> 
> 
> 
> > by setting KCONFIG_CONFIG equal to the actual configuration
> > file path.
> >
> > When making a *-pkg target, make(1) prepares a source tarball and tries
> > to pack `.config' in there regardless of the value of KCONFIG_CONFIG,
> > failing spectacularly if .config is absent and packing the wrong config
> > if it exists.
> > Let's fix that.
> 
> 
> Did you notice the log 'Removing leading ...' from tar
> for case ex1), ex2) ?
> 
> 
> masahiro@...ver:~/ref/linux$ make -j8  KCONFIG_CONFIG=../.config  deb-pkg
> make clean
> /bin/bash ./scripts/package/mkdebian
>   TAR     linux-5.0.0+.tar.gz
> tar: Removing leading `../' from member names

Yes, I know tar does that. I mostly use KCONFIG_CONFIG with a bunch of
config files in the source tree, so did not experience this while making
sure the change makes sense.

>    ...
> 
> 
> Even if I apply 3/3, it will produce a broken source package
> since the tar will rip off the leading directory path,
> then it mismatches to KCONFIG_CONFIG recorded in debian/rules.
> 
> A simple case like KCONFIG_CONFIG=my.config will work,
> but I am not convinced with 3/3.
> 

So instead of this one and 3/3 we could ensure the source tarball
contains a .config equal to the contents of KCONFIG_CONFIG provided to
make(1), so the source package is fixed and its users are not confused.

If the following is ok, I'll send a v2.
A quick look at the generated orig tarball tells me it ought to work
well.

Something like this:

diff --git a/scripts/package/Makefile b/scripts/package/Makefile
index 100a0d28ad25..8530fe267a76 100644
--- a/scripts/package/Makefile
+++ b/scripts/package/Makefile
@@ -44,6 +44,7 @@ if test "$(objtree)" != "$(srctree)"; then \
 fi ; \
 $(srctree)/scripts/setlocalversion --save-scmversion; \
 tar -cz $(RCS_TAR_IGNORE) -f $(2).tar.gz \
+	--absolute-names --transform 's:^$(KCONFIG_CONFIG):.config:S' \
 	--transform 's:^:$(2)/:S' $(TAR_CONTENT) $(3); \
 rm -f $(objtree)/.scmversion
 

Download attachment "signature.asc" of type "application/pgp-signature" (834 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ