lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20190307190849.GB25561@cello>
Date:   Thu, 7 Mar 2019 22:08:49 +0300
From:   Arseny Maslennikov <ar@...msu.ru>
To:     Masahiro Yamada <yamada.masahiro@...ionext.com>
Cc:     Michal Marek <michal.lkml@...kovi.net>,
        Linux Kbuild mailing list <linux-kbuild@...r.kernel.org>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        Riku Voipio <riku.voipio@...aro.org>
Subject: Re: [PATCH] scripts/package/Makefile: put proper config in source
 tarball

On Thu, Mar 07, 2019 at 10:05:30PM +0300, Arseny Maslennikov wrote:
> On Fri, Mar 08, 2019 at 12:32:11AM +0900, Masahiro Yamada wrote:
> > On Fri, Feb 22, 2019 at 7:19 AM Arseny Maslennikov <ar@...msu.ru> wrote:
> > >
> > > It is widely known that one can build a kernel without a .config in the
> > > source tree
> > 
> > "without a .config in the source file"  means
> > KCONFIG_CONFIG will probably contain '..' or absolute path.
> > 
> > 
> > 
> > ex1)  KCONFIG_CONFIG=../my_dir/.config
> > 
> > ex2)  KCONFIG_CONFIG=/absolute/pass/to/my/.config
> > 
> 
> Hmm, I did not consider that; my bad, sorry.
> 
> > 
> > 
> > 
> > 
> > > by setting KCONFIG_CONFIG equal to the actual configuration
> > > file path.
> > >
> > > When making a *-pkg target, make(1) prepares a source tarball and tries
> > > to pack `.config' in there regardless of the value of KCONFIG_CONFIG,
> > > failing spectacularly if .config is absent and packing the wrong config
> > > if it exists.
> > > Let's fix that.
> > 
> > 
> > Did you notice the log 'Removing leading ...' from tar
> > for case ex1), ex2) ?
> > 
> > 
> > masahiro@...ver:~/ref/linux$ make -j8  KCONFIG_CONFIG=../.config  deb-pkg
> > make clean
> > /bin/bash ./scripts/package/mkdebian
> >   TAR     linux-5.0.0+.tar.gz
> > tar: Removing leading `../' from member names
> 
> Yes, I know tar does that. I mostly use KCONFIG_CONFIG with a bunch of
> config files in the source tree, so did not experience this while making
> sure the change makes sense.
> 
> >    ...
> > 
> > 
> > Even if I apply 3/3, it will produce a broken source package
> > since the tar will rip off the leading directory path,
> > then it mismatches to KCONFIG_CONFIG recorded in debian/rules.
> > 
> > A simple case like KCONFIG_CONFIG=my.config will work,
> > but I am not convinced with 3/3.
> > 
> 
> So instead of this one and 3/3 we could ensure the source tarball
> contains a .config equal to the contents of KCONFIG_CONFIG provided to
> make(1), so the source package is fixed and its users are not confused.
> 
> If the following is ok, I'll send a v2.
> A quick look at the generated orig tarball tells me it ought to work
> well.
> 
> Something like this:
> 
> diff --git a/scripts/package/Makefile b/scripts/package/Makefile
> index 100a0d28ad25..8530fe267a76 100644
> --- a/scripts/package/Makefile
> +++ b/scripts/package/Makefile
> @@ -44,6 +44,7 @@ if test "$(objtree)" != "$(srctree)"; then \
>  fi ; \
>  $(srctree)/scripts/setlocalversion --save-scmversion; \
>  tar -cz $(RCS_TAR_IGNORE) -f $(2).tar.gz \
> +	--absolute-names --transform 's:^$(KCONFIG_CONFIG):.config:S' \

GNU tar seems to trim the paths of archive members first and only then
consider the --transform rules, so it does not work with
KCONFIG_CONFIG=../../my.config and the likes if -P/--absolute-names is
not provided.

>  	--transform 's:^:$(2)/:S' $(TAR_CONTENT) $(3); \
>  rm -f $(objtree)/.scmversion
>  



Download attachment "signature.asc" of type "application/pgp-signature" (834 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ