[04/31] package/diffutils: disable busybox diff

Message ID	20240313091412.20865-4-francois.perrad@gadz.org
State	Rejected
Headers	show Return-Path: <buildroot-bounces@buildroot.org> Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=2a00:1450:4864:20::332; helo=mail-wm1-x332.google.com; envelope-from=fperrad@gmail.com; receiver=<UNKNOWN> DMARC-Filter: OpenDMARC Filter v1.4.2 smtp1.osuosl.org 6F14C81375 From: Francois Perrad <fperrad@gmail.com> To: buildroot@busybox.net Date: Wed, 13 Mar 2024 10:13:45 +0100 Message-Id: <20240313091412.20865-4-francois.perrad@gadz.org> In-Reply-To: <20240313091412.20865-1-francois.perrad@gadz.org> References: <20240313091412.20865-1-francois.perrad@gadz.org> MIME-Version: 1.0 X-Mailman-Original-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1710321263; x=1710926063; darn=busybox.net; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=YylEX0Xlgvk2BdSAYlLHyBPY8ODBpHrVX7xVHaFNtqg=; b=a6B44uSlZQvV5J/MZRamuajOhNhZN3WxoJGSCw0r+Ei2D+/Li3uE9W6FCj7sOO92U5 aj/a8AJ9YE2TQqnG94X9hP/V7JYxtDLTx7PBWHOPQPUCrF0nmqOZd8Xb+y5yNKH/n7v+ JsnxDwtwUgaztN4hGkO0sJKjAPeQk71MOHJZmq6pKzfjw2PWBCUKjxh3F1a46cIMrWiA w6JQuq7bK++o1Lv3lIK++s5tfIpEKEyuIMrfoBC3vzELtR2IrJc9m/E2jrKJHyLzmaZD WN6XQyeQjuCsuK1VfbxNi4LkuIhhuNkY1cNwcGzfqrgo0XTpITjL5vhzIIHyGjg3OpJh OT8g== X-Mailman-Original-Authentication-Results: smtp1.osuosl.org; dmarc=pass (p=none dis=none) header.from=gmail.com X-Mailman-Original-Authentication-Results: smtp1.osuosl.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20230601 header.b=a6B44uSl Subject: [Buildroot] [PATCH 04/31] package/diffutils: disable busybox diff Precedence: list Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: buildroot-bounces@buildroot.org Sender: "buildroot" <buildroot-bounces@buildroot.org>
Series	[01/31] package/busybox: move the hush config in a fragment \| expand [01/31] package/busybox: move the hush config in a fragment [02/31] package/busybox: handle LIBFOO_BUSYBOX_CONFIG_FIXUPS [03/31] package/dcron: disable busybox crond & crontab [04/31] package/diffutils: disable busybox diff [05/31] package/dos2unix: disable busybox dos2unix & unix2dos [06/31] package/fbset: disable busybox fbset [07/31] package/findutils: disable busybox find & xargs [08/31] package/gawk: disable busybox awk [09/31] package/grep: disable busybox grep, egrep & fgrep [10/31] package/gzip: disable busybox gunzip & gzip [11/31] package/hdparm: disable busybox hdparm [12/31] package/i2c-tools: disable busybox ic2get, i2cset, i2cdump, i2cdetect & i2ctransfer [13/31] package/ifenslave: disable busybox ifenslave [14/31] package/ifplugd: disable busybox ifplugd [15/31] package/ifupdown: disable busybox ifup & ifdown [16/31] package/ipcalc: disable busybox ipcalc [17/31] package/kmod: disable busybox depmod, insmod, lsmod, modinfo, modprobe & rmmod [18/31] package/less: disable busybox less [19/31] package/lsof: disable busybox lsof [20/31] package/netcat: disable busybox netcat [21/31] package/netcat-openbsd: disable busybox netcat [22/31] package/patch: disable busybox patch [23/31] package/rsyslog: disable busybox syslogd [24/31] package/sed: disable busybox sed [25/31] package/start-stop-daemon: disable busybox start-stop-daemon [26/31] package/tar: disable busybox tar [27/31] package/tftpd: disable busybox tftpd [28/31] package/unzip: disable busybox unzip [29/31] package/wget: disable busybox wget [30/31] package/which: disable busybox which [31/31] package/whois: disable busybox whois

Message ID

20240313091412.20865-4-francois.perrad@gadz.org

State

Rejected

Headers

Received-SPF: Pass (mailfrom) identity=mailfrom;
 client-ip=2a00:1450:4864:20::332; helo=mail-wm1-x332.google.com;
 envelope-from=fperrad@gmail.com; receiver=<UNKNOWN>
DMARC-Filter: OpenDMARC Filter v1.4.2 smtp1.osuosl.org 6F14C81375
From: Francois Perrad <fperrad@gmail.com>
To: buildroot@busybox.net
Date: Wed, 13 Mar 2024 10:13:45 +0100
Message-Id: <20240313091412.20865-4-francois.perrad@gadz.org>
In-Reply-To: <20240313091412.20865-1-francois.perrad@gadz.org>
References: <20240313091412.20865-1-francois.perrad@gadz.org>
MIME-Version: 1.0
X-Mailman-Original-Authentication-Results: smtp1.osuosl.org;
 dmarc=pass (p=none dis=none)
 header.from=gmail.com
X-Mailman-Original-Authentication-Results: smtp1.osuosl.org;
 dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com
 header.a=rsa-sha256 header.s=20230601 header.b=a6B44uSl
Subject: [Buildroot] [PATCH 04/31] package/diffutils: disable busybox diff
X-BeenThere: buildroot@buildroot.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion and development of buildroot <buildroot.buildroot.org>
List-Unsubscribe: <https://lists.buildroot.org/mailman/options/buildroot>,
 <mailto:buildroot-request@buildroot.org?subject=unsubscribe>
List-Archive: <http://lists.buildroot.org/pipermail/buildroot/>
List-Post: <mailto:buildroot@buildroot.org>
List-Help: <mailto:buildroot-request@buildroot.org?subject=help>
List-Subscribe: <https://lists.buildroot.org/mailman/listinfo/buildroot>,
 <mailto:buildroot-request@buildroot.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: buildroot-bounces@buildroot.org
Sender: "buildroot" <buildroot-bounces@buildroot.org>

Series

[01/31] package/busybox: move the hush config in a fragment | expand

Comments

Arnout Vandecappelle March 15, 2024, 7:57 p.m. UTC | #1

Hi Francois,

On 13/03/2024 10:13, Francois Perrad wrote:
> Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
> ---
>   package/diffutils/diffutils.mk | 4 ++++
>   1 file changed, 4 insertions(+)
> 
> diff --git a/package/diffutils/diffutils.mk b/package/diffutils/diffutils.mk
> index 111926686..fe20a0e67 100644
> --- a/package/diffutils/diffutils.mk
> +++ b/package/diffutils/diffutils.mk
> @@ -18,4 +18,8 @@ ifeq ($(BR2_TOOLCHAIN_USES_GLIBC),y)
>   DIFFUTILS_CONF_ENV += gl_cv_func_getopt_gnu=yes
>   endif
>   
> +define DIFFUTILS_BUSYBOX_CONFIG_FIXUPS
> +	$(call KCONFIG_DISABLE_OPT,CONFIG_DIFF)

  I don't understand the point of this series. In general, there is no reason to 
disable applets from busybox just because there's a "full" alternative installed 
on the system. Usually the busybox size difference is completely negligible 
compared to the the "full" installation size. And the busybox one can still be 
useful in some cases (when called as 'busybox diff' instead of 'diff').

  If you really care about removing the redundant busybox options, you can 
easily supply a custom busybox config.

  Is there a really good reason for all this?

  Regards,
  Arnout

> +endef
> +
>   $(eval $(autotools-package))

Francois Perrad March 16, 2024, 10:59 a.m. UTC | #2

Le ven. 15 mars 2024 à 20:57, Arnout Vandecappelle via buildroot <
buildroot@buildroot.org> a écrit :

>   Hi Francois,
>
> On 13/03/2024 10:13, Francois Perrad wrote:
> > Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
> > ---
> >   package/diffutils/diffutils.mk | 4 ++++
> >   1 file changed, 4 insertions(+)
> >
> > diff --git a/package/diffutils/diffutils.mk b/package/diffutils/
> diffutils.mk
> > index 111926686..fe20a0e67 100644
> > --- a/package/diffutils/diffutils.mk
> > +++ b/package/diffutils/diffutils.mk
> > @@ -18,4 +18,8 @@ ifeq ($(BR2_TOOLCHAIN_USES_GLIBC),y)
> >   DIFFUTILS_CONF_ENV += gl_cv_func_getopt_gnu=yes
> >   endif
> >
> > +define DIFFUTILS_BUSYBOX_CONFIG_FIXUPS
> > +     $(call KCONFIG_DISABLE_OPT,CONFIG_DIFF)
>
>   I don't understand the point of this series. In general, there is no
> reason to
> disable applets from busybox just because there's a "full" alternative
> installed
> on the system. Usually the busybox size difference is completely
> negligible
> compared to the the "full" installation size. And the busybox one can
> still be
> useful in some cases (when called as 'busybox diff' instead of 'diff').
>
>   If you really care about removing the redundant busybox options, you can
> easily supply a custom busybox config.
>
>   Is there a really good reason for all this?
>
>
In fact, in this serie, the only important patches are the 2 first.

I wrote the nexts, like this one, in order to show an use case of the 2nd
patch "package/busybox: handle LIBFOO_BUSYBOX_CONFIG_FIXUPS".
But it was a bad idea.

Note that my goal is not to reducing the image size, but to reducing the
attack surface (from a cyber security point of view).

Busybox uses the Kconfig infrastructure.
Currently, it could be configured via a full custom defconfig or via
fragments.
But, I think that altering the configuration by fixups could be also useful.

Francois


>   Regards,
>   Arnout
>
> > +endef
> > +
> >   $(eval $(autotools-package))
> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot
>

Yann E. MORIN March 19, 2024, 8:55 p.m. UTC | #3

François, All,

On 2024-03-16 11:59 +0100, François Perrad spake thusly:
> Le ven. 15 mars 2024 à 20:57, Arnout Vandecappelle via buildroot <[1]
> buildroot@buildroot.org> a écrit :
>     On 13/03/2024 10:13, Francois Perrad wrote:
>     > Signed-off-by: Francois Perrad <[2]francois.perrad@gadz.org>
>     > ---
>     >   package/diffutils/[3]diffutils.mk | 4 ++++
>     >   1 file changed, 4 insertions(+)
>     >
>     > diff --git a/package/diffutils/[4]diffutils.mk b/package/diffutils/[5]
>     diffutils.mk
>     > index 111926686..fe20a0e67 100644
>     > --- a/package/diffutils/[6]diffutils.mk
>     > +++ b/package/diffutils/[7]diffutils.mk
>     > @@ -18,4 +18,8 @@ ifeq ($(BR2_TOOLCHAIN_USES_GLIBC),y)
>     >   DIFFUTILS_CONF_ENV += gl_cv_func_getopt_gnu=yes
>     >   endif
>     >   
>     > +define DIFFUTILS_BUSYBOX_CONFIG_FIXUPS
>     > +     $(call KCONFIG_DISABLE_OPT,CONFIG_DIFF)
> 
>       I don't understand the point of this series. In general, there is no
>     reason to
>     disable applets from busybox just because there's a "full" alternative
>     installed
>     on the system. Usually the busybox size difference is completely negligible
>     compared to the the "full" installation size. And the busybox one can still
>     be
>     useful in some cases (when called as 'busybox diff' instead of 'diff').
> 
>       If you really care about removing the redundant busybox options, you can
>     easily supply a custom busybox config.
> 
>       Is there a really good reason for all this?
> 
> In fact, in this serie, the only important patches are the 2 first.

I didn't understand what was so important in the first patch, so you'd
have to extend the commit log with a bit more explanations, should you
respin it later. Also, it seems totally unrelated to the rest of the
series, so it should probably be sent separately.

> I wrote the nexts, like this one, in order to show an use case of the 2nd patch
> "package/busybox: handle LIBFOO_BUSYBOX_CONFIG_FIXUPS".

As for patch 2, I see that it is modelled after the similar feature we
have for the linux kernel. It would seem reasonable to have in the first
place. However, I still fail to see what the point really is.

Indeed, for the kernel, the feature is there because packages need a
feature from the kerenl, so we want to allo them to enable it, very
seldom to disable them [0].

But for busybox, there is not need to explicitly disable options: the
install order guarantees that the full-blown variant win over the
busybox applets.

Also, as Arnout pointed out, it is still possible and interesting to
keep the applets in busybox even when the ful-blown variant is enabled.
Indeed, it is possible to build an initramfs that only contains busybox,
which applets are used until the final root is mounted and swithroot-ed
into.

So, we do not ned a feature to _disable_ options in Busybox.

Now, on the other side of the coin, do we need a feature that allows
packages to _enable_ options in Busybox? Unlike the kernel, it is
possible to have a generic Busybox configuration that works "almost
everywhere" (well, two: one for MMU, one for noMMU). So that's the path
we have chosen in Buildroot: we cary those two configs, and there is no
reason to automatically tweak those; a concerned user will have to
provide their own, tailored to their particular use-case.

> Note that my goal is not to reducing the image size, but to reducing the attack
> surface (from a cyber security point of view).

Although I do laud the effort, this goes against the points mentioned
above. A user who wants to address security will have to review their
Busybox config and decide whether to drop or keep options, based on
their use-case (esp. the initramfs case).

> Busybox uses the Kconfig infrastructure.
> Currently, it could be configured via a full custom defconfig or via fragments.
> But, I think that altering the configuration by fixups could be also useful.

The fact that it uses the Kconfig infra is no reason in itself to make
it behave like the kernel (otherwise we'd have to do the same for all
the other kconfig-based packages) [1]

So, given all the above, I would say that we do not need this feature at
all for busybox.

[0] we have only three packages that disable kernel options:
  - systemd disables legacy sysfs (which were entirely dropped in v6.4)
  - kernel-module-imx-gpu-viv (a driver) disables an incompatible driver
    specific to the IMX kernel fork
  - zfs which needs stuff unavailable when those options are set (like
    unused ksyms)
  Those are really special cases; usually packages need to enable
  options.

[1] and if we went that route, then there would be no reason why we
would not have to have a mechanism for packages to be able to force
--{enable,disable,with,without}-option of other, autoconf-based packages,
or -D{ENABLE,DISABLE}_OPTION for other, cmake-based packages, and
similarly for all infras. Nope; no, no, no...

Regards,
Yann E. MORIN.

> 
> Francois
>  
> 
>       Regards,
>       Arnout
> 
>     > +endef
>     > +
>     >   $(eval $(autotools-package))
>     _______________________________________________
>     buildroot mailing list
>     [8]buildroot@buildroot.org
>     [9]https://lists.buildroot.org/mailman/listinfo/buildroot
> 
> 
> References:
> 
> [1] mailto:buildroot@buildroot.org
> [2] mailto:francois.perrad@gadz.org
> [3] http://diffutils.mk/
> [4] http://diffutils.mk/
> [5] http://diffutils.mk/
> [6] http://diffutils.mk/
> [7] http://diffutils.mk/
> [8] mailto:buildroot@buildroot.org
> [9] https://lists.buildroot.org/mailman/listinfo/buildroot

> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot

diff --git a/package/diffutils/diffutils.mk b/package/diffutils/diffutils.mk
index 111926686..fe20a0e67 100644
--- a/package/diffutils/diffutils.mk
+++ b/package/diffutils/diffutils.mk
@@ -18,4 +18,8 @@  ifeq ($(BR2_TOOLCHAIN_USES_GLIBC),y)
 DIFFUTILS_CONF_ENV += gl_cv_func_getopt_gnu=yes
 endif
 
+define DIFFUTILS_BUSYBOX_CONFIG_FIXUPS
+	$(call KCONFIG_DISABLE_OPT,CONFIG_DIFF)
+endef
+
 $(eval $(autotools-package))

[04/31] package/diffutils: disable busybox diff

Commit Message

Comments

Patch