From patchwork Fri Aug  7 21:12:59 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Paul Spooren <mail@aparcar.org>
X-Patchwork-Id: 1342404
Return-Path: 
 <openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=lists.openwrt.org
 (client-ip=2001:8b0:10b:1231::1; helo=merlin.infradead.org;
 envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org;
 receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
 dmarc=none (p=none dis=none) header.from=aparcar.org
Authentication-Results: ozlabs.org;
	dkim=pass (2048-bit key;
 secure) header.d=lists.infradead.org header.i=@lists.infradead.org
 header.a=rsa-sha256 header.s=merlin.20170209 header.b=OSe7+mr6;
	dkim-atps=neutral
Received: from merlin.infradead.org (merlin.infradead.org
 [IPv6:2001:8b0:10b:1231::1])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest
 SHA256)
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 4BNdRP6w59z9sTM
	for <incoming@patchwork.ozlabs.org>; Sat,  8 Aug 2020 07:14:57 +1000 (AEST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding:
	Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive:
	List-Unsubscribe:List-Id:MIME-Version:Message-Id:Date:Subject:To:From:
	Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender
	:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Owner;
	bh=Oy/D+KGqdSfgSxJpc15NuvyoE6um+L3g9S9aEdKqwh8=; b=OSe7+mr6Vof6OSMcTihzLKa/Iu
	vgFCHlNqGG14X8Gd6uAdCIuSJ1HyOadywH9x7bNgjTWB+RqSe7OCLcU8mdlSvMu9koKRCHZvkEP4Z
	pr1F0c2Zp2qYKDAeoGmTRnO/7ym0qUSPV6GklqypQKd7Kc1phgbKbHqN5pJFUI23EJAhQB3gEdyuI
	WHrdd90CAk8IknCz/ynz4Wtzb7e9Vvfh9dVvWkFDvgZas23Osr4RfxX8JFoN4uTSJP40kgsH91L92
	TSA06yoESnePo/i7wkelQYKkIHriOqKX1NEoLjr6ARdvwX35BtouXBkTJOIjIPgWt6ZumGfzV7cZO
	VMjSBtpA==;
Received: from localhost ([::1] helo=merlin.infradead.org)
	by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux))
	id 1k49g5-0003pY-Kd; Fri, 07 Aug 2020 21:13:25 +0000
Received: from relay11.mail.gandi.net ([217.70.178.231])
 by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux))
 id 1k49g2-0003ow-Ab
 for openwrt-devel@lists.openwrt.org; Fri, 07 Aug 2020 21:13:24 +0000
Received: from dawn.lan (udp224251uds.hawaiiantel.net [72.234.141.215])
 (Authenticated sender: mail@aparcar.org)
 by relay11.mail.gandi.net (Postfix) with ESMTPA id 5E5E4100007;
 Fri,  7 Aug 2020 21:13:13 +0000 (UTC)
From: Paul Spooren <mail@aparcar.org>
To: openwrt-devel@lists.openwrt.org
Subject: [PATCH 1/4] tools: add fakeroot
Date: Fri,  7 Aug 2020 11:12:59 -1000
Message-Id: <20200807211302.1406188-1-mail@aparcar.org>
X-Mailer: git-send-email 2.25.1
MIME-Version: 1.0
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20200807_171322_477896_28248C01 
X-CRM114-Status: GOOD (  14.42  )
X-Spam-Score: -0.7 (/)
X-Spam-Report: SpamAssassin version 3.4.4 on merlin.infradead.org summary:
 Content analysis details:   (-0.7 points)
 pts rule name              description
 ---- ----------------------
 --------------------------------------------------
 -0.7 RCVD_IN_DNSWL_LOW      RBL: Sender listed at https://www.dnswl.org/,
 low trust [217.70.178.231 listed in list.dnswl.org]
 0.0 RCVD_IN_MSPIKE_H3      RBL: Good reputation (+3)
 [217.70.178.231 listed in wl.mailspike.net]
 -0.0 SPF_PASS               SPF: sender matches SPF record
 0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
 0.0 RCVD_IN_MSPIKE_WL      Mailspike good senders
X-BeenThere: openwrt-devel@lists.openwrt.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OpenWrt Development List <openwrt-devel.lists.openwrt.org>
List-Unsubscribe: <https://lists.openwrt.org/mailman/options/openwrt-devel>,
 <mailto:openwrt-devel-request@lists.openwrt.org?subject=unsubscribe>
List-Archive: <http://lists.openwrt.org/pipermail/openwrt-devel/>
List-Post: <mailto:openwrt-devel@lists.openwrt.org>
List-Help: <mailto:openwrt-devel-request@lists.openwrt.org?subject=help>
List-Subscribe: <https://lists.openwrt.org/mailman/listinfo/openwrt-devel>,
 <mailto:openwrt-devel-request@lists.openwrt.org?subject=subscribe>
Cc: "W . Michael Petullo" <mike@flyn.org>, Paul Spooren <mail@aparcar.org>,
 Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Sender: "openwrt-devel" <openwrt-devel-bounces@lists.openwrt.org>
Errors-To: 
 openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org

From: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

SELinux support requires setting the appropriate SELinux security context
to files and directories, which needs to happen at build time in order
to support read-only root filesystem scenarios. In order to create these
security contexts, we will have to run some SELinux-specific tools on
the host machine, but that requires root access. This adds support for
fakeroot, which the build process will use to run the SELinux security
context creation and the image creation.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

Apply to current master, and adjust commit message

Thomas' original work is available at
http://lists.infradead.org/pipermail/openwrt-devel/2019-November/025976.html.

Signed-off-by: W. Michael Petullo <mike@flyn.org>
[add rules.mk FAKEROOT variable]
Signed-off-by: Paul Spooren <mail@aparcar.org>
---
 rules.mk                |  1 +
 tools/Makefile          |  2 +-
 tools/fakeroot/Makefile | 20 ++++++++++++++++++++
 3 files changed, 22 insertions(+), 1 deletion(-)
 create mode 100644 tools/fakeroot/Makefile

diff --git a/rules.mk b/rules.mk
index 479172de03..45d96d6be4 100644
--- a/rules.mk
+++ b/rules.mk
@@ -264,6 +264,7 @@ endif
 
 BUILD_KEY=$(TOPDIR)/key-build
 
+FAKEROOT:=$(STAGING_DIR_HOST)/bin/fakeroot
 TARGET_CC:=$(TARGET_CROSS)gcc
 TARGET_CXX:=$(TARGET_CROSS)g++
 KPATCH:=$(SCRIPT_DIR)/patch-kernel.sh
diff --git a/tools/Makefile b/tools/Makefile
index 9bae09ece6..f038c90ba9 100644
--- a/tools/Makefile
+++ b/tools/Makefile
@@ -26,7 +26,7 @@ tools-y += m4 libtool autoconf autoconf-archive automake flex bison pkgconf mkli
 tools-y += sstrip make-ext4fs e2fsprogs mtd-utils mkimage
 tools-y += firmware-utils patch-image quilt padjffs2
 tools-y += mm-macros missing-macros cmake bc findutils gengetopt patchelf
-tools-y += mtools dosfstools libressl
+tools-y += mtools dosfstools libressl fakeroot
 tools-$(CONFIG_TARGET_orion_generic) += wrt350nv2-builder upslug2
 tools-$(CONFIG_TARGET_x86) += qemu
 tools-$(CONFIG_TARGET_mxs) += elftosb sdimage
diff --git a/tools/fakeroot/Makefile b/tools/fakeroot/Makefile
new file mode 100644
index 0000000000..04d9a0dd60
--- /dev/null
+++ b/tools/fakeroot/Makefile
@@ -0,0 +1,20 @@
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=fakeroot
+PKG_VERSION:=1.20.2
+
+PKG_SOURCE:=$(PKG_NAME)_$(PKG_VERSION).orig.tar.bz2
+PKG_SOURCE_URL:=http://snapshot.debian.org/archive/debian/20141005T221953Z/pool/main/f/fakeroot
+PKG_HASH:=7c0a164d19db3efa9e802e0fc7cdfeff70ec6d26cdbdc4338c9c2823c5ea230c
+
+include $(INCLUDE_DIR)/host-build.mk
+
+HOST_CONFIGURE_VARS += \
+	ac_cv_header_sys_capability_h=no \
+	ac_cv_func_capset=no
+
+$(eval $(call HostBuild))

From patchwork Fri Aug  7 21:13:00 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Paul Spooren <mail@aparcar.org>
X-Patchwork-Id: 1342402
X-Patchwork-Delegate: daniel@makrotopia.org
Return-Path: 
 <openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=lists.openwrt.org
 (client-ip=2001:8b0:10b:1231::1; helo=merlin.infradead.org;
 envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org;
 receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
 dmarc=none (p=none dis=none) header.from=aparcar.org
Authentication-Results: ozlabs.org;
	dkim=pass (2048-bit key;
 secure) header.d=lists.infradead.org header.i=@lists.infradead.org
 header.a=rsa-sha256 header.s=merlin.20170209 header.b=VrZJSfqE;
	dkim-atps=neutral
Received: from merlin.infradead.org (merlin.infradead.org
 [IPv6:2001:8b0:10b:1231::1])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest
 SHA256)
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 4BNdRN4Fmkz9sRK
	for <incoming@patchwork.ozlabs.org>; Sat,  8 Aug 2020 07:14:56 +1000 (AEST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding:
	Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive:
	List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:Message-Id:Date:
	Subject:To:From:Reply-To:Content-ID:Content-Description:Resent-Date:
	Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner;
	 bh=GQp5WWsdotH9AgIyp6ncBUtq/ugQXOpx+QhHm9gSvjA=; b=VrZJSfqE+MAOf4Rx0QJYCwL3d
	ekWjsZ4kNYEA+OKkUE68youiMcnJ00+VopZhwge1fjU7mbwhC0COxHf90zj/JOv5b8RPvjfDJ7woU
	nEoN9CcXB3imyWz3MAcsR60VrKDKfOzIqb/H7TDn79nNUnU1dmyegM3PTH00D5w7e5IyrWVTdeGL4
	K1si339d/IKaizxk4W/9GpOpVPp8QIklT6FOAMpB653a6tbXupvZOWMer5jhXxsEF5FNX2IrgxT7w
	X/kodaeNMWvoQzxlMJZAuv1evn7q+yu2XVcS6yf+sOhGrUvwqvTrfUdb9uhWBtQNpG9GXHO0rHknm
	tLxhspvbw==;
Received: from localhost ([::1] helo=merlin.infradead.org)
	by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux))
	id 1k49g8-0003pp-Fp; Fri, 07 Aug 2020 21:13:28 +0000
Received: from relay11.mail.gandi.net ([217.70.178.231])
 by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux))
 id 1k49g4-0003pE-12
 for openwrt-devel@lists.openwrt.org; Fri, 07 Aug 2020 21:13:25 +0000
Received: from dawn.lan (udp224251uds.hawaiiantel.net [72.234.141.215])
 (Authenticated sender: mail@aparcar.org)
 by relay11.mail.gandi.net (Postfix) with ESMTPA id C9B5F100005;
 Fri,  7 Aug 2020 21:13:21 +0000 (UTC)
From: Paul Spooren <mail@aparcar.org>
To: openwrt-devel@lists.openwrt.org
Subject: [PATCH 2/4] build: ipkg-build use fakeroot with PKG_FILE_MODES
Date: Fri,  7 Aug 2020 11:13:00 -1000
Message-Id: <20200807211302.1406188-2-mail@aparcar.org>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <20200807211302.1406188-1-mail@aparcar.org>
References: <20200807211302.1406188-1-mail@aparcar.org>
MIME-Version: 1.0
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20200807_171324_572599_D839E3E9 
X-CRM114-Status: GOOD (  12.34  )
X-Spam-Score: -0.7 (/)
X-Spam-Report: SpamAssassin version 3.4.4 on merlin.infradead.org summary:
 Content analysis details:   (-0.7 points)
 pts rule name              description
 ---- ----------------------
 --------------------------------------------------
 0.0 RCVD_IN_MSPIKE_H3      RBL: Good reputation (+3)
 [217.70.178.231 listed in wl.mailspike.net]
 -0.7 RCVD_IN_DNSWL_LOW      RBL: Sender listed at https://www.dnswl.org/,
 low trust [217.70.178.231 listed in list.dnswl.org]
 -0.0 SPF_PASS               SPF: sender matches SPF record
 0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
 0.0 RCVD_IN_MSPIKE_WL      Mailspike good senders
X-BeenThere: openwrt-devel@lists.openwrt.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OpenWrt Development List <openwrt-devel.lists.openwrt.org>
List-Unsubscribe: <https://lists.openwrt.org/mailman/options/openwrt-devel>,
 <mailto:openwrt-devel-request@lists.openwrt.org?subject=unsubscribe>
List-Archive: <http://lists.openwrt.org/pipermail/openwrt-devel/>
List-Post: <mailto:openwrt-devel@lists.openwrt.org>
List-Help: <mailto:openwrt-devel-request@lists.openwrt.org?subject=help>
List-Subscribe: <https://lists.openwrt.org/mailman/listinfo/openwrt-devel>,
 <mailto:openwrt-devel-request@lists.openwrt.org?subject=subscribe>
Cc: Paul Spooren <mail@aparcar.org>
Sender: "openwrt-devel" <openwrt-devel-bounces@lists.openwrt.org>
Errors-To: 
 openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org

The `ipkg-build` script converts a folder into a `opkg` installable
package. Until now it would use root:root for all packages and try to
preserve file modes.

This has the two drawbacks of packages want to add non-root files or add
SUID files, like the `sudo` package does.

To give more flexibility regarding file modes and avoid init script
hacks, a new variable called `PKG_FILE_MODES`. The variable contains a
list of files modes in the format `path:owner:group:mode`.

An example for the `sudo` package below:

```
PKG_FILE_MODES:=\
        /usr/bin/sudo:root:root:4755 \
        /etc/sudoers:root:root:0440
```

The `ipkg-build` now runs within a fakeroot environment to set any mode
and directly store it in the resulting `ipk` package archive.

Both options `-o` and `-g` are no longer required due to the introduction
of the more flexible `-m` options, which takes the `PKG_FILE_MODES` as
input.

Lastly the option `-c` is removed as it's unused within the script.

Signed-off-by: Paul Spooren <mail@aparcar.org>
---
 include/package-ipkg.mk |  6 +-----
 scripts/ipkg-build      | 41 +++++++++++++++++++++++++----------------
 2 files changed, 26 insertions(+), 21 deletions(-)

diff --git a/include/package-ipkg.mk b/include/package-ipkg.mk
index 622cbf3223..d8b65433c2 100644
--- a/include/package-ipkg.mk
+++ b/include/package-ipkg.mk
@@ -9,10 +9,6 @@ ifndef DUMP
   include $(INCLUDE_DIR)/feeds.mk
 endif
 
-# invoke ipkg-build with some default options
-IPKG_BUILD:= \
-  $(SCRIPT_DIR)/ipkg-build -c -o 0 -g 0
-
 IPKG_REMOVE:= \
   $(SCRIPT_DIR)/ipkg-remove
 
@@ -262,7 +258,7 @@ $(_endef)
     endif
 
 	$(INSTALL_DIR) $$(PDIR_$(1))
-	$(IPKG_BUILD) $$(IDIR_$(1)) $$(PDIR_$(1))
+	$(FAKEROOT) $(SCRIPT_DIR)/ipkg-build -m "$(PKG_FILE_MODES)" $$(IDIR_$(1)) $$(PDIR_$(1))
 	@[ -f $$(IPKG_$(1)) ]
 
     $(1)-clean:
diff --git a/scripts/ipkg-build b/scripts/ipkg-build
index 21127f3391..c547c439ef 100755
--- a/scripts/ipkg-build
+++ b/scripts/ipkg-build
@@ -77,23 +77,15 @@ pkg_appears_sane() {
 ###
 # ipkg-build "main"
 ###
-ogargs=""
-noclean=0
-usage="Usage: $0 [-c] [-C] [-o owner] [-g group] <pkg_directory> [<destination_directory>]"
-while getopts "cg:ho:v" opt; do
+file_modes=""
+usage="Usage: $0 [-v] [-h] [-m] <pkg_directory> [<destination_directory>]"
+while getopts "hvm:" opt; do
     case $opt in
-	o ) owner=$OPTARG
-	    ogargs="--owner=$owner"
-	    ;;
-	g ) group=$OPTARG
-	    ogargs="$ogargs --group=$group"
-	    ;;
-	c ) ;;
-	C ) noclean=1;;
 	v ) echo $version
 	    exit 0
 	    ;;
 	h ) 	echo $usage  >&2 ;;
+	m )	file_modes=$OPTARG ;;
 	\? ) 	echo $usage  >&2
 	esac
 done
@@ -144,21 +136,38 @@ tmp_dir=$dest_dir/IPKG_BUILD.$$
 mkdir $tmp_dir
 
 echo $CONTROL > $tmp_dir/tarX
-# Preserve permissions (-p) when creating data.tar.gz as non-root user
-( cd $pkg_dir && $TAR $ogargs -X $tmp_dir/tarX --format=gnu --sort=name -cpf -  --mtime="$TIMESTAMP" . | $GZIP -n - > $tmp_dir/data.tar.gz )
+cd $pkg_dir
+for file_mode in $file_modes; do
+	case $file_mode in
+	/*:*:*:*)
+	    ;;
+	*)
+	    echo "ERROR: file modes must use absolute path and contain user:group:mode"
+	    echo "$file_mode"
+	    exit 1
+	    ;;
+	esac
+	path=$(echo "$file_mode" | cut -d ':' -f 1)
+	user_group=$(echo "$file_mode" | cut -d ':' -f 2-3)
+	mode=$(echo "$file_mode" | cut -d ':' -f 4)
+
+	chown "$user_group" "$pkg_dir/$path"
+	chmod  "$mode" "$pkg_dir/$path"
+done
+$TAR -X $tmp_dir/tarX --format=gnu --sort=name -cpf - --mtime="$TIMESTAMP" . | $GZIP -n - > $tmp_dir/data.tar.gz
 
 installed_size=`stat -c "%s" $tmp_dir/data.tar.gz`
 sed -i -e "s/^Installed-Size: .*/Installed-Size: $installed_size/" \
 	$pkg_dir/$CONTROL/control
 
-( cd $pkg_dir/$CONTROL && $TAR $ogargs --format=gnu --sort=name -cf -  --mtime="$TIMESTAMP" . | $GZIP -n - > $tmp_dir/control.tar.gz )
+( cd $pkg_dir/$CONTROL && $TAR --format=gnu --sort=name -cf -  --mtime="$TIMESTAMP" . | $GZIP -n - > $tmp_dir/control.tar.gz )
 rm $tmp_dir/tarX
 
 echo "2.0" > $tmp_dir/debian-binary
 
 pkg_file=$dest_dir/${pkg}_${version}_${arch}.ipk
 rm -f $pkg_file
-( cd $tmp_dir && $TAR $ogargs --format=gnu --sort=name -cf -  --mtime="$TIMESTAMP" ./debian-binary ./data.tar.gz ./control.tar.gz | $GZIP -n - > $pkg_file )
+( cd $tmp_dir && $TAR --format=gnu --sort=name -cf -  --mtime="$TIMESTAMP" ./debian-binary ./data.tar.gz ./control.tar.gz | $GZIP -n - > $pkg_file )
 
 rm $tmp_dir/debian-binary $tmp_dir/data.tar.gz $tmp_dir/control.tar.gz
 rmdir $tmp_dir

From patchwork Fri Aug  7 21:13:01 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Paul Spooren <mail@aparcar.org>
X-Patchwork-Id: 1342403
X-Patchwork-Delegate: daniel@makrotopia.org
Return-Path: 
 <openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=lists.openwrt.org
 (client-ip=2001:8b0:10b:1231::1; helo=merlin.infradead.org;
 envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org;
 receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
 dmarc=none (p=none dis=none) header.from=aparcar.org
Authentication-Results: ozlabs.org;
	dkim=pass (2048-bit key;
 secure) header.d=lists.infradead.org header.i=@lists.infradead.org
 header.a=rsa-sha256 header.s=merlin.20170209 header.b=cxwGuV+w;
	dkim-atps=neutral
Received: from merlin.infradead.org (merlin.infradead.org
 [IPv6:2001:8b0:10b:1231::1])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest
 SHA256)
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 4BNdRP3yVJz9sTF
	for <incoming@patchwork.ozlabs.org>; Sat,  8 Aug 2020 07:14:57 +1000 (AEST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding:
	Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive:
	List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:Message-Id:Date:
	Subject:To:From:Reply-To:Content-ID:Content-Description:Resent-Date:
	Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner;
	 bh=hx0N08eChhRFG4Abnxo4QlSa2A4UcJnOgzOGzwu2SYc=; b=cxwGuV+wu2C2/JfyrdbkKM6K4
	J6uvmOVMKy0ZFbc2rBePUk0+AH0VDX8xpJlppMXNubztSrOsyFO2KUSCI9nEQIPEujDs7Axfh0sfo
	jaClqtYevguAqAG5Noh23AIzyTT16vcZUTO1FVPDRiiIH8Vd0BVK/tFbdSp5p8Tw+PctpUBTSFhq6
	d3hgPEISxNNei88CHT/3+kTAOT/gNhgNQA1+xyDz8vYZygU6pr1rtku6dl7dCKgSNPCBz6mTbtHh4
	zqOzg9zT34v62n7E2q0Ux9K4pR4IkSEfH+t/aWMswENh+4gTPVwXQyARICHlBdIrGIYoJbH372PlU
	MkUtulRGA==;
Received: from localhost ([::1] helo=merlin.infradead.org)
	by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux))
	id 1k49gB-0003qn-IB; Fri, 07 Aug 2020 21:13:31 +0000
Received: from relay11.mail.gandi.net ([217.70.178.231])
 by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux))
 id 1k49g8-0003pr-TY
 for openwrt-devel@lists.openwrt.org; Fri, 07 Aug 2020 21:13:29 +0000
Received: from dawn.lan (udp224251uds.hawaiiantel.net [72.234.141.215])
 (Authenticated sender: mail@aparcar.org)
 by relay11.mail.gandi.net (Postfix) with ESMTPA id BB1C6100002;
 Fri,  7 Aug 2020 21:13:25 +0000 (UTC)
From: Paul Spooren <mail@aparcar.org>
To: openwrt-devel@lists.openwrt.org
Subject: [PATCH 3/4] busybox: Use PKG_FILE_MODES for SUID
Date: Fri,  7 Aug 2020 11:13:01 -1000
Message-Id: <20200807211302.1406188-3-mail@aparcar.org>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <20200807211302.1406188-1-mail@aparcar.org>
References: <20200807211302.1406188-1-mail@aparcar.org>
MIME-Version: 1.0
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20200807_171329_076413_A9264766 
X-CRM114-Status: UNSURE (   8.57  )
X-CRM114-Notice: Please train this message.
X-Spam-Score: -0.7 (/)
X-Spam-Report: SpamAssassin version 3.4.4 on merlin.infradead.org summary:
 Content analysis details:   (-0.7 points)
 pts rule name              description
 ---- ----------------------
 --------------------------------------------------
 0.0 RCVD_IN_MSPIKE_H3      RBL: Good reputation (+3)
 [217.70.178.231 listed in wl.mailspike.net]
 -0.7 RCVD_IN_DNSWL_LOW      RBL: Sender listed at https://www.dnswl.org/,
 low trust [217.70.178.231 listed in list.dnswl.org]
 -0.0 SPF_PASS               SPF: sender matches SPF record
 0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
 0.0 RCVD_IN_MSPIKE_WL      Mailspike good senders
X-BeenThere: openwrt-devel@lists.openwrt.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OpenWrt Development List <openwrt-devel.lists.openwrt.org>
List-Unsubscribe: <https://lists.openwrt.org/mailman/options/openwrt-devel>,
 <mailto:openwrt-devel-request@lists.openwrt.org?subject=unsubscribe>
List-Archive: <http://lists.openwrt.org/pipermail/openwrt-devel/>
List-Post: <mailto:openwrt-devel@lists.openwrt.org>
List-Help: <mailto:openwrt-devel-request@lists.openwrt.org?subject=help>
List-Subscribe: <https://lists.openwrt.org/mailman/listinfo/openwrt-devel>,
 <mailto:openwrt-devel-request@lists.openwrt.org?subject=subscribe>
Cc: Paul Spooren <mail@aparcar.org>
Sender: "openwrt-devel" <openwrt-devel-bounces@lists.openwrt.org>
Errors-To: 
 openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org

Instead of using INSTALL_SUID use the more flexible PKG_FILE_MODES
variable withn the Makefile to set the SUID bit.

Signed-off-by: Paul Spooren <mail@aparcar.org>
---
 package/utils/busybox/Makefile | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/package/utils/busybox/Makefile b/package/utils/busybox/Makefile
index 01441d1e87..e5507aa787 100644
--- a/package/utils/busybox/Makefile
+++ b/package/utils/busybox/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=busybox
 PKG_VERSION:=1.31.1
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 PKG_FLAGS:=essential
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
@@ -28,6 +28,10 @@ PKG_LICENSE:=GPL-2.0
 PKG_LICENSE_FILES:=LICENSE archival/libarchive/bz/LICENSE
 PKG_CPE_ID:=cpe:/a:busybox:busybox
 
+ifneq ($(CONFIG_BUSYBOX_$(BUSYBOX_SYM)_FEATURE_SUID),)
+  PKG_FILE_MODES:=/bin/busybox:root:root:4755
+endif
+
 include $(INCLUDE_DIR)/package.mk
 
 ifeq ($(DUMP),)
@@ -118,9 +122,6 @@ endif
 ifneq ($(CONFIG_BUSYBOX_$(BUSYBOX_SYM)_NTPD),)
 	$(INSTALL_BIN) ./files/sysntpd $(1)/etc/init.d/sysntpd
 	$(INSTALL_BIN) ./files/ntpd-hotplug $(1)/usr/sbin/ntpd-hotplug
-endif
-ifneq ($(CONFIG_BUSYBOX_$(BUSYBOX_SYM)_FEATURE_SUID),)
-	$(INSTALL_SUID) $(PKG_INSTALL_DIR)/bin/busybox $(1)/bin/busybox
 endif
 	-rm -rf $(1)/lib64
 endef

From patchwork Fri Aug  7 21:13:02 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Paul Spooren <mail@aparcar.org>
X-Patchwork-Id: 1342401
Return-Path: 
 <openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=lists.openwrt.org
 (client-ip=2001:8b0:10b:1231::1; helo=merlin.infradead.org;
 envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org;
 receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
 dmarc=none (p=none dis=none) header.from=aparcar.org
Authentication-Results: ozlabs.org;
	dkim=pass (2048-bit key;
 secure) header.d=lists.infradead.org header.i=@lists.infradead.org
 header.a=rsa-sha256 header.s=merlin.20170209 header.b=dDaZ0mOR;
	dkim-atps=neutral
Received: from merlin.infradead.org (merlin.infradead.org
 [IPv6:2001:8b0:10b:1231::1])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest
 SHA256)
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 4BNdRN6yW1z9sRN
	for <incoming@patchwork.ozlabs.org>; Sat,  8 Aug 2020 07:14:56 +1000 (AEST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding:
	Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive:
	List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:Message-Id:Date:
	Subject:To:From:Reply-To:Content-ID:Content-Description:Resent-Date:
	Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner;
	 bh=wroBhfEWQnVq7fpNdjg1bemcsdpcCDJ4VwHGChoqSRI=; b=dDaZ0mORfRweGbTClCrQRvtje
	dH0M70nC0OlI2lKhwRnaiFtN5EIsp8nVlyNj2Za7lWxnJAPrg03+NdnFZgqFxjRXovXfMPR89QlB4
	HviQwLYhuyYlJApnBVwV3wOVVCLFvlDKYO2u2BQncvFQS2fai3odYgcjIZI8a0/eaEod+O5CVVfC6
	bnfxj+t3EhseowgBAl3DppKts65Ir8p1MxqY2f+SNq5nOG/P7vUx2hZ4/WGfS3fylm+QYOCFImQub
	/L1uz5hmku+8yYiWXT0PU5qkWop8c3u/FzlDMBnqf1uvF1+76wmJPciqM0W5TZfJ1e1ANyLX6G/cf
	3NgnmSjmQ==;
Received: from localhost ([::1] helo=merlin.infradead.org)
	by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux))
	id 1k49gD-0003rO-L3; Fri, 07 Aug 2020 21:13:33 +0000
Received: from relay11.mail.gandi.net ([217.70.178.231])
 by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux))
 id 1k49gB-0003qg-2k
 for openwrt-devel@lists.openwrt.org; Fri, 07 Aug 2020 21:13:32 +0000
Received: from dawn.lan (udp224251uds.hawaiiantel.net [72.234.141.215])
 (Authenticated sender: mail@aparcar.org)
 by relay11.mail.gandi.net (Postfix) with ESMTPA id 9932E100007;
 Fri,  7 Aug 2020 21:13:28 +0000 (UTC)
From: Paul Spooren <mail@aparcar.org>
To: openwrt-devel@lists.openwrt.org
Subject: [PATCH 4/4] build: remove INSTALL_SUID
Date: Fri,  7 Aug 2020 11:13:02 -1000
Message-Id: <20200807211302.1406188-4-mail@aparcar.org>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <20200807211302.1406188-1-mail@aparcar.org>
References: <20200807211302.1406188-1-mail@aparcar.org>
MIME-Version: 1.0
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20200807_171331_317199_09A0280B 
X-CRM114-Status: UNSURE (   8.34  )
X-CRM114-Notice: Please train this message.
X-Spam-Score: -0.7 (/)
X-Spam-Report: SpamAssassin version 3.4.4 on merlin.infradead.org summary:
 Content analysis details:   (-0.7 points)
 pts rule name              description
 ---- ----------------------
 --------------------------------------------------
 0.0 RCVD_IN_MSPIKE_H3      RBL: Good reputation (+3)
 [217.70.178.231 listed in wl.mailspike.net]
 -0.7 RCVD_IN_DNSWL_LOW      RBL: Sender listed at https://www.dnswl.org/,
 low trust [217.70.178.231 listed in list.dnswl.org]
 -0.0 SPF_PASS               SPF: sender matches SPF record
 0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
 0.0 RCVD_IN_MSPIKE_WL      Mailspike good senders
X-BeenThere: openwrt-devel@lists.openwrt.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OpenWrt Development List <openwrt-devel.lists.openwrt.org>
List-Unsubscribe: <https://lists.openwrt.org/mailman/options/openwrt-devel>,
 <mailto:openwrt-devel-request@lists.openwrt.org?subject=unsubscribe>
List-Archive: <http://lists.openwrt.org/pipermail/openwrt-devel/>
List-Post: <mailto:openwrt-devel@lists.openwrt.org>
List-Help: <mailto:openwrt-devel-request@lists.openwrt.org?subject=help>
List-Subscribe: <https://lists.openwrt.org/mailman/listinfo/openwrt-devel>,
 <mailto:openwrt-devel-request@lists.openwrt.org?subject=subscribe>
Cc: Paul Spooren <mail@aparcar.org>
Sender: "openwrt-devel" <openwrt-devel-bounces@lists.openwrt.org>
Errors-To: 
 openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org

Instead of INSTALL_SUID the PKG_FILE_MODES variable should be used

Signed-off-by: Paul Spooren <mail@aparcar.org>
---
 rules.mk | 1 -
 1 file changed, 1 deletion(-)

diff --git a/rules.mk b/rules.mk
index 45d96d6be4..d535e57266 100644
--- a/rules.mk
+++ b/rules.mk
@@ -281,7 +281,6 @@ PATCH:=patch
 PYTHON:=python
 
 INSTALL_BIN:=install -m0755
-INSTALL_SUID:=install -m4755
 INSTALL_DIR:=install -d -m0755
 INSTALL_DATA:=install -m0644
 INSTALL_CONF:=install -m0600