[OS-BUILD PATCH 2/2] rpmspec: correct the ghost initramfs attributes

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

From: Herton R. Krzesinski <herton@xxxxxxxxxx>

rpmspec: correct the ghost initramfs attributes

Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1977056

This is a cherry pick from the following rhel-8 change into kernel-ark:

commit 88049ff66893839cb85731db809b1ba47a3a23f3
Author: Rafael Aquini <aquini@xxxxxxxxxx>
Date:   Tue Jun 25 19:25:09 2019 -0400

    [rpmspec] correct the ghost initramfs attributes

    Message-id: <0d44bbb391ffd1cee003581ffffb93ad315b4e27.1561490617.git.aquini@xxxxxxxxxx>
    Patchwork-id: 265851
    O-Subject: [RHEL8 PATCH] redhat: spec: correct the ghost initramfs attributes
    Bugzilla: 1678881
    RH-Acked-by: Jarod Wilson <jarod@xxxxxxxxxx>
    RH-Acked-by: Jan Stancek <jstancek@xxxxxxxxxx>

    Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1678881
    Upstream Status: RHEL only
    Build Info: http://brewweb.devel.redhat.com/brew/taskinfo?taskID=22353984

    This patch is a forward port of the following RHEL-7 commit:
    commit f9e549645b10405f8b12f07649327ea293a5a78a
    Author: Kyle Walker <kwalker@xxxxxxxxxx>
    Date:   Mon Feb 4 19:11:11 2019 -0500

        [redhat] spec: Correct the ghost initramfs attributes

        Message-id: <20190204191110.4217-1-kwalker@xxxxxxxxxx>
        Patchwork-id: 239860
        O-Subject: [RHEL7 BZ 1571909] spec: Correct the ghost initramfs attributes
        Bugzilla: 1571909
        RH-Acked-by: Tony Camuso <tcamuso@xxxxxxxxxx>
        RH-Acked-by: Jarod Wilson <jarod@xxxxxxxxxx>
        RH-Acked-by: Patrick Talbert <ptalbert@xxxxxxxxxx>

        Bugzilla: 1571909
        Message-id: <20190204191110.4217-1-kwalker@xxxxxxxxxx>
        Patchwork-id: 239860
        O-Subject: [RHEL7 BZ 1571909] spec: Correct the ghost initramfs attributes
        Bugzilla: 1571909
        RH-Acked-by: Tony Camuso <tcamuso@xxxxxxxxxx>
        RH-Acked-by: Jarod Wilson <jarod@xxxxxxxxxx>
        RH-Acked-by: Patrick Talbert <ptalbert@xxxxxxxxxx>

        Bugzilla: 1571909
        Upstream Status: RHEL only
        Build Info: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=20067072

        The initramfs ghost directive doesn't include the necessary attributes
        macro. When generating the initramfs, dracut sets the umask to 0077, which
        will result in 0600 as shown below.

            # dracut -f 2>/dev/null 1>&2
            # ls -l /boot/initramfs-3.10.0-957.1.3.el7.x86_64.img
            -rw-------. 1 root root 21266044 Feb  4 12:09 /boot/initramfs-3.10.0-957.1.3.el7.x86_64.img

        But this doesn't match the specfile which currently assumes 0644 and
        results in RPM verification failures.

            # rpm -V kernel
            .M.......  g /boot/initramfs-3.10.0-957.1.3.el7.x86_64.img

        The issue was masked in previous releases as ghost directives were never
        properly verified as indicated in BZ1395818. Resolved by applying a 0600
        attribute set for ghost initramfs entries.

        Signed-off-by: Kyle Walker <kwalker@xxxxxxxxxx>
        Signed-off-by: Jan Stancek <jstancek@xxxxxxxxxx>

    Signed-off-by: Rafael Aquini <aquini@xxxxxxxxxx>
    Signed-off-by: Herton R. Krzesinski <herton@xxxxxxxxxx>

Signed-off-by: Herton R. Krzesinski <herton@xxxxxxxxxx>

diff --git a/redhat/kernel.spec.template b/redhat/kernel.spec.template
index blahblah..blahblah 100755
--- a/redhat/kernel.spec.template
+++ b/redhat/kernel.spec.template
@@ -2883,13 +2883,13 @@ fi
 /lib/modules/%{KVERREL}%{?3:+%{3}}/dtb \
 %ghost /%{image_install_path}/dtb-%{KVERREL}%{?3:+%{3}} \
 %endif\
-%attr(600,root,root) /lib/modules/%{KVERREL}%{?3:+%{3}}/System.map\
-%ghost /boot/System.map-%{KVERREL}%{?3:+%{3}}\
+%attr(0600, root, root) /lib/modules/%{KVERREL}%{?3:+%{3}}/System.map\
+%ghost %attr(0600, root, root) /boot/System.map-%{KVERREL}%{?3:+%{3}}\
 /lib/modules/%{KVERREL}%{?3:+%{3}}/symvers.gz\
 /lib/modules/%{KVERREL}%{?3:+%{3}}/config\
-%ghost /boot/symvers-%{KVERREL}%{?3:+%{3}}.gz\
-%ghost /boot/config-%{KVERREL}%{?3:+%{3}}\
-%ghost /boot/initramfs-%{KVERREL}%{?3:+%{3}}.img\
+%ghost %attr(0600, root, root) /boot/symvers-%{KVERREL}%{?3:+%{3}}.gz\
+%ghost %attr(0600, root, root) /boot/initramfs-%{KVERREL}%{?3:+%{3}}.img\
+%ghost %attr(0644, root, root) /boot/config-%{KVERREL}%{?3:+%{3}}\
 %dir /lib/modules\
 %dir /lib/modules/%{KVERREL}%{?3:+%{3}}\
 %dir /lib/modules/%{KVERREL}%{?3:+%{3}}/kernel\

--
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1268
_______________________________________________
kernel mailing list -- kernel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to kernel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/kernel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Index of Archives]     [Fedora General Discussion]     [Older Fedora Users Archive]     [Fedora Advisory Board]     [Fedora Security]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Mentors]     [Fedora Package Announce]     [Fedora Package Review]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Coolkey]     [Yum Users]     [Tux]     [Yosemite News]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [USB]     [Asterisk PBX]

  Powered by Linux