NetBSD-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: misc/58196: [RB] Install ISO images leak local user/group information



On Fri, 2024-05-03 16:20:02 +0000, Christos Zoulas <christos%zoulas.com@localhost> wrote:
>  I think that the simplest way to fix this is to always pass -N
>  ${DESTDIR}/etc to the makefs invocation so that it uses the
>  appropriate group and master.passwd files.

The install ISOs seem to be generated from
[src]/distrib/common/Makefile.image ;  its `makefs` call already has
"-N ${NETBSDSRCDIR}/etc".

For example:

root@lili:/var/cache/laminar# ./compare_tarballs.sh {,n}netbsd-arc-mipsel-rel.tar.gz 
--- /tmp/tmp.LOzRMiQmXe 2024-05-03 20:53:41.848137167 +0200
+++ /tmp/tmp.jgng3HwfMC 2024-05-03 20:53:43.719990220 +0200
@@ -23,4 +23,4 @@
 86ddeb6da8b49b6745ef58d991f737be  ./release-arc-mipsel/arc/INSTALL.more
 c510fdb48ce5a5fbc521e5870d41ede0  ./release-arc-mipsel/arc/INSTALL.ps
 b30b0c47e2b8dda815c3916e4dedd3ef  ./release-arc-mipsel/arc/INSTALL.txt
-90a3d5e451d1f480c97d642b87505283  ./release-arc-mipsel/images/NetBSD-10.99.10-arc.iso
+7ae7f6c75e9e0e3ebcfa3f285b972369  ./release-arc-mipsel/images/NetBSD-10.99.10-arc.iso

(...comparing an arc/mipsel build, Linux left, NetBSD right.)

Differences in the ISO image are like this:

-0000a130: 0000 0003 e603 0000 0000 03e6 e603 0000  ................
+0000a130: 0000 0003 0000 0000 0000 0000 e603 0000  ................

(several others as well)

0x03e6 = 998, which is the UID/GIT the Linux (Docker) based builds are
running as. From looking at the code, I think that it's just keeping
numeric owner information from a stat/lstat call IFF there isn't an
override in the manifest. I don't think it's resolving names, esp. not
for UID numbers like 998 which are just from the building user, with
IMHO no additional code mapping any non-zero UID to zero (or any
specific other value.) I can give a different -N a try, but I doubt
it'll fix the issue.

MfG, JBG

-- 

Attachment: signature.asc
Description: PGP signature



Home | Main Index | Thread Index | Old Index