glibc 2.40 renames some internal header variables. Update our hack to
work with the new version. These kinds of problems illustrate we need to
address the issue properly.
(From OE-Core rev: 35021d650de3eecc3f42000181b39a5db5a8eaa0)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
rpm 4.19 now builds with LFS64 support enabled by default,
so it calls statvfs64() to get the space available on the
filesystem it is installing packages into. This is not
getting caught by pseudo, so rpm is checking the host's
root filesystem, rather than the filesystem where the
build is happening.
Merge in that fix and a gcc14 fix.
(From OE-Core rev: f6d021c860b2b99f46c604149317b326f493022d)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This adds a horrible hack to get pseudo working with glibc 2.38. We can't
drop _GNU_SOURCE to something like _DEFAULT_SOURCE since we need the defines
the gnu options bring in. That leaves using internal glibc defines to disable
the c23 versions of strtol/fscanf and friends. Which would break pseudo
build with 2.38 from running on hosts with older glibc.
We'll probably need to come up with something better but this gets glibc 2.38
and working and avoids autobuilder failures.
(From OE-Core rev: 596fb699d470d7779bfa694e04908929ffeabcf7)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Since commit [df313aa810 pseudo: Fix to work with glibc 2.34
systems] applied, it fixed native only. And nativesdk has
the similar issue
Tweak library search order, make prebuilt lib ahead of recipe lib,
after apply the fix:
...
$ readelf -a lib/pseudo/lib64/libpseudo.so | grep 'Shared library'
0x0000000000000001 (NEEDED) Shared library: [libdl.so.2]
0x0000000000000001 (NEEDED) Shared library:[libpthread.so.0]
0x0000000000000001 (NEEDED) Shared library: [libc.so.6]
...
(From OE-Core rev: d6d116b5db78645958ea30be3d0572e0f6d7bd92)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The merge of libdl into libc in glibc 2.34 causes problems for pseudo. Add a fix
that works around this issue.
(From OE-Core rev: dd3e46a043c81cd4d81731a0f691868d3c059742)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This also plugs a memory leak in pseudo_client_ignore_path_chroot().
(From OE-Core rev: d8dddd5054a1c4e20a3e32fa9ab31f5859d6fbb6)
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
There is magic in the posts where specific variable names have specific
magic. For that magic to work, "path" needs to be used not "pathname" as
is currently there. Fix this, which fixes path issues on systems using
statx (Ubuntu 20.04 in particular).
(From OE-Core rev: f9ae80aee98a7bb59c83ac9ebf9d317302507cec)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add a path to fix up handling of dirfd being passed as a full file
and with path="".
(From OE-Core rev: 3006bbe7768e4efe33d3d2d3f5786a561ecbe96f)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Mark files which are unlinked (nlink == 0) but open with fd's as
"may-unlink" to avoid problematic database entries.
(From OE-Core rev: e1e481f3608c05ab14c61bf45cd0837d7287b6a5)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Fix a NULL pointer dereference exposed by the path ignore code in
xattr handling.
(From OE-Core rev: 929a27bf6cbca94d1141d2094ae0c915d93bd3f4)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Where files are link()'d and one is unlink()'d, pseudo's fd mappings
can become confused. Add a patch to try and improve this for the common
usecases we see.
(From OE-Core rev: 9ce621fa2099608ca0ccbb8420b31d71cdd7b00e)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Rather than doing what turns out to be a rather dangerous "fixup" if
we see a file with a different path but the same inode as another file
we've previously seen, throw and abort. Direct the user to a wiki page
where we can maintain information about what this error means.
(From OE-Core rev: 2db491d97da08d44ebd257f98489550a82a7935c)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add PSEUDO_IGNORE_PATHS, a comma separated list of path prefixes, where
any files underneath are not handled by pseudo. This allows files to
be left out of the pseudo datanase where we know we don't need the
fake root emulation. This is particularly useful if we know these files
can be deleted outside of pseudo context.
(From OE-Core rev: 8defb687a2c0ffac232c4d0d63a590871c453a2e)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Currently, where pseudo finds a database entry for an inode but the path
doesn't match, it reuses that database entry metadata. This is causing
real world "corruption" of file attributes.
See [YOCTO #14057] for an example of this.
This can happen when files are deleted outside of pseudo context and the
inode is reused by a new file which pseduo then "sees".
Its possible the opposite could happen, it needs to reuse attributes
but this change would prevent it. As far as I can tell, we don't want
pseuo to reuse these attributes though so this code should be safer
and avoid bugs like the above.
(From OE-Core rev: 1c13149b81e03a1ac48b27a208a139d5493c3ce7)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
We have a significant number of outstanding patches to pseudo. Rather than
queue these up as patches, create a branch in the upstream repo and use that
until such times as we have someone with the time/skills to properly review
these for master in the pseudo repo.
(From OE-Core rev: f09088eaa803ce396726368626a35dee70168d91)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
On a tumbleweed system, "install X Y" was showing the error:
pseudo: ENOSYS for 'fsetxattr'.
which was being caused by dlsym() for that function returning NULL. This
appears to be due to it finding an unresolved symbol in libacl for this
symbol in libattr. It hasn't been resolved so its NULL. dlerror() returns
nothing since this is a valid symbol entry, its just not the one we want.
We can add the glibc version string for the symbol we actually want so we get
that version rather than the libattr/libacl one. The calls in libattr are just
wrappers around the libc version so our attaching to the libc versions should
intercept any accesses via these too.
[YOCTO #13952]
(From OE-Core rev: 82655cb26ad01de9587ef41eaef155c61c361f67)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
'pseudo_access_t' is a type, so use typedef.
Fixes building pseudo with gcc 10 where -fno-common is the default.
(From OE-Core rev: a7d519f742aadc9110c2401f359254210a784f6b)
Signed-off-by: Jacob Kroon <jacob.kroon@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
It fails to compile pseudo-native on centos 7:
| ports/linux/pseudo_wrappers.c: In function ‘prctl’:
| ports/linux/pseudo_wrappers.c:129:14: error: ‘SECCOMP_SET_MODE_FILTER’ undeclared (first use in this function)
| if (cmd == SECCOMP_SET_MODE_FILTER) {
| ^
Add macro guard for the definition to avoid the failure.
(From OE-Core rev: d1c4492cb9cf5a624bb996c94e9a1589133be014)
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
If a file does not exist, either because it has been removed outside
bitbake, or because only some of the files have been moved to a
different location, delete it from the pseudo-db is the user decides to
fix the database.
(From OE-Core rev: 79f7212ae71a4eb9e7abfe2c333b035ccc10e5c5)
Signed-off-by: Ricardo Ribalda Delgado <ricardo@ribalda.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Pseudo changes the syscall access patterns which makes it incompatible with
seccomp. Therefore intercept the seccomp syscall and alter it, pretending that
seccomp was setup when in fact we do nothing. If we error as unsupported,
utilities like file will exit with errors so we can't just disable it.
This works around issues on platforms where seccomp is enabled in file
(e.g. archlinux).
(From OE-Core rev: bc895522eb940539a0e3cb6192c4a64f13ca8d6a)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Linux system's realpath() remove trailing slashes, but pseudo's doesn't, need
make them identical.
E.g., the following code (rel.c) prints '/tmp' with system's realpath, but
pseudo's realpath prints '/tmp/':
#include <stdio.h>
#include <limits.h>
#include <stdlib.h>
int main() {
char out[PATH_MAX];
printf("%s\n", realpath("/tmp/", out));
return 0;
}
$ bitbake base-passwd -cdevshell # For pseudo env
$ gcc rel.c
$ ./a.out
/tmp/ (but should be /tmp)
This patch fixes the problem.
(From OE-Core rev: 319bbf66e03377adf2db7efa93ef578e3460eb38)
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Modern distros (e.g. fedora30) are starting to use the new statx() syscall through
the newly exposed glibc wrapper function in software like coreutils (e.g. the ls
command). Add support to intercept this to pseudo.
(From OE-Core rev: 11694eb59bea347085d6e389df0b46826219c0d3)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
If sqlite3 is built with FTS5 it uses log() from libm, it sqlite3 is built
with READLINE it uses tgetent from a curses lib and readline from libreadline,
if it is built using deflate from libz ... , but all that linkage is lost
if we manually statically link so explicitely extract extra static linking
options from pkg-config and force them into pseudo as well.
This commit obsoletes (so include the implicit revert)
e39fec613d pseudo: fix link with new sqlite3
(From OE-Core rev: 042af406583acc091ef82c3d1dcedd41315046de)
Signed-off-by: Jens Rehsack <sno@netbsd.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
If sqlite3 is built with FTS5 it uses log() from libm, but that linkage is lost
if we manually statically link so explicitly link to libm.
(From OE-Core rev: b24a67217d82f225e76fbc2dfb70dd8e1a6ea215)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This changes the pseudo FASTOP functionality so that a reply to the
operation is required. This means we then cannot lose data if a connection
is closed. This in turn stops corruption if we run out of file handles
and have to close connections.
This tweaks the connection closure patch to update the comment there which
is now outdated.
(From OE-Core rev: eb49d50b4c342069087886f2aac546805647c066)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
If we have large amounts of parallelism, pseudo can end up with too
many open connections and will no longer accept further connections,
hanging. This patch works around that by closing some clients, allowing
turnover of connections and unblocking the system. The downside is a small
but theoretical window of data loss. This is likely better than locking
up entirely though. Discussions with Peter are onging about how we could
better fix this.
(From OE-Core rev: f3589f154dad1c92e599737623d392508810ae7e)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Backport fixes from pseudo master for an acl issue and more importantly, a segfault
issue with bash which can be triggered by the recent useradd changes.
(From OE-Core rev: 949214761998a93fc6b8b009f1cdad0db3bfa5db)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Currently there are multiple issues with useradd:
* If base-passwd rebuilds, it wipes out recipe specific user/group additions
to sysroots and causes errors
* If recipe A adds a user and recipe B depends on A, it can't see any of the
users/groups A adds.
This patch changes base-passwd so it always works as a postinst script
within the sysroot and copies in the master files, then runs any
postinst-useradd-* scripts afterwards to add additional user/groups.
The postinst-useradd-* scripts are tweaked so that if /etc/passwd doesn't exist
they just exit, knowning they'll be executed later. We also add a dummy entry to
the dummy passwd file from pseudo so we can avoid this too.
There is a problem where if recipe A adds a user and recipe B depends on A but
doesn't care about users, it may not have a dependency on the useradd/groupadd
tools which would therefore not be available in B's sysroot. We therefore also
tweak postinst-useradd-* scripts so that if the tools aren't present we simply
don't add users. If you need the users, you add a dependency on the tools in the
recipe and they'll be added.
We add postinst-* to SSTATE_SCAN_FILES since almost any postinst script of this
kind is going to need relocation help.
We also ensure that the postinst-useradd script is written into the sstate
object as the current script was only being added in a recipe local way.
Thanks to Peter Kjellerstedt <pkj@axis.com> and Patrick Ohly for some pieces
of this patch.
[Yocto #11124]
(From OE-Core rev: 1b5afaf437f7a1107d4edca8eeb668b9618a5488)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Update to the newly minted 1.8.2, dropping several patches we'd
backported since the last release.
(From OE-Core rev: 6437f14c9177fd7ec7a9b6bca873362b0c94abfb)
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
pseudo_1.8.1.bb gets the backported patch and pseudo_git.bb gets
updated to include the commit.
(From OE-Core rev: 4e98f3a6e6f61d9d9037ac828b9c4869f7e11458)
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
renameat calls under pseudo were losing extended attributes.
Backport the fix for this from pseudo upstream.
[YOCTO '10349]
(From OE-Core rev: 16f6b020ebea49f012f2e65997a8d464f94d6605)
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
When the client spawns a pseudo server, it starts out sending diagnostics
to stderr. This can be spammy in some cases with races during startup;
everything resolves, but we get scary-looking diagnostics. So shove
those into a log file.
(From OE-Core rev: efd0b0f604f9f498b9c20bc9a25708c493aa4f4a)
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
In a heavily loaded container, the child process might not started
before the parent process had terminated. The child process attempts to
signal the parent with SIGUSR1. If the parent had terminated, the
parent becomes PID 1, which is generally init. When it signaled pid 1,
it caused the docker mini-init to terminate.
This doesn't happen in a traditional system, as systemd/sysvinit is
protected to only root users can signal it.
[YOCTO #10324]
(From OE-Core rev: f6f13b049e8683d2a2af3e120ba979b58f9a7d9a)
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Nodejs expects the user and group nobody to exist on global install commands.
The target build works as base-passwd contained it, however the fallback passwd did not.
This broke the SDK if nodejs was included.
(From OE-Core rev: 40b89061c1efe8c150c1ac0886616d1b6facc2a0)
Signed-off-by: Michael Davis <michael.davis@essvote.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
In the 1.8 series of pseudo extended attribute handling was reworked
to be a property of inodes, not paths, and as a product fixed extended
attribute semantics on hardlinks. Unfortunately this rework introduced
a slow path around file deletion.
Add a patch for use by the pseudo 1.8.1 recipe which backports a fix
for this regression from the master branch of pseudo.
[YOCTO #9929]
(From OE-Core rev: 75627af164f027de0036b91854e9b926de786bcd)
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* Drop patches where the changes exist upstream
* Fetch from git as no tarball is available for 1.8.1
* Move common code to pseudo.inc
* Update patchset in git recipe
(From OE-Core rev: 0c36984d4c501d12fa91cf7371511641585cc256)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
xattr removal doesn't work in pseudo 1.7.5, backport a patch from
pseudo master to fix this.
[YOCTO #9324]
(From OE-Core rev: e4f6156ffdc840e99b546369493aaf37c4856b3b)
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Increase number of retries to handle slow exiting servers.
(From OE-Core rev: 2d70c2afce9d121db98296bce275be956bf13137)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Normally pseudo is built with --without-passwd-fallback, which requires
that somebody provide target passwd and group files. Those come from
base-passwd in OE, but base-passwd cannot be built without first
invoking operations under pseudo that require getpw*/getgr*.
Provide the absolute minimum stub files, matching in content what will
eventually be on the target, that can be used in the cases where the
target files are not yet available. The requirements for minimum stub
are the usernames and groups identified in meta/files/fs-perms.txt.
(From OE-Core rev: 91443426246fbe13083c19801b7c74365e041271)
Signed-off-by: Peter A. Bigot <pab@pabigot.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The fchmodat-permissions patch was fine for the fchmod case, but
had the unintended side effect of disregarding umask settings for
open, mknod, mkdir, and their close relatives. Start tracking umask
and masking the umask bits out where appropriate.
(From OE-Core rev: ce23c1cc33a015fbd184df6c16658353334ab611)
Signed-off-by: Peter Seebach <peter.seebach@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
It turns out that pseudo's decision not to report errors from
the host system's fchmodat() can break GNU tar in a very strange
way, resulting in directories being mode 0700 instead of whatever
they should have been.
Additionally, it turns out that if you make directories in your
rootfs mode 777, that results in the local copies being mode 777,
which could allow a hypothetical attacker with access to the
machine to add files to your rootfs image. We should mask out
the 022 bits when making actual mode changes in the rootfs.
This patch represents a backport to the 1.5.1 branch of three
patches from the 1.6 branch, because it took a couple of tries
to get this quite right.
(From OE-Core rev: 45371858129bbad8f4cfb874e237374a5ba8db4c)
Signed-off-by: Peter Seebach <peter.seebach@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
