Re: [yocto] #fakeroot #pseudo-native #xattr #attr-native #yocto

Wed, 14 Jun 2023 09:14:02 -0700 

On Wed, 2023-06-14 at 08:48 -0700, jbarnesweb via lists.yoctoproject.org wrote:
> Thanks for your reply, Richard.
> 
> The  task was elided above. Here's what the recipe looks like now. (I removed 
> the fakeroot decorator from the function signature). It still stops with 
> Operation not permitted.
> 
> label_sign_verity() {
> ...
>     ${DUMPIMAGE} -T flat_dt -p 0 -o ${SOCOS_IMAGEDIR}/Image ${FITIMAGE_PATH} 
> #Does this contribute to the error? 
> ...
>     echo ${WHOAMI} >>${WORKDIR}/socosupdate_sign_and_package.txt # prints root
> ...
>     ${SETFATTR} -n security.ima -v 
> 0x${IMA_HEADER}${HASH_ALGO}${KEY_ID}${SIG_LENGTH}${DTB_SIG} 
> ${SOCOS_IMAGEDIR}/Image # Operation not permitted.
> }
> ...
> fakeroot do_sign_and_package() {
> ...
>     label_sign_verity ${SOCOSUPDATEDIR}/ ${FITIMAGE_PATH} 
> >>${WORKDIR}/socosupdate_sign_and_package.txt
> }
> ...
> addtask sign_and_package after do_deploy before do_build


Extended attributes aren't something we've done a lot of work with. In
theory pseudo does have support for them but it does get complicated as
there are things we need to emulate and things we shouldn't as they
relate to the host system.

It looks like pseudo does have xattr enabled by default. it is possible
setfattr is calling some glibc function we don't intercept, or it is
calling a syscall directly and bypassing glibc.

The code in pseudo is here:

https://git.yoctoproject.org/pseudo/tree/ports/linux/xattr/pseudo_wrappers.c#n155

called from here:

https://git.yoctoproject.org/pseudo/tree/ports/linux/xattr/guts/fsetxattr.c


You could put:

export PSEUDO_DEBUG = "nfoPdeViDxywc"

into the recipe in question and have a look at what the pseudo logfile
says (${WORKDIR}/pseudo/pseudo.log), see if it is catching this at all.
It will log a lot of info with that.

Cheers,

Richard


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#60307): https://lists.yoctoproject.org/g/yocto/message/60307
Mute This Topic: https://lists.yoctoproject.org/mt/99511297/21656
Mute #yocto:https://lists.yoctoproject.org/g/yocto/mutehashtag/yocto
Mute #fakeroot:https://lists.yoctoproject.org/g/yocto/mutehashtag/fakeroot
Mute 
#pseudo-native:https://lists.yoctoproject.org/g/yocto/mutehashtag/pseudo-native
Mute #xattr:https://lists.yoctoproject.org/g/yocto/mutehashtag/xattr
Mute #attr-native:https://lists.yoctoproject.org/g/yocto/mutehashtag/attr-native
Group Owner: yocto+ow...@lists.yoctoproject.org
Unsubscribe: 
https://lists.yoctoproject.org/g/yocto/leave/6691583/21656/737036229/xyzzy 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to