From owner-dev-commits-src-all@freebsd.org Wed Mar 3 00:26:20 2021 Return-Path: Delivered-To: dev-commits-src-all@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id F056855672E for ; Wed, 3 Mar 2021 00:26:20 +0000 (UTC) (envelope-from wlosh@bsdimp.com) Received: from mail-qt1-x82c.google.com (mail-qt1-x82c.google.com [IPv6:2607:f8b0:4864:20::82c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Dqvth676pz3r0b for ; Wed, 3 Mar 2021 00:26:20 +0000 (UTC) (envelope-from wlosh@bsdimp.com) Received: by mail-qt1-x82c.google.com with SMTP id j3so583234qtj.12 for ; Tue, 02 Mar 2021 16:26:20 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bsdimp-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=PbdnyUqeSy9ovjvbRZ0JWbLz/LQB2M2jtoMyiZlCvhs=; b=lxnXo3MTkAET5KOHv7DL5fKmKifBfomDaZjK6vAOF5wt74AWOsKAyLnuent1cXn0nA ygPtcsUeCVB1oA6MYxgiKAKUktpKLFjBVs+tAjkXn1A9RvZ2h9r+WAOzW9rVDQv7Fg4k 0MLKq4586mwhPExI8abfbUV64AIMjTfRCAIeMWKdBtRKy0lYsgFkZFT9nO6dybhHcQ9u gyAmzcS/IbEFPL2VdqAQeK6sjU4Hqa/kv4oUpRyocg6TY6gIMtYdgUl5PU1OGfsdim1g EE+1/eCXKjXbhtq544290x6yqlHpk3kg7E2leDaYF1iQFeH4OZsE6KSOzPqUG+tjNh58 sB2A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=PbdnyUqeSy9ovjvbRZ0JWbLz/LQB2M2jtoMyiZlCvhs=; b=c9Qvb8I/dvJsO+zEVzRLj4cisKrJMClwx1zy3eU5MkHJA1dfy65wW287a/uJVS1oGA h5MNJeL2R6sRfCSVIGadW2v2Mu3ykkZG19KfEcGyssnsKVfk1x0nQburKzvH3lhIxctB Y5A0ayA9OPjjq74WNeGPXgYQ8z2JjEjyadixYB/057gPGHYjBuTAo9e2Chiev6uvugbN iWLDM2XFjBw88f1Auk8/OBQFBL8N6PgGlLsM7ZQzd42y7sEFVgLeFuHQqHJAY3QvRg0e JeeNHFYBXptx9cBD2HTC5boKEO/M9TVo8WXKFE+oemVGrWPmuefBHkxuOJwhiNpSYcsg 0yxw== X-Gm-Message-State: AOAM532azwjDwekNUrt+wwhqHq/l+qZIp5wEE4Pj7suLe/LSLa7klPqy 0BjBYXqifk3X0AetBbA9zSgJOVTE+z3v3bu3ME2o7g== X-Google-Smtp-Source: ABdhPJxJNLbf6CX+7CnbTNr9AJJ84OG2U62/yeVO5E4F+SD5Gp2NznXO+Qk8q6rB9MTUCeJXmVJ/dJCJHJK0U+QvIN0= X-Received: by 2002:ac8:6796:: with SMTP id b22mr20555816qtp.101.1614731180134; Tue, 02 Mar 2021 16:26:20 -0800 (PST) MIME-Version: 1.0 References: <202103021856.122IuYgV048086@gndrsh.dnsmgr.net> <3d947e4c-a529-0b27-a8d7-415600783e53@freebsd.org> In-Reply-To: <3d947e4c-a529-0b27-a8d7-415600783e53@freebsd.org> From: Warner Losh Date: Tue, 2 Mar 2021 17:26:09 -0700 Message-ID: Subject: Re: git: 2c26d77d989a - main - Remove /boot/efi from mtree, missed in 0b7472b3d8d2. To: Nathan Whitehorn Cc: "Rodney W. Grimes" , Brandon Bergren , src-committers , "" , dev-commits-src-main@freebsd.org X-Rspamd-Queue-Id: 4Dqvth676pz3r0b X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; none X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[] Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.34 X-BeenThere: dev-commits-src-all@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Commit messages for all branches of the src repository List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Mar 2021 00:26:21 -0000 On Tue, Mar 2, 2021 at 11:58 AM Nathan Whitehorn wrote: > > > On 3/2/21 1:56 PM, Rodney W. Grimes wrote: > >> > >> On Tue, Mar 2, 2021, at 12:26 PM, Rodney W. Grimes wrote: > >>> This fails to apply the proper owner/group and mode values > >>> using what ever defaults are in place of the process running > >>> the build. > >> Keep in mind that this is the root of a mounted filesystem in the case > where it matters, and the filesystem being mounted there doesn't support > proper modes anyway, so the mtree values are a bit irrelevant anyway as the > actual control of that is in the fstab. > > That assumes the mount is done and/or kept. My concern is more > > of a lack security (aka world writable) /boot/efi getting created > > in a distribution that then is *not* mounted for some reason, > > either by choice or error. > > > > mkdir should be stricken from use when possible, install -d > > should be used instead. > > > > But that can't happen in this code. For one thing, it's only used in a > controlled environment to generate SD-card images for a handful of ARM > boards. For another the mount is set up and installed in fstab a couple > lines further down the same script. > Removing this from mtree.root wasn't what was agreed upon. Please put it back and fix it another way. It needs to be in mtree.root because we need it for x86 automatic updating code that's coming later. Warner