Date: Wed, 11 Jun 2014 14:10:32 -0500 From: Bryan Drewery <bdrewery@FreeBSD.org> To: freebsd-hackers@freebsd.org Subject: Re: [RFC] Fixed installworld with noexec /tmp Message-ID: <ff65663204a41e575c78a3934bec848f@shatow.net> In-Reply-To: <5396C6A3.6050004@xenet.de> References: <25659df71b49c7b72b6f2d9a786c5ac9@shatow.net> <5396C6A3.6050004@xenet.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2014-06-10 03:49, Matthias Meyser wrote: > Hi > > Am 10.06.2014 01:01, schrieb Bryan Drewery: >> I've always had my /tmp mounted as noexec. Despite how useless this >> is, I and many others have had trouble with installworld due to it. >> >> You can see how frequent it occurs here: >> https://www.google.com/#q=freebsd+installworld+noexec >> >> A simple workaround, which I only just discovered from PR 58117, is to >> set >> TMPDIR >> to somewhere that can exec. >> >> This patch fixes it by using the OBJDIR rather than the assumed /tmp >> or >> TMPDIR. >> >> The purpose of the installworld code using INSTALLTMP is to use the >> pre-install >> binaries to do the install, rather than the newly built binaries. This >> is to >> ensure >> the binaries will run while system is in an inconsistent state with >> libraries and >> in case the kernel is not yet upgraded. My change adds continues to >> respect >> that by >> ensuring it uses the already-installed mkdir(1) and env(1) with full >> paths. >> >> http://people.freebsd.org/~bdrewery/patches/installworld-noexec.txt >> >> --- Makefile.inc1 >> +++ Makefile.inc1 >> @@ -191,7 +191,9 @@ TMPPATH= ${STRICTTMPPATH}:${PATH} >> # when in the middle of installing over this system. >> # >> .if make(distributeworld) || make(installworld) >> -INSTALLTMP!= /usr/bin/mktemp -d -u -t install >> +INSTALLTMPDIR= ${OBJTREE}${.CURDIR}/itmp >> +INSTALLTMP!= /bin/mkdir -p ${INSTALLTMPDIR} && /usr/bin/env \ >> + TMPDIR=${INSTALLTMPDIR} /usr/bin/mktemp -d -u -t install >> .endif >> >> # >> @@ -833,7 +835,7 @@ distributeworld installworld: _installcheck_world >> LOCAL_MTREE=${LOCAL_MTREE:Q} distrib-dirs >> .endif >> ${_+_}cd ${.CURDIR}; ${IMAKE} re${.TARGET:S/world$//}; \ >> - ${IMAKEENV} rm -rf ${INSTALLTMP} >> + ${IMAKEENV} rm -rf ${INSTALLTMPDIR} >> .if make(distributeworld) >> .for dist in ${EXTRA_DISTRIBUTIONS} >> find ${DESTDIR}/${DISTDIR}/${dist} -mindepth 1 -empty -delete >> >> The only downside I see is that failures can leave the stale tmpdir in >> the OBJDIR, which is why I remove the entire "itmp" dir once >> installworld >> finally does succeed. >> > > Would this not break installing from an "RO" mounted OBJDIR? > > We build everything on one machine an install on many machines > by nfsmounting /usr/src/, /usr/doc, /usr/obj. > All of them are mounted "RO" to prevent changes during install. > > BW > Matthias Yes. I'll think about this some more. -- Regards, Bryan Drewery
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ff65663204a41e575c78a3934bec848f>