From owner-dev-commits-src-main@freebsd.org  Wed Mar  3 00:26:21 2021
Return-Path: <owner-dev-commits-src-main@freebsd.org>
Delivered-To: dev-commits-src-main@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 2B9BE5564F7
 for <dev-commits-src-main@mailman.nyi.freebsd.org>;
 Wed,  3 Mar 2021 00:26:21 +0000 (UTC)
 (envelope-from wlosh@bsdimp.com)
Received: from mail-qt1-x830.google.com (mail-qt1-x830.google.com
 [IPv6:2607:f8b0:4864:20::830])
 (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
 client-signature RSA-PSS (2048 bits) client-digest SHA256)
 (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 4Dqvtj0YpFz3qxC
 for <dev-commits-src-main@freebsd.org>; Wed,  3 Mar 2021 00:26:21 +0000 (UTC)
 (envelope-from wlosh@bsdimp.com)
Received: by mail-qt1-x830.google.com with SMTP id w1so16299402qto.2
 for <dev-commits-src-main@freebsd.org>; Tue, 02 Mar 2021 16:26:21 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=bsdimp-com.20150623.gappssmtp.com; s=20150623;
 h=mime-version:references:in-reply-to:from:date:message-id:subject:to
 :cc; bh=PbdnyUqeSy9ovjvbRZ0JWbLz/LQB2M2jtoMyiZlCvhs=;
 b=lxnXo3MTkAET5KOHv7DL5fKmKifBfomDaZjK6vAOF5wt74AWOsKAyLnuent1cXn0nA
 ygPtcsUeCVB1oA6MYxgiKAKUktpKLFjBVs+tAjkXn1A9RvZ2h9r+WAOzW9rVDQv7Fg4k
 0MLKq4586mwhPExI8abfbUV64AIMjTfRCAIeMWKdBtRKy0lYsgFkZFT9nO6dybhHcQ9u
 gyAmzcS/IbEFPL2VdqAQeK6sjU4Hqa/kv4oUpRyocg6TY6gIMtYdgUl5PU1OGfsdim1g
 EE+1/eCXKjXbhtq544290x6yqlHpk3kg7E2leDaYF1iQFeH4OZsE6KSOzPqUG+tjNh58
 sB2A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:references:in-reply-to:from:date
 :message-id:subject:to:cc;
 bh=PbdnyUqeSy9ovjvbRZ0JWbLz/LQB2M2jtoMyiZlCvhs=;
 b=IajZo5TOm/OIf8LXYiSz+jSOq2NUg+trxLtf+dFXNTQuD6mbOx/tl91V4fGpd+FT1z
 vsokqayEVGvl7d3IvCopd75Vt5JYI9KzNcAn22oygLZv9dRngij8b0/3ReM6RO74w6jF
 NLJT+xk1hbS1pXPFPSCpo+iERHlcjJwH7eSsE2rPUkdZ4LUNINl5l668HhhqxQquq6yp
 9PFLofJerpY9mGQsPdT8zVlCcRcl3fzFQmneOtXL88Tzc0s6fpgtk6b1ioVVzl7LUwD+
 PMzUFIy/ghduAxFWzMp3h4LDcOARLXP+YUtxeNOlR7jHMaeOudXJ/J7vYh0xLHSEzDsa
 GouA==
X-Gm-Message-State: AOAM530q1hIb94SRUAxQiHrxh3xaA+Zra2drD6wWuKBDyV0VUoJkubYB
 5J7E9ShYi662qlYMZALnz2IrNGySiVGkP8EswR9TcQ==
X-Google-Smtp-Source: ABdhPJxJNLbf6CX+7CnbTNr9AJJ84OG2U62/yeVO5E4F+SD5Gp2NznXO+Qk8q6rB9MTUCeJXmVJ/dJCJHJK0U+QvIN0=
X-Received: by 2002:ac8:6796:: with SMTP id b22mr20555816qtp.101.1614731180134; 
 Tue, 02 Mar 2021 16:26:20 -0800 (PST)
MIME-Version: 1.0
References: <202103021856.122IuYgV048086@gndrsh.dnsmgr.net>
 <3d947e4c-a529-0b27-a8d7-415600783e53@freebsd.org>
In-Reply-To: <3d947e4c-a529-0b27-a8d7-415600783e53@freebsd.org>
From: Warner Losh <imp@bsdimp.com>
Date: Tue, 2 Mar 2021 17:26:09 -0700
Message-ID: <CANCZdfpLa67OABBZWwPQPAJELOdkk4XSvkeH-3axjPa5-wR3+A@mail.gmail.com>
Subject: Re: git: 2c26d77d989a - main - Remove /boot/efi from mtree,
 missed in 0b7472b3d8d2.
To: Nathan Whitehorn <nwhitehorn@freebsd.org>
Cc: "Rodney W. Grimes" <rgrimes@freebsd.org>,
 Brandon Bergren <bdragon@freebsd.org>, 
 src-committers <src-committers@freebsd.org>, 
 "<dev-commits-src-all@freebsd.org>" <dev-commits-src-all@freebsd.org>,
 dev-commits-src-main@freebsd.org
X-Rspamd-Queue-Id: 4Dqvtj0YpFz3qxC
X-Spamd-Bar: ----
Authentication-Results: mx1.freebsd.org;
	none
X-Spamd-Result: default: False [-4.00 / 15.00];
	 REPLY(-4.00)[]
Content-Type: text/plain; charset="UTF-8"
X-Content-Filtered-By: Mailman/MimeDel 2.1.34
X-BeenThere: dev-commits-src-main@freebsd.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: Commit messages for the main branch of the src repository
 <dev-commits-src-main.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/dev-commits-src-main>, 
 <mailto:dev-commits-src-main-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/dev-commits-src-main/>
List-Post: <mailto:dev-commits-src-main@freebsd.org>
List-Help: <mailto:dev-commits-src-main-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/dev-commits-src-main>, 
 <mailto:dev-commits-src-main-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Mar 2021 00:26:21 -0000

On Tue, Mar 2, 2021 at 11:58 AM Nathan Whitehorn <nwhitehorn@freebsd.org>
wrote:

>
>
> On 3/2/21 1:56 PM, Rodney W. Grimes wrote:
> >>
> >> On Tue, Mar 2, 2021, at 12:26 PM, Rodney W. Grimes wrote:
> >>> This fails to apply the proper owner/group and mode values
> >>> using what ever defaults are in place of the process running
> >>> the build.
> >> Keep in mind that this is the root of a mounted filesystem in the case
> where it matters, and the filesystem being mounted there doesn't support
> proper modes anyway, so the mtree values are a bit irrelevant anyway as the
> actual control of that is in the fstab.
> > That assumes the mount is done and/or kept.  My concern is more
> > of a lack security (aka world writable) /boot/efi getting created
> > in a distribution that then is *not* mounted for some reason,
> > either by choice or error.
> >
> > mkdir should be stricken from use when possible, install -d
> > should be used instead.
> >
>
> But that can't happen in this code. For one thing, it's only used in a
> controlled environment to generate SD-card images for a handful of ARM
> boards. For another the mount is set up and installed in fstab a couple
> lines further down the same script.
>

Removing this from mtree.root wasn't what was agreed upon. Please put it
back and fix it another way.

It needs to be in mtree.root because we need it for x86 automatic updating
code that's coming later.

Warner