Date: Tue, 2 Mar 2021 17:29:44 -0700 From: Warner Losh <imp@bsdimp.com> To: Nathan Whitehorn <nwhitehorn@freebsd.org> Cc: "Rodney W. Grimes" <rgrimes@freebsd.org>, Brandon Bergren <bdragon@freebsd.org>, src-committers <src-committers@freebsd.org>, "<dev-commits-src-all@freebsd.org>" <dev-commits-src-all@freebsd.org>, dev-commits-src-main@freebsd.org Subject: Re: git: 2c26d77d989a - main - Remove /boot/efi from mtree, missed in 0b7472b3d8d2. Message-ID: <CANCZdfr8PXo%2BKuKedHToTtKP1H_-iGYu415QhtZQpp=r8TtV6A@mail.gmail.com> In-Reply-To: <CANCZdfpLa67OABBZWwPQPAJELOdkk4XSvkeH-3axjPa5-wR3%2BA@mail.gmail.com> References: <202103021856.122IuYgV048086@gndrsh.dnsmgr.net> <3d947e4c-a529-0b27-a8d7-415600783e53@freebsd.org> <CANCZdfpLa67OABBZWwPQPAJELOdkk4XSvkeH-3axjPa5-wR3%2BA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Mar 2, 2021 at 5:26 PM Warner Losh <imp@bsdimp.com> wrote: > > > On Tue, Mar 2, 2021 at 11:58 AM Nathan Whitehorn <nwhitehorn@freebsd.org> > wrote: > >> >> >> On 3/2/21 1:56 PM, Rodney W. Grimes wrote: >> >> >> >> On Tue, Mar 2, 2021, at 12:26 PM, Rodney W. Grimes wrote: >> >>> This fails to apply the proper owner/group and mode values >> >>> using what ever defaults are in place of the process running >> >>> the build. >> >> Keep in mind that this is the root of a mounted filesystem in the case >> where it matters, and the filesystem being mounted there doesn't support >> proper modes anyway, so the mtree values are a bit irrelevant anyway as the >> actual control of that is in the fstab. >> > That assumes the mount is done and/or kept. My concern is more >> > of a lack security (aka world writable) /boot/efi getting created >> > in a distribution that then is *not* mounted for some reason, >> > either by choice or error. >> > >> > mkdir should be stricken from use when possible, install -d >> > should be used instead. >> > >> >> But that can't happen in this code. For one thing, it's only used in a >> controlled environment to generate SD-card images for a handful of ARM >> boards. For another the mount is set up and installed in fstab a couple >> lines further down the same script. >> > > Removing this from mtree.root wasn't what was agreed upon. Please put it > back and fix it another way. > > It needs to be in mtree.root because we need it for x86 automatic updating > code that's coming later. > I should explain that it was there as the result of careful negotiation about a year or so ago. If some architecture shouldn't have it, that architecture should remove it. All mainstream architectures need it, and we've biased towards convenience of the vast majority of our users over catering to less popular architectures. It doesn't have to have the ESP mounted on it, but it does need to be there, be in heir, etc. There has been some talk of moving the mount point to /efi, but I think that went nowhere... Warner
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CANCZdfr8PXo%2BKuKedHToTtKP1H_-iGYu415QhtZQpp=r8TtV6A>