Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 4 Nov 2017 20:27:05 -0700
From:      Bryan Drewery <bdrewery@FreeBSD.org>
To:        "current@FreeBSD.org" <current@freebsd.org>
Subject:   Recent OBJDIR changes can cause host /etc files to leak into DESTDIR -- Fixed in r325416
Message-ID:  <4576ae6a-8b7b-e5a5-94d1-4ac1b3497c16@FreeBSD.org>

next in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--lXfFXxWlhnLTpG1X8jCjrtG39Qj18XmHx
Content-Type: multipart/mixed; boundary="jEJJkxVf9ugGDMXjBIQC5ei7AcirMneXS";
 protected-headers="v1"
From: Bryan Drewery <bdrewery@FreeBSD.org>
To: "current@FreeBSD.org" <current@freebsd.org>
Message-ID: <4576ae6a-8b7b-e5a5-94d1-4ac1b3497c16@FreeBSD.org>
Subject: Recent OBJDIR changes can cause host /etc files to leak into DESTDIR
 -- Fixed in r325416

--jEJJkxVf9ugGDMXjBIQC5ei7AcirMneXS
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: quoted-printable

With the change in r325288, Wed Nov 1 21:22:05 2017 +0000,
'make distribution' would copy files (listed in /usr/src/etc/*/Makefile)
from the host's /etc/<dirs>
to the provided DESTDIR rather than from the source tree's etc/<dir>
directory.  Generated files like master.passwd and ssh keys were not
prone to this problem.  Files in /etc/* were not copied, only ones in
sub-directories of /etc such as /etc/defaults.  Commands like
mergemaster and etcupdate could hit this problem too.

This was fixed today in r325416.

I also added an assertion to ensure this doesn't happen again in r325405.=


This is the same root cause as the recent 'Head build unsafe for /etc
today' thread [1].  Until today I thought the problem was limited to the
AUTO_OBJ builds which I disabled ASAP the other day.  The 'rm -rf /etc'
case was limited to AUTO_OBJ default on introduced on Friday but the
'copy files from host /etc' was with independent of AUTO_OBJ.  It was
not until today that Peter Wemm noticed some bad timestamps on an image
he built and I realized the problem existed.  Note that this bad commit
was tested extensively by me and another person, and reviewed.  This
problem was very subtle.

For people doing upgrades from head on their system the impact is
minimal.  You may have some stale files in /etc.
For people doing upgrades of remote systems or building images, you
should upgrade past r325288 to fix the problem.

I am confident this is the end of the /etc problem, especially with the
assertion that has been added.

[1] The root cause is complex but basically a sub-make starting with a
MAKEOBJDIR in the environment that expanded to /etc/<dir> rather than
/usr/obj/usr/src/<target>/etc/<dir>.  Because etc/Makefile does not list
its subdirectories in SUBDIR, 'make obj' never creates object
directories for them.  When it installs files for its subdirectories it
just forwards on the 'make distribution' command to them.  Once
src.sys.obj.mk was parsed the MAKEOBJDIR properly expanded to the
expected place but .OBJDIR was not updated internally because the
expected .OBJDIR was never created.  Thus the bogus /etc/<dir> was left
in .OBJDIR rather than expected .CURDIR (like /usr/src/etc/defaults) to
find the files to install from the source checkout instead.

Humble apologies,
Bryan Drewery


--jEJJkxVf9ugGDMXjBIQC5ei7AcirMneXS--

--lXfFXxWlhnLTpG1X8jCjrtG39Qj18XmHx
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBAgAGBQJZ/oUKAAoJEDXXcbtuRpfPcy0H/0rI3bKS952T8clIThrw0Cr0
O+G0eUNHQJCNirEe3jOY6lR90URM8BtOhmGiCd949U2xuWg0IaD+tDnCRYPCgrdu
W903IdJqcL7qj2Pv0WVVRm04/aL3jHz3YY5UF9LKlsenM80tZrUVFwJGHsjcdoRq
nDzNCR+Pctb5Sw7yhzd6TCydfp3i03HI5frMa3c293DXknVEkKWePA+mqyrpfa7I
uV+F30EmlDVZq4nD2y8rcMmrE90c8jx3PnZ8xNXNNJfuJgUMquCFT18/Q8KSofUp
otKTGxTGqjtphvYcdjUPwNADVZLUcvAtH0YxqZzo34Y06jeKetRPJnBUB2WMC+c=
=CCRp
-----END PGP SIGNATURE-----

--lXfFXxWlhnLTpG1X8jCjrtG39Qj18XmHx--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4576ae6a-8b7b-e5a5-94d1-4ac1b3497c16>