[yocto] [meta-selinux][PATCH] busybox: explicitly set temporary shell scripts to be executable

[Philip Tricca]

On 03/01/2016 02:58 PM, Alejandro del Castillo wrote:
> I first started looking at busybox postinst (modified on meta-selinux) since I
> am getting errors during "opkg upgrade buysbox". The errors that I am getting
> are of the form:
> 
> update-alternatives: Error: not linking /bin/gunzip to
> /usr/lib/busybox/bin/gunzip since /bin/gunzip exists and is not a link
> 
> Which only happen for utilities that don't have any alternative installed after
> removing busybox, hence no symlink. Utilities that do have an alternative
> installed are correctly processed, for example:
> 
> update-alternatives: Linking /usr/bin/ar to /usr/bin/x86_64-nilrt-linux-ar
> 
> The root problem is that meta-selinux on commit
> 521ca9c9cf370840e9f8c808a7955aa5da7c356e replaced the temporary symlink creation
> on postinst with sh wrappers, which breaks update-alternatives when it tries to
> update symlinks (which are now sh wrappers).
> 
> Is there a reason why the postinst needs to be different on the selinux version
> of busybox? If the postinst is just creating temporary symlinks which will go
> away once the update-alternatives block later on the script runs, do we need the
> sh wrappers?

Thanks for the additional context Alejandro. I don't have enough history
yet to pull answers to stuff like this out at will though. Hopefully
someone with the right background will chime in. Either way I'll circle
back once the easy stuff in the backlog is done and we'll try to sort
something out.

Philip

> On 02/19/2016 04:45 PM, Alejandro del Castillo wrote:
>> During an on target upgrade, the postinst script is creating scripts
>> that call buysbox, to avoid missing commands errors. However, the
>> scripts permissions are not set explicitly, relying on the mask.
>>
>> Signed-off-by: Alejandro del Castillo <alejandro.delcastillo at ni.com>
>> ---
>>  recipes-core/busybox/busybox_%.bbappend | 1 +
>>  1 file changed, 1 insertion(+)
>>
>> diff --git a/recipes-core/busybox/busybox_%.bbappend b/recipes-core/busybox/busybox_%.bbappend
>> index b4935b2..2e806af 100644
>> --- a/recipes-core/busybox/busybox_%.bbappend
>> +++ b/recipes-core/busybox/busybox_%.bbappend
>> @@ -78,6 +78,7 @@ pkg_postinst_${PN} () {
>>  						# we can use busybox here because even if we are using splitted busybox
>>  						# we've made a symlink from /bin/busybox to /bin/busybox.nosuid.
>>  						busybox echo "#!/bin/busybox$suffix" > $link
>> +                                                /bin/busybox.nosuid chmod 755 $link
>>  					fi
>>  				done < /etc/busybox.links$suffix
>>  			fi
>>
>