[yocto] [meta-security][PATCH 2/2] ecryptfs-utils: fix race condition in do_install
Chen Qi
Qi.Chen at windriver.com
Tue Aug 27 18:48:44 PDT 2019
The rootsbindir is a self-defined directory. The install-rootsbinPROGRAMS
is actually treated as part of install-data instead of install-exec.
Do making install-exec-am depend on it actually results in the following
Makefile contents.
install-data-am: install-rootsbinPROGRAMS
install-exec-am: install-binPROGRAMS install-binSCRIPTS
@$(NORMAL_INSTALL)
$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
install-exec-hook: install-rootsbinPROGRAMS
And this results in race condition as two install commands of the same
file running at the same time. Error message is like below.
TOPDIR/tmp-glibc/hosttools/install: cannot create regular file 'TOPDIR/tmp-glibc/work/aarch64-wrs-linux/ecryptfs-utils/111-r0/image/sbin/mount.ecryptfs': File exists
Signed-off-by: Chen Qi <Qi.Chen at windriver.com>
---
.../ecryptfs-utils/ecryptfs-utils_111.bb | 1 +
.../files/0001-avoid-race-condition.patch | 32 +++++++++++++++++++
2 files changed, 33 insertions(+)
create mode 100644 recipes-security/ecryptfs-utils/files/0001-avoid-race-condition.patch
diff --git a/recipes-security/ecryptfs-utils/ecryptfs-utils_111.bb b/recipes-security/ecryptfs-utils/ecryptfs-utils_111.bb
index 8e498c9..e45ee0b 100644
--- a/recipes-security/ecryptfs-utils/ecryptfs-utils_111.bb
+++ b/recipes-security/ecryptfs-utils/ecryptfs-utils_111.bb
@@ -14,6 +14,7 @@ DEPENDS = "keyutils libgcrypt intltool-native glib-2.0-native"
SRC_URI = "\
https://launchpad.net/ecryptfs/trunk/${PV}/+download/${BPN}_${PV}.orig.tar.gz \
file://ecryptfs-utils-CVE-2016-6224.patch \
+ file://0001-avoid-race-condition.patch \
file://ecryptfs.service \
"
diff --git a/recipes-security/ecryptfs-utils/files/0001-avoid-race-condition.patch b/recipes-security/ecryptfs-utils/files/0001-avoid-race-condition.patch
new file mode 100644
index 0000000..af28d58
--- /dev/null
+++ b/recipes-security/ecryptfs-utils/files/0001-avoid-race-condition.patch
@@ -0,0 +1,32 @@
+From ab671b02e3aaf65dd1fd279789ea933b8140fe52 Mon Sep 17 00:00:00 2001
+From: Chen Qi <Qi.Chen at windriver.com>
+Date: Tue, 27 Aug 2019 16:08:00 +0800
+Subject: [PATCH] avoid race condition
+
+The rootsbin directory is self defined. The install-rootsbinPROGRAMS
+is actually treated as part of install-data.
+
+This would avoid race condition which causes install failure.
+
+Upstream-Status: Pending
+
+Signed-off-by: Chen Qi <Qi.Chen at windriver.com>
+---
+ src/utils/Makefile.am | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/utils/Makefile.am b/src/utils/Makefile.am
+index 83cf851..344883a 100644
+--- a/src/utils/Makefile.am
++++ b/src/utils/Makefile.am
+@@ -67,6 +67,6 @@ ecryptfs_stat_LDADD = $(top_builddir)/src/libecryptfs/libecryptfs.la
+ test_SOURCES = test.c io.c
+ test_LDADD = $(top_builddir)/src/libecryptfs/libecryptfs.la
+
+-install-exec-hook: install-rootsbinPROGRAMS
++install-data-hook: install-rootsbinPROGRAMS
+ -rm -f "$(DESTDIR)/$(rootsbindir)/umount.ecryptfs_private"
+ $(LN_S) "mount.ecryptfs_private" "$(DESTDIR)/$(rootsbindir)/umount.ecryptfs_private"
+--
+2.17.1
+
--
2.17.1
More information about the yocto
mailing list