Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Debian Development (http://www.linux-archive.org/debian-development/)
-   -   (fwd) make tar*-pkg considered dangerous (http://www.linux-archive.org/debian-development/703213-fwd-make-tar-pkg-considered-dangerous.html)

Henrique de Moraes Holschuh 09-12-2012 04:11 PM

(fwd) make tar*-pkg considered dangerous
 
I am forwarding this as a remider that, should we ever get to the point of
moving around /lib or /usr/lib, /sbin or /usr/sbin, and /bin or /usr/sbin,
as well as any other such trunks, we really ought to consider whether we
should be using symlinks or bind mounts [where possible] for such moves.

Also, just in case, Debian users are gently reminded that there are less
unsavory methods of packing custom kernel builds for later use in Debian
boxes, including the Linux upstream "deb-pkg" make target (dpkg is a lot
smarter than "tar"), and the make-kpkg command provided by the
kernel-package Debian package (which IMHO tends to produce better kernel
.deb packages than the upstream "deb-pkg" make target.

----- Forwarded message from Andi Kleen <andi@firstfloor.org> -----
Date: Wed, 12 Sep 2012 05:16:46 +0200
From: Andi Kleen <andi@firstfloor.org>
To: linux-kernel@vger.kernel.org, linux-kbuild@vger.kernel.org
Subject: make tar*-pkg considered dangerous

Hi,

We've had some incidents with people destroying Fedore 17 installs
(to the point of reinstall) by installing a kernel tarball generated with
make tar*-pkg

The problem is that the tarball includes /lib/{modules,firmware},
but on FC17 /lib is a symlink. tar when it unpacks the tarball
replaces the symlink with the directory. So they end up
with a /lib which only contains the new kernel files, but nothing else,

And then the system doesn't boot anymore.

I'm not sure there is a good fix for this. I don't know of a way to
convince tar to not do that. And putting everything into /usr
would be very incompatible.

Disable these make targets or add warnings? If disabling people should
use rpms or dpkgs instead?

-Andi

--
ak@linux.intel.com -- Speaking for myself only.

----- End forwarded message -----

--
"One disk to rule them all, One disk to find them. One disk to bring
them all and in the darkness grind them. In the Land of Redmond
where the shadows lie." -- The Silicon Valley Tarot
Henrique Holschuh


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20120912161154.GB3289@khazad-dum.debian.net">http://lists.debian.org/20120912161154.GB3289@khazad-dum.debian.net

Ben Hutchings 09-12-2012 08:39 PM

(fwd) make tar*-pkg considered dangerous
 
On Wed, Sep 12, 2012 at 01:11:54PM -0300, Henrique de Moraes Holschuh wrote:
> I am forwarding this as a remider that, should we ever get to the point of
> moving around /lib or /usr/lib, /sbin or /usr/sbin, and /bin or /usr/sbin,
> as well as any other such trunks, we really ought to consider whether we
> should be using symlinks or bind mounts [where possible] for such moves.
>
> Also, just in case, Debian users are gently reminded that there are less
> unsavory methods of packing custom kernel builds for later use in Debian
> boxes, including the Linux upstream "deb-pkg" make target (dpkg is a lot
> smarter than "tar"), and the make-kpkg command provided by the
> kernel-package Debian package (which IMHO tends to produce better kernel
> .deb packages than the upstream "deb-pkg" make target.

kernel-package is effectively unmaintained, so please don't recommend
its use unless you intend to rectify that.

> ----- Forwarded message from Andi Kleen <andi@firstfloor.org> -----
> Date: Wed, 12 Sep 2012 05:16:46 +0200
> From: Andi Kleen <andi@firstfloor.org>
> To: linux-kernel@vger.kernel.org, linux-kbuild@vger.kernel.org
> Subject: make tar*-pkg considered dangerous
>
> Hi,
>
> We've had some incidents with people destroying Fedore 17 installs
> (to the point of reinstall) by installing a kernel tarball generated with
> make tar*-pkg
>
> The problem is that the tarball includes /lib/{modules,firmware},
> but on FC17 /lib is a symlink. tar when it unpacks the tarball
> replaces the symlink with the directory.
[...]

Presumably the tarball also contains an entry for the directory lib,
and that (not the subdirectory entries) triggers tar to replace the
symlink. So this can be fixed by only including
lib/{modules,firmware} in the tarball, not lib.

A quick experiment under F16 (tar 1.26) supports this.

Ben.

--
Ben Hutchings
We get into the habit of living before acquiring the habit of thinking.
- Albert Camus


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20120912203921.GY29217@decadent.org.uk">http://lists.debian.org/20120912203921.GY29217@decadent.org.uk


All times are GMT. The time now is 01:31 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.