From patchwork Fri May 6 15:56:00 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ross Burton X-Patchwork-Id: 7704 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 78B57C433F5 for ; Fri, 6 May 2022 15:56:09 +0000 (UTC) Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web11.11205.1651852568670672552 for ; Fri, 06 May 2022 08:56:09 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: ross.burton@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 449BA1042; Fri, 6 May 2022 08:56:07 -0700 (PDT) Received: from oss-tx204.lab.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.121.207.14]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id BDF4A3F885; Fri, 6 May 2022 08:56:06 -0700 (PDT) From: Ross Burton To: openembedded-core@lists.openembedded.org Cc: nd@arm.com Subject: [PATCH 1/5] oeqa/selftest: add test for git working correctly inside pseudo Date: Fri, 6 May 2022 16:56:00 +0100 Message-Id: <20220506155604.2401829-1-ross.burton@arm.com> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 06 May 2022 15:56:09 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/165344 The fix for CVE-2022-24765 in git[1] breaks any use of git inside pseudo. Add a simple test case to oe-selftest to verify that at least basic uses of git work fine under pseudo. [1] https://github.com/git/git/commit/8959555cee7ec045958f9b6dd62e541affb7e7d9 Signed-off-by: Ross Burton --- .../git-submodule-test/git-submodule-test.bb | 15 +++++++++++++++ meta/lib/oeqa/selftest/cases/git.py | 15 +++++++++++++++ 2 files changed, 30 insertions(+) create mode 100644 meta/lib/oeqa/selftest/cases/git.py diff --git a/meta-selftest/recipes-test/git-submodule-test/git-submodule-test.bb b/meta-selftest/recipes-test/git-submodule-test/git-submodule-test.bb index cc5d7eae5a..fa3041b7d8 100644 --- a/meta-selftest/recipes-test/git-submodule-test/git-submodule-test.bb +++ b/meta-selftest/recipes-test/git-submodule-test/git-submodule-test.bb @@ -7,3 +7,18 @@ INHIBIT_DEFAULT_DEPS = "1" SRC_URI = "gitsm://git.yoctoproject.org/git-submodule-test;branch=master" SRCREV = "a2885dd7d25380d23627e7544b7bbb55014b16ee" + +S = "${WORKDIR}/git" + +do_test_git_as_user() { + cd ${S} + git status +} +addtask test_git_as_user after do_unpack + +fakeroot do_test_git_as_root() { + cd ${S} + git status +} +do_test_git_as_root[depends] += "virtual/fakeroot-native:do_populate_sysroot" +addtask test_git_as_root after do_unpack diff --git a/meta/lib/oeqa/selftest/cases/git.py b/meta/lib/oeqa/selftest/cases/git.py new file mode 100644 index 0000000000..f12874dc7d --- /dev/null +++ b/meta/lib/oeqa/selftest/cases/git.py @@ -0,0 +1,15 @@ +from oeqa.selftest.case import OESelftestTestCase +from oeqa.utils.commands import bitbake + +class GitCheck(OESelftestTestCase): + def test_git_intercept(self): + """ + Git binaries with CVE-2022-24765 fixed will refuse to operate on a + repository which is owned by a different user. This breaks our + do_install task as that runs inside pseudo, so the git repository is + owned by the build user but git is running as (fake)root. + + We have an intercept which disables pseudo, so verify that it works. + """ + bitbake("git-submodule-test -c test_git_as_user") + bitbake("git-submodule-test -c test_git_as_root") From patchwork Fri May 6 15:56:01 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ross Burton X-Patchwork-Id: 7707 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 66208C433EF for ; Fri, 6 May 2022 15:56:19 +0000 (UTC) Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web10.11226.1651852568734243714 for ; Fri, 06 May 2022 08:56:09 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: ross.burton@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id E4993113E; Fri, 6 May 2022 08:56:07 -0700 (PDT) Received: from oss-tx204.lab.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.121.207.14]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 6B3C23F885; Fri, 6 May 2022 08:56:07 -0700 (PDT) From: Ross Burton To: openembedded-core@lists.openembedded.org Cc: nd@arm.com Subject: [PATCH 2/5] base: Avoid circular references to our own scripts Date: Fri, 6 May 2022 16:56:01 +0100 Message-Id: <20220506155604.2401829-2-ross.burton@arm.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220506155604.2401829-1-ross.burton@arm.com> References: <20220506155604.2401829-1-ross.burton@arm.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 06 May 2022 15:56:19 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/165345 From: Richard Purdie We'd like to intercept git calls but we don't want circular references and HOSTTOOLS currently sets them up. Tweak to avoid them. Signed-off-by: Richard Purdie --- meta/classes/base.bbclass | 3 +++ 1 file changed, 3 insertions(+) diff --git a/meta/classes/base.bbclass b/meta/classes/base.bbclass index 3515720bf9..16b7c69995 100644 --- a/meta/classes/base.bbclass +++ b/meta/classes/base.bbclass @@ -115,6 +115,9 @@ def setup_hosttools_dir(dest, toolsvar, d, fatal=True): tools = d.getVar(toolsvar).split() origbbenv = d.getVar("BB_ORIGENV", False) path = origbbenv.getVar("PATH") + # Need to ignore our own scripts directory to avoid circular links + ourscripts = d.expand("${COREBASE}/scripts") + path = path.replace(ourscripts, "/ignoreme") bb.utils.mkdirhier(dest) notfound = [] for tool in tools: From patchwork Fri May 6 15:56:02 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ross Burton X-Patchwork-Id: 7706 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6DB85C433FE for ; Fri, 6 May 2022 15:56:19 +0000 (UTC) Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web08.11432.1651852569057575528 for ; Fri, 06 May 2022 08:56:09 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: ross.burton@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 9469D152B; Fri, 6 May 2022 08:56:08 -0700 (PDT) Received: from oss-tx204.lab.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.121.207.14]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 1839F3F885; Fri, 6 May 2022 08:56:07 -0700 (PDT) From: Ross Burton To: openembedded-core@lists.openembedded.org Cc: nd@arm.com Subject: [PATCH 3/5] scripts: Make git intercept global Date: Fri, 6 May 2022 16:56:02 +0100 Message-Id: <20220506155604.2401829-3-ross.burton@arm.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220506155604.2401829-1-ross.burton@arm.com> References: <20220506155604.2401829-1-ross.burton@arm.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 06 May 2022 15:56:19 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/165346 From: Richard Purdie The previous minimially invasive git intercept simply isn't enough. For example, meson used in the igt-gpu-tools recipe hardcodes the path to git in the configure step so at install time, changing PATH has no effect. There are lots of interesting things we could do to try and avoid problems but making the git intercept and dropping fakeroot privs for git global is probably the least worst solution at this point. It will add slight overhead to git calls but we don't make many so the overall impact is likely minimal. Signed-off-by: Richard Purdie --- scripts/{git-intercept => }/git | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename scripts/{git-intercept => }/git (100%) diff --git a/scripts/git-intercept/git b/scripts/git similarity index 100% rename from scripts/git-intercept/git rename to scripts/git From patchwork Fri May 6 15:56:03 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ross Burton X-Patchwork-Id: 7708 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 685A3C4332F for ; Fri, 6 May 2022 15:56:19 +0000 (UTC) Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web09.11346.1651852569765968982 for ; Fri, 06 May 2022 08:56:10 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: ross.burton@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 41565153B; Fri, 6 May 2022 08:56:09 -0700 (PDT) Received: from oss-tx204.lab.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.121.207.14]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id BC3023F885; Fri, 6 May 2022 08:56:08 -0700 (PDT) From: Ross Burton To: openembedded-core@lists.openembedded.org Cc: nd@arm.com Subject: [PATCH 4/5] scripts/git: Ensure we don't have circular references Date: Fri, 6 May 2022 16:56:03 +0100 Message-Id: <20220506155604.2401829-4-ross.burton@arm.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220506155604.2401829-1-ross.burton@arm.com> References: <20220506155604.2401829-1-ross.burton@arm.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 06 May 2022 15:56:19 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/165347 From: Richard Purdie This is horrible but I'm running out of better ideas. We hit circular reference issues which we were trying to avoid in the core HOSTTOOLS code. When building the eSDK, there can be two copies of the script. Therefore assume git will never be in a directory called scripts. This fixes eSDK build failures. Signed-off-by: Richard Purdie --- scripts/git | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/scripts/git b/scripts/git index 8adf5c9ecb..644055e540 100755 --- a/scripts/git +++ b/scripts/git @@ -10,7 +10,14 @@ os.environ['PSEUDO_UNLOAD'] = '1' # calculate path to the real 'git' path = os.environ['PATH'] -path = path.replace(os.path.dirname(sys.argv[0]), '') +# we need to remove our path but also any other copy of this script which +# may be present, e.g. eSDK. +replacements = [os.path.dirname(sys.argv[0])] +for p in path.split(":"): + if p.endswith("/scripts"): + replacements.append(p) +for r in replacements: + path = path.replace(r, '/ignoreme') real_git = shutil.which('git', path=path) if len(sys.argv) == 1: From patchwork Fri May 6 15:56:04 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ross Burton X-Patchwork-Id: 7705 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6185BC433F5 for ; Fri, 6 May 2022 15:56:19 +0000 (UTC) Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web12.11347.1651852570392426957 for ; Fri, 06 May 2022 08:56:10 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: ross.burton@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id E2EE11042; Fri, 6 May 2022 08:56:09 -0700 (PDT) Received: from oss-tx204.lab.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.121.207.14]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 696053F885; Fri, 6 May 2022 08:56:09 -0700 (PDT) From: Ross Burton To: openembedded-core@lists.openembedded.org Cc: nd@arm.com Subject: [PATCH 5/5] Revert "bitbake.conf: mark all directories as safe for git to read" Date: Fri, 6 May 2022 16:56:04 +0100 Message-Id: <20220506155604.2401829-5-ross.burton@arm.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220506155604.2401829-1-ross.burton@arm.com> References: <20220506155604.2401829-1-ross.burton@arm.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 06 May 2022 15:56:19 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/165348 Turns out this doesn't actually work, as git doesn't respect the environment when reading the safe.directory configuration variable. This reverts commit d4a5862ce8db97d26a3c32c4cffea3197c1defec. Signed-off-by: Ross Burton --- meta/conf/bitbake.conf | 8 -------- 1 file changed, 8 deletions(-) diff --git a/meta/conf/bitbake.conf b/meta/conf/bitbake.conf index 1deba8d910..0e939aca4f 100644 --- a/meta/conf/bitbake.conf +++ b/meta/conf/bitbake.conf @@ -776,18 +776,10 @@ export PKG_CONFIG_DISABLE_UNINSTALLED = "yes" export PKG_CONFIG_SYSTEM_LIBRARY_PATH = "${base_libdir}:${libdir}" export PKG_CONFIG_SYSTEM_INCLUDE_PATH = "${includedir}" -# Git configuration - # Don't allow git to chdir up past WORKDIR so that it doesn't detect the OE # repository when building a recipe export GIT_CEILING_DIRECTORIES = "${WORKDIR}" -# Treat all directories are safe, as during fakeroot tasks git will run as -# root so recent git releases (eg 2.30.3) will refuse to work on repositories. See -# https://github.com/git/git/commit/8959555cee7ec045958f9b6dd62e541affb7e7d9 for -# further details. -export GIT_CONFIG_PARAMETERS="'safe.directory=*'" - ### ### Config file processing ###