Re: [Ltib] modeps permission error

[Svein Seldal]

Hi all

As a curiosity, I downloaded the BSP and tried to compile it myself. I'm 
also running Ubuntu 9.04 you see. I wanted to verify if it is the 
distro's fault.

I ran:
        ./ltib --no-sudo --hostcf
        ./ltib --no-sudo

(I use --no-sudo because I don't want to configure sudoers and rather 
want be asked for password. Just ignore it for the sake of this discussion.)

I ran into the same problems you (Daniel) were asking about:

    1) I had to patch the mtd-utils-20060302 as previous mail from Stuart.

    2) Compilation fails during deployment operations (because the 
script isn't called as root). See below.

However, I did not get any failures due to ncurses or anything.

@Daniel: Which Ubuntu packages have you installed? (Use "dpkg 
--get-selections" to get the list of packages) If you don't mind, please 
post this on this list, and I can compare with what I have.

I suspect that ncurses configure script detects that you have installed 
some ada package on your ubuntu, and tries to compile support for it. 
You could try to edit dist/lfs-5.1/ncurses/ncurses.spec and add 
"--without-ada" to line 30.


Stuart Hughes wrote:
> The deployment section does not run as root (making RAMdisks or JFFS2). 
>  There's a bug in that BSP, you'll need to ask Freescale for support.

I think maybe this is a generic ltib bug:

The reason the deployment section is crashing is because it's trying to 
access files in rootfs/ which have been installed with 700 root:root 
permissions, like /etc/ipsec.d. When the deployment tools are not run as 
root, it cannot access these files and thus the build fails.

The offending package in this case is caused by openswan (which is the 
same version and spec-file on this particular BSP as the CVS HEAD). It 
installs some files, like those in /etc/ipsec.d/* with 700 permissions 
(which it should). However as long as the deployment section is not run 
as root, the files are not and should not be accessible by ordinary users.

If I compile any arbitrary platform image, enable openswan and build for 
ext2.gz target image, this failure occurs. The only difference is that 
the BSP version crashes, while the CVS HEAD version only masks the 
failure. Looking at the contents of ext2.gz image, the /etc/ipsec.d/ 
directory is actually missing in all cases, which is a bug isn't it?

The reason the CVS version is not crashing fatally is because of the 
extra "-perm 444" entry in bin/Ltibutils.pm:708. This makes find skip 
/etc/ipsec.d and thus don't crash. Yet, the dir is missing in the final 
image.

As long as there are any files with root private (e.g. 700 or 600) 
permissions inside rootfs/ you AFAICS must be root to create a ext2.gz 
image. Even though I really hate this, I think we need root here...

An alternate way of solving this is to change the install script for the 
openswan.spec file and make sure no file is installed 700. However IMHO 
this is not a elegant way of doing it.

@Daniel: If you disable openswan, the BSP will compile. You can do so by 
issuing "./ltib --configure". When the menu is presented go to Package 
List -> IPsec suite (strongswan) ->  Select "Don't install an IPsec suite".


I hope it helps!


- Svein