Thank you for your answer

Le mercredi 18 juin à 18h 13mn 50s (-0400), Daniel Kahn Gillmor a écrit :
> On 06/18/2014 05:38 PM, jhcha54008 wrote:
> > Hi,
> > 
> > I got the same result :
> > 
> > mknod: 'dev/ttyS0': Permission denied
> > 
> > The patch below solved the issue.
> > 
> > It is perhaps advisable to not chroot before making a
> > new device node (as in debirf version 0.33, 
> > file /usr/bin/debirf, line 135 :
> >         fakeroot_if_needed sh -c "mknod $DEBIRF_ROOT/dev/console c 5 1; 
> > chmod 0600 $DEBIRF_ROOT/dev/console"
> > which doesn't cause any error)
> > 
> > Thank you for making debirf such a useful tool !
> > 
> > Regards,
> > JH Chatenet
> > 
> > --- a/usr/share/debirf/modules/serial-terminal
> > +++ b/usr/share/debirf/modules/serial-terminal
> > @@ -32,10 +32,10 @@
> >  debirf_exec chown root:root "${SCRIPTED_GETTY}"
> >  
> >  # make sure the basic serial devices are present
> > -debirf_exec mknod dev/ttyS0 c 4 64
> > -debirf_exec mknod dev/ttyS1 c 4 65
> > -debirf_exec mknod dev/ttyS2 c 4 66
> > -debirf_exec mknod dev/ttyS3 c 4 67
> > +mknod "${DEBIRF_ROOT}/dev/ttyS0" c 4 64
> > +mknod "${DEBIRF_ROOT}/dev/ttyS1" c 4 65
> > +mknod "${DEBIRF_ROOT}/dev/ttyS2" c 4 66
> > +mknod "${DEBIRF_ROOT}/dev/ttyS3" c 4 67
> >  
> >  if grep "$SCRIPTED_GETTY" "$INITTAB" | grep -q -v "^[[:space:]]*#" ; then
> >      echo "inittab already has a getty on the console."
> 
> This patch seems guaranteed to fail by anyone who isn't running debirf
> as the superuser, which we generally don't advise.
> 

It works as a normal user too : the modules are run inside a fakeroot 
environment 
(function run_modules, file /usr/bin/debirf line 140 in debirf 0.33)

> i still haven't been able to reproduce this problem myself, though.
> what system are you running this on that you see this problem?  how are
> you invoking debirf?  what target are you using?
> 
>       --dkg
> 

It is a jessie chroot (wheezy host, amd64) :

$ dpkg -l debirf fakechroot libfakechroot
||/ Name                               Version                Architecture      
     Description
+++-==================================-======================-======================-=========================================================================
ii  debirf                             0.33                   all               
     build a kernel and initrd to run Debian from RAM
ii  fakechroot                         2.17.2-1               all               
     gives a fake chroot environment - utilities
ii  libfakechroot:amd64                2.17.2-1               amd64             
     gives a fake chroot environment - runtime

$ tar -zxvf /usr/share/doc/debirf/example-profiles/minimal.tgz

and I set DEBIRF_SUITE=jessie

$ debirf make minimal/
[...]
run-parts: executing minimal/modules/network
run-parts: executing minimal/modules/root-bashrc
run-parts: executing minimal/modules/serial-terminal
mknod: 'dev/ttyS0': Permission denied
run-parts: minimal/modules/serial-terminal exited with return code 1

With the preceding patch :

$ debirf make minimal/
[...]
run-parts: executing minimal/modules/network
run-parts: executing minimal/modules/root-bashrc
run-parts: executing minimal/modules/serial-terminal
run-parts: executing minimal/modules/z0_remove-locales
run-parts: executing minimal/modules/z1_clean-root
[...]

The cause of the bug may be a variable FAKECHROOT_EXCLUDE_PATH="/dev:/proc:/sys"

It is set in file /etc/fakechroot/chroot.env line 24 (fakechroot
version 2.17.2-1) :
 -----------------------------------------------------------------
# Set the default list of directories excluded from being chrooted
FAKECHROOT_EXCLUDE_PATH="${FAKECHROOT_EXCLUDE_PATH:-/dev:/proc:/sys}"
export FAKECHROOT_EXCLUDE_PATH
 -----------------------------------------------------------------

As a result, every access to /dev after a chroot command (in a fakechroot
environment) is diverted to the real /dev directory of the build machine.
This is desirable to read from the real devices. But it is not allowed an
unprivileged user to make new devices there - which probably makes sense.


Regards,

JH Chatenet
# DEBIRF configuration file: this will be sourced by bash

# Label for debirf system (for hostname and initrd).  "debirf" will be
# used if unspecified.
#
DEBIRF_LABEL="debirf-minimal"
 
# Where shoud debirf build the image?  By default, debirf will build
# in the profile directory.
#
#DEBIRF_BUILDD=

# What suite should be used?  The default is determined by
# lsb_release, and falls back to "sid".
#
DEBIRF_SUITE=jessie

# The default distro (eg. "debian" or "ubuntu") is based on the distro
# of the suite specified.  If you want to use a suite from a
# non-Debian/Ubuntu distro, specify the distro explicitly here (all
# lowercase).
#
#DEBIRF_DISTRO=
 
# What mirror should debirf pull the suite from?  By default, this is
# based on the DEBIRF_DISTRO
# (eg. "http://mirrors.kernel.org/${DEBIRF_DISTRO}";).
#
#DEBIRF_MIRROR=

# What keyring should be used to verify the debootstrap for the
# specified suite?  This is also based on the DEBIRF_DISTRO by
# default.  If you are trying to build a non-Debian/Ubuntu version of
# debirf, then you will need to specify the keyring explicitly here if
# you want to verify the debootstrap.  Otherwise, uncomment the
# variable but leave the definition blank to have debirf skip the
# debootstrap verification.
#
#DEBIRF_KEYRING=
 
# Use a web proxy for downloading the packages (the "export" in front
# of the variable is necessary to have it recognized by all internal
# functions).
#
#export http_proxy=

Reply via email to