installkernel: updatever: preserve file permissions #32
+3
−3
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
I wonder what the original reason was to use cat here. In any case we should make the same change in 90-compat.install |
This is especially important for initramfs where it may contain sensitive keys in plaintext (such as ZFS decryption key). dracut by default produces initrd with umask 077. With the current cat piped to file approach we'd lose file permissions. Signed-off-by: Xian Wang <[email protected]>
My guess is working around /boot on a different filesystem such as FAT32 where file permissions are not supported. But I can test on a system like that over the weekend and get back. |
| @@ -55,7 +55,7 @@ if [[ ${COMMAND} == add ]]; then | |||
| INITRD="${KERNEL_INSTALL_STAGING_AREA}/initrd" | |||
| if [[ -f ${INITRD} ]]; then | |||
| [[ ${KERNEL_INSTALL_VERBOSE} == 1 ]] && echo "Installing initramfs image for ${KERNEL_VERSION}..." | |||
| cp "${INITRD}" "${KERNEL_INSTALL_ROOT}/initramfs-${KERNEL_VERSION}.img" || exit 1 | |||
| cp -a "${INITRD}" "${KERNEL_INSTALL_ROOT}/initramfs-${KERNEL_VERSION}.img" || exit 1 | |||
There was a problem hiding this comment.
To keep the symmetry between systemd and openrc we should also make this change for the kernel image and the microcode.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is especially important for initramfs where it may contain sensitive keys in plaintext (such as ZFS decryption key).
dracut by default produces initrd with umask 077. With the current cat piped to file approach we'd lose file permissions.