I'm using /files to include /etc/dropbear/authorized_keys in the firmware. This file must have permissions 0600 and that is what I've set it to in the files directory.
However after building a firmware the permissions change to 0644. Does anyone know why? Or could you point me to where in the build system the /files are installed to rootfs. It's hard to grep for "files".
Thanks in advance,
I think this answers it: https://patchwork.ozlabs.org/patch/536419/
Edit: or maybe not, the files seem to have changed.
Permissions and ownership in the squashfs ROM are a bit challenging. To allow OpenWrt to be built by a non-root user, the squashfs file system is "hard coded" to assign ownership of everything to root. It also adjusts the dates, and apparently permissions as well. Details in
mksquashfs itself and
include/image.mk and related.
$(STAGING_DIR_HOST)/bin/mksquashfs4 $(call mkfs_target_dir,$(1)) $@ \
-nopad -noappend -root-owned \
-comp $(SQUASHFSCOMP) $(SQUASHFSOPT) \
-processors 1 \
$(if $(SOURCE_DATE_EPOCH),-fixed-time $(SOURCE_DATE_EPOCH))
The contents of
./files/ appear to be copied by
./include/rootfs.mk which uses
file_copy, defined in
./rules.mk, which uses
$(CP), defined in
cp -fpR. Which puts me at a loss as to why the permission are lost.
One way to handle this is with a script in
/etc/uci-defaults which contains "run to success, once" scripts. Not as "clean" as being able to have the proper permission and ownership in the ROM itself, but at least functional.
I've never had this issue... please post the results of
ls -la <buildroot>/files/etc/dropbear
Thanks everyone for you responses. I actually was coming back to report my findings. However it looks the link Per shared explains the issue perfectly. I'm just going to modify my include/image.mk to ignore authorized_keys as well.
If anyone is interested in where files gets copied look in package/Makefile. The target package/install does the copying over. You'll notice that the permissions are retained it is actually later in image.mk where permissions are altered to give the root user r+w,r,r access.
Maybe it's not enough this morning, but I didn't see
chmod getting called in
include/image.mk, at least in recent
master branch code. When you have some time, would you post where you've made the changes?
Hey Jeff, sorry I should have mentioned this is a relatively old OpenWRT. I quickly scanned master and indeed it is not there anymore. Sorry I won't forget to omit that detail in future.
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.