Open gobengo opened 6 years ago
jhpoelen
commented
6 years ago @gobengo thanks for sharing! I think it would be great if you could create a pull request with a proposed fix and then ask someone (your future self?) to reproduce issue and test the fix.
gobengo
commented
6 years ago @jhpoelen will do. I'll tinker with a fix and ultimately convert this issue to PR
Juul
commented
6 years ago makenode uses the node module ipk-builder which uses the fakeroot command to set root ownership of all files.
Permissions are set in config files, e.g. see the permissions section in configs/config.js.
Since this works normally you may have accidentally changed something to break this. Inspect the generated .ipk file in the ipks/ directory to see if the ownership of the file is something other than root (e.g. the midnight commander will let you browse into an .ipk as if it was a directory).
gobengo
commented
6 years ago Since this works normally you may have accidentally changed something to break this
It seems more likely to me that this is just due to my setup of running makenode on mac and as a non-root user.
It would 'work normally' under conditions where I was running as a user with uid=0 (e.g. as root on a Linux OS).
--
Inspect the generated .ipk file in the ipks/ directory to see if the ownership of the file is something other than root
ben@bengo-air ~/dev/sudomesh/makenode/ipks master+1 ⚡ mkdir -p ./ipk-extracted/data/
ben@bengo-air ~/dev/sudomesh/makenode/ipks master+1 ⚡ tar -xf ./per-node-config-00-90-a9-0c-71-f8.ipk -C ./ipk-extracted
ben@bengo-air ~/dev/sudomesh/makenode/ipks master+1 ⚡ tar -ztvf ipk-extracted/data.tar.gz | grep etc/dropbear
drwx------ 0 ben wheel 0 Feb 19 11:44 etc/dropbear/
-rw------- 0 ben wheel 457 Feb 19 11:44 etc/dropbear/dropbear_dss_host_key
-rw------- 0 ben wheel 805 Feb 19 11:44 etc/dropbear/dropbear_rsa_host_key
-rw------- 0 ben wheel 1945 Feb 19 11:44 etc/dropbear/authorized_keysReading this makes me realize that everything here is doing it's job and no more, the IpkBuilder + tar are just using the existing uid/gid from when I cloned the makenode repo as 'ben'. But surely we should allow cloning/building on the build host with different uid/gid than we plan to use on the embedded host.
The two paths forward seem to be:
chown root:root -R /etc/dropbear/ (or similar)
@Juul Do you support one of those two options? Or am I misunderstanding something?
bennlich
commented
6 years ago It seems more likely to me that this is just due to my setup of running makenode on mac and as a non-root user.
@gobengo I have successfully flashed nodes from a mac as a non-root user.
Maybe something went wrong with fakeroot.
My current understanding is that when you run fakeroot, you enter a shell environment where you appear to be a root user even though you are not actually a root user. Then, when you create a package, tar thinks you're a root user creating the package, so it records the ownership/permissions as though they were created with root.
I just did this test as a non-root user to see if my fakeroot was working:
mkdir fakeroot-test
cd fakeroot-test
fakeroot
touch a.txt
touch b.txt
tar -pczf ../data.tar.gz *
exit
sudo tar -xzpf ../data.tar.gz
ls -lThe extracted a.txt and b.txt should belong to root.
I added my public key to
/etc/dropbear/authorized_keyson my home node, but can't figure out how to ssh to it.(If I manually enter the password):
Diagnosis: /etc/dropbear isn't owned by 'root' (on the router). i.e. the uid of the owner is not 0. On my system it was
502. This is also the uid of the user on my mac:Workaround/Solution: Make sure /etc/dropbear is owned by root
Future Work:
chown root:root.remoteCommandhere? https://github.com/sudomesh/makenode/blob/master/makenode.js#L643