diff options
author | Scott Rifenbark <srifenbark@gmail.com> | 2016-08-02 09:49:58 -0700 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2016-08-18 23:50:46 +0100 |
commit | b88973f637bc72b362991653af1577b93f8d16ca (patch) | |
tree | 5653b646362be8e84652a6b8e6335b2b22a17a9f /documentation/ref-manual/technical-details.xml | |
parent | c78c5006ecd2e23d53771da27e6c5908abb18adb (diff) | |
download | poky-b88973f637bc72b362991653af1577b93f8d16ca.tar.gz |
ref-manual: New "Fakeroot and Pseudo" section.
Fixes [YOCTO #10060]
I provided a new section in the Technical Details chapter. Also
some extra explanation was added to both the do_install task and to
the D variable.
(From yocto-docs rev: 565fb11d72bf8c585469bcf65f92b6738e344813)
Signed-off-by: Scott Rifenbark <srifenbark@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'documentation/ref-manual/technical-details.xml')
-rw-r--r-- | documentation/ref-manual/technical-details.xml | 72 |
1 files changed, 72 insertions, 0 deletions
diff --git a/documentation/ref-manual/technical-details.xml b/documentation/ref-manual/technical-details.xml index 8535d2c6e8..5ef764c8e0 100644 --- a/documentation/ref-manual/technical-details.xml +++ b/documentation/ref-manual/technical-details.xml | |||
@@ -1020,6 +1020,78 @@ | |||
1020 | </section> | 1020 | </section> |
1021 | </section> | 1021 | </section> |
1022 | 1022 | ||
1023 | <section id='fakeroot-and-pseudo'> | ||
1024 | <title>Fakeroot and Pseudo</title> | ||
1025 | |||
1026 | <para> | ||
1027 | Some tasks are easier to implement when allowed to perform certain | ||
1028 | operations that are normally reserved for the root user. | ||
1029 | For example, the | ||
1030 | <link linkend='ref-tasks-install'><filename>do_install</filename></link> | ||
1031 | task benefits from being able to set the UID and GID of installed files | ||
1032 | to arbitrary values. | ||
1033 | </para> | ||
1034 | |||
1035 | <para> | ||
1036 | One approach to allowing tasks to perform root-only operations | ||
1037 | would be to require BitBake to run as root. | ||
1038 | However, this method is cumbersome and has security issues. | ||
1039 | The approach that is actually used is to run tasks that benefit from | ||
1040 | root privileges in a "fake" root environment. | ||
1041 | Within this environment, the task and its child processes believe that | ||
1042 | they are running as the root user, and see an internally consistent | ||
1043 | view of the filesystem. | ||
1044 | As long as generating the final output (e.g. a package or an image) | ||
1045 | does not require root privileges, the fact that some earlier steps ran | ||
1046 | in a fake root environment does not cause problems. | ||
1047 | </para> | ||
1048 | |||
1049 | <para> | ||
1050 | The capability to run tasks in a fake root environment is known as | ||
1051 | "fakeroot", which is derived from the BitBake keyword/variable | ||
1052 | flag that requests a fake root environment for a task. | ||
1053 | In current versions of the OpenEmbedded build system, | ||
1054 | the program that implements fakeroot is known as Pseudo. | ||
1055 | </para> | ||
1056 | |||
1057 | <para> | ||
1058 | Pseudo overrides system calls through the | ||
1059 | <filename>LD_PRELOAD</filename> mechanism to give the | ||
1060 | illusion of running as root. | ||
1061 | To keep track of "fake" file ownership and permissions resulting from | ||
1062 | operations that require root permissions, an sqlite3 | ||
1063 | database is used. | ||
1064 | This database is stored in | ||
1065 | <filename>${</filename><link linkend='var-WORKDIR'><filename>WORKDIR</filename></link><filename>}/pseudo/files.db</filename> | ||
1066 | for individual recipes. | ||
1067 | Storing the database in a file as opposed to in memory | ||
1068 | gives persistence between tasks, and even between builds. | ||
1069 | <note><title>Caution</title> | ||
1070 | If you add your own task that manipulates the same files or | ||
1071 | directories as a fakeroot task, then that task should also run | ||
1072 | under fakeroot. | ||
1073 | Otherwise, the task will not be able to run root-only operations, | ||
1074 | and will not see the fake file ownership and permissions set by the | ||
1075 | other task. | ||
1076 | You should also add a dependency on | ||
1077 | <filename>virtual/fakeroot-native:do_populate_sysroot</filename>, | ||
1078 | giving the following: | ||
1079 | <literallayout class='monospaced'> | ||
1080 | fakeroot do_mytask () { | ||
1081 | ... | ||
1082 | } | ||
1083 | do_mytask[depends] += "virtual/fakeroot-native:do_populate_sysroot" | ||
1084 | </literallayout> | ||
1085 | </note> | ||
1086 | For more information, see the | ||
1087 | <ulink url='&YOCTO_DOCS_BB_URL;#var-FAKEROOT'><filename>FAKEROOT*</filename></ulink> | ||
1088 | variables in the BitBake User Manual. | ||
1089 | You can also reference this | ||
1090 | <ulink url='http://www.ibm.com/developerworks/opensource/library/os-aapseudo1/index.html'>Pseudo</ulink> | ||
1091 | article. | ||
1092 | </para> | ||
1093 | </section> | ||
1094 | |||
1023 | <section id='x32'> | 1095 | <section id='x32'> |
1024 | <title>x32</title> | 1096 | <title>x32</title> |
1025 | 1097 | ||