Versions Compared

Old Version 15

changes.mady.by.user Mike Puckett

Saved on

compared with

New Version 16

changes.mady.by.user Mike Puckett

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • In buildroot1 in git, create a minimal Makefile
  • We need a high-level make that builds three buildroot images: LinuxRT 2019 64-bit and 32-bit and LinuxRT 2016 64-bit
    • Fetch 2019 buildroot tarball and get it to actually build (did this for 64-bit, need to build 32-bit and try it)
    • Fetch 2016 buildroot tarball and get it to actually build (and try it)
  • We need to get Eric Gumtow's changes (i.e., encourage Eric to check the changes he made in)
    • Incorporate/use Eric's changes to confirm that it works in the same way the RC3s he did worked (bug-per-bug)
  • Figure out what broke between RC1 and RC3 (with respect to chrt )
  • Add unit tests for all of the new ("security patch") functionality:
    • root has a password and it's the common one
    • all of the images now have the following user accounts and IDs:
      • acctf/acctest -> 11846/2459
      • flaci/facet -> 11121/2376
      • laci/lcls -> 8412/2211
      • spear/qb -> 7753/1080
    • /etc/SLACproperties exists and its contents are HAVE_ROOT_PASSWORD=1
    • telnet is refused
    • chrt can be run on processes owned by root from the $IOC_USER account

From Marcio's e-mail:

* Make chrt work passwordless for laci, flaci, acctf, and spear users in LinuxRT 2019.08, 2016.11.1 (14h)
* Add sudo to CentOS 7 Lite and make "sudo chrt" work passwordless for laci, flaci, acctf, and spear users (2h)
* "iocConsole -t" must work passwordless in: LinuxRT 2019.08, 2016.11.1, CentOs (11h)
* "systemctl reboot" must operate passwordless for laci, flaci, acctf, and spear users in CentOS 7 Lite (2h)
* Add the configuration files for Buildroot in a Git repo (9h)
* Study a way to operate chrt using the same command for both LinuxRT and CentOS so we could use the same bash script for both (8h)
* Automated testing script (9h)

...

  • Questions/Notes from 2019-08:
    • Some of the same issues for what I built after applying Eric's buildroot-site changes that I found with 2016-11.1 apply to 2019-08, namely:
      • The telnet service was still running.
      • And, of course, chrt didn't work.
    • But, by exploring Eric's 2016-11-2 non-site directories, we found out why telnet wasn't working (that the root password came out correctly would indicate that maybe Eric used .config info from 2019-08 to fix it in his 2016-11 build?).
    • Since Eric did have chrt  working at one point, I'm exploring his other 2019-08 directories to see if I can glean anything from those:
      • Just using the images from Eric's directory named "buildroot-2019.08-2-bad-uids", I found that chrt worked!
      • After comparing my directory with Eric's where chrt worked, I found that the busybox config where it worked had the SUID features set and enabled (where it didn't work, they were neither enabled nor set).