...
- In buildroot1 in git, create a minimal Makefile
- We need a high-level make that builds three buildroot images: LinuxRT 2019 64-bit and 32-bit and LinuxRT 2016 64-bit
- Fetch 2019 buildroot tarball and get it to actually build (did this for 64-bit, need to build 32-bit and try it)
- Fetch 2016 buildroot tarball and get it to actually build (and try it)
- We need to get Eric Gumtow's changes (i.e., encourage Eric to check the changes he made in)
- Incorporate/use Eric's changes to confirm that it works in the same way the RC3s he did worked (bug-per-bug)
- Figure out what broke between RC1 and RC3 (with respect to
chrt
) - Add unit tests for all of the new ("security patch") functionality:
- root has a password and it's the common one
- all of the images now have the following user accounts and IDs:
- acctf/acctest -> 11846/2459
- flaci/facet -> 11121/2376
- laci/lcls -> 8412/2211
- spear/qb -> 7753/1080
- /etc/SLACproperties exists and its contents are HAVE_ROOT_PASSWORD=1
- telnet is refused
chrt
can be run on processes owned by root from the $IOC_USER account
From Marcio's e-mail:
* Make chrt work passwordless for laci, flaci, acctf, and spear users in LinuxRT 2019.08, 2016.11.1 (14h)
* Add sudo to CentOS 7 Lite and make "sudo chrt" work passwordless for laci, flaci, acctf, and spear users (2h)
* "iocConsole -t" must work passwordless in: LinuxRT 2019.08, 2016.11.1, CentOs (11h)
* "systemctl reboot" must operate passwordless for laci, flaci, acctf, and spear users in CentOS 7 Lite (2h)
* Add the configuration files for Buildroot in a Git repo (9h)
* Study a way to operate chrt using the same command for both LinuxRT and CentOS so we could use the same bash script for both (8h)
* Automated testing script (9h)
...
- Questions/Notes from 2019-08:
- Some of the same issues for what I built after applying Eric's buildroot-site changes that I found with 2016-11.1 apply to 2019-08, namely:
- The telnet service was still running.
- And, of course,
chrt
didn't work.
- But, by exploring Eric's 2016-11-2 non-site directories, we found out why telnet wasn't working (that the root password came out correctly would indicate that maybe Eric used .config info from 2019-08 to fix it in his 2016-11 build?).
- Since Eric did have
chrt
working at one point, I'm exploring his other 2019-08 directories to see if I can glean anything from those:- Just using the images from Eric's directory named "buildroot-2019.08-2-bad-uids", I found that
chrt
worked! - After comparing my directory with Eric's where
chrt
worked, I found that the busybox config where it worked had the SUID features set and enabled (where it didn't work, they were neither enabled nor set).