summaryrefslogtreecommitdiff
path: root/bin
AgeCommit message (Collapse)Author
2020-05-21Fix the semantics of the super block deduplicationDavid Oberhollenzer
Its purely informational, but make sure other programs don't print out scary messages that imply the data has been ineficiently. Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2020-05-03Fix: unify extra argument rejection in tar2sqfs & gensquashfsDavid Oberhollenzer
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2020-05-03Fix: the --all-root option does not take an arugmentDavid Oberhollenzer
Change the "required_argument" to the correct "no_argument". Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2020-05-03Fix: use 0644 as default permissions when creating filesDavid Oberhollenzer
Until now, when packing or unpacking a SquashFS image, files where created with paranoid permissions (i.e. 0600). The rational behind this was that otherwise, the tools may inadvertently expose secrets, e.g. if a root user packs files that that aren't world readable, such as the /etc/shadows file, but the packed SquashFS image is, we have accidentally leaked this file to other users that can access the newly created SquashFS image. The same line of reasoning also applies when unpacking files. Unfortunately, this breaks a list of other, more common standard use cases (e.g. a build server where the an image is built by a deamon running as user X but then has to be accessed by another deamon running as Y). This commit changes to a more standard approach of using permissive file permissions by default and asking paranoid users to simply use a paranoid umask. For tar2sqfs & gensquashfs this simply means chaning the default permissions in the libsquashfs file implementation. For rdsquashfs on the other hand there is still the use case where the unpacked files get the permissions from the [secret] image, so setting a strict umask is not applicable and changing to permissive file mode leaks something. For this case a second code path needs to be added that derives the permissions from the ones in the image. Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2020-04-27Cleanup/fix: gensquashfs: split directory scanning from xattr scanningDavid Oberhollenzer
On the one hand, this commit cleanes the code a bit by splitting the "scan directory contents" code from the "scan xattrs from directory contents" and moving the later in a seperate file. On the other hand, the xattr scanning is now done *after* the fstree is post processed, which includes sorting it. This way, the xattrs are always added in a deterministic, reproducible order. Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2020-04-27gensquashfs: Add options to globally override UID/GID valuesDavid Oberhollenzer
A common use case for mksquashfs is to simply pack a directory and set a magic option to force all user/group IDs to root. This commit adds similar options to gensquashfs to maek it better suited as a direct replacement for packing an input directory. Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2020-04-27Cleanup directory structure of the binary programsDavid Oberhollenzer
Instead of having the binary programs in randomly named subdirectories, move all of them to a "bin" subdirectory, similar to the utility libraries that have subdirectories within "lib" and give the subdirectories the propper names (e.g. have gensquashfs source in a directory *actually* named "gensquashfs"). Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>