[Toybox] [PATCH] hostname: fix behavior when in jail.

enh enh at google.com
Fri Jan 25 14:55:17 PST 2019


On Sun, Jan 20, 2019 at 9:01 PM Rob Landley <rob at landley.net> wrote:
>
> On 1/20/19 4:20 PM, enh wrote:
> > On Sat, Jan 19, 2019 at 12:43 PM Rob Landley <rob at landley.net> wrote:
> >>
> >> On 1/19/19 1:41 PM, enh via Toybox wrote:
> >>> Only -d and -f should cause a DNS lookup. The rest should just act
> >>> directly on the result of gethostname(3). Encountered with the AOSP
> >>> buildbots' use of nsjail, but tested with both the Debian hostname and
> >>> toybox hostname thus:
> >>
> >> Applied.
> >>
> >> I'm rooting on this build work from a distance, sorry I haven't been more direct
> >> help. I'm curious what commands are left that _don't_ point to toybox. (I used
> >> to do things like "for i in $(echo $PATH | tr : '\n'); do for i in $(echo $i/* |
> >> tr ' ' '\n'); do basename $i; done; done | sort -u" for that...)
> >
> > the link in the roadmap (the checked-in copy; the web site is too old)
>
> Fixed. (I should add that to my release checklist.)
>
> > is, for better or worse, a link to the current status:
> > https://android.googlesource.com/platform/build/soong/+/master/ui/build/paths/config.go
>
> So the "var Configuration = map[string]PathConfig{" block is the list of
> commands _not_ yet supplied by a built-in package?

no, the keys mapped to `Allowed` are the ones that currently come from the host.

> Sigh. What I eventually want to get to is something like mkroot+ where it can
> build a base root filesystem, add the NDK toolchain and enough of a read-only
> git tool to drive repo fetches, and the either chroot into there or launch it as
> a container or run it under qemu, and then build AOSP.
>
> There's a ways to go still, but that's my goal. Because once we've got that,
> doing it under Android is basically a minijail target.
>
> Other people have their own opinions, of course:
>
>   https://twitter.com/landley/status/1085605309475966977

(i don't use the twitters so i've no idea how to go from that to the
actual content you're responding to.)

oh, turns out it does something sane on the desktop, but you can't see
the thread on mobile? genius!

anyway, yeah, we already have a /bin symlink to /system/bin on modern
systems. (also /etc.)

> It would be _nice_ if android could do that out of the box, and "install a build
> container" is a big ask for people without a big data plan using multiple year
> old hardware they inherited for which the upstream play store may have gone
> byebye already... But as they say, "we'll burn that bridge when we come to
> it"...
>
> > i haven't had chance to test your latest cp patch, nor my sed patch or
> > yours. assuming they're okay, and ignoring stuff in pending (like dd)
> > or that just isn't started yet (like hexdump),
>
> If all you need is hexdump -C I've got it 2/3 done over here because I use that
> a lot myself. (Also, hd is an abbreviation for hexdump -C.)
>
> If you need non -C hexdump, it's presumably a variant of od and xxd and I need
> to look at merging that code. (THREE implementations. 4 if you count hexedit.)

from my notes:

hexdump
 * -n#
 * -s#
 * -C
 * -e
 * -f FILE
 * -v

> > patch is probably in
> > the worst state: that will need fuzz support (which POSIX describes in
> > more detail than i would have expected:
> > https://pubs.opengroup.org/onlinepubs/9699919799/utilities/patch.html)
> > and support for the `[FILE [PATCH]]` command-line syntax, not just -i.
>
> Ok. I've done the first 1/3 of fuzz support locally already...
>
> > iirc there's also `realpath --relative-to` but i haven't even looked
> > at what that means yet.
>
> It's not in Ubuntu 14.04's man page for realpath, and I haven't poked at my
> pending Devuan 2.0 install in a week. (Instead I mail ordered a new battery for
> the old laptop...)
>
> > and when i first used toybox to build AOSP by
> > accident there was some issue with find, but that's on the short list
> > of things i haven't even looked at yet.
>
> Get me a test case and I'll try to fix it...
>
> > at some point i'll have to go through all the weird and whacky formats
> > supplied to date(1), but that one i might try to enlist the help of
> > the build folks to get me a complete set off the build servers (aiui
> > they've said that's possible but non-trivial, and only date seems like
> > it might be hairy enough -- and hard enough to grep for -- to warrant
> > that).
>
> It's all strptime() and strftime() under the covers. I let them specify the
> format strings, if you want more built in format strings I need to know what
> they are. (For "autodetect" we can have it iterate through an array trying each
> one fairly easily, assuming failure/success are easy to distinguish.)

i actually meant the crazy shit like "now" or "tomorrow". i haven't
yet looked closely enough to try to get a full list.

> > but the TL;DR is that more than half of the commands you're allowed to
> > run as part of the build (and that list includes stuff like python and
> > javac) are switched to toybox. almost all of them that exist in toybox
> > at all [minus pending] are switched over (the exceptions being date,
> > find, grep/egrep, lsof, patch, realpath, and timeout; at least lsof --
> > used only for diagnostics -- should be trivial).
>
> Cool.
>
> > probably a bigger decision right now is whether i want to try to flip
> > the switch for the grep family on the device, or whether it's a bit
> > late in the cycle for that. i should probably decide one way or the
> > other this week. are there any known reasons why i shouldn't give it a
> > go?
>
> Hmmm... I did --color support, all the tests pass... Hmmm, I have diffs in my
> local tree:
>
> diff --git a/toys/posix/grep.c b/toys/posix/grep.c
> index 2cf078b..5ca9c5d 100644
> --- a/toys/posix/grep.c
> +++ b/toys/posix/grep.c
> @@ -92,6 +92,7 @@ static void numdash(long num, char dash)
>  static void outline(char *line, char dash, char *name, long lcount, long bcount,
>    int trim)
>  {
> +  if (!trim && FLAG(o)) return;
>    if (name && FLAG(H)) printf("%s%s%s%c", TT.purple, name, TT.cyan, dash);
>    if (FLAG(c)) {
>      printf("%s%ld", TT.grey, lcount);
> @@ -353,7 +354,7 @@ static void do_grep(int fd, char *name)
>      if (FLAG(m) && mcount >= TT.m) break;
>    }
>
> -  if (FLAG(c)) outline(0, ':', name, mcount, 0, -1);
> +  if (FLAG(c)) outline(0, ':', name, mcount, 0, 1);
>
>    // loopfiles will also close the fd, but this frees an (opaque) struct.
>    fclose(file);
> @@ -499,5 +500,7 @@ void grep_main(void)
>        else dirtree_read(*ss, do_grep_r);
>      }
>    } else loopfiles_rw(ss, O_RDONLY|WARN_ONLY, 0, do_grep);
> +
> +// count is wrong
>    if (TT.tried == toys.optc || (FLAG(q)&&TT.found)) toys.exitval = !TT.found;
>  }
>
> Which... Ed Maste found that last one on BSD and I went down the
> "install a FreeBSD qemu image" rathole instead...
>
> So some minor stuff. Lemme try to get that sorted tomorrow? (I get
> MLK day off...)
>
> Rob



More information about the Toybox mailing list