QubesOS
/
qubes-installer-qubes-os
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge 9e354a6dfb into 116bbc6a34

Browse Source
pull/26/merge
Marek Marczykowski-Górecki 6 years ago committed by GitHub
parent 116bbc6a34 9e354a6dfb
commit 0ba58fe724
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
31 changed files with 1818 additions and 9 deletions
Show Stats Download Patch File Download Diff File

5
Makefile
Unescape View File

@ -27,13 +27,16 @@ ifdef QUBES_RELEASE
ISO_VERSION := $(QUBES_RELEASE)
PUNGI_OPTS += --isfinal
else
ISO_VERSION := $(shell date +%Y%m%d)
ISO_VERSION ?= $(shell date +%Y%m%d)
endif
PUNGI_OPTS += --ver="$(ISO_VERSION)"
INSTALLER_KICKSTART ?= $(PWD)/conf/qubes-kickstart.cfg
LIVE_KICKSTART ?= $(PWD)/conf/liveusb.ks
SOURCE_DATE_EPOCH ?= $(shell git show -s --pretty=format:%at)
export SOURCE_DATE_EPOCH
help:
@echo "make iso <== \o/";\
echo; \

1
Makefile.builder
Unescape View File

@ -1,4 +1,5 @@
RPM_SPEC_FILES.dom0 := \
squashfs-tools/squashfs-tools.spec \
pykickstart/pykickstart.spec \
blivet/python-blivet.spec \
lorax/lorax.spec \

25
anaconda/dracut/anaconda-lib.sh
Unescape View File

@ -101,13 +101,30 @@ anaconda_live_root_dir() {
anaconda_mount_sysroot $img
}
anaconda_mount_root_squashfs() {
local img="$1"
ROOTFLAGS="$(getarg rootflags)"
modprobe squashfs || die "squashfs not supported"
modprobe overlay || die "overlayfs not supported"
mkdir -m 0755 -p /run/overlayfs
mkdir -m 0755 -p /run/rootfsbase
mkdir -m 0755 -p /run/ovlwork
mount -r "$img" /run/rootfsbase
printf 'mount -t overlay LiveOS_rootfs -o%s,%s %s\n' "$ROOTFLAGS" \
'lowerdir=/run/rootfsbase,upperdir=/run/overlayfs,workdir=/run/ovlwork' \
"$NEWROOT" > $hookdir/mount/01-$$-live.sh
# satisfy wait_for_dev /dev/root
ln -s /dev/null /dev/root
}
anaconda_mount_sysroot() {
local img="$1"
if [ -e "$img" ]; then
/sbin/dmsquash-live-root $img
# dracut & systemd only mount things with root=live: so we have to do this ourselves
# See https://bugzilla.redhat.com/show_bug.cgi?id=1232411
printf 'mount /dev/mapper/live-rw %s\n' "$NEWROOT" > $hookdir/mount/01-$$-anaconda.sh
anaconda_mount_root_squashfs "$img"
fi
}

2
anaconda/dracut/module-setup.sh
Unescape View File

@ -7,7 +7,7 @@ check() {
}
depends() {
echo img-lib dmsquash-live
echo img-lib
case "$(uname -m)" in
s390*) echo cms ;;
esac

6
lorax-templates-qubes/templates/efi.tmpl
Unescape View File

@ -4,6 +4,8 @@ EFIARCH_LOWER=efiarch.lower()
EFIBOOTDIR="EFI/BOOT"
APPLE_EFI_ICON=inroot+"/usr/share/pixmaps/bootloader/fedora.icns"
APPLE_EFI_DISKNAME=inroot+"/usr/share/pixmaps/bootloader/fedora-media.vol"
import os, time
SOURCE_DATE_EPOCH = os.environ.get('SOURCE_DATE_EPOCH', str(int(time.time())))
%>
mkdir ${EFIBOOTDIR}
@ -43,7 +45,7 @@ install boot/efi/EFI/*/fonts/unicode.pf2 ${EFIBOOTDIR}/fonts/
runcmd chroot ${inroot} dracut --conf /dev/null --confdir /var/empty \
--nomdadmconf --nolvmconf --nofscks --no-early-microcode \
--no-hostonly --xz --install '/.buildstamp' \
--add 'anaconda pollcdrom dmsquash-live' \
--add 'anaconda pollcdrom' \
--omit="${extra_dracut_modules}" --omit-drivers="${scsi_modules}" --omit-drivers="${extra_modules}" \
/boot/efi/EFI/qubes/initrd-small.img ${kver}
runcmd chroot ${inroot} rm -f /proc/modules
@ -62,6 +64,8 @@ install boot/efi/EFI/*/fonts/unicode.pf2 ${EFIBOOTDIR}/fonts/
runcmd mount ${outroot}/${img} ${outroot}/${EFIBOOTDIR} -o loop
mkdir "${EFIBOOTDIR}/System Volume Information"
install "${configdir}/System Volume Information/*" "${EFIBOOTDIR}/System Volume Information/"
runcmd find ${outroot}/${EFIBOOTDIR} -newermt "@${SOURCE_DATE_EPOCH}" -exec \
touch --no-dereference --date="@${SOURCE_DATE_EPOCH}" {} +
runcmd umount ${outroot}/${img}
# verify if the image is under 32MB (max size of boot image on iso9660)
runcmd sh -x -c '[ $(stat -c %s ${outroot}/${img}) -le 33554432 ]'

13
lorax-templates-qubes/templates/runtime-cleanup.tmpl
Unescape View File

@ -357,3 +357,16 @@ removepkg cdparanoia-libs opus libtheora libvisual flac-libs gsm avahi-glib avah
## metacity requires libvorbis and libvorbisfile, but enc/dec are no longer needed
removefrom libvorbis --allbut /usr/${libdir}/libvorbisfile.* /usr/${libdir}/libvorbis.*
## make the image more reproducible
## make machine-id empty but present to avoid systemd populating /etc with
## preset settings
runcmd truncate -s 0 ${root}/etc/machine-id
## journalctl message catalog, non-deterministic
remove /var/lib/systemd/catalog/database
## non-reproducible ldconfig cache
remove /var/cache/ldconfig/aux-cache
remove /etc/pki/ca-trust/extracted/java/cacerts
remove /etc/group-
remove /etc/gshadow-

18
lorax-templates-qubes/templates/runtime-postinstall.tmpl
Unescape View File

@ -6,6 +6,8 @@
PYTHONDIR = sorted(glob("usr/"+libdir+"/python?.?"))[0]
stubs = ("list-harddrives", "raidstart", "raidstop")
configdir = configdir + "/common"
import os, time
SOURCE_DATE_EPOCH = os.environ.get('SOURCE_DATE_EPOCH', str(int(time.time())))
%>
## move_stubs()
@ -134,6 +136,20 @@ runcmd mknod ${root}/dev/null c 1 3
runcmd mknod ${root}/dev/urandom c 1 9
## Record the package versions used to create the image
runcmd chroot ${root} /bin/rpm -qa --pipe "tee /root/lorax-packages.log"
runcmd chroot ${root} /bin/rpm -qa --pipe "sort | tee /root/lorax-packages.log"
## fix fonconfig cache containing timestamps
runcmd chroot ${root} /usr/bin/find /usr/share/fonts /usr/share/X11/fonts -newermt "@${SOURCE_DATE_EPOCH}" -exec \
touch --no-dereference --date="@${SOURCE_DATE_EPOCH}" {} +
runcmd chroot ${root} /usr/bin/fc-cache -f
## drop timestamp from gconf.xml
runcmd sed -i -e 's/mtime="[0-9]*" //' ${root}/etc/gconf/gconf.xml.defaults/desktop/gnome/interface/%gconf.xml
## sort groups
runcmd chroot ${root} /bin/sh -c "LC_ALL=C sort /etc/group > /etc/group.new && mv /etc/group.new /etc/group"
runcmd chroot ${root} /bin/sh -c "LC_ALL=C sort /etc/gshadow > /etc/gshadow.new && mv /etc/gshadow.new /etc/gschadow"
chmod /etc/gshadow 0700
## TODO: we could run prelink here if we wanted?

48
lorax/0005-Drop-inner-rootfs.img-layer.patch
Unescape View File

@ -0,0 +1,48 @@
From cfc809df64e2778e51d47dc8b4466cf98efe8a2b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?=
<marmarek@invisiblethingslab.com>
Date: Wed, 3 Oct 2018 20:00:19 +0200
Subject: [PATCH] Drop inner rootfs.img layer
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Organization: Invisible Things Lab
Cc: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
Make runtime directly into squashfs image. This reduces largely
unreproducible ext4 layer, but requires dracut module modification to
properly mount the image.
Signed-off-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
---
src/pylorax/treebuilder.py | 12 +++---------
1 file changed, 3 insertions(+), 9 deletions(-)
diff --git a/src/pylorax/treebuilder.py b/src/pylorax/treebuilder.py
index 5d4f8b7..b804c2f 100644
--- a/src/pylorax/treebuilder.py
+++ b/src/pylorax/treebuilder.py
@@ -212,17 +212,11 @@ class RuntimeBuilder(object):
generate_module_info(moddir+kver, outfile=moddir+"module-info")
def create_runtime(self, outfile="/var/tmp/squashfs.img", compression="xz", compressargs=None, size=2):
- # make live rootfs image - must be named "LiveOS/rootfs.img" for dracut
compressargs = compressargs or []
- workdir = joinpaths(os.path.dirname(outfile), "runtime-workdir")
- os.makedirs(joinpaths(workdir, "LiveOS"))
+ os.makedirs(os.path.dirname(outfile))
- imgutils.mkrootfsimg(self.vars.root, joinpaths(workdir, "LiveOS/rootfs.img"),
- "Anaconda", size=size)
-
- # squash the live rootfs and clean up workdir
- imgutils.mksquashfs(workdir, outfile, compression, compressargs)
- remove(workdir)
+ # squash the rootfs
+ imgutils.mksquashfs(self.vars.root, outfile, compression, compressargs)
def finished(self):
""" Done using RuntimeBuilder
--
2.17.1

102
lorax/0006-Use-SOURCE_DATE_EPOCH-for-metadata-timestamps.patch
Unescape View File

@ -0,0 +1,102 @@
From c90eb097d7006378155e06a3d1e8148d61da90c5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?=
<marmarek@invisiblethingslab.com>
Date: Thu, 4 Oct 2018 18:16:34 +0200
Subject: [PATCH 2/4] Use SOURCE_DATE_EPOCH for metadata timestamps
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Organization: Invisible Things Lab
Cc: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
This include .buildinfo, .treeinfo and .discinfo.
Signed-off-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
---
src/pylorax/buildstamp.py | 7 ++++++-
src/pylorax/discinfo.py | 8 +++++++-
src/pylorax/treeinfo.py | 8 +++++++-
3 files changed, 20 insertions(+), 3 deletions(-)
diff --git a/src/pylorax/buildstamp.py b/src/pylorax/buildstamp.py
index 4219944..4376784 100644
--- a/src/pylorax/buildstamp.py
+++ b/src/pylorax/buildstamp.py
@@ -23,6 +23,7 @@ import logging
logger = logging.getLogger("pylorax.buildstamp")
import datetime
+import os
class BuildStamp(object):
@@ -33,7 +34,11 @@ class BuildStamp(object):
self.bugurl = bugurl
self.isfinal = isfinal
- now = datetime.datetime.now()
+ if 'SOURCE_DATE_EPOCH' in os.environ:
+ now = datetime.datetime.utcfromtimestamp(
+ int(os.environ['SOURCE_DATE_EPOCH']))
+ else:
+ now = datetime.datetime.now()
now = now.strftime("%Y%m%d%H%M")
self.uuid = "{0}.{1}".format(now, buildarch)
diff --git a/src/pylorax/discinfo.py b/src/pylorax/discinfo.py
index 9dad83b..311bae3 100644
--- a/src/pylorax/discinfo.py
+++ b/src/pylorax/discinfo.py
@@ -22,6 +22,7 @@
import logging
logger = logging.getLogger("pylorax.discinfo")
+import os
import time
@@ -32,8 +33,13 @@ class DiscInfo(object):
self.basearch = basearch
def write(self, outfile):
+ if 'SOURCE_DATE_EPOCH' in os.environ:
+ timestamp = int(os.environ['SOURCE_DATE_EPOCH'])
+ else:
+ timestamp = time.time()
+
logger.info("writing .discinfo file")
with open(outfile, "w") as fobj:
- fobj.write("{0:f}\n".format(time.time()))
+ fobj.write("{0:f}\n".format(timestamp))
fobj.write("{0.release}\n".format(self))
fobj.write("{0.basearch}\n".format(self))
diff --git a/src/pylorax/treeinfo.py b/src/pylorax/treeinfo.py
index 4c84006..cc1ad3f 100644
--- a/src/pylorax/treeinfo.py
+++ b/src/pylorax/treeinfo.py
@@ -23,6 +23,7 @@ import logging
logger = logging.getLogger("pylorax.treeinfo")
import configparser
+import os
import time
@@ -33,8 +34,13 @@ class TreeInfo(object):
self.c = configparser.ConfigParser()
+ if 'SOURCE_DATE_EPOCH' in os.environ:
+ timestamp = os.environ['SOURCE_DATE_EPOCH']
+ else:
+ timestamp = str(time.time())
+
section = "general"
- data = {"timestamp": str(time.time()),
+ data = {"timestamp": timestamp,
"family": product,
"version": version,
"name": "%s-%s" % (product, version),
--
2.17.1

34
lorax/0007-Preserve-timestamps-when-building-fs-image.patch
Unescape View File

@ -0,0 +1,34 @@
From 3457b203feac0af5ee5c388a6c0351978dadcc1a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?=
<marmarek@invisiblethingslab.com>
Date: Fri, 5 Oct 2018 04:48:09 +0200
Subject: [PATCH 3/4] Preserve timestamps when building fs image
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Organization: Invisible Things Lab
Cc: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
Even when FS do not support owner/modes, preserve timestamps.
Signed-off-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
---
src/pylorax/imgutils.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/pylorax/imgutils.py b/src/pylorax/imgutils.py
index 25c300d..942695f 100644
--- a/src/pylorax/imgutils.py
+++ b/src/pylorax/imgutils.py
@@ -219,7 +219,7 @@ def copytree(src, dest, preserve=True):
If preserve is False, uses cp -R (useful for modeless filesystems)
raises CalledProcessError if copy fails.'''
logger.debug("copytree %s %s", src, dest)
- cp = ["cp", "-a"] if preserve else ["cp", "-R", "-L"]
+ cp = ["cp", "-a"] if preserve else ["cp", "-R", "-L", "--preserve=timestamps"]
cp += [join(src, "."), os.path.abspath(dest)]
runcmd(cp)
--
2.17.1

40
lorax/0008-Use-SOURCE_DATE_EPOCH-for-volumeid-of-efi-boot-image.patch
Unescape View File

@ -0,0 +1,40 @@
From 7e29418e9a5692c1f5ff7327929cd48f543d3d80 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?=
<marmarek@invisiblethingslab.com>
Date: Fri, 5 Oct 2018 04:48:57 +0200
Subject: [PATCH 4/4] Use SOURCE_DATE_EPOCH for volumeid of efi boot image
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Organization: Invisible Things Lab
Cc: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
By default mkfs.mksdos choose volume id based on current time. If
SOURCE_DATE_EPOCH is set, use that instead.
Signed-off-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
---
src/pylorax/imgutils.py | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/src/pylorax/imgutils.py b/src/pylorax/imgutils.py
index 6cd67e0..92de296 100644
--- a/src/pylorax/imgutils.py
+++ b/src/pylorax/imgutils.py
@@ -398,8 +398,12 @@ def mkfsimage(fstype, rootdir, outfile, size=None, mkfsargs=None, mountargs="",
# convenience functions with useful defaults
def mkdosimg(rootdir, outfile, size=None, label="", mountargs="shortname=winnt,umask=0077", graft=None):
graft = graft or {}
+ mkfsargs = ["-n", label]
+ if 'SOURCE_DATE_EPOCH' in os.environ:
+ mkfsargs.extend(["-i",
+ "{:x}".format(int(os.environ['SOURCE_DATE_EPOCH']))])
mkfsimage("msdos", rootdir, outfile, size, mountargs=mountargs,
- mkfsargs=["-n", label], graft=graft)
+ mkfsargs=mkfsargs, graft=graft)
def mkext4img(rootdir, outfile, size=None, label="", mountargs="", graft=None):
graft = graft or {}
--
2.17.1

8
lorax/lorax.spec
Unescape View File

@ -20,6 +20,10 @@ Patch1: 0001-Allow-specify-gpg-key-for-a-repository.patch
Patch2: 0002-verify-packages-signature.patch
Patch3: 0003-Update-package-verification-for-dnf-API.patch
Patch4: 0004-Remove-branding-code.patch
Patch5: 0005-Drop-inner-rootfs.img-layer.patch
Patch6: 0006-Use-SOURCE_DATE_EPOCH-for-metadata-timestamps.patch
Patch7: 0007-Preserve-timestamps-when-building-fs-image.patch
Patch8: 0008-Use-SOURCE_DATE_EPOCH-for-volumeid-of-efi-boot-image.patch
BuildRequires: python3-devel
@ -126,6 +130,10 @@ Lorax templates for creating the boot.iso and live isos are placed in
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%patch8 -p1
%build

45
pungi/0001-Use-SOURCE_DATE_EPOCH-if-set-in-discinfo-file.patch
Unescape View File

@ -0,0 +1,45 @@
From 1b0ff7f98bdce87deb7bc61d6c227be21fa43a94 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?=
<marmarek@invisiblethingslab.com>
Date: Thu, 4 Oct 2018 23:36:15 +0200
Subject: [PATCH 1/6] Use $SOURCE_DATE_EPOCH (if set) in discinfo file
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Organization: Invisible Things Lab
Cc: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
This helps the output image to be reproducible.
Signed-off-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
---
pungi/compose_metadata/discinfo.py | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/pungi/compose_metadata/discinfo.py b/pungi/compose_metadata/discinfo.py
index df61ca0..758feef 100644
--- a/pungi/compose_metadata/discinfo.py
+++ b/pungi/compose_metadata/discinfo.py
@@ -32,6 +32,7 @@ __all__ = (
)
+import os
import time
@@ -43,7 +44,10 @@ def write_discinfo(file_path, description, arch, disc_numbers=None, timestamp=No
if not isinstance(disc_numbers, list):
raise TypeError("Invalid type: disc_numbers type is %s; expected: <list>" % type(disc_numbers))
if not timestamp:
- timestamp = "%f" % time.time()
+ if 'SOURCE_DATE_EPOCH' in os.environ:
+ timestamp = os.environ['SOURCE_DATE_EPOCH']
+ else:
+ timestamp = "%f" % time.time()
with open(file_path, "w") as f:
f.write("%s\n" % timestamp)
f.write("%s\n" % description)
--
2.17.1

49
pungi/0002-Use-xorriso-instead-of-genisoimage.patch
Unescape View File

@ -0,0 +1,49 @@
From d33b8f9995070d68472c25779dfa543d6d7535db Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?=
<marmarek@invisiblethingslab.com>
Date: Thu, 4 Oct 2018 23:37:35 +0200
Subject: [PATCH 2/6] Use xorriso instead of genisoimage
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Organization: Invisible Things Lab
Cc: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
xorriso make the image reproducible (given the same input files),
including support for SOURCE_DATE_EPOCH in various metadata.
Signed-off-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
---
pungi.spec | 2 +-
pungi/gather.py | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/pungi.spec b/pungi.spec
index 6a23a63..d7bdc66 100644
--- a/pungi.spec
+++ b/pungi.spec
@@ -35,7 +35,7 @@ Requires: jigdo
Requires: cvs
Requires: yum-utils
Requires: isomd5sum
-Requires: genisoimage
+Requires: xorriso
Requires: gettext
Requires: syslinux
Requires: git
diff --git a/pungi/gather.py b/pungi/gather.py
index 20cc33d..15dfcee 100644
--- a/pungi/gather.py
+++ b/pungi/gather.py
@@ -1709,7 +1709,7 @@ class Pungi(PungiBase):
clean=True) # This is risky...
# setup the base command
- mkisofs = ['/usr/bin/mkisofs']
+ mkisofs = ['/usr/bin/xorriso', '-as', 'mkisofs']
mkisofs.extend(['-v', '-U', '-J', '-R', '-T', '-m', 'repoview', '-m', 'boot.iso']) # common mkisofs flags
x86bootargs = ['-b', 'isolinux/isolinux.bin', '-c', 'isolinux/boot.cat',
--
2.17.1

34
pungi/0003-Use-constant-MBR-ID-for-isohybrid.patch
Unescape View File

@ -0,0 +1,34 @@
From 61ed5d6ea5b1beedb59b3962d0df99f0b3c69402 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?=
<marmarek@invisiblethingslab.com>
Date: Thu, 4 Oct 2018 23:38:57 +0200
Subject: [PATCH 3/6] Use constant MBR ID for isohybrid
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Organization: Invisible Things Lab
Cc: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
If not set explicitly, isohybrid choose it randomly, which harm
reproducibility.
Signed-off-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
---
pungi/gather.py | 1 +
1 file changed, 1 insertion(+)
diff --git a/pungi/gather.py b/pungi/gather.py
index 15dfcee..6f52bc6 100644
--- a/pungi/gather.py
+++ b/pungi/gather.py
@@ -1731,6 +1731,7 @@ class Pungi(PungiBase):
ppcbootargs.append('-hfs-bless') # must be last
isohybrid = ['/usr/bin/isohybrid']
+ isohybrid.extend(['--id', '42'])
# Check the size of the tree
# This size checking method may be bunk, accepting patches...
--
2.17.1

67
pungi/0004-Make-sure-.treeinfo-file-is-sorted.patch
Unescape View File

@ -0,0 +1,67 @@
From 57e49f366a34e3d8fdb020d7f19bc2fec8547ec9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?=
<marmarek@invisiblethingslab.com>
Date: Thu, 4 Oct 2018 23:42:19 +0200
Subject: [PATCH 4/6] Make sure .treeinfo file is sorted
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Organization: Invisible Things Lab
Cc: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
OrderedDict used by default by ConfigParser isn't enough because order
of entries being added may not be deterministic (depends on directory
list order). To solve this problem, use SortedDict as a base.
Signed-off-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
---
pungi.spec | 2 ++
pungi/gather.py | 5 +++++
2 files changed, 7 insertions(+)
diff --git a/pungi.spec b/pungi.spec
index d7bdc66..dcb1986 100644
--- a/pungi.spec
+++ b/pungi.spec
@@ -17,6 +17,7 @@ BuildRequires: python-jsonschema
BuildRequires: python-enum34
BuildRequires: python2-dnf
BuildRequires: python2-multilib
+BuildRequires: python2-dict-sorted
Requires: createrepo >= 0.4.11
Requires: yum => 3.4.3-28
@@ -44,6 +45,7 @@ Requires: libguestfs-tools-c
Requires: python-enum34
Requires: python2-dnf
Requires: python2-multilib
+Requires: python2-dict-sorted
BuildArch: noarch
diff --git a/pungi/gather.py b/pungi/gather.py
index 6f52bc6..1035036 100644
--- a/pungi/gather.py
+++ b/pungi/gather.py
@@ -26,6 +26,7 @@ import urlgrabber.progress
import subprocess
import createrepo
import ConfigParser
+from sdict import AlphaSortedDict
from fnmatch import fnmatch
import arch as arch_module
@@ -95,6 +96,10 @@ def is_package(po):
class MyConfigParser(ConfigParser.ConfigParser):
"""A subclass of ConfigParser which does not lowercase options"""
+ def __init__(self, *args, **kwargs):
+ kwargs['dict_type'] = AlphaSortedDict
+ ConfigParser.ConfigParser.__init__(self, *args, **kwargs)
+
def optionxform(self, optionstr):
return optionstr
--
2.17.1

60
pungi/0005-Set-repodata-mtime-to-SOURCE_DATE_EPOCH.patch
Unescape View File

@ -0,0 +1,60 @@
From 8eaee0ada8caa8b509b96867b06b876ef606d64f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?=
<marmarek@invisiblethingslab.com>
Date: Thu, 4 Oct 2018 23:44:06 +0200
Subject: [PATCH 5/6] Set repodata mtime to SOURCE_DATE_EPOCH
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Organization: Invisible Things Lab
Cc: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
repodata/repomd.xml include timestamps of all the other repodata files.
Even when those files are created reproducibly, they have current
modification time. In general case this is a good thing (ease checking
if repodata cache is up to date). But in case of composing installation
image, it breaks reproducibility.
Avoid this by reseting mtime of repodata/* to $SOURCE_DATE_EPOCH, just
before creating repomd.xml.
Signed-off-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
---
pungi/gather.py | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/pungi/gather.py b/pungi/gather.py
index 1035036..dbe38f7 100644
--- a/pungi/gather.py
+++ b/pungi/gather.py
@@ -25,6 +25,7 @@ import logging
import urlgrabber.progress
import subprocess
import createrepo
+import glob
import ConfigParser
from sdict import AlphaSortedDict
from fnmatch import fnmatch
@@ -1409,9 +1410,20 @@ class Pungi(PungiBase):
conf.baseurl = baseurl
if compress_type:
conf.compress_type = compress_type
+ if 'SOURCE_DATE_EPOCH' in os.environ:
+ conf.revision = os.environ['SOURCE_DATE_EPOCH']
repomatic = createrepo.MetaDataGenerator(conf)
self.logger.info('Making repodata')
repomatic.doPkgMetadata()
+
+ # set mtime to $SOURCE_DATE_EPOCH, do that just before creating
+ # repomd.xml, because it includes timestamps of referenced files
+ if 'SOURCE_DATE_EPOCH' in os.environ:
+ s_d_e = int(os.environ['SOURCE_DATE_EPOCH'])
+ for repo_file in glob.glob(
+ os.path.join(conf.outputdir, conf.tempdir, "*")):
+ os.utime(repo_file, (s_d_e, s_d_e))
+
repomatic.doRepoMetadata()
repomatic.doFinalMove()
--
2.17.1

53
pungi/0006-Monkey-patch-createrepo-to-clamp-repodata-mtime.patch
Unescape View File

@ -0,0 +1,53 @@
From aaae0547c9bfefac7aa0d431cc4065eb369a7605 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?=
<marmarek@invisiblethingslab.com>
Date: Fri, 5 Oct 2018 15:26:36 +0200
Subject: [PATCH 6/6] Monkey patch createrepo to clamp repodata mtime
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Organization: Invisible Things Lab
Cc: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
Unfortunately some files are created during repomatic.doRepoMetadata(),
so clamping mtime before the call isn't enough. To limit changes to just
one component, monkey patch createrepo function.
Signed-off-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
---
pungi/gather.py | 19 +++++++++++++++++++
1 file changed, 19 insertions(+)
diff --git a/pungi/gather.py b/pungi/gather.py
index dbe38f7..9963dc6 100644
--- a/pungi/gather.py
+++ b/pungi/gather.py
@@ -1424,6 +1424,25 @@ class Pungi(PungiBase):
os.path.join(conf.outputdir, conf.tempdir, "*")):
os.utime(repo_file, (s_d_e, s_d_e))
+ # unfortunately the above is not enough, because some files are created
+ # during doRepoMetadata(). This include:
+ # - compressed sqlite versions of the metadata - needed by repoview
+ # - group file (compressed and not) - this is needed, so the timestamp
+ # problem needs to be solved anyway
+ orig_createRepoDataObject = repomatic._createRepoDataObject
+ def wrapped_createRepoDataObject(*args, **kwargs):
+ repodata = orig_createRepoDataObject(*args, **kwargs)
+ if int(repodata.timestamp) > s_d_e:
+ repodata.timestamp = str(s_d_e)
+ return repodata
+ repomatic._createRepoDataObject = wrapped_createRepoDataObject
+
+ orig_compressFile = createrepo.utils.compressFile
+ def wrapped_compressFile(source, dest, compress_type):
+ orig_compressFile(source, dest, compress_type)
+ os.utime(dest, (s_d_e, s_d_e))
+ createrepo.utils.compressFile = wrapped_compressFile
+
repomatic.doRepoMetadata()
repomatic.doFinalMove()
--
2.17.1

17
pungi/pungi.spec
Unescape View File

@ -14,6 +14,13 @@ Patch3: disable-efi.patch
Patch4: Hacky-way-to-pass-gpgkey-to-lorax.patch
#Patch5: fix-recursive-partition-table-on-iso-image.patch
#Patch6: disable-upgrade.patch
Patch7: 0001-Use-SOURCE_DATE_EPOCH-if-set-in-discinfo-file.patch
Patch8: 0002-Use-xorriso-instead-of-genisoimage.patch
Patch9: 0003-Use-constant-MBR-ID-for-isohybrid.patch
Patch10: 0004-Make-sure-.treeinfo-file-is-sorted.patch
Patch11: 0005-Set-repodata-mtime-to-SOURCE_DATE_EPOCH.patch
Patch12: 0006-Monkey-patch-createrepo-to-clamp-repodata-mtime.patch
BuildRequires: python-nose, python-mock
BuildRequires: python-devel, python-setuptools, python2-productmd >= 1.3
BuildRequires: python-lockfile, kobo, kobo-rpmlib, python-kickstart, createrepo_c
@ -24,6 +31,7 @@ BuildRequires: python-jsonschema
BuildRequires: python-enum34
BuildRequires: python2-dnf
BuildRequires: python2-multilib
BuildRequires: python2-dict-sorted
#deps for doc building
BuildRequires: python-sphinx, texlive-latex-bin-bin, texlive-collection-fontsrecommended
@ -52,7 +60,7 @@ Requires: koji >= 1.10.1-13
Requires: cvs
Requires: yum-utils
Requires: isomd5sum
Requires: genisoimage
Requires: xorriso
Requires: gettext
# this is x86 only
#Requires: syslinux
@ -61,6 +69,7 @@ Requires: python-jsonschema
Requires: python-enum34
Requires: python2-dnf
Requires: python2-multilib
Requires: python2-dict-sorted
BuildArch: noarch
@ -86,6 +95,12 @@ notification to Fedora Message Bus.
%patch4 -p1
#%%patch5 -p1
#%%patch6 -p1
%patch7 -p1
%patch8 -p1
%patch9 -p1
%patch10 -p1
%patch11 -p1
%patch12 -p1
%build
%{__python} setup.py build

11
squashfs-tools/2gb.patch
Unescape View File

@ -0,0 +1,11 @@
--- squashfs-tools/mksquashfs.c.orig 2014-09-13 11:08:27.352318167 -0500
+++ squashfs-tools/mksquashfs.c 2014-09-13 11:09:36.701132044 -0500
@@ -2055,7 +2055,7 @@
inline int is_fragment(struct inode_info *inode)
{
- int file_size = inode->buf.st_size;
+ off_t file_size = inode->buf.st_size;
/*
* If this block is to be compressed differently to the

83
squashfs-tools/If-SOURCE_DATE_EPOCH-is-set-also-clamp-content-times.patch
Unescape View File

@ -0,0 +1,83 @@
From 32a07d4156a281084c90a4b78affc8b0b32a26fc Mon Sep 17 00:00:00 2001
From: intrigeri <intrigeri@boum.org>
Date: Mon, 21 Nov 2016 11:41:28 +0000
Subject: [PATCH] If SOURCE_DATE_EPOCH is set, also clamp content timestamps
with that value.
Based on a patch by Alexander Couzens <lynxis@fe...> posted on
https://sourceforge.net/p/squashfs/mailman/message/34673610/
---
squashfs-tools/mksquashfs.c | 15 ++++++++++++---
1 file changed, 12 insertions(+), 3 deletions(-)
diff --git a/squashfs-tools/mksquashfs.c b/squashfs-tools/mksquashfs.c
index b49e956..9f020bf 100644
--- a/squashfs-tools/mksquashfs.c
+++ b/squashfs-tools/mksquashfs.c
@@ -137,6 +137,9 @@ unsigned int cache_bytes = 0, cache_size = 0, inode_count = 0;
/* inode lookup table */
squashfs_inode *inode_lookup_table = NULL;
+/* clamp all timestamps to SOURCE_DATE_EPOCH */
+time_t content_clamp_time = -1;
+
/* override filesystem creation time */
time_t mkfs_fixed_time = -1;
@@ -2246,6 +2249,8 @@ restat:
pathname_reader(dir_ent), strerror(errno));
goto read_err;
}
+ if(content_clamp_time != -1 && buf2.st_mtime >= content_clamp_time)
+ buf2.st_mtime = content_clamp_time;
if(read_size != buf2.st_size) {
close(file);
@@ -3101,7 +3106,7 @@ void dir_scan(squashfs_inode *inode, char *pathname,
buf.st_mode = S_IRWXU | S_IRWXG | S_IRWXO | S_IFDIR;
buf.st_uid = getuid();
buf.st_gid = getgid();
- buf.st_mtime = time(NULL);
+ buf.st_mtime = content_clamp_time != -1 ? content_clamp_time : time(NULL);
buf.st_dev = 0;
buf.st_ino = 0;
dir_ent->inode = lookup_inode2(&buf, PSEUDO_FILE_OTHER, 0);
@@ -3110,6 +3115,8 @@ void dir_scan(squashfs_inode *inode, char *pathname,
/* source directory has disappeared? */
BAD_ERROR("Cannot stat source directory %s because %s\n",
pathname, strerror(errno));
+ if(content_clamp_time != -1 && buf.st_mtime >= content_clamp_time)
+ buf.st_mtime = content_clamp_time;
dir_ent->inode = lookup_inode(&buf);
}
@@ -3365,6 +3372,8 @@ struct dir_info *dir_scan1(char *filename, char *subpath,
free_dir_entry(dir_ent);
continue;
}
+ if(content_clamp_time != -1 && buf.st_mtime >= content_clamp_time)
+ buf.st_mtime = content_clamp_time;
if((buf.st_mode & S_IFMT) != S_IFREG &&
(buf.st_mode & S_IFMT) != S_IFDIR &&
@@ -3544,7 +3553,7 @@ void dir_scan2(struct dir_info *dir, struct pseudo *pseudo)
buf.st_gid = pseudo_ent->dev->gid;
buf.st_rdev = makedev(pseudo_ent->dev->major,
pseudo_ent->dev->minor);
- buf.st_mtime = time(NULL);
+ buf.st_mtime = content_clamp_time != -1 ? content_clamp_time : time(NULL);
buf.st_ino = pseudo_ino ++;
if(pseudo_ent->dev->type == 'd') {
@@ -5674,7 +5683,7 @@ printOptions:
"%lu but was found to be: %llu \n", ULONG_MAX, epoch);
EXIT_MKSQUASHFS();
}
- mkfs_fixed_time = (time_t)epoch;
+ mkfs_fixed_time = content_clamp_time = (time_t)epoch;
}
/*
--
2.17.1

90
squashfs-tools/If-SOURCE_DATE_EPOCH-is-set-override-timestamps-with.patch
Unescape View File

@ -0,0 +1,90 @@
From 0ab12a8585373be2de5129e14d979c62e7a90d82 Mon Sep 17 00:00:00 2001
From: Chris Lamb <lamby@debian.org>
Date: Mon, 21 Nov 2016 09:33:05 +0100
Subject: [PATCH] If SOURCE_DATE_EPOCH is set, override timestamps with that
value.
See https://reproducible-builds.org/specs/source-date-epoch/ for more
information about this environment variable.
Based on a patch by Alexander Couzens <lynxis@fe...> posted on
https://sourceforge.net/p/squashfs/mailman/message/34673610/
Signed-off-by: Chris Lamb <lamby@debian.org>
---
squashfs-tools/mksquashfs.c | 38 ++++++++++++++++++++++++++++++++++++-
1 file changed, 37 insertions(+), 1 deletion(-)
diff --git a/squashfs-tools/mksquashfs.c b/squashfs-tools/mksquashfs.c
index c2098bd..b49e956 100644
--- a/squashfs-tools/mksquashfs.c
+++ b/squashfs-tools/mksquashfs.c
@@ -137,6 +137,9 @@ unsigned int cache_bytes = 0, cache_size = 0, inode_count = 0;
/* inode lookup table */
squashfs_inode *inode_lookup_table = NULL;
+/* override filesystem creation time */
+time_t mkfs_fixed_time = -1;
+
/* in memory directory data */
#define I_COUNT_SIZE 128
#define DIR_ENTRIES 32
@@ -5104,6 +5107,9 @@ int main(int argc, char *argv[])
int total_mem = get_default_phys_mem();
int progress = TRUE;
int force_progress = FALSE;
+ char *source_date_epoch, *endptr;
+ unsigned long long epoch;
+
struct file_buffer **fragment = NULL;
if(argc > 1 && strcmp(argv[1], "-version") == 0) {
@@ -5641,6 +5647,36 @@ printOptions:
}
}
+ /* if SOURCE_DATE_EPOCH is set, use that timestamp for the mkfs time */
+ source_date_epoch = getenv("SOURCE_DATE_EPOCH");
+ if(source_date_epoch) {
+ errno = 0;
+ epoch = strtoull(source_date_epoch, &endptr, 10);
+ if((errno == ERANGE && (epoch == ULLONG_MAX || epoch == 0))
+ || (errno != 0 && epoch == 0)) {
+ ERROR("Environment variable $SOURCE_DATE_EPOCH: "
+ "strtoull: %s\n", strerror(errno));
+ EXIT_MKSQUASHFS();
+ }
+ if(endptr == source_date_epoch) {
+ ERROR("Environment variable $SOURCE_DATE_EPOCH: "
+ "No digits were found: %s\n", endptr);
+ EXIT_MKSQUASHFS();
+ }
+ if(*endptr != '\0') {
+ ERROR("Environment variable $SOURCE_DATE_EPOCH: "
+ "Trailing garbage: %s\n", endptr);
+ EXIT_MKSQUASHFS();
+ }
+ if(epoch > ULONG_MAX) {
+ ERROR("Environment variable $SOURCE_DATE_EPOCH: "
+ "value must be smaller than or equal to "
+ "%lu but was found to be: %llu \n", ULONG_MAX, epoch);
+ EXIT_MKSQUASHFS();
+ }
+ mkfs_fixed_time = (time_t)epoch;
+ }
+
/*
* Some compressors may need the options to be checked for validity
* once all the options have been processed
@@ -5975,7 +6011,7 @@ printOptions:
sBlk.flags = SQUASHFS_MKFLAGS(noI, noD, noF, noX, no_fragments,
always_use_fragments, duplicate_checking, exportable,
no_xattrs, comp_opts);
- sBlk.mkfs_time = time(NULL);
+ sBlk.mkfs_time = mkfs_fixed_time != -1 ? mkfs_fixed_time : time(NULL);
disable_info();
--
2.17.1

159
squashfs-tools/PAE.patch
Unescape View File

@ -0,0 +1,159 @@
From 55f7ba830d40d438f0b0663a505e0c227fc68b6b Mon Sep 17 00:00:00 2001
From: Phillip Lougher <phillip@squashfs.org.uk>
Date: Tue, 10 Jun 2014 21:51:52 +0100
Subject: mksquashfs: fix phys mem calculation for 32-bit processes on
PAE/64-bit kernels
When adding the code to base default memory usage on physical memory
(by default use 25% of physical memory), I made an oversight. I assumed
the process would be able to address 25% of physical memory.
However, for 32-bit processes running on a PAE kernel or 64-bit kernel,
25% of physical memory can easily exceed the addressible memory for a
32-bit process, e.g. if a machine has 24 GB of physical memory, the
code would asume the process could easily use 6 GB.
A 32-bit process by definition can only address 4 GB (32-bit pointers).
But, due to the typical kernel/user-space split (1GB/3GB, or 2GB/2GB)
on PAE kernels, a 32-bit process may only be able to address 2 GB.
So, if Mksquashfs is a 32-bit application running on a PAE/64-bit kernel,
the code assumes it can address much more memory than it really can, which
means it runs out of memory.
The fix is to impose a maximum default limit on 32-bit kernels, or
otherwise to never use a value more than 25% of the address space. If
we assume the maximum address space is 2 GB, then the maximum becomes
512 MB. But, given most kernels used the 1GB/3GB split, that may be
unduely conservative, and 25% of 3 GB (756 MB) may be better. This
patch compromises on 640 MB, which is mid-way between the 512 MB and 756 MB
values. It is also the fixed default value previously used by Mksquashfs.
This patch also alters the code which imposes a maximum size. Previously
it was believed limiting to the physical memory size was adequate. But
obviously this needs to be updated to take into account a 32-bit process
may only be able to address 2 GB. In the process I've also taken the
opportunity to limit all requests to no more than 75% of physical memory.
Signed-off-by: Phillip Lougher <phillip@squashfs.org.uk>
diff --git a/squashfs-tools/mksquashfs.c b/squashfs-tools/mksquashfs.c
index 86f82bb..5370ecf 100644
--- a/squashfs-tools/mksquashfs.c
+++ b/squashfs-tools/mksquashfs.c
@@ -304,7 +304,7 @@ void restorefs();
struct dir_info *scan1_opendir(char *pathname, char *subpath, int depth);
void write_filesystem_tables(struct squashfs_super_block *sBlk, int nopad);
unsigned short get_checksum_mem(char *buff, int bytes);
-int get_physical_memory();
+void check_usable_phys_mem(int total_mem);
void prep_exit()
@@ -4053,11 +4053,7 @@ void initialise_threads(int readq, int fragq, int bwriteq, int fwriteq,
BAD_ERROR("Queue sizes rediculously too large\n");
total_mem += fwriteq;
- if(total_mem > get_physical_memory()) {
- ERROR("Total queue sizes larger than physical memory.\n");
- ERROR("Mksquashfs will exhaust physical memory and thrash.\n");
- BAD_ERROR("Queues too large\n");
- }
+ check_usable_phys_mem(total_mem);
/*
* convert from queue size in Mbytes to queue size in
@@ -4879,6 +4875,72 @@ int get_physical_memory()
}
+void check_usable_phys_mem(int total_mem)
+{
+ /*
+ * We want to allow users to use as much of their physical
+ * memory as they wish. However, for practical reasons there are
+ * limits which need to be imposed, to protect users from themselves
+ * and to prevent people from using Mksquashfs as a DOS attack by using
+ * all physical memory. Mksquashfs uses memory to cache data from disk
+ * to optimise performance. It is pointless to ask it to use more
+ * than 75% of physical memory, as this causes thrashing and it is thus
+ * self-defeating.
+ */
+ int mem = get_physical_memory();
+
+ mem = (mem >> 1) + (mem >> 2); /* 75% */
+
+ if(total_mem > mem) {
+ ERROR("Total memory requested is more than 75%% of physical "
+ "memory.\n");
+ ERROR("Mksquashfs uses memory to cache data from disk to "
+ "optimise performance.\n");
+ ERROR("It is pointless to ask it to use more than this amount "
+ "of memory, as this\n");
+ ERROR("causes thrashing and it is thus self-defeating.\n");
+ BAD_ERROR("Requested memory size too large\n");
+ }
+
+ if(sizeof(void *) == 4 && total_mem > 2048) {
+ /*
+ * If we're running on a kernel with PAE or on a 64-bit kernel,
+ * then the 75% physical memory limit can still easily exceed
+ * the addressable memory by this process.
+ *
+ * Due to the typical kernel/user-space split (1GB/3GB, or
+ * 2GB/2GB), we have to conservatively assume the 32-bit
+ * processes can only address 2-3GB. So refuse if the user
+ * tries to allocate more than 2GB.
+ */
+ ERROR("Total memory requested may exceed maximum "
+ "addressable memory by this process\n");
+ BAD_ERROR("Requested memory size too large\n");
+ }
+}
+
+
+int get_default_phys_mem()
+{
+ int mem = get_physical_memory() / SQUASHFS_TAKE;
+
+ if(sizeof(void *) == 4 && mem > 640) {
+ /*
+ * If we're running on a kernel with PAE or on a 64-bit kernel,
+ * the default memory usage can exceed the addressable
+ * memory by this process.
+ * Due to the typical kernel/user-space split (1GB/3GB, or
+ * 2GB/2GB), we have to conservatively assume the 32-bit
+ * processes can only address 2-3GB. So limit the default
+ * usage to 640M, which gives room for other data.
+ */
+ mem = 640;
+ }
+
+ return mem;
+}
+
+
void calculate_queue_sizes(int mem, int *readq, int *fragq, int *bwriteq,
int *fwriteq)
{
@@ -4890,7 +4952,7 @@ void calculate_queue_sizes(int mem, int *readq, int *fragq, int *bwriteq,
#define VERSION() \
- printf("mksquashfs version 4.3 (2014/05/12)\n");\
+ printf("mksquashfs version 4.3-git (2014/06/09)\n");\
printf("copyright (C) 2014 Phillip Lougher "\
"<phillip@squashfs.org.uk>\n\n"); \
printf("This program is free software; you can redistribute it and/or"\
@@ -4918,7 +4980,7 @@ int main(int argc, char *argv[])
int fragq;
int bwriteq;
int fwriteq;
- int total_mem = get_physical_memory() / SQUASHFS_TAKE;
+ int total_mem = get_default_phys_mem();
int progress = TRUE;
int force_progress = FALSE;
struct file_buffer **fragment = NULL;
--
cgit v0.10.1

29
squashfs-tools/cve-2015-4645.patch
Unescape View File

@ -0,0 +1,29 @@
diff --git a/squashfs-tools/unsquash-4.c b/squashfs-tools/unsquash-4.c
index ecdaac796f09..2c0cf63daf67 100644
--- a/squashfs-tools/unsquash-4.c
+++ b/squashfs-tools/unsquash-4.c
@@ -31,9 +31,9 @@ static unsigned int *id_table;
int read_fragment_table_4(long long *directory_table_end)
{
int res, i;
- int bytes = SQUASHFS_FRAGMENT_BYTES(sBlk.s.fragments);
- int indexes = SQUASHFS_FRAGMENT_INDEXES(sBlk.s.fragments);
- long long fragment_table_index[indexes];
+ size_t bytes = SQUASHFS_FRAGMENT_BYTES(sBlk.s.fragments);
+ size_t indexes = SQUASHFS_FRAGMENT_INDEXES(sBlk.s.fragments);
+ long long *fragment_table_index;
TRACE("read_fragment_table: %d fragments, reading %d fragment indexes "
"from 0x%llx\n", sBlk.s.fragments, indexes,
@@ -44,6 +44,11 @@ int read_fragment_table_4(long long *directory_table_end)
return TRUE;
}
+ fragment_table_index = malloc(indexes*sizeof(long long));
+ if(fragment_table_index == NULL)
+ EXIT_UNSQUASH("read_fragment_table: failed to allocate "
+ "fragment table index\n");
+
fragment_table = malloc(bytes);
if(fragment_table == NULL)
EXIT_UNSQUASH("read_fragment_table: failed to allocate "

11
squashfs-tools/local-cve-fix.patch
Unescape View File

@ -0,0 +1,11 @@
--- squashfs-tools/unsquash-4.c.orig 2015-06-24 14:23:22.270710744 -0500
+++ squashfs-tools/unsquash-4.c 2015-06-24 14:24:13.671243487 -0500
@@ -35,7 +35,7 @@
size_t indexes = SQUASHFS_FRAGMENT_INDEXES(sBlk.s.fragments);
long long *fragment_table_index;
- TRACE("read_fragment_table: %d fragments, reading %d fragment indexes "
+ TRACE("read_fragment_table: %u fragments, reading %zu fragment indexes "
"from 0x%llx\n", sBlk.s.fragments, indexes,
sBlk.s.fragment_table_start);

33
squashfs-tools/mem-overflow.patch
Unescape View File

@ -0,0 +1,33 @@
From 604b607d8ac91eb8afc0b6e3d917d5c073096103 Mon Sep 17 00:00:00 2001
From: Phillip Lougher <phillip@squashfs.org.uk>
Date: Wed, 11 Jun 2014 04:51:37 +0100
Subject: mksquashfs: ensure value does not overflow a signed int in -mem
option
Signed-off-by: Phillip Lougher <phillip@squashfs.org.uk>
diff --git a/squashfs-tools/mksquashfs.c b/squashfs-tools/mksquashfs.c
index 5370ecf..9676dc8 100644
--- a/squashfs-tools/mksquashfs.c
+++ b/squashfs-tools/mksquashfs.c
@@ -5193,7 +5193,16 @@ print_compressor_options:
argv[0]);
exit(1);
}
- /* convert from bytes to Mbytes */
+
+ /*
+ * convert from bytes to Mbytes, ensuring the value
+ * does not overflow a signed int
+ */
+ if(number >= (1LL << 51)) {
+ ERROR("%s: -mem invalid mem size\n", argv[0]);
+ exit(1);
+ }
+
total_mem = number / 1048576;
if(total_mem < (SQUASHFS_LOWMEM / SQUASHFS_TAKE)) {
ERROR("%s: -mem should be %d Mbytes or "
--
cgit v0.10.1

146
squashfs-tools/mksquashfs.1
Unescape View File

@ -0,0 +1,146 @@
.TH MKSQUASHFS 1 "2014\-05\-13" "4.3" "create and append squashfs filesystems"
.SH NAME
mksquashfs \- tool to create and append to squashfs filesystems
.SH SYNOPSIS
\fBmksquashfs\fR \fISOURCE\fR [\fISOURCE2\fR \fI...\fR] \fIDESTINATION\fR [\fIOPTIONS\fR]
.SH DESCRIPTION
Squashfs is a highly compressed read\-only filesystem for Linux. It uses zlib compression to compress both files, inodes and directories. Inodes in the system are very small and all blocks are packed to minimize data overhead. Block sizes greater than 4K are supported up to a maximum of 64K.
.PP
Squashfs is intended for general read\-only filesystem use, for archival use (i.e. in cases where a .tar.gz file may be used), and in constrained block device/memory systems (e.g. embedded systems) where low overhead is needed.
.SH OPTIONS
.SS Filesystem build options
.IP "\-comp \fICOMPRESSION\fR" 4
select \fICOMPRESSION\fR compression. Compressors available: gzip (default), lzma (no kernel support), lzo, lz4 and xz.
.IP "\-b \fIBLOCK_SIZE\fR"
set data block to \fIBLOCK_SIZE\fR. Default 131072 bytes. Optionally K or M can be used as a suffix to specify kilobytes or megabytes, respectively.
.IP "\-no\-exports" 4
don't make the filesystem exportable via NFS.
.IP "\-no\-sparse" 4
don't detect sparse files.
.IP "\-no\-xattrs" 4
don't store extended attributes.
.IP "\-xattrs" 4
store extended attributes (default).
.IP "\-noI" 4
do not compress inode table.
.IP "\-noD" 4
do not compress data blocks.
.IP "\-noF" 4
do not compress fragment blocks.
.IP "\-noX" 4
do not compress extended attributes.
.IP "\-no\-fragments" 4
do not use fragments.
.IP "\-always\-use\-fragments" 4
use fragment blocks for files larger than block size.
.IP "\-no\-duplicates" 4
do not perform duplicate checking.
.IP "\-all\-root" 4
make all files owned by root.
.IP "\-force\-uid uid" 4
set all file uids to uid.
.IP "\-force\-gid gid" 4
set all file gids to gid.
.IP "\-nopad" 4
do not pad filesystem to a multiple of 4K.
.IP "\-keep\-as\-directory" 4
if one source directory is specified, create a root directory containing that directory, rather than the contents of the directory.
.SS Filesystem filter options
.IP "\-p \fIPSEUDO_DEFINITION\fR" 4
Add pseudo file definition.
.IP "\-pf \fIPSEUDO_FILE\fR" 4
Add list of pseudo file definitions.
.IP "\-sort \fISORT_FILE\fR" 4
sort files according to priorities in \fISORT_FILE\fR. One file or dir with priority per line. Priority \-32768 to 32767, default priority 0.
.IP "\-ef \fIEXCLUDE_FILE\fR" 4
list of exclude dirs/files. One per line.
.IP "\-wildcards" 4
Allow extended shell wildcards (globbing) to be used in exclude dirs/files
.IP "\-regex" 4
Allow POSIX regular expressions to be used in exclude dirs/files.
.SS Filesystem append options
.IP "\-noappend" 4
do not append to existing filesystem.
.IP "\-root\-becomes \fINAME\fR" 4
when appending source files/directories, make the original root become a subdirectory in the new root called \fINAME\fR, rather than adding the new source items to the original root.
.SS Mksquashfs runtime options:
.IP "\-version" 4
print version, licence and copyright message.
.IP "\-exit\-on\-error" 4
treat normally ignored errors as fatal.
.IP "\-recover \fINAME\fR" 4
recover filesystem data using recovery file \fINAME\fR.
.IP "\-no\-recovery" 4
don't generate a recovery file.
.IP "\-info" 4
print files written to filesystem.
.IP "\-no\-progress" 4
don't display the progress bar.
.IP "\-progress" 4
display progress bar when using the \-info option.
.IP "\-processors \fINUMBER\fR" 4
Use \fINUMBER\fR processors. By default will use number of processors available.
.IP "\-mem \fISIZE\fR" 4
Use \fISIZE\fR physical memory. Optionally K or M can be used as a suffix for kilobytes or megabytes, respectively. Default 25% of memory.
.IP "\-read\-queue \fISIZE\fR" 4
Deprecated. Use \-mem instead.
.IP "\-write\-queue \fISIZE\fR" 4
Deprecated. Use \-mem instead.
.IP "\-fragment\-queue \fISIZE\fR" 4
Deprecated. Use \-mem instead.
.SS Miscellaneous options
.IP "\-root\-owned" 4
alternative name for \-all\-root.
.IP "\-noInodeCompression" 4
alternative name for \-noI.
.IP "\-noDataCompression" 4
alternative name for \-noD.
.IP "\-noFragmentCompression" 4
alternative name for \-noF.
.IP "\-noXattrCompression" 4
alternative name for \-noX.
.IP "\-Xhelp" 4
print compressor options for selected compressor
.SS Compressors available and compressor specific options
.IP "gzip (default)"
.IP "\-Xcompression-level \fIcompression\-level\fR" 4
\fIcompression\-level\fR should be 1 .. 9 (default 9)
.IP "\-Xwindow\-size \fIwindow\-size\fR" 4
\fIwindow\-size\fR should be 8 .. 15 (default 15)
.IP "\-Xstrategy strategy1,strategy2,...,strategyN" 4
Compress using strategy1,strategy2,...,strategyN in turn and choose the best compression. Available strategies: default, filtered, huffman_only, run_length_encoded and fixed
.IP "lzmz (no options) (no kernel support)" 4
.IP "lzo" 4
.IP "\-Xalgorithm \fIalgorithm\fR" 4
Where \fIalgorithm\fR is one of: lzo1x_1, lzo1x_1_11, lzo1x_1_12, lzo1x_1_15 or lzo1x_999. (default lzo1x_999)
.IP "\-Xcompression\-level \fIcompression\-level\fR" 4
\fIcompression\-level\fR should be 1 .. 9 (default 8)
.IP "lz4" 4
.IP "\-Xhc"
Compress using LZ4 High Compression
.IP "xz" 4
.IP "\-Xbcj filter1,filter2,...,filterN" 4
Compress using filter1,filter2,...,filterN in turn (in addition to no filter), and choose the best compression. Available filters: x86, arm, armthumb, powerpc, sparc, ia64.
.IP "\-Xdict\-size \fIDICT_SIZE\fR" 4
Use \fIDICT_SIZE\fR as the XZ dictionary size. The dictionary size can be specified as a percentage of the block size, or as an absolute value. The dictionary size must be less than or equal to the block size and 8192 bytes or larger. It must also be storable in the xz header as either 2^n or as 2^n+2^(n+1). Example dict\-sizes are 75%, 50%, 37.5%, 25%, or 32K, 16K, 8K etc.
.SH SEE ALSO
unsquashfs(1)
.SH HOMEPAGE
More information about mksquashfs and the squashfs filesystem can be found at <\fIhttp://squashfs.sourceforge.net/\fR>.
.SH AUTHOR
squashfs was written by Phillip Lougher <\fIplougher@users.sourceforge.net\fR>.
.PP
This manual page was written by Daniel Baumann <\fIdaniel.baumann@progress\-technologies.net\fR>. With some updates for 4.3 for use with Fedora.

220
squashfs-tools/remove-frag_deflator_thread.patch
Unescape View File

@ -0,0 +1,220 @@
From afc0c76a170bd17cbd29bbec6ae6d2227e398570 Mon Sep 17 00:00:00 2001
From: Alexander Couzens <lynxis@fe80.eu>
Date: Fri, 13 Jan 2017 22:00:37 +0100
Subject: [PATCH] remove frag_deflator_thread
frag_deflator_thread compress fragments.
Replace the deflator_thread with a function and
use the function instead of the to_frag queue.
---
squashfs-tools/info.c | 5 ---
squashfs-tools/mksquashfs.c | 76 +++++++++++++------------------------
squashfs-tools/mksquashfs.h | 2 +-
squashfs-tools/restore.c | 15 +-------
4 files changed, 30 insertions(+), 68 deletions(-)
diff --git a/squashfs-tools/info.c b/squashfs-tools/info.c
index 7968c77..028d578 100644
--- a/squashfs-tools/info.c
+++ b/squashfs-tools/info.c
@@ -96,11 +96,6 @@ void dump_state()
printf("compressed block queue (deflate thread(s) -> main thread)\n");
dump_seq_queue(to_main, 0);
- printf("uncompressed packed fragment queue (main thread -> fragment"
- " deflate thread(s))\n");
- dump_queue(to_frag);
-
-
printf("locked frag queue (compressed frags waiting while multi-block"
" file is written)\n");
dump_queue(locked_fragment);
diff --git a/squashfs-tools/mksquashfs.c b/squashfs-tools/mksquashfs.c
index cf48e40..cacf14c 100644
--- a/squashfs-tools/mksquashfs.c
+++ b/squashfs-tools/mksquashfs.c
@@ -270,10 +270,10 @@ unsigned int sid_count = 0, suid_count = 0, sguid_count = 0;
struct cache *reader_buffer, *fragment_buffer, *reserve_cache;
struct cache *bwriter_buffer, *fwriter_buffer;
struct queue *to_reader, *to_deflate, *to_writer, *from_writer,
- *to_frag, *locked_fragment, *to_process_frag;
+ *locked_fragment, *to_process_frag;
struct seq_queue *to_main;
pthread_t reader_thread, writer_thread, main_thread;
-pthread_t *deflator_thread, *frag_deflator_thread, *frag_thread;
+pthread_t *deflator_thread, *frag_thread;
pthread_t *restore_thread = NULL;
pthread_mutex_t fragment_mutex = PTHREAD_MUTEX_INITIALIZER;
pthread_mutex_t pos_mutex = PTHREAD_MUTEX_INITIALIZER;
@@ -323,7 +323,7 @@ struct dir_info *scan1_opendir(char *pathname, char *subpath, int depth);
void write_filesystem_tables(struct squashfs_super_block *sBlk, int nopad);
unsigned short get_checksum_mem(char *buff, int bytes);
void check_usable_phys_mem(int total_mem);
-
+void frag_deflator(struct file_buffer *file_buffer);
void prep_exit()
{
@@ -1540,7 +1540,7 @@ void write_fragment(struct file_buffer *fragment)
pthread_mutex_lock(&fragment_mutex);
fragment_table[fragment->block].unused = 0;
fragments_outstanding ++;
- queue_put(to_frag, fragment);
+ frag_deflator(fragment);
pthread_cleanup_pop(1);
}
@@ -2412,51 +2412,34 @@ void *deflator(void *arg)
}
-void *frag_deflator(void *arg)
+void frag_deflator(struct file_buffer *file_buffer)
{
- void *stream = NULL;
- int res;
-
- res = compressor_init(comp, &stream, block_size, 1);
- if(res)
- BAD_ERROR("frag_deflator:: compressor_init failed\n");
- pthread_cleanup_push((void *) pthread_mutex_unlock, &fragment_mutex);
-
- while(1) {
- int c_byte, compressed_size;
- struct file_buffer *file_buffer = queue_get(to_frag);
- struct file_buffer *write_buffer =
+ int c_byte, compressed_size;
+ struct file_buffer *write_buffer =
cache_get(fwriter_buffer, file_buffer->block);
- c_byte = mangle2(stream, write_buffer->data, file_buffer->data,
- file_buffer->size, block_size, noF, 1);
- compressed_size = SQUASHFS_COMPRESSED_SIZE_BLOCK(c_byte);
- write_buffer->size = compressed_size;
- pthread_mutex_lock(&fragment_mutex);
- if(fragments_locked == FALSE) {
- fragment_table[file_buffer->block].size = c_byte;
- fragment_table[file_buffer->block].start_block = bytes;
- write_buffer->block = bytes;
- bytes += compressed_size;
- fragments_outstanding --;
- pthread_mutex_unlock(&fragment_mutex);
- queue_put(to_writer, write_buffer);
- TRACE("Writing fragment %lld, uncompressed size %d, "
- "compressed size %d\n", file_buffer->block,
- file_buffer->size, compressed_size);
- } else {
- add_pending_fragment(write_buffer, c_byte,
- file_buffer->block);
- pthread_mutex_unlock(&fragment_mutex);
- }
- cache_block_put(file_buffer);
+ c_byte = mangle2(stream, write_buffer->data, file_buffer->data,
+ file_buffer->size, block_size, noF, 1);
+ compressed_size = SQUASHFS_COMPRESSED_SIZE_BLOCK(c_byte);
+ write_buffer->size = compressed_size;
+ if(fragments_locked == FALSE) {
+ fragment_table[file_buffer->block].size = c_byte;
+ fragment_table[file_buffer->block].start_block = bytes;
+ write_buffer->block = bytes;
+ bytes += compressed_size;
+ fragments_outstanding --;
+ queue_put(to_writer, write_buffer);
+ TRACE("Writing fragment %lld, uncompressed size %d, "
+ "compressed size %d\n", file_buffer->block,
+ file_buffer->size, compressed_size);
+ } else {
+ add_pending_fragment(write_buffer, c_byte,
+ file_buffer->block);
}
-
- pthread_cleanup_pop(0);
+ cache_block_put(file_buffer);
}
-
struct file_buffer *get_file_buffer()
{
struct file_buffer *file_buffer = seq_queue_get(to_main);
@@ -4257,19 +4240,17 @@ void initialise_threads(int readq, int fragq, int bwriteq, int fwriteq,
multiply_overflow(processors * 3, sizeof(pthread_t)))
BAD_ERROR("Processors too large\n");
- deflator_thread = malloc(processors * 3 * sizeof(pthread_t));
+ deflator_thread = malloc(processors * 2 * sizeof(pthread_t));
if(deflator_thread == NULL)
MEM_ERROR();
- frag_deflator_thread = &deflator_thread[processors];
- frag_thread = &frag_deflator_thread[processors];
+ frag_thread = &deflator_thread[processors];
to_reader = queue_init(1);
to_deflate = queue_init(reader_size);
to_process_frag = queue_init(reader_size);
to_writer = queue_init(bwriter_size + fwriter_size);
from_writer = queue_init(1);
- to_frag = queue_init(fragment_size);
locked_fragment = queue_init(fragment_size);
to_main = seq_queue_init();
reader_buffer = cache_init(block_size, reader_size, 0, 0);
@@ -4285,9 +4266,6 @@ void initialise_threads(int readq, int fragq, int bwriteq, int fwriteq,
for(i = 0; i < processors; i++) {
if(pthread_create(&deflator_thread[i], NULL, deflator, NULL))
BAD_ERROR("Failed to create thread\n");
- if(pthread_create(&frag_deflator_thread[i], NULL, frag_deflator,
- NULL) != 0)
- BAD_ERROR("Failed to create thread\n");
if(pthread_create(&frag_thread[i], NULL, frag_thrd,
(void *) destination_file) != 0)
BAD_ERROR("Failed to create thread\n");
diff --git a/squashfs-tools/mksquashfs.h b/squashfs-tools/mksquashfs.h
index 55708a3..dc5bde4 100644
--- a/squashfs-tools/mksquashfs.h
+++ b/squashfs-tools/mksquashfs.h
@@ -135,7 +135,7 @@ struct append_file {
extern struct cache *reader_buffer, *fragment_buffer, *reserve_cache;
struct cache *bwriter_buffer, *fwriter_buffer;
extern struct queue *to_reader, *to_deflate, *to_writer, *from_writer,
- *to_frag, *locked_fragment, *to_process_frag;
+ *locked_fragment, *to_process_frag;
extern struct append_file **file_mapping;
extern struct seq_queue *to_main;
extern pthread_mutex_t fragment_mutex, dup_mutex;
diff --git a/squashfs-tools/restore.c b/squashfs-tools/restore.c
index 5e336b3..a7aaf2e 100644
--- a/squashfs-tools/restore.c
+++ b/squashfs-tools/restore.c
@@ -47,8 +47,8 @@
#define TRUE 1
extern pthread_t reader_thread, writer_thread, main_thread;
-extern pthread_t *deflator_thread, *frag_deflator_thread, *frag_thread;
-extern struct queue *to_deflate, *to_writer, *to_frag, *to_process_frag;
+extern pthread_t *deflator_thread, *frag_thread;
+extern struct queue *to_deflate, *to_writer, *to_process_frag;
extern struct seq_queue *to_main;
extern void restorefs();
extern int processors;
@@ -120,17 +120,6 @@ void *restore_thrd(void *arg)
pthread_cancel(main_thread);
pthread_join(main_thread, NULL);
- /* then flush the main thread to fragment deflator thread(s)
- * queue. The fragment deflator thread(s) will idle
- */
- queue_flush(to_frag);
-
- /* now kill the fragment deflator thread(s) */
- for(i = 0; i < processors; i++)
- pthread_cancel(frag_deflator_thread[i]);
- for(i = 0; i < processors; i++)
- pthread_join(frag_deflator_thread[i], NULL);
-
/*
* then flush the main thread/fragment deflator thread(s)
* to writer thread queue. The writer thread will idle
--
2.17.1

352
squashfs-tools/squashfs-tools.spec
Unescape View File

@ -0,0 +1,352 @@
Summary: Utility for the creation of squashfs filesystems
Name: squashfs-tools
Version: 4.3
Release: 16%{?dist}
License: GPLv2+
Group: System Environment/Base
URL: http://squashfs.sourceforge.net/
Source0: http://downloads.sourceforge.net/squashfs/squashfs%{version}.tar.gz
# manpages from http://ftp.debian.org/debian/pool/main/s/squashfs-tools/squashfs-tools_4.2+20121212-1.debian.tar.xz
# The man pages have been modified for 4.3 for Fedora.
Source1: mksquashfs.1
Source2: unsquashfs.1
# From master branch (55f7ba830d40d438f0b0663a505e0c227fc68b6b).
# 32 bit process can use too much memory when using PAE or 64 bit kernels
Patch0: PAE.patch
# From master branch (604b607d8ac91eb8afc0b6e3d917d5c073096103).
# Prevent overflows when using the -mem option.
Patch1: mem-overflow.patch
# From squashfs-devel@lists.sourceforge.net by Guan Xin <guanx.bac@gmail.com>
# For https://bugzilla.redhat.com/show_bug.cgi?id=1141206
Patch2: 2gb.patch
# From https://github.com/gcanalesb/sasquatch/commit/6777e08cc38bc780d27c69c1d8c272867b74524f
# Which is forked from Phillip's squashfs-tools, though it looks like
# the issue applies to us.
Patch3: cve-2015-4645.patch
# Update formats to match changes in cve-2015-4645.patch
Patch4: local-cve-fix.patch
# Backports from 5.0-rc1 for reproducible builds
Patch5: remove-frag_deflator_thread.patch
Patch6: If-SOURCE_DATE_EPOCH-is-set-override-timestamps-with.patch
Patch7: If-SOURCE_DATE_EPOCH-is-set-also-clamp-content-times.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
BuildRequires: zlib-devel
BuildRequires: xz-devel
BuildRequires: lzo-devel
BuildRequires: libattr-devel
BuildRequires: lz4-devel
%description
Squashfs is a highly compressed read-only filesystem for Linux. This package
contains the utilities for manipulating squashfs filesystems.
%prep
%setup -q -n squashfs%{version}
%patch0 -p1
%patch1 -p1
%patch2 -p0
%patch3 -p1
%patch4 -p0
%patch5 -p1
%patch6 -p1
%patch7 -p1
%build
pushd squashfs-tools
CFLAGS="%{optflags}" XZ_SUPPORT=1 LZO_SUPPORT=1 LZMA_XZ_SUPPORT=1 LZ4_SUPPORT=1 make %{?_smp_mflags}
%install
mkdir -p %{buildroot}%{_sbindir} %{buildroot}%{_mandir}/man1
install -m 755 squashfs-tools/mksquashfs %{buildroot}%{_sbindir}/mksquashfs
install -m 755 squashfs-tools/unsquashfs %{buildroot}%{_sbindir}/unsquashfs
install -m 644 %{SOURCE1} %{buildroot}%{_mandir}/man1/mksquashfs.1
install -m 644 %{SOURCE2} %{buildroot}%{_mandir}/man1/unsquashfs.1
%clean
rm -rf %{buildroot}
%files
%defattr(-,root,root,-)
%doc README ACKNOWLEDGEMENTS DONATIONS PERFORMANCE.README README-4.3 CHANGES pseudo-file.example COPYING
%doc README
%{_mandir}/man1/*
%{_sbindir}/mksquashfs
%{_sbindir}/unsquashfs
%changelog
* Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 4.3-16
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 4.3-15
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 4.3-14
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 4.3-13
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
* Fri Feb 05 2016 Fedora Release Engineering <releng@fedoraproject.org> - 4.3-12
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
* Tue Jun 23 2015 Bruno Wolff III <bruno@wolff.to> - 4.3-10
- Fix for CVE 2015-4645/4646
* Fri Jun 19 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 4.3-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
* Sat Sep 13 2014 Bruno Wolff III <bruno@wolff.to> 4.3-8
- Fix for files >= 2gb rhbz #1141206
* Mon Aug 18 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 4.3-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Fri Jun 13 2014 Bruno Wolff III <bruno@wolff.to> 4.3-6
- Apply a couple of upstream patches.
- Fixes issue issue with too much memory use under PAE kernels
* Sun Jun 08 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 4.3-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Wed May 14 2014 Bruno Wolff III <bruno@wolff.to> 4.3-4
- Even more man page fixes
* Wed May 14 2014 Bruno Wolff III <bruno@wolff.to> 4.3-3
- More mksquashfs man page fixes
* Tue May 13 2014 Bruno Wolff III <bruno@wolff.to> 4.3-2
- Add missed option to the mksquashfs man page
* Tue May 13 2014 Bruno Wolff III <bruno@wolff.to> 4.3-1
- Update to real 4.3 release
- Added support for lz4 since the stable snapshot
- Added support for alternate zlib compression strategies
* Sun Aug 04 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 4.3-0.19.gitaae0aff4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Sat Jun 22 2013 Bruno Wolff III <bruno@wolff.to> - 4.3-0.18.gitaae0aff4
- Latest pre 4.3 stable snapshot
- A few minor bug fixes
- Improvements in getting status info while running unsquashfs
* Tue Jun 04 2013 Bruno Wolff III <bruno@wolff.to> - 4.3-0.17.git5c6f0024
- Latest pre 4.3 snapshot
- Includes fix for mksquashfs hangs
- Switch to get pre-release updates from the stable branch at kernel.org
* Thu May 23 2013 Bruno Wolff III <bruno@wolff.to> - 4.3-0.16.git84d8ae5c
- Latest pre 4.3 snapshot
- Fix for a rare race condition
* Sun May 19 2013 Bruno Wolff III <bruno@wolff.to> - 4.3-0.15.git27d7c14b
- Latest pre 4.3 snapshot
- queue fragment and empty file buffers directly to main thread
* Wed May 15 2013 Bruno Wolff III <bruno@wolff.to> - 4.3-0.14.git8ce5585e
- Latest pre 4.3 snapshot
- Includes upstream bugfix introduced with the sequential queue change
* Sat May 11 2013 Bruno Wolff III <bruno@wolff.to> - 4.3-0.13.gitc2362556
- Latest pre 4.3 snapshot
- Sequential queue change
* Mon May 06 2013 Bruno Wolff III <bruno@wolff.to> - 4.3-0.12.git9353c998
- Latest pre 4.3 snapshot
* Sun Mar 31 2013 Bruno Wolff III <bruno@wolff.to> - 4.3-0.11.git8228a3e8
- Latest pre 4.3 snapshot
- SIGQUIT now displays the file being squashed
* Wed Mar 06 2013 Bruno Wolff III <bruno@wolff.to> - 4.3-0.10.git6a103792
- Latest pre 4.3 snapshot
- Pick up some more error handling improvements
* Sun Mar 03 2013 Kyle McMartin <kmcmarti@redhat.com>
- Move mksquashfs to /usr/sbin, as per UsrMove.
* Sun Mar 03 2013 Kyle McMartin <kmcmarti@redhat.com>
- Add mksquashfs.1 and unsquashfs.1 manpages from Debian.
* Mon Feb 18 2013 Bruno Wolff III <bruno@wolff.to> - 4.3-0.9.git3ec9c8f7
- Latest pre 4.3 snapshot
- Better error handling when space runs out
* Wed Feb 13 2013 Bruno Wolff III <bruno@wolff.to> - 4.3-0.8.gitca6a1c90
- Latest pre 4.3 snapshot
- New option to display compression options used
- Some error message improvements
* Fri Feb 01 2013 Bruno Wolff III <bruno@wolff.to> - 4.3-0.7.gitb10063a9
- Latest pre 4.3 snapshot
- More checks for bad data
* Sun Jan 13 2013 Bruno Wolff III <bruno@wolff.to> - 4.3-0.6.git6c0f229d
- Latest pre 4.3 snapshot
- Quote and backslash parsing for lexical analyzer
* Mon Dec 31 2012 Bruno Wolff III <bruno@wolff.to> - 4.3-0.5.gitc11af515
- Latest pre 4.3 snapshot
- A few memory leak fixes
- Additional checks for handling bad data
* Sun Dec 23 2012 Bruno Wolff III <bruno@wolff.to> - 4.3-0.4.git99a009c8
- Better checking of data in psuedo files
* Fri Dec 21 2012 Bruno Wolff III <bruno@wolff.to> - 4.3-0.3.git7ec6bd7a
- Better checking of data in sort, extract and exclude files
* Thu Dec 13 2012 Bruno Wolff III <bruno@wolff.to> - 4.3-0.2.git54719971
- Pick up a few more changes to better handle bad data
* Sat Dec 01 2012 Bruno Wolff III <bruno@wolff.to> - 4.3-0.1.git0be606be
- Pre-release of 4.3 to get early testing
- This update includes a bit of internal code infrastructure changes
- There are lots of fixes to better handle bad data
- The final release is expected sometime in December
- Until the release only the README doc file is available
* Sun Nov 25 2012 Bruno Wolff III <bruno@wolff.to> - 4.2-5
- Backported fix for bz 842460 (CVE-2012-4025)
* Thu Nov 22 2012 Bruno Wolff III <bruno@wolff.to> - 4.2-4
- Backported fix for bz 842458 (CVE-2012-4024)
* Sat Jul 21 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 4.2-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Sat Jan 14 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 4.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
* Tue Mar 01 2011 Bruno Wolff III <bruno@wolff.to> - 4.2-1
- 4.2 is released.
- Bugfix for bad data causing crash.
- Include doc files added for release.
- Big endian patch is now upstream.
- Buildroot tag isn't needed any more.
- We can now specify CFLAGS on the make call.
- Compressor options are now passed with the make call.
* Wed Feb 09 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 4.2-0.4.20101231
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Tue Jan 11 2011 Dan Horák <dan[at]danny.cz> - 4.2-0.3.20101231
- Add fixes for big-endian machines
* Sat Jan 01 2011 Bruno Wolff III <bruno@wolff.to> - 4.2-0.2.20101231
- Pull latest upstream snapshot
- Includes check for matching compression type when adding to an existing image
- Sample cvs command now includes timezone and specifies when on the date to use for the snapshot
* Fri Dec 24 2010 Bruno Wolff III <bruno@wolff.to> - 4.2-0.1.20101223
- Switch to 4.2 development snapshot to get new XZ support
- LZMA and XZ (LZMA2) support are now different
* Wed Oct 27 2010 Bruno Wolff III <bruno@wolff.to> - 4.1-3
- Rebuild for xz soname bump
* Wed Sep 29 2010 jkeating - 4.1-2
- Rebuilt for gcc bug 634757
* Tue Sep 21 2010 Bruno Wolff III <bruno@wolff.to> - 4.1-1
- Update to 4.1 final.
- Byte swap patch is now upstream.
- LZO compression type is now supported.
* Mon Sep 6 2010 Dan Horák <dan[at]danny.cz> - 4.1-0.5.20100827
- Add fixes for big-endian machines
* Sat Aug 28 2010 Bruno Wolff III <bruno@wolff.to> - 4.1-0.4.20100827
- Rebase to latest upstream.
- The main reason is to pick up a fix for large xattr similar to the large inode fix. This doesn't need to get backported as 4.0 doesn't have xattr support.
- An option was added to build without xattr support.
- Various source cleanups have been done as well.
* Tue Aug 03 2010 Bruno Wolff III <bruno@wolff.to> - 4.1-0.3.20100803
- Rebase to latest upstream
- Prevent warning message for xattr for virtual directory
- Fix issue with large inodes - BZ 619020
* Tue Jul 27 2010 Bruno Wolff III <bruno@wolff.to> - 4.1-0.2.20100727
- Rebase to latest upstream devel state. Mostly xattr fixes and cleanup.
* Tue Jun 08 2010 Bruno Wolff III <bruno@wolff.to> - 4.1-0.1.20100607
- Rebase to 4.1 prerelease with xz wrapper
- Provides lzma compression as an option.
- squashfs-fix-unsquashing-v3.patch is part of the 4.1 prerelease
* Wed May 5 2010 Kyle McMartin <kyle@redhat.com> 4.0-4
- squashfs-fix-unsquashing-v3.patch: pull in fix from cvs. Thanks pkl!
(rhbz#523504)
* Thu Feb 18 2010 Kyle McMartin <kyle@redhat.com> 4.0-3
- Update to release tarball as opposed to cvs snapshot.
- Add dist tag.
* Sun Jul 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 4.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
* Sun Apr 05 2009 Kyle McMartin <kyle@redhat.com> - 4.0-1
- Update to release 4.0
* Mon Mar 16 2009 Kyle McMartin <kyle@redhat.com> - 4.0-0.20090316
- update to cvs snap from 2009-03-16.
* Wed Feb 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 4.0-0.20090126
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
* Mon Jan 26 2009 Kyle McMartin <kyle@redhat.com> - 4.0-0.20090125
- update to cvs snap that should unbreak big endian machines creating
little endian fs.
* Mon Jan 12 2009 <katzj@redhat.com> - 4.0-0.20090112
- update to cvs snap that generates v4.0 images
* Tue Sep 30 2008 Jeremy Katz <katzj@redhat.com> - 3.4-1
- update to 3.4
* Tue Feb 19 2008 Fedora Release Engineering <rel-eng@fedoraproject.org> - 3.3-2
- Autorebuild for GCC 4.3
* Fri Dec 14 2007 Jeremy Katz <katzj@redhat.com> - 3.3-1
- Update to 3.3
* Wed Sep 5 2007 Jeremy Katz <katzj@redhat.com> - 3.2-2
- fixes from package review (#226430)
* Tue Mar 20 2007 Jeremy Katz <katzj@redhat.com> - 3.2-1
- update to 3.2r2
* Sun Oct 01 2006 Jesse Keating <jkeating@redhat.com> - 3.0-4
- rebuilt for unwind info generation, broken in gcc-4.1.1-21
* Mon Sep 18 2006 Jeremy Katz <katzj@redhat.com> - 3.0-3
- updated fragment size patch (#204638)
* Wed Aug 16 2006 Jeremy Katz <katzj@redhat.com> - 3.0-2
- add upstream patch for fragment size problem (#202663)
* Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - 3.0-1.1
- rebuild
* Fri Jun 23 2006 Jeremy Katz <katzj@redhat.com> - 3.0-1
- update to 3.0
- include unsquashfs
* Tue May 16 2006 Jeremy Katz <katzj@redhat.com>
- add BR on zlib-devel (Andreas Thienemann, #191880)
* Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> - 2.2r2-2.2.1
- bump again for double-long bug on ppc(64)
* Tue Feb 07 2006 Jesse Keating <jkeating@redhat.com> - 2.2r2-2.2
- rebuilt for new gcc4.1 snapshot and glibc changes
* Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com>
- rebuilt
* Thu Dec 1 2005 Jeremy Katz <katzj@redhat.com> - 2.2r2-1
- Initial build

BIN
squashfs-tools/squashfs4.3.tar.gz
View File

Binary file not shown.

66
squashfs-tools/unsquashfs.1
Unescape View File

@ -0,0 +1,66 @@
.TH UNSQUASHFS 1 "2014\-05\-13" "4.3" "uncompress squashfs filesystems"
.SH NAME
mksquashfs \- tool to uncompress squashfs filesystems
.SH SYNOPSIS
\fBunsquashfs\fR [\fIOPTIONS\fR] \fIFILESYSTEM\fR [\fIdirectories or files to extract\fR]
.SH DESCRIPTION
Squashfs is a highly compressed read\-only filesystem for Linux. It uses zlib compression to compress both files, inodes and directories. Inodes in the system are very small and all blocks are packed to minimize data overhead. Block sizes greater than 4K are supported up to a maximum of 64K.
.PP
Squashfs is intended for general read\-only filesystem use, for archival use (i.e. in cases where a .tar.gz file may be used), and in constrained block device/memory systems (e.g. embedded systems) where low overhead is needed.
.SH OPTIONS
.IP "\-v, \-version" 4
print version, licence and copyright information.
.IP "\-d \fIPATHNAME\fR, \-dest \fIPATHNAME\fR" 4
unsquash to \fIPATHNAME\fR, default "squashfs\-root".
.IP "\-n, \-no\-progress" 4
don't display the progress bar.
.IP "\-no, \-no\-xattrs" 4
don't extract xattrs in file system.
.IP "\-x, \-xattrs" 4
extract xattrs in file system (default).
.IP "\-u, \-user\-xattrs" 4
only extract user xattrs in file system. Enables extracting xattrs.
.IP "\-p \fINUMBER\fR, \-processors \fINUMBER\fR" 4
use \fINUMBER\fR processors. By default will use number of processors available.
.IP "\-i, \-info" 4
print files as they are unsquashed.
.IP "\-li, \-linfo" 4
print files as they are unsquashed with file attributes (like ls \-l output).
.IP "\-l, \-ls" 4
list filesystem, but don't unsquash.
.IP "\-ll, \-lls" 4
list filesystem with file attributes (like ls \-l output), but don't unsquash.
.IP "\-f, \-force" 4
if file already exists then overwrite.
.IP "\-s, \-stat" 4
display filesystem superblock information.
.IP "\-e \fIEXTRACT_FILE\fR, \-ef \fIEXTRACT_FILE\fR" 4
list of directories or files to extract. One per line.
.IP "\-da \fISIZE\fR, \-data\-queue \fISIZE\fR" 4
Set data queue to \fISIZE\fR Mbytes. Default 256 Mbytes.
.IP "\-fr \fISIZE\fR, \-frag\-queue \fISIZE\fR" 4
Set fragment queue to \fISIZE\fR Mbytes. Default 256 Mbytes.
.IP "\-r, \-regex" 4
treat extract names as POSIX regular expressions rather than use the default shell wildcard expansion (globbing).
.SS Decompressors available
.IP "gzip" 4
.IP "lzma" 4
.IP "lzo" 4
.IP "lz4" 4
.IP "xz" 4
.SH SEE ALSO
mksquashfs(1)
.SH HOMEPAGE
More information about unsquashfs and the squashfs filesystem can be found at <\fIhttp://squashfs.sourceforge.net/\fR>.
.SH AUTHOR
squashfs was written by Phillip Lougher <\fIplougher@users.sourceforge.net\fR>.
.PP
This manual page was written by Daniel Baumann <\fIdaniel.baumann@progress\-technologies.net\fR>. With some updates for 4.3 for use with Fedora.
Write Preview
Loading…
Cancel
Save