Bug 30837

Summary: [sysinstall] sysinstall doesn't set the schg flag on the sensitive files
Product: Base System Reporter: Yar Tikhiy <yar>
Component: binAssignee: kensmith
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: 4.4-RELEASE   
Hardware: Any   
OS: Any   

Description Yar Tikhiy 2001-09-26 08:30:02 UTC 
	After install or upgrade procedure, sysinstall leaves /kernel,
	/sbin/init, /usr/bin/libc.so.*, and the whole bunch of other
	sensitive files with the system-immutable flag unset.
	It is rather unexpected to those admins who usually install
	or upgrade the system from source.

Fix: 

There are at least three possible ways to deal with the problem:

	First, sysinstall(8) may be taught to set the schg flag on the files.
	However, that would require maintaining the list of sensitive
	files within the sysinstall configuration while the information
	is already contained in the corresponding Makefiles.

	Second, tar(1) may be modified to save and restore file flags.
	This solution is likely to cause compatibility problems, though.

	Third, the current sysinstall vs. make world behaviour may be
	documented - as I can see, it isn't yet.
How-To-Repeat: 	Do a fresh install or an upgrade.  See /kernel, /sbin/init etc
	have no schg flag.
Comment 1 Johan Karlsson freebsd_committer freebsd_triage 2003-05-06 21:54:59 UTC 
Responsible Changed
From-To: freebsd-bugs->qa

Over to maintainer group.
Comment 2 John Baldwin freebsd_committer freebsd_triage 2004-08-02 19:39:52 UTC 
Responsible Changed
From-To: qa->freebsd-qa

Canonicalize responsible.
Comment 3 kensmith freebsd_committer freebsd_triage 2008-01-02 10:01:47 UTC 
Responsible Changed
From-To: freebsd-bugs->kensmith


I have a proof-of-concept patch that switches sysinstall over to using 
tar instead of cpio.  cpio doesn't honor file flags so when sysinstall 
uses it to unpack the "base" distribution any file flags info gets lost.
Comment 4 kensmith freebsd_committer freebsd_triage 2008-12-07 06:29:53 UTC 
State Changed
From-To: open->closed


This is fixed in head.  Sysinstall has been modified to use bsdcpio 
instead of gnucpio, and bsdcpio has been fixed to honor the extra 
file attribute flags.