build: remove sgid permission from tar
authorEneas U de Queiroz <cote2004-github@yahoo.com>
Thu, 28 Mar 2019 16:58:07 +0000 (16:58 +0000)
committerChristian Lamparter <chunkeey@gmail.com>
Sat, 6 Apr 2019 17:14:06 +0000 (19:14 +0200)
Otherwise tar will keep the sgid bit when running
from a sgid-set directory, resulting in a different
file being generated.

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
[reworked commit message, removed DMARC]

include/download.mk
include/image.mk

index 3314191..09794e1 100644 (file)
@@ -55,7 +55,8 @@ define dl_pack
        $(if $(dl_pack/$(call ext,$(1))),$(dl_pack/$(call ext,$(1))),$(dl_pack/unknown))
 endef
 define dl_tar_pack
-       $(TAR) --numeric-owner --owner=0 --group=0 --sort=name $$$${TAR_TIMESTAMP:+--mtime="$$$$TAR_TIMESTAMP"} -c $(2) | $(call dl_pack,$(1))
+       $(TAR) --numeric-owner --owner=0 --group=0 --mode=a-s --sort=name \
+               $$$${TAR_TIMESTAMP:+--mtime="$$$$TAR_TIMESTAMP"} -c $(2) | $(call dl_pack,$(1))
 endef
 
 ifdef CHECK
index edbd5b8..5b02219 100644 (file)
@@ -291,7 +291,7 @@ endef
 
 ifdef CONFIG_TARGET_ROOTFS_TARGZ
   define Image/Build/targz
-       $(TAR) -cp --numeric-owner --owner=0 --group=0 --sort=name \
+       $(TAR) -cp --numeric-owner --owner=0 --group=0 --mode=a-s --sort=name \
                $(if $(SOURCE_DATE_EPOCH),--mtime="@$(SOURCE_DATE_EPOCH)") \
                -C $(TARGET_DIR)/ . | gzip -9n > $(BIN_DIR)/$(IMG_PREFIX)$(if $(PROFILE_SANITIZED),-$(PROFILE_SANITIZED))-rootfs.tar.gz
   endef