[OE-core] dbus build host uid/gid leaking into target home directory

[Martin Jansa]

On Tue, Oct 14, 2014 at 07:23:52AM +0100, Paul Barker wrote:
> On 13 October 2014 10:13, Paul Eggleton <paul.eggleton at linux.intel.com> wrote:
> > On Sunday 12 October 2014 16:05:41 Peter A. Bigot wrote:
> >> Pilot error.  This ultimately turned out to be a side-effect of the way
> >> I create my image media: I unpacking the rootfs tar file onto a mounted
> >> sdcard outside the pseudo environment and forgot that tar records
> >> user/group by name not uid/gid.
> >
> > I used to use this method previously, and I guess it can still work if you're
> > not including certain packages in your image - but I wonder if we should note
> > this potential pitfall somewhere in the documentation. I'm not entirely sure
> > where such a note would go, though.
> >
> 
> It probably does need noting somewhere - I've been doing exactly this
> for the last year or so and never even thought that I might be risking
> bad uid/gid values. It makes sense now I think about it but it never
> crossed my mind.
> 
> Looking at 'man tar', there is a '--numeric-owner' option to always
> use numbers for user/group names. It might just be that we need to
> recommend using this option when untarring a rootfs onto a mounted
> volume. This option is present in GNU tar, I'm not sure about other
> implementations, and I haven't given it a proper test, but it looks
> like the thing we want.

It's not supported in busybox's tar implementation at least wasn't with
default config last time I've checked couple years ago - we're using it
since then without any issues.

-- 
Martin 'JaMa' Jansa     jabber: Martin.Jansa at gmail.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: Digital signature
URL: <http://lists.openembedded.org/pipermail/openembedded-core/attachments/20141014/abf7d2a0/attachment-0002.sig>