[OE-core] [PATCH] patch: reproducibility: Fix host umask leakage
Douglas Royds
douglas.royds at taitradio.com
Thu Dec 20 23:11:28 UTC 2018
I haven't sent this as a "v2", because of the change of subject line.
On 21/12/18 12:10 PM, Douglas Royds wrote:
> Some patch files create entirely new files, so their permissions are subject to
> the host umask. If such a file is later installed into a package with no change
> in permissions, it breaks the reproducibility of the package.
>
> This was observed on libpam, for instance: The patch file
> pam-security-abstract-securetty-handling.patch creates a new file
> (tty_secure.c). This file is later copied into the -dbg package with no change
> in permissions.
>
> Signed-off-by: Douglas Royds <douglas.royds at taitradio.com>
> ---
> meta/classes/patch.bbclass | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/meta/classes/patch.bbclass b/meta/classes/patch.bbclass
> index 3e0a181821..cd241f1c84 100644
> --- a/meta/classes/patch.bbclass
> +++ b/meta/classes/patch.bbclass
> @@ -153,6 +153,7 @@ python patch_do_patch() {
> patch_do_patch[vardepsexclude] = "PATCHRESOLVE"
>
> addtask patch after do_unpack
> +do_patch[umask] = "022"
> do_patch[dirs] = "${WORKDIR}"
> do_patch[depends] = "${PATCHDEPENDENCY}"
>
More information about the Openembedded-core
mailing list