[OE-core] [PATCH] devtool: deploy-target: support "unsafe" symlinks
Andre McCurdy
armccurdy at gmail.com
Tue Feb 26 23:11:58 UTC 2019
On Tue, Feb 26, 2019 at 1:40 AM Olaf Mandel <o.mandel at menlosystems.com> wrote:
>
> The bosybox version of tar considers symlink targets that start with /
> or with ../ to be unsafe and refuses to unpack them unless the
> EXTRACT_UNSAFE_SYMLINKS environment variable is set to 1.
>
> As even many core packages legitimately contain such links (e.g.
> coreutils-locale-*, dropbear, eudev, initscripts, kmod, ...), add the
> environment variable to the remote script.
Upstream Busybox seems to have a different solution, so perhaps worth
adding a comment that EXTRACT_UNSAFE_SYMLINKS is a temporary /
version-specific fix.
https://git.busybox.net/busybox/commit/?h=1_28_stable&id=37277a23fe48b13313f5d96084d890ed21d5fd8b
> ---
> scripts/lib/devtool/deploy.py | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/scripts/lib/devtool/deploy.py b/scripts/lib/devtool/deploy.py
> index f345f31b7b..9617388f90 100644
> --- a/scripts/lib/devtool/deploy.py
> +++ b/scripts/lib/devtool/deploy.py
> @@ -114,6 +114,7 @@ def _prepare_remote_script(deploy, verbose=False, dryrun=False, undeployall=Fals
> lines.append('rm $3')
> lines.append('mkdir -p `dirname $manifest`')
> lines.append('mkdir -p $2')
> + lines.append('export EXTRACT_UNSAFE_SYMLINKS=1')
> if verbose:
> lines.append(' tar xv -C $2 -f - | tee $manifest')
> else:
> --
> 2.11.0
>
> --
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core at lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-core
More information about the Openembedded-core
mailing list