[OE-core] [PATCH v2] devtool: deploy-target: support "unsafe" symlinks
Richard Purdie
richard.purdie at linuxfoundation.org
Wed Feb 27 09:14:12 UTC 2019
On Wed, 2019-02-27 at 09:10 +0000, Olaf Mandel wrote:
> The bosybox version of tar in sumo considers symlink targets that
> start
> with / or with ../ to be unsafe and refuses to unpack them unless the
> EXTRACT_UNSAFE_SYMLINKS environment variable is set to 1.
>
> As even many core packages legitimately contain such links (e.g.
> coreutils-locale-*, dropbear, eudev, initscripts, kmod, ...), add the
> environment variable to the remote script.
> ---
> scripts/lib/devtool/deploy.py | 5 +++++
> 1 file changed, 5 insertions(+)
I'm tempted to suggest we backport changes to busybox in sumo to
address this...
Cheers,
Richard
>
More information about the Openembedded-core
mailing list