[oe-commits] [openembedded-core] 12/49: patch: reproducibility: Fix host umask leakage

git at git.openembedded.org git at git.openembedded.org
Mon Feb 25 22:28:18 UTC 2019

This is an automated email from the git hooks/post-receive script.

rpurdie pushed a commit to branch sumo
in repository openembedded-core.

commit ae10351f4aa443fc6df5a674b0aae0731304254d
Author: Douglas Royds <douglas.royds at taitradio.com>
AuthorDate: Fri Dec 21 12:10:22 2018 +1300

    patch: reproducibility: Fix host umask leakage
    Some patch files create entirely new files, so their permissions are subject to
    the host umask. If such a file is later installed into a package with no change
    in permissions, it breaks the reproducibility of the package.
    This was observed on libpam, for instance: The patch file
    pam-security-abstract-securetty-handling.patch creates a new file
    (tty_secure.c). This file is later copied into the -dbg package with no change
    in permissions.
    (From OE-Core rev: 2a2bbd755b330cd63f7f6e2f2b374a3ae065b37a)
    Signed-off-by: Douglas Royds <douglas.royds at taitradio.com>
    Signed-off-by: Ross Burton <ross.burton at intel.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
    Signed-off-by: Armin Kuster <akuster808 at gmail.com>
 meta/classes/patch.bbclass | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta/classes/patch.bbclass b/meta/classes/patch.bbclass
index 2fc6925..2cfc731 100644
--- a/meta/classes/patch.bbclass
+++ b/meta/classes/patch.bbclass
@@ -153,6 +153,7 @@ python patch_do_patch() {
 patch_do_patch[vardepsexclude] = "PATCHRESOLVE"
 addtask patch after do_unpack
+do_patch[umask] = "022"
 do_patch[dirs] = "${WORKDIR}"
 do_patch[depends] = "${PATCHDEPENDENCY}"

To stop receiving notification emails like this one, please contact
the administrator of this repository.

More information about the Openembedded-commits mailing list