[dpkg] 130/192: dpkg-deb: Add support for rootless builds
Ximin Luo
infinity0 at debian.org
Tue Oct 17 11:04:10 UTC 2017
This is an automated email from the git hooks/post-receive script.
infinity0 pushed a commit to branch pu/reproducible_builds
in repository dpkg.
commit 2436807c87b033a1ea25164d3b951cd559084a5a
Author: Guillem Jover <guillem at debian.org>
Date: Sun Sep 17 12:15:32 2017 +0200
dpkg-deb: Add support for rootless builds
This sets the control member entries always to root:root, and makes it
possible to do the same for the data member entries via the new
--root-onwer-group option.
Closes: #291320
Based-on-patch-by: Niels Thykier <niels at thykier.net>
Signed-off-by: Guillem Jover <guillem at debian.org>
---
debian/changelog | 4 ++++
dpkg-deb/build.c | 5 +++++
dpkg-deb/dpkg-deb.h | 1 +
dpkg-deb/main.c | 3 +++
man/dpkg-deb.man | 9 +++++++++
5 files changed, 22 insertions(+)
diff --git a/debian/changelog b/debian/changelog
index 6115f76..13b81ea 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -15,6 +15,10 @@ dpkg (1.19.0) UNRELEASED; urgency=medium
* Re-enable upstream tar signatures when building source format 1.0.
* Make dpkg-deb --build sanity check the config maintainer script file type
and permissions.
+ * Add support to dpkg-deb for rootless builds, by setting the owner and
+ group for the control.tar entries to root:root, and making it possible to
+ do the same for the data.tar entries via the new --root-owner-group option.
+ Based on a patch by Niels Thykier <niels at thykier.net>. Closes: #291320
* Perl modules:
- Switch from Dpkg::Util to List::Util, now that the module in the
new required Perl contains the needed functions.
diff --git a/dpkg-deb/build.c b/dpkg-deb/build.c
index 3f17777..316efeb 100644
--- a/dpkg-deb/build.c
+++ b/dpkg-deb/build.c
@@ -421,6 +421,7 @@ typedef void filenames_feed_func(const char *dir, int fd_out);
struct tar_pack_options {
time_t timestamp;
const char *mode;
+ bool root_owner_group;
};
/**
@@ -460,6 +461,8 @@ tarball_pack(const char *dir, filenames_feed_func *tar_filenames_feeder,
/* Mode might become a positional argument, pass it before -T. */
if (options->mode)
command_add_args(&cmd, "--mode", options->mode, NULL);
+ if (options->root_owner_group)
+ command_add_args(&cmd, "--owner", "root:0", "--group", "root:0", NULL);
command_add_args(&cmd, "--null", "--no-unquote", "--no-recursion",
"-T", "-", NULL);
command_exec(&cmd);
@@ -586,6 +589,7 @@ do_build(const char *const *argv)
/* Fork a tar to package the control-section of the package. */
tar_options.mode = "u+rw,go=rX";
tar_options.timestamp = timestamp;
+ tar_options.root_owner_group = true;
tarball_pack(ctrldir, control_treewalk_feed, &tar_options,
&control_compress_params, gzfd);
@@ -650,6 +654,7 @@ do_build(const char *const *argv)
/* Pack the directory into a tarball, feeding files from the callback. */
tar_options.mode = NULL;
tar_options.timestamp = timestamp;
+ tar_options.root_owner_group = opt_root_owner_group;
tarball_pack(dir, file_treewalk_feed, &tar_options, &compress_params, gzfd);
/* Okay, we have data.tar as well now, add it to the ar wrapper. */
diff --git a/dpkg-deb/dpkg-deb.h b/dpkg-deb/dpkg-deb.h
index bc90c27..6fd8f2b 100644
--- a/dpkg-deb/dpkg-deb.h
+++ b/dpkg-deb/dpkg-deb.h
@@ -37,6 +37,7 @@ action_func do_ctrltarfile;
action_func do_fsystarfile;
extern int opt_verbose;
+extern int opt_root_owner_group;
extern int opt_uniform_compression;
extern int debugflag, nocheckflag;
diff --git a/dpkg-deb/main.c b/dpkg-deb/main.c
index 7892fa9..1f2143b 100644
--- a/dpkg-deb/main.c
+++ b/dpkg-deb/main.c
@@ -104,6 +104,7 @@ usage(const struct cmdinfo *cip, const char *value)
" Allowed values: 0.939000, 2.0 (default).\n"
" --nocheck Suppress control file check (build bad\n"
" packages).\n"
+" --root-owner-group Forces the owner and groups to root.\n"
" --uniform-compression Use the compression params on all members.\n"
" -z# Set the compression level when building.\n"
" -Z<type> Set the compression type used when building.\n"
@@ -140,6 +141,7 @@ static const char printforhelp[] =
int debugflag = 0;
int nocheckflag = 0;
int opt_verbose = 0;
+int opt_root_owner_group = 0;
int opt_uniform_compression = 0;
struct deb_version deb_format = DEB_VERSION(2, 0);
@@ -215,6 +217,7 @@ static const struct cmdinfo cmdinfos[]= {
{ "debug", 'D', 0, &debugflag, NULL, NULL, 1 },
{ "verbose", 'v', 0, &opt_verbose, NULL, NULL, 1 },
{ "nocheck", 0, 0, &nocheckflag, NULL, NULL, 1 },
+ { "root-owner-group", 0, 0, &opt_root_owner_group, NULL, NULL, 1 },
{ "uniform-compression", 0, 0, &opt_uniform_compression, NULL, NULL, 1 },
{ NULL, 'z', 1, NULL, NULL, set_compress_level },
{ NULL, 'Z', 1, NULL, NULL, set_compress_type },
diff --git a/man/dpkg-deb.man b/man/dpkg-deb.man
index fc8b03a..8471ccc 100644
--- a/man/dpkg-deb.man
+++ b/man/dpkg-deb.man
@@ -254,6 +254,15 @@ Otherwise only the
compression types allowed to be uniformly used are \fBnone\fP, \fBgzip\fP
and \fBxz\fP.
.TP
+.B \-\-root\-owner\-group
+Set the owner and group for each entry in the filesystem tree data to
+root with id 0 (since dpkg 1.19.0).
+
+\fBNote\fP: This option can be useful for rootless builds (see
+\fIrootless\-builds.txt\fP), but should \fBnot\fP be used when the
+entries have an owner or group that is not root.
+Support for these will be added later in the form of a meta manifest.
+.TP
.BI \-\-deb\-format= format
Set the archive format version used when building (since dpkg 1.17.0).
Allowed values are \fB2.0\fP for the new format, and \fB0.939000\fP
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/reproducible/dpkg.git
More information about the Reproducible-commits
mailing list