[PATCH 6/8] classes/package_rpm: set bogus locations for passwd/group files

public inbox for openembedded-core@lists.openembedded.org
 help / color / mirror / Atom feed

From: Alexander Kanavin <alex.kanavin@gmail.com>
To: openembedded-core@lists.openembedded.org
Cc: Alexander Kanavin <alex@linutronix.de>
Subject: [PATCH 6/8] classes/package_rpm: set bogus locations for passwd/group files
Date: Fri, 26 Jan 2024 14:34:53 +0100	[thread overview]
Message-ID: <20240126133455.2609378-6-alex@linutronix.de> (raw)
In-Reply-To: <20240126133455.2609378-1-alex@linutronix.de>

Since https://github.com/rpm-software-management/rpm/commit/f3eaeeb7341085e1850e914350cf1f33d538320d
rpm does its own parsing of /etc/passwd and /etc/group instead of relying on getpwnam() and friends.

This has an unfortunate effect of leaking build host uid/gid values for users and groups
into the cpio header inside rpm file (where previously those were always zero).

Installation of rpm packages relies on rpm header to set files ownership, and that
is a different structure that is build from .spec information, so we can avoid host
contamination by setting the paths to something bogus.

Signed-off-by: Alexander Kanavin <alex@linutronix.de>
---
 meta/classes-global/package_rpm.bbclass | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta/classes-global/package_rpm.bbclass b/meta/classes-global/package_rpm.bbclass
index 3ca6c5aa7b3..e0f4de42a15 100644
--- a/meta/classes-global/package_rpm.bbclass
+++ b/meta/classes-global/package_rpm.bbclass
@@ -722,6 +722,8 @@ python do_package_rpm () {
     cmd = cmd + " --define 'debug_package %{nil}'"
     cmd = cmd + " --define '_tmppath " + workdir + "'"
     cmd = cmd + " --define '_use_weak_usergroup_deps 1'"
+    cmd = cmd + " --define '_passwd_path " + "/completely/bogus/path" + "'"
+    cmd = cmd + " --define '_group_path " + "/completely/bogus/path" + "'"
     if d.getVarFlag('ARCHIVER_MODE', 'srpm') == '1' and bb.data.inherits_class('archiver', d):
         cmd = cmd + " --define '_sourcedir " + d.getVar('ARCHIVER_OUTDIR') + "'"
         cmdsrpm = cmd + " --define '_srcrpmdir " + d.getVar('ARCHIVER_RPMOUTDIR') + "'"
-- 
2.39.2

next prev parent reply	other threads:[~2024-01-26 13:35 UTC|newest]

Thread overview: 20+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-01-26 13:34 [PATCH 1/8] sysroot user management postinsts: run with /bin/sh -e to report errors when they happen Alexander Kanavin
2024-01-26 13:34 ` [PATCH 2/8] classes/multilib: expand PACKAGE_WRITE_DEPS in addition to DEPENDS Alexander Kanavin
2024-01-26 13:34 ` [PATCH 3/8] classes/staging: capture output of sysroot postinsts into logs Alexander Kanavin
2024-01-26 13:34 ` [PATCH 4/8] classes/package_rpm: write file permissions and ownership explicitly into .spec Alexander Kanavin
2024-01-26 13:34 ` [PATCH 5/8] classes/package_rpm: use weak user/group dependencies Alexander Kanavin
2024-01-26 13:34 ` Alexander Kanavin [this message]
2024-01-26 13:34 ` [PATCH 7/8] oeqa/runtime/rpm: fail tests if test rpm file cannot be found Alexander Kanavin
2024-01-26 14:11   ` [OE-core] " Richard Purdie
2024-01-26 14:21     ` Alexander Kanavin
2024-01-26 13:34 ` [PATCH 8/8] rpm: update 4.18.1 -> 4.19.1 Alexander Kanavin
2024-01-28 16:53   ` [OE-core] " Khem Raj
2024-01-28 19:04     ` Alexander Kanavin
     [not found]     ` <17AE983A55179990.23935@lists.openembedded.org>
2024-01-29 11:57       ` Alexander Kanavin
2024-01-29 12:11         ` Matt Madison
2024-01-29 12:22           ` Alexander Kanavin
2024-01-29 16:30             ` Matt Madison
2024-01-29 16:44         ` Mark Hatle
2024-02-01 21:10   ` Alexandre Belloni
2024-02-01 21:19     ` Alexander Kanavin
     [not found]     ` <17AFD9EAEAF14DA0.1968@lists.openembedded.org>
2024-02-02 12:27       ` Alexander Kanavin

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:3ca6c5aa7b dfblob:e0f4de42a1 )
 OR (
bs:"[PATCH 6/8] classes/package_rpm: set bogus locations for passwd/group files" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20240126133455.2609378-6-alex@linutronix.de \
    --to=alex.kanavin@gmail.com \
    --cc=alex@linutronix.de \
    --cc=openembedded-core@lists.openembedded.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox