[OE-core] host-user-contaminated QA check
Patrick Ohly
patrick.ohly at intel.com
Thu Feb 2 16:39:07 UTC 2017
On Thu, 2017-02-02 at 10:21 -0600, Seebs wrote:
> On Thu, 02 Feb 2017 11:38:00 +0100
> Patrick Ohly <patrick.ohly at intel.com> wrote:
>
> > Why do we make the real user ID on the build system visible at all
> > when running under pseudo? The uid and user name have no meaning
> > there, as the user won't exist on the target system. Instead we could
> > map the owner of all files to root:root by default, i.e. in those
> > cases where no other ownership is recorded in the pseudo database.
>
> We could. Honestly, the underlying reason we don't is at least in part
> that that makes the behavior differ more from the behavior of "sudo";
> with sudo, you see actual ownerships. But that's less applicable here.
>
> I would be more inclined to report a Definitely Absolutely Not Okay
> user ID, like 65533. (65534 and 65535 have both been used as Magic
> Cookies in the past, I think.)
I had considered that approach myself, too. It would make the QA check
reliable and in that sense solve the problem.
But I find mapping to root:root more attractive because it makes
packaging simpler (less worries about accidentally copying the original
uid) and the builds faster (no need to run the QA check).
--
Best Regards, Patrick Ohly
The content of this message is my personal opinion only and although
I am an employee of Intel, the statements I make here in no way
represent Intel's position on the issue, nor am I authorized to speak
on behalf of Intel on this matter.
More information about the Openembedded-core
mailing list