[OE-core] [PATCH] libpam: reproducibility: Fix host umask leakage at patch-time
Burton, Ross
ross.burton at intel.com
Thu Dec 20 13:04:15 UTC 2018
Why is this libpam specific and not a general issue that the umask
needs to be set in patch.bbclass?
Ross
On Thu, 20 Dec 2018 at 05:41, Douglas Royds <douglas.royds at taitradio.com> wrote:
>
> The patch file pam-security-abstract-securetty-handling.patch creates a new
> file (tty_secure.c) at patch-time, so its permissions are subject to the host
> umask. This file is later copied into the -dbg package with no change in
> permissions.
>
> Signed-off-by: Douglas Royds <douglas.royds at taitradio.com>
> ---
> meta/recipes-extended/pam/libpam_1.3.0.bb | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/meta/recipes-extended/pam/libpam_1.3.0.bb b/meta/recipes-extended/pam/libpam_1.3.0.bb
> index 3aec2cdb4c..292b570e11 100644
> --- a/meta/recipes-extended/pam/libpam_1.3.0.bb
> +++ b/meta/recipes-extended/pam/libpam_1.3.0.bb
> @@ -49,6 +49,9 @@ S = "${WORKDIR}/Linux-PAM-${PV}"
>
> inherit autotools gettext pkgconfig
>
> +# We create a new file (tty_secure.c) from pam-security-abstract-securetty-handling.patch
> +do_patch[umask] = "022"
> +
> PACKAGECONFIG[audit] = "--enable-audit,--disable-audit,audit,"
>
> PACKAGES += "${PN}-runtime ${PN}-xtests"
> --
> 2.17.1
>
> --
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core at lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-core
More information about the Openembedded-core
mailing list