[OE-core] [PATCH] libpam: reproducibility: Fix host umask leakage at patch-time

[Douglas Royds]

libpam is unusual in having a patch that creates an entirely new file 
(tty_secure.c). If that patch eventually goes, then this umask setting 
can go as well.

I haven't come across any other cases of a patch creating a file, but if 
there are, then we could certainly move this setting. Perhaps we should 
wait until others emerge.


On 21/12/18 2:04 AM, Burton, Ross wrote:

> Why is this libpam specific and not a general issue that the umask
> needs to be set in patch.bbclass?
>
> Ross
> On Thu, 20 Dec 2018 at 05:41, Douglas Royds <douglas.royds at taitradio.com> wrote:
>> The patch file pam-security-abstract-securetty-handling.patch creates a new
>> file (tty_secure.c) at patch-time, so its permissions are subject to the host
>> umask. This file is later copied into the -dbg package with no change in
>> permissions.
>>
>> Signed-off-by: Douglas Royds <douglas.royds at taitradio.com>
>> ---
>>   meta/recipes-extended/pam/libpam_1.3.0.bb | 3 +++
>>   1 file changed, 3 insertions(+)
>>
>> diff --git a/meta/recipes-extended/pam/libpam_1.3.0.bb b/meta/recipes-extended/pam/libpam_1.3.0.bb
>> index 3aec2cdb4c..292b570e11 100644
>> --- a/meta/recipes-extended/pam/libpam_1.3.0.bb
>> +++ b/meta/recipes-extended/pam/libpam_1.3.0.bb
>> @@ -49,6 +49,9 @@ S = "${WORKDIR}/Linux-PAM-${PV}"
>>
>>   inherit autotools gettext pkgconfig
>>
>> +# We create a new file (tty_secure.c) from pam-security-abstract-securetty-handling.patch
>> +do_patch[umask] = "022"
>> +
>>   PACKAGECONFIG[audit] = "--enable-audit,--disable-audit,audit,"
>>
>>   PACKAGES += "${PN}-runtime ${PN}-xtests"
>> --
>> 2.17.1
>>
>> --
>> _______________________________________________
>> Openembedded-core mailing list
>> Openembedded-core at lists.openembedded.org
>> http://lists.openembedded.org/mailman/listinfo/openembedded-core