[OE-core] [PATCH] patch: reproducibility: Fix host umask leakage
Douglas Royds
douglas.royds at taitradio.com
Thu Dec 20 23:10:22 UTC 2018
Some patch files create entirely new files, so their permissions are subject to
the host umask. If such a file is later installed into a package with no change
in permissions, it breaks the reproducibility of the package.
This was observed on libpam, for instance: The patch file
pam-security-abstract-securetty-handling.patch creates a new file
(tty_secure.c). This file is later copied into the -dbg package with no change
in permissions.
Signed-off-by: Douglas Royds <douglas.royds at taitradio.com>
---
meta/classes/patch.bbclass | 1 +
1 file changed, 1 insertion(+)
diff --git a/meta/classes/patch.bbclass b/meta/classes/patch.bbclass
index 3e0a181821..cd241f1c84 100644
--- a/meta/classes/patch.bbclass
+++ b/meta/classes/patch.bbclass
@@ -153,6 +153,7 @@ python patch_do_patch() {
patch_do_patch[vardepsexclude] = "PATCHRESOLVE"
addtask patch after do_unpack
+do_patch[umask] = "022"
do_patch[dirs] = "${WORKDIR}"
do_patch[depends] = "${PATCHDEPENDENCY}"
--
2.17.1
More information about the Openembedded-core
mailing list