summaryrefslogtreecommitdiffstats
path: root/meta/classes/patch.bbclass
diff options
context:
space:
mode:
authorDouglas Royds <douglas.royds@taitradio.com>2018-12-21 12:10:22 +1300
committerRichard Purdie <richard.purdie@linuxfoundation.org>2019-02-06 16:38:30 +0000
commiteab307542c3cb382ce7e0f4c35a5b5d0b6d48c17 (patch)
tree0ec410659b58683d0f82e3f8ca643013e1518b32 /meta/classes/patch.bbclass
parent83a235665b51e3fed58b4ecf7499ce975614368e (diff)
downloadpoky-eab307542c3cb382ce7e0f4c35a5b5d0b6d48c17.tar.gz
patch: reproducibility: Fix host umask leakage
Some patch files create entirely new files, so their permissions are subject to the host umask. If such a file is later installed into a package with no change in permissions, it breaks the reproducibility of the package. This was observed on libpam, for instance: The patch file pam-security-abstract-securetty-handling.patch creates a new file (tty_secure.c). This file is later copied into the -dbg package with no change in permissions. (From OE-Core rev: 2a2bbd755b330cd63f7f6e2f2b374a3ae065b37a) (From OE-Core rev: 9841962b5bfdaaeed31f79573f6fbd9d1d56dd17) Signed-off-by: Douglas Royds <douglas.royds@taitradio.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/classes/patch.bbclass')
-rw-r--r--meta/classes/patch.bbclass1
1 files changed, 1 insertions, 0 deletions
diff --git a/meta/classes/patch.bbclass b/meta/classes/patch.bbclass
index 3e0a181821..cd241f1c84 100644
--- a/meta/classes/patch.bbclass
+++ b/meta/classes/patch.bbclass
@@ -153,6 +153,7 @@ python patch_do_patch() {
153patch_do_patch[vardepsexclude] = "PATCHRESOLVE" 153patch_do_patch[vardepsexclude] = "PATCHRESOLVE"
154 154
155addtask patch after do_unpack 155addtask patch after do_unpack
156do_patch[umask] = "022"
156do_patch[dirs] = "${WORKDIR}" 157do_patch[dirs] = "${WORKDIR}"
157do_patch[depends] = "${PATCHDEPENDENCY}" 158do_patch[depends] = "${PATCHDEPENDENCY}"
158 159