diff options
author | Douglas Royds <douglas.royds@taitradio.com> | 2018-12-21 12:10:22 +1300 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2019-02-25 22:27:45 +0000 |
commit | 71bcf6c051f559fd9910b5037f4728ae0c10c773 (patch) | |
tree | b75af9949e57cb68fe32175a5cc06ddab9b89e0d /meta | |
parent | a739dc6c217ea902e15ec6f921f0b0a849a32065 (diff) | |
download | poky-71bcf6c051f559fd9910b5037f4728ae0c10c773.tar.gz |
patch: reproducibility: Fix host umask leakage
Some patch files create entirely new files, so their permissions are subject to
the host umask. If such a file is later installed into a package with no change
in permissions, it breaks the reproducibility of the package.
This was observed on libpam, for instance: The patch file
pam-security-abstract-securetty-handling.patch creates a new file
(tty_secure.c). This file is later copied into the -dbg package with no change
in permissions.
(From OE-Core rev: 2a2bbd755b330cd63f7f6e2f2b374a3ae065b37a)
(From OE-Core rev: ae10351f4aa443fc6df5a674b0aae0731304254d)
Signed-off-by: Douglas Royds <douglas.royds@taitradio.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta')
-rw-r--r-- | meta/classes/patch.bbclass | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/meta/classes/patch.bbclass b/meta/classes/patch.bbclass index 2fc6925e49..2cfc7315b5 100644 --- a/meta/classes/patch.bbclass +++ b/meta/classes/patch.bbclass | |||
@@ -153,6 +153,7 @@ python patch_do_patch() { | |||
153 | patch_do_patch[vardepsexclude] = "PATCHRESOLVE" | 153 | patch_do_patch[vardepsexclude] = "PATCHRESOLVE" |
154 | 154 | ||
155 | addtask patch after do_unpack | 155 | addtask patch after do_unpack |
156 | do_patch[umask] = "022" | ||
156 | do_patch[dirs] = "${WORKDIR}" | 157 | do_patch[dirs] = "${WORKDIR}" |
157 | do_patch[depends] = "${PATCHDEPENDENCY}" | 158 | do_patch[depends] = "${PATCHDEPENDENCY}" |
158 | 159 | ||