From 683c839c457673a0c455bd224181f3a3953ef617 Mon Sep 17 00:00:00 2001 From: Alexander Kanavin Date: Fri, 26 Jan 2024 14:34:53 +0100 Subject: classes/package_rpm: set bogus locations for passwd/group files Since https://github.com/rpm-software-management/rpm/commit/f3eaeeb7341085e1850e914350cf1f33d538320d rpm does its own parsing of /etc/passwd and /etc/group instead of relying on getpwnam() and friends. This has an unfortunate effect of leaking build host uid/gid values for users and groups into the cpio header inside rpm file (where previously those were always zero). Installation of rpm packages relies on rpm header to set files ownership, and that is a different structure that is build from .spec information, so we can avoid host contamination by setting the paths to something bogus. (From OE-Core rev: ac8ea64bb39a5e56599e078c7e6cd056a2aa4144) Signed-off-by: Alexander Kanavin Signed-off-by: Richard Purdie --- meta/classes-global/package_rpm.bbclass | 2 ++ 1 file changed, 2 insertions(+) (limited to 'meta/classes-global') diff --git a/meta/classes-global/package_rpm.bbclass b/meta/classes-global/package_rpm.bbclass index 3ca6c5aa7b..e0f4de42a1 100644 --- a/meta/classes-global/package_rpm.bbclass +++ b/meta/classes-global/package_rpm.bbclass @@ -722,6 +722,8 @@ python do_package_rpm () { cmd = cmd + " --define 'debug_package %{nil}'" cmd = cmd + " --define '_tmppath " + workdir + "'" cmd = cmd + " --define '_use_weak_usergroup_deps 1'" + cmd = cmd + " --define '_passwd_path " + "/completely/bogus/path" + "'" + cmd = cmd + " --define '_group_path " + "/completely/bogus/path" + "'" if d.getVarFlag('ARCHIVER_MODE', 'srpm') == '1' and bb.data.inherits_class('archiver', d): cmd = cmd + " --define '_sourcedir " + d.getVar('ARCHIVER_OUTDIR') + "'" cmdsrpm = cmd + " --define '_srcrpmdir " + d.getVar('ARCHIVER_RPMOUTDIR') + "'" -- cgit v1.2.3-54-g00ecf