From c3a244b792ca89f28048c1fec1d3e05112872ee0 Mon Sep 17 00:00:00 2001 From: Douglas Royds Date: Fri, 21 Dec 2018 12:10:22 +1300 Subject: patch: reproducibility: Fix host umask leakage Some patch files create entirely new files, so their permissions are subject to the host umask. If such a file is later installed into a package with no change in permissions, it breaks the reproducibility of the package. This was observed on libpam, for instance: The patch file pam-security-abstract-securetty-handling.patch creates a new file (tty_secure.c). This file is later copied into the -dbg package with no change in permissions. (From OE-Core rev: 2a2bbd755b330cd63f7f6e2f2b374a3ae065b37a) Signed-off-by: Douglas Royds Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --- meta/classes/patch.bbclass | 1 + 1 file changed, 1 insertion(+) (limited to 'meta') diff --git a/meta/classes/patch.bbclass b/meta/classes/patch.bbclass index 3e0a181821..cd241f1c84 100644 --- a/meta/classes/patch.bbclass +++ b/meta/classes/patch.bbclass @@ -153,6 +153,7 @@ python patch_do_patch() { patch_do_patch[vardepsexclude] = "PATCHRESOLVE" addtask patch after do_unpack +do_patch[umask] = "022" do_patch[dirs] = "${WORKDIR}" do_patch[depends] = "${PATCHDEPENDENCY}" -- cgit v1.2.3-54-g00ecf