Bug#947012: mmdebstrap: Extended attributes are lost in tarball

Thu, 19 Dec 2019 05:57:45 -0800 

Package: mmdebstrap
Version: 0.5.1-3
Severity: normal
Tags: patch upstream

Hi,

When specifying a tarball as output format, the extended attributes are
lost. This leads to programs like ping fail to run as normal user.

```
mmdebstrap --include=iputils-ping buster buster.tar
mkdir root
sudo tar --xattrs --xattrs-include='*' -C root -xf buster.tar
getcap root/bin/ping
```

Therefore the attached patch will preserve the extended attributes when
generating the tarball. Then getcap will show:

```
root/bin/ping = cap_net_raw+ep
```

-- 
Benjamin Drung

System Developer and Debian & Ubuntu Developer
Platform Engineering Compute (IONOS Cloud)

1&1 IONOS SE | Greifswalder Str. 207 | 10405 Berlin | Germany
E-mail: [email protected] | Web: www.ionos.de

Hauptsitz Montabaur, Amtsgericht Montabaur, HRB 24498
Vorstand: Dr. Christian Böing, Hüseyin Dogan, Hans-Henning Kettler,
Matthias Steinberg, Achim Weiß
Aufsichtsratsvorsitzender: Markus Kadelke
Member of United Internet

>From 0e38f515d96a927d84262dc38df19f41920468d8 Mon Sep 17 00:00:00 2001
From: Benjamin Drung <[email protected]>
Date: Tue, 10 Dec 2019 15:00:12 +0100
Subject: [PATCH] Preserve extended attributes in tarball

When specifying a tarball as output format, the extended attributes are
lost. This leads to programs like ping fail to run as normal user.

```
mmdebstrap --include=iputils-ping buster buster.tar
mkdir root
sudo tar --xattrs --xattrs-include='*' -C root -xf buster.tar
getcap root/bin/ping
```

Therefore preserve the extended attributes when generating the tarball.
Then getcap will show:

```
root/bin/ping = cap_net_raw+ep
```

Signed-off-by: Benjamin Drung <[email protected]>
---
 mmdebstrap | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/mmdebstrap b/mmdebstrap
index b9b7af5..9996f16 100755
--- a/mmdebstrap
+++ b/mmdebstrap
@@ -2836,7 +2836,7 @@ sub main() {
     }
 
     my $exitstatus = 0;
-    my @taropts = ('--sort=name', "--mtime=\@$mtime", '--clamp-mtime', 
'--numeric-owner', '--one-file-system', '-c', '--exclude=./dev');
+    my @taropts = ('--sort=name', "--mtime=\@$mtime", '--clamp-mtime', 
'--numeric-owner', '--one-file-system', '--xattrs', '-c', '--exclude=./dev');
 
     # disable signals so that we can fork and change behaviour of the signal
     # handler in the parent and child without getting interrupted
-- 
2.20.1

Reply via email to