This is an automated email from the git hooks/post-receive script. guillem pushed a commit to branch master in repository dpkg.
commit 2436807c87b033a1ea25164d3b951cd559084a5a Author: Guillem Jover <[email protected]> Date: Sun Sep 17 12:15:32 2017 +0200 dpkg-deb: Add support for rootless builds This sets the control member entries always to root:root, and makes it possible to do the same for the data member entries via the new --root-onwer-group option. Closes: #291320 Based-on-patch-by: Niels Thykier <[email protected]> Signed-off-by: Guillem Jover <[email protected]> --- debian/changelog | 4 ++++ dpkg-deb/build.c | 5 +++++ dpkg-deb/dpkg-deb.h | 1 + dpkg-deb/main.c | 3 +++ man/dpkg-deb.man | 9 +++++++++ 5 files changed, 22 insertions(+) diff --git a/debian/changelog b/debian/changelog index 6115f76..13b81ea 100644 --- a/debian/changelog +++ b/debian/changelog @@ -15,6 +15,10 @@ dpkg (1.19.0) UNRELEASED; urgency=medium * Re-enable upstream tar signatures when building source format 1.0. * Make dpkg-deb --build sanity check the config maintainer script file type and permissions. + * Add support to dpkg-deb for rootless builds, by setting the owner and + group for the control.tar entries to root:root, and making it possible to + do the same for the data.tar entries via the new --root-owner-group option. + Based on a patch by Niels Thykier <[email protected]>. Closes: #291320 * Perl modules: - Switch from Dpkg::Util to List::Util, now that the module in the new required Perl contains the needed functions. diff --git a/dpkg-deb/build.c b/dpkg-deb/build.c index 3f17777..316efeb 100644 --- a/dpkg-deb/build.c +++ b/dpkg-deb/build.c @@ -421,6 +421,7 @@ typedef void filenames_feed_func(const char *dir, int fd_out); struct tar_pack_options { time_t timestamp; const char *mode; + bool root_owner_group; }; /** @@ -460,6 +461,8 @@ tarball_pack(const char *dir, filenames_feed_func *tar_filenames_feeder, /* Mode might become a positional argument, pass it before -T. */ if (options->mode) command_add_args(&cmd, "--mode", options->mode, NULL); + if (options->root_owner_group) + command_add_args(&cmd, "--owner", "root:0", "--group", "root:0", NULL); command_add_args(&cmd, "--null", "--no-unquote", "--no-recursion", "-T", "-", NULL); command_exec(&cmd); @@ -586,6 +589,7 @@ do_build(const char *const *argv) /* Fork a tar to package the control-section of the package. */ tar_options.mode = "u+rw,go=rX"; tar_options.timestamp = timestamp; + tar_options.root_owner_group = true; tarball_pack(ctrldir, control_treewalk_feed, &tar_options, &control_compress_params, gzfd); @@ -650,6 +654,7 @@ do_build(const char *const *argv) /* Pack the directory into a tarball, feeding files from the callback. */ tar_options.mode = NULL; tar_options.timestamp = timestamp; + tar_options.root_owner_group = opt_root_owner_group; tarball_pack(dir, file_treewalk_feed, &tar_options, &compress_params, gzfd); /* Okay, we have data.tar as well now, add it to the ar wrapper. */ diff --git a/dpkg-deb/dpkg-deb.h b/dpkg-deb/dpkg-deb.h index bc90c27..6fd8f2b 100644 --- a/dpkg-deb/dpkg-deb.h +++ b/dpkg-deb/dpkg-deb.h @@ -37,6 +37,7 @@ action_func do_ctrltarfile; action_func do_fsystarfile; extern int opt_verbose; +extern int opt_root_owner_group; extern int opt_uniform_compression; extern int debugflag, nocheckflag; diff --git a/dpkg-deb/main.c b/dpkg-deb/main.c index 7892fa9..1f2143b 100644 --- a/dpkg-deb/main.c +++ b/dpkg-deb/main.c @@ -104,6 +104,7 @@ usage(const struct cmdinfo *cip, const char *value) " Allowed values: 0.939000, 2.0 (default).\n" " --nocheck Suppress control file check (build bad\n" " packages).\n" +" --root-owner-group Forces the owner and groups to root.\n" " --uniform-compression Use the compression params on all members.\n" " -z# Set the compression level when building.\n" " -Z<type> Set the compression type used when building.\n" @@ -140,6 +141,7 @@ static const char printforhelp[] = int debugflag = 0; int nocheckflag = 0; int opt_verbose = 0; +int opt_root_owner_group = 0; int opt_uniform_compression = 0; struct deb_version deb_format = DEB_VERSION(2, 0); @@ -215,6 +217,7 @@ static const struct cmdinfo cmdinfos[]= { { "debug", 'D', 0, &debugflag, NULL, NULL, 1 }, { "verbose", 'v', 0, &opt_verbose, NULL, NULL, 1 }, { "nocheck", 0, 0, &nocheckflag, NULL, NULL, 1 }, + { "root-owner-group", 0, 0, &opt_root_owner_group, NULL, NULL, 1 }, { "uniform-compression", 0, 0, &opt_uniform_compression, NULL, NULL, 1 }, { NULL, 'z', 1, NULL, NULL, set_compress_level }, { NULL, 'Z', 1, NULL, NULL, set_compress_type }, diff --git a/man/dpkg-deb.man b/man/dpkg-deb.man index fc8b03a..8471ccc 100644 --- a/man/dpkg-deb.man +++ b/man/dpkg-deb.man @@ -254,6 +254,15 @@ Otherwise only the compression types allowed to be uniformly used are \fBnone\fP, \fBgzip\fP and \fBxz\fP. .TP +.B \-\-root\-owner\-group +Set the owner and group for each entry in the filesystem tree data to +root with id 0 (since dpkg 1.19.0). + +\fBNote\fP: This option can be useful for rootless builds (see +\fIrootless\-builds.txt\fP), but should \fBnot\fP be used when the +entries have an owner or group that is not root. +Support for these will be added later in the form of a meta manifest. +.TP .BI \-\-deb\-format= format Set the archive format version used when building (since dpkg 1.17.0). Allowed values are \fB2.0\fP for the new format, and \fB0.939000\fP -- Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/dpkg/dpkg.git
