scripts/package: tar-pkg: use tar --owner=root

Use the --owner= and --group= options to make sure the entries in the built tar file are owned by root. Without this change, a careless sysadmin using the tar-pkg target can easily end up installing a kernel that is writable by the unprivileged user account used to build the kernel. Test that these options are understood before using them so that non-GNU versions of tar can still be used if the operator is appropriately cautious. Signed-off-by: N Jonathan Nieder <jrnieder@gmail.com> Signed-off-by: N Michal Marek <mmarek@suse.cz>

scripts/package: tar-pkg: use tar --owner=root
Use the --owner= and --group= options to make sure the entries in the built tar file are owned by root. Without this change, a careless sysadmin using the tar-pkg target can easily end up installing a kernel that is writable by the unprivileged user account used to build the kernel. Test that these options are understood before using them so that non-GNU versions of tar can still be used if the operator is appropriately cautious. Signed-off-by: N Jonathan Nieder <jrnieder@gmail.com> Signed-off-by: N Michal Marek <mmarek@suse.cz>
91d16185 · Michal Marek · 8723eaef · 91d16185
隐藏空白更改
内联并排

Showing with 5 addition and 1 deletion

scripts/package/buildtar scripts/package/buildtar +5 -1

未找到文件。
--- a/scripts/package/buildtar
+++ b/scripts/package/buildtar
@@ -101,7 +101,11 @@ esac
 #
 (
 	cd "${tmpdir}"
-	tar cf - . | ${compress} > "${tarball}${file_ext}"
+	opts=
+	if tar --owner=root --group=root --help >/dev/null 2>&1; then
+		opts="--owner=root --group=root"
+	fi
+	tar cf - . $opts | ${compress} > "${tarball}${file_ext}"
 )
 echo "Tarball successfully created in ${tarball}${file_ext}"