diff options
| author | Jakob Unterwurzacher | 2017-08-21 14:10:05 +0200 | 
|---|---|---|
| committer | Jakob Unterwurzacher | 2017-08-21 14:10:05 +0200 | 
| commit | 07f57314afb260d6b14227b932d66345c55ffab3 (patch) | |
| tree | 42e6115308dce5eaac68fd14effd05c0812f2794 /package-static.bash | |
| parent | 312ea32bb70abb93be315d0b7c442d5c4ae571d9 (diff) | |
package[-static].bash: stop leaking the local user id in the tarball
The local user id of the packager is not interesting for users who
download the tarball.
Also it will cause the gocryptfs binary to have an unintended owner
when the tarball is extraced as root.
Fix the issue by using "tar --owner=root --group=root" which
overwrites user and group id with zero.
Diffstat (limited to 'package-static.bash')
| -rwxr-xr-x | package-static.bash | 4 | 
1 files changed, 2 insertions, 2 deletions
| diff --git a/package-static.bash b/package-static.bash index a30d649..f2dc0d7 100755 --- a/package-static.bash +++ b/package-static.bash @@ -1,6 +1,6 @@  #!/bin/bash -eu -cd $(dirname "$0") +cd "$(dirname "$0")"  # Compiles the gocryptfs binary and sets $GITVERSION  source build-without-openssl.bash @@ -19,7 +19,7 @@ OS=$(go env GOOS)  TARGZ=gocryptfs_${GITVERSION}_${OS}-static_${ARCH}.tar.gz -tar czf $TARGZ gocryptfs gocryptfs.1 +tar --owner=root --group=root -czf $TARGZ gocryptfs gocryptfs.1  echo "Tar created."  echo "Hint for signing: gpg -u 23A02740 --armor --detach-sig $TARGZ" | 
