summaryrefslogtreecommitdiff
path: root/package.bash
diff options
context:
space:
mode:
authorJakob Unterwurzacher2017-08-21 14:10:05 +0200
committerJakob Unterwurzacher2017-08-21 14:10:05 +0200
commit07f57314afb260d6b14227b932d66345c55ffab3 (patch)
tree42e6115308dce5eaac68fd14effd05c0812f2794 /package.bash
parent312ea32bb70abb93be315d0b7c442d5c4ae571d9 (diff)
package[-static].bash: stop leaking the local user id in the tarball
The local user id of the packager is not interesting for users who download the tarball. Also it will cause the gocryptfs binary to have an unintended owner when the tarball is extraced as root. Fix the issue by using "tar --owner=root --group=root" which overwrites user and group id with zero.
Diffstat (limited to 'package.bash')
-rwxr-xr-xpackage.bash7
1 files changed, 3 insertions, 4 deletions
diff --git a/package.bash b/package.bash
index fe01709..469a17b 100755
--- a/package.bash
+++ b/package.bash
@@ -1,7 +1,6 @@
-#!/bin/bash
+#!/bin/bash -eu
-set -eu
-cd $(dirname "$0")
+cd "$(dirname "$0")"
# Build binary and sets $GITVERSION (example: v0.7-15-gf01f599)
source build.bash
@@ -28,7 +27,7 @@ cp -a ./Documentation/gocryptfs.1 .
TARGZ=gocryptfs_${GITVERSION}_${ID}${VERSION_ID}_${ARCH}.tar.gz
-tar czf $TARGZ gocryptfs gocryptfs.1
+tar --owner=root --group=root -czf $TARGZ gocryptfs gocryptfs.1
echo "Tar created."
echo "Hint for signing: gpg -u 23A02740 --armor --detach-sig $TARGZ"