[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Ownership issue when repacking source in get-orig-source target



Hi,

I was concerned about an issue Charles Plessy reported in a recent
thread on Debian Med when he realised that the directories in the
unpacked tarball are featuring his UID/GID.  I simply looked into the
uscan source how it is be done there and found:

   GZIP=-9 tar --owner=root --group=root --mode=a+rX -czf <target_tarball> <source_dir>

I think this is also to weak because gzip seems to have the behaviour to
not always create byte identical results without the option --no-name
(I did not checked but trusted other DDs who reported this) and thus the
complete command should rather be

   GZIP="--best --no-name" tar --owner=root --group=root --mode=a+rX -czf <target_tarball> <source_dir>

I wonder whether we should rather implement a fool proof solution which
can be simply used in get-orig-source targets (and as well in uscan).
This would avoid random results and might be flexible enough to enable
changes at a single place in case further changes will be needed (so not
every single get-orig-source target needs to be touched.  So I'd suggest
something like

  /usr/bin/create_orig_tarball

  #!/bin/sh
  GZIP="--best --no-name" tar --owner=root --group=root --mode=a+rX -czf $1 $2

Well, suggestions for better names are welcome and some checking of the
arguments etc. might enhance this - but just to get the idea.  This
script could be shipped with the devscripts package.

I'd volunteer to write a bug report including patch but I want to hear
your opinion first whether I did overlooked something.

What do you think

        Andreas.

[1] http://lists.debian.org/debian-med/2012/01/msg00125.html

-- 
http://fam-tille.de


Reply to: