Bug#638278: Bits from the Lintian maintainers
Package: lintian
Severity: normal
On 2011-08-18 10:15, Thorsten Glaser wrote:
> Hi,
>
> no idea whether you knew it, but lintian warns with Error
> severity if files in {control,data}.tar.gz have only the
> numerical user and group ID filled in, i.e. are owned by
> "0/0" instead of "root/root".
>
> The difference is in the ustar header:
>
> typedef struct {
> char name[TNMSZ]; /* name of entry */
> char mode[8]; /* mode */
> char uid[8]; /* uid */
> char gid[8]; /* gid */
> char size[12]; /* size */
> char mtime[12]; /* modification time */
> char chksum[CHK_LEN]; /* checksum */
> char typeflag; /* type of file. */
> char linkname[TNMSZ]; /* linked to name */
> char magic[TMAGLEN]; /* magic cookie */
> char version[TVERSLEN]; /* version */
> char uname[32]; /* ascii owner name */
> char gname[32]; /* ascii group name */
> char devmajor[8]; /* major device number */
> char devminor[8]; /* minor device number */
> char prefix[TPFSZ]; /* linked to name */
> } HD_USTAR;
>
> Normally, uid and gid are "0000000", and uname and gname
> are optionally (normally yes, but several tar implementa-
> tions have gained the ability to not do it) filled in with
> the local values for that, such as "root" but the group
> with the ID 0 results as "wheel" when packaged on BSD sy-
> stems, which would violate Policy in the moment that a
> non-gid0 group called wheel exists on the Debian system
> the DEB is extracted on (since they have priority over
> the numerical values if they exist).
> That’s why I was playing with only-numeric uid/gid values…
>
> Here’s a hexdump:
>
> tglase@tglase:~ $ mirtar -M 0x000B -cf - emptyfile | hd
> 00000000 65 6d 70 74 79 66 69 6c 65 00 00 00 00 00 00 00 |emptyfile.......|
> 00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
> *
> 00000060 00 00 00 00 30 31 30 30 36 34 34 00 30 30 30 30 |....0100644.0000|
> 00000070 30 30 30 00 30 30 30 30 30 30 30 00 30 30 30 30 |000.0000000.0000|
> 00000080 30 30 30 30 30 30 30 00 31 31 36 32 33 31 34 34 |0000000.11623144|
> 00000090 33 37 37 00 30 30 31 31 35 33 34 00 30 00 00 00 |377.0011534.0...|
> 000000a0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
> *
> 00000100 00 75 73 74 61 72 00 30 30 72 6f 6f 74 00 00 00 |.ustar.00root...|
> 00000110 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
> 00000120 00 00 00 00 00 00 00 00 00 72 6f 6f 74 00 00 00 |.........root...|
> 00000130 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
> *
> 00002800
> tglase@tglase:~ $ mirtar -M 0x008B -cf - emptyfile | hd
> 00000000 65 6d 70 74 79 66 69 6c 65 00 00 00 00 00 00 00 |emptyfile.......|
> 00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
> *
> 00000060 00 00 00 00 30 31 30 30 36 34 34 00 30 30 30 30 |....0100644.0000|
> 00000070 30 30 30 00 30 30 30 30 30 30 30 00 30 30 30 30 |000.0000000.0000|
> 00000080 30 30 30 30 30 30 30 00 31 31 36 32 33 31 34 34 |0000000.11623144|
> 00000090 33 37 37 00 30 30 30 37 37 32 34 00 30 00 00 00 |377.0007724.0...|
> 000000a0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
> *
> 00000100 00 75 73 74 61 72 00 30 30 00 00 00 00 00 00 00 |.ustar.00.......|
> 00000110 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
> *
> 00002800
>
>
> I’ll write more about DEB files in the wlog, which is syndicated
> on Planet Debian, later (which will include the reasons for me
> to do this; I wrote an "ar" backend for paxtar in the process).
> If you want to reproduce this, “paxmirabilis” currently lies at
> https://www.freewrt.org/~tg/debs/dists/sid/wtf/Pkgs/mircpio/
> (it doesn’t conflict with anything on the system).
>
> Do you agree when I think ustar archives with numeric zero values
> as uid/gid should not violate Policy?
>
> Thanks,
> //mirabilos
Hi,
Not a 100% sure here, but I have submitted this as a bug against Lintian
now. As I recall, we tend to use user and group names rather than
numerical values in the code, so this smells like work. :P
~Niels
Reply to: