On Sun, 2020-03-15 at 00:25 +0000, jnqnfe@gmail.com wrote: > Package: live-build > Version: 1:20191221 > > 744141c60f55144b4d8944ba0d745adcc4b34116 (from MR #97) tried to fix > the > bug of the source stage generating permissions related warnings when > downloading source packages. > > the original fix submitted in the MR was to set the permissions of > the > download directory to 777. the reviewer requested that instead > ownership be set to _apt:root, which was the version of the commit > that > then got merged. > > unfortunately this modified solution does not work. i do not know why > this was not caught at the time, whether i did not bother to test > since > it seemed so obvious that it should work, or whether something went > wrong with conducting a fresh test, but re-running the source stage > now > i see that the problem still exists. > > i have been playing around with trying to figure out a suitable > alternative to properly solve this but not been successful so far. > > submitting this as a bug report to ensure that a record is made in > case > i don't find a solution / i end up forgetting about this / someone > else > can find a solution in the meantime. The reason I asked for the change and I wasn't comfortable with making the download directory 777 is that live-build is routinely used in automated production systems to create images. I do not want to introduce the risk of a rogue, unprivileged process to be able to mess with the downloaded files after apt has ran, if it's just to fix a harmless warning. If it can be fixed without introducing risk - great! If not, I would recommend to document it and leave it. -- Kind regards, Luca Boccassi
Attachment:
signature.asc
Description: This is a digitally signed message part