Commit 3cae08ce authored by intrigeri's avatar intrigeri
Browse files

Ensure /etc/resolv.conf is owned by root:root in the SquashFS.

lb_chroot_resolv will "cp -a" it from the source tree, so it inherits its
ownership from the whoever cloned the Git repository. This has two problems.
First, this results in unsafe permissions on this file (e.g. a Vagrant build
results in the 'amnesia' user having write access to it). Second, building with
a different user results in a non-deterministic SquashFS.

refs: #5630
parent 97f1eee4
......@@ -60,6 +60,7 @@ echo "POTFILES_DOT_IN='$(
# fix permissions on some source files that will be copied as is to the chroot.
# they may be wrong, e.g. if the Git repository was cloned with a strict umask.
chown 0:0 config/chroot_local-includes/etc/resolv.conf
chmod -R go+rX config/binary_local-includes/
chmod -R go+rX config/chroot_local-includes/etc
chmod 0440 config/chroot_local-includes/etc/sudoers.d/*
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment