package[-static].bash: stop leaking the local user id in the tarball

The local user id of the packager is not interesting for users who
download the tarball.

Also it will cause the gocryptfs binary to have an unintended owner
when the tarball is extraced as root.

Fix the issue by using "tar --owner=root --group=root" which
overwrites user and group id with zero.
This commit is contained in:
Jakob Unterwurzacher 2017-08-21 14:10:05 +02:00
parent 312ea32bb7
commit 07f57314af
2 changed files with 5 additions and 6 deletions

View File

@ -1,6 +1,6 @@
#!/bin/bash -eu #!/bin/bash -eu
cd $(dirname "$0") cd "$(dirname "$0")"
# Compiles the gocryptfs binary and sets $GITVERSION # Compiles the gocryptfs binary and sets $GITVERSION
source build-without-openssl.bash source build-without-openssl.bash
@ -19,7 +19,7 @@ OS=$(go env GOOS)
TARGZ=gocryptfs_${GITVERSION}_${OS}-static_${ARCH}.tar.gz TARGZ=gocryptfs_${GITVERSION}_${OS}-static_${ARCH}.tar.gz
tar czf $TARGZ gocryptfs gocryptfs.1 tar --owner=root --group=root -czf $TARGZ gocryptfs gocryptfs.1
echo "Tar created." echo "Tar created."
echo "Hint for signing: gpg -u 23A02740 --armor --detach-sig $TARGZ" echo "Hint for signing: gpg -u 23A02740 --armor --detach-sig $TARGZ"

View File

@ -1,7 +1,6 @@
#!/bin/bash #!/bin/bash -eu
set -eu cd "$(dirname "$0")"
cd $(dirname "$0")
# Build binary and sets $GITVERSION (example: v0.7-15-gf01f599) # Build binary and sets $GITVERSION (example: v0.7-15-gf01f599)
source build.bash source build.bash
@ -28,7 +27,7 @@ cp -a ./Documentation/gocryptfs.1 .
TARGZ=gocryptfs_${GITVERSION}_${ID}${VERSION_ID}_${ARCH}.tar.gz TARGZ=gocryptfs_${GITVERSION}_${ID}${VERSION_ID}_${ARCH}.tar.gz
tar czf $TARGZ gocryptfs gocryptfs.1 tar --owner=root --group=root -czf $TARGZ gocryptfs gocryptfs.1
echo "Tar created." echo "Tar created."
echo "Hint for signing: gpg -u 23A02740 --armor --detach-sig $TARGZ" echo "Hint for signing: gpg -u 23A02740 --armor --detach-sig $TARGZ"