Commit 07f57314 authored by Jakob Unterwurzacher's avatar Jakob Unterwurzacher

package[-static].bash: stop leaking the local user id in the tarball

The local user id of the packager is not interesting for users who
download the tarball.

Also it will cause the gocryptfs binary to have an unintended owner
when the tarball is extraced as root.

Fix the issue by using "tar --owner=root --group=root" which
overwrites user and group id with zero.
parent 312ea32b
#!/bin/bash -eu
cd $(dirname "$0")
cd "$(dirname "$0")"
# Compiles the gocryptfs binary and sets $GITVERSION
source build-without-openssl.bash
......@@ -19,7 +19,7 @@ OS=$(go env GOOS)
TARGZ=gocryptfs_${GITVERSION}_${OS}-static_${ARCH}.tar.gz
tar czf $TARGZ gocryptfs gocryptfs.1
tar --owner=root --group=root -czf $TARGZ gocryptfs gocryptfs.1
echo "Tar created."
echo "Hint for signing: gpg -u 23A02740 --armor --detach-sig $TARGZ"
#!/bin/bash
#!/bin/bash -eu
set -eu
cd $(dirname "$0")
cd "$(dirname "$0")"
# Build binary and sets $GITVERSION (example: v0.7-15-gf01f599)
source build.bash
......@@ -28,7 +27,7 @@ cp -a ./Documentation/gocryptfs.1 .
TARGZ=gocryptfs_${GITVERSION}_${ID}${VERSION_ID}_${ARCH}.tar.gz
tar czf $TARGZ gocryptfs gocryptfs.1
tar --owner=root --group=root -czf $TARGZ gocryptfs gocryptfs.1
echo "Tar created."
echo "Hint for signing: gpg -u 23A02740 --armor --detach-sig $TARGZ"
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment