Subject: [uscan] Fixes for repacking ZIP files Package: devscripts Version: 2.10.71 Severity: normal Tags: patch
When repacking ZIP files, because of the way uscan invokes tar, the current directory '.' (dot) is always included in the resulting tar archive. Unpacking such an archive has the side effect of tar attempting to change the permissions of the cwd, as easily reproduced by unpacking such a tarball from within the /tmp directory. Regular users get an error, root has the permissions of /tmp changed. Another minor issue is that the user and group name are leaked into the archive, instead of using the neutral 'root'. The attached patch trivially fixes these two issues. The first issue is resolved by cd'ing into the temporary directory prior to invoking tar and using shell globbing, instead of -C flag and '.' combo. The second issue is resolved by using the --owner, --group and --mode flags.
--- /usr/bin/uscan 2011-02-19 18:14:43.000000000 +0100
+++ uscan 2011-02-25 20:29:01.023208309 +0100
@@ -1369,7 +1369,7 @@
my $newfile_base_gz = "$1.tar.gz";
my $tempdir = tempdir ( "uscanXXXX", TMPDIR => 1, CLEANUP => 1 );
- system("unzip -q -d $tempdir $destdir/$newfile_base; GZIP=-9 tar -C $tempdir -czf $destdir/$newfile_base_gz .") == 0
+ system("unzip -q -d $tempdir $destdir/$newfile_base; cd $tempdir; GZIP=-9 tar --owner=root --group=root --mode=a+rX -czf $destdir/$newfile_base_gz *") == 0
or die("Repacking from zip to tar.gz failed\n");
unlink "$destdir/$newfile_base";
$newfile_base = $newfile_base_gz;
signature.asc
Description: OpenPGP digital signature
