From f550705177eeeaddabdf7adc773980191344aab4 Mon Sep 17 00:00:00 2001 From: kpcyrd Date: Thu, 1 Jul 2021 18:31:55 +0200 Subject: [PATCH] abuild-sign: Do not record uid and user name in index --- .gitattributes | 1 + abuild-sign.in | 2 +- tests/abuild-sign.bats | 36 ++++++++++++++++++++++++++++++++++++ 3 files changed, 38 insertions(+), 1 deletion(-) create mode 100644 .gitattributes create mode 100644 tests/abuild-sign.bats diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..e227f8f --- /dev/null +++ b/.gitattributes @@ -0,0 +1 @@ +*.bats gitlab-language=shell diff --git a/abuild-sign.in b/abuild-sign.in index 2c763fc..1c77717 100644 --- a/abuild-sign.in +++ b/abuild-sign.in @@ -39,7 +39,7 @@ do_sign() { fi tmptargz=$(mktemp) - tar -f - -c "$sig" | abuild-tar --cut | $gzip -n -9 > "$tmptargz" + tar --owner=0 --group=0 --numeric-owner -f - -c "$sig" | abuild-tar --cut | $gzip -n -9 > "$tmptargz" tmpsigned=$(mktemp) cat "$tmptargz" "$i" > "$tmpsigned" rm -f "$tmptargz" "$sig" diff --git a/tests/abuild-sign.bats b/tests/abuild-sign.bats new file mode 100644 index 0000000..7a7cb18 --- /dev/null +++ b/tests/abuild-sign.bats @@ -0,0 +1,36 @@ +#/usr/bin/env bats + +setup() { + export ABUILD="$PWD/../abuild" + export ABUILD_SHAREDIR="$PWD/.." + export ABUILD_CONF=/dev/null + tmpdir="$BATS_TMPDIR"/abuild + export REPODEST="$tmpdir"/packages + export CLEANUP="srcdir bldroot pkgdir deps" + export WORKDIR="$tmpdir"/work + export APORTSDIR="$PWD"/testrepo + export PATH="$PWD/../:$PATH" + export SUDO=doas + export ARCH=$(apk --print-arch) + + abuild-keygen -ain >/dev/null 2>&1 + + mkdir -p "$tmpdir" "$WORKDIR" +} + +teardown() { + rm -rf "$tmpdir" +} + +@test 'abuild-sign: do not record user name/id in index' { + cd testrepo/pkg1 + $ABUILD + + tar tvzf "$REPODEST"/testrepo/"$ARCH"/APKINDEX.tar.gz --numeric-owner| + while read -r _ user _ _ _ f; do + if [ "$user" != "0/0" ]; then + echo "file '$f' is not owned by 0/0 (owned by $user)" >&2 + exit 1 + fi + done +}