On Thu, 02 Feb 2017 17:39:07 +0100 Patrick Ohly <patrick.o...@intel.com> wrote:
> On Thu, 2017-02-02 at 10:21 -0600, Seebs wrote: > > On Thu, 02 Feb 2017 11:38:00 +0100 > > Patrick Ohly <patrick.o...@intel.com> wrote: > > > > > Why do we make the real user ID on the build system visible at all > > > when running under pseudo? The uid and user name have no meaning > > > there, as the user won't exist on the target system. Instead we > > > could map the owner of all files to root:root by default, i.e. in > > > those cases where no other ownership is recorded in the pseudo > > > database. > > > > We could. Honestly, the underlying reason we don't is at least in > > part that that makes the behavior differ more from the behavior of > > "sudo"; with sudo, you see actual ownerships. But that's less > > applicable here. > > > > I would be more inclined to report a Definitely Absolutely Not Okay > > user ID, like 65533. (65534 and 65535 have both been used as Magic > > Cookies in the past, I think.) > > I had considered that approach myself, too. It would make the QA check > reliable and in that sense solve the problem. > > But I find mapping to root:root more attractive because it makes > packaging simpler (less worries about accidentally copying the > original uid) and the builds faster (no need to run the QA check). Hmm. I think I would rather have the QA check, because if a file's supposed to be non-root, and ends up root instead, that could cause subtle problems, but we'd no longer have a way to *detect* those problems. -s -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
