Sounds good, can you send a patch? Ross
> On 16 Sep 2024, at 10:22, Joel GUITTET via lists.yoctoproject.org > <jguittet.opensource=witekio....@lists.yoctoproject.org> wrote: > > Hello > The systemd recipe indicates systemd-container has a dependency to "tar" > due to machinectl import-tar command using "--numeric-owner" option of tar. > See > https://git.openembedded.org/openembedded-core/tree/meta/recipes-core/systemd/systemd_256.5.bb?h=master#n576 > However, busybox added --numeric-owner option to tar since a long time now, > see > https://git.busybox.net/busybox/commit/archival/tar.c?h=1_36_stable&id=8b814b4a349e2262c0ad25793b05206a14651ebb > and > https://git.busybox.net/busybox/commit/archival/tar.c?h=1_36_stable&id=d57d62686dac254e83fbc18f851c773ec16013d8 > So why not removing this tar dependency that is RRECOMMENDS by the systemd > recipe ? So that we can use the busybox version instead. > Thanks for any feedback on the reason for this! > Joel > PS: the positive impact is: the latest GPLv2 tar version is v1.17, which > has several CVEs actually so I would like to avoid integrating tar, and use > busybox alternative instead. I don't use the import-tar command of > machienctl, so no risk for me, but it seems it's possible to improve in Yocto > more generally. > > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#63841): https://lists.yoctoproject.org/g/yocto/message/63841 Mute This Topic: https://lists.yoctoproject.org/mt/108477277/21656 Group Owner: yocto+ow...@lists.yoctoproject.org Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
