On Tue, Feb 26, 2019 at 1:40 AM Olaf Mandel <o.man...@menlosystems.com> wrote: > > The bosybox version of tar considers symlink targets that start with / > or with ../ to be unsafe and refuses to unpack them unless the > EXTRACT_UNSAFE_SYMLINKS environment variable is set to 1. > > As even many core packages legitimately contain such links (e.g. > coreutils-locale-*, dropbear, eudev, initscripts, kmod, ...), add the > environment variable to the remote script.
Upstream Busybox seems to have a different solution, so perhaps worth adding a comment that EXTRACT_UNSAFE_SYMLINKS is a temporary / version-specific fix. https://git.busybox.net/busybox/commit/?h=1_28_stable&id=37277a23fe48b13313f5d96084d890ed21d5fd8b > --- > scripts/lib/devtool/deploy.py | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/scripts/lib/devtool/deploy.py b/scripts/lib/devtool/deploy.py > index f345f31b7b..9617388f90 100644 > --- a/scripts/lib/devtool/deploy.py > +++ b/scripts/lib/devtool/deploy.py > @@ -114,6 +114,7 @@ def _prepare_remote_script(deploy, verbose=False, > dryrun=False, undeployall=Fals > lines.append('rm $3') > lines.append('mkdir -p `dirname $manifest`') > lines.append('mkdir -p $2') > + lines.append('export EXTRACT_UNSAFE_SYMLINKS=1') > if verbose: > lines.append(' tar xv -C $2 -f - | tee $manifest') > else: > -- > 2.11.0 > > -- > _______________________________________________ > Openembedded-core mailing list > Openembedded-core@lists.openembedded.org > http://lists.openembedded.org/mailman/listinfo/openembedded-core -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core