The bosybox version of tar in sumo considers symlink targets that start with / or with ../ to be unsafe and refuses to unpack them unless the EXTRACT_UNSAFE_SYMLINKS environment variable is set to 1.
As even many core packages legitimately contain such links (e.g. coreutils-locale-*, dropbear, eudev, initscripts, kmod, ...), add the environment variable to the remote script. --- scripts/lib/devtool/deploy.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/scripts/lib/devtool/deploy.py b/scripts/lib/devtool/deploy.py index f345f31b7b..dc9b34e0ee 100644 --- a/scripts/lib/devtool/deploy.py +++ b/scripts/lib/devtool/deploy.py @@ -114,6 +114,11 @@ def _prepare_remote_script(deploy, verbose=False, dryrun=False, undeployall=Fals lines.append('rm $3') lines.append('mkdir -p `dirname $manifest`') lines.append('mkdir -p $2') + # Busybox tar v1.28.x (plus v1.27.2 with the CVE-2011-5325 patch) + # requires this env variable. The first release without this issue + # is thud. + # FIXME Remove once sumo goes out of support + lines.append('export EXTRACT_UNSAFE_SYMLINKS=1') if verbose: lines.append(' tar xv -C $2 -f - | tee $manifest') else: -- 2.11.0 -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core