From fb2389d4915c7f17949a955b9e7780c40871180f Mon Sep 17 00:00:00 2001
From: Richard Ipsum <richard.ipsum@codethink.co.uk>
Date: Mon, 20 Jul 2015 15:27:47 +0100
Subject: Extract downloaded tarball as current user

tar will preserve ownership and permissions by default
if running as the superuser, whereas git doesn't track ownership,
the owner is set to the user running the clone.

This is a reproducibility hole since the resulting repo may differ
depending on whether the repo was obtained from a tarball or via a git
clone, but morph considers the repos to be equivalent.

Running tar with --no-same-owner ensures the files
written by tar will be owned by the user extracting the archive.

This only fixes half the problem,
lorry may also need to be modified to ensure files in the
tarball have the same mode as those in the git repo.

Change-Id: I849d054bc4574f9c0bbcfd608914306e52b7a22e
---
 morphlib/localrepocache.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/morphlib/localrepocache.py b/morphlib/localrepocache.py
index ba11fb96..26c516ce 100644
--- a/morphlib/localrepocache.py
+++ b/morphlib/localrepocache.py
@@ -130,7 +130,7 @@ class LocalRepoCache(object):
             return ['wget'] + verbosity_flags + ['-O-', url]
 
         self._app.runcmd(wget_command(),
-                         ['tar', 'xf', '-'],
+                         ['tar', '--no-same-owner', '-xf', '-'],
                          cwd=path, **kwargs)
 
     def _mkdtemp(self, dirname):  # pragma: no cover
-- 
cgit v1.2.1