Skip to content

fix(repack): enforce mode=a=rX,u+w to avoid permission discrepancies #130

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Nov 24, 2025
Merged

fix(repack): enforce mode=a=rX,u+w to avoid permission discrepancies #130

merged 1 commit into from
Nov 24, 2025

Conversation

@ssnaaz
Copy link

@ssnaaz ssnaaz commented Nov 21, 2025
edited
Loading

Archives created on different systems had varying file permissions, leading to different checksums after repacking. Setting mode=a=rX,u+w to normalize permissions to ensure reproducibility.

Fixes: 6c54581 (chore(repack): create tar with stable order and owner)

@Urist-McGit
Copy link
Collaborator

Urist-McGit commented Nov 21, 2025

The commit message should be fix(repack): enforce mode=755 to avoid permission discrepancies

@ssnaaz ssnaaz changed the title fix(tar): enforce mode=755 to avoid permission discrepancies fix(repack): enforce mode=755 to avoid permission discrepancies Nov 21, 2025
@ssnaaz
Copy link
Author

ssnaaz commented Nov 21, 2025

@Urist-McGit Updated, thanks!

fmoessbauer
fmoessbauer requested changes Nov 23, 2025
View reviewed changes
Copy link
Member

@fmoessbauer fmoessbauer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This makes all files executable. We instead need either --mode=a=rX,u+w (1) or --mode=go+u,go-w (2)

  1. https://reproducible-builds.org/docs/archives/
  2. https://www.gnu.org/software/tar/manual/html_section/Reproducibility.html

@ssnaaz
Copy link
Author

ssnaaz commented Nov 24, 2025

Thanks @fmoessbauer, I have verified both options: --mode=a=rX,u+w and --mode=go+u,go-w and both work as expected. However, I chose the first option (a=rX,u+w) because it best addresses our issue: on system A the permission is rw-rw-r--, whereas on system B it is rw-r--r--, ensuring reproducible file modes across systems. Please let me know if my assumption is correct and kindly review this change.

@ssnaaz ssnaaz requested a review from fmoessbauer November 24, 2025 04:28
@ssnaaz ssnaaz changed the title fix(repack): enforce mode=755 to avoid permission discrepancies fix(repack): enforce mode=a=rX,u+w to avoid permission discrepancies Nov 24, 2025
@fmoessbauer fmoessbauer merged commit cadf4f1 into siemens:main Nov 24, 2025
11 checks passed
@fmoessbauer
Copy link
Member

fmoessbauer commented Nov 24, 2025

Thanks @fmoessbauer, I have verified both options: --mode=a=rX,u+w and --mode=go+u,go-w and both work as expected. However, I chose the first option (a=rX,u+w) because it best addresses our issue: on system A the permission is rw-rw-r--, whereas on system B it is rw-r--r--, ensuring reproducible file modes across systems. Please let me know if my assumption is correct and kindly review this change.

That makes sense. Thanks. Merged.

fix(repack): enforce mode=a=rX,u+w to avoid permission discrepancies
e8b9e37 
Archives created on different systems had varying file permissions,
leading to different checksums after repacking. Setting mode=a=rX,u+w
to normalize permissions to ensure reproducibility.

Fixes: 6c54581 (chore(repack): create tar with stable order and owner)

Signed-off-by: Syeda Shagufta Naaz <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@fmoessbauer fmoessbauer fmoessbauer approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@ssnaaz @Urist-McGit @fmoessbauer