fs/tar: only store numeric uid/gid

If a target user is asigned a UID (e.g. 1000) that happens to also exist
on the build machine, tar will happily store the username for that user.

This can be seen by some as potential information disclosure.

Instruct tar to just store the numeric uid/gid.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

diff --git a/fs/tar/tar.mk b/fs/tar/tar.mk
index 780827e42fc75cf7c34bce8a3e2a3a9eef6f3b37..28219cf05277e59f2678c312bad70701b8306d67 100644 (file)
--- a/fs/tar/tar.mk
+++ b/fs/tar/tar.mk
@@ -7,7 +7,7 @@
 TAR_OPTS := $(call qstrip,$(BR2_TARGET_ROOTFS_TAR_OPTIONS))
 
 define ROOTFS_TAR_CMD
-       tar -c$(TAR_OPTS)f $@ -C $(TARGET_DIR) .
+       tar -c$(TAR_OPTS)f $@ --numeric-owner -C $(TARGET_DIR) .
 endef
 
 $(eval $(call ROOTFS_TARGET,tar))