dpkg-deb: Add support for rootless builds

This sets the control member entries always to root:root, and makes it
possible to do the same for the data member entries via the new
--root-onwer-group option.

Closes: #291320
Based-on-patch-by: Niels Thykier <niels@thykier.net>
Signed-off-by: Guillem Jover <guillem@debian.org>

3 files changed, 9 insertions, 0 deletions

diff --git a/dpkg-deb/build.c b/dpkg-deb/build.c
index 3f177775d..316efebeb 100644
--- a/dpkg-deb/build.c
+++ b/dpkg-deb/build.c
@@ -421,6 +421,7 @@ typedef void filenames_feed_func(const char *dir, int fd_out);
 struct tar_pack_options {
   time_t timestamp;
   const char *mode;
+  bool root_owner_group;
 };
 
 /**
@@ -460,6 +461,8 @@ tarball_pack(const char *dir, filenames_feed_func *tar_filenames_feeder,
     /* Mode might become a positional argument, pass it before -T. */
     if (options->mode)
       command_add_args(&cmd, "--mode", options->mode, NULL);
+    if (options->root_owner_group)
+      command_add_args(&cmd, "--owner", "root:0", "--group", "root:0", NULL);
     command_add_args(&cmd, "--null", "--no-unquote", "--no-recursion",
                            "-T", "-", NULL);
     command_exec(&cmd);
@@ -586,6 +589,7 @@ do_build(const char *const *argv)
   /* Fork a tar to package the control-section of the package. */
   tar_options.mode = "u+rw,go=rX";
   tar_options.timestamp = timestamp;
+  tar_options.root_owner_group = true;
   tarball_pack(ctrldir, control_treewalk_feed, &tar_options,
                &control_compress_params, gzfd);
 
@@ -650,6 +654,7 @@ do_build(const char *const *argv)
   /* Pack the directory into a tarball, feeding files from the callback. */
   tar_options.mode = NULL;
   tar_options.timestamp = timestamp;
+  tar_options.root_owner_group = opt_root_owner_group;
   tarball_pack(dir, file_treewalk_feed, &tar_options, &compress_params, gzfd);
 
   /* Okay, we have data.tar as well now, add it to the ar wrapper. */
diff --git a/dpkg-deb/dpkg-deb.h b/dpkg-deb/dpkg-deb.h
index bc90c271e..6fd8f2b0a 100644
--- a/dpkg-deb/dpkg-deb.h
+++ b/dpkg-deb/dpkg-deb.h
@@ -37,6 +37,7 @@ action_func do_ctrltarfile;
 action_func do_fsystarfile;
 
 extern int opt_verbose;
+extern int opt_root_owner_group;
 extern int opt_uniform_compression;
 extern int debugflag, nocheckflag;
 
diff --git a/dpkg-deb/main.c b/dpkg-deb/main.c
index 7892fa9a5..1f2143b4e 100644
--- a/dpkg-deb/main.c
+++ b/dpkg-deb/main.c
@@ -104,6 +104,7 @@ usage(const struct cmdinfo *cip, const char *value)
 "                                     Allowed values: 0.939000, 2.0 (default).\n"
 "      --nocheck                    Suppress control file check (build bad\n"
 "                                     packages).\n"
+"      --root-owner-group           Forces the owner and groups to root.\n"
 "      --uniform-compression        Use the compression params on all members.\n"
 "  -z#                              Set the compression level when building.\n"
 "  -Z<type>                         Set the compression type used when building.\n"
@@ -140,6 +141,7 @@ static const char printforhelp[] =
 int debugflag = 0;
 int nocheckflag = 0;
 int opt_verbose = 0;
+int opt_root_owner_group = 0;
 int opt_uniform_compression = 0;
 
 struct deb_version deb_format = DEB_VERSION(2, 0);
@@ -215,6 +217,7 @@ static const struct cmdinfo cmdinfos[]= {
   { "debug",         'D', 0, &debugflag,     NULL,         NULL,          1 },
   { "verbose",       'v', 0, &opt_verbose,   NULL,         NULL,          1 },
   { "nocheck",       0,   0, &nocheckflag,   NULL,         NULL,          1 },
+  { "root-owner-group",    0, 0, &opt_root_owner_group,    NULL, NULL,    1 },
   { "uniform-compression", 0, 0, &opt_uniform_compression, NULL, NULL,    1 },
   { NULL,            'z', 1, NULL,           NULL,         set_compress_level },
   { NULL,            'Z', 1, NULL,           NULL,         set_compress_type  },