new file mode 100644
@@ -0,0 +1,174 @@
+From 8d9953dd8d589e9b740307976cbe474e0ce292a0 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Piotr=20=C5=81obacz?= <p.lobacz@welotec.com>
+Date: Wed, 16 Aug 2023 14:59:35 +0200
+Subject: [PATCH 1/2] opkg-build: Add acls and xattrs support
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Add support for tar archives created with --acls and/or --xattrs options,
+PAX header format.
+
+GNU tar and libarchive already supports ACLs and extended attributes.
+We can now add this support as well to opkg-build script in order to use
+fsetattr or setcap inside do_install command and end up with a file in
+an image with the relevant ACLs and xattrs.
+
+Upstream-Status: Backport [8d9953dd8d589e9b740307976cbe474e0ce292a0]
+
+[1] https://bugzilla.yoctoproject.org/show_bug.cgi?id=15097
+[2] https://groups.google.com/g/opkg-devel/c/aEGL7XRXfaA
+
+Signed-off-by: Piotr Łobacz <p.lobacz@welotec.com>
+---
+ opkg-build | 81 +++++++++++++++++++++++++++++++++++-------------------
+ 1 file changed, 53 insertions(+), 28 deletions(-)
+
+diff --git a/opkg-build b/opkg-build
+index a9e45d4..fb0873d 100755
+--- a/opkg-build
++++ b/opkg-build
+@@ -145,6 +145,7 @@ You probably want to chown these to a system user: " >&2
+ ###
+ # opkg-build "main"
+ ###
++attributesargs=""
+ ogargs=""
+ outer=ar
+ noclean=0
+@@ -153,22 +154,6 @@ compressor=gzip
+ zipargs="-9n"
+ compressorargs=""
+
+-# Determine if tar supports the --format argument by checking the help output.
+-#
+-# This is needed because:
+-# - Busybox tar doesn't support '--format'
+-# - On some Linux distros, tar now defaults to posix format if '--format'
+-# isn't explicitly specified
+-# - Opkg doesn't currently support posix format archives
+-#
+-# It's easier to check for mention of the '--format' option than to detect the
+-# tar implementation and maintain a list of which support '--format'.
+-tarformat=""
+-if tar --help 2>&1 | grep -- "--format" > /dev/null;
+-then
+- tarformat="--format=gnu"
+-fi
+-
+ compressor_ext() {
+ case $1 in
+ gzip|pigz)
+@@ -197,20 +182,24 @@ compressor_ext() {
+ : <<=cut
+ =head1 SYNOPSIS
+
+-B<opkg-build> [B<-c>] [B<-C>] [B<-Z> I<compressor>] [B<-a>] [B<-O>] [B<-o> I<owner>] [B<-g> I<group>] I<pkg_directory> [I<destination_directory>]
++B<opkg-build> [B<-A>] [B<-X>] [B<-c>] [B<-C>] [B<-Z> I<compressor>] [B<-a>] [B<-O>] [B<-o> I<owner>] [B<-g> I<group>] I<pkg_directory> [I<destination_directory>]
+
+ =cut
+
+-usage="Usage: $0 [-c] [-C] [-Z compressor] [-a compressor_args] [-O] [-o owner] [-g group] <pkg_directory> [<destination_directory>]"
+-while getopts "a:cCg:ho:vOZ:" opt; do
++usage="Usage: $0 [-A] [-X] [-c] [-C] [-Z compressor] [-a compressor_args] [-O] [-o owner] [-g group] <pkg_directory> [<destination_directory>]"
++while getopts "Aa:cCg:ho:vOXZ:" opt; do
+ case $opt in
++ A ) attributesargs="${attributesargs:+$attributesargs }--acls"
++ ;;
++ X ) attributesargs="${attributesargs:+$attributesargs }--xattrs"
++ ;;
+ o ) owner=$OPTARG
+- ogargs="--owner=$owner"
++ ogargs="${ogargs:+$ogargs }--owner=$owner"
+ ;;
+ O ) opkext=1
+ ;;
+ g ) group=$OPTARG
+- ogargs="$ogargs --group=$group"
++ ogargs="${ogargs:+$ogargs }--group=$group"
+ ;;
+ c ) outer=tar
+ ;;
+@@ -232,6 +221,32 @@ while getopts "a:cCg:ho:vOZ:" opt; do
+ esac
+ done
+
++# Determine if tar supports the --format argument by checking the help output.
++#
++# This is needed because:
++# - Busybox tar doesn't support '--format'
++# - On some Linux distros, tar now defaults to posix format if '--format'
++# isn't explicitly specified
++# - Opkg currently supports posix format archives, but gnu format is left
++# here intentionally for backward compatibility
++#
++# It's easier to check for mention of the '--format' option than to detect the
++# tar implementation and maintain a list of which support '--format'.
++tarformat=""
++if tar --help 2>&1 | grep -- "--format" > /dev/null;
++then
++ # For ACLs or xattr support, gnu format will not work
++ # we need to set posix format instead
++ if [ ! -z "$attributesargs" ] ; then
++ tarformat="--format=posix"
++ else
++ tarformat="--format=gnu"
++ fi
++elif [ ! -z "$attributesargs" ] ; then
++ echo "*** Error: Attributes: $attributesargs, don't work, without posix format, which is not supported by host's tar command." >&2
++ exit 1
++fi
++
+ cext=$(compressor_ext $compressor)
+
+ # pgzip requires -T to avoid timestamps on the gzip archive
+@@ -301,21 +316,31 @@ fi
+ tmp_dir=$dest_dir/IPKG_BUILD.$$
+ mkdir $tmp_dir
+
+-build_date="${SOURCE_DATE_EPOCH:-$(date +%s)}"
+-
+-mtime_args=""
++mtime_args="--mtime=@${SOURCE_DATE_EPOCH:-$(date +%s)}"
+ # --clamp-mtime requires tar > 1.28. Only use it if SOURCE_DATE_EPOCH is set, to avoid having a generic case dependency on tar > 1.28.
+ # this setting will make sure files generated at build time have consistent mtimes, for reproducible builds.
+ if [ ! -z "$SOURCE_DATE_EPOCH" ]; then
+- mtime_args="--mtime=@$build_date --clamp-mtime"
++ mtime_args="$mtime_args --clamp-mtime"
++fi
++
++# Notice, that if you create an archive in POSIX format (see section GNU tar and POSIX tar) and the environment variable POSIXLY_CORRECT is set,
++# then the two archives created using the same options on the same set of files will not be byte-to-byte equivalent even with the above option.
++# This is because the posix default for extended header names includes the PID of the tar process, which is different at each run. To produce
++# byte-to-byte equivalent archives in this case, either unset POSIXLY_CORRECT, or use the following option:
++#
++# --pax-option=exthdr.name=%d/PaxHeaders/%f,atime:=0,ctime:=0
++#
++# https://www.gnu.org/software/tar/manual/html_node/PAX-keywords.html
++if [[ "$tarformat" == "--format=posix" ]]; then
++ mtime_args="$mtime_args --pax-option=exthdr.name=%d/PaxHeaders/%f,atime:=0,ctime:=0"
+ fi
+
+ export LANG=C
+ export LC_ALL=C
+ ( cd $pkg_dir/$CONTROL && find . -type f | sort > $tmp_dir/control_list )
+ ( cd $pkg_dir && find . -path ./$CONTROL -prune -o -path . -o -print | sort > $tmp_dir/file_list )
+-( cd $pkg_dir && tar $ogargs $tsortargs --no-recursion $mtime_args -c $tarformat -T $tmp_dir/file_list | $compressor $compressorargs > $tmp_dir/data.tar.$cext )
+-( cd $pkg_dir/$CONTROL && tar $ogargs $tsortargs --no-recursion --mtime=@$build_date -c $tarformat -T $tmp_dir/control_list | gzip $zipargs > $tmp_dir/control.tar.gz )
++( cd $pkg_dir && tar $attributesargs $ogargs $tsortargs --numeric-owner --no-recursion $mtime_args -c $tarformat -T $tmp_dir/file_list | $compressor $compressorargs > $tmp_dir/data.tar.$cext )
++( cd $pkg_dir/$CONTROL && tar $ogargs $tsortargs --no-recursion $mtime_args -c $tarformat -T $tmp_dir/control_list | gzip $zipargs > $tmp_dir/control.tar.gz )
+ rm $tmp_dir/file_list
+ rm $tmp_dir/control_list
+
+@@ -331,7 +356,7 @@ rm -f $pkg_file
+ if [ "$outer" = "ar" ] ; then
+ ( cd $tmp_dir && ar -crfD $pkg_file ./debian-binary ./control.tar.gz ./data.tar.$cext )
+ else
+- ( cd $tmp_dir && tar -c $tsortargs --mtime=@$build_date $tarformat ./debian-binary ./control.tar.gz ./data.tar.$cext | gzip $zipargs > $pkg_file )
++ ( cd $tmp_dir && tar -c $tsortargs $mtime_args $tarformat ./debian-binary ./control.tar.gz ./data.tar.$cext | gzip $zipargs > $pkg_file )
+ fi
+
+ rm $tmp_dir/debian-binary $tmp_dir/data.tar.$cext $tmp_dir/control.tar.gz
+--
+2.34.1
+
@@ -9,6 +9,7 @@ PROVIDES += "${@bb.utils.contains('PACKAGECONFIG', 'update-alternatives', 'virtu
SRC_URI = "git://git.yoctoproject.org/opkg-utils;protocol=https;branch=master \
file://0001-update-alternatives-correctly-match-priority.patch \
+ file://0002-opkg-build-Add-acls-and-xattrs-support.patch \
"
SRCREV = "67994e62dc598282830385da75ba9b1abbbda941"
Add support for tar archives created with --acls and/or --xattrs options, PAX header format. GNU tar and libarchive already supports ACLs and extended attributes. We can now add this support as well to opkg-build script in order to use fsetattr or setcap inside do_install command and end up with a file in an image with the relevant ACLs and xattrs. Signed-off-by: Piotr Łobacz <p.lobacz@welotec.com> --- ...kg-build-Add-acls-and-xattrs-support.patch | 174 ++++++++++++++++++ .../opkg-utils/opkg-utils_0.6.2.bb | 1 + 2 files changed, 175 insertions(+) create mode 100644 meta/recipes-devtools/opkg-utils/opkg-utils/0002-opkg-build-Add-acls-and-xattrs-support.patch