Instead of backporting select 1.35 fixes to make tar work for us, lets
update to 1.35 now that we have identified the upstream fix for macOS.
Signed-off-by: Robert Marko <robimarko@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/15743
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Tar 1.34 ship an old version of paxlib with rtapelib.c that produce some
compilation warning. This library got updated in 1.35 but we still can't
use the new Tar version.
GCC 14 then made these compilarion warning errors.
Manually backport the fixes to rtapelib.c and patch the version shipped
in 1.34 to fix these compilation warning.
Fixes: #15692
Fixes: 2951e0a80e ("tools: tar: backport patches fixing broken --delete")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
In experimenting with --delete for APK handling, it was discovered that
--delete is broken and corrupts the TAR in some case.
This is fixed in version 1.35 but 1.35 introduce some problem with MacOS
making it difficult to bump. Backport the 2 required patches to fix this
problem so --delete is usable again.
Link: https://github.com/openwrt/openwrt/pull/15543
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
In the light of recent XZ events, and fundamental XZ issues lets work on
moving away from using XZ.
So, use gz compressed tarballs as sources whenever possible.
dwarves only offers bz2 compressed tarballs, so use those as size
difference is minor compared to XZ.
Signed-off-by: Robert Marko <robimarko@gmail.com>
dwarves
CPE ids helps to tracks CVE in packages.
https://cpe.mitre.org/specification/
Thanks to swalker for CPE to package mapping and
keep tracking CVEs.
Acked-by: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
On Linux, symlink permissions cannot be altered and are always 0777.
On Mac OS X they can be 0755. Force 0777 here to keep tarballs
reproducible across systems
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Force root/root as names for uid0/gid0 instead of using the system
names. This helps make packed download tarballs more reproducible
Signed-off-by: Felix Fietkau <nbd@nbd.name>
The "tar" utility is required to bootstrap XZ which is required to handle
.tar.xz archives, therfore revert to using the bz2 archive.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
