From ba18916e1b5036b379e38ea39b8b41cbb8fd6c1a Mon Sep 17 00:00:00 2001
From: Chris Hofstaedtler <ch@grml.org>
Date: Tue, 10 Dec 2024 12:48:31 +0100
Subject: [PATCH] grml-live: strip xattrs in squashfs

Ignore all extended attributes from files in chroot when adding them to the
squashfs.

This avoids:

1) leaking containerization supplied selinux attributes into the squashfs,
which can be seen when building in podman, and in docker.

2) prevents unpacking errors in a later build-only step in containers not
supporting xattrs. Can also be seen in podman.
---
 grml-live | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/grml-live b/grml-live
index fb2b3ee3..65dfed00 100755
--- a/grml-live
+++ b/grml-live
@@ -1514,6 +1514,11 @@ else
      fi
    fi
 
+   # Ignore all extended attributes. This avoids:
+   # 1) leaking containerization supplied selinux attributes into the squashfs,
+   # 2) prevents unpacking errors in a later build-only step in containers not supporting xattrs.
+   SQUASHFS_OPTIONS="$SQUASHFS_OPTIONS -no-xattrs"
+
    # support exclusion of files via exclude-file:
    if [ -n "$SQUASHFS_EXCLUDES_FILE" ] && [ "$SQUASHFS_EXCLUDES_FILE" ] ; then
       SQUASHFS_OPTIONS="$SQUASHFS_OPTIONS -ef $SQUASHFS_EXCLUDES_FILE -wildcards"