binary 0.10.0 tarball modifies ./ #5789

It seems that the 0.10.0 binary tarball (for linux64 at least, e.g. https://bitcoin.org/bin/0.10.0/test/bitcoin-0.10.0rc4-linux64.tar.gz) attempts a chmod on ./ to 0755. e.g.:

local@ubuntu:/tmp$ tar -zxvf bitcoin-0.10.0rc4-linux64.tar.gz 
./
./bitcoin-0.10.0/
./bitcoin-0.10.0/bin/
./bitcoin-0.10.0/bin/bitcoin-cli
./bitcoin-0.10.0/bin/bitcoind
./bitcoin-0.10.0/bin/bitcoin-qt
./bitcoin-0.10.0/bin/bitcoin-tx
./bitcoin-0.10.0/bin/test_bitcoin
./bitcoin-0.10.0/bin/test_bitcoin-qt
./bitcoin-0.10.0/include/
./bitcoin-0.10.0/include/bitcoinconsensus.h
./bitcoin-0.10.0/lib/
./bitcoin-0.10.0/lib/libbitcoinconsensus.so
./bitcoin-0.10.0/lib/libbitcoinconsensus.so.0
./bitcoin-0.10.0/lib/libbitcoinconsensus.so.0.0.0
tar: .: Cannot utime: Operation not permitted
tar: .: Cannot change mode to rwxr-xr-t: Operation not permitted
tar: Exiting with failure status due to previous errors

So, if I had done this as root, my /tmp would be 0755 instead of 1777. Appears to attempt to modify utime as well...

I can confirm this too.

Yikes. Thanks for reporting.

I'm gitian-building with a potential fix now. I'll PR it once it's confirmed working.

@robby-dermody @btcdrak It'd be great if you could verify that the build results in #5790 have properly addressed the problem.

Thank for catching this. Somewhat unexpected to me that tar can even do this with the default settings. So the security-conscious should always untar into a newly-created directory.