Change Details

xz compresses 30% better than bz2, reducing download times and server load. It also decompresses twice as fast. Someone already brought this up a year ago on devtalk.blender.org, but was almost completely ignored. So I made a diff, hoping this will help attract some attention. Current Linux archives also include the UID/GID of whatever user account happens to be used for building by the blender.org infrastructure. If someone then installs these archives as root e.g. to /usr/local/... and doesn't pay full attention the files remain owned by this regular user, which is a serious security issue. This patch fixes that by setting the UID/GID to 0. Note that I'm new to blender, I *really* hope I'm doing this the right way. I found 2 places in the source where a blender package is built, one in build_files/buildbot/slave_pack.py, the other in build_files/cmake/packaging.cmake. They seem to be independent of each other. I think the blender.org infrastructure uses the /buildbot/ one, don't know when/if the /cmake/ one gets called, but I changed both. Someone with more insight will need to have a look. Don't rely on this being commit-ready, it is more of a feature/change request with a diff tacked on to it so that people see what I'm talking about.

xz compresses 25% better than bz2, reducing download times and server load. It also decompresses twice as fast, however compression needs four times as long. Current Linux archives also include the UID/GID of whatever user account happens to be used for building by the blender.org infrastructure. If someone then installs these archives as root e.g. to /usr/local/... and doesn't pay full attention the files remain owned by a regular user, which is a serious security issue. This patch fixes that by setting the UID/GID to 0.

xz compresses 3025% better than bz2, reducing download times and server load. It also decompresses twice as fast, It also dehowever compresses twiceion needs four times as fastlong. Someone already brought this up a year ago on devtalk.blender.org, but was almost completely ignored. So I made a diff, hoping this will help attract some attention. Current Linux archives also include the UID/GID of whatever user account happens to be used for building by the blender.org infrastructure. If someone then installs these archives as root e.g. to /usr/local/... and doesn't pay full attention the files remain owned by thisa regular user, which is a serious security issue. This patch fixes that by setting the UID/GID to 0. Note that I'm new to blender, I *really* hope I'm doing this the right way. I found 2 places in the source where a blender package is built, one in build_files/buildbot/slave_pack.py, the other in build_files/cmake/packaging.cmake. They seem to be independent of each other. I think the blender.org infrastructure uses the /buildbot/ one, don't know when/if the /cmake/ one gets called, but I changed both. Someone with more insight will need to have a look. Don't rely on this being commit-ready, it is more of a feature/change request with a diff tacked on to it so that people see what I'm talking about.