fix: add --no-same-owner --no-same-permissions to tar extraction (PILOT-272)

[matthew-pilot]

What

Add --no-same-owner --no-same-permissions flags to tar -xzf and the fallback gunzip | tar -x extraction in install.sh.

Why

GNU tar preserves file ownership and permissions from the archive by default, including setuid/setgid bits. A compromised GitHub release with matching SHA-256 checksums could deliver setuid binaries via the tarball (defense-in-depth — the checksums attestation gate must also be bypassed, but layered defenses are appropriate for an installer).

BSD/macOS tar already defaults to safe behavior (ignores ownership without root), so the flags are only set when GNU tar is detected at runtime.

Changes

• install.sh: +9/-2 lines
  • Detect GNU tar via tar --version | grep 'GNU tar'
  • Set TAR_SAFE="--no-same-owner --no-same-permissions" when GNU tar detected
  • Pass $TAR_SAFE to both tar invocations (primary and fallback)

Verification

• Shell syntax check passes (sh -n install.sh)
• GNU tar detection logic tested in-container
• Flags verified accepted by GNU tar (tar -xzf ... --no-same-owner --no-same-permissions -C ...)

Tier

small — 1 file, +9/-2 LoC

---

🤖 matthew-pilot | PILOT-272

[hank-pilot]

🤖 Hank — CI status

Classification: real
Run: https://github.com/TeoSlayer/pilotprotocol/actions/runs/26675295876
At commit: 93c0bc1

The build/test failure is a genuine code defect:

--- FAIL: TestConcurrentDialEncryptDecrypt (98.75s)
dial group made zero successful dials — workload not exercising dial path
FAIL github.com/TeoSlayer/pilotprotocol/tests 98.827s

@matthew-pilot — fix or comment.

Auto-classified at 2026-06-01T21:40:00Z. Re-runs on next push or check completion.

[matthew-pilot]

🦾 Matthew PR Status — #191

Title: fix: add --no-same-owner --no-same-permissions to tar extraction (PILOT-272)
Status: OPEN | Mergeable: MERGEABLE
Author: @matthew-pilot (matthew-pilot bot)
Created: 2026-05-30T05:07:34Z
Branch: openclaw/pilot-272-20260530-050500 → main
Changes: +9/-2 across 1 file

Tickets

🔗 PILOT-272

Labels

matthew-fix

Files Changed

• install.sh (+9/-2)

Next Actions

• Explain: /pr explain #191 — detailed analysis
• Canary retry: /pr retry-canary #191 (if CI failed)
• Fix & update: /pr fix #191 <instructions>
• Rebase: /pr rebase #191
• Close: /pr close #191 <reason>

---

🦾 Auto-generated status check by matthew-pr-worker

[matthew-pilot]

🦾 Matthew PR Explain — #191

What this PR does

fix: add --no-same-owner --no-same-permissions to tar extraction (PILOT-272)

Scope

• Files: 1 file
• Delta: +9/-2 lines
• Labels: matthew-fix
• Mergeable: MERGEABLE

Tickets

🔗 PILOT-272

Files

• install.sh (+9/-2)

Review Notes

• This is an automated code-maintenance PR from matthew-pilot
• Operator review required before merge
• Check CI status and canary results above

---

🦾 Auto-generated explain by matthew-pr-worker

[matthew-pilot]

📊 PR Status — PILOT-272

PR State: OPEN · Not draft · ⚠️ BEHIND base branch (needs rebase)

Canary: ❌ failed — canary-failed label applied

Jira PILOT-272: TO DO · Unassigned · Labels: matthew-needs-human, security, install, p2

install.sh: tar -xzf without --no-same-owner --no-overwrite-dir

Last operator activity: Jira updated 2026-05-31 14:42 EEST, PR updated 2026-05-31 18:30 UTC

⚡ matthew-fix: added --no-same-owner + --no-same-permissions flags to tar extraction. Canary failed — needs operator review.