From 25f198aa911ee4a99851a5b3f42465c798f04edd Mon Sep 17 00:00:00 2001
From: Jonathon Anderson <17242663+blue42u@users.noreply.github.com>
Date: Tue, 12 Jul 2022 02:28:24 -0500
Subject: Sanitize ownership when extracting tarfiles (#31524)

---
 lib/spack/spack/util/compression.py | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/lib/spack/spack/util/compression.py b/lib/spack/spack/util/compression.py
index 18c0a9ea5e..cbd5beddec 100644
--- a/lib/spack/spack/util/compression.py
+++ b/lib/spack/spack/util/compression.py
@@ -79,9 +79,15 @@ def _untar(archive_file):
     if tar_support() and not uncompress_required and\
             not lzma_needed_and_not_available:
         import tarfile
-        tar = tarfile.open(archive_file)
-        tar.extractall()
-        tar.close()
+
+        # Extract all members but wipe ownership info. This ensures we
+        # will not attempt to chown the files as superuser.
+        def filter(tarinfo):
+            tarinfo.uid = tarinfo.gid = 0
+            tarinfo.uname = tarinfo.gname = 'root'
+            return tarinfo
+        with tarfile.open(archive_file) as tar:
+            tar.extractall(members=map(filter, tar.getmembers()))
     else:
         tar = which('tar', required=True)
         tar.add_default_arg('-oxf')
-- 
cgit v1.2.3-70-g09d2