prevent using same file for input tar and output tar

Signed-off-by: Avi Deitcher <avi@deitcher.net>
2025-09-05 00:42:54 +00:00 · 2024-04-21 11:56:56 +03:00
parent dd1ae909d6
commit dc12b9be69
8 changed files with 95 additions and 26 deletions
--- a/test/cases/000_build/060_input_tar/000_build/README.md
+++ b/test/cases/000_build/060_input_tar/000_build/README.md
--- a/test/cases/000_build/060_input_tar/000_build/test.sh
+++ b/test/cases/000_build/060_input_tar/000_build/test.sh
@@ -8,7 +8,7 @@ set -e
 #. "${RT_LIB}"
 . "${RT_PROJECT_ROOT}/_lib/lib.sh"

-NAME=check
+NAME=check_input_tar

 clean_up() {
 	rm -f ${NAME}-*.tar
--- a/test/cases/000_build/060_input_tar/000_build/test1.yml
+++ b/test/cases/000_build/060_input_tar/000_build/test1.yml
--- a/test/cases/000_build/060_input_tar/000_build/test2.yml
+++ b/test/cases/000_build/060_input_tar/000_build/test2.yml
--- a/test/cases/000_build/060_input_tar/010_same_filename/test.sh
+++ b/test/cases/000_build/060_input_tar/010_same_filename/test.sh
@@ -0,0 +1,38 @@
+#!/bin/sh
+# SUMMARY: Check that tar output format build is reproducible after leveraging input tar
+# LABELS:
+
+set -e
+
+# Source libraries. Uncomment if needed/defined
+#. "${RT_LIB}"
+. "${RT_PROJECT_ROOT}/_lib/lib.sh"
+
+NAME=check_input_tar_conflict_filename
+
+clean_up() {
+	rm -f ${NAME}-*.tar
+}
+
+trap clean_up EXIT
+
+logfile=$(mktemp)
+
+# do not include the sbom, because the SBoM unique IDs per file/package are *not* deterministic,
+# (currently based upon syft), and thus will make the file non-reproducible
+
+# the first one should build normally without a problem
+linuxkit build --no-sbom --format tar --o "${NAME}-1.tar" ./test.yml
+
+# second one should fail because the input tar has the same filename as the output tar
+set +e
+linuxkit build -v --no-sbom --format tar --input-tar "${NAME}-1.tar" --o "${NAME}-1.tar" ./test.yml 2>&1
+ret="$?"
+set -e
+
+if [ "$ret" -eq 0 ]; then
+	echo "Expected the build to fail, but it succeeded"
+	exit 1
+fi
+
+exit 0
--- a/test/cases/000_build/060_input_tar/010_same_filename/test.yml
+++ b/test/cases/000_build/060_input_tar/010_same_filename/test.yml
@@ -0,0 +1,37 @@
+kernel:
+  image: linuxkit/kernel:6.6.13
+  cmdline: "console=tty0 console=ttyS0 console=ttyAMA0"
+init:
+  - linuxkit/init:45a1ad5919f0b6acf0f0cf730e9434abfae11fe6
+  - linuxkit/runc:6062483d748609d505f2bcde4e52ee64a3329f5f
+  - linuxkit/containerd:e7a92d9f3282039eac5fb1b07cac2b8664cbf0ad
+onboot:
+  - name: sysctl
+    image: linuxkit/sysctl:5a374e4bf3e5a7deeacff6571d0f30f7ea8f56db
+  - name: dhcpcd
+    image: linuxkit/dhcpcd:e9e3580f2de00e73e7b316a007186d22fea056ee
+    command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"]
+onshutdown:
+  - name: shutdown
+    image: busybox:latest
+    command: ["/bin/echo", "so long and thanks for all the fish"]
+services:
+  - name: getty
+    image: linuxkit/getty:5d86a2ce2d890c14ab66b13638dcadf74f29218b
+    env:
+     - INSECURE=true
+  - name: rngd
+    image: linuxkit/rngd:cdb919e4aee49fed0bf6075f0a104037cba83c39
+  - name: nginx
+    image: nginx:1.19.5-alpine
+    capabilities:
+     - CAP_NET_BIND_SERVICE
+     - CAP_CHOWN
+     - CAP_SETUID
+     - CAP_SETGID
+     - CAP_DAC_OVERRIDE
+    binds:
+     - /etc/resolv.conf:/etc/resolv.conf
+files:
+  - path: etc/linuxkit-config
+    metadata: yaml