diff --git a/pkg/api/core/image/extract.go b/pkg/api/core/image/extract.go index a1e8b1fb..8234f404 100644 --- a/pkg/api/core/image/extract.go +++ b/pkg/api/core/image/extract.go @@ -19,6 +19,7 @@ import ( "archive/tar" "context" "io" + "io/fs" "os" "path/filepath" "strings" @@ -208,6 +209,7 @@ func ExtractReader(ctx *types.Context, reader io.ReadCloser, output string, keep PAX, Xattrs map[string]string Uid, Gid int Name string + FileMode fs.FileMode } permstore, err := ctx.Config.System.TempDir("permstore") @@ -222,8 +224,9 @@ func ExtractReader(ctx *types.Context, reader io.ReadCloser, output string, keep perms.SetValue(h.Name, permData{ PAX: h.PAXRecords, Uid: h.Uid, Gid: h.Gid, - Xattrs: h.Xattrs, - Name: h.Name, + Xattrs: h.Xattrs, + Name: h.Name, + FileMode: h.FileInfo().Mode(), }) //perms = append(perms, }) } @@ -249,6 +252,10 @@ func ExtractReader(ctx *types.Context, reader io.ReadCloser, output string, keep if err := os.Lchown(ff, p.Uid, p.Gid); err != nil { ctx.Warning(err, "failed chowning file") } + ctx.Debug("Set", p.Name, p.FileMode) + if err := os.Chmod(ff, p.FileMode); err != nil { + ctx.Warning(err, "failed chmod file") + } } for _, attrs := range []map[string]string{p.Xattrs, p.PAX} { for k, attr := range attrs { diff --git a/tests/fixtures/extra_perms/pkgA/0.1/build.yaml b/tests/fixtures/extra_perms/pkgA/0.1/build.yaml new file mode 100644 index 00000000..b814061a --- /dev/null +++ b/tests/fixtures/extra_perms/pkgA/0.1/build.yaml @@ -0,0 +1,18 @@ +image: "alpine" +unpack: true +includes: + - /foo + - /foo/bar + - /foo/bar/suid + - /foo/bar/sticky + - /foo/bar/sgid +steps: +- mkdir -p /foo/bar +- touch /foo/bar/suid +- touch /foo/bar/sgid +- touch /foo/bar/sticky +- chown 100:100 /foo/bar +- chown 101:101 /foo/bar/suid +- chmod u+s /foo/bar/suid +- chmod u-s,g+s /foo/bar/sgid +- chmod +t /foo/bar/sticky \ No newline at end of file diff --git a/tests/fixtures/extra_perms/pkgA/0.1/definition.yaml b/tests/fixtures/extra_perms/pkgA/0.1/definition.yaml new file mode 100644 index 00000000..accf7e32 --- /dev/null +++ b/tests/fixtures/extra_perms/pkgA/0.1/definition.yaml @@ -0,0 +1,3 @@ +category: "test" +name: "extra-perms" +version: "0.1" diff --git a/tests/integration/36_extra_perm_bits.sh b/tests/integration/36_extra_perm_bits.sh new file mode 100755 index 00000000..aa309005 --- /dev/null +++ b/tests/integration/36_extra_perm_bits.sh @@ -0,0 +1,79 @@ +#!/bin/bash + +export LUET_NOLOCK=true + +oneTimeSetUp() { +export tmpdir="$(mktemp -d)" +} + +oneTimeTearDown() { + rm -rf "$tmpdir" +} + +testBuild() { + [ "$LUET_BACKEND" == "img" ] && startSkipping + mkdir $tmpdir/testbuild + luet build -d --tree "$ROOT_DIR/tests/fixtures/extra_perms" --same-owner=true --destination $tmpdir/testbuild --compression gzip --full + buildst=$? + assertTrue 'create package perms 0.1' "[ -e '$tmpdir/testbuild/extra-perms-test-0.1.package.tar.gz' ]" + assertEquals 'builds successfully' "$buildst" "0" +} + +testRepo() { + [ "$LUET_BACKEND" == "img" ] && startSkipping + assertTrue 'no repository' "[ ! -e '$tmpdir/testbuild/repository.yaml' ]" + luet create-repo --tree "$ROOT_DIR/tests/fixtures/extra_perms" \ + --output $tmpdir/testbuild \ + --packages $tmpdir/testbuild \ + --name "test" \ + --descr "Test Repo" \ + --urls $tmpdir/testrootfs \ + --type http + + createst=$? + assertEquals 'create repo successfully' "$createst" "0" + assertTrue 'create repository' "[ -e '$tmpdir/testbuild/repository.yaml' ]" +} + +testConfig() { + [ "$LUET_BACKEND" == "img" ] && startSkipping + mkdir $tmpdir/testrootfs + cat < $tmpdir/luet.yaml +general: + debug: true +system: + rootfs: $tmpdir/testrootfs + database_path: "/" + database_engine: "boltdb" +config_from_host: true +repositories: + - name: "main" + type: "disk" + enable: true + urls: + - "$tmpdir/testbuild" +EOF + luet config --config $tmpdir/luet.yaml + res=$? + assertEquals 'config test successfully' "$res" "0" +} + +testInstall() { + [ "$LUET_BACKEND" == "img" ] && startSkipping + $ROOT_DIR/tests/integration/bin/luet install -y --config $tmpdir/luet.yaml test/extra-perms + installst=$? + assertEquals 'install test successfully' "$installst" "0" + + tree $tmpdir/testrootfs/foo/bar + assertTrue 'package installed bar' "[ -d '$tmpdir/testrootfs/foo/bar' ]" + + assertContains 'perms2' "$(stat -c %u:%g $tmpdir/testrootfs/foo/bar)" "100:100" + assertContains 'suid' "$(stat -c %a $tmpdir/testrootfs/foo/bar/suid)" "4644" + assertContains 'sgid' "$(stat -c %a $tmpdir/testrootfs/foo/bar/sgid)" "2644" + assertContains 'sticky' "$(stat -c %a $tmpdir/testrootfs/foo/bar/sticky)" "1644" +} + + +# Load shUnit2. +. "$ROOT_DIR/tests/integration/shunit2"/shunit2 +