Tag 0.11.8

Use Lchown when copying bits, lower message to warn
Add owner permissions tests
2025-09-03 08:14:46 +00:00 · 2021-03-18 13:53:04 +01:00 · 2021-03-18 11:23:42 +01:00 · 2021-03-18 10:57:09 +01:00 · 2021-03-18 10:48:23 +01:00 · 2021-03-18 10:47:58 +01:00
11 changed files with 125 additions and 14 deletions
--- a/cmd/build.go
+++ b/cmd/build.go
@@ -304,7 +304,7 @@ func init() {

 	buildCmd.Flags().StringSliceP("tree", "t", []string{path}, "Path of the tree to use.")
 	buildCmd.Flags().String("backend", "docker", "backend used (docker,img)")
-	buildCmd.Flags().Bool("privileged", false, "Privileged (Keep permissions)")
+	buildCmd.Flags().Bool("privileged", true, "Privileged (Keep permissions)")
 	buildCmd.Flags().String("database", "memory", "database used for solving (memory,boltdb)")
 	buildCmd.Flags().Bool("revdeps", false, "Build with revdeps")
 	buildCmd.Flags().Bool("all", false, "Build all specfiles in the tree")
--- a/cmd/root.go
+++ b/cmd/root.go
@@ -40,7 +40,7 @@ var Verbose bool
 var LockedCommands = []string{"install", "uninstall", "upgrade"}

 const (
-	LuetCLIVersion = "0.11.7"
+	LuetCLIVersion = "0.11.8"
 	LuetEnvPrefix  = "LUET"
 )

--- a/pkg/compiler/backend/simpledocker.go
+++ b/pkg/compiler/backend/simpledocker.go
@@ -281,7 +281,7 @@ func (b *SimpleDocker) ExtractRootfs(opts compiler.CompilerBackendOptions, keepP
 		return err
 	}

-	err = export.UnPackLayers(layers_sha, dst, "")
+	err = export.UnPackLayers(layers_sha, dst, "containerd")
 	if err != nil {
 		return err
 	}
--- a/pkg/helpers/archive.go
+++ b/pkg/helpers/archive.go
@@ -95,9 +95,7 @@ func UntarProtect(src, dst string, sameOwner bool, protectedFiles []string, modi
 		replacerArchive := archive.ReplaceFileTarWrapper(in, mods)

 		opts := &archive.TarOptions{
-			// NOTE: NoLchown boolean is used for chmod of the symlink
-			// Probably it's needed set this always to true.
-			NoLchown:        true,
+			NoLchown:        false,
 			ExcludePatterns: []string{"dev/"}, // prevent 'operation not permitted'
 			ContinueOnError: true,
 		}
@@ -201,12 +199,8 @@ func Untar(src, dest string, sameOwner bool) error {
 	defer in.Close()

 	if sameOwner {
-		// PRE: i have root privileged.
-
 		opts := &archive.TarOptions{
-			// NOTE: NoLchown boolean is used for chmod of the symlink
-			// Probably it's needed set this always to true.
-			NoLchown:        true,
+			NoLchown:        false,
 			ExcludePatterns: []string{"dev/"}, // prevent 'operation not permitted'
 			ContinueOnError: true,
 		}
--- a/pkg/helpers/file.go
+++ b/pkg/helpers/file.go
@@ -180,8 +180,8 @@ func CopyFile(src, dst string) (err error) {
 		return err
 	}
 	if stat, ok := fi.Sys().(*syscall.Stat_t); ok {
-		if err := os.Chown(dst, int(stat.Uid), int(stat.Gid)); err != nil {
-			fmt.Println("failed chowning", dst, err.Error())
+		if err := os.Lchown(dst, int(stat.Uid), int(stat.Gid)); err != nil {
+			fmt.Println("warning: failed chowning", dst, err.Error())
 		}
 	}
 	return err
--- a/pkg/helpers/imgworker/unpack.go
+++ b/pkg/helpers/imgworker/unpack.go
@@ -71,7 +71,7 @@ func (c *Client) Unpack(image, dest string) error {
 		// Unpack the tarfile to the rootfs path.
 		// FROM: https://godoc.org/github.com/moby/moby/pkg/archive#TarOptions
 		if err := archive.Untar(content.NewReader(layer), dest, &archive.TarOptions{
-			NoLchown:        true,
+			NoLchown:        false,
 			ExcludePatterns: []string{"dev/"}, // prevent 'operation not permitted'
 		}); err != nil {
 			return fmt.Errorf("extracting tar for %s to directory %s failed: %v", desc.Digest.String(), dest, err)
--- a/tests/fixtures/owners/delta/build.yaml
+++ b/tests/fixtures/owners/delta/build.yaml
@@ -0,0 +1,8 @@
+image: "busybox"
+
+steps:
+- adduser foo -D
+- addgroup bar
+- touch /foo
+- chown foo:bar /foo
+- chmod 500 /foo
--- a/tests/fixtures/owners/delta/definition.yaml
+++ b/tests/fixtures/owners/delta/definition.yaml
@@ -0,0 +1,3 @@
+category: "test"
+name: "delta"
+version: "1.0"
--- a/tests/fixtures/owners/unpack/build.yaml
+++ b/tests/fixtures/owners/unpack/build.yaml
@@ -0,0 +1,13 @@
+image: "busybox"
+
+steps:
+- adduser baz -D
+- addgroup ba
+- touch /bar
+- chown baz:ba /bar
+- chmod 600 /bar
+- ls -liah /bar
+unpack: true
+
+includes:
+- bar
--- a/tests/fixtures/owners/unpack/definition.yaml
+++ b/tests/fixtures/owners/unpack/definition.yaml
@@ -0,0 +1,3 @@
+category: "test"
+name: "unpack"
+version: "1.0"
--- a/tests/integration/26_owners.sh
+++ b/tests/integration/26_owners.sh
@@ -0,0 +1,90 @@
+#!/bin/bash
+
+export LUET_NOLOCK=true
+
+oneTimeSetUp() {
+export tmpdir="$(mktemp -d)"
+}
+
+oneTimeTearDown() {
+  rm -rf "$tmpdir"
+}
+
+testBuild() {
+    [ "$LUET_BACKEND" == "img" ] && startSkipping
+    mkdir $tmpdir/testbuild
+    luet build --tree "$ROOT_DIR/tests/fixtures/owners" --destination $tmpdir/testbuild --compression gzip test/unpack test/delta
+    buildst=$?
+    assertEquals 'builds successfully' "$buildst" "0"
+    assertTrue 'create package unpack' "[ -e '$tmpdir/testbuild/unpack-test-1.0.package.tar.gz' ]"
+    assertTrue 'create package delta' "[ -e '$tmpdir/testbuild/delta-test-1.0.package.tar.gz' ]"
+}
+
+testRepo() {
+    [ "$LUET_BACKEND" == "img" ] && startSkipping
+    assertTrue 'no repository' "[ ! -e '$tmpdir/testbuild/repository.yaml' ]"
+    luet create-repo --tree "$ROOT_DIR/tests/fixtures/owners" \
+    --output $tmpdir/testbuild \
+    --packages $tmpdir/testbuild \
+    --name "test" \
+    --descr "Test Repo" \
+    --urls $tmpdir/testrootfs \
+    --type disk > /dev/null
+
+    createst=$?
+    assertEquals 'create repo successfully' "$createst" "0"
+    assertTrue 'create repository' "[ -e '$tmpdir/testbuild/repository.yaml' ]"
+}
+
+testConfig() {
+    [ "$LUET_BACKEND" == "img" ] && startSkipping
+    mkdir $tmpdir/testrootfs
+    cat <<EOF > $tmpdir/luet.yaml
+general:
+  debug: true
+system:
+  rootfs: $tmpdir/testrootfs
+  database_path: "/"
+  database_engine: "boltdb"
+config_from_host: true
+repositories:
+   - name: "main"
+     type: "disk"
+     enable: true
+     urls:
+       - "$tmpdir/testbuild"
+EOF
+    luet config --config $tmpdir/luet.yaml
+    res=$?
+    assertEquals 'config test successfully' "$res" "0"
+}
+
+testInstall() {
+    [ "$LUET_BACKEND" == "img" ] && startSkipping
+    luet install -y --config $tmpdir/luet.yaml test/unpack test/delta
+    installst=$?
+    assertEquals 'install test successfully' "$installst" "0"
+    fileUID=$(stat -c "%u" $tmpdir/testrootfs/foo)
+    fileGID=$(stat -c "%g" $tmpdir/testrootfs/foo)
+    filePerms=$(stat -c "%a" $tmpdir/testrootfs/foo)
+    assertEquals 'UID on /foo matches' "1000" "$fileUID"
+    assertEquals 'GID on /foo matches' "1001" "$fileGID"
+    assertEquals 'bits on /foo matches' "500" "$filePerms"
+
+    fileUID=$(stat -c "%u" $tmpdir/testrootfs/bar)
+    fileGID=$(stat -c "%g" $tmpdir/testrootfs/bar)
+    filePerms=$(stat -c "%a" $tmpdir/testrootfs/bar)
+    assertEquals 'UID on /bar matches' "1000" "$fileUID"
+    assertEquals 'GID on /bar matches' "1001" "$fileGID"
+    assertEquals 'bits on /bar matches' "600" "$filePerms"
+}
+
+testCleanup() {
+    [ "$LUET_BACKEND" == "img" ] && startSkipping
+    luet cleanup --config $tmpdir/luet.yaml
+    installst=$?
+    assertEquals 'cleanup test successfully' "$installst" "0"
+}
+
+# Load shUnit2.
+. "$ROOT_DIR/tests/integration/shunit2"/shunit2
Author	SHA1	Message	Date
Ettore Di Giacinto	a83be204e8	Tag 0.11.8	2021-03-18 13:53:04 +01:00
Ettore Di Giacinto	b8352a81a2	Use Lchown when copying bits, lower message to warn	2021-03-18 11:23:42 +01:00
Ettore Di Giacinto	ebf907fb45	Add owner permissions tests	2021-03-18 10:57:09 +01:00
Ettore Di Giacinto	f0a34f1cf0	Enable NoLchown This caused to drop file permissions	2021-03-18 10:48:23 +01:00
Ettore Di Giacinto	4f1e4c0b41	Switch to containerd when unpacking layers	2021-03-18 10:47:58 +01:00
Ettore Di Giacinto	c736c002af	build: Set privileged to true by default	2021-03-18 10:47:39 +01:00