Tag 0.11.8

Use Lchown when copying bits, lower message to warn
Add owner permissions tests
2025-09-05 17:20:29 +00:00 · 2021-03-18 13:53:04 +01:00 · 2021-03-18 11:23:42 +01:00 · 2021-03-18 10:57:09 +01:00 · 2021-03-18 10:48:23 +01:00 · 2021-03-18 10:47:58 +01:00
11 changed files with 125 additions and 14 deletions
--- a/cmd/build.go
+++ b/cmd/build.go
@@ -304,7 +304,7 @@ func init() {
 	buildCmd.Flags().StringSliceP("tree", "t", []string{path}, "Path of the tree to use.")
 	buildCmd.Flags().String("backend", "docker", "backend used (docker,img)")
-	buildCmd.Flags().Bool("privileged", false, "Privileged (Keep permissions)")
+	buildCmd.Flags().Bool("privileged", true, "Privileged (Keep permissions)")
 	buildCmd.Flags().String("database", "memory", "database used for solving (memory,boltdb)")
 	buildCmd.Flags().Bool("revdeps", false, "Build with revdeps")
 	buildCmd.Flags().Bool("all", false, "Build all specfiles in the tree")
--- a/cmd/root.go
+++ b/cmd/root.go
@@ -40,7 +40,7 @@ var Verbose bool
 var LockedCommands = []string{"install", "uninstall", "upgrade"}
 const (
-	LuetCLIVersion = "0.11.7"
+	LuetCLIVersion = "0.11.8"
 	LuetEnvPrefix  = "LUET"
 )
--- a/pkg/compiler/backend/simpledocker.go
+++ b/pkg/compiler/backend/simpledocker.go
@@ -281,7 +281,7 @@ func (b *SimpleDocker) ExtractRootfs(opts compiler.CompilerBackendOptions, keepP
 		return err
 	}
-	err = export.UnPackLayers(layers_sha, dst, "")
+	err = export.UnPackLayers(layers_sha, dst, "containerd")
 	if err != nil {
 		return err
 	}
--- a/pkg/helpers/archive.go
+++ b/pkg/helpers/archive.go
@@ -95,9 +95,7 @@ func UntarProtect(src, dst string, sameOwner bool, protectedFiles []string, modi
 		replacerArchive := archive.ReplaceFileTarWrapper(in, mods)
 		opts := &archive.TarOptions{
-			// NOTE: NoLchown boolean is used for chmod of the symlink
+			NoLchown:        false,
 			// Probably it's needed set this always to true.
 			NoLchown:        true,
 			ExcludePatterns: []string{"dev/"}, // prevent 'operation not permitted'
 			ContinueOnError: true,
 		}
@@ -201,12 +199,8 @@ func Untar(src, dest string, sameOwner bool) error {
 	defer in.Close()
 	if sameOwner {
 		// PRE: i have root privileged.
 		opts := &archive.TarOptions{
-			// NOTE: NoLchown boolean is used for chmod of the symlink
+			NoLchown:        false,
 			// Probably it's needed set this always to true.
 			NoLchown:        true,
 			ExcludePatterns: []string{"dev/"}, // prevent 'operation not permitted'
 			ContinueOnError: true,
 		}
--- a/pkg/helpers/file.go
+++ b/pkg/helpers/file.go
@@ -180,8 +180,8 @@ func CopyFile(src, dst string) (err error) {
 		return err
 	}
 	if stat, ok := fi.Sys().(*syscall.Stat_t); ok {
-		if err := os.Chown(dst, int(stat.Uid), int(stat.Gid)); err != nil {
+		if err := os.Lchown(dst, int(stat.Uid), int(stat.Gid)); err != nil {
-			fmt.Println("failed chowning", dst, err.Error())
+			fmt.Println("warning: failed chowning", dst, err.Error())
 		}
 	}
 	return err
--- a/pkg/helpers/imgworker/unpack.go
+++ b/pkg/helpers/imgworker/unpack.go
@@ -71,7 +71,7 @@ func (c *Client) Unpack(image, dest string) error {
 		// Unpack the tarfile to the rootfs path.
 		// FROM: https://godoc.org/github.com/moby/moby/pkg/archive#TarOptions
 		if err := archive.Untar(content.NewReader(layer), dest, &archive.TarOptions{
-			NoLchown:        true,
+			NoLchown:        false,
 			ExcludePatterns: []string{"dev/"}, // prevent 'operation not permitted'
 		}); err != nil {
 			return fmt.Errorf("extracting tar for %s to directory %s failed: %v", desc.Digest.String(), dest, err)
--- a/tests/fixtures/owners/delta/build.yaml
+++ b/tests/fixtures/owners/delta/build.yaml
@@ -0,0 +1,8 @@
 image: "busybox"
 steps:
 - adduser foo -D
 - addgroup bar
 - touch /foo
 - chown foo:bar /foo
 - chmod 500 /foo
--- a/tests/fixtures/owners/delta/definition.yaml
+++ b/tests/fixtures/owners/delta/definition.yaml
@@ -0,0 +1,3 @@
 category: "test"
 name: "delta"
 version: "1.0"
--- a/tests/fixtures/owners/unpack/build.yaml
+++ b/tests/fixtures/owners/unpack/build.yaml
@@ -0,0 +1,13 @@
 image: "busybox"
 steps:
 - adduser baz -D
 - addgroup ba
 - touch /bar
 - chown baz:ba /bar
 - chmod 600 /bar
 - ls -liah /bar
 unpack: true
 includes:
 - bar
--- a/tests/fixtures/owners/unpack/definition.yaml
+++ b/tests/fixtures/owners/unpack/definition.yaml
@@ -0,0 +1,3 @@
 category: "test"
 name: "unpack"
 version: "1.0"
--- a/tests/integration/26_owners.sh
+++ b/tests/integration/26_owners.sh
@@ -0,0 +1,90 @@
 #!/bin/bash
 export LUET_NOLOCK=true
 oneTimeSetUp() {
 export tmpdir="$(mktemp -d)"
 }
 oneTimeTearDown() {
  rm -rf "$tmpdir"
 }
 testBuild() {
    [ "$LUET_BACKEND" == "img" ] && startSkipping
    mkdir $tmpdir/testbuild
    luet build --tree "$ROOT_DIR/tests/fixtures/owners" --destination $tmpdir/testbuild --compression gzip test/unpack test/delta
    buildst=$?
    assertEquals 'builds successfully' "$buildst" "0"
    assertTrue 'create package unpack' "[ -e '$tmpdir/testbuild/unpack-test-1.0.package.tar.gz' ]"
    assertTrue 'create package delta' "[ -e '$tmpdir/testbuild/delta-test-1.0.package.tar.gz' ]"
 }
 testRepo() {
    [ "$LUET_BACKEND" == "img" ] && startSkipping
    assertTrue 'no repository' "[ ! -e '$tmpdir/testbuild/repository.yaml' ]"
    luet create-repo --tree "$ROOT_DIR/tests/fixtures/owners" \
    --output $tmpdir/testbuild \
    --packages $tmpdir/testbuild \
    --name "test" \
    --descr "Test Repo" \
    --urls $tmpdir/testrootfs \
    --type disk > /dev/null
    createst=$?
    assertEquals 'create repo successfully' "$createst" "0"
    assertTrue 'create repository' "[ -e '$tmpdir/testbuild/repository.yaml' ]"
 }
 testConfig() {
    [ "$LUET_BACKEND" == "img" ] && startSkipping
    mkdir $tmpdir/testrootfs
    cat <<EOF > $tmpdir/luet.yaml
 general:
  debug: true
 system:
  rootfs: $tmpdir/testrootfs
  database_path: "/"
  database_engine: "boltdb"
 config_from_host: true
 repositories:
   - name: "main"
     type: "disk"
     enable: true
     urls:
       - "$tmpdir/testbuild"
 EOF
    luet config --config $tmpdir/luet.yaml
    res=$?
    assertEquals 'config test successfully' "$res" "0"
 }
 testInstall() {
    [ "$LUET_BACKEND" == "img" ] && startSkipping
    luet install -y --config $tmpdir/luet.yaml test/unpack test/delta
    installst=$?
    assertEquals 'install test successfully' "$installst" "0"
    fileUID=$(stat -c "%u" $tmpdir/testrootfs/foo)
    fileGID=$(stat -c "%g" $tmpdir/testrootfs/foo)
    filePerms=$(stat -c "%a" $tmpdir/testrootfs/foo)
    assertEquals 'UID on /foo matches' "1000" "$fileUID"
    assertEquals 'GID on /foo matches' "1001" "$fileGID"
    assertEquals 'bits on /foo matches' "500" "$filePerms"
    fileUID=$(stat -c "%u" $tmpdir/testrootfs/bar)
    fileGID=$(stat -c "%g" $tmpdir/testrootfs/bar)
    filePerms=$(stat -c "%a" $tmpdir/testrootfs/bar)
    assertEquals 'UID on /bar matches' "1000" "$fileUID"
    assertEquals 'GID on /bar matches' "1001" "$fileGID"
    assertEquals 'bits on /bar matches' "600" "$filePerms"
 }
 testCleanup() {
    [ "$LUET_BACKEND" == "img" ] && startSkipping
    luet cleanup --config $tmpdir/luet.yaml
    installst=$?
    assertEquals 'cleanup test successfully' "$installst" "0"
 }
 # Load shUnit2.
 . "$ROOT_DIR/tests/integration/shunit2"/shunit2
Author	SHA1	Message	Date
Ettore Di Giacinto	a83be204e8	Tag 0.11.8	2021-03-18 13:53:04 +01:00
Ettore Di Giacinto	b8352a81a2	Use Lchown when copying bits, lower message to warn	2021-03-18 11:23:42 +01:00
Ettore Di Giacinto	ebf907fb45	Add owner permissions tests	2021-03-18 10:57:09 +01:00
Ettore Di Giacinto	f0a34f1cf0	Enable NoLchown This caused to drop file permissions	2021-03-18 10:48:23 +01:00
Ettore Di Giacinto	4f1e4c0b41	Switch to containerd when unpacking layers	2021-03-18 10:47:58 +01:00
Ettore Di Giacinto	c736c002af	build: Set privileged to true by default	2021-03-18 10:47:39 +01:00