[elbe-devel] untaring the archive twice overwrites permissions/ownership
ew.foe at nassur.net
ew.foe at nassur.net
Thu Nov 9 20:39:14 CET 2017
Hello all,
I do successfully build images with elbe.
I routinely use the ability to add files as an archive to the
.xml file. In fact I have written script which will do this
automatically for me (pseudo code):
> cp file.xml tmp.file.xml
> elbe chg_archive tmp.file.xml ./local-changes
> elbe get_archive tmp.file.xml tmp.local-changes.tar.bz2
> elbe initvm ... submit ... tmp.file.xml
My main usage of this is to add configuration and scripts
to the resulting image without packaging each and everything
always into .deb packages.
The other day I added a script into the home directory of
a non-privileged user, say
> /home/user/bin/script.sh
I added
> <command>chown -R user: /home/user</command>
to the finetuning section.
However, I forgot, that the archive transported through the
xml file is extracted twice. This leads to all entries
> /home/user
> /home/user/bin
> /home/user/bin/script.sh
owned by root again. That, of course, I found out after using
the account "user" did not work as expected.
The documentation clearly says
> If the XML file contains an archive, it will be unpacked into the
> target, so the fine-tuning
> commands can use the content of the archive, too.
and
> The archive from the XML file is unpacked again.
> This is to ensure the target filesystem contains
> all files from the archive, even if some of them
> have been deleted by a fine-tuning command.
For me, it would be totally acceptable to skip the
second unpack of the archive. IFF I delete files in
the finetuning block, then I'm willing to be blamed.
:-) Moreover, I see the use case to transport some
script into the image, call it once during finetune,
be done with it and delete it. Same argument for
key material or other credentials, which may be
used during finetuning and should not come back.
So I would suggest to add some switch to select,
whether or not the second unpack should run.
> <archive untar_after_finetune="false" />
or similar.
If this is not an option for reasons I'm totally
unaware of, I would suggest at least to add an
item as additional tar options like
> <archive untar_opts="--no-overwrite-dir --same-owner" />
or similar. And yes, it would be my responsibility to
have all such files under their correct owner in the
archive.
Thank you for providing elbe,
Erich
More information about the elbe-devel
mailing list