[elbe-devel] untaring the archive twice overwrites permissions/ownership

Tue Nov 28 10:03:31 CET 2017

Hi everybody,

I would like to bring this issue up to attention again, as it still
bothers me and there was no reply at all.

On Don, 2017-11-09 at 20:39 +0100, ew.foe at nassur.net wrote:
> Hello all,
> 
> I do successfully build images with elbe.
> 
> I routinely use the ability to add files as an archive to the
> .xml file. In fact I have written script which will do this
> automatically for me (pseudo code):
> > cp file.xml tmp.file.xml
> > elbe chg_archive tmp.file.xml ./local-changes
> > elbe get_archive tmp.file.xml tmp.local-changes.tar.bz2
> > elbe initvm ... submit ... tmp.file.xml
> 
> My main usage of this is to add configuration and scripts
> to the resulting image without packaging each and everything
> always into .deb packages.
> 
> The other day I added a script into the home directory of
> a non-privileged user, say
> > /home/user/bin/script.sh
> 
> I added
> > <command>chown -R user: /home/user</command>
> to the finetuning section.
> 
> However, I forgot, that the archive transported through the
> xml file is extracted twice. This leads to all entries
> > /home/user
> > /home/user/bin
> > /home/user/bin/script.sh
> owned by root again. That, of course, I found out after using
> the account "user" did not work as expected.
> 
> 
> The documentation clearly says
> 
> > If the XML file contains an archive, it will be unpacked into the  
> > target, so the fine-tuning
> > commands can use the content of the archive, too.
> 
> and
> 
> > The archive from the XML file is unpacked again.
> > This is to ensure the target filesystem contains
> > all files from the archive, even if some of them
> > have been deleted by a fine-tuning command.
> 
> 
> For me, it would be totally acceptable to skip the
> second unpack of the archive. IFF I delete files in
> the finetuning block, then I'm willing to be blamed.
> :-) Moreover, I see the use case to transport some
> script into the image, call it once during finetune,
> be done with it and delete it. Same argument for
> key material or other credentials, which may be
> used during finetuning and should not come back.
> 
> 
> So I would suggest to add some switch to select,
> whether or not the second unpack should run.
> > <archive untar_after_finetune="false" />
> or similar.
> 
> If this is not an option for reasons I'm totally
> unaware of, I would suggest at least to add an
> item as additional tar options like
> > <archive untar_opts="--no-overwrite-dir --same-owner" />
> or similar. And yes, it would be my responsibility to
> have all such files under their correct owner in the
> archive.
> 

I can only consent to everything Erich said.
I do have similar use-cases for the archive and finetuning commands.

If there is a reason for the second unpack, it would be interesting to
here about?
> 
> Thank you for providing elbe,
> Erich
> 
Also from me. Thanks for the good work.
Peter

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <http://lists.linutronix.de/pipermail/elbe-devel/attachments/20171128/28e631e0/attachment.sig>