[elbe-devel] untaring the archive twice overwrites permissions/ownership

Manuel Traut manuel.traut at linutronix.de
Fri Apr 6 12:31:18 CEST 2018 

Hi,

> I would like to bring this issue up to attention again, as it still
> bothers me and there was no reply at all.

2nd extraction of archive is removed in 'elbe-testing' and is targeted to be
in elbe 3.0 stable.

https://github.com/Linutronix/elbe/commit/502442c7b42eb7a385e2f932e5dddba48015b43c

  Manuel

> On Don, 2017-11-09 at 20:39 +0100, ew.foe at nassur.net wrote:
> > Hello all,
> > 
> > I do successfully build images with elbe.
> > 
> > I routinely use the ability to add files as an archive to the
> > .xml file. In fact I have written script which will do this
> > automatically for me (pseudo code):
> > > cp file.xml tmp.file.xml
> > > elbe chg_archive tmp.file.xml ./local-changes
> > > elbe get_archive tmp.file.xml tmp.local-changes.tar.bz2
> > > elbe initvm ... submit ... tmp.file.xml
> > 
> > My main usage of this is to add configuration and scripts
> > to the resulting image without packaging each and everything
> > always into .deb packages.
> > 
> > The other day I added a script into the home directory of
> > a non-privileged user, say
> > > /home/user/bin/script.sh
> > 
> > I added
> > > <command>chown -R user: /home/user</command>
> > to the finetuning section.
> > 
> > However, I forgot, that the archive transported through the
> > xml file is extracted twice. This leads to all entries
> > > /home/user
> > > /home/user/bin
> > > /home/user/bin/script.sh
> > owned by root again. That, of course, I found out after using
> > the account "user" did not work as expected.
> > 
> > 
> > The documentation clearly says
> > 
> > > If the XML file contains an archive, it will be unpacked into the  
> > > target, so the fine-tuning
> > > commands can use the content of the archive, too.
> > 
> > and
> > 
> > > The archive from the XML file is unpacked again.
> > > This is to ensure the target filesystem contains
> > > all files from the archive, even if some of them
> > > have been deleted by a fine-tuning command.
> > 
> > 
> > For me, it would be totally acceptable to skip the
> > second unpack of the archive. IFF I delete files in
> > the finetuning block, then I'm willing to be blamed.
> > :-) Moreover, I see the use case to transport some
> > script into the image, call it once during finetune,
> > be done with it and delete it. Same argument for
> > key material or other credentials, which may be
> > used during finetuning and should not come back.
> > 
> > 
> > So I would suggest to add some switch to select,
> > whether or not the second unpack should run.
> > > <archive untar_after_finetune="false" />
> > or similar.
> > 
> > If this is not an option for reasons I'm totally
> > unaware of, I would suggest at least to add an
> > item as additional tar options like
> > > <archive untar_opts="--no-overwrite-dir --same-owner" />
> > or similar. And yes, it would be my responsibility to
> > have all such files under their correct owner in the
> > archive.
> > 
> 
> I can only consent to everything Erich said.
> I do have similar use-cases for the archive and finetuning commands.
> 
> If there is a reason for the second unpack, it would be interesting to
> here about?
> > 
> > Thank you for providing elbe,
> > Erich
> > 
> Also from me. Thanks for the good work.
> Peter
> 



> _______________________________________________
> elbe-devel mailing list
> elbe-devel at linutronix.de
> https://lists.linutronix.de/mailman/listinfo/elbe-devel

More information about the elbe-devel mailing list