[elbe-devel] untaring the archive twice overwrites permissions/ownership
ew.foe at nassur.net
ew.foe at nassur.net
Fri Apr 6 12:50:26 CEST 2018
Hello Manuel,
Quoting Manuel Traut <manuel.traut at linutronix.de>:
> Hi,
>
>> I would like to bring this issue up to attention again, as it still
>> bothers me and there was no reply at all.
>
> 2nd extraction of archive is removed in 'elbe-testing' and is targeted to be
> in elbe 3.0 stable.
>
> https://github.com/Linutronix/elbe/commit/502442c7b42eb7a385e2f932e5dddba48015b43c
>
> Manuel
This is good news, thank you!
Erich
>
>> On Don, 2017-11-09 at 20:39 +0100, ew.foe at nassur.net wrote:
>> > Hello all,
>> >
>> > I do successfully build images with elbe.
>> >
>> > I routinely use the ability to add files as an archive to the
>> > .xml file. In fact I have written script which will do this
>> > automatically for me (pseudo code):
>> > > cp file.xml tmp.file.xml
>> > > elbe chg_archive tmp.file.xml ./local-changes
>> > > elbe get_archive tmp.file.xml tmp.local-changes.tar.bz2
>> > > elbe initvm ... submit ... tmp.file.xml
>> >
>> > My main usage of this is to add configuration and scripts
>> > to the resulting image without packaging each and everything
>> > always into .deb packages.
>> >
>> > The other day I added a script into the home directory of
>> > a non-privileged user, say
>> > > /home/user/bin/script.sh
>> >
>> > I added
>> > > <command>chown -R user: /home/user</command>
>> > to the finetuning section.
>> >
>> > However, I forgot, that the archive transported through the
>> > xml file is extracted twice. This leads to all entries
>> > > /home/user
>> > > /home/user/bin
>> > > /home/user/bin/script.sh
>> > owned by root again. That, of course, I found out after using
>> > the account "user" did not work as expected.
>> >
>> >
>> > The documentation clearly says
>> >
>> > > If the XML file contains an archive, it will be unpacked into the
>> > > target, so the fine-tuning
>> > > commands can use the content of the archive, too.
>> >
>> > and
>> >
>> > > The archive from the XML file is unpacked again.
>> > > This is to ensure the target filesystem contains
>> > > all files from the archive, even if some of them
>> > > have been deleted by a fine-tuning command.
>> >
>> >
>> > For me, it would be totally acceptable to skip the
>> > second unpack of the archive. IFF I delete files in
>> > the finetuning block, then I'm willing to be blamed.
>> > :-) Moreover, I see the use case to transport some
>> > script into the image, call it once during finetune,
>> > be done with it and delete it. Same argument for
>> > key material or other credentials, which may be
>> > used during finetuning and should not come back.
>> >
>> >
>> > So I would suggest to add some switch to select,
>> > whether or not the second unpack should run.
>> > > <archive untar_after_finetune="false" />
>> > or similar.
>> >
>> > If this is not an option for reasons I'm totally
>> > unaware of, I would suggest at least to add an
>> > item as additional tar options like
>> > > <archive untar_opts="--no-overwrite-dir --same-owner" />
>> > or similar. And yes, it would be my responsibility to
>> > have all such files under their correct owner in the
>> > archive.
>> >
>>
>> I can only consent to everything Erich said.
>> I do have similar use-cases for the archive and finetuning commands.
>>
>> If there is a reason for the second unpack, it would be interesting to
>> here about?
>> >
>> > Thank you for providing elbe,
>> > Erich
>> >
>> Also from me. Thanks for the good work.
>> Peter
>>
>
>
>
>> _______________________________________________
>> elbe-devel mailing list
>> elbe-devel at linutronix.de
>> https://lists.linutronix.de/mailman/listinfo/elbe-devel
>
>
> _______________________________________________
> elbe-devel mailing list
> elbe-devel at linutronix.de
> https://lists.linutronix.de/mailman/listinfo/elbe-devel
More information about the elbe-devel
mailing list