openstack/diskimage-builder
Code Issues Proposed changes

Merge "Fix manifest element with non-root user"

Browse Source
This commit is contained in:
Zuul 2024-11-08 01:05:30 +00:00 committed by Gerrit Code Review
commit 6adc17c2c2
2 changed files with 10 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
diskimage_builder/elements/manifests/cleanup.d/01-copy-manifests-dir
View File

@ -34,10 +34,11 @@ echo "$DIB_ARGS" | sudo dd of=${MANIFEST_IMAGE_PATH}/dib_arguments # dib-lint:
# Save the manifests locally to the save dir
mkdir -p ${DIB_MANIFEST_SAVE_DIR}
cp --no-preserve=ownership -rv ${MANIFEST_IMAGE_PATH} ${DIB_MANIFEST_SAVE_DIR}
sudo cp --no-preserve=ownership -rv ${MANIFEST_IMAGE_PATH} ${DIB_MANIFEST_SAVE_DIR} # dib-lint: safe_sudo
sudo chown -R $(whoami): ${DIB_MANIFEST_SAVE_DIR} # dib-lint: safe_sudo
# Lock down permissions on the manifest files inside the image to
# root. We don't want regular users being able to see what might
# contain a password, etc.
find ${MANIFEST_IMAGE_PATH} -type f | xargs sudo chown root:root # dib-lint: safe_sudo
find ${MANIFEST_IMAGE_PATH} -type f | xargs sudo chmod 600 # dib-lint: safe_sudo
sudo find ${MANIFEST_IMAGE_PATH} -type f | xargs sudo chown root:root # dib-lint: safe_sudo
sudo find ${MANIFEST_IMAGE_PATH} -type f | xargs sudo chmod 600 # dib-lint: safe_sudo

6
releasenotes/notes/fix-2069956-396eb9f5fb928e2d.yaml Normal file
View File

@ -0,0 +1,6 @@
---
fixes:
- |
Fixes an issue where an image using the ``manifest`` element could fail to
build when using a non-root user. See `bug 2069956
<https://bugs.launchpad.net/diskimage-builder/+bug/2069956>`__.