From 9767cd564fb309e8bfe3a457febe2a0388cac140 Mon Sep 17 00:00:00 2001
From: Mark Goddard <mark@stackhpc.com>
Date: Thu, 20 Jun 2024 12:03:54 +0100
Subject: [PATCH] Fix manifest element with non-root user

When building an image with the manifests element as a non-root user,
the image can fail to build. This affects the Ironic Python Agent (IPA)
image.

The issue was permission denied when copying the manifests from the
image build directory due to them being owned by the root user.

This change fixes the issue by copying the files using sudo, and
changing their ownership later.

Change-Id: I5fcdd9d47f97f32a5b4b8246e8b57ead41b0bdd9
Closes-Bug: #2069956
---
 .../elements/manifests/cleanup.d/01-copy-manifests-dir     | 7 ++++---
 releasenotes/notes/fix-2069956-396eb9f5fb928e2d.yaml       | 6 ++++++
 2 files changed, 10 insertions(+), 3 deletions(-)
 create mode 100644 releasenotes/notes/fix-2069956-396eb9f5fb928e2d.yaml

diff --git a/diskimage_builder/elements/manifests/cleanup.d/01-copy-manifests-dir b/diskimage_builder/elements/manifests/cleanup.d/01-copy-manifests-dir
index 3ac192568..4e65fa5ba 100755
--- a/diskimage_builder/elements/manifests/cleanup.d/01-copy-manifests-dir
+++ b/diskimage_builder/elements/manifests/cleanup.d/01-copy-manifests-dir
@@ -34,10 +34,11 @@ echo "$DIB_ARGS" | sudo dd of=${MANIFEST_IMAGE_PATH}/dib_arguments  # dib-lint:
 
 # Save the manifests locally to the save dir
 mkdir -p ${DIB_MANIFEST_SAVE_DIR}
-cp --no-preserve=ownership -rv ${MANIFEST_IMAGE_PATH} ${DIB_MANIFEST_SAVE_DIR}
+sudo cp --no-preserve=ownership -rv ${MANIFEST_IMAGE_PATH} ${DIB_MANIFEST_SAVE_DIR} # dib-lint: safe_sudo
+sudo chown -R $(whoami): ${DIB_MANIFEST_SAVE_DIR} # dib-lint: safe_sudo
 
 # Lock down permissions on the manifest files inside the image to
 # root.  We don't want regular users being able to see what might
 # contain a password, etc.
-find ${MANIFEST_IMAGE_PATH} -type f | xargs sudo chown root:root # dib-lint: safe_sudo
-find ${MANIFEST_IMAGE_PATH} -type f | xargs sudo chmod 600 # dib-lint: safe_sudo
+sudo find ${MANIFEST_IMAGE_PATH} -type f | xargs sudo chown root:root # dib-lint: safe_sudo
+sudo find ${MANIFEST_IMAGE_PATH} -type f | xargs sudo chmod 600 # dib-lint: safe_sudo
diff --git a/releasenotes/notes/fix-2069956-396eb9f5fb928e2d.yaml b/releasenotes/notes/fix-2069956-396eb9f5fb928e2d.yaml
new file mode 100644
index 000000000..f50b984c5
--- /dev/null
+++ b/releasenotes/notes/fix-2069956-396eb9f5fb928e2d.yaml
@@ -0,0 +1,6 @@
+---
+fixes:
+  - |
+    Fixes an issue where an image using the ``manifest`` element could fail to
+    build when using a non-root user. See `bug 2069956
+    <https://bugs.launchpad.net/diskimage-builder/+bug/2069956>`__.