Post-CVE follow-up fix - um/yoga and older

Somehow in the copying of various last minute changes I missed a
structural change to the logic where ultimately the originally
developed CVE fix patch was wrong, as the logic should have been

If we-re forcing raw:
- Then do so if we have deep image inspection disable and the
  qemu-info logic path tells us it is raw.
- Or when deep image inspection is enabled, and the detected format
  is *not* raw.

However, this ended with
- If we force raw and we have deep image inspection disabled and the
  image would be converted to raw
- Or deep image inspection is enabled and we detect the format of
  the image as *not* raw.

Anyhow, the difference is largely "force_raw" getting applied
across the board, because some operators *don't* force raw which
was the variation from testing  of the changes.

In any event, the original intended logic is correct, and should
resolve cases where the image is always getting converted for some
operators.

This patch will need to be backported across xena, wallaby,
and victoria.

Change-Id: I7baa03de2a26a05aa20bf88f0fdf051fc8be14fd
This commit is contained in:
Julia Kreger 2024-09-09 14:25:33 -07:00
parent a859de61de
commit c8e5f4a819

View File

@ -361,9 +361,9 @@ def _fetch(context, image_href, path, force_raw=False, expected_format=None):
# Notes(yjiang5): If glance can provide the virtual size information,
# then we can firstly clean cache and then invoke images.fetch().
if (force_raw
and (disable_dii
and ((disable_dii
and images.force_raw_will_convert(image_href, path_tmp))
or (not disable_dii and image_format != 'raw')):
or (not disable_dii and image_format != 'raw'))):
required_space = images.converted_size(path_tmp, estimate=False)
directory = os.path.dirname(path_tmp)