Fix local sources of git repositories

This is I2cbf1f539880d512aa223c3ef3a4b19ee18854ac extended to fix
the case when a git repository is used with a git repo.
This is probably a rarer use case but, still, we use it in CI
for in-review changes testing.

Change-Id: I77b0dcd2e9dfd8ea8390a471b80c8954b67ef91b
This commit is contained in:
Radosław Piliszek 2022-05-18 16:20:12 +02:00
parent 9040d4f527
commit b888f68daf
1 changed files with 11 additions and 10 deletions

View File

@ -324,6 +324,15 @@ class BuildTask(DockerTask):
dest_archive = os.path.join(image.path, source['name'] + '-archive')
# NOTE(mgoddard): Change ownership of files to root:root. This
# avoids an issue introduced by the fix for git CVE-2022-24765,
# which breaks PBR when the source checkout is not owned by the
# user installing it. LP#1969096
def reset_userinfo(tarinfo):
tarinfo.uid = tarinfo.gid = 0
tarinfo.uname = tarinfo.gname = "root"
return tarinfo
if source.get('type') == 'url':
self.logger.debug("Getting archive from %s", source['source'])
try:
@ -368,15 +377,6 @@ class BuildTask(DockerTask):
image.status = Status.ERROR
return
# NOTE(mgoddard): Change ownership of files to root:root. This
# avoids an issue introduced by the fix for git CVE-2022-24765,
# which breaks PBR when the source checkout is not owned by the
# user installing it. LP#1969096
def reset_userinfo(tarinfo):
tarinfo.uid = tarinfo.gid = 0
tarinfo.uname = tarinfo.gname = "root"
return tarinfo
with tarfile.open(dest_archive, 'w') as tar:
tar.add(clone_dir, arcname=os.path.basename(clone_dir),
filter=reset_userinfo)
@ -387,7 +387,8 @@ class BuildTask(DockerTask):
if os.path.isdir(source['source']):
with tarfile.open(dest_archive, 'w') as tar:
tar.add(source['source'],
arcname=os.path.basename(source['source']))
arcname=os.path.basename(source['source']),
filter=reset_userinfo)
else:
shutil.copyfile(source['source'], dest_archive)