From b888f68daf6cb3ed9782fe85045858b6a04d4911 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rados=C5=82aw=20Piliszek?= <radoslaw.piliszek@gmail.com>
Date: Wed, 18 May 2022 16:20:12 +0200
Subject: [PATCH] Fix local sources of git repositories

This is I2cbf1f539880d512aa223c3ef3a4b19ee18854ac extended to fix
the case when a git repository is used with a git repo.
This is probably a rarer use case but, still, we use it in CI
for in-review changes testing.

Change-Id: I77b0dcd2e9dfd8ea8390a471b80c8954b67ef91b
---
 kolla/image/build.py | 21 +++++++++++----------
 1 file changed, 11 insertions(+), 10 deletions(-)

diff --git a/kolla/image/build.py b/kolla/image/build.py
index 1a28a26951..f02c6e231b 100755
--- a/kolla/image/build.py
+++ b/kolla/image/build.py
@@ -324,6 +324,15 @@ class BuildTask(DockerTask):
 
         dest_archive = os.path.join(image.path, source['name'] + '-archive')
 
+        # NOTE(mgoddard): Change ownership of files to root:root. This
+        # avoids an issue introduced by the fix for git CVE-2022-24765,
+        # which breaks PBR when the source checkout is not owned by the
+        # user installing it. LP#1969096
+        def reset_userinfo(tarinfo):
+            tarinfo.uid = tarinfo.gid = 0
+            tarinfo.uname = tarinfo.gname = "root"
+            return tarinfo
+
         if source.get('type') == 'url':
             self.logger.debug("Getting archive from %s", source['source'])
             try:
@@ -368,15 +377,6 @@ class BuildTask(DockerTask):
                 image.status = Status.ERROR
                 return
 
-            # NOTE(mgoddard): Change ownership of files to root:root. This
-            # avoids an issue introduced by the fix for git CVE-2022-24765,
-            # which breaks PBR when the source checkout is not owned by the
-            # user installing it. LP#1969096
-            def reset_userinfo(tarinfo):
-                tarinfo.uid = tarinfo.gid = 0
-                tarinfo.uname = tarinfo.gname = "root"
-                return tarinfo
-
             with tarfile.open(dest_archive, 'w') as tar:
                 tar.add(clone_dir, arcname=os.path.basename(clone_dir),
                         filter=reset_userinfo)
@@ -387,7 +387,8 @@ class BuildTask(DockerTask):
             if os.path.isdir(source['source']):
                 with tarfile.open(dest_archive, 'w') as tar:
                     tar.add(source['source'],
-                            arcname=os.path.basename(source['source']))
+                            arcname=os.path.basename(source['source']),
+                            filter=reset_userinfo)
             else:
                 shutil.copyfile(source['source'], dest_archive)