summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorintrigeri <intrigeri@boum.org>2020-01-11 07:44:55 +0000
committerintrigeri <intrigeri@boum.org>2020-01-11 09:00:43 +0000
commit90d6dc1edb60de251a1e6f694b6925aaf01520da (patch)
tree859274f1c1a5e91b4e3ccb9012cb2c4c3f28a288
parente3e357fd5c80288a032f546c79c32a9aec08a967 (diff)
IUK generation: don't make all files in the SquashFS diff owned by root (refs: #17422)
This fixes a regression introduced while implementing the IUK v2 format (iuk.git:b578872ba2167da7dbc106a9d20c88e523ab73b3). We need to pass -all-root for the 1st-level SquashFS (the IUK itself) but we need to *not* pass it for the SquashFS diff that's included in the IUK, otherwise we're going to break systems when upgrading them. Thanks kibi for independently doing the same root cause analysis, and for testing that dropping -all-root indeed fixes the problem!
-rw-r--r--config/chroot_local-includes/usr/src/iuk/features/create/Create.feature4
-rwxr-xr-x[-rw-r--r--]config/chroot_local-includes/usr/src/iuk/features/create/step_definitions/Create_steps.pl45
-rw-r--r--config/chroot_local-includes/usr/src/iuk/lib/Tails/IUK.pm4
3 files changed, 40 insertions, 13 deletions
diff --git a/config/chroot_local-includes/usr/src/iuk/features/create/Create.feature b/config/chroot_local-includes/usr/src/iuk/features/create/Create.feature
index 6dc6467..05bceb6 100644
--- a/config/chroot_local-includes/usr/src/iuk/features/create/Create.feature
+++ b/config/chroot_local-includes/usr/src/iuk/features/create/Create.feature
@@ -62,9 +62,9 @@ Feature: create an IUK
Scenario: create an IUK when new files have appeared in filesystem.squashfs
Given an old ISO image whose filesystem.squashfs does not contain file "A"
- And a new ISO image whose filesystem.squashfs contains file "A"
+ And a new ISO image whose filesystem.squashfs contains file "A" owned by www-data
When I create an IUK
- Then the saved IUK contains a SquashFS that contains file "A"
+ Then the saved IUK contains a SquashFS that contains file "A" owned by www-data
Scenario: create an IUK when files have disappeared from filesystem.squashfs
Given an old ISO image whose filesystem.squashfs contains file "A"
diff --git a/config/chroot_local-includes/usr/src/iuk/features/create/step_definitions/Create_steps.pl b/config/chroot_local-includes/usr/src/iuk/features/create/step_definitions/Create_steps.pl
index 1c303f4..732b81f 100644..100755
--- a/config/chroot_local-includes/usr/src/iuk/features/create/step_definitions/Create_steps.pl
+++ b/config/chroot_local-includes/usr/src/iuk/features/create/step_definitions/Create_steps.pl
@@ -148,11 +148,20 @@ Given qr{^two ISO images when a new kernel was added$}, fun ($c) {
);
};
-Given qr{^(an old|a new) ISO image whose filesystem.squashfs( does not|) contains? file "([^"]+)"(?:| modified at ([0-9]+))$}, fun ($c) {
+Given qr{^(an old|a new) ISO image whose filesystem.squashfs( does not|) contains? file "([^"]+)"(?:| modified at ([0-9]+)| owned by ([a-z-]+))$}, fun ($c) {
my $generation = $c->matches->[0] eq 'an old' ? 'old' : 'new';
my $contains = $c->matches->[1] eq "" ? 1 : 0;
my $file = $c->matches->[2];
- my $mtime = $c->matches->[3];
+ my ($mtime, $owner);
+ if (defined $c->matches->[3]) {
+ if ($c->matches->[3] =~ m{\A[0-9]+\z}) {
+ $mtime = $c->matches->[3];
+ } elsif ($c->matches->[3] =~ m{\A[a-z-]+\z}) {
+ $owner = $c->matches->[3];
+ } else {
+ croak "Test suite implementation error";
+ }
+ }
my $iso_basename = $generation eq 'old' ? 'old.iso' : 'new.iso';
my $iso_filename = path($c->{stash}->{scenario}->{tempdir}, $iso_basename);
@@ -164,6 +173,7 @@ Given qr{^(an old|a new) ISO image whose filesystem.squashfs( does not|) contain
path($squashfs_tempdir, $file)->parent->mkpath();
path($squashfs_tempdir, $file)->touch;
utime($mtime, $mtime, path($squashfs_tempdir, $file)) if defined($mtime);
+ run_as_root('chown', $owner, path($squashfs_tempdir, $file)) if defined($owner);
}
path($iso_tempdir, 'live')->mkpath();
capture("mksquashfs '$squashfs_tempdir' '$iso_tempdir/live/filesystem.squashfs' -no-progress 2>/dev/null");
@@ -311,7 +321,8 @@ fun file_content_in_iuk_unlike($iuk_in, Path $filename, $regexp) {
_file_content_in_iuk_like(@_, 0);
}
-fun squashfs_in_iuk_contains($iuk_in, $squashfs_name, $expected_file, $expected_mtime) {
+fun squashfs_in_iuk_contains(:$iuk_in, :$squashfs_name, :$expected_file,
+ :$expected_mtime, :$expected_owner) {
my $squashfs_path = path('overlay', 'live', $squashfs_name);
die "SquashFS '$squashfs_name' not found in the IUK"
unless $iuk_in->contains_file($squashfs_path);
@@ -341,8 +352,13 @@ fun squashfs_in_iuk_contains($iuk_in, $squashfs_name, $expected_file, $expected_
return unless $exists;
if (defined $expected_mtime) {
- return $expected_mtime == $tempdir->child('squashfs-root', $expected_file)->stat->mtime
+ return unless $expected_mtime == $tempdir->child('squashfs-root', $expected_file)->stat->mtime
}
+
+ if (defined $expected_owner) {
+ return unless $expected_owner eq getpwuid($tempdir->child('squashfs-root', $expected_file)->stat->uid)
+ }
+
return 1;
}
@@ -439,14 +455,25 @@ Then qr{^the delete_files list is empty$}, fun ($c) {
is($c->{stash}->{scenario}->{iuk_in}->delete_files_count, 0);
};
-Then qr{^the saved IUK contains a SquashFS that contains file "([^"]+)"(?:| modified at ([0-9]+))$}, fun ($c) {
+Then qr{^the saved IUK contains a SquashFS that contains file "([^"]+)"(?:| modified at ([0-9]+)| owned by ([a-z-]+))$}, fun ($c) {
my $expected_file = $c->matches->[0];
- my $expected_mtime = $c->matches->[1];
+ my ($expected_mtime, $expected_owner);
+ if (defined $c->matches->[1]) {
+ if ($c->matches->[1] =~ m{\A[0-9]+\z}) {
+ $expected_mtime = $c->matches->[1];
+ } elsif ($c->matches->[1] =~ m{\A[a-z-]+\z}) {
+ $expected_owner = $c->matches->[1];
+ } else {
+ croak "Test suite implementation error";
+ }
+ }
ok(squashfs_in_iuk_contains(
- $c->{stash}->{scenario}->{iuk_in},
- $c->{stash}->{scenario}->{squashfs_diff_name},
- $expected_file, $expected_mtime,
+ iuk_in => $c->{stash}->{scenario}->{iuk_in},
+ squashfs_name => $c->{stash}->{scenario}->{squashfs_diff_name},
+ expected_file => $expected_file,
+ expected_mtime => $expected_mtime,
+ expected_owner => $expected_owner,
));
};
diff --git a/config/chroot_local-includes/usr/src/iuk/lib/Tails/IUK.pm b/config/chroot_local-includes/usr/src/iuk/lib/Tails/IUK.pm
index dd6787a..3bfc399 100644
--- a/config/chroot_local-includes/usr/src/iuk/lib/Tails/IUK.pm
+++ b/config/chroot_local-includes/usr/src/iuk/lib/Tails/IUK.pm
@@ -246,7 +246,6 @@ method _build_overlay_dir () {
method _build_format_version () { "2"; }
method _build_mksquashfs_options () { [
qw{-no-progress -noappend},
- qw{-all-root},
qw{-comp xz -Xbcj x86 -b 1024K -Xdict-size 1024K},
]}
method _build_union_type () { "aufs"; }
@@ -452,7 +451,8 @@ method saveas ($outfile_name) {
qw{mksquashfs},
$self->squashfs_src_dir,
$outfile_name,
- $self->list_mksquashfs_options
+ $self->list_mksquashfs_options,
+ '-all-root',
);
return;