osbuild/fsnode: default to removing destination for custom files

Default to always remove the destination before copying when generating the copy stage options for custom files in the image. This will ensure that if the destination is an existing symlink to another file, it won't be followed. Signed-off-by: Tomáš Hozza <thozza@redhat.com>
2023-02-16 15:07:03 +01:00 · 2023-02-16 15:07:03 +01:00 · 9bebd98d5b
commit 9bebd98d5b
parent d9f8dcdd44
2 changed files with 17 additions and 10 deletions
--- a/internal/osbuild/fsnode.go
+++ b/internal/osbuild/fsnode.go
@ -27,6 +27,8 @@ func GenFileNodesStages(files []*fsnode.File) []*Stage {
 		copyStagePaths = append(copyStagePaths, CopyStagePath{
 			From: fmt.Sprintf("input://%s/sha256:%s", copyStageInputKey, fileDataChecksum),
 			To:   fmt.Sprintf("tree://%s", file.Path()),
+			// Default to removing the destination if it exists to ensure that symlinks are not followed.
+			RemoveDestination: true,
 		})
 		copyStageInputs[copyStageInputKey] = NewFilesInput(NewFilesInputSourceArrayRef([]FilesInputSourceArrayRefEntry{
 			NewFilesInputSourceArrayRefEntry(fileDataChecksum, nil),
--- a/internal/osbuild/fsnode_test.go
+++ b/internal/osbuild/fsnode_test.go
@ -46,8 +46,9 @@ func TestGenFileNodesStages(t *testing.T) {
 				NewCopyStageSimple(&CopyStageOptions{
 					Paths: []CopyStagePath{
 						{
-							From: fmt.Sprintf("input://file-%[1]x/sha256:%[1]x", sha256.Sum256(fileData1)),
-							To:   "tree:///etc/file",
+							From:              fmt.Sprintf("input://file-%[1]x/sha256:%[1]x", sha256.Sum256(fileData1)),
+							To:                "tree:///etc/file",
+							RemoveDestination: true,
 						},
 					},
 				}, &CopyStageFilesInputs{
@ -67,12 +68,14 @@ func TestGenFileNodesStages(t *testing.T) {
 				NewCopyStageSimple(&CopyStageOptions{
 					Paths: []CopyStagePath{
 						{
-							From: fmt.Sprintf("input://file-%[1]x/sha256:%[1]x", sha256.Sum256(fileData1)),
-							To:   "tree:///etc/file",
+							From:              fmt.Sprintf("input://file-%[1]x/sha256:%[1]x", sha256.Sum256(fileData1)),
+							To:                "tree:///etc/file",
+							RemoveDestination: true,
 						},
 						{
-							From: fmt.Sprintf("input://file-%[1]x/sha256:%[1]x", sha256.Sum256(fileData2)),
-							To:   "tree:///etc/file2",
+							From:              fmt.Sprintf("input://file-%[1]x/sha256:%[1]x", sha256.Sum256(fileData2)),
+							To:                "tree:///etc/file2",
+							RemoveDestination: true,
 						},
 					},
 				}, &CopyStageFilesInputs{
@ -95,12 +98,14 @@ func TestGenFileNodesStages(t *testing.T) {
 				NewCopyStageSimple(&CopyStageOptions{
 					Paths: []CopyStagePath{
 						{
-							From: fmt.Sprintf("input://file-%[1]x/sha256:%[1]x", sha256.Sum256(fileData1)),
-							To:   "tree:///etc/file",
+							From:              fmt.Sprintf("input://file-%[1]x/sha256:%[1]x", sha256.Sum256(fileData1)),
+							To:                "tree:///etc/file",
+							RemoveDestination: true,
 						},
 						{
-							From: fmt.Sprintf("input://file-%[1]x/sha256:%[1]x", sha256.Sum256(fileData2)),
-							To:   "tree:///etc/file2",
+							From:              fmt.Sprintf("input://file-%[1]x/sha256:%[1]x", sha256.Sum256(fileData2)),
+							To:                "tree:///etc/file2",
+							RemoveDestination: true,
 						},
 					},
 				}, &CopyStageFilesInputs{