6497b7520d
tag v0.165.0 Tagger: imagebuilder-bot <imagebuilder-bots+imagebuilder-bot@redhat.com> Changes with 0.165.0 ---------------- * distro: move rhel9 into a generic distro (osbuild/images#1645) * Author: Michael Vogt, Reviewers: Achilleas Koutsou, Simon de Vlieger * Revert "distro: drop `ImageType.BasePartitionTable()`" (osbuild/images#1691) * Author: Michael Vogt, Reviewers: Simon de Vlieger, Tomáš Hozza * Update dependencies 2025-07-20 (osbuild/images#1675) * Author: SchutzBot, Reviewers: Achilleas Koutsou, Simon de Vlieger * defs: add missing `bootstrap_containers` (osbuild/images#1679) * Author: Michael Vogt, Reviewers: Simon de Vlieger, Tomáš Hozza * disk: handle adding `PReP` partition on PPC64/s390x (HMS-8884) (osbuild/images#1681) * Author: Michael Vogt, Reviewers: Achilleas Koutsou, Simon de Vlieger * distro: bring per-distro checkOptions back (osbuild/images#1678) * Author: Michael Vogt, Reviewers: Simon de Vlieger, Tomáš Hozza * distro: cleanups in the pkg/distro/generic area (osbuild/images#1686) * Author: Michael Vogt, Reviewers: Achilleas Koutsou, Simon de Vlieger * distro: move rhel8 into a generic distro (osbuild/images#1643) * Author: Michael Vogt, Reviewers: Nobody * distro: small followups for PR#1682 (osbuild/images#1689) * Author: Michael Vogt, Reviewers: Achilleas Koutsou, Simon de Vlieger, Tomáš Hozza * distro: unify transform/match into a single concept (osbuild/images#1682) * Author: Michael Vogt, Reviewers: Achilleas Koutsou, Tomáš Hozza * distros: de-duplicate runner build packages for centos10 (osbuild/images#1680) * Author: Michael Vogt, Reviewers: Simon de Vlieger, Tomáš Hozza * github: disable Go dep updates through dependabot (osbuild/images#1683) * Author: Achilleas Koutsou, Reviewers: Simon de Vlieger, Tomáš Hozza * repos: include almalinux 9.6 (osbuild/images#1677) * Author: Simon de Vlieger, Reviewers: Lukáš Zapletal, Tomáš Hozza * rhel9: wsl distribution config (osbuild/images#1694) * Author: Simon de Vlieger, Reviewers: Michael Vogt, Sanne Raymaekers * test/manifests/all-customizations: don't embed local file via URI (osbuild/images#1684) * Author: Tomáš Hozza, Reviewers: Achilleas Koutsou, Brian C. Lane — Somewhere on the Internet, 2025-07-28 --- tag v0.166.0 Tagger: imagebuilder-bot <imagebuilder-bots+imagebuilder-bot@redhat.com> Changes with 0.166.0 ---------------- * customizations/subscription: conditionally enable semanage call (HMS-8866) (osbuild/images#1673) * Author: Sanne Raymaekers, Reviewers: Achilleas Koutsou, Michael Vogt * distro/rhel-10: versionlock shim-x64 in the azure-cvm image (osbuild/images#1697) * Author: Achilleas Koutsou, Reviewers: Michael Vogt, Simon de Vlieger * manifestmock: move container/pkg/commit mocks into helper (osbuild/images#1700) * Author: Michael Vogt, Reviewers: Achilleas Koutsou, Simon de Vlieger * rhel9: `vagrant-libvirt`, `vagrant-virtualbox` (osbuild/images#1693) * Author: Simon de Vlieger, Reviewers: Michael Vogt, Sanne Raymaekers * rhel{9,10}: centos WSL refinement (HMS-8922) (osbuild/images#1690) * Author: Simon de Vlieger, Reviewers: Ondřej Budai, Sanne Raymaekers, Tomáš Hozza — Somewhere on the Internet, 2025-07-29 --- tag v0.167.0 Tagger: imagebuilder-bot <imagebuilder-bots+imagebuilder-bot@redhat.com> Changes with 0.167.0 ---------------- * RHEL/Azure: drop obsolete WAAgentConfig keys [RHEL-93894] and remove loglevel kernel option [RHEL-102372] (osbuild/images#1611) * Author: Achilleas Koutsou, Reviewers: Michael Vogt, Ondřej Budai, Sanne Raymaekers * Update dependencies 2025-07-27 (osbuild/images#1699) * Author: SchutzBot, Reviewers: Achilleas Koutsou, Simon de Vlieger * distro/rhel9: set default_kernel to kernel-uki-virt (osbuild/images#1704) * Author: Achilleas Koutsou, Reviewers: Ondřej Budai, Simon de Vlieger * distro: drop legacy loaders and update tests (osbuild/images#1687) * Author: Michael Vogt, Reviewers: Achilleas Koutsou, Tomáš Hozza * distro: fix issues with yaml distro definitions and enable yaml checks (osbuild/images#1702) * Author: Achilleas Koutsou, Reviewers: Michael Vogt, Ondřej Budai, Simon de Vlieger — Somewhere on the Internet, 2025-07-30 --- tag v0.168.0 Tagger: imagebuilder-bot <imagebuilder-bots+imagebuilder-bot@redhat.com> Changes with 0.168.0 ---------------- * distro: fix bug in variable substitution for static distros (osbuild/images#1710) * Author: Michael Vogt, Reviewers: Achilleas Koutsou, Simon de Vlieger * rhel{9,10}: azure for non-RHEL (HMS-8949) (osbuild/images#1707) * Author: Simon de Vlieger, Reviewers: Achilleas Koutsou, Michael Vogt — Somewhere on the Internet, 2025-07-30 ---
137 lines
4.1 KiB
Go
137 lines
4.1 KiB
Go
package graphdriver
|
|
|
|
import (
|
|
"bytes"
|
|
"errors"
|
|
"fmt"
|
|
"io/fs"
|
|
"os"
|
|
|
|
"github.com/containers/storage/pkg/idtools"
|
|
"github.com/containers/storage/pkg/reexec"
|
|
"github.com/opencontainers/selinux/pkg/pwalkdir"
|
|
)
|
|
|
|
const (
|
|
chownByMapsCmd = "storage-chown-by-maps"
|
|
)
|
|
|
|
func init() {
|
|
reexec.Register(chownByMapsCmd, chownByMapsMain)
|
|
}
|
|
|
|
func chownByMapsMain() {
|
|
if len(os.Args) < 2 {
|
|
fmt.Fprintf(os.Stderr, "requires mapping configuration on stdin and directory path")
|
|
os.Exit(1)
|
|
}
|
|
// Read and decode our configuration.
|
|
discreteMaps := [4][]idtools.IDMap{}
|
|
config := bytes.Buffer{}
|
|
if _, err := config.ReadFrom(os.Stdin); err != nil {
|
|
fmt.Fprintf(os.Stderr, "error reading configuration: %v", err)
|
|
os.Exit(1)
|
|
}
|
|
if err := json.Unmarshal(config.Bytes(), &discreteMaps); err != nil {
|
|
fmt.Fprintf(os.Stderr, "error decoding configuration: %v", err)
|
|
os.Exit(1)
|
|
}
|
|
// Try to chroot. This may not be possible, and on some systems that
|
|
// means we just Chdir() to the directory, so from here on we should be
|
|
// using relative paths.
|
|
if err := chrootOrChdir(os.Args[1]); err != nil {
|
|
fmt.Fprintf(os.Stderr, "error chrooting to %q: %v", os.Args[1], err)
|
|
os.Exit(1)
|
|
}
|
|
// Build the mapping objects.
|
|
toContainer := idtools.NewIDMappingsFromMaps(discreteMaps[0], discreteMaps[1])
|
|
if len(toContainer.UIDs()) == 0 && len(toContainer.GIDs()) == 0 {
|
|
toContainer = nil
|
|
}
|
|
toHost := idtools.NewIDMappingsFromMaps(discreteMaps[2], discreteMaps[3])
|
|
if len(toHost.UIDs()) == 0 && len(toHost.GIDs()) == 0 {
|
|
toHost = nil
|
|
}
|
|
|
|
chowner := newLChowner()
|
|
|
|
var chown fs.WalkDirFunc = func(path string, d fs.DirEntry, _ error) error {
|
|
info, err := d.Info()
|
|
if path == "." || err != nil {
|
|
return nil
|
|
}
|
|
return chowner.LChown(path, info, toHost, toContainer)
|
|
}
|
|
if err := pwalkdir.Walk(".", chown); err != nil {
|
|
fmt.Fprintf(os.Stderr, "error during chown: %v", err)
|
|
os.Exit(1)
|
|
}
|
|
os.Exit(0)
|
|
}
|
|
|
|
// ChownPathByMaps walks the filesystem tree, changing the ownership
|
|
// information using the toContainer and toHost mappings, using them to replace
|
|
// on-disk owner UIDs and GIDs which are "host" values in the first map with
|
|
// UIDs and GIDs for "host" values from the second map which correspond to the
|
|
// same "container" IDs.
|
|
func ChownPathByMaps(path string, toContainer, toHost *idtools.IDMappings) error {
|
|
if toContainer == nil {
|
|
toContainer = &idtools.IDMappings{}
|
|
}
|
|
if toHost == nil {
|
|
toHost = &idtools.IDMappings{}
|
|
}
|
|
|
|
config, err := json.Marshal([4][]idtools.IDMap{toContainer.UIDs(), toContainer.GIDs(), toHost.UIDs(), toHost.GIDs()})
|
|
if err != nil {
|
|
return err
|
|
}
|
|
cmd := reexec.Command(chownByMapsCmd, path)
|
|
cmd.Stdin = bytes.NewReader(config)
|
|
output, err := cmd.CombinedOutput()
|
|
if len(output) > 0 && err != nil {
|
|
return fmt.Errorf("%s: %w", string(output), err)
|
|
}
|
|
if err != nil {
|
|
return err
|
|
}
|
|
if len(output) > 0 {
|
|
return errors.New(string(output))
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
type naiveLayerIDMapUpdater struct {
|
|
ProtoDriver
|
|
}
|
|
|
|
// NewNaiveLayerIDMapUpdater wraps the ProtoDriver in a LayerIDMapUpdater that
|
|
// uses ChownPathByMaps to update the ownerships in a layer's filesystem tree.
|
|
func NewNaiveLayerIDMapUpdater(driver ProtoDriver) LayerIDMapUpdater {
|
|
return &naiveLayerIDMapUpdater{ProtoDriver: driver}
|
|
}
|
|
|
|
// UpdateLayerIDMap walks the layer's filesystem tree, changing the ownership
|
|
// information using the toContainer and toHost mappings, using them to replace
|
|
// on-disk owner UIDs and GIDs which are "host" values in the first map with
|
|
// UIDs and GIDs for "host" values from the second map which correspond to the
|
|
// same "container" IDs.
|
|
func (n *naiveLayerIDMapUpdater) UpdateLayerIDMap(id string, toContainer, toHost *idtools.IDMappings, mountLabel string) (retErr error) {
|
|
driver := n.ProtoDriver
|
|
options := MountOpts{
|
|
MountLabel: mountLabel,
|
|
}
|
|
layerFs, err := driver.Get(id, options)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
defer driverPut(driver, id, &retErr)
|
|
|
|
return ChownPathByMaps(layerFs, toContainer, toHost)
|
|
}
|
|
|
|
// SupportsShifting tells whether the driver support shifting of the UIDs/GIDs to the provided mapping in an userNS
|
|
func (n *naiveLayerIDMapUpdater) SupportsShifting(uidmap, gidmap []idtools.IDMap) bool {
|
|
return false
|
|
}
|