isos: Ensure proper file ownership and permissions

The genisoimage backend uses the -rational-rock option, which sets uid and gid to 0, and makes file readable by everyone. With xorriso this must be done explicitly. Setting ownership is a single command, but the permissions require a per-file command to not make files executable where not needed. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2203888 Signed-off-by: Lubomír Sedlář <lsedlar@redhat.com>
2023-05-16 16:17:34 +02:00 · 2023-05-16 16:17:34 +02:00 · 82ae9e86d5
commit 82ae9e86d5
parent 2ad341a01c
3 changed files with 46 additions and 1 deletions
--- a/tests/helpers.py
+++ b/tests/helpers.py
@ -272,7 +272,7 @@ class DummyCompose(object):
        return tempfile.mkdtemp(suffix=suffix, prefix=prefix, dir=self.topdir)


-def touch(path, content=None):
+def touch(path, content=None, mode=None):
    """Helper utility that creates an dummy file in given location. Directories
    will be created."""
    content = content or (path + "\n")
@ -284,6 +284,8 @@ def touch(path, content=None):
        content = content.encode()
    with open(path, "wb") as f:
        f.write(content)
+    if mode:
+        os.chmod(path, mode)
    return path


--- a/tests/test_createiso_script.py
+++ b/tests/test_createiso_script.py
@ -1,6 +1,7 @@
 # -*- coding: utf-8 -*-

 import mock
+from parameterized import parameterized

 import os
 from six.moves import StringIO
@ -391,3 +392,27 @@ class CreateIsoScriptTest(helpers.PungiTestCase):
                ),
            ]
        )
+
+    @parameterized.expand(
+        [("644", 0o644), ("664", 0o664), ("666", 0o666), ("2644", 0o2644)]
+    )
+    def test_get_perms_non_executable(self, test_name, mode):
+        path = helpers.touch(os.path.join(self.topdir, "f"), mode=mode)
+        self.assertEqual(createiso._get_perms(path), 0o444)
+
+    @parameterized.expand(
+        [
+            ("544", 0o544),
+            ("554", 0o554),
+            ("555", 0o555),
+            ("744", 0o744),
+            ("755", 0o755),
+            ("774", 0o774),
+            ("775", 0o775),
+            ("777", 0o777),
+            ("2775", 0o2775),
+        ]
+    )
+    def test_get_perms_executable(self, test_name, mode):
+        path = helpers.touch(os.path.join(self.topdir, "f"), mode=mode)
+        self.assertEqual(createiso._get_perms(path), 0o555)