tar/export: Write symlink targets literally #182
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Requires: alexcrichton/tar-rs#274 And I'll just copy/paste the commit message from there, lightly edited: In https://github.com/ostreedev/ostree we generate a cryptographic checksum over files and symlinks, and directories. ostree does not currently perform any canonicalization on symlinks; we'll respect and honor whatever bytes we're provided as input, and replicate that on the target. We're using the Rust tar crate to do tar serialization, which has so far worked fine...except, I hit this corner case: ``` [root@cosa-devsh ~]# rpm -qf /usr/lib/systemd/systemd-sysv-install chkconfig-1.13-2.el8.x86_64 [root@cosa-devsh ~]# ll /usr/lib/systemd/systemd-sysv-install lrwxrwxrwx. 2 root root 24 Nov 29 18:08 /usr/lib/systemd/systemd-sysv-install -> ../../..//sbin/chkconfig [root@cosa-devsh ~]# ``` But, using `set_link_name` to write the tarball, we end up with the canonicalized path `../../../sbin/chkconfig` - i.e. without the double `//`. This breaks the checksum. Now, I am a bit tempted to change ostree to do canonicalization. But even if we did, I'd need to *exactly* match what tar-rs is doing. (I may of course also try to change the rhel8 systemd package, but that's going to take a while to propagate and this corner case isn't the only one I'm sure)
cgwalters
added a commit
to cgwalters/rpm-ostree
that referenced
this pull request
Dec 10, 2021
This is a build-side fix for systemd shipping a non-canonical symlink; see: ostreedev/ostree-rs-ext#182 I'll copy/paste that commit message: In https://github.com/ostreedev/ostree we generate a cryptographic checksum over files and symlinks, and directories. ostree does not currently perform any canonicalization on symlinks; we'll respect and honor whatever bytes we're provided as input, and replicate that on the target. We're using the Rust tar crate to do tar serialization, which has so far worked fine...except, I hit this corner case: ``` [root@cosa-devsh ~]# rpm -qf /usr/lib/systemd/systemd-sysv-install chkconfig-1.13-2.el8.x86_64 [root@cosa-devsh ~]# ll /usr/lib/systemd/systemd-sysv-install lrwxrwxrwx. 2 root root 24 Nov 29 18:08 /usr/lib/systemd/systemd-sysv-install -> ../../..//sbin/chkconfig [root@cosa-devsh ~]# ``` But, using `set_link_name` to write the tarball, we end up with the canonicalized path `../../../sbin/chkconfig` - i.e. without the double `//`. This breaks the checksum. Now, I am a bit tempted to change ostree to do canonicalization. But even if we did, I'd need to *exactly* match what tar-rs is doing. (I may of course also try to change the rhel8 systemd package, but that's going to take a while to propagate and this corner case isn't the only one I'm sure) I verified that this fixes `rpm-ostree ex-container encapsulate` for RHCOS. In fact, it is *just that* one systemd symlink which is non-canonical.
cgwalters
added a commit
to cgwalters/chkconfig
that referenced
this pull request
Dec 10, 2021
See: ostreedev/ostree-rs-ext#182 In https://github.com/ostreedev/ostree we generate a cryptographic checksum over files and symlinks, and directories. ostree does not currently perform any canonicalization on symlinks; we'll respect and honor whatever bytes we're provided as input, and replicate that on the target. We're using the Rust tar crate to do tar serialization, which has so far worked fine...except, I hit this corner case: ``` [root@cosa-devsh ~]# rpm -qf /usr/lib/systemd/systemd-sysv-install chkconfig-1.13-2.el8.x86_64 [root@cosa-devsh ~]# ll /usr/lib/systemd/systemd-sysv-install lrwxrwxrwx. 2 root root 24 Nov 29 18:08 /usr/lib/systemd/systemd-sysv-install -> ../../..//sbin/chkconfig [root@cosa-devsh ~]# ``` But, using `set_link_name` to write the tarball, we end up with the canonicalized path `../../../sbin/chkconfig` - i.e. without the double `//`. This breaks the checksum. Now, I am a bit tempted to change ostree to do canonicalization. But even if we did, I'd need to *exactly* match what tar-rs is doing. For the record, this is *the only* non-canonical symlink in Fedora and RHEL CoreOS today.
cgwalters
added a commit
to cgwalters/rpm-ostree
that referenced
this pull request
Dec 10, 2021
This is a build-side fix for `chkconfig` shipping a non-canonical symlink; see: ostreedev/ostree-rs-ext#182 I'll copy/paste that commit message: In https://github.com/ostreedev/ostree we generate a cryptographic checksum over files and symlinks, and directories. ostree does not currently perform any canonicalization on symlinks; we'll respect and honor whatever bytes we're provided as input, and replicate that on the target. We're using the Rust tar crate to do tar serialization, which has so far worked fine...except, I hit this corner case: ``` [root@cosa-devsh ~]# rpm -qf /usr/lib/systemd/systemd-sysv-install chkconfig-1.13-2.el8.x86_64 [root@cosa-devsh ~]# ll /usr/lib/systemd/systemd-sysv-install lrwxrwxrwx. 2 root root 24 Nov 29 18:08 /usr/lib/systemd/systemd-sysv-install -> ../../..//sbin/chkconfig [root@cosa-devsh ~]# ``` But, using `set_link_name` to write the tarball, we end up with the canonicalized path `../../../sbin/chkconfig` - i.e. without the double `//`. This breaks the checksum. Now, I am a bit tempted to change ostree to do canonicalization. But even if we did, I'd need to *exactly* match what tar-rs is doing. (I may of course also try to change the rhel8 systemd package, but that's going to take a while to propagate and this corner case isn't the only one I'm sure) I verified that this fixes `rpm-ostree ex-container encapsulate` for RHCOS. In fact, it is *just that* one systemd symlink which is non-canonical.
jamacku
pushed a commit
to fedora-sysv/chkconfig
that referenced
this pull request
Dec 10, 2021
See: ostreedev/ostree-rs-ext#182 In https://github.com/ostreedev/ostree we generate a cryptographic checksum over files and symlinks, and directories. ostree does not currently perform any canonicalization on symlinks; we'll respect and honor whatever bytes we're provided as input, and replicate that on the target. We're using the Rust tar crate to do tar serialization, which has so far worked fine...except, I hit this corner case: ``` [root@cosa-devsh ~]# rpm -qf /usr/lib/systemd/systemd-sysv-install chkconfig-1.13-2.el8.x86_64 [root@cosa-devsh ~]# ll /usr/lib/systemd/systemd-sysv-install lrwxrwxrwx. 2 root root 24 Nov 29 18:08 /usr/lib/systemd/systemd-sysv-install -> ../../..//sbin/chkconfig [root@cosa-devsh ~]# ``` But, using `set_link_name` to write the tarball, we end up with the canonicalized path `../../../sbin/chkconfig` - i.e. without the double `//`. This breaks the checksum. Now, I am a bit tempted to change ostree to do canonicalization. But even if we did, I'd need to *exactly* match what tar-rs is doing. For the record, this is *the only* non-canonical symlink in Fedora and RHEL CoreOS today.
cgwalters
added a commit
to cgwalters/rpm-ostree
that referenced
this pull request
Dec 13, 2021
This is a build-side fix for `chkconfig` shipping a non-canonical symlink; see: ostreedev/ostree-rs-ext#182 I'll copy/paste that commit message: In https://github.com/ostreedev/ostree we generate a cryptographic checksum over files and symlinks, and directories. ostree does not currently perform any canonicalization on symlinks; we'll respect and honor whatever bytes we're provided as input, and replicate that on the target. We're using the Rust tar crate to do tar serialization, which has so far worked fine...except, I hit this corner case: ``` [root@cosa-devsh ~]# rpm -qf /usr/lib/systemd/systemd-sysv-install chkconfig-1.13-2.el8.x86_64 [root@cosa-devsh ~]# ll /usr/lib/systemd/systemd-sysv-install lrwxrwxrwx. 2 root root 24 Nov 29 18:08 /usr/lib/systemd/systemd-sysv-install -> ../../..//sbin/chkconfig [root@cosa-devsh ~]# ``` But, using `set_link_name` to write the tarball, we end up with the canonicalized path `../../../sbin/chkconfig` - i.e. without the double `//`. This breaks the checksum. Now, I am a bit tempted to change ostree to do canonicalization. But even if we did, I'd need to *exactly* match what tar-rs is doing. (I may of course also try to change the rhel8 systemd package, but that's going to take a while to propagate and this corner case isn't the only one I'm sure) I verified that this fixes `rpm-ostree ex-container encapsulate` for RHCOS. In fact, it is *just that* one systemd symlink which is non-canonical.
cgwalters
added a commit
to coreos/rpm-ostree
that referenced
this pull request
Dec 14, 2021
This is a build-side fix for `chkconfig` shipping a non-canonical symlink; see: ostreedev/ostree-rs-ext#182 I'll copy/paste that commit message: In https://github.com/ostreedev/ostree we generate a cryptographic checksum over files and symlinks, and directories. ostree does not currently perform any canonicalization on symlinks; we'll respect and honor whatever bytes we're provided as input, and replicate that on the target. We're using the Rust tar crate to do tar serialization, which has so far worked fine...except, I hit this corner case: ``` [root@cosa-devsh ~]# rpm -qf /usr/lib/systemd/systemd-sysv-install chkconfig-1.13-2.el8.x86_64 [root@cosa-devsh ~]# ll /usr/lib/systemd/systemd-sysv-install lrwxrwxrwx. 2 root root 24 Nov 29 18:08 /usr/lib/systemd/systemd-sysv-install -> ../../..//sbin/chkconfig [root@cosa-devsh ~]# ``` But, using `set_link_name` to write the tarball, we end up with the canonicalized path `../../../sbin/chkconfig` - i.e. without the double `//`. This breaks the checksum. Now, I am a bit tempted to change ostree to do canonicalization. But even if we did, I'd need to *exactly* match what tar-rs is doing. (I may of course also try to change the rhel8 systemd package, but that's going to take a while to propagate and this corner case isn't the only one I'm sure) I verified that this fixes `rpm-ostree ex-container encapsulate` for RHCOS. In fact, it is *just that* one systemd symlink which is non-canonical.
|
Closing in favor of #165 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Requires: alexcrichton/tar-rs#274
And I'll just copy/paste the commit message from there, lightly edited:
In https://github.com/ostreedev/ostree we generate a cryptographic
checksum over files and symlinks, and directories.
ostree does not currently perform any canonicalization on symlinks;
we'll respect and honor whatever bytes we're provided as input,
and replicate that on the target.
We're using the Rust tar crate to do tar serialization,
which has so far worked fine...except, I hit this corner case:
But, using
set_link_nameto write the tarball, we end up withthe canonicalized path
../../../sbin/chkconfig- i.e. without thedouble
//. This breaks the checksum.Now, I am a bit tempted to change ostree to do canonicalization. But
even if we did, I'd need to exactly match what tar-rs is doing.
(I may of course also try to change the rhel8 systemd package, but
that's going to take a while to propagate and this corner case isn't
the only one I'm sure)