From 0bbeb563fca4658fc907a20f5b42c74d8029f9aa Mon Sep 17 00:00:00 2001 From: Joe Lanford Date: Thu, 27 Feb 2025 17:08:53 -0500 Subject: [PATCH] UPSTREAM: : util/image: unset PAXRecords and Xattrs when applying files Signed-off-by: Joe Lanford --- internal/rukpak/source/containers_image.go | 2 ++ .../source/containers_image_internal_test.go | 36 +++++++++++++++++++ 2 files changed, 38 insertions(+) create mode 100644 internal/rukpak/source/containers_image_internal_test.go diff --git a/internal/rukpak/source/containers_image.go b/internal/rukpak/source/containers_image.go index 22f072da2..9caa6ceb6 100644 --- a/internal/rukpak/source/containers_image.go +++ b/internal/rukpak/source/containers_image.go @@ -295,6 +295,8 @@ func applyLayerFilter() archive.Filter { h.Uid = os.Getuid() h.Gid = os.Getgid() h.Mode |= 0700 + h.PAXRecords = nil + h.Xattrs = nil //nolint:staticcheck return true, nil } } diff --git a/internal/rukpak/source/containers_image_internal_test.go b/internal/rukpak/source/containers_image_internal_test.go new file mode 100644 index 000000000..6693f7c95 --- /dev/null +++ b/internal/rukpak/source/containers_image_internal_test.go @@ -0,0 +1,36 @@ +package source + +import ( + "archive/tar" + "os" + "testing" + + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + "k8s.io/apimachinery/pkg/util/rand" +) + +func TestApplyLayerFilter(t *testing.T) { + h := tar.Header{ + Name: "foo/bar", + Mode: 0000, + Uid: rand.Int(), + Gid: rand.Int(), + Xattrs: map[string]string{ //nolint:staticcheck + "foo": "bar", + }, + PAXRecords: map[string]string{ + "fizz": "buzz", + }, + } + ok, err := applyLayerFilter()(&h) + require.NoError(t, err) + assert.True(t, ok) + + assert.Equal(t, "foo/bar", h.Name) + assert.Equal(t, int64(0700), h.Mode) + assert.Equal(t, os.Getuid(), h.Uid) + assert.Equal(t, os.Getgid(), h.Gid) + assert.Nil(t, h.PAXRecords) + assert.Nil(t, h.Xattrs) //nolint:staticcheck +}