util/image: unset PAXRecords and Xattrs when applying files (#1823)

joelanford · web-flow · commit 9e2f28c81515 · 2025-02-28T11:24:37.000Z
Signed-off-by: Joe Lanford &lt;joe.lanford@gmail.com&gt;
diff --git a/internal/shared/util/image/filters.go b/internal/shared/util/image/filters.go
@@ -23,6 +23,8 @@ func forceOwnershipRWX() archive.Filter {
 		h.Uid = uid
 		h.Gid = gid
 		h.Mode |= 0700
+		h.PAXRecords = nil
+		h.Xattrs = nil //nolint:staticcheck
 		return true, nil
 	}
 }
diff --git a/internal/shared/util/image/filters_test.go b/internal/shared/util/image/filters_test.go
@@ -2,11 +2,39 @@ package image
 
 import (
 	"archive/tar"
+	"os"
 	"testing"
 
 	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+	"k8s.io/apimachinery/pkg/util/rand"
 )
 
+func TestForceOwnershipRWX(t *testing.T) {
+	h := tar.Header{
+		Name: "foo/bar",
+		Mode: 0000,
+		Uid:  rand.Int(),
+		Gid:  rand.Int(),
+		Xattrs: map[string]string{ //nolint:staticcheck
+			"foo": "bar",
+		},
+		PAXRecords: map[string]string{
+			"fizz": "buzz",
+		},
+	}
+	ok, err := forceOwnershipRWX()(&h)
+	require.NoError(t, err)
+	assert.True(t, ok)
+
+	assert.Equal(t, "foo/bar", h.Name)
+	assert.Equal(t, int64(0700), h.Mode)
+	assert.Equal(t, os.Getuid(), h.Uid)
+	assert.Equal(t, os.Getgid(), h.Gid)
+	assert.Nil(t, h.PAXRecords)
+	assert.Nil(t, h.Xattrs) //nolint:staticcheck
+}
+
 func TestOnlyPath(t *testing.T) {
 	type testCase struct {
 		name       string

Original file line number	Diff line number	Diff line change
`@@ -23,6 +23,8 @@ func forceOwnershipRWX() archive.Filter {`
`23`	`23`	`h.Uid = uid`
`24`	`24`	`h.Gid = gid`
`25`	`25`	`h.Mode \|= 0700`
	`26`	`+ h.PAXRecords = nil`
	`27`	`+ h.Xattrs = nil //nolint:staticcheck`
`26`	`28`	`return true, nil`
`27`	`29`	`}`
`28`	`30`	`}`