Page MenuHomePhabricator
Differential D1002

Fix ownership on artifact copies
ClosedPublic
Actions

Authored by dduvall on Mar 9 2018, 11:56 PM.
Tags
Referenced Files
F36932500: D1002.diff
Wed, Mar 29, 7:26 PM
Unknown Object (File)
Thu, Mar 23, 7:20 PM
Unknown Object (File)
Thu, Mar 16, 2:25 PM
Unknown Object (File)
Thu, Mar 9, 7:55 PM
Unknown Object (File)
Thu, Mar 2, 5:06 PM
Unknown Object (File)
Feb 25 2023, 2:09 PM
Unknown Object (File)
Feb 25 2023, 2:09 PM
Unknown Object (File)
Feb 15 2023, 3:04 PM
View All 23 Files
Subscribers
None

Details

Reviewers
thcipriani
mmodell
hashar
demon
Group Reviewers
Release-Engineering-Team
Commits
rGBLBR50c5793952a7: Fix ownership on artifact copies
Patch without arc
git checkout -b D1002 && curl -L https://phabricator.wikimedia.org/D1002?download=true | git apply
Summary

The implementation of D984 did not include enforcing ownership for
build.CopyFrom instruction and so artifacts copied from one image to
another via copies: were problematically owned as root.

In order to fix this behavior:

  1. config.ArtifactConfig build.CopyFrom instructions are now injected duration build.PhaseInstall
  2. config.VariantConfig calls build.ApplyUser for these artifact instructions as well using the runs.as user
  3. build.CopyAs was refactored to wrap any build.Instruction which should only really be used with build.Copy or build.CopyFrom.
Test Plan

Run go test ./.... Run blubber against configuration with a variant that
uses copies and verify that the COPY --from instructions also include a
--chown flag.

Diff Detail

Repository
rGBLBR Blubber
Branch
fix/artifacts-ownership
Lint
Lint Passed
Unit
Tests Passed
Build Status
Buildable 2862
Build 4775: arc lint + arc unit

Event Timeline

dduvall created this revision.Mar 9 2018, 11:56 PM
Restricted Application added a reviewer: Release-Engineering-Team. · View Herald TranscriptMar 9 2018, 11:56 PM
Restricted Application added a project: Release-Engineering-Team. · View Herald Transcript
dduvall requested review of this revision.Mar 9 2018, 11:56 PM
dduvall added a child revision: D1003: Provide a `runs.insecurely` to be used with test variants.Mar 10 2018, 12:11 AM
dduvall added a reviewer: demon.Mar 10 2018, 12:12 AM
dduvall updated this revision to Diff 2653.Mar 22 2018, 5:34 PM
dduvall edited the summary of this revision. (Show Details)

Refactored build.CopyAs to use a generic Instruction anonymouse field instread of separate fields for Copy and CopyFrom usage.

Harbormaster completed remote builds in B2862: Diff 2653.Mar 22 2018, 5:34 PM
thcipriani accepted this revision.Mar 22 2018, 5:50 PM

Works. Refactor makes building a CopyAs cleaner than having 2 embedded structs.

This revision is now accepted and ready to land.Mar 22 2018, 5:50 PM
Closed by commit rGBLBR50c5793952a7: Fix ownership on artifact copies (authored by dduvall). · Explain WhyMar 22 2018, 6:00 PM
This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

PathSize
build/
7 lines
22 lines
7 lines
2 lines
config/
4 lines
8 lines
25 lines
28 lines
docker/
7 lines
22 lines

Diff 2653

View Options

build/instructions.go

Loading...
View Options

build/instructions_test.go

Loading...
View Options

build/macros.go

Loading...
View Options

build/macros_test.go

Loading...
View Options

config/artifacts.go

Loading...
View Options

config/artifacts_test.go

Loading...
View Options

config/variant.go

Loading...
View Options

config/variant_test.go

Loading...
View Options

docker/instructions.go

Loading...
View Options

docker/instructions_test.go

Loading...
Content licensed under Creative Commons Attribution-ShareAlike 3.0 (CC-BY-SA) unless otherwise noted; code licensed under GNU General Public License (GPL) or other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL