Paths

Table of Contentst

Differential D1002

Fix ownership on artifact copies
ClosedPublic
Actions

Authored by dduvall on Mar 9 2018, 11:56 PM.

Tags

Referenced Files

	F37748832: D1002.id.diff
	Fri, Sep 22, 3:48 AM

	Unknown Object (File)
	Tue, Sep 12, 4:21 PM

	Unknown Object (File)
	Aug 16 2023, 9:27 PM

	Unknown Object (File)
	Aug 16 2023, 7:06 PM

	Unknown Object (File)
	Aug 16 2023, 10:43 AM

	Unknown Object (File)
	Aug 13 2023, 6:16 AM

	Unknown Object (File)
	Aug 13 2023, 4:14 AM

	Unknown Object (File)
	May 16 2023, 7:12 PM

View All 34 Files

Subscribers

None

Details

Reviewers

thcipriani
mmodell
hashar
demon

Group Reviewers

Release-Engineering-Team

Commits

rGBLBR50c5793952a7: Fix ownership on artifact copies

Patch without arc

git checkout -b D1002 && curl -L https://phabricator.wikimedia.org/D1002?download=true | git apply

Summary

The implementation of D984 did not include enforcing ownership for
build.CopyFrom instruction and so artifacts copied from one image to
another via copies: were problematically owned as root.

In order to fix this behavior:

config.ArtifactConfig build.CopyFrom instructions are now injected duration build.PhaseInstall
config.VariantConfig calls build.ApplyUser for these artifact instructions as well using the runs.as user
build.CopyAs was refactored to wrap any build.Instruction which should only really be used with build.Copy or build.CopyFrom.

Test Plan

Run go test ./.... Run blubber against configuration with a variant that
uses copies and verify that the COPY --from instructions also include a
--chown flag.

Diff Detail

Repository

Branch

fix/artifacts-ownership

Lint

Lint Passed

Unit

Tests Passed

Build Status

Buildable 2862
Build 4775: arc lint + arc unit

Event Timeline

dduvall created this revision.Mar 9 2018, 11:56 PM

Restricted Application added a reviewer: Release-Engineering-Team. · View Herald TranscriptMar 9 2018, 11:56 PM

Restricted Application added a project: Release-Engineering-Team. · View Herald Transcript

dduvall requested review of this revision.Mar 9 2018, 11:56 PM

dduvall added a child revision: D1003: Provide a `runs.insecurely` to be used with test variants.Mar 10 2018, 12:11 AM

dduvall added a reviewer: demon.Mar 10 2018, 12:12 AM

Refactored build.CopyAs to use a generic Instruction anonymouse field instread of separate fields for Copy and CopyFrom usage.

Harbormaster completed remote builds in B2862: Diff 2653.Mar 22 2018, 5:34 PM

Works. Refactor makes building a CopyAs cleaner than having 2 embedded structs.

This revision is now accepted and ready to land.Mar 22 2018, 5:50 PM

Closed by commit rGBLBR50c5793952a7: Fix ownership on artifact copies (authored by dduvall). · Explain WhyMar 22 2018, 6:00 PM

This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

Path

Size

build/

instructions.go

7 lines

instructions_test.go

22 lines

7 lines

2 lines

config/

4 lines

artifacts_test.go

8 lines

25 lines

variant_test.go

28 lines

docker/

instructions.go

7 lines

instructions_test.go

22 lines

Diff 2653

build/instructions.go

Loading...

build/instructions_test.go

Loading...

build/macros.go

Loading...

build/macros_test.go

Loading...

config/artifacts.go

Loading...

config/artifacts_test.go

Loading...

config/variant.go

Loading...

config/variant_test.go

Loading...

docker/instructions.go

Loading...

docker/instructions_test.go

Loading...