Skip to content

Commit

Permalink
Normalize builder file permissions
Browse files Browse the repository at this point in the history
Signed-off-by: Danny Joyce <djoyce@pivotal.io>
Signed-off-by: Emily Casey <ecasey@pivotal.io>
  • Loading branch information
Danny Joyce authored and ekcasey committed May 14, 2019
1 parent fa84abe commit eea7a39
Show file tree
Hide file tree
Showing 3 changed files with 60 additions and 31 deletions.
12 changes: 10 additions & 2 deletions archive/tar.go
Original file line number Diff line number Diff line change
Expand Up @@ -104,7 +104,11 @@ func CreateSingleFileTar(tarFile, path, txt string) error {
}

tw := tar.NewWriter(fh)
if err := tw.WriteHeader(&tar.Header{Name: path, Size: int64(len(txt)), Mode: 0666}); err != nil {
if err := tw.WriteHeader(&tar.Header{
Name: path,
Size: int64(len(txt)),
Mode: 0644,
}); err != nil {
return err
}

Expand All @@ -118,7 +122,11 @@ func CreateSingleFileTar(tarFile, path, txt string) error {
func CreateSingleFileTarReader(path, txt string) (io.Reader, error) {
var buf bytes.Buffer
tw := tar.NewWriter(&buf)
if err := tw.WriteHeader(&tar.Header{Name: path, Size: int64(len(txt)), Mode: 0666}); err != nil {
if err := tw.WriteHeader(&tar.Header{
Name: path,
Size: int64(len(txt)),
Mode: 0644,
}); err != nil {
return nil, err
}

Expand Down
53 changes: 37 additions & 16 deletions builder/builder.go
Original file line number Diff line number Diff line change
Expand Up @@ -330,45 +330,45 @@ func (b *Builder) defaultDirsLayer(dest string) (string, error) {

now := time.Now()

if err := tw.WriteHeader(b.rwDir(workspaceDir, now)); err != nil {
if err := tw.WriteHeader(b.packOwnedDir(workspaceDir, now)); err != nil {
return "", errors.Wrapf(err, "creating %s dir in layer", style.Symbol(workspaceDir))
}

if err := tw.WriteHeader(b.rwDir(layersDir, now)); err != nil {
if err := tw.WriteHeader(b.packOwnedDir(layersDir, now)); err != nil {
return "", errors.Wrapf(err, "creating %s dir in layer", style.Symbol(layersDir))
}

if err := tw.WriteHeader(b.roDir(buildpacksDir, now)); err != nil {
if err := tw.WriteHeader(b.rootOwnedDir(buildpacksDir, now)); err != nil {
return "", errors.Wrapf(err, "creating %s dir in layer", style.Symbol(buildpacksDir))
}

if err := tw.WriteHeader(b.roDir(platformDir, now)); err != nil {
if err := tw.WriteHeader(b.rootOwnedDir(platformDir, now)); err != nil {
return "", errors.Wrapf(err, "creating %s dir in layer", style.Symbol(platformDir))
}

if err := tw.WriteHeader(b.roDir(platformDir+"/env", now)); err != nil {
if err := tw.WriteHeader(b.rootOwnedDir(platformDir+"/env", now)); err != nil {
return "", errors.Wrapf(err, "creating %s dir in layer", style.Symbol(platformDir+"/env"))
}

return fh.Name(), nil
}

func (b *Builder) rwDir(path string, time time.Time) *tar.Header {
func (b *Builder) packOwnedDir(path string, time time.Time) *tar.Header {
return &tar.Header{
Typeflag: tar.TypeDir,
Name: path,
Mode: 0775,
Mode: 0755,
ModTime: time,
Uid: b.UID,
Gid: b.GID,
}
}

func (b *Builder) roDir(path string, time time.Time) *tar.Header {
func (b *Builder) rootOwnedDir(path string, time time.Time) *tar.Header {
return &tar.Header{
Typeflag: tar.TypeDir,
Name: path,
Mode: 0555,
Mode: 0755,
ModTime: time,
}
}
Expand Down Expand Up @@ -422,7 +422,7 @@ func (b *Builder) buildpackLayer(dest string, bp buildpack.Buildpack) (string, e
if err := tw.WriteHeader(&tar.Header{
Typeflag: tar.TypeDir,
Name: buildpacksDir + "/" + bp.EscapedID(),
Mode: 0555,
Mode: 0755,
ModTime: now,
}); err != nil {
return "", err
Expand All @@ -431,13 +431,19 @@ func (b *Builder) buildpackLayer(dest string, bp buildpack.Buildpack) (string, e
if err := tw.WriteHeader(&tar.Header{
Typeflag: tar.TypeDir,
Name: buildpacksDir + "/" + bp.EscapedID() + "/" + bp.Version,
Mode: 0555,
Mode: 0755,
ModTime: now,
}); err != nil {
return "", err
}

if err := archive.WriteDirToTar(tw, bp.Dir, fmt.Sprintf("%s/%s/%s", buildpacksDir, bp.EscapedID(), bp.Version), b.UID, b.GID); err != nil {
if err := archive.WriteDirToTar(
tw,
bp.Dir,
fmt.Sprintf("%s/%s/%s", buildpacksDir, bp.EscapedID(), bp.Version),
b.UID,
b.GID,
); err != nil {
return "", errors.Wrapf(err, "creating layer tar for buildpack '%s:%s'", bp.ID, bp.Version)
}

Expand All @@ -446,7 +452,7 @@ func (b *Builder) buildpackLayer(dest string, bp buildpack.Buildpack) (string, e
Name: fmt.Sprintf("%s/%s/%s", buildpacksDir, bp.EscapedID(), "latest"),
Linkname: fmt.Sprintf("%s/%s/%s", buildpacksDir, bp.EscapedID(), bp.Version),
Typeflag: tar.TypeSymlink,
Mode: 0444,
Mode: 0644,
})
if err != nil {
return "", errors.Wrapf(err, "creating latest symlink for buildpack '%s:%s'", bp.ID, bp.Version)
Expand All @@ -469,7 +475,12 @@ func (b *Builder) envLayer(dest string, env map[string]string) (string, error) {
now := time.Now()

for k, v := range env {
if err := tw.WriteHeader(&tar.Header{Name: platformDir + "/env/" + k, Size: int64(len(v)), Mode: 0444, ModTime: now}); err != nil {
if err := tw.WriteHeader(&tar.Header{
Name: platformDir + "/env/" + k,
Size: int64(len(v)),
Mode: 0644,
ModTime: now,
}); err != nil {
return "", err
}
if _, err := tw.Write([]byte(v)); err != nil {
Expand All @@ -492,7 +503,12 @@ func (b *Builder) lifecycleLayer(dest string) (string, error) {

now := time.Now()

if err := tw.WriteHeader(&tar.Header{Typeflag: tar.TypeDir, Name: lifecycleDir, Mode: 0555, ModTime: now}); err != nil {
if err := tw.WriteHeader(&tar.Header{
Typeflag: tar.TypeDir,
Name: lifecycleDir,
Mode: 0755,
ModTime: now,
}); err != nil {
return "", err
}

Expand All @@ -511,7 +527,12 @@ func writeLifecycleBinary(lifecyclePath, binary string, tw *tar.Writer, now time
return errors.Wrap(err, "reading lifecycle binary")
}

if err := tw.WriteHeader(&tar.Header{Name: lifecycleDir + "/" + binary, Size: int64(len(buf)), Mode: 0555, ModTime: now}); err != nil {
if err := tw.WriteHeader(&tar.Header{
Name: lifecycleDir + "/" + binary,
Size: int64(len(buf)),
Mode: 0755,
ModTime: now,
}); err != nil {
return err
}

Expand Down
26 changes: 13 additions & 13 deletions builder/builder_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -124,7 +124,7 @@ func testBuilder(t *testing.T, when spec.G, it spec.S) {
layerTar, err := baseImage.FindLayerWithPath("/workspace")
h.AssertNil(t, err)
h.AssertOnTarEntry(t, layerTar, "/workspace", h.HasOwnerAndGroup(1234, 4321))
h.AssertOnTarEntry(t, layerTar, "/workspace", h.HasFileMode(0775))
h.AssertOnTarEntry(t, layerTar, "/workspace", h.HasFileMode(0755))
})

it("creates the layers dir with CNB user and group", func() {
Expand All @@ -134,7 +134,7 @@ func testBuilder(t *testing.T, when spec.G, it spec.S) {
layerTar, err := baseImage.FindLayerWithPath("/layers")
h.AssertNil(t, err)
h.AssertOnTarEntry(t, layerTar, "/layers", h.HasOwnerAndGroup(1234, 4321))
h.AssertOnTarEntry(t, layerTar, "/layers", h.HasFileMode(0775))
h.AssertOnTarEntry(t, layerTar, "/layers", h.HasFileMode(0755))
})

it("creates the buildpacks dir", func() {
Expand All @@ -144,7 +144,7 @@ func testBuilder(t *testing.T, when spec.G, it spec.S) {
layerTar, err := baseImage.FindLayerWithPath("/buildpacks")
h.AssertNil(t, err)
h.AssertOnTarEntry(t, layerTar, "/buildpacks", h.HasOwnerAndGroup(0, 0))
h.AssertOnTarEntry(t, layerTar, "/buildpacks", h.HasFileMode(0555))
h.AssertOnTarEntry(t, layerTar, "/buildpacks", h.HasFileMode(0755))
})

it("creates the platform dir", func() {
Expand All @@ -154,7 +154,7 @@ func testBuilder(t *testing.T, when spec.G, it spec.S) {
layerTar, err := baseImage.FindLayerWithPath("/platform")
h.AssertNil(t, err)
h.AssertOnTarEntry(t, layerTar, "/platform", h.HasOwnerAndGroup(0, 0))
h.AssertOnTarEntry(t, layerTar, "/platform", h.HasFileMode(0555))
h.AssertOnTarEntry(t, layerTar, "/platform", h.HasFileMode(0755))
})

it("sets the working dir to the layers dir", func() {
Expand Down Expand Up @@ -207,41 +207,41 @@ func testBuilder(t *testing.T, when spec.G, it spec.S) {
it("should add the lifecycle binaries as an image layer", func() {
layerTar, err := baseImage.FindLayerWithPath("/lifecycle")
h.AssertNil(t, err)
h.AssertOnTarEntry(t, layerTar, "/lifecycle", h.HasFileMode(0555))
h.AssertOnTarEntry(t, layerTar, "/lifecycle", h.HasFileMode(0755))

h.AssertOnTarEntry(t, layerTar, "/lifecycle/detector",
h.ContentEquals("detector"),
h.HasFileMode(0555),
h.HasFileMode(0755),
)

h.AssertOnTarEntry(t, layerTar, "/lifecycle/restorer",
h.ContentEquals("restorer"),
h.HasFileMode(0555),
h.HasFileMode(0755),
)

h.AssertOnTarEntry(t, layerTar, "/lifecycle/analyzer",
h.ContentEquals("analyzer"),
h.HasFileMode(0555),
h.HasFileMode(0755),
)

h.AssertOnTarEntry(t, layerTar, "/lifecycle/builder",
h.ContentEquals("builder"),
h.HasFileMode(0555),
h.HasFileMode(0755),
)

h.AssertOnTarEntry(t, layerTar, "/lifecycle/exporter",
h.ContentEquals("exporter"),
h.HasFileMode(0555),
h.HasFileMode(0755),
)

h.AssertOnTarEntry(t, layerTar, "/lifecycle/cacher",
h.ContentEquals("cacher"),
h.HasFileMode(0555),
h.HasFileMode(0755),
)

h.AssertOnTarEntry(t, layerTar, "/lifecycle/launcher",
h.ContentEquals("launcher"),
h.HasFileMode(0555),
h.HasFileMode(0755),
)
})
})
Expand Down Expand Up @@ -294,7 +294,7 @@ func testBuilder(t *testing.T, when spec.G, it spec.S) {
h.AssertOnTarEntry(t,
layerTar,
"/buildpacks/other-buildpack-id/latest",
h.HasFileMode(0444),
h.HasFileMode(0644),
)
})

Expand Down

0 comments on commit eea7a39

Please sign in to comment.