Fix creation of containing directories for files in tar packages #4100
Conversation
pchila
added
bug
|
Pinging @elastic/elastic-agent (Team:Elastic-Agent) |
|
Pinging @elastic/elastic-agent-control-plane (Team:Elastic-Agent-Control-Plane) |
|
This pull request does not have a backport label. Could you fix it @pchila? 🙏
NOTE: |
|
This should have a changelog entry shouldn't it? It's a bug fix. It's not one anyone is hitting today, that doesn't mean we shouldn't document the change. |
pchila
force-pushed
the
fix-dir-creation-in-unpack
branch
from
bc49554 to
b019c4c
Compare
|
|
||
| type createArchiveFunc func(*testing.T, []files) (string, error) | ||
|
|
||
| func TestUpgrader_unpack(t *testing.T) { |
There was a problem hiding this comment.
- Thank you for this, this is great.
- This test still passes if you take out the
os.Statcall and associated logic
diff --git a/internal/pkg/agent/application/upgrade/step_unpack.go b/internal/pkg/agent/application/upgrade/step_unpack.go
index 4f5b0bd744..82551616dc 100644
--- a/internal/pkg/agent/application/upgrade/step_unpack.go
+++ b/internal/pkg/agent/application/upgrade/step_unpack.go
@@ -10,7 +10,6 @@ import (
"compress/gzip"
"fmt"
"io"
- "io/fs"
"os"
"path/filepath"
"runtime"
@@ -213,20 +212,8 @@ func untar(log *logger.Logger, version string, archivePath, dataDir string) (str
}
case mode.IsDir():
log.Debugw("Unpacking directory", "archive", "tar", "file.path", abs)
- // remove any world permissions from the directory
- _, err = os.Stat(abs)
- if errors.Is(err, fs.ErrNotExist) {
- if err := os.MkdirAll(abs, mode.Perm()&0770); err != nil {
- return "", errors.New(err, "TarInstaller: creating directory for file "+abs, errors.TypeFilesystem, errors.M(errors.MetaKeyPath, abs))
- }
- } else if err != nil {
- return "", errors.New(err, "TarInstaller: stat() directory for file "+abs, errors.TypeFilesystem, errors.M(errors.MetaKeyPath, abs))
- } else {
- // set the appropriate permissions
- err = os.Chmod(abs, mode.Perm()&0o770)
- if err != nil {
- return "", errors.New(err, fmt.Sprintf("TarInstaller: setting permissions %O for directory %q", mode.Perm()&0o770, abs), errors.TypeFilesystem, errors.M(errors.MetaKeyPath, abs))
- }
+ if err := os.MkdirAll(abs, mode.Perm()&0770); err != nil {
+ return "", errors.New(err, "TarInstaller: creating directory for file "+abs, errors.TypeFilesystem, errors.M(errors.MetaKeyPath, abs))
}
default:
return "", errors.New(fmt.Sprintf("tar file entry %s contained unsupported file type %v", fileName, mode), errors.TypeFilesystem, errors.M(errors.MetaKeyPath, fileName))
go test ./internal/pkg/agent/application/upgrade/... -run TestUpgrader_unpack -count 1 -v
? github.com/elastic/elastic-agent/internal/pkg/agent/application/upgrade/artifact/download/localremote [no test files]
=== RUN TestUpgrader_unpack
=== RUN TestUpgrader_unpack/targz_with_file_before_containing_folder
--- PASS: TestUpgrader_unpack (0.00s)
--- PASS: TestUpgrader_unpack/targz_with_file_before_containing_folder (0.00s)
PASS
ok github.com/elastic/elastic-agent/internal/pkg/agent/application/upgrade 0.591sThere was a problem hiding this comment.
The test passes because of the default 0750 permission when we create the directory on the fly (so we are able to write the file anyways). The code you removed is needed to restore permissions once we come across the directory in the tar archive, but that is not in the assertions. I will modify the test
pchila
force-pushed
the
fix-dir-creation-in-unpack
branch
from
9198ef5 to
9b6fb22
Compare
@cmacknz not sure about the changelog as the change that introduced the issue is related to the unprivileged elastic-agent feature. Before such change, directories created on the fly would always have |
pchila
force-pushed
the
fix-dir-creation-in-unpack
branch
from
9b6fb22 to
2d03226
Compare
|
66.7% Coverage on New Code
0.0% Duplication on New Code
What does this PR do?
This change fixes the creation of destination directories for file contained in a tar package.
If a file needs to be extracted to a destination directory that does not yet exist we create the necessary directories on the fly with permission
0750.If we encounter the same directories after the file, we fix the permissions according to what is specified in the tar archive
Why is it important?
When running without superuser privileges we need to create a directory structure that has permissions that do not block access to the current user
Checklist
[ ] I have made corresponding changes to the documentation[ ] I have made corresponding change to the default configuration files[x] I have added tests that prove my fix is effective or that my feature works[ ] I have added an entry in./changelog/fragmentsusing the changelog tool[ ] I have added an integration test or an E2E testAuthor's Checklist
How to test this PR locally
Related issues
Use cases
Screenshots
Logs
Questions to ask yourself