-
Notifications
You must be signed in to change notification settings - Fork 9
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
genpolicy-msft: revert problematic tarindex commit
- Loading branch information
Showing
3 changed files
with
132 additions
and
19 deletions.
There are no files selected for viewing
110 changes: 110 additions & 0 deletions
110
packages/by-name/microsoft/genpolicy/genpolicy_msft_revert_special_symlink_names.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,110 @@ | ||
From 76b9881f5004d0b577608dbaa218ba6682c2a3a0 Mon Sep 17 00:00:00 2001 | ||
From: Markus Rudy <[email protected]> | ||
Date: Fri, 21 Jun 2024 16:59:57 +0200 | ||
Subject: [PATCH] Revert "tarindex: Add special symlink name handling" | ||
|
||
This reverts commit 3951807d04ca2d350071d0ee05ebb18fa28bd95d, | ||
which caused genpolicy to produce verity hashes that were not accepted | ||
by AKS. | ||
--- | ||
src/tardev-snapshotter/tarindex/src/lib.rs | 38 ++++++++-------------- | ||
1 file changed, 13 insertions(+), 25 deletions(-) | ||
|
||
diff --git a/src/tardev-snapshotter/tarindex/src/lib.rs b/src/tardev-snapshotter/tarindex/src/lib.rs | ||
index f4e0085a2..a46d35a47 100644 | ||
--- a/src/tardev-snapshotter/tarindex/src/lib.rs | ||
+++ b/src/tardev-snapshotter/tarindex/src/lib.rs | ||
@@ -49,7 +49,6 @@ fn visit_breadth_first_mut( | ||
fn read_all_entries( | ||
reader: &mut (impl io::Read + io::Seek), | ||
root: &mut Rc<RefCell<Entry>>, | ||
- special_link: &mut Vec<Vec<u8>>, | ||
mut cb: impl FnMut(&mut Rc<RefCell<Entry>>, &[u8], &Entry), | ||
mut hardlink: impl FnMut(&mut Rc<RefCell<Entry>>, &[u8], &[u8]), | ||
) -> io::Result<u64> { | ||
@@ -137,12 +136,18 @@ fn read_all_entries( | ||
.link_name_bytes() | ||
.unwrap_or(std::borrow::Cow::Borrowed(b"")); | ||
if *hname != *name { | ||
- special_link.push(name.to_vec()); | ||
- entry_offset = 0; | ||
- } else { | ||
- entry_offset = f.raw_header_position() + 157; | ||
+ // TODO: Handle this case by duplicating the full name. | ||
+ eprintln!( | ||
+ "Skipping symlink with long link name ({}, {} bytes, {}, {} bytes): {}", | ||
+ String::from_utf8_lossy(&name), name.len(), | ||
+ String::from_utf8_lossy(&hname), hname.len(), | ||
+ String::from_utf8_lossy(&f.path_bytes()) | ||
+ ); | ||
+ continue; | ||
} | ||
+ | ||
entry_size = name.len() as u64; | ||
+ entry_offset = f.raw_header_position() + 157; | ||
} | ||
None => { | ||
eprintln!( | ||
@@ -301,11 +306,10 @@ pub fn append_index(data: &mut (impl io::Read + io::Write + io::Seek)) -> io::Re | ||
mode: S_IFDIR | 0o555, | ||
..Entry::default() | ||
})); | ||
- let mut special_link = Vec::new(); | ||
+ | ||
let contents_size = read_all_entries( | ||
data, | ||
&mut root, | ||
- &mut special_link, | ||
|root, name, e| { | ||
// Break the name into path components. | ||
let mut path = if let Some(p) = clean_path(name) { | ||
@@ -423,7 +427,6 @@ pub fn append_index(data: &mut (impl io::Read + io::Write + io::Seek)) -> io::Re | ||
// Calculate the offsets for directory entries. | ||
let inode_table_size: u64 = mem::size_of::<Inode>() as u64 * ino_count; | ||
let string_table_offset = init_direntry_offset(root.clone(), contents_size + inode_table_size)?; | ||
- let mut symlink_offset = string_table_offset; | ||
|
||
// Write the i-node table. | ||
visit_breadth_first_mut(root.clone(), |e| { | ||
@@ -431,15 +434,6 @@ pub fn append_index(data: &mut (impl io::Read + io::Write + io::Seek)) -> io::Re | ||
return Ok(()); | ||
} | ||
|
||
- // Check for special symlink names | ||
- let inode_offset = if (e.mode & S_IFMT) != S_IFLNK || e.offset != 0 { | ||
- e.offset | ||
- } else { | ||
- let v = symlink_offset; | ||
- symlink_offset += e.size; | ||
- v | ||
- }; | ||
- | ||
e.emitted = true; | ||
let inode = Inode { | ||
mode: e.mode.into(), | ||
@@ -453,20 +447,14 @@ pub fn append_index(data: &mut (impl io::Read + io::Write + io::Seek)) -> io::Re | ||
group: e.group.into(), | ||
lmtime: (e.mtime as u32).into(), | ||
size: e.size.into(), | ||
- offset: inode_offset.into(), | ||
+ offset: e.offset.into(), | ||
}; | ||
data.write_all(inode.as_bytes())?; | ||
Ok(()) | ||
})?; | ||
|
||
// Write the directory bodies. | ||
- let mut end_offset = write_direntry_bodies(root.clone(), symlink_offset, data)?; | ||
- | ||
- // Duplicate special symlink names. | ||
- for link_name in special_link.iter() { | ||
- data.write_all(link_name.as_bytes())?; | ||
- end_offset += link_name.len() as u64; | ||
- } | ||
+ let mut end_offset = write_direntry_bodies(root.clone(), string_table_offset, data)?; | ||
|
||
// Write the strings. | ||
visit_breadth_first_mut(root, |e| { | ||
-- | ||
2.45.2 | ||
|
1 change: 1 addition & 0 deletions
1
packages/by-name/microsoft/genpolicy/genpolicy_msft_runtime_class_filter.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters