From be9e76d95ab2df9186f5b49fddedea6919888273 Mon Sep 17 00:00:00 2001 From: Jonathan Dowland Date: Tue, 2 Apr 2024 13:05:45 +0100 Subject: [PATCH 1/2] [OPENJDK-2824] Test binary-s2i on a non-owned directory Add a test which ensures s2i binary-build works with a destination directory not owned by UID 185 (/var/tmp), which means the running process does not have permission to change its timestamps, simulating a random UID and the permissions on /deployments. Signed-off-by: Jonathan Dowland --- modules/s2i/core/api/tests/features/s2i-core.feature | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/modules/s2i/core/api/tests/features/s2i-core.feature b/modules/s2i/core/api/tests/features/s2i-core.feature index 16ad29f3..74e76b9e 100644 --- a/modules/s2i/core/api/tests/features/s2i-core.feature +++ b/modules/s2i/core/api/tests/features/s2i-core.feature @@ -7,3 +7,14 @@ Feature: Openshift S2I tests Scenario: run an s2i build and check that /tmp/src has been removed afterwards Given s2i build https://github.com/jboss-container-images/openjdk-test-applications from spring-boot-sample-simple Then run stat /tmp/src in container and immediately check its output does not contain File: + + # OPENJDK-2824 - ensure binary-only s2i doesn't try to change timestamps of + # S2I_TARGET_DEPLOYMENTS_DIR. Use /var/tmp as a directory where attempting to + # will fail. This simulates the s2i process running as a random UID, which can't + # change timestamps on the default directory, /deployments. + Scenario: Ensure binary-only build doesn't fail trying to set timestamp of S2I_TARGET_DEPLOYMENTS_DIR (OPENJDK-2850) + Given s2i build https://github.com/jboss-container-images/openjdk-test-applications from OPENJDK-2408-bin-custom-s2i-assemble with env + | variable | value | + | S2I_TARGET_DEPLOYMENTS_DIR | /var/tmp | + Then s2i build log should not contain rsync: [generator] failed to set permissions on "/var/tmp/.": Operation not permitted + And run stat /var/tmp/spring-boot-sample-simple-1.5.0.BUILD-SNAPSHOT.jar in container and check its output for Access: From 347382cad38df6f46388737e3d6d6a209c806e52 Mon Sep 17 00:00:00 2001 From: Jonathan Dowland Date: Wed, 27 Mar 2024 16:47:19 +0000 Subject: [PATCH 2/2] [OPENJDK-2824] assemble: binary: Don't set times on directories If the S2I build runs as a user other than 185 (such as s2i's default of 1001), attempting to set the timestamp of /deployments will fail, causing the build to fail. https://issues.redhat.com/browse/OPENJDK-2824 See also https://issues.redhat.com/browse/OPENJDK-2408 Signed-off-by: Jonathan Dowland --- .../opt/jboss/container/java/s2i/maven-s2i-overrides | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/modules/s2i/bash/artifacts/opt/jboss/container/java/s2i/maven-s2i-overrides b/modules/s2i/bash/artifacts/opt/jboss/container/java/s2i/maven-s2i-overrides index 74c4147f..56dbe116 100644 --- a/modules/s2i/bash/artifacts/opt/jboss/container/java/s2i/maven-s2i-overrides +++ b/modules/s2i/bash/artifacts/opt/jboss/container/java/s2i/maven-s2i-overrides @@ -28,7 +28,12 @@ function maven_s2i_custom_binary_build() { binary_dir="${S2I_SOURCE_DIR}" fi log_info "Copying binaries from ${binary_dir} to ${S2I_TARGET_DEPLOYMENTS_DIR} ..." - rsync --archive --out-format='%n' "${binary_dir}"/ "${S2I_TARGET_DEPLOYMENTS_DIR}" + + ( # OPENJDK-2850: use glob (dotglob to match hidden files) to stop rsync altering + # timestamps of S2I_TARGET_DEPLOYMENTS_DIR. Don't alter parent shell's dotglob. + shopt -s dotglob + rsync --archive --out-format='%n' "${binary_dir}"/* "${S2I_TARGET_DEPLOYMENTS_DIR}" + ) } function maven_s2i_deploy_artifacts_override() {