buildah icon indicating copy to clipboard operation
buildah copied to clipboard

Published 20 hours ago verified publisher icon containers

copier: retain symlink target w/ follow-link

Open danishprakash opened this issue 2 years ago • 18 comments

What type of PR is this?

/kind feature

What this PR does / why we need it:

Adds support for not following link with podman cp by default in order to conform to docker's behavior.

How to verify it

Which issue(s) this PR fixes:

This PR is in conjunction with https://github.com/containers/podman/pull/18020 which closes https://github.com/containers/podman/issues/16585

danishprakash avatar Apr 03 '23 11:04 danishprakash

Tests are a bit unhappy. I always twitch when I see anything to do with symlinks. I can't point a finger at anything wrong with this, but I'm not sure if it's a good idea to do the copy of the symlink.

@flouthoc ?

TomSweeneyRedHat avatar Apr 05 '23 00:04 TomSweeneyRedHat

I can't point a finger at anything wrong with this, but I'm not sure if it's a good idea to do the copy of the symlink.

You're right, but unfortunately, that's how docker does things right now. They cp the symlink as it is irrespective of whether the target is present or not. I'll try to look for what's the rationale behind this but otherwise, this should be harmless with a global bool @rhatdan suggested. Wdyt?

danishprakash avatar Apr 05 '23 14:04 danishprakash

If the cp is supposed to be into the container image, then we need to make sure the symbolic link still points within the image. IE Make sure it does not point at the hosts /etc/passwd.

Similarly if you are copying from the container to the host, we should make sure the source is within the container image.

rhatdan avatar Apr 05 '23 14:04 rhatdan

then we need to make sure the symbolic link still points within the image.

Are you suggesting we move the target to the container and then create a symbolic link? That'd be quite surprising in terms of user experience, wouldn't it? And besides, it'll be diverting quite far from how docker does things.

IE Make sure it does not point at the hosts /etc/passwd.

With this change, it would point to the host's /etc/passwd but it would just be an empty link anyways.

danishprakash avatar Apr 06 '23 10:04 danishprakash

Ok this LGTM, now we need to fix tests.

rhatdan avatar May 05 '23 09:05 rhatdan

A friendly reminder that this PR had no activity for 30 days.

github-actions[bot] avatar Jun 05 '23 00:06 github-actions[bot]

Planning to add a test for this over at https://github.com/containers/podman/pull/18020 utilizing the --follow-link flag. I tried doing it here, but we don't plan to add the flag here and copier would anyway just return the link I create as part of the unit tests. Thoughts, @rhatdan?

danishprakash avatar Jun 06 '23 14:06 danishprakash

A friendly reminder that this PR had no activity for 30 days.

github-actions[bot] avatar Jul 07 '23 00:07 github-actions[bot]

LGTM @flouthoc PTAL

rhatdan avatar Jul 09 '23 11:07 rhatdan

@flouthoc @nalind PTAL

vrothberg avatar Jul 31 '23 14:07 vrothberg

Without a unit test, I'm very reluctant to change things in copier.

Without changing the info value that's passed to copierHandlerGetOne(), the Typeflag in the header it outputs for the tar archive shouldn't be changed, so I'm not sure this produces the desired effect. But this does point out that we weren't reading the target info for the symlink when the loop at line 1160 wasn't being entered, and that's definitely a bug. It would probably make more sense to add the os.Readlink call closer to there, though.

nalind avatar Jul 31 '23 16:07 nalind

A friendly reminder that this PR had no activity for 30 days.

github-actions[bot] avatar Sep 02 '23 00:09 github-actions[bot]

@danishprakash any progress with the test?

TomSweeneyRedHat avatar Sep 05 '23 21:09 TomSweeneyRedHat

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: danishprakash Once this PR has been reviewed and has the lgtm label, please assign rhatdan for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment Approvers can cancel approval by writing /approve cancel in a comment

openshift-ci[bot] avatar Sep 11 '23 13:09 openshift-ci[bot]

Without changing the info value that's passed to copierHandlerGetOne(), the Typeflag in the header it outputs for the tar archive shouldn't be changed, so I'm not sure this produces the desired effect

From what I know, the problem isn't with symlinks but with how we deal with the target when not following links. So If I understand the issue, this is what's happening:

During the copy from the host, Get() was always following the links before creating the archive[1]. Which would then be Put() as a regular file with no links, hence adhering to the implicit --follow-link behavior podman has always had so far.

But the behavior we need is to allow podman to follow or not follow links based on a flag that is propagated from Podman to Buildah via NoDerefSymlinks. Now, in the case of not following links, we'd want to pass on this item as a TypeSymlink over to Put with the same target as on the host (this is not ideal but this is what docker does and we're aiming for parity).

[1] - https://github.com/danishprakash/buildah/blob/b5060e29537ec0283a948f59148a07f0c83d4e92/copier/copier.go#L1160

danishprakash avatar Sep 11 '23 15:09 danishprakash

A friendly reminder that this PR had no activity for 30 days.

github-actions[bot] avatar Dec 16 '23 00:12 github-actions[bot]

@nalind PTAL

rhatdan avatar Dec 16 '23 11:12 rhatdan

A friendly reminder that this PR had no activity for 30 days.

github-actions[bot] avatar Jan 17 '24 00:01 github-actions[bot]