sync/ports
1
0
Fork 0
mirror of https://git.freebsd.org/ports.git synced 2025-05-04 23:47:37 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

sysutils/iocage-devel: Fix fetch release command

Browse source 
See also: https://github.com/freebsd/iocage/pull/55
This commit is contained in:
Michael Gmelin 2024-12-08 18:23:29 +01:00
parent 66fa9f7ee8
commit ecf7e0e97e
2 changed files with 27 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
sysutils/iocage-devel/Makefile
View file

@ -1,6 +1,6 @@
PORTNAME= iocage-devel PORTNAME= iocage-devel
PORTVERSION= 1.8.20241014 PORTVERSION= 1.8.20241014
PORTREVISION= 1 PORTREVISION= 2
PORTEPOCH= 1 PORTEPOCH= 1
CATEGORIES= sysutils python CATEGORIES= sysutils python
PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX}

33
sysutils/iocage-devel/files/patch-iocage__lib_ioc__fetch.py
View file

@ -1,22 +1,41 @@
--- iocage_lib/ioc_fetch.py.orig 2024-09-20 06:45:27 UTC --- iocage_lib/ioc_fetch.py.orig 2024-09-20 06:45:27 UTC
+++ iocage_lib/ioc_fetch.py +++ iocage_lib/ioc_fetch.py
@@ -47,7 +47,10 @@ import iocage_lib.ioc_start @@ -47,6 +47,29 @@ import iocage_lib.ioc_start
from iocage_lib.pools import Pool from iocage_lib.pools import Pool
from iocage_lib.dataset import Dataset from iocage_lib.dataset import Dataset
+# deliberately crash if tarfile doesn't have required filter +# taken from tarfile.tar_filter (and _get_filtered_attrs)
+tarfile.tar_filter +# basically the same, but **without**:
+# - Clear high mode bits (setuid, setgid, sticky) and
+# group/other write bits (S_IWGRP | S_IWOTH).
+def untar_release_filter(member, dest_path):
+ new_attrs = {}
+ name = member.name
+ dest_path = os.path.realpath(dest_path)
+ # Strip leading / (tar's directory separator) from filenames.
+ # Include os.sep (target OS directory separator) as well.
+ if name.startswith(('/', os.sep)):
+ name = new_attrs['name'] = member.path.lstrip('/' + os.sep)
+ if os.path.isabs(name):
+ # Path is absolute even after stripping.
+ # For example, 'C:/foo' on Windows.
+ raise tarfile.AbsolutePathError(member)
+ # Ensure we stay in the destination
+ target_path = os.path.realpath(os.path.join(dest_path, name))
+ if os.path.commonpath([target_path, dest_path]) != dest_path:
+ raise tarfile.OutsideDestinationError(member, target_path)
+ if new_attrs:
+ return member.replace(**new_attrs, deep=False)
+ return member
+
class IOCFetch: class IOCFetch:
"""Fetch a RELEASE for use as a jail base.""" @@ -817,7 +840,7 @@ class IOCFetch:
@@ -817,7 +820,7 @@ class IOCFetch:
# removing them first. # removing them first.
member = self.__fetch_extract_remove__(f) member = self.__fetch_extract_remove__(f)
member = self.__fetch_check_members__(member) member = self.__fetch_check_members__(member)
- f.extractall(dest, members=member) - f.extractall(dest, members=member)
+ f.extractall(dest, members=member, filter='tar') + f.extractall(dest, members=member, filter=untar_release_filter)
def fetch_update(self, cli=False, uuid=None): def fetch_update(self, cli=False, uuid=None):
"""This calls 'freebsd-update' to update the fetched RELEASE.""" """This calls 'freebsd-update' to update the fetched RELEASE."""