On Sun, Apr 21, 2024 at 09:22:16PM +0900, Akira Yokosawa wrote: > Default behavior of super-user mode tar is to keep uid/gid and > permissions in extracting files/directories from archives. > > It conflicts with security settings of rootless mode podman while > building container images from recent releases of ubuntu and fedora, > resulting in errors as follows: > > tar: latexpand-v1.3/tests/df-conflict/b: Cannot change mode to rwxrwxr-x: Operation not permitted > tar: latexpand-v1.3/tests/df-conflict: Cannot change mode to rwxrwxr-x: Operation not permitted > tar: latexpand-v1.3/tests/expected/err: Cannot change mode to rwxrwxr-x: Operation not permitted > tar: latexpand-v1.3/tests/expected: Cannot change mode to rwxrwxr-x: Operation not permitted > tar: latexpand-v1.3/tests: Cannot change mode to rwxrwxr-x: Operation not permitted > tar: latexpand-v1.3: Cannot change mode to rwxrwxr-x: Operation not permitted > tar: Exiting with failure status due to previous errors > > Add --no-same-owner and --no-same-permission options to tar and make > it behave the same way as in its normal-user mode. > > Signed-off-by: Akira Yokosawa <akiyks@xxxxxxxxx> Queued and pushed, thank you! Thanx, Paul > --- > docker/Dockerfile | 2 +- > docker/Dockerfile.fedora | 2 +- > 2 files changed, 2 insertions(+), 2 deletions(-) > > diff --git a/docker/Dockerfile b/docker/Dockerfile > index 66fd2b3f..c3e2a237 100644 > --- a/docker/Dockerfile > +++ b/docker/Dockerfile > @@ -14,7 +14,7 @@ RUN apt-get update && apt-get install -y fig2ps inkscape xfig graphviz psutils \ > COPY steel-city-comic.regular.ttf /usr/local/share/fonts/ > RUN fc-cache /usr/local/share/fonts/ > WORKDIR /opt > -RUN curl https://gitlab.com/latexpand/latexpand/-/archive/v1.3/latexpand-v1.3.tar.gz -o - | tar xfz - && \ > +RUN curl https://gitlab.com/latexpand/latexpand/-/archive/v1.3/latexpand-v1.3.tar.gz -o - | tar --no-same-owner --no-same-permissions -xzf - && \ > sed -i -e 's/@LATEXPAND_VERSION@/v1.3/' latexpand-*/latexpand && \ > cp latexpand-*/latexpand /usr/local/bin > ARG uid=0 > diff --git a/docker/Dockerfile.fedora b/docker/Dockerfile.fedora > index 6812163a..cb652680 100644 > --- a/docker/Dockerfile.fedora > +++ b/docker/Dockerfile.fedora > @@ -16,7 +16,7 @@ RUN dnf -y update && dnf install -y --setopt=tsflags=nodocs \ > COPY steel-city-comic.regular.ttf /usr/local/share/fonts/ > RUN fc-cache /usr/local/share/fonts/ > WORKDIR /opt > -RUN curl https://gitlab.com/latexpand/latexpand/-/archive/v1.3/latexpand-v1.3.tar.gz -o - | tar xfz - && \ > +RUN curl https://gitlab.com/latexpand/latexpand/-/archive/v1.3/latexpand-v1.3.tar.gz -o - | tar --no-same-owner --no-same-permissions -xzf - && \ > sed -i -e 's/@LATEXPAND_VERSION@/v1.3/' latexpand-*/latexpand && \ > cp latexpand-*/latexpand /usr/local/bin > ARG uid=0 > > base-commit: ac7686132a63f3d47fd18aa3f767610346ff484b > -- > 2.34.1 >
