@@ -43,12 +43,14 @@ function teardown() {
4343 [ -f " $BUNDLE_A /config.json"
4444
4545 # Check that all of the files have a UID owner >=1337 and a GID owner >=8888.
46- find " $BUNDLE_A /rootfs" | xargs stat -c ' %u:%g' | while read -r line; do
47- uid=$( echo " $line " | cut -d: -f1)
48- gid=$( echo " $line " | cut -d: -f2)
49- [ " $uid " -ge 1337 ] && [ " $uid " -lt " $(( 1337 + 65535 )) "
50- [ " $gid " -ge 8888 ] && [ " $gid " -lt " $(( 8888 + 65535 )) "
51- done
46+ find " $BUNDLE_A /rootfs" | xargs stat -c ' %u:%g' | awk -F: ' {
47+ uid = $1;
48+ if (uid < 1337 || uid >= 1337 + 65535)
49+ exit 1;
50+ gid = $2;
51+ if (gid < 8888 || gid >= 8888 + 65535)
52+ exit 1;
53+ }'
5254
5355 # Unpack the image with a differen uid and gid mapping.
5456 umoci unpack --image " ${IMAGE} :${TAG} " " $BUNDLE_B " " 8080:0:65535" " 7777:0:65535"
@@ -59,12 +61,14 @@ function teardown() {
5961 [ -f " $BUNDLE_B /config.json"
6062
6163 # Check that all of the files have a UID owner >=8080 and a GID owner >=7777.
62- find " $BUNDLE_B /rootfs" | xargs stat -c ' %u:%g' | while read -r line; do
63- uid=$( echo " $line " | cut -d: -f1)
64- gid=$( echo " $line " | cut -d: -f2)
65- [ " $uid " -ge 8080 ] && [ " $uid " -lt " $(( 8080 + 65535 )) "
66- [ " $gid " -ge 7777 ] && [ " $gid " -lt " $(( 7777 + 65535 )) "
67- done
64+ find " $BUNDLE_B /rootfs" | xargs stat -c ' %u:%g' | awk -F: ' {
65+ uid = $1;
66+ if (uid < 8080 || uid >= 8080 + 65535)
67+ exit 1;
68+ gid = $2;
69+ if (gid < 7777 || gid >= 7777 + 65535)
70+ exit 1;
71+ }'
6872
6973 image-verify " ${IMAGE} "
7074}
0 commit comments