From 4e45394e084f87e3644db1271d50d4dfe138f1f4 Mon Sep 17 00:00:00 2001 From: Jonathan Dowland Date: Fri, 11 Apr 2025 14:37:58 +0100 Subject: [PATCH 1/2] [OPENJDK-3655] test for files with u+x and not o+x Signed-off-by: Jonathan Dowland --- tests/features/imagebasic.feature | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/tests/features/imagebasic.feature b/tests/features/imagebasic.feature index ceb6be8d..cccff61e 100644 --- a/tests/features/imagebasic.feature +++ b/tests/features/imagebasic.feature @@ -15,3 +15,10 @@ Feature: Tests for all openshift images Scenario: Check that builder labels are correctly set Given image is built Then the image should contain label io.openshift.s2i.scripts-url with value image:///usr/local/s2i + + @ubi9 + Scenario: Check installed scripts are executable by all users (OPENJDK-3655) + When container is started with args + | arg | value | + | command | find /opt/jboss/container -type f -perm -g+x ( ! -perm -o+x ) -ls | + Then available container log should not contain /opt/jboss/container From 4a71df63d483f2e785251c96ac6b583e3b2455c8 Mon Sep 17 00:00:00 2001 From: Jonathan Dowland Date: Fri, 11 Apr 2025 14:38:25 +0100 Subject: [PATCH 2/2] [OPENJDK-3655] remove or adjust chmod calls for installed scripts Many of the shell scripts we copy into the image are shell "libraries" which are intended to be sourced by other shell scripts and not directly executed themselves. It's confusing to install them with +x permissions. The scripts which are intended to be executed were set with owner or group execute permission but "other" without. This was a problem for some users of the containers in a non-OpenShift context, and there was no good reason for it, so set those +x for other as well. --- modules/jdk/11/configure.sh | 1 - modules/jdk/17/configure.sh | 1 - modules/jdk/21/configure.sh | 1 - modules/jdk/8/configure.sh | 1 - modules/jre/11/configure.sh | 1 - modules/jre/17/configure.sh | 1 - modules/jre/21/configure.sh | 1 - modules/jre/8/configure.sh | 1 - modules/jvm/configure.sh | 2 +- modules/maven/default/configure.sh | 1 - modules/maven/s2i/configure.sh | 1 - modules/run/configure.sh | 2 +- modules/s2i/bash/configure.sh | 1 - modules/s2i/core/configure.sh | 1 - modules/util/logging/configure.sh | 1 - 15 files changed, 2 insertions(+), 15 deletions(-) diff --git a/modules/jdk/11/configure.sh b/modules/jdk/11/configure.sh index 635b0cf6..cd79101b 100755 --- a/modules/jdk/11/configure.sh +++ b/modules/jdk/11/configure.sh @@ -7,7 +7,6 @@ ARTIFACTS_DIR=${SCRIPT_DIR}/artifacts chown -R $USER:root $SCRIPT_DIR chmod -R ug+rwX $SCRIPT_DIR -chmod ug+x ${ARTIFACTS_DIR}/opt/jboss/container/openjdk/jdk/* pushd ${ARTIFACTS_DIR} cp -pr * / diff --git a/modules/jdk/17/configure.sh b/modules/jdk/17/configure.sh index 45c61950..b865714b 100755 --- a/modules/jdk/17/configure.sh +++ b/modules/jdk/17/configure.sh @@ -7,7 +7,6 @@ ARTIFACTS_DIR=${SCRIPT_DIR}/artifacts chown -R $USER:root $SCRIPT_DIR chmod -R ug+rwX $SCRIPT_DIR -chmod ug+x ${ARTIFACTS_DIR}/opt/jboss/container/openjdk/jdk/* pushd ${ARTIFACTS_DIR} cp -pr * / diff --git a/modules/jdk/21/configure.sh b/modules/jdk/21/configure.sh index d9bc0423..8e352d61 100755 --- a/modules/jdk/21/configure.sh +++ b/modules/jdk/21/configure.sh @@ -7,7 +7,6 @@ ARTIFACTS_DIR=${SCRIPT_DIR}/artifacts chown -R $USER:root $SCRIPT_DIR chmod -R ug+rwX $SCRIPT_DIR -chmod ug+x ${ARTIFACTS_DIR}/opt/jboss/container/openjdk/jdk/* pushd ${ARTIFACTS_DIR} cp -pr * / diff --git a/modules/jdk/8/configure.sh b/modules/jdk/8/configure.sh index 64bd5137..910a5efd 100755 --- a/modules/jdk/8/configure.sh +++ b/modules/jdk/8/configure.sh @@ -7,7 +7,6 @@ ARTIFACTS_DIR=${SCRIPT_DIR}/artifacts chown -R $USER:root $SCRIPT_DIR chmod -R ug+rwX $SCRIPT_DIR -chmod ug+x ${ARTIFACTS_DIR}/opt/jboss/container/openjdk/jdk/* pushd ${ARTIFACTS_DIR} cp -pr * / diff --git a/modules/jre/11/configure.sh b/modules/jre/11/configure.sh index 0e528ec8..b9866cc2 100755 --- a/modules/jre/11/configure.sh +++ b/modules/jre/11/configure.sh @@ -9,7 +9,6 @@ echo $ARTIFACTS_DIR chown -R $USER:root $SCRIPT_DIR chmod -R ug+rwX $SCRIPT_DIR -chmod ug+x ${ARTIFACTS_DIR}/opt/jboss/container/openjdk/jre/* pushd ${ARTIFACTS_DIR} cp -pr * / diff --git a/modules/jre/17/configure.sh b/modules/jre/17/configure.sh index aef9b58b..3e4474e9 100755 --- a/modules/jre/17/configure.sh +++ b/modules/jre/17/configure.sh @@ -9,7 +9,6 @@ echo $ARTIFACTS_DIR chown -R $USER:root $SCRIPT_DIR chmod -R ug+rwX $SCRIPT_DIR -chmod ug+x ${ARTIFACTS_DIR}/opt/jboss/container/openjdk/jre/* pushd ${ARTIFACTS_DIR} cp -pr * / diff --git a/modules/jre/21/configure.sh b/modules/jre/21/configure.sh index 4e4af97a..fc736a15 100755 --- a/modules/jre/21/configure.sh +++ b/modules/jre/21/configure.sh @@ -9,7 +9,6 @@ echo $ARTIFACTS_DIR chown -R $USER:root $SCRIPT_DIR chmod -R ug+rwX $SCRIPT_DIR -chmod ug+x ${ARTIFACTS_DIR}/opt/jboss/container/openjdk/jre/* pushd ${ARTIFACTS_DIR} cp -pr * / diff --git a/modules/jre/8/configure.sh b/modules/jre/8/configure.sh index 86be8555..9b1f2f2d 100755 --- a/modules/jre/8/configure.sh +++ b/modules/jre/8/configure.sh @@ -7,7 +7,6 @@ ARTIFACTS_DIR=${SCRIPT_DIR}/artifacts chown -R $USER:root $SCRIPT_DIR chmod -R ug+rwX $SCRIPT_DIR -chmod ug+x ${ARTIFACTS_DIR}/opt/jboss/container/openjdk/jre/* pushd ${ARTIFACTS_DIR} cp -pr * / diff --git a/modules/jvm/configure.sh b/modules/jvm/configure.sh index 79e86ecc..331b9e88 100755 --- a/modules/jvm/configure.sh +++ b/modules/jvm/configure.sh @@ -7,7 +7,7 @@ ARTIFACTS_DIR=${SCRIPT_DIR}/artifacts chown -R $USER:root $SCRIPT_DIR chmod -R ug+rwX $SCRIPT_DIR -chmod ug+x ${ARTIFACTS_DIR}/opt/jboss/container/java/jvm/* +chmod +x ${ARTIFACTS_DIR}/opt/jboss/container/java/jvm/* pushd ${ARTIFACTS_DIR} cp -pr * / diff --git a/modules/maven/default/configure.sh b/modules/maven/default/configure.sh index 7542b69d..7e618d3c 100755 --- a/modules/maven/default/configure.sh +++ b/modules/maven/default/configure.sh @@ -8,7 +8,6 @@ ARTIFACTS_DIR=${SCRIPT_DIR}/artifacts # configure artifact permissions chown -R $USER:root $ARTIFACTS_DIR chmod -R ug+rwX $ARTIFACTS_DIR -chmod ug+x ${ARTIFACTS_DIR}/opt/jboss/container/maven/default/maven.sh # install artifacts pushd ${ARTIFACTS_DIR} diff --git a/modules/maven/s2i/configure.sh b/modules/maven/s2i/configure.sh index 3be021b0..2bce3b57 100755 --- a/modules/maven/s2i/configure.sh +++ b/modules/maven/s2i/configure.sh @@ -7,7 +7,6 @@ ARTIFACTS_DIR=${SCRIPT_DIR}/artifacts chown -R $USER:root $SCRIPT_DIR chmod -R ug+rwX $SCRIPT_DIR -chmod ug+x ${ARTIFACTS_DIR}/opt/jboss/container/maven/s2i/* chmod ug+x ${ARTIFACTS_DIR}/usr/local/s2i/* pushd ${ARTIFACTS_DIR} diff --git a/modules/run/configure.sh b/modules/run/configure.sh index 218e0d0e..dbd35604 100755 --- a/modules/run/configure.sh +++ b/modules/run/configure.sh @@ -7,7 +7,7 @@ ARTIFACTS_DIR=${SCRIPT_DIR}/artifacts chown -R $USER:root $SCRIPT_DIR chmod -R ug+rwX $SCRIPT_DIR -chmod ug+x ${ARTIFACTS_DIR}/opt/jboss/container/java/run/* +chmod +x ${ARTIFACTS_DIR}/opt/jboss/container/java/run/run-java.sh pushd ${ARTIFACTS_DIR} cp -pr * / diff --git a/modules/s2i/bash/configure.sh b/modules/s2i/bash/configure.sh index a56b65c9..2bce3b57 100755 --- a/modules/s2i/bash/configure.sh +++ b/modules/s2i/bash/configure.sh @@ -7,7 +7,6 @@ ARTIFACTS_DIR=${SCRIPT_DIR}/artifacts chown -R $USER:root $SCRIPT_DIR chmod -R ug+rwX $SCRIPT_DIR -chmod ug+x ${ARTIFACTS_DIR}/opt/jboss/container/java/s2i/* chmod ug+x ${ARTIFACTS_DIR}/usr/local/s2i/* pushd ${ARTIFACTS_DIR} diff --git a/modules/s2i/core/configure.sh b/modules/s2i/core/configure.sh index 032068e6..69a06c1a 100755 --- a/modules/s2i/core/configure.sh +++ b/modules/s2i/core/configure.sh @@ -7,7 +7,6 @@ ARTIFACTS_DIR=${SCRIPT_DIR}/artifacts chown -R $USER:root $SCRIPT_DIR chmod -R ug+rwX $SCRIPT_DIR -chmod ug+x ${ARTIFACTS_DIR}/opt/jboss/container/s2i/core/* pushd ${ARTIFACTS_DIR} cp -pr * / diff --git a/modules/util/logging/configure.sh b/modules/util/logging/configure.sh index 470528df..cd57b4c9 100755 --- a/modules/util/logging/configure.sh +++ b/modules/util/logging/configure.sh @@ -7,7 +7,6 @@ ARTIFACTS_DIR=${SCRIPT_DIR}/artifacts chown -R $USER:root $SCRIPT_DIR chmod -R ug+rwX $SCRIPT_DIR -chmod ug+x ${ARTIFACTS_DIR}/opt/jboss/container/util/logging/* pushd ${ARTIFACTS_DIR} cp -pr * /