Fix local sources of git repositories

yoctozepto · yoctozepto · commit 8ffdee926405 · 2022-05-18T17:28:30.000Z
This is I2cbf1f539880d512aa223c3ef3a4b19ee18854ac extended to fix the case when a git repository is used with a git repo. This is probably a rarer use case but, still, we use it in CI for in-review changes testing. Change-Id: I77b0dcd2e9dfd8ea8390a471b80c8954b67ef91b (cherry picked from commit b888f68)
diff --git a/kolla/image/build.py b/kolla/image/build.py
@@ -388,6 +388,15 @@ def followups(self):
     def process_source(self, image, source):
         dest_archive = os.path.join(image.path, source['name'] + '-archive')
 
+        # NOTE(mgoddard): Change ownership of files to root:root. This
+        # avoids an issue introduced by the fix for git CVE-2022-24765,
+        # which breaks PBR when the source checkout is not owned by the
+        # user installing it. LP#1969096
+        def reset_userinfo(tarinfo):
+            tarinfo.uid = tarinfo.gid = 0
+            tarinfo.uname = tarinfo.gname = "root"
+            return tarinfo
+
         if source.get('type') == 'url':
             self.logger.debug("Getting archive from %s", source['source'])
             try:
@@ -432,15 +441,6 @@ def process_source(self, image, source):
                 image.status = Status.ERROR
                 return
 
-            # NOTE(mgoddard): Change ownership of files to root:root. This
-            # avoids an issue introduced by the fix for git CVE-2022-24765,
-            # which breaks PBR when the source checkout is not owned by the
-            # user installing it. LP#1969096
-            def reset_userinfo(tarinfo):
-                tarinfo.uid = tarinfo.gid = 0
-                tarinfo.uname = tarinfo.gname = "root"
-                return tarinfo
-
             with tarfile.open(dest_archive, 'w') as tar:
                 tar.add(clone_dir, arcname=os.path.basename(clone_dir),
                         filter=reset_userinfo)
@@ -451,7 +451,8 @@ def reset_userinfo(tarinfo):
             if os.path.isdir(source['source']):
                 with tarfile.open(dest_archive, 'w') as tar:
                     tar.add(source['source'],
-                            arcname=os.path.basename(source['source']))
+                            arcname=os.path.basename(source['source']),
+                            filter=reset_userinfo)
             else:
                 shutil.copyfile(source['source'], dest_archive)
 
