@@ -366,6 +366,15 @@ def followups(self):
366366 def process_source (self , image , source ):
367367 dest_archive = os .path .join (image .path , source ['name' ] + '-archive' )
368368
369+ # NOTE(mgoddard): Change ownership of files to root:root. This
370+ # avoids an issue introduced by the fix for git CVE-2022-24765,
371+ # which breaks PBR when the source checkout is not owned by the
372+ # user installing it. LP#1969096
373+ def reset_userinfo (tarinfo ):
374+ tarinfo .uid = tarinfo .gid = 0
375+ tarinfo .uname = tarinfo .gname = "root"
376+ return tarinfo
377+
369378 if source .get ('type' ) == 'url' :
370379 self .logger .debug ("Getting archive from %s" , source ['source' ])
371380 try :
@@ -410,15 +419,6 @@ def process_source(self, image, source):
410419 image .status = Status .ERROR
411420 return
412421
413- # NOTE(mgoddard): Change ownership of files to root:root. This
414- # avoids an issue introduced by the fix for git CVE-2022-24765,
415- # which breaks PBR when the source checkout is not owned by the
416- # user installing it. LP#1969096
417- def reset_userinfo (tarinfo ):
418- tarinfo .uid = tarinfo .gid = 0
419- tarinfo .uname = tarinfo .gname = "root"
420- return tarinfo
421-
422422 with tarfile .open (dest_archive , 'w' ) as tar :
423423 tar .add (clone_dir , arcname = os .path .basename (clone_dir ),
424424 filter = reset_userinfo )
@@ -429,7 +429,8 @@ def reset_userinfo(tarinfo):
429429 if os .path .isdir (source ['source' ]):
430430 with tarfile .open (dest_archive , 'w' ) as tar :
431431 tar .add (source ['source' ],
432- arcname = os .path .basename (source ['source' ]))
432+ arcname = os .path .basename (source ['source' ]),
433+ filter = reset_userinfo )
433434 else :
434435 shutil .copyfile (source ['source' ], dest_archive )
435436
0 commit comments