Fix plugin builds with sources using type=git

A recent change to git [1] introduced a new behaviour to work around a
CVE [2] that disallows any git operations in directories not owned by
the current user.

A fix was introduced for general checkouts, but it was not applied
to the plugins archive, resulting in PBR still not working as intended.

Fixed conflict added in I093620679016b37e1664c9fe4cf7559433e744b7.

[1] git/git@8959555
[2] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24765.

Closes-Bug: #1969096
Related-Bug: #1968877

Co-Authored-By: Mark Goddard <[email protected]>
Co-Authored-By: Marcin Juszkiewicz <[email protected]>

Signed-off-by: Jakub Neumann <[email protected]>
Change-Id: Ib3a37eebb29d975fc51a117cecdff74baafd8941
(cherry picked from commit 6be0068)

Author: yavi

kolla/image/build.py

@@ -518,8 +518,18 @@ def make_an_archive(items, arcname, item_child_path=None):
                         image.status = Status.CONNECTION_ERROR
                         raise ArchivingError
             arc_path = os.path.join(image.path, '%s-archive' % arcname)
+
+            # NOTE(jneumann): Change ownership of files to root:root. This
+            # avoids an issue introduced by the fix for git CVE-2022-24765,
+            # which breaks PBR when the source checkout is not owned by the
+            # user installing it. LP#1969096
+            def reset_userinfo(tarinfo):
+                tarinfo.uid = tarinfo.gid = 0
+                tarinfo.uname = tarinfo.gname = "root"
+                return tarinfo
+
             with tarfile.open(arc_path, 'w') as tar:
-                tar.add(items_path, arcname=arcname)
+                tar.add(items_path, arcname=arcname, filter=reset_userinfo)
             return len(os.listdir(items_path))
 
         self.logger.debug('Processing')