diskimage-builder/elements/redhat-common/bin/extract-image
Ben Nemec edd7477891 Save extended attributes when creating tar
The way redhat-common's extract-image script was creating the base
tarball caused file capabilities to get dropped, which meant that
things like ping in RHEL 7 images was unusable for regular users.
This change adds the necessary options to the tar call to maintain
as many extended attributes as possible.

--acls and --selinux are intentionally omitted, and the selinux
xattrs are filtered out because all of those items cause issues
in our chroot environment.  We restore selinux attributes at the
end of the build anyway so that shouldn't be a problem.

bz reference: https://bugzilla.redhat.com/show_bug.cgi?id=1144149

Change-Id: Ibff99ce9bde01bc5ecf95dc3a5d3e2cebe5015b9
2014-10-03 23:05:17 -05:00

99 lines
3.6 KiB
Bash
Executable file

#!/bin/bash
# Intended to be called from the root.d cloud-image script as follows:
# $TMP_HOOKS_PATH/bin/extract-image $BASE_IMAGE_FILE $BASE_IMAGE_TAR $IMAGE_LOCATION $CACHED_IMAGE
set -eu
set -o pipefail
BASE_IMAGE_FILE=$1
BASE_IMAGE_TAR=$2
IMAGE_LOCATION=$3
CACHED_IMAGE=$4
CACHED_TAR=$DIB_IMAGE_CACHE/$BASE_IMAGE_TAR
DIB_LOCAL_IMAGE=${DIB_LOCAL_IMAGE:-""}
TAR_LOCK=$CACHED_TAR.lock
function extract_image() {
if [ -n "$DIB_OFFLINE" -a -f "$CACHED_TAR" ] ; then
echo "Not checking freshness of cached $CACHED_TAR."
else
if [ -z "$DIB_LOCAL_IMAGE" ]; then
echo "Fetching Base Image"
# There seems to be some bad Fedora mirrors returning http 404's for the cloud image.
# If the image fails to download due to a 404 we retry once.
set +e
$TMP_HOOKS_PATH/bin/cache-url $IMAGE_LOCATION $CACHED_IMAGE
RV=$?
set -e
if [ "$RV" == "44" ] ; then
$TMP_HOOKS_PATH/bin/cache-url $IMAGE_LOCATION $CACHED_IMAGE
elif [ "$RV" != "0" ] ; then
exit 1
fi
fi
if [ ! -f $CACHED_TAR -o \
$CACHED_IMAGE -nt $CACHED_TAR ] ; then
echo "Repacking base image as tarball."
WORKING=$(mktemp --tmpdir=${TMP_DIR:-/tmp} -d)
EACTION="rm -r $WORKING"
trap "$EACTION" EXIT
echo "Working in $WORKING"
RAW_FILE=$(basename $BASE_IMAGE_FILE)
RAW_FILE=${RAW_FILE%.qcow2}.raw
qemu-img convert -f qcow2 -O raw $CACHED_IMAGE $WORKING/$RAW_FILE
ROOT_PARTITON=p1
# kpartx fails if no /dev/loop* exists, "losetup -f" prints first unused
# loop device and creates it if it doesn't exist
sudo losetup -f
# XXX: Parsing stdout is dangerous, would like a better way to discover
# the device used for the image.
ROOT_LOOPDEV=$(sudo kpartx -av $WORKING/$RAW_FILE | \
awk "/loop[0-9]+$ROOT_PARTITON/ {print \$3}")
if ! timeout 5 sh -c "while ! [ -e /dev/mapper/$ROOT_LOOPDEV ]; do sleep 1; done"; then
echo "Error: Could not find /dev/mapper/$ROOT_LOOPDEV"
exit 1
fi
EACTION="sudo kpartx -d $WORKING/$RAW_FILE ; $EACTION"
trap "$EACTION" EXIT
mkdir $WORKING/mnt
sudo mount /dev/mapper/$ROOT_LOOPDEV $WORKING/mnt
EACTION="sudo umount -f $WORKING/mnt ; $EACTION"
trap "$EACTION" EXIT
# Chroot in so that we get the correct uid/gid
sudo chroot $WORKING/mnt bin/tar --xattrs --xattrs-include='*' --xattrs-exclude='security.selinux' -cz . > $WORKING/tmp.tar
mv $WORKING/tmp.tar $CACHED_TAR
else
echo "Using cached tar from $CACHED_TAR"
fi
fi
# Extract the base image (use --numeric-owner to avoid UID/GID mismatch between
# image tarball and host OS e.g. when building Fedora image on an openSUSE host)
# Include all xattrs except selinux because the selinux ones cause issues in our
# chroot environment, and we restore all of those at the end of the build anyway.
echo "Extracting base root image from $CACHED_TAR"
sudo tar -C $TARGET_ROOT --numeric-owner --xattrs --xattrs-include='*' --xattrs-exclude='security.selinux' -xzf $CACHED_TAR
}
(
echo "Getting $TAR_LOCK: $(date)"
# Wait up to 20 minutes for another process to download
if ! flock -w 1200 9 ; then
echo "Did not get $TAR_LOCK: $(date)"
exit 1
fi
extract_image
) 9> $TAR_LOCK