diskimage-builder/elements/fedora/root.d/10-fedora-cloud-image
Tim Serong 6da49c6d49 Use --numeric-owner when extracting base image
When extracting the base image without --numeric-owner, user and group
names in the tarball are mapped to uid/gid by the host.  This can cause
problems when building an image for some other distro than you're
running yourself.  For example, building an Ubuntu image on openSUSE
ends up with /var/cache/man in the image owned by 'proxy' (uid 13)
instead of 'man' (uid 6), because the host (openSUSE) uses uid 13 for
the 'man' user.  This particular man/proxy discrepancy results in
"fopen: Permission denied" errors when apt-get does its "Processing
triggers for man-db" thing in the Ubuntu system.  I wouldn't be
surprised if there were other kinks caused by this uid/gid mapping
discrepancy too, but that's the one I found so far.

The same thing can also happen with Fedora, but seems to be less likely,
or at least less obvious to me when building Fedora images on openSUSE.
But, IMO, it's better to be safe and just use --numeric-owner on all
base image untarring outside the chroot.

Change-Id: I9da5ac66dd182e7278fe4fee932093f61d35673a
2013-10-08 22:45:51 +11:00

65 lines
2.7 KiB
Bash
Executable File

#!/bin/bash
set -eu
[ -n "$ARCH" ]
[ -n "$TARGET_ROOT" ]
if [ 'amd64' = "$ARCH" ] ; then
ARCH="x86_64"
fi
DIB_RELEASE=${DIB_RELEASE:-latest}
DIB_CLOUD_IMAGES=${DIB_CLOUD_IMAGES:-http://cloud.fedoraproject.org}
BASE_IMAGE_FILE=${BASE_IMAGE_FILE:-fedora-$DIB_RELEASE.$ARCH.qcow2}
BASE_IMAGE_TAR=$DIB_RELEASE-Cloud-$ARCH-latest.tgz
CACHED_TAR=$DIB_IMAGE_CACHE/$BASE_IMAGE_TAR
if [ -n "$DIB_OFFLINE" -a -f "$CACHED_TAR" ] ; then
echo "Not checking freshness of cached $CACHED_TAR."
else
echo "Fetching Base Image"
$TMP_HOOKS_PATH/bin/cache-url $DIB_CLOUD_IMAGES/$BASE_IMAGE_FILE $DIB_IMAGE_CACHE/$BASE_IMAGE_FILE
if [ ! -f $CACHED_TAR -o \
$DIB_IMAGE_CACHE/$BASE_IMAGE_FILE -nt $CACHED_TAR ] ; then
echo "Repacking base image as tarball."
WORKING=$(mktemp -d)
EACTION="rm -r $WORKING"
trap "$EACTION" EXIT
echo "Working in $WORKING"
RAW_FILE=$(basename $BASE_IMAGE_FILE)
RAW_FILE=${RAW_FILE#.qcow2}.raw
qemu-img convert -f qcow2 -O raw $DIB_IMAGE_CACHE/$BASE_IMAGE_FILE $WORKING/$RAW_FILE
# WARNING: The mattdm image has the root filesystem on the second
# partition (p2). If he changes the image the MAGIC_BIT
# might also need to change.
# UPDATE to above warning alluding to Fedora18:
# F19 images have the rootfs partition on p1
MAGIC_BIT=p1
# XXX: Parsing stdout is dangerous, would like a better way to discover
# the device used for the image.
# NOTE: On F17 (parted-3.0-10.fc17.x86_64), partprobe of
# /dev/loop0 does not create /dev/loop0p2, while kpartx at
# least creates /dev/mapper/loop0p2.
LOOPDEV=$(sudo kpartx -av $WORKING/$RAW_FILE | awk "/loop[0-9]+$MAGIC_BIT/ {print \$3}")
if ! timeout 5 sh -c "while ! [ -e /dev/mapper/$LOOPDEV ]; do sleep 1; done"; then
echo "Error: Could not find /dev/mapper/$LOOPDEV"
exit 1
fi
EACTION="sudo kpartx -d $WORKING/$RAW_FILE;$EACTION"
trap "$EACTION" EXIT
mkdir $WORKING/mnt
sudo mount /dev/mapper/$LOOPDEV $WORKING/mnt
EACTION="sudo umount -f $WORKING/mnt;$EACTION"
trap "$EACTION" EXIT
# Chroot in so that we get the correct uid/gid
sudo chroot $WORKING/mnt bin/tar -cz . > $WORKING/tmp.tar
mv $WORKING/tmp.tar $DIB_IMAGE_CACHE/$BASE_IMAGE_TAR
fi
fi
# Extract the base image (use --numeric-owner to avoid UID/GID mismatch between
# image tarball and host OS e.g. when building Fedora image on an openSUSE host)
sudo tar -C $TARGET_ROOT --numeric-owner -xzf $DIB_IMAGE_CACHE/$BASE_IMAGE_TAR
sudo rmdir $TARGET_ROOT/lost+found