Re: [Bug-tar] ACL support, extract and default ACLs
On 03/02/14 14:41, Pavel Raiskup wrote: Good points, thanks! Default ACLs for directories are currently badly restored which seems to be a clear bug. Could we push something similar to attached files? (I try to propose testcase as a separate commit to allow you `make check` without fix — to observe that the testcase actually catches something). OT: I'd like to mention also one forgotten patch: http://www.mail-archive.com/bug-tar@gnu.org/msg04052.html Hello, Any update on this? Sergey? I'm happy with Pavel's patch but I'd prefer if there was an upstream fix so I can track tar releases in our production systems. Regards, Juan -- jjm's home: http://www.usebox.net/jjm/ blackshell: http://blackshell.usebox.net/
Re: [Bug-tar] ACL support, extract and default ACLs
Hi, Any update on this? Sergey? Yes, I've pushed both patches. The acls03.at test contained a bug, which I fixed as well. Regards, Sergey
Re: [Bug-tar] ACL support, extract and default ACLs
On 14/02/14 11:06, Sergey Poznyakoff wrote: Hi, Any update on this? Sergey? Yes, I've pushed both patches. The acls03.at test contained a bug, which I fixed as well. Great! Thanks a lot Sergey. Regards, Juan
Re: [Bug-tar] ACL support, extract and default ACLs
On 03/02/14 14:41, Pavel Raiskup wrote: Good points, thanks! Default ACLs for directories are currently badly restored which seems to be a clear bug. Could we push something similar to attached files? (I try to propose testcase as a separate commit to allow you `make check` without fix — to observe that the testcase actually catches something). I applied the patches to the repository code and it fixes the behaviour I was reporting (setting a default ACL when there's no archived ACL). The patch and the test looks good to me. Also I run `make check` with the following results: 161 tests behaved as expected. 20 tests were skipped. Thanks a lot for the quick response. Regards, Juan
Re: [Bug-tar] ACL support, extract and default ACLs
Good points, thanks! Default ACLs for directories are currently badly restored which seems to be a clear bug. Could we push something similar to attached files? (I try to propose testcase as a separate commit to allow you `make check` without fix — to observe that the testcase actually catches something). OT: I'd like to mention also one forgotten patch: http://www.mail-archive.com/bug-tar@gnu.org/msg04052.html Pavel testsuite.log.gz Description: application/gzip From 221aac36af214316c0a216a1facd586cb115fa0d Mon Sep 17 00:00:00 2001 From: Pavel Raiskup prais...@redhat.com Date: Mon, 3 Feb 2014 14:00:56 +0100 Subject: [PATCH 1/2] testsuite: add test for buggy default ACLs * tests/Makefile.am: Mention acls03.at. * tests/testsuite.at: Likewise. * tests/acls03.at: New testcase. --- tests/Makefile.am | 1 + tests/acls03.at| 131 + tests/testsuite.at | 1 + 3 files changed, 133 insertions(+) create mode 100644 tests/acls03.at diff --git a/tests/Makefile.am b/tests/Makefile.am index fc72c51..1f4b703 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -221,6 +221,7 @@ TESTSUITE_AT = \ xattr05.at\ acls01.at\ acls02.at\ + acls03.at\ selnx01.at\ selacl01.at\ capabs_raw01.at diff --git a/tests/acls03.at b/tests/acls03.at new file mode 100644 index 000..370a08b --- /dev/null +++ b/tests/acls03.at @@ -0,0 +1,131 @@ +# Process this file with autom4te to create testsuite. -*- Autotest -*- +# +# Test suite for GNU tar. +# Copyright 2013 Free Software Foundation, Inc. + +# This file is part of GNU tar. + +# GNU tar is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. + +# GNU tar is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program. If not, see http://www.gnu.org/licenses/. +# +# Test description: +# +# Check the storing/restoring with/without default ACLs. When --acls is passed, +# restored directory tree should always match archive contents (even when the +# archive does not contain any ACLs). +# +# References: +# http://www.mail-archive.com/bug-tar@gnu.org/msg04355.html + +AT_SETUP([acls: default ACLs]) +AT_KEYWORDS([xattrs acls acls03]) + +m4_define([ACL_LISTDIR], [ +cd $1 +$1=$(find d1 | sort | xargs -n 1 getfacl) +cd .. +]) + +m4_define([ACL_ASSERT], [ +echo $$1 $1.log +echo $$2 $2.log +if test ! $$1 $3 $$2; then +echo bad '$1' against '$2' output +fi +]) + +AT_TAR_CHECK([ +AT_XATTRS_UTILS_PREREQ +AT_ACLS_PREREQ +AT_SORT_PREREQ + +MYNAME=$( id -un ) +MYGROUP=$( id -gn ) + +# Prepare directory structure with default ACLs +mkdir -p pure/d1/d2 +genfile --file pure/d1/f2a +genfile --file pure/d1/f2b +genfile --file pure/d1/d2/f3a +genfile --file pure/d1/d2/f3b +setfacl-m g:$MYGROUP:r-x pure/d1 +setfacl -d -m g:$MYGROUP:rwx pure/d1 +setfacl -d -m u:$MYNAME:rwx pure/d1 +# *a files have some additional ACLs +setfacl-m u:$MYNAME:--- pure/d1/d2/f3a +setfacl-m u:$MYNAME:--- pure/d1/f2a + +# use default format (no acls stored) +tar -cf noacl.tar -C pure d1 + +# use posix format, acls stored +tar --acls -cf acl.tar -C pure d1 + +# Directory names are chosen based on how the files were extracted from +# archive. Equivalent no* tags are used also: +# ^sacl_— extracted archive has stored ACLs +# _def_ — target directory (-C) has default ACLs +# _optacl$ — extraction was done with --acls option + +mkdir sacl_def_optacl +mkdir sacl_def_optnoacl +mkdir sacl_nodef_optacl +mkdir sacl_nodef_optnoacl +mkdir nosacl_def_optacl +mkdir nosacl_def_optnoacl +mkdir nosacl_nodef_optacl +mkdir nosacl_nodef_optnoacl + +setfacl -d -m u:$MYNAME:--- nosacl_def_optnoacl sacl_def_optnoacl sacl_def_optacl nosacl_def_optacl +setfacl -d -m u:$MYGROUP:--- nosacl_def_optnoacl sacl_def_optnoacl sacl_def_optacl nosacl_def_optacl + +tar -xf acl.tar -C sacl_nodef_optnoacl +tar --acls -xf acl.tar -C sacl_nodef_optacl +tar -xf acl.tar -C sacl_def_optnoacl +tar --acls -xf acl.tar -C sacl_def_optacl +tar -xf noacl.tar -C nosacl_def_optnoacl +# _NO_ ACLs in output +tar -xf noacl.tar -C nosacl_nodef_optnoacl +tar -xf noacl.tar -C nosacl_nodef_optacl +tar -cf noacl_repackaged.tar -C nosacl_nodef_optnoacl d1 +# _NO_ ACLs in output (even when default ACLs exist) +tar --acls -xf noacl_repackaged.tar -C nosacl_def_optacl + +ACL_LISTDIR(pure) + +ACL_LISTDIR(sacl_def_optacl) +ACL_LISTDIR(sacl_def_optnoacl) +ACL_LISTDIR(sacl_nodef_optacl) +ACL_LISTDIR(sacl_nodef_optnoacl) +ACL_LISTDIR(nosacl_def_optacl) +ACL_LISTDIR(nosacl_def_optnoacl)
Re: [Bug-tar] ACL support, extract and default ACLs
Pavel Raiskup wrote: OT: I'd like to mention also one forgotten patch: http://www.mail-archive.com/bug-tar@gnu.org/msg04052.html That's actually the patch that makes my series of patches from https://bugzilla.redhat.com/show_bug.cgi?id=1052876 (I mentioned them on Jan 14th, 2014 in this list) to apply on tar 1.27.1 and current git master. My Capabilities patch from the other redhat bug report will apply with the above mentioned patches also on tar 1.17.1, but for git master it needs trivial manual merging on configure.ac. Greetings Markus Steinborn
[Bug-tar] ACL support, extract and default ACLs
Hello, I'm experiencing a possible problem with ACL support with the --acls flag and tar 1.27: when a tarball is extracted using --acls, a default ACL is created for every file/dir extracted from the tarball (with no archived ACLs I think). I've run some tests and I've found that: - a tar without ACLs (using GNU tar formar -that doesn't support ACLs-) - a POSIX tar without ACLs - a POSIX tar with ACLs ...all of these cases add a default ACL when extracting files with no archived ACLs. I was expecting the stored ACLs to be restored when extracting contents, but not the addition of that default ACLs that was not present in the archived contents (see the case of a tarball in GNU tar format). This behaviour causes problems when creating and restoring a tarball with a complete filesystem because lots of applications/tools can't handle ACLs properly. I'd like to use the --acls flag to preserve *existing* ACLs when extracting files/dirs and not add a default ACL. Markus Steinborn wrote about ACL support and in his list of points that need improvement was: Optional (3): Do not store ACLs iff ACL contains just the normal user, group and other permissions, i. .e. the ACL is an compatibility ACL. (I wasn't subscribed to the list back then) I don't know if it is related or not, I'd appreciate comments about this. Regards, Juan
[Bug-tar] ACL support, extract and default ACLs
Hello, I'm experiencing a possible problem with ACL support with the --acls flag and tar 1.27: when a tarball is extracted using --acls, a default ACL is created for every file/dir extracted from the tarball (with no archived ACLs I think). I've run some tests and I've found that: - a tar without ACLs (using GNU tar formar -that doesn't support ACLs-) - a POSIX tar without ACLs - a POSIX tar with ACLs ...all of these cases add a default ACL when extracting files with no archived ACLs. I was expecting the stored ACLs to be restored when extracting contents, but not the addition of that default ACLs that was not present in the archived contents (see the case of a tarball in GNU tar format). This behaviour causes problems when creating and restoring a tarball with a complete filesystem because lots of applications/tools can't handle ACLs properly. I'd like to use the --acls flag to preserve *existing* ACLs when extracting files/dirs and not add a default ACL. Markus Steinborn wrote about ACL support and in his list of points that need improvement was: Optional (3): Do not store ACLs iff ACL contains just the normal user, group and other permissions, i. .e. the ACL is an compatibility ACL. (I wasn't subscribed to the list back then) I don't know if it is related or not, I'd appreciate comments about this. Regards, Juan