diff options
author | Toshio Kuratomi <a.badger@gmail.com> | 2018-03-07 17:14:51 -0800 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-03-07 17:14:51 -0800 |
commit | cca0ccaf97997691c492c490d263d2b98328af65 (patch) | |
tree | fccdc5001dbafe775b12be44ed7dd7512ba393db | |
parent | c1f5e11cdff500a43a657df436316db8deb51321 (diff) | |
download | ansible-cca0ccaf97997691c492c490d263d2b98328af65.tar.gz |
Fix unarchive with strip-components in extra_opts (#37048)
* Fix unarchive with strip-components in extra_opts
When unarchive is given extra_opts to strip all leading directories, it
could end up trying to change the permissions on the root directory.
Tar archives shouldn't contain absolute paths anyways so make sure that
all paths are relative as we handle them.
Fixes #21397
-rw-r--r-- | lib/ansible/modules/files/unarchive.py | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/lib/ansible/modules/files/unarchive.py b/lib/ansible/modules/files/unarchive.py index b21a4d3f26..44651cf994 100644 --- a/lib/ansible/modules/files/unarchive.py +++ b/lib/ansible/modules/files/unarchive.py @@ -642,9 +642,17 @@ class TgzArchive(object): for filename in out.splitlines(): # Compensate for locale-related problems in gtar output (octal unicode representation) #11348 # filename = filename.decode('string_escape') - filename = codecs.escape_decode(filename)[0] + filename = to_native(codecs.escape_decode(filename)[0]) + if filename and filename not in self.excludes: - self._files_in_archive.append(to_native(filename)) + # We don't allow absolute filenames. If the user wants to unarchive rooted in "/" + # they need to use "dest: '/'". This follows the defaults for gtar, pax, etc. + # Allowing absolute filenames here also causes bugs: https://github.com/ansible/ansible/issues/21397 + if filename.startswith('/'): + filename = filename[1:] + + self._files_in_archive.append(filename) + return self._files_in_archive def is_unarchived(self): @@ -869,6 +877,7 @@ def main(): # do we need to change perms? for filename in handler.files_in_archive: file_args['path'] = os.path.join(dest, filename) + try: res_args['changed'] = module.set_fs_attributes_if_different(file_args, res_args['changed'], expand=False) except (IOError, OSError) as e: |