diff options
author | Toshio Kuratomi <a.badger@gmail.com> | 2018-03-07 18:41:29 -0800 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-03-07 18:41:29 -0800 |
commit | 0fd9c9b0149113d84efbd422d70dd52d4ee6f4ae (patch) | |
tree | 4dc816eacb30847ca20f75ba3e47060ae7969b57 | |
parent | 09de6dc020f27130a33626d30c584d77eaeb93d6 (diff) | |
download | ansible-0fd9c9b0149113d84efbd422d70dd52d4ee6f4ae.tar.gz |
Bkprt unarchive fix (#37159)
* Fix unarchive with strip-components in extra_opts (#37048)
* Fix unarchive with strip-components in extra_opts
When unarchive is given extra_opts to strip all leading directories, it
could end up trying to change the permissions on the root directory.
Tar archives shouldn't contain absolute paths anyways so make sure that
all paths are relative as we handle them.
Fixes #21397
(cherry picked from commit cca0ccaf97997691c492c490d263d2b98328af65)
-rw-r--r-- | changelogs/fragments/unarchive-absolute-path.yaml | 5 | ||||
-rw-r--r-- | lib/ansible/modules/files/unarchive.py | 13 |
2 files changed, 16 insertions, 2 deletions
diff --git a/changelogs/fragments/unarchive-absolute-path.yaml b/changelogs/fragments/unarchive-absolute-path.yaml new file mode 100644 index 0000000000..44f5367723 --- /dev/null +++ b/changelogs/fragments/unarchive-absolute-path.yaml @@ -0,0 +1,5 @@ +--- +bugfixes: +- Fix for unarchive when users use the --strip-components extra_opt to tar + causing ansible to set permissions on the wrong directory. + https://github.com/ansible/ansible/pull/37048 diff --git a/lib/ansible/modules/files/unarchive.py b/lib/ansible/modules/files/unarchive.py index 57f641cad6..5db7b7fb98 100644 --- a/lib/ansible/modules/files/unarchive.py +++ b/lib/ansible/modules/files/unarchive.py @@ -641,9 +641,17 @@ class TgzArchive(object): for filename in out.splitlines(): # Compensate for locale-related problems in gtar output (octal unicode representation) #11348 # filename = filename.decode('string_escape') - filename = codecs.escape_decode(filename)[0] + filename = to_native(codecs.escape_decode(filename)[0]) + if filename and filename not in self.excludes: - self._files_in_archive.append(to_native(filename)) + # We don't allow absolute filenames. If the user wants to unarchive rooted in "/" + # they need to use "dest: '/'". This follows the defaults for gtar, pax, etc. + # Allowing absolute filenames here also causes bugs: https://github.com/ansible/ansible/issues/21397 + if filename.startswith('/'): + filename = filename[1:] + + self._files_in_archive.append(filename) + return self._files_in_archive def is_unarchived(self): @@ -868,6 +876,7 @@ def main(): # do we need to change perms? for filename in handler.files_in_archive: file_args['path'] = os.path.join(dest, filename) + try: res_args['changed'] = module.set_fs_attributes_if_different(file_args, res_args['changed'], expand=False) except (IOError, OSError) as e: |