diff options
| author | Toshio Kuratomi <a.badger@gmail.com> | 2018-03-07 17:14:51 -0800 |
|---|---|---|
| committer | Toshio Kuratomi <a.badger@gmail.com> | 2018-03-07 18:42:44 -0800 |
| commit | c37e2e5d6e0e5f9fa71279a17eb14cb54a700a55 (patch) | |
| tree | d34687cddc65efe413ac452eb5984e982cbc13ab /lib | |
| parent | 7264d13991281e064a5ebc1060b02ec9a29a8f74 (diff) | |
| download | ansible-c37e2e5d6e0e5f9fa71279a17eb14cb54a700a55.tar.gz | |
Fix unarchive with strip-components in extra_opts (#37048)
* Fix unarchive with strip-components in extra_opts
When unarchive is given extra_opts to strip all leading directories, it
could end up trying to change the permissions on the root directory.
Tar archives shouldn't contain absolute paths anyways so make sure that
all paths are relative as we handle them.
Fixes #21397
(cherry picked from commit cca0ccaf97997691c492c490d263d2b98328af65)
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/ansible/modules/files/unarchive.py | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/lib/ansible/modules/files/unarchive.py b/lib/ansible/modules/files/unarchive.py index 93d449f6c0..cbbda3d339 100644 --- a/lib/ansible/modules/files/unarchive.py +++ b/lib/ansible/modules/files/unarchive.py @@ -642,9 +642,17 @@ class TgzArchive(object): for filename in out.splitlines(): # Compensate for locale-related problems in gtar output (octal unicode representation) #11348 # filename = filename.decode('string_escape') - filename = codecs.escape_decode(filename)[0] + filename = to_native(codecs.escape_decode(filename)[0]) + if filename and filename not in self.excludes: - self._files_in_archive.append(to_native(filename)) + # We don't allow absolute filenames. If the user wants to unarchive rooted in "/" + # they need to use "dest: '/'". This follows the defaults for gtar, pax, etc. + # Allowing absolute filenames here also causes bugs: https://github.com/ansible/ansible/issues/21397 + if filename.startswith('/'): + filename = filename[1:] + + self._files_in_archive.append(filename) + return self._files_in_archive def is_unarchived(self): @@ -869,6 +877,7 @@ def main(): # do we need to change perms? for filename in handler.files_in_archive: file_args['path'] = os.path.join(dest, filename) + try: res_args['changed'] = module.set_fs_attributes_if_different(file_args, res_args['changed'], expand=False) except (IOError, OSError) as e: |