#519, working on making sure UID/GID are correct on tarball install

idaholab · Jul 27, 2024 · d468d64 · d468d64
1 parent 72ba54f
commit d468d64
Show file tree

Hide file tree

Showing 3 changed files with 43 additions and 25 deletions.
diff --git a/nginx/scripts/docker_entrypoint.sh b/nginx/scripts/docker_entrypoint.sh
@@ -310,10 +310,10 @@ if [[ -f "${NGINX_LANDING_INDEX_HTML}" ]]; then
     MALCOLM_DASHBOARDS_ICON=opensearch_mark_default.svg
   fi
   for HTML in "$(dirname "$(realpath "${NGINX_LANDING_INDEX_HTML}")")"/*.html; do
-    sed -i "s@MALCOLM_DASHBOARDS_NAME_REPLACER@${MALCOLM_DASHBOARDS_NAME}@g" "${HTML}"
-    sed -i "s@MALCOLM_DASHBOARDS_URL_REPLACER@${MALCOLM_DASHBOARDS_URL}@g" "${HTML}"
-    sed -i "s@MALCOLM_DASHBOARDS_ICON_REPLACER@${MALCOLM_DASHBOARDS_ICON}@g" "${HTML}"
-    sed -i "s/MALCOLM_VERSION_REPLACER/v${MALCOLM_VERSION:-unknown} (${VCS_REVISION:-} @ ${BUILD_DATE:-})/g" "${HTML}"
+    sed -i "s@MALCOLM_DASHBOARDS_NAME_REPLACER@${MALCOLM_DASHBOARDS_NAME}@g" "${HTML}" || true
+    sed -i "s@MALCOLM_DASHBOARDS_URL_REPLACER@${MALCOLM_DASHBOARDS_URL}@g" "${HTML}" || true
+    sed -i "s@MALCOLM_DASHBOARDS_ICON_REPLACER@${MALCOLM_DASHBOARDS_ICON}@g" "${HTML}" || true
+    sed -i "s/MALCOLM_VERSION_REPLACER/v${MALCOLM_VERSION:-unknown} (${VCS_REVISION:-} @ ${BUILD_DATE:-})/g" "${HTML}" || true
   done
 fi
 

diff --git a/scripts/install.py b/scripts/install.py
@@ -233,6 +233,34 @@ def InstallerDisplayMessage(
     )
 
 
+def DetermineUid(
+    scriptUser,
+    scriptPlatform,
+    referencePath,
+):
+    defaultUid = '1000'
+    defaultGid = '1000'
+    if ((scriptPlatform == PLATFORM_LINUX) or (scriptPlatform == PLATFORM_MAC)) and (scriptUser == "root"):
+        if pathUid := os.stat(referencePath).st_uid:
+            defaultUid = str(pathUid)
+        if pathGid := os.stat(referencePath).st_gid:
+            defaultGid = str(pathGid)
+
+    uid = defaultUid
+    gid = defaultGid
+    try:
+        if scriptPlatform == PLATFORM_LINUX:
+            uid = str(os.getuid())
+            gid = str(os.getgid())
+            if (uid == '0') or (gid == '0'):
+                raise Exception('it is preferrable not to run Malcolm as root, prompting for UID/GID instead')
+    except Exception:
+        uid = defaultUid
+        gid = defaultGid
+
+    return uid, gid
+
+
 ###################################################################################################
 class Installer(object):
     # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
@@ -400,11 +428,19 @@ def install_malcolm_files(self, malcolm_install_file, default_config_dir):
                 if self.debug:
                     eprint(f"Created {installPath} for Malcolm runtime files")
 
+                # extract the .tar.gz and chown the results
+                extUid, extGid = DetermineUid(self.scriptUser, self.platform, malcolm_install_file)
                 tar = tarfile.open(malcolm_install_file)
                 try:
                     tar.extractall(path=installPath, numeric_owner=True)
                 finally:
                     tar.close()
+                os.chown(installPath, int(extUid), int(extGid))
+                for dirpath, dirnames, filenames in os.walk(installPath, followlinks=False):
+                    for dname in dirnames:
+                        os.chown(os.path.join(dirpath, dname), int(extUid), int(extGid))
+                    for fname in filenames:
+                        os.chown(os.path.join(dirpath, fname), int(extUid), int(extGid), follow_symlinks=False)
 
                 # .tar.gz normally will contain an intermediate subdirectory. if so, move files back one level
                 childDir = glob.glob(f'{installPath}/*/')
@@ -465,26 +501,8 @@ def tweak_malcolm_runtime(self, malcolm_install_path):
         if (not args.configDir) or (not os.path.isdir(args.configDir)):
             raise Exception("Could not determine configuration directory containing Malcolm's .env files")
 
-        # figure out what UID/GID to run non-rood processes under docker as
-        defaultUid = '1000'
-        defaultGid = '1000'
-        if ((self.platform == PLATFORM_LINUX) or (self.platform == PLATFORM_MAC)) and (self.scriptUser == "root"):
-            if pathUid := os.stat(malcolm_install_path).st_uid:
-                defaultUid = str(pathUid)
-            if pathGid := os.stat(malcolm_install_path).st_gid:
-                defaultGid = str(pathGid)
-
-        puid = defaultUid
-        pgid = defaultGid
-        try:
-            if self.platform == PLATFORM_LINUX:
-                puid = str(os.getuid())
-                pgid = str(os.getgid())
-                if (puid == '0') or (pgid == '0'):
-                    raise Exception('it is preferrable not to run Malcolm as root, prompting for UID/GID instead')
-        except Exception:
-            puid = defaultUid
-            pgid = defaultGid
+        # figure out what UID/GID to run non-root processes under docker as
+        puid, pgid = DetermineUid(self.scriptUser, self.platform, malcolm_install_path)
 
         loopBreaker = CountUntilException(MaxAskForValueCount, 'Invalid UID/GID')
         while (

diff --git a/scripts/malcolm_appliance_packager.sh b/scripts/malcolm_appliance_packager.sh
@@ -141,7 +141,7 @@ if mkdir "$DESTDIR"; then
   cp $VERBOSE "$SCRIPT_PATH/malcolm_kubernetes.py" "$RUN_PATH/"
   cp $VERBOSE "$SCRIPT_PATH/malcolm_utils.py" "$RUN_PATH/"
 
-  tar -czf $VERBOSE "$DESTNAME" "./$(basename $DESTDIR)/"
+  tar -czf --owner=0 --group=0 $VERBOSE "$DESTNAME" "./$(basename $DESTDIR)/"
   echo "Packaged Malcolm to \"$DESTNAME\""
 
   unset CONFIRMATION