Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix transferring data using tar #20822

Merged
merged 1 commit into from
Nov 29, 2023

Conversation

mtrmac
Copy link
Collaborator

@mtrmac mtrmac commented Nov 28, 2023

Instead of relying on the remote server to create tar files with the right account IDs (which the remote server doesn't even know, when the client and server run under different accounts), have the remote client ignore the account IDs when unpacking.

Then just hard-code 0 in the remote server, so that the remote server's account identity does not leak in the tar file contents.

Compare containers/image#1627 .

[NO NEW TESTS NEEDED] : #18563 suggests that existing tests already cover these code paths / properties.

containers/storage#1765 will improve the privacy of the generated tar files further, but it is not a prerequisite.

Does this PR introduce a user-facing change?

None

Instead of relying on the remote server to create tar files
with the right account IDs (which the remote server doesn't
even know, when the client and server run under different accounts),
have the remote client ignore the account IDs when unpacking.

Then just hard-code 0 in the remote server, so that the remote
server's account identity does not leak in the tar file contents.

Compare containers/image#1627 .

[NO NEW TESTS NEEDED] : containers#18563
suggests that existing tests already cover these code paths / properties.

Signed-off-by: Miloslav Trmač <[email protected]>
Copy link
Contributor

openshift-ci bot commented Nov 28, 2023

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: mtrmac

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Nov 28, 2023
@github-actions github-actions bot added the kind/api-change Change to remote API; merits scrutiny label Nov 28, 2023
@rhatdan
Copy link
Member

rhatdan commented Nov 29, 2023

LGTM
@containers/podman-maintainers PTAL

@mheon
Copy link
Member

mheon commented Nov 29, 2023

/lgtm

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Nov 29, 2023
@openshift-merge-bot openshift-merge-bot bot merged commit d6fefe0 into containers:main Nov 29, 2023
93 checks passed
@mtrmac mtrmac deleted the chown-cleanup branch November 29, 2023 18:38
@github-actions github-actions bot added the locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. label Feb 28, 2024
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Feb 28, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. kind/api-change Change to remote API; merits scrutiny lgtm Indicates that a PR is ready to be merged. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. release-note-none
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants