mirrors/git-annex
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions

Run cp -a with --no-preserve=xattr, to avoid problems with copied xattrs

Browse source 
Including them breaking permissions setting on some NFS servers.

Sponsored-by: Dartmouth College's Datalad project
This commit is contained in:
Joey Hess 2021-08-27 13:09:34 -04:00
parent 7b1709105a
commit e17342b2a0
No known key found for this signature in database
GPG key ID: DB12DB0FF05F8F38
5 changed files with 62 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
Build/Configure.hs
View file

@ -25,6 +25,7 @@ tests =
, testCp "cp_p" "-p" , testCp "cp_p" "-p"
, testCp "cp_preserve_timestamps" "--preserve=timestamps" , testCp "cp_preserve_timestamps" "--preserve=timestamps"
, testCpReflinkAuto , testCpReflinkAuto
, testCpNoPreserveXattr
, TestCase "xargs -0" $ testCmd "xargs_0" "xargs -0 </dev/null" , TestCase "xargs -0" $ testCmd "xargs_0" "xargs -0 </dev/null"
, TestCase "rsync" $ testCmd "rsync" "rsync --version >/dev/null" , TestCase "rsync" $ testCmd "rsync" "rsync --version >/dev/null"
, TestCase "curl" $ testCmd "curl" "curl --version >/dev/null" , TestCase "curl" $ testCmd "curl" "curl --version >/dev/null"
@ -62,6 +63,11 @@ testCpReflinkAuto = testCp k "--reflink=auto"
where where
k = "cp_reflink_supported" k = "cp_reflink_supported"
testCpNoPreserveXattr :: TestCase
testCpNoPreserveXattr = testCp
"cp_no_preserve_xattr_supported"
"--no-preserve=xattr"
getUpgradeLocation :: Test getUpgradeLocation :: Test
getUpgradeLocation = do getUpgradeLocation = do
e <- getEnv "UPGRADE_LOCATION" e <- getEnv "UPGRADE_LOCATION"

3
CHANGELOG
View file

@ -19,6 +19,9 @@ git-annex (8.20210804) UNRELEASED; urgency=medium
get, drop, move, copy, whereis get, drop, move, copy, whereis
* Added annex.youtube-dl-command config. This can be used to run some * Added annex.youtube-dl-command config. This can be used to run some
forks of youtube-dl. forks of youtube-dl.
* Run cp -a with --no-preserve=xattr, to avoid problems with copied
xattrs, including them breaking permissions setting on some NFS
servers.
-- Joey Hess <id@joeyh.name> Tue, 03 Aug 2021 12:22:45 -0400 -- Joey Hess <id@joeyh.name> Tue, 03 Aug 2021 12:22:45 -0400

8
Utility/CopyFile.hs
View file

@ -1,6 +1,6 @@
{- file copying {- file copying
- -
- Copyright 2010-2019 Joey Hess <id@joeyh.name> - Copyright 2010-2021 Joey Hess <id@joeyh.name>
- -
- License: BSD-2-clause - License: BSD-2-clause
-} -}
@ -30,6 +30,12 @@ copyMetaDataParams meta = map snd $ filter fst
, Param "-p") , Param "-p")
, (not allmeta && BuildInfo.cp_preserve_timestamps , (not allmeta && BuildInfo.cp_preserve_timestamps
, Param "--preserve=timestamps") , Param "--preserve=timestamps")
-- cp -a may preserve xattrs that have special meaning,
-- eg to NFS, and have even been observed to prevent later
-- changing the permissions of the file. So prevent preserving
-- xattrs.
, (allmeta && BuildInfo.cp_a && BuildInfo.cp_no_preserve_xattr_supported
, Param "--no-preserve=xattr")
] ]
where where
allmeta = meta == CopyAllMetaData allmeta = meta == CopyAllMetaData

2
doc/bugs/__34__357_out_of_984_tests_failed__34___on_NFS_lustre_mount.mdwn
View file

@ -134,3 +134,5 @@ details of the mount with minimal sensoring with XXXs:
any ideas Joey? or how to troubleshoot on this beast further? any ideas Joey? or how to troubleshoot on this beast further?
[[!meta title="357 out of 984 tests fail on NFS isilon mount"]] [[!meta title="357 out of 984 tests fail on NFS isilon mount"]]
> [[fixed|done]] --[[Joey]]

44
doc/bugs/__34__357_out_of_984_tests_failed__34___on_NFS_lustre_mount/comment_11_541e257ea04d6a7647a337998d79232c._comment Normal file
View file

@ -0,0 +1,44 @@
[[!comment format=mdwn
username="joey"
subject="""comment 11"""
date="2021-08-27T16:41:45Z"
content="""
I've made the change to use that option. I think this should clear the test
suite.
I see that Isilon is a NAS, so some proprietary and broken NFS server
apparently. Kind of explains why cp -a would do this, because I found
threads about cp -a preserving NFS xattrs, and people wanted it to,
presumably for other reasons on less broken NFS servers.
This does raise the question of what might happen if someone copies
a file themselves with cp -a on this NFS and then git-annex adds the copy.
Probably git-annex would then be unable to remove the write bit
from the annex object file.
For that matter, the same could happen with ACLs. Eg, I was able to
use setfacl to make this happen:
joey@darkstar:~>chmod -w foo
joey@darkstar:~>setfacl -m g:nogroup:rw foo
joey@darkstar:~>ls -l foo
-r--rw-r--+ 1 joey joey 0 Aug 27 12:53 foo
joey@darkstar:~>chmod -w foo
chmod: foo: new permissions are r--rw-r--, not r--r--r--
- exit 1
joey@darkstar:~>perl -e 'chmod(400)' foo
joey@darkstar:~>ls -l foo
-r--rw-r--+ 1 joey joey 0 Aug 27 12:53 foo
So git-annex would be unable to clear the write bit, and would not be able
to effectively lock down the file for all users, eg user nobody can write
to the file in the above example. There's probably a way to let user joey
also write to it, but my attempt to do that with an ACL failed.
Perhaps git-annex should clear ACLs when ingesting (and locking) files.
But perhaps users use ACLs for other purposes that would not prevent
lockdown, and so they should not be cleared. And as far as internal-use NFS
xattrs, it doesn't seem wise for git-annex to try to unset them from files
its ingesting. So I guess I'm going to punt on this broader question,
if users want to use the ACL rope, it's over there..
"""]]