Add test case for ownership

This commit is contained in:
Frederik Ring 2021-12-10 10:18:52 +01:00
parent 1b744d4c1c
commit 7a5068446a
3 changed files with 34 additions and 4 deletions

View File

@ -13,7 +13,7 @@ FROM alpine:3.14
WORKDIR /root
RUN apk add --update ca-certificates
RUN apk add --update ca-certificates sudo
COPY --from=builder /app/backup /usr/bin/backup

View File

@ -10,9 +10,11 @@ import (
"fmt"
"io"
"os"
"os/exec"
"path"
"path/filepath"
"strings"
"syscall"
"time"
"github.com/docker/docker/api/types"
@ -447,7 +449,7 @@ func (s *script) copyBackup() error {
if err := os.Chown(s.file, s.c.BackupUID, s.c.BackupGID); err != nil {
return fmt.Errorf("copyBackup: error changing owner on temp file: %w", err)
}
if err := copyFile(s.file, path.Join(s.c.BackupArchive, name)); err != nil {
if err := copyFile(s.file, path.Join(s.c.BackupArchive, name), s.c.BackupGID, s.c.BackupUID); err != nil {
return fmt.Errorf("copyBackup: error copying file to local archive: %w", err)
}
s.logger.Infof("Stored copy of backup `%s` in local archive `%s`.", s.file, s.c.BackupArchive)
@ -686,14 +688,14 @@ func lock(lockfile string) func() error {
}
// copy creates a copy of the file located at `dst` at `src`.
func copyFile(src, dst string) error {
func copyFile(src, dst string, uid, gid int) error {
in, err := os.Open(src)
if err != nil {
return fmt.Errorf("copyFile: error opening source file: %w", err)
}
defer in.Close()
out, err := os.Create(dst)
out, err := touch(dst, uid, gid)
if err != nil {
return fmt.Errorf("copyFile: error creating destination: %w", err)
}
@ -706,6 +708,27 @@ func copyFile(src, dst string) error {
return out.Close()
}
func touch(file string, uid, gid int) (*os.File, error) {
if uid < 1 || gid < 1 {
out, err := os.Create(file)
if err != nil {
return nil, fmt.Errorf("touch: error creating destination: %w", err)
}
return out, nil
}
cmd := exec.Command("sudo", "-u", fmt.Sprintf("%d", uid), "touch", file)
syscall.Umask(0077)
cmd.SysProcAttr = &syscall.SysProcAttr{}
cmd.SysProcAttr.Credential = &syscall.Credential{Uid: uint32(uid), Gid: uint32(gid)}
if err := cmd.Run(); err != nil {
return nil, fmt.Errorf("touch: error creating destination for owner %d:%d: %w", uid, gid, err)
}
return os.Open(file)
}
// join takes a list of errors and joins them into a single error
func join(errs ...error) error {
if len(errs) == 1 {

View File

@ -19,6 +19,13 @@ docker run --rm -it \
echo "[TEST:PASS] Found relevant files in untared remote backup."
test -L ./local/test.latest.tar.gz.gpg
owner=$(stat -c '%U:%G' ./local/test.tar.gz.gpg)
if [ "$owner" != "1000:1000" ]; then
echo "[TEST:FAIL] Expected backup file to have correct owners, got $owner"
exit 1
fi
echo 1234secret | gpg -d --yes --passphrase-fd 0 ./local/test.tar.gz.gpg > ./local/decrypted.tar.gz
tar -xf ./local/decrypted.tar.gz -C /tmp && test -f /tmp/backup/app_data/offen.db
rm ./local/decrypted.tar.gz