From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: <pve-devel-bounces@lists.proxmox.com> Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) by lore.proxmox.com (Postfix) with ESMTPS id 99A011FF16F for <inbox@lore.proxmox.com>; Thu, 13 Feb 2025 11:16:11 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id E29EC2FA8E; Thu, 13 Feb 2025 11:16:06 +0100 (CET) Date: Thu, 13 Feb 2025 11:15:33 +0100 (CET) From: =?UTF-8?Q?Fabian_Gr=C3=BCnbichler?= <f.gruenbichler@proxmox.com> To: Proxmox VE development discussion <pve-devel@lists.proxmox.com> Message-ID: <83426160.6545.1739441733078@webmail.proxmox.com> In-Reply-To: <mailman.80.1736016466.441.pve-devel@lists.proxmox.com> References: <mailman.80.1736016466.441.pve-devel@lists.proxmox.com> MIME-Version: 1.0 X-Priority: 3 Importance: Normal X-Mailer: Open-Xchange Mailer v7.10.6-Rev73 X-Originating-Client: open-xchange-appsuite X-SPAM-LEVEL: Spam detection results: 0 AWL 0.046 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment RCVD_IN_VALIDITY_CERTIFIED_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_RPBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_SAFE_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: Re: [pve-devel] [PATCH container] Fix bug #6040 in the exclusion pattern of tar X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com> List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-devel>, <mailto:pve-devel-request@lists.proxmox.com?subject=unsubscribe> List-Archive: <http://lists.proxmox.com/pipermail/pve-devel/> List-Post: <mailto:pve-devel@lists.proxmox.com> List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help> List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel>, <mailto:pve-devel-request@lists.proxmox.com?subject=subscribe> Reply-To: Proxmox VE development discussion <pve-devel@lists.proxmox.com> Cc: Orwa Diraneyya <info@orwa.tech> Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: pve-devel-bounces@lists.proxmox.com Sender: "pve-devel" <pve-devel-bounces@lists.proxmox.com> > Orwa Diraneyya via pve-devel <pve-devel@lists.proxmox.com> hat am 04.01.2025 19:47 CET geschrieben: > From: Orwa Diraneyya <diraneyyaorwa@gmail.com> > > After this fix, users of Proxmox will be able to > use the root filesystem tarballs found publicly > (e.g. at https://cloud-images.ubuntu.com/) as LXC > container templates. > > Currently, this results in a container-creation > failure due to the root folder `/dev` exclusion > pattern being ineffective. > > The bugfix is also announced on the dev mailing > list (mailman.74.1735960093.441.pve-devel) > > Signed-off-by: Orwa Diraneyya <diraneyyaorwa@gmail.com> > --- > src/PVE/LXC/Create.pm | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/src/PVE/LXC/Create.pm b/src/PVE/LXC/Create.pm > index 8c8cb9a..4d0d11e 100644 > --- a/src/PVE/LXC/Create.pm > +++ b/src/PVE/LXC/Create.pm > @@ -75,7 +75,7 @@ my sub restore_tar_archive_command { > # *sigh*, gnu... > push @$cmd, '--skip-old-files'; > push @$cmd, '--anchored'; > - push @$cmd, '--exclude' , './dev/*'; > + push @$cmd, '--exclude' , 'dev/*'; Thanks for your patch! Unfortunately, this is not the correct way to tackle this - because of `--anchored`, `./dev/*` and `dev/*` match different things: $ mkdir dev; touch dev/test $ ls dev test $ tar cf test.tar ./dev $ tar tf test.tar ./dev/ ./dev/test $ rm -rf extract; mkdir extract $ tar -xf test.tar -C extract --anchored --exclude './dev/*' -v ./dev/ $ rm -rf extract; mkdir extract $ tar -xf test.tar -C extract --anchored --exclude 'dev/*' -v ./dev/ ./dev/test Note how the tarball contains a relative dir ./dev with a file test inside (like our/most container templates), and how extracting it with the original exclusion pattern just extracts the empty dev dir, skipping its contents, while your proposed pattern extracts the contents as well. The inverse is true for your tarball with the contents the other way round: $ rm test.tar $ tar cf test.tar dev $ tar tf test.tar dev/ dev/test $ rm -rf extract; mkdir extract $ tar -xf test.tar -C extract --anchored --exclude './dev/*' -v dev/ dev/test $ rm -rf extract; mkdir extract $ tar -xf test.tar -C extract --anchored --exclude 'dev/*' -v dev/ So what we actually want if we want to support both variants is to exclude *both* patterns. Note that your original use case of just passing an image not intended for container consumption might still fail for other reasons ;) But such a patch would at least allow manually created templates that don't use the ./ prefix to work properly. > if (defined($bwlimit)) { > $cmd = [ ['cstream', '-t', $bwlimit*1024], $cmd ]; > -- > 2.46.0 _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel