Skip to content

Fix archive.extracted ownership on tarballs with no dir members (#68227)#69428

Open
dwoz wants to merge 1 commit into
saltstack:3006.xfrom
dwoz:fix/issue-68227
Open

Fix archive.extracted ownership on tarballs with no dir members (#68227)#69428
dwoz wants to merge 1 commit into
saltstack:3006.xfrom
dwoz:fix/issue-68227

Conversation

@dwoz

@dwoz dwoz commented Jun 12, 2026

Copy link
Copy Markdown
Contributor

What does this PR do?

Restores archive.extracted's ability to enforce user/group
ownership on archives whose only members are files. Previously the
common-prefix fallback added in #61896 silently no-op'd for such
archives because it consulted only ret["dirs"], leaving the extracted
top-level directory owned by root:root.

What issues does this PR fix or reference?

Fixes #68227

Follow-up to #61896 (which fixed #38605 but missed the
no-directory-members case).

Previous Behavior

For tar archives that contain only file members (e.g. Oracle's GraalVM
JDK tarballs, whose listing looks like
graalvm-jdk-21.0.8+12.1/LICENSE.txt, no graalvm-jdk-21.0.8+12.1/
entry), archive.list returned top_level_dirs=[], and
archive.extracted's ownership loop in salt/states/archive.py had
nothing to iterate over - the extracted directory stayed owned by
root:root regardless of the user/group arguments.

New Behavior

archive.list now feeds files and links into the os.path.commonprefix
fallback in addition to dirs, so the shared top-level directory is
discovered regardless of which member types the archive happens to
include.

Merge requirements satisfied?

  • Docs
  • Changelog
  • Tests written/updated

Commits signed with GPG?

Yes

@dwoz dwoz requested a review from a team as a code owner June 12, 2026 00:24
@dwoz dwoz added this to the Sulphur v3006.26 milestone Jun 12, 2026
@dwoz dwoz added the test:full Run the full test suite label Jun 12, 2026
@dwoz dwoz force-pushed the fix/issue-68227 branch from 224fc45 to 655c147 Compare June 12, 2026 00:25
@dwoz dwoz force-pushed the fix/issue-68227 branch from 655c147 to dc47b43 Compare June 14, 2026 02:07
@dwoz
Fix archive.extracted ownership on tar archives with no directory mem…
61bec0c 
…bers

PR saltstack#61896 added a common-prefix fallback to archive.list so that
archive.extracted could enforce user/group ownership on top-level
directories that aren't listed as their own member in the tarball.
That fallback only consulted ret["dirs"], so archives whose members are
all files - such as Oracle's GraalVM JDK tarballs, which contain
``graalvm-jdk-21.0.8+12.1/LICENSE.txt`` and friends but no entry for the
``graalvm-jdk-21.0.8+12.1/`` directory itself - still returned
``top_level_dirs=[]`` and silently skipped the ownership enforcement
loop in salt/states/archive.py.

Include files and links in the common-prefix computation so the
top-level directory is discovered regardless of which member types the
archive happens to contain.

Fixes saltstack#68227
@dwoz dwoz force-pushed the fix/issue-68227 branch from dc47b43 to 61bec0c Compare June 15, 2026 05:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

test:full Run the full test suite

Projects

None yet

Milestone

Sulphur v3006.26

Development

Successfully merging this pull request may close these issues.

1 participant

@dwoz