ansible-galaxy [WARNING]: Illegal filename '..': '..' is not allowed (ansible-core 2.14.11) #82051

joshzcold · 2023-10-20T19:47:36Z

Summary

Ansible galaxy fails to install symlinks that use ../target syntax within an ansible role.

For example in my use case.

lrwxrwxrwx 1 joshua joshua   11 May 31 14:58 defaults -> ../defaults
drwxr-xr-x 3 joshua joshua 4096 Oct 18 14:18 helm
drwxr-xr-x 2 joshua joshua 4096 May 31 14:58 kustomize
drwxr-xr-x 2 joshua joshua 4096 Aug 28 10:56 tasks
lrwxrwxrwx 1 joshua joshua    7 May 31 14:58 vars -> ../vars

I have a "subrole" that symlinks up 1 directory to the main role that has the common variables/tasks/etc.

This is found in ansible-core 2.14.11

version 2.14.10 does not have the issue.

Issue Type

Bug Report

Component Name

ansible-galaxy

Ansible Version

$ ansible --version
ansible [core 2.14.11]
  config file = /var/lib/jenkins/workspace/Deploy/sm_devops/ansible.cfg
  configured module search path = ['/var/lib/jenkins/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /tmp/ansible-venv/lib/python3.10/site-packages/ansible
  ansible collection location = /var/lib/jenkins/.ansible/collections:/usr/share/ansible/collections
  executable location = /tmp/ansible-venv/bin/ansible
  python version = 3.10.12 (main, Jun 11 2023, 05:26:28) [GCC 11.4.0] (/tmp/ansible-venv/bin/python)
  jinja version = 3.1.2
  libyaml = True

Configuration

# if using a version older than ansible-core 2.12 you should omit the '-t all'
$ ansible-config dump --only-changed -t all
(ansible-venv) jenkins@hq-devops-v-jenkins-node:~/workspace/Deploy/sm_devops$ ansible-config dump --only-changed -t all
CONFIG_FILE() = /var/lib/jenkins/workspace/Deploy/sm_devops/ansible.cfg
DEFAULT_HOST_LIST(/var/lib/jenkins/workspace/Deploy/sm_devops/ansible.cfg) = ['/var/lib/jenkins/workspace/Deploy/sm_devops/inventory']
DEFAULT_JINJA2_NATIVE(/var/lib/jenkins/workspace/Deploy/sm_devops/ansible.cfg) = False
DEFAULT_ROLES_PATH(/var/lib/jenkins/workspace/Deploy/sm_devops/ansible.cfg) = ['/var/lib/jenkins/workspace/Deploy/sm_devops/.roles']
DEFAULT_STDOUT_CALLBACK(/var/lib/jenkins/workspace/Deploy/sm_devops/ansible.cfg) = yaml
DEFAULT_TIMEOUT(/var/lib/jenkins/workspace/Deploy/sm_devops/ansible.cfg) = 60
DEPRECATION_WARNINGS(/var/lib/jenkins/workspace/Deploy/sm_devops/ansible.cfg) = False
DISPLAY_SKIPPED_HOSTS(/var/lib/jenkins/workspace/Deploy/sm_devops/ansible.cfg) = False
HOST_KEY_CHECKING(/var/lib/jenkins/workspace/Deploy/sm_devops/ansible.cfg) = False
RETRY_FILES_ENABLED(/var/lib/jenkins/workspace/Deploy/sm_devops/ansible.cfg) = False

CALLBACK:
========

default:
_______
display_skipped_hosts(/var/lib/jenkins/workspace/Deploy/sm_devops/ansible.cfg) = False

CONNECTION:
==========

paramiko_ssh:
____________
host_key_checking(/var/lib/jenkins/workspace/Deploy/sm_devops/ansible.cfg) = False

ssh:
___
host_key_checking(/var/lib/jenkins/workspace/Deploy/sm_devops/ansible.cfg) = False
reconnection_retries(/var/lib/jenkins/workspace/Deploy/sm_devops/ansible.cfg) = 3
timeout(/var/lib/jenkins/workspace/Deploy/sm_devops/ansible.cfg) = 60

SHELL:
=====

sh:
__
world_readable_temp(/var/lib/jenkins/workspace/Deploy/sm_devops/ansible.cfg) = True

OS / Environment

Ubuntu 22.04 LTS

Steps to Reproduce

Ansible role created with this structure

.
├── defaults
|   subrole
│   ├── defaults -> ../defaults
│   ├── tasks
│   └── vars -> ../vars
├── meta
├── tasks
├── templates
└── vars

Expected Results

ansible-galaxy install handles ../ symlinks well like it did in 2.14.10

Actual Results

The valid symlink in the git repo gets turned into a symlink pointing to itself.


lrwxrwxrwx 1 jenkins jenkins    8 Oct 20 13:28 defaults -> defaults
drwxrwxr-x 3 jenkins jenkins 4096 Oct 20 13:28 helm
drwxrwxr-x 2 jenkins jenkins 4096 Oct 20 13:28 kustomize
drwxrwxr-x 2 jenkins jenkins 4096 Oct 20 13:28 tasks
lrwxrwxrwx 1 jenkins jenkins    4 Oct 20 13:28 vars -> vars

And ansible galaxy spits out ERROR

[WARNING]: Illegal filename '..': '..' is not allowed



### Code of Conduct

- [X] I agree to follow the Ansible Code of Conduct

The text was updated successfully, but these errors were encountered:

ansibot · 2023-10-20T19:50:19Z

Files identified in the description:

bin/ansible-galaxy

If these files are incorrect, please update the component name section of the description or use the component bot command.

joshzcold · 2023-10-20T19:57:09Z

Is an issue on ansible-8.5.0 ansible-core-2.15.5

s-hertel · 2023-10-20T22:09:21Z

This is a duplicate of #81965, possible fix in #82052.

s-hertel · 2024-03-14T22:48:08Z

@joshzcold Sorry, I forgot to close this when (I thought) I resolved the issue, but I want to mention the fix actually caused a new issue #82702 so symlinks are not necessarily working in 2.16.4. I'm trying to fix it.

joshzcold · 2024-03-15T15:03:02Z

@s-hertel Thank you I appreciate it

* Fix installing roles containing symlinks Fix sanitizing tarfile symlinks relative to the link directory instead of the archive For example: role ├── handlers │ └── utils.yml -> ../tasks/utils/suite.yml The link ../tasks/utils/suite.yml will resolve to a path outside of the link's directory, but within the role role/handlers/../tasks/utils/suite.yml the resolved path relative to the role is tasks/utils/suite.yml, but if the symlink is set to that value, tarfile would extract it from role/handlers/tasks/utils/suite.yml * Replace overly forgiving test case with tests for a symlink in a subdirectory of the archive and a symlink in the archive dir when these are not equivalent. * Build test case from role files to make it easier to add test cases Fixes ansible#82702 Fixes ansible#81965 Fixes ansible#82051 (cherry picked from commit e84240d)

* Fix installing roles containing symlinks Fix sanitizing tarfile symlinks relative to the link directory instead of the archive For example: role ├── handlers │ └── utils.yml -> ../tasks/utils/suite.yml The link ../tasks/utils/suite.yml will resolve to a path outside of the link's directory, but within the role role/handlers/../tasks/utils/suite.yml the resolved path relative to the role is tasks/utils/suite.yml, but if the symlink is set to that value, tarfile would extract it from role/handlers/tasks/utils/suite.yml * Replace overly forgiving test case with tests for a symlink in a subdirectory of the archive and a symlink in the archive dir when these are not equivalent. * Build test case from role files to make it easier to add test cases Fixes #82702 Fixes #81965 Fixes #82051 (cherry picked from commit e84240d)

ansibot added bug This issue/PR relates to a bug. needs_triage Needs a first human triage before being processed. affects_2.14 labels Oct 20, 2023

bcoca removed the needs_triage Needs a first human triage before being processed. label Oct 24, 2023

oybed mentioned this issue Oct 27, 2023

GH Actions hitting ansible bug redhat-cop/org#618

Closed

Gerrit91 mentioned this issue Dec 11, 2023

Downgrade ansible-core to mitigate symlink issue with ansible-galaxy. metal-stack/metal-deployment-base#29

Merged

ansibot added the has_pr This issue has an associated PR. label Dec 11, 2023

s-hertel closed this as completed in e84240d Apr 24, 2024

ansible locked and limited conversation to collaborators May 8, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ansible-galaxy [WARNING]: Illegal filename '..': '..' is not allowed (ansible-core 2.14.11) #82051

ansible-galaxy [WARNING]: Illegal filename '..': '..' is not allowed (ansible-core 2.14.11) #82051

joshzcold commented Oct 20, 2023

ansibot commented Oct 20, 2023

joshzcold commented Oct 20, 2023 •

edited

Loading

s-hertel commented Oct 20, 2023

s-hertel commented Mar 14, 2024

joshzcold commented Mar 15, 2024

ansible-galaxy [WARNING]: Illegal filename '..': '..' is not allowed (ansible-core 2.14.11) #82051

ansible-galaxy [WARNING]: Illegal filename '..': '..' is not allowed (ansible-core 2.14.11) #82051

Comments

joshzcold commented Oct 20, 2023

Summary

Issue Type

Component Name

Ansible Version

Configuration

OS / Environment

Steps to Reproduce

Expected Results

Actual Results

ansibot commented Oct 20, 2023

joshzcold commented Oct 20, 2023 • edited Loading

s-hertel commented Oct 20, 2023

s-hertel commented Mar 14, 2024

joshzcold commented Mar 15, 2024

joshzcold commented Oct 20, 2023 •

edited

Loading