From 6bc044dc6c0bb2583ff63c9ae0dc35249796370b Mon Sep 17 00:00:00 2001
From: Aditya R <arajan@redhat.com>
Date: Sat, 19 Nov 2022 21:13:32 +0530
Subject: [PATCH 1/3] retrofit, test: ubi8 changed architecture string

Upstream has already stopped using ubi8, this is a backport branch stil
using ubi8 so retrofit to use needed arch.

Upstream has already stopped using ubi8 after: https://github.com/containers/buildah/pull/4377

Signed-off-by: Aditya R <arajan@redhat.com>
---
 tests/bud.bats | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/bud.bats b/tests/bud.bats
index 24c7cec295..ec7d8e3dfd 100644
--- a/tests/bud.bats
+++ b/tests/bud.bats
@@ -4110,7 +4110,7 @@ _EOF
   run_buildah tag image-amd localhost/ubi8-minimal
   run_buildah build -f Containerfile --pull=false -q --arch=arm64 -t image-arm $WITH_POLICY_JSON ${mytmpdir}
   run_buildah inspect --format '{{ index .Docker.Config.Labels "architecture" }}' image-arm
-  expect_output --substring arm64
+  expect_output --substring aarch64
 
   run_buildah inspect --format '{{ .FromImageID }}' image-arm
   fromiid=$output

From ff08605b65e8db3e10f83bb26dce45305cecdb6d Mon Sep 17 00:00:00 2001
From: Nalin Dahyabhai <nalin@redhat.com>
Date: Wed, 9 Nov 2022 15:18:02 -0500
Subject: [PATCH 2/3] copier.Put(): clear up os/syscall mode bit confusion

When noting that a non-symlink has setuid/setgid/sticky bits, switch
from using "syscall" package bits and syscall.Chmod() to using "os"
package bits and os.Chmod(), and if the item's a directory, record the
updated mode information in the "directoryModes" map that we'll use to
reset its permissions later.

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Signed-off-by: Aditya R <arajan@redhat.com>
---
 copier/copier.go                      | 27 ++++++++++++--------
 tests/conformance/conformance_test.go | 36 +++++++++++++++++++++++++++
 2 files changed, 52 insertions(+), 11 deletions(-)

diff --git a/copier/copier.go b/copier/copier.go
index 6d4c81c67a..5a1b489d3c 100644
--- a/copier/copier.go
+++ b/copier/copier.go
@@ -1566,15 +1566,15 @@ func copierHandlerPut(bulkReader io.Reader, req request, idMappings *idtools.IDM
 		return nil
 	}
 	makeDirectoryWriteable := func(directory string) error {
-		st, err := os.Lstat(directory)
-		if err != nil {
-			return fmt.Errorf("copier: put: error reading permissions of directory %q: %w", directory, err)
-		}
-		mode := st.Mode() & os.ModePerm
 		if _, ok := directoryModes[directory]; !ok {
+			st, err := os.Lstat(directory)
+			if err != nil {
+				return fmt.Errorf("copier: put: error reading permissions of directory %q: %w", directory, err)
+			}
+			mode := st.Mode()
 			directoryModes[directory] = mode
 		}
-		if err = os.Chmod(directory, 0o700); err != nil {
+		if err := os.Chmod(directory, 0o700); err != nil {
 			return fmt.Errorf("copier: put: error making directory %q writable: %w", directory, err)
 		}
 		return nil
@@ -1862,16 +1862,21 @@ func copierHandlerPut(bulkReader io.Reader, req request, idMappings *idtools.IDM
 			// set other bits that might have been reset by chown()
 			if hdr.Typeflag != tar.TypeSymlink {
 				if hdr.Mode&cISUID == cISUID {
-					mode |= syscall.S_ISUID
+					mode |= os.ModeSetuid
 				}
 				if hdr.Mode&cISGID == cISGID {
-					mode |= syscall.S_ISGID
+					mode |= os.ModeSetgid
 				}
 				if hdr.Mode&cISVTX == cISVTX {
-					mode |= syscall.S_ISVTX
+					mode |= os.ModeSticky
+				}
+				if hdr.Typeflag == tar.TypeDir {
+					// if/when we do the final setting of permissions on this
+					// directory, make sure to incorporate these bits, too
+					directoryModes[path] = mode
 				}
-				if err = syscall.Chmod(path, uint32(mode)); err != nil {
-					return fmt.Errorf("setting additional permissions on %q to 0%o: %w", path, mode, err)
+				if err = os.Chmod(path, mode); err != nil {
+					return fmt.Errorf("copier: put: setting additional permissions on %q to 0%o: %w", path, mode, err)
 				}
 			}
 			// set xattrs, including some that might have been reset by chown()
diff --git a/tests/conformance/conformance_test.go b/tests/conformance/conformance_test.go
index 49fe1dafca..7f2a8cc291 100644
--- a/tests/conformance/conformance_test.go
+++ b/tests/conformance/conformance_test.go
@@ -1863,6 +1863,42 @@ var internalTestCases = []testCase{
 			if _, err = io.Copy(tw, bytes.NewReader([]byte("whatever"))); err != nil {
 				return fmt.Errorf("writing tar archive content: %w", err)
 			}
+			hdr = tar.Header{
+				Name:     "setuid-dir",
+				Uid:      0,
+				Gid:      0,
+				Typeflag: tar.TypeDir,
+				Size:     0,
+				Mode:     cISUID | 0755,
+				ModTime:  testDate,
+			}
+			if err = tw.WriteHeader(&hdr); err != nil {
+				return fmt.Errorf("error writing tar archive header: %w", err)
+			}
+			hdr = tar.Header{
+				Name:     "setgid-dir",
+				Uid:      0,
+				Gid:      0,
+				Typeflag: tar.TypeDir,
+				Size:     0,
+				Mode:     cISGID | 0755,
+				ModTime:  testDate,
+			}
+			if err = tw.WriteHeader(&hdr); err != nil {
+				return fmt.Errorf("error writing tar archive header: %w", err)
+			}
+			hdr = tar.Header{
+				Name:     "sticky-dir",
+				Uid:      0,
+				Gid:      0,
+				Typeflag: tar.TypeDir,
+				Size:     0,
+				Mode:     cISVTX | 0755,
+				ModTime:  testDate,
+			}
+			if err = tw.WriteHeader(&hdr); err != nil {
+				return fmt.Errorf("error writing tar archive header: %w", err)
+			}
 			return nil
 		},
 	},

From 9136e86e2e00b4e4bb9eff5234226a2ad7d46f16 Mon Sep 17 00:00:00 2001
From: Aditya R <arajan@redhat.com>
Date: Sat, 19 Nov 2022 16:32:18 +0530
Subject: [PATCH 3/3] version: bump to v1.28.1

Signed-off-by: Aditya R <arajan@redhat.com>
---
 CHANGELOG.md    | 4 ++++
 changelog.txt   | 3 +++
 define/types.go | 2 +-
 3 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 32175538b1..0c28db40e4 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,10 @@
 
 # Changelog
 
+## v1.28.1 (2022-11-19)
+
+   copier.Put(): clear up os/syscall mode bit confusion
+
 ## v1.28.0 (2022-09-30)
 
     Update vendor containers/(common,image)
diff --git a/changelog.txt b/changelog.txt
index 1d066f0686..e839ab2e3b 100644
--- a/changelog.txt
+++ b/changelog.txt
@@ -1,3 +1,6 @@
+- Changelog for v1.28.1 (2022-11-19)
+  * copier.Put(): clear up os/syscall mode bit confusion
+
 - Changelog for v1.28.0 (2022-09-30)
   * Update vendor containers/(common,image)
   * [CI:DOCS] Add quay-description update reminder
diff --git a/define/types.go b/define/types.go
index ae088a43d5..7ba36ca830 100644
--- a/define/types.go
+++ b/define/types.go
@@ -30,7 +30,7 @@ const (
 	Package = "buildah"
 	// Version for the Package.  Bump version in contrib/rpm/buildah.spec
 	// too.
-	Version = "1.28.0"
+	Version = "1.28.1"
 
 	// DefaultRuntime if containers.conf fails.
 	DefaultRuntime = "runc"