-
Notifications
You must be signed in to change notification settings - Fork 38.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Preserve file mode when copying files out of a pod #73053
Conversation
This fixes the ability to inherit the file modes from the files within the pod that are copied. Most importantly, it makes sure that the execute bits are set properly and generally makes this code match what tar would do (namely, using a readonly mode if the source was readonly)
Thanks for your pull request. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA). 📝 Please follow instructions at https://git.k8s.io/community/CLA.md#the-contributor-license-agreement to sign the CLA. It may take a couple minutes for the CLA signature to be fully registered; after that, please reply here with a new comment and we'll verify. Thanks.
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
Hi @evanphx. Thanks for your PR. I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: evanphx If they are not already assigned, you can assign the PR to them by writing The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
signed the CLA |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
thank you for the PR @evanphx
this change needs approval by SIG CLI.
/ok-to-test
/priority backlog
Issues go stale after 90d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
/remove-lifecycle stable |
@neolit123 Any thoughts on this? |
try mentioning this PR in the slack channels #sig-cli or #pr-reviews |
@soltysh @tallclair note that this will allow creating executable files via |
I added this actually because I wanted to preserve the executable bits. |
What should |
I'm happy to change this however y'all think is best, please let me know. |
Hello! Code Freeze is just about on us. We'll be entering into Freeze tomorrow, May 31st. Is this still planned to land in 1.15? |
/milestone v1.16 |
given the repeated past vulnerabilities in @kubernetes/sig-cli-maintainers should consider one or more of the following options:
|
@evanphx @liggitt Hello! I'm bug triage lead for the 1.16 release cycle and considering this PR has not been updated for a long time, I'd like to check what's the status of this PR. The code freeze is starting 29th August (about 2.5 weeks from now) and while there is plenty of time, we want to ensure that each PR has a chance to be merged on time. As the PR is tagged for 1.16, is it still planned for this release? |
@liggitt Perhaps since you're concerned about setting executable, exposing it as a configuration option to honor the executable bit? Happy to add that to this PR. |
the history of even if the option is flag-gated, the capability would still have escalated the severity of those issues significantly if the placed files could be made executable. I'd prefer we document how to use |
The basic command to copy from a pod using exec & tar is:
Of course you can use any typical arguments to tar, in this case you might be interested in More examples here: https://gist.github.com/tallclair/9217e2694b5fdf27b55d6bd1fda01b53 |
I agree with @liggitt here, we (as in sig-cli) need to reconsider |
Discussed in sig-cli this week. The immediate priority is to resolve symlink handling issues in #82143 before considering expanding the surface area to include things like wildcard support and executable-permission preservation. |
Issues go stale after 90d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
Stale issues rot after 30d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
@evanphx: PR needs rebase. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
I can rebase this but it sounded like before I should not bother because cp
is going to be removed?
…On Fri, Dec 27, 2019 at 7:43 PM Kubernetes Prow Robot < ***@***.***> wrote:
@evanphx <https://github.com/evanphx>: PR needs rebase.
Instructions for interacting with me using PR comments are available here
<https://git.k8s.io/community/contributors/guide/pull-requests.md>. If
you have questions or suggestions related to my behavior, please file an
issue against the kubernetes/test-infra
<https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:>
repository.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#73053?email_source=notifications&email_token=AAAAAB7RS4XNIA32UM6VM23Q224OPA5CNFSM4GQ32JH2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEHYALPQ#issuecomment-569378238>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAAAABZ3P2OWFDE3AEPYVRTQ224OPANCNFSM4GQ32JHQ>
.
|
Rotten issues close after 30d of inactivity. Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
@fejta-bot: Closed this PR. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
tx |
What type of PR is this?
/kind bug
What this PR does / why we need it:
This fixes the ability to inherit the file modes from the files within the pod that are copied. Most importantly, it makes sure that the execute bits are set properly and generally makes this code match what tar would do (namely, using a readonly mode if the source was readonly)
Which issue(s) this PR fixes:
Didn't open an issue, just fixed the problem directly.
Special notes for your reviewer:
Does this PR introduce a user-facing change?: