From d9f1a5af3bd3980068ce92afc6a56d5ff9681552 Mon Sep 17 00:00:00 2001
From: Michal Nasiadka <mnasiadka@gmail.com>
Date: Wed, 22 Feb 2023 08:00:57 +0100
Subject: [PATCH 1/2] base: make curl retry on all errors

Change-Id: Icbf54154e4a2dffd840cfda9b6a863247d28c226
(cherry picked from commit 90e157e3e35798dc9b524469a1bd7df0602f0355)
---
 docker/base/curlrc | 1 +
 1 file changed, 1 insertion(+)

diff --git a/docker/base/curlrc b/docker/base/curlrc
index fe2971c8b3..3b1ecea068 100644
--- a/docker/base/curlrc
+++ b/docker/base/curlrc
@@ -2,6 +2,7 @@
 --fail
 --location
 --retry 5
+--retry-all-errors
 --silent
 --show-error
 --write-out "curl (%{url_effective}): response: %{http_code}, time: %{time_total}, size: %{size_download}\n"

From 08071f47d5ffe63368637ca76981153ac2295678 Mon Sep 17 00:00:00 2001
From: Michal Nasiadka <mnasiadka@gmail.com>
Date: Fri, 31 Mar 2023 11:16:50 +0000
Subject: [PATCH 2/2] Fix test malicious tarball fail

Since I650fcbc8f773fad8116338f6fb0cf7b4f4f17b33 builds from git fails
on plugins with an exception: 'tarfile.ReadError: not a gzip file'
because the test checks only gzip compressed archives but plugins
created as plain tar files. This change fixes the issue using
transparent compression support and also adds some debug info.

Closes-Bug: #1990432
Change-Id: If0f9b4dd058a257d0653332d1b663e150c717304
Signed-off-by: Maksim Malchuk <maksim.malchuk@gmail.com>
Co-Authored-by: Michal Nasiadka <mnasiadka@gmail.com>
(cherry picked from commit 143765fb67221cc51f1dc56a41ac2b67dddc453f)
---
 kolla/image/build.py      |  2 +-
 kolla/tests/test_build.py | 72 +++++++++++++++++++++++++++++++++++++++
 2 files changed, 73 insertions(+), 1 deletion(-)

diff --git a/kolla/image/build.py b/kolla/image/build.py
index d3f58b7caf..ef8ad213fd 100755
--- a/kolla/image/build.py
+++ b/kolla/image/build.py
@@ -502,7 +502,7 @@ def update_buildargs(self):
     def builder(self, image):
 
         def _test_malicious_tarball(archive, path):
-            tar_file = tarfile.open(archive, 'r|gz')
+            tar_file = tarfile.open(archive, 'r|*')
             for n in tar_file.getnames():
                 if not os.path.abspath(os.path.join(path, n)).startswith(path):
                     tar_file.close()
diff --git a/kolla/tests/test_build.py b/kolla/tests/test_build.py
index 866b3fc2e3..e1c1907f42 100644
--- a/kolla/tests/test_build.py
+++ b/kolla/tests/test_build.py
@@ -305,9 +305,81 @@ def test_process_source(self, mock_get, mock_client,
             else:
                 self.assertIsNotNone(get_result)
 
+    @mock.patch.dict(os.environ, clear=True)
+    @mock.patch('docker.APIClient')
+    def test_local_directory(self, mock_client):
+        tmpdir = tempfile.mkdtemp()
+        file_name = 'test.txt'
+        file_path = os.path.join(tmpdir, file_name)
+        saved_umask = os.umask(0o077)
+
+        try:
+            with open(file_path, 'w') as f:
+                f.write('Hello')
+
+            self.dc = mock_client
+            self.image.plugins = [{
+                'name': 'fake-image-base-plugin-test',
+                'type': 'local',
+                'enabled': True,
+                'source': tmpdir}
+                ]
+            push_queue = mock.Mock()
+            builder = build.BuildTask(self.conf, self.image, push_queue)
+            builder.run()
+            self.assertTrue(builder.success)
+
+        except IOError:
+            print('IOError')
+        else:
+            os.remove(file_path)
+        finally:
+            os.umask(saved_umask)
+            os.rmdir(tmpdir)
+
     @mock.patch.dict(os.environ, clear=True)
     @mock.patch('docker.APIClient')
     def test_malicious_tar(self, mock_client):
+        tmpdir = tempfile.mkdtemp()
+        file_name = 'test.txt'
+        archive_name = 'my_archive.tar'
+        file_path = os.path.join(tmpdir, file_name)
+        archive_path = os.path.join(tmpdir, archive_name)
+        # Ensure the file is read/write by the creator only
+        saved_umask = os.umask(0o077)
+
+        try:
+            with open(file_path, 'w') as f:
+                f.write('Hello')
+
+            with tarfile.open(archive_path, 'w') as tar:
+                tar.add(file_path, arcname='../test.txt')
+
+            self.dc = mock_client
+            self.image.plugins = [{
+                'name': 'fake-image-base-plugin-test',
+                'type': 'local',
+                'enabled': True,
+                'source': archive_path}
+                ]
+
+            push_queue = mock.Mock()
+            builder = build.BuildTask(self.conf, self.image, push_queue)
+            builder.run()
+            self.assertFalse(builder.success)
+
+        except IOError:
+            print('IOError')
+        else:
+            os.remove(file_path)
+            os.remove(archive_path)
+        finally:
+            os.umask(saved_umask)
+            os.rmdir(tmpdir)
+
+    @mock.patch.dict(os.environ, clear=True)
+    @mock.patch('docker.APIClient')
+    def test_malicious_tar_gz(self, mock_client):
         tmpdir = tempfile.mkdtemp()
         file_name = 'test.txt'
         archive_name = 'my_archive.tar.gz'