Skip to content

ENT-10961, CFE-1840: Files promise can now modify immutable bit in file system attributes #5752

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 27 commits into
base: master
Choose a base branch
from
Draft

ENT-10961, CFE-1840: Files promise can now modify immutable bit in file system attributes #5752

wants to merge 27 commits into from

Conversation

larsewi
Copy link
Contributor

@larsewi larsewi commented Apr 1, 2025
edited
Loading

TODO:

  • handle content attribute
  • handle copy_from attribute
  • handle delete attribute
  • handle edit_line attribute
  • handle edit_xml attribute
  • handle perms attribute
  • handle touch attribute
  • handle edit_template attribute
  • handle acl attribute
  • handle transformer attribute
  • handle rename attribute

Is there any other ones that I've missed?

@larsewi larsewi mentioned this pull request Apr 1, 2025
Closed
@cf-bottom
Copy link

Thank you for submitting a PR! Maybe @craigcomstock can review this?

@larsewi larsewi force-pushed the override-immutable branch from bdd1918 to 69b1f52 Compare April 3, 2025 14:26
github-advanced-security[bot]
github-advanced-security bot found potential problems Apr 3, 2025
View reviewed changes
@larsewi larsewi force-pushed the override-immutable branch 5 times, most recently from 06b3676 to 578286c Compare April 4, 2025 15:13
@nickanderson
Copy link
Member

nickanderson commented Apr 8, 2025
edited
Loading

MMM, the transformer attribute comes to mind.

  bundle agent __main__
  {
    files:
        "/tmp/example.txt"
          content => "Hello World";
  
        "/tmp/example.txt"
          transformer => "/usr/bin/gzip $(this.promiser)";
  
    reports:
        "$(with)" with => join( ",", lsdir( "/tmp", "example.*", "true" ));
  }

Looking at the files promise docs I imagine that create would also be affected:

bundle agent __main__
{
  vars:
      "check_file" string => "/tmp/check-file.txt";

  files:
      "$(check_file)"
        handle => "create_file",
        create => "true",
        if => "file_absent_report_kept";

   reports:
      "$(check_file) does not exist"
        classes => results( "namespace", "file_absent_report" );

      "$(check_file) was repaired"
        depends_on => { "create_file" };

      "$(check_file) exists"
        if => fileexists( "/tmp/check-file.txt" );
}

R: /tmp/check-file.txt does not exist
R: /tmp/check-file.txt was repaired
R: /tmp/check-file.txt exists

And the delete attribute would seem to be affected as well.

And rename too

bundle agent __main__
{
  files:
    "/tmp/example.txt"
      content => "Disable me!";

    "/tmp/example.txt"
      rename => default:disable;
}
# For reference:
# body rename disable
# # @brief Disable the file
# {
#         disable => "true";
# }

   info: Created file '/tmp/example.txt', mode 0600
   info: Updated file '/tmp/example.txt' with content 'Disable me!'
warning: File object '/tmp/example.txt' exists, contrary to promise
   info: Changed permissions of '/tmp/example.txt' to 'mode 0600'
   info: Disabled file '/tmp/example.txt' by renaming to '/tmp/example.txt.cfdisabled' with mode 0600

I added them to the description.

larsewi added 8 commits May 22, 2025 11:42
@larsewi
Added utility functions to override immutable bit
4a60ac7 
Ticket: ENT-10961
Signed-off-by: Lars Erik Wik <lars.erik.wik@northern.tech>
@larsewi
Added body syntax for controlling file system attributes
9d51066 
Added syntax for `body fsattrs` with a boolean constraint `immutable`.
It currently does nothing, but this will change in following commits.

Ticket: ENT-10961, CFE-1840
Signed-off-by: Lars Erik Wik <lars.erik.wik@northern.tech>
@larsewi
Files promise can now modify immutable bit in file system attributes
63efdfe 
Ticket: ENT-10961, CFE-1840
Changelog: Title
Signed-off-by: Lars Erik Wik <lars.erik.wik@northern.tech>
@larsewi
Added acceptance test for setting/clearing immutable bit
8b309ad 
Ticket: CFE-1840, ENT-10961
Signed-off-by: Lars Erik Wik <lars.erik.wik@northern.tech>
@larsewi
Added argument to NOOP OverrideImmutable functions
a341ebe 
Ticket: ENT-10961, CFE-1840
Signed-off-by: Lars Erik Wik <lars.erik.wik@northern.tech>
@larsewi
Combined OverrideImmutable[Commit|Abort] functions
5d3fdae 
Ticket: ENT-10961, CFE-1840
Signed-off-by: Lars Erik Wik <lars.erik.wik@northern.tech>
@larsewi
Content attribute can now override immutable bit
d4e1202 
The content attribute of the files promise can now override the
immutable bit.

Ticket: ENT-10961, CFE-1840
Changelog: Commit
Signed-off-by: Lars Erik Wik <lars.erik.wik@northern.tech>
@larsewi
Acceptance test: override immutable bit with content
589f7a9 
Added acceptance test to test that the content attribute of the files
promise can override the immutable bit.

Ticket: ENT-10961, CFE-1840
Signed-off-by: Lars Erik Wik <lars.erik.wik@northern.tech>
@larsewi larsewi force-pushed the override-immutable branch from 578286c to 443524c Compare May 22, 2025 12:23
larsewi added 11 commits May 22, 2025 16:40
@larsewi
Acceptance test: override immutable bit with copy_from
5e2f9d4 
Added acceptance test to test that the copy_from attribute of the files
promise can override the immutable bit of the destination file.

Ticket: ENT-10961, CFE-1840
Signed-off-by: Lars Erik Wik <lars.erik.wik@northern.tech>
@larsewi
Store override_immutable variable in EvalContext
c34212b 
This way we don't have to explicitly pass it to a gazillion functions.

Ticket: ENT-10961, CFE-1840
Signed-off-by: Lars Erik Wik <lars.erik.wik@northern.tech>
@larsewi
Added function to override immutable bit and rename file
5e6d73a 
Ticket: ENT-10961, CFE-1840
Signed-off-by: Lars Erik Wik <lars.erik.wik@northern.tech>
@larsewi
copy_from attribute can now override immutable bit
6adc3a0 
The copy_from attribute of the files promise can now override the
immutable bit.

Ticket: ENT-10961, CFE-1840
Changelog: Commit
Signed-off-by: Lars Erik Wik <lars.erik.wik@northern.tech>
@larsewi
Acceptance test: override immutable bit with delete
a33bab3 
Added acceptance test to test that the delete attribute of the files
promise can override the immutable bit of the destination file.

Ticket: ENT-10961, CFE-1840
Signed-off-by: Lars Erik Wik <lars.erik.wik@northern.tech>
@larsewi
Added function to override immutable bit and delete file
c7d9768 
Ticket: ENT-10961, CFE-1840
Signed-off-by: Lars Erik Wik <lars.erik.wik@northern.tech>
@larsewi
delete attribute can now override immutable bit
bfed777 
The delete attribute of the files promise can now override the immutable
bit.

Ticket: ENT-10961, CFE-1840
Changelog: Commit
Signed-off-by: Lars Erik Wik <lars.erik.wik@northern.tech>
@larsewi
Acceptance test: override immutable bit with edit_line
8989abd 
Added acceptance test to test that the edit_line attribute of the files
promise can override the immutable bit of the destination file.

Ticket: ENT-10961, CFE-1840
Signed-off-by: Lars Erik Wik <lars.erik.wik@northern.tech>
@larsewi
edit_line and edit_xml attributes can now override immutable bit
d708848 
The edit_line and edit_xml attributes of the files promise can now
override the immutable bit.

Ticket: ENT-10961, CFE-1840
Changelog: Commit
Signed-off-by: Lars Erik Wik <lars.erik.wik@northern.tech>
@larsewi
Acceptance test: override immutable bit with edit_xml
098c522 
Added acceptance test to test that the edit_xml attribute of the files
promise can override the immutable bit of the destination file.

Ticket: ENT-10961, CFE-1840
Signed-off-by: Lars Erik Wik <lars.erik.wik@northern.tech>
@larsewi
Acceptance test: override immutable bit with perms
40fe6f3 
Added acceptance test to test that the perms attribute of the files
promise can override the immutable bit of the destination file.

For some reason it just works. I don't know why? Maybe it was indirectly
fixed by previous commits?. IDK. But hey! It's Friday at 3:24 pm, so I
will not ask any further questions. Instead, I'll add a changelog string
in this commit and pretend that I intentionally fixed it.

Ticket: ENT-10961, CFE-1840
Changelog: The perms attribute of the files promise can now override the immutable bit.
Signed-off-by: Lars Erik Wik <lars.erik.wik@northern.tech>
larsewi added 4 commits May 22, 2025 16:40
@larsewi
Acceptance test: override immutable bit with touch
edeebda 
Added acceptance test to test that the touch attribute of the files
promise can override the immutable bit of the destination file.

Ticket: ENT-10961, CFE-1840
Signed-off-by: Lars Erik Wik <lars.erik.wik@northern.tech>
@larsewi
override_fsattrs.c: refactored code
b53cdd0 
Signed-off-by: Lars Erik Wik <lars.erik.wik@northern.tech>
@larsewi
Touch attribute can now override immutable bit
fdc7304 
The touch attribute of the files promise can now override the
immutable bit.

Ticket: ENT-10961, CFE-1840
Changelog: Commit
Signed-off-by: Lars Erik Wik <lars.erik.wik@northern.tech>
@larsewi
Acceptance test: override immutable bit with edit_template (mustache)
6b70a44 
Added acceptance test to test that the edit_template attribute (with
mustache) of the files promise can override the immutable bit of the
destination file.

It just works. No need to edit the code further.

Ticket: ENT-10961, CFE-1840
Signed-off-by: Lars Erik Wik <lars.erik.wik@northern.tech>
@larsewi larsewi force-pushed the override-immutable branch from 443524c to 6b70a44 Compare May 22, 2025 14:40
larsewi added 2 commits May 23, 2025 12:04
@larsewi
Acceptance test: override immutable bit with acl
6b658c5 
Added acceptance test to test that the acl attribute of the files
promise can override the immutable bit of the destination file.

I'm getting errors stating that acl_get_file is not supported. Maybe
something with WSL? Will retry when I'm back in office.

```
error: No Access ACL for '/tmp/immutable_10.txt' could be read. (acl_get_file: Operation not supported)
```

Ticket: ENT-10961, CFE-1840
Signed-off-by: Lars Erik Wik <lars.erik.wik@northern.tech>
@larsewi
Acceptance test: override immutable bit with transformer
5628894 
Added acceptance test to test that the trasformer attribute of the files
promise can override the immutable bit of the destination file.

Ticket: ENT-10961, CFE-1840
Signed-off-by: Lars Erik Wik <lars.erik.wik@northern.tech>
@larsewi larsewi force-pushed the override-immutable branch from 255054a to 5628894 Compare May 23, 2025 10:58
larsewi added 2 commits May 23, 2025 13:44
@larsewi
Made functions for temporarily clear/reset immutable bit puiblic
f197729 
Signed-off-by: Lars Erik Wik <lars.erik.wik@northern.tech>
@larsewi
Transformer attribute can now override immutable bit
b6d5f15 
The transformer attribute of the files promise can now override the
immutable bit.

Ticket: ENT-10961, CFE-1840
Changelog: Commit
Signed-off-by: Lars Erik Wik <lars.erik.wik@northern.tech>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@larsewi @cf-bottom @nickanderson