On Thu, 18 Jun 2026 21:31:59 -0700 Brian Cain <[email protected]> 
wrote:
>
...
> 
> Download the tarball to a file and ignore tar errors during extraction
> with --no-same-owner and --no-same-permissions.

tar's man page says --no-same-owner and --no-same-permissions are "default for
ordinary users". Isn't that the case for rootless podman?

> Signed-off-by: Brian Cain <[email protected]>
> ---
>  tests/docker/dockerfiles/debian-hexagon-cross.docker | 7 ++++++-
>  1 file changed, 6 insertions(+), 1 deletion(-)
> 
> diff --git a/tests/docker/dockerfiles/debian-hexagon-cross.docker 
> b/tests/docker/dockerfiles/debian-hexagon-cross.docker
> index 23e8bb2fb26..817c903246a 100644
> --- a/tests/docker/dockerfiles/debian-hexagon-cross.docker
> +++ b/tests/docker/dockerfiles/debian-hexagon-cross.docker
> @@ -49,7 +49,12 @@ ENV 
> TOOLCHAIN_BASENAME=clang+llvm-${TOOLCHAIN_RELEASE}-cross-hexagon-unknown-lin
>  ENV 
> TOOLCHAIN_URL=https://artifacts.codelinaro.org/artifactory/codelinaro-toolchain-for-hexagon/${TOOLCHAIN_RELEASE}_/${TOOLCHAIN_BASENAME}.tar.zst
>  ENV CCACHE_WRAPPERSDIR=/usr/libexec/ccache-wrappers
>  
> -RUN curl -#SL "$TOOLCHAIN_URL" | tar --zstd -xC "$TOOLCHAIN_INSTALL"
> +# Ignore tar's chmod/lchmod EPERM on the toolchain symlinks and directories,
> +# which rootless podman's overlay storage rejects (harmless mode metadata).
> +RUN curl -#SLo /tmp/toolchain.tar.zst "$TOOLCHAIN_URL" && \
> +    { tar --zstd --no-same-owner --no-same-permissions \
> +          -xf /tmp/toolchain.tar.zst -C "$TOOLCHAIN_INSTALL" || true; } && \
> +    rm -f /tmp/toolchain.tar.zst

Hmm, I think the "|| true" may mask some real failures. For example, if
the URL is invalid, curl would still exit with no error code, but the output
file would contain something like "errors" : [ { "status" : 404 } ]. Then,
tar would fail to unpack that but || true would mask it.

>  ENV 
> PATH=$PATH:${TOOLCHAIN_INSTALL}/${TOOLCHAIN_BASENAME}/x86_64-linux-gnu/bin
>  ENV MAKE=/usr/bin/make
>  # As a final step configure the user (if env is defined)
> -- 
> 2.34.1
> 

Reply via email to