From 19e10e72f18f4d3aac4bd66333f70944151f8f25 Mon Sep 17 00:00:00 2001 From: Dongsu Park Date: Thu, 10 Aug 2023 13:01:01 +0200 Subject: [PATCH] ci-automation: explicitly make packages tarballs readable Since https://github.com/flatcar/scripts/pull/950 was merged, tarball files `flatcar-{packages,sdk}-*.tar.zst` have been created with mode 0600 instead of 0644. As a result, the files with mode 0600 were uploaded to bincache, but afterwards `copy-to-origin.sh` that in turn runs rsync from bincache to the origin server could not read the tarballs. To fix that, it is necessary to chmod from 0600 to 0644 to make it readable by rsync during the release process. All of that happens because zstd sets the mode of the output file to 0600 in case of temporary files to avoid race condition. See also https://github.com/facebook/zstd/pull/1644, https://github.com/facebook/zstd/pull/3432. --- ci-automation/ci_automation_common.sh | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/ci-automation/ci_automation_common.sh b/ci-automation/ci_automation_common.sh index 3129b3ad4a3..412bb4ac7a2 100644 --- a/ci-automation/ci_automation_common.sh +++ b/ci-automation/ci_automation_common.sh @@ -158,6 +158,14 @@ function docker_image_to_buildcache() { local id_file="$(basename "$image")-${version}.id" $docker save "${image}":"${version}" | zstd -T0 -o "${tarball}" + + # It is necessary to chmod from 0600 to 0644 to make it readable + # afterwards by rsync during the release process. Zstd sets the mode + # of the output file to 0600 in case of temporary files to avoid race + # condition. See also https://github.com/facebook/zstd/pull/1644, + # https://github.com/facebook/zstd/pull/3432. + chmod 0644 "${tarball}" + # Cut the "sha256:" prefix that is present in Docker but not in Podman $docker image inspect "${image}":"${version}" | jq -r '.[].Id' | sed 's/^sha256://' > "${id_file}" create_digests "${SIGNER:-}" "${tarball}" "${id_file}"