@@ -64,19 +64,93 @@ if [ -d "${LIMA_CIDATA_MNT}"/provision.data ]; then
6464 owner=$( deref " LIMA_CIDATA_DATAFILE_${filename} _OWNER" )
6565 path=$( deref " LIMA_CIDATA_DATAFILE_${filename} _PATH" )
6666 permissions=$( deref " LIMA_CIDATA_DATAFILE_${filename} _PERMISSIONS" )
67+ user=" ${owner%%:* } "
6768 if [ -e " $path " && [ " $overwrite " = " false" ; then
6869 INFO " Not overwriting $path "
6970 else
7071 INFO " Copying $f to $path "
71- # intermediate directories will be owned by root, regardless of OWNER setting
72- mkdir -p " $( dirname " $path " ) "
72+ if ! sudo -iu " ${user} " " $( dirname " $path " ) " ; then
73+ WARNING " Failed to create directory for ${path} (as user ${user} )"
74+ WARNING " Falling back to creating directory as root to maintain compatibility"
75+ mkdir -p " $( dirname " $path " ) "
76+ fi
7377 cp " $f " " $path "
7478 chown " $owner " " $path "
7579 chmod " $permissions " " $path "
7680 fi
7781 done
7882fi
7983
84+ if [ -d " ${LIMA_CIDATA_MNT} " ; then
85+ yq=" ${LIMA_CIDATA_MNT} /lima-guestagent yq"
86+ for f in " ${LIMA_CIDATA_MNT} " * ; do
87+ filename=$( basename " ${f} " )
88+ format=$( deref " LIMA_CIDATA_YQ_PROVISION_${filename} _FORMAT" )
89+ owner=$( deref " LIMA_CIDATA_YQ_PROVISION_${filename} _OWNER" )
90+ path=$( deref " LIMA_CIDATA_YQ_PROVISION_${filename} _PATH" )
91+ permissions=$( deref " LIMA_CIDATA_YQ_PROVISION_${filename} _PERMISSIONS" )
92+ user=" ${owner%%:* } "
93+ # Creating intermediate directories may fail if the user does not have permission.
94+ # TODO: Create intermediate directories with the specified group ownership.
95+ if ! sudo -iu " ${user} " " $( dirname " ${path} " ) " ; then
96+ WARNING " Failed to create directory for ${path} (as user ${user} )"
97+ CODE=1
98+ continue
99+ fi
100+ # Since CIDATA is mounted with dmode=700,fmode=700,
101+ # `lima-guestagent yq` cannot be executed by non-root users,
102+ # and provision.yq/* files cannot be read by non-root users.
103+ if [ -f " ${path} " ; then
104+ INFO " Updating ${path} "
105+ # If the user does not have write permission, it should fail.
106+ # This avoids changes being made by the wrong user.
107+ if ! sudo -iu " ${user} " test -w " ${path} " ; then
108+ WARNING " File ${path} is not writable by user ${user} "
109+ CODE=1
110+ continue
111+ fi
112+ # Relies on the fact that yq does not change the owner of the existing file.
113+ if ! ${yq} --inplace --from-file " ${f} " " ${format} " " ${format} " " ${path} " ; then
114+ WARNING " Failed to update ${path} (as user ${user} )"
115+ CODE=1
116+ continue
117+ fi
118+ else
119+ if [ " ${format} " = " auto" ; then
120+ # yq can't determine the output format from non-existing files
121+ case " ${path} " in
122+ * .csv) format=csv ;;
123+ * .ini) format=ini ;;
124+ * .json) format=json ;;
125+ * .properties) format=properties ;;
126+ * .toml) format=toml ;;
127+ * .tsv) format=tsv ;;
128+ * .xml) format=xml ;;
129+ * .yaml | * .yml) format=yaml ;;
130+ * )
131+ format=yaml
132+ WARNING " Cannot determine file type for ${path} , using yaml format"
133+ ;;
134+ esac
135+ fi
136+ INFO " Creating ${path} "
137+ if ! ${yq} --null-input --from-file " ${f} " " ${format} " | sudo -iu " ${user} " " ${path} " ; then
138+ WARNING " Failed to create ${path} (as user ${user} )"
139+ CODE=1
140+ continue
141+ fi
142+ fi
143+ if ! sudo -iu " ${user} " " ${owner} " " ${path} " ; then
144+ WARNING " Failed to set owner for ${path} (as user ${user} )"
145+ CODE=1
146+ fi
147+ if ! sudo -iu " ${user} " " ${permissions} " " ${path} " ; then
148+ WARNING " Failed to set permissions for ${path} (as user ${user} )"
149+ CODE=1
150+ fi
151+ done
152+ fi
153+ 80154if [ -d " ${LIMA_CIDATA_MNT} " ; then
81155 for f in " ${LIMA_CIDATA_MNT} " * ; do
82156 INFO " Executing $f "
0 commit comments