Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Repackage php dependency so as to not contain symlink references to external locations #253

Closed
arjun024 opened this issue Jul 2, 2021 · 1 comment · Fixed by #293
Closed

Repackage php dependency so as to not contain symlink references to external locations #253

arjun024 opened this issue Jul 2, 2021 · 1 comment · Fixed by #293
Assignees
@arjun024

Comments

@arjun024
Copy link
Member

arjun024 commented Jul 2, 2021

Background

Recently packit decided to validate against zip slipping (paketo-buildpacks/packit#158). So any dependency that can potentially access parts of the file system outside of the target directory is a risk and its installation would result in an error. Thus, updates to packit (#230) and occam (#220) have been failing.

Proposal

Repackage the PHP Dist tarball so that it does not have symlink references to external file locations.
See this thread (paketo-buildpacks/packit#161 (comment)) for further info.
PRs updating packit (#230) and occam (#220) should pass once this is resolved.
@arjun024 arjun024 mentioned this issue Jul 2, 2021
Closed
5 tasks
@thitch97
Copy link
Contributor

thitch97 commented Sep 7, 2021

As mentioned in the comment referenced above (paketo-buildpacks/packit#161 (comment)), we can modify the code for packaging buildpack dependencies so that the built artifacts do not contain symlinks to external file locations.

@arjun024 arjun024 self-assigned this Sep 23, 2021
@arjun024 arjun024 mentioned this issue Sep 24, 2021
Merged
arjun024 added a commit that referenced this issue Sep 27, 2021
@arjun024
Use repackaged php dependency, use dep-server, new packit
b7a8430 
Fixes: #253
Fixes: #255

Also see cloudfoundry/binary-builder#56
@arjun024 arjun024 mentioned this issue Sep 27, 2021
Merged
5 tasks
arjun024 added a commit that referenced this issue Sep 27, 2021
@arjun024
Use repackaged php dependency, use dep-server, new packit
9286552 
Fixes: #253
Fixes: #255

Also see cloudfoundry/binary-builder#56
thitch97 pushed a commit that referenced this issue Sep 28, 2021
@arjun024
Use repackaged php dependency, use dep-server, new packit (#293)
0ec6bc0 
Fixes: #253
Fixes: #255

Also see cloudfoundry/binary-builder#56
@arjun024 arjun024 mentioned this issue Nov 10, 2021
Closed
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@arjun024 arjun024

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Use repackaged php dependency, use dep-server, new packit paketo-buildpacks/php-dist
2 participants
@arjun024 @thitch97