From 3833c2e59c63a4785885ff1b6dac69a5a1b24dce Mon Sep 17 00:00:00 2001
From: Ian Wienand <iwienand@redhat.com>
Date: Wed, 10 Nov 2021 10:56:23 +1100
Subject: [PATCH] containerfile: fix tar extraction

Ic68e8c5b839cbc2852326747c68ef89f630f26a3 removed the sudo from the
tar extraction here, meaning that production is failing to create the
chroot.  This is hidden in testing because
DIB_CONTAINERFILE_PODMAN_ROOT is set.  Make the sudo here
unconditional.

Change-Id: I6e36e3fc65981f85fad12ea2cd10780fde9c37da
---
 .../elements/containerfile/root.d/08-containerfile           | 4 +++-
 .../containerfile-root-extraction-430148dd669cb3da.yaml      | 5 +++++
 2 files changed, 8 insertions(+), 1 deletion(-)
 create mode 100644 releasenotes/notes/containerfile-root-extraction-430148dd669cb3da.yaml

diff --git a/diskimage_builder/elements/containerfile/root.d/08-containerfile b/diskimage_builder/elements/containerfile/root.d/08-containerfile
index 46d4b4afe..c3452580c 100755
--- a/diskimage_builder/elements/containerfile/root.d/08-containerfile
+++ b/diskimage_builder/elements/containerfile/root.d/08-containerfile
@@ -60,7 +60,9 @@ fi
 
 ${_sudo} podman build -t dib-work-image -f $DIB_CONTAINERFILE_DOCKERFILE $DIB_CONTAINER_CONTEXT
 container=$(${_sudo} podman run -d dib-work-image /bin/sh)
-${_sudo} podman export $container | ${_sudo} tar -C $TARGET_ROOT --numeric-owner -xf -
+# NOTE(ianw) 2021-11-10 the tar must always be sudo to write out the chroot files
+# as other uids
+${_sudo} podman export $container | sudo tar -C $TARGET_ROOT --numeric-owner -xf -
 ${_sudo} podman rm $container
 ${_sudo} podman rmi dib-work-image
 
diff --git a/releasenotes/notes/containerfile-root-extraction-430148dd669cb3da.yaml b/releasenotes/notes/containerfile-root-extraction-430148dd669cb3da.yaml
new file mode 100644
index 000000000..429de9770
--- /dev/null
+++ b/releasenotes/notes/containerfile-root-extraction-430148dd669cb3da.yaml
@@ -0,0 +1,5 @@
+---
+fixes:
+  - |
+    This release fixes an regression in the ``containerfile`` element
+    that prevented it extracting root images correctly.