import: make sure gnu tar complains on tar files with trailing garbage

By default GNU tar will only read the first archive if multiple archives
are concatenated and ignore the rest. If an archive contains trailing
garbage this will hence not be recognized by tar as error, it simply
stops reading when the first archive is done (which might escalate to
SIGPIPE when invoked via a pipe).

Let's add --ignore-zeros to the tar command line when extracting. This
means:

1) if a tar archive was concatenated (i.e. generated with tar -A) we'll
   process it correctly.

2) if a tar archive contains trailing garbage tar will now generate an
   error message about it, instead of just throwing EPIPE, which makes
   things easier to debug as broken files are not silently processed.

I think it's OK for gnu tar to ignore trailing garbage when dealing with
classic tapes drives, i.e. mediums that do not have a size limit
built-in. However, this is not what we are dealing with: we are dealing
with OS images here, that hopefully someone generated with a clean build
system, that were signed and validated and hence should not contain
trailing garbage.  Hence it's better to refuse and complain thant to
silently eat up like for classic tape drives.

Fixes: #16605

diff --git a/src/import/import-common.c b/src/import/import-common.c
index ca96f073b136261946a967f0c23d5c9466a11e2e..ebd747289288e4a87933d7a67894cc1d9acb23e1 100644 (file)
--- a/src/import/import-common.c
+++ b/src/import/import-common.c
@@ -81,6 +81,7 @@ int import_fork_tar_x(const char *path, pid_t *ret) {
         if (r == 0) {
                 const char *cmdline[] = {
                        "tar",
+                       "--ignore-zeros",
                        "--numeric-owner",
                        "-C", path,
                        "-px",