github.com/afbjorklund/moby@v20.10.5+incompatible/pkg/archive/archive_unix_test.go (about)

     1  // +build !windows
     2  
     3  package archive // import "github.com/docker/docker/pkg/archive"
     4  
     5  import (
     6  	"archive/tar"
     7  	"bytes"
     8  	"fmt"
     9  	"io/ioutil"
    10  	"os"
    11  	"os/exec"
    12  	"path/filepath"
    13  	"strings"
    14  	"syscall"
    15  	"testing"
    16  
    17  	"github.com/containerd/containerd/sys"
    18  	"github.com/docker/docker/pkg/system"
    19  	"golang.org/x/sys/unix"
    20  	"gotest.tools/v3/assert"
    21  	is "gotest.tools/v3/assert/cmp"
    22  	"gotest.tools/v3/skip"
    23  )
    24  
    25  func TestCanonicalTarNameForPath(t *testing.T) {
    26  	cases := []struct{ in, expected string }{
    27  		{"foo", "foo"},
    28  		{"foo/bar", "foo/bar"},
    29  		{"foo/dir/", "foo/dir/"},
    30  	}
    31  	for _, v := range cases {
    32  		if CanonicalTarNameForPath(v.in) != v.expected {
    33  			t.Fatalf("wrong canonical tar name. expected:%s got:%s", v.expected, CanonicalTarNameForPath(v.in))
    34  		}
    35  	}
    36  }
    37  
    38  func TestCanonicalTarName(t *testing.T) {
    39  	cases := []struct {
    40  		in       string
    41  		isDir    bool
    42  		expected string
    43  	}{
    44  		{"foo", false, "foo"},
    45  		{"foo", true, "foo/"},
    46  		{"foo/bar", false, "foo/bar"},
    47  		{"foo/bar", true, "foo/bar/"},
    48  	}
    49  	for _, v := range cases {
    50  		if canonicalTarName(v.in, v.isDir) != v.expected {
    51  			t.Fatalf("wrong canonical tar name. expected:%s got:%s", v.expected, canonicalTarName(v.in, v.isDir))
    52  		}
    53  	}
    54  }
    55  
    56  func TestChmodTarEntry(t *testing.T) {
    57  	cases := []struct {
    58  		in, expected os.FileMode
    59  	}{
    60  		{0000, 0000},
    61  		{0777, 0777},
    62  		{0644, 0644},
    63  		{0755, 0755},
    64  		{0444, 0444},
    65  	}
    66  	for _, v := range cases {
    67  		if out := chmodTarEntry(v.in); out != v.expected {
    68  			t.Fatalf("wrong chmod. expected:%v got:%v", v.expected, out)
    69  		}
    70  	}
    71  }
    72  
    73  func TestTarWithHardLink(t *testing.T) {
    74  	origin, err := ioutil.TempDir("", "docker-test-tar-hardlink")
    75  	assert.NilError(t, err)
    76  	defer os.RemoveAll(origin)
    77  
    78  	err = ioutil.WriteFile(filepath.Join(origin, "1"), []byte("hello world"), 0700)
    79  	assert.NilError(t, err)
    80  
    81  	err = os.Link(filepath.Join(origin, "1"), filepath.Join(origin, "2"))
    82  	assert.NilError(t, err)
    83  
    84  	var i1, i2 uint64
    85  	i1, err = getNlink(filepath.Join(origin, "1"))
    86  	assert.NilError(t, err)
    87  
    88  	// sanity check that we can hardlink
    89  	if i1 != 2 {
    90  		t.Skipf("skipping since hardlinks don't work here; expected 2 links, got %d", i1)
    91  	}
    92  
    93  	dest, err := ioutil.TempDir("", "docker-test-tar-hardlink-dest")
    94  	assert.NilError(t, err)
    95  	defer os.RemoveAll(dest)
    96  
    97  	// we'll do this in two steps to separate failure
    98  	fh, err := Tar(origin, Uncompressed)
    99  	assert.NilError(t, err)
   100  
   101  	// ensure we can read the whole thing with no error, before writing back out
   102  	buf, err := ioutil.ReadAll(fh)
   103  	assert.NilError(t, err)
   104  
   105  	bRdr := bytes.NewReader(buf)
   106  	err = Untar(bRdr, dest, &TarOptions{Compression: Uncompressed})
   107  	assert.NilError(t, err)
   108  
   109  	i1, err = getInode(filepath.Join(dest, "1"))
   110  	assert.NilError(t, err)
   111  
   112  	i2, err = getInode(filepath.Join(dest, "2"))
   113  	assert.NilError(t, err)
   114  
   115  	assert.Check(t, is.Equal(i1, i2))
   116  }
   117  
   118  func TestTarWithHardLinkAndRebase(t *testing.T) {
   119  	tmpDir, err := ioutil.TempDir("", "docker-test-tar-hardlink-rebase")
   120  	assert.NilError(t, err)
   121  	defer os.RemoveAll(tmpDir)
   122  
   123  	origin := filepath.Join(tmpDir, "origin")
   124  	err = os.Mkdir(origin, 0700)
   125  	assert.NilError(t, err)
   126  
   127  	err = ioutil.WriteFile(filepath.Join(origin, "1"), []byte("hello world"), 0700)
   128  	assert.NilError(t, err)
   129  
   130  	err = os.Link(filepath.Join(origin, "1"), filepath.Join(origin, "2"))
   131  	assert.NilError(t, err)
   132  
   133  	var i1, i2 uint64
   134  	i1, err = getNlink(filepath.Join(origin, "1"))
   135  	assert.NilError(t, err)
   136  
   137  	// sanity check that we can hardlink
   138  	if i1 != 2 {
   139  		t.Skipf("skipping since hardlinks don't work here; expected 2 links, got %d", i1)
   140  	}
   141  
   142  	dest := filepath.Join(tmpDir, "dest")
   143  	bRdr, err := TarResourceRebase(origin, "origin")
   144  	assert.NilError(t, err)
   145  
   146  	dstDir, srcBase := SplitPathDirEntry(origin)
   147  	_, dstBase := SplitPathDirEntry(dest)
   148  	content := RebaseArchiveEntries(bRdr, srcBase, dstBase)
   149  	err = Untar(content, dstDir, &TarOptions{Compression: Uncompressed, NoLchown: true, NoOverwriteDirNonDir: true})
   150  	assert.NilError(t, err)
   151  
   152  	i1, err = getInode(filepath.Join(dest, "1"))
   153  	assert.NilError(t, err)
   154  	i2, err = getInode(filepath.Join(dest, "2"))
   155  	assert.NilError(t, err)
   156  
   157  	assert.Check(t, is.Equal(i1, i2))
   158  }
   159  
   160  // TestUntarParentPathPermissions is a regression test to check that missing
   161  // parent directories are created with the expected permissions
   162  func TestUntarParentPathPermissions(t *testing.T) {
   163  	buf := &bytes.Buffer{}
   164  	w := tar.NewWriter(buf)
   165  	err := w.WriteHeader(&tar.Header{Name: "foo/bar"})
   166  	assert.NilError(t, err)
   167  	tmpDir, err := ioutil.TempDir("", t.Name())
   168  	assert.NilError(t, err)
   169  	defer os.RemoveAll(tmpDir)
   170  	err = Untar(buf, tmpDir, nil)
   171  	assert.NilError(t, err)
   172  
   173  	fi, err := os.Lstat(filepath.Join(tmpDir, "foo"))
   174  	assert.NilError(t, err)
   175  	assert.Equal(t, fi.Mode(), 0755|os.ModeDir)
   176  }
   177  
   178  func getNlink(path string) (uint64, error) {
   179  	stat, err := os.Stat(path)
   180  	if err != nil {
   181  		return 0, err
   182  	}
   183  	statT, ok := stat.Sys().(*syscall.Stat_t)
   184  	if !ok {
   185  		return 0, fmt.Errorf("expected type *syscall.Stat_t, got %t", stat.Sys())
   186  	}
   187  	// We need this conversion on ARM64
   188  	// nolint: unconvert
   189  	return uint64(statT.Nlink), nil
   190  }
   191  
   192  func getInode(path string) (uint64, error) {
   193  	stat, err := os.Stat(path)
   194  	if err != nil {
   195  		return 0, err
   196  	}
   197  	statT, ok := stat.Sys().(*syscall.Stat_t)
   198  	if !ok {
   199  		return 0, fmt.Errorf("expected type *syscall.Stat_t, got %t", stat.Sys())
   200  	}
   201  	return statT.Ino, nil
   202  }
   203  
   204  func TestTarWithBlockCharFifo(t *testing.T) {
   205  	skip.If(t, os.Getuid() != 0, "skipping test that requires root")
   206  	skip.If(t, sys.RunningInUserNS(), "skipping test that requires initial userns")
   207  	origin, err := ioutil.TempDir("", "docker-test-tar-hardlink")
   208  	assert.NilError(t, err)
   209  
   210  	defer os.RemoveAll(origin)
   211  	err = ioutil.WriteFile(filepath.Join(origin, "1"), []byte("hello world"), 0700)
   212  	assert.NilError(t, err)
   213  
   214  	err = system.Mknod(filepath.Join(origin, "2"), unix.S_IFBLK, int(system.Mkdev(int64(12), int64(5))))
   215  	assert.NilError(t, err)
   216  	err = system.Mknod(filepath.Join(origin, "3"), unix.S_IFCHR, int(system.Mkdev(int64(12), int64(5))))
   217  	assert.NilError(t, err)
   218  	err = system.Mknod(filepath.Join(origin, "4"), unix.S_IFIFO, int(system.Mkdev(int64(12), int64(5))))
   219  	assert.NilError(t, err)
   220  
   221  	dest, err := ioutil.TempDir("", "docker-test-tar-hardlink-dest")
   222  	assert.NilError(t, err)
   223  	defer os.RemoveAll(dest)
   224  
   225  	// we'll do this in two steps to separate failure
   226  	fh, err := Tar(origin, Uncompressed)
   227  	assert.NilError(t, err)
   228  
   229  	// ensure we can read the whole thing with no error, before writing back out
   230  	buf, err := ioutil.ReadAll(fh)
   231  	assert.NilError(t, err)
   232  
   233  	bRdr := bytes.NewReader(buf)
   234  	err = Untar(bRdr, dest, &TarOptions{Compression: Uncompressed})
   235  	assert.NilError(t, err)
   236  
   237  	changes, err := ChangesDirs(origin, dest)
   238  	assert.NilError(t, err)
   239  
   240  	if len(changes) > 0 {
   241  		t.Fatalf("Tar with special device (block, char, fifo) should keep them (recreate them when untar) : %v", changes)
   242  	}
   243  }
   244  
   245  // TestTarUntarWithXattr is Unix as Lsetxattr is not supported on Windows
   246  func TestTarUntarWithXattr(t *testing.T) {
   247  	skip.If(t, os.Getuid() != 0, "skipping test that requires root")
   248  	if _, err := exec.LookPath("setcap"); err != nil {
   249  		t.Skip("setcap not installed")
   250  	}
   251  	if _, err := exec.LookPath("getcap"); err != nil {
   252  		t.Skip("getcap not installed")
   253  	}
   254  
   255  	origin, err := ioutil.TempDir("", "docker-test-untar-origin")
   256  	assert.NilError(t, err)
   257  	defer os.RemoveAll(origin)
   258  	err = ioutil.WriteFile(filepath.Join(origin, "1"), []byte("hello world"), 0700)
   259  	assert.NilError(t, err)
   260  
   261  	err = ioutil.WriteFile(filepath.Join(origin, "2"), []byte("welcome!"), 0700)
   262  	assert.NilError(t, err)
   263  	err = ioutil.WriteFile(filepath.Join(origin, "3"), []byte("will be ignored"), 0700)
   264  	assert.NilError(t, err)
   265  	// there is no known Go implementation of setcap/getcap with support for v3 file capability
   266  	out, err := exec.Command("setcap", "cap_block_suspend+ep", filepath.Join(origin, "2")).CombinedOutput()
   267  	assert.NilError(t, err, string(out))
   268  
   269  	for _, c := range []Compression{
   270  		Uncompressed,
   271  		Gzip,
   272  	} {
   273  		changes, err := tarUntar(t, origin, &TarOptions{
   274  			Compression:     c,
   275  			ExcludePatterns: []string{"3"},
   276  		})
   277  
   278  		if err != nil {
   279  			t.Fatalf("Error tar/untar for compression %s: %s", c.Extension(), err)
   280  		}
   281  
   282  		if len(changes) != 1 || changes[0].Path != "/3" {
   283  			t.Fatalf("Unexpected differences after tarUntar: %v", changes)
   284  		}
   285  		out, err := exec.Command("getcap", filepath.Join(origin, "2")).CombinedOutput()
   286  		assert.NilError(t, err, string(out))
   287  		assert.Check(t, is.Contains(string(out), "= cap_block_suspend+ep"), "untar should have kept the 'security.capability' xattr")
   288  	}
   289  }
   290  
   291  func TestCopyInfoDestinationPathSymlink(t *testing.T) {
   292  	tmpDir, _ := getTestTempDirs(t)
   293  	defer removeAllPaths(tmpDir)
   294  
   295  	root := strings.TrimRight(tmpDir, "/") + "/"
   296  
   297  	type FileTestData struct {
   298  		resource FileData
   299  		file     string
   300  		expected CopyInfo
   301  	}
   302  
   303  	testData := []FileTestData{
   304  		// Create a directory: /tmp/archive-copy-test*/dir1
   305  		// Test will "copy" file1 to dir1
   306  		{resource: FileData{filetype: Dir, path: "dir1", permissions: 0740}, file: "file1", expected: CopyInfo{Path: root + "dir1/file1", Exists: false, IsDir: false}},
   307  
   308  		// Create a symlink directory to dir1: /tmp/archive-copy-test*/dirSymlink -> dir1
   309  		// Test will "copy" file2 to dirSymlink
   310  		{resource: FileData{filetype: Symlink, path: "dirSymlink", contents: root + "dir1", permissions: 0600}, file: "file2", expected: CopyInfo{Path: root + "dirSymlink/file2", Exists: false, IsDir: false}},
   311  
   312  		// Create a file in tmp directory: /tmp/archive-copy-test*/file1
   313  		// Test to cover when the full file path already exists.
   314  		{resource: FileData{filetype: Regular, path: "file1", permissions: 0600}, file: "", expected: CopyInfo{Path: root + "file1", Exists: true}},
   315  
   316  		// Create a directory: /tmp/archive-copy*/dir2
   317  		// Test to cover when the full directory path already exists
   318  		{resource: FileData{filetype: Dir, path: "dir2", permissions: 0740}, file: "", expected: CopyInfo{Path: root + "dir2", Exists: true, IsDir: true}},
   319  
   320  		// Create a symlink to a non-existent target: /tmp/archive-copy*/symlink1 -> noSuchTarget
   321  		// Negative test to cover symlinking to a target that does not exit
   322  		{resource: FileData{filetype: Symlink, path: "symlink1", contents: "noSuchTarget", permissions: 0600}, file: "", expected: CopyInfo{Path: root + "noSuchTarget", Exists: false}},
   323  
   324  		// Create a file in tmp directory for next test: /tmp/existingfile
   325  		{resource: FileData{filetype: Regular, path: "existingfile", permissions: 0600}, file: "", expected: CopyInfo{Path: root + "existingfile", Exists: true}},
   326  
   327  		// Create a symlink to an existing file: /tmp/archive-copy*/symlink2 -> /tmp/existingfile
   328  		// Test to cover when the parent directory of a new file is a symlink
   329  		{resource: FileData{filetype: Symlink, path: "symlink2", contents: "existingfile", permissions: 0600}, file: "", expected: CopyInfo{Path: root + "existingfile", Exists: true}},
   330  	}
   331  
   332  	var dirs []FileData
   333  	for _, data := range testData {
   334  		dirs = append(dirs, data.resource)
   335  	}
   336  	provisionSampleDir(t, tmpDir, dirs)
   337  
   338  	for _, info := range testData {
   339  		p := filepath.Join(tmpDir, info.resource.path, info.file)
   340  		ci, err := CopyInfoDestinationPath(p)
   341  		assert.Check(t, err)
   342  		assert.Check(t, is.DeepEqual(info.expected, ci))
   343  	}
   344  }