github.com/olljanat/moby@v1.13.1/pkg/archive/archive.go (about) 1 package archive 2 3 import ( 4 "archive/tar" 5 "bufio" 6 "bytes" 7 "compress/bzip2" 8 "compress/gzip" 9 "errors" 10 "fmt" 11 "io" 12 "io/ioutil" 13 "os" 14 "os/exec" 15 "path/filepath" 16 "runtime" 17 "strings" 18 "syscall" 19 20 "github.com/Sirupsen/logrus" 21 "github.com/docker/docker/pkg/fileutils" 22 "github.com/docker/docker/pkg/idtools" 23 "github.com/docker/docker/pkg/ioutils" 24 "github.com/docker/docker/pkg/pools" 25 "github.com/docker/docker/pkg/promise" 26 "github.com/docker/docker/pkg/system" 27 ) 28 29 type ( 30 // Compression is the state represents if compressed or not. 31 Compression int 32 // WhiteoutFormat is the format of whiteouts unpacked 33 WhiteoutFormat int 34 // TarChownOptions wraps the chown options UID and GID. 35 TarChownOptions struct { 36 UID, GID int 37 } 38 39 // TarOptions wraps the tar options. 40 TarOptions struct { 41 IncludeFiles []string 42 ExcludePatterns []string 43 Compression Compression 44 NoLchown bool 45 UIDMaps []idtools.IDMap 46 GIDMaps []idtools.IDMap 47 ChownOpts *TarChownOptions 48 IncludeSourceDir bool 49 // WhiteoutFormat is the expected on disk format for whiteout files. 50 // This format will be converted to the standard format on pack 51 // and from the standard format on unpack. 52 WhiteoutFormat WhiteoutFormat 53 // When unpacking, specifies whether overwriting a directory with a 54 // non-directory is allowed and vice versa. 55 NoOverwriteDirNonDir bool 56 // For each include when creating an archive, the included name will be 57 // replaced with the matching name from this map. 58 RebaseNames map[string]string 59 InUserNS bool 60 } 61 62 // Archiver allows the reuse of most utility functions of this package 63 // with a pluggable Untar function. Also, to facilitate the passing of 64 // specific id mappings for untar, an archiver can be created with maps 65 // which will then be passed to Untar operations 66 Archiver struct { 67 Untar func(io.Reader, string, *TarOptions) error 68 UIDMaps []idtools.IDMap 69 GIDMaps []idtools.IDMap 70 } 71 72 // breakoutError is used to differentiate errors related to breaking out 73 // When testing archive breakout in the unit tests, this error is expected 74 // in order for the test to pass. 75 breakoutError error 76 ) 77 78 var ( 79 // ErrNotImplemented is the error message of function not implemented. 80 ErrNotImplemented = errors.New("Function not implemented") 81 defaultArchiver = &Archiver{Untar: Untar, UIDMaps: nil, GIDMaps: nil} 82 ) 83 84 const ( 85 // HeaderSize is the size in bytes of a tar header 86 HeaderSize = 512 87 ) 88 89 const ( 90 // Uncompressed represents the uncompressed. 91 Uncompressed Compression = iota 92 // Bzip2 is bzip2 compression algorithm. 93 Bzip2 94 // Gzip is gzip compression algorithm. 95 Gzip 96 // Xz is xz compression algorithm. 97 Xz 98 ) 99 100 const ( 101 // AUFSWhiteoutFormat is the default format for whiteouts 102 AUFSWhiteoutFormat WhiteoutFormat = iota 103 // OverlayWhiteoutFormat formats whiteout according to the overlay 104 // standard. 105 OverlayWhiteoutFormat 106 ) 107 108 // IsArchive checks for the magic bytes of a tar or any supported compression 109 // algorithm. 110 func IsArchive(header []byte) bool { 111 compression := DetectCompression(header) 112 if compression != Uncompressed { 113 return true 114 } 115 r := tar.NewReader(bytes.NewBuffer(header)) 116 _, err := r.Next() 117 return err == nil 118 } 119 120 // IsArchivePath checks if the (possibly compressed) file at the given path 121 // starts with a tar file header. 122 func IsArchivePath(path string) bool { 123 file, err := os.Open(path) 124 if err != nil { 125 return false 126 } 127 defer file.Close() 128 rdr, err := DecompressStream(file) 129 if err != nil { 130 return false 131 } 132 r := tar.NewReader(rdr) 133 _, err = r.Next() 134 return err == nil 135 } 136 137 // DetectCompression detects the compression algorithm of the source. 138 func DetectCompression(source []byte) Compression { 139 for compression, m := range map[Compression][]byte{ 140 Bzip2: {0x42, 0x5A, 0x68}, 141 Gzip: {0x1F, 0x8B, 0x08}, 142 Xz: {0xFD, 0x37, 0x7A, 0x58, 0x5A, 0x00}, 143 } { 144 if len(source) < len(m) { 145 logrus.Debug("Len too short") 146 continue 147 } 148 if bytes.Compare(m, source[:len(m)]) == 0 { 149 return compression 150 } 151 } 152 return Uncompressed 153 } 154 155 func xzDecompress(archive io.Reader) (io.ReadCloser, <-chan struct{}, error) { 156 args := []string{"xz", "-d", "-c", "-q"} 157 158 return cmdStream(exec.Command(args[0], args[1:]...), archive) 159 } 160 161 // DecompressStream decompresses the archive and returns a ReaderCloser with the decompressed archive. 162 func DecompressStream(archive io.Reader) (io.ReadCloser, error) { 163 p := pools.BufioReader32KPool 164 buf := p.Get(archive) 165 bs, err := buf.Peek(10) 166 if err != nil && err != io.EOF { 167 // Note: we'll ignore any io.EOF error because there are some odd 168 // cases where the layer.tar file will be empty (zero bytes) and 169 // that results in an io.EOF from the Peek() call. So, in those 170 // cases we'll just treat it as a non-compressed stream and 171 // that means just create an empty layer. 172 // See Issue 18170 173 return nil, err 174 } 175 176 compression := DetectCompression(bs) 177 switch compression { 178 case Uncompressed: 179 readBufWrapper := p.NewReadCloserWrapper(buf, buf) 180 return readBufWrapper, nil 181 case Gzip: 182 gzReader, err := gzip.NewReader(buf) 183 if err != nil { 184 return nil, err 185 } 186 readBufWrapper := p.NewReadCloserWrapper(buf, gzReader) 187 return readBufWrapper, nil 188 case Bzip2: 189 bz2Reader := bzip2.NewReader(buf) 190 readBufWrapper := p.NewReadCloserWrapper(buf, bz2Reader) 191 return readBufWrapper, nil 192 case Xz: 193 xzReader, chdone, err := xzDecompress(buf) 194 if err != nil { 195 return nil, err 196 } 197 readBufWrapper := p.NewReadCloserWrapper(buf, xzReader) 198 return ioutils.NewReadCloserWrapper(readBufWrapper, func() error { 199 <-chdone 200 return readBufWrapper.Close() 201 }), nil 202 default: 203 return nil, fmt.Errorf("Unsupported compression format %s", (&compression).Extension()) 204 } 205 } 206 207 // CompressStream compresseses the dest with specified compression algorithm. 208 func CompressStream(dest io.Writer, compression Compression) (io.WriteCloser, error) { 209 p := pools.BufioWriter32KPool 210 buf := p.Get(dest) 211 switch compression { 212 case Uncompressed: 213 writeBufWrapper := p.NewWriteCloserWrapper(buf, buf) 214 return writeBufWrapper, nil 215 case Gzip: 216 gzWriter := gzip.NewWriter(dest) 217 writeBufWrapper := p.NewWriteCloserWrapper(buf, gzWriter) 218 return writeBufWrapper, nil 219 case Bzip2, Xz: 220 // archive/bzip2 does not support writing, and there is no xz support at all 221 // However, this is not a problem as docker only currently generates gzipped tars 222 return nil, fmt.Errorf("Unsupported compression format %s", (&compression).Extension()) 223 default: 224 return nil, fmt.Errorf("Unsupported compression format %s", (&compression).Extension()) 225 } 226 } 227 228 // Extension returns the extension of a file that uses the specified compression algorithm. 229 func (compression *Compression) Extension() string { 230 switch *compression { 231 case Uncompressed: 232 return "tar" 233 case Bzip2: 234 return "tar.bz2" 235 case Gzip: 236 return "tar.gz" 237 case Xz: 238 return "tar.xz" 239 } 240 return "" 241 } 242 243 type tarWhiteoutConverter interface { 244 ConvertWrite(*tar.Header, string, os.FileInfo) (*tar.Header, error) 245 ConvertRead(*tar.Header, string) (bool, error) 246 } 247 248 type tarAppender struct { 249 TarWriter *tar.Writer 250 Buffer *bufio.Writer 251 252 // for hardlink mapping 253 SeenFiles map[uint64]string 254 UIDMaps []idtools.IDMap 255 GIDMaps []idtools.IDMap 256 257 // For packing and unpacking whiteout files in the 258 // non standard format. The whiteout files defined 259 // by the AUFS standard are used as the tar whiteout 260 // standard. 261 WhiteoutConverter tarWhiteoutConverter 262 } 263 264 // canonicalTarName provides a platform-independent and consistent posix-style 265 //path for files and directories to be archived regardless of the platform. 266 func canonicalTarName(name string, isDir bool) (string, error) { 267 name, err := CanonicalTarNameForPath(name) 268 if err != nil { 269 return "", err 270 } 271 272 // suffix with '/' for directories 273 if isDir && !strings.HasSuffix(name, "/") { 274 name += "/" 275 } 276 return name, nil 277 } 278 279 // addTarFile adds to the tar archive a file from `path` as `name` 280 func (ta *tarAppender) addTarFile(path, name string) error { 281 fi, err := os.Lstat(path) 282 if err != nil { 283 return err 284 } 285 286 link := "" 287 if fi.Mode()&os.ModeSymlink != 0 { 288 if link, err = os.Readlink(path); err != nil { 289 return err 290 } 291 } 292 293 hdr, err := tar.FileInfoHeader(fi, link) 294 if err != nil { 295 return err 296 } 297 hdr.Mode = int64(chmodTarEntry(os.FileMode(hdr.Mode))) 298 299 name, err = canonicalTarName(name, fi.IsDir()) 300 if err != nil { 301 return fmt.Errorf("tar: cannot canonicalize path: %v", err) 302 } 303 hdr.Name = name 304 305 inode, err := setHeaderForSpecialDevice(hdr, ta, name, fi.Sys()) 306 if err != nil { 307 return err 308 } 309 310 // if it's not a directory and has more than 1 link, 311 // it's hard linked, so set the type flag accordingly 312 if !fi.IsDir() && hasHardlinks(fi) { 313 // a link should have a name that it links too 314 // and that linked name should be first in the tar archive 315 if oldpath, ok := ta.SeenFiles[inode]; ok { 316 hdr.Typeflag = tar.TypeLink 317 hdr.Linkname = oldpath 318 hdr.Size = 0 // This Must be here for the writer math to add up! 319 } else { 320 ta.SeenFiles[inode] = name 321 } 322 } 323 324 capability, _ := system.Lgetxattr(path, "security.capability") 325 if capability != nil { 326 hdr.Xattrs = make(map[string]string) 327 hdr.Xattrs["security.capability"] = string(capability) 328 } 329 330 //handle re-mapping container ID mappings back to host ID mappings before 331 //writing tar headers/files. We skip whiteout files because they were written 332 //by the kernel and already have proper ownership relative to the host 333 if !strings.HasPrefix(filepath.Base(hdr.Name), WhiteoutPrefix) && (ta.UIDMaps != nil || ta.GIDMaps != nil) { 334 uid, gid, err := getFileUIDGID(fi.Sys()) 335 if err != nil { 336 return err 337 } 338 xUID, err := idtools.ToContainer(uid, ta.UIDMaps) 339 if err != nil { 340 return err 341 } 342 xGID, err := idtools.ToContainer(gid, ta.GIDMaps) 343 if err != nil { 344 return err 345 } 346 hdr.Uid = xUID 347 hdr.Gid = xGID 348 } 349 350 if ta.WhiteoutConverter != nil { 351 wo, err := ta.WhiteoutConverter.ConvertWrite(hdr, path, fi) 352 if err != nil { 353 return err 354 } 355 356 // If a new whiteout file exists, write original hdr, then 357 // replace hdr with wo to be written after. Whiteouts should 358 // always be written after the original. Note the original 359 // hdr may have been updated to be a whiteout with returning 360 // a whiteout header 361 if wo != nil { 362 if err := ta.TarWriter.WriteHeader(hdr); err != nil { 363 return err 364 } 365 if hdr.Typeflag == tar.TypeReg && hdr.Size > 0 { 366 return fmt.Errorf("tar: cannot use whiteout for non-empty file") 367 } 368 hdr = wo 369 } 370 } 371 372 if err := ta.TarWriter.WriteHeader(hdr); err != nil { 373 return err 374 } 375 376 if hdr.Typeflag == tar.TypeReg && hdr.Size > 0 { 377 // We use system.OpenSequential to ensure we use sequential file 378 // access on Windows to avoid depleting the standby list. 379 // On Linux, this equates to a regular os.Open. 380 file, err := system.OpenSequential(path) 381 if err != nil { 382 return err 383 } 384 385 ta.Buffer.Reset(ta.TarWriter) 386 defer ta.Buffer.Reset(nil) 387 _, err = io.Copy(ta.Buffer, file) 388 file.Close() 389 if err != nil { 390 return err 391 } 392 err = ta.Buffer.Flush() 393 if err != nil { 394 return err 395 } 396 } 397 398 return nil 399 } 400 401 func createTarFile(path, extractDir string, hdr *tar.Header, reader io.Reader, Lchown bool, chownOpts *TarChownOptions, inUserns bool) error { 402 // hdr.Mode is in linux format, which we can use for sycalls, 403 // but for os.Foo() calls we need the mode converted to os.FileMode, 404 // so use hdrInfo.Mode() (they differ for e.g. setuid bits) 405 hdrInfo := hdr.FileInfo() 406 407 switch hdr.Typeflag { 408 case tar.TypeDir: 409 // Create directory unless it exists as a directory already. 410 // In that case we just want to merge the two 411 if fi, err := os.Lstat(path); !(err == nil && fi.IsDir()) { 412 if err := os.Mkdir(path, hdrInfo.Mode()); err != nil { 413 return err 414 } 415 } 416 417 case tar.TypeReg, tar.TypeRegA: 418 // Source is regular file. We use system.OpenFileSequential to use sequential 419 // file access to avoid depleting the standby list on Windows. 420 // On Linux, this equates to a regular os.OpenFile 421 file, err := system.OpenFileSequential(path, os.O_CREATE|os.O_WRONLY, hdrInfo.Mode()) 422 if err != nil { 423 return err 424 } 425 if _, err := io.Copy(file, reader); err != nil { 426 file.Close() 427 return err 428 } 429 file.Close() 430 431 case tar.TypeBlock, tar.TypeChar: 432 if inUserns { // cannot create devices in a userns 433 return nil 434 } 435 // Handle this is an OS-specific way 436 if err := handleTarTypeBlockCharFifo(hdr, path); err != nil { 437 return err 438 } 439 440 case tar.TypeFifo: 441 // Handle this is an OS-specific way 442 if err := handleTarTypeBlockCharFifo(hdr, path); err != nil { 443 return err 444 } 445 446 case tar.TypeLink: 447 targetPath := filepath.Join(extractDir, hdr.Linkname) 448 // check for hardlink breakout 449 if !strings.HasPrefix(targetPath, extractDir) { 450 return breakoutError(fmt.Errorf("invalid hardlink %q -> %q", targetPath, hdr.Linkname)) 451 } 452 if err := os.Link(targetPath, path); err != nil { 453 return err 454 } 455 456 case tar.TypeSymlink: 457 // path -> hdr.Linkname = targetPath 458 // e.g. /extractDir/path/to/symlink -> ../2/file = /extractDir/path/2/file 459 targetPath := filepath.Join(filepath.Dir(path), hdr.Linkname) 460 461 // the reason we don't need to check symlinks in the path (with FollowSymlinkInScope) is because 462 // that symlink would first have to be created, which would be caught earlier, at this very check: 463 if !strings.HasPrefix(targetPath, extractDir) { 464 return breakoutError(fmt.Errorf("invalid symlink %q -> %q", path, hdr.Linkname)) 465 } 466 if err := os.Symlink(hdr.Linkname, path); err != nil { 467 return err 468 } 469 470 case tar.TypeXGlobalHeader: 471 logrus.Debug("PAX Global Extended Headers found and ignored") 472 return nil 473 474 default: 475 return fmt.Errorf("Unhandled tar header type %d\n", hdr.Typeflag) 476 } 477 478 // Lchown is not supported on Windows. 479 if Lchown && runtime.GOOS != "windows" { 480 if chownOpts == nil { 481 chownOpts = &TarChownOptions{UID: hdr.Uid, GID: hdr.Gid} 482 } 483 if err := os.Lchown(path, chownOpts.UID, chownOpts.GID); err != nil { 484 return err 485 } 486 } 487 488 var errors []string 489 for key, value := range hdr.Xattrs { 490 if err := system.Lsetxattr(path, key, []byte(value), 0); err != nil { 491 if err == syscall.ENOTSUP { 492 // We ignore errors here because not all graphdrivers support 493 // xattrs *cough* old versions of AUFS *cough*. However only 494 // ENOTSUP should be emitted in that case, otherwise we still 495 // bail. 496 errors = append(errors, err.Error()) 497 continue 498 } 499 return err 500 } 501 502 } 503 504 if len(errors) > 0 { 505 logrus.WithFields(logrus.Fields{ 506 "errors": errors, 507 }).Warn("ignored xattrs in archive: underlying filesystem doesn't support them") 508 } 509 510 // There is no LChmod, so ignore mode for symlink. Also, this 511 // must happen after chown, as that can modify the file mode 512 if err := handleLChmod(hdr, path, hdrInfo); err != nil { 513 return err 514 } 515 516 aTime := hdr.AccessTime 517 if aTime.Before(hdr.ModTime) { 518 // Last access time should never be before last modified time. 519 aTime = hdr.ModTime 520 } 521 522 // system.Chtimes doesn't support a NOFOLLOW flag atm 523 if hdr.Typeflag == tar.TypeLink { 524 if fi, err := os.Lstat(hdr.Linkname); err == nil && (fi.Mode()&os.ModeSymlink == 0) { 525 if err := system.Chtimes(path, aTime, hdr.ModTime); err != nil { 526 return err 527 } 528 } 529 } else if hdr.Typeflag != tar.TypeSymlink { 530 if err := system.Chtimes(path, aTime, hdr.ModTime); err != nil { 531 return err 532 } 533 } else { 534 ts := []syscall.Timespec{timeToTimespec(aTime), timeToTimespec(hdr.ModTime)} 535 if err := system.LUtimesNano(path, ts); err != nil && err != system.ErrNotSupportedPlatform { 536 return err 537 } 538 } 539 return nil 540 } 541 542 // Tar creates an archive from the directory at `path`, and returns it as a 543 // stream of bytes. 544 func Tar(path string, compression Compression) (io.ReadCloser, error) { 545 return TarWithOptions(path, &TarOptions{Compression: compression}) 546 } 547 548 // TarWithOptions creates an archive from the directory at `path`, only including files whose relative 549 // paths are included in `options.IncludeFiles` (if non-nil) or not in `options.ExcludePatterns`. 550 func TarWithOptions(srcPath string, options *TarOptions) (io.ReadCloser, error) { 551 552 // Fix the source path to work with long path names. This is a no-op 553 // on platforms other than Windows. 554 srcPath = fixVolumePathPrefix(srcPath) 555 556 patterns, patDirs, exceptions, err := fileutils.CleanPatterns(options.ExcludePatterns) 557 558 if err != nil { 559 return nil, err 560 } 561 562 pipeReader, pipeWriter := io.Pipe() 563 564 compressWriter, err := CompressStream(pipeWriter, options.Compression) 565 if err != nil { 566 return nil, err 567 } 568 569 go func() { 570 ta := &tarAppender{ 571 TarWriter: tar.NewWriter(compressWriter), 572 Buffer: pools.BufioWriter32KPool.Get(nil), 573 SeenFiles: make(map[uint64]string), 574 UIDMaps: options.UIDMaps, 575 GIDMaps: options.GIDMaps, 576 WhiteoutConverter: getWhiteoutConverter(options.WhiteoutFormat), 577 } 578 579 defer func() { 580 // Make sure to check the error on Close. 581 if err := ta.TarWriter.Close(); err != nil { 582 logrus.Errorf("Can't close tar writer: %s", err) 583 } 584 if err := compressWriter.Close(); err != nil { 585 logrus.Errorf("Can't close compress writer: %s", err) 586 } 587 if err := pipeWriter.Close(); err != nil { 588 logrus.Errorf("Can't close pipe writer: %s", err) 589 } 590 }() 591 592 // this buffer is needed for the duration of this piped stream 593 defer pools.BufioWriter32KPool.Put(ta.Buffer) 594 595 // In general we log errors here but ignore them because 596 // during e.g. a diff operation the container can continue 597 // mutating the filesystem and we can see transient errors 598 // from this 599 600 stat, err := os.Lstat(srcPath) 601 if err != nil { 602 return 603 } 604 605 if !stat.IsDir() { 606 // We can't later join a non-dir with any includes because the 607 // 'walk' will error if "file/." is stat-ed and "file" is not a 608 // directory. So, we must split the source path and use the 609 // basename as the include. 610 if len(options.IncludeFiles) > 0 { 611 logrus.Warn("Tar: Can't archive a file with includes") 612 } 613 614 dir, base := SplitPathDirEntry(srcPath) 615 srcPath = dir 616 options.IncludeFiles = []string{base} 617 } 618 619 if len(options.IncludeFiles) == 0 { 620 options.IncludeFiles = []string{"."} 621 } 622 623 seen := make(map[string]bool) 624 625 for _, include := range options.IncludeFiles { 626 rebaseName := options.RebaseNames[include] 627 628 walkRoot := getWalkRoot(srcPath, include) 629 filepath.Walk(walkRoot, func(filePath string, f os.FileInfo, err error) error { 630 if err != nil { 631 logrus.Errorf("Tar: Can't stat file %s to tar: %s", srcPath, err) 632 return nil 633 } 634 635 relFilePath, err := filepath.Rel(srcPath, filePath) 636 if err != nil || (!options.IncludeSourceDir && relFilePath == "." && f.IsDir()) { 637 // Error getting relative path OR we are looking 638 // at the source directory path. Skip in both situations. 639 return nil 640 } 641 642 if options.IncludeSourceDir && include == "." && relFilePath != "." { 643 relFilePath = strings.Join([]string{".", relFilePath}, string(filepath.Separator)) 644 } 645 646 skip := false 647 648 // If "include" is an exact match for the current file 649 // then even if there's an "excludePatterns" pattern that 650 // matches it, don't skip it. IOW, assume an explicit 'include' 651 // is asking for that file no matter what - which is true 652 // for some files, like .dockerignore and Dockerfile (sometimes) 653 if include != relFilePath { 654 skip, err = fileutils.OptimizedMatches(relFilePath, patterns, patDirs) 655 if err != nil { 656 logrus.Errorf("Error matching %s: %v", relFilePath, err) 657 return err 658 } 659 } 660 661 if skip { 662 // If we want to skip this file and its a directory 663 // then we should first check to see if there's an 664 // excludes pattern (eg !dir/file) that starts with this 665 // dir. If so then we can't skip this dir. 666 667 // Its not a dir then so we can just return/skip. 668 if !f.IsDir() { 669 return nil 670 } 671 672 // No exceptions (!...) in patterns so just skip dir 673 if !exceptions { 674 return filepath.SkipDir 675 } 676 677 dirSlash := relFilePath + string(filepath.Separator) 678 679 for _, pat := range patterns { 680 if pat[0] != '!' { 681 continue 682 } 683 pat = pat[1:] + string(filepath.Separator) 684 if strings.HasPrefix(pat, dirSlash) { 685 // found a match - so can't skip this dir 686 return nil 687 } 688 } 689 690 // No matching exclusion dir so just skip dir 691 return filepath.SkipDir 692 } 693 694 if seen[relFilePath] { 695 return nil 696 } 697 seen[relFilePath] = true 698 699 // Rename the base resource. 700 if rebaseName != "" { 701 var replacement string 702 if rebaseName != string(filepath.Separator) { 703 // Special case the root directory to replace with an 704 // empty string instead so that we don't end up with 705 // double slashes in the paths. 706 replacement = rebaseName 707 } 708 709 relFilePath = strings.Replace(relFilePath, include, replacement, 1) 710 } 711 712 if err := ta.addTarFile(filePath, relFilePath); err != nil { 713 logrus.Errorf("Can't add file %s to tar: %s", filePath, err) 714 // if pipe is broken, stop writing tar stream to it 715 if err == io.ErrClosedPipe { 716 return err 717 } 718 } 719 return nil 720 }) 721 } 722 }() 723 724 return pipeReader, nil 725 } 726 727 // Unpack unpacks the decompressedArchive to dest with options. 728 func Unpack(decompressedArchive io.Reader, dest string, options *TarOptions) error { 729 tr := tar.NewReader(decompressedArchive) 730 trBuf := pools.BufioReader32KPool.Get(nil) 731 defer pools.BufioReader32KPool.Put(trBuf) 732 733 var dirs []*tar.Header 734 remappedRootUID, remappedRootGID, err := idtools.GetRootUIDGID(options.UIDMaps, options.GIDMaps) 735 if err != nil { 736 return err 737 } 738 whiteoutConverter := getWhiteoutConverter(options.WhiteoutFormat) 739 740 // Iterate through the files in the archive. 741 loop: 742 for { 743 hdr, err := tr.Next() 744 if err == io.EOF { 745 // end of tar archive 746 break 747 } 748 if err != nil { 749 return err 750 } 751 752 // Normalize name, for safety and for a simple is-root check 753 // This keeps "../" as-is, but normalizes "/../" to "/". Or Windows: 754 // This keeps "..\" as-is, but normalizes "\..\" to "\". 755 hdr.Name = filepath.Clean(hdr.Name) 756 757 for _, exclude := range options.ExcludePatterns { 758 if strings.HasPrefix(hdr.Name, exclude) { 759 continue loop 760 } 761 } 762 763 // After calling filepath.Clean(hdr.Name) above, hdr.Name will now be in 764 // the filepath format for the OS on which the daemon is running. Hence 765 // the check for a slash-suffix MUST be done in an OS-agnostic way. 766 if !strings.HasSuffix(hdr.Name, string(os.PathSeparator)) { 767 // Not the root directory, ensure that the parent directory exists 768 parent := filepath.Dir(hdr.Name) 769 parentPath := filepath.Join(dest, parent) 770 if _, err := os.Lstat(parentPath); err != nil && os.IsNotExist(err) { 771 err = idtools.MkdirAllNewAs(parentPath, 0777, remappedRootUID, remappedRootGID) 772 if err != nil { 773 return err 774 } 775 } 776 } 777 778 path := filepath.Join(dest, hdr.Name) 779 rel, err := filepath.Rel(dest, path) 780 if err != nil { 781 return err 782 } 783 if strings.HasPrefix(rel, ".."+string(os.PathSeparator)) { 784 return breakoutError(fmt.Errorf("%q is outside of %q", hdr.Name, dest)) 785 } 786 787 // If path exits we almost always just want to remove and replace it 788 // The only exception is when it is a directory *and* the file from 789 // the layer is also a directory. Then we want to merge them (i.e. 790 // just apply the metadata from the layer). 791 if fi, err := os.Lstat(path); err == nil { 792 if options.NoOverwriteDirNonDir && fi.IsDir() && hdr.Typeflag != tar.TypeDir { 793 // If NoOverwriteDirNonDir is true then we cannot replace 794 // an existing directory with a non-directory from the archive. 795 return fmt.Errorf("cannot overwrite directory %q with non-directory %q", path, dest) 796 } 797 798 if options.NoOverwriteDirNonDir && !fi.IsDir() && hdr.Typeflag == tar.TypeDir { 799 // If NoOverwriteDirNonDir is true then we cannot replace 800 // an existing non-directory with a directory from the archive. 801 return fmt.Errorf("cannot overwrite non-directory %q with directory %q", path, dest) 802 } 803 804 if fi.IsDir() && hdr.Name == "." { 805 continue 806 } 807 808 if !(fi.IsDir() && hdr.Typeflag == tar.TypeDir) { 809 if err := os.RemoveAll(path); err != nil { 810 return err 811 } 812 } 813 } 814 trBuf.Reset(tr) 815 816 // if the options contain a uid & gid maps, convert header uid/gid 817 // entries using the maps such that lchown sets the proper mapped 818 // uid/gid after writing the file. We only perform this mapping if 819 // the file isn't already owned by the remapped root UID or GID, as 820 // that specific uid/gid has no mapping from container -> host, and 821 // those files already have the proper ownership for inside the 822 // container. 823 if hdr.Uid != remappedRootUID { 824 xUID, err := idtools.ToHost(hdr.Uid, options.UIDMaps) 825 if err != nil { 826 return err 827 } 828 hdr.Uid = xUID 829 } 830 if hdr.Gid != remappedRootGID { 831 xGID, err := idtools.ToHost(hdr.Gid, options.GIDMaps) 832 if err != nil { 833 return err 834 } 835 hdr.Gid = xGID 836 } 837 838 if whiteoutConverter != nil { 839 writeFile, err := whiteoutConverter.ConvertRead(hdr, path) 840 if err != nil { 841 return err 842 } 843 if !writeFile { 844 continue 845 } 846 } 847 848 if err := createTarFile(path, dest, hdr, trBuf, !options.NoLchown, options.ChownOpts, options.InUserNS); err != nil { 849 return err 850 } 851 852 // Directory mtimes must be handled at the end to avoid further 853 // file creation in them to modify the directory mtime 854 if hdr.Typeflag == tar.TypeDir { 855 dirs = append(dirs, hdr) 856 } 857 } 858 859 for _, hdr := range dirs { 860 path := filepath.Join(dest, hdr.Name) 861 862 if err := system.Chtimes(path, hdr.AccessTime, hdr.ModTime); err != nil { 863 return err 864 } 865 } 866 return nil 867 } 868 869 // Untar reads a stream of bytes from `archive`, parses it as a tar archive, 870 // and unpacks it into the directory at `dest`. 871 // The archive may be compressed with one of the following algorithms: 872 // identity (uncompressed), gzip, bzip2, xz. 873 // FIXME: specify behavior when target path exists vs. doesn't exist. 874 func Untar(tarArchive io.Reader, dest string, options *TarOptions) error { 875 return untarHandler(tarArchive, dest, options, true) 876 } 877 878 // UntarUncompressed reads a stream of bytes from `archive`, parses it as a tar archive, 879 // and unpacks it into the directory at `dest`. 880 // The archive must be an uncompressed stream. 881 func UntarUncompressed(tarArchive io.Reader, dest string, options *TarOptions) error { 882 return untarHandler(tarArchive, dest, options, false) 883 } 884 885 // Handler for teasing out the automatic decompression 886 func untarHandler(tarArchive io.Reader, dest string, options *TarOptions, decompress bool) error { 887 if tarArchive == nil { 888 return fmt.Errorf("Empty archive") 889 } 890 dest = filepath.Clean(dest) 891 if options == nil { 892 options = &TarOptions{} 893 } 894 if options.ExcludePatterns == nil { 895 options.ExcludePatterns = []string{} 896 } 897 898 r := tarArchive 899 if decompress { 900 decompressedArchive, err := DecompressStream(tarArchive) 901 if err != nil { 902 return err 903 } 904 defer decompressedArchive.Close() 905 r = decompressedArchive 906 } 907 908 return Unpack(r, dest, options) 909 } 910 911 // TarUntar is a convenience function which calls Tar and Untar, with the output of one piped into the other. 912 // If either Tar or Untar fails, TarUntar aborts and returns the error. 913 func (archiver *Archiver) TarUntar(src, dst string) error { 914 logrus.Debugf("TarUntar(%s %s)", src, dst) 915 archive, err := TarWithOptions(src, &TarOptions{Compression: Uncompressed}) 916 if err != nil { 917 return err 918 } 919 defer archive.Close() 920 921 var options *TarOptions 922 if archiver.UIDMaps != nil || archiver.GIDMaps != nil { 923 options = &TarOptions{ 924 UIDMaps: archiver.UIDMaps, 925 GIDMaps: archiver.GIDMaps, 926 } 927 } 928 return archiver.Untar(archive, dst, options) 929 } 930 931 // TarUntar is a convenience function which calls Tar and Untar, with the output of one piped into the other. 932 // If either Tar or Untar fails, TarUntar aborts and returns the error. 933 func TarUntar(src, dst string) error { 934 return defaultArchiver.TarUntar(src, dst) 935 } 936 937 // UntarPath untar a file from path to a destination, src is the source tar file path. 938 func (archiver *Archiver) UntarPath(src, dst string) error { 939 archive, err := os.Open(src) 940 if err != nil { 941 return err 942 } 943 defer archive.Close() 944 var options *TarOptions 945 if archiver.UIDMaps != nil || archiver.GIDMaps != nil { 946 options = &TarOptions{ 947 UIDMaps: archiver.UIDMaps, 948 GIDMaps: archiver.GIDMaps, 949 } 950 } 951 return archiver.Untar(archive, dst, options) 952 } 953 954 // UntarPath is a convenience function which looks for an archive 955 // at filesystem path `src`, and unpacks it at `dst`. 956 func UntarPath(src, dst string) error { 957 return defaultArchiver.UntarPath(src, dst) 958 } 959 960 // CopyWithTar creates a tar archive of filesystem path `src`, and 961 // unpacks it at filesystem path `dst`. 962 // The archive is streamed directly with fixed buffering and no 963 // intermediary disk IO. 964 func (archiver *Archiver) CopyWithTar(src, dst string) error { 965 srcSt, err := os.Stat(src) 966 if err != nil { 967 return err 968 } 969 if !srcSt.IsDir() { 970 return archiver.CopyFileWithTar(src, dst) 971 } 972 973 // if this archiver is set up with ID mapping we need to create 974 // the new destination directory with the remapped root UID/GID pair 975 // as owner 976 rootUID, rootGID, err := idtools.GetRootUIDGID(archiver.UIDMaps, archiver.GIDMaps) 977 if err != nil { 978 return err 979 } 980 // Create dst, copy src's content into it 981 logrus.Debugf("Creating dest directory: %s", dst) 982 if err := idtools.MkdirAllNewAs(dst, 0755, rootUID, rootGID); err != nil { 983 return err 984 } 985 logrus.Debugf("Calling TarUntar(%s, %s)", src, dst) 986 return archiver.TarUntar(src, dst) 987 } 988 989 // CopyWithTar creates a tar archive of filesystem path `src`, and 990 // unpacks it at filesystem path `dst`. 991 // The archive is streamed directly with fixed buffering and no 992 // intermediary disk IO. 993 func CopyWithTar(src, dst string) error { 994 return defaultArchiver.CopyWithTar(src, dst) 995 } 996 997 // CopyFileWithTar emulates the behavior of the 'cp' command-line 998 // for a single file. It copies a regular file from path `src` to 999 // path `dst`, and preserves all its metadata. 1000 func (archiver *Archiver) CopyFileWithTar(src, dst string) (err error) { 1001 logrus.Debugf("CopyFileWithTar(%s, %s)", src, dst) 1002 srcSt, err := os.Stat(src) 1003 if err != nil { 1004 return err 1005 } 1006 1007 if srcSt.IsDir() { 1008 return fmt.Errorf("Can't copy a directory") 1009 } 1010 1011 // Clean up the trailing slash. This must be done in an operating 1012 // system specific manner. 1013 if dst[len(dst)-1] == os.PathSeparator { 1014 dst = filepath.Join(dst, filepath.Base(src)) 1015 } 1016 // Create the holding directory if necessary 1017 if err := system.MkdirAll(filepath.Dir(dst), 0700); err != nil { 1018 return err 1019 } 1020 1021 r, w := io.Pipe() 1022 errC := promise.Go(func() error { 1023 defer w.Close() 1024 1025 srcF, err := os.Open(src) 1026 if err != nil { 1027 return err 1028 } 1029 defer srcF.Close() 1030 1031 hdr, err := tar.FileInfoHeader(srcSt, "") 1032 if err != nil { 1033 return err 1034 } 1035 hdr.Name = filepath.Base(dst) 1036 hdr.Mode = int64(chmodTarEntry(os.FileMode(hdr.Mode))) 1037 1038 remappedRootUID, remappedRootGID, err := idtools.GetRootUIDGID(archiver.UIDMaps, archiver.GIDMaps) 1039 if err != nil { 1040 return err 1041 } 1042 1043 // only perform mapping if the file being copied isn't already owned by the 1044 // uid or gid of the remapped root in the container 1045 if remappedRootUID != hdr.Uid { 1046 xUID, err := idtools.ToHost(hdr.Uid, archiver.UIDMaps) 1047 if err != nil { 1048 return err 1049 } 1050 hdr.Uid = xUID 1051 } 1052 if remappedRootGID != hdr.Gid { 1053 xGID, err := idtools.ToHost(hdr.Gid, archiver.GIDMaps) 1054 if err != nil { 1055 return err 1056 } 1057 hdr.Gid = xGID 1058 } 1059 1060 tw := tar.NewWriter(w) 1061 defer tw.Close() 1062 if err := tw.WriteHeader(hdr); err != nil { 1063 return err 1064 } 1065 if _, err := io.Copy(tw, srcF); err != nil { 1066 return err 1067 } 1068 return nil 1069 }) 1070 defer func() { 1071 if er := <-errC; err == nil && er != nil { 1072 err = er 1073 } 1074 }() 1075 1076 err = archiver.Untar(r, filepath.Dir(dst), nil) 1077 if err != nil { 1078 r.CloseWithError(err) 1079 } 1080 return err 1081 } 1082 1083 // CopyFileWithTar emulates the behavior of the 'cp' command-line 1084 // for a single file. It copies a regular file from path `src` to 1085 // path `dst`, and preserves all its metadata. 1086 // 1087 // Destination handling is in an operating specific manner depending 1088 // where the daemon is running. If `dst` ends with a trailing slash 1089 // the final destination path will be `dst/base(src)` (Linux) or 1090 // `dst\base(src)` (Windows). 1091 func CopyFileWithTar(src, dst string) (err error) { 1092 return defaultArchiver.CopyFileWithTar(src, dst) 1093 } 1094 1095 // cmdStream executes a command, and returns its stdout as a stream. 1096 // If the command fails to run or doesn't complete successfully, an error 1097 // will be returned, including anything written on stderr. 1098 func cmdStream(cmd *exec.Cmd, input io.Reader) (io.ReadCloser, <-chan struct{}, error) { 1099 chdone := make(chan struct{}) 1100 cmd.Stdin = input 1101 pipeR, pipeW := io.Pipe() 1102 cmd.Stdout = pipeW 1103 var errBuf bytes.Buffer 1104 cmd.Stderr = &errBuf 1105 1106 // Run the command and return the pipe 1107 if err := cmd.Start(); err != nil { 1108 return nil, nil, err 1109 } 1110 1111 // Copy stdout to the returned pipe 1112 go func() { 1113 if err := cmd.Wait(); err != nil { 1114 pipeW.CloseWithError(fmt.Errorf("%s: %s", err, errBuf.String())) 1115 } else { 1116 pipeW.Close() 1117 } 1118 close(chdone) 1119 }() 1120 1121 return pipeR, chdone, nil 1122 } 1123 1124 // NewTempArchive reads the content of src into a temporary file, and returns the contents 1125 // of that file as an archive. The archive can only be read once - as soon as reading completes, 1126 // the file will be deleted. 1127 func NewTempArchive(src io.Reader, dir string) (*TempArchive, error) { 1128 f, err := ioutil.TempFile(dir, "") 1129 if err != nil { 1130 return nil, err 1131 } 1132 if _, err := io.Copy(f, src); err != nil { 1133 return nil, err 1134 } 1135 if _, err := f.Seek(0, 0); err != nil { 1136 return nil, err 1137 } 1138 st, err := f.Stat() 1139 if err != nil { 1140 return nil, err 1141 } 1142 size := st.Size() 1143 return &TempArchive{File: f, Size: size}, nil 1144 } 1145 1146 // TempArchive is a temporary archive. The archive can only be read once - as soon as reading completes, 1147 // the file will be deleted. 1148 type TempArchive struct { 1149 *os.File 1150 Size int64 // Pre-computed from Stat().Size() as a convenience 1151 read int64 1152 closed bool 1153 } 1154 1155 // Close closes the underlying file if it's still open, or does a no-op 1156 // to allow callers to try to close the TempArchive multiple times safely. 1157 func (archive *TempArchive) Close() error { 1158 if archive.closed { 1159 return nil 1160 } 1161 1162 archive.closed = true 1163 1164 return archive.File.Close() 1165 } 1166 1167 func (archive *TempArchive) Read(data []byte) (int, error) { 1168 n, err := archive.File.Read(data) 1169 archive.read += int64(n) 1170 if err != nil || archive.read == archive.Size { 1171 archive.Close() 1172 os.Remove(archive.File.Name()) 1173 } 1174 return n, err 1175 }