github.com/rawahars/moby@v24.0.4+incompatible/pkg/archive/diff.go (about) 1 package archive // import "github.com/docker/docker/pkg/archive" 2 3 import ( 4 "archive/tar" 5 "fmt" 6 "io" 7 "os" 8 "path/filepath" 9 "runtime" 10 "strings" 11 12 "github.com/docker/docker/pkg/pools" 13 "github.com/docker/docker/pkg/system" 14 "github.com/sirupsen/logrus" 15 ) 16 17 // UnpackLayer unpack `layer` to a `dest`. The stream `layer` can be 18 // compressed or uncompressed. 19 // Returns the size in bytes of the contents of the layer. 20 func UnpackLayer(dest string, layer io.Reader, options *TarOptions) (size int64, err error) { 21 tr := tar.NewReader(layer) 22 trBuf := pools.BufioReader32KPool.Get(tr) 23 defer pools.BufioReader32KPool.Put(trBuf) 24 25 var dirs []*tar.Header 26 unpackedPaths := make(map[string]struct{}) 27 28 if options == nil { 29 options = &TarOptions{} 30 } 31 if options.ExcludePatterns == nil { 32 options.ExcludePatterns = []string{} 33 } 34 35 aufsTempdir := "" 36 aufsHardlinks := make(map[string]*tar.Header) 37 38 // Iterate through the files in the archive. 39 for { 40 hdr, err := tr.Next() 41 if err == io.EOF { 42 // end of tar archive 43 break 44 } 45 if err != nil { 46 return 0, err 47 } 48 49 size += hdr.Size 50 51 // Normalize name, for safety and for a simple is-root check 52 hdr.Name = filepath.Clean(hdr.Name) 53 54 // Windows does not support filenames with colons in them. Ignore 55 // these files. This is not a problem though (although it might 56 // appear that it is). Let's suppose a client is running docker pull. 57 // The daemon it points to is Windows. Would it make sense for the 58 // client to be doing a docker pull Ubuntu for example (which has files 59 // with colons in the name under /usr/share/man/man3)? No, absolutely 60 // not as it would really only make sense that they were pulling a 61 // Windows image. However, for development, it is necessary to be able 62 // to pull Linux images which are in the repository. 63 // 64 // TODO Windows. Once the registry is aware of what images are Windows- 65 // specific or Linux-specific, this warning should be changed to an error 66 // to cater for the situation where someone does manage to upload a Linux 67 // image but have it tagged as Windows inadvertently. 68 if runtime.GOOS == "windows" { 69 if strings.Contains(hdr.Name, ":") { 70 logrus.Warnf("Windows: Ignoring %s (is this a Linux image?)", hdr.Name) 71 continue 72 } 73 } 74 75 // Ensure that the parent directory exists. 76 err = createImpliedDirectories(dest, hdr, options) 77 if err != nil { 78 return 0, err 79 } 80 81 // Skip AUFS metadata dirs 82 if strings.HasPrefix(hdr.Name, WhiteoutMetaPrefix) { 83 // Regular files inside /.wh..wh.plnk can be used as hardlink targets 84 // We don't want this directory, but we need the files in them so that 85 // such hardlinks can be resolved. 86 if strings.HasPrefix(hdr.Name, WhiteoutLinkDir) && hdr.Typeflag == tar.TypeReg { 87 basename := filepath.Base(hdr.Name) 88 aufsHardlinks[basename] = hdr 89 if aufsTempdir == "" { 90 if aufsTempdir, err = os.MkdirTemp(dest, "dockerplnk"); err != nil { 91 return 0, err 92 } 93 defer os.RemoveAll(aufsTempdir) 94 } 95 if err := createTarFile(filepath.Join(aufsTempdir, basename), dest, hdr, tr, true, nil, options.InUserNS); err != nil { 96 return 0, err 97 } 98 } 99 100 if hdr.Name != WhiteoutOpaqueDir { 101 continue 102 } 103 } 104 //#nosec G305 -- The joined path is guarded against path traversal. 105 path := filepath.Join(dest, hdr.Name) 106 rel, err := filepath.Rel(dest, path) 107 if err != nil { 108 return 0, err 109 } 110 111 // Note as these operations are platform specific, so must the slash be. 112 if strings.HasPrefix(rel, ".."+string(os.PathSeparator)) { 113 return 0, breakoutError(fmt.Errorf("%q is outside of %q", hdr.Name, dest)) 114 } 115 base := filepath.Base(path) 116 117 if strings.HasPrefix(base, WhiteoutPrefix) { 118 dir := filepath.Dir(path) 119 if base == WhiteoutOpaqueDir { 120 _, err := os.Lstat(dir) 121 if err != nil { 122 return 0, err 123 } 124 err = filepath.WalkDir(dir, func(path string, info os.DirEntry, err error) error { 125 if err != nil { 126 if os.IsNotExist(err) { 127 err = nil // parent was deleted 128 } 129 return err 130 } 131 if path == dir { 132 return nil 133 } 134 if _, exists := unpackedPaths[path]; !exists { 135 return os.RemoveAll(path) 136 } 137 return nil 138 }) 139 if err != nil { 140 return 0, err 141 } 142 } else { 143 originalBase := base[len(WhiteoutPrefix):] 144 originalPath := filepath.Join(dir, originalBase) 145 if err := os.RemoveAll(originalPath); err != nil { 146 return 0, err 147 } 148 } 149 } else { 150 // If path exits we almost always just want to remove and replace it. 151 // The only exception is when it is a directory *and* the file from 152 // the layer is also a directory. Then we want to merge them (i.e. 153 // just apply the metadata from the layer). 154 if fi, err := os.Lstat(path); err == nil { 155 if !(fi.IsDir() && hdr.Typeflag == tar.TypeDir) { 156 if err := os.RemoveAll(path); err != nil { 157 return 0, err 158 } 159 } 160 } 161 162 trBuf.Reset(tr) 163 srcData := io.Reader(trBuf) 164 srcHdr := hdr 165 166 // Hard links into /.wh..wh.plnk don't work, as we don't extract that directory, so 167 // we manually retarget these into the temporary files we extracted them into 168 if hdr.Typeflag == tar.TypeLink && strings.HasPrefix(filepath.Clean(hdr.Linkname), WhiteoutLinkDir) { 169 linkBasename := filepath.Base(hdr.Linkname) 170 srcHdr = aufsHardlinks[linkBasename] 171 if srcHdr == nil { 172 return 0, fmt.Errorf("Invalid aufs hardlink") 173 } 174 tmpFile, err := os.Open(filepath.Join(aufsTempdir, linkBasename)) 175 if err != nil { 176 return 0, err 177 } 178 defer tmpFile.Close() 179 srcData = tmpFile 180 } 181 182 if err := remapIDs(options.IDMap, srcHdr); err != nil { 183 return 0, err 184 } 185 186 if err := createTarFile(path, dest, srcHdr, srcData, !options.NoLchown, nil, options.InUserNS); err != nil { 187 return 0, err 188 } 189 190 // Directory mtimes must be handled at the end to avoid further 191 // file creation in them to modify the directory mtime 192 if hdr.Typeflag == tar.TypeDir { 193 dirs = append(dirs, hdr) 194 } 195 unpackedPaths[path] = struct{}{} 196 } 197 } 198 199 for _, hdr := range dirs { 200 //#nosec G305 -- The header was checked for path traversal before it was appended to the dirs slice. 201 path := filepath.Join(dest, hdr.Name) 202 if err := system.Chtimes(path, hdr.AccessTime, hdr.ModTime); err != nil { 203 return 0, err 204 } 205 } 206 207 return size, nil 208 } 209 210 // ApplyLayer parses a diff in the standard layer format from `layer`, 211 // and applies it to the directory `dest`. The stream `layer` can be 212 // compressed or uncompressed. 213 // Returns the size in bytes of the contents of the layer. 214 func ApplyLayer(dest string, layer io.Reader) (int64, error) { 215 return applyLayerHandler(dest, layer, &TarOptions{}, true) 216 } 217 218 // ApplyUncompressedLayer parses a diff in the standard layer format from 219 // `layer`, and applies it to the directory `dest`. The stream `layer` 220 // can only be uncompressed. 221 // Returns the size in bytes of the contents of the layer. 222 func ApplyUncompressedLayer(dest string, layer io.Reader, options *TarOptions) (int64, error) { 223 return applyLayerHandler(dest, layer, options, false) 224 } 225 226 // do the bulk load of ApplyLayer, but allow for not calling DecompressStream 227 func applyLayerHandler(dest string, layer io.Reader, options *TarOptions, decompress bool) (int64, error) { 228 dest = filepath.Clean(dest) 229 230 // We need to be able to set any perms 231 restore := overrideUmask(0) 232 defer restore() 233 234 if decompress { 235 decompLayer, err := DecompressStream(layer) 236 if err != nil { 237 return 0, err 238 } 239 defer decompLayer.Close() 240 layer = decompLayer 241 } 242 return UnpackLayer(dest, layer, options) 243 }