github.com/sijibomii/docker@v0.0.0-20231230191044-5cf6ca554647/pkg/archive/archive.go (about) 1 package archive 2 3 import ( 4 "archive/tar" 5 "bufio" 6 "bytes" 7 "compress/bzip2" 8 "compress/gzip" 9 "errors" 10 "fmt" 11 "io" 12 "io/ioutil" 13 "os" 14 "os/exec" 15 "path/filepath" 16 "runtime" 17 "strings" 18 "syscall" 19 20 "github.com/Sirupsen/logrus" 21 "github.com/docker/docker/pkg/fileutils" 22 "github.com/docker/docker/pkg/idtools" 23 "github.com/docker/docker/pkg/ioutils" 24 "github.com/docker/docker/pkg/pools" 25 "github.com/docker/docker/pkg/promise" 26 "github.com/docker/docker/pkg/system" 27 ) 28 29 type ( 30 // Archive is a type of io.ReadCloser which has two interfaces Read and Closer. 31 Archive io.ReadCloser 32 // Reader is a type of io.Reader. 33 Reader io.Reader 34 // Compression is the state represents if compressed or not. 35 Compression int 36 // TarChownOptions wraps the chown options UID and GID. 37 TarChownOptions struct { 38 UID, GID int 39 } 40 // TarOptions wraps the tar options. 41 TarOptions struct { 42 IncludeFiles []string 43 ExcludePatterns []string 44 Compression Compression 45 NoLchown bool 46 UIDMaps []idtools.IDMap 47 GIDMaps []idtools.IDMap 48 ChownOpts *TarChownOptions 49 IncludeSourceDir bool 50 // When unpacking, specifies whether overwriting a directory with a 51 // non-directory is allowed and vice versa. 52 NoOverwriteDirNonDir bool 53 // For each include when creating an archive, the included name will be 54 // replaced with the matching name from this map. 55 RebaseNames map[string]string 56 } 57 58 // Archiver allows the reuse of most utility functions of this package 59 // with a pluggable Untar function. Also, to facilitate the passing of 60 // specific id mappings for untar, an archiver can be created with maps 61 // which will then be passed to Untar operations 62 Archiver struct { 63 Untar func(io.Reader, string, *TarOptions) error 64 UIDMaps []idtools.IDMap 65 GIDMaps []idtools.IDMap 66 } 67 68 // breakoutError is used to differentiate errors related to breaking out 69 // When testing archive breakout in the unit tests, this error is expected 70 // in order for the test to pass. 71 breakoutError error 72 ) 73 74 var ( 75 // ErrNotImplemented is the error message of function not implemented. 76 ErrNotImplemented = errors.New("Function not implemented") 77 defaultArchiver = &Archiver{Untar: Untar, UIDMaps: nil, GIDMaps: nil} 78 ) 79 80 const ( 81 // HeaderSize is the size in bytes of a tar header 82 HeaderSize = 512 83 ) 84 85 const ( 86 // Uncompressed represents the uncompressed. 87 Uncompressed Compression = iota 88 // Bzip2 is bzip2 compression algorithm. 89 Bzip2 90 // Gzip is gzip compression algorithm. 91 Gzip 92 // Xz is xz compression algorithm. 93 Xz 94 ) 95 96 // IsArchive checks for the magic bytes of a tar or any supported compression 97 // algorithm. 98 func IsArchive(header []byte) bool { 99 compression := DetectCompression(header) 100 if compression != Uncompressed { 101 return true 102 } 103 r := tar.NewReader(bytes.NewBuffer(header)) 104 _, err := r.Next() 105 return err == nil 106 } 107 108 // IsArchivePath checks if the (possibly compressed) file at the given path 109 // starts with a tar file header. 110 func IsArchivePath(path string) bool { 111 file, err := os.Open(path) 112 if err != nil { 113 return false 114 } 115 defer file.Close() 116 rdr, err := DecompressStream(file) 117 if err != nil { 118 return false 119 } 120 r := tar.NewReader(rdr) 121 _, err = r.Next() 122 return err == nil 123 } 124 125 // DetectCompression detects the compression algorithm of the source. 126 func DetectCompression(source []byte) Compression { 127 for compression, m := range map[Compression][]byte{ 128 Bzip2: {0x42, 0x5A, 0x68}, 129 Gzip: {0x1F, 0x8B, 0x08}, 130 Xz: {0xFD, 0x37, 0x7A, 0x58, 0x5A, 0x00}, 131 } { 132 if len(source) < len(m) { 133 logrus.Debugf("Len too short") 134 continue 135 } 136 if bytes.Compare(m, source[:len(m)]) == 0 { 137 return compression 138 } 139 } 140 return Uncompressed 141 } 142 143 func xzDecompress(archive io.Reader) (io.ReadCloser, <-chan struct{}, error) { 144 args := []string{"xz", "-d", "-c", "-q"} 145 146 return cmdStream(exec.Command(args[0], args[1:]...), archive) 147 } 148 149 // DecompressStream decompress the archive and returns a ReaderCloser with the decompressed archive. 150 func DecompressStream(archive io.Reader) (io.ReadCloser, error) { 151 p := pools.BufioReader32KPool 152 buf := p.Get(archive) 153 bs, err := buf.Peek(10) 154 if err != nil && err != io.EOF { 155 // Note: we'll ignore any io.EOF error because there are some odd 156 // cases where the layer.tar file will be empty (zero bytes) and 157 // that results in an io.EOF from the Peek() call. So, in those 158 // cases we'll just treat it as a non-compressed stream and 159 // that means just create an empty layer. 160 // See Issue 18170 161 return nil, err 162 } 163 164 compression := DetectCompression(bs) 165 switch compression { 166 case Uncompressed: 167 readBufWrapper := p.NewReadCloserWrapper(buf, buf) 168 return readBufWrapper, nil 169 case Gzip: 170 gzReader, err := gzip.NewReader(buf) 171 if err != nil { 172 return nil, err 173 } 174 readBufWrapper := p.NewReadCloserWrapper(buf, gzReader) 175 return readBufWrapper, nil 176 case Bzip2: 177 bz2Reader := bzip2.NewReader(buf) 178 readBufWrapper := p.NewReadCloserWrapper(buf, bz2Reader) 179 return readBufWrapper, nil 180 case Xz: 181 xzReader, chdone, err := xzDecompress(buf) 182 if err != nil { 183 return nil, err 184 } 185 readBufWrapper := p.NewReadCloserWrapper(buf, xzReader) 186 return ioutils.NewReadCloserWrapper(readBufWrapper, func() error { 187 <-chdone 188 return readBufWrapper.Close() 189 }), nil 190 default: 191 return nil, fmt.Errorf("Unsupported compression format %s", (&compression).Extension()) 192 } 193 } 194 195 // CompressStream compresses the dest with specified compression algorithm. 196 func CompressStream(dest io.Writer, compression Compression) (io.WriteCloser, error) { 197 p := pools.BufioWriter32KPool 198 buf := p.Get(dest) 199 switch compression { 200 case Uncompressed: 201 writeBufWrapper := p.NewWriteCloserWrapper(buf, buf) 202 return writeBufWrapper, nil 203 case Gzip: 204 gzWriter := gzip.NewWriter(dest) 205 writeBufWrapper := p.NewWriteCloserWrapper(buf, gzWriter) 206 return writeBufWrapper, nil 207 case Bzip2, Xz: 208 // archive/bzip2 does not support writing, and there is no xz support at all 209 // However, this is not a problem as docker only currently generates gzipped tars 210 return nil, fmt.Errorf("Unsupported compression format %s", (&compression).Extension()) 211 default: 212 return nil, fmt.Errorf("Unsupported compression format %s", (&compression).Extension()) 213 } 214 } 215 216 // Extension returns the extension of a file that uses the specified compression algorithm. 217 func (compression *Compression) Extension() string { 218 switch *compression { 219 case Uncompressed: 220 return "tar" 221 case Bzip2: 222 return "tar.bz2" 223 case Gzip: 224 return "tar.gz" 225 case Xz: 226 return "tar.xz" 227 } 228 return "" 229 } 230 231 type tarAppender struct { 232 TarWriter *tar.Writer 233 Buffer *bufio.Writer 234 235 // for hardlink mapping 236 SeenFiles map[uint64]string 237 UIDMaps []idtools.IDMap 238 GIDMaps []idtools.IDMap 239 } 240 241 // canonicalTarName provides a platform-independent and consistent posix-style 242 //path for files and directories to be archived regardless of the platform. 243 func canonicalTarName(name string, isDir bool) (string, error) { 244 name, err := CanonicalTarNameForPath(name) 245 if err != nil { 246 return "", err 247 } 248 249 // suffix with '/' for directories 250 if isDir && !strings.HasSuffix(name, "/") { 251 name += "/" 252 } 253 return name, nil 254 } 255 256 func (ta *tarAppender) addTarFile(path, name string) error { 257 fi, err := os.Lstat(path) 258 if err != nil { 259 return err 260 } 261 262 link := "" 263 if fi.Mode()&os.ModeSymlink != 0 { 264 if link, err = os.Readlink(path); err != nil { 265 return err 266 } 267 } 268 269 hdr, err := tar.FileInfoHeader(fi, link) 270 if err != nil { 271 return err 272 } 273 hdr.Mode = int64(chmodTarEntry(os.FileMode(hdr.Mode))) 274 275 name, err = canonicalTarName(name, fi.IsDir()) 276 if err != nil { 277 return fmt.Errorf("tar: cannot canonicalize path: %v", err) 278 } 279 hdr.Name = name 280 281 inode, err := setHeaderForSpecialDevice(hdr, ta, name, fi.Sys()) 282 if err != nil { 283 return err 284 } 285 286 // if it's not a directory and has more than 1 link, 287 // it's hardlinked, so set the type flag accordingly 288 if !fi.IsDir() && hasHardlinks(fi) { 289 // a link should have a name that it links too 290 // and that linked name should be first in the tar archive 291 if oldpath, ok := ta.SeenFiles[inode]; ok { 292 hdr.Typeflag = tar.TypeLink 293 hdr.Linkname = oldpath 294 hdr.Size = 0 // This Must be here for the writer math to add up! 295 } else { 296 ta.SeenFiles[inode] = name 297 } 298 } 299 300 capability, _ := system.Lgetxattr(path, "security.capability") 301 if capability != nil { 302 hdr.Xattrs = make(map[string]string) 303 hdr.Xattrs["security.capability"] = string(capability) 304 } 305 306 //handle re-mapping container ID mappings back to host ID mappings before 307 //writing tar headers/files. We skip whiteout files because they were written 308 //by the kernel and already have proper ownership relative to the host 309 if !strings.HasPrefix(filepath.Base(hdr.Name), WhiteoutPrefix) && (ta.UIDMaps != nil || ta.GIDMaps != nil) { 310 uid, gid, err := getFileUIDGID(fi.Sys()) 311 if err != nil { 312 return err 313 } 314 xUID, err := idtools.ToContainer(uid, ta.UIDMaps) 315 if err != nil { 316 return err 317 } 318 xGID, err := idtools.ToContainer(gid, ta.GIDMaps) 319 if err != nil { 320 return err 321 } 322 hdr.Uid = xUID 323 hdr.Gid = xGID 324 } 325 326 if err := ta.TarWriter.WriteHeader(hdr); err != nil { 327 return err 328 } 329 330 if hdr.Typeflag == tar.TypeReg { 331 file, err := os.Open(path) 332 if err != nil { 333 return err 334 } 335 336 ta.Buffer.Reset(ta.TarWriter) 337 defer ta.Buffer.Reset(nil) 338 _, err = io.Copy(ta.Buffer, file) 339 file.Close() 340 if err != nil { 341 return err 342 } 343 err = ta.Buffer.Flush() 344 if err != nil { 345 return err 346 } 347 } 348 349 return nil 350 } 351 352 func createTarFile(path, extractDir string, hdr *tar.Header, reader io.Reader, Lchown bool, chownOpts *TarChownOptions) error { 353 // hdr.Mode is in linux format, which we can use for sycalls, 354 // but for os.Foo() calls we need the mode converted to os.FileMode, 355 // so use hdrInfo.Mode() (they differ for e.g. setuid bits) 356 hdrInfo := hdr.FileInfo() 357 358 switch hdr.Typeflag { 359 case tar.TypeDir: 360 // Create directory unless it exists as a directory already. 361 // In that case we just want to merge the two 362 if fi, err := os.Lstat(path); !(err == nil && fi.IsDir()) { 363 if err := os.Mkdir(path, hdrInfo.Mode()); err != nil { 364 return err 365 } 366 } 367 368 case tar.TypeReg, tar.TypeRegA: 369 // Source is regular file 370 file, err := os.OpenFile(path, os.O_CREATE|os.O_WRONLY, hdrInfo.Mode()) 371 if err != nil { 372 return err 373 } 374 if _, err := io.Copy(file, reader); err != nil { 375 file.Close() 376 return err 377 } 378 file.Close() 379 380 case tar.TypeBlock, tar.TypeChar, tar.TypeFifo: 381 // Handle this is an OS-specific way 382 if err := handleTarTypeBlockCharFifo(hdr, path); err != nil { 383 return err 384 } 385 386 case tar.TypeLink: 387 targetPath := filepath.Join(extractDir, hdr.Linkname) 388 // check for hardlink breakout 389 if !strings.HasPrefix(targetPath, extractDir) { 390 return breakoutError(fmt.Errorf("invalid hardlink %q -> %q", targetPath, hdr.Linkname)) 391 } 392 if err := os.Link(targetPath, path); err != nil { 393 return err 394 } 395 396 case tar.TypeSymlink: 397 // path -> hdr.Linkname = targetPath 398 // e.g. /extractDir/path/to/symlink -> ../2/file = /extractDir/path/2/file 399 targetPath := filepath.Join(filepath.Dir(path), hdr.Linkname) 400 401 // the reason we don't need to check symlinks in the path (with FollowSymlinkInScope) is because 402 // that symlink would first have to be created, which would be caught earlier, at this very check: 403 if !strings.HasPrefix(targetPath, extractDir) { 404 return breakoutError(fmt.Errorf("invalid symlink %q -> %q", path, hdr.Linkname)) 405 } 406 if err := os.Symlink(hdr.Linkname, path); err != nil { 407 return err 408 } 409 410 case tar.TypeXGlobalHeader: 411 logrus.Debugf("PAX Global Extended Headers found and ignored") 412 return nil 413 414 default: 415 return fmt.Errorf("Unhandled tar header type %d\n", hdr.Typeflag) 416 } 417 418 // Lchown is not supported on Windows. 419 if Lchown && runtime.GOOS != "windows" { 420 if chownOpts == nil { 421 chownOpts = &TarChownOptions{UID: hdr.Uid, GID: hdr.Gid} 422 } 423 if err := os.Lchown(path, chownOpts.UID, chownOpts.GID); err != nil { 424 return err 425 } 426 } 427 428 var errors []string 429 for key, value := range hdr.Xattrs { 430 if err := system.Lsetxattr(path, key, []byte(value), 0); err != nil { 431 // We ignore errors here because not all graphdrivers support xattrs. 432 errors = append(errors, err.Error()) 433 } 434 435 } 436 437 if len(errors) > 0 { 438 logrus.WithFields(logrus.Fields{ 439 "errors": errors, 440 }).Warn("ignored xattrs in archive: underlying filesystem doesn't support them") 441 } 442 443 // There is no LChmod, so ignore mode for symlink. Also, this 444 // must happen after chown, as that can modify the file mode 445 if err := handleLChmod(hdr, path, hdrInfo); err != nil { 446 return err 447 } 448 449 aTime := hdr.AccessTime 450 if aTime.Before(hdr.ModTime) { 451 // Last access time should never be before last modified time. 452 aTime = hdr.ModTime 453 } 454 455 // system.Chtimes doesn't support a NOFOLLOW flag atm 456 if hdr.Typeflag == tar.TypeLink { 457 if fi, err := os.Lstat(hdr.Linkname); err == nil && (fi.Mode()&os.ModeSymlink == 0) { 458 if err := system.Chtimes(path, aTime, hdr.ModTime); err != nil { 459 return err 460 } 461 } 462 } else if hdr.Typeflag != tar.TypeSymlink { 463 if err := system.Chtimes(path, aTime, hdr.ModTime); err != nil { 464 return err 465 } 466 } else { 467 ts := []syscall.Timespec{timeToTimespec(aTime), timeToTimespec(hdr.ModTime)} 468 if err := system.LUtimesNano(path, ts); err != nil && err != system.ErrNotSupportedPlatform { 469 return err 470 } 471 } 472 return nil 473 } 474 475 // Tar creates an archive from the directory at `path`, and returns it as a 476 // stream of bytes. 477 func Tar(path string, compression Compression) (io.ReadCloser, error) { 478 return TarWithOptions(path, &TarOptions{Compression: compression}) 479 } 480 481 // TarWithOptions creates an archive from the directory at `path`, only including files whose relative 482 // paths are included in `options.IncludeFiles` (if non-nil) or not in `options.ExcludePatterns`. 483 func TarWithOptions(srcPath string, options *TarOptions) (io.ReadCloser, error) { 484 485 // Fix the source path to work with long path names. This is a no-op 486 // on platforms other than Windows. 487 srcPath = fixVolumePathPrefix(srcPath) 488 489 patterns, patDirs, exceptions, err := fileutils.CleanPatterns(options.ExcludePatterns) 490 491 if err != nil { 492 return nil, err 493 } 494 495 pipeReader, pipeWriter := io.Pipe() 496 497 compressWriter, err := CompressStream(pipeWriter, options.Compression) 498 if err != nil { 499 return nil, err 500 } 501 502 go func() { 503 ta := &tarAppender{ 504 TarWriter: tar.NewWriter(compressWriter), 505 Buffer: pools.BufioWriter32KPool.Get(nil), 506 SeenFiles: make(map[uint64]string), 507 UIDMaps: options.UIDMaps, 508 GIDMaps: options.GIDMaps, 509 } 510 511 defer func() { 512 // Make sure to check the error on Close. 513 if err := ta.TarWriter.Close(); err != nil { 514 logrus.Errorf("Can't close tar writer: %s", err) 515 } 516 if err := compressWriter.Close(); err != nil { 517 logrus.Errorf("Can't close compress writer: %s", err) 518 } 519 if err := pipeWriter.Close(); err != nil { 520 logrus.Errorf("Can't close pipe writer: %s", err) 521 } 522 }() 523 524 // this buffer is needed for the duration of this piped stream 525 defer pools.BufioWriter32KPool.Put(ta.Buffer) 526 527 // In general we log errors here but ignore them because 528 // during e.g. a diff operation the container can continue 529 // mutating the filesystem and we can see transient errors 530 // from this 531 532 stat, err := os.Lstat(srcPath) 533 if err != nil { 534 return 535 } 536 537 if !stat.IsDir() { 538 // We can't later join a non-dir with any includes because the 539 // 'walk' will error if "file/." is stat-ed and "file" is not a 540 // directory. So, we must split the source path and use the 541 // basename as the include. 542 if len(options.IncludeFiles) > 0 { 543 logrus.Warn("Tar: Can't archive a file with includes") 544 } 545 546 dir, base := SplitPathDirEntry(srcPath) 547 srcPath = dir 548 options.IncludeFiles = []string{base} 549 } 550 551 if len(options.IncludeFiles) == 0 { 552 options.IncludeFiles = []string{"."} 553 } 554 555 seen := make(map[string]bool) 556 557 for _, include := range options.IncludeFiles { 558 rebaseName := options.RebaseNames[include] 559 560 walkRoot := getWalkRoot(srcPath, include) 561 filepath.Walk(walkRoot, func(filePath string, f os.FileInfo, err error) error { 562 if err != nil { 563 logrus.Errorf("Tar: Can't stat file %s to tar: %s", srcPath, err) 564 return nil 565 } 566 567 relFilePath, err := filepath.Rel(srcPath, filePath) 568 if err != nil || (!options.IncludeSourceDir && relFilePath == "." && f.IsDir()) { 569 // Error getting relative path OR we are looking 570 // at the source directory path. Skip in both situations. 571 return nil 572 } 573 574 if options.IncludeSourceDir && include == "." && relFilePath != "." { 575 relFilePath = strings.Join([]string{".", relFilePath}, string(filepath.Separator)) 576 } 577 578 skip := false 579 580 // If "include" is an exact match for the current file 581 // then even if there's an "excludePatterns" pattern that 582 // matches it, don't skip it. IOW, assume an explicit 'include' 583 // is asking for that file no matter what - which is true 584 // for some files, like .dockerignore and Dockerfile (sometimes) 585 if include != relFilePath { 586 skip, err = fileutils.OptimizedMatches(relFilePath, patterns, patDirs) 587 if err != nil { 588 logrus.Errorf("Error matching %s: %v", relFilePath, err) 589 return err 590 } 591 } 592 593 if skip { 594 // If we want to skip this file and its a directory 595 // then we should first check to see if there's an 596 // excludes pattern (eg !dir/file) that starts with this 597 // dir. If so then we can't skip this dir. 598 599 // Its not a dir then so we can just return/skip. 600 if !f.IsDir() { 601 return nil 602 } 603 604 // No exceptions (!...) in patterns so just skip dir 605 if !exceptions { 606 return filepath.SkipDir 607 } 608 609 dirSlash := relFilePath + string(filepath.Separator) 610 611 for _, pat := range patterns { 612 if pat[0] != '!' { 613 continue 614 } 615 pat = pat[1:] + string(filepath.Separator) 616 if strings.HasPrefix(pat, dirSlash) { 617 // found a match - so can't skip this dir 618 return nil 619 } 620 } 621 622 // No matching exclusion dir so just skip dir 623 return filepath.SkipDir 624 } 625 626 if seen[relFilePath] { 627 return nil 628 } 629 seen[relFilePath] = true 630 631 // Rename the base resource. 632 if rebaseName != "" { 633 var replacement string 634 if rebaseName != string(filepath.Separator) { 635 // Special case the root directory to replace with an 636 // empty string instead so that we don't end up with 637 // double slashes in the paths. 638 replacement = rebaseName 639 } 640 641 relFilePath = strings.Replace(relFilePath, include, replacement, 1) 642 } 643 644 if err := ta.addTarFile(filePath, relFilePath); err != nil { 645 logrus.Errorf("Can't add file %s to tar: %s", filePath, err) 646 // if pipe is broken, stop writing tar stream to it 647 if err == io.ErrClosedPipe { 648 return err 649 } 650 } 651 return nil 652 }) 653 } 654 }() 655 656 return pipeReader, nil 657 } 658 659 // Unpack unpacks the decompressedArchive to dest with options. 660 func Unpack(decompressedArchive io.Reader, dest string, options *TarOptions) error { 661 tr := tar.NewReader(decompressedArchive) 662 trBuf := pools.BufioReader32KPool.Get(nil) 663 defer pools.BufioReader32KPool.Put(trBuf) 664 665 var dirs []*tar.Header 666 remappedRootUID, remappedRootGID, err := idtools.GetRootUIDGID(options.UIDMaps, options.GIDMaps) 667 if err != nil { 668 return err 669 } 670 671 // Iterate through the files in the archive. 672 loop: 673 for { 674 hdr, err := tr.Next() 675 if err == io.EOF { 676 // end of tar archive 677 break 678 } 679 if err != nil { 680 return err 681 } 682 683 // Normalize name, for safety and for a simple is-root check 684 // This keeps "../" as-is, but normalizes "/../" to "/". Or Windows: 685 // This keeps "..\" as-is, but normalizes "\..\" to "\". 686 hdr.Name = filepath.Clean(hdr.Name) 687 688 for _, exclude := range options.ExcludePatterns { 689 if strings.HasPrefix(hdr.Name, exclude) { 690 continue loop 691 } 692 } 693 694 // After calling filepath.Clean(hdr.Name) above, hdr.Name will now be in 695 // the filepath format for the OS on which the daemon is running. Hence 696 // the check for a slash-suffix MUST be done in an OS-agnostic way. 697 if !strings.HasSuffix(hdr.Name, string(os.PathSeparator)) { 698 // Not the root directory, ensure that the parent directory exists 699 parent := filepath.Dir(hdr.Name) 700 parentPath := filepath.Join(dest, parent) 701 if _, err := os.Lstat(parentPath); err != nil && os.IsNotExist(err) { 702 err = idtools.MkdirAllNewAs(parentPath, 0777, remappedRootUID, remappedRootGID) 703 if err != nil { 704 return err 705 } 706 } 707 } 708 709 path := filepath.Join(dest, hdr.Name) 710 rel, err := filepath.Rel(dest, path) 711 if err != nil { 712 return err 713 } 714 if strings.HasPrefix(rel, ".."+string(os.PathSeparator)) { 715 return breakoutError(fmt.Errorf("%q is outside of %q", hdr.Name, dest)) 716 } 717 718 // If path exits we almost always just want to remove and replace it 719 // The only exception is when it is a directory *and* the file from 720 // the layer is also a directory. Then we want to merge them (i.e. 721 // just apply the metadata from the layer). 722 if fi, err := os.Lstat(path); err == nil { 723 if options.NoOverwriteDirNonDir && fi.IsDir() && hdr.Typeflag != tar.TypeDir { 724 // If NoOverwriteDirNonDir is true then we cannot replace 725 // an existing directory with a non-directory from the archive. 726 return fmt.Errorf("cannot overwrite directory %q with non-directory %q", path, dest) 727 } 728 729 if options.NoOverwriteDirNonDir && !fi.IsDir() && hdr.Typeflag == tar.TypeDir { 730 // If NoOverwriteDirNonDir is true then we cannot replace 731 // an existing non-directory with a directory from the archive. 732 return fmt.Errorf("cannot overwrite non-directory %q with directory %q", path, dest) 733 } 734 735 if fi.IsDir() && hdr.Name == "." { 736 continue 737 } 738 739 if !(fi.IsDir() && hdr.Typeflag == tar.TypeDir) { 740 if err := os.RemoveAll(path); err != nil { 741 return err 742 } 743 } 744 } 745 trBuf.Reset(tr) 746 747 // if the options contain a uid & gid maps, convert header uid/gid 748 // entries using the maps such that lchown sets the proper mapped 749 // uid/gid after writing the file. We only perform this mapping if 750 // the file isn't already owned by the remapped root UID or GID, as 751 // that specific uid/gid has no mapping from container -> host, and 752 // those files already have the proper ownership for inside the 753 // container. 754 if hdr.Uid != remappedRootUID { 755 xUID, err := idtools.ToHost(hdr.Uid, options.UIDMaps) 756 if err != nil { 757 return err 758 } 759 hdr.Uid = xUID 760 } 761 if hdr.Gid != remappedRootGID { 762 xGID, err := idtools.ToHost(hdr.Gid, options.GIDMaps) 763 if err != nil { 764 return err 765 } 766 hdr.Gid = xGID 767 } 768 769 if err := createTarFile(path, dest, hdr, trBuf, !options.NoLchown, options.ChownOpts); err != nil { 770 return err 771 } 772 773 // Directory mtimes must be handled at the end to avoid further 774 // file creation in them to modify the directory mtime 775 if hdr.Typeflag == tar.TypeDir { 776 dirs = append(dirs, hdr) 777 } 778 } 779 780 for _, hdr := range dirs { 781 path := filepath.Join(dest, hdr.Name) 782 783 if err := system.Chtimes(path, hdr.AccessTime, hdr.ModTime); err != nil { 784 return err 785 } 786 } 787 return nil 788 } 789 790 // Untar reads a stream of bytes from `archive`, parses it as a tar archive, 791 // and unpacks it into the directory at `dest`. 792 // The archive may be compressed with one of the following algorithms: 793 // identity (uncompressed), gzip, bzip2, xz. 794 // FIXME: specify behavior when target path exists vs. doesn't exist. 795 func Untar(tarArchive io.Reader, dest string, options *TarOptions) error { 796 return untarHandler(tarArchive, dest, options, true) 797 } 798 799 // UntarUncompressed reads a stream of bytes from `archive`, parses it as a tar archive, 800 // and unpacks it into the directory at `dest`. 801 // The archive must be an uncompressed stream. 802 func UntarUncompressed(tarArchive io.Reader, dest string, options *TarOptions) error { 803 return untarHandler(tarArchive, dest, options, false) 804 } 805 806 // Handler for teasing out the automatic decompression 807 func untarHandler(tarArchive io.Reader, dest string, options *TarOptions, decompress bool) error { 808 if tarArchive == nil { 809 return fmt.Errorf("Empty archive") 810 } 811 dest = filepath.Clean(dest) 812 if options == nil { 813 options = &TarOptions{} 814 } 815 if options.ExcludePatterns == nil { 816 options.ExcludePatterns = []string{} 817 } 818 819 r := tarArchive 820 if decompress { 821 decompressedArchive, err := DecompressStream(tarArchive) 822 if err != nil { 823 return err 824 } 825 defer decompressedArchive.Close() 826 r = decompressedArchive 827 } 828 829 return Unpack(r, dest, options) 830 } 831 832 // TarUntar is a convenience function which calls Tar and Untar, with the output of one piped into the other. 833 // If either Tar or Untar fails, TarUntar aborts and returns the error. 834 func (archiver *Archiver) TarUntar(src, dst string) error { 835 logrus.Debugf("TarUntar(%s %s)", src, dst) 836 archive, err := TarWithOptions(src, &TarOptions{Compression: Uncompressed}) 837 if err != nil { 838 return err 839 } 840 defer archive.Close() 841 842 var options *TarOptions 843 if archiver.UIDMaps != nil || archiver.GIDMaps != nil { 844 options = &TarOptions{ 845 UIDMaps: archiver.UIDMaps, 846 GIDMaps: archiver.GIDMaps, 847 } 848 } 849 return archiver.Untar(archive, dst, options) 850 } 851 852 // TarUntar is a convenience function which calls Tar and Untar, with the output of one piped into the other. 853 // If either Tar or Untar fails, TarUntar aborts and returns the error. 854 func TarUntar(src, dst string) error { 855 return defaultArchiver.TarUntar(src, dst) 856 } 857 858 // UntarPath untar a file from path to a destination, src is the source tar file path. 859 func (archiver *Archiver) UntarPath(src, dst string) error { 860 archive, err := os.Open(src) 861 if err != nil { 862 return err 863 } 864 defer archive.Close() 865 var options *TarOptions 866 if archiver.UIDMaps != nil || archiver.GIDMaps != nil { 867 options = &TarOptions{ 868 UIDMaps: archiver.UIDMaps, 869 GIDMaps: archiver.GIDMaps, 870 } 871 } 872 return archiver.Untar(archive, dst, options) 873 } 874 875 // UntarPath is a convenience function which looks for an archive 876 // at filesystem path `src`, and unpacks it at `dst`. 877 func UntarPath(src, dst string) error { 878 return defaultArchiver.UntarPath(src, dst) 879 } 880 881 // CopyWithTar creates a tar archive of filesystem path `src`, and 882 // unpacks it at filesystem path `dst`. 883 // The archive is streamed directly with fixed buffering and no 884 // intermediary disk IO. 885 func (archiver *Archiver) CopyWithTar(src, dst string) error { 886 srcSt, err := os.Stat(src) 887 if err != nil { 888 return err 889 } 890 if !srcSt.IsDir() { 891 return archiver.CopyFileWithTar(src, dst) 892 } 893 894 // if this archiver is set up with ID mapping we need to create 895 // the new destination directory with the remapped root UID/GID pair 896 // as owner 897 rootUID, rootGID, err := idtools.GetRootUIDGID(archiver.UIDMaps, archiver.GIDMaps) 898 if err != nil { 899 return err 900 } 901 // Create dst, copy src's content into it 902 logrus.Debugf("Creating dest directory: %s", dst) 903 if err := idtools.MkdirAllNewAs(dst, 0755, rootUID, rootGID); err != nil { 904 return err 905 } 906 logrus.Debugf("Calling TarUntar(%s, %s)", src, dst) 907 return archiver.TarUntar(src, dst) 908 } 909 910 // CopyWithTar creates a tar archive of filesystem path `src`, and 911 // unpacks it at filesystem path `dst`. 912 // The archive is streamed directly with fixed buffering and no 913 // intermediary disk IO. 914 func CopyWithTar(src, dst string) error { 915 return defaultArchiver.CopyWithTar(src, dst) 916 } 917 918 // CopyFileWithTar emulates the behavior of the 'cp' command-line 919 // for a single file. It copies a regular file from path `src` to 920 // path `dst`, and preserves all its metadata. 921 func (archiver *Archiver) CopyFileWithTar(src, dst string) (err error) { 922 logrus.Debugf("CopyFileWithTar(%s, %s)", src, dst) 923 srcSt, err := os.Stat(src) 924 if err != nil { 925 return err 926 } 927 928 if srcSt.IsDir() { 929 return fmt.Errorf("Can't copy a directory") 930 } 931 932 // Clean up the trailing slash. This must be done in an operating 933 // system specific manner. 934 if dst[len(dst)-1] == os.PathSeparator { 935 dst = filepath.Join(dst, filepath.Base(src)) 936 } 937 // Create the holding directory if necessary 938 if err := system.MkdirAll(filepath.Dir(dst), 0700); err != nil { 939 return err 940 } 941 942 r, w := io.Pipe() 943 errC := promise.Go(func() error { 944 defer w.Close() 945 946 srcF, err := os.Open(src) 947 if err != nil { 948 return err 949 } 950 defer srcF.Close() 951 952 hdr, err := tar.FileInfoHeader(srcSt, "") 953 if err != nil { 954 return err 955 } 956 hdr.Name = filepath.Base(dst) 957 hdr.Mode = int64(chmodTarEntry(os.FileMode(hdr.Mode))) 958 959 remappedRootUID, remappedRootGID, err := idtools.GetRootUIDGID(archiver.UIDMaps, archiver.GIDMaps) 960 if err != nil { 961 return err 962 } 963 964 // only perform mapping if the file being copied isn't already owned by the 965 // uid or gid of the remapped root in the container 966 if remappedRootUID != hdr.Uid { 967 xUID, err := idtools.ToHost(hdr.Uid, archiver.UIDMaps) 968 if err != nil { 969 return err 970 } 971 hdr.Uid = xUID 972 } 973 if remappedRootGID != hdr.Gid { 974 xGID, err := idtools.ToHost(hdr.Gid, archiver.GIDMaps) 975 if err != nil { 976 return err 977 } 978 hdr.Gid = xGID 979 } 980 981 tw := tar.NewWriter(w) 982 defer tw.Close() 983 if err := tw.WriteHeader(hdr); err != nil { 984 return err 985 } 986 if _, err := io.Copy(tw, srcF); err != nil { 987 return err 988 } 989 return nil 990 }) 991 defer func() { 992 if er := <-errC; err != nil { 993 err = er 994 } 995 }() 996 997 err = archiver.Untar(r, filepath.Dir(dst), nil) 998 if err != nil { 999 r.CloseWithError(err) 1000 } 1001 return err 1002 } 1003 1004 // CopyFileWithTar emulates the behavior of the 'cp' command-line 1005 // for a single file. It copies a regular file from path `src` to 1006 // path `dst`, and preserves all its metadata. 1007 // 1008 // Destination handling is in an operating specific manner depending 1009 // where the daemon is running. If `dst` ends with a trailing slash 1010 // the final destination path will be `dst/base(src)` (Linux) or 1011 // `dst\base(src)` (Windows). 1012 func CopyFileWithTar(src, dst string) (err error) { 1013 return defaultArchiver.CopyFileWithTar(src, dst) 1014 } 1015 1016 // cmdStream executes a command, and returns its stdout as a stream. 1017 // If the command fails to run or doesn't complete successfully, an error 1018 // will be returned, including anything written on stderr. 1019 func cmdStream(cmd *exec.Cmd, input io.Reader) (io.ReadCloser, <-chan struct{}, error) { 1020 chdone := make(chan struct{}) 1021 cmd.Stdin = input 1022 pipeR, pipeW := io.Pipe() 1023 cmd.Stdout = pipeW 1024 var errBuf bytes.Buffer 1025 cmd.Stderr = &errBuf 1026 1027 // Run the command and return the pipe 1028 if err := cmd.Start(); err != nil { 1029 return nil, nil, err 1030 } 1031 1032 // Copy stdout to the returned pipe 1033 go func() { 1034 if err := cmd.Wait(); err != nil { 1035 pipeW.CloseWithError(fmt.Errorf("%s: %s", err, errBuf.String())) 1036 } else { 1037 pipeW.Close() 1038 } 1039 close(chdone) 1040 }() 1041 1042 return pipeR, chdone, nil 1043 } 1044 1045 // NewTempArchive reads the content of src into a temporary file, and returns the contents 1046 // of that file as an archive. The archive can only be read once - as soon as reading completes, 1047 // the file will be deleted. 1048 func NewTempArchive(src Archive, dir string) (*TempArchive, error) { 1049 f, err := ioutil.TempFile(dir, "") 1050 if err != nil { 1051 return nil, err 1052 } 1053 if _, err := io.Copy(f, src); err != nil { 1054 return nil, err 1055 } 1056 if _, err := f.Seek(0, 0); err != nil { 1057 return nil, err 1058 } 1059 st, err := f.Stat() 1060 if err != nil { 1061 return nil, err 1062 } 1063 size := st.Size() 1064 return &TempArchive{File: f, Size: size}, nil 1065 } 1066 1067 // TempArchive is a temporary archive. The archive can only be read once - as soon as reading completes, 1068 // the file will be deleted. 1069 type TempArchive struct { 1070 *os.File 1071 Size int64 // Pre-computed from Stat().Size() as a convenience 1072 read int64 1073 closed bool 1074 } 1075 1076 // Close closes the underlying file if it's still open, or does a no-op 1077 // to allow callers to try to close the TempArchive multiple times safely. 1078 func (archive *TempArchive) Close() error { 1079 if archive.closed { 1080 return nil 1081 } 1082 1083 archive.closed = true 1084 1085 return archive.File.Close() 1086 } 1087 1088 func (archive *TempArchive) Read(data []byte) (int, error) { 1089 n, err := archive.File.Read(data) 1090 archive.read += int64(n) 1091 if err != nil || archive.read == archive.Size { 1092 archive.Close() 1093 os.Remove(archive.File.Name()) 1094 } 1095 return n, err 1096 }