github.com/ttys3/engine@v17.12.1-ce-rc2+incompatible/pkg/tarsum/tarsum.go (about) 1 // Package tarsum provides algorithms to perform checksum calculation on 2 // filesystem layers. 3 // 4 // The transportation of filesystems, regarding Docker, is done with tar(1) 5 // archives. There are a variety of tar serialization formats [2], and a key 6 // concern here is ensuring a repeatable checksum given a set of inputs from a 7 // generic tar archive. Types of transportation include distribution to and from a 8 // registry endpoint, saving and loading through commands or Docker daemon APIs, 9 // transferring the build context from client to Docker daemon, and committing the 10 // filesystem of a container to become an image. 11 // 12 // As tar archives are used for transit, but not preserved in many situations, the 13 // focus of the algorithm is to ensure the integrity of the preserved filesystem, 14 // while maintaining a deterministic accountability. This includes neither 15 // constraining the ordering or manipulation of the files during the creation or 16 // unpacking of the archive, nor include additional metadata state about the file 17 // system attributes. 18 package tarsum 19 20 import ( 21 "archive/tar" 22 "bytes" 23 "compress/gzip" 24 "crypto" 25 "crypto/sha256" 26 "encoding/hex" 27 "errors" 28 "fmt" 29 "hash" 30 "io" 31 "path" 32 "strings" 33 ) 34 35 const ( 36 buf8K = 8 * 1024 37 buf16K = 16 * 1024 38 buf32K = 32 * 1024 39 ) 40 41 // NewTarSum creates a new interface for calculating a fixed time checksum of a 42 // tar archive. 43 // 44 // This is used for calculating checksums of layers of an image, in some cases 45 // including the byte payload of the image's json metadata as well, and for 46 // calculating the checksums for buildcache. 47 func NewTarSum(r io.Reader, dc bool, v Version) (TarSum, error) { 48 return NewTarSumHash(r, dc, v, DefaultTHash) 49 } 50 51 // NewTarSumHash creates a new TarSum, providing a THash to use rather than 52 // the DefaultTHash. 53 func NewTarSumHash(r io.Reader, dc bool, v Version, tHash THash) (TarSum, error) { 54 headerSelector, err := getTarHeaderSelector(v) 55 if err != nil { 56 return nil, err 57 } 58 ts := &tarSum{Reader: r, DisableCompression: dc, tarSumVersion: v, headerSelector: headerSelector, tHash: tHash} 59 err = ts.initTarSum() 60 return ts, err 61 } 62 63 // NewTarSumForLabel creates a new TarSum using the provided TarSum version+hash label. 64 func NewTarSumForLabel(r io.Reader, disableCompression bool, label string) (TarSum, error) { 65 parts := strings.SplitN(label, "+", 2) 66 if len(parts) != 2 { 67 return nil, errors.New("tarsum label string should be of the form: {tarsum_version}+{hash_name}") 68 } 69 70 versionName, hashName := parts[0], parts[1] 71 72 version, ok := tarSumVersionsByName[versionName] 73 if !ok { 74 return nil, fmt.Errorf("unknown TarSum version name: %q", versionName) 75 } 76 77 hashConfig, ok := standardHashConfigs[hashName] 78 if !ok { 79 return nil, fmt.Errorf("unknown TarSum hash name: %q", hashName) 80 } 81 82 tHash := NewTHash(hashConfig.name, hashConfig.hash.New) 83 84 return NewTarSumHash(r, disableCompression, version, tHash) 85 } 86 87 // TarSum is the generic interface for calculating fixed time 88 // checksums of a tar archive. 89 type TarSum interface { 90 io.Reader 91 GetSums() FileInfoSums 92 Sum([]byte) string 93 Version() Version 94 Hash() THash 95 } 96 97 // tarSum struct is the structure for a Version0 checksum calculation. 98 type tarSum struct { 99 io.Reader 100 tarR *tar.Reader 101 tarW *tar.Writer 102 writer writeCloseFlusher 103 bufTar *bytes.Buffer 104 bufWriter *bytes.Buffer 105 bufData []byte 106 h hash.Hash 107 tHash THash 108 sums FileInfoSums 109 fileCounter int64 110 currentFile string 111 finished bool 112 first bool 113 DisableCompression bool // false by default. When false, the output gzip compressed. 114 tarSumVersion Version // this field is not exported so it can not be mutated during use 115 headerSelector tarHeaderSelector // handles selecting and ordering headers for files in the archive 116 } 117 118 func (ts tarSum) Hash() THash { 119 return ts.tHash 120 } 121 122 func (ts tarSum) Version() Version { 123 return ts.tarSumVersion 124 } 125 126 // THash provides a hash.Hash type generator and its name. 127 type THash interface { 128 Hash() hash.Hash 129 Name() string 130 } 131 132 // NewTHash is a convenience method for creating a THash. 133 func NewTHash(name string, h func() hash.Hash) THash { 134 return simpleTHash{n: name, h: h} 135 } 136 137 type tHashConfig struct { 138 name string 139 hash crypto.Hash 140 } 141 142 var ( 143 // NOTE: DO NOT include MD5 or SHA1, which are considered insecure. 144 standardHashConfigs = map[string]tHashConfig{ 145 "sha256": {name: "sha256", hash: crypto.SHA256}, 146 "sha512": {name: "sha512", hash: crypto.SHA512}, 147 } 148 ) 149 150 // DefaultTHash is default TarSum hashing algorithm - "sha256". 151 var DefaultTHash = NewTHash("sha256", sha256.New) 152 153 type simpleTHash struct { 154 n string 155 h func() hash.Hash 156 } 157 158 func (sth simpleTHash) Name() string { return sth.n } 159 func (sth simpleTHash) Hash() hash.Hash { return sth.h() } 160 161 func (ts *tarSum) encodeHeader(h *tar.Header) error { 162 for _, elem := range ts.headerSelector.selectHeaders(h) { 163 if _, err := ts.h.Write([]byte(elem[0] + elem[1])); err != nil { 164 return err 165 } 166 } 167 return nil 168 } 169 170 func (ts *tarSum) initTarSum() error { 171 ts.bufTar = bytes.NewBuffer([]byte{}) 172 ts.bufWriter = bytes.NewBuffer([]byte{}) 173 ts.tarR = tar.NewReader(ts.Reader) 174 ts.tarW = tar.NewWriter(ts.bufTar) 175 if !ts.DisableCompression { 176 ts.writer = gzip.NewWriter(ts.bufWriter) 177 } else { 178 ts.writer = &nopCloseFlusher{Writer: ts.bufWriter} 179 } 180 if ts.tHash == nil { 181 ts.tHash = DefaultTHash 182 } 183 ts.h = ts.tHash.Hash() 184 ts.h.Reset() 185 ts.first = true 186 ts.sums = FileInfoSums{} 187 return nil 188 } 189 190 func (ts *tarSum) Read(buf []byte) (int, error) { 191 if ts.finished { 192 return ts.bufWriter.Read(buf) 193 } 194 if len(ts.bufData) < len(buf) { 195 switch { 196 case len(buf) <= buf8K: 197 ts.bufData = make([]byte, buf8K) 198 case len(buf) <= buf16K: 199 ts.bufData = make([]byte, buf16K) 200 case len(buf) <= buf32K: 201 ts.bufData = make([]byte, buf32K) 202 default: 203 ts.bufData = make([]byte, len(buf)) 204 } 205 } 206 buf2 := ts.bufData[:len(buf)] 207 208 n, err := ts.tarR.Read(buf2) 209 if err != nil { 210 if err == io.EOF { 211 if _, err := ts.h.Write(buf2[:n]); err != nil { 212 return 0, err 213 } 214 if !ts.first { 215 ts.sums = append(ts.sums, fileInfoSum{name: ts.currentFile, sum: hex.EncodeToString(ts.h.Sum(nil)), pos: ts.fileCounter}) 216 ts.fileCounter++ 217 ts.h.Reset() 218 } else { 219 ts.first = false 220 } 221 222 currentHeader, err := ts.tarR.Next() 223 if err != nil { 224 if err == io.EOF { 225 if err := ts.tarW.Close(); err != nil { 226 return 0, err 227 } 228 if _, err := io.Copy(ts.writer, ts.bufTar); err != nil { 229 return 0, err 230 } 231 if err := ts.writer.Close(); err != nil { 232 return 0, err 233 } 234 ts.finished = true 235 return n, nil 236 } 237 return n, err 238 } 239 ts.currentFile = path.Clean(currentHeader.Name) 240 if err := ts.encodeHeader(currentHeader); err != nil { 241 return 0, err 242 } 243 if err := ts.tarW.WriteHeader(currentHeader); err != nil { 244 return 0, err 245 } 246 if _, err := ts.tarW.Write(buf2[:n]); err != nil { 247 return 0, err 248 } 249 ts.tarW.Flush() 250 if _, err := io.Copy(ts.writer, ts.bufTar); err != nil { 251 return 0, err 252 } 253 ts.writer.Flush() 254 255 return ts.bufWriter.Read(buf) 256 } 257 return n, err 258 } 259 260 // Filling the hash buffer 261 if _, err = ts.h.Write(buf2[:n]); err != nil { 262 return 0, err 263 } 264 265 // Filling the tar writer 266 if _, err = ts.tarW.Write(buf2[:n]); err != nil { 267 return 0, err 268 } 269 ts.tarW.Flush() 270 271 // Filling the output writer 272 if _, err = io.Copy(ts.writer, ts.bufTar); err != nil { 273 return 0, err 274 } 275 ts.writer.Flush() 276 277 return ts.bufWriter.Read(buf) 278 } 279 280 func (ts *tarSum) Sum(extra []byte) string { 281 ts.sums.SortBySums() 282 h := ts.tHash.Hash() 283 if extra != nil { 284 h.Write(extra) 285 } 286 for _, fis := range ts.sums { 287 h.Write([]byte(fis.Sum())) 288 } 289 checksum := ts.Version().String() + "+" + ts.tHash.Name() + ":" + hex.EncodeToString(h.Sum(nil)) 290 return checksum 291 } 292 293 func (ts *tarSum) GetSums() FileInfoSums { 294 return ts.sums 295 }