moby--moby/pkg/chrootarchive/archive_unix.go

//go:build !windows
// +build !windows

package chrootarchive // import "github.com/docker/docker/pkg/chrootarchive"

import (
	"bytes"
	"encoding/json"
	"flag"
	"fmt"
	"io"
	"io/ioutil"
	"os"
	"path/filepath"
	"runtime"
	"strings"

	"github.com/docker/docker/pkg/archive"
	"github.com/docker/docker/pkg/reexec"
	"github.com/pkg/errors"
)

// untar is the entry-point for docker-untar on re-exec. This is not used on
// Windows as it does not support chroot, hence no point sandboxing through
// chroot and rexec.
func untar() {
	runtime.LockOSThread()
	flag.Parse()

	var options archive.TarOptions

	// read the options from the pipe "ExtraFiles"
	if err := json.NewDecoder(os.NewFile(3, "options")).Decode(&options); err != nil {
		fatal(err)
	}

	dst := flag.Arg(0)
	var root string
	if len(flag.Args()) > 1 {
		root = flag.Arg(1)
	}

	if root == "" {
		root = dst
	}

	if err := chroot(root); err != nil {
		fatal(err)
	}

	if err := archive.Unpack(os.Stdin, dst, &options); err != nil {
		fatal(err)
	}
	// fully consume stdin in case it is zero padded
	if _, err := flush(os.Stdin); err != nil {
		fatal(err)
	}

	os.Exit(0)
}

func invokeUnpack(decompressedArchive io.Reader, dest string, options *archive.TarOptions, root string) error {
	if root == "" {
		return errors.New("must specify a root to chroot to")
	}

	// We can't pass a potentially large exclude list directly via cmd line
	// because we easily overrun the kernel's max argument/environment size
	// when the full image list is passed (e.g. when this is used by
	// `docker load`). We will marshall the options via a pipe to the
	// child
	r, w, err := os.Pipe()
	if err != nil {
		return fmt.Errorf("Untar pipe failure: %v", err)
	}

	if root != "" {
		relDest, err := filepath.Rel(root, dest)
		if err != nil {
			return err
		}
		if relDest == "." {
			relDest = "/"
		}
		if relDest[0] != '/' {
			relDest = "/" + relDest
		}
		dest = relDest
	}

	cmd := reexec.Command("docker-untar", dest, root)
	cmd.Stdin = decompressedArchive

	cmd.ExtraFiles = append(cmd.ExtraFiles, r)
	output := bytes.NewBuffer(nil)
	cmd.Stdout = output
	cmd.Stderr = output

	if err := cmd.Start(); err != nil {
		w.Close()
		return fmt.Errorf("Untar error on re-exec cmd: %v", err)
	}

	// write the options to the pipe for the untar exec to read
	if err := json.NewEncoder(w).Encode(options); err != nil {
		w.Close()
		return fmt.Errorf("Untar json encode to pipe failed: %v", err)
	}
	w.Close()

	if err := cmd.Wait(); err != nil {
		// when `xz -d -c -q | docker-untar ...` failed on docker-untar side,
		// we need to exhaust `xz`'s output, otherwise the `xz` side will be
		// pending on write pipe forever
		io.Copy(ioutil.Discard, decompressedArchive)

		return fmt.Errorf("Error processing tar file(%v): %s", err, output)
	}
	return nil
}

func tar() {
	runtime.LockOSThread()
	flag.Parse()

	src := flag.Arg(0)
	var root string
	if len(flag.Args()) > 1 {
		root = flag.Arg(1)
	}

	if root == "" {
		root = src
	}

	if err := realChroot(root); err != nil {
		fatal(err)
	}

	var options archive.TarOptions
	if err := json.NewDecoder(os.Stdin).Decode(&options); err != nil {
		fatal(err)
	}

	rdr, err := archive.TarWithOptions(src, &options)
	if err != nil {
		fatal(err)
	}
	defer rdr.Close()

	if _, err := io.Copy(os.Stdout, rdr); err != nil {
		fatal(err)
	}

	os.Exit(0)
}

func invokePack(srcPath string, options *archive.TarOptions, root string) (io.ReadCloser, error) {
	if root == "" {
		return nil, errors.New("root path must not be empty")
	}

	relSrc, err := filepath.Rel(root, srcPath)
	if err != nil {
		return nil, err
	}
	if relSrc == "." {
		relSrc = "/"
	}
	if relSrc[0] != '/' {
		relSrc = "/" + relSrc
	}

	// make sure we didn't trim a trailing slash with the call to `Rel`
	if strings.HasSuffix(srcPath, "/") && !strings.HasSuffix(relSrc, "/") {
		relSrc += "/"
	}

	cmd := reexec.Command("docker-tar", relSrc, root)

	errBuff := bytes.NewBuffer(nil)
	cmd.Stderr = errBuff

	tarR, tarW := io.Pipe()
	cmd.Stdout = tarW

	stdin, err := cmd.StdinPipe()
	if err != nil {
		return nil, errors.Wrap(err, "error getting options pipe for tar process")
	}

	if err := cmd.Start(); err != nil {
		return nil, errors.Wrap(err, "tar error on re-exec cmd")
	}

	go func() {
		err := cmd.Wait()
		err = errors.Wrapf(err, "error processing tar file: %s", errBuff)
		tarW.CloseWithError(err)
	}()

	if err := json.NewEncoder(stdin).Encode(options); err != nil {
		stdin.Close()
		return nil, errors.Wrap(err, "tar json encode to pipe failed")
	}
	stdin.Close()

	return tarR, nil
}
Update to Go 1.17.0, and gofmt with Go 1.17 Movified from 686be57d0a6e514c0cddb2f3ac9cbb3cbef87f5f, and re-ran gofmt again to address for files not present in 20.10 and vice-versa. Signed-off-by: Sebastiaan van Stijn <github@gone.nl> (cherry picked from commit 686be57d0a6e514c0cddb2f3ac9cbb3cbef87f5f) Signed-off-by: Sebastiaan van Stijn <github@gone.nl> 2021-08-23 13:14:53 +00:00			`//go:build !windows`
Windows: chrootarchive refactor Signed-off-by: John Howard <jhoward@microsoft.com> 2015-05-14 22:08:00 +00:00			`// +build !windows`

Add canonical import comment Signed-off-by: Daniel Nephin <dnephin@docker.com> 2018-02-05 21:05:59 +00:00			`package chrootarchive // import "github.com/docker/docker/pkg/chrootarchive"`
Windows: chrootarchive refactor Signed-off-by: John Howard <jhoward@microsoft.com> 2015-05-14 22:08:00 +00:00
			`import (`
Windows: Docker build starting to work Signed-off-by: John Howard <jhoward@microsoft.com> 2015-06-01 23:42:27 +00:00			`"bytes"`
			`"encoding/json"`
			`"flag"`
			`"fmt"`
			`"io"`
fix a race crash when building with "ADD some-broken.tar.xz ..." The race is between pools.Put which calls buf.Reset and exec.Cmd doing io.Copy from the buffer; it caused a runtime crash, as described in #16924: ``` docker-daemon cat the-tarball.xz \| xz -d -c -q \| docker-untar /path/to/... (aufs ) ``` When docker-untar side fails (like try to set xattr on aufs, or a broken tar), invokeUnpack will be responsible to exhaust all input, otherwise `xz` will be write pending for ever. this change add a receive only channel to cmdStream, and will close it to notify it's now safe to close the input stream; in CmdStream the change to use Stdin / Stdout / Stderr keeps the code simple, os/exec.Cmd will spawn goroutines and call io.Copy automatically. the CmdStream is actually called in the same file only, change it lowercase to mark as private. [...] INFO[0000] Docker daemon commit=0a8c2e3 execdriver=native-0.2 graphdriver=aufs version=1.8.2 DEBU[0006] Calling POST /build INFO[0006] POST /v1.20/build?cgroupparent=&cpuperiod=0&cpuquota=0&cpusetcpus=&cpusetmems=&cpushares=0&dockerfile=Dockerfile&memory=0&memswap=0&rm=1&t=gentoo-x32&ulimits=null DEBU[0008] [BUILDER] Cache miss DEBU[0009] Couldn't untar /home/lib-docker-v1.8.2-tmp/tmp/docker-build316710953/stage3-x32-20151004.tar.xz to /home/lib-docker-v1.8.2-tmp/aufs/mnt/d909abb87150463939c13e8a349b889a72d9b14f0cfcab42a8711979be285537: Untar re-exec error: exit status 1: output: operation not supported DEBU[0009] CopyFileWithTar(/home/lib-docker-v1.8.2-tmp/tmp/docker-build316710953/stage3-x32-20151004.tar.xz, /home/lib-docker-v1.8.2-tmp/aufs/mnt/d909abb87150463939c13e8a349b889a72d9b14f0cfcab42a8711979be285537/) panic: runtime error: slice bounds out of range goroutine 42 [running]: bufio.(Reader).fill(0xc208187800) /usr/local/go/src/bufio/bufio.go:86 +0x2db bufio.(Reader).WriteTo(0xc208187800, 0x7ff39602d150, 0xc2083f11a0, 0x508000, 0x0, 0x0) /usr/local/go/src/bufio/bufio.go:449 +0x27e io.Copy(0x7ff39602d150, 0xc2083f11a0, 0x7ff3960261f8, 0xc208187800, 0x0, 0x0, 0x0) /usr/local/go/src/io/io.go:354 +0xb2 github.com/docker/docker/pkg/archive.func·006() /go/src/github.com/docker/docker/pkg/archive/archive.go:817 +0x71 created by github.com/docker/docker/pkg/archive.CmdStream /go/src/github.com/docker/docker/pkg/archive/archive.go:819 +0x1ec goroutine 1 [chan receive]: main.(DaemonCli).CmdDaemon(0xc20809da30, 0xc20800a020, 0xd, 0xd, 0x0, 0x0) /go/src/github.com/docker/docker/docker/daemon.go:289 +0x1781 reflect.callMethod(0xc208140090, 0xc20828fce0) /usr/local/go/src/reflect/value.go:605 +0x179 reflect.methodValueCall(0xc20800a020, 0xd, 0xd, 0x1, 0xc208140090, 0x0, 0x0, 0xc208140090, 0x0, 0x45343f, ...) /usr/local/go/src/reflect/asm_amd64.s:29 +0x36 github.com/docker/docker/cli.(Cli).Run(0xc208129fb0, 0xc20800a010, 0xe, 0xe, 0x0, 0x0) /go/src/github.com/docker/docker/cli/cli.go:89 +0x38e main.main() /go/src/github.com/docker/docker/docker/docker.go:69 +0x428 goroutine 5 [syscall]: os/signal.loop() /usr/local/go/src/os/signal/signal_unix.go:21 +0x1f created by os/signal.init·1 /usr/local/go/src/os/signal/signal_unix.go:27 +0x35 Signed-off-by: Derek Ch <denc716@gmail.com> 2015-10-09 19:54:21 +00:00			`"io/ioutil"`
Windows: Docker build starting to work Signed-off-by: John Howard <jhoward@microsoft.com> 2015-06-01 23:42:27 +00:00			`"os"`
Pass root to chroot to for chroot Untar This is useful for preventing CVE-2018-15664 where a malicious container process can take advantage of a race on symlink resolution/sanitization. Before this change chrootarchive would chroot to the destination directory which is attacker controlled. With this patch we always chroot to the container's root which is not attacker controlled. Signed-off-by: Brian Goff <cpuguy83@gmail.com> 2019-05-30 18:15:09 +00:00			`"path/filepath"`
Windows: Docker build starting to work Signed-off-by: John Howard <jhoward@microsoft.com> 2015-06-01 23:42:27 +00:00			`"runtime"`
Add chroot for tar packing operations Previously only unpack operations were supported with chroot. This adds chroot support for packing operations. This prevents potential breakouts when copying data from a container. Signed-off-by: Brian Goff <cpuguy83@gmail.com> 2019-05-30 21:55:52 +00:00			`"strings"`
Windows: Docker build starting to work Signed-off-by: John Howard <jhoward@microsoft.com> 2015-06-01 23:42:27 +00:00
			`"github.com/docker/docker/pkg/archive"`
			`"github.com/docker/docker/pkg/reexec"`
Add chroot for tar packing operations Previously only unpack operations were supported with chroot. This adds chroot support for packing operations. This prevents potential breakouts when copying data from a container. Signed-off-by: Brian Goff <cpuguy83@gmail.com> 2019-05-30 21:55:52 +00:00			`"github.com/pkg/errors"`
Windows: chrootarchive refactor Signed-off-by: John Howard <jhoward@microsoft.com> 2015-05-14 22:08:00 +00:00			`)`

Windows: Docker build starting to work Signed-off-by: John Howard <jhoward@microsoft.com> 2015-06-01 23:42:27 +00:00			`// untar is the entry-point for docker-untar on re-exec. This is not used on`
			`// Windows as it does not support chroot, hence no point sandboxing through`
			`// chroot and rexec.`
			`func untar() {`
			`runtime.LockOSThread()`
			`flag.Parse()`

Add chroot for tar packing operations Previously only unpack operations were supported with chroot. This adds chroot support for packing operations. This prevents potential breakouts when copying data from a container. Signed-off-by: Brian Goff <cpuguy83@gmail.com> 2019-05-30 21:55:52 +00:00			`var options archive.TarOptions`
Windows: Docker build starting to work Signed-off-by: John Howard <jhoward@microsoft.com> 2015-06-01 23:42:27 +00:00
pkg/chrootarchive: normalize comment formatting Signed-off-by: Sebastiaan van Stijn <github@gone.nl> 2019-11-27 14:39:12 +00:00			`// read the options from the pipe "ExtraFiles"`
Windows: Docker build starting to work Signed-off-by: John Howard <jhoward@microsoft.com> 2015-06-01 23:42:27 +00:00			`if err := json.NewDecoder(os.NewFile(3, "options")).Decode(&options); err != nil {`
			`fatal(err)`
			`}`

Pass root to chroot to for chroot Untar This is useful for preventing CVE-2018-15664 where a malicious container process can take advantage of a race on symlink resolution/sanitization. Before this change chrootarchive would chroot to the destination directory which is attacker controlled. With this patch we always chroot to the container's root which is not attacker controlled. Signed-off-by: Brian Goff <cpuguy83@gmail.com> 2019-05-30 18:15:09 +00:00			`dst := flag.Arg(0)`
			`var root string`
			`if len(flag.Args()) > 1 {`
			`root = flag.Arg(1)`
			`}`

			`if root == "" {`
			`root = dst`
			`}`

			`if err := chroot(root); err != nil {`
Windows: Docker build starting to work Signed-off-by: John Howard <jhoward@microsoft.com> 2015-06-01 23:42:27 +00:00			`fatal(err)`
			`}`

Add chroot for tar packing operations Previously only unpack operations were supported with chroot. This adds chroot support for packing operations. This prevents potential breakouts when copying data from a container. Signed-off-by: Brian Goff <cpuguy83@gmail.com> 2019-05-30 21:55:52 +00:00			`if err := archive.Unpack(os.Stdin, dst, &options); err != nil {`
Windows: Docker build starting to work Signed-off-by: John Howard <jhoward@microsoft.com> 2015-06-01 23:42:27 +00:00			`fatal(err)`
			`}`
			`// fully consume stdin in case it is zero padded`
Remove flush(stdout) in pkg/chrootarchive/diff_unix.go and improve error reporting of flush() to fix #21103 pkg/chrootarchive/diff_unix.go erroneously calls flush on stdout, which tries to read from stdout returning an error. This has been fixed by removing the call and by modifying flush to return errors and checking for these errors on calls to flush. Signed-off-by: Amit Krishnan <krish.amit@gmail.com> 2016-03-14 20:22:05 +00:00			`if _, err := flush(os.Stdin); err != nil {`
			`fatal(err)`
			`}`

Windows: Docker build starting to work Signed-off-by: John Howard <jhoward@microsoft.com> 2015-06-01 23:42:27 +00:00			`os.Exit(0)`
			`}`

Pass root to chroot to for chroot Untar This is useful for preventing CVE-2018-15664 where a malicious container process can take advantage of a race on symlink resolution/sanitization. Before this change chrootarchive would chroot to the destination directory which is attacker controlled. With this patch we always chroot to the container's root which is not attacker controlled. Signed-off-by: Brian Goff <cpuguy83@gmail.com> 2019-05-30 18:15:09 +00:00			`func invokeUnpack(decompressedArchive io.Reader, dest string, options *archive.TarOptions, root string) error {`
Add chroot for tar packing operations Previously only unpack operations were supported with chroot. This adds chroot support for packing operations. This prevents potential breakouts when copying data from a container. Signed-off-by: Brian Goff <cpuguy83@gmail.com> 2019-05-30 21:55:52 +00:00			`if root == "" {`
			`return errors.New("must specify a root to chroot to")`
			`}`
Windows: Docker build starting to work Signed-off-by: John Howard <jhoward@microsoft.com> 2015-06-01 23:42:27 +00:00
			`// We can't pass a potentially large exclude list directly via cmd line`
			`// because we easily overrun the kernel's max argument/environment size`
			`// when the full image list is passed (e.g. when this is used by`
			// `docker load`). We will marshall the options via a pipe to the
			`// child`
			`r, w, err := os.Pipe()`
			`if err != nil {`
			`return fmt.Errorf("Untar pipe failure: %v", err)`
			`}`

Pass root to chroot to for chroot Untar This is useful for preventing CVE-2018-15664 where a malicious container process can take advantage of a race on symlink resolution/sanitization. Before this change chrootarchive would chroot to the destination directory which is attacker controlled. With this patch we always chroot to the container's root which is not attacker controlled. Signed-off-by: Brian Goff <cpuguy83@gmail.com> 2019-05-30 18:15:09 +00:00			`if root != "" {`
			`relDest, err := filepath.Rel(root, dest)`
			`if err != nil {`
			`return err`
			`}`
			`if relDest == "." {`
			`relDest = "/"`
			`}`
			`if relDest[0] != '/' {`
			`relDest = "/" + relDest`
			`}`
			`dest = relDest`
			`}`

			`cmd := reexec.Command("docker-untar", dest, root)`
Windows: Docker build starting to work Signed-off-by: John Howard <jhoward@microsoft.com> 2015-06-01 23:42:27 +00:00			`cmd.Stdin = decompressedArchive`

			`cmd.ExtraFiles = append(cmd.ExtraFiles, r)`
			`output := bytes.NewBuffer(nil)`
			`cmd.Stdout = output`
			`cmd.Stderr = output`

			`if err := cmd.Start(); err != nil {`
Close pipe in chrootarchive.invokeUnpack when cmd.Start()/json.NewEncoder failed. Signed-off-by: y00316549 <yangshukui@huawei.com> 2017-11-24 05:41:08 +00:00			`w.Close()`
Windows: Docker build starting to work Signed-off-by: John Howard <jhoward@microsoft.com> 2015-06-01 23:42:27 +00:00			`return fmt.Errorf("Untar error on re-exec cmd: %v", err)`
			`}`
Pass root to chroot to for chroot Untar This is useful for preventing CVE-2018-15664 where a malicious container process can take advantage of a race on symlink resolution/sanitization. Before this change chrootarchive would chroot to the destination directory which is attacker controlled. With this patch we always chroot to the container's root which is not attacker controlled. Signed-off-by: Brian Goff <cpuguy83@gmail.com> 2019-05-30 18:15:09 +00:00
pkg/chrootarchive: normalize comment formatting Signed-off-by: Sebastiaan van Stijn <github@gone.nl> 2019-11-27 14:39:12 +00:00			`// write the options to the pipe for the untar exec to read`
Windows: Docker build starting to work Signed-off-by: John Howard <jhoward@microsoft.com> 2015-06-01 23:42:27 +00:00			`if err := json.NewEncoder(w).Encode(options); err != nil {`
Close pipe in chrootarchive.invokeUnpack when cmd.Start()/json.NewEncoder failed. Signed-off-by: y00316549 <yangshukui@huawei.com> 2017-11-24 05:41:08 +00:00			`w.Close()`
Windows: Docker build starting to work Signed-off-by: John Howard <jhoward@microsoft.com> 2015-06-01 23:42:27 +00:00			`return fmt.Errorf("Untar json encode to pipe failed: %v", err)`
			`}`
			`w.Close()`

			`if err := cmd.Wait(); err != nil {`
fix a race crash when building with "ADD some-broken.tar.xz ..." The race is between pools.Put which calls buf.Reset and exec.Cmd doing io.Copy from the buffer; it caused a runtime crash, as described in #16924: ``` docker-daemon cat the-tarball.xz \| xz -d -c -q \| docker-untar /path/to/... (aufs ) ``` When docker-untar side fails (like try to set xattr on aufs, or a broken tar), invokeUnpack will be responsible to exhaust all input, otherwise `xz` will be write pending for ever. this change add a receive only channel to cmdStream, and will close it to notify it's now safe to close the input stream; in CmdStream the change to use Stdin / Stdout / Stderr keeps the code simple, os/exec.Cmd will spawn goroutines and call io.Copy automatically. the CmdStream is actually called in the same file only, change it lowercase to mark as private. [...] INFO[0000] Docker daemon commit=0a8c2e3 execdriver=native-0.2 graphdriver=aufs version=1.8.2 DEBU[0006] Calling POST /build INFO[0006] POST /v1.20/build?cgroupparent=&cpuperiod=0&cpuquota=0&cpusetcpus=&cpusetmems=&cpushares=0&dockerfile=Dockerfile&memory=0&memswap=0&rm=1&t=gentoo-x32&ulimits=null DEBU[0008] [BUILDER] Cache miss DEBU[0009] Couldn't untar /home/lib-docker-v1.8.2-tmp/tmp/docker-build316710953/stage3-x32-20151004.tar.xz to /home/lib-docker-v1.8.2-tmp/aufs/mnt/d909abb87150463939c13e8a349b889a72d9b14f0cfcab42a8711979be285537: Untar re-exec error: exit status 1: output: operation not supported DEBU[0009] CopyFileWithTar(/home/lib-docker-v1.8.2-tmp/tmp/docker-build316710953/stage3-x32-20151004.tar.xz, /home/lib-docker-v1.8.2-tmp/aufs/mnt/d909abb87150463939c13e8a349b889a72d9b14f0cfcab42a8711979be285537/) panic: runtime error: slice bounds out of range goroutine 42 [running]: bufio.(Reader).fill(0xc208187800) /usr/local/go/src/bufio/bufio.go:86 +0x2db bufio.(Reader).WriteTo(0xc208187800, 0x7ff39602d150, 0xc2083f11a0, 0x508000, 0x0, 0x0) /usr/local/go/src/bufio/bufio.go:449 +0x27e io.Copy(0x7ff39602d150, 0xc2083f11a0, 0x7ff3960261f8, 0xc208187800, 0x0, 0x0, 0x0) /usr/local/go/src/io/io.go:354 +0xb2 github.com/docker/docker/pkg/archive.func·006() /go/src/github.com/docker/docker/pkg/archive/archive.go:817 +0x71 created by github.com/docker/docker/pkg/archive.CmdStream /go/src/github.com/docker/docker/pkg/archive/archive.go:819 +0x1ec goroutine 1 [chan receive]: main.(DaemonCli).CmdDaemon(0xc20809da30, 0xc20800a020, 0xd, 0xd, 0x0, 0x0) /go/src/github.com/docker/docker/docker/daemon.go:289 +0x1781 reflect.callMethod(0xc208140090, 0xc20828fce0) /usr/local/go/src/reflect/value.go:605 +0x179 reflect.methodValueCall(0xc20800a020, 0xd, 0xd, 0x1, 0xc208140090, 0x0, 0x0, 0xc208140090, 0x0, 0x45343f, ...) /usr/local/go/src/reflect/asm_amd64.s:29 +0x36 github.com/docker/docker/cli.(Cli).Run(0xc208129fb0, 0xc20800a010, 0xe, 0xe, 0x0, 0x0) /go/src/github.com/docker/docker/cli/cli.go:89 +0x38e main.main() /go/src/github.com/docker/docker/docker/docker.go:69 +0x428 goroutine 5 [syscall]: os/signal.loop() /usr/local/go/src/os/signal/signal_unix.go:21 +0x1f created by os/signal.init·1 /usr/local/go/src/os/signal/signal_unix.go:27 +0x35 Signed-off-by: Derek Ch <denc716@gmail.com> 2015-10-09 19:54:21 +00:00			// when `xz -d -c -q \| docker-untar ...` failed on docker-untar side,
			// we need to exhaust `xz`'s output, otherwise the `xz` side will be
			`// pending on write pipe forever`
			`io.Copy(ioutil.Discard, decompressedArchive)`

Fix docker import tests For me when I run the test I see: ``` Downloading from http://nourl/bad Importing 283 B Untar re-exec error: exit status 1: output: unexpected EOF ``` and nothing about "dial tcp" so it appears that the output is system dependent and therefore we can't really check it. I think checking for non-zero exit code is sufficient so I'm removing this string check. Signed-off-by: Doug Davis <dug@us.ibm.com> 2016-05-23 17:00:01 +00:00			`return fmt.Errorf("Error processing tar file(%v): %s", err, output)`
Windows: Docker build starting to work Signed-off-by: John Howard <jhoward@microsoft.com> 2015-06-01 23:42:27 +00:00			`}`
			`return nil`
			`}`
Add chroot for tar packing operations Previously only unpack operations were supported with chroot. This adds chroot support for packing operations. This prevents potential breakouts when copying data from a container. Signed-off-by: Brian Goff <cpuguy83@gmail.com> 2019-05-30 21:55:52 +00:00
			`func tar() {`
			`runtime.LockOSThread()`
			`flag.Parse()`

			`src := flag.Arg(0)`
			`var root string`
			`if len(flag.Args()) > 1 {`
			`root = flag.Arg(1)`
			`}`

			`if root == "" {`
			`root = src`
			`}`

			`if err := realChroot(root); err != nil {`
			`fatal(err)`
			`}`

			`var options archive.TarOptions`
			`if err := json.NewDecoder(os.Stdin).Decode(&options); err != nil {`
			`fatal(err)`
			`}`

			`rdr, err := archive.TarWithOptions(src, &options)`
			`if err != nil {`
			`fatal(err)`
			`}`
			`defer rdr.Close()`

			`if _, err := io.Copy(os.Stdout, rdr); err != nil {`
			`fatal(err)`
			`}`

			`os.Exit(0)`
			`}`

			`func invokePack(srcPath string, options *archive.TarOptions, root string) (io.ReadCloser, error) {`
			`if root == "" {`
			`return nil, errors.New("root path must not be empty")`
			`}`

			`relSrc, err := filepath.Rel(root, srcPath)`
			`if err != nil {`
			`return nil, err`
			`}`
			`if relSrc == "." {`
			`relSrc = "/"`
			`}`
			`if relSrc[0] != '/' {`
			`relSrc = "/" + relSrc`
			`}`

			// make sure we didn't trim a trailing slash with the call to `Rel`
			`if strings.HasSuffix(srcPath, "/") && !strings.HasSuffix(relSrc, "/") {`
			`relSrc += "/"`
			`}`

			`cmd := reexec.Command("docker-tar", relSrc, root)`

			`errBuff := bytes.NewBuffer(nil)`
			`cmd.Stderr = errBuff`

			`tarR, tarW := io.Pipe()`
			`cmd.Stdout = tarW`

			`stdin, err := cmd.StdinPipe()`
			`if err != nil {`
			`return nil, errors.Wrap(err, "error getting options pipe for tar process")`
			`}`

			`if err := cmd.Start(); err != nil {`
			`return nil, errors.Wrap(err, "tar error on re-exec cmd")`
			`}`

			`go func() {`
			`err := cmd.Wait()`
			`err = errors.Wrapf(err, "error processing tar file: %s", errBuff)`
			`tarW.CloseWithError(err)`
			`}()`

			`if err := json.NewEncoder(stdin).Encode(options); err != nil {`
			`stdin.Close()`
			`return nil, errors.Wrap(err, "tar json encode to pipe failed")`
			`}`
			`stdin.Close()`

			`return tarR, nil`
			`}`