mirror of
https://github.com/moby/moby.git
synced 2022-11-09 12:21:53 -05:00
Update chroot apply layer to handle decompression outside chroot
Signed-off-by: Michael Crosby <crosbymichael@gmail.com> Conflicts: pkg/archive/diff.go pkg/chrootarchive/archive.go
This commit is contained in:
parent
aef842e7df
commit
62d83404b5
3 changed files with 56 additions and 28 deletions
|
@ -21,20 +21,7 @@ func mkdev(major int64, minor int64) uint32 {
|
|||
return uint32(((minor & 0xfff00) << 12) | ((major & 0xfff) << 8) | (minor & 0xff))
|
||||
}
|
||||
|
||||
// ApplyLayer parses a diff in the standard layer format from `layer`, and
|
||||
// applies it to the directory `dest`.
|
||||
func ApplyLayer(dest string, layer ArchiveReader) error {
|
||||
dest = filepath.Clean(dest)
|
||||
|
||||
// We need to be able to set any perms
|
||||
oldmask := syscall.Umask(0)
|
||||
defer syscall.Umask(oldmask)
|
||||
|
||||
layer, err := DecompressStream(layer)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
func UnpackLayer(dest string, layer ArchiveReader) error {
|
||||
tr := tar.NewReader(layer)
|
||||
trBuf := pools.BufioReader32KPool.Get(tr)
|
||||
defer pools.BufioReader32KPool.Put(trBuf)
|
||||
|
@ -159,6 +146,20 @@ func ApplyLayer(dest string, layer ArchiveReader) error {
|
|||
return err
|
||||
}
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// ApplyLayer parses a diff in the standard layer format from `layer`, and
|
||||
// applies it to the directory `dest`.
|
||||
func ApplyLayer(dest string, layer ArchiveReader) error {
|
||||
dest = filepath.Clean(dest)
|
||||
// We need to be able to set any perms
|
||||
oldmask := syscall.Umask(0)
|
||||
defer syscall.Umask(oldmask)
|
||||
|
||||
layer, err := DecompressStream(layer)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return UnpackLayer(dest, layer)
|
||||
}
|
||||
|
|
|
@ -15,6 +15,15 @@ import (
|
|||
"github.com/docker/docker/pkg/reexec"
|
||||
)
|
||||
|
||||
var chrootArchiver = &archive.Archiver{Untar}
|
||||
|
||||
func chroot(path string) error {
|
||||
if err := syscall.Chroot(path); err != nil {
|
||||
return err
|
||||
}
|
||||
return syscall.Chdir("/")
|
||||
}
|
||||
|
||||
func untar() {
|
||||
runtime.LockOSThread()
|
||||
flag.Parse()
|
||||
|
@ -36,11 +45,17 @@ func untar() {
|
|||
os.Exit(0)
|
||||
}
|
||||
|
||||
var (
|
||||
chrootArchiver = &archive.Archiver{Untar}
|
||||
)
|
||||
func Untar(tarArchive io.Reader, dest string, options *archive.TarOptions) error {
|
||||
if tarArchive == nil {
|
||||
return fmt.Errorf("Empty archive")
|
||||
}
|
||||
if options == nil {
|
||||
options = &archive.TarOptions{}
|
||||
}
|
||||
if options.Excludes == nil {
|
||||
options.Excludes = []string{}
|
||||
}
|
||||
|
||||
func Untar(archive io.Reader, dest string, options *archive.TarOptions) error {
|
||||
var buf bytes.Buffer
|
||||
enc := json.NewEncoder(&buf)
|
||||
if err := enc.Encode(options); err != nil {
|
||||
|
@ -53,7 +68,7 @@ func Untar(archive io.Reader, dest string, options *archive.TarOptions) error {
|
|||
}
|
||||
|
||||
cmd := reexec.Command("docker-untar", dest, buf.String())
|
||||
cmd.Stdin = archive
|
||||
cmd.Stdin = tarArchive
|
||||
out, err := cmd.CombinedOutput()
|
||||
if err != nil {
|
||||
return fmt.Errorf("Untar %s %s", err, out)
|
||||
|
|
|
@ -3,8 +3,10 @@ package chrootarchive
|
|||
import (
|
||||
"flag"
|
||||
"fmt"
|
||||
"io"
|
||||
"io/ioutil"
|
||||
"os"
|
||||
"path/filepath"
|
||||
"runtime"
|
||||
"syscall"
|
||||
|
||||
|
@ -16,28 +18,38 @@ func applyLayer() {
|
|||
runtime.LockOSThread()
|
||||
flag.Parse()
|
||||
|
||||
if err := syscall.Chroot(flag.Arg(0)); err != nil {
|
||||
fatal(err)
|
||||
}
|
||||
if err := syscall.Chdir("/"); err != nil {
|
||||
if err := chroot(flag.Arg(0)); err != nil {
|
||||
fatal(err)
|
||||
}
|
||||
// We need to be able to set any perms
|
||||
oldmask := syscall.Umask(0)
|
||||
defer syscall.Umask(oldmask)
|
||||
tmpDir, err := ioutil.TempDir("/", "temp-docker-extract")
|
||||
if err != nil {
|
||||
fatal(err)
|
||||
}
|
||||
os.Setenv("TMPDIR", tmpDir)
|
||||
if err := archive.ApplyLayer("/", os.Stdin); err != nil {
|
||||
err = archive.UnpackLayer("/", os.Stdin)
|
||||
os.RemoveAll(tmpDir)
|
||||
if err != nil {
|
||||
fatal(err)
|
||||
}
|
||||
os.RemoveAll(tmpDir)
|
||||
os.Exit(0)
|
||||
}
|
||||
|
||||
func ApplyLayer(dest string, layer archive.ArchiveReader) error {
|
||||
dest = filepath.Clean(dest)
|
||||
decompressed, err := archive.DecompressStream(layer)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
defer func() {
|
||||
if c, ok := decompressed.(io.Closer); ok {
|
||||
c.Close()
|
||||
}
|
||||
}()
|
||||
cmd := reexec.Command("docker-applyLayer", dest)
|
||||
cmd.Stdin = layer
|
||||
cmd.Stdin = decompressed
|
||||
out, err := cmd.CombinedOutput()
|
||||
if err != nil {
|
||||
return fmt.Errorf("ApplyLayer %s %s", err, out)
|
||||
|
|
Loading…
Reference in a new issue