diff --git a/vendor/github.com/containers/image/ostree/ostree_dest.go b/vendor/github.com/containers/image/ostree/ostree_dest.go index 2bdf7ba6..d382a714 100644 --- a/vendor/github.com/containers/image/ostree/ostree_dest.go +++ b/vendor/github.com/containers/image/ostree/ostree_dest.go @@ -119,6 +119,40 @@ func (d *ostreeImageDestination) PutBlob(stream io.Reader, inputInfo types.BlobI return types.BlobInfo{Digest: computedDigest, Size: size}, nil } +func fixFiles(dir string, usermode bool) error { + entries, err := ioutil.ReadDir(dir) + if err != nil { + return err + } + + for _, info := range entries { + fullpath := filepath.Join(dir, info.Name()) + if info.Mode()&(os.ModeNamedPipe|os.ModeSocket|os.ModeDevice) != 0 { + if err := os.Remove(fullpath); err != nil { + return err + } + continue + } + if info.IsDir() { + if usermode { + if err := os.Chmod(fullpath, info.Mode()|0700); err != nil { + return err + } + } + err = fixFiles(fullpath, usermode) + if err != nil { + return err + } + } else if usermode && (info.Mode().IsRegular() || (info.Mode()&os.ModeSymlink) != 0) { + if err := os.Chmod(fullpath, info.Mode()|0600); err != nil { + return err + } + } + } + + return nil +} + func (d *ostreeImageDestination) importBlob(blob *blobToImport) error { ostreeBranch := fmt.Sprintf("ociimage/%s", blob.Digest.Hex()) destinationPath := filepath.Join(d.tmpDirPath, blob.Digest.Hex(), "root") @@ -130,9 +164,22 @@ func (d *ostreeImageDestination) importBlob(blob *blobToImport) error { os.RemoveAll(destinationPath) }() - err := archive.UntarPath(blob.BlobPath, destinationPath) - if err != nil { - return err + if os.Getuid() == 0 { + if err := archive.UntarPath(blob.BlobPath, destinationPath); err != nil { + return err + } + if err := fixFiles(destinationPath, false); err != nil { + return err + } + } else { + os.MkdirAll(destinationPath, 0755) + if err := exec.Command("tar", "-C", destinationPath, "--no-same-owner", "--no-same-permissions", "--delay-directory-restore", "-xf", blob.BlobPath).Run(); err != nil { + return err + } + + if err := fixFiles(destinationPath, true); err != nil { + return err + } } return exec.Command("ostree", "commit", "--repo", d.ref.repo, diff --git a/vendor/github.com/containers/image/storage/storage_image.go b/vendor/github.com/containers/image/storage/storage_image.go index f18c75bf..59427d1b 100644 --- a/vendor/github.com/containers/image/storage/storage_image.go +++ b/vendor/github.com/containers/image/storage/storage_image.go @@ -71,14 +71,9 @@ type storageImage struct { // newImageSource sets us up to read out an image, which needs to already exist. func newImageSource(imageRef storageReference) (*storageImageSource, error) { - id := imageRef.resolveID() - if id == "" { - logrus.Errorf("no image matching reference %q found", imageRef.StringWithinTransport()) - return nil, ErrNoSuchImage - } - img, err := imageRef.transport.store.GetImage(id) + img, err := imageRef.resolveImage() if err != nil { - return nil, errors.Wrapf(err, "error reading image %q", id) + return nil, err } image := &storageImageSource{ imageRef: imageRef, @@ -143,9 +138,9 @@ func (s *storageImageDestination) putBlob(stream io.Reader, blobinfo types.BlobI Size: -1, } // Try to read an initial snippet of the blob. - header := make([]byte, 10240) - n, err := stream.Read(header) - if err != nil && err != io.EOF { + buf := [archive.HeaderSize]byte{} + n, err := io.ReadAtLeast(stream, buf[:], len(buf)) + if err != nil && err != io.EOF && err != io.ErrUnexpectedEOF { return errorBlobInfo, err } // Set up to read the whole blob (the initial snippet, plus the rest) @@ -159,9 +154,9 @@ func (s *storageImageDestination) putBlob(stream io.Reader, blobinfo types.BlobI } hash := "" counter := ioutils.NewWriteCounter(hasher.Hash()) - defragmented := io.MultiReader(bytes.NewBuffer(header[:n]), stream) + defragmented := io.MultiReader(bytes.NewBuffer(buf[:n]), stream) multi := io.TeeReader(defragmented, counter) - if (n > 0) && archive.IsArchive(header[:n]) { + if (n > 0) && archive.IsArchive(buf[:n]) { // It's a filesystem layer. If it's not the first one in the // image, we assume that the most recently added layer is its // parent. @@ -336,21 +331,37 @@ func (s *storageImageDestination) Commit() error { } img, err := s.imageRef.transport.store.CreateImage(s.ID, nil, lastLayer, "", nil) if err != nil { - logrus.Debugf("error creating image: %q", err) - return err + if err != storage.ErrDuplicateID { + logrus.Debugf("error creating image: %q", err) + return errors.Wrapf(err, "error creating image %q", s.ID) + } + img, err = s.imageRef.transport.store.GetImage(s.ID) + if err != nil { + return errors.Wrapf(err, "error reading image %q", s.ID) + } + if img.TopLayer != lastLayer { + logrus.Debugf("error creating image: image with ID %q exists, but uses different layers", err) + return errors.Wrapf(err, "image with ID %q already exists, but uses a different top layer", s.ID) + } + logrus.Debugf("reusing image ID %q", img.ID) + } else { + logrus.Debugf("created new image ID %q", img.ID) } - logrus.Debugf("created new image ID %q", img.ID) s.ID = img.ID + names := img.Names if s.Tag != "" { - // We have a name to set, so move the name to this image. - if err := s.imageRef.transport.store.SetNames(img.ID, []string{s.Tag}); err != nil { + names = append(names, s.Tag) + } + // We have names to set, so move those names to this image. + if len(names) > 0 { + if err := s.imageRef.transport.store.SetNames(img.ID, names); err != nil { if _, err2 := s.imageRef.transport.store.DeleteImage(img.ID, true); err2 != nil { logrus.Debugf("error deleting incomplete image %q: %v", img.ID, err2) } logrus.Debugf("error setting names on image %q: %v", img.ID, err) return err } - logrus.Debugf("set name of image %q to %q", img.ID, s.Tag) + logrus.Debugf("set names of image %q to %v", img.ID, names) } // Save the data blobs to disk, and drop their contents from memory. keys := []ddigest.Digest{} diff --git a/vendor/github.com/containers/image/storage/storage_reference.go b/vendor/github.com/containers/image/storage/storage_reference.go index bee753f4..44def278 100644 --- a/vendor/github.com/containers/image/storage/storage_reference.go +++ b/vendor/github.com/containers/image/storage/storage_reference.go @@ -6,6 +6,8 @@ import ( "github.com/Sirupsen/logrus" "github.com/containers/image/docker/reference" "github.com/containers/image/types" + "github.com/containers/storage/storage" + "github.com/pkg/errors" ) // A storageReference holds an arbitrary name and/or an ID, which is a 32-byte @@ -32,15 +34,36 @@ func newReference(transport storageTransport, reference, id string, name referen } // Resolve the reference's name to an image ID in the store, if there's already -// one present with the same name or ID. -func (s *storageReference) resolveID() string { +// one present with the same name or ID, and return the image. +func (s *storageReference) resolveImage() (*storage.Image, error) { if s.id == "" { image, err := s.transport.store.GetImage(s.reference) if image != nil && err == nil { s.id = image.ID } } - return s.id + if s.id == "" { + logrus.Errorf("reference %q does not resolve to an image ID", s.StringWithinTransport()) + return nil, ErrNoSuchImage + } + img, err := s.transport.store.GetImage(s.id) + if err != nil { + return nil, errors.Wrapf(err, "error reading image %q", s.id) + } + if s.reference != "" { + nameMatch := false + for _, name := range img.Names { + if name == s.reference { + nameMatch = true + break + } + } + if !nameMatch { + logrus.Errorf("no image matching reference %q found", s.StringWithinTransport()) + return nil, ErrNoSuchImage + } + } + return img, nil } // Return a Transport object that defaults to using the same store that we used @@ -103,14 +126,13 @@ func (s storageReference) NewImage(ctx *types.SystemContext) (types.Image, error } func (s storageReference) DeleteImage(ctx *types.SystemContext) error { - id := s.resolveID() - if id == "" { - logrus.Errorf("reference %q does not resolve to an image ID", s.StringWithinTransport()) - return ErrNoSuchImage + img, err := s.resolveImage() + if err != nil { + return err } - layers, err := s.transport.store.DeleteImage(id, true) + layers, err := s.transport.store.DeleteImage(img.ID, true) if err == nil { - logrus.Debugf("deleted image %q", id) + logrus.Debugf("deleted image %q", img.ID) for _, layer := range layers { logrus.Debugf("deleted layer %q", layer) } diff --git a/vendor/github.com/containers/image/storage/storage_transport.go b/vendor/github.com/containers/image/storage/storage_transport.go index e9982175..9669cce4 100644 --- a/vendor/github.com/containers/image/storage/storage_transport.go +++ b/vendor/github.com/containers/image/storage/storage_transport.go @@ -2,7 +2,6 @@ package storage import ( "path/filepath" - "regexp" "strings" "github.com/pkg/errors" @@ -30,7 +29,6 @@ var ( // ErrPathNotAbsolute is returned when a graph root is not an absolute // path name. ErrPathNotAbsolute = errors.New("path name is not absolute") - idRegexp = regexp.MustCompile("^(sha256:)?([0-9a-fA-F]{64})$") ) // StoreTransport is an ImageTransport that uses a storage.Store to parse @@ -100,9 +98,12 @@ func (s storageTransport) ParseStoreReference(store storage.Store, ref string) ( return nil, err } } - sum, err = digest.Parse("sha256:" + refInfo[1]) - if err != nil { - return nil, err + sum, err = digest.Parse(refInfo[1]) + if err != nil || sum.Validate() != nil { + sum, err = digest.Parse("sha256:" + refInfo[1]) + if err != nil || sum.Validate() != nil { + return nil, err + } } } else { // Coverage: len(refInfo) is always 1 or 2 // Anything else: store specified in a form we don't @@ -285,7 +286,7 @@ func verboseName(name reference.Named) string { name = reference.TagNameOnly(name) tag := "" if tagged, ok := name.(reference.NamedTagged); ok { - tag = tagged.Tag() + tag = ":" + tagged.Tag() } - return name.Name() + ":" + tag + return name.Name() + tag } diff --git a/vendor/github.com/containers/image/vendor.conf b/vendor/github.com/containers/image/vendor.conf deleted file mode 100644 index 454aabbf..00000000 --- a/vendor/github.com/containers/image/vendor.conf +++ /dev/null @@ -1,31 +0,0 @@ -github.com/Sirupsen/logrus 7f4b1adc791766938c29457bed0703fb9134421a -github.com/containers/storage 5cbbc6bafb45bd7ef10486b673deb3b81bb3b787 -github.com/davecgh/go-spew 346938d642f2ec3594ed81d874461961cd0faa76 -github.com/docker/distribution df5327f76fb6468b84a87771e361762b8be23fdb -github.com/docker/docker 75843d36aa5c3eaade50da005f9e0ff2602f3d5e -github.com/docker/go-connections 7da10c8c50cad14494ec818dcdfb6506265c0086 -github.com/docker/go-units 0dadbb0345b35ec7ef35e228dabb8de89a65bf52 -github.com/docker/libtrust aabc10ec26b754e797f9028f4589c5b7bd90dc20 -github.com/ghodss/yaml 04f313413ffd65ce25f2541bfd2b2ceec5c0908c -github.com/gorilla/context 08b5f424b9271eedf6f9f0ce86cb9396ed337a42 -github.com/gorilla/mux 94e7d24fd285520f3d12ae998f7fdd6b5393d453 -github.com/imdario/mergo 50d4dbd4eb0e84778abe37cefef140271d96fade -github.com/mattn/go-runewidth 14207d285c6c197daabb5c9793d63e7af9ab2d50 -github.com/mattn/go-shellwords 005a0944d84452842197c2108bd9168ced206f78 -github.com/mistifyio/go-zfs c0224de804d438efd11ea6e52ada8014537d6062 -github.com/mtrmac/gpgme b2432428689ca58c2b8e8dea9449d3295cf96fc9 -github.com/opencontainers/go-digest aa2ec055abd10d26d539eb630a92241b781ce4bc -github.com/opencontainers/image-spec v1.0.0-rc4 -github.com/opencontainers/runc 6b1d0e76f239ffb435445e5ae316d2676c07c6e3 -github.com/pborman/uuid 1b00554d822231195d1babd97ff4a781231955c9 -github.com/pkg/errors 248dadf4e9068a0b3e79f02ed0a610d935de5302 -github.com/pmezard/go-difflib 792786c7400a136282c1664665ae0a8db921c6c2 -github.com/stretchr/testify 4d4bfba8f1d1027c4fdbe371823030df51419987 -github.com/vbatts/tar-split bd4c5d64c3e9297f410025a3b1bd0c58f659e721 -golang.org/x/crypto 453249f01cfeb54c3d549ddb75ff152ca243f9d8 -golang.org/x/net 6b27048ae5e6ad1ef927e72e437531493de612fe -golang.org/x/sys 075e574b89e4c2d22f2286a7e2b919519c6f3547 -gopkg.in/cheggaaa/pb.v1 d7e6ca3010b6f084d8056847f55d7f572f180678 -gopkg.in/yaml.v2 a3f3340b5840cee44f372bddb5880fcbc419b46a -k8s.io/client-go bcde30fb7eaed76fd98a36b4120321b94995ffb6 -github.com/xeipuuv/gojsonschema master