⚙️ Add ability to build from Dockerfiles directly

2025-09-22 03:27:38 +00:00 · 2022-04-26 19:24:31 +02:00
parent 4e2a2adfc1
commit e70a543f42
457 changed files with 33148 additions and 4999 deletions
--- a/vendor/github.com/containerd/continuity/fs/copy_windows.go
+++ b/vendor/github.com/containerd/continuity/fs/copy_windows.go
@@ -17,19 +17,60 @@
 package fs

 import (
+	"errors"
+	"fmt"
 	"io"
 	"os"

-	"github.com/pkg/errors"
+	winio "github.com/Microsoft/go-winio"
+	"golang.org/x/sys/windows"
 )

-func copyFileInfo(fi os.FileInfo, name string) error {
+const (
+	seTakeOwnershipPrivilege = "SeTakeOwnershipPrivilege"
+)
+
+func copyFileInfo(fi os.FileInfo, src, name string) error {
 	if err := os.Chmod(name, fi.Mode()); err != nil {
-		return errors.Wrapf(err, "failed to chmod %s", name)
+		return fmt.Errorf("failed to chmod %s: %w", name, err)
 	}

-	// TODO: copy windows specific metadata
+	// Copy file ownership and ACL
+	// We need SeRestorePrivilege and SeTakeOwnershipPrivilege in order
+	// to restore security info on a file, especially if we're trying to
+	// apply security info which includes SIDs not necessarily present on
+	// the host.
+	privileges := []string{winio.SeRestorePrivilege, seTakeOwnershipPrivilege}
+	if err := winio.EnableProcessPrivileges(privileges); err != nil {
+		return err
+	}
+	defer winio.DisableProcessPrivileges(privileges)

+	secInfo, err := windows.GetNamedSecurityInfo(
+		src, windows.SE_FILE_OBJECT,
+		windows.OWNER_SECURITY_INFORMATION|windows.DACL_SECURITY_INFORMATION)
+
+	if err != nil {
+		return err
+	}
+
+	dacl, _, err := secInfo.DACL()
+	if err != nil {
+		return err
+	}
+
+	sid, _, err := secInfo.Owner()
+	if err != nil {
+		return err
+	}
+
+	if err := windows.SetNamedSecurityInfo(
+		name, windows.SE_FILE_OBJECT,
+		windows.OWNER_SECURITY_INFORMATION|windows.DACL_SECURITY_INFORMATION,
+		sid, nil, dacl, nil); err != nil {
+
+		return err
+	}
 	return nil
 }

@@ -44,6 +85,6 @@ func copyXAttrs(dst, src string, excludes map[string]struct{}, errorHandler XAtt
 	return nil
 }

-func copyDevice(dst string, fi os.FileInfo) error {
-	return errors.New("device copy not supported")
+func copyIrregular(dst string, fi os.FileInfo) error {
+	return errors.New("irregular copy not supported")
 }