buildkit/util/winlayers/differ.go

275 lines
6.9 KiB
Go
Raw Normal View History

package winlayers
import (
"archive/tar"
"context"
"crypto/rand"
"encoding/base64"
"fmt"
"io"
"time"
"github.com/containerd/containerd/archive"
"github.com/containerd/containerd/archive/compression"
"github.com/containerd/containerd/content"
"github.com/containerd/containerd/diff"
"github.com/containerd/containerd/errdefs"
"github.com/containerd/containerd/log"
"github.com/containerd/containerd/mount"
digest "github.com/opencontainers/go-digest"
ocispec "github.com/opencontainers/image-spec/specs-go/v1"
"github.com/pkg/errors"
"github.com/sirupsen/logrus"
)
const (
keyFileAttr = "MSWINDOWS.fileattr"
keySDRaw = "MSWINDOWS.rawsd"
keyCreationTime = "LIBARCHIVE.creationtime"
)
func NewWalkingDiffWithWindows(store content.Store, d diff.Comparer) diff.Comparer {
return &winDiffer{
store: store,
d: d,
}
}
var emptyDesc = ocispec.Descriptor{}
type winDiffer struct {
store content.Store
d diff.Comparer
}
// Compare creates a diff between the given mounts and uploads the result
// to the content store.
func (s *winDiffer) Compare(ctx context.Context, lower, upper []mount.Mount, opts ...diff.Opt) (d ocispec.Descriptor, err error) {
if !hasWindowsLayerMode(ctx) {
return s.d.Compare(ctx, lower, upper, opts...)
}
var config diff.Config
for _, opt := range opts {
if err := opt(&config); err != nil {
return emptyDesc, err
}
}
if config.MediaType == "" {
config.MediaType = ocispec.MediaTypeImageLayerGzip
}
var isCompressed bool
switch config.MediaType {
case ocispec.MediaTypeImageLayer:
case ocispec.MediaTypeImageLayerGzip:
isCompressed = true
default:
return emptyDesc, errors.Wrapf(errdefs.ErrNotImplemented, "unsupported diff media type: %v", config.MediaType)
}
var ocidesc ocispec.Descriptor
if err := mount.WithTempMount(ctx, lower, func(lowerRoot string) error {
return mount.WithTempMount(ctx, upper, func(upperRoot string) error {
var newReference bool
if config.Reference == "" {
newReference = true
config.Reference = uniqueRef()
}
cw, err := s.store.Writer(ctx,
content.WithRef(config.Reference),
content.WithDescriptor(ocispec.Descriptor{
MediaType: config.MediaType, // most contentstore implementations just ignore this
}))
if err != nil {
return errors.Wrap(err, "failed to open writer")
}
defer func() {
if err != nil {
cw.Close()
if newReference {
if err := s.store.Abort(ctx, config.Reference); err != nil {
log.G(ctx).WithField("ref", config.Reference).Warnf("failed to delete diff upload")
}
}
}
}()
if !newReference {
if err := cw.Truncate(0); err != nil {
return err
}
}
if isCompressed {
dgstr := digest.SHA256.Digester()
compressed, err := compression.CompressStream(cw, compression.Gzip)
if err != nil {
return errors.Wrap(err, "failed to get compressed stream")
}
var w io.Writer = io.MultiWriter(compressed, dgstr.Hash())
w, discard, done := makeWindowsLayer(w)
err = archive.WriteDiff(ctx, w, lowerRoot, upperRoot)
if err != nil {
discard(err)
}
<-done
compressed.Close()
if err != nil {
return errors.Wrap(err, "failed to write compressed diff")
}
if config.Labels == nil {
config.Labels = map[string]string{}
}
config.Labels["containerd.io/uncompressed"] = dgstr.Digest().String()
} else {
w, discard, done := makeWindowsLayer(cw)
if err = archive.WriteDiff(ctx, w, lowerRoot, upperRoot); err != nil {
discard(err)
return errors.Wrap(err, "failed to write diff")
}
<-done
}
var commitopts []content.Opt
if config.Labels != nil {
commitopts = append(commitopts, content.WithLabels(config.Labels))
}
dgst := cw.Digest()
if err := cw.Commit(ctx, 0, dgst, commitopts...); err != nil {
return errors.Wrap(err, "failed to commit")
}
info, err := s.store.Info(ctx, dgst)
if err != nil {
return errors.Wrap(err, "failed to get info from content store")
}
ocidesc = ocispec.Descriptor{
MediaType: config.MediaType,
Size: info.Size,
Digest: info.Digest,
}
return nil
})
}); err != nil {
return emptyDesc, err
}
return ocidesc, nil
}
func uniqueRef() string {
t := time.Now()
var b [3]byte
// Ignore read failures, just decreases uniqueness
rand.Read(b[:])
return fmt.Sprintf("%d-%s", t.UnixNano(), base64.URLEncoding.EncodeToString(b[:]))
}
func prepareWinHeader(h *tar.Header) {
if h.PAXRecords == nil {
h.PAXRecords = map[string]string{}
}
if h.Typeflag == tar.TypeDir {
h.Mode |= 1 << 14
h.PAXRecords[keyFileAttr] = "16"
}
if h.Typeflag == tar.TypeReg {
h.Mode |= 1 << 15
h.PAXRecords[keyFileAttr] = "32"
}
if !h.ModTime.IsZero() {
h.PAXRecords[keyCreationTime] = fmt.Sprintf("%d.%d", h.ModTime.Unix(), h.ModTime.Nanosecond())
}
h.Format = tar.FormatPAX
}
func addSecurityDescriptor(h *tar.Header) {
if h.Typeflag == tar.TypeDir {
// O:BAG:SYD:(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;;FA;;;BA)(A;OICIIO;GA;;;CO)(A;OICI;0x1200a9;;;BU)(A;CI;LC;;;BU)(A;CI;DC;;;BU)
h.PAXRecords[keySDRaw] = "AQAEgBQAAAAkAAAAAAAAADAAAAABAgAAAAAABSAAAAAgAgAAAQEAAAAAAAUSAAAAAgCoAAcAAAAAAxgA/wEfAAECAAAAAAAFIAAAACACAAAAAxQA/wEfAAEBAAAAAAAFEgAAAAAAGAD/AR8AAQIAAAAAAAUgAAAAIAIAAAALFAAAAAAQAQEAAAAAAAMAAAAAAAMYAKkAEgABAgAAAAAABSAAAAAhAgAAAAIYAAQAAAABAgAAAAAABSAAAAAhAgAAAAIYAAIAAAABAgAAAAAABSAAAAAhAgAA"
}
if h.Typeflag == tar.TypeReg {
// O:BAG:SYD:(A;;FA;;;BA)(A;;FA;;;SY)(A;;0x1200a9;;;BU)
h.PAXRecords[keySDRaw] = "AQAEgBQAAAAkAAAAAAAAADAAAAABAgAAAAAABSAAAAAgAgAAAQEAAAAAAAUSAAAAAgBMAAMAAAAAABgA/wEfAAECAAAAAAAFIAAAACACAAAAABQA/wEfAAEBAAAAAAAFEgAAAAAAGACpABIAAQIAAAAAAAUgAAAAIQIAAA=="
}
}
func makeWindowsLayer(w io.Writer) (io.Writer, func(error), chan error) {
pr, pw := io.Pipe()
done := make(chan error)
go func() {
tarReader := tar.NewReader(pr)
tarWriter := tar.NewWriter(w)
err := func() error {
h := &tar.Header{
Name: "Hives",
Typeflag: tar.TypeDir,
ModTime: time.Now(),
}
prepareWinHeader(h)
if err := tarWriter.WriteHeader(h); err != nil {
return err
}
h = &tar.Header{
Name: "Files",
Typeflag: tar.TypeDir,
ModTime: time.Now(),
}
prepareWinHeader(h)
if err := tarWriter.WriteHeader(h); err != nil {
return err
}
for {
h, err := tarReader.Next()
if err == io.EOF {
break
}
if err != nil {
return err
}
h.Name = "Files/" + h.Name
if h.Linkname != "" {
h.Linkname = "Files/" + h.Linkname
}
prepareWinHeader(h)
addSecurityDescriptor(h)
if err := tarWriter.WriteHeader(h); err != nil {
return err
}
if h.Size > 0 {
if _, err := io.Copy(tarWriter, tarReader); err != nil {
return err
}
}
}
return tarWriter.Close()
}()
if err != nil {
logrus.Errorf("makeWindowsLayer %+v", err)
}
pw.CloseWithError(err)
done <- err
return
}()
discard := func(err error) {
pw.CloseWithError(err)
}
return pw, discard, done
}