This is a package for generic system calls etc that for some reason
is not yet supported by "syscall", or where it is different enough
for the different ports to need portability wrappers.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
Upstream-commit: d6114c0da0e844199e3d23c60a04434566fb5392
Component: engine
If a file has a security.capability set, we push this to the tar file.
This is important to handle in e.g. layer files or when copying files
to containers, as some distros (e.g. Fedora) use capability bits as
a more finegrained version of setuid bits, and thus if the capabilites
are stripped (and setuid is not set) the binaries will fail to work.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
Upstream-commit: 3b9953903b12eaca76655311bd44533768f6f3da
Component: engine
In commit 3dfc910d7774d57c533b067fbe59d6b24dd803cd we changed from
syscall.Chmod() to os.Chmod(), but these take a different form of the
Mode argument. The sycall one takes the raw linux form, wheras
os.Chmod takes the os.FileMode form, and they differ for the higher
bits (setuid, setgid, etc). The raw tar header uses a form which
is compatible with the syscalls, but not the go calls.
We fix this by using hdr.FileInfo() which properly converts the mode
to what go expects.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
Upstream-commit: 5ba24629610c27f08b54ff4c1f000ad6d787c156
Component: engine
Files in the .wh..wh.plnk directory are ignored, but other files
inside the tarfile can be hardlinks to these files. This is not
something that normally happens, as on aufs unmount such files are
supposed to be dropped via the "auplink" too, yet images on the index
(such as shipyard/shipyard, e.g. layer
f73c835af6d58b6fc827b400569f79a8f28e54f5bb732be063e1aacefbc374d0)
contains such files.
We handle these by extracting these files to a temporary directory
and resolve such hardlinks via the temporary files.
This fixes https://github.com/dotcloud/docker/issues/3884
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
Upstream-commit: 6889cd9f9cfa3a6439b7702d73f27ab3fac3d3ef
Component: engine
All archive that are created from somewhere generally have to be closed, because
at some point there is a file or a pipe or something that backs them. So, we
make archive.Archive a ReadCloser. However, code consuming archives does not
typically close them so we add an archive.ArchiveReader and use that when we're
only reading.
We then change all the Tar/Archive places to create ReadClosers, and to properly
close them everywhere.
As an added bonus we can use ReadCloserWrapper rather than EofReader in several places,
which is good as EofReader doesn't always work right. For instance, many compression
schemes like gzip knows it is EOF before having read the EOF from the stream, so the
EofCloser never sees an EOF.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
Upstream-commit: f198ee525ad6862dce3940e08c72e0a092380a7b
Component: engine
CompressStream() now always returns a stream that is closable, and it never
closes the underlying writer. TarFilter() makes sure the decompressed stream
is closed at the and, as well as the PipeWriter.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
Upstream-commit: 804690bd07dcc1da6d0707d081e40ec9a189a3b6
Component: engine
Various kinds of decompressed streams are really ReadClosers. For instance
gzip.NewReader() is, and the one returned from CmdStream is changed to be
because it returns a PipeReader which is a ReadCloser.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
Upstream-commit: 0d9213f859e00459e9efee2c5164417c94d66d2f
Component: engine
This matches what tar does, and without it the tarsum created
by the registry will not match the docker one.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
Upstream-commit: f918fca3bf77ebe5845593281382f68e5b166ab3
Component: engine
This uses a plain filepath.Walk + addTarFile to create a tar file,
optionially compressing it with gzip.
Unfortunately go only has gzip compression support, not bzip2 or xz.
However, this is not a regression, as docker currently uses *no*
compression for TarFilter(). The only compression of tarfiles
currently happens in utils/tarsum.go, and that manually does gzip
compression.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
Upstream-commit: 5ea48aa7f8d3839877b869fdfcea2d5de0972fbf
Component: engine
We can use tar.FileInfoHeader to do much of the work.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
Upstream-commit: bab8efbf050e1bc2d5c2ff64c6161ef4d323bc3f
Component: engine
This is the code that takes a normal file and adds it to a TarWriter.
We extract it so that we can share it with Tar().
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
Upstream-commit: 5b77e51e0a15eddefcb40380673df8c0c24f95d1
Component: engine
This simplifies that code that calls out to tar by removing support
for now unused features.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
Upstream-commit: 4fb1db7f742fb34a7a06621d0698063de87a572c
Component: engine
stat.Rdev and time.* is 32bit on OSX, which breaks cross builds with eg:
cannot use stat.Rdev (type int32) as type uint64 in function argument
We fix this with an extra conversion to uint64.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
Upstream-commit: ba52130873395a44d637fc57f98ed174f0ac87bb
Component: engine
This replaces the shelling out to tar with a reimplementation of untar
based on the archive/tar code and the pre-existing code from ApplyLayer
to create real files from tar headers.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
Upstream-commit: a4868e233c7ebce259fc02d3dbfb241c23471a4a
Component: engine
This way we can reuse it for Untar()
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
Upstream-commit: 710d5a48fb751623fbf77a51b89f2dfbf0edac68
Component: engine
This changes ExportChanges to use the go tar support so we can
directly create tar layer files. This has several advantages:
* We don't have to create the whiteout files on disk to get them
added to the layer
* We can later guarantee specific features (such as xattrs) being
supported by the tar implementation.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
Upstream-commit: d54ce8087aba23663856c81a3fb5475979bdf453
Component: engine
This reverts commit 733bf5d3ddbfb6dba7c2c0996c4af47a765e4593.
This is needed to fix "no such file" errors `docker build` errors for
devicemapper.
This fixes issue #3449.
Docker-DCO-1.0-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
Upstream-commit: d003cfea25c276904dbe1e972c0cf71d5c25e689
Component: engine
This shells out to the xz binary to support .tar.xz layers, as
there is no compression/xz support in go.
Upstream-commit: b8a4f570fb31091f43caeba5b824ae38a5bc69e8
Component: engine
When pulling from a registry we get a compressed tar archive, so
we need to wrap the stream in the right kind of compress reader.
Unfortunately go doesn't have an Xz decompression method, but I
don't think any docker layers use that atm anyway.
Upstream-commit: a96a26c62f6333e61134759256db43a7f5946631
Component: engine
The TestLookupImage test seems to use a layer that contains
/etc/postgres/postgres.conf, but not e.g. /etc/postgres.
To handle this we ensure that the parent directory always
exists, and if not we create it.
Upstream-commit: 78c22c24b353d77fdab3e1616d9986a8ae95a7c2
Component: engine
The default gnu tar format has no sub-second precision mtime support,
and the golang tar writer currently doesn't support that either.
This means if we export the changes from a container we will not
get zeron in the sub-second precision field when the change is applied.
This means we can't compare that to the original without getting a
spurious change. So, we detect this case by treating a case where the
seconds match and either of the two nanoseconds are zero as equal.
Upstream-commit: 10cd902f900392a2f10a6f8763bba70607ea0d41
Component: engine
Rather than calling out to tar we use the golang tar parser
to directly extract the tar files. This has two major advantages:
1) We're able to replace an existing directory with a file in the
new layer. This currently breaks with the external tar, since
it refuses to recursively remove the destination directory in
this case, and there are no options to make it do that.
2) We avoid extracting the whiteout files just to later remove them.
Upstream-commit: 818c249bae8d29842834bf765299c86c09e6913e
Component: engine
This moves Driver.Size() to Differ.DiffSize(), removing the empty
implementations in devmapper and dummy, and renaming the one in aufs.
Then we fall back to a container.Changes() implementation in the non-aufs
case.
Upstream-commit: 5d76681c3d0cbb744205a397420603ce029ce754
Component: engine
