modifications to extract filesystem for kbuild #191
Conversation
pkg/util/cloud_prepper.go
Outdated
| } | ||
|
|
||
| return path, getFileSystemFromReference(ref, p.ImageSource, path) | ||
| return path, GetFileSystemFromReference(ref, p.ImageSource, path, []string{}) |
There was a problem hiding this comment.
You should be able to put nil here.
pkg/util/docker_utils.go
Outdated
|
|
||
| for _, layer := range layers { | ||
| if err = UnTar(bytes.NewReader(layerMap[layer]), target); err != nil { | ||
| if err = UnTar(bytes.NewReader(layerMap[layer]), target, []string{}); err != nil { |
| return err | ||
| } | ||
| } else { | ||
| // In some cases, MkdirAll doesn't change the permissions, so run Chmod |
There was a problem hiding this comment.
It's usually umask related, but I suppose if the dirs already exist it wouldn't change the permissions either
| }) | ||
| } | ||
|
|
||
| func checkWhitelist(target string, whitelist []string) bool { |
There was a problem hiding this comment.
I think you want something more precise than prefix matching. Something like /foo would block /foobar when it should only block /foo/bar
| func HasFilepathPrefix(path, prefix string) bool { | ||
| path = filepath.Clean(path) | ||
| prefix = filepath.Clean(prefix) | ||
| pathArray := strings.Split(path, "/") |
There was a problem hiding this comment.
Can you use filepath.Split here?
There was a problem hiding this comment.
I think it only splits along the last separator
|
|
||
| target := filepath.Join(path, header.Name) | ||
| // Make sure the target isn't part of the whitelist | ||
| if checkWhitelist(target, whitelist) { |
There was a problem hiding this comment.
A debug log here will come in handy later.
There was a problem hiding this comment.
I added it in the checkWhitelist function
pkg/util/tar_utils.go
Outdated
|
|
||
| func walkAndRemove(p string) error { | ||
| return filepath.Walk(p, func(path string, info os.FileInfo, err error) error { | ||
| if e := os.Chmod(path, 0777); e != nil { |
There was a problem hiding this comment.
Why do we need to chmod before removal?
There was a problem hiding this comment.
Ah sorry, I was trying something out and meant to remove that
Extract symlinks from the tarball, and also add support for a whitelist (files that would be ignored during extraction)