pkg/containerfs: deprecate ResolveScopedPath
If was a very shallow wrapper around symlink.FollowSymlinkInScope, so inline that code instead. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This commit is contained in:
Sebastiaan van Stijn
parent
90f37f48e2
commit
b8f2caa80a
5 changed files with 12 additions and 8 deletions
|
|
@ -17,13 +17,13 @@ import (
|
||||||
"github.com/docker/docker/builder/remotecontext"
|
"github.com/docker/docker/builder/remotecontext"
|
||||||
"github.com/docker/docker/builder/remotecontext/urlutil"
|
"github.com/docker/docker/builder/remotecontext/urlutil"
|
||||||
"github.com/docker/docker/pkg/archive"
|
"github.com/docker/docker/pkg/archive"
|
||||||
"github.com/docker/docker/pkg/containerfs"
|
|
||||||
"github.com/docker/docker/pkg/idtools"
|
"github.com/docker/docker/pkg/idtools"
|
||||||
"github.com/docker/docker/pkg/longpath"
|
"github.com/docker/docker/pkg/longpath"
|
||||||
"github.com/docker/docker/pkg/progress"
|
"github.com/docker/docker/pkg/progress"
|
||||||
"github.com/docker/docker/pkg/streamformatter"
|
"github.com/docker/docker/pkg/streamformatter"
|
||||||
"github.com/docker/docker/pkg/system"
|
"github.com/docker/docker/pkg/system"
|
||||||
"github.com/moby/buildkit/frontend/dockerfile/instructions"
|
"github.com/moby/buildkit/frontend/dockerfile/instructions"
|
||||||
|
"github.com/moby/sys/symlink"
|
||||||
ocispec "github.com/opencontainers/image-spec/specs-go/v1"
|
ocispec "github.com/opencontainers/image-spec/specs-go/v1"
|
||||||
"github.com/pkg/errors"
|
"github.com/pkg/errors"
|
||||||
)
|
)
|
||||||
|
|
@ -45,7 +45,7 @@ type copyInfo struct {
|
||||||
}
|
}
|
||||||
|
|
||||||
func (c copyInfo) fullPath() (string, error) {
|
func (c copyInfo) fullPath() (string, error) {
|
||||||
return containerfs.ResolveScopedPath(c.root, c.path)
|
return symlink.FollowSymlinkInScope(filepath.Join(c.root, c.path), c.root)
|
||||||
}
|
}
|
||||||
|
|
||||||
func newCopyInfoFromSource(source builder.Source, path string, hash string) copyInfo {
|
func newCopyInfoFromSource(source builder.Source, path string, hash string) copyInfo {
|
||||||
|
|
|
||||||
|
|
@ -8,9 +8,9 @@ import (
|
||||||
"github.com/docker/docker/builder"
|
"github.com/docker/docker/builder"
|
||||||
"github.com/docker/docker/pkg/archive"
|
"github.com/docker/docker/pkg/archive"
|
||||||
"github.com/docker/docker/pkg/chrootarchive"
|
"github.com/docker/docker/pkg/chrootarchive"
|
||||||
"github.com/docker/docker/pkg/containerfs"
|
|
||||||
"github.com/docker/docker/pkg/longpath"
|
"github.com/docker/docker/pkg/longpath"
|
||||||
"github.com/docker/docker/pkg/tarsum"
|
"github.com/docker/docker/pkg/tarsum"
|
||||||
|
"github.com/moby/sys/symlink"
|
||||||
"github.com/pkg/errors"
|
"github.com/pkg/errors"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
@ -117,7 +117,7 @@ func (c *archiveContext) Hash(path string) (string, error) {
|
||||||
|
|
||||||
func normalize(path string, root string) (cleanPath, fullPath string, err error) {
|
func normalize(path string, root string) (cleanPath, fullPath string, err error) {
|
||||||
cleanPath = filepath.Clean(string(filepath.Separator) + path)[1:]
|
cleanPath = filepath.Clean(string(filepath.Separator) + path)[1:]
|
||||||
fullPath, err = containerfs.ResolveScopedPath(root, path)
|
fullPath, err = symlink.FollowSymlinkInScope(filepath.Join(root, path), root)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return "", "", errors.Wrapf(err, "forbidden path outside the build context: %s (%s)", path, cleanPath)
|
return "", "", errors.Wrapf(err, "forbidden path outside the build context: %s (%s)", path, cleanPath)
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -6,6 +6,7 @@ import (
|
||||||
"fmt"
|
"fmt"
|
||||||
"io"
|
"io"
|
||||||
"os"
|
"os"
|
||||||
|
"path/filepath"
|
||||||
"runtime"
|
"runtime"
|
||||||
"strings"
|
"strings"
|
||||||
|
|
||||||
|
|
@ -15,10 +16,10 @@ import (
|
||||||
"github.com/docker/docker/builder"
|
"github.com/docker/docker/builder"
|
||||||
"github.com/docker/docker/builder/remotecontext/urlutil"
|
"github.com/docker/docker/builder/remotecontext/urlutil"
|
||||||
"github.com/docker/docker/errdefs"
|
"github.com/docker/docker/errdefs"
|
||||||
"github.com/docker/docker/pkg/containerfs"
|
|
||||||
"github.com/moby/buildkit/frontend/dockerfile/parser"
|
"github.com/moby/buildkit/frontend/dockerfile/parser"
|
||||||
"github.com/moby/patternmatcher"
|
"github.com/moby/patternmatcher"
|
||||||
"github.com/moby/patternmatcher/ignorefile"
|
"github.com/moby/patternmatcher/ignorefile"
|
||||||
|
"github.com/moby/sys/symlink"
|
||||||
"github.com/pkg/errors"
|
"github.com/pkg/errors"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
@ -177,7 +178,8 @@ func StatAt(remote builder.Source, path string) (os.FileInfo, error) {
|
||||||
|
|
||||||
// FullPath is a helper for getting a full path for a path from a source
|
// FullPath is a helper for getting a full path for a path from a source
|
||||||
func FullPath(remote builder.Source, path string) (string, error) {
|
func FullPath(remote builder.Source, path string) (string, error) {
|
||||||
fullPath, err := containerfs.ResolveScopedPath(remote.Root(), path)
|
remoteRoot := remote.Root()
|
||||||
|
fullPath, err := symlink.FollowSymlinkInScope(filepath.Join(remoteRoot, path), remoteRoot)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
if runtime.GOOS == "windows" {
|
if runtime.GOOS == "windows" {
|
||||||
return "", fmt.Errorf("failed to resolve scoped path %s (%s): %s. Possible cause is a forbidden path outside the build context", path, fullPath, err)
|
return "", fmt.Errorf("failed to resolve scoped path %s (%s): %s. Possible cause is a forbidden path outside the build context", path, fullPath, err)
|
||||||
|
|
|
||||||
|
|
@ -310,8 +310,8 @@ func (container *Container) GetResourcePath(path string) (string, error) {
|
||||||
return "", errors.New("GetResourcePath: BaseFS of container " + container.ID + " is unexpectedly empty")
|
return "", errors.New("GetResourcePath: BaseFS of container " + container.ID + " is unexpectedly empty")
|
||||||
}
|
}
|
||||||
// IMPORTANT - These are paths on the OS where the daemon is running, hence
|
// IMPORTANT - These are paths on the OS where the daemon is running, hence
|
||||||
// any filepath operations must be done in an OS agnostic way.
|
// any filepath operations must be done in an OS-agnostic way.
|
||||||
r, e := containerfs.ResolveScopedPath(container.BaseFS, containerfs.CleanScopedPath(path))
|
r, e := symlink.FollowSymlinkInScope(filepath.Join(container.BaseFS, containerfs.CleanScopedPath(path)), container.BaseFS)
|
||||||
|
|
||||||
// Log this here on the daemon side as there's otherwise no indication apart
|
// Log this here on the daemon side as there's otherwise no indication apart
|
||||||
// from the error being propagated all the way back to the client. This makes
|
// from the error being propagated all the way back to the client. This makes
|
||||||
|
|
|
||||||
|
|
@ -20,6 +20,8 @@ func CleanScopedPath(path string) string {
|
||||||
|
|
||||||
// ResolveScopedPath evaluates the given path scoped to the root.
|
// ResolveScopedPath evaluates the given path scoped to the root.
|
||||||
// For example, if root=/a, and path=/b/c, then this function would return /a/b/c.
|
// For example, if root=/a, and path=/b/c, then this function would return /a/b/c.
|
||||||
|
//
|
||||||
|
// Deprecated: use [symlink.FollowSymlinkInScope].
|
||||||
func ResolveScopedPath(root, path string) (string, error) {
|
func ResolveScopedPath(root, path string) (string, error) {
|
||||||
return symlink.FollowSymlinkInScope(filepath.Join(root, path), root)
|
return symlink.FollowSymlinkInScope(filepath.Join(root, path), root)
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue