Commit graph

66 commits

Author SHA1 Message Date
Sebastiaan van Stijn
3424a7c2e3
pkg/*: fix "empty-lines" (revive)
pkg/directory/directory.go:9:49: empty-lines: extra empty line at the start of a block (revive)
    pkg/pubsub/publisher.go:8:48: empty-lines: extra empty line at the start of a block (revive)
    pkg/loopback/attach_loopback.go:96:69: empty-lines: extra empty line at the start of a block (revive)
    pkg/devicemapper/devmapper_wrapper.go:136:48: empty-lines: extra empty line at the start of a block (revive)
    pkg/devicemapper/devmapper.go:391:35: empty-lines: extra empty line at the end of a block (revive)
    pkg/devicemapper/devmapper.go:676:35: empty-lines: extra empty line at the end of a block (revive)
    pkg/archive/changes_posix_test.go:15:38: empty-lines: extra empty line at the end of a block (revive)
    pkg/devicemapper/devmapper.go:241:51: empty-lines: extra empty line at the start of a block (revive)
    pkg/fileutils/fileutils_test.go:17:47: empty-lines: extra empty line at the end of a block (revive)
    pkg/fileutils/fileutils_test.go:34:48: empty-lines: extra empty line at the end of a block (revive)
    pkg/fileutils/fileutils_test.go:318:32: empty-lines: extra empty line at the end of a block (revive)
    pkg/tailfile/tailfile.go:171:6: empty-lines: extra empty line at the end of a block (revive)
    pkg/tarsum/fileinfosums_test.go:16:41: empty-lines: extra empty line at the end of a block (revive)
    pkg/tarsum/tarsum_test.go:198:42: empty-lines: extra empty line at the start of a block (revive)
    pkg/tarsum/tarsum_test.go:294:25: empty-lines: extra empty line at the start of a block (revive)
    pkg/tarsum/tarsum_test.go:407:34: empty-lines: extra empty line at the end of a block (revive)
    pkg/ioutils/fswriters_test.go:52:45: empty-lines: extra empty line at the end of a block (revive)
    pkg/ioutils/writers_test.go:24:39: empty-lines: extra empty line at the end of a block (revive)
    pkg/ioutils/bytespipe_test.go:78:26: empty-lines: extra empty line at the end of a block (revive)
    pkg/sysinfo/sysinfo_linux_test.go:13:37: empty-lines: extra empty line at the end of a block (revive)
    pkg/archive/archive_linux_test.go:57:64: empty-lines: extra empty line at the end of a block (revive)
    pkg/archive/changes.go:248:72: empty-lines: extra empty line at the start of a block (revive)
    pkg/archive/changes_posix_test.go:15:38: empty-lines: extra empty line at the end of a block (revive)
    pkg/archive/copy.go:248:124: empty-lines: extra empty line at the end of a block (revive)
    pkg/archive/diff_test.go:198:44: empty-lines: extra empty line at the end of a block (revive)
    pkg/archive/archive.go:304:12: empty-lines: extra empty line at the end of a block (revive)
    pkg/archive/archive.go:749:37: empty-lines: extra empty line at the end of a block (revive)
    pkg/archive/archive.go:812:81: empty-lines: extra empty line at the start of a block (revive)
    pkg/archive/copy_unix_test.go:347:34: empty-lines: extra empty line at the end of a block (revive)
    pkg/system/path.go:11:39: empty-lines: extra empty line at the end of a block (revive)
    pkg/system/meminfo_linux.go:29:21: empty-lines: extra empty line at the end of a block (revive)
    pkg/plugins/plugins.go:135:32: empty-lines: extra empty line at the end of a block (revive)
    pkg/authorization/response.go:71:48: empty-lines: extra empty line at the start of a block (revive)
    pkg/authorization/api_test.go:18:51: empty-lines: extra empty line at the end of a block (revive)
    pkg/authorization/middleware_test.go:23:44: empty-lines: extra empty line at the end of a block (revive)
    pkg/authorization/middleware_unix_test.go:17:46: empty-lines: extra empty line at the end of a block (revive)
    pkg/authorization/api_test.go:57:45: empty-lines: extra empty line at the end of a block (revive)
    pkg/authorization/response.go:83:50: empty-lines: extra empty line at the start of a block (revive)
    pkg/authorization/api_test.go:66:47: empty-lines: extra empty line at the end of a block (revive)
    pkg/authorization/middleware_unix_test.go:45:48: empty-lines: extra empty line at the end of a block (revive)
    pkg/authorization/response.go:145:75: empty-lines: extra empty line at the start of a block (revive)
    pkg/authorization/middleware_unix_test.go:56:51: empty-lines: extra empty line at the end of a block (revive)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 412c650e05)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-30 23:59:25 +02:00
Cory Snider
833139f390 pkg/archive: audit gosec file-traversal lints
The recently-upgraded gosec linter has a rule for archive extraction
code which may be vulnerable to directory traversal attacks, a.k.a. Zip
Slip. Gosec's detection is unfortunately prone to false positives,
however: it flags any filepath.Join call with an argument derived from a
tar.Header value, irrespective of whether the resultant path is used for
filesystem operations or if directory traversal attacks are guarded
against.

All of the lint errors reported by gosec appear to be false positives.

Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-02-18 15:42:22 -05:00
Eng Zer Jun
c55a4ac779
refactor: move from io/ioutil to io and os package
The io/ioutil package has been deprecated in Go 1.16. This commit
replaces the existing io/ioutil functions with their new definitions in
io and os packages.

Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
2021-08-27 14:56:57 +08:00
Sebastiaan van Stijn
9f0b3f5609
bump gotest.tools v3.0.1 for compatibility with Go 1.14
full diff: https://github.com/gotestyourself/gotest.tools/compare/v2.3.0...v3.0.1

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-02-11 00:06:42 +01:00
Sebastiaan van Stijn
9419024554
gosec: add ignore comments for reported issues that can be ignored
```
builder/remotecontext/remote.go:48:        G107: Potential HTTP request made with variable url (gosec)
builder/remotecontext/git/gitutils.go:145: G107: Potential HTTP request made with variable url (gosec)
builder/remotecontext/git/gitutils.go:147: G107: Potential HTTP request made with variable url (gosec)
pkg/fileutils/fileutils_test.go:185:       G303: File creation in shared tmp directory without using ioutil.Tempfile (gosec)
pkg/tarsum/tarsum_test.go:7:               G501: Blacklisted import `crypto/md5`: weak cryptographic primitive (gosec)
pkg/tarsum/tarsum_test.go:9:               G505: Blacklisted import `crypto/sha1`: weak cryptographic primitive (gosec)
```

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-09-18 12:57:43 +02:00
Kir Kolyshkin
05cbe23db9 pkg/tarsum: fix unit test for Go 1.11+
Since go-1.11beta1 archive/tar, tar headers with Typeflag == TypeRegA
(numeric 0) (which is the default unless explicitly initialized) are
modified to have Typeflag set to either tar.TypeReg (character value
'0', not numeric 0) or tar.TypeDir (character value '5') [1].
This results in different Typeflag value in the resulting header,
leading to a different Checksum, and causing the following test
case errors:

> 12:09:14 --- FAIL: TestTarSums (0.05s)
> 12:09:14 tarsum_test.go:393: expecting
> [tarsum+sha256:8bf12d7e67c51ee2e8306cba569398b1b9f419969521a12ffb9d8875e8836738],
> but got
> [tarsum+sha256:75258b2c5dcd9adfe24ce71eeca5fc5019c7e669912f15703ede92b1a60cb11f]
> ... (etc.)

All the other code explicitly sets the Typeflag field, but this test
case is not, causing the incompatibility with Go 1.11. Therefore,
the fix is to set TypeReg explicitly, and change the expected checksums
in test cases).

Alternatively, we can vendor archive/tar again (for the 100th time),
but given that the issue is limited to the particular test case it
does not make sense.

This fixes the test for all Go versions.

[1] https://go-review.googlesource.com/c/go/+/85656

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2018-07-19 10:38:45 +03:00
Vincent Demeester
3845728524
Update tests to use gotest.tools 👼
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2018-06-13 09:04:30 +02:00
Derek McGowan
a422774e59
Fix tarsum for go 1.10
Remove invalid flush commands, flush should only occur when file
has been completely written. This is already handle, remove these calls.
Ensure data gets written after EOF in correct order and before close.
Remove gname and uname from sum for hash compatibility.
Update tarsum tests for gname/uname removal.
Return valid length after eof.

Signed-off-by: Derek McGowan <derek@mcgstyle.net>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-04-12 13:34:14 -07:00
Daniel Nephin
6be0f70983 Automated migration using
gty-migrate-from-testify --ignore-build-tags

Signed-off-by: Daniel Nephin <dnephin@docker.com>
2018-03-16 11:03:43 -04:00
Tonis Tiigi
f6c8266afd builder: fix wrong cache hits building from tars
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2018-02-15 23:42:42 -08:00
Daniel Nephin
4f0d95fa6e Add canonical import comment
Signed-off-by: Daniel Nephin <dnephin@docker.com>
2018-02-05 16:51:57 -05:00
John Howard
7caa30e893 Windows: Case-insensitive filename matching against builder cache
Signed-off-by: John Howard <jhoward@microsoft.com>
2017-12-14 13:49:40 -08:00
Daniel Nephin
09652bf878 Add ineffassign linter
Also enable GC in linting to reduce memory usage.

Signed-off-by: Daniel Nephin <dnephin@docker.com>
2017-09-08 18:23:21 -04:00
Tonis Tiigi
f95f58283b Add support for COPY from previous rootfs
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2017-03-23 15:12:15 -07:00
wefine
f78f7de96a fix t.Errorf to t.Error in serveral _test.go
Signed-off-by: wefine <wang.xiaoren@zte.com.cn>
2016-11-14 17:54:43 +08:00
allencloud
0ead624473 add defer file.Close to avoid potential fd leak
Signed-off-by: allencloud <allen.sun@daocloud.io>
2016-08-10 08:36:09 +08:00
Aaron Lehmann
8691a77e44 Fix build cache false positives when build context tar contains unnormalized paths
If a build context tar has path names of the form 'x/./y', they will be
stored in this unnormalized form internally by tarsum. When the builder
walks the untarred directory tree and queries hashes for each relative
path, it will query paths of the form 'x/y', and they will not be found.

To correct this, have tarsum normalize path names by calling Clean.

Add a test to detect this caching false positive.

Fixes #21715

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2016-04-14 17:57:45 -07:00
Jessica Frazelle
0e025b4bb1
fix variables that werent being called
Signed-off-by: Jessica Frazelle <acidburn@docker.com>
2016-03-17 13:19:55 -07:00
Victor Vieux
99a396902f fix common misspell
Signed-off-by: Victor Vieux <vieux@docker.com>
2016-02-11 15:49:36 -08:00
Justas Brazauskas
927b334ebf Fix typos found across repository
Signed-off-by: Justas Brazauskas <brazauskasjustas@gmail.com>
2015-12-13 18:04:12 +02:00
Alexander Morozov
270e8cf64d Fix golint warnings
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-11-02 08:02:25 -08:00
Vincent Batts
459451de8b tarsum: add a big fat warning
Signed-off-by: Vincent Batts <vbatts@redhat.com>
2015-08-25 16:50:08 -04:00
Aaron Lehmann
1f61084d83 Fix uses of "int" where "int64" should be used instead
Some structures use int for sizes and UNIX timestamps. On some
platforms, int is 32 bits, so this can lead to the year 2038 issues and
overflows when dealing with large containers or layers.

Consistently use int64 to store sizes and UNIX timestamps in
api/types/types.go. Update related to code accordingly (i.e.
strconv.FormatInt instead of strconv.Itoa).

Use int64 in progressreader package to avoid integer overflow when
dealing with large quantities. Update related code accordingly.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-07-31 16:31:40 -07:00
Vincent Demeester
18c7c67308 Lint on pkg/* packages
- pkg/useragent
- pkg/units
- pkg/ulimit
- pkg/truncindex
- pkg/timeoutconn
- pkg/term
- pkg/tarsum
- pkg/tailfile
- pkg/systemd
- pkg/stringutils
- pkg/stringid
- pkg/streamformatter
- pkg/sockets
- pkg/signal
- pkg/proxy
- pkg/progressreader
- pkg/pools
- pkg/plugins
- pkg/pidfile
- pkg/parsers
- pkg/parsers/filters
- pkg/parsers/kernel
- pkg/parsers/operatingsystem

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2015-07-27 21:26:21 +02:00
Mary Anthony
cd44018856 Carry of PR #13520
Removinig files

Signed-off-by: Mary Anthony <mary@docker.com>
2015-06-13 09:27:30 -07:00
Vincent Demeester
25f7d7822d Add test coverage for pkg/tarsum
And removing unused code.
- tarsum.go :
  NewTarSumHash could be non exported (for now)
  NewTarSumForLabel is never used, except for the tests
- fileinfosums.go:
  SortByPos is never used, except for the tests
- versionning.go:
  GetVersions is never used, expect for the tests

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2015-06-02 09:08:01 +02:00
Antonio Murdaca
15134a3320 Remove PortSpecs from Config
Signed-off-by: Antonio Murdaca <me@runcom.ninja>
2015-05-29 22:38:09 +02:00
Tianon Gravi
576985a1dc Finally remove our copy of "archive/tar" now that Go 1.4 is the minimum!
IT'S ABOUT TIME. 🎉

Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
2015-05-01 16:01:10 -06:00
Arnaud Porterie
89bdaa35e0 Remove subdirectories MAINTAINERS files
Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com>
2015-03-06 18:21:51 -08:00
Josh Hawn
ba3bad66f9 Always store images with tarsum.v1 checksum added
Updates `image.StoreImage()` to always ensure that images
that are installed in Docker have a tarsum.v1 checksum.

Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
2015-01-23 11:30:27 -08:00
Josh Hawn
213e3d1166 Add Tarsum Calculation during v2 Pull operation
While the v2 pull operation is writing the body of the layer blob to disk
it now computes the tarsum checksum of the archive before extracting it to
the backend storage driver. If the checksum does not match that from the
image manifest an error is raised.

Also adds more debug logging to the pull operation and fixes existing test
cases which were failing. Adds a reverse lookup constructor to the tarsum
package so that you can get a tarsum object using a checksum label.

Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
2015-01-15 14:05:05 -08:00
Doug Davis
6d801a3caa Have .dockerignore support Dockerfile/.dockerignore
If .dockerignore mentions either then the client will send them to the
daemon but the daemon will erase them after the Dockerfile has been parsed
to simulate them never being sent in the first place.

an events test kept failing for me so I tried to fix that too

Closes #8330

Signed-off-by: Doug Davis <dug@us.ibm.com>
2015-01-06 10:57:48 -08:00
unclejack
e7c0587d54 pkg/tarsum: delete the logging code
Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com>
2014-12-18 23:38:26 +02:00
Michael Crosby
428c263a6c Merge pull request #9099 from vbatts/vbatts-tarsum_spec
pkg/tarsum: specification on TarSum checksum algorithm
2014-12-10 10:24:48 -08:00
Josh Hawn
385917e22c Correctly close generated benchmark archives
Another update to TarSum tests, this patch fixes an issue where
the benchmarks were generating archives incorrectly by not closing
the tarWriter.

Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
2014-12-03 22:26:06 -08:00
Josh Hawn
92fd49f7ca Correct TarSum benchmarks: 9kTar and 9kTarGzip
These two cases did not actually read the same content with each iteration
of the benchmark. After the first read, the buffer was consumed. This patch
corrects this by using a bytes.Reader and seeking to the beginning of the
buffer at the beginning of each iteration.

Unfortunately, this benchmark was not actually as fast as we believed. But
the new results do bring its results closer to those of the other benchmarks.

Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
2014-12-03 10:44:05 -08:00
Josh Hawn
8d9e25dbdd Fix TarSum iteration test
I noticed that 3 of the tarsum test cases had expected a tarsum with
a sha256 hash of
  e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
As I've been working with sha256 quite a bit lately, it struck me that
this is the initial digest value for sha256, which means that no data
was processed. However, these tests *do* process data. It turns out that
there was a bug in the test handling code which did not wait for tarsum
to end completely. This patch corrects these test cases.

I'm unaware of anywhere else in the code base where this would be an issue,
though we definitily need to look out in the future to ensure we are
completing tarsum reads (waiting for EOF).

Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
2014-12-02 15:28:13 -08:00
unclejack
3db5ea1617 pkg/tarsum: add maintainers & add missing s
Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com>
2014-11-26 00:44:16 +02:00
Vincent Batts
7f84174109 tarsum: updates for jamtur01 comments
Signed-off-by: Vincent Batts <vbatts@redhat.com>
2014-11-24 23:18:48 -05:00
Vincent Batts
3d6e63e0c4 pkg/tarsum: review cleanup
Signed-off-by: Vincent Batts <vbatts@redhat.com>
2014-11-24 23:18:48 -05:00
Vincent Batts
3e08fb5ad2 pkg/tarsum: review amendments
(separate commit to preserve github conversation)

Signed-off-by: Vincent Batts <vbatts@redhat.com>
2014-11-24 23:18:48 -05:00
Vincent Batts
f30fee69b1 pkg/tarsum: specification on TarSum checksum
Signed-off-by: Vincent Batts <vbatts@redhat.com>
2014-11-24 23:18:47 -05:00
Michael Crosby
e820365b67 Merge pull request #9086 from vbatts/vbatts-tarsum_more_tests
pkg/tarsum: adding more tests
2014-11-21 17:12:55 -08:00
Josh Hawn
e257863a9a Add unit test for tarSum.Sum() with no data
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
2014-11-19 15:55:21 -05:00
Vincent Batts
6a74f071af pkg/tarsum: actually init the TarSum struct
closes #9241

Signed-off-by: Vincent Batts <vbatts@redhat.com>
2014-11-19 15:46:03 -05:00
Vincent Batts
5cd9b7513f pkg/tarsum: adding more tests
Ensuring case size of headers will still be accounted for.
https://github.com/docker/docker/pull/8869#discussion_r20114401

Signed-off-by: Vincent Batts <vbatts@redhat.com>
2014-11-11 08:48:11 -05:00
Josh Hawn
a7aa2c8ad2 Finalize TarSum Version 1 w/ refactor
The current Dev version of TarSum includes hashing of extended
file attributes and omits inclusion of modified time headers.

I refactored the logic around the version differences to make it
more clear that the difference between versions is in how tar
headers are selected and ordered.

TarSum Version 1 is now declared with the new Dev version continuing
to track it.

Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
2014-11-04 21:38:52 -08:00
Alexandr Morozov
7c62cee51e Use logrus everywhere for logging
Fixed #8761

Signed-off-by: Alexandr Morozov <lk4d4@docker.com>
2014-10-24 15:03:06 -07:00
Derek McGowan
5cdf7f5077 pkg/tarsum: fix panic with dynamic buffer
When read is called on a tarsum with a two different read sizes, specifically the second call larger than the first, the dynamic buffer does not get reallocated causing a slice read error.

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2014-09-25 15:58:35 -07:00
Vincent Batts
4e9925d780 tarsum: allow for alternate block ciphers
Not breaking the default cipher and algorithm for calculating checksums,
but allow for using alternate block ciphers during the checksum
calculation.

Docker-DCO-1.1-Signed-off-by: Vincent Batts <vbatts@redhat.com> (github: vbatts)
2014-09-18 10:34:58 -04:00