diff --git a/pkg/imgpkg/bundle/contents.go b/pkg/imgpkg/bundle/contents.go index d7cdbc03f..e43e39b8d 100644 --- a/pkg/imgpkg/bundle/contents.go +++ b/pkg/imgpkg/bundle/contents.go @@ -27,6 +27,7 @@ type Contents struct { paths []string excludedPaths []string preservePermissions bool + ociTarPath string } //go:generate go run github.com/maxbrunsfeld/counterfeiter/v6 . ImagesMetadataWriter @@ -38,8 +39,8 @@ type ImagesMetadataWriter interface { } // NewContents creates Contents struct -func NewContents(paths []string, excludedPaths []string, preservePermissions bool) Contents { - return Contents{paths: paths, excludedPaths: excludedPaths, preservePermissions: preservePermissions} +func NewContents(paths []string, excludedPaths []string, preservePermissions bool, ociTarPath string) Contents { + return Contents{paths: paths, excludedPaths: excludedPaths, preservePermissions: preservePermissions, ociTarPath: ociTarPath} } // Push the contents of the bundle to the registry as an OCI Image @@ -54,7 +55,7 @@ func (b Contents) Push(uploadRef regname.Tag, labels map[string]string, registry } labels[BundleConfigLabel] = "true" - return plainimage.NewContents(b.paths, b.excludedPaths, b.preservePermissions).Push(uploadRef, labels, registry, logger) + return plainimage.NewContents(b.paths, b.excludedPaths, b.preservePermissions, b.ociTarPath).Push(uploadRef, labels, registry, logger) } // PresentsAsBundle checks if the provided folders have the needed structure to be a bundle diff --git a/pkg/imgpkg/bundle/contents_test.go b/pkg/imgpkg/bundle/contents_test.go index a5bc69f61..eac2377ca 100644 --- a/pkg/imgpkg/bundle/contents_test.go +++ b/pkg/imgpkg/bundle/contents_test.go @@ -38,7 +38,7 @@ images: fakeRegistry.ImageReturns(bundleImg, nil) t.Run("push is successful", func(t *testing.T) { - subject := bundle.NewContents([]string{bundleDir}, nil, false) + subject := bundle.NewContents([]string{bundleDir}, nil, false, "") imgTag, err := name.NewTag("my.registry.io/new-bundle:tag") if err != nil { t.Fatalf("failed to read tag: %s", err) @@ -72,7 +72,7 @@ images: fakeRegistry.ImageReturns(bundleImg, nil) t.Run("push is successful", func(t *testing.T) { - subject := bundle.NewContents([]string{bundleDir}, nil, false) + subject := bundle.NewContents([]string{bundleDir}, nil, false, "") imgTag, err := name.NewTag("my.registry.io/new-bundle:tag") if err != nil { t.Fatalf("failed to read tag: %s", err) diff --git a/pkg/imgpkg/bundle/locations_configs.go b/pkg/imgpkg/bundle/locations_configs.go index a6912bbd8..6ec7bc6f8 100644 --- a/pkg/imgpkg/bundle/locations_configs.go +++ b/pkg/imgpkg/bundle/locations_configs.go @@ -132,7 +132,7 @@ func (r LocationsConfigs) Save(reg ImagesMetadataWriter, bundleRef name.Digest, r.ui.Tracef("Pushing image\n") - _, err = plainimage.NewContents([]string{tmpDir}, nil, false).Push(locRef, nil, reg.CloneWithLogger(util.NewNoopProgressBar()), logger) + _, err = plainimage.NewContents([]string{tmpDir}, nil, false, "").Push(locRef, nil, reg.CloneWithLogger(util.NewNoopProgressBar()), logger) if err != nil { // Immutable tag errors within registries are not standardized. // Assume word "immutable" would be present in most cases. diff --git a/pkg/imgpkg/cmd/copy.go b/pkg/imgpkg/cmd/copy.go index ae3db0d2c..5ab4bcadd 100644 --- a/pkg/imgpkg/cmd/copy.go +++ b/pkg/imgpkg/cmd/copy.go @@ -23,6 +23,7 @@ type CopyOptions struct { ui ui.UI ImageFlags ImageFlags + OciFlags OciFlags BundleFlags BundleFlags LockInputFlags LockInputFlags LockOutputFlags LockOutputFlags @@ -72,6 +73,7 @@ func NewCopyCmd(o *CopyOptions) *cobra.Command { } o.ImageFlags.SetCopy(cmd) + o.OciFlags.Set(cmd) o.BundleFlags.SetCopy(cmd) o.LockInputFlags.Set(cmd) o.LockOutputFlags.SetOnCopy(cmd) @@ -125,6 +127,7 @@ func (c *CopyOptions) Run() error { repoSrc := CopyRepoSrc{ ImageFlags: c.ImageFlags, + OciFlags: c.OciFlags, BundleFlags: c.BundleFlags, LockInputFlags: c.LockInputFlags, TarFlags: c.TarFlags, @@ -261,6 +264,9 @@ func (c *CopyOptions) hasOneSrc() bool { seen = true } } + if c.OciFlags.IsOci() { + seen = true + } return seen } diff --git a/pkg/imgpkg/cmd/copy_repo_src.go b/pkg/imgpkg/cmd/copy_repo_src.go index 00a2b0a7f..4ef95ae3e 100644 --- a/pkg/imgpkg/cmd/copy_repo_src.go +++ b/pkg/imgpkg/cmd/copy_repo_src.go @@ -5,8 +5,10 @@ package cmd import ( "fmt" + "os" ctlbundle "carvel.dev/imgpkg/pkg/imgpkg/bundle" + "carvel.dev/imgpkg/pkg/imgpkg/image" "carvel.dev/imgpkg/pkg/imgpkg/imageset" ctlimgset "carvel.dev/imgpkg/pkg/imgpkg/imageset" "carvel.dev/imgpkg/pkg/imgpkg/imagetar" @@ -23,6 +25,7 @@ type SignatureRetriever interface { type CopyRepoSrc struct { ImageFlags ImageFlags + OciFlags OciFlags BundleFlags BundleFlags LockInputFlags LockInputFlags TarFlags TarFlags @@ -66,43 +69,67 @@ func (c CopyRepoSrc) CopyToRepo(repo string) (*ctlimgset.ProcessedImages, error) return nil, fmt.Errorf("Building import repository ref: %s", err) } - if c.TarFlags.IsSrc() { + if c.TarFlags.IsSrc() || c.OciFlags.IsOci() { if c.TarFlags.IsDst() { return nil, fmt.Errorf("Cannot use tar source (--tar) with tar destination (--to-tar)") } + if c.OciFlags.IsOci() { + tempDir, err := os.MkdirTemp("", "imgpkg-oci-extract-") + if err != nil { + return nil, err + } + defer os.RemoveAll(tempDir) + err = image.ExtractOciTarGz(c.OciFlags.OcitoReg, tempDir) + if err != nil { + return nil, fmt.Errorf("Extracting OCI tar: %s", err) + } + processedImages, err = c.tarImageSet.Import(tempDir, importRepo, c.registry, true) + if err != nil { + return nil, fmt.Errorf("Importing OCI tar: %s", err) + } + + } else { + processedImages, err = c.tarImageSet.Import(c.TarFlags.TarSrc, importRepo, c.registry, false) + if err != nil { + return nil, err + } + } - processedImages, err = c.tarImageSet.Import(c.TarFlags.TarSrc, importRepo, c.registry) if err != nil { return nil, err } - var parentBundle *ctlbundle.Bundle - foundRootBundle := false - for _, processedImage := range processedImages.All() { - if processedImage.ImageIndex != nil { - continue - } + // Cuurently when copying images from an oci-tar to a repository, imgpkg will not try to access the origin repositories and will only copy the OCI Image to the registry, + // similar to the behavior we currently have on the `imgpkg push` command. Adding `inflate` flag, to access the origin repos will be an future improvement. + if !c.OciFlags.IsOci() { + var parentBundle *ctlbundle.Bundle + foundRootBundle := false + for _, processedImage := range processedImages.All() { + if processedImage.ImageIndex != nil { + continue + } - if _, ok := processedImage.Labels[rootBundleLabelKey]; ok { - if foundRootBundle { - panic("Internal inconsistency: expected only 1 root bundle") + if _, ok := processedImage.Labels[rootBundleLabelKey]; ok { + if foundRootBundle { + panic("Internal inconsistency: expected only 1 root bundle") + } + foundRootBundle = true + pImage := plainimage.NewFetchedPlainImageWithTag(processedImage.DigestRef, processedImage.Tag, processedImage.Image) + lockReader := ctlbundle.NewImagesLockReader() + parentBundle = ctlbundle.NewBundle(pImage, c.registry, lockReader, ctlbundle.NewFetcherFromProcessedImages(processedImages.All(), c.registry, lockReader)) } - foundRootBundle = true - pImage := plainimage.NewFetchedPlainImageWithTag(processedImage.DigestRef, processedImage.Tag, processedImage.Image) - lockReader := ctlbundle.NewImagesLockReader() - parentBundle = ctlbundle.NewBundle(pImage, c.registry, lockReader, ctlbundle.NewFetcherFromProcessedImages(processedImages.All(), c.registry, lockReader)) } - } - if foundRootBundle { - bundles, _, err := parentBundle.AllImagesLockRefs(c.Concurrency, c.logger) - if err != nil { - return nil, err - } + if foundRootBundle { + bundles, _, err := parentBundle.AllImagesLockRefs(c.Concurrency, c.logger) + if err != nil { + return nil, err + } - for _, bundle := range bundles { - if err := bundle.NoteCopy(processedImages, c.registry, c.logger); err != nil { - return nil, fmt.Errorf("Creating copy information for bundle %s: %s", bundle.DigestRef(), err) + for _, bundle := range bundles { + if err := bundle.NoteCopy(processedImages, c.registry, c.logger); err != nil { + return nil, fmt.Errorf("Creating copy information for bundle %s: %s", bundle.DigestRef(), err) + } } } } diff --git a/pkg/imgpkg/cmd/oci_flags.go b/pkg/imgpkg/cmd/oci_flags.go new file mode 100644 index 000000000..417e76c0a --- /dev/null +++ b/pkg/imgpkg/cmd/oci_flags.go @@ -0,0 +1,23 @@ +// Copyright 2024 The Carvel Authors. +// SPDX-License-Identifier: Apache-2.0 + +package cmd + +import ( + "github.com/spf13/cobra" +) + +// OciFlags is a struct that holds the flags for the OCI tar file. +type OciFlags struct { + OcitoReg string + OciTar string +} + +// Set sets the flags for the OCI tar file. +func (o *OciFlags) Set(cmd *cobra.Command) { + cmd.Flags().StringVar(&o.OciTar, "to-oci-tar", "", "Set OciTarPath to be saved to disk (example: /path/file.tar)") + cmd.Flags().StringVar(&o.OcitoReg, "oci-tar", "", "Give path to OCI tar file (example: /path/file.tar)") +} + +// IsOci returns true if the OCI tar file is set. +func (o OciFlags) IsOci() bool { return o.OcitoReg != "" } diff --git a/pkg/imgpkg/cmd/push.go b/pkg/imgpkg/cmd/push.go index 0602389cc..e05eec215 100644 --- a/pkg/imgpkg/cmd/push.go +++ b/pkg/imgpkg/cmd/push.go @@ -20,6 +20,7 @@ type PushOptions struct { ui ui.UI ImageFlags ImageFlags + OciFlags OciFlags BundleFlags BundleFlags LockOutputFlags LockOutputFlags FileFlags FileFlags @@ -40,10 +41,14 @@ func NewPushCmd(o *PushOptions) *cobra.Command { # Push bundle repo/app1-config with contents of config/ directory imgpkg push -b repo/app1-config -f config/ + #Push bundle saving the tar as OCI tar + imgpkg push -b repo/app1-config -f config/ --to-oci-tar /path/to/file.tar + # Push image repo/app1-config with contents from multiple locations imgpkg push -i repo/app1-config -f config/ -f additional-config.yml`, } o.ImageFlags.Set(cmd) + o.OciFlags.Set(cmd) o.BundleFlags.Set(cmd) o.LockOutputFlags.SetOnPush(cmd) o.FileFlags.Set(cmd) @@ -104,7 +109,7 @@ func (po *PushOptions) pushBundle(registry registry.Registry) (string, error) { } logger := util.NewUILevelLogger(util.LogWarn, util.NewLogger(po.ui)) - imageURL, err := bundle.NewContents(po.FileFlags.Files, po.FileFlags.ExcludedFilePaths, po.FileFlags.PreservePermissions).Push(uploadRef, po.LabelFlags.Labels, registry, logger) + imageURL, err := bundle.NewContents(po.FileFlags.Files, po.FileFlags.ExcludedFilePaths, po.FileFlags.PreservePermissions, po.OciFlags.OciTar).Push(uploadRef, po.LabelFlags.Labels, registry, logger) if err != nil { return "", err } @@ -140,7 +145,7 @@ func (po *PushOptions) pushImage(registry registry.Registry) (string, error) { return "", fmt.Errorf("Parsing '%s': %s", po.ImageFlags.Image, err) } - isBundle, err := bundle.NewContents(po.FileFlags.Files, po.FileFlags.ExcludedFilePaths, po.FileFlags.PreservePermissions).PresentsAsBundle() + isBundle, err := bundle.NewContents(po.FileFlags.Files, po.FileFlags.ExcludedFilePaths, po.FileFlags.PreservePermissions, po.OciFlags.OciTar).PresentsAsBundle() if err != nil { return "", err } @@ -149,7 +154,7 @@ func (po *PushOptions) pushImage(registry registry.Registry) (string, error) { } logger := util.NewUILevelLogger(util.LogWarn, util.NewLogger(po.ui)) - return plainimage.NewContents(po.FileFlags.Files, po.FileFlags.ExcludedFilePaths, po.FileFlags.PreservePermissions).Push(uploadRef, po.LabelFlags.Labels, registry, logger) + return plainimage.NewContents(po.FileFlags.Files, po.FileFlags.ExcludedFilePaths, po.FileFlags.PreservePermissions, po.OciFlags.OciTar).Push(uploadRef, po.LabelFlags.Labels, registry, logger) } // validateFlags checks if the provided flags are valid diff --git a/pkg/imgpkg/image/tar_image.go b/pkg/imgpkg/image/tar_image.go index bcdd4f7ea..e850a9478 100644 --- a/pkg/imgpkg/image/tar_image.go +++ b/pkg/imgpkg/image/tar_image.go @@ -5,6 +5,7 @@ package image import ( "archive/tar" + "compress/gzip" "fmt" "io" "os" @@ -180,3 +181,117 @@ func (i *TarImage) isExcluded(relPath string) bool { } return false } + +// CreateOciTarFromFiles creates a oci tar from the obtained files in the open folder. +func CreateOciTarFromFiles(source, target string) error { + tarFile, err := os.Create(target) + if err != nil { + return err + } + defer tarFile.Close() + + gzipWriter := gzip.NewWriter(tarFile) + defer gzipWriter.Close() + + tarWriter := tar.NewWriter(gzipWriter) + defer tarWriter.Close() + + err = filepath.Walk(source, func(path string, info os.FileInfo, err error) error { + if err != nil { + return err + } + + header, err := tar.FileInfoHeader(info, "") + if err != nil { + return err + } + + header.Name, err = filepath.Rel(source, path) + if err != nil { + return err + } + + if err := tarWriter.WriteHeader(header); err != nil { + return err + } + + if !info.IsDir() { + file, err := os.Open(path) + if err != nil { + return err + } + defer file.Close() + + _, err = io.Copy(tarWriter, file) + if err != nil { + return err + } + } + + return nil + }) + if err != nil { + return err + } + + err = os.RemoveAll(source) + if err != nil { + return err + } + + return nil +} + +// ExtractOciTarGz extracts the oci tar file to the extractDir +func ExtractOciTarGz(inputDir, extractDir string) error { + if !strings.HasSuffix(inputDir, ".tar.gz") { + return fmt.Errorf("inputDir '%s' is not a tar.gz file", inputDir) + } + + tarGzFile, err := os.Open(inputDir) + if err != nil { + return err + } + defer tarGzFile.Close() + + gzipReader, err := gzip.NewReader(tarGzFile) + if err != nil { + return err + } + defer gzipReader.Close() + + // Create a tar reader + tarReader := tar.NewReader(gzipReader) + for { + header, err := tarReader.Next() + + if err == io.EOF { + break // End of archive + } + if err != nil { + return err + } + targetPath := filepath.Join(extractDir, header.Name) + + if header.FileInfo().IsDir() { + err := os.MkdirAll(targetPath, os.ModePerm) + if err != nil { + return err + } + continue + } + + file, err := os.Create(targetPath) + if err != nil { + return err + } + defer file.Close() + + _, err = io.Copy(file, tarReader) + if err != nil { + return err + } + } + + return nil +} diff --git a/pkg/imgpkg/imagedesc/image_intermediate.go b/pkg/imgpkg/imagedesc/image_intermediate.go new file mode 100644 index 000000000..c57d6d874 --- /dev/null +++ b/pkg/imgpkg/imagedesc/image_intermediate.go @@ -0,0 +1,156 @@ +// Copyright 2024 The Carvel Authors. +// SPDX-License-Identifier: Apache-2.0 + +package imagedesc + +import ( + regv1 "github.com/google/go-containerregistry/pkg/v1" + "github.com/google/go-containerregistry/pkg/v1/types" +) + +// ImageIndexIntermediate struct for ImageIndex to help in convertion to ImagIndexWithRef struct for oci image workflow.. +type ImageIndexIntermediate struct { + Index regv1.ImageIndex + ref string + tag string +} + +// ImageIntermediate struct for Image to help in convertion to ImageWithRef struct for oci image workflow. +type ImageIntermediate struct { + Image regv1.Image + ref string + tag string +} + +// Ref returns the reference in the imageintermediate struct. +func (mi ImageIntermediate) Ref() string { + return mi.ref +} + +// SetRef sets the reference in the imageintermediate struct. +func (mi *ImageIntermediate) SetRef(ref string) { + mi.ref = ref +} + +// Tag returns the tag value set in the imageintermediate struct. +func (mi ImageIntermediate) Tag() string { + return mi.tag +} + +// SetTag sets the tag value in the imageintermediate struct. +func (mi *ImageIntermediate) SetTag(tag string) { + mi.tag = tag +} + +// Layers returns the ordered collection of filesystem layers that comprise this image. +func (mi ImageIntermediate) Layers() ([]regv1.Layer, error) { + return mi.Image.Layers() +} + +// MediaType of the image's manifest. +func (mi ImageIntermediate) MediaType() (types.MediaType, error) { + return mi.Image.MediaType() +} + +// Size returns the size of the image. +func (mi ImageIntermediate) Size() (int64, error) { + return mi.Image.Size() +} + +// ConfigName returns the name of the image's configuration. +func (mi ImageIntermediate) ConfigName() (regv1.Hash, error) { + return mi.Image.ConfigName() +} + +// ConfigFile returns the image's config file. +func (mi ImageIntermediate) ConfigFile() (*regv1.ConfigFile, error) { + return mi.Image.ConfigFile() +} + +// RawConfigFile returns the serialized bytes of ConfigFile(). +func (mi ImageIntermediate) RawConfigFile() ([]byte, error) { + return mi.Image.RawConfigFile() +} + +// Digest returns the sha256 of this image's manifest. +func (mi ImageIntermediate) Digest() (regv1.Hash, error) { + return mi.Image.Digest() +} + +// Manifest returns this image's Manifest object. +func (mi ImageIntermediate) Manifest() (*regv1.Manifest, error) { + return mi.Image.Manifest() +} + +// RawManifest returns the serialized bytes of Manifest() +func (mi ImageIntermediate) RawManifest() ([]byte, error) { + return mi.Image.RawManifest() +} + +// LayerByDigest returns a Layer for interacting with a particular layer of the image, looking it up by "digest" (the compressed hash). +func (mi ImageIntermediate) LayerByDigest(h regv1.Hash) (regv1.Layer, error) { + return mi.Image.LayerByDigest(h) +} + +// LayerByDiffID is an analog to LayerByDigest, looking up by "diff id" (the uncompressed hash). +func (mi ImageIntermediate) LayerByDiffID(h regv1.Hash) (regv1.Layer, error) { + return mi.Image.LayerByDiffID(h) +} + +// Ref returns the reference in the imageindexintermediate struct. +func (mi ImageIndexIntermediate) Ref() string { + return mi.ref +} + +// SetRef sets the reference in the imageindexintermediate struct. +func (mi *ImageIndexIntermediate) SetRef(ref string) { + mi.ref = ref +} + +// Tag returns the tag value set in the imageindexintermediate struct. +func (mi ImageIndexIntermediate) Tag() string { + return mi.tag +} + +// SetTag sets the tag value in the imageindexintermediate struct. +func (mi *ImageIndexIntermediate) SetTag(tag string) { + mi.tag = tag +} + +// MediaType of the imageindex's manifest. +func (mi ImageIndexIntermediate) MediaType() (types.MediaType, error) { + return mi.Index.MediaType() +} + +// Digest returns the sha256 of this imageindex's manifest. +func (mi ImageIndexIntermediate) Digest() (regv1.Hash, error) { + return mi.Index.Digest() +} + +// Size returns the size of the imageindex. +func (mi ImageIndexIntermediate) Size() (int64, error) { + return mi.Index.Size() +} + +// IndexManifest returns this image index's manifest object. +func (mi ImageIndexIntermediate) IndexManifest() (*regv1.IndexManifest, error) { + return mi.Index.IndexManifest() +} + +// RawManifest returns the serialized bytes of IndexManifest(). +func (mi ImageIndexIntermediate) RawManifest() ([]byte, error) { + return mi.Index.RawManifest() +} + +// Image returns a v1.Image that this ImageIndex references. +func (mi ImageIndexIntermediate) Image(h regv1.Hash) (regv1.Image, error) { + return mi.Index.Image(h) +} + +// ImageIndex returns a v1.ImageIndex that this ImageIndex references. +func (mi ImageIndexIntermediate) ImageIndex(h regv1.Hash) (regv1.ImageIndex, error) { + return mi.Index.ImageIndex(h) +} + +var _ regv1.ImageIndex = ImageIndexIntermediate{} +var _ regv1.Image = ImageIntermediate{} diff --git a/pkg/imgpkg/imagedesc/types.go b/pkg/imgpkg/imagedesc/types.go index 5474ccd03..ddff09f41 100644 --- a/pkg/imgpkg/imagedesc/types.go +++ b/pkg/imgpkg/imagedesc/types.go @@ -18,6 +18,7 @@ type ImageOrIndex struct { OrigRef string } + type ImageWithRef interface { regv1.Image Ref() string diff --git a/pkg/imgpkg/imageset/tar_image_set.go b/pkg/imgpkg/imageset/tar_image_set.go index 2cbca60dd..8bf6d813c 100644 --- a/pkg/imgpkg/imageset/tar_image_set.go +++ b/pkg/imgpkg/imageset/tar_image_set.go @@ -123,10 +123,21 @@ func (i TarImageSet) Export(foundImages *UnprocessedImageRefs, outputPath string } // Import Copy tar with Images to the Registry -func (i *TarImageSet) Import(path string, importRepo regname.Repository, registry registry.ImagesReaderWriter) (*ProcessedImages, error) { - imgOrIndexes, err := imagetar.NewTarReader(path).Read() - if err != nil { - return nil, err +func (i *TarImageSet) Import(path string, importRepo regname.Repository, registry registry.ImagesReaderWriter, tarisoci bool) (*ProcessedImages, error) { + + var imgOrIndexes []imagedesc.ImageOrIndex + var err error + + if tarisoci { + imgOrIndexes, err = imagetar.NewTarReader(path).ReadOci(importRepo) + if err != nil { + return nil, err + } + } else { + imgOrIndexes, err = imagetar.NewTarReader(path).Read() + if err != nil { + return nil, err + } } processedImages, err := i.imageSet.Import(imgOrIndexes, importRepo, registry) diff --git a/pkg/imgpkg/imagetar/tar_reader.go b/pkg/imgpkg/imagetar/tar_reader.go index 964e24cd8..b27ed4971 100644 --- a/pkg/imgpkg/imagetar/tar_reader.go +++ b/pkg/imgpkg/imagetar/tar_reader.go @@ -6,11 +6,14 @@ package imagetar import ( "fmt" "io" + "os" + "path/filepath" "carvel.dev/imgpkg/pkg/imgpkg/imagedesc" "carvel.dev/imgpkg/pkg/imgpkg/imageutils/verify" "github.com/google/go-containerregistry/pkg/name" v1 "github.com/google/go-containerregistry/pkg/v1" + "github.com/google/go-containerregistry/pkg/v1/layout" ) type TarReader struct { @@ -32,6 +35,102 @@ func (r TarReader) Read() ([]imagedesc.ImageOrIndex, error) { return imagedesc.NewDescribedReader(ids, file).Read(), nil } +// ReadOci reads the OCI layout from the tar file and returns the image or index. Equivalent to Read() but for OCI layout +func (r TarReader) ReadOci(importRepo name.Repository) ([]imagedesc.ImageOrIndex, error) { + + stat, err := os.Stat(r.path) + if err != nil { + return nil, err + } + + if !stat.IsDir() { + return nil, fmt.Errorf("path %s is not a directory", r.path) + } + + _, err = os.Stat(filepath.Join(r.path, "oci-layout")) + if err != nil { + return nil, err + } + + l, err := layout.FromPath(r.path) + if err != nil { + return nil, err + } + + ii, err := l.ImageIndex() + if err != nil { + return nil, fmt.Errorf("Unable to read image index: %s", err) + } + m, err := ii.IndexManifest() + if err != nil { + return nil, fmt.Errorf("Unable to read index manifest: %s", err) + } + desc := m.Manifests[0] + + var ImageIntermediate imagedesc.ImageIntermediate + var ImageIndexIntermediate imagedesc.ImageIndexIntermediate + var ref string + imageOrIndex := imagedesc.ImageOrIndex{ + Image: nil, + Index: nil, + Labels: map[string]string{ + "dev.carvel.imgpkg.copy.root-bundle": "", + }, + OrigRef: "", + } + + if desc.MediaType.IsImage() { + img, err := ii.Image(desc.Digest) + if err != nil { + return nil, err + } + + ImageIntermediate = imagedesc.ImageIntermediate{ + Image: img, + } + + digest, err := img.Digest() + if err != nil { + return nil, fmt.Errorf("Unable to get digest from image: %s", err) + } + digestStr := digest.String() + ref = importRepo.Name() + "@" + digestStr + + ImageIntermediate.SetRef(ref) + + var b imagedesc.ImageWithRef = ImageIntermediate + imageOrIndex.Image = &b + + } else if desc.MediaType.IsIndex() { + idx, err := ii.ImageIndex(desc.Digest) + if err != nil { + return nil, err + } + ImageIndexIntermediate = imagedesc.ImageIndexIntermediate{ + Index: idx, + } + + digest, err := idx.Digest() + if err != nil { + return nil, fmt.Errorf("Unable to get digest from index: %s", err) + } + digestStr := digest.String() + ref = importRepo.Name() + "@" + digestStr + ImageIndexIntermediate.SetRef(ref) + + var b imagedesc.ImageIndexWithRef = ImageIndexIntermediate + imageOrIndex.Index = &b + + } else { + return nil, fmt.Errorf("Unexpected media type: %s", desc.MediaType) + } + + var imageOrIndexSlice []imagedesc.ImageOrIndex + imageOrIndexSlice = append(imageOrIndexSlice, imageOrIndex) + + return imageOrIndexSlice, nil +} + // PresentLayers retrieves all the layers that are present in a tar file func (r TarReader) PresentLayers() ([]v1.Layer, error) { var result []v1.Layer diff --git a/pkg/imgpkg/plainimage/contents.go b/pkg/imgpkg/plainimage/contents.go index ff3754635..e6a64153f 100644 --- a/pkg/imgpkg/plainimage/contents.go +++ b/pkg/imgpkg/plainimage/contents.go @@ -13,6 +13,8 @@ import ( "carvel.dev/imgpkg/pkg/imgpkg/internal/util" regname "github.com/google/go-containerregistry/pkg/name" regv1 "github.com/google/go-containerregistry/pkg/v1" + "github.com/google/go-containerregistry/pkg/v1/empty" + "github.com/google/go-containerregistry/pkg/v1/layout" regremote "github.com/google/go-containerregistry/pkg/v1/remote" ) @@ -21,6 +23,7 @@ type Contents struct { paths []string excludedPaths []string preservePermissions bool + ociTarPath string } // ImagesWriter defines the needed functions to write to the registry @@ -30,8 +33,8 @@ type ImagesWriter interface { } // NewContents creates the struct that represent an OCI Image based on the provided paths -func NewContents(paths []string, excludedPaths []string, preservePermissions bool) Contents { - return Contents{paths: paths, excludedPaths: excludedPaths, preservePermissions: preservePermissions} +func NewContents(paths []string, excludedPaths []string, preservePermissions bool, ociTarPath string) Contents { + return Contents{paths: paths, excludedPaths: excludedPaths, preservePermissions: preservePermissions, ociTarPath: ociTarPath} } // Push the OCI Image to the registry @@ -48,6 +51,23 @@ func (i Contents) Push(uploadRef regname.Tag, labels map[string]string, writer I return "", err } + if i.ociTarPath != "" { + p, err := layout.FromPath(i.ociTarPath) + if err != nil { + p, err = layout.Write(i.ociTarPath, empty.Index) + if err != nil { + return "", err + } + } + if err = p.AppendImage(img); err != nil { + return "", err + } + err = ctlimg.CreateOciTarFromFiles(i.ociTarPath, i.ociTarPath+".tar.gz") + if err != nil { + return "", err + } + } + defer img.Remove() err = writer.WriteImage(uploadRef, img, nil) diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/layout/README.md b/vendor/github.com/google/go-containerregistry/pkg/v1/layout/README.md new file mode 100644 index 000000000..54bee6d9f --- /dev/null +++ b/vendor/github.com/google/go-containerregistry/pkg/v1/layout/README.md @@ -0,0 +1,5 @@ +# `layout` + +[![GoDoc](https://godoc.org/github.com/google/go-containerregistry/pkg/v1/layout?status.svg)](https://godoc.org/github.com/google/go-containerregistry/pkg/v1/layout) + +The `layout` package implements support for interacting with an [OCI Image Layout](https://github.com/opencontainers/image-spec/blob/master/image-layout.md). diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/layout/blob.go b/vendor/github.com/google/go-containerregistry/pkg/v1/layout/blob.go new file mode 100644 index 000000000..2e5f4358d --- /dev/null +++ b/vendor/github.com/google/go-containerregistry/pkg/v1/layout/blob.go @@ -0,0 +1,37 @@ +// Copyright 2018 Google LLC All Rights Reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package layout + +import ( + "io" + "os" + + v1 "github.com/google/go-containerregistry/pkg/v1" +) + +// Blob returns a blob with the given hash from the Path. +func (l Path) Blob(h v1.Hash) (io.ReadCloser, error) { + return os.Open(l.blobPath(h)) +} + +// Bytes is a convenience function to return a blob from the Path as +// a byte slice. +func (l Path) Bytes(h v1.Hash) ([]byte, error) { + return os.ReadFile(l.blobPath(h)) +} + +func (l Path) blobPath(h v1.Hash) string { + return l.path("blobs", h.Algorithm, h.Hex) +} diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/layout/doc.go b/vendor/github.com/google/go-containerregistry/pkg/v1/layout/doc.go new file mode 100644 index 000000000..d80d27363 --- /dev/null +++ b/vendor/github.com/google/go-containerregistry/pkg/v1/layout/doc.go @@ -0,0 +1,19 @@ +// Copyright 2018 Google LLC All Rights Reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Package layout provides facilities for reading/writing artifacts from/to +// an OCI image layout on disk, see: +// +// https://github.com/opencontainers/image-spec/blob/master/image-layout.md +package layout diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/layout/gc.go b/vendor/github.com/google/go-containerregistry/pkg/v1/layout/gc.go new file mode 100644 index 000000000..5fdb2c05d --- /dev/null +++ b/vendor/github.com/google/go-containerregistry/pkg/v1/layout/gc.go @@ -0,0 +1,137 @@ +// Copyright 2018 Google LLC All Rights Reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// This is an EXPERIMENTAL package, and may change in arbitrary ways without notice. +package layout + +import ( + "fmt" + "io/fs" + "path/filepath" + "strings" + + v1 "github.com/google/go-containerregistry/pkg/v1" +) + +// GarbageCollect removes unreferenced blobs from the oci-layout +// +// This is an experimental api, and not subject to any stability guarantees +// We may abandon it at any time, without prior notice. +// Deprecated: Use it at your own risk! +func (l Path) GarbageCollect() ([]v1.Hash, error) { + idx, err := l.ImageIndex() + if err != nil { + return nil, err + } + blobsToKeep := map[string]bool{} + if err := l.garbageCollectImageIndex(idx, blobsToKeep); err != nil { + return nil, err + } + blobsDir := l.path("blobs") + removedBlobs := []v1.Hash{} + + err = filepath.WalkDir(blobsDir, func(path string, d fs.DirEntry, err error) error { + if err != nil { + return err + } + + if d.IsDir() { + return nil + } + + rel, err := filepath.Rel(blobsDir, path) + if err != nil { + return err + } + hashString := strings.Replace(rel, "/", ":", 1) + if present := blobsToKeep[hashString]; !present { + h, err := v1.NewHash(hashString) + if err != nil { + return err + } + removedBlobs = append(removedBlobs, h) + } + return nil + }) + + if err != nil { + return nil, err + } + + return removedBlobs, nil +} + +func (l Path) garbageCollectImageIndex(index v1.ImageIndex, blobsToKeep map[string]bool) error { + idxm, err := index.IndexManifest() + if err != nil { + return err + } + + h, err := index.Digest() + if err != nil { + return err + } + + blobsToKeep[h.String()] = true + + for _, descriptor := range idxm.Manifests { + if descriptor.MediaType.IsImage() { + img, err := index.Image(descriptor.Digest) + if err != nil { + return err + } + if err := l.garbageCollectImage(img, blobsToKeep); err != nil { + return err + } + } else if descriptor.MediaType.IsIndex() { + idx, err := index.ImageIndex(descriptor.Digest) + if err != nil { + return err + } + if err := l.garbageCollectImageIndex(idx, blobsToKeep); err != nil { + return err + } + } else { + return fmt.Errorf("gc: unknown media type: %s", descriptor.MediaType) + } + } + return nil +} + +func (l Path) garbageCollectImage(image v1.Image, blobsToKeep map[string]bool) error { + h, err := image.Digest() + if err != nil { + return err + } + blobsToKeep[h.String()] = true + + h, err = image.ConfigName() + if err != nil { + return err + } + blobsToKeep[h.String()] = true + + ls, err := image.Layers() + if err != nil { + return err + } + for _, l := range ls { + h, err := l.Digest() + if err != nil { + return err + } + blobsToKeep[h.String()] = true + } + return nil +} diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/layout/image.go b/vendor/github.com/google/go-containerregistry/pkg/v1/layout/image.go new file mode 100644 index 000000000..c9ae9665c --- /dev/null +++ b/vendor/github.com/google/go-containerregistry/pkg/v1/layout/image.go @@ -0,0 +1,139 @@ +// Copyright 2018 Google LLC All Rights Reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package layout + +import ( + "fmt" + "io" + "os" + "sync" + + v1 "github.com/google/go-containerregistry/pkg/v1" + "github.com/google/go-containerregistry/pkg/v1/partial" + "github.com/google/go-containerregistry/pkg/v1/types" +) + +type layoutImage struct { + path Path + desc v1.Descriptor + manifestLock sync.Mutex // Protects rawManifest + rawManifest []byte +} + +var _ partial.CompressedImageCore = (*layoutImage)(nil) + +// Image reads a v1.Image with digest h from the Path. +func (l Path) Image(h v1.Hash) (v1.Image, error) { + ii, err := l.ImageIndex() + if err != nil { + return nil, err + } + + return ii.Image(h) +} + +func (li *layoutImage) MediaType() (types.MediaType, error) { + return li.desc.MediaType, nil +} + +// Implements WithManifest for partial.Blobset. +func (li *layoutImage) Manifest() (*v1.Manifest, error) { + return partial.Manifest(li) +} + +func (li *layoutImage) RawManifest() ([]byte, error) { + li.manifestLock.Lock() + defer li.manifestLock.Unlock() + if li.rawManifest != nil { + return li.rawManifest, nil + } + + b, err := li.path.Bytes(li.desc.Digest) + if err != nil { + return nil, err + } + + li.rawManifest = b + return li.rawManifest, nil +} + +func (li *layoutImage) RawConfigFile() ([]byte, error) { + manifest, err := li.Manifest() + if err != nil { + return nil, err + } + + return li.path.Bytes(manifest.Config.Digest) +} + +func (li *layoutImage) LayerByDigest(h v1.Hash) (partial.CompressedLayer, error) { + manifest, err := li.Manifest() + if err != nil { + return nil, err + } + + if h == manifest.Config.Digest { + return &compressedBlob{ + path: li.path, + desc: manifest.Config, + }, nil + } + + for _, desc := range manifest.Layers { + if h == desc.Digest { + return &compressedBlob{ + path: li.path, + desc: desc, + }, nil + } + } + + return nil, fmt.Errorf("could not find layer in image: %s", h) +} + +type compressedBlob struct { + path Path + desc v1.Descriptor +} + +func (b *compressedBlob) Digest() (v1.Hash, error) { + return b.desc.Digest, nil +} + +func (b *compressedBlob) Compressed() (io.ReadCloser, error) { + return b.path.Blob(b.desc.Digest) +} + +func (b *compressedBlob) Size() (int64, error) { + return b.desc.Size, nil +} + +func (b *compressedBlob) MediaType() (types.MediaType, error) { + return b.desc.MediaType, nil +} + +// Descriptor implements partial.withDescriptor. +func (b *compressedBlob) Descriptor() (*v1.Descriptor, error) { + return &b.desc, nil +} + +// See partial.Exists. +func (b *compressedBlob) Exists() (bool, error) { + _, err := os.Stat(b.path.blobPath(b.desc.Digest)) + if os.IsNotExist(err) { + return false, nil + } + return err == nil, err +} diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/layout/index.go b/vendor/github.com/google/go-containerregistry/pkg/v1/layout/index.go new file mode 100644 index 000000000..7404f186b --- /dev/null +++ b/vendor/github.com/google/go-containerregistry/pkg/v1/layout/index.go @@ -0,0 +1,161 @@ +// Copyright 2018 Google LLC All Rights Reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package layout + +import ( + "encoding/json" + "errors" + "fmt" + "io" + "os" + + v1 "github.com/google/go-containerregistry/pkg/v1" + "github.com/google/go-containerregistry/pkg/v1/partial" + "github.com/google/go-containerregistry/pkg/v1/types" +) + +var _ v1.ImageIndex = (*layoutIndex)(nil) + +type layoutIndex struct { + mediaType types.MediaType + path Path + rawIndex []byte +} + +// ImageIndexFromPath is a convenience function which constructs a Path and returns its v1.ImageIndex. +func ImageIndexFromPath(path string) (v1.ImageIndex, error) { + lp, err := FromPath(path) + if err != nil { + return nil, err + } + return lp.ImageIndex() +} + +// ImageIndex returns a v1.ImageIndex for the Path. +func (l Path) ImageIndex() (v1.ImageIndex, error) { + rawIndex, err := os.ReadFile(l.path("index.json")) + if err != nil { + return nil, err + } + + idx := &layoutIndex{ + mediaType: types.OCIImageIndex, + path: l, + rawIndex: rawIndex, + } + + return idx, nil +} + +func (i *layoutIndex) MediaType() (types.MediaType, error) { + return i.mediaType, nil +} + +func (i *layoutIndex) Digest() (v1.Hash, error) { + return partial.Digest(i) +} + +func (i *layoutIndex) Size() (int64, error) { + return partial.Size(i) +} + +func (i *layoutIndex) IndexManifest() (*v1.IndexManifest, error) { + var index v1.IndexManifest + err := json.Unmarshal(i.rawIndex, &index) + return &index, err +} + +func (i *layoutIndex) RawManifest() ([]byte, error) { + return i.rawIndex, nil +} + +func (i *layoutIndex) Image(h v1.Hash) (v1.Image, error) { + // Look up the digest in our manifest first to return a better error. + desc, err := i.findDescriptor(h) + if err != nil { + return nil, err + } + + if !isExpectedMediaType(desc.MediaType, types.OCIManifestSchema1, types.DockerManifestSchema2) { + return nil, fmt.Errorf("unexpected media type for %v: %s", h, desc.MediaType) + } + + img := &layoutImage{ + path: i.path, + desc: *desc, + } + return partial.CompressedToImage(img) +} + +func (i *layoutIndex) ImageIndex(h v1.Hash) (v1.ImageIndex, error) { + // Look up the digest in our manifest first to return a better error. + desc, err := i.findDescriptor(h) + if err != nil { + return nil, err + } + + if !isExpectedMediaType(desc.MediaType, types.OCIImageIndex, types.DockerManifestList) { + return nil, fmt.Errorf("unexpected media type for %v: %s", h, desc.MediaType) + } + + rawIndex, err := i.path.Bytes(h) + if err != nil { + return nil, err + } + + return &layoutIndex{ + mediaType: desc.MediaType, + path: i.path, + rawIndex: rawIndex, + }, nil +} + +func (i *layoutIndex) Blob(h v1.Hash) (io.ReadCloser, error) { + return i.path.Blob(h) +} + +func (i *layoutIndex) findDescriptor(h v1.Hash) (*v1.Descriptor, error) { + im, err := i.IndexManifest() + if err != nil { + return nil, err + } + + if h == (v1.Hash{}) { + if len(im.Manifests) != 1 { + return nil, errors.New("oci layout must contain only a single image to be used with layout.Image") + } + return &(im.Manifests)[0], nil + } + + for _, desc := range im.Manifests { + if desc.Digest == h { + return &desc, nil + } + } + + return nil, fmt.Errorf("could not find descriptor in index: %s", h) +} + +// TODO: Pull this out into methods on types.MediaType? e.g. instead, have: +// * mt.IsIndex() +// * mt.IsImage() +func isExpectedMediaType(mt types.MediaType, expected ...types.MediaType) bool { + for _, allowed := range expected { + if mt == allowed { + return true + } + } + return false +} diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/layout/layoutpath.go b/vendor/github.com/google/go-containerregistry/pkg/v1/layout/layoutpath.go new file mode 100644 index 000000000..a031ff5ae --- /dev/null +++ b/vendor/github.com/google/go-containerregistry/pkg/v1/layout/layoutpath.go @@ -0,0 +1,25 @@ +// Copyright 2019 The original author or authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package layout + +import "path/filepath" + +// Path represents an OCI image layout rooted in a file system path +type Path string + +func (l Path) path(elem ...string) string { + complete := []string{string(l)} + return filepath.Join(append(complete, elem...)...) +} diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/layout/options.go b/vendor/github.com/google/go-containerregistry/pkg/v1/layout/options.go new file mode 100644 index 000000000..a26f9f371 --- /dev/null +++ b/vendor/github.com/google/go-containerregistry/pkg/v1/layout/options.go @@ -0,0 +1,71 @@ +// Copyright 2019 Google LLC All Rights Reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package layout + +import v1 "github.com/google/go-containerregistry/pkg/v1" + +// Option is a functional option for Layout. +type Option func(*options) + +type options struct { + descOpts []descriptorOption +} + +func makeOptions(opts ...Option) *options { + o := &options{ + descOpts: []descriptorOption{}, + } + for _, apply := range opts { + apply(o) + } + return o +} + +type descriptorOption func(*v1.Descriptor) + +// WithAnnotations adds annotations to the artifact descriptor. +func WithAnnotations(annotations map[string]string) Option { + return func(o *options) { + o.descOpts = append(o.descOpts, func(desc *v1.Descriptor) { + if desc.Annotations == nil { + desc.Annotations = make(map[string]string) + } + for k, v := range annotations { + desc.Annotations[k] = v + } + }) + } +} + +// WithURLs adds urls to the artifact descriptor. +func WithURLs(urls []string) Option { + return func(o *options) { + o.descOpts = append(o.descOpts, func(desc *v1.Descriptor) { + if desc.URLs == nil { + desc.URLs = []string{} + } + desc.URLs = append(desc.URLs, urls...) + }) + } +} + +// WithPlatform sets the platform of the artifact descriptor. +func WithPlatform(platform v1.Platform) Option { + return func(o *options) { + o.descOpts = append(o.descOpts, func(desc *v1.Descriptor) { + desc.Platform = &platform + }) + } +} diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/layout/read.go b/vendor/github.com/google/go-containerregistry/pkg/v1/layout/read.go new file mode 100644 index 000000000..796abc7dd --- /dev/null +++ b/vendor/github.com/google/go-containerregistry/pkg/v1/layout/read.go @@ -0,0 +1,32 @@ +// Copyright 2019 The original author or authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package layout + +import ( + "os" + "path/filepath" +) + +// FromPath reads an OCI image layout at path and constructs a layout.Path. +func FromPath(path string) (Path, error) { + // TODO: check oci-layout exists + + _, err := os.Stat(filepath.Join(path, "index.json")) + if err != nil { + return "", err + } + + return Path(path), nil +} diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/layout/write.go b/vendor/github.com/google/go-containerregistry/pkg/v1/layout/write.go new file mode 100644 index 000000000..d6e35c391 --- /dev/null +++ b/vendor/github.com/google/go-containerregistry/pkg/v1/layout/write.go @@ -0,0 +1,482 @@ +// Copyright 2018 Google LLC All Rights Reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package layout + +import ( + "bytes" + "encoding/json" + "errors" + "fmt" + "io" + "os" + "path/filepath" + + "github.com/google/go-containerregistry/pkg/logs" + v1 "github.com/google/go-containerregistry/pkg/v1" + "github.com/google/go-containerregistry/pkg/v1/match" + "github.com/google/go-containerregistry/pkg/v1/mutate" + "github.com/google/go-containerregistry/pkg/v1/partial" + "github.com/google/go-containerregistry/pkg/v1/stream" + "github.com/google/go-containerregistry/pkg/v1/types" + "golang.org/x/sync/errgroup" +) + +var layoutFile = `{ + "imageLayoutVersion": "1.0.0" +}` + +// AppendImage writes a v1.Image to the Path and updates +// the index.json to reference it. +func (l Path) AppendImage(img v1.Image, options ...Option) error { + if err := l.WriteImage(img); err != nil { + return err + } + + desc, err := partial.Descriptor(img) + if err != nil { + return err + } + + o := makeOptions(options...) + for _, opt := range o.descOpts { + opt(desc) + } + + return l.AppendDescriptor(*desc) +} + +// AppendIndex writes a v1.ImageIndex to the Path and updates +// the index.json to reference it. +func (l Path) AppendIndex(ii v1.ImageIndex, options ...Option) error { + if err := l.WriteIndex(ii); err != nil { + return err + } + + desc, err := partial.Descriptor(ii) + if err != nil { + return err + } + + o := makeOptions(options...) + for _, opt := range o.descOpts { + opt(desc) + } + + return l.AppendDescriptor(*desc) +} + +// AppendDescriptor adds a descriptor to the index.json of the Path. +func (l Path) AppendDescriptor(desc v1.Descriptor) error { + ii, err := l.ImageIndex() + if err != nil { + return err + } + + index, err := ii.IndexManifest() + if err != nil { + return err + } + + index.Manifests = append(index.Manifests, desc) + + rawIndex, err := json.MarshalIndent(index, "", " ") + if err != nil { + return err + } + + return l.WriteFile("index.json", rawIndex, os.ModePerm) +} + +// ReplaceImage writes a v1.Image to the Path and updates +// the index.json to reference it, replacing any existing one that matches matcher, if found. +func (l Path) ReplaceImage(img v1.Image, matcher match.Matcher, options ...Option) error { + if err := l.WriteImage(img); err != nil { + return err + } + + return l.replaceDescriptor(img, matcher, options...) +} + +// ReplaceIndex writes a v1.ImageIndex to the Path and updates +// the index.json to reference it, replacing any existing one that matches matcher, if found. +func (l Path) ReplaceIndex(ii v1.ImageIndex, matcher match.Matcher, options ...Option) error { + if err := l.WriteIndex(ii); err != nil { + return err + } + + return l.replaceDescriptor(ii, matcher, options...) +} + +// replaceDescriptor adds a descriptor to the index.json of the Path, replacing +// any one matching matcher, if found. +func (l Path) replaceDescriptor(append mutate.Appendable, matcher match.Matcher, options ...Option) error { + ii, err := l.ImageIndex() + if err != nil { + return err + } + + desc, err := partial.Descriptor(append) + if err != nil { + return err + } + + o := makeOptions(options...) + for _, opt := range o.descOpts { + opt(desc) + } + + add := mutate.IndexAddendum{ + Add: append, + Descriptor: *desc, + } + ii = mutate.AppendManifests(mutate.RemoveManifests(ii, matcher), add) + + index, err := ii.IndexManifest() + if err != nil { + return err + } + + rawIndex, err := json.MarshalIndent(index, "", " ") + if err != nil { + return err + } + + return l.WriteFile("index.json", rawIndex, os.ModePerm) +} + +// RemoveDescriptors removes any descriptors that match the match.Matcher from the index.json of the Path. +func (l Path) RemoveDescriptors(matcher match.Matcher) error { + ii, err := l.ImageIndex() + if err != nil { + return err + } + ii = mutate.RemoveManifests(ii, matcher) + + index, err := ii.IndexManifest() + if err != nil { + return err + } + + rawIndex, err := json.MarshalIndent(index, "", " ") + if err != nil { + return err + } + + return l.WriteFile("index.json", rawIndex, os.ModePerm) +} + +// WriteFile write a file with arbitrary data at an arbitrary location in a v1 +// layout. Used mostly internally to write files like "oci-layout" and +// "index.json", also can be used to write other arbitrary files. Do *not* use +// this to write blobs. Use only WriteBlob() for that. +func (l Path) WriteFile(name string, data []byte, perm os.FileMode) error { + if err := os.MkdirAll(l.path(), os.ModePerm); err != nil && !os.IsExist(err) { + return err + } + + return os.WriteFile(l.path(name), data, perm) +} + +// WriteBlob copies a file to the blobs/ directory in the Path from the given ReadCloser at +// blobs/{hash.Algorithm}/{hash.Hex}. +func (l Path) WriteBlob(hash v1.Hash, r io.ReadCloser) error { + return l.writeBlob(hash, -1, r, nil) +} + +func (l Path) writeBlob(hash v1.Hash, size int64, rc io.ReadCloser, renamer func() (v1.Hash, error)) error { + defer rc.Close() + if hash.Hex == "" && renamer == nil { + panic("writeBlob called an invalid hash and no renamer") + } + + dir := l.path("blobs", hash.Algorithm) + if err := os.MkdirAll(dir, os.ModePerm); err != nil && !os.IsExist(err) { + return err + } + + // Check if blob already exists and is the correct size + file := filepath.Join(dir, hash.Hex) + if s, err := os.Stat(file); err == nil && !s.IsDir() && (s.Size() == size || size == -1) { + return nil + } + + // If a renamer func was provided write to a temporary file + open := func() (*os.File, error) { return os.Create(file) } + if renamer != nil { + open = func() (*os.File, error) { return os.CreateTemp(dir, hash.Hex) } + } + w, err := open() + if err != nil { + return err + } + if renamer != nil { + // Delete temp file if an error is encountered before renaming + defer func() { + if err := os.Remove(w.Name()); err != nil && !errors.Is(err, os.ErrNotExist) { + logs.Warn.Printf("error removing temporary file after encountering an error while writing blob: %v", err) + } + }() + } + defer w.Close() + + // Write to file and exit if not renaming + if n, err := io.Copy(w, rc); err != nil || renamer == nil { + return err + } else if size != -1 && n != size { + return fmt.Errorf("expected blob size %d, but only wrote %d", size, n) + } + + // Always close reader before renaming, since Close computes the digest in + // the case of streaming layers. If Close is not called explicitly, it will + // occur in a goroutine that is not guaranteed to succeed before renamer is + // called. When renamer is the layer's Digest method, it can return + // ErrNotComputed. + if err := rc.Close(); err != nil { + return err + } + + // Always close file before renaming + if err := w.Close(); err != nil { + return err + } + + // Rename file based on the final hash + finalHash, err := renamer() + if err != nil { + return fmt.Errorf("error getting final digest of layer: %w", err) + } + + renamePath := l.path("blobs", finalHash.Algorithm, finalHash.Hex) + return os.Rename(w.Name(), renamePath) +} + +// writeLayer writes the compressed layer to a blob. Unlike WriteBlob it will +// write to a temporary file (suffixed with .tmp) within the layout until the +// compressed reader is fully consumed and written to disk. Also unlike +// WriteBlob, it will not skip writing and exit without error when a blob file +// exists, but does not have the correct size. (The blob hash is not +// considered, because it may be expensive to compute.) +func (l Path) writeLayer(layer v1.Layer) error { + d, err := layer.Digest() + if errors.Is(err, stream.ErrNotComputed) { + // Allow digest errors, since streams may not have calculated the hash + // yet. Instead, use an empty value, which will be transformed into a + // random file name with `os.CreateTemp` and the final digest will be + // calculated after writing to a temp file and before renaming to the + // final path. + d = v1.Hash{Algorithm: "sha256", Hex: ""} + } else if err != nil { + return err + } + + s, err := layer.Size() + if errors.Is(err, stream.ErrNotComputed) { + // Allow size errors, since streams may not have calculated the size + // yet. Instead, use zero as a sentinel value meaning that no size + // comparison can be done and any sized blob file should be considered + // valid and not overwritten. + // + // TODO: Provide an option to always overwrite blobs. + s = -1 + } else if err != nil { + return err + } + + r, err := layer.Compressed() + if err != nil { + return err + } + + if err := l.writeBlob(d, s, r, layer.Digest); err != nil { + return fmt.Errorf("error writing layer: %w", err) + } + return nil +} + +// RemoveBlob removes a file from the blobs directory in the Path +// at blobs/{hash.Algorithm}/{hash.Hex} +// It does *not* remove any reference to it from other manifests or indexes, or +// from the root index.json. +func (l Path) RemoveBlob(hash v1.Hash) error { + dir := l.path("blobs", hash.Algorithm) + err := os.Remove(filepath.Join(dir, hash.Hex)) + if err != nil && !os.IsNotExist(err) { + return err + } + return nil +} + +// WriteImage writes an image, including its manifest, config and all of its +// layers, to the blobs directory. If any blob already exists, as determined by +// the hash filename, does not write it. +// This function does *not* update the `index.json` file. If you want to write the +// image and also update the `index.json`, call AppendImage(), which wraps this +// and also updates the `index.json`. +func (l Path) WriteImage(img v1.Image) error { + layers, err := img.Layers() + if err != nil { + return err + } + + // Write the layers concurrently. + var g errgroup.Group + for _, layer := range layers { + layer := layer + g.Go(func() error { + return l.writeLayer(layer) + }) + } + if err := g.Wait(); err != nil { + return err + } + + // Write the config. + cfgName, err := img.ConfigName() + if err != nil { + return err + } + cfgBlob, err := img.RawConfigFile() + if err != nil { + return err + } + if err := l.WriteBlob(cfgName, io.NopCloser(bytes.NewReader(cfgBlob))); err != nil { + return err + } + + // Write the img manifest. + d, err := img.Digest() + if err != nil { + return err + } + manifest, err := img.RawManifest() + if err != nil { + return err + } + + return l.WriteBlob(d, io.NopCloser(bytes.NewReader(manifest))) +} + +type withLayer interface { + Layer(v1.Hash) (v1.Layer, error) +} + +type withBlob interface { + Blob(v1.Hash) (io.ReadCloser, error) +} + +func (l Path) writeIndexToFile(indexFile string, ii v1.ImageIndex) error { + index, err := ii.IndexManifest() + if err != nil { + return err + } + + // Walk the descriptors and write any v1.Image or v1.ImageIndex that we find. + // If we come across something we don't expect, just write it as a blob. + for _, desc := range index.Manifests { + switch desc.MediaType { + case types.OCIImageIndex, types.DockerManifestList: + ii, err := ii.ImageIndex(desc.Digest) + if err != nil { + return err + } + if err := l.WriteIndex(ii); err != nil { + return err + } + case types.OCIManifestSchema1, types.DockerManifestSchema2: + img, err := ii.Image(desc.Digest) + if err != nil { + return err + } + if err := l.WriteImage(img); err != nil { + return err + } + default: + // TODO: The layout could reference arbitrary things, which we should + // probably just pass through. + + var blob io.ReadCloser + // Workaround for #819. + if wl, ok := ii.(withLayer); ok { + layer, lerr := wl.Layer(desc.Digest) + if lerr != nil { + return lerr + } + blob, err = layer.Compressed() + } else if wb, ok := ii.(withBlob); ok { + blob, err = wb.Blob(desc.Digest) + } + if err != nil { + return err + } + if err := l.WriteBlob(desc.Digest, blob); err != nil { + return err + } + } + } + + rawIndex, err := ii.RawManifest() + if err != nil { + return err + } + + return l.WriteFile(indexFile, rawIndex, os.ModePerm) +} + +// WriteIndex writes an index to the blobs directory. Walks down the children, +// including its children manifests and/or indexes, and down the tree until all of +// config and all layers, have been written. If any blob already exists, as determined by +// the hash filename, does not write it. +// This function does *not* update the `index.json` file. If you want to write the +// index and also update the `index.json`, call AppendIndex(), which wraps this +// and also updates the `index.json`. +func (l Path) WriteIndex(ii v1.ImageIndex) error { + // Always just write oci-layout file, since it's small. + if err := l.WriteFile("oci-layout", []byte(layoutFile), os.ModePerm); err != nil { + return err + } + + h, err := ii.Digest() + if err != nil { + return err + } + + indexFile := filepath.Join("blobs", h.Algorithm, h.Hex) + return l.writeIndexToFile(indexFile, ii) +} + +// Write constructs a Path at path from an ImageIndex. +// +// The contents are written in the following format: +// At the top level, there is: +// +// One oci-layout file containing the version of this image-layout. +// One index.json file listing descriptors for the contained images. +// +// Under blobs/, there is, for each image: +// +// One file for each layer, named after the layer's SHA. +// One file for each config blob, named after its SHA. +// One file for each manifest blob, named after its SHA. +func Write(path string, ii v1.ImageIndex) (Path, error) { + lp := Path(path) + // Always just write oci-layout file, since it's small. + if err := lp.WriteFile("oci-layout", []byte(layoutFile), os.ModePerm); err != nil { + return "", err + } + + // TODO create blobs/ in case there is a blobs file which would prevent the directory from being created + + return lp, lp.writeIndexToFile("index.json", ii) +} diff --git a/vendor/modules.txt b/vendor/modules.txt index cfb803490..fe440594b 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -196,6 +196,7 @@ github.com/google/go-containerregistry/pkg/v1 github.com/google/go-containerregistry/pkg/v1/empty github.com/google/go-containerregistry/pkg/v1/fake github.com/google/go-containerregistry/pkg/v1/google +github.com/google/go-containerregistry/pkg/v1/layout github.com/google/go-containerregistry/pkg/v1/match github.com/google/go-containerregistry/pkg/v1/mutate github.com/google/go-containerregistry/pkg/v1/partial