...

Source file src/github.com/google/go-containerregistry/internal/windows/windows.go

Documentation: github.com/google/go-containerregistry/internal/windows 

     1  // Copyright 2021 Google LLC All Rights Reserved.
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //    http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  package windows
    16  
    17  import (
    18  	"archive/tar"
    19  	"bytes"
    20  	"errors"
    21  	"fmt"
    22  	"io"
    23  	"path"
    24  	"strings"
    25  
    26  	"github.com/google/go-containerregistry/internal/gzip"
    27  	v1 "github.com/google/go-containerregistry/pkg/v1"
    28  	"github.com/google/go-containerregistry/pkg/v1/tarball"
    29  )
    30  
    31  // userOwnerAndGroupSID is a magic value needed to make the binary executable
    32  // in a Windows container.
    33  //
    34  // owner: BUILTIN/Users group: BUILTIN/Users ($sddlValue="O:BUG:BU")
    35  const userOwnerAndGroupSID = "AQAAgBQAAAAkAAAAAAAAAAAAAAABAgAAAAAABSAAAAAhAgAAAQIAAAAAAAUgAAAAIQIAAA=="
    36  
    37  // Windows returns a Layer that is converted to be pullable on Windows.
    38  func Windows(layer v1.Layer) (v1.Layer, error) {
    39  	// TODO: do this lazily.
    40  
    41  	layerReader, err := layer.Uncompressed()
    42  	if err != nil {
    43  		return nil, fmt.Errorf("getting layer: %w", err)
    44  	}
    45  	defer layerReader.Close()
    46  	tarReader := tar.NewReader(layerReader)
    47  	w := new(bytes.Buffer)
    48  	tarWriter := tar.NewWriter(w)
    49  	defer tarWriter.Close()
    50  
    51  	for _, dir := range []string{"Files", "Hives"} {
    52  		if err := tarWriter.WriteHeader(&tar.Header{
    53  			Name:     dir,
    54  			Typeflag: tar.TypeDir,
    55  			// Use a fixed Mode, so that this isn't sensitive to the directory and umask
    56  			// under which it was created. Additionally, windows can only set 0222,
    57  			// 0444, or 0666, none of which are executable.
    58  			Mode:   0555,
    59  			Format: tar.FormatPAX,
    60  		}); err != nil {
    61  			return nil, fmt.Errorf("writing %s directory: %w", dir, err)
    62  		}
    63  	}
    64  
    65  	for {
    66  		header, err := tarReader.Next()
    67  		if errors.Is(err, io.EOF) {
    68  			break
    69  		}
    70  		if err != nil {
    71  			return nil, fmt.Errorf("reading layer: %w", err)
    72  		}
    73  
    74  		if strings.HasPrefix(header.Name, "Files/") {
    75  			return nil, fmt.Errorf("file path %q already suitable for Windows", header.Name)
    76  		}
    77  
    78  		header.Name = path.Join("Files", header.Name)
    79  		header.Format = tar.FormatPAX
    80  
    81  		// TODO: this seems to make the file executable on Windows;
    82  		// only do this if the file should be executable.
    83  		if header.PAXRecords == nil {
    84  			header.PAXRecords = map[string]string{}
    85  		}
    86  		header.PAXRecords["MSWINDOWS.rawsd"] = userOwnerAndGroupSID
    87  
    88  		if err := tarWriter.WriteHeader(header); err != nil {
    89  			return nil, fmt.Errorf("writing tar header: %w", err)
    90  		}
    91  
    92  		if header.Typeflag == tar.TypeReg {
    93  			if _, err = io.Copy(tarWriter, tarReader); err != nil {
    94  				return nil, fmt.Errorf("writing layer file: %w", err)
    95  			}
    96  		}
    97  	}
    98  
    99  	if err := tarWriter.Close(); err != nil {
   100  		return nil, err
   101  	}
   102  
   103  	b := w.Bytes()
   104  	// gzip the contents, then create the layer
   105  	opener := func() (io.ReadCloser, error) {
   106  		return gzip.ReadCloser(io.NopCloser(bytes.NewReader(b))), nil
   107  	}
   108  	layer, err = tarball.LayerFromOpener(opener)
   109  	if err != nil {
   110  		return nil, fmt.Errorf("creating layer: %w", err)
   111  	}
   112  
   113  	return layer, nil
   114  }
   115  

View as plain text