Don't write whiteout files if parent path got replaced with link

If a non-empty directory gets replaced with a link, the files in that directory also get deleted. However, there should not be any whiteout files for them in the layer. If there were, the resulting tar file would not be extractable. Fixes GoogleContainerTools#2308
andreasf · Jun 19, 2023 · ac66f1e · gabyx · Jun 19, 2023 · andreasf
1 parent bb712b6
commit ac66f1e
Show file tree

Hide file tree

Showing 2 changed files with 68 additions and 0 deletions.
diff --git a/pkg/snapshot/snapshot.go b/pkg/snapshot/snapshot.go
@@ -224,6 +224,14 @@ func writeToTar(t util.Tar, files, whiteouts []string) error {
 	addedPaths := make(map[string]bool)
 
 	for _, path := range whiteouts {
+		skipWhiteout, err := parentPathIsLink(path)
+		if err != nil {
+			return err
+		}
+		if skipWhiteout {
+			continue
+		}
+
 		if err := addParentDirectories(t, addedPaths, path); err != nil {
 			return err
 		}
@@ -247,6 +255,21 @@ func writeToTar(t util.Tar, files, whiteouts []string) error {
 	return nil
 }
 
+func parentPathIsLink(path string) (bool, error) {
+	for _, parentPath := range util.ParentDirectories(path) {
+		lstat, err := os.Lstat(parentPath)
+		if err != nil {
+			return false, err
+		}
+
+		isLink := lstat.Mode()&os.ModeSymlink != 0
+		if isLink {
+			return true, err
+		}
+	}
+	return false, nil
+}
+
 func addParentDirectories(t util.Tar, addedPaths map[string]bool, path string) error {
 	for _, parentPath := range util.ParentDirectories(path) {
 		if _, pathAdded := addedPaths[parentPath]; pathAdded {

diff --git a/pkg/snapshot/snapshot_test.go b/pkg/snapshot/snapshot_test.go
@@ -189,6 +189,51 @@ func TestSnapshotFSChangePermissions(t *testing.T) {
 	}
 }
 
+func TestSnapshotFSReplaceDirWithLink(t *testing.T) {
+	testDir, snapshotter, cleanup, err := setUpTest(t)
+	defer cleanup()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	// replace non-empty directory "bar" with link to file "foo"
+	bar := filepath.Join(testDir, "bar")
+	err = os.RemoveAll(bar)
+	if err != nil {
+		t.Fatal(err)
+	}
+	foo := filepath.Join(testDir, "foo")
+	err = os.Symlink(foo, bar)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	tarPath, err := snapshotter.TakeSnapshotFS()
+	if err != nil {
+		t.Fatalf("Error taking snapshot of fs: %s", err)
+	}
+
+	actualFiles, err := listFilesInTar(tarPath)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	// Expect "bar", which used to be a non-directory but now is a symlink. We don't want whiteout files for
+	// the deleted files in bar, because without a parent directory for them the tar cannot be extracted.
+	testDirWithoutLeadingSlash := strings.TrimLeft(testDir, "/")
+	expectedFiles := []string{
+		filepath.Join(testDirWithoutLeadingSlash, "bar"),
+		filepath.Join(testDirWithoutLeadingSlash, "foo"),
+	}
+	for _, path := range util.ParentDirectoriesWithoutLeadingSlash(filepath.Join(testDir, "foo")) {
+		expectedFiles = append(expectedFiles, strings.TrimRight(path, "/")+"/")
+	}
+
+	sort.Strings(expectedFiles)
+	sort.Strings(actualFiles)
+	testutil.CheckErrorAndDeepEqual(t, false, nil, expectedFiles, actualFiles)
+}
+
 func TestSnapshotFiles(t *testing.T) {
 	testDir, snapshotter, cleanup, err := setUpTest(t)
 	testDirWithoutLeadingSlash := strings.TrimLeft(testDir, "/")