Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Merge slice fixes into main #340

Merged
merged 21 commits into from
Jul 24, 2020
Merged

Merge slice fixes into main #340

merged 21 commits into from
Jul 24, 2020

Conversation

ekcasey
Copy link
Member

@ekcasey ekcasey commented Jul 20, 2020
edited
Loading

This PR includes slices fixes for symlinks from 0.8.1 (#335). Additional work was required to fix symlink handling in windows. The archive package now adds PAX records to windows archives headers so that we can properly make directory or file type symlinks even when the link target does not exist (for context: golang/go#39183).

This PR runs the windows unit and acceptance tests in GHA without the docker-run-windows wrapper. That wrapper removes permissions from test fixtures that are required to properly test handling of directory symlinks.

ekcasey added 10 commits July 9, 2020 13:15
@ekcasey
Create 0.8.1 release branch
f2cca31 
Signed-off-by: Emily Casey <ecasey@vmware.com>
@ekcasey
Fix slice bugs
9337c64 
* Add matched symlinks to the slice instead of the resolved target
* Slice layers should not include files globbing through a symlink
* Only clean up links to dirs, not the target dirs
* Normalize uid/gid of the parents of a matched file only if they are within the app dir

Signed-off-by: Emily Casey <ecasey@vmware.com>
@ekcasey
cleanup + more tests
2dba55f 
Signed-off-by: Emily Casey <ecasey@vmware.com>
@ekcasey
tests modtime and uname/gname of created layers
ceb7a02 
Signed-off-by: Emily Casey <ecasey@vmware.com>
@ekcasey
Fixed defered writer close error
7f9c331 
* Removes unused test helpers

Signed-off-by: Emily Casey <ecasey@vmware.com>
@ekcasey
Stop iterating over children once we know a sliced suddir is not yet …
397d7f5 
…complete

Signed-off-by: Emily Casey <ecasey@vmware.com>
@ekcasey
Merge pull request #335 from buildpacks/fix-slice-symlinks
0dd0a68 
Fix handling of symlinks in slices
@ekcasey
Fixes tar reuse logic
f4e9cd9 
* Fixes cache log messages

Signed-off-by: Emily Casey <ecasey@vmware.com>
@ekcasey
Merge pull request #336 from buildpacks/fix-tar-reuse
9dd3dbc 
Fixes tar reuse logic
@ekcasey
merge slice fixes from 0.8.1 into main
0766151 
refactors windows logic to use new layers package

Signed-off-by: Emily Casey <ecasey@vmware.com>
@ekcasey ekcasey requested a review from a team as a code owner July 20, 2020 22:59
@ekcasey
Adds tests for normalizing reader and writer
036d00c 
Signed-off-by: Emily Casey <ecasey@vmware.com>
@ekcasey ekcasey marked this pull request as draft July 20, 2020 23:17
@ekcasey
fix windows write/extract tests
41a52a0 
Signed-off-by: Emily Casey <ecasey@vmware.com>
@ekcasey ekcasey force-pushed the merge-slice-fix branch 10 times, most recently from a8e0fbe to 963d735 Compare July 22, 2020 14:18
ekcasey added 2 commits July 22, 2020 10:28
@ekcasey
Handle windows directory symlinks
05a8132 
Signed-off-by: Emily Casey <ecasey@vmware.com>
@ekcasey
Dont run windows tests in docker contianer in GHA
1d6f7f4 
Docker copy removes file attributes for windows symlink directories that need to be preserved for certain tests

Signed-off-by: Emily Casey <ecasey@vmware.com>
@ekcasey
Fix windows tests and linting errors
e43c68e 
Signed-off-by: Emily Casey <ecasey@vmware.com>
@ekcasey ekcasey changed the title Merge 0.8.1 into main Merge slice fixes into main Jul 22, 2020
@ekcasey ekcasey marked this pull request as ready for review July 22, 2020 16:17
micahyoung
micahyoung reviewed Jul 22, 2020
View reviewed changes
Copy link
Member

@micahyoung micahyoung left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks great! Slices/layer refactor is so much easier to follow. I just added notes of approval and some thoughts below.

My only outstanding quesiton. Will the NormalizingTarWriter get used in pack?

.github/workflows/build.yml Show resolved Hide resolved
Makefile Outdated Show resolved Hide resolved
layers/extract.go Outdated Show resolved Hide resolved
archive/writer.go Outdated Show resolved Hide resolved
archive/tar_windows.go
Comment on lines +25 to +46
func createSymlink(hdr *tar.Header) error {
var flags uint32 = symbolicLinkFlagAllowUnprivilegedCreate
if attrStr, ok := hdr.PAXRecords[hdrFileAttributes]; ok {
attr, err := strconv.ParseUint(attrStr, 10, 32)
if err != nil {
return errors.Wrapf(err, "failed to parse file attributes for header %q", hdr.Name)
}
if attr&syscall.FILE_ATTRIBUTE_DIRECTORY != 0 {
flags |= syscall.SYMBOLIC_LINK_FLAG_DIRECTORY
}
}

name, err := syscall.UTF16PtrFromString(hdr.Name)
if err != nil {
return err
}
target, err := syscall.UTF16PtrFromString(hdr.Linkname)
if err != nil {
return err
}
return syscall.CreateSymbolicLink(name, target, flags)
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's a bummer to have to do all this to work around the divergent Windows/POSIX golang behavior. After reading that thread it sounds like a wontfix so os.Symlink won't change anytime soon. This implementation feels like it follows one of the suggestions there:

For the few programs that actually do need to create symlinks to nonexistent targets, windows.CreateSymbolicLink seems sufficient, and it's easy enough for users to write their own portable wrappers using +build constraints.

Refactor docker-run-windows get source from .git
47d77ea 
Workaround broken directory symlink behavior in docker build

Signed-off-by: Micah Young <ymicah@vmware.com>
@micahyoung micahyoung mentioned this pull request Jul 23, 2020
Merged
ekcasey added 2 commits July 23, 2020 09:45
@ekcasey
Merge pull request #342 from greenhouse-org/docker-run-windows-fix
7138ed9 
Fix make docker-run-windows branch merge-slice-fix
@ekcasey
Godoc and other minor fixes
bf167f7 
Signed-off-by: Emily Casey <ecasey@vmware.com>
@ekcasey ekcasey requested review from jabrown85 and yaelharel July 23, 2020 15:04
natalieparellano
natalieparellano reviewed Jul 23, 2020
View reviewed changes
Copy link
Member

@natalieparellano natalieparellano left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@ekcasey this looks great! I'm not too familiar with how slices worked before, but the new organization is very clear and easy to follow.

testhelpers/testhelpers.go Show resolved Hide resolved
layers/layers_windows_test.go Show resolved Hide resolved
layers/dir_test.go
it("creates a layer from the directory", func() {
// parent layers should have uid/gid matching the filesystem
// the dir and it's children should have normalized uid/gid
assertTarEntries(t, dirLayer.TarPath, append(parents(t, dir), []*tar.Header{
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I might be missing something but it doesn't seem that we test the permissions of the parent directory anywhere, no? Is this possible?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The expected parent headers have UID/GID set on them but the assertions are missing (!) and we don't do this for windows headers. I will clean this up.

https://github.com/buildpacks/lifecycle/blob/merge-slice-fix/layers/layers_unix_test.go#L18-L20

Copy link
Member Author

@ekcasey ekcasey Jul 23, 2020
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actually, we do test UID/GID but only for linux layers. https://github.com/buildpacks/lifecycle/blob/merge-slice-fix/layers/layers_unix_test.go#L28-L36

We currently aren't setting the SID on windows layer entries properly (looks like setting header.Uid doesn't do the trick) but that was true before this PR and I would like to fix it separately. I believe the SID should be set to the value of CNB_USER_ID for windows layers using PAX records.

ekcasey added 3 commits July 23, 2020 17:05
@ekcasey
Assert on windows specific entry names
8b499fd 
Signed-off-by: Emily Casey <ecasey@vmware.com>
@ekcasey
Merge remote-tracking branch 'origin' into merge-slice-fix
e2140ef
@ekcasey
Remove duplicaiton in test helpers
46f9ad0 
Signed-off-by: Emily Casey <ecasey@vmware.com>
@ekcasey ekcasey requested a review from natalieparellano July 23, 2020 21:33
@ekcasey ekcasey merged commit f76b3e6 into main Jul 24, 2020
@ekcasey ekcasey deleted the merge-slice-fix branch July 24, 2020 17:45
@ekcasey ekcasey mentioned this pull request Jul 30, 2020
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@micahyoung micahyoung micahyoung left review comments

@ameyer-pivotal ameyer-pivotal Awaiting requested review from ameyer-pivotal

@jabrown85 jabrown85 Awaiting requested review from jabrown85

@yaelharel yaelharel Awaiting requested review from yaelharel

@natalieparellano natalieparellano Awaiting requested review from natalieparellano

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@ekcasey @micahyoung @natalieparellano