Add an oc image extract command that can copy contents out of images to disk

Uses a subset of docker/pkg/archive that is slightly more flexible than the upstream.

Author: smarterclayton

contrib/completions/bash/oc

@@ -0,0 +1,93 @@
+package archive
+
+import (
+	"archive/tar"
+	"os"
+	"path/filepath"
+	"strings"
+
+	"github.com/docker/docker/pkg/archive"
+	"github.com/docker/docker/pkg/system"
+	"golang.org/x/sys/unix"
+)
+
+func getWhiteoutConverter(format archive.WhiteoutFormat) tarWhiteoutConverter {
+	if format == archive.OverlayWhiteoutFormat {
+		return overlayWhiteoutConverter{}
+	}
+	return nil
+}
+
+type overlayWhiteoutConverter struct{}
+
+func (overlayWhiteoutConverter) ConvertWrite(hdr *tar.Header, path string, fi os.FileInfo) (wo *tar.Header, err error) {
+	// convert whiteouts to AUFS format
+	if fi.Mode()&os.ModeCharDevice != 0 && hdr.Devmajor == 0 && hdr.Devminor == 0 {
+		// we just rename the file and make it normal
+		dir, filename := filepath.Split(hdr.Name)
+		hdr.Name = filepath.Join(dir, archive.WhiteoutPrefix+filename)
+		hdr.Mode = 0600
+		hdr.Typeflag = tar.TypeReg
+		hdr.Size = 0
+	}
+
+	if fi.Mode()&os.ModeDir != 0 {
+		// convert opaque dirs to AUFS format by writing an empty file with the prefix
+		opaque, err := system.Lgetxattr(path, "trusted.overlay.opaque")
+		if err != nil {
+			return nil, err
+		}
+		if len(opaque) == 1 && opaque[0] == 'y' {
+			if hdr.Xattrs != nil {
+				delete(hdr.Xattrs, "trusted.overlay.opaque")
+			}
+
+			// create a header for the whiteout file
+			// it should inherit some properties from the parent, but be a regular file
+			wo = &tar.Header{
+				Typeflag:   tar.TypeReg,
+				Mode:       hdr.Mode & int64(os.ModePerm),
+				Name:       filepath.Join(hdr.Name, archive.WhiteoutOpaqueDir),
+				Size:       0,
+				Uid:        hdr.Uid,
+				Uname:      hdr.Uname,
+				Gid:        hdr.Gid,
+				Gname:      hdr.Gname,
+				AccessTime: hdr.AccessTime,
+				ChangeTime: hdr.ChangeTime,
+			}
+		}
+	}
+
+	return
+}
+
+func (overlayWhiteoutConverter) ConvertRead(hdr *tar.Header, path string) (bool, error) {
+	base := filepath.Base(path)
+	dir := filepath.Dir(path)
+
+	// if a directory is marked as opaque by the AUFS special file, we need to translate that to overlay
+	if base == archive.WhiteoutOpaqueDir {
+		err := unix.Setxattr(dir, "trusted.overlay.opaque", []byte{'y'}, 0)
+		// don't write the file itself
+		return false, err
+	}
+
+	// if a file was deleted and we are using overlay, we need to create a character device
+	if strings.HasPrefix(base, archive.WhiteoutPrefix) {
+		originalBase := base[len(archive.WhiteoutPrefix):]
+		originalPath := filepath.Join(dir, originalBase)
+
+		if err := unix.Mknod(originalPath, unix.S_IFCHR, 0); err != nil {
+			return false, err
+		}
+		if err := os.Chown(originalPath, hdr.Uid, hdr.Gid); err != nil {
+			return false, err
+		}
+
+		// don't write the file itself
+		return false, nil
+	}
+
+	return true, nil
+}

contrib/completions/zsh/oc

@@ -0,0 +1,9 @@
+// +build !linux
+
+package archive
+
+import "github.com/docker/docker/pkg/archive"
+
+func getWhiteoutConverter(format archive.WhiteoutFormat) tarWhiteoutConverter {
+	return nil
+}

docs/man/man1/.files_generated_oc

@@ -0,0 +1,78 @@
+// +build !windows
+
+package archive
+
+import (
+	"archive/tar"
+	"bufio"
+	"fmt"
+	"os"
+
+	"github.com/docker/docker/pkg/system"
+	"golang.org/x/sys/unix"
+)
+
+// runningInUserNS detects whether we are currently running in a user namespace.
+// Copied from github.com/opencontainers/runc/libcontainer/system
+func runningInUserNS() bool {
+	file, err := os.Open("/proc/self/uid_map")
+	if err != nil {
+		// This kernel-provided file only exists if user namespaces are supported
+		return false
+	}
+	defer file.Close()
+
+	buf := bufio.NewReader(file)
+	l, _, err := buf.ReadLine()
+	if err != nil {
+		return false
+	}
+
+	line := string(l)
+	var a, b, c int64
+	fmt.Sscanf(line, "%d %d %d", &a, &b, &c)
+	/*
+	 * We assume we are in the initial user namespace if we have a full
+	 * range - 4294967295 uids starting at uid 0.
+	 */
+	if a == 0 && b == 0 && c == 4294967295 {
+		return false
+	}
+	return true
+}
+
+// handleTarTypeBlockCharFifo is an OS-specific helper function used by
+// createTarFile to handle the following types of header: Block; Char; Fifo
+func handleTarTypeBlockCharFifo(hdr *tar.Header, path string) error {
+	if runningInUserNS() {
+		// cannot create a device if running in user namespace
+		return nil
+	}
+
+	mode := uint32(hdr.Mode & 07777)
+	switch hdr.Typeflag {
+	case tar.TypeBlock:
+		mode |= unix.S_IFBLK
+	case tar.TypeChar:
+		mode |= unix.S_IFCHR
+	case tar.TypeFifo:
+		mode |= unix.S_IFIFO
+	}
+
+	return system.Mknod(path, mode, int(system.Mkdev(hdr.Devmajor, hdr.Devminor)))
+}
+
+func handleLChmod(hdr *tar.Header, path string, hdrInfo os.FileInfo) error {
+	if hdr.Typeflag == tar.TypeLink {
+		if fi, err := os.Lstat(hdr.Linkname); err == nil && (fi.Mode()&os.ModeSymlink == 0) {
+			if err := os.Chmod(path, hdrInfo.Mode()); err != nil {
+				return err
+			}
+		}
+	} else if hdr.Typeflag != tar.TypeSymlink {
+		if err := os.Chmod(path, hdrInfo.Mode()); err != nil {
+			return err
+		}
+	}
+	return nil
+}

docs/man/man1/oc-image-extract.1

@@ -0,0 +1,18 @@
+// +build windows
+
+package archive
+
+import (
+	"archive/tar"
+	"os"
+)
+
+// handleTarTypeBlockCharFifo is an OS-specific helper function used by
+// createTarFile to handle the following types of header: Block; Char; Fifo
+func handleTarTypeBlockCharFifo(hdr *tar.Header, path string) error {
+	return nil
+}
+
+func handleLChmod(hdr *tar.Header, path string, hdrInfo os.FileInfo) error {
+	return nil
+}

pkg/oc/cli/image/archive/archive.go

@@ -0,0 +1,16 @@
+package archive
+
+import (
+	"syscall"
+	"time"
+)
+
+func timeToTimespec(time time.Time) (ts syscall.Timespec) {
+	if time.IsZero() {
+		// Return UTIME_OMIT special value
+		ts.Sec = 0
+		ts.Nsec = ((1 << 30) - 2)
+		return
+	}
+	return syscall.NsecToTimespec(time.UnixNano())
+}

pkg/oc/cli/image/archive/archive_linux.go

@@ -0,0 +1,16 @@
+// +build !linux
+
+package archive
+
+import (
+	"syscall"
+	"time"
+)
+
+func timeToTimespec(time time.Time) (ts syscall.Timespec) {
+	nsec := int64(0)
+	if !time.IsZero() {
+		nsec = time.UnixNano()
+	}
+	return syscall.NsecToTimespec(nsec)
+}

pkg/oc/cli/image/archive/archive_other.go

@@ -11,6 +11,7 @@ import (
 
 	"github.com/openshift/origin/pkg/cmd/templates"
 	"github.com/openshift/origin/pkg/oc/cli/image/append"
+	"github.com/openshift/origin/pkg/oc/cli/image/extract"
 	"github.com/openshift/origin/pkg/oc/cli/image/mirror"
 )
 
@@ -37,6 +38,7 @@ func NewCmdImage(fullName string, f kcmdutil.Factory, streams genericclioptions.
 			Message: "Advanced commands:",
 			Commands: []*cobra.Command{
 				append.NewCmdAppendImage(name, streams),
+				extract.New(name, streams),
 				mirror.NewCmdMirrorImage(name, streams),
 			},
 		},

pkg/oc/cli/image/archive/archive_unix.go

@@ -0,0 +1,74 @@
+package images
+
+import (
+	"github.com/MakeNowJust/heredoc"
+	g "github.com/onsi/ginkgo"
+	o "github.com/onsi/gomega"
+
+	kapi "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+
+	imageapi "github.com/openshift/api/image/v1"
+	imageclientset "github.com/openshift/client-go/image/clientset/versioned"
+	exutil "github.com/openshift/origin/test/extended/util"
+)
+
+var _ = g.Describe("[Feature:ImageExtract] Image extract", func() {
+	defer g.GinkgoRecover()
+
+	var oc *exutil.CLI
+	var ns string
+
+	g.AfterEach(func() {
+		if g.CurrentGinkgoTestDescription().Failed && len(ns) > 0 {
+			exutil.DumpPodLogsStartingWithInNamespace("", ns, oc)
+		}
+	})
+
+	oc = exutil.NewCLI("image-extract", exutil.KubeConfigPath())
+
+	g.It("should extract content from an image", func() {
+		ns = oc.Namespace()
+		cli := oc.KubeFramework().PodClient()
+		client := imageclientset.NewForConfigOrDie(oc.UserConfig()).Image()
+
+		_, err := client.ImageStreamImports(ns).Create(&imageapi.ImageStreamImport{
+			ObjectMeta: metav1.ObjectMeta{
+				Name: "1",
+			},
+			Spec: imageapi.ImageStreamImportSpec{
+				Import: true,
+				Images: []imageapi.ImageImportSpec{
+					{
+						From: kapi.ObjectReference{Kind: "DockerImage", Name: "busybox:latest"},
+						To:   &kapi.LocalObjectReference{Name: "busybox"},
+					},
+					{
+						From: kapi.ObjectReference{Kind: "DockerImage", Name: "mysql:latest"},
+						To:   &kapi.LocalObjectReference{Name: "mysql"},
+					},
+				},
+			},
+		})
+		o.Expect(err).ToNot(o.HaveOccurred())
+
+		// busyboxLayers := isi.Status.Images[0].Image.DockerImageLayers
+		// busyboxLen := len(busyboxLayers)
+		// mysqlLayers := isi.Status.Images[1].Image.DockerImageLayers
+		// mysqlLen := len(mysqlLayers)
+
+		pod := cli.Create(cliPodWithPullSecret(oc, heredoc.Docf(`
+			set -x
+
+			# command exits if directory doesn't exist
+			! oc image extract --insecure docker-registry.default.svc:5000/%[1]s/1:busybox=/tmp/doesnotexist
+
+			# extract busybox to a directory, verify the contents
+			mkdir -p /tmp/test
+			oc image extract --insecure docker-registry.default.svc:5000/%[1]s/1:busybox=/tmp/test
+			[ -d /tmp/test/etc ] && [ -d /tmp/test/bin ]
+			[ -f /tmp/test/bin/ls ] && /tmp/test/bin/ls /tmp/test
+		`, ns)))
+		cli.WaitForSuccess(pod.Name, podStartupTimeout)
+	})
+})