-
Notifications
You must be signed in to change notification settings - Fork 574
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Based on Fahed Dorgaa's PR 643 but preserves the file owner information as in `docker cp`. This implementation also avoids mixing up the `archive/tar` pkg and `tar` command. `nerdctl cp -a` is not implemented, as the actual behavior of `docker cp -a` does not seem clearly defined. Tests are added to to cover the conditions listed in https://docs.docker.com/engine/reference/commandline/cp/ TODO (low priority): Support stdio tar balls such as `nerdctl cp - DST` and `nerdctl cp SRC -` Co-authored-by: fahed dorgaa <fahed.dorgaa@gmail.com> Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
- Loading branch information
1 parent
48f189a
commit e87ea8f
Showing
8 changed files
with
575 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,65 @@ | ||
/* | ||
Copyright The containerd Authors. | ||
Licensed under the Apache License, Version 2.0 (the "License"); | ||
you may not use this file except in compliance with the License. | ||
You may obtain a copy of the License at | ||
http://www.apache.org/licenses/LICENSE-2.0 | ||
Unless required by applicable law or agreed to in writing, software | ||
distributed under the License is distributed on an "AS IS" BASIS, | ||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
See the License for the specific language governing permissions and | ||
limitations under the License. | ||
*/ | ||
|
||
package main | ||
|
||
import ( | ||
"path/filepath" | ||
"strings" | ||
|
||
"github.com/spf13/cobra" | ||
) | ||
|
||
func parseCpFileSpec(arg string) (*cpFileSpec, error) { | ||
i := strings.Index(arg, ":") | ||
|
||
// filespec starting with a semicolon is invalid | ||
if i == 0 { | ||
return nil, errFileSpecDoesntMatchFormat | ||
} | ||
|
||
if filepath.IsAbs(arg) { | ||
// Explicit local absolute path, e.g., `C:\foo` or `/foo`. | ||
return &cpFileSpec{ | ||
Container: nil, | ||
Path: arg, | ||
}, nil | ||
} | ||
|
||
parts := strings.SplitN(arg, ":", 2) | ||
|
||
if len(parts) == 1 || strings.HasPrefix(parts[0], ".") { | ||
// Either there's no `:` in the arg | ||
// OR it's an explicit local relative path like `./file:name.txt`. | ||
return &cpFileSpec{ | ||
Path: arg, | ||
}, nil | ||
} | ||
|
||
return &cpFileSpec{ | ||
Container: &parts[0], | ||
Path: parts[1], | ||
}, nil | ||
} | ||
|
||
type cpFileSpec struct { | ||
Container *string | ||
Path string | ||
} | ||
|
||
func cpShellComplete(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) { | ||
return nil, cobra.ShellCompDirectiveFilterFileExt | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,266 @@ | ||
/* | ||
Copyright The containerd Authors. | ||
Licensed under the Apache License, Version 2.0 (the "License"); | ||
you may not use this file except in compliance with the License. | ||
You may obtain a copy of the License at | ||
http://www.apache.org/licenses/LICENSE-2.0 | ||
Unless required by applicable law or agreed to in writing, software | ||
distributed under the License is distributed on an "AS IS" BASIS, | ||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
See the License for the specific language governing permissions and | ||
limitations under the License. | ||
*/ | ||
|
||
package main | ||
|
||
import ( | ||
"context" | ||
"encoding/json" | ||
"errors" | ||
"fmt" | ||
"os" | ||
"os/exec" | ||
"path/filepath" | ||
"strconv" | ||
"strings" | ||
|
||
"github.com/containerd/containerd" | ||
"github.com/containerd/nerdctl/pkg/inspecttypes/native" | ||
"github.com/containerd/nerdctl/pkg/rootlessutil" | ||
securejoin "github.com/cyphar/filepath-securejoin" | ||
"github.com/sirupsen/logrus" | ||
"github.com/spf13/cobra" | ||
) | ||
|
||
var errFileSpecDoesntMatchFormat = errors.New("filespec must match the canonical format: [container:]file/path") | ||
|
||
func newCpCommand() *cobra.Command { | ||
|
||
shortHelp := "Copy files/folders between a running container and the local filesystem" | ||
|
||
longHelp := shortHelp + ` | ||
WARNING: This command is not designed to be used with untrusted containers. | ||
This command needs GNU tar to be installed on the host. | ||
` | ||
|
||
usage := `cp [OPTIONS] CONTAINER:SRC_PATH DEST_PATH|- | ||
nerdctl cp [OPTIONS] SRC_PATH|- CONTAINER:DEST_PATH` | ||
var cpCommand = &cobra.Command{ | ||
Use: usage, | ||
Args: cobra.ExactArgs(2), | ||
Short: shortHelp, | ||
Long: longHelp, | ||
RunE: cpAction, | ||
ValidArgsFunction: cpShellComplete, | ||
SilenceUsage: true, | ||
SilenceErrors: true, | ||
} | ||
|
||
cpCommand.Flags().BoolP("follow-link", "L", false, "Always follow symbol link in SRC_PATH.") | ||
|
||
return cpCommand | ||
} | ||
|
||
func cpAction(cmd *cobra.Command, args []string) error { | ||
srcSpec, err := parseCpFileSpec(args[0]) | ||
if err != nil { | ||
return err | ||
} | ||
|
||
destSpec, err := parseCpFileSpec(args[1]) | ||
if err != nil { | ||
return err | ||
} | ||
|
||
flagL, err := cmd.Flags().GetBool("follow-link") | ||
if err != nil { | ||
return err | ||
} | ||
|
||
if srcSpec.Container != nil && destSpec.Container != nil { | ||
return fmt.Errorf("one of src or dest must be a local file specification") | ||
} | ||
if srcSpec.Container == nil && destSpec.Container == nil { | ||
return fmt.Errorf("one of src or dest must be a container file specification") | ||
} | ||
if srcSpec.Path == "-" { | ||
return fmt.Errorf("support for reading a tar archive from stdin is not implemented yet") | ||
} | ||
if destSpec.Path == "-" { | ||
return fmt.Errorf("support for writing a tar archive to stdout is not implemented yet") | ||
} | ||
|
||
container2host := srcSpec.Container != nil | ||
var container string | ||
if container2host { | ||
container = *srcSpec.Container | ||
} else { | ||
container = *destSpec.Container | ||
} | ||
ctx := cmd.Context() | ||
|
||
// cp works in the host namespace (for inspecting file permissions), so we can't directly use the Go client. | ||
selfExe, inspectArgs := globalFlags(cmd) | ||
inspectArgs = append(inspectArgs, "container", "inspect", "--mode=native", "--format={{json .Process}}", container) | ||
inspectCmd := exec.CommandContext(ctx, selfExe, inspectArgs...) | ||
inspectCmd.Stderr = os.Stderr | ||
inspectOut, err := inspectCmd.Output() | ||
if err != nil { | ||
return fmt.Errorf("failed to execute %v: %w", inspectCmd.Args, err) | ||
} | ||
var proc native.Process | ||
if err := json.Unmarshal(inspectOut, &proc); err != nil { | ||
return err | ||
} | ||
if proc.Status.Status != containerd.Running { | ||
return fmt.Errorf("expected container status %v, got %v", containerd.Running, proc.Status.Status) | ||
} | ||
if proc.Pid <= 0 { | ||
return fmt.Errorf("got non-positive PID %v", proc.Pid) | ||
} | ||
return kopy(ctx, container2host, proc.Pid, destSpec.Path, srcSpec.Path, flagL) | ||
} | ||
|
||
// kopy implements `nerdctl cp`. | ||
// | ||
// See https://docs.docker.com/engine/reference/commandline/cp/ for the specification. | ||
func kopy(ctx context.Context, container2host bool, pid int, dst, src string, followSymlink bool) error { | ||
var ( | ||
srcFull, dstFull string | ||
err error | ||
) | ||
root := fmt.Sprintf("/proc/%d/root", pid) | ||
if container2host { | ||
srcFull, err = securejoin.SecureJoin(root, src) | ||
dstFull = dst | ||
} else { | ||
srcFull = src | ||
dstFull, err = securejoin.SecureJoin(root, dst) | ||
} | ||
if err != nil { | ||
return err | ||
} | ||
var ( | ||
srcIsDir bool | ||
dstExists bool | ||
dstExistsAsDir bool | ||
) | ||
if st, err := os.Stat(srcFull); err != nil { | ||
return err | ||
} else { | ||
srcIsDir = st.IsDir() | ||
} | ||
// dst may not exist yet, so err is negligible | ||
if st, err := os.Stat(dstFull); err == nil { | ||
dstExists = true | ||
dstExistsAsDir = st.IsDir() | ||
} | ||
dstEndsWithSep := strings.HasSuffix(dst, string(os.PathSeparator)) | ||
srcEndsWithSlashDot := strings.HasSuffix(src, string(os.PathSeparator)+".") | ||
if !srcIsDir && dstEndsWithSep && !dstExistsAsDir { | ||
// The error is specified in https://docs.docker.com/engine/reference/commandline/cp/ | ||
// See the `DEST_PATH does not exist and ends with /` case. | ||
return fmt.Errorf("the destination directory must exists: %w", err) | ||
} | ||
if !srcIsDir && srcEndsWithSlashDot { | ||
return fmt.Errorf("the source is not a directory") | ||
} | ||
if srcIsDir && dstExists && !dstExistsAsDir { | ||
return fmt.Errorf("cannot copy a directory to a file") | ||
} | ||
if srcIsDir && !dstExists { | ||
if err := os.MkdirAll(dstFull, 0755); err != nil { | ||
return err | ||
} | ||
} | ||
|
||
var tarCDir, tarCArg string | ||
if srcIsDir { | ||
if !dstExists || srcEndsWithSlashDot { | ||
// the content of the source directory is copied into this directory | ||
tarCDir = srcFull | ||
tarCArg = "." | ||
} else { | ||
// the source directory is copied into this directory | ||
tarCDir = filepath.Dir(srcFull) | ||
tarCArg = filepath.Base(srcFull) | ||
} | ||
} else { | ||
// Prepare a single-file directory to create an archive of the source file | ||
td, err := os.MkdirTemp("", "nerdctl-cp") | ||
if err != nil { | ||
return err | ||
} | ||
defer os.RemoveAll(td) | ||
tarCDir = td | ||
cp := []string{"cp", "-a"} | ||
if followSymlink { | ||
cp = append(cp, "-L") | ||
} | ||
if dstEndsWithSep || dstExistsAsDir { | ||
tarCArg = filepath.Base(srcFull) | ||
} else { | ||
// Handle `nerdctl cp /path/to/file some-container:/path/to/file-with-another-name` | ||
tarCArg = filepath.Base(dstFull) | ||
} | ||
cp = append(cp, srcFull, filepath.Join(td, tarCArg)) | ||
cpCmd := exec.CommandContext(ctx, cp[0], cp[1:]...) | ||
logrus.Debugf("executing %v", cpCmd.Args) | ||
if out, err := cpCmd.CombinedOutput(); err != nil { | ||
return fmt.Errorf("failed to execute %v: %w (out=%q)", cpCmd.Args, err, string(out)) | ||
} | ||
} | ||
tarC := []string{"tar", "-c", "-f"} | ||
if followSymlink { | ||
tarC = append(tarC, "-h") | ||
} | ||
tarC = append(tarC, "-", tarCArg) | ||
|
||
tarXDir := dstFull | ||
if !srcIsDir && !dstEndsWithSep && !dstExistsAsDir { | ||
tarXDir = filepath.Dir(dstFull) | ||
} | ||
tarX := []string{"tar", "-x", "-f", "-"} | ||
if rootlessutil.IsRootless() { | ||
nsenter := []string{"nsenter", "-t", strconv.Itoa(int(pid)), "-U", "--preserve-credentials", "--"} | ||
if container2host { | ||
tarC = append(nsenter, tarC...) | ||
} else { | ||
tarX = append(nsenter, tarX...) | ||
} | ||
} | ||
|
||
tarCCmd := exec.CommandContext(ctx, tarC[0], tarC[1:]...) | ||
tarCCmd.Dir = tarCDir | ||
tarCCmd.Stdin = nil | ||
tarCCmd.Stderr = os.Stderr | ||
|
||
tarXCmd := exec.CommandContext(ctx, tarX[0], tarX[1:]...) | ||
tarXCmd.Dir = tarXDir | ||
tarXCmd.Stdin, err = tarCCmd.StdoutPipe() | ||
if err != nil { | ||
return err | ||
} | ||
tarXCmd.Stdout = os.Stderr | ||
tarXCmd.Stderr = os.Stderr | ||
|
||
logrus.Debugf("executing %v in %q", tarCCmd.Args, tarCCmd.Dir) | ||
if err := tarCCmd.Start(); err != nil { | ||
return fmt.Errorf("failed to execute %v: %w", tarCCmd.Args, err) | ||
} | ||
logrus.Debugf("executing %v in %q", tarXCmd.Args, tarXCmd.Dir) | ||
if err := tarXCmd.Start(); err != nil { | ||
return fmt.Errorf("failed to execute %v: %w", tarXCmd.Args, err) | ||
} | ||
if err := tarCCmd.Wait(); err != nil { | ||
return fmt.Errorf("failed to wait %v: %w", tarCCmd.Args, err) | ||
} | ||
if err := tarXCmd.Wait(); err != nil { | ||
return fmt.Errorf("failed to wait %v: %w", tarXCmd.Args, err) | ||
} | ||
return nil | ||
} |
Oops, something went wrong.