Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

oci: Skip symlinks found in upstream artifacts #1246

Merged
merged 2 commits into from
Oct 2, 2023
Merged

Conversation

stefanprodan
Copy link
Member

@stefanprodan stefanprodan commented Sep 29, 2023

Do not error out when upstream artifacts contain symlinks in the contents of the tar+gzip layer, instead skip all symlinks during decompression.

This allows Flux users to make use of OCI artifacts that may have symlinks in their contents which is the case when artifacts are created by other means than flux push artifact.

Ref: fluxcd/pkg#655
Fix: fluxcd/pkg#538
Fix: fluxcd/flux2#4209

Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
Do not error out when upstream artifacts contain symlinks in the content layer, instead skip all symlinks during decompression.

Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
@stefanprodan stefanprodan added area/storage Storage related issues and pull requests area/oci OCI related issues and pull requests labels Sep 29, 2023
Copy link
Member

@rashedkvm rashedkvm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@stefanprodan thank you and appreciate you picking it up. With a great intention to contribute this fix, I got occupied with few other commitments. This change make sense and aligns with fluxcd/pkg#655 nicely. Thank you!

@stefanprodan
Copy link
Member Author

@rashedkvm if you have time, could you please test this with a container image that was failing before?

@rashedkvm
Copy link
Member

@rashedkvm if you have time, could you please test this with a container image that was failing before?

Yep, I will test it and share my finding.

@rashedkvm
Copy link
Member

rashedkvm commented Oct 1, 2023

@rashedkvm if you have time, could you please test this with a container image that was failing before?

Yep, I will test it and share my finding.

Validated fix using image with sym-link. Validation passed. Thanks @stefanprodan

k get ocirepositories.source.toolkit.fluxcd.io -n no-auth
NAME                    URL                                   READY   STATUS                                                                                                 AGE
ocirepository-no-auth   oci://ghcr.io/carto-run/hello-world   True    stored artifact for digest 'sha256:15bbfc70e91bd7daf4047a8a1244ac2b8c32e47f6d1c6b5795c3d043f5becf7f'   12s

@stefanprodan stefanprodan merged commit ff39d21 into main Oct 2, 2023
@stefanprodan stefanprodan deleted the oci-skip-symlinks branch October 2, 2023 05:42
@stefanprodan stefanprodan added the backport:release/v1.1.x To be backported to release/v1.1.x label Oct 9, 2023
@fluxcdbot
Copy link
Member

Successfully created backport PR for release/v1.1.x:

@tmayweather
Copy link

I'm currently having this same issue on v2.12.

terraform-oci oci://ghcr.io/tmayweather/manifests/terraform False failed to extract layer contents from artifact: tar file entry bin/arch contained unsupported file type Lrwxrwxrwx 15m

# for free to join this conversation on GitHub. Already have an account? # to comment
Labels
area/oci OCI related issues and pull requests area/storage Storage related issues and pull requests backport:release/v1.1.x To be backported to release/v1.1.x
Projects
None yet
5 participants