replace io/ioutil with os

I've seen a container (private one) whose filenames start with ./, but
the layer name does not have the prefix, causing undocker to fail.

Let's always normalize the names to not have the prefix.

.build.yml

@@ -3,17 +3,17 @@ packages:
   - go
   - git
   - make
+  - shellcheck
 sources:
   - https://git.sr.ht/~motiejus/undocker
 tasks:
   - setup: |
       go install honnef.co/go/tools/cmd/staticcheck@latest
-  - test: |
+  - built-test-lint: |
-      make -C undocker coverage.html
+      make -C undocker -O -j$(nproc) undocker coverage.html lint
-  - lint: |
+  - usage: |
-      make -C undocker -O -j$(nproc) lint
+      # like 'grep -q', but prints output too.
-  - binaries: |
+      # | tee /dev/stderr doesn't work on sourcehut workers; permission denied.
-      make -C undocker -O -j$(nproc) sha256sum.txt
+      ./undocker/undocker |& awk 'BEGIN{c=1};/Built with /{c=0};{print};END{exit c}'
-      cat undocker/sha256sum.txt
 artifacts:
   - undocker/coverage.html

.gitignore

@@ -1,3 +1,4 @@
+/undocker
 /undocker-*
 coverage.html
 sha256sum.txt*

Makefile

@@ -1,58 +1,29 @@
+SCRIPTS = $(shell awk '/#!\/bin\/(ba)?sh/&&FNR==1{print FILENAME}' $(shell git ls-files))
 GODEPS = $(shell git ls-files '*.go' go.mod go.sum)
-GOBIN = $(shell go env GOPATH)/bin/
-
-GOOSARCHS = $(sort \
-			darwin/amd64 \
-			darwin/arm64 \
-			linux/amd64 \
-			linux/arm64 \
-			windows/amd64/.exe \
-			windows/arm64/.exe)
 
 VSN ?= $(shell git describe --dirty)
 VSNHASH = $(shell git rev-parse --verify HEAD)
 LDFLAGS = -ldflags "-X main.Version=$(VSN) -X main.VersionHash=$(VSNHASH)"
 
+undocker: ## builds binary for the current architecture
+	go build $(LDFLAGS) -o $@
+
 .PHONY: test
-test:
+test: coverage.out
-	go test -race -cover ./...
-
-define undockertarget
-UNDOCKERS += undocker-$(1)-$(2)-$(VSN)$(firstword $(3))
-undocker-$(1)-$(2)-$(VSN)$(firstword $(3)): $(GODEPS)
-	CGO_ENABLED=0 GOOS=$(1) GOARCH=$(2) go build $(LDFLAGS) -o $$@
-endef
-
-$(foreach goosarch,$(GOOSARCHS),\
-	$(eval $(call undockertarget,$(word 1,$(subst /, ,$(goosarch))),$(word 2,$(subst /, ,$(goosarch))),$(word 3,$(subst /, ,$(goosarch))))))
-
-.PHONY: all
-all: $(UNDOCKERS)
 
 .PHONY: lint
-lint: vet staticcheck
+lint:
-
-.PHONY: vet
-vet:
 	go vet ./...
-
+	$(shell go env GOPATH)/bin/staticcheck -f stylish ./...
-.PHONY: staticcheck
+	shellcheck $(SCRIPTS)
-staticcheck:
-	$(GOBIN)staticcheck -f stylish ./...
 
 .INTERMEDIATE: coverage.out
 coverage.out: $(GODEPS)
-	go test -coverprofile $@ ./...
+	go test -race -cover -coverprofile $@ ./...
 
 coverage.html: coverage.out
 	go tool cover -html=$< -o $@
 
-sha256sum.txt: $(UNDOCKERS)
-	sha256sum $(UNDOCKERS) > $@
-
-sha256sum.txt.asc: sha256sum.txt
-	gpg --clearsign $<
-
 .PHONY: clean
 clean:
-	rm -f undocker-*-v* coverage.html sha256sum.txt sha256sum.txt.asc
+	rm -f undocker coverage.html

README.md

@@ -18,7 +18,19 @@ and application isolation ("container") runtimes: once the docker image is
 extracted, it can be run with old-fashioned tools: lxc, systemd-nspawn,
 systemd, FreeBSD Jails, and many others.
 
-Undocker has no dependencies outside Golang stdlib.
+
+Installation
+------------
+
+Build it like this for the "current" platform:
+
+```
+$ make undocker
+```
+
+`make -B` will print the extra flags (`-X <...>`) for cross-compiling with
+other archs. It's all `go build <...>` in the back, and depends only on Go's
+compiler and stdlib.
 
 Usage: convert docker image to rootfs
 -------------------------------------
@@ -27,50 +39,41 @@ Download `busybox` docker image from docker hub and convert it to a rootfs:
 
 ```
 $ skopeo copy docker://docker.io/busybox:latest docker-archive:busybox.tar
-$ undocker busybox.tar - | tar -tv | head -10
+$ undocker busybox.tar - | tar -xv | sponge | head -10; echo '<...>'
-drwxr-xr-x 0/0               0 2021-05-17 22:07 bin/
+bin/
--rwxr-xr-x 0/0         1149184 2021-05-17 22:07 bin/[
+bin/[
-hrwxr-xr-x 0/0               0 2021-05-17 22:07 bin/[[ link to bin/[
+bin/[[
-hrwxr-xr-x 0/0               0 2021-05-17 22:07 bin/acpid link to bin/[
+bin/acpid
-hrwxr-xr-x 0/0               0 2021-05-17 22:07 bin/add-shell link to bin/[
+bin/add-shell
-hrwxr-xr-x 0/0               0 2021-05-17 22:07 bin/addgroup link to bin/[
+bin/addgroup
-hrwxr-xr-x 0/0               0 2021-05-17 22:07 bin/adduser link to bin/[
+bin/adduser
-hrwxr-xr-x 0/0               0 2021-05-17 22:07 bin/adjtimex link to bin/[
+bin/adjtimex
-hrwxr-xr-x 0/0               0 2021-05-17 22:07 bin/ar link to bin/[
+bin/ar
-hrwxr-xr-x 0/0               0 2021-05-17 22:07 bin/arch link to bin/[
+bin/arch
+<...>
 ```
 
-You can also refer [here][2] for other ways to download Docker images. There
+Refer [here][2] for other ways to download Docker images. There are many.
-are many.
 
-Converting a [1.1GB Docker image with 77
+On author's laptop converting a [1.1GB Docker image with 77
-layers](https://hub.docker.com/r/homeassistant/home-assistant) takes around 4
+layers](https://hub.docker.com/r/homeassistant/home-assistant) takes around 3
-seconds and on a reasonably powerful Intel laptop.
+seconds and uses ~65MB of residential memory.
 
-Usage example: systemd-nspawn
+Usage example: systemd
------------------------------
+----------------------
-
-Start with systemd-nspawn:
-
-```
-systemd-nspawn -D $PWD busybox httpd -vfp 8080
-```
-
-Usage example: plain old systemd
---------------------------------
 
 ```
 systemd-run \
   --wait --pty --collect --service-type=exec \
+  -p RootDirectory=$PWD \
+  -p ProtectProc=invisible \
   -p PrivateUsers=true \
   -p DynamicUser=yes \
-  -p ProtectProc=invisible \
-  -p RootDirectory=$PWD \
   -- busybox httpd -vfp 8080
 ```
 
-Good things like `PrivateUsers`, `DynamicUser`, `ProtectProc` and other
+[Systemd protections][1] like `PrivateUsers`, `DynamicUser`, `ProtectProc` and
-[systemd protections][1] are available, just like to any systemd unit.
+others are available, just like to any systemd unit.
 
 Similar Projects
 ----------------
@@ -89,7 +92,7 @@ Contributions
 
 The following contributions may be accepted:
 
-- Pull requests (patchsets) with accompanying tests.
+- Patchsets, with accompanying tests.
 - Regression reports.
 
 If you found a container that undocker cannot extract, or extracts incorrectly
@@ -100,6 +103,12 @@ Reports of regression reports must provide examples of "works before" and "does
 not work after". Issues without an accompanying patch will most likely be
 rejected.
 
+Communication
+-------------
+
+Use [~motiejus/undocker@lists.sr.ht](mailto:~motiejus/undocker@lists.sr.ht) for
+questions or patches. Subscribe [here][4].
+
 LICENSE
 -------
 
@@ -107,3 +116,5 @@ MIT
 
 [1]: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
 [2]: https://fly.io/blog/docker-without-docker/
+[3]: http://git.sr.ht/~motiejus/undocker
+[4]: https://lists.sr.ht/~motiejus/undocker

main.go

@@ -53,15 +53,15 @@ type command struct {
 	Stdout    io.Writer
 }
 
-func (c *command) execute(infile string, outfile string) (err error) {
+func (c *command) execute(infile string, outfile string) (_err error) {
 	rd, err := os.Open(infile)
 	if err != nil {
 		return err
 	}
 	defer func() {
-		err1 := rd.Close()
+		err := rd.Close()
-		if err == nil {
+		if _err == nil {
-			err = err1
+			_err = err
 		}
 	}()
 
@@ -74,9 +74,11 @@ func (c *command) execute(infile string, outfile string) (err error) {
 			return fmt.Errorf("create: %w", err)
 		}
 		defer func() {
-			err1 := outf.Close()
+			err := outf.Close()
-			if err == nil {
+			if _err != nil {
-				err = err1
+				os.Remove(outfile)
+			} else {
+				_err = err
 			}
 		}()
 		out = outf

main_test.go

@@ -2,8 +2,9 @@ package main
 
 import (
 	"bytes"
+	"errors"
 	"io"
-	"io/ioutil"
+	"os"
 	"path/filepath"
 	"regexp"
 	"testing"
@@ -13,18 +14,20 @@ func TestExecute(t *testing.T) {
 	var _foo = []byte("foo foo")
 
 	tests := []struct {
-		name    string
+		name      string
-		fixture func(*testing.T, string)
+		fixture   func(*testing.T, string)
-		infile  string
+		flattener func(io.ReadSeeker, io.Writer) error
-		outfile string
+		infile    string
-		wantErr string
+		outfile   string
+		wantErr   string
+		assertion func(*testing.T, string)
 	}{
 		{
 			name:   "ok passthrough via stdout",
 			infile: "t10-in.txt",
 			fixture: func(t *testing.T, dir string) {
 				fname := filepath.Join(dir, "t10-in.txt")
-				if err := ioutil.WriteFile(fname, _foo, 0644); err != nil {
+				if err := os.WriteFile(fname, _foo, 0644); err != nil {
 					t.Fatalf("unexpected error: %v", err)
 				}
 			},
@@ -35,12 +38,37 @@ func TestExecute(t *testing.T) {
 			infile: "t20-in.txt",
 			fixture: func(t *testing.T, dir string) {
 				fname := filepath.Join(dir, "t20-in.txt")
-				if err := ioutil.WriteFile(fname, _foo, 0644); err != nil {
+				if err := os.WriteFile(fname, _foo, 0644); err != nil {
 					t.Fatalf("unexpected error: %v", err)
 				}
 			},
 			outfile: "t20-out.txt",
 		},
+		{
+			name:   "bad flattener should remove the file",
+			infile: "t30-in.txt",
+			fixture: func(t *testing.T, dir string) {
+				fname := filepath.Join(dir, "t30-in.txt")
+				if err := os.WriteFile(fname, _foo, 0644); err != nil {
+					t.Fatalf("unexpected error: %v", err)
+				}
+			},
+			flattener: flattenBad,
+			outfile:   "t30-out.txt",
+			wantErr:   "some error",
+			assertion: func(t *testing.T, dir string) {
+				d, err := os.ReadDir(dir)
+				if err != nil {
+					t.Fatalf("unexpected error: %v", err)
+				}
+				if len(d) != 1 {
+					t.Fatalf("expected 1 entry, got %d", len(d))
+				}
+				if d[0].Name() != "t30-in.txt" {
+					t.Fatalf("expected to find only t30-in.txt, got %s", d[0].Name())
+				}
+			},
+		},
 		{
 			name:    "infile does not exist",
 			infile:  "t3-does-not-exist.txt",
@@ -57,7 +85,10 @@ func TestExecute(t *testing.T) {
 		t.Run(tt.name, func(t *testing.T) {
 			dir := t.TempDir()
 			var stdout bytes.Buffer
-			c := &command{Stdout: &stdout}
+			if tt.flattener == nil {
+				tt.flattener = flattenPassthrough
+			}
+
 			if tt.fixture != nil {
 				tt.fixture(t, dir)
 			}
@@ -65,9 +96,14 @@ func TestExecute(t *testing.T) {
 				tt.outfile = filepath.Join(dir, tt.outfile)
 			}
 			inf := filepath.Join(dir, tt.infile)
-			c.flattener = flattenPassthrough
 
+			c := &command{Stdout: &stdout, flattener: tt.flattener}
 			err := c.execute(inf, tt.outfile)
+
+			if tt.assertion != nil {
+				tt.assertion(t, dir)
+			}
+
 			if tt.wantErr != "" {
 				if err == nil {
 					t.Fatal("expected error, got nil")
@@ -78,21 +114,22 @@ func TestExecute(t *testing.T) {
 				}
 				return
 			}
-			var out []byte
 			if err != nil {
 				t.Fatalf("unexpected error: %v", err)
 			}
+			var out []byte
 			if tt.outfile == "-" {
 				out = stdout.Bytes()
 			} else {
-				out, err = ioutil.ReadFile(tt.outfile)
+				out, err = os.ReadFile(tt.outfile)
 				if err != nil {
 					t.Fatalf("unexpected error: %v", err)
 				}
 			}
 			if !bytes.Equal([]byte("foo foo"), out) {
-				t.Errorf("out != foo foo: %s", string(out))
+				t.Errorf("out != foo foo: %q", string(out))
 			}
+
 		})
 	}
 }
@@ -101,3 +138,7 @@ func flattenPassthrough(r io.ReadSeeker, w io.Writer) error {
 	_, err := io.Copy(w, r)
 	return err
 }
+
+func flattenBad(_ io.ReadSeeker, _ io.Writer) error {
+	return errors.New("some error")
+}

release

@@ -1,32 +1,25 @@
 #!/bin/bash
 set -euo pipefail
 
-err() {
+_err(){ >&2 echo "ERROR: $*"; exit 1; }
-    >&2 echo "ERROR: $*"
-    exit 1
-}
 
-[[ -n "$(git status --porcelain)" ]] && \
+git status --porcelain | grep -q "" &&
-    err "working tree is dirty, commit your changes first."
+    _err "working tree is dirty, commit your changes first."
 
-[[ ! "$1" =~ ^v([0-9]+)\.([0-9]+)(\.([0-9]+))?$ ]] && \
+[[ "$1" =~ ^v([0-9]+)\.([0-9]+)(\.([0-9]+))?(-rc([0-9]+))?$ ]] || \
-    err "arg1 accepts the following formats: v1.0 v1.0.0"
+    _err "arg1 accepts the following formats: v1.0 v1.0.0 v1.0-rc1 v1.0.1-rc1"
 
-[[ -n "$(git tag | grep "^$1$")" ]] && \
+git tag | grep -q "^$1$" &&
-    err "tag $1 already exists"
+    _err "tag $1 already exists"
+
+# sanity test: do the tests pass?
+make -B -j"$(nproc)" test lint
 
 last_tag=$(git tag | tail -1)
 
-make -B -j$(nproc) VSN=$1 sha256sum.txt.asc
-
 {
-    echo undocker $1
+    echo undocker "$1"
-    echo
-    echo Changelog since $last_tag:
-    git log --pretty=format:"- [%cn] %s" $last_tag..HEAD
-    echo
-    echo
-    echo sha256sums of released binaries:
-    cat sha256sum.txt
     echo
+    echo Changelog since "$last_tag":
+    git log --pretty=format:"- [%an] %s" "$last_tag"..HEAD
 } | git tag -u motiejus@jakstys.lt -F - "$1"

rootfs/rootfs.go

@@ -69,7 +69,7 @@ func Flatten(rd io.ReadSeeker, w io.Writer) (_err error) {
 			if err != nil {
 				return err
 			}
-			layerOffsets[hdr.Name] = here
+			layerOffsets[strings.TrimPrefix(hdr.Name, "./")] = here
 		}
 	}
 
@@ -82,7 +82,7 @@ func Flatten(rd io.ReadSeeker, w io.Writer) (_err error) {
 	for i, name := range manifest[0].Layers {
 		layers[i] = nameOffset{
 			name:   name,
-			offset: layerOffsets[name],
+			offset: layerOffsets[strings.TrimPrefix(name, "./")],
 		}
 	}
 
@@ -146,9 +146,8 @@ func Flatten(rd io.ReadSeeker, w io.Writer) (_err error) {
 	defer func() {
 		// Avoiding use of multierr: if error is present, return
 		// that. Otherwise return whatever `Close` returns.
-		err1 := tw.Close()
+		if err := tw.Close(); err != nil && _err == nil {
-		if _err == nil {
+			_err = err
-			_err = err1
 		}
 	}()
 	// iterate through all layers, all files, and write files.