replace io/ioutil with os

I've seen a container (private one) whose filenames start with ./, but
the layer name does not have the prefix, causing undocker to fail.

Let's always normalize the names to not have the prefix.

.build.yml

@@ -9,12 +9,11 @@ sources:
 tasks:
   - setup: |
       go install honnef.co/go/tools/cmd/staticcheck@latest
-  - test: |
-      make -C undocker coverage.html
-  - lint: |
-      make -C undocker -O -j$(nproc) lint
-  - binaries: |
-      make -C undocker -O -j$(nproc) sha256sum.txt
-      cat undocker/sha256sum.txt
+  - built-test-lint: |
+      make -C undocker -O -j$(nproc) undocker coverage.html lint
+  - usage: |
+      # like 'grep -q', but prints output too.
+      # | tee /dev/stderr doesn't work on sourcehut workers; permission denied.
+      ./undocker/undocker |& awk 'BEGIN{c=1};/Built with /{c=0};{print};END{exit c}'
 artifacts:
   - undocker/coverage.html

.gitignore

@@ -1,3 +1,4 @@
+/undocker
 /undocker-*
 coverage.html
 sha256sum.txt*

Makefile

@@ -1,50 +1,29 @@
 SCRIPTS = $(shell awk '/#!\/bin\/(ba)?sh/&&FNR==1{print FILENAME}' $(shell git ls-files))
 GODEPS = $(shell git ls-files '*.go' go.mod go.sum)
-GOBIN = $(shell go env GOPATH)/bin/
-GOOSARCHS = $(sort darwin/amd64 linux/amd64)
 
 VSN ?= $(shell git describe --dirty)
 VSNHASH = $(shell git rev-parse --verify HEAD)
 LDFLAGS = -ldflags "-X main.Version=$(VSN) -X main.VersionHash=$(VSNHASH)"
 
 undocker: ## builds binary for the current architecture
-	CGO_ENABLED=0 go build $(LDFLAGS) -o $@
+	go build $(LDFLAGS) -o $@
 
 .PHONY: test
-test:
-	go test -race -cover ./...
-
-define undockertarget
-UNDOCKERS += undocker-$(1)-$(2)-$(VSN)
-undocker-$(1)-$(2)-$(VSN): $(GODEPS)
-	CGO_ENABLED=0 GOOS=$(1) GOARCH=$(2) go build $(LDFLAGS) -o $$@
-endef
-
-$(foreach goosarch,$(GOOSARCHS),\
-	$(eval $(call undockertarget,$(word 1,$(subst /, ,$(goosarch))),$(word 2,$(subst /, ,$(goosarch))))))
-
-.PHONY: all
-all: $(UNDOCKERS)
+test: coverage.out
 
 .PHONY: lint
 lint:
 	go vet ./...
-	$(GOBIN)staticcheck -f stylish ./...
+	$(shell go env GOPATH)/bin/staticcheck -f stylish ./...
 	shellcheck $(SCRIPTS)
 
 .INTERMEDIATE: coverage.out
 coverage.out: $(GODEPS)
-	go test -coverprofile $@ ./...
+	go test -race -cover -coverprofile $@ ./...
 
 coverage.html: coverage.out
 	go tool cover -html=$< -o $@
 
-sha256sum.txt: $(UNDOCKERS)
-	sha256sum $(UNDOCKERS) > $@
-
-sha256sum.txt.asc: sha256sum.txt
-	gpg --clearsign $<
-
 .PHONY: clean
 clean:
-	rm -f undocker-*-v* coverage.html sha256sum.txt sha256sum.txt.asc
+	rm -f undocker coverage.html

README.md

@@ -18,20 +18,19 @@ and application isolation ("container") runtimes: once the docker image is
 extracted, it can be run with old-fashioned tools: lxc, systemd-nspawn,
 systemd, FreeBSD Jails, and many others.
 
-Undocker has no dependencies outside Golang stdlib.
 
 Installation
 ------------
 
-We recommend using [officially released binaries][3]. To build the project
-instead, run:
+Build it like this for the "current" platform:
 
 ```
 $ make undocker
 ```
 
-The number of officially released binaries is quite limited. If you'd like me
-to expand a list, please contribute a patch to the Makefile.
+`make -B` will print the extra flags (`-X <...>`) for cross-compiling with
+other archs. It's all `go build <...>` in the back, and depends only on Go's
+compiler and stdlib.
 
 Usage: convert docker image to rootfs
 -------------------------------------
@@ -40,50 +39,41 @@ Download `busybox` docker image from docker hub and convert it to a rootfs:
 
 ```
 $ skopeo copy docker://docker.io/busybox:latest docker-archive:busybox.tar
-$ undocker busybox.tar - | tar -tv | head -10
-drwxr-xr-x 0/0               0 2021-05-17 22:07 bin/
--rwxr-xr-x 0/0         1149184 2021-05-17 22:07 bin/[
-hrwxr-xr-x 0/0               0 2021-05-17 22:07 bin/[[ link to bin/[
-hrwxr-xr-x 0/0               0 2021-05-17 22:07 bin/acpid link to bin/[
-hrwxr-xr-x 0/0               0 2021-05-17 22:07 bin/add-shell link to bin/[
-hrwxr-xr-x 0/0               0 2021-05-17 22:07 bin/addgroup link to bin/[
-hrwxr-xr-x 0/0               0 2021-05-17 22:07 bin/adduser link to bin/[
-hrwxr-xr-x 0/0               0 2021-05-17 22:07 bin/adjtimex link to bin/[
-hrwxr-xr-x 0/0               0 2021-05-17 22:07 bin/ar link to bin/[
-hrwxr-xr-x 0/0               0 2021-05-17 22:07 bin/arch link to bin/[
+$ undocker busybox.tar - | tar -xv | sponge | head -10; echo '<...>'
+bin/
+bin/[
+bin/[[
+bin/acpid
+bin/add-shell
+bin/addgroup
+bin/adduser
+bin/adjtimex
+bin/ar
+bin/arch
+<...>
 ```
 
-You can also refer [here][2] for other ways to download Docker images. There
-are many.
+Refer [here][2] for other ways to download Docker images. There are many.
 
-Converting a [1.1GB Docker image with 77
-layers](https://hub.docker.com/r/homeassistant/home-assistant) takes around 4
-seconds and on a reasonably powerful Intel laptop.
+On author's laptop converting a [1.1GB Docker image with 77
+layers](https://hub.docker.com/r/homeassistant/home-assistant) takes around 3
+seconds and uses ~65MB of residential memory.
 
-Usage example: systemd-nspawn
------------------------------
-
-Start with systemd-nspawn:
-
-```
-systemd-nspawn -D $PWD busybox httpd -vfp 8080
-```
-
-Usage example: plain old systemd
---------------------------------
+Usage example: systemd
+----------------------
 
 ```
 systemd-run \
   --wait --pty --collect --service-type=exec \
+  -p RootDirectory=$PWD \
+  -p ProtectProc=invisible \
   -p PrivateUsers=true \
   -p DynamicUser=yes \
-  -p ProtectProc=invisible \
-  -p RootDirectory=$PWD \
   -- busybox httpd -vfp 8080
 ```
 
-Good things like `PrivateUsers`, `DynamicUser`, `ProtectProc` and other
-[systemd protections][1] are available, just like to any systemd unit.
+[Systemd protections][1] like `PrivateUsers`, `DynamicUser`, `ProtectProc` and
+others are available, just like to any systemd unit.
 
 Similar Projects
 ----------------
@@ -102,7 +92,7 @@ Contributions
 
 The following contributions may be accepted:
 
-- Pull requests (patchsets) with accompanying tests.
+- Patchsets, with accompanying tests.
 - Regression reports.
 
 If you found a container that undocker cannot extract, or extracts incorrectly
@@ -113,6 +103,12 @@ Reports of regression reports must provide examples of "works before" and "does
 not work after". Issues without an accompanying patch will most likely be
 rejected.
 
+Communication
+-------------
+
+Use [~motiejus/undocker@lists.sr.ht](mailto:~motiejus/undocker@lists.sr.ht) for
+questions or patches. Subscribe [here][4].
+
 LICENSE
 -------
 
@@ -121,3 +117,4 @@ MIT
 [1]: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
 [2]: https://fly.io/blog/docker-without-docker/
 [3]: http://git.sr.ht/~motiejus/undocker
+[4]: https://lists.sr.ht/~motiejus/undocker

main_test.go

@@ -4,7 +4,6 @@ import (
 	"bytes"
 	"errors"
 	"io"
-	"io/ioutil"
 	"os"
 	"path/filepath"
 	"regexp"
@@ -28,7 +27,7 @@ func TestExecute(t *testing.T) {
 			infile: "t10-in.txt",
 			fixture: func(t *testing.T, dir string) {
 				fname := filepath.Join(dir, "t10-in.txt")
-				if err := ioutil.WriteFile(fname, _foo, 0644); err != nil {
+				if err := os.WriteFile(fname, _foo, 0644); err != nil {
 					t.Fatalf("unexpected error: %v", err)
 				}
 			},
@@ -39,7 +38,7 @@ func TestExecute(t *testing.T) {
 			infile: "t20-in.txt",
 			fixture: func(t *testing.T, dir string) {
 				fname := filepath.Join(dir, "t20-in.txt")
-				if err := ioutil.WriteFile(fname, _foo, 0644); err != nil {
+				if err := os.WriteFile(fname, _foo, 0644); err != nil {
 					t.Fatalf("unexpected error: %v", err)
 				}
 			},
@@ -50,7 +49,7 @@ func TestExecute(t *testing.T) {
 			infile: "t30-in.txt",
 			fixture: func(t *testing.T, dir string) {
 				fname := filepath.Join(dir, "t30-in.txt")
-				if err := ioutil.WriteFile(fname, _foo, 0644); err != nil {
+				if err := os.WriteFile(fname, _foo, 0644); err != nil {
 					t.Fatalf("unexpected error: %v", err)
 				}
 			},
@@ -122,7 +121,7 @@ func TestExecute(t *testing.T) {
 			if tt.outfile == "-" {
 				out = stdout.Bytes()
 			} else {
-				out, err = ioutil.ReadFile(tt.outfile)
+				out, err = os.ReadFile(tt.outfile)
 				if err != nil {
 					t.Fatalf("unexpected error: %v", err)
 				}

release

@@ -1,32 +1,25 @@
 #!/bin/bash
 set -euo pipefail
 
-err() {
-    >&2 echo "ERROR: $*"
-    exit 1
-}
+_err(){ >&2 echo "ERROR: $*"; exit 1; }
 
 git status --porcelain | grep -q "" &&
-    err "working tree is dirty, commit your changes first."
+    _err "working tree is dirty, commit your changes first."
 
-[[ ! "$1" =~ ^v([0-9]+)\.([0-9]+)(\.([0-9]+))?$ ]] && \
-    err "arg1 accepts the following formats: v1.0 v1.0.0"
+[[ "$1" =~ ^v([0-9]+)\.([0-9]+)(\.([0-9]+))?(-rc([0-9]+))?$ ]] || \
+    _err "arg1 accepts the following formats: v1.0 v1.0.0 v1.0-rc1 v1.0.1-rc1"
 
 git tag | grep -q "^$1$" &&
-    err "tag $1 already exists"
+    _err "tag $1 already exists"
+
+# sanity test: do the tests pass?
+make -B -j"$(nproc)" test lint
 
 last_tag=$(git tag | tail -1)
 
-make -B -j"$(nproc)" VSN="$1" sha256sum.txt.asc
-
 {
     echo undocker "$1"
     echo
     echo Changelog since "$last_tag":
-    git log --pretty=format:"- [%cn] %s" "$last_tag"..HEAD
-    echo
-    echo
-    echo sha256sums of released binaries:
-    cat sha256sum.txt
-    echo
+    git log --pretty=format:"- [%an] %s" "$last_tag"..HEAD
 } | git tag -u motiejus@jakstys.lt -F - "$1"

rootfs/rootfs.go

@@ -69,7 +69,7 @@ func Flatten(rd io.ReadSeeker, w io.Writer) (_err error) {
 			if err != nil {
 				return err
 			}
-			layerOffsets[hdr.Name] = here
+			layerOffsets[strings.TrimPrefix(hdr.Name, "./")] = here
 		}
 	}
 
@@ -82,7 +82,7 @@ func Flatten(rd io.ReadSeeker, w io.Writer) (_err error) {
 	for i, name := range manifest[0].Layers {
 		layers[i] = nameOffset{
 			name:   name,
-			offset: layerOffsets[name],
+			offset: layerOffsets[strings.TrimPrefix(name, "./")],
 		}
 	}
 
@@ -146,9 +146,8 @@ func Flatten(rd io.ReadSeeker, w io.Writer) (_err error) {
 	defer func() {
 		// Avoiding use of multierr: if error is present, return
 		// that. Otherwise return whatever `Close` returns.
-		err1 := tw.Close()
-		if _err == nil {
-			_err = err1
+		if err := tw.Close(); err != nil && _err == nil {
+			_err = err
 		}
 	}()
 	// iterate through all layers, all files, and write files.