Removed dependency on sh/tar from alpine image

matejvasek · matejvasek · commit 74f1ab85609c · 2025-01-23T19:59:20.000+01:00
This commit removes depencency on sh and tar binaries by implementing
the logic in our func-util binary.

Signed-off-by: Matej Vašek &lt;mvasek@redhat.com&gt;
diff --git a/Dockerfile.utils b/Dockerfile.utils
@@ -34,6 +34,7 @@ COPY --from=builder /workspace/func-util /usr/local/bin/
 RUN ln -s /usr/local/bin/func-util /usr/local/bin/deploy && \
     ln -s /usr/local/bin/func-util /usr/local/bin/scaffold && \
     ln -s /usr/local/bin/func-util /usr/local/bin/s2i && \
+    ln -s /usr/local/bin/func-util /usr/local/bin/sh && \
     ln -s /usr/local/bin/func-util /usr/local/bin/socat
 
 LABEL \
diff --git a/cmd/func-util/main.go b/cmd/func-util/main.go
@@ -4,12 +4,20 @@
 package main
 
 import (
+	"archive/tar"
 	"context"
+	"errors"
 	"flag"
 	"fmt"
+	"golang.org/x/sys/unix"
+	"io"
+	"io/fs"
 	"os"
 	"os/signal"
+	"path"
 	"path/filepath"
+	"slices"
+	"strings"
 	"syscall"
 
 	"github.com/openshift/source-to-image/pkg/cmd/cli"
@@ -46,6 +54,8 @@ func main() {
 		cmd = s2iCmd
 	case "socat":
 		cmd = socat
+	case "sh":
+		cmd = sh
 	}
 
 	err := cmd(ctx)
@@ -167,3 +177,84 @@ func (d deployDecorator) UpdateLabels(function fn.Function, labels map[string]st
 	}
 	return labels
 }
+
+func sh(ctx context.Context) error {
+	if !slices.Equal(os.Args[1:], []string{"-c", "umask 0000 && exec tar -xmf -"}) {
+		return fmt.Errorf("this is a fake sh (only for backward compatiblility purposes)")
+	}
+
+	var err error
+
+	wd, err := os.Getwd()
+	if err != nil {
+		return fmt.Errorf("cannot get working directory: %w", err)
+	}
+
+	unix.Umask(0)
+
+	r := tar.NewReader(os.Stdin)
+
+	writeRegular := func(hdr *tar.Header) error {
+		target := filepath.Join(wd, filepath.FromSlash(hdr.Name))
+		e := os.MkdirAll(
+			filepath.Dir(target),
+			os.FileMode(hdr.Mode)&fs.ModePerm|0111,
+		)
+		if e != nil {
+			return e
+		}
+		f, e := os.OpenFile(
+			target,
+			os.O_CREATE|os.O_TRUNC|os.O_WRONLY,
+			os.FileMode(hdr.Mode)&fs.ModePerm,
+		)
+		defer func(f *os.File) {
+			_ = f.Close()
+		}(f)
+		_, e = io.Copy(f, r)
+		if e != nil {
+			return e
+		}
+		return nil
+	}
+
+	var first bool = true
+	for {
+		var h *tar.Header
+		h, err = r.Next()
+		if err != nil {
+			if errors.Is(err, io.EOF) {
+				if first {
+					return fmt.Errorf("does not look like a tar")
+				}
+				return nil
+			}
+			return err
+		}
+
+		if strings.HasPrefix(path.Clean(h.Name), "..") {
+			return fmt.Errorf("file name escapes")
+		}
+		if strings.HasPrefix(path.Clean(h.Linkname), "..") {
+			return fmt.Errorf("link target escapes")
+		}
+
+		first = false
+		switch {
+		case h.Typeflag == tar.TypeReg || h.Typeflag == tar.TypeRegA:
+			err = writeRegular(h)
+		case h.Typeflag == tar.TypeDir:
+			err = os.MkdirAll(
+				filepath.Join(wd, filepath.FromSlash(h.Name)),
+				os.FileMode(h.Mode)&fs.ModePerm,
+			)
+		case h.Typeflag == tar.TypeSymlink:
+			err = os.Symlink(h.Linkname, filepath.Join(wd, filepath.FromSlash(h.Name)))
+		default:
+			_, _ = fmt.Printf("unsupported type flag: %d\n", h.Typeflag)
+		}
+		if err != nil {
+			return err
+		}
+	}
+}
diff --git a/pkg/k8s/testdata/content.tar b/pkg/k8s/testdata/content.tar
