Merge pull request #1 from deepfence/export_filesystem

export file system changes

constants/constants.go

@@ -8,6 +8,7 @@ const (
 	CONTAINERD_K8S_NS = "k8s.io"
 	CONTAINERD        = "containerd"
 	DOCKER            = "docker"
+	CONTAINERD_SOCKET_ADDRESS = "/run/containerd/containerd.sock"
 )
 
 var SupportedRuntimes = map[string]string{

containerd/containerd.go

@@ -2,10 +2,18 @@ package containerd
 
 import (
 	"bytes"
+	"context"
 	"errors"
 	"fmt"
+	containerdApi "github.com/containerd/containerd"
+	"github.com/containerd/containerd/namespaces"
+	"github.com/containerd/containerd/oci"
+	"github.com/deepfence/vessel/constants"
+	"os"
 	"os/exec"
 	"path"
+	"strings"
+	"time"
 )
 
 // New instantiates a new Containerd runtime object
@@ -141,3 +149,52 @@ func MigrateOCITarToDockerV1Tar(dir, tarName string) error {
 	return nil
 
 }
+
+// ExtractFileSystem Extract the file system from tar of an image by creating a temporary dormant container instance
+func (c Containerd) ExtractFileSystem(imageTarPath string, outputTarPath string, imageName string) error {
+	// create a new client connected to the default socket path for containerd
+	client, err := containerdApi.New(constants.CONTAINERD_SOCKET_ADDRESS)
+	if err != nil {
+		return err
+	}
+	defer client.Close()
+	// create a new context with an "temp" namespace
+	ctx := namespaces.WithNamespace(context.Background(), "temp")
+	reader, err := os.Open(imageTarPath)
+	if err != nil {
+		return err
+	}
+	imgs, err := client.Import(ctx, reader)
+	if err != nil {
+		return err
+	}
+	image, err := client.GetImage(ctx, imgs[0].Name)
+	if err != nil {
+		return err
+	}
+	snapshotName := imageName + string(time.Now().Unix())
+	container, err := client.NewContainer(
+		ctx,
+		imageName,
+		containerdApi.WithImage(image),
+		containerdApi.WithNewSnapshot(snapshotName, image),
+		containerdApi.WithNewSpec(oci.WithImageConfig(image)),
+	)
+	if err != nil {
+		return err
+	}
+	info, _ := container.Info(ctx)
+	snapshotter := client.SnapshotService(info.Snapshotter)
+	mounts, err := snapshotter.Mounts(ctx, snapshotName)
+	path := []string{""}
+	if len(mounts) > 0 {
+		options := mounts[len(mounts)-1].Options
+		path = strings.Split(options[len(options)-1], ":")
+	}
+	_, err = exec.Command("tar", "-czvf", outputTarPath, path[len(path)-1]).Output()
+	if err != nil {
+		return err
+	}
+	defer container.Delete(ctx, containerdApi.WithSnapshotCleanup)
+	return nil
+}

docker/docker.go

@@ -59,3 +59,22 @@ func (d Docker) GetImageID(imageName string) ([]byte, error) {
 func (d Docker) Save(imageName, outputParam string) ([]byte, error) {
 	return exec.Command("docker", "save", imageName, "-o", outputParam).Output()
 }
+
+// ExtractFileSystem Extract the file system from tar of an image by creating a temporary dormant container instance
+func (d Docker) ExtractFileSystem(imageTarPath string, outputTarPath string, imageName string) error {
+	_, err := exec.Command("docker", "import", imageTarPath, imageName+":temp").Output()
+	if err != nil {
+		return err
+	}
+	containerId, err := exec.Command("docker", "create", imageName+":temp", "--name", imageName+"-temp").Output()
+	if err != nil {
+		return err
+	}
+	_, err = exec.Command("docker", "export", string(containerId), ">", outputTarPath).Output()
+	if err != nil {
+		return err
+	}
+	exec.Command("docker", "container", "rm", string(containerId))
+	exec.Command("docker", "image", "rm", imageName+":temp")
+	return nil
+}

runtime.go

@@ -6,4 +6,5 @@ type Runtime interface {
 	GetImageID(imageName string) ([]byte, error)
 	Save(imageName, outputParam string) ([]byte, error)
 	GetSocket() string
+	ExtractFileSystem(imageTarPath string, outputTarPath string, imageName string) error
 }