From 5a94d1cc387d7420f8ffe7778d58029908c02a71 Mon Sep 17 00:00:00 2001 From: umar Date: Fri, 21 Jun 2024 23:04:21 +0530 Subject: [PATCH 1/2] replaced github.com/docker/distribution => github.com/distribution/distribution --- go.mod | 2 ++ pkg/helpers/docker/docker.go | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/go.mod b/go.mod index da34a909c..a412d117f 100644 --- a/go.mod +++ b/go.mod @@ -138,3 +138,5 @@ require ( google.golang.org/protobuf v1.33.0 // indirect gopkg.in/ini.v1 v1.63.2 // indirect ) + +replace github.com/docker/distribution => github.com/distribution/distribution v2.8.3+incompatible diff --git a/pkg/helpers/docker/docker.go b/pkg/helpers/docker/docker.go index 705cce41e..bbfd16967 100644 --- a/pkg/helpers/docker/docker.go +++ b/pkg/helpers/docker/docker.go @@ -31,8 +31,8 @@ import ( fileHelper "github.com/mudler/luet/pkg/helpers/file" + "github.com/distribution/reference" "github.com/docker/cli/cli/trust" - "github.com/docker/distribution/reference" registrytypes "github.com/docker/docker/api/types/registry" "github.com/docker/docker/registry" "github.com/google/go-containerregistry/pkg/authn" From 5744a01464a4d58124b0784248e1108513ce3a72 Mon Sep 17 00:00:00 2001 From: umar Date: Tue, 23 Jul 2024 16:03:10 +0530 Subject: [PATCH 2/2] added setuid function to get the user uid for image extraction --- pkg/helpers/docker/docker.go | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/pkg/helpers/docker/docker.go b/pkg/helpers/docker/docker.go index bbfd16967..562792c17 100644 --- a/pkg/helpers/docker/docker.go +++ b/pkg/helpers/docker/docker.go @@ -16,6 +16,7 @@ package docker import ( + "archive/tar" "context" "encoding/hex" "net/http" @@ -137,6 +138,15 @@ type UnpackEventData struct { Dest string } +func setUIDGID(h *tar.Header) (bool, error) { + // Set the desired UID and GID + h.Uid = os.Getuid() + h.Gid = os.Getgid() + + // Return true to indicate that this header should be included in the extraction + return true, nil +} + // DownloadAndExtractDockerImage extracts a container image natively. It supports privileged/unprivileged mode func DownloadAndExtractDockerImage(ctx luettypes.Context, image, dest string, auth *registrytypes.AuthConfig, verify bool) (*images.Image, error) { if verify { @@ -185,7 +195,7 @@ func DownloadAndExtractDockerImage(ctx luettypes.Context, image, dest string, au ctx, img, dest, - nil, + setUIDGID, ) if err != nil { return nil, err @@ -249,7 +259,7 @@ func ExtractDockerImage(ctx luettypes.Context, local, dest string) (*images.Imag ctx, img, dest, - nil, + setUIDGID, ) if err != nil {