示例#1
0
  protected void execute() throws ArchiverException, IOException {
    if (!checkForced()) {
      return;
    }

    ResourceIterator iter = getResources();
    if (!iter.hasNext()) {
      throw new ArchiverException("You must set at least one file.");
    }

    File tarFile = getDestFile();

    if (tarFile == null) {
      throw new ArchiverException("You must set the destination tar file.");
    }
    if (tarFile.exists() && !tarFile.isFile()) {
      throw new ArchiverException(tarFile + " isn't a file.");
    }
    if (tarFile.exists() && !tarFile.canWrite()) {
      throw new ArchiverException(tarFile + " is read-only.");
    }

    getLogger().info("Building tar: " + tarFile.getAbsolutePath());

    final OutputStream bufferedOutputStream = bufferedOutputStream(new FileOutputStream(tarFile));
    tOut = new TarArchiveOutputStream(compress(compression, bufferedOutputStream), "UTF8");
    if (longFileMode.isTruncateMode()) {
      tOut.setLongFileMode(TarArchiveOutputStream.LONGFILE_TRUNCATE);
    } else if (longFileMode.isPosixMode() || longFileMode.isPosixWarnMode()) {
      tOut.setLongFileMode(TarArchiveOutputStream.LONGFILE_POSIX);
      // Todo: Patch 2.5.1   for this fix. Also make closeable fix on 2.5.1
      tOut.setBigNumberMode(TarArchiveOutputStream.BIGNUMBER_POSIX);
    } else if (longFileMode.isFailMode() || longFileMode.isOmitMode()) {
      tOut.setLongFileMode(TarArchiveOutputStream.LONGFILE_ERROR);
    } else {
      // warn or GNU
      tOut.setLongFileMode(TarArchiveOutputStream.LONGFILE_GNU);
    }

    longWarningGiven = false;
    try {
      while (iter.hasNext()) {
        ArchiveEntry entry = iter.next();
        // Check if we don't add tar file in itself
        if (ResourceUtils.isSame(entry.getResource(), tarFile)) {
          throw new ArchiverException("A tar file cannot include itself.");
        }
        String fileName = entry.getName();
        String name = StringUtils.replace(fileName, File.separatorChar, '/');

        tarFile(entry, tOut, name);
      }
    } finally {
      IOUtil.close(tOut);
    }
  }
  protected void execute() throws ArchiverException, IOException {
    if (!checkForced()) {
      return;
    }

    ResourceIterator iter = getResources();
    if (!iter.hasNext()) {
      throw new ArchiverException("You must set at least one file.");
    }

    File tarFile = getDestFile();

    if (tarFile == null) {
      throw new ArchiverException("You must set the destination tar file.");
    }
    if (tarFile.exists() && !tarFile.isFile()) {
      throw new ArchiverException(tarFile + " isn't a file.");
    }
    if (tarFile.exists() && !tarFile.canWrite()) {
      throw new ArchiverException(tarFile + " is read-only.");
    }

    getLogger().info("Building tar: " + tarFile.getAbsolutePath());

    tOut =
        new TarOutputStream(
            compression.compress(new BufferedOutputStream(new FileOutputStream(tarFile))));
    tOut.setDebug(true);
    if (longFileMode.isTruncateMode()) {
      tOut.setLongFileMode(TarOutputStream.LONGFILE_TRUNCATE);
    } else if (longFileMode.isFailMode() || longFileMode.isOmitMode()) {
      tOut.setLongFileMode(TarOutputStream.LONGFILE_ERROR);
    } else {
      // warn or GNU
      tOut.setLongFileMode(TarOutputStream.LONGFILE_GNU);
    }

    longWarningGiven = false;
    while (iter.hasNext()) {
      ArchiveEntry entry = iter.next();
      // Check if we don't add tar file in inself
      if (ResourceUtils.isSame(entry.getResource(), tarFile)) {
        throw new ArchiverException("A tar file cannot include itself.");
      }
      String fileName = entry.getName();
      String name = StringUtils.replace(fileName, File.separatorChar, '/');

      tarFile(entry, tOut, name);
    }
  }
  @Override
  public TarArchiver customize(TarArchiver archiver) throws IOException {
    log.warn("/--------------------- SECURITY WARNING ---------------------\\");
    log.warn("|You are building a Docker image with normalized permissions.|");
    log.warn("|All files and directories added to build context will have  |");
    log.warn("|'-rwxr-xr-x' permissions. It is recommended to double check |");
    log.warn("|and reset permissions for sensitive files and directories.  |");
    log.warn("\\------------------------------------------------------------/");

    if (innerCustomizer != null) {
      archiver = innerCustomizer.customize(archiver);
    }

    TarArchiver newArchiver = new TarArchiver();
    newArchiver.setDestFile(archiver.getDestFile());
    newArchiver.setLongfile(TarLongFileMode.posix);

    ResourceIterator resources = archiver.getResources();
    while (resources.hasNext()) {
      ArchiveEntry ae = resources.next();
      String fileName = ae.getName();
      PlexusIoResource resource = ae.getResource();
      String name = StringUtils.replace(fileName, File.separatorChar, '/');

      // See docker source:
      // https://github.com/docker/docker/blob/3d13fddd2bc4d679f0eaa68b0be877e5a816ad53/pkg/archive/archive_windows.go#L45
      int mode = ae.getMode() & 0777;
      int newMode = mode;
      newMode &= 0755;
      newMode |= 0111;

      if (newMode != mode) {
        log.debug("Changing permissions of '%s' from %o to %o.", name, mode, newMode);
      }

      newArchiver.addResource(resource, name, newMode);
    }

    archiver = newArchiver;

    return archiver;
  }