nixpkgs/pkgs/build-support/docker/stream_layered_image.py

import io
import os
import re
import sys
import json
import hashlib
import tarfile
import itertools
import threading
from datetime import datetime
from collections import namedtuple


# Adds the given store paths to as a tar to the given writable stream.
def archive_paths_to(obj, paths, mtime, add_nix, filter=None):
    filter = filter if filter else lambda i: i

    # gettarinfo makes the paths relative, this makes them
    # absolute again
    def append_root(ti):
        ti.name = "/" + ti.name
        return ti

    def apply_filters(ti):
        ti.mtime = mtime
        return filter(ti)

    def dir(path):
        ti = tarfile.TarInfo(path)
        ti.type = tarfile.DIRTYPE
        return ti

    with tarfile.open(fileobj=obj, mode="w|") as tar:
        if add_nix:
            tar.addfile(apply_filters(dir("/nix")))
            tar.addfile(apply_filters(dir("/nix/store")))

        for path in paths:
            ti = tar.gettarinfo(os.path.join("/", path))
            tar.addfile(apply_filters(append_root(ti)))

            for root, dirs, files in os.walk(path, topdown=True):
                for name in itertools.chain(dirs, files):
                    name = os.path.join(root, name)
                    ti = append_root(tar.gettarinfo(name))

                    # copy hardlinks as regular files
                    if ti.islnk():
                        ti.type = tarfile.REGTYPE

                    ti = apply_filters(ti)
                    if ti.isfile():
                        with open(name, "rb") as f:
                            tar.addfile(ti, f)
                    else:
                        tar.addfile(ti)


# A writable stream which only calculates the final file size and
# sha256sum, while discarding the actual contents.
class ExtractChecksum:
    def __init__(self):
        self._digest = hashlib.sha256()
        self._size = 0

    def write(self, data):
        self._digest.update(data)
        self._size += len(data)

    def extract(self):
        return (self._digest.hexdigest(), self._size)


# Some metadata for a layer
LayerInfo = namedtuple("LayerInfo", ["size", "checksum", "path", "paths"])


# Given a list of store paths 'paths', creates a layer add append it
# to tarfile 'tar'. Returns some a 'LayerInfo' for the layer.
def add_layer_dir(tar, paths, mtime, add_nix=True, filter=None):
    assert all(i.startswith("/nix/store/") for i in paths)

    extract_checksum = ExtractChecksum()
    archive_paths_to(
        extract_checksum,
        paths,
        mtime=mtime,
        add_nix=add_nix,
        filter=filter
    )
    (checksum, size) = extract_checksum.extract()

    path = f"{checksum}/layer.tar"
    ti = tarfile.TarInfo(path)
    ti.size = size
    ti.mtime = mtime

    read_fd, write_fd = os.pipe()
    with open(read_fd, "rb") as read, open(write_fd, "wb") as write:
        def producer():
            archive_paths_to(
                write,
                paths,
                mtime=mtime,
                add_nix=add_nix,
                filter=filter
            )
            write.close()
        threading.Thread(target=producer).start()
        tar.addfile(ti, read)

    return LayerInfo(size=size, checksum=checksum, path=path, paths=paths)


def add_customisation_layer(tar, path, mtime):
    def filter(ti):
        ti.name = re.sub("^/nix/store/[^/]*", "", ti.name)
        return ti
    return add_layer_dir(
        tar,
        [path],
        mtime=mtime,
        add_nix=False,
        filter=filter
      )


# Adds a file to the tarball with given path and contents.
def add_bytes(tar, path, content, mtime):
    assert type(content) is bytes

    ti = tarfile.TarInfo(path)
    ti.size = len(content)
    ti.mtime = mtime
    tar.addfile(ti, io.BytesIO(content))


# Main

with open(sys.argv[1], "r") as f:
    conf = json.load(f)

created = (
  datetime.now(tz=datetime.timezone.utc)
  if conf["created"] == "now"
  else datetime.fromisoformat(conf["created"])
)
mtime = int(created.timestamp())

with tarfile.open(mode="w|", fileobj=sys.stdout.buffer) as tar:
    layers = []
    for num, store_layer in enumerate(conf["store_layers"]):
        print(
          "Creating layer", num,
          "from paths:", store_layer,
          file=sys.stderr)
        info = add_layer_dir(tar, store_layer, mtime=mtime)
        layers.append(info)

    print("Creating the customisation layer...", file=sys.stderr)
    layers.append(
      add_customisation_layer(
        tar,
        conf["customisation_layer"],
        mtime=mtime
      )
    )

    print("Adding manifests...", file=sys.stderr)

    image_json = {
        "created": datetime.isoformat(created),
        "architecture": conf["architecture"],
        "os": "linux",
        "config": conf["config"],
        "rootfs": {
            "diff_ids": [f"sha256:{layer.checksum}" for layer in layers],
            "type": "layers",
        },
        "history": [
            {
              "created": conf["created"],
              "comment": f"store paths: {layer.paths}"
            }
            for layer in layers
        ],
    }

    image_json = json.dumps(image_json, indent=4).encode("utf-8")
    image_json_checksum = hashlib.sha256(image_json).hexdigest()
    image_json_path = f"{image_json_checksum}.json"
    add_bytes(tar, image_json_path, image_json, mtime=mtime)

    manifest_json = [
        {
            "Config": image_json_path,
            "RepoTags": [conf["repo_tag"]],
            "Layers": [layer.path for layer in layers],
        }
    ]
    manifest_json = json.dumps(manifest_json, indent=4).encode("utf-8")
    add_bytes(tar, "manifest.json", manifest_json, mtime=mtime)

    print("Done.", file=sys.stderr)
Implement dockerTools.streamLayeredImage 2020-06-08 11:47:46 +02:00			`import io`
			`import os`
			`import re`
			`import sys`
			`import json`
			`import hashlib`
			`import tarfile`
			`import itertools`
			`import threading`
Set mtime to get more deterministic builds 2020-06-11 02:44:04 +02:00			`from datetime import datetime`
Implement dockerTools.streamLayeredImage 2020-06-08 11:47:46 +02:00			`from collections import namedtuple`


			`# Adds the given store paths to as a tar to the given writable stream.`
Set mtime in even more places 2020-06-11 02:51:47 +02:00			`def archive_paths_to(obj, paths, mtime, add_nix, filter=None):`
Implement dockerTools.streamLayeredImage 2020-06-08 11:47:46 +02:00			`filter = filter if filter else lambda i: i`

			`# gettarinfo makes the paths relative, this makes them`
			`# absolute again`
			`def append_root(ti):`
			`ti.name = "/" + ti.name`
			`return ti`

Set mtime to get more deterministic builds 2020-06-11 02:44:04 +02:00			`def apply_filters(ti):`
Set mtime in even more places 2020-06-11 02:51:47 +02:00			`ti.mtime = mtime`
Set mtime to get more deterministic builds 2020-06-11 02:44:04 +02:00			`return filter(ti)`

Implement dockerTools.streamLayeredImage 2020-06-08 11:47:46 +02:00			`def dir(path):`
			`ti = tarfile.TarInfo(path)`
			`ti.type = tarfile.DIRTYPE`
			`return ti`

			`with tarfile.open(fileobj=obj, mode="w\|") as tar:`
			`if add_nix:`
Set mtime to get more deterministic builds 2020-06-11 02:44:04 +02:00			`tar.addfile(apply_filters(dir("/nix")))`
			`tar.addfile(apply_filters(dir("/nix/store")))`
Implement dockerTools.streamLayeredImage 2020-06-08 11:47:46 +02:00
			`for path in paths:`
			`ti = tar.gettarinfo(os.path.join("/", path))`
Set mtime to get more deterministic builds 2020-06-11 02:44:04 +02:00			`tar.addfile(apply_filters(append_root(ti)))`
Implement dockerTools.streamLayeredImage 2020-06-08 11:47:46 +02:00
			`for root, dirs, files in os.walk(path, topdown=True):`
			`for name in itertools.chain(dirs, files):`
			`name = os.path.join(root, name)`
			`ti = append_root(tar.gettarinfo(name))`

			`# copy hardlinks as regular files`
			`if ti.islnk():`
			`ti.type = tarfile.REGTYPE`

Set mtime to get more deterministic builds 2020-06-11 02:44:04 +02:00			`ti = apply_filters(ti)`
Implement dockerTools.streamLayeredImage 2020-06-08 11:47:46 +02:00			`if ti.isfile():`
			`with open(name, "rb") as f:`
			`tar.addfile(ti, f)`
			`else:`
			`tar.addfile(ti)`


			`# A writable stream which only calculates the final file size and`
			`# sha256sum, while discarding the actual contents.`
			`class ExtractChecksum:`
			`def __init__(self):`
			`self._digest = hashlib.sha256()`
			`self._size = 0`

			`def write(self, data):`
			`self._digest.update(data)`
			`self._size += len(data)`

			`def extract(self):`
			`return (self._digest.hexdigest(), self._size)`


			`# Some metadata for a layer`
			`LayerInfo = namedtuple("LayerInfo", ["size", "checksum", "path", "paths"])`


			`# Given a list of store paths 'paths', creates a layer add append it`
			`# to tarfile 'tar'. Returns some a 'LayerInfo' for the layer.`
Set mtime in even more places 2020-06-11 02:51:47 +02:00			`def add_layer_dir(tar, paths, mtime, add_nix=True, filter=None):`
Implement dockerTools.streamLayeredImage 2020-06-08 11:47:46 +02:00			`assert all(i.startswith("/nix/store/") for i in paths)`

			`extract_checksum = ExtractChecksum()`
Set mtime to get more deterministic builds 2020-06-11 02:44:04 +02:00			`archive_paths_to(`
			`extract_checksum,`
			`paths,`
Set mtime in even more places 2020-06-11 02:51:47 +02:00			`mtime=mtime,`
Set mtime to get more deterministic builds 2020-06-11 02:44:04 +02:00			`add_nix=add_nix,`
			`filter=filter`
			`)`
Implement dockerTools.streamLayeredImage 2020-06-08 11:47:46 +02:00			`(checksum, size) = extract_checksum.extract()`

			`path = f"{checksum}/layer.tar"`
			`ti = tarfile.TarInfo(path)`
			`ti.size = size`
Set mtime in even more places 2020-06-11 02:51:47 +02:00			`ti.mtime = mtime`
Implement dockerTools.streamLayeredImage 2020-06-08 11:47:46 +02:00
			`read_fd, write_fd = os.pipe()`
			`with open(read_fd, "rb") as read, open(write_fd, "wb") as write:`
			`def producer():`
Set mtime to get more deterministic builds 2020-06-11 02:44:04 +02:00			`archive_paths_to(`
			`write,`
			`paths,`
Set mtime in even more places 2020-06-11 02:51:47 +02:00			`mtime=mtime,`
Set mtime to get more deterministic builds 2020-06-11 02:44:04 +02:00			`add_nix=add_nix,`
			`filter=filter`
			`)`
Implement dockerTools.streamLayeredImage 2020-06-08 11:47:46 +02:00			`write.close()`
			`threading.Thread(target=producer).start()`
			`tar.addfile(ti, read)`

			`return LayerInfo(size=size, checksum=checksum, path=path, paths=paths)`


Set mtime in even more places 2020-06-11 02:51:47 +02:00			`def add_customisation_layer(tar, path, mtime):`
Implement dockerTools.streamLayeredImage 2020-06-08 11:47:46 +02:00			`def filter(ti):`
			`ti.name = re.sub("^/nix/store/[^/]*", "", ti.name)`
			`return ti`
Set mtime to get more deterministic builds 2020-06-11 02:44:04 +02:00			`return add_layer_dir(`
			`tar,`
			`[path],`
Set mtime in even more places 2020-06-11 02:51:47 +02:00			`mtime=mtime,`
Set mtime to get more deterministic builds 2020-06-11 02:44:04 +02:00			`add_nix=False,`
			`filter=filter`
			`)`
Implement dockerTools.streamLayeredImage 2020-06-08 11:47:46 +02:00

			`# Adds a file to the tarball with given path and contents.`
Set mtime in even more places 2020-06-11 02:51:47 +02:00			`def add_bytes(tar, path, content, mtime):`
Implement dockerTools.streamLayeredImage 2020-06-08 11:47:46 +02:00			`assert type(content) is bytes`

			`ti = tarfile.TarInfo(path)`
			`ti.size = len(content)`
Set mtime in even more places 2020-06-11 02:51:47 +02:00			`ti.mtime = mtime`
Implement dockerTools.streamLayeredImage 2020-06-08 11:47:46 +02:00			`tar.addfile(ti, io.BytesIO(content))`


			`# Main`

			`with open(sys.argv[1], "r") as f:`
			`conf = json.load(f)`

Set mtime to get more deterministic builds 2020-06-11 02:44:04 +02:00			`created = (`
			`datetime.now(tz=datetime.timezone.utc)`
			`if conf["created"] == "now"`
			`else datetime.fromisoformat(conf["created"])`
			`)`
Set mtime in even more places 2020-06-11 02:51:47 +02:00			`mtime = int(created.timestamp())`
Set mtime to get more deterministic builds 2020-06-11 02:44:04 +02:00
Implement dockerTools.streamLayeredImage 2020-06-08 11:47:46 +02:00			`with tarfile.open(mode="w\|", fileobj=sys.stdout.buffer) as tar:`
			`layers = []`
			`for num, store_layer in enumerate(conf["store_layers"]):`
			`print(`
			`"Creating layer", num,`
			`"from paths:", store_layer,`
			`file=sys.stderr)`
Set mtime in even more places 2020-06-11 02:51:47 +02:00			`info = add_layer_dir(tar, store_layer, mtime=mtime)`
Implement dockerTools.streamLayeredImage 2020-06-08 11:47:46 +02:00			`layers.append(info)`

			`print("Creating the customisation layer...", file=sys.stderr)`
Set mtime to get more deterministic builds 2020-06-11 02:44:04 +02:00			`layers.append(`
			`add_customisation_layer(`
			`tar,`
			`conf["customisation_layer"],`
Set mtime in even more places 2020-06-11 02:51:47 +02:00			`mtime=mtime`
Set mtime to get more deterministic builds 2020-06-11 02:44:04 +02:00			`)`
			`)`
Implement dockerTools.streamLayeredImage 2020-06-08 11:47:46 +02:00
			`print("Adding manifests...", file=sys.stderr)`
Set mtime to get more deterministic builds 2020-06-11 02:44:04 +02:00
Implement dockerTools.streamLayeredImage 2020-06-08 11:47:46 +02:00			`image_json = {`
Set mtime to get more deterministic builds 2020-06-11 02:44:04 +02:00			`"created": datetime.isoformat(created),`
Implement dockerTools.streamLayeredImage 2020-06-08 11:47:46 +02:00			`"architecture": conf["architecture"],`
			`"os": "linux",`
			`"config": conf["config"],`
			`"rootfs": {`
			`"diff_ids": [f"sha256:{layer.checksum}" for layer in layers],`
			`"type": "layers",`
			`},`
			`"history": [`
			`{`
			`"created": conf["created"],`
			`"comment": f"store paths: {layer.paths}"`
			`}`
			`for layer in layers`
			`],`
			`}`

			`image_json = json.dumps(image_json, indent=4).encode("utf-8")`
			`image_json_checksum = hashlib.sha256(image_json).hexdigest()`
			`image_json_path = f"{image_json_checksum}.json"`
Set mtime in even more places 2020-06-11 02:51:47 +02:00			`add_bytes(tar, image_json_path, image_json, mtime=mtime)`
Implement dockerTools.streamLayeredImage 2020-06-08 11:47:46 +02:00
			`manifest_json = [`
			`{`
			`"Config": image_json_path,`
			`"RepoTags": [conf["repo_tag"]],`
			`"Layers": [layer.path for layer in layers],`
			`}`
			`]`
			`manifest_json = json.dumps(manifest_json, indent=4).encode("utf-8")`
Set mtime in even more places 2020-06-11 02:51:47 +02:00			`add_bytes(tar, "manifest.json", manifest_json, mtime=mtime)`
Implement dockerTools.streamLayeredImage 2020-06-08 11:47:46 +02:00
			`print("Done.", file=sys.stderr)`