initial support for installing debian packages

.gitattributes

@@ -1,2 +1,3 @@
 *.tar filter=lfs diff=lfs merge=lfs -text
 *.apk filter=lfs diff=lfs merge=lfs -text
+*.ar filter=lfs diff=lfs merge=lfs -text

cmd/build.go

@@ -12,6 +12,7 @@ import (
 	"github.com/djcass44/all-your-base/pkg/lockfile"
 	"github.com/djcass44/all-your-base/pkg/packages"
 	"github.com/djcass44/all-your-base/pkg/packages/alpine"
+	"github.com/djcass44/all-your-base/pkg/packages/debian"
 	"github.com/go-logr/logr"
 	v1 "github.com/google/go-containerregistry/pkg/v1"
 	"github.com/hashicorp/go-getter"
@@ -114,6 +115,10 @@ func build(cmd *cobra.Command, _ []string) error {
 	if err != nil {
 		return err
 	}
+	debianKeeper, err := debian.NewPackageKeeper(cmd.Context(), repoURLs(cfg.Spec.Repositories[strings.ToLower(string(aybv1.PackageDebian))]))
+	if err != nil {
+		return err
+	}
 
 	// validate that the configuration file lines up
 	// with what we expect from the lockfile
@@ -130,6 +135,8 @@ func build(cmd *cobra.Command, _ []string) error {
 		switch p.Type {
 		case aybv1.PackageAlpine:
 			keeper = alpineKeeper
+		case aybv1.PackageDebian:
+			keeper = debianKeeper
 		case aybv1.PackageOCI:
 			fallthrough
 		case aybv1.PackageFile:

cmd/lock.go

@@ -9,6 +9,7 @@ import (
 	"github.com/djcass44/all-your-base/pkg/lockfile"
 	"github.com/djcass44/all-your-base/pkg/packages"
 	"github.com/djcass44/all-your-base/pkg/packages/alpine"
+	"github.com/djcass44/all-your-base/pkg/packages/debian"
 	"github.com/djcass44/ci-tools/pkg/ociutil"
 	"github.com/go-logr/logr"
 	"github.com/google/go-containerregistry/pkg/crane"
@@ -101,13 +102,19 @@ func lock(cmd *cobra.Command, _ []string) error {
 	if err != nil {
 		return err
 	}
+	debianKeeper, err := debian.NewPackageKeeper(cmd.Context(), repoURLs(cfg.Spec.Repositories[strings.ToLower(string(aybv1.PackageDebian))]))
+	if err != nil {
+		return err
+	}
 
 	// get package integrity
 	for _, pkg := range cfg.Spec.Packages {
 		var keeper packages.PackageManager
 		switch pkg.Type {
 		case aybv1.PackageAlpine:
 			keeper = alpineKeeper
+		case aybv1.PackageDebian:
+			keeper = debianKeeper
 		default:
 			return fmt.Errorf("unknown package type: %s", pkg.Type)
 		}

examples/debian.yaml

@@ -0,0 +1,17 @@
+## This file is a standard image that
+# installs a single Debian package.
+apiVersion: ayb.dcas.dev/v1
+kind: Build
+metadata:
+  name: my-base-image
+spec:
+  from: debian:bullseye
+  repositories:
+    debian:
+      - url: https://mirror.aarnet.edu.au/pub/debian bullseye main
+  packages:
+    - type: Debian
+      names:
+        - git
+  entrypoint:
+    - /bin/bash

go.mod

@@ -3,17 +3,21 @@ module github.com/djcass44/all-your-base
 go 1.21
 
 require (
+	github.com/blakesmith/ar v0.0.0-20190502131153-809d4375e1fb
 	github.com/chainguard-dev/go-apk v0.0.0-20230926193726-bc62936dddb4
 	github.com/djcass44/ci-tools v1.6.2
 	github.com/djcass44/go-utils/logging v0.2.3
 	github.com/drone/envsubst v1.0.3
 	github.com/go-logr/logr v1.2.4
 	github.com/google/go-containerregistry v0.16.1
 	github.com/hashicorp/go-getter v1.7.2
+	github.com/knqyf263/go-deb-version v0.0.0-20230223133812-3ed183d23422
 	github.com/spf13/cobra v1.7.0
 	github.com/stretchr/testify v1.8.4
+	github.com/ulikunitz/xz v0.5.11
 	go.uber.org/zap v1.26.0
 	k8s.io/apimachinery v0.28.2
+	pault.ag/go/debian v0.15.0
 )
 
 require (
@@ -94,7 +98,6 @@ require (
 	github.com/psanford/memfs v0.0.0-20230130182539-4dbf7e3e865e // indirect
 	github.com/sirupsen/logrus v1.9.3 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
-	github.com/ulikunitz/xz v0.5.11 // indirect
 	github.com/vbatts/tar-split v0.11.3 // indirect
 	gitlab.alpinelinux.org/alpine/go v0.8.0 // indirect
 	gitlab.com/av1o/cap10 v0.4.0 // indirect
@@ -123,6 +126,7 @@ require (
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 	k8s.io/klog/v2 v2.100.1 // indirect
 	k8s.io/utils v0.0.0-20230406110748-d93618cff8a2 // indirect
+	pault.ag/go/topsort v0.1.1 // indirect
 	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
 	sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect
 	sigs.k8s.io/yaml v1.3.0 // indirect

go.sum

@@ -268,6 +268,8 @@ github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20220517224237-
 github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA=
 github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d h1:xDfNPAt8lFiC1UJrqV3uuy861HCTo708pDMbjHHdCas=
 github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d/go.mod h1:6QX/PXZ00z/TKoufEY6K/a0k6AhaJrQKdFe6OfVXsa4=
+github.com/blakesmith/ar v0.0.0-20190502131153-809d4375e1fb h1:m935MPodAbYS46DG4pJSv7WO+VECIWUQ7OJYSoTrMh4=
+github.com/blakesmith/ar v0.0.0-20190502131153-809d4375e1fb/go.mod h1:PkYb9DJNAwrSvRx5DYA+gUcOIgTGVMNkfSCbZM8cWpI=
 github.com/cenkalti/backoff/v4 v4.1.0 h1:c8LkOFQTzuO0WBM/ae5HdGQuZPfPxp7lqBRwQRm4fSc=
 github.com/cenkalti/backoff/v4 v4.1.0/go.mod h1:scbssz8iZGpm3xbr14ovlUdkxfGXNInqkPWOWmG2CLw=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
@@ -486,6 +488,8 @@ github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+o
 github.com/klauspost/compress v1.15.11/go.mod h1:QPwzmACJjUTFsnSHH934V6woptycfrDDJnH7hvFVbGM=
 github.com/klauspost/compress v1.17.0 h1:Rnbp4K9EjcDuVuHtd0dgA4qNuv9yKDYKK1ulpJwgrqM=
 github.com/klauspost/compress v1.17.0/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE=
+github.com/knqyf263/go-deb-version v0.0.0-20230223133812-3ed183d23422 h1:PPPlUUqPP6fLudIK4n0l0VU4KT2cQGnheW9x8pNiCHI=
+github.com/knqyf263/go-deb-version v0.0.0-20230223133812-3ed183d23422/go.mod h1:ijAmSS4jErO6+KRzcK6ixsm3Vt96hMhJ+W+x+VmbrQA=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
@@ -1140,6 +1144,10 @@ k8s.io/klog/v2 v2.100.1 h1:7WCHKK6K8fNhTqfBhISHQ97KrnJNFZMcQvKp7gP/tmg=
 k8s.io/klog/v2 v2.100.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
 k8s.io/utils v0.0.0-20230406110748-d93618cff8a2 h1:qY1Ad8PODbnymg2pRbkyMT/ylpTrCM8P2RJ0yroCyIk=
 k8s.io/utils v0.0.0-20230406110748-d93618cff8a2/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
+pault.ag/go/debian v0.15.0 h1:x2VLkGx/nTvGdgW0+FzFSgQZKt7zo9zSVYkikRjNTns=
+pault.ag/go/debian v0.15.0/go.mod h1:JFl0XWRCv9hWBrB5MDDZjA5GSEs1X3zcFK/9kCNIUmE=
+pault.ag/go/topsort v0.1.1 h1:L0QnhUly6LmTv0e3DEzbN2q6/FGgAcQvaEw65S53Bg4=
+pault.ag/go/topsort v0.1.1/go.mod h1:r1kc/L0/FZ3HhjezBIPaNVhkqv8L0UJ9bxRuHRVZ0q4=
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
 rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
 rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=

pkg/archiveutil/ar.go

@@ -0,0 +1,46 @@
+package archiveutil
+
+import (
+	"context"
+	"github.com/blakesmith/ar"
+	"github.com/chainguard-dev/go-apk/pkg/fs"
+	"github.com/go-logr/logr"
+	"io"
+	"os"
+	"path/filepath"
+)
+
+// Unar expands an ar archive into the given path.
+func Unar(ctx context.Context, r io.Reader, rootfs fs.FullFS) error {
+	log := logr.FromContextOrDiscard(ctx)
+	tr := ar.NewReader(r)
+
+	for {
+		header, err := tr.Next()
+		switch {
+		case err == io.EOF:
+			return nil
+		case err != nil:
+			log.Error(err, "failed to read file from archive")
+			return err
+		case header == nil:
+			continue
+		}
+
+		target := filepath.Clean("/" + header.Name)
+
+		log.V(5).Info("creating file", "target", target, "mode", header.Mode)
+		f, err := rootfs.OpenFile(target, os.O_CREATE|os.O_RDWR, os.FileMode(header.Mode))
+		if err != nil {
+			log.Error(err, "failed to open file", "target", target)
+			return err
+		}
+
+		if _, err := io.Copy(f, tr); err != nil {
+			log.Error(err, "failed to extract file", "target", target)
+			_ = f.Close()
+			return err
+		}
+		_ = f.Close()
+	}
+}

pkg/archiveutil/ar_test.go

@@ -0,0 +1,28 @@
+package archiveutil
+
+import (
+	"context"
+	"github.com/chainguard-dev/go-apk/pkg/fs"
+	"github.com/go-logr/logr"
+	"github.com/go-logr/logr/testr"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+	"os"
+	"testing"
+)
+
+func TestUnar(t *testing.T) {
+	ctx := logr.NewContext(context.TODO(), testr.NewWithOptions(t, testr.Options{Verbosity: 10}))
+
+	rootfs := fs.NewMemFS()
+
+	f, err := os.Open("./testdata/test.ar")
+	require.NoError(t, err)
+	defer f.Close()
+
+	err = Unar(ctx, f, rootfs)
+	assert.NoError(t, err)
+
+	_, err = rootfs.Stat("test.txt")
+	assert.NotErrorIs(t, err, os.ErrNotExist)
+}

pkg/archiveutil/tar.go

@@ -7,9 +7,11 @@ import (
 	"errors"
 	"github.com/chainguard-dev/go-apk/pkg/fs"
 	"github.com/go-logr/logr"
+	"github.com/ulikunitz/xz"
 	"io"
 	"os"
 	"path/filepath"
+	"strings"
 )
 
 // Guntar is the same as Untar, but it first decodes the gzipped archive.
@@ -22,6 +24,14 @@ func Guntar(ctx context.Context, r io.Reader, rootfs fs.FullFS) error {
 	return Untar(ctx, gzp, rootfs)
 }
 
+func XZuntar(ctx context.Context, r io.Reader, rootfs fs.FullFS) error {
+	xzp, err := xz.NewReader(r)
+	if err != nil {
+		return err
+	}
+	return Untar(ctx, xzp, rootfs)
+}
+
 // Untar expands a tar archive into the given path.
 func Untar(ctx context.Context, r io.Reader, rootfs fs.FullFS) error {
 	log := logr.FromContextOrDiscard(ctx)
@@ -53,8 +63,9 @@ func Untar(ctx context.Context, r io.Reader, rootfs fs.FullFS) error {
 				}
 			}
 		case tar.TypeLink:
-			log.V(5).Info("creating hard link", "target", target, "source", header.Linkname)
-			if err := rootfs.Link(header.Linkname, target); err != nil {
+			safeSrc := strings.TrimPrefix(header.Linkname, ".")
+			log.V(5).Info("creating hard link", "target", target, "source", safeSrc)
+			if err := rootfs.Link(safeSrc, target); err != nil {
 				if errors.Is(err, os.ErrExist) {
 					log.V(5).Info("skipping hard link as target file already exists")
 					continue

pkg/archiveutil/testdata/.gitattributes

@@ -0,0 +1 @@
+*.deb filter=lfs diff=lfs merge=lfs -text

pkg/archiveutil/testdata/Makefile

@@ -1,2 +1,5 @@
 test.tar:
 	tar -cf test.tar test.txt test-symbolic.txt
+
+test.ar:
+	ar rsv test.ar test.txt