oci: unpack: slurp up raw layer stream before Close()

[cyphar]

It's possible there's some trailing bytes after the gzip stream (which
truth be told, probably shouldn't be there), so in order to avoid
spurious errors on layer unpacking with slightly-broken images, just
slurp up that data.

But we should output logging information since this indicates that the
original image builder probably has a bug of some kind.

We also add code to slurp trailing bytes in VerifiedReadCloser.Close()
This is to ensure that we handle both good and bad cases sanely --
namely, that we always are digesting the full blob when Close() is
called. This avoids us producing intermittent errors if blobs have extra
trailing bytes (such as garbage at the end of a gzip stream), as well as
hardening us against incorrect digests (though it should be noted this
case cannot be triggered without disabling size verification -- the size
verficiation we have already blocks this issue).

Fixes #358
Signed-off-by: Aleksa Sarai [email protected]

[cyphar]

Hmmm, the failure is real but it comes from io.Copy returning io.EOF which should absolutely never happen. This only happens with the pgzip reader, so there's something really weird going on...

[cyphar]

We need klauspost/pgzip#40 before we can do this.

[tych0]

FWIW, this LGTM whenever all the stuff you need to land lands, feel free to merge.

[cyphar]

Thanks, I might just merge this as-is since the pgzip stuff isn't actually necessary now that I've implemented it by just copying from the actual file stream.

[tych0]

Sure, sounds good to me.

…

On Mon, Mar 29, 2021, at 6:58 AM, Aleksa Sarai wrote: Thanks, I might just merge this as-is since the pgzip stuff isn't actually necessary now that I've implemented it by just copying from the actual file stream. — You are receiving this because you commented. Reply to this email directly, view it on GitHub <#360 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAF7VV33FKDULFFLLI4SRU3TGB2QRANCNFSM4X2F34EQ>.

[cyphar]

LGTM.

[codecov-io]

Codecov Report

Merging #360 (6e0a77f) into master (3d09b87) will decrease coverage by 1.00%.
The diff coverage is 63.15%.

❗ Current head 6e0a77f differs from pull request most recent head 0976fbb. Consider uploading reports for the commit 0976fbb to get more accurate results

@@            Coverage Diff             @@
##           master     #360      +/-   ##
==========================================
- Coverage   74.27%   73.27%   -1.01%     
==========================================
  Files          59       59              
  Lines        3079     3098      +19     
==========================================
- Hits         2287     2270      -17     
- Misses        463      498      +35     
- Partials      329      330       +1     

Impacted Files	Coverage Δ
oci/layer/unpack.go	59.33% <16.66%> (-1.78%)	⬇️
pkg/hardening/verified_reader.go	84.12% <84.61%> (-3.88%)	⬇️
pkg/testutils/ftimes_unix.go	0.00% <0.00%> (-100.00%)	⬇️
pkg/testutils/mount_linux.go	0.00% <0.00%> (-33.34%)	⬇️
pkg/fseval/fseval_default.go	61.53% <0.00%> (-26.93%)	⬇️
oci/cas/dir/dir.go	57.62% <0.00%> (-3.39%)	⬇️
oci/casext/refname.go	61.29% <0.00%> (-3.23%)	⬇️
oci/layer/tar_extract.go	54.35% <0.00%> (-2.91%)	⬇️