embed.go 5.2 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188
  1. package frankenphp
  2. import (
  3. "archive/tar"
  4. "bytes"
  5. _ "embed"
  6. "errors"
  7. "fmt"
  8. "io"
  9. "io/fs"
  10. "log"
  11. "os"
  12. "path"
  13. "path/filepath"
  14. "runtime"
  15. "strings"
  16. "time"
  17. )
  18. // The path of the embedded PHP application (empty if none)
  19. var EmbeddedAppPath string
  20. //go:embed app.tar
  21. var embeddedApp []byte
  22. //go:embed app_checksum.txt
  23. var embeddedAppChecksum []byte
  24. func init() {
  25. if len(embeddedApp) == 0 {
  26. // No embedded app
  27. return
  28. }
  29. appPath := filepath.Join(os.TempDir(), "frankenphp_"+string(embeddedAppChecksum))
  30. if _, err := os.Stat(appPath); os.IsNotExist(err) {
  31. if err := untar(appPath); err != nil {
  32. os.RemoveAll(appPath)
  33. panic(err)
  34. }
  35. }
  36. EmbeddedAppPath = appPath
  37. }
  38. // untar reads the tar file from r and writes it into dir.
  39. //
  40. // Adapted from https://github.com/golang/build/blob/master/cmd/buildlet/buildlet.go
  41. func untar(dir string) (err error) {
  42. t0 := time.Now()
  43. nFiles := 0
  44. madeDir := map[string]bool{}
  45. tr := tar.NewReader(bytes.NewReader(embeddedApp))
  46. loggedChtimesError := false
  47. for {
  48. f, err := tr.Next()
  49. if err == io.EOF {
  50. break
  51. }
  52. if err != nil {
  53. return fmt.Errorf("tar error: %w", err)
  54. }
  55. if f.Typeflag == tar.TypeXGlobalHeader {
  56. // golang.org/issue/22748: git archive exports
  57. // a global header ('g') which after Go 1.9
  58. // (for a bit?) contained an empty filename.
  59. // Ignore it.
  60. continue
  61. }
  62. rel, err := nativeRelPath(f.Name)
  63. if err != nil {
  64. return fmt.Errorf("tar file contained invalid name %q: %v", f.Name, err)
  65. }
  66. abs := filepath.Join(dir, rel)
  67. fi := f.FileInfo()
  68. mode := fi.Mode()
  69. switch {
  70. case mode.IsRegular():
  71. // Make the directory. This is redundant because it should
  72. // already be made by a directory entry in the tar
  73. // beforehand. Thus, don't check for errors; the next
  74. // write will fail with the same error.
  75. dir := filepath.Dir(abs)
  76. if !madeDir[dir] {
  77. if err := os.MkdirAll(filepath.Dir(abs), mode.Perm()); err != nil {
  78. return err
  79. }
  80. madeDir[dir] = true
  81. }
  82. if runtime.GOOS == "darwin" && mode&0111 != 0 {
  83. // See comment in writeFile.
  84. err := os.Remove(abs)
  85. if err != nil && !errors.Is(err, fs.ErrNotExist) {
  86. return err
  87. }
  88. }
  89. wf, err := os.OpenFile(abs, os.O_RDWR|os.O_CREATE|os.O_TRUNC, mode.Perm())
  90. if err != nil {
  91. return err
  92. }
  93. n, err := io.Copy(wf, tr)
  94. if closeErr := wf.Close(); closeErr != nil && err == nil {
  95. err = closeErr
  96. }
  97. if err != nil {
  98. return fmt.Errorf("error writing to %s: %v", abs, err)
  99. }
  100. if n != f.Size {
  101. return fmt.Errorf("only wrote %d bytes to %s; expected %d", n, abs, f.Size)
  102. }
  103. modTime := f.ModTime
  104. if modTime.After(t0) {
  105. // Clamp modtimes at system time. See
  106. // golang.org/issue/19062 when clock on
  107. // buildlet was behind the gitmirror server
  108. // doing the git-archive.
  109. modTime = t0
  110. }
  111. if !modTime.IsZero() {
  112. if err := os.Chtimes(abs, modTime, modTime); err != nil && !loggedChtimesError {
  113. // benign error. Gerrit doesn't even set the
  114. // modtime in these, and we don't end up relying
  115. // on it anywhere (the gomote push command relies
  116. // on digests only), so this is a little pointless
  117. // for now.
  118. log.Printf("error changing modtime: %v (further Chtimes errors suppressed)", err)
  119. loggedChtimesError = true // once is enough
  120. }
  121. }
  122. nFiles++
  123. case mode.IsDir():
  124. if err := os.MkdirAll(abs, mode.Perm()); err != nil {
  125. return err
  126. }
  127. madeDir[abs] = true
  128. case mode&os.ModeSymlink != 0:
  129. // TODO: ignore these for now. They were breaking x/build tests.
  130. // Implement these if/when we ever have a test that needs them.
  131. // But maybe we'd have to skip creating them on Windows for some builders
  132. // without permissions.
  133. default:
  134. return fmt.Errorf("tar file entry %s contained unsupported file type %v", f.Name, mode)
  135. }
  136. }
  137. return nil
  138. }
  139. // nativeRelPath verifies that p is a non-empty relative path
  140. // using either slashes or the buildlet's native path separator,
  141. // and returns it canonicalized to the native path separator.
  142. func nativeRelPath(p string) (string, error) {
  143. if p == "" {
  144. return "", errors.New("path not provided")
  145. }
  146. if filepath.Separator != '/' && strings.Contains(p, string(filepath.Separator)) {
  147. clean := filepath.Clean(p)
  148. if filepath.IsAbs(clean) {
  149. return "", fmt.Errorf("path %q is not relative", p)
  150. }
  151. if clean == ".." || strings.HasPrefix(clean, ".."+string(filepath.Separator)) {
  152. return "", fmt.Errorf("path %q refers to a parent directory", p)
  153. }
  154. if strings.HasPrefix(p, string(filepath.Separator)) || filepath.VolumeName(clean) != "" {
  155. // On Windows, this catches semi-relative paths like "C:" (meaning “the
  156. // current working directory on volume C:”) and "\windows" (meaning “the
  157. // windows subdirectory of the current drive letter”).
  158. return "", fmt.Errorf("path %q is relative to volume", p)
  159. }
  160. return p, nil
  161. }
  162. clean := path.Clean(p)
  163. if path.IsAbs(clean) {
  164. return "", fmt.Errorf("path %q is not relative", p)
  165. }
  166. if clean == ".." || strings.HasPrefix(clean, "../") {
  167. return "", fmt.Errorf("path %q refers to a parent directory", p)
  168. }
  169. canon := filepath.FromSlash(p)
  170. if filepath.VolumeName(canon) != "" {
  171. return "", fmt.Errorf("path %q begins with a native volume name", p)
  172. }
  173. return canon, nil
  174. }