archive - add reproducible_tar option #8691
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,2 @@ | ||
| minor_changes: | ||
| - archive - add ``reproducible_tar`` option to make tar archives vary less given the same input file content (https://github.com/ansible-collections/community.general/pull/8691). |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -71,6 +71,13 @@ | |
| - Remove any added source files and trees after adding to archive. | ||
| type: bool | ||
| default: false | ||
| reproducible_tar: | ||
| description: | ||
| - Set tar metadata and gzip headers to vary less given the same input file content. | ||
| - Useful for minimizing unneeded archive changes and avoiding handlers that may trigger on such changes. | ||
| type: bool | ||
| default: false | ||
| version_added: 9.3.0 | ||
| notes: | ||
| - Can produce C(gzip), C(bzip2), C(lzma), and C(zip) compressed files or archives. | ||
| - This module uses C(tarfile), C(zipfile), C(gzip), and C(bz2) packages on the target host to create archives. | ||
|
|
@@ -189,7 +196,6 @@ | |
| import tarfile | ||
| import zipfile | ||
| from fnmatch import fnmatch | ||
| from traceback import format_exc | ||
| from zlib import crc32 | ||
|
|
||
|
|
@@ -218,8 +224,6 @@ | |
| LZMA_IMP_ERR = format_exc() | ||
| HAS_LZMA = False | ||
|
|
||
| STATE_ABSENT = 'absent' | ||
| STATE_ARCHIVED = 'archive' | ||
| STATE_COMPRESSED = 'compress' | ||
|
|
@@ -282,6 +286,7 @@ def __init__(self, module): | |
| self.format = module.params['format'] | ||
| self.must_archive = module.params['force_archive'] | ||
| self.remove = module.params['remove'] | ||
| self.reproducible_tar = module.params["reproducible_tar"] or False | ||
glennpratt marked this conversation as resolved.
Show resolved
Hide resolved
|
||
|
|
||
| self.changed = False | ||
| self.destination_state = STATE_ABSENT | ||
|
|
@@ -490,6 +495,9 @@ def _open_compressed_file(self, path, mode): | |
|
|
||
| return f | ||
|
|
||
| def _reproducible_mtime(self): | ||
| return 0 | ||
|
|
||
| @abc.abstractmethod | ||
| def close(self): | ||
| pass | ||
|
|
@@ -542,6 +550,33 @@ def _get_checksums(self, path): | |
| return checksums | ||
|
|
||
|
|
||
| class ReproducibleTGZFile(tarfile.TarFile): | ||
| def __init__( | ||
| self, name=None, mode=None, compresslevel=-1, fileobj=None, mtime=None, **kwargs | ||
| ): | ||
| if fileobj is None: | ||
| fileobj = open(name, mode + "b") | ||
|
|
||
| try: | ||
| # output filename intentionally empty exclude it from gzip header | ||
| gzipfileobj = gzip.GzipFile("", mode, compresslevel, fileobj, mtime) | ||
| except Exception: | ||
| fileobj.close() | ||
| raise | ||
|
|
||
| # Allow GzipFile to close fileobj as needed | ||
| gzipfileobj.myfileobj = fileobj | ||
glennpratt marked this conversation as resolved.
Show resolved
Hide resolved
|
||
|
|
||
| try: | ||
| super(ReproducibleTGZFile, self).__init__(mode=mode, fileobj=gzipfileobj, **kwargs) | ||
| except Exception: | ||
| gzipfileobj.close() | ||
| raise | ||
|
|
||
| # Allow TarFile to close GzipFile as needed | ||
| self._extfileobj = False | ||
glennpratt marked this conversation as resolved.
Show resolved
Hide resolved
|
||
|
|
||
|
|
||
| class TarArchive(Archive): | ||
| def __init__(self, module): | ||
| super(TarArchive, self).__init__(module) | ||
|
|
@@ -562,7 +597,11 @@ def contains(self, name): | |
| return True | ||
|
|
||
| def open(self): | ||
| if self.reproducible_tar and self.format == "gz": | ||
| self.file = ReproducibleTGZFile( | ||
| _to_native_ascii(self.destination), "w", mtime=self._reproducible_mtime() | ||
| ) | ||
| elif self.format in ('gz', 'bz2'): | ||
| self.file = tarfile.open(_to_native_ascii(self.destination), 'w|' + self.format) | ||
| # python3 tarfile module allows xz format but for python2 we have to create the tarfile | ||
| # in memory and then compress it with lzma. | ||
|
|
@@ -575,16 +614,34 @@ def open(self): | |
| self.module.fail_json(msg="%s is not a valid archive format" % self.format) | ||
|
|
||
| def _add(self, path, archive_name): | ||
| def filter(tarinfo): | ||
| # type: (tarfile.TarInfo) -> tarfile.TarInfo | None | ||
| if matches_exclusion_patterns(tarinfo.name, self.exclusion_patterns): | ||
| return None | ||
|
|
||
| if self.reproducible_tar: | ||
| # Remove unused backref that prevents copy | ||
| if hasattr(tarinfo, "tarfile"): | ||
| delattr(tarinfo, "tarfile") | ||
|
|
||
| if tarinfo.isdir(): | ||
| mode = 0o40000 | 0o755 | ||
| else: | ||
| mode = 0o100000 | (0o755 if tarinfo.mode & 0o100 else 0o644) | ||
|
|
||
| # Copy tarfile while reducing metadata | ||
| return tarinfo.replace( | ||
| mtime=self._reproducible_mtime(), | ||
| mode=mode, | ||
| uid=0, | ||
| gid=0, | ||
| uname="", | ||
| gname="", | ||
| ) | ||
|
There was a problem hiding this comment. Hmm, this is a very special interpretation of 'reproducible tarfile' IMO. Also this is potentially dangerous since files that are protected (only readable by specific users/groups) before archiving are suddenly publicly readable after extraction. Maybe it would be better to make the level of reproducibility configurable? On the other hand, that would make the interface also pretty complicated. I guess this needs to be discussed first. Maybe create a thread in https://forum.ansible.com/c/project/collection-development/27 for that? There was a problem hiding this comment. It's not intended to be particularly special. I compare it to https://reproducible-builds.org/docs/archives/ There was a problem hiding this comment. I'll make a thread when I have more time, I'll just leave some initial notes here.
|
||
|
|
||
| return tarinfo | ||
|
|
||
| self.file.add(path, archive_name, recursive=False, filter=filter) | ||
|
|
||
| def _get_checksums(self, path): | ||
| if HAS_LZMA: | ||
|
|
@@ -637,6 +694,7 @@ def main(): | |
| exclusion_patterns=dict(type='list', elements='path'), | ||
| force_archive=dict(type='bool', default=False), | ||
| remove=dict(type='bool', default=False), | ||
| reproducible_tar=dict(type="bool", default=False), | ||
| ), | ||
| add_file_common_args=True, | ||
| supports_check_mode=True, | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think as the bare minimum this shouldn't be of type
bool, but of typestrwithchoices, so that it's possible to add other ways to make it reproducible later.