Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support storing Ollama [non-]OCI image layers #2075

Draft
wants to merge 1 commit into
base: main
Choose a base branch
from
+58 −17
Draft

Support storing Ollama [non-]OCI image layers #2075

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions drivers/driver.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -72,6 +72,7 @@ type ApplyDiffOpts struct {
MountLabel string
IgnoreChownErrors bool
ForceMask *os.FileMode
LayerFilename *string
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What happens in all of the other storage drivers which weren’t modified?

}

// ApplyDiffWithDifferOpts contains optional arguments for ApplyDiffWithDiffer methods.
Expand Down
47 changes: 36 additions & 11 deletions drivers/overlay/overlay.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -790,6 +790,23 @@ func supportsOverlay(home string, homeMagic graphdriver.FsMagic, rootUID, rootGI
return supportsDType, fmt.Errorf("'overlay' not found as a supported filesystem on this host. Please ensure kernel is new enough and has overlay support loaded.: %w", graphdriver.ErrNotSupported)
}

func cp(r io.Reader, dest string, filename string) error {
if seeker, ok := r.(io.Seeker); ok {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this is something that should have generally been set up by the caller.

if _, err := seeker.Seek(0, io.SeekStart); err != nil {
return err
}
}

f, err := os.Create(filepath.Join(dest, filename))
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's use ioutils.NewAtomicFileWriter to ensure we have more transactional/idempotent semantics (see its various uses in this repo).

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Layer creation already has transaction semantics via incompleteFlag; doing that for individual files inside a layer is unnecessary.

if err != nil {
return err
}
defer f.Close()

_, err = io.Copy(f, r)
return err
}

func (d *Driver) useNaiveDiff() bool {
if d.usingComposefs {
return true
Expand Down Expand Up @@ -2329,17 +2346,25 @@ func (d *Driver) ApplyDiff(id, parent string, options graphdriver.ApplyDiffOpts)
return 0, err
}

logrus.Debugf("Applying tar in %s", applyDir)
// Overlay doesn't need the parent id to apply the diff
if err := untar(options.Diff, applyDir, &archive.TarOptions{
UIDMaps: idMappings.UIDs(),
GIDMaps: idMappings.GIDs(),
IgnoreChownErrors: d.options.ignoreChownErrors,
ForceMask: d.options.forceMask,
WhiteoutFormat: d.getWhiteoutFormat(),
InUserNS: unshare.IsRootless(),
}); err != nil {
return 0, err
if options.LayerFilename != nil {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am not a real expert in c/storage but it is a fact that the codebase predates the creation/concept of artifacts, and is very much designed around storing layers.

I suspect that this options.LayerFilename conditional thing could use a bit more design bikeshedding. I haven't looked...but for example, I think it may make more sense to actually have a separate datastore path entirely for artifacts that just happens to share code with c/storage, instead of trying to co-locate artifacts.

logrus.Debugf("Applying file in %s", applyDir)
err := cp(options.Diff, applyDir, *options.LayerFilename)
Copy link
Collaborator

@mtrmac mtrmac Aug 26, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

☠️

This is an unrestricted path traversal vulnerability, run as root.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

options.Diff is an uncompressed stream (that the caller is interpreting as a tar). This just doesn’t work for arbitrary blobs.

if err != nil {
return 0, err
}
} else {
logrus.Debugf("Applying tar in %s", applyDir)
// Overlay doesn't need the parent id to apply the diff
if err := untar(options.Diff, applyDir, &archive.TarOptions{
UIDMaps: idMappings.UIDs(),
GIDMaps: idMappings.GIDs(),
IgnoreChownErrors: d.options.ignoreChownErrors,
ForceMask: d.options.forceMask,
WhiteoutFormat: d.getWhiteoutFormat(),
InUserNS: unshare.IsRootless(),
}); err != nil {
return 0, err
}
}

return directory.Size(applyDir)
Expand Down
25 changes: 19 additions & 6 deletions layers.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2422,14 +2422,21 @@ func (r *layerStore) applyDiffWithOptions(to string, layerOptions *LayerOptions,
if uncompressedDigester != nil {
uncompressedWriter = io.MultiWriter(uncompressedWriter, uncompressedDigester.Hash())
}
payload, err := asm.NewInputTarStream(io.TeeReader(uncompressed, uncompressedWriter), metadata, storage.NewDiscardFilePutter())
if err != nil {
return -1, err

var payload io.Reader
if layerOptions != nil && layerOptions.LayerFilename != nil {
payload = diff
} else {
payload, err = asm.NewInputTarStream(io.TeeReader(uncompressed, uncompressedWriter), metadata, storage.NewDiscardFilePutter())
if err != nil {
return -1, err
}
}
options := drivers.ApplyDiffOpts{
Diff: payload,
Mappings: r.layerMappings(layer),
MountLabel: layer.MountLabel,
Diff: payload,
Mappings: r.layerMappings(layer),
MountLabel: layer.MountLabel,
LayerFilename: layerOptions.LayerFilename,
}
size, err := r.driver.ApplyDiff(layer.ID, layer.Parent, options)
if err != nil {
Expand Down Expand Up @@ -2468,6 +2475,12 @@ func (r *layerStore) applyDiffWithOptions(to string, layerOptions *LayerOptions,
layer.UncompressedDigest = uncompressedDigest
layer.UncompressedSize = uncompressedCounter.Count
layer.CompressionType = compression

if layerOptions != nil && layerOptions.LayerFilename != nil {
layer.CompressedSize = size
layer.UncompressedSize = size
Comment on lines +2480 to +2481
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

All of this just doesn’t work; the data was already interpreted as a tar file, and uncompressed. This is at best pretending that didn’t happen.

}

layer.UIDs = make([]uint32, 0, len(uidLog))
for uid := range uidLog {
layer.UIDs = append(layer.UIDs, uid)
Expand Down
2 changes: 2 additions & 0 deletions store.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -641,6 +641,8 @@ type LayerOptions struct {
// Currently these can only be set when the layer record is created, but that
// could change in the future.
Flags map[string]interface{}
// LayerFilename is the target filename of the layer blob.
LayerFilename *string
}

type LayerBigDataOption struct {
Expand Down