Consolidate filesystem ops into pkg

Signed-off-by: apostasie <spam_blackhole@farcloser.world>

Author: apostasie

cmd/nerdctl/main.go

@@ -248,12 +248,12 @@ Config file ($NERDCTL_TOML): %s
 		}
 
 		// Since we store containers' stateful information on the filesystem per namespace, we need namespaces to be
-		// valid, safe path segments. This is enforced by store.ValidatePathComponent.
+		// valid, safe path segments.
 		// Note that the container runtime will further enforce additional restrictions on namespace names
 		// (containerd treats namespaces as valid identifiers - eg: alphanumericals + dash, starting with a letter)
 		// See https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#path-segment-names for
 		// considerations about path segments identifiers.
-		if err = store.ValidatePathComponent(globalOptions.Namespace); err != nil {
+		if err = store.IsFilesystemSafe(globalOptions.Namespace); err != nil {
 			return err
 		}
 		if appNeedsRootlessParentMain(cmd, args) {

pkg/composer/lock.go

@@ -20,7 +20,7 @@ import (
 	"os"
 
 	"github.com/containerd/nerdctl/v2/pkg/clientutil"
-	"github.com/containerd/nerdctl/v2/pkg/lockutil"
+	"github.com/containerd/nerdctl/v2/pkg/internal/filesystem"
 )
 
 //nolint:unused
@@ -39,10 +39,10 @@ func Lock(dataRoot string, address string) error {
 	if err != nil {
 		return err
 	}
-	locked, err = lockutil.Lock(dataStore)
+	locked, err = filesystem.Lock(dataStore)
 	return err
 }
 
 func Unlock() error {
-	return lockutil.Unlock(locked)
+	return filesystem.Unlock(locked)
 }

pkg/internal/filesystem/atomic.go

@@ -0,0 +1,39 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package filesystem
+
+import (
+	"os"
+	"path/filepath"
+)
+
+func AtomicWrite(parent string, fileName string, perm os.FileMode, data []byte) error {
+	dest := filepath.Join(parent, fileName)
+	temp := filepath.Join(parent, ".temp."+fileName)
+
+	err := os.WriteFile(temp, data, perm)
+	if err != nil {
+		return err
+	}
+
+	err = os.Rename(temp, dest)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}

pkg/internal/filesystem/consts.go

@@ -0,0 +1,21 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package filesystem
+
+const (
+	pathComponentMaxLength = 255
+)

pkg/internal/filesystem/errors.go

@@ -0,0 +1,23 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package filesystem
+
+import "errors"
+
+var (
+	ErrInvalidPath = errors.New("invalid path")
+)

pkg/lockutil/lockutil_unix.go renamed to pkg/internal/filesystem/lockutil_unix.go

@@ -16,7 +16,7 @@
    limitations under the License.
 */
 
-package lockutil
+package filesystem
 
 import (
 	"fmt"

pkg/lockutil/lockutil_windows.go renamed to pkg/internal/filesystem/lockutil_windows.go

@@ -14,7 +14,7 @@
    limitations under the License.
 */
 
-package lockutil
+package filesystem
 
 import (
 	"fmt"

pkg/internal/filesystem/path.go

@@ -0,0 +1,47 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package filesystem
+
+import (
+	"errors"
+	"strings"
+)
+
+var (
+	errForbiddenChars     = errors.New("forbidden characters in path component")
+	errForbiddenKeywords  = errors.New("forbidden keywords in path component")
+	errInvalidPathTooLong = errors.New("path component must be shorter than 256 characters")
+	errInvalidPathEmpty   = errors.New("path component cannot be empty")
+)
+
+// ValidatePathComponent will enforce os specific filename restrictions on a single path component.
+func ValidatePathComponent(pathComponent string) error {
+	// https://en.wikipedia.org/wiki/Comparison_of_file_systems#Limits
+	if len(pathComponent) > pathComponentMaxLength {
+		return errors.Join(ErrInvalidPath, errInvalidPathTooLong)
+	}
+
+	if strings.TrimSpace(pathComponent) == "" {
+		return errors.Join(ErrInvalidPath, errInvalidPathEmpty)
+	}
+
+	if err := validatePlatformSpecific(pathComponent); err != nil {
+		return errors.Join(ErrInvalidPath, err)
+	}
+
+	return nil
+}

pkg/internal/filesystem/path_test.go

@@ -0,0 +1,85 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package filesystem_test
+
+import (
+	"fmt"
+	"runtime"
+	"testing"
+
+	"gotest.tools/v3/assert"
+
+	"github.com/containerd/nerdctl/v2/pkg/internal/filesystem"
+)
+
+func TestFilesystemRestrictions(t *testing.T) {
+	t.Parallel()
+
+	invalid := []string{
+		"/",
+		"/start",
+		"mid/dle",
+		"end/",
+		".",
+		"..",
+		"",
+		fmt.Sprintf("A%0255s", "A"),
+	}
+
+	valid := []string{
+		fmt.Sprintf("A%0254s", "A"),
+		"test",
+		"test-hyphen",
+		".start.dot",
+		"mid.dot",
+		"∞",
+	}
+
+	if runtime.GOOS == "windows" {
+		invalid = append(invalid, []string{
+			"\\start",
+			"mid\\dle",
+			"end\\",
+			"\\",
+			"\\.",
+			"com².whatever",
+			"lpT2",
+			"Prn.",
+			"nUl",
+			"AUX",
+			"A<A",
+			"A>A",
+			"A:A",
+			"A\"A",
+			"A|A",
+			"A?A",
+			"A*A",
+			"end.dot.",
+			"end.space ",
+		}...)
+	}
+
+	for _, v := range invalid {
+		err := filesystem.ValidatePathComponent(v)
+		assert.ErrorIs(t, err, filesystem.ErrInvalidPath, v)
+	}
+
+	for _, v := range valid {
+		err := filesystem.ValidatePathComponent(v)
+		assert.NilError(t, err, v)
+	}
+}

pkg/store/filestore_unix.go renamed to pkg/internal/filesystem/path_unix.go

@@ -16,14 +16,14 @@
    limitations under the License.
 */
 
-package store
+package filesystem
 
 import (
 	"fmt"
 	"regexp"
 )
 
-// Note that Darwin has different restrictions - though, we do not support Darwin at this point...
+// Note that Darwin has different restrictions on colons.
 // https://stackoverflow.com/questions/1976007/what-characters-are-forbidden-in-windows-and-linux-directory-names
 var (
 	disallowedKeywords = regexp.MustCompile(`^([.]|[.][.])$`)
@@ -32,11 +32,11 @@ var (
 
 func validatePlatformSpecific(pathComponent string) error {
 	if reservedCharacters.MatchString(pathComponent) {
-		return fmt.Errorf("identifier %q cannot contain any of the following characters: %q", pathComponent, reservedCharacters)
+		return fmt.Errorf("%w: %q (%q)", errForbiddenChars, pathComponent, reservedCharacters)
 	}
 
 	if disallowedKeywords.MatchString(pathComponent) {
-		return fmt.Errorf("identifier %q cannot be any of the reserved keywords: %q", pathComponent, disallowedKeywords)
+		return fmt.Errorf("%w: %q (%q)", errForbiddenKeywords, pathComponent, disallowedKeywords)
 	}
 
 	return nil

pkg/store/filestore_windows.go renamed to pkg/internal/filesystem/path_windows.go

@@ -14,9 +14,10 @@
    limitations under the License.
 */
 
-package store
+package filesystem
 
 import (
+	"errors"
 	"fmt"
 	"regexp"
 )
@@ -26,19 +27,21 @@ import (
 var (
 	disallowedKeywords = regexp.MustCompile(`(?i)^(con|prn|nul|aux|com[1-9¹²³]|lpt[1-9¹²³])([.].*)?$`)
 	reservedCharacters = regexp.MustCompile(`[\x{0}-\x{1f}<>:"/\\|?*]`)
+
+	errNoEndingSpaceDot = errors.New("component cannot end with a space or dot")
 )
 
 func validatePlatformSpecific(pathComponent string) error {
 	if reservedCharacters.MatchString(pathComponent) {
-		return fmt.Errorf("identifier %q cannot contain any of the following characters: %q", pathComponent, reservedCharacters)
+		return fmt.Errorf("%w: %q (%q)", errForbiddenChars, pathComponent, reservedCharacters)
 	}
 
 	if disallowedKeywords.MatchString(pathComponent) {
-		return fmt.Errorf("identifier %q cannot be any of the reserved keywords: %q", pathComponent, disallowedKeywords)
+		return fmt.Errorf("%w: %q (%q)", errForbiddenKeywords, pathComponent, disallowedKeywords)
 	}
 
 	if pathComponent[len(pathComponent)-1:] == "." || pathComponent[len(pathComponent)-1:] == " " {
-		return fmt.Errorf("identifier %q cannot end with a space or dot", pathComponent)
+		return fmt.Errorf("%w: %q", errNoEndingSpaceDot, pathComponent)
 	}
 
 	return nil

pkg/logging/logging.go

@@ -38,7 +38,7 @@ import (
 	"github.com/containerd/errdefs"
 	"github.com/containerd/log"
 
-	"github.com/containerd/nerdctl/v2/pkg/lockutil"
+	"github.com/containerd/nerdctl/v2/pkg/internal/filesystem"
 )
 
 const (
@@ -160,7 +160,7 @@ func getLockPath(dataStore, ns, id string) string {
 
 // WaitForLogger waits until the logger has finished executing and processing container logs
 func WaitForLogger(dataStore, ns, id string) error {
-	return lockutil.WithDirLock(getLockPath(dataStore, ns, id), func() error {
+	return filesystem.WithDirLock(getLockPath(dataStore, ns, id), func() error {
 		return nil
 	})
 }
@@ -314,7 +314,7 @@ func loggerFunc(dataStore string) (logging.LoggerFunc, error) {
 			// the logger will obtain an exclusive lock on a file until the container is
 			// stopped and the driver has finished processing all output,
 			// so that waiting log viewers can be signalled when the process is complete.
-			return lockutil.WithDirLock(loggerLock, func() error {
+			return filesystem.WithDirLock(loggerLock, func() error {
 				if err := ready(); err != nil {
 					return err
 				}