zlayer-storage 0.10.76

S3-backed container layer persistence with crash-tolerant uploads
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284

//! Layer snapshot creation and extraction
//!
//! Handles tarball creation from `OverlayFS` upper layers with compression.

use crate::error::{LayerStorageError, Result};
use crate::types::LayerSnapshot;
use sha2::{Digest, Sha256};
use std::fs::File;
use std::io::{BufReader, BufWriter, Read, Write};
use std::path::Path;
use tar::Builder;
use tracing::{debug, info, instrument};

/// Create a compressed tarball snapshot from a directory
///
/// Returns the snapshot metadata and path to the compressed tarball.
///
/// # Errors
///
/// Returns an error if the source directory cannot be read, the tarball cannot
/// be created, or compression fails.
#[instrument(skip(source_dir, output_path), fields(source = %source_dir.as_ref().display()))]
pub fn create_snapshot(
    source_dir: impl AsRef<Path>,
    output_path: impl AsRef<Path>,
    compression_level: i32,
) -> Result<LayerSnapshot> {
    let source_dir = source_dir.as_ref();
    let output_path = output_path.as_ref();

    info!("Creating layer snapshot from {}", source_dir.display());

    // Create temporary uncompressed tarball first to calculate digest
    let tar_temp_path = output_path.with_extension("tar.tmp");

    // Build the tar archive
    let tar_file = File::create(&tar_temp_path)?;
    let mut tar_builder = Builder::new(BufWriter::new(tar_file));

    let mut file_count = 0u64;
    tar_builder.append_dir_all(".", source_dir)?;

    // Finish writing the tar
    tar_builder.into_inner()?.flush()?;

    // Calculate SHA256 of uncompressed tar and count files
    let mut hasher = Sha256::new();
    let tar_file = File::open(&tar_temp_path)?;
    let uncompressed_size = tar_file.metadata()?.len();
    let mut reader = BufReader::new(tar_file);

    // Count files while hashing
    let mut buffer = [0u8; 8192];
    loop {
        let bytes_read = reader.read(&mut buffer)?;
        if bytes_read == 0 {
            break;
        }
        hasher.update(&buffer[..bytes_read]);
    }

    // Count entries in tar
    let tar_file = File::open(&tar_temp_path)?;
    let mut archive = tar::Archive::new(tar_file);
    for entry in archive.entries()? {
        let _ = entry?;
        file_count += 1;
    }

    let digest = hex::encode(hasher.finalize());
    debug!("Layer digest: {}", digest);

    // Compress with zstd
    let tar_file = File::open(&tar_temp_path)?;
    let compressed_file = File::create(output_path)?;
    let mut encoder =
        zstd::stream::Encoder::new(BufWriter::new(compressed_file), compression_level)?;

    let mut reader = BufReader::new(tar_file);
    std::io::copy(&mut reader, &mut encoder)?;
    encoder.finish()?.flush()?;

    // Get compressed size
    let compressed_size = std::fs::metadata(output_path)?.len();

    // Clean up temp file
    std::fs::remove_file(&tar_temp_path)?;

    let snapshot = LayerSnapshot {
        digest,
        size_bytes: uncompressed_size,
        compressed_size_bytes: compressed_size,
        created_at: chrono::Utc::now(),
        file_count,
    };

    #[allow(clippy::cast_precision_loss)]
    let compression_pct = (1.0 - (compressed_size as f64 / uncompressed_size as f64)) * 100.0;
    info!(
        "Created snapshot: {} bytes -> {} bytes ({:.1}% compression), {} files",
        uncompressed_size, compressed_size, compression_pct, file_count
    );

    Ok(snapshot)
}

/// Extract a compressed tarball snapshot to a directory
///
/// # Errors
///
/// Returns an error if decompression fails, the digest does not match, or
/// extraction to the target directory fails.
#[instrument(skip(tarball_path, target_dir), fields(tarball = %tarball_path.as_ref().display()))]
pub fn extract_snapshot(
    tarball_path: impl AsRef<Path>,
    target_dir: impl AsRef<Path>,
    expected_digest: Option<&str>,
) -> Result<()> {
    let tarball_path = tarball_path.as_ref();
    let target_dir = target_dir.as_ref();

    info!("Extracting layer snapshot to {}", target_dir.display());

    // Decompress
    let compressed_file = File::open(tarball_path)?;
    let decoder = zstd::stream::Decoder::new(BufReader::new(compressed_file))?;

    // If we need to verify digest, decompress to temp file first
    if let Some(expected) = expected_digest {
        let temp_tar = tarball_path.with_extension("tar.verify");
        {
            let mut temp_file = BufWriter::new(File::create(&temp_tar)?);
            let mut decoder =
                zstd::stream::Decoder::new(BufReader::new(File::open(tarball_path)?))?;
            std::io::copy(&mut decoder, &mut temp_file)?;
            temp_file.flush()?;
        }

        // Calculate digest
        let mut hasher = Sha256::new();
        let mut file = BufReader::new(File::open(&temp_tar)?);
        let mut buffer = [0u8; 8192];
        loop {
            let bytes_read = file.read(&mut buffer)?;
            if bytes_read == 0 {
                break;
            }
            hasher.update(&buffer[..bytes_read]);
        }

        let actual_digest = hex::encode(hasher.finalize());
        if actual_digest != expected {
            std::fs::remove_file(&temp_tar)?;
            return Err(LayerStorageError::ChecksumMismatch {
                expected: expected.to_string(),
                actual: actual_digest,
            });
        }

        // Extract from verified temp file
        let file = File::open(&temp_tar)?;
        let mut archive = tar::Archive::new(file);
        archive.unpack(target_dir)?;

        std::fs::remove_file(&temp_tar)?;
    } else {
        // Extract directly without verification
        let mut archive = tar::Archive::new(decoder);
        archive.unpack(target_dir)?;
    }

    info!("Extraction complete");
    Ok(())
}

/// Calculate the SHA256 digest of a directory's contents (for change detection)
///
/// # Errors
///
/// Returns an error if any file in the directory cannot be read.
#[instrument(skip(dir), fields(dir = %dir.as_ref().display()))]
pub fn calculate_directory_digest(dir: impl AsRef<Path>) -> Result<String> {
    let dir = dir.as_ref();
    let mut hasher = Sha256::new();

    // Walk directory and hash file contents and metadata
    fn hash_dir(hasher: &mut Sha256, dir: &Path, prefix: &Path) -> Result<()> {
        let mut entries: Vec<_> = std::fs::read_dir(dir)?
            .filter_map(std::result::Result::ok)
            .collect();

        // Sort for deterministic ordering
        entries.sort_by_key(std::fs::DirEntry::file_name);

        for entry in entries {
            let path = entry.path();
            let relative = path.strip_prefix(prefix).unwrap_or(&path);

            // Hash the relative path
            hasher.update(relative.to_string_lossy().as_bytes());

            let metadata = entry.metadata()?;
            if metadata.is_file() {
                // Hash file size and contents
                hasher.update(metadata.len().to_le_bytes());

                let mut file = BufReader::new(File::open(&path)?);
                let mut buffer = [0u8; 8192];
                loop {
                    let bytes_read = file.read(&mut buffer)?;
                    if bytes_read == 0 {
                        break;
                    }
                    hasher.update(&buffer[..bytes_read]);
                }
            } else if metadata.is_dir() {
                hash_dir(hasher, &path, prefix)?;
            }
            // Skip symlinks and other special files for now
        }

        Ok(())
    }

    hash_dir(&mut hasher, dir, dir)?;
    Ok(hex::encode(hasher.finalize()))
}

#[cfg(test)]
mod tests {
    use super::*;
    use tempfile::TempDir;

    #[test]
    fn test_snapshot_roundtrip() {
        let source = TempDir::new().unwrap();
        let staging = TempDir::new().unwrap();
        let target = TempDir::new().unwrap();

        // Create some test files
        std::fs::write(source.path().join("test.txt"), "hello world").unwrap();
        std::fs::create_dir(source.path().join("subdir")).unwrap();
        std::fs::write(source.path().join("subdir/nested.txt"), "nested content").unwrap();

        // Create snapshot
        let tarball_path = staging.path().join("layer.tar.zst");
        let snapshot = create_snapshot(source.path(), &tarball_path, 3).unwrap();

        assert!(!snapshot.digest.is_empty());
        assert!(snapshot.size_bytes > 0);
        assert!(snapshot.compressed_size_bytes > 0);
        assert!(snapshot.file_count >= 2);

        // Extract and verify
        extract_snapshot(&tarball_path, target.path(), Some(&snapshot.digest)).unwrap();

        assert_eq!(
            std::fs::read_to_string(target.path().join("test.txt")).unwrap(),
            "hello world"
        );
        assert_eq!(
            std::fs::read_to_string(target.path().join("subdir/nested.txt")).unwrap(),
            "nested content"
        );
    }

    #[test]
    fn test_directory_digest() {
        let dir = TempDir::new().unwrap();

        std::fs::write(dir.path().join("file1.txt"), "content1").unwrap();
        std::fs::write(dir.path().join("file2.txt"), "content2").unwrap();

        let digest1 = calculate_directory_digest(dir.path()).unwrap();

        // Modify a file
        std::fs::write(dir.path().join("file1.txt"), "modified").unwrap();

        let digest2 = calculate_directory_digest(dir.path()).unwrap();

        // Digests should differ
        assert_ne!(digest1, digest2);
    }
}