artifact

package
v0.0.26 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 23, 2026 License: Apache-2.0 Imports: 14 Imported by: 0

Documentation

Overview

Package artifact provides artifact-agnostic OCI primitives shared by the ToolHive ecosystem: reproducible tar archive creation and extraction, reproducible gzip compression, OCI platform helpers, and pull-hardening (size/count/digest validation) for registry operations.

These primitives are independent of any particular artifact type (skills, plugins, etc.). Artifact-specific media types, labels, and annotations live in the packages that define those artifacts (for example oci/skills).

Reproducible Archives

CreateTar and Compress produce byte-stable output for identical input, which is what makes artifact digests deterministic:

data, err := artifact.CompressTar(files, artifact.DefaultTarOptions(), artifact.DefaultGzipOptions())

Platform Helpers

PlatformString and ParsePlatform convert between OCI platform values and their "os/arch" or "os/arch/variant" string form.

Pull Hardening

ValidatingTarget wraps an oras.Target and enforces size and structure limits on pushed content, defending against OOM and resource exhaustion from malicious registries during pull operations.

Stability

This package is Alpha. Breaking changes are possible between minor versions.

Index

Constants

View Source
const (
	// OSLinux is the Linux OS identifier used in OCI platform specs.
	OSLinux = "linux"
	// ArchAMD64 is the x86-64 architecture identifier used in OCI platform specs.
	ArchAMD64 = "amd64"
	// ArchARM64 is the 64-bit ARM architecture identifier used in OCI platform specs.
	ArchARM64 = "arm64"
)

OS and architecture constants for OCI platform specifications.

View Source
const MaxBlobSize int64 = 100 * 1024 * 1024

MaxBlobSize is the maximum size of a blob (100MB).

View Source
const MaxDecompressedSize = 100 * 1024 * 1024

MaxDecompressedSize is the maximum size of decompressed data (100MB). This prevents decompression bombs.

View Source
const MaxManifestSize int64 = 1 * 1024 * 1024

MaxManifestSize is the maximum size of a manifest (1MB).

View Source
const MaxTarFileSize = 100 * 1024 * 1024

MaxTarFileSize is the maximum size of a single file in a tar archive (100MB). This prevents decompression bombs.

Variables

View Source
var DefaultPlatforms = []ocispec.Platform{
	{OS: OSLinux, Architecture: ArchAMD64},
	{OS: OSLinux, Architecture: ArchARM64},
}

DefaultPlatforms are the default platforms for artifacts. These cover most Kubernetes clusters.

Functions

func Compress

func Compress(data []byte, opts GzipOptions) ([]byte, error)

Compress creates a reproducible gzip compressed byte slice. Headers are explicitly controlled for reproducibility: - ModTime: uses opts.Epoch (defaults to Unix epoch) - Name: empty (no filename) - Comment: empty - OS: 255 (unknown) for cross-platform consistency

func CompressTar

func CompressTar(files []FileEntry, tarOpts TarOptions, gzipOpts GzipOptions) ([]byte, error)

CompressTar creates a reproducible .tar.gz from the given files.

func CreateTar

func CreateTar(files []FileEntry, opts TarOptions) ([]byte, error)

CreateTar creates a reproducible tar archive from the given files. Files are sorted alphabetically and normalized headers are used to ensure deterministic output.

func Decompress

func Decompress(data []byte) ([]byte, error)

Decompress decompresses gzip data.

func DecompressWithLimit

func DecompressWithLimit(data []byte, maxSize int64) ([]byte, error)

DecompressWithLimit decompresses gzip data with a size limit.

func ParsePlatform

func ParsePlatform(s string) (ocispec.Platform, error)

ParsePlatform parses a platform string in "os/arch" or "os/arch/variant" format.

func PlatformString

func PlatformString(p ocispec.Platform) string

PlatformString returns the platform in "os/arch" or "os/arch/variant" format.

Types

type FileEntry

type FileEntry struct {
	Path    string // Path within the archive
	Content []byte // File content
	Mode    int64  // File mode (defaults to 0644)
}

FileEntry represents a file to include in a tar archive.

func DecompressTar

func DecompressTar(data []byte) ([]FileEntry, error)

DecompressTar extracts files from a .tar.gz archive.

func ExtractTar

func ExtractTar(data []byte) ([]FileEntry, error)

ExtractTar extracts files from a tar archive.

func ExtractTarWithLimit

func ExtractTarWithLimit(data []byte, maxFileSize int64) ([]FileEntry, error)

ExtractTarWithLimit extracts files from a tar archive with a per-file size limit. It rejects symlinks, hardlinks, device entries, and paths containing traversal sequences.

type GzipOptions

type GzipOptions struct {
	// Level is the compression level (defaults to gzip.BestCompression).
	Level int

	// Epoch is the modification time to use in the gzip header.
	// If zero, uses Unix epoch (1970-01-01) for reproducibility.
	Epoch time.Time
}

GzipOptions configures reproducible gzip compression.

func DefaultGzipOptions

func DefaultGzipOptions() GzipOptions

DefaultGzipOptions returns default options for reproducible gzip compression.

type TarOptions

type TarOptions struct {
	// Epoch is the timestamp to use for all files (defaults to Unix epoch).
	Epoch time.Time
}

TarOptions configures reproducible tar archive creation.

func DefaultTarOptions

func DefaultTarOptions() TarOptions

DefaultTarOptions returns default options for reproducible tar archives.

type ValidatingTarget

type ValidatingTarget struct {
	// contains filtered or unexported fields
}

ValidatingTarget wraps an oras.Target to enforce size and count limits on pushed content. This prevents OOM and resource exhaustion from malicious registries during pull operations.

func NewValidatingTarget

func NewValidatingTarget(inner oras.Target) *ValidatingTarget

NewValidatingTarget wraps an oras.Target with size and structure validation applied on every Push.

func (*ValidatingTarget) Exists

func (v *ValidatingTarget) Exists(ctx context.Context, target ocispec.Descriptor) (bool, error)

Exists delegates to the inner target.

func (*ValidatingTarget) Fetch

Fetch delegates to the inner target.

func (*ValidatingTarget) Push

func (v *ValidatingTarget) Push(ctx context.Context, desc ocispec.Descriptor, content io.Reader) error

Push validates size and structure limits before delegating to the inner target.

func (*ValidatingTarget) Resolve

func (v *ValidatingTarget) Resolve(ctx context.Context, reference string) (ocispec.Descriptor, error)

Resolve delegates to the inner target.

func (*ValidatingTarget) Tag

func (v *ValidatingTarget) Tag(ctx context.Context, desc ocispec.Descriptor, reference string) error

Tag delegates to the inner target.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL