Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/fishi0x01/docker-extract

A rust library to extract the filesystem from a docker image
https://github.com/fishi0x01/docker-extract

docker-extract docker-image filesystem rust-library

Last synced: 27 days ago
JSON representation

A rust library to extract the filesystem from a docker image

Host: GitHub
URL: https://github.com/fishi0x01/docker-extract
Owner: fishi0x01
License: mit
Created: 2020-02-15T17:47:43.000Z (over 4 years ago)
Default Branch: master
Last Pushed: 2020-03-14T09:14:34.000Z (over 4 years ago)
Last Synced: 2024-09-28T16:02:30.281Z (about 1 month ago)
Topics: docker-extract, docker-image, filesystem, rust-library
Language: Rust
Homepage: https://crates.io/crates/docker_extract
Size: 12.7 KB
Stars: 4
Watchers: 3
Forks: 1
Open Issues: 2
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE

Awesome Lists containing this project

README

        **Status**

[![CircleCI](https://circleci.com/gh/fishi0x01/docker-extract.svg?style=svg)](https://circleci.com/gh/fishi0x01/docker-extract)

[![crates.io badge](https://img.shields.io/crates/v/docker_extract.svg)](https://crates.io/crates/docker_extract)

[![docs.rs badge](https://docs.rs/docker_extract/badge.svg)](https://docs.rs/docker_extract)

# docker-extract

`docker-extract` is a rust library that extracts the filesystem from a docker image. 

Here is an example to extract `alpine:latest` to directory `./docker-fs`:

```rust

use docker_extract;

use std::path::Path;

fn main() {

    let image = "alpine";

    let tag = "latest";

    let to_dir = Path::new("./docker-fs");

    docker_extract::extract_image(image, tag, &to_dir);

}

```

## Security

This library relies on the [tar crate](https://github.com/alexcrichton/tar-rs), which is very conscious about security concerns. 

To prevent directory traversal issues, it will not unpack anything outside the specified output directory, i.e., paths with `..` in their name will not be unpacked.

Further, `docker-extract` does not extract symlinks to absolute paths, as they will point to wrong references anyways.

## Detailed extraction procedure

The following procedure describes what `docker-extract` does:

1. Run `docker save {image}:{tag} -o {tmp_dir}/image.tar`

2. Extract all layers from `${tmp_dir}/image.tar` to wanted result dir

3. Delete `${tmp_dir}`

It follows, that `docker-extract` needs access to `docker` and that `{image}:{tag}` is already pulled.

## crev

This crate has its author's [crev review](https://github.com/fishi0x01/crev-proofs).

It is recommended to always use [cargo-crev](https://github.com/crev-dev/cargo-crev)

to verify the trustworthiness of each of your dependencies, including this one.