3 unstable releases
0.2.1 | Mar 14, 2020 |
---|---|
0.2.0 | Feb 19, 2020 |
0.1.0 | Feb 17, 2020 |
#1085 in Filesystem
9KB
121 lines
Status
docker-extract
docker-extract
is a rust library that extracts the filesystem from a docker image.
Here is an example to extract alpine:latest
to directory ./docker-fs
:
use docker_extract;
use std::path::Path;
fn main() {
let image = "alpine";
let tag = "latest";
let to_dir = Path::new("./docker-fs");
docker_extract::extract_image(image, tag, &to_dir);
}
Security
This library relies on the tar crate, which is very conscious about security concerns.
To prevent directory traversal issues, it will not unpack anything outside the specified output directory, i.e., paths with ..
in their name will not be unpacked.
Further, docker-extract
does not extract symlinks to absolute paths, as they will point to wrong references anyways.
Detailed extraction procedure
The following procedure describes what docker-extract
does:
- Run
docker save {image}:{tag} -o {tmp_dir}/image.tar
- Extract all layers from
${tmp_dir}/image.tar
to wanted result dir - Delete
${tmp_dir}
It follows, that docker-extract
needs access to docker
and that {image}:{tag}
is already pulled.
crev
This crate has its author's crev review.
It is recommended to always use cargo-crev to verify the trustworthiness of each of your dependencies, including this one.
Dependencies
~4–13MB
~190K SLoC