docker_extract
| Crates.io | docker_extract |
| lib.rs | docker_extract |
| version | 0.2.1 |
| source | src |
| created_at | 2020-02-17 18:48:13.964023 |
| updated_at | 2020-03-14 09:13:48.201434 |
| description | A library to extract the filesystem from a docker image |
| homepage | |
| repository | https://github.com/fishi0x01/docker-extract |
| max_upload_size | |
| id | 210093 |
| size | 12,199 |
Karl Fischer (fishi0x01)
documentation
README
Status
docker-extract
docker-extract is a rust library that extracts the filesystem from a docker image.
Here is an example to extract alpine:latest to directory ./docker-fs:
use docker_extract;
use std::path::Path;
fn main() {
let image = "alpine";
let tag = "latest";
let to_dir = Path::new("./docker-fs");
docker_extract::extract_image(image, tag, &to_dir);
}
Security
This library relies on the tar crate, which is very conscious about security concerns.
To prevent directory traversal issues, it will not unpack anything outside the specified output directory, i.e., paths with .. in their name will not be unpacked.
Further, docker-extract does not extract symlinks to absolute paths, as they will point to wrong references anyways.
Detailed extraction procedure
The following procedure describes what docker-extract does:
- Run
docker save {image}:{tag} -o {tmp_dir}/image.tar - Extract all layers from
${tmp_dir}/image.tarto wanted result dir - Delete
${tmp_dir}
It follows, that docker-extract needs access to docker and that {image}:{tag} is already pulled.
crev
This crate has its author's crev review.
It is recommended to always use cargo-crev to verify the trustworthiness of each of your dependencies, including this one.