GoogleContainerTools · priyawadhwa · Aug 10, 2018 · Aug 10, 2018 · Aug 11, 2018 · Aug 13, 2018
diff --git a/integration/dockerfiles/Dockerfile_hardlink_base b/integration/dockerfiles/Dockerfile_hardlink_base
@@ -0,0 +1,8 @@
+FROM alpine@sha256:5ce5f501c457015c4b91f91a15ac69157d9b06f1a75cf9107bf2b62e0843983a AS stage1
+RUN apk --no-cache add git
+# Test removing a file and symlinking it
+RUN rm /usr/bin/git && ln -s /usr/libexec/git-core/git /usr/bin/git
+# Test removing a file which will be symlinked
+RUN rm /usr/libexec/git-core/git-clone
+# Test changing a file 
+RUN rm /usr/libexec/git-core/git-diff && echo "something" > /usr/libexec/git-core/git-diff
diff --git a/integration/dockerfiles/Dockerfile_test_hardlink b/integration/dockerfiles/Dockerfile_test_hardlink
@@ -0,0 +1,4 @@
+FROM gcr.io/kaniko-test/hardlink-base:latest
+RUN ln -s /usr/libexec/git-core/git /usr/bin/git-clone
+RUN ls -al /usr/libexec/git-core/git /usr/bin/git /usr/bin/git-clone /usr/libexec/git-core/git-diff
+RUN git --version
diff --git a/integration/integration_test.go b/integration/integration_test.go
@@ -37,9 +37,10 @@ var config = initGCPConfig()
 var imageBuilder *DockerFileBuilder
 
 type gcpConfig struct {
-	gcsBucket        string
-	imageRepo        string
-	onbuildBaseImage string
+	gcsBucket         string
+	imageRepo         string
+	onbuildBaseImage  string
+	hardlinkBaseImage string
 }
 
 type imageDetails struct {
@@ -65,6 +66,7 @@ func initGCPConfig() *gcpConfig {
 		c.imageRepo = c.imageRepo + "/"
 	}
 	c.onbuildBaseImage = c.imageRepo + "onbuild-base:latest"
+	c.hardlinkBaseImage = c.imageRepo + "hardlink-base:latest"
 	return &c
 }
 
@@ -143,6 +145,30 @@ func TestMain(m *testing.M) {
 		os.Exit(1)
 	}
 
+	fmt.Println("Building onbuild base image")
+	buildOnbuildBase := exec.Command("docker", "build", "-t", config.onbuildBaseImage, "-f", "dockerfiles/Dockerfile_onbuild_base", ".")
+	if err := buildOnbuildBase.Run(); err != nil {
+		fmt.Printf("error building onbuild base: %v", err)
+		os.Exit(1)
+	}
+	pushOnbuildBase := exec.Command("docker", "push", config.onbuildBaseImage)
+	if err := pushOnbuildBase.Run(); err != nil {
+		fmt.Printf("error pushing onbuild base %s: %v", config.onbuildBaseImage, err)
+		os.Exit(1)
+	}
+
+	fmt.Println("Building hardlink base image")
+	buildHardlinkBase := exec.Command("docker", "build", "-t", config.hardlinkBaseImage, "-f", "dockerfiles/Dockerfile_onbuild_base", ".")
+	if err := buildHardlinkBase.Run(); err != nil {
+		fmt.Printf("error building hardlink base: %v", err)
+		os.Exit(1)
+	}
+	pushHardlinkBase := exec.Command("docker", "push", config.hardlinkBaseImage)
+	if err := pushHardlinkBase.Run(); err != nil {
+		fmt.Printf("error pushing hardlink base %s: %v", config.hardlinkBaseImage, err)
+		os.Exit(1)
+	}
+
 	dockerfiles, err := FindDockerFiles(dockerfilesPath)
 	if err != nil {
 		fmt.Printf("Coudn't create map of dockerfiles: %s", err)

diff --git a/pkg/dockerfile/dockerfile.go b/pkg/dockerfile/dockerfile.go
@@ -25,6 +25,7 @@ import (
 
 	"github.com/moby/buildkit/frontend/dockerfile/instructions"
 	"github.com/moby/buildkit/frontend/dockerfile/parser"
+	"github.com/sirupsen/logrus"
 )
 
 // Stages reads the Dockerfile, validates it's contents, and returns stages
@@ -112,11 +113,12 @@ func ParseCommands(cmdArray []string) ([]instructions.Command, error) {
 
 // SaveStage returns true if the current stage will be needed later in the Dockerfile
 func SaveStage(index int, stages []instructions.Stage) bool {
+	logrus.Infof("looking into saving stage %d", index)
 	for stageIndex, stage := range stages {
 		if stageIndex <= index {
 			continue
 		}
-		if stage.Name == stages[index].BaseName {
+		if stage.BaseName == stages[index].Name {
 			return true
 		}
 		for _, cmd := range stage.Commands {

diff --git a/pkg/dockerfile/dockerfile_test.go b/pkg/dockerfile/dockerfile_test.go
@@ -32,10 +32,10 @@ func Test_ResolveStages(t *testing.T) {
 	FROM scratch
 	RUN echo hi > /hi
 
-	FROM scratch AS second
+	FROM gcr.io/distroless/base AS second
 	COPY --from=0 /hi /hi2
 
-	FROM scratch
+	FROM another/image
 	COPY --from=second /hi2 /hi3
 	`
 	stages, err := Parse([]byte(dockerfile))

diff --git a/pkg/util/fs_util.go b/pkg/util/fs_util.go
@@ -42,6 +42,11 @@ var whitelist = []string{
 }
 var volumeWhitelist = []string{}
 
+type hardlink struct {
+	links  []*tar.Header
+	reader io.Reader
+}
+
 func GetFSFromImage(root string, img v1.Image) error {
 	whitelist, err := fileSystemWhitelist(constants.WhitelistPath)
 	if err != nil {
@@ -55,6 +60,8 @@ func GetFSFromImage(root string, img v1.Image) error {
 
 	fs := map[string]struct{}{}
 	whiteouts := map[string]struct{}{}
+	symlinks := map[string]struct{}{}
+	hardlinks := map[string]*hardlink{}
 
 	for i := len(layers) - 1; i >= 0; i-- {
 		logrus.Infof("Unpacking layer: %d", i)
@@ -90,7 +97,6 @@ func GetFSFromImage(root string, img v1.Image) error {
 				logrus.Infof("Not adding %s because it was added by a prior layer", path)
 				continue
 			}
-
 			if CheckWhitelist(path) && !checkWhitelistRoot(root) {
 				logrus.Infof("Not adding %s because it is whitelisted", path)
 				continue
@@ -100,6 +106,27 @@ func GetFSFromImage(root string, img v1.Image) error {
 					logrus.Debugf("skipping symlink from %s to %s because %s is whitelisted", hdr.Linkname, path, hdr.Linkname)
 					continue
 				}
+				symlinks[filepath.Clean(filepath.Join("/", hdr.Name))] = struct{}{}
+			}
+			if hdr.Typeflag == tar.TypeLink {
+				// If linkname no longer exists, extract hardlink as regular file
+				linkname := filepath.Clean(filepath.Join("/", hdr.Linkname))
+				if CheckWhitelist(linkname) {
+					logrus.Debugf("skipping hardlink from %s to %s because %s is whitelisted", linkname, path, linkname)
+					continue
+				}
+				_, previouslyAdded := fs[linkname]
+				if previouslyAdded || checkSymlinks(linkname, symlinks) || checkWhiteouts(linkname, whiteouts) {
+					if h, ok := hardlinks[linkname]; ok {
+						h.links = append(h.links, hdr)
+						continue
+					}
+					hardlinks[linkname] = &hardlink{
+						links:  []*tar.Header{hdr},
+						reader: tr,
+					}
+					continue
+				}
 			}
 			fs[path] = struct{}{}
 
@@ -108,6 +135,20 @@ func GetFSFromImage(root string, img v1.Image) error {
 			}
 		}
 	}
+	// Process hardlinks
+	for _, h := range hardlinks {
+		original := h.links[0]
+		original.Typeflag = tar.TypeReg
+		if err := extractFile(root, original, h.reader); err != nil {
+			return err
+		}
+		for _, link := range h.links[1:] {
+			link.Linkname = original.Name
+			if err := extractFile(root, link, nil); err != nil {
+				return err
+			}
+		}
+	}
 	return nil
 }
 
@@ -208,13 +249,12 @@ func extractFile(dest string, hdr *tar.Header, tr io.Reader) error {
 		}
 
 	case tar.TypeLink:
-		logrus.Debugf("link from %s to %s", hdr.Linkname, path)
 		// The base directory for a link may not exist before it is created.
 		dir := filepath.Dir(path)
 		if err := os.MkdirAll(dir, 0755); err != nil {
 			return err
 		}
-		if err := os.Symlink(filepath.Clean(filepath.Join("/", hdr.Linkname)), path); err != nil {
+		if err := os.Link(filepath.Clean(filepath.Join("/", hdr.Linkname)), path); err != nil {
 			return err
 		}
 
@@ -247,6 +287,15 @@ func checkWhiteouts(path string, whiteouts map[string]struct{}) bool {
 	return false
 }
 
+func checkSymlinks(path string, symlinks map[string]struct{}) bool {
+	for sym := range symlinks {
+		if path == sym {
+			return true
+		}
+	}
+	return false
+}
+
 func CheckWhitelist(path string) bool {
 	for _, wl := range whitelist {
 		if HasFilepathPrefix(path, wl) {