| 239 | } |
| 240 | |
| 241 | func extractBin(dest string, r io.Reader) (numExtracted int, err error) { |
| 242 | opts := []zstd.DOption{ |
| 243 | // Concurrency doesn't help us when decoding the tar and |
| 244 | // can actually slow us down. |
| 245 | zstd.WithDecoderConcurrency(1), |
| 246 | // Ignoring checksums can give a slight performance |
| 247 | // boost but it's probably not worth the reduced safety. |
| 248 | zstd.IgnoreChecksum(false), |
| 249 | // Allow the decoder to use more memory giving us a 2-3x |
| 250 | // performance boost. |
| 251 | zstd.WithDecoderLowmem(false), |
| 252 | } |
| 253 | zr, err := zstd.NewReader(r, opts...) |
| 254 | if err != nil { |
| 255 | return 0, xerrors.Errorf("open zstd archive failed: %w", err) |
| 256 | } |
| 257 | defer zr.Close() |
| 258 | |
| 259 | tr := tar.NewReader(zr) |
| 260 | n := 0 |
| 261 | for { |
| 262 | h, err := tr.Next() |
| 263 | if err != nil { |
| 264 | if errors.Is(err, io.EOF) { |
| 265 | return n, nil |
| 266 | } |
| 267 | return n, xerrors.Errorf("read tar archive failed: %w", err) |
| 268 | } |
| 269 | if h.Name == "." || strings.Contains(h.Name, "..") { |
| 270 | continue |
| 271 | } |
| 272 | |
| 273 | name := filepath.Join(dest, filepath.Base(h.Name)) |
| 274 | f, err := os.Create(name) |
| 275 | if err != nil { |
| 276 | return n, xerrors.Errorf("create file failed: %w", err) |
| 277 | } |
| 278 | //#nosec // We created this tar, no risk of decompression bomb. |
| 279 | _, err = io.Copy(f, tr) |
| 280 | if err != nil { |
| 281 | _ = f.Close() |
| 282 | return n, xerrors.Errorf("write file contents failed: %w", err) |
| 283 | } |
| 284 | err = f.Close() |
| 285 | if err != nil { |
| 286 | return n, xerrors.Errorf("close file failed: %w", err) |
| 287 | } |
| 288 | |
| 289 | n++ |
| 290 | } |
| 291 | } |
| 292 | |
| 293 | type binMetadata struct { |
| 294 | sizeBytes int64 // -1 if not known yet |