Refactor machine decompress.go

[l0rd]

What does this PR do?

Added some tests to verify that files extractions works
with different compression format.

Created a decompressor interface with 2 main methods:
  reader(): returns an io.Reader for the specific compression algorithm
  copy(): extracts the compressed file into the file provided as param

Created 5 decompressor types:
- gzip: extract gzip files
- xz: extract xz files
- zip: extract zip files
- generic: extract any other file using github.com/containers/image/v5/pkg/compression
- uncompressed: only do a copy of the file

Minor fix to the progress bar instances: added a call to bar.Abort(false)
that happens before Progress.Wait() to avoid that it hangs when a bar is
not set as completed although extraction is done.

This PR includes #21591 commit.

Does this PR introduce a user-facing change?

None

[baude]

code generally LGTM @Luap99 what say you on the size addition?

[vrothberg]

I wonder why there is a dedicated pkg/machine/compression? Is there a specific reason why we cannot (or do not) use c/storage/pkg/archive?

[Luap99]

So what exactly is this solving compared to the already existing decompression logic like pkg/archive or pkg/compression from c/image that is already used here via compression.AutoDecompress(r)

[Luap99]

this reads the entire file in memory which seem pretty bad for permanence reasons especially since the decompresser will read the same file again

[mtrmac]

Yes; this should either use a buffer + Peek (like archive.DecompressStream), or combine the read data + stream (like compression.DetectCompression).

If this package should be in the business of detecting formats at all.

[l0rd]

Agreed. I found it out when doing the refactoring but I didn't want to use this PR to make changes in the logic of the existing code (there are enough changes) and I added the comment. This should be fixed, but I would rather do it in a separate PR.

[mtrmac]

(Throughout): “The existing code did it that way” is a fair point to some of my objections — the PR is already invasive enough that I wasn’t looking for that.

[mtrmac]

This is a brief skim of an unfamiliar part of the codebase.

The PR is changing a lot in one commit, so I didn’t review how it changes since the previous version at all.

[mtrmac]

Why is this OS-specific?

[l0rd]

This is the current behavior. I haven't changed that. I am assuming that the gzip implementation in c/images/pkg/compression doesn't support sparse files on macos. And we use crc/pkg/os implementation instead.

[mtrmac]

AFAICS CopySparse consumes a plain io.Reader, I can’t see an obvious reason why it couldn’t consume (the faster one used by) the c/image/pkg/compression one.

Either way, maybe not this PR.

[l0rd]

This is faster indeed (~17s vs ~27s on my mac) but if I try to run unit tests using GzipDecompressor from c/image/pkg/compression with CopySparse from crc/v2/pkg/os, I get an error:

compression_test.go:128:
    	Error Trace:	/Users/mloriedo/Git/podman/pkg/machine/compression/compression_test.go:128
    	Error:      	Not equal:
    	            	expected: "gzip\n"
    	            	actual  : "gzip\x00"

This error doesn't happen when using the standard library gzip package with CopySparse from crc/v2/pkg/os. And it doesn't happen using GzipDecompressor with io.Copy. I suspect that this is a problem with CopySparse. Anyway, not something I would fix in this PR.

[l0rd]

For the time being I have added the following comment:

	// macOS gzipped VM images are sparse. As a result a
	// special decompressor is required: it uses crc os.CopySparse
	// instead of io.Copy and std lib gzip instead of klauspost/pgzip
	// (even if it's slower).

[mtrmac]

I’m not too much of a fan of the platform dependency, but, *shrug*, preexisting.

---

I suspect that this is a problem with CopySparse. Anyway, not something I would fix in this PR.

Fair enough, but please at least file an issue if you are not already working on this; silent data corruption seems serious.

It’s quite possible that it would be fixed by using #21763 instead.

[l0rd]

Right, let me try with #21763 because I suspect the problem was crc CopySparse indeed.

[l0rd]

Using the SparseWriter introduced in #21763 fixed the problem. So I have been able to update this PR to use the gzip decompressor from c/image/pkg/compression (that uses klauspost/pgzip) and it's faster 🚀 . Although zstd is used now rather than gzip (through klauspost/compress/zstd) but that's fast too.

[mtrmac]

Yes; this should either use a buffer + Peek (like archive.DecompressStream), or combine the read data + stream (like compression.DetectCompression).

If this package should be in the business of detecting formats at all.

[mtrmac]

Shouldn’t any errors be propagated to the caller?

[l0rd]

This is main branch code, it hasn't been introduced by this PR.

[mtrmac]

Filed #21772 for this.

[mtrmac]

By the time this happens, the separate goroutine might not have finished writing to w.

[l0rd]

This is main branch code, it hasn't been introduced by this PR.

[mtrmac]

Filed #21772 for this.

[l0rd]

I wonder why there is a dedicated pkg/machine/compression? Is there a specific reason why we cannot (or do not) use c/storage/pkg/archive?

Thank you @vrothberg, this is a good question but this PR is about simplifying the existing code of pkg/machine/compression, it doesn't introduce new code (except for the tests). I can't tell for sure why we did the choice to use pkg/machine/compression when extracting a VM image instead of c/storage/pkg/archive. It may be related to the fact that the latter doesn't support zip and gzip (sparse) files. But then why not adding support for those there?

Anyway pkg/machine/compression uses c/images/pkg/compression for every compression format other than zip/gzip/xz. But again, this PR doesn't change that. It's a reorg of the existing code.

[l0rd]

So what exactly is this solving compared to the already existing decompression logic like pkg/archive or pkg/compression from c/image that is already used here via compression.AutoDecompress(r)

Thank you @llchan. This PR doesn't introduce any new logic. It's just a re-writing of existing code.

For what it's worth pkg/machine/compression uses c/image/pkg/compression for any compression format other than zip/gzip (sparse)/xz. This PR introduces the genericDecompressor that is a wrapper of c/image/pkg/compression.

[afbjorklund]

Using the xz library is usually quite a lot slower than forking xz, so make sure to check run time before/after...

[l0rd]

Using the xz library is usually quite a lot slower than forking xz, so make sure to check run time before/after...

@afbjorklund This PR is about cleaning up code inconsistencies and duplication in decompress.go. I am not changing any behavior. That's on purpose. This PR should not introduce any change about how we use xz, it would be a problem otherwise.

[mtrmac]

I’m not too much of a fan of the platform dependency, but, *shrug*, preexisting.

---

I suspect that this is a problem with CopySparse. Anyway, not something I would fix in this PR.

Fair enough, but please at least file an issue if you are not already working on this; silent data corruption seems serious.

It’s quite possible that it would be fixed by using #21763 instead.

[mtrmac]

ErrClosed indicates a programming bug (analogous to C use-after-free); if it is showing up in practice, it should be traced down and avoided.

[l0rd]

This code exist in main (introduced last week).

[mtrmac]

Yeah, still a bug, and closing unowned file descriptors in a concurrency-heavy language like Go would be maddening to debug. I can, barely, live with deferring #21772, that’s “only” data corruption, but unpredictable in-process memory corruption is even more dangerous than that.

(As it happens, the Go internal implementation seems to atomically enforce only one Close, but the interface spec explicitly says the behavior is undefined, so we can’t rely on that.)

AFAICS this refactor has already fixed the double-closes (and that can be enforced by the type system by not providing a *Closer type to the individual decompressor implementations [see elsewhere about the sparse writer Close handling]), so just removing this check should be sufficient to resolve.

[mtrmac]

I’m sorry, actually the io.Closer.Close specification says effect of repeated calls is undefined, but specifically os.File.Close documents that “Close will return an error if it has already been called.” (but, curiously, doesn’t commit to returning ErrClosed in this case).

So this is, after all, safe enough.

[mtrmac]

#21977 will fix this.

[mtrmac]

(Non-blocking: I’m tempted to say that code like this doesn’t need to be a subclass; parametrize genericDecompressor with a

    decompressStream func(io.Reader) (io.ReadCloser, error)
    isSparse bool

… but then I would go on and argue that “is the output a sparse file” should be true either for all or no compression formats because it is very surprising for the sparseness of the output to depend on the compression algorithm … and we would drift into things that should happen in other PRs.)

[l0rd]

I have merged the changes to decompress.go introduced by #21768 with this commit (zstd and uncompressed use the new SparseWriter). I haven't removed the crc CopySparse dependency as it's still used by other packages cc @baude.

The GH action Build Each Commit is still failing with "bin/podman grew by 97632 bytes; max allowed is 51200." but I have no clue why (trying locally on mac, podman-remote size has decrease by 114 464 and on Linux it has grown by 105 824 bytes 🤷 ). @Luap99 maybe you can help me finding out how to address that?

[Luap99]

The check uses rebase and checks commit by commit so you would need to do the same if you want to compare by numbers.
Regardless the size will be to much to trigger this. I don't see any new big imports so I am kinda surprised that this diff causes so much grow.

I think for now we should just accept the grow, I don't see anything that can be done here to help much.

[mtrmac]

For the record:

This code from #21768 works right now, but if Zstd ever grew a non-Darwin implementation, Gzip would start failing on Darwin. To me, that kind of a trap is at least worth a comment.

That’s fixed in this PR — but if this PR were abandoned for any reason, I would want to add that comment.

[l0rd]

@baude @mheon I have addressed most of the comments on this PR. The check machine-hyperv podman windows rootless host sqlite is failing though.

To be fair was able to test it locally on linux/macos/wsl but not on hyperv yet (I will try later). And I am not able to add the v5.0 label to this PR (I don't have the privileges).

[mheon]

The machine resize failure seems legitimate, and not a flake.

Code LGTM though

[mheon]

Label added

[TomSweeneyRedHat]

Code LGTM, hyperv sqlite test still twitching....

[mtrmac]

In every instance:

This never calls sparseWriter.Close(), and therefore corrupts data (does not write the trailing zero block, if any).

It might be simpler (and more symmetric) to have w just be an io.WriteSeeker, and to wrap it with (a functional equivalent of) NopCloser for the purpose of this function. … and because that repeats 3 times, perhaps do that in a local copySparse utility.

[mtrmac]

(Also, again because sparseWriter.Close is non-trivial, its return value should be checked, not ignored.)

[l0rd]

You are right thanks. I have added the calls to sparseWriter.Close() and added new tests to check compressed files with trailing zeros.

It's worth noting that not calling sparseWriter.Close()(i.e. ignoring the trailing zeros) makes podman machine init still successful but 10s faster on my local macOS.

[mtrmac]

AFAICT the implementation is now the same, the difference is only that these two use sparseWriter. Am I missing something?

The previous version said “macOS gzipped VM images are sparse”.

And #21592 (comment) suggested that previously we had to choose between sparse processing and fast decompression, so we choose the slower one on macOS only, where sparse was a requirement. Apparently with the new sparseWriter that’s no longer the case, we can have both.

I have no idea what’s true, and I don’t insist on switching to always-sparse here and removing the platform dependency, but I’d prefer the comment to document as much of the intent and trade-offs (even if it is “some previous version made that distinction for an unknown reason”) as possible, because our knowledge will not get better as time passes.

[mtrmac]

the implementation is now the same

I mean the decompression library being called.

[mtrmac]

The AFAICT incorrect comment is still outstanding.

[l0rd]

What about:

	// Using special compressors on MacOS because generic
	// uses `io.Writer` that is less performant than `SparseWriter`
	// when writing applehv raw images.

[mtrmac]

• Both implementations “use io.Writer”, that’s not quite the difference
• Is it “less performant”? Only on macOS? AFAICT the comment is there to explain why macOS is a special case, why this is not conditioned only on the compression format. What’s the part that is macOS specific?

---

The previous version said “macOS gzipped VM images are sparse”.

Is that the reason? If so, then say so:

macOS gzipped VM images are sparse, so we need an implementation which can create sparse files. It is currently unknown why we have, historically, not been trying to create sparse files on other platform as well.

or something.

Or is the reason something else entirely? I have no idea. Some future maintainer might be looking at this 3 years later and trying to figure out what we were thinking.

(This directly relates to #21592 (comment) …)

[l0rd]

Let me try to be more clear:

• On macOS podman machine uses applehv
• applehv VMs are distributed as raw disk files (for windows hyperv we use the vhdx format)
• FCOS raw disk files have a size of 10GB with only ~2GB of actual files (vhdx has a size of ~2GB)
• gzip and zstd don't have any specific optimization for such kind of sparse files (the compressed size is ~8GB)
• As a result, the decompression of FCOS is particularly slow on macOS,
• One way to make the decompression faster for these large sparse files is using SparseWriter
• The decompressor generic supports gzip, zstd etc...but doesn't use SparseWriter
• The zsdt and gzip decompressors use SparseWriter and are used only for FCOS raw disk files (i.e. macOS)

My previous comment macOS gzipped VM images are sparse was not accurate. It's not related to gzip but to the fact that applehv VMs are imported from raw disk files. And decompressing such files can be optimized using SparseWriter.

@baude is this correct?

[mtrmac]

Yeah, still a bug, and closing unowned file descriptors in a concurrency-heavy language like Go would be maddening to debug. I can, barely, live with deferring #21772, that’s “only” data corruption, but unpredictable in-process memory corruption is even more dangerous than that.

(As it happens, the Go internal implementation seems to atomically enforce only one Close, but the interface spec explicitly says the behavior is undefined, so we can’t rely on that.)

AFAICS this refactor has already fixed the double-closes (and that can be enforced by the type system by not providing a *Closer type to the individual decompressor implementations [see elsewhere about the sparse writer Close handling]), so just removing this check should be sufficient to resolve.

[packit-as-a-service]

Cockpit tests failed for commit 5970466. @martinpitt, @jelly, @mvollmer please check.

[packit-as-a-service]

Cockpit tests failed for commit 7b6d9a5. @martinpitt, @jelly, @mvollmer please check.

[martinpitt]

These cockpit failures were both instances of the thing fixed in cockpit-project/cockpit-podman#1580 . So hopefully shouldn't repeat in the future, sorry for the noise.

It is remarkably hard to reset podman to a pristine state in between tests.. Leaked processes/mounts, files (dis)appearing after killing processes, etc. OOI, how do your tests do the cleanup in teardown?

[Luap99]

It is remarkably hard to reset podman to a pristine state in between tests.. Leaked processes/mounts, files (dis)appearing after killing processes, etc. OOI, how do your tests do the cleanup in teardown?

Let's not have such discussion on some random PR, we should not leak anything assuming you stop things properly. (I know we do sometimes as we see similar issues in other CI). I suggest you file a issue, if you have a reproducer for this outside of you CI even better.
Note podman is not a daemon, stopping the service does not stop containers. So if you do not run something like podman stop --all -t0 before and your tests do not stop containers this will be expected.

[mtrmac]

@l0rd one of the test failures seems relevant to this PR.

[l0rd]

Considered the result of the last CI tests, I have removed the xz unit tests that were flaky (c.f. #21772).

I have also submitted another PR, identical to this one but with more impactful changes, where I have added the xz unit test back: #21864.

[mtrmac]

That works for me… implementation LGTM.

I’d still want to see the documentation around #21592 (comment) to be updated / made accurate, matching what is known today.

[TomSweeneyRedHat]

Happy green test buttons on this 5.0 tagged PR. LGTM. @mheon @baude or @Luap99 PTAL and smash that final merge button if appropriate.

[mheon]

/lgtm

[Luap99]

/approve

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: l0rd, Luap99

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [Luap99]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment