Fix deprecated use of hdr.Xattrs (SA1019)

pkg/archive/archive.go

@@ -70,6 +70,8 @@ type (
 	}
 )
 
+const PaxSchilyXattr = "SCHILY.xattr."
+
 const (
 	tarExt  = "tar"
 	solaris = "solaris"
@@ -417,26 +419,26 @@ func FileInfoHeader(name string, fi os.FileInfo, link string) (*tar.Header, erro
 	return hdr, nil
 }
 
-// ReadSecurityXattrToTarHeader reads security.capability, security,image
+// readSecurityXattrToTarHeader reads security.capability, security,image
 // xattrs from filesystem to a tar header
-func ReadSecurityXattrToTarHeader(path string, hdr *tar.Header) error {
-	if hdr.Xattrs == nil {
-		hdr.Xattrs = make(map[string]string)
+func readSecurityXattrToTarHeader(path string, hdr *tar.Header) error {
+	if hdr.PAXRecords == nil {
+		hdr.PAXRecords = make(map[string]string)
 	}
 	for _, xattr := range []string{"security.capability", "security.ima"} {
 		capability, err := system.Lgetxattr(path, xattr)
 		if err != nil && !errors.Is(err, system.EOPNOTSUPP) && err != system.ErrNotSupportedPlatform {
 			return fmt.Errorf("failed to read %q attribute from %q: %w", xattr, path, err)
 		}
 		if capability != nil {
-			hdr.Xattrs[xattr] = string(capability)
+			hdr.PAXRecords[PaxSchilyXattr+xattr] = string(capability)
 		}
 	}
 	return nil
 }
 
-// ReadUserXattrToTarHeader reads user.* xattr from filesystem to a tar header
-func ReadUserXattrToTarHeader(path string, hdr *tar.Header) error {
+// readUserXattrToTarHeader reads user.* xattr from filesystem to a tar header
+func readUserXattrToTarHeader(path string, hdr *tar.Header) error {
 	xattrs, err := system.Llistxattr(path)
 	if err != nil && !errors.Is(err, system.EOPNOTSUPP) && err != system.ErrNotSupportedPlatform {
 		return err
@@ -451,10 +453,10 @@ func ReadUserXattrToTarHeader(path string, hdr *tar.Header) error {
 				}
 				return err
 			}
-			if hdr.Xattrs == nil {
-				hdr.Xattrs = make(map[string]string)
+			if hdr.PAXRecords == nil {
+				hdr.PAXRecords = make(map[string]string)
 			}
-			hdr.Xattrs[key] = string(value)
+			hdr.PAXRecords[PaxSchilyXattr+key] = string(value)
 		}
 	}
 	return nil
@@ -542,10 +544,10 @@ func (ta *tarAppender) addTarFile(path, name string) error {
 	if err != nil {
 		return err
 	}
-	if err := ReadSecurityXattrToTarHeader(path, hdr); err != nil {
+	if err := readSecurityXattrToTarHeader(path, hdr); err != nil {
 		return err
 	}
-	if err := ReadUserXattrToTarHeader(path, hdr); err != nil {
+	if err := readUserXattrToTarHeader(path, hdr); err != nil {
 		return err
 	}
 	if err := ReadFileFlagsToTarHeader(path, hdr); err != nil {
@@ -782,11 +784,15 @@ func createTarFile(path, extractDir string, hdr *tar.Header, reader io.Reader, L
 	}
 
 	var errs []string
-	for key, value := range hdr.Xattrs {
-		if _, found := xattrsToIgnore[key]; found {
+	for key, value := range hdr.PAXRecords {
+		xattrKey, ok := strings.CutPrefix(key, PaxSchilyXattr)
+		if !ok {
+			continue
+		}
+		if _, found := xattrsToIgnore[xattrKey]; found {
 			continue
 		}
-		if err := system.Lsetxattr(path, key, []byte(value), 0); err != nil {
+		if err := system.Lsetxattr(path, xattrKey, []byte(value), 0); err != nil {
 			if errors.Is(err, syscall.ENOTSUP) || (inUserns && errors.Is(err, syscall.EPERM)) {
 				// We ignore errors here because not all graphdrivers support
 				// xattrs *cough* old versions of AUFS *cough*. However only
@@ -1371,7 +1377,7 @@ func remapIDs(readIDMappings, writeIDMappings *idtools.IDMappings, chownOpts *id
 			}
 		} else if runtime.GOOS == darwin {
 			uid, gid = hdr.Uid, hdr.Gid
-			if xstat, ok := hdr.Xattrs[idtools.ContainersOverrideXattr]; ok {
+			if xstat, ok := hdr.PAXRecords[PaxSchilyXattr+idtools.ContainersOverrideXattr]; ok {
 				attrs := strings.Split(string(xstat), ":")
 				if len(attrs) == 3 {
 					val, err := strconv.ParseUint(attrs[0], 10, 32)

pkg/archive/archive_linux.go

@@ -48,8 +48,8 @@ func (o overlayWhiteoutConverter) ConvertWrite(hdr *tar.Header, path string, fi
 			return nil, err
 		}
 		if len(opaque) == 1 && opaque[0] == 'y' {
-			if hdr.Xattrs != nil {
-				delete(hdr.Xattrs, getOverlayOpaqueXattrName())
+			if hdr.PAXRecords != nil {
+				delete(hdr.PAXRecords, PaxSchilyXattr+getOverlayOpaqueXattrName())
 			}
 			// If there are no lower layers, then it can't have been deleted in this layer.
 			if len(o.rolayers) == 0 {

pkg/archive/archive_unix_test.go

@@ -232,6 +232,8 @@ func TestTarUntarWithXattr(t *testing.T) {
 	encoded := [20]byte{0, 0, 0, 2}
 	err = system.Lsetxattr(filepath.Join(origin, "2"), "security.capability", encoded[:], 0)
 	require.NoError(t, err)
+	err = system.Lsetxattr(filepath.Join(origin, "1"), "user.test", []byte("helloWord"), 0)
+	require.NoError(t, err)
 
 	for _, c := range []Compression{
 		Uncompressed,
@@ -248,9 +250,13 @@ func TestTarUntarWithXattr(t *testing.T) {
 		if len(changes) != 1 || changes[0].Path != "/3" {
 			t.Fatalf("Unexpected differences after tarUntar: %v", changes)
 		}
-		capability, _ := system.Lgetxattr(filepath.Join(origin, "2"), "security.capability")
-		if capability == nil && capability[0] != 0x00 {
-			t.Fatalf("Untar should have kept the 'security.capability' xattr.")
-		}
+
+		capability, err := system.Lgetxattr(filepath.Join(origin, "2"), "security.capability")
+		require.NoError(t, err)
+		assert.Equal(t, encoded[:], capability)
+
+		test, err := system.Lgetxattr(filepath.Join(origin, "1"), "user.test")
+		require.NoError(t, err)
+		assert.Equal(t, []byte("helloWord"), test)
 	}
 }

pkg/chunked/compressor/compressor.go

@@ -9,7 +9,9 @@ import (
 	"bytes"
 	"encoding/base64"
 	"io"
+	"strings"
 
+	"github.com/containers/storage/pkg/archive"
 	"github.com/containers/storage/pkg/chunked/internal"
 	"github.com/containers/storage/pkg/ioutils"
 	"github.com/klauspost/compress/zstd"
@@ -374,8 +376,12 @@ func writeZstdChunkedStream(destFile io.Writer, outMetadata map[string]string, r
 			return err
 		}
 		xattrs := make(map[string]string)
-		for k, v := range hdr.Xattrs {
-			xattrs[k] = base64.StdEncoding.EncodeToString([]byte(v))
+		for k, v := range hdr.PAXRecords {
+			xattrKey, ok := strings.CutPrefix(k, archive.PaxSchilyXattr)
+			if !ok {
+				continue
+			}
+			xattrs[xattrKey] = base64.StdEncoding.EncodeToString([]byte(v))
 		}
 		entries := []internal.FileMetadata{
 			{