revise a decoder and encoder, being pure

[hannesm]

this is on the path to remove the functors from the main tar library.

while working on this, I encountered some issues in the reader already:

• if a zero block is read, the next block (if not another zero block, or a unmarshal error) is treat as a header directly (i.e. no pax/extended header disambiguation ongoing)
• the longname/longlink is ignored when there was a PerFileExtendedHeader -- since here after unmarshalling only a "fix_link_indicator" is called, but the longname/longlink arguments are not respected (I understand there's a todo "unclear how/if pax headers should interact with gnu extensions" -- and I don't know whether what this PR provides is what other tar implementations support as well)

happy to hear your feedback. if this PR is fine with you, I'm keen to use the decoder & encoder in the effectful layers (and remove the headerreader/headerwriter/other functors). WDYT?

[hannesm]

For reviewing purposes and testing purposes, I adjusted the list in parse_test to use the provided decoder, and their tests are passing :)

[hannesm]

This PR proposes a new API, and is ready for review. Tests are passing, missing bits are Tar_gz and the eio code. A thorough review of the functionality deployed in Tar_unix / Tar_lwt_unix would be great. Certainly there are missing bits and pieces (in extract / header_of_file / ..) we can fill in over time.

//cc @MisterDA @reynir who worked on the code (including removing Archive), and who may have ideas about users of the modules and whether these can be (easily) converted to this new API.

[reynir]

Preliminary review. I reviewed Tar and Tar_unix. TODO on my part is to review Tar_mirage and the test changes. I assume the Tar_lwt_unix changes are similar to Tar_unix.

[reynir]

I find the meaning of the `Active of bool constructor not very clear from its name. But the type is not exposed and the scope is fairly limited so that's okay.

[reynir]

We don't check the link indicator here. We may want to error out or do something different if it's (another) PAX extended header or a GNU Long{Link,Name}. I doubt there are archives out there that mix GNU LongLink and PAX extended headers so I'm fine with any behavior in that case. I don't know if you're allowed to have PAX extended headers after each other and what the semantics thereof would be.

[reynir]

I'm fine with not making a decision on this in this PR - but maybe we should add a comment then.

[reynir]

It turns out we may actually produce such archives due to #142 if using compatibility level GNU :/

[reynir]

A hack, but we synthesize an Extended.t from next_longlink and next_longname. I think this is fine as is though.

[reynir]

Maybe:

Suggested change

	let blank = {Header.file_name = longlink; file_mode = 0; user_id = 0; group_id = 0; mod_time = 0L; file_size = 0L; link_indicator = Header.Link.LongLink; link_name = ""; uname = "root"; gname = "root"; devmajor = 0; devminor = 0; extended = None} in
	let blank = Header.make ~link_indicator:Header.Link.LongLink ~user_id:0 ~uname:"root" ~group_id:0 ~gname:"root" longlink 0L in

We can also rely on ~user_id and ~group_id defaulting to 0.

I don't have a strong opinion on this.

[reynir]

Level is always GNU.

Suggested change

	let encode_long level link_indicator payload =
	let encode_long link_indicator payload =

[reynir]

It is possible to create tar archives where you store headers for the files only and in my experience tar utilities will create the missing directories. For example, it might only contain regular files:

• mysterydir/file1
• mysterydir/phantom/file2

Extracting this archive will result in the following filesystem structure:

mysterydir/
├── file1
└── phantom
    └── file2

Now the question is:

• Should we do this, too?

Also somewhat related but independent: What is the meaning if filter { file_name = "mysterydir/"; _ } = false and filter { file_name = "mysterydir/file1"; _ } = true? That is, we filter out the parent directory but keep the child?

[hannesm]

We should indeed create directories which are needed.

The filter - here you can decide what you like (you get a Header.t) - and match on "no mysterydir" or "no directory entry" or "nothing below mysterydir".

[reynir]

Here again there are potential pitfalls. If filter skips dir/ but keeps dir/file then we get an archive where only dir/file is present. In my experience tar tools will create missing dirs, so skipping dir/ will in this case not result in dir/ not being present in a sense, but the permissions and ownership will be something the tar utility decides.

[reynir]

I think this could be explained better. For example, the caller will need to call write_end once no more files will be appended.

Suggested change

	(** [append_file ~level ~header filename fd] appends the contents of [filename]
	to the tar archive [fd]. If [header] is not provided, {header_of_file} is
	used for constructing a header. *)
	(** [append_file ~level ~header filename fd] appends the contents of [filename]
	to the tar archive [fd]. If [header] is not provided, {header_of_file} is
	used for constructing a header. It is the responsibility of the caller to write the end of the archive using e.g. [write_end] when no more files will be added. *)

I'm also curious if people might think you can just open an existing archive and call append_file on the newly opened file descriptor.

[hannesm]

you can. Unix.openfile with O_APPEND, lseek to SEEK_END - 2 * 512, and then you can append :)

[reynir]

Right :) But is that clear from the documentation? Or could a user not very familiar with the tar format think they can just do let fd = Unix.openfile "backup.tar" [Unix.O_APPEND] 0o777 in append_file "hello.txt" fd; Unix.close fd and they're done? What I'm getting at is this maybe requires some knowledge about tar and otherwise you may think the function does more magic than it really does (like seeking at the end or finishing off with two zero blocks).

I can make a change to the documentation so it is more clear what it does and does not.

[reynir]

This is not super safe as the archive can contain file names such as ../../../../etc/passwd or /etc/passwd. Maybe it's better to leave it up to the user to write their own function using fold where they can decide how to handle paths, ownership and mode?

[hannesm]

I'd be happy to say "extract into /my/tmp/dir", and nothing leaves that directory... thus if you have "/foo/bar" in your archive, the leading / is removed. ../ paths are ignored? I don't know for sure..

[reynir]

I think that is preferable. Maybe a unsafe_extract could exist, but I think Tar_unix.extract should not be a footgun.

[hannesm]

unsafe_extract is something people can write their own with fold ;)

[reynir]

FWIW GNU tar seems to use the empty string for unknown uids.

[reynir]

Overall I'm happy with the Tar changes. There is a thing about PAX headers in Tar.Header.make I'm not happy about but that was there before this change.

For Tar_unix I have some concerns about safety, potentially confusing names and unclear semantics of filtering. But I like how the usage of Tar looks like!

[dinosaure]

I'm not a big fan of the new API where some details should be know by user to use rightly Tar (and these details are about the tar format). Specifically about Tar_gz API, decompress‧gz is a streaming API (you can fill the decoder with some bytes, only an empty string informs the end of the stream). By extension, an usage of decompress‧gz should lead to a streaming API too but it's actually not possible with the current Tar API. It depends on what we want to expose of course.

[dinosaure]

I'm not a big fan of decode_state, I prefer decoder.

[dinosaure]

That mostly means that at the beginning, the user must provides a 512 bytes string at first (according to Header‧unmarshal), otherwise the user gets an error. Should we precise that the user must read a tar file per 512 bytes? Should we provide a streaming API?