1 files changed, 0 insertions, 220 deletions
diff --git a/pkg/copy/copy.go b/pkg/copy/copy.go
deleted file mode 100644
index 13893deb2..000000000
--- a/pkg/copy/copy.go
+++ /dev/null
@@ -1,220 +0,0 @@
-package copy
-
-import (
-	"io"
-	"os"
-	"path/filepath"
-	"strings"
-
-	buildahCopiah "github.com/containers/buildah/copier"
-	"github.com/containers/storage/pkg/archive"
-	securejoin "github.com/cyphar/filepath-securejoin"
-	"github.com/pkg/errors"
-)
-
-// ********************************* NOTE *************************************
-//
-// Most security bugs are caused by attackers playing around with symlinks
-// trying to escape from the container onto the host and/or trick into data
-// corruption on the host.  Hence, file operations on containers (including
-// *stat) should always be handled by `github.com/containers/buildah/copier`
-// which makes sure to evaluate files in a chroot'ed environment.
-//
-// Please make sure to add verbose comments when changing code to make the
-// lives of future readers easier.
-//
-// ****************************************************************************
-
-// Copier copies data from a source to a destination CopyItem.
-type Copier struct {
-	copyFunc     func() error
-	cleanUpFuncs []deferFunc
-}
-
-// cleanUp releases resources the Copier may hold open.
-func (c *Copier) cleanUp() {
-	for _, f := range c.cleanUpFuncs {
-		f()
-	}
-}
-
-// Copy data from a source to a destination CopyItem.
-func (c *Copier) Copy() error {
-	defer c.cleanUp()
-	return c.copyFunc()
-}
-
-// GetCopiers returns a Copier to copy the source item to destination.  Use
-// extract to untar the source if it's a tar archive.
-func GetCopier(source *CopyItem, destination *CopyItem, extract bool) (*Copier, error) {
-	copier := &Copier{}
-
-	// First, do the man-page dance.  See podman-cp(1) for details.
-	if err := enforceCopyRules(source, destination); err != nil {
-		return nil, err
-	}
-
-	// Destination is a stream (e.g., stdout or an http body).
-	if destination.info.IsStream {
-		// Source is a stream (e.g., stdin or an http body).
-		if source.info.IsStream {
-			copier.copyFunc = func() error {
-				_, err := io.Copy(destination.writer, source.reader)
-				return err
-			}
-			return copier, nil
-		}
-		root, glob, err := source.buildahGlobs()
-		if err != nil {
-			return nil, err
-		}
-		copier.copyFunc = func() error {
-			return buildahCopiah.Get(root, "", source.getOptions(), []string{glob}, destination.writer)
-		}
-		return copier, nil
-	}
-
-	// Destination is either a file or a directory.
-	if source.info.IsStream {
-		copier.copyFunc = func() error {
-			return buildahCopiah.Put(destination.root, destination.resolved, source.putOptions(), source.reader)
-		}
-		return copier, nil
-	}
-
-	tarOptions := &archive.TarOptions{
-		Compression: archive.Uncompressed,
-		CopyPass:    true,
-	}
-
-	root := destination.root
-	dir := destination.resolved
-	if !source.info.IsDir {
-		// When copying a file, make sure to rename the
-		// destination base path.
-		nameMap := make(map[string]string)
-		nameMap[filepath.Base(source.resolved)] = filepath.Base(destination.resolved)
-		tarOptions.RebaseNames = nameMap
-		dir = filepath.Dir(dir)
-	}
-
-	var tarReader io.ReadCloser
-	if extract && archive.IsArchivePath(source.resolved) {
-		if !destination.info.IsDir {
-			return nil, errors.Errorf("cannot extract archive %q to file %q", source.original, destination.original)
-		}
-
-		reader, err := os.Open(source.resolved)
-		if err != nil {
-			return nil, err
-		}
-		copier.cleanUpFuncs = append(copier.cleanUpFuncs, func() { reader.Close() })
-
-		// The stream from stdin may be compressed (e.g., via gzip).
-		decompressedStream, err := archive.DecompressStream(reader)
-		if err != nil {
-			return nil, err
-		}
-
-		copier.cleanUpFuncs = append(copier.cleanUpFuncs, func() { decompressedStream.Close() })
-		tarReader = decompressedStream
-	} else {
-		reader, err := archive.TarWithOptions(source.resolved, tarOptions)
-		if err != nil {
-			return nil, err
-		}
-		copier.cleanUpFuncs = append(copier.cleanUpFuncs, func() { reader.Close() })
-		tarReader = reader
-	}
-
-	copier.copyFunc = func() error {
-		return buildahCopiah.Put(root, dir, source.putOptions(), tarReader)
-	}
-	return copier, nil
-}
-
-// enforceCopyRules enforces the rules for copying from a source to a
-// destination as mentioned in the podman-cp(1) man page.  Please refer to the
-// man page and/or the inline comments for further details.  Note that source
-// and destination are passed by reference and the their data may be changed.
-func enforceCopyRules(source, destination *CopyItem) error {
-	if source.statError != nil {
-		return source.statError
-	}
-
-	// We can copy everything to a stream.
-	if destination.info.IsStream {
-		return nil
-	}
-
-	if source.info.IsStream {
-		if !(destination.info.IsDir || destination.info.IsStream) {
-			return errors.New("destination must be a directory or stream when copying from a stream")
-		}
-		return nil
-	}
-
-	// Source is a *directory*.
-	if source.info.IsDir {
-		if destination.statError != nil {
-			// It's okay if the destination does not exist.  We
-			// made sure before that it's parent exists, so it
-			// would be created while copying.
-			if os.IsNotExist(destination.statError) {
-				return nil
-			}
-			// Could be a permission error.
-			return destination.statError
-		}
-
-		// If the destination exists and is not a directory, we have a
-		// problem.
-		if !destination.info.IsDir {
-			return errors.Errorf("cannot copy directory %q to file %q", source.original, destination.original)
-		}
-
-		// If the destination exists and is a directory, we need to
-		// append the source base directory to it.  This makes sure
-		// that copying "/foo/bar" "/tmp" will copy to "/tmp/bar" (and
-		// not "/tmp").
-		newDestination, err := securejoin.SecureJoin(destination.resolved, filepath.Base(source.resolved))
-		if err != nil {
-			return err
-		}
-		destination.resolved = newDestination
-		return nil
-	}
-
-	// Source is a *file*.
-	if destination.statError != nil {
-		// It's okay if the destination does not exist, unless it ends
-		// with "/".
-		if !os.IsNotExist(destination.statError) {
-			return destination.statError
-		} else if strings.HasSuffix(destination.resolved, "/") {
-			// Note: this is practically unreachable code as the
-			// existence of parent directories is enforced early
-			// on.  It's left here as an extra security net.
-			return errors.Errorf("destination directory %q must exist (trailing %q)", destination.original, "/")
-		}
-		// Does not exist and does not end with "/".
-		return nil
-	}
-
-	// If the destination is a file, we're good.  We will overwrite the
-	// contents while copying.
-	if !destination.info.IsDir {
-		return nil
-	}
-
-	// If the destination exists and is a directory, we need to append the
-	// source base directory to it.  This makes sure that copying
-	// "/foo/bar" "/tmp" will copy to "/tmp/bar" (and not "/tmp").
-	newDestination, err := securejoin.SecureJoin(destination.resolved, filepath.Base(source.resolved))
-	if err != nil {
-		return err
-	}
-
-	destination.resolved = newDestination
-	return nil
-}