Description
I implemented whiteouts in the image-merging code without having read the spec.
https://github.com/opencontainers/image-spec/blob/main/layer.md
There are two things that need fixing:
- Whiteout files MUST only apply to resources in lower/parent layers.
- Files that are present in the same layer as a whiteout file can only be hidden by whiteout files in subsequent layers.
When processing the second layer, a/.wh..wh..opq is applied first, before creating the new version of a/b, regardless of the ordering in which the whiteout file was encountered.
Implementations SHOULD generate layers such that the whiteout files appear before sibling directory entries.
If we encounter a whiteout file in a layer tarball after that file was added in the same tarball we're going to delete it again. We could argue that the tarball is not a valid layer because it attempts to do something that the spec says that it shouldn't, but at the very least we should try to detect this situation, and probably we do need to support it (since a SHOULD is only a SHOULD).
This is going to be very difficult. The good news: this isn't a problem as long as we're only dealing with layers produced in the way that they SHOULD have been.
- In addition to expressing that a single entry should be removed from a lower layer, layers may remove all of the children using an opaque whiteout entry.
- An opaque whiteout entry is a file with the name .wh..wh..opq indicating that all siblings are hidden in the lower layer.
We just need to add support for this (but need to be careful about the interaction with the above). Assuming we've managed to solve the above issue, this issue will be trivial.