From bf5b907a2937772c04882bb4f6015edb91a988ec Mon Sep 17 00:00:00 2001
From: Stefan Prodan <stefan.prodan@gmail.com>
Date: Fri, 29 Sep 2023 13:27:19 +0300
Subject: [PATCH] oci: Skip symlinks found in upstream artifacts Do not error
 out when upstream artifacts contain symlinks in the content layer, instead
 skip all symlinks during decompression.

Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
(cherry picked from commit cdb412e7afd1892129836c93254c1a9815948bbc)
---
 internal/controller/ocirepository_controller.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/internal/controller/ocirepository_controller.go b/internal/controller/ocirepository_controller.go
index f10735408..5df06fdb3 100644
--- a/internal/controller/ocirepository_controller.go
+++ b/internal/controller/ocirepository_controller.go
@@ -486,7 +486,7 @@ func (r *OCIRepositoryReconciler) reconcileSource(ctx context.Context, sp *patch
 	// Persist layer content to storage using the specified operation
 	switch obj.GetLayerOperation() {
 	case ociv1.OCILayerExtract:
-		if err = tar.Untar(blob, dir, tar.WithMaxUntarSize(-1)); err != nil {
+		if err = tar.Untar(blob, dir, tar.WithMaxUntarSize(-1), tar.WithSkipSymlinks()); err != nil {
 			e := serror.NewGeneric(
 				fmt.Errorf("failed to extract layer contents from artifact: %w", err),
 				ociv1.OCILayerOperationFailedReason,