opencontainers · tych0 · Feb 22, 2024 · Feb 21, 2024 · Feb 21, 2024 · Feb 21, 2024
diff --git a/oci/layer/generate.go b/oci/layer/generate.go
@@ -54,7 +54,9 @@ func GenerateLayer(path string, deltas []mtree.InodeDelta, opt *RepackOptions) (
 	go func() (Err error) {
 		// Close with the returned error.
 		defer func() {
-			log.Warnf("could not generate layer: %v", Err)
+			if Err != nil {
+				log.Warnf("could not generate layer: %v", Err)
+			}
 			// #nosec G104
 			_ = writer.CloseWithError(errors.Wrap(Err, "generate layer"))
 		}()
@@ -135,13 +137,21 @@ func GenerateInsertLayer(root string, target string, opaque bool, opt *RepackOpt
 
 	go func() (Err error) {
 		defer func() {
-			log.Warnf("could not generate insert layer: %v", Err)
+			if Err != nil {
+				log.Warnf("could not generate insert layer: %v", Err)
+			}
 			// #nosec G104
 			_ = writer.CloseWithError(errors.Wrap(Err, "generate insert layer"))
 		}()
 
 		tg := newTarGenerator(writer, packOptions.MapOptions)
 
+		defer func() {
+			if err := tg.tw.Close(); err != nil {
+				log.Warnf("generate insert layer: could not close tar.Writer: %s", err)
+			}
+		}()
+
 		if opaque {
 			if err := tg.AddOpaqueWhiteout(target); err != nil {
 				return err

diff --git a/test/helpers.bash b/test/helpers.bash
@@ -99,7 +99,21 @@ function requires() {
 }
 
 function image-verify() {
-	oci-image-tool validate --type "imageLayout" "$@"
+	local ocidir="$@"
+	# test that each generated targz file is valid according to gnutar:
+	for f in $(ls $ocidir/blobs/sha256/); do
+		file $ocidir/blobs/sha256/$f | grep "gzip" || {
+			continue
+		}
+		zcat $ocidir/blobs/sha256/$f | tar tvf - >/dev/null || {
+			rc=$?
+			file $ocidir/blobs/sha256/$f
+			echo "error untarring $f: $rc"
+			return $rc
+		}
+		echo $f: valid tar archive
+	done
+	oci-image-tool validate --type "imageLayout" "$ocidir"
 	return $?
 }
 

diff --git a/test/insert.bats b/test/insert.bats
@@ -45,6 +45,7 @@ function teardown() {
 	touch "${INSERTDIR}/test/a"
 	touch "${INSERTDIR}/test/b"
 	chmod +x "${INSERTDIR}/test/b"
+	echo "foo" > "${INSERTDIR}/test/smallfile"
 
 	# Make sure rootless mode works.
 	mkdir -p "${INSERTDIR}/some/path"
@@ -68,6 +69,10 @@ function teardown() {
 	[ "$status" -eq 0 ]
 	image-verify "${IMAGE}"
 
+	umoci insert --image "${IMAGE}:${TAG}" "${INSERTDIR}/test/smallfile" /tester/smallfile
+	[ "$status" -eq 0 ]
+	image-verify "${IMAGE}"
+
 	# Unpack after the inserts.
 	new_bundle_rootfs
 	umoci unpack --image "${IMAGE}:${TAG}-new" "$BUNDLE"