minitar

home

github.com/halostatue/minitar/

code

github.com/halostatue/minitar/

bugs

github.com/halostatue/minitar/issues

rdoc

rdoc.info/gems/minitar/

cli

github.com/halostatue/minitar-cli

travis

appveyor

coveralls

Coverage
Status

Description

The minitar library is a pure-Ruby library that provides the ability to deal with POSIX tar(1) archive files.

This is release 0.6, providing a number of bug fixes including a directory traversal vulnerability, CVE-2016-10173. This release starts the migration and modernization of the code:

Some of these changes may break existing programs that depend on the internal structure of the minitar library, but every effort has been made to ensure compatibility; inasmuch as is possible, this compatibility will be maintained through the release of minitar 1.0 (which will have strong breaking changes).

minitar (previously called Archive::Tar::Minitar) is based heavily on code originally written by Mauricio Julio Fernández Pradier for the rpa-base project.

Synopsis

Using minitar is easy. The simplest case is:

require 'minitar'

# Packs everything that matches Find.find('tests').
# test.tar will automatically be closed by Minitar.pack.
Minitar.pack('tests', File.open('test.tar', 'wb'))

# Unpacks 'test.tar' to 'x', creating 'x' if necessary.
Minitar.unpack('test.tar', 'x')

A gzipped tar can be written with:

require 'zlib'
# test.tgz will be closed automatically.
Minitar.pack('tests', Zlib::GzipWriter.new(File.open('test.tgz', 'wb'))

# test.tgz will be closed automatically.
Minitar.unpack(Zlib::GzipReader.new(File.open('test.tgz', 'rb')), 'x')

As the case above shows, one need not write to a file. However, it will sometimes require that one dive a little deeper into the API, as in the case of StringIO objects. Note that I’m not providing a block with Minitar::Output, as Archive::Tar::Minitar::Output#close automatically closes both the Output object and the wrapped data stream object.

begin
  sgz = Zlib::GzipWriter.new(StringIO.new(String.new))
  tar = Output.new(sgz)
  Find.find('tests') do |entry|
    Minitar.pack_file(entry, tar)
  end
ensure
    # Closes both tar and sgz.
  tar.close
end

minitar Semantic Versioning

The minitar library uses a Semantic Versioning scheme with one change: