From 98548ba8cf07131c3369c48be503babf4c8745fe Mon Sep 17 00:00:00 2001
From: Qinqi Qu <quqinqi@linux.alibaba.com>
Date: Wed, 2 Aug 2023 16:13:09 +0800
Subject: [PATCH 1/3] deps: update tar-rs to handle very large uid/gid in image
 unpack

update tar-rs to support read large uid/gid from PAX extensions to
fix very large UIDs/GIDs (>=2097151, limit of USTAR tar) lost in
PAX style tar during unpack.

Signed-off-by: Qinqi Qu <quqinqi@linux.alibaba.com>
---
 Cargo.lock                     | 5 ++---
 Cargo.toml                     | 4 ++++
 misc/top_images/image_list.txt | 1 +
 3 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index 6c877b4d005..8612e7307fd 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -1759,9 +1759,8 @@ dependencies = [
 
 [[package]]
 name = "tar"
-version = "0.4.38"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4b55807c0344e1e6c04d7c965f5289c39a8d94ae23ed5c0b57aabac549f871c6"
+version = "0.4.39"
+source = "git+https://github.com/nydusaccelerator/tar-rs.git#17f97d22c66d0d6137665844ac8f8ef5a007255c"
 dependencies = [
  "filetime",
  "libc",
diff --git a/Cargo.toml b/Cargo.toml
index 3e85c58271e..8cf2beb61fc 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -107,3 +107,7 @@ backend-s3 = ["nydus-storage/backend-s3"]
 
 [workspace]
 members = ["api", "builder", "clib", "rafs", "storage", "service", "utils"]
+
+[patch.crates-io]
+# Due to the slow processing of PR by the upstream, temporarily fork tar-rs for this project
+tar = { git = "https://github.com/nydusaccelerator/tar-rs.git" }
\ No newline at end of file
diff --git a/misc/top_images/image_list.txt b/misc/top_images/image_list.txt
index f96349211d8..2468175f476 100644
--- a/misc/top_images/image_list.txt
+++ b/misc/top_images/image_list.txt
@@ -43,3 +43,4 @@ kong
 solr
 sentry
 zookeeper
+ghcr.io/dragonflyoss/image-service/pax-uid-test
\ No newline at end of file

From 89d402794b8125760b56bd8c11f2266afc5d13e8 Mon Sep 17 00:00:00 2001
From: Qinqi Qu <quqinqi@linux.alibaba.com>
Date: Thu, 3 Aug 2023 11:31:27 +0800
Subject: [PATCH 2/3] misc: remove vault from the image_list, because it
 doesn't have latest tag

Signed-off-by: Qinqi Qu <quqinqi@linux.alibaba.com>
---
 misc/top_images/image_list.txt | 1 -
 1 file changed, 1 deletion(-)

diff --git a/misc/top_images/image_list.txt b/misc/top_images/image_list.txt
index 2468175f476..437cadf0cca 100644
--- a/misc/top_images/image_list.txt
+++ b/misc/top_images/image_list.txt
@@ -31,7 +31,6 @@ php
 bash
 caddy
 telegraf
-vault
 couchdb
 eclipse-mosquitto
 cassandra

From 7331b3b0c5d8bc3d32833c9e0732884f16cf0a35 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 7 Sep 2023 13:03:32 +0000
Subject: [PATCH 3/3] build(deps): bump github.com/cyphar/filepath-securejoin

Bumps [github.com/cyphar/filepath-securejoin](https://github.com/cyphar/filepath-securejoin) from 0.2.3 to 0.2.4.
- [Release notes](https://github.com/cyphar/filepath-securejoin/releases)
- [Commits](https://github.com/cyphar/filepath-securejoin/compare/v0.2.3...v0.2.4)

---
updated-dependencies:
- dependency-name: github.com/cyphar/filepath-securejoin
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 contrib/nydusify/go.mod | 2 +-
 contrib/nydusify/go.sum | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/contrib/nydusify/go.mod b/contrib/nydusify/go.mod
index f82afcd999a..41efdba49d9 100644
--- a/contrib/nydusify/go.mod
+++ b/contrib/nydusify/go.mod
@@ -60,7 +60,7 @@ require (
 	github.com/containerd/typeurl/v2 v2.1.1 // indirect
 	github.com/containers/ocicrypt v1.1.7 // indirect
 	github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect
-	github.com/cyphar/filepath-securejoin v0.2.3 // indirect
+	github.com/cyphar/filepath-securejoin v0.2.4 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/docker/docker v23.0.3+incompatible // indirect
 	github.com/docker/docker-credential-helpers v0.7.0 // indirect
diff --git a/contrib/nydusify/go.sum b/contrib/nydusify/go.sum
index 6cb233070cd..38cbb5549ab 100644
--- a/contrib/nydusify/go.sum
+++ b/contrib/nydusify/go.sum
@@ -83,8 +83,9 @@ github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:ma
 github.com/cpuguy83/go-md2man/v2 v2.0.2 h1:p1EgwI/C7NhT0JmVkwCD2ZBK8j4aeHQX2pMHHBfMQ6w=
 github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
-github.com/cyphar/filepath-securejoin v0.2.3 h1:YX6ebbZCZP7VkM3scTTokDgBL2TY741X51MTk3ycuNI=
 github.com/cyphar/filepath-securejoin v0.2.3/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4=
+github.com/cyphar/filepath-securejoin v0.2.4 h1:Ugdm7cg7i6ZK6x3xDF1oEu1nfkyfH53EtKeQYTC3kyg=
+github.com/cyphar/filepath-securejoin v0.2.4/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=