@@ -9,8 +9,8 @@ import (

 	"github.com/docker/docker/pkg/longpath"

 	"github.com/docker/docker/pkg/system"

 	"github.com/docker/docker/pkg/tarsum"

-	"github.com/moby/go-archive"

 	"github.com/moby/go-archive/chrootarchive"

+	"github.com/moby/go-archive/compression"

 	"github.com/moby/sys/symlink"

 	"github.com/pkg/errors"

 )

@@ -66,7 +66,7 @@ func FromArchive(tarStream io.Reader) (builder.Source, error) {

 		}

 	}()

-	decompressedStream, err := archive.DecompressStream(tarStream)

+	decompressedStream, err := compression.DecompressStream(tarStream)

 	if err != nil {

 		return nil, err

 	}

@@ -19,7 +19,7 @@ import (

 	"github.com/docker/docker/daemon/images"

 	"github.com/docker/docker/errdefs"

 	"github.com/docker/docker/pkg/streamformatter"

-	dockerarchive "github.com/moby/go-archive"

+	"github.com/moby/go-archive/compression"

 	ocispec "github.com/opencontainers/image-spec/specs-go/v1"

 	"github.com/pkg/errors"

 )

@@ -230,7 +230,7 @@ func (i *ImageService) leaseContent(ctx context.Context, store content.Store, de

 // complement of ExportImage.  The input stream is an uncompressed tar

 // ball containing images and metadata.

 func (i *ImageService) LoadImage(ctx context.Context, inTar io.ReadCloser, platform *ocispec.Platform, outStream io.Writer, quiet bool) error {

-	decompressed, err := dockerarchive.DecompressStream(inTar)

+	decompressed, err := compression.DecompressStream(inTar)

 	if err != nil {

 		return errors.Wrap(err, "failed to decompress input tar archive")

 	}

@@ -23,7 +23,7 @@ import (

 	"github.com/docker/docker/pkg/pools"

 	"github.com/google/uuid"

 	imagespec "github.com/moby/docker-image-spec/specs-go/v1"

-	"github.com/moby/go-archive"

+	"github.com/moby/go-archive/compression"

 	"github.com/opencontainers/go-digest"

 	"github.com/opencontainers/image-spec/specs-go"

 	ocispec "github.com/opencontainers/image-spec/specs-go/v1"

@@ -168,17 +168,17 @@ func saveArchive(ctx context.Context, cs content.Store, layerReader io.Reader) (

 	bufRd := p.Get(layerReader)

 	defer p.Put(bufRd)

-	compression, err := detectCompression(bufRd)

+	comp, err := detectCompression(bufRd)

 	if err != nil {

 		return "", "", "", err

 	}

 	var uncompressedReader io.Reader = bufRd

-	switch compression {

-	case archive.Gzip, archive.Zstd:

+	switch comp {

+	case compression.Gzip, compression.Zstd:

 		// If the input is already a compressed layer, just save it as is.

 		mediaType := ocispec.MediaTypeImageLayerGzip

-		if compression == archive.Zstd {

+		if comp == compression.Zstd {

 			mediaType = ocispec.MediaTypeImageLayerZstd

 		}

@@ -188,19 +188,17 @@ func saveArchive(ctx context.Context, cs content.Store, layerReader io.Reader) (

 		}

 		return compressedDigest, uncompressedDigest, mediaType, nil

-	case archive.Bzip2, archive.Xz:

-		r, err := archive.DecompressStream(bufRd)

+	case compression.Bzip2, compression.Xz:

+		r, err := compression.DecompressStream(bufRd)

 		if err != nil {

 			return "", "", "", errdefs.InvalidParameter(err)

 		}

 		defer r.Close()

 		uncompressedReader = r

 		fallthrough

-	case archive.Uncompressed:

+	case compression.None:

 		mediaType := ocispec.MediaTypeImageLayerGzip

-		compression := archive.Gzip

-

-		compressedDigest, uncompressedDigest, err := compressAndWriteBlob(ctx, cs, compression, mediaType, uncompressedReader)

+		compressedDigest, uncompressedDigest, err := compressAndWriteBlob(ctx, cs, compression.Gzip, mediaType, uncompressedReader)

 		if err != nil {

 			return "", "", "", err

 		}

@@ -228,7 +226,7 @@ func writeCompressedBlob(ctx context.Context, cs content.Store, mediaType string

 	digester := digest.Canonical.Digester()

 	// Decompress the piped blob.

-	decompressedStream, err := archive.DecompressStream(pr)

+	decompressedStream, err := compression.DecompressStream(pr)

 	if err == nil {

 		// Feed the digester with decompressed data.

 		_, err = io.Copy(digester.Hash(), decompressedStream)

@@ -249,12 +247,12 @@ func writeCompressedBlob(ctx context.Context, cs content.Store, mediaType string

 }

 // compressAndWriteBlob compresses the uncompressedReader and stores it in the content store.

-func compressAndWriteBlob(ctx context.Context, cs content.Store, compression archive.Compression, mediaType string, uncompressedLayerReader io.Reader) (digest.Digest, digest.Digest, error) {

+func compressAndWriteBlob(ctx context.Context, cs content.Store, comp compression.Compression, mediaType string, uncompressedLayerReader io.Reader) (digest.Digest, digest.Digest, error) {

 	pr, pw := io.Pipe()

 	defer pr.Close()

 	defer pw.Close()

-	compressor, err := archive.CompressStream(pw, compression)

+	compressor, err := compression.CompressStream(pw, comp)

 	if err != nil {

 		return "", "", errdefs.InvalidParameter(err)

 	}

@@ -312,7 +310,7 @@ func (i *ImageService) unpackImage(ctx context.Context, snapshotter string, img

 }

 // detectCompression detects the reader compression type.

-func detectCompression(bufRd *bufio.Reader) (archive.Compression, error) {

+func detectCompression(bufRd *bufio.Reader) (compression.Compression, error) {

 	bs, err := bufRd.Peek(10)

 	if err != nil && err != io.EOF {

 		// Note: we'll ignore any io.EOF error because there are some odd

@@ -321,10 +319,10 @@ func detectCompression(bufRd *bufio.Reader) (archive.Compression, error) {

 		// cases we'll just treat it as a non-compressed stream and

 		// that means just create an empty layer.

 		// See Issue 18170

-		return archive.Uncompressed, errdefs.Unknown(err)

+		return compression.None, errdefs.Unknown(err)

 	}

-	return archive.DetectCompression(bs), nil

+	return compression.Detect(bs), nil

 }

 // fillUncompressedLabel sets the uncompressed digest label on the compressed blob metadata

@@ -15,7 +15,7 @@ import (

 	"github.com/docker/docker/errdefs"

 	"github.com/docker/docker/image"

 	"github.com/docker/docker/layer"

-	"github.com/moby/go-archive"

+	"github.com/moby/go-archive/compression"

 	ocispec "github.com/opencontainers/image-spec/specs-go/v1"

 )

@@ -40,7 +40,7 @@ func (i *ImageService) ImportImage(ctx context.Context, newRef reference.Named,

 		return "", errdefs.InvalidParameter(err)

 	}

-	inflatedLayerData, err := archive.DecompressStream(layerReader)

+	inflatedLayerData, err := compression.DecompressStream(layerReader)

 	if err != nil {

 		return "", err

 	}

@@ -13,7 +13,7 @@ import (

 	"github.com/docker/docker/layer"

 	"github.com/docker/docker/pkg/ioutils"

 	"github.com/docker/docker/pkg/progress"

-	"github.com/moby/go-archive"

+	"github.com/moby/go-archive/compression"

 )

 const maxDownloadAttempts = 5

@@ -338,7 +338,7 @@ func (ldm *LayerDownloadManager) makeDownloadFunc(descriptor DownloadDescriptor,

 			reader := progress.NewProgressReader(ioutils.NewCancelReadCloser(d.transfer.context(), downloadReader), progressOutput, size, descriptor.ID(), "Extracting")

 			defer reader.Close()

-			inflatedLayerData, err := archive.DecompressStream(reader)

+			inflatedLayerData, err := compression.DecompressStream(reader)

 			if err != nil {

 				d.err = fmt.Errorf("could not get decompression stream: %v", err)

 				return

@@ -23,8 +23,8 @@ import (

 	"github.com/docker/docker/pkg/progress"

 	"github.com/docker/docker/pkg/streamformatter"

 	"github.com/docker/docker/pkg/stringid"

-	"github.com/moby/go-archive"

 	"github.com/moby/go-archive/chrootarchive"

+	"github.com/moby/go-archive/compression"

 	"github.com/moby/sys/sequential"

 	"github.com/moby/sys/symlink"

 	"github.com/opencontainers/go-digest"

@@ -231,7 +231,7 @@ func (l *tarexporter) loadLayer(ctx context.Context, filename string, rootFS ima

 		r = rawTar

 	}

-	inflatedLayerData, err := archive.DecompressStream(ioutils.NewCtxReader(ctx, r))

+	inflatedLayerData, err := compression.DecompressStream(ioutils.NewCtxReader(ctx, r))

 	if err != nil {

 		return nil, err

 	}

@@ -26,6 +26,7 @@ import (

 	"github.com/docker/docker/testutil/fakestorage"

 	"github.com/moby/buildkit/frontend/dockerfile/command"

 	"github.com/moby/go-archive"

+	"github.com/moby/go-archive/compression"

 	"github.com/opencontainers/go-digest"

 	"gotest.tools/v3/assert"

 	is "gotest.tools/v3/assert/cmp"

@@ -2008,7 +2009,7 @@ func (s *DockerCLIBuildSuite) TestBuildAddLocalAndRemoteFilesWithAndWithoutCache

 	}

 }

-func testContextTar(c *testing.T, compression archive.Compression) {

+func testContextTar(c *testing.T, comp compression.Compression) {

 	ctx := fakecontext.New(c, "",

 		fakecontext.WithDockerfile(`FROM busybox

 ADD foo /foo

@@ -2018,13 +2019,13 @@ CMD ["cat", "/foo"]`),

 		}),

 	)

 	defer ctx.Close()

-	context, err := archive.Tar(ctx.Dir, compression)

+	buildContext, err := archive.Tar(ctx.Dir, comp)

 	if err != nil {

 		c.Fatalf("failed to build context tar: %v", err)

 	}

 	const name = "contexttar"

-	cli.BuildCmd(c, name, build.WithStdinContext(context))

+	cli.BuildCmd(c, name, build.WithStdinContext(buildContext))

 }

 func (s *DockerCLIBuildSuite) TestBuildContextTarGzip(c *testing.T) {

@@ -23,7 +23,7 @@ import (

 	"github.com/docker/docker/internal/testutils"

 	"github.com/docker/docker/internal/testutils/specialimage"

 	"github.com/docker/docker/testutil/fakecontext"

-	"github.com/moby/go-archive"

+	"github.com/moby/go-archive/compression"

 	"github.com/opencontainers/go-digest"

 	ocispec "github.com/opencontainers/image-spec/specs-go/v1"

 	"gotest.tools/v3/assert"

@@ -360,7 +360,7 @@ RUN touch /opt/a/b/c && chown user:user /opt/a/b/c`

 func listTar(f io.Reader) ([]string, error) {

 	// If using the containerd snapshotter, the tar file may be compressed

-	dec, err := archive.DecompressStream(f)

+	dec, err := compression.DecompressStream(f)

 	if err != nil {

 		return nil, err

 	}

@@ -3,13 +3,13 @@ package testutils

 import (

 	"io"

-	"github.com/moby/go-archive"

+	"github.com/moby/go-archive/compression"

 	"github.com/opencontainers/go-digest"

 )

 // UncompressedTarDigest returns the canonical digest of the uncompressed tar stream.

 func UncompressedTarDigest(compressedTar io.Reader) (digest.Digest, error) {

-	rd, err := archive.DecompressStream(compressedTar)

+	rd, err := compression.DecompressStream(compressedTar)

 	if err != nil {

 		return "", err

 	}

@@ -8,6 +8,8 @@ import (

 	"github.com/docker/docker/pkg/idtools"

 	"github.com/moby/go-archive"

+	"github.com/moby/go-archive/compression"

+	"github.com/moby/go-archive/tarheader"

 )

 // ImpliedDirectoryMode represents the mode (Unix permissions) applied to directories that are implied by files in a

@@ -19,8 +21,8 @@ const ImpliedDirectoryMode = archive.ImpliedDirectoryMode

 type (

 	// Compression is the state represents if compressed or not.

 	//

-	// Deprecated: use [archive.Compression] instead.

-	Compression = archive.Compression

+	// Deprecated: use [compression.Compression] instead.

+	Compression = compression.Compression

 	// WhiteoutFormat is the format of whiteouts unpacked

 	//

 	// Deprecated: use [archive.WhiteoutFormat] instead.

@@ -32,7 +34,7 @@ type (

 	TarOptions struct {

 		IncludeFiles     []string

 		ExcludePatterns  []string

-		Compression      archive.Compression

+		Compression      compression.Compression

 		NoLchown         bool

 		IDMap            idtools.IdentityMapping

 		ChownOpts        *idtools.Identity

@@ -75,11 +77,11 @@ func NewDefaultArchiver() *Archiver {

 }

 const (

-	Uncompressed = archive.Uncompressed // Deprecated: use [archive.Uncompressed] instead.

-	Bzip2        = archive.Bzip2        // Deprecated: use [archive.Bzip2] instead.

-	Gzip         = archive.Gzip         // Deprecated: use [archive.Gzip] instead.

-	Xz           = archive.Xz           // Deprecated: use [archive.Xz] instead.

-	Zstd         = archive.Zstd         // Deprecated: use [archive.Zstd] instead.

+	Uncompressed = compression.None  // Deprecated: use [compression.None] instead.

+	Bzip2        = compression.Bzip2 // Deprecated: use [compression.Bzip2] instead.

+	Gzip         = compression.Gzip  // Deprecated: use [compression.Gzip] instead.

+	Xz           = compression.Xz    // Deprecated: use [compression.Xz] instead.

+	Zstd         = compression.Zstd  // Deprecated: use [compression.Zstd] instead.

 )

 const (

@@ -97,23 +99,23 @@ func IsArchivePath(path string) bool {

 // DetectCompression detects the compression algorithm of the source.

 //

-// Deprecated: use [archive.DetectCompression] instead.

+// Deprecated: use [compression.Detect] instead.

 func DetectCompression(source []byte) archive.Compression {

-	return archive.DetectCompression(source)

+	return compression.Detect(source)

 }

 // DecompressStream decompresses the archive and returns a ReaderCloser with the decompressed archive.

 //

-// Deprecated: use [archive.DecompressStream] instead.

+// Deprecated: use [compression.DecompressStream] instead.

 func DecompressStream(arch io.Reader) (io.ReadCloser, error) {

-	return archive.DecompressStream(arch)

+	return compression.DecompressStream(arch)

 }

 // CompressStream compresses the dest with specified compression algorithm.

 //

-// Deprecated: use [archive.CompressStream] instead.

-func CompressStream(dest io.Writer, compression archive.Compression) (io.WriteCloser, error) {

-	return archive.CompressStream(dest, compression)

+// Deprecated: use [compression.CompressStream] instead.

+func CompressStream(dest io.Writer, comp compression.Compression) (io.WriteCloser, error) {

+	return compression.CompressStream(dest, comp)

 }

 // TarModifierFunc is a function that can be passed to ReplaceFileTarWrapper.

@@ -130,9 +132,9 @@ func ReplaceFileTarWrapper(inputTarStream io.ReadCloser, mods map[string]archive

 // FileInfoHeaderNoLookups creates a partially-populated tar.Header from fi.

 //

-// Deprecated: use [archive.FileInfoHeaderNoLookups] instead.

+// Deprecated: use [tarheader.FileInfoHeaderNoLookups] instead.

 func FileInfoHeaderNoLookups(fi os.FileInfo, link string) (*tar.Header, error) {

-	return archive.FileInfoHeaderNoLookups(fi, link)

+	return tarheader.FileInfoHeaderNoLookups(fi, link)

 }

 // FileInfoHeader creates a populated Header from fi.

@@ -4,6 +4,7 @@ import (

 	"io"

 	"github.com/moby/go-archive"

+	"github.com/moby/go-archive/compression"

 )

 var (

@@ -51,7 +52,7 @@ func TarResourceRebase(sourcePath, rebaseName string) (content io.ReadCloser, _

 func TarResourceRebaseOpts(sourceBase string, rebaseName string) *TarOptions {

 	filter := []string{sourceBase}

 	return &TarOptions{

-		Compression:      archive.Uncompressed,

+		Compression:      compression.None,

 		IncludeFiles:     filter,

 		IncludeSourceDir: true,

 		RebaseNames: map[string]string{

@@ -64,7 +64,7 @@ require (

 	github.com/mitchellh/copystructure v1.2.0

 	github.com/moby/buildkit v0.21.0

 	github.com/moby/docker-image-spec v1.3.1

-	github.com/moby/go-archive v0.0.0-20250404171912-21f3f3385ab7

+	github.com/moby/go-archive v0.1.0

 	github.com/moby/ipvs v1.1.0

 	github.com/moby/locker v1.0.1

 	github.com/moby/patternmatcher v0.6.0

@@ -387,8 +387,8 @@ github.com/moby/buildkit v0.21.0 h1:+z4vVqgt0spLrOSxi4DLedRbIh2gbNVlZ5q4rsnNp60=

 github.com/moby/buildkit v0.21.0/go.mod h1:mBq0D44uCyz2PdX8T/qym5LBbkBO3GGv0wqgX9ABYYw=

 github.com/moby/docker-image-spec v1.3.1 h1:jMKff3w6PgbfSa69GfNg+zN/XLhfXJGnEx3Nl2EsFP0=

 github.com/moby/docker-image-spec v1.3.1/go.mod h1:eKmb5VW8vQEh/BAr2yvVNvuiJuY6UIocYsFu/DxxRpo=

-github.com/moby/go-archive v0.0.0-20250404171912-21f3f3385ab7 h1:CWAY9uG9JhmLmnM7T64+bV0C9IraDrvxEwXq1HJ7hhk=

-github.com/moby/go-archive v0.0.0-20250404171912-21f3f3385ab7/go.mod h1:G9B+YoujNohJmrIYFBpSd54GTUB4lt9S+xVQvsJyFuo=

+github.com/moby/go-archive v0.1.0 h1:Kk/5rdW/g+H8NHdJW2gsXyZ7UnzvJNOy6VKJqueWdcQ=

+github.com/moby/go-archive v0.1.0/go.mod h1:G9B+YoujNohJmrIYFBpSd54GTUB4lt9S+xVQvsJyFuo=

 github.com/moby/ipvs v1.1.0 h1:ONN4pGaZQgAx+1Scz5RvWV4Q7Gb+mvfRh3NsPS+1XQQ=

 github.com/moby/ipvs v1.1.0/go.mod h1:4VJMWuf098bsUMmZEiD4Tjk/O7mOn3l1PTD3s4OoYAs=

 github.com/moby/locker v1.0.1 h1:fOXqR41zeveg4fFODix+1Ch4mj/gT0NE1XJbp/epuBg=

new file mode 100644

@@ -0,0 +1,2 @@

+*.go -text diff=golang

+*.go text eol=lf

new file mode 100644

@@ -0,0 +1 @@

+/coverage.txt

new file mode 100644

@@ -0,0 +1,33 @@

+version: "2"

+

+issues:

+  # Disable maximum issues count per one linter.

+  max-issues-per-linter: 0

+  # Disable maximum count of issues with the same text.

+  max-same-issues: 0

+

+linters:

+  enable:

+    - errorlint

+    - unconvert

+    - unparam

+  exclusions:

+    generated: disable

+    presets:

+      - comments

+      - std-error-handling

+  settings:

+    staticcheck:

+      # Enable all options, with some exceptions.

+      # For defaults, see https://golangci-lint.run/usage/linters/#staticcheck

+      checks:

+        - all

+        - -QF1008     # Omit embedded fields from selector expression; https://staticcheck.dev/docs/checks/#QF1008

+        - -ST1003     # Poorly chosen identifier; https://staticcheck.dev/docs/checks/#ST1003

+

+formatters:

+  enable:

+    - gofumpt

+    - goimports

+  exclusions:

+    generated: disable

@@ -3,32 +3,24 @@ package archive

 import (

 	"archive/tar"

-	"bufio"

-	"bytes"

-	"compress/bzip2"

-	"compress/gzip"

 	"context"

-	"encoding/binary"

 	"errors"

 	"fmt"

 	"io"

 	"os"

-	"os/exec"

 	"path/filepath"

 	"runtime"

-	"runtime/debug"

-	"strconv"

 	"strings"

-	"sync"

-	"sync/atomic"

 	"syscall"

 	"time"

 	"github.com/containerd/log"

-	"github.com/klauspost/compress/zstd"

 	"github.com/moby/patternmatcher"

 	"github.com/moby/sys/sequential"

 	"github.com/moby/sys/user"

+

+	"github.com/moby/go-archive/compression"

+	"github.com/moby/go-archive/tarheader"

 )

 // ImpliedDirectoryMode represents the mode (Unix permissions) applied to directories that are implied by files in a

@@ -45,7 +37,9 @@ const ImpliedDirectoryMode = 0o755

 type (

 	// Compression is the state represents if compressed or not.

-	Compression int

+	//

+	// Deprecated: use [compression.Compression].

+	Compression = compression.Compression

 	// WhiteoutFormat is the format of whiteouts unpacked

 	WhiteoutFormat int

@@ -58,7 +52,7 @@ type (

 	TarOptions struct {

 		IncludeFiles     []string

 		ExcludePatterns  []string

-		Compression      Compression

+		Compression      compression.Compression

 		NoLchown         bool

 		IDMap            user.IdentityMapping

 		ChownOpts        *ChownOpts

@@ -102,11 +96,11 @@ func NewDefaultArchiver() *Archiver {

 type breakoutError error

 const (

-	Uncompressed Compression = 0 // Uncompressed represents the uncompressed.

-	Bzip2        Compression = 1 // Bzip2 is bzip2 compression algorithm.

-	Gzip         Compression = 2 // Gzip is gzip compression algorithm.

-	Xz           Compression = 3 // Xz is xz compression algorithm.

-	Zstd         Compression = 4 // Zstd is zstd compression algorithm.

+	Uncompressed = compression.None  // Deprecated: use [compression.None].

+	Bzip2        = compression.Bzip2 // Deprecated: use [compression.Bzip2].

+	Gzip         = compression.Gzip  // Deprecated: use [compression.Gzip].

+	Xz           = compression.Xz    // Deprecated: use [compression.Xz].

+	Zstd         = compression.Zstd  // Deprecated: use [compression.Zstd].

 )

 const (

@@ -122,7 +116,7 @@ func IsArchivePath(path string) bool {

 		return false

 	}

 	defer file.Close()

-	rdr, err := DecompressStream(file)

+	rdr, err := compression.DecompressStream(file)

 	if err != nil {

 		return false

 	}

@@ -132,242 +126,25 @@ func IsArchivePath(path string) bool {

 	return err == nil

 }

-const (

-	zstdMagicSkippableStart = 0x184D2A50

-	zstdMagicSkippableMask  = 0xFFFFFFF0

-)

-

-var (

-	bzip2Magic = []byte{0x42, 0x5A, 0x68}

-	gzipMagic  = []byte{0x1F, 0x8B, 0x08}

-	xzMagic    = []byte{0xFD, 0x37, 0x7A, 0x58, 0x5A, 0x00}

-	zstdMagic  = []byte{0x28, 0xb5, 0x2f, 0xfd}

-)

-

-type matcher = func([]byte) bool

-

-func magicNumberMatcher(m []byte) matcher {

-	return func(source []byte) bool {

-		return bytes.HasPrefix(source, m)

-	}

-}

-

-// zstdMatcher detects zstd compression algorithm.

-// Zstandard compressed data is made of one or more frames.

-// There are two frame formats defined by Zstandard: Zstandard frames and Skippable frames.

-// See https://datatracker.ietf.org/doc/html/rfc8878#section-3 for more details.

-func zstdMatcher() matcher {

-	return func(source []byte) bool {

-		if bytes.HasPrefix(source, zstdMagic) {

-			// Zstandard frame

-			return true

-		}

-		// skippable frame

-		if len(source) < 8 {

-			return false

-		}

-		// magic number from 0x184D2A50 to 0x184D2A5F.

-		if binary.LittleEndian.Uint32(source[:4])&zstdMagicSkippableMask == zstdMagicSkippableStart {

-			return true

-		}

-		return false

-	}

-}

-

 // DetectCompression detects the compression algorithm of the source.

-func DetectCompression(source []byte) Compression {

-	compressionMap := map[Compression]matcher{

-		Bzip2: magicNumberMatcher(bzip2Magic),

-		Gzip:  magicNumberMatcher(gzipMagic),

-		Xz:    magicNumberMatcher(xzMagic),

-		Zstd:  zstdMatcher(),

-	}

-	for _, compression := range []Compression{Bzip2, Gzip, Xz, Zstd} {

-		fn := compressionMap[compression]

-		if fn(source) {

-			return compression

-		}

-	}

-	return Uncompressed

-}

-

-func xzDecompress(ctx context.Context, archive io.Reader) (io.ReadCloser, error) {

-	args := []string{"xz", "-d", "-c", "-q"}

-

-	return cmdStream(exec.CommandContext(ctx, args[0], args[1:]...), archive)

-}

-

-func gzDecompress(ctx context.Context, buf io.Reader) (io.ReadCloser, error) {

-	if noPigzEnv := os.Getenv("MOBY_DISABLE_PIGZ"); noPigzEnv != "" {

-		noPigz, err := strconv.ParseBool(noPigzEnv)

-		if err != nil {

-			log.G(ctx).WithError(err).Warn("invalid value in MOBY_DISABLE_PIGZ env var")

-		}

-		if noPigz {

-			log.G(ctx).Debugf("Use of pigz is disabled due to MOBY_DISABLE_PIGZ=%s", noPigzEnv)

-			return gzip.NewReader(buf)

-		}

-	}

-

-	unpigzPath, err := exec.LookPath("unpigz")

-	if err != nil {

-		log.G(ctx).Debugf("unpigz binary not found, falling back to go gzip library")

-		return gzip.NewReader(buf)

-	}

-

-	log.G(ctx).Debugf("Using %s to decompress", unpigzPath)

-

-	return cmdStream(exec.CommandContext(ctx, unpigzPath, "-d", "-c"), buf)

-}

-

-type readCloserWrapper struct {

-	io.Reader

-	closer func() error

-	closed atomic.Bool

-}

-

-func (r *readCloserWrapper) Close() error {

-	if !r.closed.CompareAndSwap(false, true) {

-		log.G(context.TODO()).Error("subsequent attempt to close readCloserWrapper")

-		if log.GetLevel() >= log.DebugLevel {

-			log.G(context.TODO()).Errorf("stack trace: %s", string(debug.Stack()))

-		}

-

-		return nil

-	}

-	if r.closer != nil {

-		return r.closer()

-	}

-	return nil

-}

-

-var bufioReader32KPool = &sync.Pool{

-	New: func() interface{} { return bufio.NewReaderSize(nil, 32*1024) },

-}

-

-type bufferedReader struct {

-	buf *bufio.Reader

-}

-

-func newBufferedReader(r io.Reader) *bufferedReader {

-	buf := bufioReader32KPool.Get().(*bufio.Reader)

-	buf.Reset(r)

-	return &bufferedReader{buf}

-}

-

-func (r *bufferedReader) Read(p []byte) (int, error) {

-	if r.buf == nil {

-		return 0, io.EOF

-	}

-	n, err := r.buf.Read(p)

-	if err == io.EOF {

-		r.buf.Reset(nil)

-		bufioReader32KPool.Put(r.buf)

-		r.buf = nil

-	}

-	return n, err

-}

-

-func (r *bufferedReader) Peek(n int) ([]byte, error) {

-	if r.buf == nil {

-		return nil, io.EOF

-	}

-	return r.buf.Peek(n)

+//

+// Deprecated: use [compression.Detect].

+func DetectCompression(source []byte) compression.Compression {

+	return compression.Detect(source)

 }

 // DecompressStream decompresses the archive and returns a ReaderCloser with the decompressed archive.

+//

+// Deprecated: use [compression.DecompressStream].

 func DecompressStream(archive io.Reader) (io.ReadCloser, error) {

-	buf := newBufferedReader(archive)

-	bs, err := buf.Peek(10)

-	if err != nil && err != io.EOF {

-		// Note: we'll ignore any io.EOF error because there are some odd

-		// cases where the layer.tar file will be empty (zero bytes) and

-		// that results in an io.EOF from the Peek() call. So, in those

-		// cases we'll just treat it as a non-compressed stream and

-		// that means just create an empty layer.

-		// See Issue 18170

-		return nil, err

-	}

-

-	compression := DetectCompression(bs)

-	switch compression {

-	case Uncompressed:

-		return &readCloserWrapper{

-			Reader: buf,

-		}, nil

-	case Gzip:

-		ctx, cancel := context.WithCancel(context.Background())

-

-		gzReader, err := gzDecompress(ctx, buf)

-		if err != nil {

-			cancel()

-			return nil, err

-		}

-		return &readCloserWrapper{

-			Reader: gzReader,

-			closer: func() error {

-				cancel()

-				return gzReader.Close()

-			},

-		}, nil

-	case Bzip2:

-		bz2Reader := bzip2.NewReader(buf)

-		return &readCloserWrapper{

-			Reader: bz2Reader,

-		}, nil

-	case Xz:

-		ctx, cancel := context.WithCancel(context.Background())

-

-		xzReader, err := xzDecompress(ctx, buf)

-		if err != nil {

-			cancel()

-			return nil, err

-		}

-

-		return &readCloserWrapper{

-			Reader: xzReader,

-			closer: func() error {

-				cancel()

-				return xzReader.Close()

-			},

-		}, nil

-	case Zstd:

-		zstdReader, err := zstd.NewReader(buf)

-		if err != nil {

-			return nil, err

-		}

-		return &readCloserWrapper{

-			Reader: zstdReader,

-			closer: func() error {

-				zstdReader.Close()

-				return nil

-			},

-		}, nil

-	default:

-		return nil, fmt.Errorf("Unsupported compression format %s", (&compression).Extension())

-	}

+	return compression.DecompressStream(archive)

 }

-type nopWriteCloser struct {

-	io.Writer

-}

-

-func (nopWriteCloser) Close() error { return nil }

-

 // CompressStream compresses the dest with specified compression algorithm.

-func CompressStream(dest io.Writer, compression Compression) (io.WriteCloser, error) {

-	switch compression {

-	case Uncompressed:

-		return nopWriteCloser{dest}, nil

-	case Gzip:

-		return gzip.NewWriter(dest), nil

-	case Bzip2, Xz:

-		// archive/bzip2 does not support writing, and there is no xz support at all

-		// However, this is not a problem as docker only currently generates gzipped tars

-		return nil, fmt.Errorf("Unsupported compression format %s", (&compression).Extension())

-	default:

-		return nil, fmt.Errorf("Unsupported compression format %s", (&compression).Extension())

-	}

+//

+// Deprecated: use [compression.CompressStream].

+func CompressStream(dest io.Writer, comp compression.Compression) (io.WriteCloser, error) {

+	return compression.CompressStream(dest, comp)

 }

 // TarModifierFunc is a function that can be passed to ReplaceFileTarWrapper to

@@ -416,7 +193,7 @@ func ReplaceFileTarWrapper(inputTarStream io.ReadCloser, mods map[string]TarModi

 		var originalHeader *tar.Header

 		for {

 			originalHeader, err = tarReader.Next()

-			if err == io.EOF {

+			if errors.Is(err, io.EOF) {

 				break

 			}

 			if err != nil {

@@ -458,90 +235,11 @@ func ReplaceFileTarWrapper(inputTarStream io.ReadCloser, mods map[string]TarModi

 	return pipeReader

 }

-// Extension returns the extension of a file that uses the specified compression algorithm.

-func (compression *Compression) Extension() string {

-	switch *compression {

-	case Uncompressed:

-		return "tar"

-	case Bzip2:

-		return "tar.bz2"

-	case Gzip:

-		return "tar.gz"

-	case Xz:

-		return "tar.xz"

-	case Zstd:

-		return "tar.zst"

-	}

-	return ""

-}

-

-// assert that we implement [tar.FileInfoNames].

-//

-// TODO(thaJeztah): disabled to allow compiling on < go1.23. un-comment once we drop support for older versions of go.

-// var _ tar.FileInfoNames = (*nosysFileInfo)(nil)

-

-// nosysFileInfo hides the system-dependent info of the wrapped FileInfo to

-// prevent tar.FileInfoHeader from introspecting it and potentially calling into

-// glibc.

-//

-// It implements [tar.FileInfoNames] to further prevent [tar.FileInfoHeader]

-// from performing any lookups on go1.23 and up. see https://go.dev/issue/50102

-type nosysFileInfo struct {

-	os.FileInfo

-}

-

-// Uname stubs out looking up username. It implements [tar.FileInfoNames]

-// to prevent [tar.FileInfoHeader] from loading libraries to perform

-// username lookups.

-func (fi nosysFileInfo) Uname() (string, error) {

-	return "", nil

-}

-

-// Gname stubs out looking up group-name. It implements [tar.FileInfoNames]

-// to prevent [tar.FileInfoHeader] from loading libraries to perform

-// username lookups.

-func (fi nosysFileInfo) Gname() (string, error) {

-	return "", nil

-}

-

-func (fi nosysFileInfo) Sys() interface{} {

-	// A Sys value of type *tar.Header is safe as it is system-independent.

-	// The tar.FileInfoHeader function copies the fields into the returned

-	// header without performing any OS lookups.

-	if sys, ok := fi.FileInfo.Sys().(*tar.Header); ok {

-		return sys

-	}

-	return nil

-}

-

-// sysStat, if non-nil, populates hdr from system-dependent fields of fi.

-var sysStat func(fi os.FileInfo, hdr *tar.Header) error

-

 // FileInfoHeaderNoLookups creates a partially-populated tar.Header from fi.

 //

-// Compared to the archive/tar.FileInfoHeader function, this function is safe to

-// call from a chrooted process as it does not populate fields which would

-// require operating system lookups. It behaves identically to

-// tar.FileInfoHeader when fi is a FileInfo value returned from

-// tar.Header.FileInfo().

-//

-// When fi is a FileInfo for a native file, such as returned from os.Stat() and

-// os.Lstat(), the returned Header value differs from one returned from

-// tar.FileInfoHeader in the following ways. The Uname and Gname fields are not

-// set as OS lookups would be required to populate them. The AccessTime and

-// ChangeTime fields are not currently set (not yet implemented) although that

-// is subject to change. Callers which require the AccessTime or ChangeTime

-// fields to be zeroed should explicitly zero them out in the returned Header

-// value to avoid any compatibility issues in the future.

+// Deprecated: use [tarheader.FileInfoHeaderNoLookups].

 func FileInfoHeaderNoLookups(fi os.FileInfo, link string) (*tar.Header, error) {

-	hdr, err := tar.FileInfoHeader(nosysFileInfo{fi}, link)

-	if err != nil {

-		return nil, err

-	}

-	if sysStat != nil {

-		return hdr, sysStat(fi, hdr)

-	}

-	return hdr, nil

+	return tarheader.FileInfoHeaderNoLookups(fi, link)