mirror of
https://github.com/kata-containers/kata-containers.git
synced 2025-09-24 10:17:21 +00:00
CI: Keep base64 output is a single line
This commit addresses an issue where base64 output, when used with a default configuration, would introduce newlines, causing decoding to fail on the runtime. The fix ensures base64 output is a single, continuous line using the -w0 flag. This guarantees the encoded string is a valid Base64 sequence, preventing potential runtime errors caused by invalid characters. Note that: When you use the base64 command without any parameters, it typically automatically adds newlines to the output, usually every 76 chars. In contrast, base64 -w0 explicitly tells the command not to add any newlines (-w for wrap, and 0 for a width of zero), which results in a continuous string with no whitespace. This is a critical distinction because if you pass a Base64 string with newlines to a runtime, it may be treated as an invalid string, causing the decoding process to fail. Signed-off-by: Alex Lyn <alex.lyn@antgroup.com>
This commit is contained in:
Alex Lyn
@@ -40,7 +40,7 @@ For example:
|
|||||||
|
|
||||||
```bash
|
```bash
|
||||||
$ STRING="$(< allow-all-except-exec-process.rego)"
|
$ STRING="$(< allow-all-except-exec-process.rego)"
|
||||||
$ cat <<EOF | gzip -c | base64
|
$ cat <<EOF | gzip -c | base64 -w0
|
||||||
version = "0.1.0"
|
version = "0.1.0"
|
||||||
algorithm = "sha256"
|
algorithm = "sha256"
|
||||||
|
|
||||||
@@ -49,15 +49,7 @@ algorithm = "sha256"
|
|||||||
$STRING
|
$STRING
|
||||||
'''
|
'''
|
||||||
EOF
|
EOF
|
||||||
H4sIAAAAAAAAA42UTW/TQBCG7/4Vq/QQOCQKQXCo1ENIAkRqiGWnpBJCaGKP7RXrXTM7DnV/PRMi
|
H4sIAAAAAAAAA42UTW/TQBCG7/4Vq/QQOCQKQXCo1ENIAkRqiGWnpBJCaGKP7RXrXTM7DnV/PRMiVUh07R582J3H8/XO7AnJa2fVjRrNpm+ms1EEpnSkuarPd76C+bv3oyj6lgPD92jUOKOzbkpYupEA4/E4ulJL13Sky4rVq+y1ms/mb9VWZ+S8K1iM1DgClijRlcBpvLqf3OoMrcfJJkfLutBI12rRQFbhZD6dCRfJ4SeUqOSz/OMSNopyLKA1rBZ5vkjiLyhBj458gr9a9KyubxRTi/9i6W9oQualcR5TzrUNElLZR20waCcExqWzDNoi9WMp2PzoHkLQSi7JdQPUJ+QtMuksWLQQu912fZK+BZHz7QolaRN0c6s9bywjFZBhL5W4lsPEFuvPjhvTlh+6mNwx2MudNdLDZXwnf4SYGFo/3O64NWZTy+SEgAQhT1lECQZKsHan4UgXLGUw+FWTzHjh0woIt661HGxJgh4xT0RoV6/w1IO19XAOKfJFTxmxva6DRQsX/12jIKBLC0Y0Er2DuUutxMM5nak9QaZt2cOwf4En1ww42nN3OK+w14/B4u+a/CWLesHWTYU1Eph+GS/w0470Y/1LcgDNA40/yKOMzw/tE7N+wOx/NwUYj9H5qf4DsX93tO4FAAA=
|
||||||
VUh07R582J3H8/XO7AnJa2fVjRrNpm+ms1EEpnSkuarPd76C+bv3oyj6lgPD92jUOKOzbkpYupEA
|
|
||||||
4/E4ulJL13Sky4rVq+y1ms/mb9VWZ+S8K1iM1DgClijRlcBpvLqf3OoMrcfJJkfLutBI12rRQFbh
|
|
||||||
ZD6dCRfJ4SeUqOSz/OMSNopyLKA1rBZ5vkjiLyhBj458gr9a9KyubxRTi/9i6W9oQualcR5TzrUN
|
|
||||||
ElLZR20waCcExqWzDNoi9WMp2PzoHkLQSi7JdQPUJ+QtMuksWLQQu912fZK+BZHz7QolaRN0c6s9
|
|
||||||
bywjFZBhL5W4lsPEFuvPjhvTlh+6mNwx2MudNdLDZXwnf4SYGFo/3O64NWZTy+SEgAQhT1lECQZK
|
|
||||||
sHan4UgXLGUw+FWTzHjh0woIt661HGxJgh4xT0RoV6/w1IO19XAOKfJFTxmxva6DRQsX/12jIKBL
|
|
||||||
C0Y0Er2DuUutxMM5nak9QaZt2cOwf4En1ww42nN3OK+w14/B4u+a/CWLesHWTYU1Eph+GS/w0470
|
|
||||||
Y/1LcgDNA40/yKOMzw/tE7N+wOx/NwUYj9H5qf4DsX93tO4FAAA=
|
|
||||||
```
|
```
|
||||||
|
|
||||||
### Attach the Policy to a pod
|
### Attach the Policy to a pod
|
||||||
@@ -70,15 +62,7 @@ kind: Pod
|
|||||||
metadata:
|
metadata:
|
||||||
name: policy-exec-rejected
|
name: policy-exec-rejected
|
||||||
annotations:
|
annotations:
|
||||||
io.katacontainers.config.hypervisor.cc_init_data: H4sIAAAAAAAAA42UTW/TQBCG7/4Vq/QQOCQKQXCo1ENIAkRqiGWnpBJCaGKP7RXrXTM7DnV/PRMi
|
io.katacontainers.config.hypervisor.cc_init_data: H4sIAAAAAAAAA42UTW/TQBCG7/4Vq/QQOCQKQXCo1ENIAkRqiGWnpBJCaGKP7RXrXTM7DnV/PRMiVUh07R582J3H8/XO7AnJa2fVjRrNpm+ms1EEpnSkuarPd76C+bv3oyj6lgPD92jUOKOzbkpYupEA4/E4ulJL13Sky4rVq+y1ms/mb9VWZ+S8K1iM1DgClijRlcBpvLqf3OoMrcfJJkfLutBI12rRQFbhZD6dCRfJ4SeUqOSz/OMSNopyLKA1rBZ5vkjiLyhBj458gr9a9KyubxRTi/9i6W9oQualcR5TzrUNElLZR20waCcExqWzDNoi9WMp2PzoHkLQSi7JdQPUJ+QtMuksWLQQu912fZK+BZHz7QolaRN0c6s9bywjFZBhL5W4lsPEFuvPjhvTlh+6mNwx2MudNdLDZXwnf4SYGFo/3O64NWZTy+SEgAQhT1lECQZKsHan4UgXLGUw+FWTzHjh0woIt661HGxJgh4xT0RoV6/w1IO19XAOKfJFTxmxva6DRQsX/12jIKBLC0Y0Er2DuUutxMM5nak9QaZt2cOwf4En1ww42nN3OK+w14/B4u+a/CWLesHWTYU1Eph+GS/w0470Y/1LcgDNA40/yKOMzw/tE7N+wOx/NwUYj9H5qf4DsX93tO4FAAA=
|
||||||
VUh07R582J3H8/XO7AnJa2fVjRrNpm+ms1EEpnSkuarPd76C+bv3oyj6lgPD92jUOKOzbkpYupEA
|
|
||||||
4/E4ulJL13Sky4rVq+y1ms/mb9VWZ+S8K1iM1DgClijRlcBpvLqf3OoMrcfJJkfLutBI12rRQFbh
|
|
||||||
ZD6dCRfJ4SeUqOSz/OMSNopyLKA1rBZ5vkjiLyhBj458gr9a9KyubxRTi/9i6W9oQualcR5TzrUN
|
|
||||||
ElLZR20waCcExqWzDNoi9WMp2PzoHkLQSi7JdQPUJ+QtMuksWLQQu912fZK+BZHz7QolaRN0c6s9
|
|
||||||
bywjFZBhL5W4lsPEFuvPjhvTlh+6mNwx2MudNdLDZXwnf4SYGFo/3O64NWZTy+SEgAQhT1lECQZK
|
|
||||||
sHan4UgXLGUw+FWTzHjh0woIt661HGxJgh4xT0RoV6/w1IO19XAOKfJFTxmxva6DRQsX/12jIKBL
|
|
||||||
C0Y0Er2DuUutxMM5nak9QaZt2cOwf4En1ww42nN3OK+w14/B4u+a/CWLesHWTYU1Eph+GS/w0470
|
|
||||||
Y/1LcgDNA40/yKOMzw/tE7N+wOx/NwUYj9H5qf4DsX93tO4FAAA=
|
|
||||||
spec:
|
spec:
|
||||||
runtimeClassName: kata
|
runtimeClassName: kata
|
||||||
containers:
|
containers:
|
||||||
|
|||||||
@@ -303,7 +303,7 @@ encode_policy_in_init_data() {
|
|||||||
POLICY="$input"
|
POLICY="$input"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
cat <<EOF | gzip -c | base64
|
cat <<EOF | gzip -c | base64 -w0
|
||||||
version = "0.1.0"
|
version = "0.1.0"
|
||||||
algorithm = "sha256"
|
algorithm = "sha256"
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user