From 3dec6855e0e52f9c5acb5b4b40218335406c6ed1 Mon Sep 17 00:00:00 2001
From: Justin Cormack <justin.cormack@docker.com>
Date: Fri, 28 Jul 2017 14:34:18 +0100
Subject: [PATCH] Fix read only output when defined in a label

Also do some code cleanup.

Related to #131 we need to read the OCI config to find if the container
is read only, not rely on the yaml, as it may just be set in the label.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
---
 src/moby/build.go  | 60 +++++++++++++++++++++-------------------------
 src/moby/config.go | 11 ++++-----
 2 files changed, 32 insertions(+), 39 deletions(-)

diff --git a/src/moby/build.go b/src/moby/build.go
index aae38f308..13a8c1878 100644
--- a/src/moby/build.go
+++ b/src/moby/build.go
@@ -10,6 +10,7 @@ import (
 	"io/ioutil"
 	"os"
 	"path"
+	"path/filepath"
 	"sort"
 	"strconv"
 	"strings"
@@ -121,6 +122,26 @@ func enforceContentTrust(fullImageName string, config *TrustConfig) bool {
 	return false
 }
 
+func outputImage(image Image, section string, prefix string, m Moby, idMap map[string]uint32, pull bool, iw *tar.Writer) error {
+	log.Infof("  Create OCI config for %s", image.Image)
+	useTrust := enforceContentTrust(image.Image, &m.Trust)
+	oci, err := ConfigToOCI(image, useTrust, idMap)
+	if err != nil {
+		return fmt.Errorf("Failed to create OCI spec for %s: %v", image.Image, err)
+	}
+	config, err := json.MarshalIndent(oci, "", "    ")
+	if err != nil {
+		return fmt.Errorf("Failed to create config for %s: %v", image.Image, err)
+	}
+	path := filepath.Join("containers", section, prefix+image.Name)
+	readonly := oci.Root.Readonly
+	err = ImageBundle(path, image.Image, config, iw, useTrust, pull, readonly)
+	if err != nil {
+		return fmt.Errorf("Failed to extract root filesystem for %s: %v", image.Image, err)
+	}
+	return nil
+}
+
 // Build performs the actual build process
 func Build(m Moby, w io.Writer, pull bool, tp string) error {
 	if MobyDir == "" {
@@ -178,18 +199,9 @@ func Build(m Moby, w io.Writer, pull bool, tp string) error {
 		log.Infof("Add onboot containers:")
 	}
 	for i, image := range m.Onboot {
-		log.Infof("  Create OCI config for %s", image.Image)
-		useTrust := enforceContentTrust(image.Image, &m.Trust)
-		config, err := ConfigToOCI(image, useTrust, idMap)
-		if err != nil {
-			return fmt.Errorf("Failed to create config.json for %s: %v", image.Image, err)
-		}
 		so := fmt.Sprintf("%03d", i)
-		path := "containers/onboot/" + so + "-" + image.Name
-		readonly := image.Readonly != nil && *image.Readonly
-		err = ImageBundle(path, image.Image, config, iw, useTrust, pull, readonly)
-		if err != nil {
-			return fmt.Errorf("Failed to extract root filesystem for %s: %v", image.Image, err)
+		if err := outputImage(image, "onboot", so+"-", m, idMap, pull, iw); err != nil {
+			return err
 		}
 	}
 
@@ -197,18 +209,9 @@ func Build(m Moby, w io.Writer, pull bool, tp string) error {
 		log.Infof("Add onshutdown containers:")
 	}
 	for i, image := range m.Onshutdown {
-		log.Infof("  Create OCI config for %s", image.Image)
-		useTrust := enforceContentTrust(image.Image, &m.Trust)
-		config, err := ConfigToOCI(image, useTrust, idMap)
-		if err != nil {
-			return fmt.Errorf("Failed to create config.json for %s: %v", image.Image, err)
-		}
 		so := fmt.Sprintf("%03d", i)
-		path := "containers/onshutdown/" + so + "-" + image.Name
-		readonly := image.Readonly != nil && *image.Readonly
-		err = ImageBundle(path, image.Image, config, iw, useTrust, pull, readonly)
-		if err != nil {
-			return fmt.Errorf("Failed to extract root filesystem for %s: %v", image.Image, err)
+		if err := outputImage(image, "onshutdown", so+"-", m, idMap, pull, iw); err != nil {
+			return err
 		}
 	}
 
@@ -216,17 +219,8 @@ func Build(m Moby, w io.Writer, pull bool, tp string) error {
 		log.Infof("Add service containers:")
 	}
 	for _, image := range m.Services {
-		log.Infof("  Create OCI config for %s", image.Image)
-		useTrust := enforceContentTrust(image.Image, &m.Trust)
-		config, err := ConfigToOCI(image, useTrust, idMap)
-		if err != nil {
-			return fmt.Errorf("Failed to create config.json for %s: %v", image.Image, err)
-		}
-		path := "containers/services/" + image.Name
-		readonly := image.Readonly != nil && *image.Readonly
-		err = ImageBundle(path, image.Image, config, iw, useTrust, pull, readonly)
-		if err != nil {
-			return fmt.Errorf("Failed to extract root filesystem for %s: %v", image.Image, err)
+		if err := outputImage(image, "services", "", m, idMap, pull, iw); err != nil {
+			return err
 		}
 	}
 
diff --git a/src/moby/config.go b/src/moby/config.go
index 131557450..abf1d80fe 100644
--- a/src/moby/config.go
+++ b/src/moby/config.go
@@ -1,7 +1,6 @@
 package moby
 
 import (
-	"encoding/json"
 	"fmt"
 	"os"
 	"path/filepath"
@@ -263,25 +262,25 @@ func NewImage(config []byte) (Image, error) {
 }
 
 // ConfigToOCI converts a config specification to an OCI config file
-func ConfigToOCI(image Image, trust bool, idMap map[string]uint32) ([]byte, error) {
+func ConfigToOCI(image Image, trust bool, idMap map[string]uint32) (specs.Spec, error) {
 
 	// TODO pass through same docker client to all functions
 	cli, err := dockerClient()
 	if err != nil {
-		return []byte{}, err
+		return specs.Spec{}, err
 	}
 
 	inspect, err := dockerInspectImage(cli, image.Image, trust)
 	if err != nil {
-		return []byte{}, err
+		return specs.Spec{}, err
 	}
 
 	oci, err := ConfigInspectToOCI(image, inspect, idMap)
 	if err != nil {
-		return []byte{}, err
+		return specs.Spec{}, err
 	}
 
-	return json.MarshalIndent(oci, "", "    ")
+	return oci, nil
 }
 
 func defaultMountpoint(tp string) string {