diff --git a/src/cmd/linuxkit/build.go b/src/cmd/linuxkit/build.go index 37a00bbac..56cc92d13 100644 --- a/src/cmd/linuxkit/build.go +++ b/src/cmd/linuxkit/build.go @@ -216,7 +216,7 @@ func build(args []string) { } log.Infof("Create outputs:") - err = moby.Formats(filepath.Join(*buildDir, name), image, buildFormats, size) + err = moby.Formats(filepath.Join(*buildDir, name), image, buildFormats, size, !*buildDisableTrust) if err != nil { log.Fatalf("Error writing outputs: %v", err) } diff --git a/src/cmd/linuxkit/moby/output.go b/src/cmd/linuxkit/moby/output.go index bf249cceb..3235b2367 100644 --- a/src/cmd/linuxkit/moby/output.go +++ b/src/cmd/linuxkit/moby/output.go @@ -43,8 +43,8 @@ func UpdateOutputImages(update map[string]string) error { return nil } -var outFuns = map[string]func(string, io.Reader, int) error{ - "kernel+initrd": func(base string, image io.Reader, size int) error { +var outFuns = map[string]func(string, io.Reader, int, bool) error{ + "kernel+initrd": func(base string, image io.Reader, size int, trust bool) error { kernel, initrd, cmdline, ucode, err := tarToInitrd(image) if err != nil { return fmt.Errorf("Error converting to initrd: %v", err) @@ -55,7 +55,7 @@ var outFuns = map[string]func(string, io.Reader, int) error{ } return nil }, - "tar-kernel-initrd": func(base string, image io.Reader, size int) error { + "tar-kernel-initrd": func(base string, image io.Reader, size int, trust bool) error { kernel, initrd, cmdline, ucode, err := tarToInitrd(image) if err != nil { return fmt.Errorf("Error converting to initrd: %v", err) @@ -65,58 +65,58 @@ var outFuns = map[string]func(string, io.Reader, int) error{ } return nil }, - "iso-bios": func(base string, image io.Reader, size int) error { - err := outputIso(outputImages["iso-bios"], base+".iso", image) + "iso-bios": func(base string, image io.Reader, size int, trust bool) error { + err := outputIso(outputImages["iso-bios"], base+".iso", image, trust) if err != nil { return fmt.Errorf("Error writing iso-bios output: %v", err) } return nil }, - "iso-efi": func(base string, image io.Reader, size int) error { - err := outputIso(outputImages["iso-efi"], base+"-efi.iso", image) + "iso-efi": func(base string, image io.Reader, size int, trust bool) error { + err := outputIso(outputImages["iso-efi"], base+"-efi.iso", image, trust) if err != nil { return fmt.Errorf("Error writing iso-efi output: %v", err) } return nil }, - "raw-bios": func(base string, image io.Reader, size int) error { + "raw-bios": func(base string, image io.Reader, size int, trust bool) error { kernel, initrd, cmdline, _, err := tarToInitrd(image) if err != nil { return fmt.Errorf("Error converting to initrd: %v", err) } // TODO: Handle ucode - err = outputImg(outputImages["raw-bios"], base+"-bios.img", kernel, initrd, cmdline) + err = outputImg(outputImages["raw-bios"], base+"-bios.img", kernel, initrd, cmdline, trust) if err != nil { return fmt.Errorf("Error writing raw-bios output: %v", err) } return nil }, - "raw-efi": func(base string, image io.Reader, size int) error { + "raw-efi": func(base string, image io.Reader, size int, trust bool) error { kernel, initrd, cmdline, _, err := tarToInitrd(image) if err != nil { return fmt.Errorf("Error converting to initrd: %v", err) } - err = outputImg(outputImages["raw-efi"], base+"-efi.img", kernel, initrd, cmdline) + err = outputImg(outputImages["raw-efi"], base+"-efi.img", kernel, initrd, cmdline, trust) if err != nil { return fmt.Errorf("Error writing raw-efi output: %v", err) } return nil }, - "kernel+squashfs": func(base string, image io.Reader, size int) error { - err := outputKernelSquashFS(outputImages["squashfs"], base, image) + "kernel+squashfs": func(base string, image io.Reader, size int, trust bool) error { + err := outputKernelSquashFS(outputImages["squashfs"], base, image, trust) if err != nil { return fmt.Errorf("Error writing kernel+squashfs output: %v", err) } return nil }, - "kernel+iso": func(base string, image io.Reader, size int) error { - err := outputKernelISO(outputImages["iso"], base, image) + "kernel+iso": func(base string, image io.Reader, size int, trust bool) error { + err := outputKernelISO(outputImages["iso"], base, image, trust) if err != nil { return fmt.Errorf("Error writing kernel+iso output: %v", err) } return nil }, - "aws": func(base string, image io.Reader, size int) error { + "aws": func(base string, image io.Reader, size int, trust bool) error { filename := base + ".raw" log.Infof(" %s", filename) kernel, initrd, cmdline, _, err := tarToInitrd(image) @@ -129,29 +129,29 @@ var outFuns = map[string]func(string, io.Reader, int) error{ } return nil }, - "gcp": func(base string, image io.Reader, size int) error { + "gcp": func(base string, image io.Reader, size int, trust bool) error { kernel, initrd, cmdline, _, err := tarToInitrd(image) if err != nil { return fmt.Errorf("Error converting to initrd: %v", err) } - err = outputImg(outputImages["gcp"], base+".img.tar.gz", kernel, initrd, cmdline) + err = outputImg(outputImages["gcp"], base+".img.tar.gz", kernel, initrd, cmdline, trust) if err != nil { return fmt.Errorf("Error writing gcp output: %v", err) } return nil }, - "qcow2-efi": func(base string, image io.Reader, size int) error { + "qcow2-efi": func(base string, image io.Reader, size int, trust bool) error { kernel, initrd, cmdline, _, err := tarToInitrd(image) if err != nil { return fmt.Errorf("Error converting to initrd: %v", err) } - err = outputImg(outputImages["qcow2-efi"], base+"-efi.qcow2", kernel, initrd, cmdline) + err = outputImg(outputImages["qcow2-efi"], base+"-efi.qcow2", kernel, initrd, cmdline, trust) if err != nil { return fmt.Errorf("Error writing qcow2 EFI output: %v", err) } return nil }, - "qcow2-bios": func(base string, image io.Reader, size int) error { + "qcow2-bios": func(base string, image io.Reader, size int, trust bool) error { filename := base + ".qcow2" log.Infof(" %s", filename) kernel, initrd, cmdline, _, err := tarToInitrd(image) @@ -165,44 +165,44 @@ var outFuns = map[string]func(string, io.Reader, int) error{ } return nil }, - "vhd": func(base string, image io.Reader, size int) error { + "vhd": func(base string, image io.Reader, size int, trust bool) error { kernel, initrd, cmdline, _, err := tarToInitrd(image) if err != nil { return fmt.Errorf("Error converting to initrd: %v", err) } - err = outputImg(outputImages["vhd"], base+".vhd", kernel, initrd, cmdline) + err = outputImg(outputImages["vhd"], base+".vhd", kernel, initrd, cmdline, trust) if err != nil { return fmt.Errorf("Error writing vhd output: %v", err) } return nil }, - "dynamic-vhd": func(base string, image io.Reader, size int) error { + "dynamic-vhd": func(base string, image io.Reader, size int, trust bool) error { kernel, initrd, cmdline, _, err := tarToInitrd(image) if err != nil { return fmt.Errorf("Error converting to initrd: %v", err) } - err = outputImg(outputImages["dynamic-vhd"], base+".vhd", kernel, initrd, cmdline) + err = outputImg(outputImages["dynamic-vhd"], base+".vhd", kernel, initrd, cmdline, trust) if err != nil { return fmt.Errorf("Error writing vhd output: %v", err) } return nil }, - "vmdk": func(base string, image io.Reader, size int) error { + "vmdk": func(base string, image io.Reader, size int, trust bool) error { kernel, initrd, cmdline, _, err := tarToInitrd(image) if err != nil { return fmt.Errorf("Error converting to initrd: %v", err) } - err = outputImg(outputImages["vmdk"], base+".vmdk", kernel, initrd, cmdline) + err = outputImg(outputImages["vmdk"], base+".vmdk", kernel, initrd, cmdline, trust) if err != nil { return fmt.Errorf("Error writing vmdk output: %v", err) } return nil }, - "rpi3": func(base string, image io.Reader, size int) error { + "rpi3": func(base string, image io.Reader, size int, trust bool) error { if runtime.GOARCH != "arm64" { return fmt.Errorf("Raspberry Pi output currently only supported on arm64") } - err := outputRPi3(outputImages["rpi3"], base+".tar", image) + err := outputRPi3(outputImages["rpi3"], base+".tar", image, trust) if err != nil { return fmt.Errorf("Error writing rpi3 output: %v", err) } @@ -243,7 +243,7 @@ func ValidateFormats(formats []string) error { } // Formats generates all the specified output formats -func Formats(base string, image string, formats []string, size int) error { +func Formats(base string, image string, formats []string, size int, trust bool) error { log.Debugf("format: %v %s", formats, base) err := ValidateFormats(formats) @@ -257,7 +257,7 @@ func Formats(base string, image string, formats []string, size int) error { } defer ir.Close() f := outFuns[o] - if err := f(base, ir, size); err != nil { + if err := f(base, ir, size, trust); err != nil { return err } } @@ -328,7 +328,7 @@ func tarInitrdKernel(kernel, initrd []byte, cmdline string) (*bytes.Buffer, erro return buf, tw.Close() } -func outputImg(image, filename string, kernel []byte, initrd []byte, cmdline string) error { +func outputImg(image, filename string, kernel []byte, initrd []byte, cmdline string, trust bool) error { log.Debugf("output img: %s %s", image, filename) log.Infof(" %s", filename) buf, err := tarInitrdKernel(kernel, initrd, cmdline) @@ -340,10 +340,10 @@ func outputImg(image, filename string, kernel []byte, initrd []byte, cmdline str return err } defer output.Close() - return dockerRun(buf, output, true, image, cmdline) + return dockerRun(buf, output, trust, image, cmdline) } -func outputIso(image, filename string, filesystem io.Reader) error { +func outputIso(image, filename string, filesystem io.Reader, trust bool) error { log.Debugf("output ISO: %s %s", image, filename) log.Infof(" %s", filename) output, err := os.Create(filename) @@ -351,10 +351,10 @@ func outputIso(image, filename string, filesystem io.Reader) error { return err } defer output.Close() - return dockerRun(filesystem, output, true, image) + return dockerRun(filesystem, output, trust, image) } -func outputRPi3(image, filename string, filesystem io.Reader) error { +func outputRPi3(image, filename string, filesystem io.Reader, trust bool) error { log.Debugf("output RPi3: %s %s", image, filename) log.Infof(" %s", filename) output, err := os.Create(filename) @@ -362,7 +362,7 @@ func outputRPi3(image, filename string, filesystem io.Reader) error { return err } defer output.Close() - return dockerRun(filesystem, output, true, image) + return dockerRun(filesystem, output, trust, image) } func outputKernelInitrd(base string, kernel []byte, initrd []byte, cmdline string, ucode []byte) error { @@ -474,7 +474,7 @@ func outputKernelInitrdTarball(base string, kernel []byte, initrd []byte, cmdlin return tw.Close() } -func outputKernelSquashFS(image, base string, filesystem io.Reader) error { +func outputKernelSquashFS(image, base string, filesystem io.Reader, trust bool) error { log.Debugf("output kernel/squashfs: %s %s", image, base) log.Infof(" %s-squashfs.img", base) @@ -526,10 +526,10 @@ func outputKernelSquashFS(image, base string, filesystem io.Reader) error { } defer output.Close() - return dockerRun(buf, output, true, image) + return dockerRun(buf, output, trust, image) } -func outputKernelISO(image, base string, filesystem io.Reader) error { +func outputKernelISO(image, base string, filesystem io.Reader, trust bool) error { log.Debugf("output kernel/iso: %s %s", image, base) log.Infof(" %s.iso", base) @@ -581,5 +581,5 @@ func outputKernelISO(image, base string, filesystem io.Reader) error { } defer output.Close() - return dockerRun(buf, output, true, image) + return dockerRun(buf, output, trust, image) }