mirror of
https://github.com/linuxkit/linuxkit.git
synced 2025-07-22 18:41:37 +00:00
Add trust parameter for docker pull in moby.Formats
Signed-off-by: Guillaume Rose <guillaume.rose@docker.com>
This commit is contained in:
Guillaume Rose
parent
aa0a76b58b
commit
22fb927f2f
@ -216,7 +216,7 @@ func build(args []string) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
log.Infof("Create outputs:")
|
log.Infof("Create outputs:")
|
||||||
err = moby.Formats(filepath.Join(*buildDir, name), image, buildFormats, size)
|
err = moby.Formats(filepath.Join(*buildDir, name), image, buildFormats, size, !*buildDisableTrust)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Fatalf("Error writing outputs: %v", err)
|
log.Fatalf("Error writing outputs: %v", err)
|
||||||
}
|
}
|
||||||
|
|||||||
@ -43,8 +43,8 @@ func UpdateOutputImages(update map[string]string) error {
|
|||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
var outFuns = map[string]func(string, io.Reader, int) error{
|
var outFuns = map[string]func(string, io.Reader, int, bool) error{
|
||||||
"kernel+initrd": func(base string, image io.Reader, size int) error {
|
"kernel+initrd": func(base string, image io.Reader, size int, trust bool) error {
|
||||||
kernel, initrd, cmdline, ucode, err := tarToInitrd(image)
|
kernel, initrd, cmdline, ucode, err := tarToInitrd(image)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("Error converting to initrd: %v", err)
|
return fmt.Errorf("Error converting to initrd: %v", err)
|
||||||
@ -55,7 +55,7 @@ var outFuns = map[string]func(string, io.Reader, int) error{
|
|||||||
}
|
}
|
||||||
return nil
|
return nil
|
||||||
},
|
},
|
||||||
"tar-kernel-initrd": func(base string, image io.Reader, size int) error {
|
"tar-kernel-initrd": func(base string, image io.Reader, size int, trust bool) error {
|
||||||
kernel, initrd, cmdline, ucode, err := tarToInitrd(image)
|
kernel, initrd, cmdline, ucode, err := tarToInitrd(image)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("Error converting to initrd: %v", err)
|
return fmt.Errorf("Error converting to initrd: %v", err)
|
||||||
@ -65,58 +65,58 @@ var outFuns = map[string]func(string, io.Reader, int) error{
|
|||||||
}
|
}
|
||||||
return nil
|
return nil
|
||||||
},
|
},
|
||||||
"iso-bios": func(base string, image io.Reader, size int) error {
|
"iso-bios": func(base string, image io.Reader, size int, trust bool) error {
|
||||||
err := outputIso(outputImages["iso-bios"], base+".iso", image)
|
err := outputIso(outputImages["iso-bios"], base+".iso", image, trust)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("Error writing iso-bios output: %v", err)
|
return fmt.Errorf("Error writing iso-bios output: %v", err)
|
||||||
}
|
}
|
||||||
return nil
|
return nil
|
||||||
},
|
},
|
||||||
"iso-efi": func(base string, image io.Reader, size int) error {
|
"iso-efi": func(base string, image io.Reader, size int, trust bool) error {
|
||||||
err := outputIso(outputImages["iso-efi"], base+"-efi.iso", image)
|
err := outputIso(outputImages["iso-efi"], base+"-efi.iso", image, trust)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("Error writing iso-efi output: %v", err)
|
return fmt.Errorf("Error writing iso-efi output: %v", err)
|
||||||
}
|
}
|
||||||
return nil
|
return nil
|
||||||
},
|
},
|
||||||
"raw-bios": func(base string, image io.Reader, size int) error {
|
"raw-bios": func(base string, image io.Reader, size int, trust bool) error {
|
||||||
kernel, initrd, cmdline, _, err := tarToInitrd(image)
|
kernel, initrd, cmdline, _, err := tarToInitrd(image)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("Error converting to initrd: %v", err)
|
return fmt.Errorf("Error converting to initrd: %v", err)
|
||||||
}
|
}
|
||||||
// TODO: Handle ucode
|
// TODO: Handle ucode
|
||||||
err = outputImg(outputImages["raw-bios"], base+"-bios.img", kernel, initrd, cmdline)
|
err = outputImg(outputImages["raw-bios"], base+"-bios.img", kernel, initrd, cmdline, trust)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("Error writing raw-bios output: %v", err)
|
return fmt.Errorf("Error writing raw-bios output: %v", err)
|
||||||
}
|
}
|
||||||
return nil
|
return nil
|
||||||
},
|
},
|
||||||
"raw-efi": func(base string, image io.Reader, size int) error {
|
"raw-efi": func(base string, image io.Reader, size int, trust bool) error {
|
||||||
kernel, initrd, cmdline, _, err := tarToInitrd(image)
|
kernel, initrd, cmdline, _, err := tarToInitrd(image)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("Error converting to initrd: %v", err)
|
return fmt.Errorf("Error converting to initrd: %v", err)
|
||||||
}
|
}
|
||||||
err = outputImg(outputImages["raw-efi"], base+"-efi.img", kernel, initrd, cmdline)
|
err = outputImg(outputImages["raw-efi"], base+"-efi.img", kernel, initrd, cmdline, trust)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("Error writing raw-efi output: %v", err)
|
return fmt.Errorf("Error writing raw-efi output: %v", err)
|
||||||
}
|
}
|
||||||
return nil
|
return nil
|
||||||
},
|
},
|
||||||
"kernel+squashfs": func(base string, image io.Reader, size int) error {
|
"kernel+squashfs": func(base string, image io.Reader, size int, trust bool) error {
|
||||||
err := outputKernelSquashFS(outputImages["squashfs"], base, image)
|
err := outputKernelSquashFS(outputImages["squashfs"], base, image, trust)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("Error writing kernel+squashfs output: %v", err)
|
return fmt.Errorf("Error writing kernel+squashfs output: %v", err)
|
||||||
}
|
}
|
||||||
return nil
|
return nil
|
||||||
},
|
},
|
||||||
"kernel+iso": func(base string, image io.Reader, size int) error {
|
"kernel+iso": func(base string, image io.Reader, size int, trust bool) error {
|
||||||
err := outputKernelISO(outputImages["iso"], base, image)
|
err := outputKernelISO(outputImages["iso"], base, image, trust)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("Error writing kernel+iso output: %v", err)
|
return fmt.Errorf("Error writing kernel+iso output: %v", err)
|
||||||
}
|
}
|
||||||
return nil
|
return nil
|
||||||
},
|
},
|
||||||
"aws": func(base string, image io.Reader, size int) error {
|
"aws": func(base string, image io.Reader, size int, trust bool) error {
|
||||||
filename := base + ".raw"
|
filename := base + ".raw"
|
||||||
log.Infof(" %s", filename)
|
log.Infof(" %s", filename)
|
||||||
kernel, initrd, cmdline, _, err := tarToInitrd(image)
|
kernel, initrd, cmdline, _, err := tarToInitrd(image)
|
||||||
@ -129,29 +129,29 @@ var outFuns = map[string]func(string, io.Reader, int) error{
|
|||||||
}
|
}
|
||||||
return nil
|
return nil
|
||||||
},
|
},
|
||||||
"gcp": func(base string, image io.Reader, size int) error {
|
"gcp": func(base string, image io.Reader, size int, trust bool) error {
|
||||||
kernel, initrd, cmdline, _, err := tarToInitrd(image)
|
kernel, initrd, cmdline, _, err := tarToInitrd(image)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("Error converting to initrd: %v", err)
|
return fmt.Errorf("Error converting to initrd: %v", err)
|
||||||
}
|
}
|
||||||
err = outputImg(outputImages["gcp"], base+".img.tar.gz", kernel, initrd, cmdline)
|
err = outputImg(outputImages["gcp"], base+".img.tar.gz", kernel, initrd, cmdline, trust)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("Error writing gcp output: %v", err)
|
return fmt.Errorf("Error writing gcp output: %v", err)
|
||||||
}
|
}
|
||||||
return nil
|
return nil
|
||||||
},
|
},
|
||||||
"qcow2-efi": func(base string, image io.Reader, size int) error {
|
"qcow2-efi": func(base string, image io.Reader, size int, trust bool) error {
|
||||||
kernel, initrd, cmdline, _, err := tarToInitrd(image)
|
kernel, initrd, cmdline, _, err := tarToInitrd(image)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("Error converting to initrd: %v", err)
|
return fmt.Errorf("Error converting to initrd: %v", err)
|
||||||
}
|
}
|
||||||
err = outputImg(outputImages["qcow2-efi"], base+"-efi.qcow2", kernel, initrd, cmdline)
|
err = outputImg(outputImages["qcow2-efi"], base+"-efi.qcow2", kernel, initrd, cmdline, trust)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("Error writing qcow2 EFI output: %v", err)
|
return fmt.Errorf("Error writing qcow2 EFI output: %v", err)
|
||||||
}
|
}
|
||||||
return nil
|
return nil
|
||||||
},
|
},
|
||||||
"qcow2-bios": func(base string, image io.Reader, size int) error {
|
"qcow2-bios": func(base string, image io.Reader, size int, trust bool) error {
|
||||||
filename := base + ".qcow2"
|
filename := base + ".qcow2"
|
||||||
log.Infof(" %s", filename)
|
log.Infof(" %s", filename)
|
||||||
kernel, initrd, cmdline, _, err := tarToInitrd(image)
|
kernel, initrd, cmdline, _, err := tarToInitrd(image)
|
||||||
@ -165,44 +165,44 @@ var outFuns = map[string]func(string, io.Reader, int) error{
|
|||||||
}
|
}
|
||||||
return nil
|
return nil
|
||||||
},
|
},
|
||||||
"vhd": func(base string, image io.Reader, size int) error {
|
"vhd": func(base string, image io.Reader, size int, trust bool) error {
|
||||||
kernel, initrd, cmdline, _, err := tarToInitrd(image)
|
kernel, initrd, cmdline, _, err := tarToInitrd(image)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("Error converting to initrd: %v", err)
|
return fmt.Errorf("Error converting to initrd: %v", err)
|
||||||
}
|
}
|
||||||
err = outputImg(outputImages["vhd"], base+".vhd", kernel, initrd, cmdline)
|
err = outputImg(outputImages["vhd"], base+".vhd", kernel, initrd, cmdline, trust)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("Error writing vhd output: %v", err)
|
return fmt.Errorf("Error writing vhd output: %v", err)
|
||||||
}
|
}
|
||||||
return nil
|
return nil
|
||||||
},
|
},
|
||||||
"dynamic-vhd": func(base string, image io.Reader, size int) error {
|
"dynamic-vhd": func(base string, image io.Reader, size int, trust bool) error {
|
||||||
kernel, initrd, cmdline, _, err := tarToInitrd(image)
|
kernel, initrd, cmdline, _, err := tarToInitrd(image)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("Error converting to initrd: %v", err)
|
return fmt.Errorf("Error converting to initrd: %v", err)
|
||||||
}
|
}
|
||||||
err = outputImg(outputImages["dynamic-vhd"], base+".vhd", kernel, initrd, cmdline)
|
err = outputImg(outputImages["dynamic-vhd"], base+".vhd", kernel, initrd, cmdline, trust)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("Error writing vhd output: %v", err)
|
return fmt.Errorf("Error writing vhd output: %v", err)
|
||||||
}
|
}
|
||||||
return nil
|
return nil
|
||||||
},
|
},
|
||||||
"vmdk": func(base string, image io.Reader, size int) error {
|
"vmdk": func(base string, image io.Reader, size int, trust bool) error {
|
||||||
kernel, initrd, cmdline, _, err := tarToInitrd(image)
|
kernel, initrd, cmdline, _, err := tarToInitrd(image)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("Error converting to initrd: %v", err)
|
return fmt.Errorf("Error converting to initrd: %v", err)
|
||||||
}
|
}
|
||||||
err = outputImg(outputImages["vmdk"], base+".vmdk", kernel, initrd, cmdline)
|
err = outputImg(outputImages["vmdk"], base+".vmdk", kernel, initrd, cmdline, trust)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("Error writing vmdk output: %v", err)
|
return fmt.Errorf("Error writing vmdk output: %v", err)
|
||||||
}
|
}
|
||||||
return nil
|
return nil
|
||||||
},
|
},
|
||||||
"rpi3": func(base string, image io.Reader, size int) error {
|
"rpi3": func(base string, image io.Reader, size int, trust bool) error {
|
||||||
if runtime.GOARCH != "arm64" {
|
if runtime.GOARCH != "arm64" {
|
||||||
return fmt.Errorf("Raspberry Pi output currently only supported on arm64")
|
return fmt.Errorf("Raspberry Pi output currently only supported on arm64")
|
||||||
}
|
}
|
||||||
err := outputRPi3(outputImages["rpi3"], base+".tar", image)
|
err := outputRPi3(outputImages["rpi3"], base+".tar", image, trust)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("Error writing rpi3 output: %v", err)
|
return fmt.Errorf("Error writing rpi3 output: %v", err)
|
||||||
}
|
}
|
||||||
@ -243,7 +243,7 @@ func ValidateFormats(formats []string) error {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Formats generates all the specified output formats
|
// Formats generates all the specified output formats
|
||||||
func Formats(base string, image string, formats []string, size int) error {
|
func Formats(base string, image string, formats []string, size int, trust bool) error {
|
||||||
log.Debugf("format: %v %s", formats, base)
|
log.Debugf("format: %v %s", formats, base)
|
||||||
|
|
||||||
err := ValidateFormats(formats)
|
err := ValidateFormats(formats)
|
||||||
@ -257,7 +257,7 @@ func Formats(base string, image string, formats []string, size int) error {
|
|||||||
}
|
}
|
||||||
defer ir.Close()
|
defer ir.Close()
|
||||||
f := outFuns[o]
|
f := outFuns[o]
|
||||||
if err := f(base, ir, size); err != nil {
|
if err := f(base, ir, size, trust); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -328,7 +328,7 @@ func tarInitrdKernel(kernel, initrd []byte, cmdline string) (*bytes.Buffer, erro
|
|||||||
return buf, tw.Close()
|
return buf, tw.Close()
|
||||||
}
|
}
|
||||||
|
|
||||||
func outputImg(image, filename string, kernel []byte, initrd []byte, cmdline string) error {
|
func outputImg(image, filename string, kernel []byte, initrd []byte, cmdline string, trust bool) error {
|
||||||
log.Debugf("output img: %s %s", image, filename)
|
log.Debugf("output img: %s %s", image, filename)
|
||||||
log.Infof(" %s", filename)
|
log.Infof(" %s", filename)
|
||||||
buf, err := tarInitrdKernel(kernel, initrd, cmdline)
|
buf, err := tarInitrdKernel(kernel, initrd, cmdline)
|
||||||
@ -340,10 +340,10 @@ func outputImg(image, filename string, kernel []byte, initrd []byte, cmdline str
|
|||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
defer output.Close()
|
defer output.Close()
|
||||||
return dockerRun(buf, output, true, image, cmdline)
|
return dockerRun(buf, output, trust, image, cmdline)
|
||||||
}
|
}
|
||||||
|
|
||||||
func outputIso(image, filename string, filesystem io.Reader) error {
|
func outputIso(image, filename string, filesystem io.Reader, trust bool) error {
|
||||||
log.Debugf("output ISO: %s %s", image, filename)
|
log.Debugf("output ISO: %s %s", image, filename)
|
||||||
log.Infof(" %s", filename)
|
log.Infof(" %s", filename)
|
||||||
output, err := os.Create(filename)
|
output, err := os.Create(filename)
|
||||||
@ -351,10 +351,10 @@ func outputIso(image, filename string, filesystem io.Reader) error {
|
|||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
defer output.Close()
|
defer output.Close()
|
||||||
return dockerRun(filesystem, output, true, image)
|
return dockerRun(filesystem, output, trust, image)
|
||||||
}
|
}
|
||||||
|
|
||||||
func outputRPi3(image, filename string, filesystem io.Reader) error {
|
func outputRPi3(image, filename string, filesystem io.Reader, trust bool) error {
|
||||||
log.Debugf("output RPi3: %s %s", image, filename)
|
log.Debugf("output RPi3: %s %s", image, filename)
|
||||||
log.Infof(" %s", filename)
|
log.Infof(" %s", filename)
|
||||||
output, err := os.Create(filename)
|
output, err := os.Create(filename)
|
||||||
@ -362,7 +362,7 @@ func outputRPi3(image, filename string, filesystem io.Reader) error {
|
|||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
defer output.Close()
|
defer output.Close()
|
||||||
return dockerRun(filesystem, output, true, image)
|
return dockerRun(filesystem, output, trust, image)
|
||||||
}
|
}
|
||||||
|
|
||||||
func outputKernelInitrd(base string, kernel []byte, initrd []byte, cmdline string, ucode []byte) error {
|
func outputKernelInitrd(base string, kernel []byte, initrd []byte, cmdline string, ucode []byte) error {
|
||||||
@ -474,7 +474,7 @@ func outputKernelInitrdTarball(base string, kernel []byte, initrd []byte, cmdlin
|
|||||||
return tw.Close()
|
return tw.Close()
|
||||||
}
|
}
|
||||||
|
|
||||||
func outputKernelSquashFS(image, base string, filesystem io.Reader) error {
|
func outputKernelSquashFS(image, base string, filesystem io.Reader, trust bool) error {
|
||||||
log.Debugf("output kernel/squashfs: %s %s", image, base)
|
log.Debugf("output kernel/squashfs: %s %s", image, base)
|
||||||
log.Infof(" %s-squashfs.img", base)
|
log.Infof(" %s-squashfs.img", base)
|
||||||
|
|
||||||
@ -526,10 +526,10 @@ func outputKernelSquashFS(image, base string, filesystem io.Reader) error {
|
|||||||
}
|
}
|
||||||
defer output.Close()
|
defer output.Close()
|
||||||
|
|
||||||
return dockerRun(buf, output, true, image)
|
return dockerRun(buf, output, trust, image)
|
||||||
}
|
}
|
||||||
|
|
||||||
func outputKernelISO(image, base string, filesystem io.Reader) error {
|
func outputKernelISO(image, base string, filesystem io.Reader, trust bool) error {
|
||||||
log.Debugf("output kernel/iso: %s %s", image, base)
|
log.Debugf("output kernel/iso: %s %s", image, base)
|
||||||
log.Infof(" %s.iso", base)
|
log.Infof(" %s.iso", base)
|
||||||
|
|
||||||
@ -581,5 +581,5 @@ func outputKernelISO(image, base string, filesystem io.Reader) error {
|
|||||||
}
|
}
|
||||||
defer output.Close()
|
defer output.Close()
|
||||||
|
|
||||||
return dockerRun(buf, output, true, image)
|
return dockerRun(buf, output, trust, image)
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user