github/linuxkit
1
0
Fork 0
mirror of https://github.com/linuxkit/linuxkit.git synced 2025-07-21 01:59:07 +00:00
Code Issues Projects Releases Wiki Activity

Add trust parameter for docker pull in moby.Formats

Browse Source 
Signed-off-by: Guillaume Rose <guillaume.rose@docker.com>
This commit is contained in:
Guillaume Rose 2019-08-07 22:56:58 +02:00
parent aa0a76b58b
commit 22fb927f2f
2 changed files with 42 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/cmd/linuxkit/build.go
View File

@ -216,7 +216,7 @@ func build(args []string) {
}
log.Infof("Create outputs:")
err = moby.Formats(filepath.Join(*buildDir, name), image, buildFormats, size)
err = moby.Formats(filepath.Join(*buildDir, name), image, buildFormats, size, !*buildDisableTrust)
if err != nil {
log.Fatalf("Error writing outputs: %v", err)
}

82
src/cmd/linuxkit/moby/output.go
View File

@ -43,8 +43,8 @@ func UpdateOutputImages(update map[string]string) error {
return nil
}
var outFuns = map[string]func(string, io.Reader, int) error{
"kernel+initrd": func(base string, image io.Reader, size int) error {
var outFuns = map[string]func(string, io.Reader, int, bool) error{
"kernel+initrd": func(base string, image io.Reader, size int, trust bool) error {
kernel, initrd, cmdline, ucode, err := tarToInitrd(image)
if err != nil {
return fmt.Errorf("Error converting to initrd: %v", err)
@ -55,7 +55,7 @@ var outFuns = map[string]func(string, io.Reader, int) error{
}
return nil
},
"tar-kernel-initrd": func(base string, image io.Reader, size int) error {
"tar-kernel-initrd": func(base string, image io.Reader, size int, trust bool) error {
kernel, initrd, cmdline, ucode, err := tarToInitrd(image)
if err != nil {
return fmt.Errorf("Error converting to initrd: %v", err)
@ -65,58 +65,58 @@ var outFuns = map[string]func(string, io.Reader, int) error{
}
return nil
},
"iso-bios": func(base string, image io.Reader, size int) error {
err := outputIso(outputImages["iso-bios"], base+".iso", image)
"iso-bios": func(base string, image io.Reader, size int, trust bool) error {
err := outputIso(outputImages["iso-bios"], base+".iso", image, trust)
if err != nil {
return fmt.Errorf("Error writing iso-bios output: %v", err)
}
return nil
},
"iso-efi": func(base string, image io.Reader, size int) error {
err := outputIso(outputImages["iso-efi"], base+"-efi.iso", image)
"iso-efi": func(base string, image io.Reader, size int, trust bool) error {
err := outputIso(outputImages["iso-efi"], base+"-efi.iso", image, trust)
if err != nil {
return fmt.Errorf("Error writing iso-efi output: %v", err)
}
return nil
},
"raw-bios": func(base string, image io.Reader, size int) error {
"raw-bios": func(base string, image io.Reader, size int, trust bool) error {
kernel, initrd, cmdline, _, err := tarToInitrd(image)
if err != nil {
return fmt.Errorf("Error converting to initrd: %v", err)
}
// TODO: Handle ucode
err = outputImg(outputImages["raw-bios"], base+"-bios.img", kernel, initrd, cmdline)
err = outputImg(outputImages["raw-bios"], base+"-bios.img", kernel, initrd, cmdline, trust)
if err != nil {
return fmt.Errorf("Error writing raw-bios output: %v", err)
}
return nil
},
"raw-efi": func(base string, image io.Reader, size int) error {
"raw-efi": func(base string, image io.Reader, size int, trust bool) error {
kernel, initrd, cmdline, _, err := tarToInitrd(image)
if err != nil {
return fmt.Errorf("Error converting to initrd: %v", err)
}
err = outputImg(outputImages["raw-efi"], base+"-efi.img", kernel, initrd, cmdline)
err = outputImg(outputImages["raw-efi"], base+"-efi.img", kernel, initrd, cmdline, trust)
if err != nil {
return fmt.Errorf("Error writing raw-efi output: %v", err)
}
return nil
},
"kernel+squashfs": func(base string, image io.Reader, size int) error {
err := outputKernelSquashFS(outputImages["squashfs"], base, image)
"kernel+squashfs": func(base string, image io.Reader, size int, trust bool) error {
err := outputKernelSquashFS(outputImages["squashfs"], base, image, trust)
if err != nil {
return fmt.Errorf("Error writing kernel+squashfs output: %v", err)
}
return nil
},
"kernel+iso": func(base string, image io.Reader, size int) error {
err := outputKernelISO(outputImages["iso"], base, image)
"kernel+iso": func(base string, image io.Reader, size int, trust bool) error {
err := outputKernelISO(outputImages["iso"], base, image, trust)
if err != nil {
return fmt.Errorf("Error writing kernel+iso output: %v", err)
}
return nil
},
"aws": func(base string, image io.Reader, size int) error {
"aws": func(base string, image io.Reader, size int, trust bool) error {
filename := base + ".raw"
log.Infof(" %s", filename)
kernel, initrd, cmdline, _, err := tarToInitrd(image)
@ -129,29 +129,29 @@ var outFuns = map[string]func(string, io.Reader, int) error{
}
return nil
},
"gcp": func(base string, image io.Reader, size int) error {
"gcp": func(base string, image io.Reader, size int, trust bool) error {
kernel, initrd, cmdline, _, err := tarToInitrd(image)
if err != nil {
return fmt.Errorf("Error converting to initrd: %v", err)
}
err = outputImg(outputImages["gcp"], base+".img.tar.gz", kernel, initrd, cmdline)
err = outputImg(outputImages["gcp"], base+".img.tar.gz", kernel, initrd, cmdline, trust)
if err != nil {
return fmt.Errorf("Error writing gcp output: %v", err)
}
return nil
},
"qcow2-efi": func(base string, image io.Reader, size int) error {
"qcow2-efi": func(base string, image io.Reader, size int, trust bool) error {
kernel, initrd, cmdline, _, err := tarToInitrd(image)
if err != nil {
return fmt.Errorf("Error converting to initrd: %v", err)
}
err = outputImg(outputImages["qcow2-efi"], base+"-efi.qcow2", kernel, initrd, cmdline)
err = outputImg(outputImages["qcow2-efi"], base+"-efi.qcow2", kernel, initrd, cmdline, trust)
if err != nil {
return fmt.Errorf("Error writing qcow2 EFI output: %v", err)
}
return nil
},
"qcow2-bios": func(base string, image io.Reader, size int) error {
"qcow2-bios": func(base string, image io.Reader, size int, trust bool) error {
filename := base + ".qcow2"
log.Infof(" %s", filename)
kernel, initrd, cmdline, _, err := tarToInitrd(image)
@ -165,44 +165,44 @@ var outFuns = map[string]func(string, io.Reader, int) error{
}
return nil
},
"vhd": func(base string, image io.Reader, size int) error {
"vhd": func(base string, image io.Reader, size int, trust bool) error {
kernel, initrd, cmdline, _, err := tarToInitrd(image)
if err != nil {
return fmt.Errorf("Error converting to initrd: %v", err)
}
err = outputImg(outputImages["vhd"], base+".vhd", kernel, initrd, cmdline)
err = outputImg(outputImages["vhd"], base+".vhd", kernel, initrd, cmdline, trust)
if err != nil {
return fmt.Errorf("Error writing vhd output: %v", err)
}
return nil
},
"dynamic-vhd": func(base string, image io.Reader, size int) error {
"dynamic-vhd": func(base string, image io.Reader, size int, trust bool) error {
kernel, initrd, cmdline, _, err := tarToInitrd(image)
if err != nil {
return fmt.Errorf("Error converting to initrd: %v", err)
}
err = outputImg(outputImages["dynamic-vhd"], base+".vhd", kernel, initrd, cmdline)
err = outputImg(outputImages["dynamic-vhd"], base+".vhd", kernel, initrd, cmdline, trust)
if err != nil {
return fmt.Errorf("Error writing vhd output: %v", err)
}
return nil
},
"vmdk": func(base string, image io.Reader, size int) error {
"vmdk": func(base string, image io.Reader, size int, trust bool) error {
kernel, initrd, cmdline, _, err := tarToInitrd(image)
if err != nil {
return fmt.Errorf("Error converting to initrd: %v", err)
}
err = outputImg(outputImages["vmdk"], base+".vmdk", kernel, initrd, cmdline)
err = outputImg(outputImages["vmdk"], base+".vmdk", kernel, initrd, cmdline, trust)
if err != nil {
return fmt.Errorf("Error writing vmdk output: %v", err)
}
return nil
},
"rpi3": func(base string, image io.Reader, size int) error {
"rpi3": func(base string, image io.Reader, size int, trust bool) error {
if runtime.GOARCH != "arm64" {
return fmt.Errorf("Raspberry Pi output currently only supported on arm64")
}
err := outputRPi3(outputImages["rpi3"], base+".tar", image)
err := outputRPi3(outputImages["rpi3"], base+".tar", image, trust)
if err != nil {
return fmt.Errorf("Error writing rpi3 output: %v", err)
}
@ -243,7 +243,7 @@ func ValidateFormats(formats []string) error {
}
// Formats generates all the specified output formats
func Formats(base string, image string, formats []string, size int) error {
func Formats(base string, image string, formats []string, size int, trust bool) error {
log.Debugf("format: %v %s", formats, base)
err := ValidateFormats(formats)
@ -257,7 +257,7 @@ func Formats(base string, image string, formats []string, size int) error {
}
defer ir.Close()
f := outFuns[o]
if err := f(base, ir, size); err != nil {
if err := f(base, ir, size, trust); err != nil {
return err
}
}
@ -328,7 +328,7 @@ func tarInitrdKernel(kernel, initrd []byte, cmdline string) (*bytes.Buffer, erro
return buf, tw.Close()
}
func outputImg(image, filename string, kernel []byte, initrd []byte, cmdline string) error {
func outputImg(image, filename string, kernel []byte, initrd []byte, cmdline string, trust bool) error {
log.Debugf("output img: %s %s", image, filename)
log.Infof(" %s", filename)
buf, err := tarInitrdKernel(kernel, initrd, cmdline)
@ -340,10 +340,10 @@ func outputImg(image, filename string, kernel []byte, initrd []byte, cmdline str
return err
}
defer output.Close()
return dockerRun(buf, output, true, image, cmdline)
return dockerRun(buf, output, trust, image, cmdline)
}
func outputIso(image, filename string, filesystem io.Reader) error {
func outputIso(image, filename string, filesystem io.Reader, trust bool) error {
log.Debugf("output ISO: %s %s", image, filename)
log.Infof(" %s", filename)
output, err := os.Create(filename)
@ -351,10 +351,10 @@ func outputIso(image, filename string, filesystem io.Reader) error {
return err
}
defer output.Close()
return dockerRun(filesystem, output, true, image)
return dockerRun(filesystem, output, trust, image)
}
func outputRPi3(image, filename string, filesystem io.Reader) error {
func outputRPi3(image, filename string, filesystem io.Reader, trust bool) error {
log.Debugf("output RPi3: %s %s", image, filename)
log.Infof(" %s", filename)
output, err := os.Create(filename)
@ -362,7 +362,7 @@ func outputRPi3(image, filename string, filesystem io.Reader) error {
return err
}
defer output.Close()
return dockerRun(filesystem, output, true, image)
return dockerRun(filesystem, output, trust, image)
}
func outputKernelInitrd(base string, kernel []byte, initrd []byte, cmdline string, ucode []byte) error {
@ -474,7 +474,7 @@ func outputKernelInitrdTarball(base string, kernel []byte, initrd []byte, cmdlin
return tw.Close()
}
func outputKernelSquashFS(image, base string, filesystem io.Reader) error {
func outputKernelSquashFS(image, base string, filesystem io.Reader, trust bool) error {
log.Debugf("output kernel/squashfs: %s %s", image, base)
log.Infof(" %s-squashfs.img", base)
@ -526,10 +526,10 @@ func outputKernelSquashFS(image, base string, filesystem io.Reader) error {
}
defer output.Close()
return dockerRun(buf, output, true, image)
return dockerRun(buf, output, trust, image)
}
func outputKernelISO(image, base string, filesystem io.Reader) error {
func outputKernelISO(image, base string, filesystem io.Reader, trust bool) error {
log.Debugf("output kernel/iso: %s %s", image, base)
log.Infof(" %s.iso", base)
@ -581,5 +581,5 @@ func outputKernelISO(image, base string, filesystem io.Reader) error {
}
defer output.Close()
return dockerRun(buf, output, true, image)
return dockerRun(buf, output, trust, image)
}