github/linuxkit
1
0
Fork 0
mirror of https://github.com/linuxkit/linuxkit.git synced 2025-07-26 20:18:52 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #3399 from guillaumerose/trust

Browse Source 
Add trust parameter for docker pull in moby.Formats
This commit is contained in:
Rolf Neugebauer 2019-09-28 20:24:01 +02:00 committed by GitHub
commit 3be6466e00
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 42 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/cmd/linuxkit/build.go
View File

@ -216,7 +216,7 @@ func build(args []string) {
} }
log.Infof("Create outputs:") log.Infof("Create outputs:")
err = moby.Formats(filepath.Join(*buildDir, name), image, buildFormats, size) err = moby.Formats(filepath.Join(*buildDir, name), image, buildFormats, size, !*buildDisableTrust)
if err != nil { if err != nil {
log.Fatalf("Error writing outputs: %v", err) log.Fatalf("Error writing outputs: %v", err)
} }

82
src/cmd/linuxkit/moby/output.go
View File

@ -43,8 +43,8 @@ func UpdateOutputImages(update map[string]string) error {
return nil return nil
} }
var outFuns = map[string]func(string, io.Reader, int) error{ var outFuns = map[string]func(string, io.Reader, int, bool) error{
"kernel+initrd": func(base string, image io.Reader, size int) error { "kernel+initrd": func(base string, image io.Reader, size int, trust bool) error {
kernel, initrd, cmdline, ucode, err := tarToInitrd(image) kernel, initrd, cmdline, ucode, err := tarToInitrd(image)
if err != nil { if err != nil {
return fmt.Errorf("Error converting to initrd: %v", err) return fmt.Errorf("Error converting to initrd: %v", err)
@ -55,7 +55,7 @@ var outFuns = map[string]func(string, io.Reader, int) error{
} }
return nil return nil
}, },
"tar-kernel-initrd": func(base string, image io.Reader, size int) error { "tar-kernel-initrd": func(base string, image io.Reader, size int, trust bool) error {
kernel, initrd, cmdline, ucode, err := tarToInitrd(image) kernel, initrd, cmdline, ucode, err := tarToInitrd(image)
if err != nil { if err != nil {
return fmt.Errorf("Error converting to initrd: %v", err) return fmt.Errorf("Error converting to initrd: %v", err)
@ -65,58 +65,58 @@ var outFuns = map[string]func(string, io.Reader, int) error{
} }
return nil return nil
}, },
"iso-bios": func(base string, image io.Reader, size int) error { "iso-bios": func(base string, image io.Reader, size int, trust bool) error {
err := outputIso(outputImages["iso-bios"], base+".iso", image) err := outputIso(outputImages["iso-bios"], base+".iso", image, trust)
if err != nil { if err != nil {
return fmt.Errorf("Error writing iso-bios output: %v", err) return fmt.Errorf("Error writing iso-bios output: %v", err)
} }
return nil return nil
}, },
"iso-efi": func(base string, image io.Reader, size int) error { "iso-efi": func(base string, image io.Reader, size int, trust bool) error {
err := outputIso(outputImages["iso-efi"], base+"-efi.iso", image) err := outputIso(outputImages["iso-efi"], base+"-efi.iso", image, trust)
if err != nil { if err != nil {
return fmt.Errorf("Error writing iso-efi output: %v", err) return fmt.Errorf("Error writing iso-efi output: %v", err)
} }
return nil return nil
}, },
"raw-bios": func(base string, image io.Reader, size int) error { "raw-bios": func(base string, image io.Reader, size int, trust bool) error {
kernel, initrd, cmdline, _, err := tarToInitrd(image) kernel, initrd, cmdline, _, err := tarToInitrd(image)
if err != nil { if err != nil {
return fmt.Errorf("Error converting to initrd: %v", err) return fmt.Errorf("Error converting to initrd: %v", err)
} }
// TODO: Handle ucode // TODO: Handle ucode
err = outputImg(outputImages["raw-bios"], base+"-bios.img", kernel, initrd, cmdline) err = outputImg(outputImages["raw-bios"], base+"-bios.img", kernel, initrd, cmdline, trust)
if err != nil { if err != nil {
return fmt.Errorf("Error writing raw-bios output: %v", err) return fmt.Errorf("Error writing raw-bios output: %v", err)
} }
return nil return nil
}, },
"raw-efi": func(base string, image io.Reader, size int) error { "raw-efi": func(base string, image io.Reader, size int, trust bool) error {
kernel, initrd, cmdline, _, err := tarToInitrd(image) kernel, initrd, cmdline, _, err := tarToInitrd(image)
if err != nil { if err != nil {
return fmt.Errorf("Error converting to initrd: %v", err) return fmt.Errorf("Error converting to initrd: %v", err)
} }
err = outputImg(outputImages["raw-efi"], base+"-efi.img", kernel, initrd, cmdline) err = outputImg(outputImages["raw-efi"], base+"-efi.img", kernel, initrd, cmdline, trust)
if err != nil { if err != nil {
return fmt.Errorf("Error writing raw-efi output: %v", err) return fmt.Errorf("Error writing raw-efi output: %v", err)
} }
return nil return nil
}, },
"kernel+squashfs": func(base string, image io.Reader, size int) error { "kernel+squashfs": func(base string, image io.Reader, size int, trust bool) error {
err := outputKernelSquashFS(outputImages["squashfs"], base, image) err := outputKernelSquashFS(outputImages["squashfs"], base, image, trust)
if err != nil { if err != nil {
return fmt.Errorf("Error writing kernel+squashfs output: %v", err) return fmt.Errorf("Error writing kernel+squashfs output: %v", err)
} }
return nil return nil
}, },
"kernel+iso": func(base string, image io.Reader, size int) error { "kernel+iso": func(base string, image io.Reader, size int, trust bool) error {
err := outputKernelISO(outputImages["iso"], base, image) err := outputKernelISO(outputImages["iso"], base, image, trust)
if err != nil { if err != nil {
return fmt.Errorf("Error writing kernel+iso output: %v", err) return fmt.Errorf("Error writing kernel+iso output: %v", err)
} }
return nil return nil
}, },
"aws": func(base string, image io.Reader, size int) error { "aws": func(base string, image io.Reader, size int, trust bool) error {
filename := base + ".raw" filename := base + ".raw"
log.Infof(" %s", filename) log.Infof(" %s", filename)
kernel, initrd, cmdline, _, err := tarToInitrd(image) kernel, initrd, cmdline, _, err := tarToInitrd(image)
@ -129,29 +129,29 @@ var outFuns = map[string]func(string, io.Reader, int) error{
} }
return nil return nil
}, },
"gcp": func(base string, image io.Reader, size int) error { "gcp": func(base string, image io.Reader, size int, trust bool) error {
kernel, initrd, cmdline, _, err := tarToInitrd(image) kernel, initrd, cmdline, _, err := tarToInitrd(image)
if err != nil { if err != nil {
return fmt.Errorf("Error converting to initrd: %v", err) return fmt.Errorf("Error converting to initrd: %v", err)
} }
err = outputImg(outputImages["gcp"], base+".img.tar.gz", kernel, initrd, cmdline) err = outputImg(outputImages["gcp"], base+".img.tar.gz", kernel, initrd, cmdline, trust)
if err != nil { if err != nil {
return fmt.Errorf("Error writing gcp output: %v", err) return fmt.Errorf("Error writing gcp output: %v", err)
} }
return nil return nil
}, },
"qcow2-efi": func(base string, image io.Reader, size int) error { "qcow2-efi": func(base string, image io.Reader, size int, trust bool) error {
kernel, initrd, cmdline, _, err := tarToInitrd(image) kernel, initrd, cmdline, _, err := tarToInitrd(image)
if err != nil { if err != nil {
return fmt.Errorf("Error converting to initrd: %v", err) return fmt.Errorf("Error converting to initrd: %v", err)
} }
err = outputImg(outputImages["qcow2-efi"], base+"-efi.qcow2", kernel, initrd, cmdline) err = outputImg(outputImages["qcow2-efi"], base+"-efi.qcow2", kernel, initrd, cmdline, trust)
if err != nil { if err != nil {
return fmt.Errorf("Error writing qcow2 EFI output: %v", err) return fmt.Errorf("Error writing qcow2 EFI output: %v", err)
} }
return nil return nil
}, },
"qcow2-bios": func(base string, image io.Reader, size int) error { "qcow2-bios": func(base string, image io.Reader, size int, trust bool) error {
filename := base + ".qcow2" filename := base + ".qcow2"
log.Infof(" %s", filename) log.Infof(" %s", filename)
kernel, initrd, cmdline, _, err := tarToInitrd(image) kernel, initrd, cmdline, _, err := tarToInitrd(image)
@ -165,44 +165,44 @@ var outFuns = map[string]func(string, io.Reader, int) error{
} }
return nil return nil
}, },
"vhd": func(base string, image io.Reader, size int) error { "vhd": func(base string, image io.Reader, size int, trust bool) error {
kernel, initrd, cmdline, _, err := tarToInitrd(image) kernel, initrd, cmdline, _, err := tarToInitrd(image)
if err != nil { if err != nil {
return fmt.Errorf("Error converting to initrd: %v", err) return fmt.Errorf("Error converting to initrd: %v", err)
} }
err = outputImg(outputImages["vhd"], base+".vhd", kernel, initrd, cmdline) err = outputImg(outputImages["vhd"], base+".vhd", kernel, initrd, cmdline, trust)
if err != nil { if err != nil {
return fmt.Errorf("Error writing vhd output: %v", err) return fmt.Errorf("Error writing vhd output: %v", err)
} }
return nil return nil
}, },
"dynamic-vhd": func(base string, image io.Reader, size int) error { "dynamic-vhd": func(base string, image io.Reader, size int, trust bool) error {
kernel, initrd, cmdline, _, err := tarToInitrd(image) kernel, initrd, cmdline, _, err := tarToInitrd(image)
if err != nil { if err != nil {
return fmt.Errorf("Error converting to initrd: %v", err) return fmt.Errorf("Error converting to initrd: %v", err)
} }
err = outputImg(outputImages["dynamic-vhd"], base+".vhd", kernel, initrd, cmdline) err = outputImg(outputImages["dynamic-vhd"], base+".vhd", kernel, initrd, cmdline, trust)
if err != nil { if err != nil {
return fmt.Errorf("Error writing vhd output: %v", err) return fmt.Errorf("Error writing vhd output: %v", err)
} }
return nil return nil
}, },
"vmdk": func(base string, image io.Reader, size int) error { "vmdk": func(base string, image io.Reader, size int, trust bool) error {
kernel, initrd, cmdline, _, err := tarToInitrd(image) kernel, initrd, cmdline, _, err := tarToInitrd(image)
if err != nil { if err != nil {
return fmt.Errorf("Error converting to initrd: %v", err) return fmt.Errorf("Error converting to initrd: %v", err)
} }
err = outputImg(outputImages["vmdk"], base+".vmdk", kernel, initrd, cmdline) err = outputImg(outputImages["vmdk"], base+".vmdk", kernel, initrd, cmdline, trust)
if err != nil { if err != nil {
return fmt.Errorf("Error writing vmdk output: %v", err) return fmt.Errorf("Error writing vmdk output: %v", err)
} }
return nil return nil
}, },
"rpi3": func(base string, image io.Reader, size int) error { "rpi3": func(base string, image io.Reader, size int, trust bool) error {
if runtime.GOARCH != "arm64" { if runtime.GOARCH != "arm64" {
return fmt.Errorf("Raspberry Pi output currently only supported on arm64") return fmt.Errorf("Raspberry Pi output currently only supported on arm64")
} }
err := outputRPi3(outputImages["rpi3"], base+".tar", image) err := outputRPi3(outputImages["rpi3"], base+".tar", image, trust)
if err != nil { if err != nil {
return fmt.Errorf("Error writing rpi3 output: %v", err) return fmt.Errorf("Error writing rpi3 output: %v", err)
} }
@ -243,7 +243,7 @@ func ValidateFormats(formats []string) error {
} }
// Formats generates all the specified output formats // Formats generates all the specified output formats
func Formats(base string, image string, formats []string, size int) error { func Formats(base string, image string, formats []string, size int, trust bool) error {
log.Debugf("format: %v %s", formats, base) log.Debugf("format: %v %s", formats, base)
err := ValidateFormats(formats) err := ValidateFormats(formats)
@ -257,7 +257,7 @@ func Formats(base string, image string, formats []string, size int) error {
} }
defer ir.Close() defer ir.Close()
f := outFuns[o] f := outFuns[o]
if err := f(base, ir, size); err != nil { if err := f(base, ir, size, trust); err != nil {
return err return err
} }
} }
@ -328,7 +328,7 @@ func tarInitrdKernel(kernel, initrd []byte, cmdline string) (*bytes.Buffer, erro
return buf, tw.Close() return buf, tw.Close()
} }
func outputImg(image, filename string, kernel []byte, initrd []byte, cmdline string) error { func outputImg(image, filename string, kernel []byte, initrd []byte, cmdline string, trust bool) error {
log.Debugf("output img: %s %s", image, filename) log.Debugf("output img: %s %s", image, filename)
log.Infof(" %s", filename) log.Infof(" %s", filename)
buf, err := tarInitrdKernel(kernel, initrd, cmdline) buf, err := tarInitrdKernel(kernel, initrd, cmdline)
@ -340,10 +340,10 @@ func outputImg(image, filename string, kernel []byte, initrd []byte, cmdline str
return err return err
} }
defer output.Close() defer output.Close()
return dockerRun(buf, output, true, image, cmdline) return dockerRun(buf, output, trust, image, cmdline)
} }
func outputIso(image, filename string, filesystem io.Reader) error { func outputIso(image, filename string, filesystem io.Reader, trust bool) error {
log.Debugf("output ISO: %s %s", image, filename) log.Debugf("output ISO: %s %s", image, filename)
log.Infof(" %s", filename) log.Infof(" %s", filename)
output, err := os.Create(filename) output, err := os.Create(filename)
@ -351,10 +351,10 @@ func outputIso(image, filename string, filesystem io.Reader) error {
return err return err
} }
defer output.Close() defer output.Close()
return dockerRun(filesystem, output, true, image) return dockerRun(filesystem, output, trust, image)
} }
func outputRPi3(image, filename string, filesystem io.Reader) error { func outputRPi3(image, filename string, filesystem io.Reader, trust bool) error {
log.Debugf("output RPi3: %s %s", image, filename) log.Debugf("output RPi3: %s %s", image, filename)
log.Infof(" %s", filename) log.Infof(" %s", filename)
output, err := os.Create(filename) output, err := os.Create(filename)
@ -362,7 +362,7 @@ func outputRPi3(image, filename string, filesystem io.Reader) error {
return err return err
} }
defer output.Close() defer output.Close()
return dockerRun(filesystem, output, true, image) return dockerRun(filesystem, output, trust, image)
} }
func outputKernelInitrd(base string, kernel []byte, initrd []byte, cmdline string, ucode []byte) error { func outputKernelInitrd(base string, kernel []byte, initrd []byte, cmdline string, ucode []byte) error {
@ -474,7 +474,7 @@ func outputKernelInitrdTarball(base string, kernel []byte, initrd []byte, cmdlin
return tw.Close() return tw.Close()
} }
func outputKernelSquashFS(image, base string, filesystem io.Reader) error { func outputKernelSquashFS(image, base string, filesystem io.Reader, trust bool) error {
log.Debugf("output kernel/squashfs: %s %s", image, base) log.Debugf("output kernel/squashfs: %s %s", image, base)
log.Infof(" %s-squashfs.img", base) log.Infof(" %s-squashfs.img", base)
@ -526,10 +526,10 @@ func outputKernelSquashFS(image, base string, filesystem io.Reader) error {
} }
defer output.Close() defer output.Close()
return dockerRun(buf, output, true, image) return dockerRun(buf, output, trust, image)
} }
func outputKernelISO(image, base string, filesystem io.Reader) error { func outputKernelISO(image, base string, filesystem io.Reader, trust bool) error {
log.Debugf("output kernel/iso: %s %s", image, base) log.Debugf("output kernel/iso: %s %s", image, base)
log.Infof(" %s.iso", base) log.Infof(" %s.iso", base)
@ -581,5 +581,5 @@ func outputKernelISO(image, base string, filesystem io.Reader) error {
} }
defer output.Close() defer output.Close()
return dockerRun(buf, output, true, image) return dockerRun(buf, output, trust, image)
} }