Change to branch with immucore 16 and kcrypt darcut removed

Signed-off-by: Itxaka <itxaka.garcia@spectrocloud.com>
Debug build from branch with fixed kcrypt
2025-09-05 16:52:19 +00:00 · 2023-03-30 22:12:27 +02:00 · 2023-03-30 22:12:27 +02:00
18 changed files with 731 additions and 656 deletions
--- a/.github/ISSUE_TEMPLATE/file-issues-on-main-kairos-repo.md
+++ b/.github/ISSUE_TEMPLATE/file-issues-on-main-kairos-repo.md
@@ -1,12 +0,0 @@
---
-name: File issues on main Kairos repo
-about: Tell users to file their issues on the main Kairos repo
-title: ''
-labels: ''
-assignees: ''
-
---
-
-:warning: All Kairos issues are tracked in our main repo, please file your issue there, thanks! :warning:
-
-https://github.com/kairos-io/kairos/issues
--- a/.github/workflows/e2e-tests.yml
+++ b/.github/workflows/e2e-tests.yml
@@ -9,55 +9,8 @@ on:
    paths-ignore:
      - 'README.md'

-concurrency:
-  group: ci-e2e-${{ github.head_ref || github.ref }}-${{ github.repository }}
-  cancel-in-progress: true
-
 jobs:
-  build-iso:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v3
-        with:
-          fetch-depth: 0
-      - name: Install Go
-        uses: actions/setup-go@v4
-        with:
-          go-version: ^1.20
-      - name: Login to DockerHub
-        uses: docker/login-action@v1
-        with:
-          username: ${{ secrets.DOCKER_LOGIN }}
-          password: ${{ secrets.DOCKER_PASS }}
-      - name: Install earthly
-        uses: Luet-lab/luet-install-action@v1
-        with:
-          repository: quay.io/kairos/packages
-          packages: utils/earthly
-      - name: build iso
-        run: |
-          # Configure earthly to use the docker mirror in CI
-          # https://docs.earthly.dev/ci-integration/pull-through-cache#configuring-earthly-to-use-the-cache
-          mkdir -p ~/.earthly/
-          cat << EOF > ~/.earthly/config.yml
-          global:
-            buildkit_additional_config: |
-              [registry."docker.io"]
-                mirrors = ["registry.docker-mirror.svc.cluster.local:5000"]
-              [registry."registry.docker-mirror.svc.cluster.local:5000"]
-                insecure = true
-          EOF
-
-          earthly -P +iso
-      - uses: actions/upload-artifact@v3
-        with:
-          name: challenger.iso.zip
-          path: |
-            build/*.iso
  e2e-tests:
-    needs:
-      - build-iso
    runs-on: self-hosted
    strategy:
      fail-fast: false
@@ -77,23 +30,6 @@ jobs:
        uses: actions/setup-go@v4
        with:
          go-version: ^1.20
-      - name: Login to DockerHub
-        uses: docker/login-action@v1
-        with:
-          username: ${{ secrets.DOCKER_LOGIN }}
-          password: ${{ secrets.DOCKER_PASS }}
-      - name: Install deps
-        run: |
-          curl -L https://github.com/mudler/luet/releases/download/0.33.0/luet-0.33.0-linux-amd64 -o luet
-          chmod +x luet
-          sudo mv luet /usr/bin/luet
-          sudo mkdir -p /etc/luet/repos.conf.d/
-          sudo luet repo add -y kairos --url quay.io/kairos/packages --type docker
-          LUET_NOLOCK=true sudo -E luet install -y container/kubectl utils/k3d utils/earthly
-      - name: Download artifacts
-        uses: actions/download-artifact@v3
-        with:
-          name: challenger.iso.zip
      - name: Run tests
        env:
          LABEL: ${{ matrix.label }}
@@ -103,13 +39,32 @@ jobs:
          sudo apt install -y git qemu-system-x86 qemu-utils swtpm jq make glibc-tools \
          openssl curl gettext ca-certificates curl gnupg lsb-release

-          export ISO=$PWD/$(ls *.iso)
+          curl -L  https://github.com/mudler/luet/releases/download/0.33.0/luet-0.33.0-linux-amd64 -o luet
+          chmod +x luet
+          sudo mv luet /usr/bin/luet
+          sudo mkdir -p /etc/luet/repos.conf.d/
+          sudo luet repo add -y kairos --url quay.io/kairos/packages --type docker
+          LUET_NOLOCK=true sudo -E luet install -y container/kubectl utils/k3d utils/earthly
+
+          earthly -P +iso
+          export ISO=$PWD/build/challenger.iso
+
+          go install -mod=mod github.com/onsi/ginkgo/v2/ginkgo
+          go get github.com/onsi/gomega/...
+          go get github.com/onsi/ginkgo/v2/ginkgo/internal@v2.7.1
+          go get github.com/onsi/ginkgo/v2/ginkgo/generators@v2.7.1
+          go get github.com/onsi/ginkgo/v2/ginkgo/labels@v2.7.1
+
+          # Configure earthly to use the docker mirror in CI
+          # https://docs.earthly.dev/ci-integration/pull-through-cache#configuring-earthly-to-use-the-cache
+          cat << EOF > ~/.earthly/config.yml
+          global:
+            buildkit_additional_config: |
+              [registry."docker.io"]
+                mirrors = ["registry.docker-mirror.svc.cluster.local:5000"]
+              [registry."registry.docker-mirror.svc.cluster.local:5000"]
+                insecure = true
+          EOF

          # We run with sudo to be able to access /dev/kvm
-          ./scripts/e2e-tests.sh
-      - uses: actions/upload-artifact@v3
-        if: failure()
-        with:
-          name: ${{ matrix.label }}-test.logs.zip
-          path: tests/**/logs/*
-          if-no-files-found: warn
+          sudo -E ./scripts/e2e-tests.sh
--- a/.github/workflows/image.yml
+++ b/.github/workflows/image.yml
@@ -8,17 +8,12 @@ on:
    tags:
      - '*'

-
-concurrency:
-  group: ci-image-${{ github.head_ref || github.ref }}-${{ github.repository }}
-  cancel-in-progress: true
-
 jobs:
  docker:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v2

      - name: Prepare
        id: prep
@@ -58,7 +53,7 @@ jobs:
          password: ${{ secrets.QUAY_PASSWORD }}

      - name: Build
-        uses: docker/build-push-action@v4
+        uses: docker/build-push-action@v2
        with:
          builder: ${{ steps.buildx.outputs.name }}
          context: .
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -6,12 +6,6 @@ on:
  pull_request:
    paths:
      - '**'
-
-
-concurrency:
-  group: ci-lint-${{ github.head_ref || github.ref }}-${{ github.repository }}
-  cancel-in-progress: true
-
 env:
  FORCE_COLOR: 1
 jobs:
--- a/.github/workflows/unit-tests.yml
+++ b/.github/workflows/unit-tests.yml
@@ -6,11 +6,6 @@ on:
      - master
  pull_request:

-
-concurrency:
-  group: ci-unit-${{ github.head_ref || github.ref }}-${{ github.repository }}
-  cancel-in-progress: true
-
 jobs:
  unit-tests:
    runs-on: ubuntu-latest
--- a/28
+++ b/28
@@ -10,11 +10,12 @@ build-challenger:
    COPY . /work
    WORKDIR /work
    RUN CGO_ENABLED=0 go build -o kcrypt-discovery-challenger ./cmd/discovery
-    SAVE ARTIFACT /work/kcrypt-discovery-challenger kcrypt-discovery-challenger AS LOCAL kcrypt-discovery-challenger
+    SAVE ARTIFACT /work/kcrypt-discovery-challenger AS LOCAL kcrypt-discovery-challenger

 image:
-    FROM $BASE_IMAGE
+    FROM github.com/Itxaka/kairos:drop_kcrypt_dracut+image
    ARG IMAGE
+    RUN cat /etc/os-release
    COPY +build-challenger/kcrypt-discovery-challenger /system/discovery/kcrypt-discovery-challenger
    SAVE IMAGE $IMAGE

@@ -22,13 +23,20 @@ image-rootfs:
  FROM +image
  SAVE ARTIFACT --keep-own /. rootfs

+grub-files:
+    FROM alpine
+    RUN apk add wget
+    RUN wget https://raw.githubusercontent.com/c3os-io/c3os/master/overlay/files-iso/boot/grub2/grub.cfg -O grub.cfg
+    SAVE ARTIFACT --keep-own grub.cfg grub.cfg
+
 iso:
    ARG OSBUILDER_IMAGE
    ARG ISO_NAME=challenger
    FROM $OSBUILDER_IMAGE
    WORKDIR /build
+    COPY --keep-own +grub-files/grub.cfg /build/files-iso/boot/grub2/grub.cfg
    COPY --keep-own +image-rootfs/rootfs /build/rootfs
-    RUN /entrypoint.sh --name $ISO_NAME --debug build-iso --squash-no-compression --date=false --output /build/ dir:/build/rootfs
+    RUN /entrypoint.sh --name $ISO_NAME --debug build-iso --squash-no-compression --date=false --local --overlay-iso /build/files-iso --output /build/ dir:/build/rootfs
    SAVE ARTIFACT /build/$ISO_NAME.iso kairos.iso AS LOCAL build/$ISO_NAME.iso
    SAVE ARTIFACT /build/$ISO_NAME.iso.sha256 kairos.iso.sha256 AS LOCAL build/$ISO_NAME.iso.sha256

@@ -43,8 +51,14 @@ test:
    COPY go.mod go.sum ./
    RUN go mod download && go mod verify

+    RUN go get github.com/onsi/gomega/...
+    RUN go get github.com/onsi/ginkgo/v2/ginkgo/internal@v2.1.4
+    RUN go get github.com/onsi/ginkgo/v2/ginkgo/generators@v2.1.4
+    RUN go get github.com/onsi/ginkgo/v2/ginkgo/labels@v2.1.4
+    RUN go install -mod=mod github.com/onsi/ginkgo/v2/ginkgo
+
    COPY . /work
-    RUN go run github.com/onsi/ginkgo/v2/ginkgo run --covermode=atomic --coverprofile=coverage.out -p -r pkg/challenger cmd/discovery/client
+    RUN PATH=$PATH:$GOPATH/bin ginkgo run --covermode=atomic --coverprofile=coverage.out -p -r pkg/challenger cmd/discovery/client
    SAVE ARTIFACT coverage.out AS LOCAL coverage.out

 # Generic targets
@@ -74,6 +88,12 @@ e2e-tests-image:
    COPY . /test
    WORKDIR /test

+    RUN go install -mod=mod github.com/onsi/ginkgo/v2/ginkgo
+    RUN go get github.com/onsi/gomega/...
+    RUN go get github.com/onsi/ginkgo/v2/ginkgo/internal@v2.7.1
+    RUN go get github.com/onsi/ginkgo/v2/ginkgo/generators@v2.7.1
+    RUN go get github.com/onsi/ginkgo/v2/ginkgo/labels@v2.7.1
+
    IF [ -e /test/build/kairos.iso ]
        ENV ISO=/test/build/kairos.iso
    ELSE
--- a/cmd/discovery/client/client.go
+++ b/cmd/discovery/client/client.go
@@ -71,7 +71,7 @@ func (c *Client) generatePass(postEndpoint string, p *block.Partition) error {
 	opts := []tpm.Option{
 		tpm.WithCAs([]byte(c.Config.Kcrypt.Challenger.Certificate)),
 		tpm.AppendCustomCAToSystemCA,
-		tpm.WithAdditionalHeader("label", p.FilesystemLabel),
+		tpm.WithAdditionalHeader("label", p.Label),
 		tpm.WithAdditionalHeader("name", p.Name),
 		tpm.WithAdditionalHeader("uuid", p.UUID),
 	}
--- a/cmd/discovery/client/config.go
+++ b/cmd/discovery/client/config.go
@@ -1,9 +1,8 @@
 package client

 import (
-	"github.com/kairos-io/kairos-sdk/collector"
+	"github.com/kairos-io/kairos/pkg/config"
 	kconfig "github.com/kairos-io/kcrypt/pkg/config"
-	"gopkg.in/yaml.v3"
 )

 type Client struct {
@@ -27,21 +26,12 @@ type Config struct {
 func unmarshalConfig() (Config, error) {
 	var result Config

-	o := &collector.Options{NoLogs: true, MergeBootCMDLine: false}
-	if err := o.Apply(collector.Directories(append(kconfig.ConfigScanDirs, "/tmp/oem")...)); err != nil {
-		return result, err
-	}
-
-	c, err := collector.Scan(o, func(d []byte) ([]byte, error) {
-		return d, nil
-	})
+	c, err := config.Scan(config.Directories(kconfig.ConfigScanDirs...), config.NoLogs)
 	if err != nil {
 		return result, err
 	}

-	a, _ := c.String()
-	err = yaml.Unmarshal([]byte(a), &result)
-	if err != nil {
+	if err = c.Unmarshal(&result); err != nil {
 		return result, err
 	}

--- a/cmd/discovery/client/enc.go
+++ b/cmd/discovery/client/enc.go
@@ -20,7 +20,7 @@ func getPass(server, certificate string, partition *block.Partition) (string, bo
 	msg, err := tpm.Get(server,
 		tpm.WithCAs([]byte(certificate)),
 		tpm.AppendCustomCAToSystemCA,
-		tpm.WithAdditionalHeader("label", partition.FilesystemLabel),
+		tpm.WithAdditionalHeader("label", partition.Label),
 		tpm.WithAdditionalHeader("name", partition.Name),
 		tpm.WithAdditionalHeader("uuid", partition.UUID))
 	if err != nil {
--- a/controllers/suite_test.go
+++ b/controllers/suite_test.go
@@ -20,13 +20,14 @@ import (
 	"path/filepath"
 	"testing"

-	. "github.com/onsi/ginkgo/v2"
+	. "github.com/onsi/ginkgo"
 	. "github.com/onsi/gomega"

 	"k8s.io/client-go/kubernetes/scheme"
 	"k8s.io/client-go/rest"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/envtest"
+	"sigs.k8s.io/controller-runtime/pkg/envtest/printer"
 	logf "sigs.k8s.io/controller-runtime/pkg/log"
 	"sigs.k8s.io/controller-runtime/pkg/log/zap"

@@ -43,7 +44,10 @@ var testEnv *envtest.Environment

 func TestAPIs(t *testing.T) {
 	RegisterFailHandler(Fail)
-	RunSpecs(t, "Control")
+
+	RunSpecsWithDefaultAndCustomReporters(t,
+		"Controller Suite",
+		[]Reporter{printer.NewlineReporter{}})
 }

 var _ = BeforeSuite(func() {
--- a/earthly.sh
+++ b/earthly.sh
@@ -1,3 +1,3 @@
 #!/bin/bash

-docker run --privileged -v /var/run/docker.sock:/var/run/docker.sock --rm -t -v $(pwd):/workspace -v earthly-tmp:/tmp/earthly:rw earthly/earthly:v0.7.8 --allow-privileged $@
+docker run --privileged -v /var/run/docker.sock:/var/run/docker.sock --rm -t -v $(pwd):/workspace -v earthly-tmp:/tmp/earthly:rw earthly/earthly:v0.6.21 --allow-privileged $@
--- a/go.mod
+++ b/go.mod
@@ -3,159 +3,142 @@ module github.com/kairos-io/kairos-challenger
 go 1.20

 require (
-	github.com/go-logr/logr v1.2.4
 	github.com/google/uuid v1.3.0
 	github.com/gorilla/websocket v1.5.0
-	github.com/jaypipes/ghw v0.11.0
-	github.com/kairos-io/kairos-sdk v0.0.8
-	github.com/kairos-io/kcrypt v0.7.0
+	github.com/jaypipes/ghw v0.9.0
+	github.com/kairos-io/kairos v1.24.3-56.0.20230208235509-4d28f3b87f60
+	github.com/kairos-io/kcrypt v0.5.0
 	github.com/kairos-io/tpm-helpers v0.0.0-20230119140150-3fa97128ef6b
 	github.com/mudler/go-pluggable v0.0.0-20230126220627-7710299a0ae5
 	github.com/mudler/go-processmanager v0.0.0-20220724164624-c45b5c61312d
-	github.com/mudler/yip v1.2.0
-	github.com/onsi/ginkgo/v2 v2.10.0
-	github.com/onsi/gomega v1.27.8
+	github.com/mudler/yip v1.0.0
+	github.com/onsi/ginkgo v1.16.5
+	github.com/onsi/ginkgo/v2 v2.8.1
+	github.com/onsi/gomega v1.26.0
 	github.com/pkg/errors v0.9.1
-	github.com/spectrocloud/peg v0.0.0-20230407121159-2e15270c4a46
+	github.com/spectrocloud/peg v0.0.0-20230214140930-4d6672f825b2
 	gopkg.in/yaml.v3 v3.0.1
-	k8s.io/api v0.27.2
-	k8s.io/apimachinery v0.27.2
-	k8s.io/client-go v0.27.2
-	sigs.k8s.io/controller-runtime v0.15.0
+	k8s.io/api v0.24.2
+	k8s.io/apimachinery v0.24.2
+	k8s.io/client-go v0.24.2
+	sigs.k8s.io/controller-runtime v0.12.2
 )

 require (
 	atomicgo.dev/cursor v0.1.1 // indirect
 	atomicgo.dev/keyboard v0.2.9 // indirect
-	atomicgo.dev/schedule v0.0.2 // indirect
+	cloud.google.com/go v0.93.3 // indirect
+	github.com/Azure/go-autorest v14.2.0+incompatible // indirect
+	github.com/Azure/go-autorest/autorest v0.11.18 // indirect
+	github.com/Azure/go-autorest/autorest/adal v0.9.13 // indirect
+	github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect
+	github.com/Azure/go-autorest/logger v0.2.1 // indirect
+	github.com/Azure/go-autorest/tracing v0.6.0 // indirect
 	github.com/Masterminds/goutils v1.1.1 // indirect
-	github.com/Masterminds/semver/v3 v3.2.1 // indirect
-	github.com/Masterminds/sprig/v3 v3.2.3 // indirect
-	github.com/Microsoft/go-winio v0.6.1 // indirect
-	github.com/Microsoft/hcsshim v0.10.0-rc.8 // indirect
+	github.com/Masterminds/semver/v3 v3.1.1 // indirect
+	github.com/Masterminds/sprig/v3 v3.2.2 // indirect
+	github.com/PuerkitoBio/purell v1.1.1 // indirect
+	github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 // indirect
 	github.com/StackExchange/wmi v1.2.1 // indirect
 	github.com/avast/retry-go v3.0.0+incompatible // indirect
 	github.com/aybabtme/rgbterm v0.0.0-20170906152045-cc83f3b3ce59 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/bramvdbogaerde/go-scp v1.2.1 // indirect
 	github.com/cavaliergopher/grab/v3 v3.0.1 // indirect
-	github.com/cespare/xxhash/v2 v2.2.0 // indirect
+	github.com/cespare/xxhash/v2 v2.1.2 // indirect
 	github.com/chuckpreslar/emission v0.0.0-20170206194824-a7ddd980baf9 // indirect
 	github.com/codingsince1985/checksum v1.2.6 // indirect
-	github.com/containerd/cgroups v1.1.0 // indirect
 	github.com/containerd/console v1.0.3 // indirect
-	github.com/containerd/containerd v1.7.1 // indirect
-	github.com/containerd/continuity v0.3.0 // indirect
-	github.com/containerd/stargz-snapshotter/estargz v0.14.3 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/denisbrodbeck/machineid v1.0.1 // indirect
-	github.com/docker/cli v23.0.5+incompatible // indirect
-	github.com/docker/distribution v2.8.1+incompatible // indirect
-	github.com/docker/docker v23.0.5+incompatible // indirect
-	github.com/docker/docker-credential-helpers v0.7.0 // indirect
-	github.com/docker/go-connections v0.4.0 // indirect
-	github.com/docker/go-units v0.5.0 // indirect
-	github.com/emicklei/go-restful/v3 v3.10.1 // indirect
-	github.com/evanphx/json-patch/v5 v5.6.0 // indirect
+	github.com/emicklei/go-restful v2.9.5+incompatible // indirect
+	github.com/evanphx/json-patch v4.12.0+incompatible // indirect
 	github.com/folbricht/tpmk v0.1.2-0.20230104073416-f20b20c289d7 // indirect
-	github.com/fsnotify/fsnotify v1.6.0 // indirect
+	github.com/form3tech-oss/jwt-go v3.2.5+incompatible // indirect
+	github.com/fsnotify/fsnotify v1.5.4 // indirect
 	github.com/ghodss/yaml v1.0.0 // indirect
-	github.com/go-logr/zapr v1.2.4 // indirect
+	github.com/go-logr/logr v1.2.3 // indirect
+	github.com/go-logr/zapr v1.2.0 // indirect
 	github.com/go-ole/go-ole v1.2.6 // indirect
-	github.com/go-openapi/jsonpointer v0.19.6 // indirect
-	github.com/go-openapi/jsonreference v0.20.1 // indirect
-	github.com/go-openapi/swag v0.22.3 // indirect
-	github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect
-	github.com/gofrs/uuid v4.4.0+incompatible // indirect
+	github.com/go-openapi/jsonpointer v0.19.5 // indirect
+	github.com/go-openapi/jsonreference v0.19.5 // indirect
+	github.com/go-openapi/swag v0.19.14 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
-	github.com/golang/protobuf v1.5.3 // indirect
+	github.com/golang/protobuf v1.5.2 // indirect
 	github.com/google/certificate-transparency-go v1.1.4 // indirect
 	github.com/google/gnostic v0.5.7-v3refs // indirect
 	github.com/google/go-attestation v0.4.4-0.20220404204839-8820d49b18d9 // indirect
 	github.com/google/go-cmp v0.5.9 // indirect
-	github.com/google/go-containerregistry v0.15.2 // indirect
 	github.com/google/go-tpm v0.3.3 // indirect
 	github.com/google/go-tpm-tools v0.3.10 // indirect
 	github.com/google/go-tspi v0.3.0 // indirect
-	github.com/google/gofuzz v1.2.0 // indirect
-	github.com/google/pprof v0.0.0-20230228050547-1710fef4ab10 // indirect
+	github.com/google/gofuzz v1.1.0 // indirect
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
-	github.com/gookit/color v1.5.3 // indirect
+	github.com/gookit/color v1.5.2 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-multierror v1.1.1 // indirect
-	github.com/huandu/xstrings v1.3.3 // indirect
-	github.com/imdario/mergo v0.3.15 // indirect
+	github.com/huandu/xstrings v1.3.2 // indirect
+	github.com/imdario/mergo v0.3.13 // indirect
 	github.com/ipfs/go-log v1.0.5 // indirect
 	github.com/ipfs/go-log/v2 v2.5.1 // indirect
-	github.com/itchyny/gojq v0.12.12 // indirect
+	github.com/itchyny/gojq v0.12.11 // indirect
 	github.com/itchyny/timefmt-go v0.1.5 // indirect
 	github.com/joho/godotenv v1.5.1 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
-	github.com/klauspost/compress v1.16.5 // indirect
-	github.com/lithammer/fuzzysearch v1.1.7 // indirect
-	github.com/mailru/easyjson v0.7.7 // indirect
+	github.com/lithammer/fuzzysearch v1.1.5 // indirect
+	github.com/mailru/easyjson v0.7.6 // indirect
 	github.com/mattn/go-isatty v0.0.17 // indirect
 	github.com/mattn/go-runewidth v0.0.14 // indirect
-	github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect
+	github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 // indirect
 	github.com/mitchellh/copystructure v1.2.0 // indirect
-	github.com/mitchellh/go-homedir v1.1.0 // indirect
 	github.com/mitchellh/reflectwalk v1.0.2 // indirect
-	github.com/moby/sys/sequential v0.5.0 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
 	github.com/nfnt/resize v0.0.0-20180221191011-83c6a9932646 // indirect
-	github.com/opencontainers/go-digest v1.0.0 // indirect
-	github.com/opencontainers/image-spec v1.1.0-rc3 // indirect
+	github.com/nxadm/tail v1.4.8 // indirect
 	github.com/opentracing/opentracing-go v1.2.0 // indirect
 	github.com/phayes/freeport v0.0.0-20220201140144-74d24b5ae9f5 // indirect
-	github.com/prometheus/client_golang v1.15.1 // indirect
-	github.com/prometheus/client_model v0.4.0 // indirect
-	github.com/prometheus/common v0.42.0 // indirect
-	github.com/prometheus/procfs v0.9.0 // indirect
-	github.com/pterm/pterm v0.12.61 // indirect
+	github.com/prometheus/client_golang v1.13.0 // indirect
+	github.com/prometheus/client_model v0.2.0 // indirect
+	github.com/prometheus/common v0.37.0 // indirect
+	github.com/prometheus/procfs v0.8.0 // indirect
+	github.com/pterm/pterm v0.12.54 // indirect
 	github.com/qeesung/image2ascii v1.0.1 // indirect
-	github.com/rivo/uniseg v0.4.4 // indirect
-	github.com/sergi/go-diff v1.3.1 // indirect
+	github.com/rivo/uniseg v0.4.3 // indirect
 	github.com/shopspring/decimal v1.3.1 // indirect
-	github.com/sirupsen/logrus v1.9.0 // indirect
 	github.com/spf13/cast v1.5.0 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
+	github.com/stretchr/testify v1.8.1 // indirect
 	github.com/twpayne/go-vfs v1.7.2 // indirect
-	github.com/vbatts/tar-split v0.11.3 // indirect
 	github.com/wayneashleyberry/terminal-dimensions v1.1.0 // indirect
 	github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e // indirect
-	go.opencensus.io v0.24.0 // indirect
 	go.uber.org/atomic v1.10.0 // indirect
 	go.uber.org/multierr v1.9.0 // indirect
 	go.uber.org/zap v1.24.0 // indirect
-	golang.org/x/crypto v0.7.0 // indirect
-	golang.org/x/mod v0.10.0 // indirect
-	golang.org/x/net v0.10.0 // indirect
-	golang.org/x/oauth2 v0.7.0 // indirect
-	golang.org/x/sync v0.2.0 // indirect
-	golang.org/x/sys v0.8.0 // indirect
-	golang.org/x/term v0.8.0 // indirect
-	golang.org/x/text v0.9.0 // indirect
-	golang.org/x/time v0.3.0 // indirect
-	golang.org/x/tools v0.9.3 // indirect
-	gomodules.xyz/jsonpatch/v2 v2.3.0 // indirect
+	golang.org/x/crypto v0.6.0 // indirect
+	golang.org/x/net v0.6.0 // indirect
+	golang.org/x/oauth2 v0.4.0 // indirect
+	golang.org/x/sys v0.5.0 // indirect
+	golang.org/x/term v0.5.0 // indirect
+	golang.org/x/text v0.7.0 // indirect
+	golang.org/x/time v0.0.0-20220411224347-583f2d630306 // indirect
+	gomodules.xyz/jsonpatch/v2 v2.2.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
-	google.golang.org/genproto v0.0.0-20230323212658-478b75c54725 // indirect
-	google.golang.org/grpc v1.54.0 // indirect
-	google.golang.org/protobuf v1.30.0 // indirect
+	google.golang.org/protobuf v1.28.1 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
+	gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect
 	gopkg.in/yaml.v1 v1.0.0-20140924161607-9f9df34309c0 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	howett.net/plist v1.0.0 // indirect
-	k8s.io/apiextensions-apiserver v0.27.2 // indirect
-	k8s.io/component-base v0.27.2 // indirect
-	k8s.io/klog/v2 v2.90.1 // indirect
-	k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f // indirect
-	k8s.io/utils v0.0.0-20230220204549-a5ecb0141aa5 // indirect
-	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
-	sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect
+	k8s.io/apiextensions-apiserver v0.24.2 // indirect
+	k8s.io/component-base v0.24.2 // indirect
+	k8s.io/klog/v2 v2.80.1 // indirect
+	k8s.io/kube-openapi v0.0.0-20220328201542-3ee0da9b0b42 // indirect
+	k8s.io/utils v0.0.0-20220210201930-3a6ce19ff2f9 // indirect
+	sigs.k8s.io/json v0.0.0-20211208200746-9f7c6b3444d2 // indirect
+	sigs.k8s.io/structured-merge-diff/v4 v4.2.1 // indirect
 	sigs.k8s.io/yaml v1.3.0 // indirect
 )
--- a/go.sum
+++ b/go.sum
--- a/main.go
+++ b/main.go
@@ -23,7 +23,6 @@ import (

 	// Import all Kubernetes client auth plugins (e.g. Azure, GCP, OIDC, etc.)
 	// to ensure that exec-entrypoint and run can make use of them.
-
 	"k8s.io/client-go/kubernetes"
 	_ "k8s.io/client-go/plugin/pkg/client/auth"

@@ -121,9 +120,7 @@ func main() {
 		os.Exit(1)
 	}

-	serverLog := ctrl.Log.WithName("server")
-
-	go challenger.Start(context.Background(), serverLog, clientset, reconciler, namespace, challengerAddr)
+	go challenger.Start(context.Background(), clientset, reconciler, namespace, challengerAddr)

 	setupLog.Info("starting manager")
 	if err := mgr.Start(ctrl.SetupSignalHandler()); err != nil {
--- a/pkg/challenger/challenger.go
+++ b/pkg/challenger/challenger.go
@@ -4,13 +4,12 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
+	"io"
 	"io/ioutil"
 	"net/http"
 	"strings"
 	"time"

-	"github.com/go-logr/logr"
-
 	keyserverv1alpha1 "github.com/kairos-io/kairos-challenger/api/v1alpha1"
 	"github.com/kairos-io/kairos-challenger/pkg/constants"
 	"github.com/kairos-io/kairos-challenger/pkg/payload"
@@ -98,8 +97,8 @@ func getPubHash(token string) (string, error) {
 	return tpm.DecodePubHash(ek)
 }

-func Start(ctx context.Context, logger logr.Logger, kclient *kubernetes.Clientset, reconciler *controllers.SealedVolumeReconciler, namespace, address string) {
-	logger.Info("Challenger started", "address", address)
+func Start(ctx context.Context, kclient *kubernetes.Clientset, reconciler *controllers.SealedVolumeReconciler, namespace, address string) {
+	fmt.Println("Challenger started at", address)
 	s := http.Server{
 		Addr:         address,
 		ReadTimeout:  10 * time.Second,
@@ -108,50 +107,47 @@ func Start(ctx context.Context, logger logr.Logger, kclient *kubernetes.Clientse

 	m := http.NewServeMux()

-	m.HandleFunc("/postPass", func(w http.ResponseWriter, r *http.Request) {
-		conn, err := upgrader.Upgrade(w, r, nil)
+	errorMessage := func(writer io.WriteCloser, errMsg string) {
+		err := json.NewEncoder(writer).Encode(payload.Data{Error: errMsg})
 		if err != nil {
-			logger.Error(err, "upgrading connection")
-			return
+			fmt.Println("error encoding the response to json", err.Error())
 		}
-		defer func() {
-			err := conn.Close()
-			if err != nil {
-				logger.Error(err, "closing the connection")
+		fmt.Println(errMsg)
 	}
-		}()

-		logger.Info("Receiving passphrase")
+	m.HandleFunc("/postPass", func(w http.ResponseWriter, r *http.Request) {
+		conn, _ := upgrader.Upgrade(w, r, nil) // error ignored for sake of simplicity
+		for {
+
+			fmt.Println("Receiving passphrase")
 			if err := tpm.AuthRequest(r, conn); err != nil {
-			errorMessage(conn, logger, err, "auth request")
+				fmt.Println("error", err.Error())
 				return
 			}
-		logger.Info("[Receiving passphrase] auth succeeded")
+			defer conn.Close()
+			fmt.Println("[Receiving passphrase] auth succeeded")

 			token := r.Header.Get("Authorization")
+
 			hashEncoded, err := getPubHash(token)
 			if err != nil {
-			errorMessage(conn, logger, err, "decoding pubhash")
+				fmt.Println("error decoding pubhash", err.Error())
 				return
 			}
-		logger.Info("[Receiving passphrase] pubhash", "encodedhash", hashEncoded)
+			fmt.Println("[Receiving passphrase] pubhash", hashEncoded)

 			label := r.Header.Get("label")
 			name := r.Header.Get("name")
 			uuid := r.Header.Get("uuid")
 			v := &payload.Data{}
-		logger.Info("Reading request data", "label", label, "name", name, "uuid", uuid)

 			volumeList := &keyserverv1alpha1.SealedVolumeList{}
-		for {
 			if err := reconciler.List(ctx, volumeList, &client.ListOptions{Namespace: namespace}); err != nil {
-				logger.Error(err, "listing volumes")
+				fmt.Println("Failed listing volumes")
+				fmt.Println(err)
 				continue
 			}
-			break
-		}

-		logger.Info("Looking up volume with request data")
 			sealedVolumeData := findVolumeFor(PassphraseRequestData{
 				TPMHash:    hashEncoded,
 				Label:      label,
@@ -160,36 +156,25 @@ func Start(ctx context.Context, logger logr.Logger, kclient *kubernetes.Clientse
 			}, volumeList)

 			if sealedVolumeData == nil {
-			errorMessage(conn, logger, fmt.Errorf("no TPM Hash found for %s", hashEncoded), "")
+				fmt.Println("No TPM Hash found for", hashEncoded)
+				conn.Close()
 				return
 			}
-		logger.Info("[Looking up volume with request data] succeeded")

 			if err := conn.ReadJSON(v); err != nil {
-			logger.Error(err, "reading json from connection")
+				fmt.Println("error", err.Error())
 				return
 			}

-		if !v.HasPassphrase() {
-			errorMessage(conn, logger, fmt.Errorf("invalid answer from client: doesn't contain any passphrase"), "")
-		}
-		if v.HasError() {
-			errorMessage(conn, logger, fmt.Errorf("error: %s", v.Error), v.Error)
-		}
-
+			if v.HasPassphrase() && !v.HasError() {
 				secretName, secretPath := sealedVolumeData.DefaultSecret()
-		logger.Info("Looking up secret in with name", "name", secretName, "namespace", namespace)
-		_, err = kclient.CoreV1().Secrets(namespace).Get(ctx, secretName, v1.GetOptions{})
-		if err == nil {
-			logger.Info("Posted for already existing secret - ignoring")
-			return
-		}
+				_, err := kclient.CoreV1().Secrets(namespace).Get(ctx, secretName, v1.GetOptions{})
+				if err != nil {
 					if !apierrors.IsNotFound(err) {
-			errorMessage(conn, logger, err, "failed getting secret")
-			return
+						fmt.Printf("Failed getting secret: %s\n", err.Error())
+						continue
 					}

-		logger.Info("secret not found, creating one")
 					secret := corev1.Secret{
 						TypeMeta: v1.TypeMeta{
 							Kind:       "Secret",
@@ -205,60 +190,47 @@ func Start(ctx context.Context, logger logr.Logger, kclient *kubernetes.Clientse
 						},
 						Type: "Opaque",
 					}
-		_, err = kclient.CoreV1().Secrets(namespace).Create(ctx, &secret, v1.CreateOptions{})
+					_, err := kclient.CoreV1().Secrets(namespace).Create(ctx, &secret, v1.CreateOptions{})
 					if err != nil {
-			errorMessage(conn, logger, err, "failed during secret creation")
+						fmt.Println("failed during secret creation:", err.Error())
+					}
+				} else {
+					fmt.Println("Posted for already existing secret - ignoring")
+				}
+			} else {
+				fmt.Println("Invalid answer from client: doesn't contain any passphrase")
+			}
 		}
-		logger.Info("created new secret")
 	})

 	m.HandleFunc("/getPass", func(w http.ResponseWriter, r *http.Request) {
-		conn, err := upgrader.Upgrade(w, r, nil)
-		if err != nil {
-			logger.Error(err, "upgrading connection")
-			return
-		}
-		defer func() {
-			err := conn.Close()
-			if err != nil {
-				logger.Error(err, "closing the connection")
-			}
-		}()
+		conn, _ := upgrader.Upgrade(w, r, nil) // error ignored for sake of simplicity

-		logger.Info("Received connection")
-		volumeList := &keyserverv1alpha1.SealedVolumeList{}
 		for {
+			fmt.Println("Received connection")
+			volumeList := &keyserverv1alpha1.SealedVolumeList{}
 			if err := reconciler.List(ctx, volumeList, &client.ListOptions{Namespace: namespace}); err != nil {
-				logger.Error(err, "listing volumes")
+				fmt.Println("Failed listing volumes")
+				fmt.Println(err)
 				continue
 			}
-			break
-		}

-		logger.Info("reading data from request")
 			token := r.Header.Get("Authorization")
 			label := r.Header.Get("label")
 			name := r.Header.Get("name")
 			uuid := r.Header.Get("uuid")

-		tokenStr := "empty"
-		if token != "" {
-			tokenStr = "not empty"
-		}
-		logger.Info("request data", "token", tokenStr, "label", label, "name", name, "uuid", uuid)
-
 			if err := tpm.AuthRequest(r, conn); err != nil {
-			logger.Error(err, "error validating challenge")
+				fmt.Println("error validating challenge", err.Error())
 				return
 			}

 			hashEncoded, err := getPubHash(token)
 			if err != nil {
-			logger.Error(err, "error decoding pubhash")
+				fmt.Println("error decoding pubhash", err.Error())
 				return
 			}

-		logger.Info("Looking up volume with request data")
 			sealedVolumeData := findVolumeFor(PassphraseRequestData{
 				TPMHash:    hashEncoded,
 				Label:      label,
@@ -267,16 +239,14 @@ func Start(ctx context.Context, logger logr.Logger, kclient *kubernetes.Clientse
 			}, volumeList)

 			if sealedVolumeData == nil {
-			errorMessage(conn, logger, fmt.Errorf("no volume found with data from request and hash: %s", hashEncoded), "")
-			return
-		}
-		logger.Info("[Looking up volume with request data] succeeded")
-
-		if sealedVolumeData.Quarantined {
-			errorMessage(conn, logger, fmt.Errorf("quarantined: %s", sealedVolumeData.PartitionLabel), "")
+				writer, _ := conn.NextWriter(websocket.BinaryMessage)
+				errorMessage(writer, fmt.Sprintf("Invalid hash: %s", hashEncoded))
+				conn.Close()
 				return
 			}

+			writer, _ := conn.NextWriter(websocket.BinaryMessage)
+			if !sealedVolumeData.Quarantined {
 				secretName, secretPath := sealedVolumeData.DefaultSecret()

 				// 1. The admin sets a specific cleartext password from Kube manager
@@ -284,38 +254,42 @@ func Start(ctx context.Context, logger logr.Logger, kclient *kubernetes.Clientse
 				// 2. The admin just adds a SealedVolume associated with a TPM Hash ( you don't provide any passphrase )
 				// 3. There is no challenger server at all (offline mode)
 				//
-		logger.Info(fmt.Sprintf("looking up secret %s in namespace %s", secretName, namespace))
 				secret, err := kclient.CoreV1().Secrets(namespace).Get(ctx, secretName, v1.GetOptions{})
-		if err != nil {
-			if apierrors.IsNotFound(err) {
-				errorMessage(conn, logger, fmt.Errorf("No secret found for %s and %s", hashEncoded, sealedVolumeData.PartitionLabel), "")
-			} else {
-				errorMessage(conn, logger, err, "getting the secret from Kubernetes")
-			}
-
-			return
-		}
-		logger.Info(fmt.Sprintf("secret %s found in namespace %s", secretName, namespace))
-
+				if err == nil {
 					passphrase := secret.Data[secretPath]
 					generatedBy := secret.Data[constants.GeneratedByKey]

-		writer, err := conn.NextWriter(websocket.BinaryMessage)
-		if err != nil {
-			logger.Error(err, "getting a writer from the connection")
-		}
 					p := payload.Data{Passphrase: string(passphrase), GeneratedBy: string(generatedBy)}
 					err = json.NewEncoder(writer).Encode(p)
 					if err != nil {
-			logger.Error(err, "writing passphrase to the websocket channel")
+						fmt.Println("error encoding the passphrase to json", err.Error(), string(passphrase))
 					}
 					if err = writer.Close(); err != nil {
-			logger.Error(err, "closing the writer")
+						fmt.Println("error closing the writer", err.Error())
+						return
+					}
+					if err = conn.Close(); err != nil {
+						fmt.Println("error closing the connection", err.Error())
 						return
 					}
-	})

-	s.Handler = logRequestHandler(logger, m)
+					return
+				} else {
+					errorMessage(writer, fmt.Sprintf("No secret found for %s and %s", hashEncoded, sealedVolumeData.PartitionLabel))
+				}
+			} else {
+				errorMessage(writer, fmt.Sprintf("quarantined: %s", sealedVolumeData.PartitionLabel))
+				if err = conn.Close(); err != nil {
+					fmt.Println("error closing the connection", err.Error())
+					return
+				}
+				return
+			}
+		}
+	},
+	)
+
+	s.Handler = m

 	go func() {
 		err := s.ListenAndServe()
@@ -360,36 +334,3 @@ func findVolumeFor(requestData PassphraseRequestData, volumeList *keyserverv1alp

 	return nil
 }
-
-// errorMessage should be used when an error should be both, printed to the stdout
-// and sent over the wire to the websocket client.
-func errorMessage(conn *websocket.Conn, logger logr.Logger, theErr error, description string) {
-	if theErr == nil {
-		return
-	}
-	logger.Error(theErr, description)
-
-	writer, err := conn.NextWriter(websocket.BinaryMessage)
-	if err != nil {
-		logger.Error(err, "getting a writer from the connection")
-	}
-
-	errMsg := theErr.Error()
-	err = json.NewEncoder(writer).Encode(payload.Data{Error: errMsg})
-	if err != nil {
-		logger.Error(err, "error encoding the response to json")
-	}
-	err = writer.Close()
-	if err != nil {
-		logger.Error(err, "closing the writer")
-	}
-}
-
-func logRequestHandler(logger logr.Logger, h http.Handler) http.Handler {
-	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		logger.Info("Incoming request", "method", r.Method, "uri", r.URL.String(),
-			"referer", r.Header.Get("Referer"), "userAgent", r.Header.Get("User-Agent"))
-
-		h.ServeHTTP(w, r)
-	})
-}
--- a/renovate.json
+++ b/renovate.json
@@ -1,18 +0,0 @@
-{
-  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
-  "extends": [
-    "config:base"
-  ],
-  "schedule": [
-    "after 11pm every weekday",
-    "before 7am every weekday",
-    "every weekend"
-  ],
-  "timezone": "Europe/Brussels",
-  "packageRules": [
-    {
-      "matchUpdateTypes": ["patch"],
-      "automerge": true
-    }
-  ]
-}
--- a/scripts/e2e-tests.sh
+++ b/scripts/e2e-tests.sh
@@ -59,4 +59,4 @@ kubectl apply -k "$SCRIPT_DIR/../tests/assets/"
 # https://stackoverflow.com/a/6752280
 export KMS_ADDRESS="10.0.2.2.challenger.sslip.io"

-go run github.com/onsi/ginkgo/v2/ginkgo -v --nodes $GINKGO_NODES --label-filter $LABEL --fail-fast -r ./tests/
+PATH=$PATH:$GOPATH/bin ginkgo -v --nodes $GINKGO_NODES --label-filter $LABEL --fail-fast -r ./tests/
--- a/tests/encryption_test.go
+++ b/tests/encryption_test.go
@@ -47,7 +47,6 @@ var _ = Describe("kcrypt encryption", func() {
 	})

 	AfterEach(func() {
-		vm.GatherLog("/run/immucore/immucore.log")
 		err := vm.Destroy(func(vm VM) {
 			// Stop TPM emulator
 			tpmPID, err := os.ReadFile(path.Join(vm.StateDir, "tpm", "pid"))
Author	SHA1	Message	Date
Itxaka	956c70ca2a	Change to branch with immucore 16 and kcrypt darcut removed Signed-off-by: Itxaka <itxaka.garcia@spectrocloud.com>	2023-03-30 22:12:27 +02:00
Itxaka	d1d89d1796	Debug build from branch with fixed kcrypt Signed-off-by: Itxaka <itxaka.garcia@spectrocloud.com>	2023-03-30 22:12:27 +02:00