2021-10-29 04:29:55 +08:00
|
|
|
package confutil
|
|
|
|
|
|
|
|
|
|
import (
|
2021-11-03 13:48:20 +08:00
|
|
|
"bytes"
|
2021-10-29 04:29:55 +08:00
|
|
|
"io"
|
|
|
|
|
"os"
|
|
|
|
|
"path"
|
2023-05-23 21:32:31 +08:00
|
|
|
"regexp"
|
2021-10-29 04:29:55 +08:00
|
|
|
|
|
|
|
|
"github.com/pelletier/go-toml"
|
|
|
|
|
"github.com/pkg/errors"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
const (
|
|
|
|
|
// DefaultBuildKitStateDir and DefaultBuildKitConfigDir are the location
|
|
|
|
|
// where buildkitd inside the container stores its state. Some drivers
|
|
|
|
|
// create a Linux container, so this should match the location for Linux,
|
|
|
|
|
// as defined in: https://github.com/moby/buildkit/blob/v0.9.0/util/appdefaults/appdefaults_unix.go#L11-L15
|
|
|
|
|
DefaultBuildKitStateDir = "/var/lib/buildkit"
|
|
|
|
|
DefaultBuildKitConfigDir = "/etc/buildkit"
|
|
|
|
|
)
|
|
|
|
|
|
2023-05-23 21:32:31 +08:00
|
|
|
var reInvalidCertsDir = regexp.MustCompile(`[^a-zA-Z0-9.-]+`)
|
|
|
|
|
|
2021-10-29 04:29:55 +08:00
|
|
|
// LoadConfigFiles creates a temp directory with BuildKit config and
|
|
|
|
|
// registry certificates ready to be copied to a container.
|
2021-11-03 13:48:20 +08:00
|
|
|
func LoadConfigFiles(bkconfig string) (map[string][]byte, error) {
|
2021-10-29 04:29:55 +08:00
|
|
|
if _, err := os.Stat(bkconfig); errors.Is(err, os.ErrNotExist) {
|
2021-11-03 13:48:20 +08:00
|
|
|
return nil, errors.Wrapf(err, "buildkit configuration file not found: %s", bkconfig)
|
2021-10-29 04:29:55 +08:00
|
|
|
} else if err != nil {
|
2021-11-03 13:48:20 +08:00
|
|
|
return nil, errors.Wrapf(err, "invalid buildkit configuration file: %s", bkconfig)
|
2021-10-29 04:29:55 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Load config tree
|
2024-09-11 18:27:29 +08:00
|
|
|
btoml, err := LoadConfigTree(bkconfig)
|
2021-10-29 04:29:55 +08:00
|
|
|
if err != nil {
|
2021-11-03 13:48:20 +08:00
|
|
|
return nil, err
|
2021-10-29 04:29:55 +08:00
|
|
|
}
|
|
|
|
|
|
2021-11-03 13:48:20 +08:00
|
|
|
m := make(map[string][]byte)
|
2021-10-29 04:29:55 +08:00
|
|
|
|
|
|
|
|
// Iterate through registry config to copy certs and update
|
|
|
|
|
// BuildKit config with the underlying certs' path in the container.
|
|
|
|
|
//
|
|
|
|
|
// The following BuildKit config:
|
|
|
|
|
//
|
|
|
|
|
// [registry."myregistry.io"]
|
|
|
|
|
// ca=["/etc/config/myca.pem"]
|
|
|
|
|
// [[registry."myregistry.io".keypair]]
|
|
|
|
|
// key="/etc/config/key.pem"
|
|
|
|
|
// cert="/etc/config/cert.pem"
|
|
|
|
|
//
|
|
|
|
|
// will be translated in the container as:
|
|
|
|
|
//
|
|
|
|
|
// [registry."myregistry.io"]
|
|
|
|
|
// ca=["/etc/buildkit/certs/myregistry.io/myca.pem"]
|
|
|
|
|
// [[registry."myregistry.io".keypair]]
|
|
|
|
|
// key="/etc/buildkit/certs/myregistry.io/key.pem"
|
|
|
|
|
// cert="/etc/buildkit/certs/myregistry.io/cert.pem"
|
|
|
|
|
if btoml.Has("registry") {
|
|
|
|
|
for regName := range btoml.GetArray("registry").(*toml.Tree).Values() {
|
|
|
|
|
regConf := btoml.GetPath([]string{"registry", regName}).(*toml.Tree)
|
|
|
|
|
if regConf == nil {
|
|
|
|
|
continue
|
|
|
|
|
}
|
2023-05-23 21:32:31 +08:00
|
|
|
pfx := path.Join("certs", reInvalidCertsDir.ReplaceAllString(regName, "_"))
|
2021-10-29 04:29:55 +08:00
|
|
|
if regConf.Has("ca") {
|
|
|
|
|
regCAs := regConf.GetArray("ca").([]string)
|
|
|
|
|
if len(regCAs) > 0 {
|
|
|
|
|
var cas []string
|
|
|
|
|
for _, ca := range regCAs {
|
2021-11-03 13:48:20 +08:00
|
|
|
fp := path.Join(pfx, path.Base(ca))
|
|
|
|
|
cas = append(cas, path.Join(DefaultBuildKitConfigDir, fp))
|
|
|
|
|
|
|
|
|
|
dt, err := readFile(ca)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, errors.Wrapf(err, "failed to read CA file: %s", ca)
|
2021-10-29 04:29:55 +08:00
|
|
|
}
|
2021-11-03 13:48:20 +08:00
|
|
|
m[fp] = dt
|
2021-10-29 04:29:55 +08:00
|
|
|
}
|
|
|
|
|
regConf.Set("ca", cas)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if regConf.Has("keypair") {
|
|
|
|
|
regKeyPairs := regConf.GetArray("keypair").([]*toml.Tree)
|
|
|
|
|
if len(regKeyPairs) == 0 {
|
|
|
|
|
continue
|
|
|
|
|
}
|
|
|
|
|
for _, kp := range regKeyPairs {
|
|
|
|
|
if kp == nil {
|
|
|
|
|
continue
|
|
|
|
|
}
|
|
|
|
|
key := kp.Get("key").(string)
|
|
|
|
|
if len(key) > 0 {
|
2021-11-03 13:48:20 +08:00
|
|
|
fp := path.Join(pfx, path.Base(key))
|
|
|
|
|
kp.Set("key", path.Join(DefaultBuildKitConfigDir, fp))
|
|
|
|
|
dt, err := readFile(key)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, errors.Wrapf(err, "failed to read key file: %s", key)
|
2021-10-29 04:29:55 +08:00
|
|
|
}
|
2021-11-03 13:48:20 +08:00
|
|
|
m[fp] = dt
|
2021-10-29 04:29:55 +08:00
|
|
|
}
|
|
|
|
|
cert := kp.Get("cert").(string)
|
|
|
|
|
if len(cert) > 0 {
|
2021-11-03 13:48:20 +08:00
|
|
|
fp := path.Join(pfx, path.Base(cert))
|
|
|
|
|
kp.Set("cert", path.Join(DefaultBuildKitConfigDir, fp))
|
|
|
|
|
dt, err := readFile(cert)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, errors.Wrapf(err, "failed to read cert file: %s", cert)
|
2021-10-29 04:29:55 +08:00
|
|
|
}
|
2021-11-03 13:48:20 +08:00
|
|
|
m[fp] = dt
|
2021-10-29 04:29:55 +08:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2021-11-03 13:48:20 +08:00
|
|
|
b := bytes.NewBuffer(nil)
|
|
|
|
|
_, err = btoml.WriteTo(b)
|
2021-10-29 04:29:55 +08:00
|
|
|
if err != nil {
|
2021-11-03 13:48:20 +08:00
|
|
|
return nil, err
|
2021-10-29 04:29:55 +08:00
|
|
|
}
|
2021-11-03 13:48:20 +08:00
|
|
|
m["buildkitd.toml"] = b.Bytes()
|
2021-10-29 04:29:55 +08:00
|
|
|
|
2021-11-03 13:48:20 +08:00
|
|
|
return m, nil
|
2021-10-29 04:29:55 +08:00
|
|
|
}
|
|
|
|
|
|
2021-11-03 13:48:20 +08:00
|
|
|
func readFile(fp string) ([]byte, error) {
|
|
|
|
|
sf, err := os.Open(fp)
|
2021-10-29 04:29:55 +08:00
|
|
|
if err != nil {
|
2021-11-03 13:48:20 +08:00
|
|
|
return nil, err
|
2021-10-29 04:29:55 +08:00
|
|
|
}
|
|
|
|
|
defer sf.Close()
|
2021-11-03 13:48:20 +08:00
|
|
|
return io.ReadAll(io.LimitReader(sf, 1024*1024))
|
2021-10-29 04:29:55 +08:00
|
|
|
}
|
