From 408ca3b919312c8b3e9bae03322e83c2e7912ec7 Mon Sep 17 00:00:00 2001 From: Evan Baker Date: Tue, 12 Apr 2022 20:14:35 +0000 Subject: [PATCH 1/5] dropgz: self extracting gz installer and cni dropper dockerfile Signed-off-by: Evan Baker --- .github/dependabot.yaml | 11 ++- .pipelines/pipeline.yaml | 23 +++-- Makefile | 74 ++++++++++---- dropgz/build/cni.Dockerfile | 16 ++++ dropgz/cmd/payload.go | 127 +++++++++++++++++++++++++ dropgz/cmd/root.go | 68 +++++++++++++ dropgz/cmd/version.go | 24 +++++ dropgz/go.mod | 19 ++++ dropgz/go.sum | 75 +++++++++++++++ dropgz/internal/buildinfo/buildinfo.go | 3 + dropgz/main.go | 7 ++ dropgz/pkg/embed/gz/_README | 4 + dropgz/pkg/embed/gz/sum.txt | 0 dropgz/pkg/embed/payload.go | 83 ++++++++++++++++ dropgz/pkg/hash/sha.go | 43 +++++++++ tools/acncli/Dockerfile | 7 +- 16 files changed, 551 insertions(+), 33 deletions(-) create mode 100644 dropgz/build/cni.Dockerfile create mode 100644 dropgz/cmd/payload.go create mode 100644 dropgz/cmd/root.go create mode 100644 dropgz/cmd/version.go create mode 100644 dropgz/go.mod create mode 100644 dropgz/go.sum create mode 100644 dropgz/internal/buildinfo/buildinfo.go create mode 100644 dropgz/main.go create mode 100644 dropgz/pkg/embed/gz/_README create mode 100644 dropgz/pkg/embed/gz/sum.txt create mode 100644 dropgz/pkg/embed/payload.go create mode 100644 dropgz/pkg/hash/sha.go diff --git a/.github/dependabot.yaml b/.github/dependabot.yaml index b3f342f5ad..8175ad3e7d 100644 --- a/.github/dependabot.yaml +++ b/.github/dependabot.yaml @@ -47,6 +47,15 @@ updates: - "azure/azure-sdn-members" commit-message: prefix: "deps" +- package-ecosystem: "gomod" + directory: "/dropgz" + schedule: + interval: "daily" + assignees: + - "matmerr" + - "rbtr" + commit-message: + prefix: "deps" - package-ecosystem: "gomod" directory: "/zapai" schedule: @@ -54,7 +63,5 @@ updates: assignees: - "matmerr" - "rbtr" - reviewers: - - "azure/azure-sdn-members" commit-message: prefix: "deps" diff --git a/.pipelines/pipeline.yaml b/.pipelines/pipeline.yaml index 955d099706..356ae1c3c3 100644 --- a/.pipelines/pipeline.yaml +++ b/.pipelines/pipeline.yaml @@ -150,14 +150,22 @@ stages: name: "$(BUILD_POOL_NAME_DEFAULT)" strategy: matrix: - cni_manager_linux_amd64: + acncli_linux_amd64: arch: amd64 os: linux - name: cni-manager - cni_manager_linux_arm64: + name: acncli + acncli_linux_arm64: arch: arm64 os: linux - name: cni-manager + name: acncli + cni_dropgz_linux_amd64: + arch: amd64 + os: linux + name: cni-dropgz + cni_dropgz_linux_arm64: + arch: arm64 + os: linux + name: cni-dropgz cns_linux_amd64: arch: amd64 os: linux @@ -216,8 +224,11 @@ stages: name: "$(BUILD_POOL_NAME_DEFAULT)" strategy: matrix: - cni-manager: - name: cni-manager + acncli: + name: acncli + platforms: linux/amd64 linux/arm64 + cni_dropgz: + name: cni-dropgz platforms: linux/amd64 linux/arm64 cns: name: cns diff --git a/Makefile b/Makefile index ac1350db8d..43cdd82aa2 100644 --- a/Makefile +++ b/Makefile @@ -81,15 +81,15 @@ CNI_BAREMETAL_ARCHIVE_NAME = azure-vnet-cni-baremetal-$(GOOS)-$(GOARCH)-$(VERSIO CNS_ARCHIVE_NAME = azure-cns-$(GOOS)-$(GOARCH)-$(VERSION).$(ARCHIVE_EXT) NPM_ARCHIVE_NAME = azure-npm-$(GOOS)-$(GOARCH)-$(VERSION).$(ARCHIVE_EXT) NPM_IMAGE_INFO_FILE = azure-npm-$(VERSION).txt -CNI_IMAGE_ARCHIVE_NAME = azure-cni-manager-$(GOOS)-$(GOARCH)-$(VERSION).$(ARCHIVE_EXT) -CNI_IMAGE_INFO_FILE = azure-cni-manager-$(VERSION).txt +CNIDROPGZ_IMAGE_ARCHIVE_NAME = cni-dropgz-$(GOOS)-$(GOARCH)-$(VERSION).$(ARCHIVE_EXT) +CNIDROPGZ_IMAGE_INFO_FILE = cni-dropgz-$(VERSION).txt CNS_IMAGE_INFO_FILE = azure-cns-$(VERSION).txt # Docker libnetwork (CNM) plugin v2 image parameters. CNM_PLUGIN_IMAGE ?= microsoft/azure-vnet-plugin CNM_PLUGIN_ROOTFS = azure-vnet-plugin-rootfs -VERSION ?= $(shell git describe --tags --always --dirty) +VERSION ?= $(shell git describe --exclude "zapai*" --tags --always --dirty) # Default target all-binaries-platforms: ## Make all platform binaries @@ -101,7 +101,7 @@ all-binaries-platforms: ## Make all platform binaries # OS specific binaries/images ifeq ($(GOOS),linux) -all-binaries: azure-cnm-plugin azure-cni-plugin azure-cns azure-npm +all-binaries: acncli azure-cnm-plugin azure-cni-plugin azure-cns azure-npm all-images: npm-image cns-image cni-manager-image else all-binaries: azure-cnm-plugin azure-cni-plugin azure-cns azure-npm @@ -156,9 +156,10 @@ azure-npm-binary: ##@ Containers -CNI_IMAGE = azure-cni-manager -CNS_IMAGE = azure-cns -NPM_IMAGE = azure-npm +ACNCLI_IMAGE = acncli +CNIDROPGZ_IMAGE = cni-dropgz +CNS_IMAGE = azure-cns +NPM_IMAGE = azure-npm TAG ?= $(VERSION) IMAGE_REGISTRY ?= acnpublic.azurecr.io @@ -213,33 +214,60 @@ container-info: # util target to write container info file. do not invoke direct sudo chown -R $$(whoami) $(IMAGE_DIR) sudo chmod -R 777 $(IMAGE_DIR) -cni-manager-image-name: # util target to print the CNI manager image name. - @echo $(CNI_IMAGE) +acncli-image-name: # util target to print the CNI manager image name. + @echo $(ACNCLI_IMAGE) -cni-manager-image: ## build cni-manager container image. +acncli-image: ## build cni-manager container image. $(MAKE) containerize-$(CONTAINER_BUILDER) \ PLATFORM=$(PLATFORM) \ DOCKERFILE=tools/acncli/Dockerfile \ REGISTRY=$(IMAGE_REGISTRY) \ - IMAGE=$(CNI_IMAGE) \ - EXTRA_BUILD_ARGS='--build-arg PLATFORM=$(OS)_$(ARCH)' \ + IMAGE=$(ACNCLI_IMAGE) \ + TAG=$(TAG) + +acncli-image-info: # util target to write cni-manager container info file. + $(MAKE) container-info IMAGE=$(ACNCLI_IMAGE) TAG=$(TAG) FILE=$(ACNCLI_IMAGE_INFO_FILE) + +acncli-image-push: ## push cni-manager container image. + $(MAKE) container-push \ + PLATFORM=$(PLATFORM) \ + REGISTRY=$(IMAGE_REGISTRY) \ + IMAGE=$(ACNCLI_IMAGE) \ + TAG=$(TAG) + +acncli-image-pull: ## pull cni-manager container image. + $(MAKE) container-pull \ + PLATFORM=$(PLATFORM) \ + REGISTRY=$(IMAGE_REGISTRY) \ + IMAGE=$(ACNCLI_IMAGE) \ TAG=$(TAG) -cni-manager-image-info: # util target to write cni-manager container info file. - $(MAKE) container-info IMAGE=$(CNI_IMAGE) TAG=$(TAG) FILE=$(CNI_IMAGE_INFO_FILE) +cni-dropgz-image-name: # util target to print the CNI dropgz image name. + @echo $(CNIDROPGZ_IMAGE) + +cni-dropgz-image: ## build cni-dropgz container image. + $(MAKE) containerize-$(CONTAINER_BUILDER) \ + PLATFORM=$(PLATFORM) \ + DOCKERFILE=dropgz/build/cni.Dockerfile \ + REGISTRY=$(IMAGE_REGISTRY) \ + IMAGE=$(CNIDROPGZ_IMAGE) \ + TAG=$(TAG) -cni-manager-image-push: ## push cni-manager container image. +cni-dropgz-image-info: # util target to write cni-dropgz container info file. + $(MAKE) container-info IMAGE=$(CNIDROPGZ_IMAGE) TAG=$(TAG) FILE=$(CNIDROPGZ_IMAGE_INFO_FILE) + +cni-dropgz-image-push: ## push cni-dropgz container image. $(MAKE) container-push \ PLATFORM=$(PLATFORM) \ REGISTRY=$(IMAGE_REGISTRY) \ - IMAGE=$(CNI_IMAGE) \ + IMAGE=$(CNIDROPGZ_IMAGE) \ TAG=$(TAG) -cni-manager-image-pull: ## pull cni-manager container image. +cni-dropgz-image-pull: ## pull cni-dropgz container image. $(MAKE) container-pull \ PLATFORM=$(PLATFORM) \ REGISTRY=$(IMAGE_REGISTRY) \ - IMAGE=$(CNI_IMAGE) \ + IMAGE=$(CNIDROPGZ_IMAGE) \ TAG=$(TAG) cns-image-name: # util target to print the CNS image name @@ -362,10 +390,16 @@ multiarch-manifest-create: # util target to compose multiarch container manifest multiarch-manifest-push: # util target to push multiarch container manifest. $(CONTAINER_BUILDER) manifest push --all $(IMAGE_REGISTRY)/$(IMAGE):$(TAG) docker://$(IMAGE_REGISTRY)/$(IMAGE):$(TAG) -cni-manager-multiarch-manifest-create: ## build cni-manager multi-arch container manifest. +acncli-multiarch-manifest-create: ## build acncli multi-arch container manifest. + $(MAKE) multiarch-manifest-create \ + PLATFORMS="$(PLATFORMS)" \ + IMAGE=$(ACNCLI_IMAGE) \ + TAG=$(TAG) + +cni-dropgz-multiarch-manifest-create: ## build cni-dropgz multi-arch container manifest. $(MAKE) multiarch-manifest-create \ PLATFORMS="$(PLATFORMS)" \ - IMAGE=$(CNI_IMAGE) \ + IMAGE=$(CNIDROPGZ_IMAGE) \ TAG=$(TAG) cns-multiarch-manifest-create: ## build azure-cns multi-arch container manifest. diff --git a/dropgz/build/cni.Dockerfile b/dropgz/build/cni.Dockerfile new file mode 100644 index 0000000000..28086e205f --- /dev/null +++ b/dropgz/build/cni.Dockerfile @@ -0,0 +1,16 @@ +FROM mcr.microsoft.com/oss/go/microsoft/golang:1.18 AS builder +ARG VERSION +WORKDIR /azure-container-networking +COPY . . +RUN CGO_ENABLED=0 go build -a -o bin/azure-vnet -trimpath -ldflags "-X main.version="$VERSION"" -gcflags="-dwarflocationlists=true" cni/network/plugin/main.go +RUN mv bin/* dropgz/pkg/embed/gz &&\ + mv cni/*.conflist dropgz/pkg/embed/gz &&\ + cd dropgz/pkg/embed/gz/ && sha256sum * > sum.txt +RUN gzip --best --recursive dropgz/pkg/embed/gz && for f in dropgz/pkg/embed/gz/*.gz; do mv -- "$f" "${f%%.gz}"; done +RUN cd dropgz && CGO_ENABLED=0 go build -a -o ../bin/dropgz -trimpath -ldflags "-X github.com/Azure/azure-container-networking/dropgz/internal/buildinfo.Version="$VERSION"" -gcflags="-dwarflocationlists=true" main.go + +FROM scratch +COPY --from=builder /etc/passwd /etc/passwd +COPY --from=builder /etc/group /etc/group +COPY --from=builder azure-container-networking/bin/dropgz /usr/local/bin/dropgz +ENTRYPOINT [ "/usr/local/bin/dropgz" ] diff --git a/dropgz/cmd/payload.go b/dropgz/cmd/payload.go new file mode 100644 index 0000000000..86ef16013f --- /dev/null +++ b/dropgz/cmd/payload.go @@ -0,0 +1,127 @@ +package cmd + +import ( + "fmt" + + "github.com/Azure/azure-container-networking/dropgz/pkg/embed" + "github.com/Azure/azure-container-networking/dropgz/pkg/hash" + "github.com/pkg/errors" + "github.com/spf13/cobra" + "go.uber.org/zap" +) + +// list subcommand +var list = &cobra.Command{ + Use: "list", + RunE: func(*cobra.Command, []string) error { + if err := setLogLevel(); err != nil { + return err + } + contents, err := embed.Contents() + if err != nil { + return err + } + for _, c := range contents { + fmt.Printf("\t%s\n", c) + } + return nil + }, +} + +func checksum(srcs, dests []string) error { + if len(srcs) != len(dests) { + return errors.Wrapf(embed.ErrArgsMismatched, "%d and %d", len(srcs), len(dests)) + } + r, c, err := embed.Extract("sum.txt") + if err != nil { + return errors.Wrap(err, "failed to extract checksum file") + } + defer c.Close() + defer r.Close() + + checksums, err := hash.Parse(r) + if err != nil { + return errors.Wrap(err, "failed to parse checksums") + } + for i := range srcs { + valid, err := checksums.Check(srcs[i], dests[i]) + if err != nil { + return errors.Wrapf(err, "failed to validate file at %s", dests[i]) + } + if !valid { + return errors.Errorf("%s checksum validation failed", dests[i]) + } + } + return nil +} + +var ( + skipVerify bool + outs []string +) + +// deploy subcommand +var deploy = &cobra.Command{ + Use: "deploy", + RunE: func(_ *cobra.Command, srcs []string) error { + if err := setLogLevel(); err != nil { + return err + } + if len(outs) == 0 { + outs = srcs + } + if len(srcs) != len(outs) { + return errors.Wrapf(embed.ErrArgsMismatched, "%d files, %d outputs", len(srcs), len(outs)) + } + log := z.With(zap.Strings("sources", srcs), zap.Strings("outputs", outs), zap.String("cmd", "deploy")) + if err := embed.Deploy(log, srcs, outs); err != nil { + return errors.Wrapf(err, "failed to deploy %s", srcs) + } + log.Info("successfully wrote files") + if skipVerify { + return nil + } + if err := checksum(srcs, outs); err != nil { + return err + } + log.Info("verified file integrity") + return nil + }, + Args: cobra.OnlyValidArgs, +} + +// verify subcommand +var verify = &cobra.Command{ + Use: "verify", + RunE: func(_ *cobra.Command, srcs []string) error { + if err := setLogLevel(); err != nil { + return err + } + if len(outs) == 0 { + outs = srcs + } + if len(srcs) != len(outs) { + return errors.Wrapf(embed.ErrArgsMismatched, "%d sources, %d destinations", len(srcs), len(outs)) + } + log := z.With(zap.Strings("sources", srcs), zap.Strings("outputs", outs), zap.String("cmd", "verify")) + if err := checksum(srcs, outs); err != nil { + return err + } + log.Info("verified files") + return nil + }, + Args: cobra.OnlyValidArgs, +} + +func init() { + root.AddCommand(list) + + verify.ValidArgs, _ = embed.Contents() + verify.Flags().StringSliceVarP(&outs, "output", "o", []string{}, "output file path") + root.AddCommand(verify) + + deploy.ValidArgs, _ = embed.Contents() // setting this after the command is initialized is required + deploy.Flags().BoolVar(&skipVerify, "skip-verify", false, "set to disable checksum validation") + deploy.Flags().StringSliceVarP(&outs, "output", "o", []string{}, "output file path") + root.AddCommand(deploy) +} diff --git a/dropgz/cmd/root.go b/dropgz/cmd/root.go new file mode 100644 index 0000000000..2938870519 --- /dev/null +++ b/dropgz/cmd/root.go @@ -0,0 +1,68 @@ +package cmd + +import ( + "context" + "fmt" + "os" + "os/signal" + "syscall" + + zaplogfmt "github.com/jsternberg/zap-logfmt" + "github.com/pkg/errors" + "github.com/spf13/cobra" + "go.uber.org/zap" + "go.uber.org/zap/zapcore" +) + +var ( + ctx context.Context + z *zap.Logger + levelFlag string + leveler = zap.NewAtomicLevel() +) + +// root represent the base invocation. +var root = &cobra.Command{ + Use: "dropgz", + SilenceUsage: true, +} + +func init() { + // set up signal handlers + var cancel context.CancelFunc + ctx, cancel = context.WithCancel(context.Background()) + + sig := make(chan os.Signal, 1) + signal.Notify(sig, os.Interrupt, syscall.SIGTERM) + go func() { + <-sig + cancel() + fmt.Println("exiting") + }() + + // build root logger + zcfg := zap.NewProductionEncoderConfig() + z = zap.New(zapcore.NewCore( + zaplogfmt.NewEncoder(zcfg), + os.Stdout, + leveler, + )) + + // bind root flags + root.PersistentFlags().StringVarP(&levelFlag, "log-level", "v", "info", "log level [trace,debug,info,warn,error]") +} + +func Execute() { + if err := root.Execute(); err != nil { + os.Exit(1) + } +} + +func setLogLevel() error { + level, err := zapcore.ParseLevel(levelFlag) + if err != nil { + return errors.Wrapf(err, "failed to parse log level '%s'", levelFlag) + } + leveler.SetLevel(level) + return nil +} diff --git a/dropgz/cmd/version.go b/dropgz/cmd/version.go new file mode 100644 index 0000000000..c16f33b419 --- /dev/null +++ b/dropgz/cmd/version.go @@ -0,0 +1,24 @@ +package cmd + +import ( + "fmt" + + "github.com/Azure/azure-container-networking/dropgz/internal/buildinfo" + "github.com/spf13/cobra" +) + +// version command. +var version = &cobra.Command{ + Use: "version", + RunE: func(cmd *cobra.Command, args []string) error { + if err := setLogLevel(); err != nil { + return err + } + fmt.Println(buildinfo.Version) + return nil + }, +} + +func init() { + root.AddCommand(version) +} diff --git a/dropgz/go.mod b/dropgz/go.mod new file mode 100644 index 0000000000..0c44e54cc7 --- /dev/null +++ b/dropgz/go.mod @@ -0,0 +1,19 @@ +module github.com/Azure/azure-container-networking/dropgz + +go 1.18 + +require ( + github.com/jsternberg/zap-logfmt v1.2.0 + github.com/pkg/errors v0.9.1 + github.com/spf13/cobra v1.4.0 + go.uber.org/zap v1.21.0 +) + +require ( + github.com/inconshreveable/mousetrap v1.0.0 // indirect + github.com/spf13/pflag v1.0.5 // indirect + github.com/stretchr/testify v1.7.1 // indirect + go.uber.org/atomic v1.7.0 // indirect + go.uber.org/goleak v1.1.12 // indirect + go.uber.org/multierr v1.6.0 // indirect +) diff --git a/dropgz/go.sum b/dropgz/go.sum new file mode 100644 index 0000000000..f2c1a49468 --- /dev/null +++ b/dropgz/go.sum @@ -0,0 +1,75 @@ +github.com/benbjohnson/clock v1.1.0 h1:Q92kusRqC1XV2MjkWETPvjJVqKetz1OzxZB7mHJLju8= +github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= +github.com/cpuguy83/go-md2man/v2 v2.0.1/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= +github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= +github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/inconshreveable/mousetrap v1.0.0 h1:Z8tu5sraLXCXIcARxBp/8cbvlwVa7Z1NHg9XEKhtSvM= +github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= +github.com/jsternberg/zap-logfmt v1.2.0 h1:1v+PK4/B48cy8cfQbxL4FmmNZrjnIMr2BsnyEmXqv2o= +github.com/jsternberg/zap-logfmt v1.2.0/go.mod h1:kz+1CUmCutPWABnNkOu9hOHKdT2q3TDYCcsFy9hpqb0= +github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= +github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= +github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= +github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= +github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= +github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= +github.com/spf13/cobra v1.4.0 h1:y+wJpx64xcgO1V+RcnwW0LEHxTKRi2ZDPSBjWnrg88Q= +github.com/spf13/cobra v1.4.0/go.mod h1:Wo4iy3BUC+X2Fybo0PDqwJIv3dNRiZLHQymsfxlB84g= +github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= +github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= +github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= +github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= +github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.7.1 h1:5TQK59W5E3v0r2duFAb7P95B6hEeOyEnHRa8MjYSMTY= +github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= +go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= +go.uber.org/atomic v1.7.0 h1:ADUqmZGgLDDfbSL9ZmPxKTybcoEYHgpYfELNoN+7hsw= +go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= +go.uber.org/goleak v1.1.11/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ= +go.uber.org/goleak v1.1.12 h1:gZAh5/EyT/HQwlpkCy6wTpqfH9H8Lz8zbm3dZh+OyzA= +go.uber.org/goleak v1.1.12/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ= +go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0= +go.uber.org/multierr v1.6.0 h1:y6IPFStTAIT5Ytl7/XYmHvzXQ7S3g/IeZW9hyZ5thw4= +go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU= +go.uber.org/zap v1.9.1/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= +go.uber.org/zap v1.21.0 h1:WefMeulhovoZ2sYXz7st6K0sLj7bBhpiFaud4r4zST8= +go.uber.org/zap v1.21.0/go.mod h1:wjWOCqI0f2ZZrJF/UufIOkiC8ii6tm1iqIsLo76RfJw= +golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= +golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= +golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= +golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= +golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= +golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= +gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= +gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b h1:h8qDotaEPuJATrMmW04NCwg7v22aHH28wwpauUhK9Oo= +gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= diff --git a/dropgz/internal/buildinfo/buildinfo.go b/dropgz/internal/buildinfo/buildinfo.go new file mode 100644 index 0000000000..77ffbb7fd2 --- /dev/null +++ b/dropgz/internal/buildinfo/buildinfo.go @@ -0,0 +1,3 @@ +package buildinfo + +var Version string diff --git a/dropgz/main.go b/dropgz/main.go new file mode 100644 index 0000000000..46ef567ab5 --- /dev/null +++ b/dropgz/main.go @@ -0,0 +1,7 @@ +package main + +import "github.com/Azure/azure-container-networking/dropgz/cmd" + +func main() { + cmd.Execute() +} diff --git a/dropgz/pkg/embed/gz/_README b/dropgz/pkg/embed/gz/_README new file mode 100644 index 0000000000..d11ae80191 --- /dev/null +++ b/dropgz/pkg/embed/gz/_README @@ -0,0 +1,4 @@ +This files in this directory intentionally left blank. +At build time files are dropped here and embedded in to the dropgz binary. +_README is excluded due to the _ prefix. +sum.txt will contain pre-compression file SHAs. diff --git a/dropgz/pkg/embed/gz/sum.txt b/dropgz/pkg/embed/gz/sum.txt new file mode 100644 index 0000000000..e69de29bb2 diff --git a/dropgz/pkg/embed/payload.go b/dropgz/pkg/embed/payload.go new file mode 100644 index 0000000000..23ace10a90 --- /dev/null +++ b/dropgz/pkg/embed/payload.go @@ -0,0 +1,83 @@ +package embed + +import ( + "bufio" + "compress/gzip" + "embed" + "io" + "io/fs" + "os" + "path/filepath" + "strings" + + "github.com/pkg/errors" + "go.uber.org/zap" +) + +const ( + cwd = "gz" +) + +var ErrArgsMismatched = errors.New("mismatched argument count") + +// gzfs contains the gzipped files for deployment, as a read-only FileSystem containing only "gzfs/". +//nolint:typecheck // dir is populated at build. +//go:embed gz +var gzfs embed.FS + +func Contents() ([]string, error) { + contents := []string{} + if err := fs.WalkDir(gzfs, cwd, func(path string, d fs.DirEntry, err error) error { + if err != nil { + return err + } + if d.IsDir() { + return nil + } + contents = append(contents, strings.TrimPrefix(path, cwd+string(filepath.Separator))) + return nil + }); err != nil { + return nil, errors.Wrap(err, "error walking gzfs") + } + return contents, nil +} + +func Extract(path string) (io.ReadCloser, io.Closer, error) { + f, err := gzfs.Open(filepath.Join(cwd, path)) + if err != nil { + return nil, nil, errors.Wrapf(err, "failed to open file %s", path) + } + r, err := gzip.NewReader(bufio.NewReader(f)) + return r, f, errors.Wrap(err, "failed to build gzip reader") +} + +func deploy(src, dest string) error { + r, c, err := Extract(src) + if err != nil { + return err + } + defer c.Close() + defer r.Close() + target, err := os.Create(dest) + if err != nil { + return errors.Wrapf(err, "failed to create file %s", dest) + } + defer target.Close() + _, err = io.Copy(bufio.NewWriter(target), r) + return errors.Wrapf(err, "failed to copy %s to %s", src, dest) +} + +func Deploy(log *zap.Logger, srcs, dests []string) error { + if len(srcs) != len(dests) { + return errors.Wrapf(ErrArgsMismatched, "%d and %d", len(srcs), len(dests)) + } + for i := range srcs { + src := srcs[i] + dest := dests[i] + if err := deploy(src, dest); err != nil { + return err + } + log.Info("wrote file", zap.String("src", src), zap.String("dest", dest)) + } + return nil +} diff --git a/dropgz/pkg/hash/sha.go b/dropgz/pkg/hash/sha.go new file mode 100644 index 0000000000..f69f4019ec --- /dev/null +++ b/dropgz/pkg/hash/sha.go @@ -0,0 +1,43 @@ +package hash + +import ( + "bufio" + "crypto/sha256" + "fmt" + "io" + "os" + "strings" + + "github.com/pkg/errors" +) + +type Checksums map[string]string + +func Parse(r io.Reader) (Checksums, error) { + checksums := Checksums{} + linescanner := bufio.NewScanner(r) + linescanner.Split(bufio.ScanLines) + + for linescanner.Scan() { + line := linescanner.Text() + entry := strings.Fields(line) + if len(entry) != 2 { //nolint:gomnd // sha256 checksum file constant + return nil, errors.Errorf("malformed sha checksum line: %s", line) + } + checksums[entry[1]] = entry[0] + } + return checksums, nil +} + +func (sums Checksums) Check(src, dst string) (bool, error) { + want, ok := sums[src] + if !ok { + return false, errors.Errorf("unknown path %s", src) + } + buf, err := os.ReadFile(dst) + if err != nil { + return false, errors.Wrapf(err, "unable to read file %s", dst) + } + have := sha256.Sum256(buf) + return want == fmt.Sprintf("%x", have), nil +} diff --git a/tools/acncli/Dockerfile b/tools/acncli/Dockerfile index e9f9b9156e..7bc83da9d2 100644 --- a/tools/acncli/Dockerfile +++ b/tools/acncli/Dockerfile @@ -1,19 +1,16 @@ FROM mcr.microsoft.com/oss/go/microsoft/golang:1.18 as build WORKDIR /go/src/github.com/Azure/azure-container-networking/ ARG VERSION -ARG PLATFORM ADD . . RUN make all-binaries RUN make acncli -RUN rm -rf ./output/windows* -RUN rm -rf ./output/${PLATFORM:-linux_amd64}/npm/* +RUN rm -rf ./output/**/npm RUN mv ./output /output RUN find /output -name "*.zip" -type f -delete RUN find /output -name "*.tgz" -type f -delete FROM scratch -ARG PLATFORM -COPY --from=build /output/${PLATFORM:-linux_amd64}/acncli/ . +COPY --from=build /output/**/acncli/ . COPY --from=build /output /output ENV AZURE_CNI_OS=linux ENV AZURE_CNI_TENANCY=singletenancy From a231c05fe569badbe3b98d212439524f3414bf83 Mon Sep 17 00:00:00 2001 From: Evan Baker Date: Tue, 7 Jun 2022 16:17:09 +0000 Subject: [PATCH 2/5] update integration test for new container name Signed-off-by: Evan Baker --- test/integration/manifests/cni/manager.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/integration/manifests/cni/manager.yaml b/test/integration/manifests/cni/manager.yaml index 5c9fc19e00..5db6dddf9d 100644 --- a/test/integration/manifests/cni/manager.yaml +++ b/test/integration/manifests/cni/manager.yaml @@ -19,7 +19,7 @@ spec: hostNetwork: true containers: - name: azure-cni-installer - image: acnpublic.azurecr.io/azure-cni-manager:v1.2.8-32-g77506640 + image: acnpublic.azurecr.io/acncli:v1.2.8-32-g77506640 command: ["./acn"] args: ["cni", "manager", "--follow", "--mode", "transparent", "--ipam", "azure-cns"] imagePullPolicy: Always From 00ea3112dcf6734d2c3d58700d5cecd34ea15b5d Mon Sep 17 00:00:00 2001 From: Evan Baker Date: Mon, 20 Jun 2022 19:45:35 +0000 Subject: [PATCH 3/5] add compound closer and address other review feedback Signed-off-by: Evan Baker --- dropgz/cmd/payload.go | 7 +++--- dropgz/cmd/root.go | 2 +- dropgz/pkg/embed/payload.go | 47 +++++++++++++++++++++++++++++-------- 3 files changed, 41 insertions(+), 15 deletions(-) diff --git a/dropgz/cmd/payload.go b/dropgz/cmd/payload.go index 86ef16013f..921591d35a 100644 --- a/dropgz/cmd/payload.go +++ b/dropgz/cmd/payload.go @@ -32,14 +32,13 @@ func checksum(srcs, dests []string) error { if len(srcs) != len(dests) { return errors.Wrapf(embed.ErrArgsMismatched, "%d and %d", len(srcs), len(dests)) } - r, c, err := embed.Extract("sum.txt") + rc, err := embed.Extract("sum.txt") if err != nil { return errors.Wrap(err, "failed to extract checksum file") } - defer c.Close() - defer r.Close() + defer rc.Close() - checksums, err := hash.Parse(r) + checksums, err := hash.Parse(rc) if err != nil { return errors.Wrap(err, "failed to parse checksums") } diff --git a/dropgz/cmd/root.go b/dropgz/cmd/root.go index 2938870519..ab6fe8e1ae 100644 --- a/dropgz/cmd/root.go +++ b/dropgz/cmd/root.go @@ -54,7 +54,7 @@ func init() { func Execute() { if err := root.Execute(); err != nil { - os.Exit(1) + z.Fatal("exiting due to error", zap.Error(err)) } } diff --git a/dropgz/pkg/embed/payload.go b/dropgz/pkg/embed/payload.go index 23ace10a90..85918ed893 100644 --- a/dropgz/pkg/embed/payload.go +++ b/dropgz/pkg/embed/payload.go @@ -15,7 +15,8 @@ import ( ) const ( - cwd = "gz" + cwd = "gz" + pathPrefix = cwd + string(filepath.Separator) ) var ErrArgsMismatched = errors.New("mismatched argument count") @@ -34,7 +35,7 @@ func Contents() ([]string, error) { if d.IsDir() { return nil } - contents = append(contents, strings.TrimPrefix(path, cwd+string(filepath.Separator))) + contents = append(contents, strings.TrimPrefix(path, pathPrefix)) return nil }); err != nil { return nil, errors.Wrap(err, "error walking gzfs") @@ -42,28 +43,54 @@ func Contents() ([]string, error) { return contents, nil } -func Extract(path string) (io.ReadCloser, io.Closer, error) { +// gzipCompoundReadCloser is a wrapper around the source file handle and +// the gzip Reader on the file to provide a single Close implementation +// which cleans up both. +// We have to explicitly track and close the underlying Reader, because +// the gzip readercloser# does not. +type gzipCompoundReadCloser struct { + file io.Closer + gzreader io.ReadCloser +} + +func (rc *gzipCompoundReadCloser) Read(p []byte) (n int, err error) { + return rc.gzreader.Read(p) +} + +func (rc *gzipCompoundReadCloser) Close() error { + if err := rc.gzreader.Close(); err != nil { + return err + } + if err := rc.file.Close(); err != nil { + return err + } + return nil +} + +func Extract(path string) (*gzipCompoundReadCloser, error) { f, err := gzfs.Open(filepath.Join(cwd, path)) if err != nil { - return nil, nil, errors.Wrapf(err, "failed to open file %s", path) + return nil, errors.Wrapf(err, "failed to open file %s", path) } r, err := gzip.NewReader(bufio.NewReader(f)) - return r, f, errors.Wrap(err, "failed to build gzip reader") + if err != nil { + return nil, errors.Wrap(err, "failed to build gzip reader") + } + return &gzipCompoundReadCloser{file: f, gzreader: r}, nil } func deploy(src, dest string) error { - r, c, err := Extract(src) + rc, err := Extract(src) if err != nil { return err } - defer c.Close() - defer r.Close() - target, err := os.Create(dest) + defer rc.Close() + target, err := os.OpenFile(dest, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0o766) //nolint:gomnd // executable file bitmask if err != nil { return errors.Wrapf(err, "failed to create file %s", dest) } defer target.Close() - _, err = io.Copy(bufio.NewWriter(target), r) + _, err = io.Copy(bufio.NewWriter(target), rc) return errors.Wrapf(err, "failed to copy %s to %s", src, dest) } From a739d5149927a98944076521e5f242d7281506e5 Mon Sep 17 00:00:00 2001 From: Evan Baker Date: Mon, 27 Jun 2022 22:18:47 +0000 Subject: [PATCH 4/5] address review comments Signed-off-by: Evan Baker --- Makefile | 2 +- dropgz/build/cni.Dockerfile | 27 ++++++++++------- dropgz/cmd/root.go | 3 +- dropgz/pkg/embed/{gz => fs}/_README | 0 dropgz/pkg/embed/{gz => fs}/sum.txt | 0 dropgz/pkg/embed/payload.go | 45 +++++++++++++++-------------- 6 files changed, 43 insertions(+), 34 deletions(-) rename dropgz/pkg/embed/{gz => fs}/_README (100%) rename dropgz/pkg/embed/{gz => fs}/sum.txt (100%) diff --git a/Makefile b/Makefile index 43cdd82aa2..e5b12395a2 100644 --- a/Makefile +++ b/Makefile @@ -515,8 +515,8 @@ workspace: ## Set up the Go workspace. go work init go work use . go work use ./build/tools + go work use ./dropgz go work use ./zapai - go work sync ##@ Test diff --git a/dropgz/build/cni.Dockerfile b/dropgz/build/cni.Dockerfile index 28086e205f..a2faef5b1c 100644 --- a/dropgz/build/cni.Dockerfile +++ b/dropgz/build/cni.Dockerfile @@ -1,16 +1,23 @@ -FROM mcr.microsoft.com/oss/go/microsoft/golang:1.18 AS builder +FROM mcr.microsoft.com/oss/go/microsoft/golang:1.18 AS azure-vnet ARG VERSION WORKDIR /azure-container-networking COPY . . RUN CGO_ENABLED=0 go build -a -o bin/azure-vnet -trimpath -ldflags "-X main.version="$VERSION"" -gcflags="-dwarflocationlists=true" cni/network/plugin/main.go -RUN mv bin/* dropgz/pkg/embed/gz &&\ - mv cni/*.conflist dropgz/pkg/embed/gz &&\ - cd dropgz/pkg/embed/gz/ && sha256sum * > sum.txt -RUN gzip --best --recursive dropgz/pkg/embed/gz && for f in dropgz/pkg/embed/gz/*.gz; do mv -- "$f" "${f%%.gz}"; done -RUN cd dropgz && CGO_ENABLED=0 go build -a -o ../bin/dropgz -trimpath -ldflags "-X github.com/Azure/azure-container-networking/dropgz/internal/buildinfo.Version="$VERSION"" -gcflags="-dwarflocationlists=true" main.go + +FROM mcr.microsoft.com/cbl-mariner/base/core:2.0 AS compressor +WORKDIR /dropgz +COPY dropgz . +COPY --from=azure-vnet /azure-container-networking/bin/* pkg/embed/fs +COPY --from=azure-vnet /azure-container-networking/cni/*.conflist pkg/embed/fs +RUN cd pkg/embed/fs/ && sha256sum * > sum.txt +RUN gzip --verbose --best --recursive pkg/embed/fs && for f in pkg/embed/fs/*.gz; do mv -- "$f" "${f%%.gz}"; done + +FROM mcr.microsoft.com/oss/go/microsoft/golang:1.18 AS dropgz +ARG VERSION +WORKDIR /dropgz +COPY --from=compressor /dropgz . +RUN CGO_ENABLED=0 go build -a -o bin/dropgz -trimpath -ldflags "-X github.com/Azure/azure-container-networking/dropgz/internal/buildinfo.Version="$VERSION"" -gcflags="-dwarflocationlists=true" main.go FROM scratch -COPY --from=builder /etc/passwd /etc/passwd -COPY --from=builder /etc/group /etc/group -COPY --from=builder azure-container-networking/bin/dropgz /usr/local/bin/dropgz -ENTRYPOINT [ "/usr/local/bin/dropgz" ] +COPY --from=dropgz /dropgz/bin/dropgz /dropgz +ENTRYPOINT [ "/dropgz" ] diff --git a/dropgz/cmd/root.go b/dropgz/cmd/root.go index ab6fe8e1ae..c56ad8b068 100644 --- a/dropgz/cmd/root.go +++ b/dropgz/cmd/root.go @@ -38,6 +38,7 @@ func init() { <-sig cancel() fmt.Println("exiting") + os.Exit(1) }() // build root logger @@ -53,7 +54,7 @@ func init() { } func Execute() { - if err := root.Execute(); err != nil { + if err := root.ExecuteContext(ctx); err != nil { z.Fatal("exiting due to error", zap.Error(err)) } } diff --git a/dropgz/pkg/embed/gz/_README b/dropgz/pkg/embed/fs/_README similarity index 100% rename from dropgz/pkg/embed/gz/_README rename to dropgz/pkg/embed/fs/_README diff --git a/dropgz/pkg/embed/gz/sum.txt b/dropgz/pkg/embed/fs/sum.txt similarity index 100% rename from dropgz/pkg/embed/gz/sum.txt rename to dropgz/pkg/embed/fs/sum.txt diff --git a/dropgz/pkg/embed/payload.go b/dropgz/pkg/embed/payload.go index 85918ed893..a61a3c7112 100644 --- a/dropgz/pkg/embed/payload.go +++ b/dropgz/pkg/embed/payload.go @@ -15,20 +15,20 @@ import ( ) const ( - cwd = "gz" + cwd = "fs" pathPrefix = cwd + string(filepath.Separator) ) var ErrArgsMismatched = errors.New("mismatched argument count") -// gzfs contains the gzipped files for deployment, as a read-only FileSystem containing only "gzfs/". +// embedfs contains the embedded files for deployment, as a read-only FileSystem containing only "embedfs/". //nolint:typecheck // dir is populated at build. -//go:embed gz -var gzfs embed.FS +//go:embed fs +var embedfs embed.FS func Contents() ([]string, error) { contents := []string{} - if err := fs.WalkDir(gzfs, cwd, func(path string, d fs.DirEntry, err error) error { + err := fs.WalkDir(embedfs, cwd, func(path string, d fs.DirEntry, err error) error { if err != nil { return err } @@ -37,46 +37,47 @@ func Contents() ([]string, error) { } contents = append(contents, strings.TrimPrefix(path, pathPrefix)) return nil - }); err != nil { - return nil, errors.Wrap(err, "error walking gzfs") + }) + if err != nil { + return nil, errors.Wrap(err, "error walking embed fs") } return contents, nil } -// gzipCompoundReadCloser is a wrapper around the source file handle and -// the gzip Reader on the file to provide a single Close implementation +// compoundReadCloser is a wrapper around the source file handle and +// the flate Reader on the file to provide a single Close implementation // which cleans up both. // We have to explicitly track and close the underlying Reader, because -// the gzip readercloser# does not. -type gzipCompoundReadCloser struct { - file io.Closer - gzreader io.ReadCloser +// the readercloser# does not. +type compoundReadCloser struct { + closer io.Closer + readcloser io.ReadCloser } -func (rc *gzipCompoundReadCloser) Read(p []byte) (n int, err error) { - return rc.gzreader.Read(p) +func (c *compoundReadCloser) Read(p []byte) (n int, err error) { + return c.readcloser.Read(p) } -func (rc *gzipCompoundReadCloser) Close() error { - if err := rc.gzreader.Close(); err != nil { +func (c *compoundReadCloser) Close() error { + if err := c.readcloser.Close(); err != nil { return err } - if err := rc.file.Close(); err != nil { + if err := c.closer.Close(); err != nil { return err } return nil } -func Extract(path string) (*gzipCompoundReadCloser, error) { - f, err := gzfs.Open(filepath.Join(cwd, path)) +func Extract(path string) (*compoundReadCloser, error) { + f, err := embedfs.Open(filepath.Join(cwd, path)) if err != nil { return nil, errors.Wrapf(err, "failed to open file %s", path) } r, err := gzip.NewReader(bufio.NewReader(f)) if err != nil { - return nil, errors.Wrap(err, "failed to build gzip reader") + return nil, errors.Wrap(err, "failed to build reader") } - return &gzipCompoundReadCloser{file: f, gzreader: r}, nil + return &compoundReadCloser{closer: f, readcloser: r}, nil } func deploy(src, dest string) error { From 7d4f32407664f1dac8cf38a44fc089837a5cf41b Mon Sep 17 00:00:00 2001 From: Evan Baker Date: Tue, 28 Jun 2022 19:08:54 +0000 Subject: [PATCH 5/5] write files as 755 Signed-off-by: Evan Baker --- dropgz/pkg/embed/payload.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dropgz/pkg/embed/payload.go b/dropgz/pkg/embed/payload.go index a61a3c7112..7e5341a593 100644 --- a/dropgz/pkg/embed/payload.go +++ b/dropgz/pkg/embed/payload.go @@ -86,7 +86,7 @@ func deploy(src, dest string) error { return err } defer rc.Close() - target, err := os.OpenFile(dest, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0o766) //nolint:gomnd // executable file bitmask + target, err := os.OpenFile(dest, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0o755) //nolint:gomnd // executable file bitmask if err != nil { return errors.Wrapf(err, "failed to create file %s", dest) }