-
Notifications
You must be signed in to change notification settings - Fork 279
/
extract.go
99 lines (83 loc) · 2.05 KB
/
extract.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
package envoy
import (
"bytes"
"crypto/sha256"
"encoding/hex"
"fmt"
"hash"
"io"
"os"
"path/filepath"
"strings"
"sync"
"github.com/pomerium/pomerium/pkg/envoy/files"
)
const (
ownerRX = os.FileMode(0o500)
maxExpandedEnvoySize = 1 << 30
)
type hashReader struct {
hash.Hash
r io.Reader
}
func (hr *hashReader) Read(p []byte) (n int, err error) {
n, err = hr.r.Read(p)
_, _ = hr.Write(p[:n])
return n, err
}
var (
setupLock sync.Mutex
setupDone bool
setupFullEnvoyPath string
setupErr error
)
// Extract extracts envoy binary and returns its location
func Extract() (fullEnvoyPath string, err error) {
setupLock.Lock()
defer setupLock.Unlock()
// if we've extract at least once, and the file we previously extracted no longer exists, force a new extraction
if setupFullEnvoyPath != "" {
if _, err := os.Stat(setupFullEnvoyPath); os.IsNotExist(err) {
setupDone = false
}
}
if setupDone {
return setupFullEnvoyPath, setupErr
}
dir, err := os.MkdirTemp(os.TempDir(), "pomerium-envoy")
if err != nil {
setupErr = fmt.Errorf("envoy: failed making temporary working dir: %w", err)
return
}
setupFullEnvoyPath = filepath.Join(dir, "envoy")
err = extract(setupFullEnvoyPath)
if err != nil {
setupErr = fmt.Errorf("envoy: failed to extract embedded envoy binary: %w", err)
return
}
setupDone = true
return setupFullEnvoyPath, setupErr
}
func extract(dstName string) (err error) {
checksum, err := hex.DecodeString(strings.Fields(files.Checksum())[0])
if err != nil {
return fmt.Errorf("checksum %s: %w", files.Checksum(), err)
}
hr := &hashReader{
Hash: sha256.New(),
r: bytes.NewReader(files.Binary()),
}
dst, err := os.OpenFile(dstName, os.O_CREATE|os.O_WRONLY, ownerRX)
if err != nil {
return err
}
defer func() { err = dst.Close() }()
if _, err = io.Copy(dst, io.LimitReader(hr, maxExpandedEnvoySize)); err != nil {
return err
}
sum := hr.Sum(nil)
if !bytes.Equal(sum, checksum) {
return fmt.Errorf("expected %x, got %x checksum", checksum, sum)
}
return nil
}