Skip to content
Permalink
Browse files
fix(buildah): pass default registries.conf to native buildah
  • Loading branch information
ilya-lesikov committed Dec 9, 2021
1 parent c89aff4 commit ca2995ade2ed6d1282beb3dd2da032e1fcdbf06c
Showing with 35 additions and 6 deletions.
  1. +24 −6 pkg/buildah/base.go
  2. +1 −0 pkg/buildah/common.go
  3. +10 −0 pkg/buildah/native_linux.go
@@ -12,11 +12,14 @@ import (
)

type BaseBuildah struct {
Isolation thirdparty.Isolation
TmpDir string
InstanceTmpDir string
SignaturePolicyPath string
Insecure bool
Isolation thirdparty.Isolation
TmpDir string
InstanceTmpDir string
ConfigTmpDir string
SignaturePolicyPath string
RegistriesConfigPath string
RegistriesConfigDirPath string
Insecure bool
}

type BaseBuildahOpts struct {
@@ -41,11 +44,26 @@ func NewBaseBuildah(tmpDir string, opts BaseBuildahOpts) (*BaseBuildah, error) {
return nil, fmt.Errorf("unable to create instance tmp dir: %s", err)
}

b.SignaturePolicyPath = filepath.Join(b.InstanceTmpDir, "policy.json")
b.ConfigTmpDir = filepath.Join(b.InstanceTmpDir, "config")
if err := os.MkdirAll(b.ConfigTmpDir, os.ModePerm); err != nil {
return nil, fmt.Errorf("unable to create dir %q: %s", b.ConfigTmpDir, err)
}

b.SignaturePolicyPath = filepath.Join(b.ConfigTmpDir, "policy.json")
if err := ioutil.WriteFile(b.SignaturePolicyPath, []byte(DefaultSignaturePolicy), os.ModePerm); err != nil {
return nil, fmt.Errorf("unable to write file %q: %s", b.SignaturePolicyPath, err)
}

b.RegistriesConfigPath = filepath.Join(b.ConfigTmpDir, "registries.conf")
if err := ioutil.WriteFile(b.RegistriesConfigPath, []byte(DefaultRegistriesConfig), os.ModePerm); err != nil {
return nil, fmt.Errorf("unable to write file %q: %s", b.RegistriesConfigPath, err)
}

b.RegistriesConfigDirPath = filepath.Join(b.ConfigTmpDir, "registries.conf.d")
if err := os.MkdirAll(b.RegistriesConfigDirPath, os.ModePerm); err != nil {
return nil, fmt.Errorf("unable to create dir %q: %s", b.RegistriesConfigDirPath, err)
}

return b, nil
}

@@ -19,6 +19,7 @@ import (
const (
DefaultShmSize = "65536k"
DefaultSignaturePolicy = `{"default": [{"type": "insecureAcceptAnything"}], "transports": {"docker-daemon": {"": [{"type": "insecureAcceptAnything"}]}}}`
DefaultRegistriesConfig = `unqualified-search-registries = ["docker.io"]`
BuildahImage = "ghcr.io/werf/buildah:v1.22.3-1"
BuildahStorageContainerName = "werf-buildah-storage"

@@ -86,6 +86,8 @@ func NewNativeBuildah(commonOpts CommonBuildahOpts, opts NativeModeOpts) (*Nativ
OCIInsecureSkipTLSVerify: b.Insecure,
DockerInsecureSkipTLSVerify: imgtypes.NewOptionalBool(b.Insecure),
DockerDaemonInsecureSkipTLSVerify: b.Insecure,
SystemRegistriesConfPath: b.RegistriesConfigPath,
SystemRegistriesConfDirPath: b.RegistriesConfigDirPath,
},
})
if err != nil {
@@ -136,6 +138,8 @@ func (b *NativeBuildah) Push(ctx context.Context, ref string, opts PushOpts) err
OCIInsecureSkipTLSVerify: b.Insecure,
DockerInsecureSkipTLSVerify: imgtypes.NewOptionalBool(b.Insecure),
DockerDaemonInsecureSkipTLSVerify: b.Insecure,
SystemRegistriesConfPath: b.RegistriesConfigPath,
SystemRegistriesConfDirPath: b.RegistriesConfigDirPath,
},
}

@@ -167,6 +171,8 @@ func (b *NativeBuildah) BuildFromDockerfile(ctx context.Context, dockerfile []by
OCIInsecureSkipTLSVerify: b.Insecure,
DockerInsecureSkipTLSVerify: imgtypes.NewOptionalBool(b.Insecure),
DockerDaemonInsecureSkipTLSVerify: b.Insecure,
SystemRegistriesConfPath: b.RegistriesConfigPath,
SystemRegistriesConfDirPath: b.RegistriesConfigDirPath,
},
Args: opts.BuildArgs,
}
@@ -266,6 +272,8 @@ func (b *NativeBuildah) Pull(ctx context.Context, ref string, opts PullOpts) err
OCIInsecureSkipTLSVerify: b.Insecure,
DockerInsecureSkipTLSVerify: imgtypes.NewOptionalBool(b.Insecure),
DockerDaemonInsecureSkipTLSVerify: b.Insecure,
SystemRegistriesConfPath: b.RegistriesConfigPath,
SystemRegistriesConfDirPath: b.RegistriesConfigDirPath,
},
}

@@ -310,6 +318,8 @@ func (b *NativeBuildah) getImageBuilder(ctx context.Context, imgName string) (bu
OCIInsecureSkipTLSVerify: b.Insecure,
DockerInsecureSkipTLSVerify: imgtypes.NewOptionalBool(b.Insecure),
DockerDaemonInsecureSkipTLSVerify: b.Insecure,
SystemRegistriesConfPath: b.RegistriesConfigPath,
SystemRegistriesConfDirPath: b.RegistriesConfigDirPath,
},
})
switch {

0 comments on commit ca2995a

Please sign in to comment.