feat: set SSL_CERT_FILE and provide a Cmd
Two minor "quality of life" improvements: - automatically set SSL_CERT_FILE environment variable, so that programs relying on OpenSSL for certificate validation can actually validate certificates (the certificates are included no matter what since we add the "cacert" package to all iamges) - if the requested image includes an interactive shell (e.g. if it includes the "shell" metapackage), set the image Cmd to "bash", which allows to execute "docker run nixery.dev/shell" and get a shell) I'm happy to split this PR in two if you'd like, but since both features touch the Config structure and are rather small, I thought it would make sense to bundle them together.
This commit is contained in:
parent
7433d620bb
commit
dd7de32c36
2 changed files with 20 additions and 7 deletions
|
@ -493,7 +493,15 @@ func BuildImage(ctx context.Context, s *State, image *Image) (*BuildResult, erro
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
m, c := manifest.Manifest(image.Arch.imageArch, layers)
|
// If the requested packages include a shell,
|
||||||
|
// set cmd accordingly.
|
||||||
|
cmd := ""
|
||||||
|
for _, pkg := range image.Packages {
|
||||||
|
if pkg == "bashInteractive" {
|
||||||
|
cmd = "bash"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
m, c := manifest.Manifest(image.Arch.imageArch, layers, cmd)
|
||||||
|
|
||||||
lw := func(w io.Writer) error {
|
lw := func(w io.Writer) error {
|
||||||
r := bytes.NewReader(c.Config)
|
r := bytes.NewReader(c.Config)
|
||||||
|
|
|
@ -64,9 +64,10 @@ type imageConfig struct {
|
||||||
DiffIDs []string `json:"diff_ids"`
|
DiffIDs []string `json:"diff_ids"`
|
||||||
} `json:"rootfs"`
|
} `json:"rootfs"`
|
||||||
|
|
||||||
// sic! empty struct (rather than `null`) is required by the
|
Config struct {
|
||||||
// image metadata deserialiser in Kubernetes
|
Cmd []string `json:"cmd,omitempty"`
|
||||||
Config struct{} `json:"config"`
|
Env []string `json:"env,omitempty"`
|
||||||
|
} `json:"config"`
|
||||||
}
|
}
|
||||||
|
|
||||||
// ConfigLayer represents the configuration layer to be included in
|
// ConfigLayer represents the configuration layer to be included in
|
||||||
|
@ -83,12 +84,16 @@ type ConfigLayer struct {
|
||||||
// Outside of this module the image configuration is treated as an
|
// Outside of this module the image configuration is treated as an
|
||||||
// opaque blob and it is thus returned as an already serialised byte
|
// opaque blob and it is thus returned as an already serialised byte
|
||||||
// array and its SHA256-hash.
|
// array and its SHA256-hash.
|
||||||
func configLayer(arch string, hashes []string) ConfigLayer {
|
func configLayer(arch string, hashes []string, cmd string) ConfigLayer {
|
||||||
c := imageConfig{}
|
c := imageConfig{}
|
||||||
c.Architecture = arch
|
c.Architecture = arch
|
||||||
c.OS = os
|
c.OS = os
|
||||||
c.RootFS.FSType = fsType
|
c.RootFS.FSType = fsType
|
||||||
c.RootFS.DiffIDs = hashes
|
c.RootFS.DiffIDs = hashes
|
||||||
|
if cmd != "" {
|
||||||
|
c.Config.Cmd = []string{cmd}
|
||||||
|
}
|
||||||
|
c.Config.Env = []string{"SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt"}
|
||||||
|
|
||||||
j, _ := json.Marshal(c)
|
j, _ := json.Marshal(c)
|
||||||
|
|
||||||
|
@ -103,7 +108,7 @@ func configLayer(arch string, hashes []string) ConfigLayer {
|
||||||
// layer.
|
// layer.
|
||||||
//
|
//
|
||||||
// Callers do not need to set the media type for the layer entries.
|
// Callers do not need to set the media type for the layer entries.
|
||||||
func Manifest(arch string, layers []Entry) (json.RawMessage, ConfigLayer) {
|
func Manifest(arch string, layers []Entry, cmd string) (json.RawMessage, ConfigLayer) {
|
||||||
// Sort layers by their merge rating, from highest to lowest.
|
// Sort layers by their merge rating, from highest to lowest.
|
||||||
// This makes it likely for a contiguous chain of shared image
|
// This makes it likely for a contiguous chain of shared image
|
||||||
// layers to appear at the beginning of a layer.
|
// layers to appear at the beginning of a layer.
|
||||||
|
@ -122,7 +127,7 @@ func Manifest(arch string, layers []Entry) (json.RawMessage, ConfigLayer) {
|
||||||
layers[i] = l
|
layers[i] = l
|
||||||
}
|
}
|
||||||
|
|
||||||
c := configLayer(arch, hashes)
|
c := configLayer(arch, hashes, cmd)
|
||||||
|
|
||||||
m := manifest{
|
m := manifest{
|
||||||
SchemaVersion: schemaVersion,
|
SchemaVersion: schemaVersion,
|
||||||
|
|
Loading…
Reference in a new issue