Merge pull request #4006 from werf/fix-buildah-fuse-containers-regist…

…ries-conf fix(buildah): pass default registries.conf to docker-with-fuse buildah; chores
werf · Dec 9, 2021 · 7e21c0c · 7e21c0c
2 parents b817e63 + 82cb97c
commit 7e21c0c
Show file tree

Hide file tree

Showing 12 changed files with 30 additions and 136 deletions.
diff --git a/.gitignore b/.gitignore
@@ -23,7 +23,7 @@
 /bin
 /tests-coverage
 /precompiled_tests_binaries
-/test/*.test
+/test/**/*.test
 
 /docs/\.jekyll-cache/
 /docs/site/backend/root/

diff --git a/pkg/buildah/docker_with_fuse.go b/pkg/buildah/docker_with_fuse.go
@@ -42,14 +42,21 @@ func NewDockerWithFuseBuildah(commonOpts CommonBuildahOpts, opts DockerWithFuseM
 	}
 	b.BaseBuildah = *baseBuildah
 
-	// TODO: remove this string and mount the previously generated policy.json file inside of a docker-with-fuse container
+	// TODO: remove these strings and mount previously generated config files inside of a docker-with-fuse container
 	b.SignaturePolicyPath = "/etc/containers/policy.json"
+	b.RegistriesConfigPath = "/etc/containers/registries.conf"
+	b.RegistriesConfigDirPath = "/etc/containers/registries.conf.d"
 
-	b.commonBuildahCliArgs, err = GetCommonBuildahCliArgs(*commonOpts.StorageDriver)
+	b.commonBuildahCliArgs, err = GetBasicBuildahCliArgs(*commonOpts.StorageDriver)
 	if err != nil {
 		return nil, fmt.Errorf("unable to get common Buildah cli args: %s", err)
 	}
 
+	b.commonBuildahCliArgs = append(
+		b.commonBuildahCliArgs, "--registries-conf", b.RegistriesConfigPath,
+		"--registries-conf-dir", b.RegistriesConfigDirPath,
+	)
+
 	return b, nil
 }
 
@@ -213,7 +220,7 @@ func BuildahWithFuseDockerArgs(storageContainerName, dockerConfigDir string) []s
 	}
 }
 
-func GetCommonBuildahCliArgs(driver StorageDriver) ([]string, error) {
+func GetBasicBuildahCliArgs(driver StorageDriver) ([]string, error) {
 	var result []string
 
 	cliStoreOpts, err := newBuildahCliStoreOptions(driver)

diff --git a/pkg/buildah/native_linux.go b/pkg/buildah/native_linux.go
@@ -54,8 +54,9 @@ func NativeProcessStartupHook() bool {
 type NativeBuildah struct {
 	BaseBuildah
 
-	Store   storage.Store
-	Runtime libimage.Runtime
+	Store                storage.Store
+	Runtime              libimage.Runtime
+	DefaultSystemContext imgtypes.SystemContext
 }
 
 func NewNativeBuildah(commonOpts CommonBuildahOpts, opts NativeModeOpts) (*NativeBuildah, error) {
@@ -80,15 +81,17 @@ func NewNativeBuildah(commonOpts CommonBuildahOpts, opts NativeModeOpts) (*Nativ
 		return nil, fmt.Errorf("unable to get storage: %s", err)
 	}
 
+	b.DefaultSystemContext = imgtypes.SystemContext{
+		OCIInsecureSkipTLSVerify:          b.Insecure,
+		DockerInsecureSkipTLSVerify:       imgtypes.NewOptionalBool(b.Insecure),
+		DockerDaemonInsecureSkipTLSVerify: b.Insecure,
+		SystemRegistriesConfPath:          b.RegistriesConfigPath,
+		SystemRegistriesConfDirPath:       b.RegistriesConfigDirPath,
+	}
+
 	imgstor.Transport.SetStore(b.Store)
 	runtime, err := libimage.RuntimeFromStore(b.Store, &libimage.RuntimeOptions{
-		SystemContext: &imgtypes.SystemContext{
-			OCIInsecureSkipTLSVerify:          b.Insecure,
-			DockerInsecureSkipTLSVerify:       imgtypes.NewOptionalBool(b.Insecure),
-			DockerDaemonInsecureSkipTLSVerify: b.Insecure,
-			SystemRegistriesConfPath:          b.RegistriesConfigPath,
-			SystemRegistriesConfDirPath:       b.RegistriesConfigDirPath,
-		},
+		SystemContext: &b.DefaultSystemContext,
 	})
 	if err != nil {
 		return nil, fmt.Errorf("error getting runtime from store: %s", err)
@@ -134,13 +137,7 @@ func (b *NativeBuildah) Push(ctx context.Context, ref string, opts PushOpts) err
 		MaxRetries:          MaxPullPushRetries,
 		RetryDelay:          PullPushRetryDelay,
 		SignaturePolicyPath: b.SignaturePolicyPath,
-		SystemContext: &imgtypes.SystemContext{
-			OCIInsecureSkipTLSVerify:          b.Insecure,
-			DockerInsecureSkipTLSVerify:       imgtypes.NewOptionalBool(b.Insecure),
-			DockerDaemonInsecureSkipTLSVerify: b.Insecure,
-			SystemRegistriesConfPath:          b.RegistriesConfigPath,
-			SystemRegistriesConfDirPath:       b.RegistriesConfigDirPath,
-		},
+		SystemContext:       &b.DefaultSystemContext,
 	}
 
 	if opts.LogWriter != nil {
@@ -167,14 +164,8 @@ func (b *NativeBuildah) BuildFromDockerfile(ctx context.Context, dockerfile []by
 			ShmSize: DefaultShmSize,
 		},
 		SignaturePolicyPath: b.SignaturePolicyPath,
-		SystemContext: &imgtypes.SystemContext{
-			OCIInsecureSkipTLSVerify:          b.Insecure,
-			DockerInsecureSkipTLSVerify:       imgtypes.NewOptionalBool(b.Insecure),
-			DockerDaemonInsecureSkipTLSVerify: b.Insecure,
-			SystemRegistriesConfPath:          b.RegistriesConfigPath,
-			SystemRegistriesConfDirPath:       b.RegistriesConfigDirPath,
-		},
-		Args: opts.BuildArgs,
+		SystemContext:       &b.DefaultSystemContext,
+		Args:                opts.BuildArgs,
 	}
 
 	errLog := &bytes.Buffer{}
@@ -268,13 +259,7 @@ func (b *NativeBuildah) Pull(ctx context.Context, ref string, opts PullOpts) err
 		RetryDelay:          PullPushRetryDelay,
 		PullPolicy:          define.PullIfNewer,
 		SignaturePolicyPath: b.SignaturePolicyPath,
-		SystemContext: &imgtypes.SystemContext{
-			OCIInsecureSkipTLSVerify:          b.Insecure,
-			DockerInsecureSkipTLSVerify:       imgtypes.NewOptionalBool(b.Insecure),
-			DockerDaemonInsecureSkipTLSVerify: b.Insecure,
-			SystemRegistriesConfPath:          b.RegistriesConfigPath,
-			SystemRegistriesConfDirPath:       b.RegistriesConfigDirPath,
-		},
+		SystemContext:       &b.DefaultSystemContext,
 	}
 
 	if opts.LogWriter != nil {
@@ -314,13 +299,7 @@ func (b *NativeBuildah) getImageBuilder(ctx context.Context, imgName string) (bu
 	builder, err = buildah.ImportBuilderFromImage(ctx, b.Store, buildah.ImportFromImageOptions{
 		Image:               imgName,
 		SignaturePolicyPath: b.SignaturePolicyPath,
-		SystemContext: &imgtypes.SystemContext{
-			OCIInsecureSkipTLSVerify:          b.Insecure,
-			DockerInsecureSkipTLSVerify:       imgtypes.NewOptionalBool(b.Insecure),
-			DockerDaemonInsecureSkipTLSVerify: b.Insecure,
-			SystemRegistriesConfPath:          b.RegistriesConfigPath,
-			SystemRegistriesConfDirPath:       b.RegistriesConfigDirPath,
-		},
+		SystemContext:       &b.DefaultSystemContext,
 	})
 	switch {
 	case err != nil && strings.HasSuffix(err.Error(), storage.ErrImageUnknown.Error()):

diff --git a/scripts/werf-in-docker/Dockerfile b/scripts/werf-in-docker/Dockerfile
diff --git a/scripts/werf-in-docker/alpine.Dockerfile b/scripts/werf-in-docker/alpine.Dockerfile
diff --git a/scripts/werf-in-docker/build.sh b/scripts/werf-in-docker/build.sh
diff --git a/scripts/werf-in-docker/centos.Dockerfile b/scripts/werf-in-docker/centos.Dockerfile
diff --git a/scripts/werf-in-docker/fedora.Dockerfile b/scripts/werf-in-docker/fedora.Dockerfile
diff --git a/scripts/werf-in-docker/publish.sh b/scripts/werf-in-docker/publish.sh
diff --git a/scripts/werf-in-docker/ubuntu.Dockerfile b/scripts/werf-in-docker/ubuntu.Dockerfile
diff --git a/test/pkg/contruntime/buildah_docker_with_fuse.go b/test/pkg/contruntime/buildah_docker_with_fuse.go
@@ -19,7 +19,7 @@ func NewDockerWithFuseBuildahRuntime(isolation thirdparty.Isolation, storageDriv
 
 	commonCliArgs := append([]string{"run", "--rm"}, buildah.BuildahWithFuseDockerArgs(buildah.BuildahStorageContainerName, filepath.Join(home, ".docker"))...)
 
-	commonBuildahCliArgs, err := buildah.GetCommonBuildahCliArgs(storageDriver)
+	commonBuildahCliArgs, err := buildah.GetBasicBuildahCliArgs(storageDriver)
 	Expect(err).NotTo(HaveOccurred())
 
 	commonCliArgs = append(commonCliArgs, commonBuildahCliArgs...)

diff --git a/test/pkg/contruntime/buildah_native.go b/test/pkg/contruntime/buildah_native.go
@@ -14,7 +14,7 @@ import (
 func NewNativeBuildahRuntime(isolation thirdparty.Isolation, storageDriver buildah.StorageDriver) ContainerRuntime {
 	var commonCliArgs []string
 
-	commonBuildahCliArgs, err := buildah.GetCommonBuildahCliArgs(storageDriver)
+	commonBuildahCliArgs, err := buildah.GetBasicBuildahCliArgs(storageDriver)
 	Expect(err).NotTo(HaveOccurred())
 
 	commonCliArgs = append(commonCliArgs, commonBuildahCliArgs...)