From ca2995ade2ed6d1282beb3dd2da032e1fcdbf06c Mon Sep 17 00:00:00 2001
From: Ilya Lesikov <ilya@lesikov.com>
Date: Thu, 9 Dec 2021 17:55:13 +0300
Subject: [PATCH] fix(buildah): pass default registries.conf to native buildah

---
 pkg/buildah/base.go         | 30 ++++++++++++++++++++++++------
 pkg/buildah/common.go       |  1 +
 pkg/buildah/native_linux.go | 10 ++++++++++
 3 files changed, 35 insertions(+), 6 deletions(-)

diff --git a/pkg/buildah/base.go b/pkg/buildah/base.go
index 2356fbea4f..b7b1f72763 100644
--- a/pkg/buildah/base.go
+++ b/pkg/buildah/base.go
@@ -12,11 +12,14 @@ import (
 )
 
 type BaseBuildah struct {
-	Isolation           thirdparty.Isolation
-	TmpDir              string
-	InstanceTmpDir      string
-	SignaturePolicyPath string
-	Insecure            bool
+	Isolation               thirdparty.Isolation
+	TmpDir                  string
+	InstanceTmpDir          string
+	ConfigTmpDir            string
+	SignaturePolicyPath     string
+	RegistriesConfigPath    string
+	RegistriesConfigDirPath string
+	Insecure                bool
 }
 
 type BaseBuildahOpts struct {
@@ -41,11 +44,26 @@ func NewBaseBuildah(tmpDir string, opts BaseBuildahOpts) (*BaseBuildah, error) {
 		return nil, fmt.Errorf("unable to create instance tmp dir: %s", err)
 	}
 
-	b.SignaturePolicyPath = filepath.Join(b.InstanceTmpDir, "policy.json")
+	b.ConfigTmpDir = filepath.Join(b.InstanceTmpDir, "config")
+	if err := os.MkdirAll(b.ConfigTmpDir, os.ModePerm); err != nil {
+		return nil, fmt.Errorf("unable to create dir %q: %s", b.ConfigTmpDir, err)
+	}
+
+	b.SignaturePolicyPath = filepath.Join(b.ConfigTmpDir, "policy.json")
 	if err := ioutil.WriteFile(b.SignaturePolicyPath, []byte(DefaultSignaturePolicy), os.ModePerm); err != nil {
 		return nil, fmt.Errorf("unable to write file %q: %s", b.SignaturePolicyPath, err)
 	}
 
+	b.RegistriesConfigPath = filepath.Join(b.ConfigTmpDir, "registries.conf")
+	if err := ioutil.WriteFile(b.RegistriesConfigPath, []byte(DefaultRegistriesConfig), os.ModePerm); err != nil {
+		return nil, fmt.Errorf("unable to write file %q: %s", b.RegistriesConfigPath, err)
+	}
+
+	b.RegistriesConfigDirPath = filepath.Join(b.ConfigTmpDir, "registries.conf.d")
+	if err := os.MkdirAll(b.RegistriesConfigDirPath, os.ModePerm); err != nil {
+		return nil, fmt.Errorf("unable to create dir %q: %s", b.RegistriesConfigDirPath, err)
+	}
+
 	return b, nil
 }
 
diff --git a/pkg/buildah/common.go b/pkg/buildah/common.go
index dde1441600..6ab18a7a15 100644
--- a/pkg/buildah/common.go
+++ b/pkg/buildah/common.go
@@ -19,6 +19,7 @@ import (
 const (
 	DefaultShmSize              = "65536k"
 	DefaultSignaturePolicy      = `{"default": [{"type": "insecureAcceptAnything"}], "transports": {"docker-daemon": {"": [{"type": "insecureAcceptAnything"}]}}}`
+	DefaultRegistriesConfig     = `unqualified-search-registries = ["docker.io"]`
 	BuildahImage                = "ghcr.io/werf/buildah:v1.22.3-1"
 	BuildahStorageContainerName = "werf-buildah-storage"
 
diff --git a/pkg/buildah/native_linux.go b/pkg/buildah/native_linux.go
index a3895834e4..c546a2ad5b 100644
--- a/pkg/buildah/native_linux.go
+++ b/pkg/buildah/native_linux.go
@@ -86,6 +86,8 @@ func NewNativeBuildah(commonOpts CommonBuildahOpts, opts NativeModeOpts) (*Nativ
 			OCIInsecureSkipTLSVerify:          b.Insecure,
 			DockerInsecureSkipTLSVerify:       imgtypes.NewOptionalBool(b.Insecure),
 			DockerDaemonInsecureSkipTLSVerify: b.Insecure,
+			SystemRegistriesConfPath:          b.RegistriesConfigPath,
+			SystemRegistriesConfDirPath:       b.RegistriesConfigDirPath,
 		},
 	})
 	if err != nil {
@@ -136,6 +138,8 @@ func (b *NativeBuildah) Push(ctx context.Context, ref string, opts PushOpts) err
 			OCIInsecureSkipTLSVerify:          b.Insecure,
 			DockerInsecureSkipTLSVerify:       imgtypes.NewOptionalBool(b.Insecure),
 			DockerDaemonInsecureSkipTLSVerify: b.Insecure,
+			SystemRegistriesConfPath:          b.RegistriesConfigPath,
+			SystemRegistriesConfDirPath:       b.RegistriesConfigDirPath,
 		},
 	}
 
@@ -167,6 +171,8 @@ func (b *NativeBuildah) BuildFromDockerfile(ctx context.Context, dockerfile []by
 			OCIInsecureSkipTLSVerify:          b.Insecure,
 			DockerInsecureSkipTLSVerify:       imgtypes.NewOptionalBool(b.Insecure),
 			DockerDaemonInsecureSkipTLSVerify: b.Insecure,
+			SystemRegistriesConfPath:          b.RegistriesConfigPath,
+			SystemRegistriesConfDirPath:       b.RegistriesConfigDirPath,
 		},
 		Args: opts.BuildArgs,
 	}
@@ -266,6 +272,8 @@ func (b *NativeBuildah) Pull(ctx context.Context, ref string, opts PullOpts) err
 			OCIInsecureSkipTLSVerify:          b.Insecure,
 			DockerInsecureSkipTLSVerify:       imgtypes.NewOptionalBool(b.Insecure),
 			DockerDaemonInsecureSkipTLSVerify: b.Insecure,
+			SystemRegistriesConfPath:          b.RegistriesConfigPath,
+			SystemRegistriesConfDirPath:       b.RegistriesConfigDirPath,
 		},
 	}
 
@@ -310,6 +318,8 @@ func (b *NativeBuildah) getImageBuilder(ctx context.Context, imgName string) (bu
 			OCIInsecureSkipTLSVerify:          b.Insecure,
 			DockerInsecureSkipTLSVerify:       imgtypes.NewOptionalBool(b.Insecure),
 			DockerDaemonInsecureSkipTLSVerify: b.Insecure,
+			SystemRegistriesConfPath:          b.RegistriesConfigPath,
+			SystemRegistriesConfDirPath:       b.RegistriesConfigDirPath,
 		},
 	})
 	switch {