// prepareAppImage renders and verifies the tree cache of the app image that // corresponds to the given app name. // When useOverlay is false, it attempts to render and expand the app image func prepareAppImage(cfg PrepareConfig, appName types.ACName, img types.Hash, cdir string, useOverlay bool) error { log.Println("Loading image", img.String()) am, err := cfg.Store.GetImageManifest(img.String()) if err != nil { return fmt.Errorf("error getting the manifest: %v", err) } if _, hasOS := am.Labels.Get("os"); !hasOS { return fmt.Errorf("missing os label in the image manifest") } if _, hasArch := am.Labels.Get("arch"); !hasArch { return fmt.Errorf("missing arch label in the image manifest") } if err := types.IsValidOSArch(am.Labels.ToMap(), ValidOSArch); err != nil { return err } appInfoDir := common.AppInfoPath(cdir, appName) if err := os.MkdirAll(appInfoDir, 0755); err != nil { return fmt.Errorf("error creating apps info directory: %v", err) } if useOverlay { if cfg.PrivateUsers.Shift > 0 { return fmt.Errorf("cannot use both overlay and user namespace: not implemented yet. (Try --no-overlay)") } treeStoreID, err := cfg.Store.RenderTreeStore(img.String(), false) if err != nil { return fmt.Errorf("error rendering tree image: %v", err) } if err := cfg.Store.CheckTreeStore(treeStoreID); err != nil { log.Printf("Warning: tree cache is in a bad state: %v. Rebuilding...", err) var err error if treeStoreID, err = cfg.Store.RenderTreeStore(img.String(), true); err != nil { return fmt.Errorf("error rendering tree image: %v", err) } } if err := ioutil.WriteFile(common.AppTreeStoreIDPath(cdir, appName), []byte(treeStoreID), 0700); err != nil { return fmt.Errorf("error writing app treeStoreID: %v", err) } } else { ad := common.AppPath(cdir, appName) err := os.MkdirAll(ad, 0755) if err != nil { return fmt.Errorf("error creating image directory: %v", err) } if err := aci.RenderACIWithImageID(img, ad, cfg.Store, cfg.PrivateUsers); err != nil { return fmt.Errorf("error rendering ACI: %v", err) } } if err := writeManifest(cfg.CommonConfig, img, appInfoDir); err != nil { return err } return nil }
// fetchSingleImage will take an image as either a URL or a name string and // import it into the store if found. If asc is not "", it must exist as a // local file and will be used as the signature file for verification, unless // verification is disabled. func (f *fetcher) fetchSingleImage(img string, asc string) (string, error) { var ( ascFile *os.File err error ) if asc != "" && f.ks != nil { ascFile, err = os.Open(asc) if err != nil { return "", fmt.Errorf("unable to open signature file: %v", err) } defer ascFile.Close() } u, err := url.Parse(img) if err != nil { return "", fmt.Errorf("not a valid image reference (%s)", img) } // if img refers to a local file, ensure the scheme is file:// and make the url path absolute _, err = os.Stat(u.Path) if err == nil { u.Path, err = filepath.Abs(u.Path) if err != nil { return "", fmt.Errorf("unable to get abs path: %v", err) } u.Scheme = "file" } else if !os.IsNotExist(err) { return "", fmt.Errorf("unable to access %q: %v", img, err) } switch u.Scheme { case "": // check if os and arch are valid early if app := newDiscoveryApp(img); app != nil { if err := types.IsValidOSArch(app.Labels, stage0.ValidOSArch); err != nil { return "", err } } return f.fetchImageByName(img, ascFile) case "http", "https", "file", "docker": return f.fetchImageByURL(u, ascFile) } return "", fmt.Errorf("rkt only supports fetching for image name and http, https, docker or file URLs (%s)", img) }
func newAppBundle(name string) (*appBundle, error) { app, err := discovery.NewAppFromString(name) if err != nil { return nil, fmt.Errorf("invalid image name %q: %v", name, err) } if _, ok := app.Labels["arch"]; !ok { app.Labels["arch"] = runtime.GOARCH } if _, ok := app.Labels["os"]; !ok { app.Labels["os"] = runtime.GOOS } if err := types.IsValidOSArch(app.Labels, stage0.ValidOSArch); err != nil { return nil, fmt.Errorf("invalid image name %q: %v", name, err) } bundle := &appBundle{ App: app, Str: name, } return bundle, nil }
// prepareAppImage renders and verifies the tree cache of the app image that // corresponds to the given app name. // When useOverlay is false, it attempts to render and expand the app image func prepareAppImage(cfg PrepareConfig, appName types.ACName, img types.Hash, cdir string, useOverlay bool) error { debug("Loading image %s", img.String()) am, err := cfg.Store.GetImageManifest(img.String()) if err != nil { return fmt.Errorf("error getting the manifest: %v", err) } if _, hasOS := am.Labels.Get("os"); !hasOS { return fmt.Errorf("missing os label in the image manifest") } if _, hasArch := am.Labels.Get("arch"); !hasArch { return fmt.Errorf("missing arch label in the image manifest") } if err := types.IsValidOSArch(am.Labels.ToMap(), ValidOSArch); err != nil { return err } appInfoDir := common.AppInfoPath(cdir, appName) if err := os.MkdirAll(appInfoDir, defaultRegularDirPerm); err != nil { return fmt.Errorf("error creating apps info directory: %v", err) } if useOverlay { if cfg.PrivateUsers.Shift > 0 { return fmt.Errorf("cannot use both overlay and user namespace: not implemented yet. (Try --no-overlay)") } treeStoreID, _, err := cfg.Store.RenderTreeStore(img.String(), false) if err != nil { return fmt.Errorf("error rendering tree image: %v", err) } if !cfg.SkipTreeStoreCheck { hash, err := cfg.Store.CheckTreeStore(treeStoreID) if err != nil { log.Printf("Warning: tree cache is in a bad state: %v. Rebuilding...", err) var err error treeStoreID, hash, err = cfg.Store.RenderTreeStore(img.String(), true) if err != nil { return fmt.Errorf("error rendering tree image: %v", err) } } cfg.CommonConfig.RootHash = hash } if err := ioutil.WriteFile(common.AppTreeStoreIDPath(cdir, appName), []byte(treeStoreID), defaultRegularFilePerm); err != nil { return fmt.Errorf("error writing app treeStoreID: %v", err) } } else { ad := common.AppPath(cdir, appName) err := os.MkdirAll(ad, defaultRegularDirPerm) if err != nil { return fmt.Errorf("error creating image directory: %v", err) } shiftedUid, shiftedGid, err := cfg.PrivateUsers.ShiftRange(uint32(os.Getuid()), uint32(os.Getgid())) if err != nil { return fmt.Errorf("error getting uid, gid: %v", err) } if err := os.Chown(ad, int(shiftedUid), int(shiftedGid)); err != nil { return fmt.Errorf("error shifting app %q's stage2 dir: %v", appName, err) } if err := aci.RenderACIWithImageID(img, ad, cfg.Store, cfg.PrivateUsers); err != nil { return fmt.Errorf("error rendering ACI: %v", err) } } if err := writeManifest(*cfg.CommonConfig, img, appInfoDir); err != nil { return err } return nil }