forked from containers/bootc
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
WIP: Use
podman pull
to fetch containers
See containers#147 (comment) With this bootc starts to really gain support for a different backend than ostree. Here we basically just fork off `podman pull` to fetch container images into an *alternative root* in `/ostree/container-storage`, (Because otherwise basic things like `podman image prune` would delete the OS image) This is quite distinct from our use of `skopeo` in the ostree-ext project because suddenly now we gain support for things implemented in the containers/storage library like `zstd:chunked` and OCI crypt. *However*...today we still need to generate a final flattened filesystem tree (and an ostree commit) in order to maintain compatibilty with stuff in rpm-ostree. (A corrollary to this is we're not booting into a `podman mount` overlayfs stack) Related to this, we also need to handle SELinux labeling. Hence, we implement "layer squashing", and then do some final "postprocessing" on the resulting image matching the same logic that's done in ostree-ext such as `etc -> usr/etc` and handling `/var`. Note this also really wants ostreedev/ostree#3106 to avoid duplicating disk space.
- Loading branch information
Showing
10 changed files
with
739 additions
and
30 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,72 @@ | ||
//! # Copy of the ostree authfile bits as they're not public | ||
use anyhow::Result; | ||
use once_cell::sync::OnceCell; | ||
use ostree_ext::glib; | ||
use std::fs::File; | ||
use std::path::{Path, PathBuf}; | ||
|
||
// https://docs.rs/openat-ext/0.1.10/openat_ext/trait.OpenatDirExt.html#tymethod.open_file_optional | ||
// https://users.rust-lang.org/t/why-i-use-anyhow-error-even-in-libraries/68592 | ||
pub(crate) fn open_optional(path: impl AsRef<Path>) -> std::io::Result<Option<std::fs::File>> { | ||
match std::fs::File::open(path.as_ref()) { | ||
Ok(r) => Ok(Some(r)), | ||
Err(e) if e.kind() == std::io::ErrorKind::NotFound => Ok(None), | ||
Err(e) => Err(e), | ||
} | ||
} | ||
|
||
struct ConfigPaths { | ||
persistent: PathBuf, | ||
runtime: PathBuf, | ||
} | ||
|
||
/// Get the runtime and persistent config directories. In the system (root) case, these | ||
/// system(root) case: /run/ostree /etc/ostree | ||
/// user(nonroot) case: /run/user/$uid/ostree ~/.config/ostree | ||
fn get_config_paths() -> &'static ConfigPaths { | ||
static PATHS: OnceCell<ConfigPaths> = OnceCell::new(); | ||
PATHS.get_or_init(|| { | ||
let mut r = if rustix::process::getuid() == rustix::process::Uid::ROOT { | ||
ConfigPaths { | ||
persistent: PathBuf::from("/etc"), | ||
runtime: PathBuf::from("/run"), | ||
} | ||
} else { | ||
ConfigPaths { | ||
persistent: glib::user_config_dir(), | ||
runtime: glib::user_runtime_dir(), | ||
} | ||
}; | ||
let path = "ostree"; | ||
r.persistent.push(path); | ||
r.runtime.push(path); | ||
r | ||
}) | ||
} | ||
|
||
impl ConfigPaths { | ||
/// Return the path and an open fd for a config file, if it exists. | ||
pub(crate) fn open_file(&self, p: impl AsRef<Path>) -> Result<Option<(PathBuf, File)>> { | ||
let p = p.as_ref(); | ||
let mut runtime = self.runtime.clone(); | ||
runtime.push(p); | ||
if let Some(f) = open_optional(&runtime)? { | ||
return Ok(Some((runtime, f))); | ||
} | ||
let mut persistent = self.persistent.clone(); | ||
persistent.push(p); | ||
if let Some(f) = open_optional(&persistent)? { | ||
return Ok(Some((persistent, f))); | ||
} | ||
Ok(None) | ||
} | ||
} | ||
|
||
/// Return the path to the global container authentication file, if it exists. | ||
pub(crate) fn get_global_authfile_path() -> Result<Option<PathBuf>> { | ||
let paths = get_config_paths(); | ||
let r = paths.open_file("auth.json")?; | ||
// TODO pass the file descriptor to the proxy, not a global path | ||
Ok(r.map(|v| v.0)) | ||
} |
Oops, something went wrong.