diff --git a/pkg/buildkit/buildkit.go b/pkg/buildkit/buildkit.go index 4485c5276..9814a1da5 100644 --- a/pkg/buildkit/buildkit.go +++ b/pkg/buildkit/buildkit.go @@ -10,12 +10,10 @@ import ( "context" "fmt" "io" - "net/http" "os" "os/exec" "github.com/containerd/console" - "github.com/containerd/containerd/remotes/docker" "github.com/docker/buildx/build" "github.com/docker/cli/cli/config" "github.com/moby/buildkit/client" @@ -24,11 +22,7 @@ import ( gwclient "github.com/moby/buildkit/frontend/gateway/client" "github.com/moby/buildkit/session" "github.com/moby/buildkit/session/auth/authprovider" - "github.com/moby/buildkit/util/contentutil" - "github.com/moby/buildkit/util/imageutil" "github.com/moby/buildkit/util/progress/progressui" - "github.com/moby/buildkit/version" - "github.com/opencontainers/go-digest" ispec "github.com/opencontainers/image-spec/specs-go/v1" "github.com/project-copacetic/copacetic/pkg/types/unversioned" "github.com/project-copacetic/copacetic/pkg/utils" @@ -72,46 +66,6 @@ func dockerLoad(ctx context.Context, pipeR io.Reader) error { return cmd.Run() } -// Custom ResolveImageConfig implementation for using Docker default config.json credentials -// to pull image config. -// -// While it would be ideal to be able to use imagemetaresolver.Default().ResolveImageConfig(), -// there doesn't seem to be a way to configure the necessary DockerAuthorizer or RegistryHosts -// against an ImageMetaResolver, which causes the resolve to only use anonymous tokens and fail. -func resolveImageConfig(ctx context.Context, ref string, platform *ispec.Platform) (digest.Digest, []byte, error) { - auth := docker.NewDockerAuthorizer( - docker.WithAuthCreds(func(ref string) (string, string, error) { - defaultConfig := config.LoadDefaultConfigFile(os.Stderr) - ac, err := defaultConfig.GetAuthConfig(ref) - if err != nil { - return "", "", err - } - if ac.IdentityToken != "" { - return "", ac.IdentityToken, nil - } - return ac.Username, ac.Password, nil - })) - hosts := docker.ConfigureDefaultRegistries( - docker.WithClient(http.DefaultClient), - docker.WithPlainHTTP(docker.MatchLocalhost), - docker.WithAuthorizer(auth), - ) - - headers := http.Header{} - headers.Set("User-Agent", version.UserAgent()) - resolver := docker.NewResolver(docker.ResolverOptions{ - Client: http.DefaultClient, - Headers: headers, - Hosts: hosts, - }) - - _, dgst, config, err := imageutil.Config(ctx, ref, resolver, contentutil.NewBuffer(), nil, platform, nil) - if err != nil { - return "", nil, err - } - return dgst, config, nil -} - func InitializeBuildkitConfig(ctx context.Context, c gwclient.Client, image string, manifest *unversioned.UpdateManifest) (*Config, error) { // Initialize buildkit config for the target image config := Config{ @@ -182,16 +136,16 @@ func ArrayFile(input []string) []byte { return b.Bytes() } -func WithArrayFile(s llb.State, path string, contents []string) llb.State { +func WithArrayFile(s *llb.State, path string, contents []string) llb.State { af := ArrayFile(contents) return WithFileBytes(s, path, af) } -func WithFileString(s llb.State, path, contents string) llb.State { +func WithFileString(s *llb.State, path, contents string) llb.State { return WithFileBytes(s, path, []byte(contents)) } -func WithFileBytes(s llb.State, path string, contents []byte) llb.State { +func WithFileBytes(s *llb.State, path string, contents []byte) llb.State { return s.File(llb.Mkfile(path, 0o600, contents)) } diff --git a/pkg/pkgmgr/apk_test.go b/pkg/pkgmgr/apk_test.go index d84c37979..415cf711a 100644 --- a/pkg/pkgmgr/apk_test.go +++ b/pkg/pkgmgr/apk_test.go @@ -79,13 +79,12 @@ var ( //go:embed testdata/empty.txt apkEmpty []byte - // tests the error handling of the function - apkNoSuchFile []byte = nil + // initialized to `nil`; tests the error handling of the function. + apkNoSuchFile []byte ) // TestApkReadResultsManifest tests the apkReadResultsManifest function. func TestApkReadResultsManifest(t *testing.T) { - type args struct { path []byte } diff --git a/pkg/pkgmgr/dpkg_test.go b/pkg/pkgmgr/dpkg_test.go index 3ad5d1d72..ad01d13ec 100644 --- a/pkg/pkgmgr/dpkg_test.go +++ b/pkg/pkgmgr/dpkg_test.go @@ -181,7 +181,8 @@ var ( //go:embed testdata/dpkg_valid.txt validDPKGManifest []byte - nonExistingManifest []byte = nil + // initialized to `nil`; tests error handling + nonExistingManifest []byte //go:embed testdata/empty.txt emptyManifest []byte diff --git a/pkg/pkgmgr/rpm.go b/pkg/pkgmgr/rpm.go index f3f8c3e36..3c0268c7f 100644 --- a/pkg/pkgmgr/rpm.go +++ b/pkg/pkgmgr/rpm.go @@ -133,7 +133,7 @@ func parseRPMTools(b []byte) (rpmToolPaths, error) { return rpmTools, nil } -// Check the RPM DB type given image probe results +// Check the RPM DB type given image probe results. func getRPMDBType(b []byte) rpmDBType { buf := bytes.NewBuffer(b) s := bufio.NewScanner(buf) @@ -240,8 +240,8 @@ func (rm *rpmManager) probeRPMStatus(ctx context.Context, toolImage string) erro toolListPath := filepath.Join(resultsPath, "tool_list") dbListPath := filepath.Join(resultsPath, "rpm_db_list") - probed := buildkit.WithArrayFile(mkFolders, toolListPath, toolList) - probed = buildkit.WithArrayFile(probed, dbListPath, rpmDBList) + probed := buildkit.WithArrayFile(&mkFolders, toolListPath, toolList) + probed = buildkit.WithArrayFile(&probed, dbListPath, rpmDBList) probed = probed.Run(llb.Args([]string{ `/usr/sbin/busybox`, `env`, buildkit.Env("TOOL_LIST_PATH", toolListPath), @@ -287,7 +287,12 @@ func (rm *rpmManager) probeRPMStatus(ctx context.Context, toolImage string) erro // Parse rpmTools File if not distroless if !rm.isDistroless { log.Info("Checking for available RPM tools in non-distroless image ...") + toolsFileBytes, err := buildkit.ExtractFileFromState(ctx, rm.config.Client, &outState, filepath.Join(resultsPath, rpmToolsFile)) + if err != nil { + return err + } + rpmTools, err := parseRPMTools(toolsFileBytes) if err != nil { return err diff --git a/pkg/pkgmgr/rpm_test.go b/pkg/pkgmgr/rpm_test.go index 0f60a8ec0..7400ba41f 100644 --- a/pkg/pkgmgr/rpm_test.go +++ b/pkg/pkgmgr/rpm_test.go @@ -208,10 +208,8 @@ func TestGetRPMDBType(t *testing.T) { } } -var ( - //go:embed testdata/rpm_valid.txt - rpmValidManifest []byte -) +//go:embed testdata/rpm_valid.txt +var rpmValidManifest []byte func TestRpmReadResultsManifest(t *testing.T) { // Test cases