From 906951f906f5b20acea12ac20a79a682fe879e18 Mon Sep 17 00:00:00 2001 From: Vincent Batts Date: Mon, 11 Nov 2019 14:37:18 +0000 Subject: [PATCH] WIP --- BuildSourceImage.sh | 82 +-------------------------------- relocate.sh | 108 ++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 110 insertions(+), 80 deletions(-) create mode 100644 relocate.sh diff --git a/BuildSourceImage.sh b/BuildSourceImage.sh index 59b08f7..96a505b 100755 --- a/BuildSourceImage.sh +++ b/BuildSourceImage.sh @@ -39,7 +39,7 @@ _init() { set -o pipefail # check for tools we depend on - for cmd in jq skopeo dnf file find tar stat date ; do + for cmd in jq dnf file find tar stat date ; do if [ -z "$(command -v ${cmd})" ] ; then # TODO: maybe this could be individual checks so it can report # where to find the tools @@ -209,7 +209,7 @@ parse_img_tag() { # # an inline prefixer for containers/image tools -# +# XXX redo this to only validate for 'oci:...', otherwise bail ref_prefix() { local ref="${1}" local pfxs @@ -243,68 +243,6 @@ ref_src_img_tag() { echo -n "$(parse_img_tag "${ref}")""${source_image_suffix}" } -# -# call out to registry for the image reference's digest checksum -# -fetch_img_digest() { - local ref="${1}" - local dgst - local ret - - ## TODO: check for authfile, creds, and whether it's an insecure registry - dgst=$(skopeo inspect "$(ref_prefix "${ref}")" | jq .Digest | tr -d \") - ret=$? - if [ $ret -ne 0 ] ; then - echo "ERROR: check the image reference: ${ref}" >&2 - return $ret - fi - - echo -n "${dgst}" -} - -# -# pull down the image to an OCI layout -# arguments: image ref -# returns: path:tag to the OCI layout -# -# any commands should only output to stderr, so that the caller can receive the -# path reference to the OCI layout. -# -fetch_img() { - local ref="${1}" - local dst="${2}" - local base - local tag - local dgst - local from - local ret - - _mkdir_p "${dst}" - - base="$(parse_img_base "${ref}")" - tag="$(parse_img_tag "${ref}")" - dgst="$(parse_img_digest "${ref}")" - from="" - # skopeo currently only support _either_ tag _or_ digest, so we'll be specific. - if [ -n "${dgst}" ] ; then - from="$(ref_prefix "${base}")@${dgst}" - else - from="$(ref_prefix "${base}"):${tag}" - fi - - ## TODO: check for authfile, creds, and whether it's an insecure registry - ## destination name must have the image tag included (umoci expects it) - skopeo \ - copy \ - "${from}" \ - "oci:${dst}:${tag}" >&2 - ret=$? - if [ ${ret} -ne 0 ] ; then - return ${ret} - fi - echo -n "${dst}:${tag}" -} - # # upack_img # @@ -427,21 +365,6 @@ unpack_img_umoci() { return $ret } -# -# copy an image from one location to another -# -push_img() { - local src="${1}" - local dst="${2}" - - _debug "pushing image ${src} to ${dst}" - ## TODO: check for authfile, creds, and whether it's an insecure registry - skopeo copy --dest-tls-verify=false "$(ref_prefix "${src}")" "$(ref_prefix "${dst}")" # XXX for demo only - #skopeo copy "$(ref_prefix "${src}")" "$(ref_prefix "${dst}")" - ret=$? - return $ret -} - # # sets up a basic new OCI layout, for an image with the provided (or default 'latest') tag # @@ -1258,7 +1181,6 @@ main() { # TODO maybe look to a directory like /usr/libexec/BuildSourceImage/drivers/ for drop-ins to run _info "succesfully packed 'oci:${src_img_dir}:${src_img_tag}'" - _debug "$(skopeo inspect oci:"${src_img_dir}":"${src_img_tag}")" ## if an output directory is provided then save a copy to it if [ -n "${output_dir}" ] ; then diff --git a/relocate.sh b/relocate.sh new file mode 100644 index 0000000..8d52a87 --- /dev/null +++ b/relocate.sh @@ -0,0 +1,108 @@ +#!/bin/bash + +## depracted code for moving containers (what skopeo does) + +# +# copy an image from one location to another +# +push_img() { + local src="${1}" + local dst="${2}" + + _debug "pushing image ${src} to ${dst}" + ## TODO: check for authfile, creds, and whether it's an insecure registry + skopeo copy --dest-tls-verify=false "$(ref_prefix "${src}")" "$(ref_prefix "${dst}")" # XXX for demo only + #skopeo copy "$(ref_prefix "${src}")" "$(ref_prefix "${dst}")" + ret=$? + return $ret +} + + +# +# call out to registry for the image reference's digest checksum +# +fetch_img_digest() { + local ref="${1}" + local dgst + local ret + + ## TODO: check for authfile, creds, and whether it's an insecure registry + dgst=$(skopeo inspect "$(ref_prefix "${ref}")" | jq .Digest | tr -d \") + ret=$? + if [ $ret -ne 0 ] ; then + echo "ERROR: check the image reference: ${ref}" >&2 + return $ret + fi + + echo -n "${dgst}" +} + + +# +# an inline prefixer for containers/image tools +# +ref_prefix() { + local ref="${1}" + local pfxs + local ret + + # get the supported prefixes of the current version of skopeo + mapfile -t pfxs < <(skopeo copy --help | grep -A1 "Supported transports:" | grep -v "Supported transports" | sed 's/, /\n/g') + ret=$? + if [ ${ret} -ne 0 ] ; then + return ${ret} + fi + + for pfx in "${pfxs[@]}" ; do + if echo "${ref}" | grep -q "^${pfx}:" ; then + # break if we match a known prefix + echo "${ref}" + return 0 + fi + done + # else default + echo "docker://${ref}" +} + +# +# pull down the image to an OCI layout +# arguments: image ref +# returns: path:tag to the OCI layout +# +# any commands should only output to stderr, so that the caller can receive the +# path reference to the OCI layout. +# +fetch_img() { + local ref="${1}" + local dst="${2}" + local base + local tag + local dgst + local from + local ret + + _mkdir_p "${dst}" + + base="$(parse_img_base "${ref}")" + tag="$(parse_img_tag "${ref}")" + dgst="$(parse_img_digest "${ref}")" + from="" + # skopeo currently only support _either_ tag _or_ digest, so we'll be specific. + if [ -n "${dgst}" ] ; then + from="$(ref_prefix "${base}")@${dgst}" + else + from="$(ref_prefix "${base}"):${tag}" + fi + + ## TODO: check for authfile, creds, and whether it's an insecure registry + ## destination name must have the image tag included (umoci expects it) + skopeo \ + copy \ + "${from}" \ + "oci:${dst}:${tag}" >&2 + ret=$? + if [ ${ret} -ne 0 ] ; then + return ${ret} + fi + echo -n "${dst}:${tag}" +} \ No newline at end of file