diff --git a/cmd/stacker/chroot.go b/cmd/stacker/chroot.go index 0efae2c2..497d76a6 100644 --- a/cmd/stacker/chroot.go +++ b/cmd/stacker/chroot.go @@ -50,10 +50,10 @@ func doChroot(ctx *cli.Context) error { tag = ctx.Args().Get(0) } - cmd := stacker.DefaultShell + cmd := []string{stacker.DefaultShell} if ctx.Args().Len() > 1 { - cmd = ctx.Args().Get(1) + cmd[0] = ctx.Args().Get(1) } file := ctx.String("f") diff --git a/cmd/stacker/lxc-wrapper/lxc-wrapper.c b/cmd/stacker/lxc-wrapper/lxc-wrapper.c index c3099ac9..7ed3a475 100644 --- a/cmd/stacker/lxc-wrapper/lxc-wrapper.c +++ b/cmd/stacker/lxc-wrapper/lxc-wrapper.c @@ -21,7 +21,7 @@ struct child_args { int command_start; }; -static int spawn_container(char *name, char *lxcpath, char *config) +static int spawn_container(char *name, char *lxcpath, char *config, char *argv[]) { struct lxc_container *c; @@ -38,7 +38,7 @@ static int spawn_container(char *name, char *lxcpath, char *config) } c->daemonize = false; - if (!c->start(c, 1, NULL)) { + if (!c->start(c, 1, argv)) { fprintf(stderr, "failed to start container %s\n", name); return -1; } @@ -253,16 +253,19 @@ int main(int argc, char *argv[]) if (!strcmp(argv[1], "spawn")) { int ret, status; char *name, *lxcpath, *config_path; + char **args = NULL; - if (argc != 5) { + if (argc < 5) { fprintf(stderr, "bad number of args for spawn: %d\n", argc); return 1; } - name = argv[2]; lxcpath = argv[3]; config_path = argv[4]; + if (argc >= 5) { + args = &argv[5]; + } ret = isatty(STDIN_FILENO); if (ret < 0) { @@ -275,7 +278,7 @@ int main(int argc, char *argv[]) if (!ret) setsid(); - status = spawn_container(name, lxcpath, config_path); + status = spawn_container(name, lxcpath, config_path, args); // Try and propagate the container's exit code. if (WIFEXITED(status)) { diff --git a/pkg/container/container.go b/pkg/container/container.go index de939ad1..cd6ade01 100644 --- a/pkg/container/container.go +++ b/pkg/container/container.go @@ -118,11 +118,7 @@ func (c *Container) containerError(theErr error, msg string) error { return errors.Wrapf(theErr, msg) } -func (c *Container) Execute(args string, stdin io.Reader) error { - if err := c.SetConfig("lxc.execute.cmd", args); err != nil { - return err - } - +func (c *Container) Execute(args []string, stdin io.Reader) error { f, err := os.CreateTemp("", fmt.Sprintf("stacker_%s_run", c.c.Name())) if err != nil { return err @@ -142,10 +138,7 @@ func (c *Container) Execute(args string, stdin io.Reader) error { cmd, cleanup, err := embed_exec.GetCommand( c.sc.EmbeddedFS, "lxc-wrapper/lxc-wrapper", - "spawn", - c.c.Name(), - c.sc.RootFSDir, - f.Name(), + append([]string{"spawn", c.c.Name(), c.sc.RootFSDir, f.Name()}, args...)..., ) if err != nil { return err diff --git a/pkg/stacker/bom.go b/pkg/stacker/bom.go index e12fba39..166f68bd 100644 --- a/pkg/stacker/bom.go +++ b/pkg/stacker/bom.go @@ -5,7 +5,6 @@ import ( "io" "os" "path" - "strconv" "stackerbuild.io/stacker/pkg/container" "stackerbuild.io/stacker/pkg/log" @@ -39,35 +38,19 @@ func BuildLayerArtifacts(sc types.StackerConfig, storage types.Storage, l types. return err } - binary, err := os.Readlink("/proc/self/exe") - if err != nil { - return err - } - - if err := c.BindMount(binary, "/stacker/tools/static-stacker", ""); err != nil { - return err - } - - cmd := "/stacker/tools/static-stacker" + cmd := []string{insideStaticStacker} if sc.Debug { - cmd += " --debug" + cmd = append(cmd, "--debug") } - cmd += " internal-go" - - author := l.Annotations[types.AuthorAnnotation] - org := l.Annotations[types.OrgAnnotation] - license := l.Annotations[types.LicenseAnnotation] - dest := "/stacker/artifacts" - cmd += fmt.Sprintf(" bom-build %s %s %s %s %s %s", dest, - strconv.Quote(author), - strconv.Quote(org), - strconv.Quote(license), + cmd = append(cmd, "internal-go", "bom-build", + "/stacker/artifacts", + l.Annotations[types.AuthorAnnotation], + l.Annotations[types.OrgAnnotation], + l.Annotations[types.LicenseAnnotation], pkg.Name, pkg.Version) - for _, ppath := range pkg.Paths { - cmd += " " + ppath - } + cmd = append(cmd, pkg.Paths...) err = c.Execute(cmd, os.Stdin) if err != nil { return err @@ -100,30 +83,16 @@ func VerifyLayerArtifacts(sc types.StackerConfig, storage types.Storage, l types return err } - binary, err := os.Readlink("/proc/self/exe") - if err != nil { - return err - } - - if err := c.BindMount(binary, "/stacker/tools/static-stacker", ""); err != nil { - return err - } - - cmd := "/stacker/tools/static-stacker" + cmd := []string{insideStaticStacker} if sc.Debug { - cmd += " --debug" + cmd = append(cmd, "--debug") } - cmd += " internal-go" - - author := l.Annotations[types.AuthorAnnotation] - org := l.Annotations[types.OrgAnnotation] + cmd = append(cmd, "internal-go", "bom-verify", + fmt.Sprintf("/stacker/artifacts/%s.json", tag), + tag, l.Annotations[types.AuthorAnnotation], l.Annotations[types.OrgAnnotation]) - dest := fmt.Sprintf("/stacker/artifacts/%s.json", tag) - cmd += fmt.Sprintf(" bom-verify %s %s %s %s", dest, tag, - strconv.Quote(author), - strconv.Quote(org)) err = c.Execute(cmd, os.Stdin) if err != nil { return err diff --git a/pkg/stacker/build.go b/pkg/stacker/build.go index b69d19f8..fed86872 100644 --- a/pkg/stacker/build.go +++ b/pkg/stacker/build.go @@ -21,7 +21,10 @@ import ( "stackerbuild.io/stacker/pkg/types" ) -const DefaultShell = "/bin/sh" +const ( + DefaultShell = "/bin/sh" + insideStaticStacker = "/stacker/tools/static-stacker" +) type BuildArgs struct { Config types.StackerConfig @@ -147,7 +150,7 @@ func (b *Builder) updateOCIConfigForOutput(sf *types.Stackerfile, s types.Storag return err } - err = c.Execute("/stacker/oci-labels/.stacker-run.sh", nil) + err = c.Execute([]string{"/stacker/oci-labels/.stacker-run.sh"}, nil) if err != nil { return err } @@ -476,10 +479,10 @@ func (b *Builder) build(s types.Storage, file string) error { } // These should all be non-interactive; let's ensure that. - err = c.Execute("/stacker/imports/.stacker-run.sh", nil) + err = c.Execute([]string{"/stacker/imports/.stacker-run.sh"}, nil) if err != nil { if opts.OnRunFailure != "" { - err2 := c.Execute(opts.OnRunFailure, os.Stdin) + err2 := c.Execute([]string{opts.OnRunFailure}, os.Stdin) if err2 != nil { log.Infof("failed executing %s: %s\n", opts.OnRunFailure, err2) } @@ -687,6 +690,16 @@ func SetupBuildContainerConfig(config types.StackerConfig, storage types.Storage return err } + binary, err := os.Readlink("/proc/self/exe") + if err != nil { + return err + } + + // make stacker binary available inside container + if err := c.BindMount(binary, insideStaticStacker, ""); err != nil { + return err + } + rootfs, err := storage.GetLXCRootfsConfig(name) if err != nil { return err @@ -749,19 +762,6 @@ func SetupLayerConfig(config types.StackerConfig, c *container.Container, l type } else { log.Debugf("not bind mounting %s into container", artifactsDir) } - - // make stacker also available to run the internal bom cmds - binary, err := os.Readlink("/proc/self/exe") - if err != nil { - return errors.Wrapf(err, "couldn't find executable for bind mount") - } - - err = c.BindMount(binary, "/stacker/tools/static-stacker", "") - if err != nil { - return err - } - - log.Debugf("bind mounting %s into container", binary) } for k, v := range env { diff --git a/pkg/stacker/grab.go b/pkg/stacker/grab.go index cc08d8df..33974cf1 100644 --- a/pkg/stacker/grab.go +++ b/pkg/stacker/grab.go @@ -6,7 +6,6 @@ import ( "os" "path" - "github.com/pkg/errors" "stackerbuild.io/stacker/pkg/container" "stackerbuild.io/stacker/pkg/types" ) @@ -26,28 +25,19 @@ func Grab(sc types.StackerConfig, storage types.Storage, name string, source str } defer os.Remove(path.Join(sc.RootFSDir, name, "rootfs", "stacker")) - binary, err := os.Readlink("/proc/self/exe") - if err != nil { - return errors.Wrapf(err, "couldn't find executable for bind mount") - } - - err = c.BindMount(binary, "/stacker/tools/static-stacker", "") - if err != nil { - return err - } - err = SetupBuildContainerConfig(sc, storage, c, name) if err != nil { return err } - err = c.Execute(fmt.Sprintf("/stacker/tools/static-stacker internal-go cp %s /stacker/%s", source, path.Base(source)), nil) + bcmd := []string{insideStaticStacker, "internal-go"} + err = c.Execute(append(bcmd, "cp", source, "/stacker/"+path.Base(source)), nil) if err != nil { return err } if mode != nil { - err = c.Execute(fmt.Sprintf("/stacker/tools/static-stacker internal-go chmod %s /stacker/%s", fmt.Sprintf("%o", *mode), path.Base(source)), nil) + err = c.Execute(append(bcmd, "chmod", fmt.Sprintf("%o", *mode), "/stacker/"+path.Base(source)), nil) if err != nil { return err } @@ -59,7 +49,7 @@ func Grab(sc types.StackerConfig, storage types.Storage, name string, source str owns += fmt.Sprintf(":%d", gid) } - err = c.Execute(fmt.Sprintf("/stacker/tools/static-stacker internal-go chown %s /stacker/%s", owns, path.Base(source)), nil) + err = c.Execute(append(bcmd, "chown", owns, "/stacker/"+path.Base(source)), nil) if err != nil { return err } diff --git a/test/bom.bats b/test/bom.bats index e0e0c0ee..293a2cb4 100644 --- a/test/bom.bats +++ b/test/bom.bats @@ -103,8 +103,8 @@ bom-parent: /etc/sysconfig/sshd-permitrootlogin /root/anaconda-* /root/original-* /run/nologin \ /var/lib/rpm/.rpm.lock /etc/.pwd.lock /etc/BUILDTIME annotations: - org.opencontainers.image.authors: bom-test - org.opencontainers.image.vendor: bom-test + org.opencontainers.image.authors: "Alice P. Programmer" + org.opencontainers.image.vendor: "ACME Widgets & Trinkets Inc." org.opencontainers.image.licenses: MIT EOF stacker build