project-stacker · smoser · Aug 22, 2023 · Aug 21, 2023 · Aug 22, 2023 · Aug 22, 2023
@@ -50,10 +50,10 @@ func doChroot(ctx *cli.Context) error {
 		tag = ctx.Args().Get(0)
 	}
 
-	cmd := stacker.DefaultShell
+	cmd := []string{stacker.DefaultShell}
 
 	if ctx.Args().Len() > 1 {
-		cmd = ctx.Args().Get(1)
+		cmd[0] = ctx.Args().Get(1)
 	}
 
 	file := ctx.String("f")

@@ -21,7 +21,7 @@ struct child_args {
 	int    command_start;
 };
 
-static int spawn_container(char *name, char *lxcpath, char *config)
+static int spawn_container(char *name, char *lxcpath, char *config, char *argv[])
 {
 	struct lxc_container *c;
 
@@ -38,7 +38,7 @@ static int spawn_container(char *name, char *lxcpath, char *config)
 	}
 
 	c->daemonize = false;
-	if (!c->start(c, 1, NULL)) {
+	if (!c->start(c, 1, argv)) {
 		fprintf(stderr, "failed to start container %s\n", name);
 		return -1;
 	}
@@ -253,16 +253,19 @@ int main(int argc, char *argv[])
 	if (!strcmp(argv[1], "spawn")) {
 		int ret, status;
 		char *name, *lxcpath, *config_path;
+		char **args = NULL;
 
-		if (argc != 5) {
+		if (argc < 5) {
 			fprintf(stderr, "bad number of args for spawn: %d\n", argc);
 			return 1;
 		}
 
-
 		name = argv[2];
 		lxcpath = argv[3];
 		config_path = argv[4];
+		if (argc >= 5) {
+			args = &argv[5];
+		}
 
 		ret = isatty(STDIN_FILENO);
 		if (ret < 0) {
@@ -275,7 +278,7 @@ int main(int argc, char *argv[])
 		if (!ret)
 			setsid();
 
-		status = spawn_container(name, lxcpath, config_path);
+		status = spawn_container(name, lxcpath, config_path, args);
 
 		// Try and propagate the container's exit code.
 		if (WIFEXITED(status)) {

@@ -118,11 +118,7 @@ func (c *Container) containerError(theErr error, msg string) error {
 	return errors.Wrapf(theErr, msg)
 }
 
-func (c *Container) Execute(args string, stdin io.Reader) error {
-	if err := c.SetConfig("lxc.execute.cmd", args); err != nil {
-		return err
-	}
-
+func (c *Container) Execute(args []string, stdin io.Reader) error {
 	f, err := os.CreateTemp("", fmt.Sprintf("stacker_%s_run", c.c.Name()))
 	if err != nil {
 		return err
@@ -142,10 +138,7 @@ func (c *Container) Execute(args string, stdin io.Reader) error {
 	cmd, cleanup, err := embed_exec.GetCommand(
 		c.sc.EmbeddedFS,
 		"lxc-wrapper/lxc-wrapper",
-		"spawn",
-		c.c.Name(),
-		c.sc.RootFSDir,
-		f.Name(),
+		append([]string{"spawn", c.c.Name(), c.sc.RootFSDir, f.Name()}, args...)...,
 	)
 	if err != nil {
 		return err

@@ -5,7 +5,6 @@ import (
 	"io"
 	"os"
 	"path"
-	"strconv"
 
 	"stackerbuild.io/stacker/pkg/container"
 	"stackerbuild.io/stacker/pkg/log"
@@ -39,35 +38,19 @@ func BuildLayerArtifacts(sc types.StackerConfig, storage types.Storage, l types.
 		return err
 	}
 
-	binary, err := os.Readlink("/proc/self/exe")
-	if err != nil {
-		return err
-	}
-
-	if err := c.BindMount(binary, "/stacker/tools/static-stacker", ""); err != nil {
-		return err
-	}
-
-	cmd := "/stacker/tools/static-stacker"
+	cmd := []string{insideStaticStacker}
 
 	if sc.Debug {
-		cmd += " --debug"
+		cmd = append(cmd, "--debug")
 	}
 
-	cmd += " internal-go"
-
-	author := l.Annotations[types.AuthorAnnotation]
-	org := l.Annotations[types.OrgAnnotation]
-	license := l.Annotations[types.LicenseAnnotation]
-	dest := "/stacker/artifacts"
-	cmd += fmt.Sprintf(" bom-build %s %s %s %s %s %s", dest,
-		strconv.Quote(author),
-		strconv.Quote(org),
-		strconv.Quote(license),
+	cmd = append(cmd, "internal-go", "bom-build",
+		"/stacker/artifacts",
+		l.Annotations[types.AuthorAnnotation],
+		l.Annotations[types.OrgAnnotation],
+		l.Annotations[types.LicenseAnnotation],
 		pkg.Name, pkg.Version)
-	for _, ppath := range pkg.Paths {
-		cmd += " " + ppath
-	}
+	cmd = append(cmd, pkg.Paths...)
 	err = c.Execute(cmd, os.Stdin)
 	if err != nil {
 		return err
@@ -100,30 +83,16 @@ func VerifyLayerArtifacts(sc types.StackerConfig, storage types.Storage, l types
 		return err
 	}
 
-	binary, err := os.Readlink("/proc/self/exe")
-	if err != nil {
-		return err
-	}
-
-	if err := c.BindMount(binary, "/stacker/tools/static-stacker", ""); err != nil {
-		return err
-	}
-
-	cmd := "/stacker/tools/static-stacker"
+	cmd := []string{insideStaticStacker}
 
 	if sc.Debug {
-		cmd += " --debug"
+		cmd = append(cmd, "--debug")
 	}
 
-	cmd += " internal-go"
-
-	author := l.Annotations[types.AuthorAnnotation]
-	org := l.Annotations[types.OrgAnnotation]
+	cmd = append(cmd, "internal-go", "bom-verify",
+		fmt.Sprintf("/stacker/artifacts/%s.json", tag),
+		tag, l.Annotations[types.AuthorAnnotation], l.Annotations[types.OrgAnnotation])
 
-	dest := fmt.Sprintf("/stacker/artifacts/%s.json", tag)
-	cmd += fmt.Sprintf(" bom-verify %s %s %s %s", dest, tag,
-		strconv.Quote(author),
-		strconv.Quote(org))
 	err = c.Execute(cmd, os.Stdin)
 	if err != nil {
 		return err

@@ -21,7 +21,10 @@ import (
 	"stackerbuild.io/stacker/pkg/types"
 )
 
-const DefaultShell = "/bin/sh"
+const (
+	DefaultShell        = "/bin/sh"
+	insideStaticStacker = "/stacker/tools/static-stacker"
+)
 
 type BuildArgs struct {
 	Config               types.StackerConfig
@@ -147,7 +150,7 @@ func (b *Builder) updateOCIConfigForOutput(sf *types.Stackerfile, s types.Storag
 			return err
 		}
 
-		err = c.Execute("/stacker/oci-labels/.stacker-run.sh", nil)
+		err = c.Execute([]string{"/stacker/oci-labels/.stacker-run.sh"}, nil)
 		if err != nil {
 			return err
 		}
@@ -476,10 +479,10 @@ func (b *Builder) build(s types.Storage, file string) error {
 			}
 
 			// These should all be non-interactive; let's ensure that.
-			err = c.Execute("/stacker/imports/.stacker-run.sh", nil)
+			err = c.Execute([]string{"/stacker/imports/.stacker-run.sh"}, nil)
 			if err != nil {
 				if opts.OnRunFailure != "" {
-					err2 := c.Execute(opts.OnRunFailure, os.Stdin)
+					err2 := c.Execute([]string{opts.OnRunFailure}, os.Stdin)
 					if err2 != nil {
 						log.Infof("failed executing %s: %s\n", opts.OnRunFailure, err2)
 					}
@@ -687,6 +690,16 @@ func SetupBuildContainerConfig(config types.StackerConfig, storage types.Storage
 		return err
 	}
 
+	binary, err := os.Readlink("/proc/self/exe")
+	if err != nil {
+		return err
+	}
+
+	// make stacker binary available inside container
+	if err := c.BindMount(binary, insideStaticStacker, ""); err != nil {
+		return err
+	}
+
 	rootfs, err := storage.GetLXCRootfsConfig(name)
 	if err != nil {
 		return err
@@ -749,19 +762,6 @@ func SetupLayerConfig(config types.StackerConfig, c *container.Container, l type
 		} else {
 			log.Debugf("not bind mounting %s into container", artifactsDir)
 		}
-
-		// make stacker also available to run the internal bom cmds
-		binary, err := os.Readlink("/proc/self/exe")
-		if err != nil {
-			return errors.Wrapf(err, "couldn't find executable for bind mount")
-		}
-
-		err = c.BindMount(binary, "/stacker/tools/static-stacker", "")
-		if err != nil {
-			return err
-		}
-
-		log.Debugf("bind mounting %s into container", binary)
 	}
 
 	for k, v := range env {

@@ -6,7 +6,6 @@ import (
 	"os"
 	"path"
 
-	"github.com/pkg/errors"
 	"stackerbuild.io/stacker/pkg/container"
 	"stackerbuild.io/stacker/pkg/types"
 )
@@ -26,28 +25,19 @@ func Grab(sc types.StackerConfig, storage types.Storage, name string, source str
 	}
 	defer os.Remove(path.Join(sc.RootFSDir, name, "rootfs", "stacker"))
 
-	binary, err := os.Readlink("/proc/self/exe")
-	if err != nil {
-		return errors.Wrapf(err, "couldn't find executable for bind mount")
-	}
-
-	err = c.BindMount(binary, "/stacker/tools/static-stacker", "")
-	if err != nil {
-		return err
-	}
-
 	err = SetupBuildContainerConfig(sc, storage, c, name)
 	if err != nil {
 		return err
 	}
 
-	err = c.Execute(fmt.Sprintf("/stacker/tools/static-stacker internal-go cp %s /stacker/%s", source, path.Base(source)), nil)
+	bcmd := []string{insideStaticStacker, "internal-go"}
+	err = c.Execute(append(bcmd, "cp", source, "/stacker/"+path.Base(source)), nil)
 	if err != nil {
 		return err
 	}
 
 	if mode != nil {
-		err = c.Execute(fmt.Sprintf("/stacker/tools/static-stacker internal-go chmod %s /stacker/%s", fmt.Sprintf("%o", *mode), path.Base(source)), nil)
+		err = c.Execute(append(bcmd, "chmod", fmt.Sprintf("%o", *mode), "/stacker/"+path.Base(source)), nil)
 		if err != nil {
 			return err
 		}
@@ -59,7 +49,7 @@ func Grab(sc types.StackerConfig, storage types.Storage, name string, source str
 			owns += fmt.Sprintf(":%d", gid)
 		}
 
-		err = c.Execute(fmt.Sprintf("/stacker/tools/static-stacker internal-go chown %s /stacker/%s", owns, path.Base(source)), nil)
+		err = c.Execute(append(bcmd, "chown", owns, "/stacker/"+path.Base(source)), nil)
 		if err != nil {
 			return err
 		}

@@ -103,8 +103,8 @@ bom-parent:
         /etc/sysconfig/sshd-permitrootlogin /root/anaconda-* /root/original-* /run/nologin \
         /var/lib/rpm/.rpm.lock /etc/.pwd.lock /etc/BUILDTIME
     annotations:
-      org.opencontainers.image.authors: bom-test
-      org.opencontainers.image.vendor: bom-test
+      org.opencontainers.image.authors: "Alice P. Programmer"
+      org.opencontainers.image.vendor: "ACME Widgets & Trinkets Inc."
       org.opencontainers.image.licenses: MIT
 EOF
     stacker build