mirror of
				https://gitea.com/Lydanne/buildx.git
				synced 2025-10-26 05:33:43 +08:00 
			
		
		
		
	driver: docker-container driver uses --config correctly in rootless mode
The `docker-container` driver relies on the default config file location for buildkit when writing the configuration file. When run in a rootless version of docker (dind), the default location is different. Instead of trying to figure out where the appropriate default location is, this just writes the files to the same location and sets the `--config` parameter explicitly. This flag is placed first so a user-specified config option in `--buildkitd-flags` will take precedence over the implicit config parameter. This also fixes the `--config` option with the rootless image. Previously, the config directory was being copied in a way that rendered `/etc` unreadable and the configuration file wasn't readable either. It also wasn't copied to the correct place. Now, `--config` is used to specify the directory, `/etc` isn't included in the copied archive (so the permissions aren't overwritten), and the directory is set as world readable to be readable from the rootless buildkit process`. Signed-off-by: Jonathan A. Sternberg <jonathan.sternberg@docker.com>
This commit is contained in:
		| @@ -33,7 +33,8 @@ import ( | ||||
| ) | ||||
|  | ||||
| const ( | ||||
| 	volumeStateSuffix = "_state" | ||||
| 	volumeStateSuffix   = "_state" | ||||
| 	buildkitdConfigFile = "buildkitd.toml" | ||||
| ) | ||||
|  | ||||
| type Driver struct { | ||||
| @@ -114,9 +115,7 @@ func (d *Driver) create(ctx context.Context, l progress.SubLogger) error { | ||||
| 		Image: imageName, | ||||
| 		Env:   d.env, | ||||
| 	} | ||||
| 	if d.InitConfig.BuildkitFlags != nil { | ||||
| 		cfg.Cmd = d.InitConfig.BuildkitFlags | ||||
| 	} | ||||
| 	cfg.Cmd = getBuildkitFlags(d.InitConfig) | ||||
|  | ||||
| 	useInit := true // let it cleanup exited processes created by BuildKit's container API | ||||
| 	if err := l.Wrap("creating container "+d.Name, func() error { | ||||
| @@ -259,7 +258,9 @@ func (d *Driver) copyToContainer(ctx context.Context, files map[string][]byte) e | ||||
| 		return err | ||||
| 	} | ||||
| 	defer srcArchive.Close() | ||||
| 	return d.DockerAPI.CopyToContainer(ctx, d.Name, "/", srcArchive, dockertypes.CopyToContainerOptions{}) | ||||
|  | ||||
| 	baseDir := path.Dir(confutil.DefaultBuildKitConfigDir) | ||||
| 	return d.DockerAPI.CopyToContainer(ctx, d.Name, baseDir, srcArchive, dockertypes.CopyToContainerOptions{}) | ||||
| } | ||||
|  | ||||
| func (d *Driver) exec(ctx context.Context, cmd []string) (string, net.Conn, error) { | ||||
| @@ -475,15 +476,34 @@ func writeConfigFiles(m map[string][]byte) (_ string, err error) { | ||||
| 			os.RemoveAll(tmpDir) | ||||
| 		} | ||||
| 	}() | ||||
| 	configDir := filepath.Base(confutil.DefaultBuildKitConfigDir) | ||||
| 	for f, dt := range m { | ||||
| 		f = path.Join(confutil.DefaultBuildKitConfigDir, f) | ||||
| 		p := filepath.Join(tmpDir, f) | ||||
| 		if err := os.MkdirAll(filepath.Dir(p), 0700); err != nil { | ||||
| 		p := filepath.Join(tmpDir, configDir, f) | ||||
| 		if err := os.MkdirAll(filepath.Dir(p), 0755); err != nil { | ||||
| 			return "", err | ||||
| 		} | ||||
| 		if err := os.WriteFile(p, dt, 0600); err != nil { | ||||
| 		if err := os.WriteFile(p, dt, 0644); err != nil { | ||||
| 			return "", err | ||||
| 		} | ||||
| 	} | ||||
| 	return tmpDir, nil | ||||
| } | ||||
|  | ||||
| func getBuildkitFlags(initConfig driver.InitConfig) []string { | ||||
| 	flags := initConfig.BuildkitFlags | ||||
| 	if _, ok := initConfig.Files[buildkitdConfigFile]; ok { | ||||
| 		// There's no way for us to determine the appropriate default configuration | ||||
| 		// path and the default path can vary depending on if the image is normal | ||||
| 		// or rootless. | ||||
| 		// | ||||
| 		// In order to ensure that --config works, copy to a specific path and | ||||
| 		// specify the location. | ||||
| 		// | ||||
| 		// This should be appended before the user-specified arguments | ||||
| 		// so that this option could be overwritten by the user. | ||||
| 		newFlags := make([]string, 0, len(flags)+2) | ||||
| 		newFlags = append(newFlags, "--config", path.Join("/etc/buildkit", buildkitdConfigFile)) | ||||
| 		flags = append(newFlags, flags...) | ||||
| 	} | ||||
| 	return flags | ||||
| } | ||||
|   | ||||
		Reference in New Issue
	
	Block a user
	 Jonathan A. Sternberg
					Jonathan A. Sternberg