github.com/sealerio/sealer@v0.11.1-0.20240507115618-f4f89c5853ae/pkg/imageengine/buildah/init.go (about) 1 // Copyright © 2022 Alibaba Group Holding Ltd. 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 package buildah 16 17 import ( 18 "os" 19 "path/filepath" 20 21 "github.com/sealerio/sealer/pkg/auth" 22 ) 23 24 const ( 25 policyAbsPath = "/etc/containers/policy.json" 26 registriesAbsPath = "/etc/containers/registries.conf" 27 storageConfPath = "/etc/containers/storage.conf" 28 29 buildahEtcRegistriesConf = ` 30 [registries.search] 31 registries = ['docker.io'] 32 33 # Registries that do not use TLS when pulling images or uses self-signed 34 # certificates. 35 [registries.insecure] 36 registries = [] 37 38 [registries.block] 39 registries = [] 40 ` 41 42 builadhEtcPolicy = ` 43 { 44 "default": [ 45 { 46 "type": "insecureAcceptAnything" 47 } 48 ], 49 "transports": 50 { 51 "docker-daemon": 52 { 53 "": [{"type":"insecureAcceptAnything"}] 54 } 55 } 56 }` 57 58 sealerAuth = ` 59 { 60 "auths": {} 61 } 62 ` 63 64 buildahStorageConf = ` 65 # storage.conf is the configuration file for all tools 66 # that share the containers/storage libraries 67 # See man 5 containers-storage.conf for more information 68 # The "container storage" table contains all of the server options. 69 [storage] 70 71 # Default Storage Driver 72 driver = "overlay" 73 74 # Temporary storage location 75 runroot = "/var/run/containers/storage" 76 77 # Primary Read/Write location of container storage 78 graphroot = "/var/lib/containers/storage" 79 80 [storage.options] 81 # Storage options to be passed to underlying storage drivers 82 83 # Size is used to set a maximum size of the container image. Only supported by 84 # certain container storage drivers. 85 size = "" 86 87 [storage.options.thinpool] 88 89 # log_level sets the log level of devicemapper. 90 # 0: LogLevelSuppress 0 (Default) 91 # 2: LogLevelFatal 92 # 3: LogLevelErr 93 # 4: LogLevelWarn 94 # 5: LogLevelNotice 95 # 6: LogLevelInfo 96 # 7: LogLevelDebug 97 # log_level = "7"` 98 ) 99 100 // TODO do we have an util or unified local storage accessing pattern? 101 func writeFileIfNotExist(path string, content []byte) error { 102 _, err := os.Stat(path) 103 if err != nil { 104 err = os.MkdirAll(filepath.Dir(path), 0750) 105 if err != nil { 106 return err 107 } 108 109 err = os.WriteFile(path, content, 0600) 110 if err != nil { 111 return err 112 } 113 } 114 return nil 115 } 116 117 func initBuildah() error { 118 if err := writeFileIfNotExist(policyAbsPath, []byte(builadhEtcPolicy)); err != nil { 119 return err 120 } 121 if err := writeFileIfNotExist(registriesAbsPath, []byte(buildahEtcRegistriesConf)); err != nil { 122 return err 123 } 124 125 storageAbsPath := "/etc/containers/storage.conf" 126 if err := writeFileIfNotExist(storageAbsPath, []byte(buildahStorageConf)); err != nil { 127 return err 128 } 129 130 // TODO maybe this should not be here. 131 defaultAuthPath := auth.GetDefaultAuthFilePath() 132 if err := writeFileIfNotExist(defaultAuthPath, []byte(sealerAuth)); err != nil { 133 return err 134 } 135 136 return nil 137 }