Skip to content

Commit

Permalink
install: Drop support for old skopeo
Browse files Browse the repository at this point in the history
Let's just hard require a skopeo that can fetch from `containers-storage`.
Motivated by #263 which
was moving this code around.

Signed-off-by: Colin Walters <[email protected]>
  • Loading branch information
cgwalters committed Jan 17, 2024
1 parent e5b5970 commit ef74c7c
Showing 1 changed file with 4 additions and 39 deletions.
43 changes: 4 additions & 39 deletions lib/src/install.rs
Original file line number Diff line number Diff line change
Expand Up @@ -232,8 +232,6 @@ pub(crate) struct State {
pub(crate) source: SourceInfo,
/// Force SELinux off in target system
pub(crate) override_disable_selinux: bool,
/// True if the skoepo on host supports containers-storage:
pub(crate) skopeo_supports_containers_storage: bool,
#[allow(dead_code)]
pub(crate) setenforce_guard: Option<crate::lsm::SetEnforceGuard>,
#[allow(dead_code)]
Expand Down Expand Up @@ -569,21 +567,14 @@ async fn initialize_ostree_root_from_self(
..Default::default()
};

let mut temporary_dir = None;
let src_imageref = if state.skopeo_supports_containers_storage {
let src_imageref = {
// We always use exactly the digest of the running image to ensure predictability.
let spec =
crate::utils::digested_pullspec(&state.source.imageref.name, &state.source.digest);
ostree_container::ImageReference {
transport: ostree_container::Transport::ContainerStorage,
name: spec,
}
} else {
let td = tempfile::tempdir_in("/var/tmp")?;
let path: &Utf8Path = td.path().try_into().unwrap();
let r = copy_to_oci(&state.source.imageref, path)?;
temporary_dir = Some(td);
r
};
let src_imageref = ostree_container::OstreeImageReference {
// There are no signatures to verify since we're fetching the already
Expand All @@ -610,8 +601,6 @@ async fn initialize_ostree_root_from_self(
println!("Installed: {target_image}");
println!(" Digest: {digest}");

drop(temporary_dir);

// Write the entry for /boot to /etc/fstab. TODO: Encourage OSes to use the karg?
// Or better bind this with the grub data.
sysroot.load(cancellable)?;
Expand Down Expand Up @@ -656,32 +645,6 @@ async fn initialize_ostree_root_from_self(
Ok(aleph)
}

#[context("Copying to oci")]
fn copy_to_oci(
src_imageref: &ostree_container::ImageReference,
dir: &Utf8Path,
) -> Result<ostree_container::ImageReference> {
tracing::debug!("Copying {src_imageref}");
let src_imageref = src_imageref.to_string();
let dest_imageref = ostree_container::ImageReference {
transport: ostree_container::Transport::OciDir,
name: dir.to_string(),
};
let dest_imageref_str = dest_imageref.to_string();
Task::new_cmd(
"Copying to temporary OCI (skopeo is too old)",
run_in_host_mountns("skopeo"),
)
.args([
"copy",
// TODO: enable this once ostree is fixed "--dest-oci-accept-uncompressed-layers",
src_imageref.as_str(),
dest_imageref_str.as_str(),
])
.run()?;
Ok(dest_imageref)
}

/// Run a command in the host mount namespace
pub(crate) fn run_in_host_mountns(cmd: &str) -> Command {
let mut c = Command::new("/proc/self/exe");
Expand Down Expand Up @@ -927,6 +890,9 @@ async fn prepare_install(

let skopeo_supports_containers_storage = skopeo_supports_containers_storage()
.context("Failed to run skopeo (it currently must be installed in the host root)")?;
if !skopeo_supports_containers_storage {
anyhow::bail!("skopeo is too old");
}

let source = SourceInfo::from_container(&container_info)?;

Expand Down Expand Up @@ -982,7 +948,6 @@ async fn prepare_install(
// combines our command line options along with some bind mounts from the host.
let state = Arc::new(State {
override_disable_selinux,
skopeo_supports_containers_storage,
setenforce_guard,
source,
config_opts,
Expand Down

0 comments on commit ef74c7c

Please sign in to comment.