From 54b5d4362cc81f94058276ea5ffc29b59fbfe54b Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Tue, 7 Jun 2022 15:24:43 -0400 Subject: [PATCH 1/2] schema: Add entry for baseos-container For now, we need to support having the new format oscontainer in `meta.json`. Part of https://github.com/coreos/coreos-assembler/issues/2685 And see https://github.com/coreos/coreos-assembler/issues/2685#issuecomment-1149050545 in particular. --- .../coreos-assembler-schema/cosa/cosa_v1.go | 7 ++++++- .../coreos-assembler-schema/cosa/schema_doc.go | 18 +++++++++++++++++- .../coreos-assembler-schema/cosa/cosa_v1.go | 7 ++++++- .../coreos-assembler-schema/cosa/schema_doc.go | 18 +++++++++++++++++- schema/cosa/cosa_v1.go | 7 ++++++- schema/cosa/schema_doc.go | 18 +++++++++++++++++- schema/v1.json | 16 ++++++++++++++++ src/v1.json | 16 ++++++++++++++++ 8 files changed, 101 insertions(+), 6 deletions(-) diff --git a/gangplank/vendor/github.com/coreos/coreos-assembler-schema/cosa/cosa_v1.go b/gangplank/vendor/github.com/coreos/coreos-assembler-schema/cosa/cosa_v1.go index 6b1acdc47f..20d4711b95 100644 --- a/gangplank/vendor/github.com/coreos/coreos-assembler-schema/cosa/cosa_v1.go +++ b/gangplank/vendor/github.com/coreos/coreos-assembler-schema/cosa/cosa_v1.go @@ -1,7 +1,7 @@ package cosa // generated by 'make schema' -// source hash: be093d10a3ebf57e28907a5676a88928631bb09eee602dff89f381ddd1ca8f5e +// source hash: ec49fcff4b25566b5f515909fd5fcc22a51c169449e8a6f50390551f7bf97506 type AdvisoryDiff []AdvisoryDiffItems @@ -27,6 +27,10 @@ type Artifact struct { UncompressedSize int `json:"uncompressed-size,omitempty"` } +type BaseOsContainer struct { + Image string `json:"image"` +} + type Build struct { AdvisoryDiffAgainstParent AdvisoryDiff `json:"parent-advisories-diff,omitempty"` AdvisoryDiffBetweenBuilds AdvisoryDiff `json:"advisories-diff,omitempty"` @@ -34,6 +38,7 @@ type Build struct { Amis []Amis `json:"amis,omitempty"` Architecture string `json:"coreos-assembler.basearch,omitempty"` Azure *Cloudartifact `json:"azure,omitempty"` + BaseOsContainer *BaseOsContainer `json:"base-oscontainer,omitempty"` BuildArtifacts *BuildArtifacts `json:"images,omitempty"` BuildID string `json:"buildid"` BuildRef string `json:"ref,omitempty"` diff --git a/gangplank/vendor/github.com/coreos/coreos-assembler-schema/cosa/schema_doc.go b/gangplank/vendor/github.com/coreos/coreos-assembler-schema/cosa/schema_doc.go index a66bede19d..8c5da42847 100644 --- a/gangplank/vendor/github.com/coreos/coreos-assembler-schema/cosa/schema_doc.go +++ b/gangplank/vendor/github.com/coreos/coreos-assembler-schema/cosa/schema_doc.go @@ -1,5 +1,5 @@ // Generated by ./generate-schema.sh -// Source hash: be093d10a3ebf57e28907a5676a88928631bb09eee602dff89f381ddd1ca8f5e +// Source hash: ec49fcff4b25566b5f515909fd5fcc22a51c169449e8a6f50390551f7bf97506 // DO NOT EDIT package cosa @@ -211,6 +211,7 @@ var generatedSchemaJSON = `{ "amis", "azure", "azurestack", + "base-oscontainer", "build-url", "digitalocean", "exoscale", @@ -842,6 +843,21 @@ var generatedSchemaJSON = `{ "title":"Azure", "$ref": "#/definitions/cloudartifact" }, + "base-oscontainer": { + "$id":"#/properties/base-oscontainer", + "type":"object", + "title":"Base OS container", + "required": [ + "image" + ], + "properties": { + "image": { + "$id":"#/properties/base-oscontainer/image", + "type":"string", + "title":"Image" + } + } + }, "gcp": { "$id":"#/properties/gcp", "type":"object", diff --git a/mantle/vendor/github.com/coreos/coreos-assembler-schema/cosa/cosa_v1.go b/mantle/vendor/github.com/coreos/coreos-assembler-schema/cosa/cosa_v1.go index 6b1acdc47f..20d4711b95 100644 --- a/mantle/vendor/github.com/coreos/coreos-assembler-schema/cosa/cosa_v1.go +++ b/mantle/vendor/github.com/coreos/coreos-assembler-schema/cosa/cosa_v1.go @@ -1,7 +1,7 @@ package cosa // generated by 'make schema' -// source hash: be093d10a3ebf57e28907a5676a88928631bb09eee602dff89f381ddd1ca8f5e +// source hash: ec49fcff4b25566b5f515909fd5fcc22a51c169449e8a6f50390551f7bf97506 type AdvisoryDiff []AdvisoryDiffItems @@ -27,6 +27,10 @@ type Artifact struct { UncompressedSize int `json:"uncompressed-size,omitempty"` } +type BaseOsContainer struct { + Image string `json:"image"` +} + type Build struct { AdvisoryDiffAgainstParent AdvisoryDiff `json:"parent-advisories-diff,omitempty"` AdvisoryDiffBetweenBuilds AdvisoryDiff `json:"advisories-diff,omitempty"` @@ -34,6 +38,7 @@ type Build struct { Amis []Amis `json:"amis,omitempty"` Architecture string `json:"coreos-assembler.basearch,omitempty"` Azure *Cloudartifact `json:"azure,omitempty"` + BaseOsContainer *BaseOsContainer `json:"base-oscontainer,omitempty"` BuildArtifacts *BuildArtifacts `json:"images,omitempty"` BuildID string `json:"buildid"` BuildRef string `json:"ref,omitempty"` diff --git a/mantle/vendor/github.com/coreos/coreos-assembler-schema/cosa/schema_doc.go b/mantle/vendor/github.com/coreos/coreos-assembler-schema/cosa/schema_doc.go index a66bede19d..8c5da42847 100644 --- a/mantle/vendor/github.com/coreos/coreos-assembler-schema/cosa/schema_doc.go +++ b/mantle/vendor/github.com/coreos/coreos-assembler-schema/cosa/schema_doc.go @@ -1,5 +1,5 @@ // Generated by ./generate-schema.sh -// Source hash: be093d10a3ebf57e28907a5676a88928631bb09eee602dff89f381ddd1ca8f5e +// Source hash: ec49fcff4b25566b5f515909fd5fcc22a51c169449e8a6f50390551f7bf97506 // DO NOT EDIT package cosa @@ -211,6 +211,7 @@ var generatedSchemaJSON = `{ "amis", "azure", "azurestack", + "base-oscontainer", "build-url", "digitalocean", "exoscale", @@ -842,6 +843,21 @@ var generatedSchemaJSON = `{ "title":"Azure", "$ref": "#/definitions/cloudartifact" }, + "base-oscontainer": { + "$id":"#/properties/base-oscontainer", + "type":"object", + "title":"Base OS container", + "required": [ + "image" + ], + "properties": { + "image": { + "$id":"#/properties/base-oscontainer/image", + "type":"string", + "title":"Image" + } + } + }, "gcp": { "$id":"#/properties/gcp", "type":"object", diff --git a/schema/cosa/cosa_v1.go b/schema/cosa/cosa_v1.go index 6b1acdc47f..20d4711b95 100644 --- a/schema/cosa/cosa_v1.go +++ b/schema/cosa/cosa_v1.go @@ -1,7 +1,7 @@ package cosa // generated by 'make schema' -// source hash: be093d10a3ebf57e28907a5676a88928631bb09eee602dff89f381ddd1ca8f5e +// source hash: ec49fcff4b25566b5f515909fd5fcc22a51c169449e8a6f50390551f7bf97506 type AdvisoryDiff []AdvisoryDiffItems @@ -27,6 +27,10 @@ type Artifact struct { UncompressedSize int `json:"uncompressed-size,omitempty"` } +type BaseOsContainer struct { + Image string `json:"image"` +} + type Build struct { AdvisoryDiffAgainstParent AdvisoryDiff `json:"parent-advisories-diff,omitempty"` AdvisoryDiffBetweenBuilds AdvisoryDiff `json:"advisories-diff,omitempty"` @@ -34,6 +38,7 @@ type Build struct { Amis []Amis `json:"amis,omitempty"` Architecture string `json:"coreos-assembler.basearch,omitempty"` Azure *Cloudartifact `json:"azure,omitempty"` + BaseOsContainer *BaseOsContainer `json:"base-oscontainer,omitempty"` BuildArtifacts *BuildArtifacts `json:"images,omitempty"` BuildID string `json:"buildid"` BuildRef string `json:"ref,omitempty"` diff --git a/schema/cosa/schema_doc.go b/schema/cosa/schema_doc.go index a66bede19d..8c5da42847 100644 --- a/schema/cosa/schema_doc.go +++ b/schema/cosa/schema_doc.go @@ -1,5 +1,5 @@ // Generated by ./generate-schema.sh -// Source hash: be093d10a3ebf57e28907a5676a88928631bb09eee602dff89f381ddd1ca8f5e +// Source hash: ec49fcff4b25566b5f515909fd5fcc22a51c169449e8a6f50390551f7bf97506 // DO NOT EDIT package cosa @@ -211,6 +211,7 @@ var generatedSchemaJSON = `{ "amis", "azure", "azurestack", + "base-oscontainer", "build-url", "digitalocean", "exoscale", @@ -842,6 +843,21 @@ var generatedSchemaJSON = `{ "title":"Azure", "$ref": "#/definitions/cloudartifact" }, + "base-oscontainer": { + "$id":"#/properties/base-oscontainer", + "type":"object", + "title":"Base OS container", + "required": [ + "image" + ], + "properties": { + "image": { + "$id":"#/properties/base-oscontainer/image", + "type":"string", + "title":"Image" + } + } + }, "gcp": { "$id":"#/properties/gcp", "type":"object", diff --git a/schema/v1.json b/schema/v1.json index a8b7d6ad3b..ec790fc667 100644 --- a/schema/v1.json +++ b/schema/v1.json @@ -205,6 +205,7 @@ "amis", "azure", "azurestack", + "base-oscontainer", "build-url", "digitalocean", "exoscale", @@ -836,6 +837,21 @@ "title":"Azure", "$ref": "#/definitions/cloudartifact" }, + "base-oscontainer": { + "$id":"#/properties/base-oscontainer", + "type":"object", + "title":"Base OS container", + "required": [ + "image" + ], + "properties": { + "image": { + "$id":"#/properties/base-oscontainer/image", + "type":"string", + "title":"Image" + } + } + }, "gcp": { "$id":"#/properties/gcp", "type":"object", diff --git a/src/v1.json b/src/v1.json index a8b7d6ad3b..ec790fc667 100644 --- a/src/v1.json +++ b/src/v1.json @@ -205,6 +205,7 @@ "amis", "azure", "azurestack", + "base-oscontainer", "build-url", "digitalocean", "exoscale", @@ -836,6 +837,21 @@ "title":"Azure", "$ref": "#/definitions/cloudartifact" }, + "base-oscontainer": { + "$id":"#/properties/base-oscontainer", + "type":"object", + "title":"Base OS container", + "required": [ + "image" + ], + "properties": { + "image": { + "$id":"#/properties/base-oscontainer/image", + "type":"string", + "title":"Image" + } + } + }, "gcp": { "$id":"#/properties/gcp", "type":"object", From 4a979eb635cb53f6e8fcd34c3d3993a6262de3c9 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Tue, 7 Jun 2022 16:07:31 -0400 Subject: [PATCH 2/2] push-container: Also inject `baseos-container` into `meta.json` While I am trying to actively sever the dependence of the base container image build on `meta.json`, there's no reason not to inject it into `meta.json` in this flow too because the build system already requires it. --- src/cmd-push-container | 26 ++++++++++++++++++++------ 1 file changed, 20 insertions(+), 6 deletions(-) diff --git a/src/cmd-push-container b/src/cmd-push-container index 013a6925bb..9aa85a6998 100755 --- a/src/cmd-push-container +++ b/src/cmd-push-container @@ -7,6 +7,8 @@ import argparse import json import os +import tempfile +import shutil import subprocess import sys @@ -44,11 +46,23 @@ if args.authfile is not None: skopeoargs.extend(['--authfile', args.authfile]) if args.format is not None: skopeoargs.extend(['--format', args.format]) -container_name = args.name -if ":" not in container_name: - container_name = f"{container_name}:{latest_build}-{arch}" +container_name = container_name_and_tag = args.name if args.base_image_name: container_name = f"{container_name}-base-image" -skopeoargs.extend([f"oci-archive:{ociarchive}", f"docker://{container_name}"]) -print(subprocess.list2cmdline(skopeoargs)) -os.execvp('skopeo', skopeoargs) +if ":" not in container_name_and_tag: + container_name_and_tag = f"{container_name}:{latest_build}-{arch}" +if ":" in container_name: + container_name = container_name.rsplit(':')[0] +with tempfile.NamedTemporaryFile(dir='tmp', prefix='push-container-digestfile') as df: + skopeoargs.append(f"--digestfile={df.name}") + skopeoargs.extend([f"oci-archive:{ociarchive}", f"docker://{container_name}"]) + print(subprocess.list2cmdline(skopeoargs)) + subprocess.check_call(skopeoargs) + df.seek(0) + digest = df.read().decode('utf-8').strip() + # Inject the oscontainer with SHA256 into the build metadata + meta['base-oscontainer'] = {'image': f"{container_name}@{digest}"} + metapath_new = f"{metapath}.new" + with open(metapath_new, 'w') as f: + json.dump(meta, f, sort_keys=True) + shutil.move(metapath_new, metapath)