From 4f108585ad79fd4d78bb3817b18798d602eac95a Mon Sep 17 00:00:00 2001 From: Jimmi Dyson Date: Wed, 15 Dec 2021 14:47:50 +0000 Subject: [PATCH] fix: Embed default policy in binary (#8) --- skopeo/default-policy.json | 14 ++++++++++++++ skopeo/skopeo.go | 14 ++++++++++++-- 2 files changed, 26 insertions(+), 2 deletions(-) create mode 100644 skopeo/default-policy.json diff --git a/skopeo/default-policy.json b/skopeo/default-policy.json new file mode 100644 index 00000000..2a7b5563 --- /dev/null +++ b/skopeo/default-policy.json @@ -0,0 +1,14 @@ +{ + "default": [ + { + "type": "insecureAcceptAnything" + } + ], + "transports": + { + "docker-daemon": + { + "": [{"type":"insecureAcceptAnything"}] + } + } +} diff --git a/skopeo/skopeo.go b/skopeo/skopeo.go index 32cf7346..481084fb 100644 --- a/skopeo/skopeo.go +++ b/skopeo/skopeo.go @@ -17,6 +17,7 @@ package skopeo import ( "bytes" "context" + _ "embed" "encoding/json" "fmt" "io" @@ -31,6 +32,9 @@ import ( "k8s.io/klog/v2" ) +//go:embed default-policy.json +var defaultSkopeoPolicy []byte + type SkopeoOption func() string func DisableSrcTLSVerify() SkopeoOption { @@ -94,8 +98,9 @@ func DestCredentials(username, password string) SkopeoOption { } type Runner struct { - unpacked sync.Once - unpackedSkopeoPath string + unpacked sync.Once + unpackedSkopeoPath string + unpackedSkopeoPolicyPath string } type CleanupFunc func() error @@ -117,11 +122,16 @@ func (r *Runner) mustUnpack() { if err = os.WriteFile(r.unpackedSkopeoPath, skopeoBinary, 0700); err != nil { panic(err) } + r.unpackedSkopeoPolicyPath = filepath.Join(tempDir, "policy.json") + if err = os.WriteFile(r.unpackedSkopeoPolicyPath, defaultSkopeoPolicy, 0400); err != nil { + panic(err) + } } func (r *Runner) Copy(ctx context.Context, src, dest string, opts ...SkopeoOption) ([]byte, error) { copyArgs := []string{ "copy", + "--policy", r.unpackedSkopeoPolicyPath, "--preserve-digests", src, dest,