| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Make sure we have permissions to restore file extended attributes.
[1] ... all processes have read access to extended security attributes,
and write access is limited to processes that have the CAP_SYS_ADMIN
capability.
[2] The file owner and processes capable of CAP_FOWNER are granted the
right to modify ACLs of a file. This is analogous to the permissions
required for accessing the file mode. (On current Linux systems, root
is the only user with the CAP_FOWNER capability.)
[1] https://linux.die.net/man/5/attr
[2] https://linux.die.net/man/1/setfacl
Signed-off-by: Radostin Stoyanov <rstoyanov1@gmail.com>
|
| |
|
|
|
|
|
| |
Preserve extended file attributes of extracted rootfs as described in
https://github.com/opencontainers/image-spec/blob/master/layer.md
Signed-off-by: Radostin Stoyanov <rstoyanov1@gmail.com>
|
| |
|
|
|
|
|
| |
The `skopeo copy` command has changed it's behaviour to keep only a files for
single container image per directory. To get around this and keep cache of
downloaded images is used temporary destination directory for 'skopeo copy'
and image files are then moved in the cache folder.
|
| |
|
|
|
| |
Show appropriate error message when the python bindings for
libguestfs are not installed.
|
| |
|
|
|
| |
Add utility function to check whether an executable is available in
the PATH env variable.
|
| |
|
|
|
|
| |
Since python3 strings are already Unicode-capable, there have no
decode() function. Libguestfs content strings can be either python 2
or 3 strings, only decode them to utf-8 for python2.
|
| |
|
|
|
|
|
|
|
| |
The current code was trying to save time by adding all drives to the
guestfs handle and launch the instance from it. However, this doesn't
fly since backing chain images would be used more than once.
To bad for performance, but sticking to one layer per guestfs launch
is safer and gets the tests to the pass.
|
| | |
|
| |
|
|
|
|
| |
These documentation can be seen using:
$ pydoc virtBootstrap
|
| |
|
|
|
|
|
|
|
| |
The default source code encoding in Python2.* is ASCII (PEP 263 [1])
and in Python3.* is UTF-8 (PEP 3120 [2]). Define the encoding on top
of each file for consistency.
[1] https://www.python.org/dev/peps/pep-0263/
[2] https://www.python.org/dev/peps/pep-3120/
|
| |
|
|
|
| |
Allow the user to specify path for temporary directory used by
virt-bootstrap using the `VIRTBOOTSTRAP_TMPDIR` environment variable.
|
| |
|
|
|
|
|
|
| |
Use the python bindings of libguestfs to create additional qcow2 image
which has as backing file the last layer (layer-0.qcow2 for FileSource)
and insert hashed value of given root password in the /etc/shadow file.
Note: This additional qcow2 image is also used to apply UID/GID map.
|
| |
|
|
|
|
|
|
|
|
|
| |
Apply ownership mapping in qcow2 images using libguestfs python
bindings. To make this solution more general we introduce function
guestfs_walk() which will return the root file system tree of disk
image along with UID/GID values.
These changes are applied in additional qcow2 disk image using the
last layer as backing file. For FileSource this is layer-1.qcow2
with backing file layer-0.qcow2.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Use the python bindings of libguestfs to create qcow2 image with
backing chains to mimic the layers of container image.
This commit also changes the behavior of FileSource when 'qcow2'
output format is used. Now the string layer-0.qcow2 will be used
as name of the output file.
This change is applied in the test suite as an update to the function
get_image_path().
|
| | |
|
| |
|
|
|
| |
Make the code for setting password hash in the content of shadow file
reusable and hence can be used with qcow2 output format.
|
| |
|
|
|
|
| |
Split the function mapping_uid_gid in two parts so that the code which
makes both lists map_uid and map_gid with equal length can be
reused.
|
| |
|
|
|
| |
Move the functions implementing UID/GID mapping in the utils module
and hence they can be reused with qcow2 output format.
|
| |
|
|
|
| |
Take out the code for getting compression type of tarball
in separate function.
|
| |
|
|
|
|
|
| |
Docker registry with Manifest v1 does not require the size of layers to
be included. However, when this information is not provided we can use
os.path.getsize() to get and show the size of tarball. We can also
use this function for FileSource to provide consistent output messages.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The current implementation store in one list:
- checksum
- checksum type
- file path
- file size
However, the information about checksum and checksum type is only used
to verify the content of tarball before it is being extracted. Splitting
these into separate lists would allow us to reuse the function
untar_layers() with FileSource.
|
| |
|
|
|
| |
This aims to fix the warning of Python3:
ResourceWarning: unclosed file <_io.BufferedReader name=3>
|
| |
|
|
|
|
| |
Specify unique name when creating Libvirt domain with virt-sandbox.
Otherwise the default name "sandbox" will be used and this might result
in collision with another instance of virt-bootstrap.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add "--overwrite" to enforce the overwrite of existing files.
Add the flag "--absolute-names" to disable the strip of leading '/'s
This is used to get around the error "Cannot open:Permission denied"
which occurs when the qemu driver is used by virt-sandbox. It is used
for unprivileged users to create isolated environment in which tar is
executed to extract the content from container image layers.
In particular this error occurs when the tar archive contains symbolic
link which has target path starting with '/'.
Steps to reproduce:
$ mkdir /tmp/foo
$ cd /tmp/foo
$ touch file
$ ln -s /tmp/foo/file link
$ tar -cf archive.tar link
$ mkdir /tmp/foo/dest
$ virt-sandbox -c qemu:///session \
-m host-bind:/mnt=/tmp/foo/dest \
-- /bin/tar xf /tmp/foo/archive.tar -C /mnt
Error message:
tar: link: Cannot open: Permission denied
tar: Exiting with failure status due to previous errors
|
| |
|
|
|
| |
Reduce the number of import statements and improve readability.
Update the unit tests to match these changes.
|
| | |
|
| |
|
|
|
| |
For containers bootstrapped in qcow2 format use the tool 'virt-edit'
to insert the hashed root password in the shadow file of the last layer
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
These changes aim to avoid the requirement for root privileges when
setting the password of root user on root file system.
The "-R, --root" flag of chpasswd is using chroot to apply changes in
root file system and this requires root privileges. [1]
Instead compute hash of the root password using passlib [2] and insert
the value in the /etc/shadow file in the rootfs.
[1] https://en.wikipedia.org/wiki/Chroot#Limitations
[2] http://passlib.readthedocs.io/en/stable/lib/passlib.hosts.html
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Handle differences between version 1 and 2 of the Manifest file for
Docker registry.
Layers' blob sums in v1 are stored in a list "fsLayers" and the digest
is stored in following filed with name "blobSum". [1]
In v2 the layer list is stored in field with name "layers" and
ordered starting from the base image (opposite order of v1). The digest
is stored under a following field with name "digest". The size in bytes
is included in a field with name "size". [2]
[1] https://docs.docker.com/registry/spec/manifest-v2-1/#manifest-field-descriptions
[2] https://docs.docker.com/registry/spec/manifest-v2-2/#image-manifest-field-descriptions
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Encoded Unicode in Python 3 is represented as binary data. The
difference with Python2 is that any attempt to mix text and data in
Python 3.0 raises TypeError, whereas if you were to mix Unicode and
8-bit strings in Python 2.x, it would work if the 8-bit string happened
to contain only 7-bit (ASCII) bytes, but you would get
UnicodeDecodeError if it contained non-ASCII values.
Reference:
https://docs.python.org/release/3.0.1/whatsnew/3.0.html#text-vs-data-instead-of-unicode-vs-8-bit
Example:
Python 2:
>>> b'foo.bar'.split('.')
['foo', 'bar']
Python 3:
>>> b'foo.bar'.split('.')
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
TypeError: a bytes-like object is required, not 'str'
>>> b'foo.bar'.split(b'.')
[b'foo', b'bar']
|
| |
|
|
|
| |
Remove traling space which occurs when the number is
smaller than kibibyte.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
When converting 0 KB with string input the result will be string
with zeroes.
>>> print(size_to_bytes('0', 'KB'))
000000...
Instead convert the string input to integer and then perform the conversion.
Rename the variable from "string" to "number" to avoid confusion.
|
| |
|
|
| |
rename the function to match its counterpart size_to_bytes().
|
|
|
Add new module to collect utility functions used in virt-bootstrap.
Move the function definitions from "sources" and "virt_bootstrap" to
the new module.
|
