summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorOpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com>2022-01-15 15:55:16 +0100
committerGitHub <noreply@github.com>2022-01-15 15:55:16 +0100
commitfff9e8755c298bfe2b3b0c33c4b96ffd43a1eab6 (patch)
treec55db3da4690865235d19266e5dce713f587c600
parenta50d0837b633bf780b32a20b8d4f23ccd9521c8d (diff)
parent420303b9433d081b2507202221a2e912b3509f4c (diff)
downloadpodman-fff9e8755c298bfe2b3b0c33c4b96ffd43a1eab6.tar.gz
podman-fff9e8755c298bfe2b3b0c33c4b96ffd43a1eab6.tar.bz2
podman-fff9e8755c298bfe2b3b0c33c4b96ffd43a1eab6.zip
Merge pull request #12861 from aklajnert/recursively_copy_certs
ignition: recursively copy cert files
-rw-r--r--pkg/machine/ignition.go85
1 files changed, 46 insertions, 39 deletions
diff --git a/pkg/machine/ignition.go b/pkg/machine/ignition.go
index ac2cf71cf..09228553c 100644
--- a/pkg/machine/ignition.go
+++ b/pkg/machine/ignition.go
@@ -1,3 +1,4 @@
+//go:build amd64 || arm64
// +build amd64 arm64
package machine
@@ -423,61 +424,67 @@ func getCerts(certsDir string, isDir bool) []File {
files []File
)
- certs, err := ioutil.ReadDir(certsDir)
if isDir {
- if err == nil {
- for _, cert := range certs {
- b, err := ioutil.ReadFile(filepath.Join(certsDir, cert.Name()))
+ err := filepath.Walk(certsDir, func(path string, info os.FileInfo, err error) error {
+ if err == nil && !info.IsDir() {
+ certPath, err := filepath.Rel(certsDir, path)
if err != nil {
- logrus.Warnf("Unable to read cert file %s", err.Error())
- continue
+ logrus.Warnf("%s", err)
+ return nil
+ }
+
+ file, err := prepareCertFile(filepath.Join(certsDir, certPath), certPath)
+ if err == nil {
+ files = append(files, file)
}
- files = append(files, File{
- Node: Node{
- Group: getNodeGrp("root"),
- Path: filepath.Join("/etc/containers/certs.d/", cert.Name()),
- User: getNodeUsr("root"),
- },
- FileEmbedded1: FileEmbedded1{
- Append: nil,
- Contents: Resource{
- Source: encodeDataURLPtr(string(b)),
- },
- Mode: intToPtr(0644),
- },
- })
}
- } else {
+
+ return nil
+ })
+ if err != nil {
if !os.IsNotExist(err) {
logrus.Warnf("Unable to copy certs via ignition, error while reading certs from %s: %s", certsDir, err.Error())
}
}
} else {
fileName := filepath.Base(certsDir)
- b, err := ioutil.ReadFile(certsDir)
- if err != nil {
- logrus.Warnf("Unable to read cert file %s", err.Error())
- return files
+ file, err := prepareCertFile(certsDir, fileName)
+ if err == nil {
+ files = append(files, file)
}
- files = append(files, File{
- Node: Node{
- Group: getNodeGrp("root"),
- Path: filepath.Join("/etc/containers/certs.d/", fileName),
- User: getNodeUsr("root"),
- },
- FileEmbedded1: FileEmbedded1{
- Append: nil,
- Contents: Resource{
- Source: encodeDataURLPtr(string(b)),
- },
- Mode: intToPtr(0644),
- },
- })
}
return files
}
+func prepareCertFile(path string, name string) (File, error) {
+ b, err := ioutil.ReadFile(path)
+ if err != nil {
+ logrus.Warnf("Unable to read cert file %s", err.Error())
+ return File{}, err
+ }
+
+ targetPath := filepath.Join("/etc/containers/certs.d", name)
+
+ logrus.Debugf("Copying cert file from '%s' to '%s'.", path, targetPath)
+
+ file := File{
+ Node: Node{
+ Group: getNodeGrp("root"),
+ Path: targetPath,
+ User: getNodeUsr("root"),
+ },
+ FileEmbedded1: FileEmbedded1{
+ Append: nil,
+ Contents: Resource{
+ Source: encodeDataURLPtr(string(b)),
+ },
+ Mode: intToPtr(0644),
+ },
+ }
+ return file, nil
+}
+
func getProxyVariables() string {
proxyOpts := ""
for _, variable := range config.ProxyEnv {