From 420303b9433d081b2507202221a2e912b3509f4c Mon Sep 17 00:00:00 2001 From: Andrzej Klajnert Date: Fri, 14 Jan 2022 16:47:23 +0100 Subject: Recursively copy cert files. [NO NEW TESTS NEEDED] Signed-off-by: Andrzej Klajnert --- pkg/machine/ignition.go | 85 ++++++++++++++++++++++++++----------------------- 1 file changed, 46 insertions(+), 39 deletions(-) (limited to 'pkg/machine') diff --git a/pkg/machine/ignition.go b/pkg/machine/ignition.go index ac2cf71cf..09228553c 100644 --- a/pkg/machine/ignition.go +++ b/pkg/machine/ignition.go @@ -1,3 +1,4 @@ +//go:build amd64 || arm64 // +build amd64 arm64 package machine @@ -423,61 +424,67 @@ func getCerts(certsDir string, isDir bool) []File { files []File ) - certs, err := ioutil.ReadDir(certsDir) if isDir { - if err == nil { - for _, cert := range certs { - b, err := ioutil.ReadFile(filepath.Join(certsDir, cert.Name())) + err := filepath.Walk(certsDir, func(path string, info os.FileInfo, err error) error { + if err == nil && !info.IsDir() { + certPath, err := filepath.Rel(certsDir, path) if err != nil { - logrus.Warnf("Unable to read cert file %s", err.Error()) - continue + logrus.Warnf("%s", err) + return nil + } + + file, err := prepareCertFile(filepath.Join(certsDir, certPath), certPath) + if err == nil { + files = append(files, file) } - files = append(files, File{ - Node: Node{ - Group: getNodeGrp("root"), - Path: filepath.Join("/etc/containers/certs.d/", cert.Name()), - User: getNodeUsr("root"), - }, - FileEmbedded1: FileEmbedded1{ - Append: nil, - Contents: Resource{ - Source: encodeDataURLPtr(string(b)), - }, - Mode: intToPtr(0644), - }, - }) } - } else { + + return nil + }) + if err != nil { if !os.IsNotExist(err) { logrus.Warnf("Unable to copy certs via ignition, error while reading certs from %s: %s", certsDir, err.Error()) } } } else { fileName := filepath.Base(certsDir) - b, err := ioutil.ReadFile(certsDir) - if err != nil { - logrus.Warnf("Unable to read cert file %s", err.Error()) - return files + file, err := prepareCertFile(certsDir, fileName) + if err == nil { + files = append(files, file) } - files = append(files, File{ - Node: Node{ - Group: getNodeGrp("root"), - Path: filepath.Join("/etc/containers/certs.d/", fileName), - User: getNodeUsr("root"), - }, - FileEmbedded1: FileEmbedded1{ - Append: nil, - Contents: Resource{ - Source: encodeDataURLPtr(string(b)), - }, - Mode: intToPtr(0644), - }, - }) } return files } +func prepareCertFile(path string, name string) (File, error) { + b, err := ioutil.ReadFile(path) + if err != nil { + logrus.Warnf("Unable to read cert file %s", err.Error()) + return File{}, err + } + + targetPath := filepath.Join("/etc/containers/certs.d", name) + + logrus.Debugf("Copying cert file from '%s' to '%s'.", path, targetPath) + + file := File{ + Node: Node{ + Group: getNodeGrp("root"), + Path: targetPath, + User: getNodeUsr("root"), + }, + FileEmbedded1: FileEmbedded1{ + Append: nil, + Contents: Resource{ + Source: encodeDataURLPtr(string(b)), + }, + Mode: intToPtr(0644), + }, + } + return file, nil +} + func getProxyVariables() string { proxyOpts := "" for _, variable := range config.ProxyEnv { -- cgit v1.2.3-54-g00ecf