From 8235be620444ef85d4c3ced4f82d00a7e152a8b2 Mon Sep 17 00:00:00 2001 From: Vadim Zharov Date: Tue, 29 Oct 2024 00:30:51 +0100 Subject: [PATCH] Adjustments to make 4.5.5 work with multiple CAs --- Earthfile | 7 +++++-- earthly-entrypoint.sh | 4 ++-- earthly.sh | 6 +++--- 3 files changed, 10 insertions(+), 7 deletions(-) diff --git a/Earthfile b/Earthfile index 59f2260..089fe9a 100644 --- a/Earthfile +++ b/Earthfile @@ -33,6 +33,7 @@ ARG RKE2_PROVIDER_VERSION=v4.5.0 ARG NODEADM_PROVIDER_VERSION=v4.5.0 # Variables used in the builds. Update for ADVANCED use cases only. Modify in .arg file or via CLI arguments. +ARG SPECTRO_THIRD_PARTY_IMAGE=$SPECTRO_THIRD_PARTY_IMAGE ARG OS_DISTRIBUTION ARG OS_VERSION ARG K8S_VERSION @@ -230,7 +231,7 @@ kairos-agent: install-k8s: FROM --platform=linux/${ARCH} $ALPINE_IMG - DO +BASE_ALPINE +# DO +BASE_ALPINE COPY (+third-party/luet --binary=luet) /usr/bin/luet IF [ "$K8S_DISTRIBUTION" = "kubeadm" ] || [ "$K8S_DISTRIBUTION" = "kubeadm-fips" ] || [ "$K8S_DISTRIBUTION" = "nodeadm" ] @@ -856,8 +857,10 @@ OS_RELEASE: download-third-party: ARG TARGETPLATFORM + ARG SPECTRO_THIRD_PARTY_IMAGE_PATH=${SPECTRO_THIRD_PARTY_IMAGE} ARG binary - FROM --platform=$TARGETPLATFORM gcr.io/spectro-images-public/builders/spectro-third-party:${BUILDER_3RDPARTY_VERSION} + #FROM --platform=$TARGETPLATFORM gcr.io/spectro-images-public/builders/spectro-third-party:${BUILDER_3RDPARTY_VERSION} + FROM --platform=$TARGETPLATFORM ${SPECTRO_THIRD_PARTY_IMAGE_PATH}:${BUILDER_3RDPARTY_VERSION} #FROM --platform=$TARGETPLATFORM $SPECTRO_PUB_REPO/builders/spectro-third-party:${BUILDER_3RDPARTY_VERSION} ARG TARGETARCH SAVE ARTIFACT /binaries/${binary}/latest/$BIN_TYPE/$TARGETARCH/${binary} ${binary} diff --git a/earthly-entrypoint.sh b/earthly-entrypoint.sh index 96412c2..54c2dc9 100755 --- a/earthly-entrypoint.sh +++ b/earthly-entrypoint.sh @@ -1,8 +1,8 @@ #!/bin/sh # uncomment the line below to enable debug mode set -ex -cp /workspace/sc.crt /usr/local/share/ca-certificates/sc.crt -update-ca-certificates +#cp /workspace/sc.crt /usr/local/share/ca-certificates/sc.crt +#update-ca-certificates # reference: https://github.com/earthly/earthly/blob/main/earthly-entrypoint.sh EARTHLY_DEBUG=${EARTHLY_DEBUG:-false} diff --git a/earthly.sh b/earthly.sh index ee9f415..833ab82 100755 --- a/earthly.sh +++ b/earthly.sh @@ -25,13 +25,13 @@ function build_with_proxy() { -e NO_PROXY=$NO_PROXY \ -e no_proxy=$NO_PROXY \ -e EARTHLY_GIT_CONFIG=$gitconfig \ - -v "$PROXY_CERT_PATH:/usr/local/share/ca-certificates/sc.crt:ro" \ + -v "$PROXY_CERT_PATH:/usr/local/share/ca-certificates:ro" \ -v earthly-tmp:/tmp/earthly:rw \ -p 8372:8372 \ $SPECTRO_PUB_REPO/third-party/edge/earthly/buildkitd:$EARTHLY_VERSION # Update the CA certificates in the container docker exec -it earthly-buildkitd update-ca-certificates - + docker exec -it earthly-buildkitd cat /etc/ssl/certs/ca-certificates.crt > ca-certificates-bundle.crt # Run Earthly in Docker to create artifacts Variables are passed from the .arg file docker run --privileged \ -v ~/.docker/config.json:/root/.docker/config.json \ @@ -47,7 +47,7 @@ function build_with_proxy() { -e NO_PROXY=$NO_PROXY \ -e no_proxy=$NO_PROXY \ -v "$(pwd)":/workspace \ - -v "$PROXY_CERT_PATH:/workspace/sc.crt:ro" \ + -v ${PWD}/ca-certificates-bundle.crt:/etc/ssl/certs/ca-certificates.crt \ --entrypoint /workspace/earthly-entrypoint.sh \ $SPECTRO_PUB_REPO/third-party/edge/earthly/earthly:$EARTHLY_VERSION --allow-privileged "$@" }