From 3f423468df420a9f6f55852e4a17967fdab2b481 Mon Sep 17 00:00:00 2001 From: "Jonathan A. Sternberg" Date: Fri, 20 Oct 2023 13:37:06 -0500 Subject: [PATCH] driver: docker-container driver uses --config correctly in rootless mode The `docker-container` driver relies on the default config file location for buildkit when writing the configuration file. When run in a rootless version of docker (dind), the default location is different. Instead of trying to figure out where the appropriate default location is, this just writes the files to the same location and sets the `--config` parameter explicitly. This flag is placed first so a user-specified config option in `--buildkitd-flags` will take precedence over the implicit config parameter. This also fixes the `--config` option with the rootless image. Previously, the config directory was being copied in a way that rendered `/etc` unreadable and the configuration file wasn't readable either. It also wasn't copied to the correct place. Now, `--config` is used to specify the directory, `/etc` isn't included in the copied archive (so the permissions aren't overwritten), and the directory is set as world readable to be readable from the rootless buildkit process`. Signed-off-by: Jonathan A. Sternberg --- driver/docker-container/driver.go | 38 +++++++++++++++++++++++-------- 1 file changed, 29 insertions(+), 9 deletions(-) diff --git a/driver/docker-container/driver.go b/driver/docker-container/driver.go index c3921e37322..7f833a6ce66 100644 --- a/driver/docker-container/driver.go +++ b/driver/docker-container/driver.go @@ -33,7 +33,8 @@ import ( ) const ( - volumeStateSuffix = "_state" + volumeStateSuffix = "_state" + buildkitdConfigFile = "buildkitd.toml" ) type Driver struct { @@ -114,9 +115,7 @@ func (d *Driver) create(ctx context.Context, l progress.SubLogger) error { Image: imageName, Env: d.env, } - if d.InitConfig.BuildkitFlags != nil { - cfg.Cmd = d.InitConfig.BuildkitFlags - } + cfg.Cmd = getBuildkitFlags(d.InitConfig) useInit := true // let it cleanup exited processes created by BuildKit's container API if err := l.Wrap("creating container "+d.Name, func() error { @@ -259,7 +258,9 @@ func (d *Driver) copyToContainer(ctx context.Context, files map[string][]byte) e return err } defer srcArchive.Close() - return d.DockerAPI.CopyToContainer(ctx, d.Name, "/", srcArchive, dockertypes.CopyToContainerOptions{}) + + baseDir := path.Dir(confutil.DefaultBuildKitConfigDir) + return d.DockerAPI.CopyToContainer(ctx, d.Name, baseDir, srcArchive, dockertypes.CopyToContainerOptions{}) } func (d *Driver) exec(ctx context.Context, cmd []string) (string, net.Conn, error) { @@ -475,15 +476,34 @@ func writeConfigFiles(m map[string][]byte) (_ string, err error) { os.RemoveAll(tmpDir) } }() + configDir := filepath.Base(confutil.DefaultBuildKitConfigDir) for f, dt := range m { - f = path.Join(confutil.DefaultBuildKitConfigDir, f) - p := filepath.Join(tmpDir, f) - if err := os.MkdirAll(filepath.Dir(p), 0700); err != nil { + p := filepath.Join(tmpDir, configDir, f) + if err := os.MkdirAll(filepath.Dir(p), 0755); err != nil { return "", err } - if err := os.WriteFile(p, dt, 0600); err != nil { + if err := os.WriteFile(p, dt, 0644); err != nil { return "", err } } return tmpDir, nil } + +func getBuildkitFlags(initConfig driver.InitConfig) []string { + flags := initConfig.BuildkitFlags + if _, ok := initConfig.Files[buildkitdConfigFile]; ok { + // There's no way for us to determine the appropriate default configuration + // path and the default path can vary depending on if the image is normal + // or rootless. + // + // In order to ensure that --config works, copy to a specific path and + // specify the location. + // + // This should be appended before the user-specified arguments + // so that this option could be overwritten by the user. + newFlags := make([]string, 0, len(flags)+2) + newFlags = append(newFlags, "--config", path.Join("/etc/buildkit", buildkitdConfigFile)) + flags = append(newFlags, flags...) + } + return flags +}