fixed: enable --skip-tls-verify during the build phase

sealerio · Sep 7, 2024 · f4f67be · f4f67be
1 parent f4f89c5
commit f4f67be
Show file tree

Hide file tree

Showing 4 changed files with 25 additions and 21 deletions.
diff --git a/build/kubefile/parser/kubefile.go b/build/kubefile/parser/kubefile.go
@@ -87,17 +87,17 @@ type KubefileParser struct {
 	imageEngine  imageengine.Interface
 }
 
-func (kp *KubefileParser) ParseKubefile(rwc io.Reader) (*KubefileResult, error) {
+func (kp *KubefileParser) ParseKubefile(rwc io.Reader, skipTLSVerify bool) (*KubefileResult, error) {
 	result, err := parse(rwc)
 	if err != nil {
 		return nil, fmt.Errorf("failed to parse dockerfile: %v", err)
 	}
 
 	mainNode := result.AST
-	return kp.generateResult(mainNode)
+	return kp.generateResult(mainNode, skipTLSVerify)
 }
 
-func (kp *KubefileParser) generateResult(mainNode *Node) (*KubefileResult, error) {
+func (kp *KubefileParser) generateResult(mainNode *Node, skipTLSVerify bool) (*KubefileResult, error) {
 	var (
 		result = &KubefileResult{
 			Applications: map[string]version.VersionedApplication{},
@@ -141,7 +141,7 @@ func (kp *KubefileParser) generateResult(mainNode *Node) (*KubefileResult, error
 		case command.From:
 			// process FROM aims to pull the image, and merge the applications from
 			// the FROM image.
-			if err = kp.processFrom(node, result); err != nil {
+			if err = kp.processFrom(node, result, skipTLSVerify); err != nil {
 				return nil, fmt.Errorf("failed to process from: %v", err)
 			}
 		case command.Launch:
@@ -429,7 +429,7 @@ func (kp *KubefileParser) processLaunch(node *Node, result *KubefileResult) erro
 	return nil
 }
 
-func (kp *KubefileParser) processFrom(node *Node, result *KubefileResult) error {
+func (kp *KubefileParser) processFrom(node *Node, result *KubefileResult, skipTLSVerify bool) error {
 	var (
 		platform  = parse2.DefaultPlatform()
 		flags     = node.Flags
@@ -455,9 +455,10 @@ func (kp *KubefileParser) processFrom(node *Node, result *KubefileResult) error
 	}
 
 	id, err := kp.imageEngine.Pull(&options.PullOptions{
-		PullPolicy: kp.pullPolicy,
-		Image:      image,
-		Platform:   platform,
+		PullPolicy:    kp.pullPolicy,
+		Image:         image,
+		Platform:      platform,
+		SkipTLSVerify: skipTLSVerify,
 	})
 	if err != nil {
 		return fmt.Errorf("failed to pull image %s: %v", image, err)

diff --git a/build/kubefile/parser/parse_test.go b/build/kubefile/parser/parse_test.go
@@ -65,7 +65,7 @@ LAUNCH ["%s"]
 	)
 
 	reader := bytes.NewReader([]byte(text))
-	result, err := testParser.ParseKubefile(reader)
+	result, err := testParser.ParseKubefile(reader, true)
 	if err != nil {
 		t.Fatalf("failed to parse kubefile: %s", err)
 	}
@@ -128,7 +128,7 @@ LAUNCH %s
 	)
 
 	reader := bytes.NewReader([]byte(text))
-	result, err := testParser.ParseKubefile(reader)
+	result, err := testParser.ParseKubefile(reader, true)
 	if err != nil {
 		t.Fatalf("failed to parse kubefile: %s", err)
 	}
@@ -187,7 +187,7 @@ CMDS ["%s", "%s"]
 	)
 
 	reader := bytes.NewReader([]byte(text))
-	result, err := testParser.ParseKubefile(reader)
+	result, err := testParser.ParseKubefile(reader, true)
 	if err != nil {
 		t.Fatalf("failed to parse kubefile: %s", err)
 	}
@@ -241,7 +241,7 @@ LAUNCH ["app1"]`, appFilePath)
 	)
 
 	reader := bytes.NewReader([]byte(text))
-	result, err := testParser.ParseKubefile(reader)
+	result, err := testParser.ParseKubefile(reader, true)
 	if err != nil {
 		t.Fatalf("failed to parse kubefile: %s", err)
 	}

diff --git a/cmd/sealer/cmd/image/build.go b/cmd/sealer/cmd/image/build.go
@@ -97,11 +97,11 @@ func NewBuildCmd() *cobra.Command {
 				}
 				// if its value is default platforms, build image as single sealer image.
 				if ok := platforms.Default().Match(p); ok {
-					return buildSingleSealerImage(engine, buildFlags.Tag, "", buildFlags.Platforms[0])
+					return buildSingleSealerImage(engine, buildFlags.Tag, "", buildFlags.Platforms[0], buildFlags.SkipTLSVerify)
 				}
 			}
 
-			return buildMultiPlatformSealerImage(engine)
+			return buildMultiPlatformSealerImage(engine, buildFlags.SkipTLSVerify)
 		},
 	}
 	buildCmd.Flags().StringVarP(&buildFlags.Kubefile, "file", "f", "Kubefile", "Kubefile filepath")
@@ -118,6 +118,7 @@ func NewBuildCmd() *cobra.Command {
 	buildCmd.Flags().StringSliceVar(&buildFlags.Labels, "label", []string{getSealerLabel()}, "add labels for image. Format like --label key=[value]")
 	buildCmd.Flags().BoolVar(&buildFlags.NoCache, "no-cache", false, "do not use existing cached images for building. Build from the start with a new set of cached layers.")
 	buildCmd.Flags().StringVar(&buildFlags.BuildMode, "build-mode", options.WithAllMode, "whether to download container image during the build process. default is `all`.")
+	buildCmd.Flags().BoolVar(&buildFlags.SkipTLSVerify, "skip-tls-verify", true, "default is requiring HTTPS and verify certificates when accessing the registry.")
 
 	supportedImageType := map[string]struct{}{v12.KubeInstaller: {}, v12.AppInstaller: {}}
 	if _, ok := supportedImageType[buildFlags.ImageType]; !ok {
@@ -132,7 +133,7 @@ func NewBuildCmd() *cobra.Command {
 	return buildCmd
 }
 
-func buildMultiPlatformSealerImage(engine imageengine.Interface) error {
+func buildMultiPlatformSealerImage(engine imageengine.Interface, skipTLSVerify bool) error {
 	var (
 		// use buildFlags.Tag as manifest name for multi arch build
 		manifest = buildFlags.Tag
@@ -146,7 +147,7 @@ func buildMultiPlatformSealerImage(engine imageengine.Interface) error {
 
 	// build multi platform
 	for _, p := range buildFlags.Platforms {
-		err = buildSingleSealerImage(engine, "", manifest, p)
+		err = buildSingleSealerImage(engine, "", manifest, p, skipTLSVerify)
 		if err != nil {
 			// clean manifest
 			_ = engine.DeleteManifests([]string{manifest}, &options.ManifestDeleteOpts{})
@@ -157,9 +158,10 @@ func buildMultiPlatformSealerImage(engine imageengine.Interface) error {
 	return nil
 }
 
-func buildSingleSealerImage(engine imageengine.Interface, imageName string, manifest string, platformStr string) error {
+func buildSingleSealerImage(engine imageengine.Interface, imageName string, manifest string, platformStr string, skipTLSVerify bool) error {
+	// parse Kubefile & try pull image in "from" syntax
 	kubefileParser := parser.NewParser(rootfs.GlobalManager.App().Root(), buildFlags, engine, platformStr)
-	result, err := getKubefileParseResult(buildFlags.ContextDir, buildFlags.Kubefile, kubefileParser)
+	result, err := getKubefileParseResult(buildFlags.ContextDir, buildFlags.Kubefile, kubefileParser, skipTLSVerify)
 	if err != nil {
 		return err
 	}
@@ -483,7 +485,7 @@ func buildImageExtensionOnResult(result *parser.KubefileResult, imageType string
 	return extension
 }
 
-func getKubefileParseResult(contextDir, file string, kubefileParser *parser.KubefileParser) (*parser.KubefileResult, error) {
+func getKubefileParseResult(contextDir, file string, kubefileParser *parser.KubefileParser, skipTLSVerify bool) (*parser.KubefileResult, error) {
 	kubefile, err := getKubefile(contextDir, file)
 	if err != nil {
 		return nil, err
@@ -497,7 +499,7 @@ func getKubefileParseResult(contextDir, file string, kubefileParser *parser.Kube
 		_ = kfr.Close()
 	}()
 
-	kr, err := kubefileParser.ParseKubefile(kfr)
+	kr, err := kubefileParser.ParseKubefile(kfr, skipTLSVerify)
 	if err != nil {
 		return nil, err
 	}

diff --git a/pkg/define/options/options.go b/pkg/define/options/options.go
@@ -45,7 +45,8 @@ type BuildOptions struct {
 
 	//BuildMode means whether to download container image during the build process
 	// default value is download all container images.
-	BuildMode string
+	BuildMode     string
+	SkipTLSVerify bool
 }
 
 type FromOptions struct {