diff --git a/lib/src/lib.rs b/lib/src/lib.rs index 173962785..f54db99a3 100644 --- a/lib/src/lib.rs +++ b/lib/src/lib.rs @@ -27,7 +27,6 @@ pub(crate) mod kargs; mod lints; mod lsm; pub(crate) mod metadata; -mod ostree_authfile; mod podman; mod podman_ostree; mod reboot; diff --git a/lib/src/ostree_authfile.rs b/lib/src/ostree_authfile.rs deleted file mode 100644 index 6d6d8ccdc..000000000 --- a/lib/src/ostree_authfile.rs +++ /dev/null @@ -1,72 +0,0 @@ -//! # Copy of the ostree authfile bits as they're not public - -use anyhow::Result; -use ostree_ext::glib; -use std::fs::File; -use std::path::{Path, PathBuf}; -use std::sync::OnceLock; - -// https://docs.rs/openat-ext/0.1.10/openat_ext/trait.OpenatDirExt.html#tymethod.open_file_optional -// https://users.rust-lang.org/t/why-i-use-anyhow-error-even-in-libraries/68592 -pub(crate) fn open_optional(path: impl AsRef) -> std::io::Result> { - match std::fs::File::open(path.as_ref()) { - Ok(r) => Ok(Some(r)), - Err(e) if e.kind() == std::io::ErrorKind::NotFound => Ok(None), - Err(e) => Err(e), - } -} - -struct ConfigPaths { - persistent: PathBuf, - runtime: PathBuf, -} - -/// Get the runtime and persistent config directories. In the system (root) case, these -/// system(root) case: /run/ostree /etc/ostree -/// user(nonroot) case: /run/user/$uid/ostree ~/.config/ostree -fn get_config_paths() -> &'static ConfigPaths { - static PATHS: OnceLock = OnceLock::new(); - PATHS.get_or_init(|| { - let mut r = if rustix::process::getuid() == rustix::process::Uid::ROOT { - ConfigPaths { - persistent: PathBuf::from("/etc"), - runtime: PathBuf::from("/run"), - } - } else { - ConfigPaths { - persistent: glib::user_config_dir(), - runtime: glib::user_runtime_dir(), - } - }; - let path = "ostree"; - r.persistent.push(path); - r.runtime.push(path); - r - }) -} - -impl ConfigPaths { - /// Return the path and an open fd for a config file, if it exists. - pub(crate) fn open_file(&self, p: impl AsRef) -> Result> { - let p = p.as_ref(); - let mut runtime = self.runtime.clone(); - runtime.push(p); - if let Some(f) = open_optional(&runtime)? { - return Ok(Some((runtime, f))); - } - let mut persistent = self.persistent.clone(); - persistent.push(p); - if let Some(f) = open_optional(&persistent)? { - return Ok(Some((persistent, f))); - } - Ok(None) - } -} - -/// Return the path to the global container authentication file, if it exists. -pub(crate) fn get_global_authfile_path() -> Result> { - let paths = get_config_paths(); - let r = paths.open_file("auth.json")?; - // TODO pass the file descriptor to the proxy, not a global path - Ok(r.map(|v| v.0)) -} diff --git a/lib/src/podman.rs b/lib/src/podman.rs index 1a1f34e80..7697e6e0e 100644 --- a/lib/src/podman.rs +++ b/lib/src/podman.rs @@ -3,7 +3,6 @@ //! Wrapper for podman which writes to a bootc-owned root. use std::os::unix::process::CommandExt; -use std::path::Path; use anyhow::{anyhow, Result}; use camino::{Utf8Path, Utf8PathBuf}; @@ -14,7 +13,6 @@ use serde::Deserialize; use tokio::process::Command; use crate::hostexec::run_in_host_mountns; -use crate::ostree_authfile; use crate::spec::ImageReference; use crate::task::Task; use crate::utils::{cmd_in_root, newline_trim_vec_to_string}; @@ -63,14 +61,15 @@ pub(crate) async fn podman_pull( image: &ImageReference, quiet: bool, ) -> Result { - let authfile = ostree_authfile::get_global_authfile_path()?; + let authfile = + ostree_ext::globals::get_global_authfile(rootfs)?.map(|(authfile, _fd)| authfile); let mut cmd = podman_in_root(rootfs)?; let image = OstreeImageReference::from(image.clone()); let pull_spec_image = image.imgref.to_string(); tracing::debug!("Pulling {pull_spec_image}"); let child = cmd .args(["pull"]) - .args(authfile.iter().flat_map(|v| [Path::new("--authfile"), v])) + .args(authfile.iter().flat_map(|v| ["--authfile", v.as_str()])) .args(quiet.then_some("--quiet")) .arg(&pull_spec_image) .stdout(std::process::Stdio::piped())