-
Notifications
You must be signed in to change notification settings - Fork 263
/
Copy pathloader.rs
155 lines (137 loc) · 5.6 KB
/
loader.rs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
use std::path::{Path, PathBuf};
use anyhow::{anyhow, ensure, Context, Result};
use oci_distribution::Reference;
use reqwest::Url;
use spin_common::ui::quoted_path;
use spin_loader::cache::Cache;
use spin_locked_app::locked::{ContentPath, ContentRef, LockedApp, LockedComponent};
use crate::{Client, ORIGIN_URL_SCHEME};
/// OciLoader loads an OCI app in preparation for running with Spin.
pub struct OciLoader {
working_dir: PathBuf,
}
impl OciLoader {
/// Creates a new OciLoader which builds temporary mount directory(s) in
/// the given working_dir.
pub fn new(working_dir: impl Into<PathBuf>) -> Self {
let working_dir = working_dir.into();
Self { working_dir }
}
/// Pulls and loads an OCI Artifact and returns a LockedApp with the given OCI client and reference
pub async fn load_app(&self, client: &mut Client, reference: &str) -> Result<LockedApp> {
// Fetch app
client.pull(reference).await.with_context(|| {
format!("cannot pull Spin application from registry reference {reference:?}")
})?;
// Read locked app
let lockfile_path = client
.lockfile_path(&reference)
.await
.context("cannot get path to spin.lock")?;
self.load_from_cache(lockfile_path, reference, &client.cache)
.await
}
/// Loads an OCI Artifact from the given cache and returns a LockedApp with the given reference
pub async fn load_from_cache(
&self,
lockfile_path: PathBuf,
reference: &str,
cache: &Cache,
) -> std::result::Result<LockedApp, anyhow::Error> {
let locked_content = tokio::fs::read(&lockfile_path)
.await
.with_context(|| format!("failed to read from {}", quoted_path(&lockfile_path)))?;
let mut locked_app = LockedApp::from_json(&locked_content).with_context(|| {
format!(
"failed to decode locked app from {}",
quoted_path(&lockfile_path)
)
})?;
// Update origin metadata
let resolved_reference = Reference::try_from(reference).context("invalid reference")?;
let origin_uri = format!("{ORIGIN_URL_SCHEME}:{resolved_reference}");
locked_app
.metadata
.insert("origin".to_string(), origin_uri.into());
for component in &mut locked_app.components {
self.resolve_component_content_refs(component, cache)
.await
.with_context(|| {
format!("failed to resolve content for component {:?}", component.id)
})?;
}
Ok(locked_app)
}
async fn resolve_component_content_refs(
&self,
component: &mut LockedComponent,
cache: &Cache,
) -> Result<()> {
// Update wasm content path
let wasm_digest = content_digest(&component.source.content)?;
let wasm_path = cache.wasm_file(wasm_digest)?;
component.source.content = content_ref(wasm_path)?;
if !component.files.is_empty() {
let mount_dir = self.working_dir.join("assets").join(&component.id);
for file in &mut component.files {
ensure!(is_safe_to_join(&file.path), "invalid file mount {file:?}");
let mount_path = mount_dir.join(&file.path);
// Create parent directory
let mount_parent = mount_path
.parent()
.with_context(|| format!("invalid mount path {mount_path:?}"))?;
tokio::fs::create_dir_all(mount_parent)
.await
.with_context(|| {
format!("failed to create temporary mount path {mount_path:?}")
})?;
if let Some(content_bytes) = file.content.inline.as_deref() {
// Write inline content to disk
tokio::fs::write(&mount_path, content_bytes)
.await
.with_context(|| {
format!("failed to write inline content to {mount_path:?}")
})?;
} else {
// Copy content
let digest = content_digest(&file.content)?;
let content_path = cache.data_file(digest)?;
// TODO: parallelize
tokio::fs::copy(&content_path, &mount_path)
.await
.with_context(|| {
format!(
"failed to copy {}->{mount_path:?}",
quoted_path(&content_path)
)
})?;
}
}
component.files = vec![ContentPath {
content: content_ref(mount_dir)?,
path: "/".into(),
}]
}
Ok(())
}
}
fn content_digest(content_ref: &ContentRef) -> Result<&str> {
content_ref
.digest
.as_deref()
.with_context(|| format!("content missing expected digest: {content_ref:?}"))
}
fn content_ref(path: impl AsRef<Path>) -> Result<ContentRef> {
let path = std::fs::canonicalize(path)?;
let url = Url::from_file_path(path).map_err(|_| anyhow!("couldn't build file URL"))?;
Ok(ContentRef {
source: Some(url.to_string()),
..Default::default()
})
}
fn is_safe_to_join(path: impl AsRef<Path>) -> bool {
// This could be loosened, but currently should always be true
path.as_ref()
.components()
.all(|c| matches!(c, std::path::Component::Normal(_)))
}