Make cli.EncryptConfig,DecryptConfig, GetFormat public

We want to share these functions with Podman, Podman currently has a slightly different version which is correct, so use correct version in Buildah and vendor it into Podman. Fixing: containers/podman#18196 Signed-off-by: Daniel J Walsh <[email protected]>
rhatdan · Jun 9, 2023 · 6714a79 · 6714a79
1 parent b3e39df
commit 6714a79
Show file tree

Hide file tree

Showing 10 changed files with 96 additions and 123 deletions.
diff --git a/cmd/buildah/addcopy.go b/cmd/buildah/addcopy.go
@@ -9,8 +9,7 @@ import (
 	"time"
 
 	"github.com/containers/buildah"
-	"github.com/containers/buildah/internal/util"
-	buildahcli "github.com/containers/buildah/pkg/cli"
+	"github.com/containers/buildah/pkg/cli"
 	"github.com/containers/buildah/pkg/parse"
 	"github.com/containers/common/pkg/auth"
 	"github.com/containers/storage"
@@ -81,8 +80,8 @@ func applyFlagVars(flags *pflag.FlagSet, opts *addCopyResults) {
 	}
 	flags.StringVar(&opts.ignoreFile, "ignorefile", "", "path to .containerignore file")
 	flags.StringVar(&opts.contextdir, "contextdir", "", "context directory path")
-	flags.IntVar(&opts.retry, "retry", buildahcli.MaxPullPushRetries, "number of times to retry in case of failure when performing pull")
-	flags.StringVar(&opts.retryDelay, "retry-delay", buildahcli.PullPushRetryDelay.String(), "delay between retries in case of pull failures")
+	flags.IntVar(&opts.retry, "retry", cli.MaxPullPushRetries, "number of times to retry in case of failure when performing pull")
+	flags.StringVar(&opts.retryDelay, "retry-delay", cli.PullPushRetryDelay.String(), "delay between retries in case of pull failures")
 	flags.BoolVarP(&opts.quiet, "quiet", "q", false, "don't output a digest of the newly-added/copied content")
 	flags.BoolVar(&opts.tlsVerify, "tls-verify", true, "require HTTPS and verify certificates when accessing registries when pulling images. TLS verification cannot be used when talking to an insecure registry.")
 	if err := flags.MarkHidden("tls-verify"); err != nil {
@@ -133,7 +132,7 @@ func addAndCopyCmd(c *cobra.Command, args []string, verb string, iopts addCopyRe
 		return errors.New("src must be specified")
 	}
 
-	if err := buildahcli.VerifyFlagsArgsOrder(args); err != nil {
+	if err := cli.VerifyFlagsArgsOrder(args); err != nil {
 		return err
 	}
 
@@ -166,7 +165,7 @@ func addAndCopyCmd(c *cobra.Command, args []string, verb string, iopts addCopyRe
 				return fmt.Errorf("building system context: %w", err2)
 			}
 
-			decryptConfig, err2 := util.DecryptConfig(iopts.decryptionKeys)
+			decryptConfig, err2 := cli.DecryptConfig(iopts.decryptionKeys)
 			if err2 != nil {
 				return fmt.Errorf("unable to obtain decrypt config: %w", err2)
 			}

diff --git a/cmd/buildah/commit.go b/cmd/buildah/commit.go
@@ -8,8 +8,7 @@ import (
 
 	"github.com/containers/buildah"
 	"github.com/containers/buildah/define"
-	iutil "github.com/containers/buildah/internal/util"
-	buildahcli "github.com/containers/buildah/pkg/cli"
+	"github.com/containers/buildah/pkg/cli"
 	"github.com/containers/buildah/pkg/parse"
 	"github.com/containers/buildah/util"
 	"github.com/containers/common/pkg/auth"
@@ -132,7 +131,7 @@ func commitCmd(c *cobra.Command, args []string, iopts commitInputOptions) error
 	if len(args) == 0 {
 		return errors.New("container ID must be specified")
 	}
-	if err := buildahcli.VerifyFlagsArgsOrder(args); err != nil {
+	if err := cli.VerifyFlagsArgsOrder(args); err != nil {
 		return err
 	}
 	if err := auth.CheckAuthFile(iopts.authfile); err != nil {
@@ -153,7 +152,7 @@ func commitCmd(c *cobra.Command, args []string, iopts commitInputOptions) error
 		compress = define.Uncompressed
 	}
 
-	format, err := iutil.GetFormat(iopts.format)
+	format, err := cli.GetFormat(iopts.format)
 	if err != nil {
 		return err
 	}
@@ -198,7 +197,7 @@ func commitCmd(c *cobra.Command, args []string, iopts commitInputOptions) error
 		builder.SetLabel(buildah.BuilderIdentityAnnotation, define.Version)
 	}
 
-	encConfig, encLayers, err := iutil.EncryptConfig(iopts.encryptionKeys, iopts.encryptLayers)
+	encConfig, encLayers, err := cli.EncryptConfig(iopts.encryptionKeys, iopts.encryptLayers)
 	if err != nil {
 		return fmt.Errorf("unable to obtain encryption config: %w", err)
 	}

diff --git a/cmd/buildah/from.go b/cmd/buildah/from.go
@@ -10,8 +10,7 @@ import (
 
 	"github.com/containers/buildah"
 	"github.com/containers/buildah/define"
-	"github.com/containers/buildah/internal/util"
-	buildahcli "github.com/containers/buildah/pkg/cli"
+	"github.com/containers/buildah/pkg/cli"
 	"github.com/containers/buildah/pkg/parse"
 	"github.com/containers/common/pkg/auth"
 	"github.com/containers/common/pkg/config"
@@ -32,9 +31,9 @@ type fromReply struct {
 	quiet           bool
 	signaturePolicy string
 	tlsVerify       bool
-	*buildahcli.FromAndBudResults
-	*buildahcli.UserNSResults
-	*buildahcli.NameSpaceResults
+	*cli.FromAndBudResults
+	*cli.UserNSResults
+	*cli.NameSpaceResults
 }
 
 var suffix string
@@ -44,9 +43,9 @@ func init() {
 		fromDescription = "\n  Creates a new working container, either from scratch or using a specified\n  image as a starting point."
 		opts            fromReply
 	)
-	fromAndBudResults := buildahcli.FromAndBudResults{}
-	userNSResults := buildahcli.UserNSResults{}
-	namespaceResults := buildahcli.NameSpaceResults{}
+	fromAndBudResults := cli.FromAndBudResults{}
+	userNSResults := cli.UserNSResults{}
+	namespaceResults := cli.NameSpaceResults{}
 	fromCommand := &cobra.Command{
 		Use:   "from",
 		Short: "Create a working container based on an image",
@@ -96,13 +95,13 @@ func init() {
 	flags.BoolVar(&opts.tlsVerify, "tls-verify", true, "require HTTPS and verify certificates when accessing the registry. TLS verification cannot be used when talking to an insecure registry.")
 
 	// Add in the common flags
-	fromAndBudFlags, err := buildahcli.GetFromAndBudFlags(&fromAndBudResults, &userNSResults, &namespaceResults)
+	fromAndBudFlags, err := cli.GetFromAndBudFlags(&fromAndBudResults, &userNSResults, &namespaceResults)
 	if err != nil {
 		logrus.Errorf("failed to setup From and Bud flags: %v", err)
 		os.Exit(1)
 	}
 	flags.AddFlagSet(&fromAndBudFlags)
-	flags.SetNormalizeFunc(buildahcli.AliasFlags)
+	flags.SetNormalizeFunc(cli.AliasFlags)
 
 	rootCmd.AddCommand(fromCommand)
 }
@@ -197,7 +196,7 @@ func fromCmd(c *cobra.Command, args []string, iopts fromReply) error {
 	if len(args) == 0 {
 		return errors.New("an image name (or \"scratch\") must be specified")
 	}
-	if err := buildahcli.VerifyFlagsArgsOrder(args); err != nil {
+	if err := cli.VerifyFlagsArgsOrder(args); err != nil {
 		return err
 	}
 	if len(args) > 1 {
@@ -276,7 +275,7 @@ func fromCmd(c *cobra.Command, args []string, iopts fromReply) error {
 	}
 	namespaceOptions.AddOrReplace(usernsOption...)
 
-	format, err := util.GetFormat(iopts.format)
+	format, err := cli.GetFormat(iopts.format)
 	if err != nil {
 		return err
 	}
@@ -296,7 +295,7 @@ func fromCmd(c *cobra.Command, args []string, iopts fromReply) error {
 
 	commonOpts.Ulimit = append(defaultContainerConfig.Containers.DefaultUlimits, commonOpts.Ulimit...)
 
-	decConfig, err := util.DecryptConfig(iopts.DecryptionKeys)
+	decConfig, err := cli.DecryptConfig(iopts.DecryptionKeys)
 	if err != nil {
 		return fmt.Errorf("unable to obtain decrypt config: %w", err)
 	}

diff --git a/cmd/buildah/pull.go b/cmd/buildah/pull.go
@@ -9,8 +9,7 @@ import (
 
 	"github.com/containers/buildah"
 	"github.com/containers/buildah/define"
-	"github.com/containers/buildah/internal/util"
-	buildahcli "github.com/containers/buildah/pkg/cli"
+	"github.com/containers/buildah/pkg/cli"
 	"github.com/containers/buildah/pkg/parse"
 	"github.com/containers/common/pkg/auth"
 	"github.com/sirupsen/logrus"
@@ -75,8 +74,8 @@ func init() {
 	flags.StringSlice("platform", []string{parse.DefaultPlatform()}, "prefer OS/ARCH instead of the current operating system and architecture for choosing images")
 	flags.String("variant", "", "override the `variant` of the specified image")
 	flags.BoolVar(&opts.tlsVerify, "tls-verify", true, "require HTTPS and verify certificates when accessing the registry. TLS verification cannot be used when talking to an insecure registry.")
-	flags.IntVar(&opts.retry, "retry", buildahcli.MaxPullPushRetries, "number of times to retry in case of failure when performing pull")
-	flags.StringVar(&opts.retryDelay, "retry-delay", buildahcli.PullPushRetryDelay.String(), "delay between retries in case of pull failures")
+	flags.IntVar(&opts.retry, "retry", cli.MaxPullPushRetries, "number of times to retry in case of failure when performing pull")
+	flags.StringVar(&opts.retryDelay, "retry-delay", cli.PullPushRetryDelay.String(), "delay between retries in case of pull failures")
 	if err := flags.MarkHidden("blob-cache"); err != nil {
 		panic(fmt.Sprintf("error marking blob-cache as hidden: %v", err))
 	}
@@ -88,7 +87,7 @@ func pullCmd(c *cobra.Command, args []string, iopts pullOptions) error {
 	if len(args) == 0 {
 		return errors.New("an image name must be specified")
 	}
-	if err := buildahcli.VerifyFlagsArgsOrder(args); err != nil {
+	if err := cli.VerifyFlagsArgsOrder(args); err != nil {
 		return err
 	}
 	if len(args) > 1 {
@@ -115,7 +114,7 @@ func pullCmd(c *cobra.Command, args []string, iopts pullOptions) error {
 		return err
 	}
 
-	decConfig, err := util.DecryptConfig(iopts.decryptionKeys)
+	decConfig, err := cli.DecryptConfig(iopts.decryptionKeys)
 	if err != nil {
 		return fmt.Errorf("unable to obtain decryption config: %w", err)
 	}

diff --git a/cmd/buildah/push.go b/cmd/buildah/push.go
@@ -10,10 +10,9 @@ import (
 
 	"github.com/containers/buildah"
 	"github.com/containers/buildah/define"
-	iutil "github.com/containers/buildah/internal/util"
-	buildahcli "github.com/containers/buildah/pkg/cli"
+	"github.com/containers/buildah/pkg/cli"
 	"github.com/containers/buildah/pkg/parse"
-	"github.com/containers/buildah/util"
+	util "github.com/containers/buildah/util"
 	"github.com/containers/common/pkg/auth"
 	"github.com/containers/image/v5/manifest"
 	"github.com/containers/image/v5/pkg/compression"
@@ -90,8 +89,8 @@ func init() {
 	flags.StringVar(&opts.compressionFormat, "compression-format", "", "compression format to use")
 	flags.IntVar(&opts.compressionLevel, "compression-level", 0, "compression level to use")
 	flags.BoolVarP(&opts.quiet, "quiet", "q", false, "don't output progress information when pushing images")
-	flags.IntVar(&opts.retry, "retry", buildahcli.MaxPullPushRetries, "number of times to retry in case of failure when performing push/pull")
-	flags.StringVar(&opts.retryDelay, "retry-delay", buildahcli.PullPushRetryDelay.String(), "delay between retries in case of push/pull failures")
+	flags.IntVar(&opts.retry, "retry", cli.MaxPullPushRetries, "number of times to retry in case of failure when performing push/pull")
+	flags.StringVar(&opts.retryDelay, "retry-delay", cli.PullPushRetryDelay.String(), "delay between retries in case of push/pull failures")
 	flags.BoolVar(&opts.rm, "rm", false, "remove the manifest list if push succeeds")
 	flags.BoolVarP(&opts.removeSignatures, "remove-signatures", "", false, "don't copy signatures when pushing image")
 	flags.StringVar(&opts.signBy, "sign-by", "", "sign the image using a GPG key with the specified `FINGERPRINT`")
@@ -113,7 +112,7 @@ func init() {
 func pushCmd(c *cobra.Command, args []string, iopts pushOptions) error {
 	var src, destSpec string
 
-	if err := buildahcli.VerifyFlagsArgsOrder(args); err != nil {
+	if err := cli.VerifyFlagsArgsOrder(args); err != nil {
 		return err
 	}
 	if err := auth.CheckAuthFile(iopts.authfile); err != nil {
@@ -187,7 +186,7 @@ func pushCmd(c *cobra.Command, args []string, iopts pushOptions) error {
 		}
 	}
 
-	encConfig, encLayers, err := iutil.EncryptConfig(iopts.encryptionKeys, iopts.encryptLayers)
+	encConfig, encLayers, err := cli.EncryptConfig(iopts.encryptionKeys, iopts.encryptLayers)
 	if err != nil {
 		return fmt.Errorf("unable to obtain encryption config: %w", err)
 	}

diff --git a/internal/util/util.go b/internal/util/util.go
@@ -10,8 +10,6 @@ import (
 	"github.com/containers/common/libimage"
 	"github.com/containers/common/pkg/config"
 	"github.com/containers/image/v5/types"
-	encconfig "github.com/containers/ocicrypt/config"
-	enchelpers "github.com/containers/ocicrypt/helpers"
 	"github.com/containers/storage"
 	"github.com/containers/storage/pkg/archive"
 	"github.com/containers/storage/pkg/chrootarchive"
@@ -114,49 +112,3 @@ func ExportFromReader(input io.Reader, opts define.BuildOutputOption) error {
 	}
 	return nil
 }
-
-// DecryptConfig translates decryptionKeys into a DescriptionConfig structure
-func DecryptConfig(decryptionKeys []string) (*encconfig.DecryptConfig, error) {
-	var decryptConfig *encconfig.DecryptConfig
-	if len(decryptionKeys) > 0 {
-		// decryption
-		dcc, err := enchelpers.CreateCryptoConfig([]string{}, decryptionKeys)
-		if err != nil {
-			return nil, fmt.Errorf("invalid decryption keys: %w", err)
-		}
-		cc := encconfig.CombineCryptoConfigs([]encconfig.CryptoConfig{dcc})
-		decryptConfig = cc.DecryptConfig
-	}
-
-	return decryptConfig, nil
-}
-
-// EncryptConfig translates encryptionKeys into a EncriptionsConfig structure
-func EncryptConfig(encryptionKeys []string, encryptLayers []int) (*encconfig.EncryptConfig, *[]int, error) {
-	var encLayers *[]int
-	var encConfig *encconfig.EncryptConfig
-
-	if len(encryptionKeys) > 0 {
-		// encryption
-		encLayers = &encryptLayers
-		ecc, err := enchelpers.CreateCryptoConfig(encryptionKeys, []string{})
-		if err != nil {
-			return nil, nil, fmt.Errorf("invalid encryption keys: %w", err)
-		}
-		cc := encconfig.CombineCryptoConfigs([]encconfig.CryptoConfig{ecc})
-		encConfig = cc.EncryptConfig
-	}
-	return encConfig, encLayers, nil
-}
-
-// GetFormat translates format string into either docker or OCI format constant
-func GetFormat(format string) (string, error) {
-	switch format {
-	case define.OCI:
-		return define.OCIv1ImageManifest, nil
-	case define.DOCKER:
-		return define.Dockerv2ImageManifest, nil
-	default:
-		return "", fmt.Errorf("unrecognized image type %q", format)
-	}
-}
diff --git a/internal/util/util_test.go b/internal/util/util_test.go
diff --git a/pkg/cli/build.go b/pkg/cli/build.go
@@ -14,7 +14,6 @@ import (
 	"time"
 
 	"github.com/containers/buildah/define"
-	iutil "github.com/containers/buildah/internal/util"
 	"github.com/containers/buildah/pkg/parse"
 	"github.com/containers/buildah/pkg/util"
 	"github.com/containers/common/pkg/auth"
@@ -135,7 +134,7 @@ func GenBuildOptions(c *cobra.Command, inputArgs []string, iopts BuildOptions) (
 	}
 
 	containerfiles := getContainerfiles(iopts.File)
-	format, err := iutil.GetFormat(iopts.Format)
+	format, err := GetFormat(iopts.Format)
 	if err != nil {
 		return options, nil, nil, err
 	}
@@ -272,7 +271,7 @@ func GenBuildOptions(c *cobra.Command, inputArgs []string, iopts BuildOptions) (
 		return options, nil, nil, err
 	}
 
-	decryptConfig, err := iutil.DecryptConfig(iopts.DecryptionKeys)
+	decryptConfig, err := DecryptConfig(iopts.DecryptionKeys)
 	if err != nil {
 		return options, nil, nil, fmt.Errorf("unable to obtain decrypt config: %w", err)
 	}
@@ -433,7 +432,7 @@ func readBuildArgFile(buildargfile string, args map[string]string) error {
 		return err
 	}
 	for _, arg := range strings.Split(string(argfile), "\n") {
-		if len (arg) == 0 || arg[0] == '#' {
+		if len(arg) == 0 || arg[0] == '#' {
 			continue
 		}
 		readBuildArg(arg, args)