From 2020d621da942f25edba96785a51895ff5de260b Mon Sep 17 00:00:00 2001 From: Sam Berning Date: Fri, 8 Nov 2024 02:07:17 +0000 Subject: [PATCH] krane: write krane to a tempfile Signed-off-by: Sam Berning --- Cargo.lock | 12 +----------- Cargo.toml | 1 - tools/krane/Cargo.toml | 2 +- tools/krane/README.md | 3 +-- tools/krane/src/lib.rs | 33 ++++++++++++++++----------------- 5 files changed, 19 insertions(+), 32 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index a4d07028..dffd622c 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1902,8 +1902,8 @@ dependencies = [ "anyhow", "flate2", "lazy_static", - "pentacle", "tar", + "tempfile", ] [[package]] @@ -2303,16 +2303,6 @@ dependencies = [ "serde", ] -[[package]] -name = "pentacle" -version = "1.1.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9e875807b4510e6847d4ef7674ab9b3efe30cc99b933f2e6e82f6ef38f7e5352" -dependencies = [ - "libc", - "log", -] - [[package]] name = "percent-encoding" version = "2.3.1" diff --git a/Cargo.toml b/Cargo.toml index 9587f97c..9f0392b0 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -106,7 +106,6 @@ nix = "0.28" nonzero_ext = "0.3" num_cpus = "1" olpc-cjson = "0.1" -pentacle = "1.1" rand = { version = "0.8", default-features = false } regex = "1" reqwest = { version = "0.11", default-features = false } diff --git a/tools/krane/Cargo.toml b/tools/krane/Cargo.toml index 20879f78..2672af38 100644 --- a/tools/krane/Cargo.toml +++ b/tools/krane/Cargo.toml @@ -10,7 +10,7 @@ publish = false anyhow.workspace = true flate2.workspace = true lazy_static.workspace = true -pentacle.workspace = true +tempfile.workspace = true [build-dependencies] flate2.workspace = true diff --git a/tools/krane/README.md b/tools/krane/README.md index 076b7cac..86572168 100644 --- a/tools/krane/README.md +++ b/tools/krane/README.md @@ -4,8 +4,7 @@ This crate packages the `krane` utility from [google/go-containerregistry]. The utility is compiled by a build script, the output of which is compressed and stored in the Rust crate as via `include_bytes!`. -At runtime, `krane-bundle` writes the decompressed binary to a [sealed anonymous file], passing the +At runtime, `krane-bundle` writes the decompressed binary to a temp file, passing the filepath of that file to any caller. [google/go-containerregistry]: https://github.com/google/go-containerregistry -[sealed anonymous file]: https://github.com/haha-business/pentacle diff --git a/tools/krane/src/lib.rs b/tools/krane/src/lib.rs index 17158387..2ffd3503 100644 --- a/tools/krane/src/lib.rs +++ b/tools/krane/src/lib.rs @@ -1,10 +1,10 @@ -use anyhow::{Context, Result}; +use anyhow::Result; use flate2::read::GzDecoder; -use std::fs::File; -use std::os::fd::AsRawFd; -use std::path::{Path, PathBuf}; +use std::fs::{File, Permissions}; +use std::os::unix::fs::PermissionsExt; +use std::path::PathBuf; -use pentacle::SealOptions; +use tempfile::TempDir; const COMPRESSED_KRANE_BIN: &[u8] = include_bytes!(env!("KRANE_GZ_PATH")); @@ -15,31 +15,30 @@ lazy_static::lazy_static! { #[derive(Debug)] pub struct Krane { // Hold the file in memory to keep the fd open - _sealed_binary: File, + _tmp_dir: TempDir, path: PathBuf, } impl Krane { fn seal() -> Result { - let mut krane_reader = GzDecoder::new(COMPRESSED_KRANE_BIN); + let tmp_dir = TempDir::new()?; + let path = tmp_dir.path().join("krane"); + + let mut krane_file = File::create(&path)?; + let permissions = Permissions::from_mode(0o755); + krane_file.set_permissions(permissions)?; - let sealed_binary = SealOptions::new() - .close_on_exec(false) - .executable(true) - .copy_and_seal(&mut krane_reader) - .context("Failed to write krane binary to sealed anonymous file")?; + let mut krane_reader = GzDecoder::new(COMPRESSED_KRANE_BIN); - let fd = sealed_binary.as_raw_fd(); - let pid = std::process::id(); - let path = PathBuf::from(format!("/proc/{pid}/fd/{fd}")); + std::io::copy(&mut krane_reader, &mut krane_file)?; Ok(Krane { - _sealed_binary: sealed_binary, + _tmp_dir: tmp_dir, path, }) } - pub fn path(&self) -> &Path { + pub fn path(&self) -> &PathBuf { &self.path } }