From 6b586c62daaaa24074aed26f2feb8b4b63e41e59 Mon Sep 17 00:00:00 2001 From: Kirill Zaitsev Date: Wed, 10 Dec 2014 20:06:17 +0300 Subject: [PATCH] Move id_rsa outside docker build #PR1 --- shared/build/build.go | 20 ++------------------ shared/build/build_test.go | 22 ++-------------------- shared/build/buildfile/buildfile.go | 13 +++++++++++++ shared/build/buildfile/buildfile_test.go | 7 +++++++ 4 files changed, 24 insertions(+), 38 deletions(-) diff --git a/shared/build/build.go b/shared/build/build.go index be94904b5..1af2f01bd 100644 --- a/shared/build/build.go +++ b/shared/build/build.go @@ -218,10 +218,6 @@ func (b *Builder) setup() error { b.services = append(b.services, info) } - if err := b.writeIdentifyFile(dir); err != nil { - return err - } - if err := b.writeBuildScript(dir); err != nil { return err } @@ -455,11 +451,8 @@ func (b *Builder) writeDockerfile(dir string) error { dockerfile.WriteEnv("LOGNAME", "ubuntu") dockerfile.WriteEnv("TERM", "xterm") dockerfile.WriteEnv("SHELL", "/bin/bash") - dockerfile.WriteAdd("id_rsa", "/home/ubuntu/.ssh/id_rsa") - dockerfile.WriteRun("sudo chown -R ubuntu:ubuntu /home/ubuntu/.ssh") dockerfile.WriteRun("sudo chown -R ubuntu:ubuntu /var/cache/drone") dockerfile.WriteRun("sudo chown -R ubuntu:ubuntu /usr/local/bin/drone") - dockerfile.WriteRun("sudo chmod 600 /home/ubuntu/.ssh/id_rsa") default: // all other images are assumed to use // the root user. @@ -471,9 +464,6 @@ func (b *Builder) writeDockerfile(dir string) error { dockerfile.WriteEnv("TERM", "xterm") dockerfile.WriteEnv("SHELL", "/bin/bash") dockerfile.WriteEnv("GOPATH", "/var/cache/drone") - dockerfile.WriteAdd("id_rsa", "/root/.ssh/id_rsa") - dockerfile.WriteRun("chmod 600 /root/.ssh/id_rsa") - dockerfile.WriteRun("echo 'StrictHostKeyChecking no' > /root/.ssh/config") } dockerfile.WriteAdd("proxy.sh", "/etc/drone.d/") @@ -512,6 +502,8 @@ func (b *Builder) writeBuildScript(dir string) error { f.WriteHost(mapping) } + f.WriteFile("$HOME/.ssh/id_rsa", b.Key, 600) + // if the repository is remote then we should // add the commands to the build script to // clone the repository @@ -554,11 +546,3 @@ func (b *Builder) writeProxyScript(dir string) error { proxyfilePath := filepath.Join(dir, "proxy.sh") return ioutil.WriteFile(proxyfilePath, proxyfile.Bytes(), 0755) } - -// writeIdentifyFile is a helper function that -// will generate the id_rsa file in the builder's -// temp directory to be added to the Image. -func (b *Builder) writeIdentifyFile(dir string) error { - keyfilePath := filepath.Join(dir, "id_rsa") - return ioutil.WriteFile(keyfilePath, b.Key, 0700) -} diff --git a/shared/build/build_test.go b/shared/build/build_test.go index bf05a3550..25eee4a15 100644 --- a/shared/build/build_test.go +++ b/shared/build/build_test.go @@ -477,26 +477,6 @@ func TestRunErrorWait(t *testing.T) { t.Skip() } -func TestWriteIdentifyFile(t *testing.T) { - // temporary directory to store file - dir, _ := ioutil.TempDir("", "drone-test-") - defer os.RemoveAll(dir) - - b := Builder{} - b.Key = []byte("ssh-rsa AAA...") - b.writeIdentifyFile(dir) - - // persist a dummy id_rsa keyfile to disk - keyfile, err := ioutil.ReadFile(filepath.Join(dir, "id_rsa")) - if err != nil { - t.Errorf("Expected id_rsa file saved to disk") - } - - if string(keyfile) != string(b.Key) { - t.Errorf("Expected id_rsa value saved as %s, got %s", b.Key, keyfile) - } -} - func TestWriteProxyScript(t *testing.T) { // temporary directory to store file dir, _ := ioutil.TempDir("", "drone-test-") @@ -541,6 +521,7 @@ func TestWriteBuildScript(t *testing.T) { b := Builder{} b.Build = &script.Build{ Hosts: []string{"127.0.0.1"}} + b.Key = []byte("ssh-rsa AAA...") b.Repo = &repo.Repo{ Path: "git://github.com/drone/drone.git", Branch: "master", @@ -570,6 +551,7 @@ func TestWriteBuildScript(t *testing.T) { f.WriteEnv("CI_BRANCH", "master") f.WriteEnv("CI_PULL_REQUEST", "123") f.WriteHost("127.0.0.1") + f.WriteFile("$HOME/.ssh/id_rsa", []byte("ssh-rsa AAA..."), 600) f.WriteCmd("git clone --depth=0 --recursive git://github.com/drone/drone.git /var/cache/drone/github.com/drone/drone") f.WriteCmd("git fetch origin +refs/pull/123/head:refs/remotes/origin/pr/123") f.WriteCmd("git checkout -qf -b pr/123 origin/pr/123") diff --git a/shared/build/buildfile/buildfile.go b/shared/build/buildfile/buildfile.go index c08463808..723ca1af1 100644 --- a/shared/build/buildfile/buildfile.go +++ b/shared/build/buildfile/buildfile.go @@ -52,6 +52,12 @@ func (b *Buildfile) WriteHost(mapping string) { b.WriteCmdSilent(fmt.Sprintf("[ -f /usr/bin/sudo ] && echo %q | sudo tee -a /etc/hosts", mapping)) } +// WriteFile add files as part of the script. +func (b *Buildfile) WriteFile(path string, file []byte, i int) { + b.WriteString(fmt.Sprintf("echo '%s' | tee %s > /dev/null\n", string(file), path)) + b.WriteCmdSilent(fmt.Sprintf("chmod %d %s", i, path)) +} + // every build script starts with the following // code at the start. var base = ` @@ -70,6 +76,13 @@ if [ -d /etc/drone.d ]; then unset i fi +if [ ! -d $HOME/.ssh ]; then + mkdir -p $HOME/.ssh +fi + +chmod 0700 $HOME/.ssh +echo 'StrictHostKeyChecking no' | tee $HOME/.ssh/config > /dev/null + # be sure to exit on error and print out # our bash commands, so we can which commands # are executing and troubleshoot failures. diff --git a/shared/build/buildfile/buildfile_test.go b/shared/build/buildfile/buildfile_test.go index f9e0e942f..080a84f6f 100644 --- a/shared/build/buildfile/buildfile_test.go +++ b/shared/build/buildfile/buildfile_test.go @@ -46,4 +46,11 @@ func TestWrite(t *testing.T) { if got != want { t.Errorf("Exepected WriteHost returned %s, got %s", want, got) } + + f = &Buildfile{} + f.WriteFile("$HOME/.ssh/id_rsa", []byte("ssh-rsa AAA..."), 600) + got, want = f.String(), "echo 'ssh-rsa AAA...' | tee $HOME/.ssh/id_rsa > /dev/null\nchmod 600 $HOME/.ssh/id_rsa\n" + if got != want { + t.Errorf("Exepected WriteFile returned \n%s, \ngot\n%s", want, got) + } }