Merge pull request #5135 from AkihiroSuda/default-config-crypt

add imgcrypt stream processors to the default config
2021-03-25 14:31:38 +08:00
parent 548d984f27 ecb881e5e6
commit 80fa9fe32a
13 changed files with 88 additions and 59 deletions
--- a/cmd/containerd/command/config.go
+++ b/cmd/containerd/command/config.go
@@ -20,11 +20,15 @@ import (
 	gocontext "context"
 	"io"
 	"os"
+	"path/filepath"

 	"github.com/BurntSushi/toml"
+	"github.com/containerd/containerd/defaults"
+	"github.com/containerd/containerd/images"
 	"github.com/containerd/containerd/pkg/timeout"
 	"github.com/containerd/containerd/services/server"
 	srvconfig "github.com/containerd/containerd/services/server/config"
+	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
 	"github.com/urfave/cli"
 )

@@ -113,3 +117,49 @@ var configCommand = cli.Command{
 		},
 	},
 }
+
+func platformAgnosticDefaultConfig() *srvconfig.Config {
+	return &srvconfig.Config{
+		Version: 1,
+		Root:    defaults.DefaultRootDir,
+		State:   defaults.DefaultStateDir,
+		GRPC: srvconfig.GRPCConfig{
+			Address:        defaults.DefaultAddress,
+			MaxRecvMsgSize: defaults.DefaultMaxRecvMsgSize,
+			MaxSendMsgSize: defaults.DefaultMaxSendMsgSize,
+		},
+		DisabledPlugins:  []string{},
+		RequiredPlugins:  []string{},
+		StreamProcessors: streamProcessors(),
+	}
+}
+
+func streamProcessors() map[string]srvconfig.StreamProcessor {
+	const (
+		ctdDecoder = "ctd-decoder"
+		basename   = "io.containerd.ocicrypt.decoder.v1"
+	)
+	decryptionKeysPath := filepath.Join(defaults.DefaultConfigDir, "ocicrypt", "keys")
+	ctdDecoderArgs := []string{
+		"--decryption-keys-path", decryptionKeysPath,
+	}
+	ctdDecoderEnv := []string{
+		"OCICRYPT_KEYPROVIDER_CONFIG=" + filepath.Join(defaults.DefaultConfigDir, "ocicrypt", "ocicrypt_keyprovider.conf"),
+	}
+	return map[string]srvconfig.StreamProcessor{
+		basename + ".tar.gzip": {
+			Accepts: []string{images.MediaTypeImageLayerGzipEncrypted},
+			Returns: ocispec.MediaTypeImageLayerGzip,
+			Path:    ctdDecoder,
+			Args:    ctdDecoderArgs,
+			Env:     ctdDecoderEnv,
+		},
+		basename + ".tar": {
+			Accepts: []string{images.MediaTypeImageLayerEncrypted},
+			Returns: ocispec.MediaTypeImageLayer,
+			Path:    ctdDecoder,
+			Args:    ctdDecoderArgs,
+			Env:     ctdDecoderEnv,
+		},
+	}
+}
--- a/cmd/containerd/command/config_linux.go
+++ b/cmd/containerd/command/config_linux.go
@@ -17,21 +17,9 @@
 package command

 import (
-	"github.com/containerd/containerd/defaults"
 	srvconfig "github.com/containerd/containerd/services/server/config"
 )

 func defaultConfig() *srvconfig.Config {
-	return &srvconfig.Config{
-		Version: 1,
-		Root:    defaults.DefaultRootDir,
-		State:   defaults.DefaultStateDir,
-		GRPC: srvconfig.GRPCConfig{
-			Address:        defaults.DefaultAddress,
-			MaxRecvMsgSize: defaults.DefaultMaxRecvMsgSize,
-			MaxSendMsgSize: defaults.DefaultMaxSendMsgSize,
-		},
-		DisabledPlugins: []string{},
-		RequiredPlugins: []string{},
-	}
+	return platformAgnosticDefaultConfig()
 }
--- a/cmd/containerd/command/config_unsupported.go
+++ b/cmd/containerd/command/config_unsupported.go
@@ -24,18 +24,10 @@ import (
 )

 func defaultConfig() *srvconfig.Config {
-	return &srvconfig.Config{
-		Version: 1,
-		Root:    defaults.DefaultRootDir,
-		State:   defaults.DefaultStateDir,
-		GRPC: srvconfig.GRPCConfig{
-			Address: defaults.DefaultAddress,
-		},
-		Debug: srvconfig.Debug{
-			Level:   "info",
-			Address: defaults.DefaultDebugAddress,
-		},
-		DisabledPlugins: []string{},
-		RequiredPlugins: []string{},
+	cfg := platformAgnosticDefaultConfig()
+	cfg.Debug = srvconfig.Debug{
+		Level:   "info",
+		Address: defaults.DefaultDebugAddress,
 	}
+	return cfg
 }
--- a/cmd/containerd/command/config_windows.go
+++ b/cmd/containerd/command/config_windows.go
@@ -17,21 +17,9 @@
 package command

 import (
-	"github.com/containerd/containerd/defaults"
 	srvconfig "github.com/containerd/containerd/services/server/config"
 )

 func defaultConfig() *srvconfig.Config {
-	return &srvconfig.Config{
-		Version: 1,
-		Root:    defaults.DefaultRootDir,
-		State:   defaults.DefaultStateDir,
-		GRPC: srvconfig.GRPCConfig{
-			Address:        defaults.DefaultAddress,
-			MaxRecvMsgSize: defaults.DefaultMaxRecvMsgSize,
-			MaxSendMsgSize: defaults.DefaultMaxSendMsgSize,
-		},
-		DisabledPlugins: []string{},
-		RequiredPlugins: []string{},
-	}
+	return platformAgnosticDefaultConfig()
 }
--- a/cmd/containerd/command/main.go
+++ b/cmd/containerd/command/main.go
@@ -27,6 +27,7 @@ import (
 	"runtime"
 	"time"

+	"github.com/containerd/containerd/defaults"
 	"github.com/containerd/containerd/errdefs"
 	"github.com/containerd/containerd/log"
 	"github.com/containerd/containerd/mount"
@@ -80,7 +81,7 @@ can be used and modified as necessary as a custom configuration.`
 		cli.StringFlag{
 			Name:  "config,c",
 			Usage: "path to the configuration file",
-			Value: defaultConfigPath,
+			Value: filepath.Join(defaults.DefaultConfigDir, "config.toml"),
 		},
 		cli.StringFlag{
 			Name:  "log-level,l",
--- a/cmd/containerd/command/main_unix.go
+++ b/cmd/containerd/command/main_unix.go
@@ -27,8 +27,6 @@ import (
 	"golang.org/x/sys/unix"
 )

-const defaultConfigPath = "/etc/containerd/config.toml"
-
 var handledSignals = []os.Signal{
 	unix.SIGTERM,
 	unix.SIGINT,
--- a/cmd/containerd/command/main_windows.go
+++ b/cmd/containerd/command/main_windows.go
@@ -20,7 +20,6 @@ import (
 	"context"
 	"fmt"
 	"os"
-	"path/filepath"
 	"unsafe"

 	"github.com/Microsoft/go-winio/pkg/etw"
@@ -33,8 +32,7 @@ import (
 )

 var (
-	defaultConfigPath = filepath.Join(os.Getenv("programfiles"), "containerd", "config.toml")
-	handledSignals    = []os.Signal{
+	handledSignals = []os.Signal{
 		windows.SIGTERM,
 		windows.SIGINT,
 	}