fixed: enable --skip-tls-verify during the build phase

teacher2018 · teacher2018 · commit d4e2090296b4 · 2024-09-07T16:12:48.000+08:00
Signed-off-by: teacher2018 &lt;worldwideteacher@163.com&gt;
diff --git a/build/kubefile/parser/kubefile.go b/build/kubefile/parser/kubefile.go
@@ -87,17 +87,17 @@ type KubefileParser struct {
 	imageEngine  imageengine.Interface
 }
 
-func (kp *KubefileParser) ParseKubefile(rwc io.Reader) (*KubefileResult, error) {
+func (kp *KubefileParser) ParseKubefile(rwc io.Reader, skipTLSVerify bool) (*KubefileResult, error) {
 	result, err := parse(rwc)
 	if err != nil {
 		return nil, fmt.Errorf("failed to parse dockerfile: %v", err)
 	}
 
 	mainNode := result.AST
-	return kp.generateResult(mainNode)
+	return kp.generateResult(mainNode, skipTLSVerify)
 }
 
-func (kp *KubefileParser) generateResult(mainNode *Node) (*KubefileResult, error) {
+func (kp *KubefileParser) generateResult(mainNode *Node, skipTLSVerify bool) (*KubefileResult, error) {
 	var (
 		result = &KubefileResult{
 			Applications: map[string]version.VersionedApplication{},
@@ -141,7 +141,7 @@ func (kp *KubefileParser) generateResult(mainNode *Node) (*KubefileResult, error
 		case command.From:
 			// process FROM aims to pull the image, and merge the applications from
 			// the FROM image.
-			if err = kp.processFrom(node, result); err != nil {
+			if err = kp.processFrom(node, result, skipTLSVerify); err != nil {
 				return nil, fmt.Errorf("failed to process from: %v", err)
 			}
 		case command.Launch:
@@ -429,7 +429,7 @@ func (kp *KubefileParser) processLaunch(node *Node, result *KubefileResult) erro
 	return nil
 }
 
-func (kp *KubefileParser) processFrom(node *Node, result *KubefileResult) error {
+func (kp *KubefileParser) processFrom(node *Node, result *KubefileResult, skipTLSVerify bool) error {
 	var (
 		platform  = parse2.DefaultPlatform()
 		flags     = node.Flags
@@ -455,9 +455,10 @@ func (kp *KubefileParser) processFrom(node *Node, result *KubefileResult) error
 	}
 
 	id, err := kp.imageEngine.Pull(&options.PullOptions{
-		PullPolicy: kp.pullPolicy,
-		Image:      image,
-		Platform:   platform,
+		PullPolicy:    kp.pullPolicy,
+		Image:         image,
+		Platform:      platform,
+		SkipTLSVerify: skipTLSVerify,
 	})
 	if err != nil {
 		return fmt.Errorf("failed to pull image %s: %v", image, err)
diff --git a/build/kubefile/parser/parse_test.go b/build/kubefile/parser/parse_test.go
@@ -65,7 +65,7 @@ LAUNCH ["%s"]
 	)
 
 	reader := bytes.NewReader([]byte(text))
-	result, err := testParser.ParseKubefile(reader)
+	result, err := testParser.ParseKubefile(reader, true)
 	if err != nil {
 		t.Fatalf("failed to parse kubefile: %s", err)
 	}
@@ -128,7 +128,7 @@ LAUNCH %s
 	)
 
 	reader := bytes.NewReader([]byte(text))
-	result, err := testParser.ParseKubefile(reader)
+	result, err := testParser.ParseKubefile(reader, true)
 	if err != nil {
 		t.Fatalf("failed to parse kubefile: %s", err)
 	}
@@ -187,7 +187,7 @@ CMDS ["%s", "%s"]
 	)
 
 	reader := bytes.NewReader([]byte(text))
-	result, err := testParser.ParseKubefile(reader)
+	result, err := testParser.ParseKubefile(reader, true)
 	if err != nil {
 		t.Fatalf("failed to parse kubefile: %s", err)
 	}
@@ -241,7 +241,7 @@ LAUNCH ["app1"]`, appFilePath)
 	)
 
 	reader := bytes.NewReader([]byte(text))
-	result, err := testParser.ParseKubefile(reader)
+	result, err := testParser.ParseKubefile(reader, true)
 	if err != nil {
 		t.Fatalf("failed to parse kubefile: %s", err)
 	}
diff --git a/cmd/sealer/cmd/image/build.go b/cmd/sealer/cmd/image/build.go
@@ -97,11 +97,11 @@ func NewBuildCmd() *cobra.Command {
 				}
 				// if its value is default platforms, build image as single sealer image.
 				if ok := platforms.Default().Match(p); ok {
-					return buildSingleSealerImage(engine, buildFlags.Tag, "", buildFlags.Platforms[0])
+					return buildSingleSealerImage(engine, buildFlags.Tag, "", buildFlags.Platforms[0], buildFlags.SkipTLSVerify)
 				}
 			}
 
-			return buildMultiPlatformSealerImage(engine)
+			return buildMultiPlatformSealerImage(engine, buildFlags.SkipTLSVerify)
 		},
 	}
 	buildCmd.Flags().StringVarP(&buildFlags.Kubefile, "file", "f", "Kubefile", "Kubefile filepath")
@@ -118,6 +118,7 @@ func NewBuildCmd() *cobra.Command {
 	buildCmd.Flags().StringSliceVar(&buildFlags.Labels, "label", []string{getSealerLabel()}, "add labels for image. Format like --label key=[value]")
 	buildCmd.Flags().BoolVar(&buildFlags.NoCache, "no-cache", false, "do not use existing cached images for building. Build from the start with a new set of cached layers.")
 	buildCmd.Flags().StringVar(&buildFlags.BuildMode, "build-mode", options.WithAllMode, "whether to download container image during the build process. default is `all`.")
+	buildCmd.Flags().BoolVar(&buildFlags.SkipTLSVerify, "skip-tls-verify", true, "default is requiring HTTPS and verify certificates when accessing the registry.")
 
 	supportedImageType := map[string]struct{}{v12.KubeInstaller: {}, v12.AppInstaller: {}}
 	if _, ok := supportedImageType[buildFlags.ImageType]; !ok {
@@ -132,7 +133,7 @@ func NewBuildCmd() *cobra.Command {
 	return buildCmd
 }
 
-func buildMultiPlatformSealerImage(engine imageengine.Interface) error {
+func buildMultiPlatformSealerImage(engine imageengine.Interface, skipTLSVerify bool) error {
 	var (
 		// use buildFlags.Tag as manifest name for multi arch build
 		manifest = buildFlags.Tag
@@ -146,7 +147,7 @@ func buildMultiPlatformSealerImage(engine imageengine.Interface) error {
 
 	// build multi platform
 	for _, p := range buildFlags.Platforms {
-		err = buildSingleSealerImage(engine, "", manifest, p)
+		err = buildSingleSealerImage(engine, "", manifest, p, skipTLSVerify)
 		if err != nil {
 			// clean manifest
 			_ = engine.DeleteManifests([]string{manifest}, &options.ManifestDeleteOpts{})
@@ -157,9 +158,10 @@ func buildMultiPlatformSealerImage(engine imageengine.Interface) error {
 	return nil
 }
 
-func buildSingleSealerImage(engine imageengine.Interface, imageName string, manifest string, platformStr string) error {
+func buildSingleSealerImage(engine imageengine.Interface, imageName string, manifest string, platformStr string, skipTLSVerify bool) error {
+	// parse Kubefile & try pull image in "from" syntax
 	kubefileParser := parser.NewParser(rootfs.GlobalManager.App().Root(), buildFlags, engine, platformStr)
-	result, err := getKubefileParseResult(buildFlags.ContextDir, buildFlags.Kubefile, kubefileParser)
+	result, err := getKubefileParseResult(buildFlags.ContextDir, buildFlags.Kubefile, kubefileParser, skipTLSVerify)
 	if err != nil {
 		return err
 	}
@@ -483,7 +485,7 @@ func buildImageExtensionOnResult(result *parser.KubefileResult, imageType string
 	return extension
 }
 
-func getKubefileParseResult(contextDir, file string, kubefileParser *parser.KubefileParser) (*parser.KubefileResult, error) {
+func getKubefileParseResult(contextDir, file string, kubefileParser *parser.KubefileParser, skipTLSVerify bool) (*parser.KubefileResult, error) {
 	kubefile, err := getKubefile(contextDir, file)
 	if err != nil {
 		return nil, err
@@ -497,7 +499,7 @@ func getKubefileParseResult(contextDir, file string, kubefileParser *parser.Kube
 		_ = kfr.Close()
 	}()
 
-	kr, err := kubefileParser.ParseKubefile(kfr)
+	kr, err := kubefileParser.ParseKubefile(kfr, skipTLSVerify)
 	if err != nil {
 		return nil, err
 	}
diff --git a/pkg/define/options/options.go b/pkg/define/options/options.go
@@ -45,7 +45,8 @@ type BuildOptions struct {
 
 	//BuildMode means whether to download container image during the build process
 	// default value is download all container images.
-	BuildMode string
+	BuildMode     string
+	SkipTLSVerify bool
 }
 
 type FromOptions struct {

Original file line number	Diff line number	Diff line change
`@@ -65,7 +65,7 @@ LAUNCH ["%s"]`
`65`	`65`	`)`
`66`	`66`
`67`	`67`	`reader := bytes.NewReader([]byte(text))`
`68`		`- result, err := testParser.ParseKubefile(reader)`
	`68`	`+ result, err := testParser.ParseKubefile(reader, true)`
`69`	`69`	`if err != nil {`
`70`	`70`	`t.Fatalf("failed to parse kubefile: %s", err)`
`71`	`71`	`}`
`@@ -128,7 +128,7 @@ LAUNCH %s`
`128`	`128`	`)`
`129`	`129`
`130`	`130`	`reader := bytes.NewReader([]byte(text))`
`131`		`- result, err := testParser.ParseKubefile(reader)`
	`131`	`+ result, err := testParser.ParseKubefile(reader, true)`
`132`	`132`	`if err != nil {`
`133`	`133`	`t.Fatalf("failed to parse kubefile: %s", err)`
`134`	`134`	`}`
`@@ -187,7 +187,7 @@ CMDS ["%s", "%s"]`
`187`	`187`	`)`
`188`	`188`
`189`	`189`	`reader := bytes.NewReader([]byte(text))`
`190`		`- result, err := testParser.ParseKubefile(reader)`
	`190`	`+ result, err := testParser.ParseKubefile(reader, true)`
`191`	`191`	`if err != nil {`
`192`	`192`	`t.Fatalf("failed to parse kubefile: %s", err)`
`193`	`193`	`}`
@@ -241,7 +241,7 @@ LAUNCH ["app1"]`, appFilePath)
`241`	`241`	`)`
`242`	`242`
`243`	`243`	`reader := bytes.NewReader([]byte(text))`
`244`		`- result, err := testParser.ParseKubefile(reader)`
	`244`	`+ result, err := testParser.ParseKubefile(reader, true)`
`245`	`245`	`if err != nil {`
`246`	`246`	`t.Fatalf("failed to parse kubefile: %s", err)`
`247`	`247`	`}`
Original file line number	Diff line number	Diff line change
`@@ -45,7 +45,8 @@ type BuildOptions struct {`
`45`	`45`
`46`	`46`	`//BuildMode means whether to download container image during the build process`
`47`	`47`	`// default value is download all container images.`
`48`		`- BuildMode string`
	`48`	`+ BuildMode string`
	`49`	`+ SkipTLSVerify bool`
`49`	`50`	`}`
`50`	`51`
`51`	`52`	`type FromOptions struct {`