Skip to content

Commit

Permalink
fix: Move bom to top level subcmd, simplify shouldSkipInternalUserns
Browse files Browse the repository at this point in the history 
The bom commands are useful outside of stacker, and since
they're exposed to the user, they should *not* be part of the
hidden internal-go interface.

So, change:

 - stacker internal-go bom-discover
 + stacker bom discover

Also, shouldSkipInternalUserns was overly complicated as a result
of iterative development.  It is simpler now and based only
on the subcommand name with a single special case for
testsuite-check-overlay.

Signed-off-by: Scott Moser <smoser@brickies.net>
  • Loading branch information
@smoser
smoser committed Aug 23, 2023
1 parent bd233ea commit 540b3a1
Show file tree
Hide file tree
Showing 6 changed files with 123 additions and 106 deletions.
109 changes: 109 additions & 0 deletions cmd/stacker/bom.go
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,109 @@
package main

import (
"fmt"
"path"
"path/filepath"

"github.com/pkg/errors"
cli "github.com/urfave/cli/v2"
"stackerbuild.io/stacker-bom/pkg/bom"
"stackerbuild.io/stacker-bom/pkg/distro"
"stackerbuild.io/stacker-bom/pkg/fs"
)

var bomCmd = cli.Command{
Name: "bom",
Usage: "work with a software bill of materials (BOM)",
Subcommands: []*cli.Command{
&cli.Command{
Name: "discover",
Action: doBomDiscover,
},
&cli.Command{
Name: "build",
Action: doBomBuild,
},
&cli.Command{
Name: "verify",
Action: doBomVerify,
},
},
}

func doBomDiscover(ctx *cli.Context) error {
author := "stacker-internal"
org := "stacker-internal"

if err := fs.Discover(author, org, "/stacker/artifacts/installed-packages.json"); err != nil {
return nil
}

return nil
}

func doBomGenerate(ctx *cli.Context) error { //nolint:unused // used when invoked inside "run:"
if ctx.Args().Len() != 1 {
return errors.Errorf("wrong number of args for umount")
}

input := ctx.Args().Get(0)

author := "stacker-internal"
org := "stacker-internal"
lic := "unknown"

if err := distro.ParsePackage(input, author, org, lic, fmt.Sprintf("/stacker/artifacts/%s.json", filepath.Base(input))); err != nil {
return nil
}

return nil
}

// build/roll your own sbom document for a particular dest (file/dir)
// by specifying details such as author, org, license, etc.
func doBomBuild(ctx *cli.Context) error {
if ctx.Args().Len() < 7 {
return errors.Errorf("wrong number of args")
}

dest := ctx.Args().Get(0)
author := ctx.Args().Get(1)
org := ctx.Args().Get(2)
license := ctx.Args().Get(3)
pkgname := ctx.Args().Get(4)
pkgversion := ctx.Args().Get(5)
paths := []string{}
for i := 6; i < ctx.Args().Len(); i++ {
paths = append(paths, ctx.Args().Get(i))
}
out := path.Join(dest, fmt.Sprintf("doc-%s.spdx.json", pkgname))
name := fmt.Sprintf("doc-%s", pkgname)

return fs.BuildPackage(name, author, org, license, pkgname, pkgversion, paths, out)
}

func doBomVerify(ctx *cli.Context) error {
if ctx.Args().Len() != 4 {
return errors.Errorf("wrong number of args")
}

dest := ctx.Args().Get(0)
name := ctx.Args().Get(1)
author := ctx.Args().Get(2)
org := ctx.Args().Get(3)

// first merge all individual sbom artifacts that may have been generated
if err := bom.MergeDocuments("/stacker/artifacts", name, author, org, dest); err != nil {
return err
}

// check against inventory
if err := fs.GenerateInventory("/",
[]string{"/proc", "/sys", "/dev", "/etc/resolv.conf", "/stacker"},
"/stacker/artifacts/inventory.json"); err != nil {
return err
}

return fs.Verify(dest, "/stacker/artifacts/inventory.json", "")
}
93 changes: 0 additions & 93 deletions cmd/stacker/internal_go.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,16 +4,12 @@ import (
"fmt"
"os"
"path"
"path/filepath"
"runtime"
"strings"

"github.com/pkg/errors"
cli "github.com/urfave/cli/v2"
"golang.org/x/sys/unix"
"stackerbuild.io/stacker-bom/pkg/bom"
"stackerbuild.io/stacker-bom/pkg/distro"
"stackerbuild.io/stacker-bom/pkg/fs"
"stackerbuild.io/stacker/pkg/atomfs"
"stackerbuild.io/stacker/pkg/lib"
"stackerbuild.io/stacker/pkg/log"
Expand Down Expand Up @@ -65,18 +61,6 @@ var internalGoCmd = cli.Command{
},
},
},
&cli.Command{
Name: "bom-discover",
Action: doBomDiscover,
},
&cli.Command{
Name: "bom-build",
Action: doBomBuild,
},
&cli.Command{
Name: "bom-verify",
Action: doBomVerify,
},
},
Before: doBeforeUmociSubcommand,
}
Expand Down Expand Up @@ -224,80 +208,3 @@ func doAtomfsUmount(ctx *cli.Context) error {
mountpoint := ctx.Args().Get(0)
return atomfs.Umount(mountpoint)
}

func doBomDiscover(ctx *cli.Context) error {
author := "stacker-internal"
org := "stacker-internal"

if err := fs.Discover(author, org, "/stacker/artifacts/installed-packages.json"); err != nil {
return nil
}

return nil
}

func doBomGenerate(ctx *cli.Context) error { //nolint:unused // used when invoked inside "run:"
if ctx.Args().Len() != 1 {
return errors.Errorf("wrong number of args for umount")
}

input := ctx.Args().Get(0)

author := "stacker-internal"
org := "stacker-internal"
lic := "unknown"

if err := distro.ParsePackage(input, author, org, lic, fmt.Sprintf("/stacker/artifacts/%s.json", filepath.Base(input))); err != nil {
return nil
}

return nil
}

// build/roll your own sbom document for a particular dest (file/dir)
// by specifying details such as author, org, license, etc.
func doBomBuild(ctx *cli.Context) error {
if ctx.Args().Len() < 7 {
return errors.Errorf("wrong number of args")
}

dest := ctx.Args().Get(0)
author := ctx.Args().Get(1)
org := ctx.Args().Get(2)
license := ctx.Args().Get(3)
pkgname := ctx.Args().Get(4)
pkgversion := ctx.Args().Get(5)
paths := []string{}
for i := 6; i < ctx.Args().Len(); i++ {
paths = append(paths, ctx.Args().Get(i))
}
out := path.Join(dest, fmt.Sprintf("doc-%s.spdx.json", pkgname))
name := fmt.Sprintf("doc-%s", pkgname)

return fs.BuildPackage(name, author, org, license, pkgname, pkgversion, paths, out)
}

func doBomVerify(ctx *cli.Context) error {
if ctx.Args().Len() != 4 {
return errors.Errorf("wrong number of args")
}

dest := ctx.Args().Get(0)
name := ctx.Args().Get(1)
author := ctx.Args().Get(2)
org := ctx.Args().Get(3)

// first merge all individual sbom artifacts that may have been generated
if err := bom.MergeDocuments("/stacker/artifacts", name, author, org, dest); err != nil {
return err
}

// check against inventory
if err := fs.GenerateInventory("/",
[]string{"/proc", "/sys", "/dev", "/etc/resolv.conf", "/stacker"},
"/stacker/artifacts/inventory.json"); err != nil {
return err
}

return fs.Verify(dest, "/stacker/artifacts/inventory.json", "")
}
17 changes: 10 additions & 7 deletions cmd/stacker/main.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -66,16 +66,18 @@ func stackerResult(err error) {
}

func shouldSkipInternalUserns(ctx *cli.Context) bool {
args := ctx.Args()
if args.Len() >= 1 && args.Get(0) == "unpriv-setup" {
if ctx.Args().Len() < 1 {
// no subcommand, no need for namespace
return true
}
arg0 := ctx.Args().Get(0)

if args.Len() >= 2 && args.Get(0) == "internal-go" {
if args.Get(1) == "atomfs" || args.Get(1) == "cp" || args.Get(1) == "chown" || args.Get(1) == "chmod" ||
args.Get(1) == "bom-discover" || args.Get(1) == "bom-build" || args.Get(1) == "bom-verify" {
return true
}
if arg0 == "internal-go" && ctx.Args().Get(1) == "testsuite-check-overlay" {
return false
}

if arg0 == "bom" || arg0 == "unpriv-setup" || arg0 == "internal-go" {
return true
}

return false
Expand Down Expand Up @@ -108,6 +110,7 @@ func main() {

app.Commands = []*cli.Command{
&buildCmd,
&bomCmd,
&recursiveBuildCmd,
&convertCmd,
&publishCmd,
Expand Down
5 changes: 2 additions & 3 deletions pkg/stacker/bom.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,8 +44,7 @@ func BuildLayerArtifacts(sc types.StackerConfig, storage types.Storage, l types.
cmd = append(cmd, "--debug")
}

cmd = append(cmd, "internal-go", "bom-build",
"/stacker/artifacts",
cmd = append(cmd, "bom", "build", "/stacker/artifacts",
l.Annotations[types.AuthorAnnotation],
l.Annotations[types.OrgAnnotation],
l.Annotations[types.LicenseAnnotation],
Expand Down Expand Up @@ -89,7 +88,7 @@ func VerifyLayerArtifacts(sc types.StackerConfig, storage types.Storage, l types
cmd = append(cmd, "--debug")
}

cmd = append(cmd, "internal-go", "bom-verify",
cmd = append(cmd, "bom", "verify",
fmt.Sprintf("/stacker/artifacts/%s.json", tag),
tag, l.Annotations[types.AuthorAnnotation], l.Annotations[types.OrgAnnotation])

Expand Down
1 change: 0 additions & 1 deletion pkg/stacker/build.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -638,7 +638,6 @@ func runInternalGoSubcommand(config types.StackerConfig, args []string) error {
"--roots-dir", config.RootFSDir,
"--stacker-dir", config.StackerDir,
"--storage-type", config.StorageType,
"--internal-userns",
}

if config.Debug {
Expand Down
4 changes: 2 additions & 2 deletions test/bom.bats
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ bom-parent:
paths: [/pkg2]
run: |
# discover installed pkgs
/stacker/tools/static-stacker internal-go bom-discover
/stacker/tools/static-stacker bom discover
# our own custom packages
mkdir -p /pkg1
touch /pkg1/file
Expand Down Expand Up @@ -84,7 +84,7 @@ bom-parent:
paths: [/pkg2]
run: |
# discover installed pkgs
/stacker/tools/static-stacker internal-go bom-discover
/stacker/tools/static-stacker bom discover
# our own custom packages
mkdir -p /pkg1
touch /pkg1/file
Expand Down

0 comments on commit 540b3a1

Please sign in to comment.