Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[main]Replace busybox with internal copy binary and fix CVEs. #137

Merged
merged 1 commit into from
Apr 19, 2023
Merged

[main]Replace busybox with internal copy binary and fix CVEs. #137

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/workflows/pr.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ jobs:
- name: Set up Go
uses: actions/setup-go@v2
with:
go-version: 1.19
go-version: '1.20'
id: go

- name: Check out the code
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/push.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ jobs:
- name: Set up Go
uses: actions/setup-go@v2
with:
go-version: 1.19
go-version: '1.20'
id: go

- name: Check out code into the Go module directory
Expand Down
11 changes: 5 additions & 6 deletions Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
# See the License for the specific language governing permissions and
# limitations under the License.

FROM --platform=$BUILDPLATFORM golang:1.19-bullseye AS build
FROM --platform=$BUILDPLATFORM golang:1.20-bullseye AS build

ARG TARGETOS
ARG TARGETARCH
Expand All @@ -27,12 +27,11 @@ ENV GOOS=${TARGETOS} \
COPY . /go/src/velero-plugin-for-gcp
WORKDIR /go/src/velero-plugin-for-gcp
RUN export GOARM=$( echo "${GOARM}" | cut -c2-) && \
CGO_ENABLED=0 go build -v -o /go/bin/velero-plugin-for-gcp ./velero-plugin-for-gcp

FROM busybox:1.36.0-uclibc AS busybox
CGO_ENABLED=0 go build -v -o /go/bin/velero-plugin-for-gcp ./velero-plugin-for-gcp && \
CGO_ENABLED=0 go build -v -o /go/bin/cp-plugin ./hack/cp-plugin

FROM scratch
COPY --from=build /go/bin/velero-plugin-for-gcp /plugins/
COPY --from=busybox /bin/cp /bin/cp
COPY --from=build /go/bin/cp-plugin /bin/cp-plugin
USER 65532:65532
ENTRYPOINT ["cp", "/plugins/velero-plugin-for-gcp", "/target/."]
ENTRYPOINT ["cp-plugin", "/plugins/velero-plugin-for-gcp", "/target/velero-plugin-for-gcp"]
1 change: 1 addition & 0 deletions changelogs/unreleased/137-blackpiglet
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Replace busybox with internal copy binary and fix CVEs.
42 changes: 42 additions & 0 deletions hack/cp-plugin/main.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
package main

import (
"errors"
"fmt"
"io"
"os"
)

func main() {
if len(os.Args) != 3 {
fmt.Println(
`Error: This command requires two arguments.
Usage: cp-plugin src dst`)
os.Exit(1)
}
src, dst := os.Args[1], os.Args[2]
fmt.Printf("Copying %s to %s ... ", src, dst)
srcFile, err := os.Open(src)
if err != nil {
panic(err)
}
defer srcFile.Close()
if _, err := os.Stat(dst); errors.Is(err, os.ErrNotExist) {
_, err = os.Create(dst)
if err != nil {
panic(err)
}
}
dstFile, err := os.OpenFile(dst, os.O_WRONLY, 0755)
if err != nil {
panic(err)
}
defer dstFile.Close()
buf := make([]byte, 1024*128)
_, err = io.CopyBuffer(dstFile, srcFile, buf)
if err != nil {
panic(err)
}
os.Chmod(dst, 0755)
fmt.Println("done.")
}