mirror of
https://github.com/pomerium/pomerium.git
synced 2025-04-29 18:36:30 +02:00
internal/envoy: always extract envoy (#2160)
This commit is contained in:
Travis Groth
GitHub
parent
d9cc26a2e0
commit
dae1836dff
2 changed files with 19 additions and 20 deletions
|
|
@ -1,6 +1,7 @@
|
|||
package envoy
|
||||
|
||||
import (
|
||||
"context"
|
||||
"fmt"
|
||||
"io/fs"
|
||||
"os"
|
||||
|
|
@ -8,13 +9,16 @@ import (
|
|||
|
||||
"github.com/natefinch/atomic"
|
||||
resources "gopkg.in/cookieo9/resources-go.v2"
|
||||
|
||||
"github.com/pomerium/pomerium/internal/log"
|
||||
)
|
||||
|
||||
const embeddedEnvoyPermissions fs.FileMode = 0o700
|
||||
const embeddedDirectoryPermissions fs.FileMode = 0o755
|
||||
|
||||
var embeddedFilesDirectory = filepath.Join(os.TempDir(), "pomerium-embedded-files")
|
||||
var embeddedFilesBaseDirectory = filepath.Join(os.TempDir(), "pomerium-embedded-files")
|
||||
|
||||
func extractEmbeddedEnvoy() (outPath string, err error) {
|
||||
func extractEmbeddedEnvoy(ctx context.Context) (outPath string, err error) {
|
||||
exePath, err := resources.ExecutablePath()
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("error finding executable path: %w", err)
|
||||
|
|
@ -31,24 +35,23 @@ func extractEmbeddedEnvoy() (outPath string, err error) {
|
|||
}
|
||||
defer rc.Close()
|
||||
|
||||
err = os.MkdirAll(embeddedFilesDirectory, 0o755)
|
||||
// clean up our base directory before starting
|
||||
err = os.RemoveAll(embeddedFilesBaseDirectory)
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("error creating embedded file directory: (directory=%s): %w", embeddedFilesDirectory, err)
|
||||
return "", fmt.Errorf("error cleaning embedded file directory: (directory=%s): %w", embeddedFilesBaseDirectory, err)
|
||||
}
|
||||
|
||||
outPath = filepath.Join(embeddedFilesDirectory, "envoy")
|
||||
|
||||
// skip extraction if we already have it
|
||||
var zfi os.FileInfo
|
||||
if zf, ok := rc.(interface{ FileInfo() os.FileInfo }); ok {
|
||||
zfi = zf.FileInfo()
|
||||
if fi, e := os.Stat(outPath); e == nil {
|
||||
if fi.Size() == zfi.Size() && fi.ModTime() == zfi.ModTime() && zfi.Mode().Perm() == embeddedEnvoyPermissions {
|
||||
return outPath, nil
|
||||
}
|
||||
}
|
||||
// create known directory base to clean at startup
|
||||
err = os.MkdirAll(embeddedFilesBaseDirectory, embeddedDirectoryPermissions)
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("error creating embedded file directory: (directory=%s): %w", embeddedFilesBaseDirectory, err)
|
||||
}
|
||||
|
||||
// build a random temp directory inside our base directory to guarantee permissions
|
||||
tmpDir, err := os.MkdirTemp(embeddedFilesBaseDirectory, "envoy-")
|
||||
outPath = filepath.Join(tmpDir, "envoy")
|
||||
|
||||
log.Info(ctx).Str("path", outPath).Msg("extracting envoy binary")
|
||||
err = atomic.WriteFile(outPath, rc)
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("error extracting embedded envoy binary to temporary directory (path=%s): %w", outPath, err)
|
||||
|
|
@ -59,9 +62,5 @@ func extractEmbeddedEnvoy() (outPath string, err error) {
|
|||
return "", fmt.Errorf("error chmoding embedded envoy binary: %w", err)
|
||||
}
|
||||
|
||||
if zfi != nil {
|
||||
_ = os.Chtimes(outPath, zfi.ModTime(), zfi.ModTime())
|
||||
}
|
||||
|
||||
return outPath, nil
|
||||
}
|
||||
|
|
|
|||
|
|
@ -74,7 +74,7 @@ func NewServer(ctx context.Context, src config.Source, grpcPort, httpPort string
|
|||
return nil, fmt.Errorf("error creating temporary working directory for envoy: %w", err)
|
||||
}
|
||||
|
||||
envoyPath, err := extractEmbeddedEnvoy()
|
||||
envoyPath, err := extractEmbeddedEnvoy(ctx)
|
||||
if err != nil {
|
||||
log.Warn(ctx).Err(err).Send()
|
||||
envoyPath = "envoy"
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue