|
|
|
/*
|
|
|
|
Copyright The Helm Authors.
|
|
|
|
|
|
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
you may not use this file except in compliance with the License.
|
|
|
|
You may obtain a copy of the License at
|
|
|
|
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
See the License for the specific language governing permissions and
|
|
|
|
limitations under the License.
|
|
|
|
*/
|
|
|
|
|
|
|
|
package action
|
|
|
|
|
|
|
|
import (
|
|
|
|
"bufio"
|
|
|
|
"fmt"
|
|
|
|
"os"
|
|
|
|
"syscall"
|
|
|
|
|
|
|
|
"github.com/Masterminds/semver/v3"
|
|
|
|
"github.com/pkg/errors"
|
|
|
|
"golang.org/x/term"
|
|
|
|
|
|
|
|
"helm.sh/helm/v3/pkg/chart/loader"
|
|
|
|
"helm.sh/helm/v3/pkg/chartutil"
|
|
|
|
"helm.sh/helm/v3/pkg/provenance"
|
|
|
|
)
|
|
|
|
|
|
|
|
// Package is the action for packaging a chart.
|
|
|
|
//
|
|
|
|
// It provides the implementation of 'helm package'.
|
|
|
|
type Package struct {
|
|
|
|
Sign bool
|
|
|
|
Key string
|
|
|
|
Keyring string
|
|
|
|
PassphraseFile string
|
|
|
|
Version string
|
|
|
|
AppVersion string
|
|
|
|
Destination string
|
|
|
|
DependencyUpdate bool
|
|
|
|
|
|
|
|
RepositoryConfig string
|
|
|
|
RepositoryCache string
|
|
|
|
PlainHTTP bool
|
|
|
|
Username string
|
|
|
|
Password string
|
|
|
|
CertFile string
|
|
|
|
KeyFile string
|
|
|
|
CaFile string
|
|
|
|
InsecureSkipTLSverify bool
|
|
|
|
}
|
|
|
|
|
|
|
|
// NewPackage creates a new Package object with the given configuration.
|
|
|
|
func NewPackage() *Package {
|
|
|
|
return &Package{}
|
|
|
|
}
|
|
|
|
|
|
|
|
// Run executes 'helm package' against the given chart and returns the path to the packaged chart.
|
|
|
|
func (p *Package) Run(path string, _ map[string]interface{}) (string, error) {
|
|
|
|
ch, err := loader.LoadDir(path)
|
|
|
|
if err != nil {
|
|
|
|
return "", err
|
|
|
|
}
|
|
|
|
|
|
|
|
// If version is set, modify the version.
|
|
|
|
if p.Version != "" {
|
|
|
|
ch.Metadata.Version = p.Version
|
|
|
|
}
|
|
|
|
|
|
|
|
if err := validateVersion(ch.Metadata.Version); err != nil {
|
|
|
|
return "", err
|
|
|
|
}
|
|
|
|
|
|
|
|
if p.AppVersion != "" {
|
|
|
|
ch.Metadata.AppVersion = p.AppVersion
|
|
|
|
}
|
|
|
|
|
|
|
|
if reqs := ch.Metadata.Dependencies; reqs != nil {
|
|
|
|
if err := CheckDependencies(ch, reqs); err != nil {
|
|
|
|
return "", err
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
var dest string
|
|
|
|
if p.Destination == "." {
|
|
|
|
// Save to the current working directory.
|
|
|
|
dest, err = os.Getwd()
|
|
|
|
if err != nil {
|
|
|
|
return "", err
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
// Otherwise save to set destination
|
|
|
|
dest = p.Destination
|
|
|
|
}
|
|
|
|
|
|
|
|
name, err := chartutil.Save(ch, dest)
|
|
|
|
if err != nil {
|
|
|
|
return "", errors.Wrap(err, "failed to save")
|
|
|
|
}
|
|
|
|
|
|
|
|
if p.Sign {
|
|
|
|
err = p.Clearsign(name)
|
|
|
|
}
|
|
|
|
|
|
|
|
return name, err
|
|
|
|
}
|
|
|
|
|
|
|
|
// validateVersion Verify that version is a Version, and error out if it is not.
|
|
|
|
func validateVersion(ver string) error {
|
|
|
|
if _, err := semver.NewVersion(ver); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// Clearsign signs a chart
|
|
|
|
func (p *Package) Clearsign(filename string) error {
|
|
|
|
// Load keyring
|
|
|
|
signer, err := provenance.NewFromKeyring(p.Keyring, p.Key)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
passphraseFetcher := promptUser
|
|
|
|
if p.PassphraseFile != "" {
|
|
|
|
passphraseFetcher, err = passphraseFileFetcher(p.PassphraseFile, os.Stdin)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if err := signer.DecryptKey(passphraseFetcher); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
sig, err := signer.ClearSign(filename)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
return os.WriteFile(filename+".prov", []byte(sig), 0644)
|
|
|
|
}
|
|
|
|
|
|
|
|
// promptUser implements provenance.PassphraseFetcher
|
|
|
|
func promptUser(name string) ([]byte, error) {
|
|
|
|
fmt.Printf("Password for key %q > ", name)
|
|
|
|
// syscall.Stdin is not an int in all environments and needs to be coerced
|
|
|
|
// into one there (e.g., Windows)
|
|
|
|
pw, err := term.ReadPassword(int(syscall.Stdin))
|
|
|
|
fmt.Println()
|
|
|
|
return pw, err
|
|
|
|
}
|
|
|
|
|
|
|
|
func passphraseFileFetcher(passphraseFile string, stdin *os.File) (provenance.PassphraseFetcher, error) {
|
|
|
|
file, err := openPassphraseFile(passphraseFile, stdin)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
defer file.Close()
|
|
|
|
|
|
|
|
reader := bufio.NewReader(file)
|
|
|
|
passphrase, _, err := reader.ReadLine()
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
return func(_ string) ([]byte, error) {
|
|
|
|
return passphrase, nil
|
|
|
|
}, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func openPassphraseFile(passphraseFile string, stdin *os.File) (*os.File, error) {
|
|
|
|
if passphraseFile == "-" {
|
|
|
|
stat, err := stdin.Stat()
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
if (stat.Mode() & os.ModeNamedPipe) == 0 {
|
|
|
|
return nil, errors.New("specified reading passphrase from stdin, without input on stdin")
|
|
|
|
}
|
|
|
|
return stdin, nil
|
|
|
|
}
|
|
|
|
return os.Open(passphraseFile)
|
|
|
|
}
|