Skip to content

Commit

Permalink
docker(install): SIGN_QEMU_BINARY env as workaround to replace existi…
Browse files Browse the repository at this point in the history
…ng signature

Signed-off-by: CrazyMax <[email protected]>
  • Loading branch information
crazy-max committed Aug 26, 2023
1 parent 4e8d894 commit 24a56db
Show file tree
Hide file tree
Showing 3 changed files with 55 additions and 4 deletions.
16 changes: 13 additions & 3 deletions __tests__/docker/install.test.itg.ts
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@
*/

import path from 'path';
import {jest, describe, expect, test} from '@jest/globals';
import {jest, describe, expect, test, beforeEach, afterEach} from '@jest/globals';

import {Install} from '../../src/docker/install';
import {Docker} from '../../src/docker/docker';
Expand All @@ -24,7 +24,17 @@ import {Docker} from '../../src/docker/docker';
const tmpDir = path.join(process.env.TEMP || '/tmp', 'docker-install-jest');

describe('install', () => {
jest.retryTimes(2, {logErrorsBeforeRetry: true});
const originalEnv = process.env;
beforeEach(() => {
jest.resetModules();
process.env = {
...originalEnv,
SIGN_QEMU_BINARY: '1'
};
});
afterEach(() => {
process.env = originalEnv;
});
// prettier-ignore
test.each(['v24.0.5'])(
'install docker %s', async (version) => {
Expand All @@ -40,5 +50,5 @@ describe('install', () => {
await Docker.printInfo();
await install.tearDown();
})()).resolves.not.toThrow();
}, 100000);
}, 600000);
});
11 changes: 11 additions & 0 deletions src/docker/assets.ts
Original file line number Diff line number Diff line change
Expand Up @@ -336,3 +336,14 @@ mounts: []
# Default: {}
env: {}
`;

export const qemuEntitlements = `
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.hypervisor</key>
<true/>
</dict>
</plist>
`;
32 changes: 31 additions & 1 deletion src/docker/install.ts
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ import * as tc from '@actions/tool-cache';
import {Context} from '../context';
import {Exec} from '../exec';
import {Util} from '../util';
import {colimaYamlData, dockerServiceLogsPs1, setupDockerLinuxSh, setupDockerWinPs1} from './assets';
import {colimaYamlData, dockerServiceLogsPs1, qemuEntitlements, setupDockerLinuxSh, setupDockerWinPs1} from './assets';
import {GitHubRelease} from '../types/github';

export interface InstallOpts {
Expand Down Expand Up @@ -147,13 +147,29 @@ export class Install {
core.info(colimaCfg);
});

const qemuArch = await Install.qemuArch();
await core.group('QEMU version', async () => {
await Exec.exec(`qemu-system-${qemuArch} --version`);
});

// https://github.com/abiosoft/colima/issues/786#issuecomment-1693629650
if (process.env.SIGN_QEMU_BINARY === '1') {
await core.group('Signing QEMU binary with entitlements', async () => {
const qemuEntitlementsFile = path.join(Context.tmpDir(), 'qemu-entitlements.xml');
core.info(`Writing entitlements to ${qemuEntitlementsFile}`);
fs.writeFileSync(qemuEntitlementsFile, qemuEntitlements);
await Exec.exec(`codesign --sign - --entitlements ${qemuEntitlementsFile} --force /usr/local/bin/qemu-system-${qemuArch}`);
});
}

// colima is already started on the runner so env var added in download
// method is not expanded to the running process.
const envs = Object.assign({}, process.env, {
PATH: `${this.toolDir}:${process.env.PATH}`
}) as {
[key: string]: string;
};

await core.group('Starting colima', async () => {
try {
await Exec.exec('colima', ['start', '--very-verbose'], {env: envs});
Expand Down Expand Up @@ -377,6 +393,20 @@ export class Install {
});
}

private static async qemuArch(): Promise<string> {
switch (os.arch()) {
case 'x64': {
return 'x86_64';
}
case 'arm64': {
return 'aarch64';
}
default: {
return os.arch();
}
}
}

public static async getRelease(version: string): Promise<GitHubRelease> {
const url = `https://raw.githubusercontent.com/docker/actions-toolkit/main/.github/docker-releases.json`;
const http: httpm.HttpClient = new httpm.HttpClient('docker-actions-toolkit');
Expand Down

0 comments on commit 24a56db

Please sign in to comment.