-
Notifications
You must be signed in to change notification settings - Fork 617
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow providing scripts as separate files #2442
base: master
Are you sure you want to change the base?
Conversation
There are some issues with relative paths for the scripts, as has been discussed before... Note: all the files/paths used here are on the host, and nothing is copied to the instance |
This comment was marked as outdated.
This comment was marked as outdated.
As noted in the older issue, this becomes extra interesting if lima.yaml is loaded from an URL.
|
@@ -206,6 +207,7 @@ type Probe struct { | |||
Mode ProbeMode // default: "readiness" | |||
Description string | |||
Script string | |||
Path string `yaml:",omitempty" json:",omitempty"` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Shouldn't we consistently use the File
object?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The file objects also adds arch and digest, neither of which is applicable here...
We could rename Path
to Location
, to allow for running scripts from URLs?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
at least digest seems to be applicable here
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hmm, probably needs more design then
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
i.e. the wish was to "include" common scripts
If the digest changes every time you edit the script, you still need to copy/paste the sha256?
e249752
to
3b33549
Compare
I think relative filenames should always be relative to the location of The proper way to handle local script files then is to copy them during Then provision:
- mode: user
path: scripts/foo.sh
probes:
- mode: readiness
path: scripts/bar.sh This makes sure that when the user in the future runs For these reasons I think even external scripts referenced by absolute filename (or URL) should be copied into the instance directory and decoupled from the original source. I don't know how this would work for ansible playbooks, as they can in turn reference additional files, and parsing/rewriting the whole chain seems a bit too complex, but idk what else you can do. I would still say that we copy the playbook itself, and if that in turn references additional files, then it is up to the user to keep track of them. We can try to display at least a warning when this happens. I still don't know how external script files would be handled for templates loaded via Footnotes
|
This is also a security concern because a hijacked domain could inject a malicious provisioning script into an existing instance. |
We can start with this change, and look at copying them from the template folder to the instance folder later. EDIT: Then again, the LimaYAML does not know which file it originated from - so that path isn't known (either) |
Signed-off-by: Anders F Björklund <[email protected]>
Signed-off-by: Anders F Björklund <[email protected]>
3b33549
to
0867002
Compare
The "path" provided will be read, and used instead of the "script".
There are some unsolved issues with this, regarding relative paths.
Currently it requires that
limactl
is always run from the top directory.The paths PWD should probably be recorded in the instance directory?