From 26239499f87741e48a0dad0051c7f3b058de7dae Mon Sep 17 00:00:00 2001 From: Jacob Weinstock Date: Wed, 16 Jul 2025 12:56:28 -0600 Subject: [PATCH 1/3] Update to Go 1.24: Security, performance, etc updates. Signed-off-by: Jacob Weinstock --- writefile/Dockerfile | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/writefile/Dockerfile b/writefile/Dockerfile index e767506..b0cb584 100644 --- a/writefile/Dockerfile +++ b/writefile/Dockerfile @@ -1,12 +1,10 @@ # syntax=docker/dockerfile:1 -FROM golang:1.21-alpine AS writefile +FROM golang:1.24-alpine AS writefile RUN apk add --no-cache git ca-certificates gcc musl-dev COPY . /src WORKDIR /src/writefile -RUN --mount=type=cache,sharing=locked,id=gomod,target=/go/pkg/mod/cache \ - --mount=type=cache,sharing=locked,id=goroot,target=/root/.cache/go-build \ - CGO_ENABLED=1 GOOS=linux go build -a -ldflags "-linkmode external -extldflags '-static' -s -w" -o writefile +RUN CGO_ENABLED=1 GOOS=linux go build -a -ldflags "-linkmode external -extldflags '-static' -s -w" -o writefile FROM scratch # Add Certificates into the image, for anything that does HTTPS calls From 7ac1b830040081555e5ab1b5f6071cd85a0734ee Mon Sep 17 00:00:00 2001 From: Jacob Weinstock Date: Wed, 16 Jul 2025 12:57:08 -0600 Subject: [PATCH 2/3] Use structured logging: This improves the search-ability of logs that are sent via syslog to Tinkerbell. Signed-off-by: Jacob Weinstock --- writefile/main.go | 44 +++++++++++++++++++++++++++++--------------- 1 file changed, 29 insertions(+), 15 deletions(-) diff --git a/writefile/main.go b/writefile/main.go index 3961281..8bbeb10 100644 --- a/writefile/main.go +++ b/writefile/main.go @@ -3,6 +3,7 @@ package main import ( "errors" "fmt" + "log/slog" "os" "path/filepath" "strconv" @@ -15,7 +16,8 @@ import ( const mountAction = "/mountAction" func main() { - fmt.Printf("WriteFile - Write file to disk\n------------------------\n") + logger := slog.New(slog.NewTextHandler(os.Stdout, nil)) + logger.Info("WriteFile - Write file to a disk device") blockDevice := os.Getenv("DEST_DISK") filesystemType := os.Getenv("FS_TYPE") @@ -29,69 +31,81 @@ func main() { // Validate inputs if blockDevice == "" { - log.Fatalf("No Block Device speified with Environment Variable [DEST_DISK]") + logger.Error("No Block Device speified with Environment Variable [DEST_DISK]") + os.Exit(1) } if !filepath.IsAbs(filePath) { - log.Fatal("Provide path must be an absolute path") + logger.Error("Provide path must be an absolute path") + os.Exit(1) } modePrime, err := strconv.ParseUint(mode, 8, 32) if err != nil { - log.Fatalf("Could not parse mode: %v", err) + logger.Error("Could not parse mode", "error", err) + os.Exit(1) } fileMode := os.FileMode(modePrime) dirModePrime, err := strconv.ParseUint(dirMode, 8, 32) if err != nil { - log.Fatalf("Could not parse dirmode: %v", err) + logger.Error("Could not parse dirmode", "error", err) + os.Exit(1) } newDirMode := os.FileMode(dirModePrime) fileUID, err := strconv.Atoi(uid) if err != nil { - log.Fatalf("Could not parse uid: %v", err) + logger.Error("Could not parse uid", "error", err) + os.Exit(1) } fileGID, err := strconv.Atoi(gid) if err != nil { - log.Fatalf("Could not parse gid: %v", err) + logger.Error("Could not parse gid", "error", err) + os.Exit(1) } dirPath, fileName := filepath.Split(filePath) if len(fileName) == 0 { - log.Fatal("Provide path must include a file component") + logger.Error("Provide path must include a file component") + os.Exit(1) } // Create the /mountAction mountpoint (no folders exist previously in scratch container) if err := os.Mkdir(mountAction, os.ModeDir); err != nil { - log.Fatalf("Error creating the action Mountpoint [%s]", mountAction) + logger.Error("Error creating the action Mountpoint", "mountAction", mountAction, "error", err) + os.Exit(1) } // Mount the block device to the /mountAction point if err := syscall.Mount(blockDevice, mountAction, filesystemType, 0, ""); err != nil { - log.Fatalf("Mounting [%s] -> [%s] error [%v]", blockDevice, mountAction, err) + logger.Error("Mounting block device", "blockDevice", blockDevice, "mountAction", mountAction, "error", err) + os.Exit(1) } - log.Infof("Mounted [%s] -> [%s]", blockDevice, mountAction) + logger.Info("Mounted device successfully", "source", blockDevice, "destination", mountAction) if err := recursiveEnsureDir(mountAction, dirPath, newDirMode, fileUID, fileGID); err != nil { - log.Fatalf("Failed to ensure directory exists: %v", err) + logger.Error("Failed to ensure directory exists", "error", err) + os.Exit(1) } fqFilePath := filepath.Join(mountAction, filePath) // Write the file to disk if err := os.WriteFile(fqFilePath, []byte(contents), fileMode); err != nil { - log.Fatalf("Could not write file %s: %v", filePath, err) + logger.Error("Could not write file", "filePath", filePath, "error", err) + os.Exit(1) } if err := os.Chown(fqFilePath, fileUID, fileGID); err != nil { - log.Fatalf("Could not modify ownership of file %s: %v", filePath, err) + logger.Error("Could not modify ownership of file", "filePath", filePath, "error", err) + os.Exit(1) } - log.Infof("Successfully wrote file [%s] to device [%s]", filePath, blockDevice) + logger.Info("Successfully wrote file", "filePath", filePath, "blockDevice", blockDevice) } func dirExists(mountPath, path string) (bool, error) { From cc2dd88f65295bc24070029861ae988c6edd8eb8 Mon Sep 17 00:00:00 2001 From: Jacob Weinstock Date: Wed, 16 Jul 2025 12:58:01 -0600 Subject: [PATCH 3/3] Unmount the block device after use: This clean up is needed to avoid any possible issues with subsequent Actions. Signed-off-by: Jacob Weinstock --- writefile/main.go | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/writefile/main.go b/writefile/main.go index 8bbeb10..3d47ad8 100644 --- a/writefile/main.go +++ b/writefile/main.go @@ -85,7 +85,13 @@ func main() { logger.Error("Mounting block device", "blockDevice", blockDevice, "mountAction", mountAction, "error", err) os.Exit(1) } - + defer func() { + if err := syscall.Unmount(mountAction, 0); err != nil { + logger.Error("Error unmounting device", "source", blockDevice, "destination", mountAction, "error", err) + } else { + logger.Info("Unmounted device successfully", "source", blockDevice, "destination", mountAction) + } + }() logger.Info("Mounted device successfully", "source", blockDevice, "destination", mountAction) if err := recursiveEnsureDir(mountAction, dirPath, newDirMode, fileUID, fileGID); err != nil {