adding include-cert* flags for build

Bharadwajshivam28 · Sep 12, 2021 · d971e56 · d971e56
1 parent 09e8426
commit d971e56
Show file tree

Hide file tree

Showing 2 changed files with 57 additions and 0 deletions.
diff --git a/pkg/app/sensor/artifacts.go b/pkg/app/sensor/artifacts.go
@@ -20,6 +20,7 @@ import (
 	"syscall"
 
 	"github.com/docker-slim/docker-slim/pkg/app/sensor/inspectors/sodeps"
+	"github.com/docker-slim/docker-slim/pkg/certdiscover"
 	"github.com/docker-slim/docker-slim/pkg/ipc/command"
 	"github.com/docker-slim/docker-slim/pkg/report"
 	"github.com/docker-slim/docker-slim/pkg/system"
@@ -331,13 +332,53 @@ func getRecordsWithPerms(m map[string]*fsutil.AccessInfo) map[string]*fsutil.Acc
 }
 
 func (p *artifactStore) saveCertsData() {
+	copyCertBundles := func(list []string) {
+		for _, fname := range list {
+			if fsutil.Exists(fname) {
+				dstPath := fmt.Sprintf("%s/files%s", p.storeLocation, fname)
+				if err := fsutil.CopyFile(p.cmd.KeepPerms, fname, dstPath, true); err != nil {
+					log.Warnf("cert file bundle: fsutil.CopyFile(%v,%v) error - %v", fname, dstPath, err)
+				}
+			}
+		}
+	}
+
+	copyDirs := func(list []string) {
+		for _, fname := range list {
+			if fsutil.Exists(fname) {
+				dstPath := fmt.Sprintf("%s/files%s", p.storeLocation, fname)
+
+				if fsutil.IsDir(fname) {
+					err, errs := fsutil.CopyDir(p.cmd.KeepPerms, fname, dstPath, true, true, nil, nil, nil)
+					if err != nil {
+						log.Warnf("cert dir: fsutil.CopyDir(%v,%v) error: %v", fname, dstPath, err)
+					}
+
+					if len(errs) > 0 {
+						log.Warnf("cert dir: fsutil.CopyDir(%v,%v) copy errors: %+v", fname, dstPath, errs)
+					}
+				} else if fsutil.IsSymlink(fname) {
+					if err := fsutil.CopySymlinkFile(p.cmd.KeepPerms, fname, dstPath, true); err != nil {
+						log.Warnf("cert dir link: fsutil.CopySymlinkFile(%v,%v) error - %v", fname, dstPath, err)
+					}
+				}
+			}
+		}
+	}
+
 	if p.cmd.IncludeCertAll {
+		copyCertBundles(certdiscover.CertFileList())
+		copyCertBundles(certdiscover.CACertFileList())
 	}
 
 	if !p.cmd.IncludeCertAll && p.cmd.IncludeCertBundles {
+		copyCertBundles(certdiscover.CertFileList())
+		copyCertBundles(certdiscover.CACertFileList())
 	}
 
 	if p.cmd.IncludeCertDirs {
+		copyDirs(certdiscover.CertDirList())
+		copyDirs(certdiscover.CACertDirList())
 	}
 
 	if p.cmd.IncludeCertPKAll {

diff --git a/pkg/certdiscover/certdiscover.go b/pkg/certdiscover/certdiscover.go
@@ -98,6 +98,10 @@ var caCertPKDirectories = []string{
 
 var caCertPKDirsSet map[string]struct{}
 
+func CertFileList() []string {
+	return certFiles
+}
+
 func IsCertFile(name string) bool {
 	_, found := certFilesSet[name]
 	return found
@@ -114,6 +118,10 @@ func IsCertDirPath(name string) bool {
 	return false
 }
 
+func CertDirList() []string {
+	return certDirectories
+}
+
 func IsCertDir(name string) bool {
 	_, found := certDirsSet[name]
 	return found
@@ -135,11 +143,19 @@ func IsCertPKDirPath(name string) bool {
 	return false
 }
 
+func CACertFileList() []string {
+	return caCertFiles
+}
+
 func IsCACertFile(name string) bool {
 	_, found := caCertFilesSet[name]
 	return found
 }
 
+func CACertDirList() []string {
+	return caCertDirectories
+}
+
 func IsCACertDir(name string) bool {
 	_, found := caCertDirsSet[name]
 	return found