[Buildroot] [PATCH v2] fs/oci: entrypoint and command are space-separated lists
Peter Korsgaard
peter at korsgaard.com
Sun May 15 20:22:59 UTC 2022
>>>>> <yann.morin at orange.com> writes:
> From: "Yann E. MORIN" <yann.morin at orange.com>
> The prompt and variable name for the OCI "entrypoint arguments" are
> somewhat incorrect. Indeed, they are in fact use to set the image
> "command". Yet, using "command" would be confusing too, because the
> interplay between entrypoint and command is tricky [0].
> TL-DR; when both entrrypoint and command are set, command acts as
> arguments passed to the entrypoint.
> Additionally, we currently can only pass a single item as either
> entrypoint or command. This precludes passing actual arguments to the
> entrypoint, or passing multiple arguments as command.
> For example:
> BR2_TARGET_ROOTFS_OCI_ENTRYPOINT="/bin/tini -g -p SIGTERM --"
> BR2_TARGET_ROOTFS_OCI_ENTRYPOINT_ARGS="/usr/bin/env sh"
> generates an images with (only relevant fileds are included below):
> {
> "config": {
> "Entrypoint": [ "/bin/tini -g -p SIGTERM --" ],
> "Cmd": [ "/usr/bin/env sh" ]
> }
> }
> This is obviously incorrect, and not what one would expect:
> {
> "config": {
> "Entrypoint": [ "/bin/tini", "-g", "-p", "SIGTERM", "--" ],
> "Cmd": [ "/usr/bin/env", "sh" ]
> }
> }
> However, some people do want to be able to pass an actual shell
> scriptlet as a command, such as:
> {
> "config": {
> "Entrypoint": [ "/bin/sh", "-c" ],
> "Cmd": [ "my shell logic goes here" ]
> }
> }
> Handling both is obviously conflicting: we can't both split-on-spaces
> and not-split-on-spaces at the same time...
> So, we fix that in tow ways:
> - make the current _OCI_ENTRYPOINT_ARGS a legacy option, and introduce
> the new _OCI_CMD option with different semantics (see below) and an
> appropriate prompt;
> - we interpret both _OCI_ENTRYPOINT and _OCI_CMD as shell strings,
> which we subject to the usual shell quoting [1] and token
> recognition [2];
> Since _OCI_ENTRYPOINT_ARGS used to be interpreted as a single string, we
> can't easily change its meaning to be a space-separated list, as that
> would break existing setups, which is the reason we make it legacy and
> introduce a new option.
> Ideally, we would like to default the new option _OCI_CMD to be the
> quoted value of the previous _OCI_ENTRYPOINT_ARGS, but this is not
> possible in Kconfig. Still, users that had a _OCI_ENTRYPOINT_ARGS set
> will now get an early build error, and can still detect they need to do
> something about it.
> As for _OCI_ENTRYPOINT, it does not make much sense to support both
> cases. Indeed, withoput splitting on spaces, we'd end up with an
> entrypoint that would hava single item:
> {
> "config": {
> "entrypoint: [ "some string with some spaces" ]
> }
> }
> which in this case would try to execute the program which name is
> actually "some string with some spaces", so we do not expect that
> existing entrypoints are set with any space in them, and so the new
> behaviour, unlike for _OCI_ENTRYPOINT_ARGS vs. _OCI_CMD, is compatible
> with existing configurations, and so we do not need to make it a legacy
> option and introduce a new one.
> [0] https://docs.docker.com/engine/reference/builder/#understand-how-cmd-and-entrypoint-interact
> [1] https://pubs.opengroup.org/onlinepubs/9699919799/utilities/V3_chap02.html#tag_18_02
> [2] https://pubs.opengroup.org/onlinepubs/9699919799/utilities/V3_chap02.html#tag_18_03
> Signed-off-by: Yann E. MORIN <yann.morin at orange.com>
> Cc: Sergio Prado <sergio.prado at e-labworks.com>
> Cc: Matthew Weber <matthew.weber at collins.com>
> ---
> Changes v1 -> v2:
> - drop _OCI_ENTRYPOINT_ARGS and replace with _OCI_CMD
> - accept values that have shell escapes and quotes, and spaces
> +# entrypoint and command
> +# Special treatment: both the entrypoint and arguments (aka command) are
> +# a double-quoted, space-separated, escaped-double-quoted string, like:
> +# "foo \"1 2 3 4\" ' a b c d ' bar\ buz"
> +# which should be interpreted as a 4-item list (using single quotes to
> +# delimit them and see leading/trailing spaces):
> +# 'foo'
> +# '1 2 3 4'
> +# ' a b c d '
> +# 'bar buz'
> +#
> +# We use some trickery to have the shell properly expand this into a list
> +# where each item is single-quoted and prefixed with the appropriate
> +# option string:
> +OCI_SLOCI_IMAGE_OPTS += \
> + $(shell eval printf -- "--entrypoint\ \'%s\'\ " $(BR2_TARGET_ROOTFS_OCI_ENTRYPOINT)) \
> + $(shell eval printf -- "--cmd\ \'%s\'\ " $(BR2_TARGET_ROOTFS_OCI_CMD))
Neat! Maybe we should add a test to ensure this doesn't break in the
future.
It still doesn't work for the case where the options contain references
to shell variables ($FOO) or shell commands ($(blih), `blah`), but it
didn't before either.
Committed, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list