Simplify mod logic, add quay.io support

This commit is contained in:
TheSpad
2023-03-19 16:48:18 +00:00
parent 0dc6a01f99
commit 335c3c7540
2 changed files with 50 additions and 80 deletions
+1
View File
@@ -2,6 +2,7 @@
These files are used by Linuxserver build processes to handle mods in our images. Not for end-user consumption. These files are used by Linuxserver build processes to handle mods in our images. Not for end-user consumption.
* **19.03.23:** - Add quay.io support for mods.
* **25.02.23:** - Inject branding. * **25.02.23:** - Inject branding.
* **05.02.23:** - Support multi-manifest mods for provenance, etc. * **05.02.23:** - Support multi-manifest mods for provenance, etc.
* **21.01.23:** - Create with-contenv alias. * **21.01.23:** - Create with-contenv alias.
+30 -61
View File
@@ -161,15 +161,14 @@ curl_check() {
# Use different filtering depending on URL # Use different filtering depending on URL
get_blob_sha() { get_blob_sha() {
if [[ $1 == "ghcr" ]]; then
MULTIDIGEST=$(curl -f --retry 10 --retry-max-time 60 --retry-connrefused \ MULTIDIGEST=$(curl -f --retry 10 --retry-max-time 60 --retry-connrefused \
--silent \ --silent \
--location \ --location \
--request GET \ --request GET \
--header "Accept: application/vnd.docker.distribution.manifest.v2+json" \ --header "Accept: application/vnd.docker.distribution.manifest.v2+json" \
--header "Accept: application/vnd.oci.image.index.v1+json" \ --header "Accept: application/vnd.oci.image.index.v1+json" \
--header "Authorization: Bearer ${2}" \ --header "Authorization: Bearer ${1}" \
"${3}/${4}" | jq -r 'first(.manifests[].digest)?') "${2}/${3}" | jq -r 'first(.manifests[].digest)?')
if [[ -z "${MULTIDIGEST}" ]]; then if [[ -z "${MULTIDIGEST}" ]]; then
if DIGEST=$(curl -f --retry 10 --retry-max-time 60 --retry-connrefused \ if DIGEST=$(curl -f --retry 10 --retry-max-time 60 --retry-connrefused \
--silent \ --silent \
@@ -177,8 +176,8 @@ get_blob_sha() {
--request GET \ --request GET \
--header "Accept: application/vnd.docker.distribution.manifest.v2+json" \ --header "Accept: application/vnd.docker.distribution.manifest.v2+json" \
--header "Accept: application/vnd.oci.image.manifest.v1+json" \ --header "Accept: application/vnd.oci.image.manifest.v1+json" \
--header "Authorization: Bearer ${2}" \ --header "Authorization: Bearer ${1}" \
"${3}/${4}"); then "${2}/${3}"); then
echo "${DIGEST}" | jq -r '.layers[0].digest'; echo "${DIGEST}" | jq -r '.layers[0].digest';
fi fi
else else
@@ -188,44 +187,11 @@ get_blob_sha() {
--request GET \ --request GET \
--header "Accept: application/vnd.docker.distribution.manifest.v2+json" \ --header "Accept: application/vnd.docker.distribution.manifest.v2+json" \
--header "Accept: application/vnd.oci.image.manifest.v1+json" \ --header "Accept: application/vnd.oci.image.manifest.v1+json" \
--header "Authorization: Bearer ${2}" \ --header "Authorization: Bearer ${1}" \
"${3}/${MULTIDIGEST}"); then "${2}/${MULTIDIGEST}"); then
echo "${DIGEST}" | jq -r '.layers[0].digest'; echo "${DIGEST}" | jq -r '.layers[0].digest';
fi fi
fi fi
else
MULTIDIGEST=$(curl -f --retry 10 --retry-max-time 60 --retry-connrefused \
--silent \
--location \
--request GET \
--header "Accept: application/vnd.docker.distribution.manifest.v2+json" \
--header "Accept: application/vnd.oci.image.index.v1+json" \
--header "Authorization: Bearer ${2}" \
"${3}/${4}" | jq -r 'first(.manifests[].digest)?')
if [[ -z "${MULTIDIGEST}" ]]; then
if DIGEST=$(curl -f --retry 10 --retry-max-time 60 --retry-connrefused \
--silent \
--location \
--request GET \
--header "Accept: application/vnd.docker.distribution.manifest.v2+json" \
--header "Accept: application/vnd.oci.image.manifest.v1+json" \
--header "Authorization: Bearer ${2}" \
"${3}/${4}"); then
echo "${DIGEST}" | jq -r '.layers[0].digest';
fi
else
if DIGEST=$(curl -f --retry 10 --retry-max-time 60 --retry-connrefused \
--silent \
--location \
--request GET \
--header "Accept: application/vnd.docker.distribution.manifest.v2+json" \
--header "Accept: application/vnd.oci.image.manifest.v1+json" \
--header "Authorization: Bearer ${2}" \
"${3}/${MULTIDIGEST}"); then
echo "${DIGEST}" | jq -r '.layers[0].digest';
fi
fi
fi
} }
# Main run logic # Main run logic
@@ -233,34 +199,37 @@ run_mods() {
echo "[mod-init] Attempting to run Docker Modification Logic" echo "[mod-init] Attempting to run Docker Modification Logic"
for DOCKER_MOD in $(echo "${DOCKER_MODS}" | tr '|' '\n'); do for DOCKER_MOD in $(echo "${DOCKER_MODS}" | tr '|' '\n'); do
# Support alternative endpoints # Support alternative endpoints
if [[ ${DOCKER_MOD} == ghcr.io/* ]] || [[ ${DOCKER_MOD} == linuxserver/* ]]; then case "${DOCKER_MOD}" in
linuxserver/* )
REGISTRY="ghcr.io"
;;
ghcr.io/* )
REGISTRY="ghcr.io"
DOCKER_MOD="${DOCKER_MOD#ghcr.io/*}" DOCKER_MOD="${DOCKER_MOD#ghcr.io/*}"
;;
quay.io/* )
REGISTRY="quay.io"
DOCKER_MOD="${DOCKER_MOD#quay.io/*}"
;;
* )
REGISTRY="registry-1.docker.io"
;;
esac
ENDPOINT="${DOCKER_MOD%%:*}" ENDPOINT="${DOCKER_MOD%%:*}"
USERNAME="${DOCKER_MOD%%/*}" USERNAME="${DOCKER_MOD%%/*}"
REPO="${ENDPOINT#*/}" REPO="${ENDPOINT#*/}"
TAG="${DOCKER_MOD#*:}" TAG="${DOCKER_MOD#*:}"
if [[ ${TAG} == "${DOCKER_MOD}" ]]; then if [[ "${TAG}" == "${DOCKER_MOD}" ]]; then
TAG="latest" TAG="latest"
fi fi
FILENAME="${USERNAME}.${REPO}.${TAG}" FILENAME="${USERNAME}.${REPO}.${TAG}"
AUTH_URL="https://ghcr.io/token?scope=repository%3A${USERNAME}%2F${REPO}%3Apull" MANIFEST_URL="https://${REGISTRY}/v2/${ENDPOINT}/manifests"
MANIFEST_URL="https://ghcr.io/v2/${ENDPOINT}/manifests" BLOB_URL="https://${REGISTRY}/v2/${ENDPOINT}/blobs/"
BLOB_URL="https://ghcr.io/v2/${ENDPOINT}/blobs/" case "${REGISTRY}" in
MODE="ghcr" "ghcr.io") AUTH_URL="https://ghcr.io/token?scope=repository%3A${USERNAME}%2F${REPO}%3Apull";;
else "quay.io") AUTH_URL="https://quay.io/v2/auth?service=quay.io&scope=repository%3A${USERNAME}%2F${REPO}%3Apull";;
ENDPOINT="${DOCKER_MOD%%:*}" "registry-1.docker.io") AUTH_URL="https://auth.docker.io/token?service=registry.docker.io&scope=repository:${ENDPOINT}:pull";;
USERNAME="${DOCKER_MOD%%/*}" esac
REPO="${ENDPOINT#*/}"
TAG="${DOCKER_MOD#*:}"
if [[ ${TAG} == "${DOCKER_MOD}" ]]; then
TAG="latest"
fi
FILENAME="${USERNAME}.${REPO}.${TAG}"
AUTH_URL="https://auth.docker.io/token?service=registry.docker.io&scope=repository:${ENDPOINT}:pull"
MANIFEST_URL="https://registry-1.docker.io/v2/${ENDPOINT}/manifests"
BLOB_URL="https://registry-1.docker.io/v2/${ENDPOINT}/blobs/"
MODE="dockerhub"
fi
# Kill off modification logic if any of the usernames are banned # Kill off modification logic if any of the usernames are banned
for BANNED in $(curl -s https://raw.githubusercontent.com/linuxserver/docker-mods/master/blacklist.txt); do for BANNED in $(curl -s https://raw.githubusercontent.com/linuxserver/docker-mods/master/blacklist.txt); do
if [[ "${BANNED,,}" == "${USERNAME,,}" ]]; then if [[ "${BANNED,,}" == "${USERNAME,,}" ]]; then
@@ -282,7 +251,7 @@ run_mods() {
jq -r '.token' jq -r '.token'
)" )"
# Determine first and only layer of image # Determine first and only layer of image
SHALAYER=$(get_blob_sha "${MODE}" "${TOKEN}" "${MANIFEST_URL}" "${TAG}") SHALAYER=$(get_blob_sha "${TOKEN}" "${MANIFEST_URL}" "${TAG}")
if [[ -z "${SHALAYER}" ]]; then if [[ -z "${SHALAYER}" ]]; then
echo "[mod-init] ${DOCKER_MOD} could not be found on ${MODE}" echo "[mod-init] ${DOCKER_MOD} could not be found on ${MODE}"
continue continue