From 8a584aff897a3969f9c5ca18761385a01c484551 Mon Sep 17 00:00:00 2001 From: DQ Date: Wed, 21 Oct 2020 17:18:31 +0800 Subject: [PATCH 1/3] Clean up clair and clair-adapter in build scripts 1. Makefles 2. Dockerfiles 3. Installation script 4. harbor.yml template Signed-off-by: DQ --- Makefile | 28 ++----------- make/harbor.yml.tmpl | 13 ------ make/install.sh | 9 ----- make/photon/Makefile | 42 +------------------- make/photon/clair-adapter/Dockerfile | 18 --------- make/photon/clair-adapter/Dockerfile.base | 7 ---- make/photon/clair-adapter/Dockerfile.binary | 11 ----- make/photon/clair-adapter/builder.sh | 39 ------------------ make/photon/clair-adapter/entrypoint.sh | 7 ---- make/photon/clair/Dockerfile | 22 ---------- make/photon/clair/Dockerfile.base | 6 --- make/photon/clair/Dockerfile.binary | 7 ---- make/photon/clair/builder | 38 ------------------ make/photon/clair/docker-entrypoint.sh | 7 ---- make/photon/clair/dumb-init | Bin 46400 -> 0 bytes 15 files changed, 5 insertions(+), 249 deletions(-) delete mode 100644 make/photon/clair-adapter/Dockerfile delete mode 100644 make/photon/clair-adapter/Dockerfile.base delete mode 100644 make/photon/clair-adapter/Dockerfile.binary delete mode 100755 make/photon/clair-adapter/builder.sh delete mode 100644 make/photon/clair-adapter/entrypoint.sh delete mode 100644 make/photon/clair/Dockerfile delete mode 100644 make/photon/clair/Dockerfile.base delete mode 100644 make/photon/clair/Dockerfile.binary delete mode 100755 make/photon/clair/builder delete mode 100644 make/photon/clair/docker-entrypoint.sh delete mode 100755 make/photon/clair/dumb-init diff --git a/Makefile b/Makefile index dbbca2a89..0fb28ca02 100644 --- a/Makefile +++ b/Makefile @@ -76,7 +76,6 @@ REGISTRYSERVER= REGISTRYPROJECTNAME=goharbor DEVFLAG=true NOTARYFLAG=false -CLAIRFLAG=false TRIVYFLAG=false HTTPPROXY= BUILDBIN=false @@ -101,9 +100,7 @@ PREPARE_VERSION_NAME=versions #versions REGISTRYVERSION=v2.7.1-patch-2819-2553-redis NOTARYVERSION=v0.6.1 -CLAIRVERSION=v2.1.6 NOTARYMIGRATEVERSION=v3.5.4 -CLAIRADAPTERVERSION=v1.1.1 TRIVYVERSION=v0.9.2 TRIVYADAPTERVERSION=v0.14.1 @@ -117,11 +114,9 @@ CHARTMUSEUM_SRC_TAG=v0.12.0 REGISTRY_SRC_TAG=v2.7.1 # dependency binaries -CLAIRURL=https://storage.googleapis.com/harbor-builds/bin/clair/release2.0-${CLAIRVERSION}/clair CHARTURL=https://storage.googleapis.com/harbor-builds/bin/chartmuseum/release-${CHARTMUSEUMVERSION}/chartm NORARYURL=https://storage.googleapis.com/harbor-builds/bin/notary/release-${NOTARYVERSION}/binary-bundle.tgz REGISTRYURL=https://storage.googleapis.com/harbor-builds/bin/registry/release-${REGISTRYVERSION}/registry -CLAIR_ADAPTER_DOWNLOAD_URL=https://github.com/goharbor/harbor-scanner-clair/releases/download/$(CLAIRADAPTERVERSION)/harbor-scanner-clair_$(CLAIRADAPTERVERSION:v%=%)_Linux_x86_64.tar.gz TRIVY_DOWNLOAD_URL=https://github.com/aquasecurity/trivy/releases/download/$(TRIVYVERSION)/trivy_$(TRIVYVERSION:v%=%)_Linux-64bit.tar.gz TRIVY_ADAPTER_DOWNLOAD_URL=https://github.com/aquasecurity/harbor-scanner-trivy/releases/download/$(TRIVYADAPTERVERSION)/harbor-scanner-trivy_$(TRIVYADAPTERVERSION:v%=%)_Linux_x86_64.tar.gz @@ -129,8 +124,6 @@ define VERSIONS_FOR_PREPARE VERSION_TAG: $(VERSIONTAG) REGISTRY_VERSION: $(REGISTRYVERSION) NOTARY_VERSION: $(NOTARYVERSION) -CLAIR_VERSION: $(CLAIRVERSION) -CLAIR_ADAPTER_VERSION: $(CLAIRADAPTERVERSION) TRIVY_VERSION: $(TRIVYVERSION) TRIVY_ADAPTER_VERSION: $(TRIVYADAPTERVERSION) CHARTMUSEUM_VERSION: $(CHARTMUSEUMVERSION) @@ -210,9 +203,6 @@ PREPARECMD_PARA=--conf $(INSIDE_CONFIGPATH)/$(CONFIGFILE) ifeq ($(NOTARYFLAG), true) PREPARECMD_PARA+= --with-notary endif -ifeq ($(CLAIRFLAG), true) - PREPARECMD_PARA+= --with-clair -endif ifeq ($(TRIVYFLAG), true) PREPARECMD_PARA+= --with-trivy endif @@ -239,14 +229,7 @@ DOCKERIMAGENAME_REGCTL=goharbor/harbor-registryctl # docker-compose files DOCKERCOMPOSEFILEPATH=$(MAKEPATH) -DOCKERCOMPOSETPLFILENAME=docker-compose.tpl DOCKERCOMPOSEFILENAME=docker-compose.yml -DOCKERCOMPOSENOTARYTPLFILENAME=docker-compose.notary.tpl -DOCKERCOMPOSENOTARYFILENAME=docker-compose.notary.yml -DOCKERCOMPOSECLAIRTPLFILENAME=docker-compose.clair.tpl -DOCKERCOMPOSECLAIRFILENAME=docker-compose.clair.yml -DOCKERCOMPOSECHARTMUSEUMTPLFILENAME=docker-compose.chartmuseum.tpl -DOCKERCOMPOSECHARTMUSEUMFILENAME=docker-compose.chartmuseum.yml SEDCMD=$(shell which sed) SEDCMDI=$(SEDCMD) -i @@ -297,9 +280,6 @@ DOCKERCOMPOSE_FILE_OPT=-f $(DOCKERCOMPOSEFILEPATH)/$(DOCKERCOMPOSEFILENAME) ifeq ($(NOTARYFLAG), true) DOCKERSAVE_PARA+= goharbor/notary-server-photon:$(VERSIONTAG) goharbor/notary-signer-photon:$(VERSIONTAG) endif -ifeq ($(CLAIRFLAG), true) - DOCKERSAVE_PARA+= goharbor/clair-photon:$(VERSIONTAG) goharbor/clair-adapter-photon:$(VERSIONTAG) -endif ifeq ($(TRIVYFLAG), true) DOCKERSAVE_PARA+= goharbor/trivy-adapter-photon:$(VERSIONTAG) endif @@ -409,18 +389,18 @@ build: -e REGISTRYVERSION=$(REGISTRYVERSION) -e REGISTRY_SRC_TAG=$(REGISTRY_SRC_TAG) \ -e NOTARYVERSION=$(NOTARYVERSION) -e NOTARYMIGRATEVERSION=$(NOTARYMIGRATEVERSION) \ -e TRIVYVERSION=$(TRIVYVERSION) -e TRIVYADAPTERVERSION=$(TRIVYADAPTERVERSION) \ - -e CLAIRVERSION=$(CLAIRVERSION) -e CLAIRADAPTERVERSION=$(CLAIRADAPTERVERSION) -e VERSIONTAG=$(VERSIONTAG) \ + -e VERSIONTAG=$(VERSIONTAG) \ -e BUILDBIN=$(BUILDBIN) \ -e CHARTMUSEUMVERSION=$(CHARTMUSEUMVERSION) -e CHARTMUSEUM_SRC_TAG=$(CHARTMUSEUM_SRC_TAG) -e DOCKERIMAGENAME_CHART_SERVER=$(DOCKERIMAGENAME_CHART_SERVER) \ -e NPM_REGISTRY=$(NPM_REGISTRY) -e BASEIMAGETAG=$(BASEIMAGETAG) -e BASEIMAGENAMESPACE=$(BASEIMAGENAMESPACE) \ - -e CLAIRURL=$(CLAIRURL) -e CHARTURL=$(CHARTURL) -e NORARYURL=$(NORARYURL) -e REGISTRYURL=$(REGISTRYURL) -e CLAIR_ADAPTER_DOWNLOAD_URL=$(CLAIR_ADAPTER_DOWNLOAD_URL) \ + -e CHARTURL=$(CHARTURL) -e NORARYURL=$(NORARYURL) -e REGISTRYURL=$(REGISTRYURL) \ -e TRIVY_DOWNLOAD_URL=$(TRIVY_DOWNLOAD_URL) -e TRIVY_ADAPTER_DOWNLOAD_URL=$(TRIVY_ADAPTER_DOWNLOAD_URL) build_standalone_db_migrator: compile_standalone_db_migrator make -f $(MAKEFILEPATH_PHOTON)/Makefile _build_standalone_db_migrator -e BASEIMAGETAG=$(BASEIMAGETAG) -e VERSIONTAG=$(VERSIONTAG) build_base_docker: - @for name in chartserver clair clair-adapter trivy-adapter core db jobservice log nginx notary-server notary-signer portal prepare redis registry registryctl; do \ + @for name in chartserver trivy-adapter core db jobservice log nginx notary-server notary-signer portal prepare redis registry registryctl; do \ echo $$name ; \ $(DOCKERBUILD) --pull --no-cache -f $(MAKEFILEPATH_PHOTON)/$$name/Dockerfile.base -t $(BASEIMAGENAMESPACE)/harbor-$$name-base:$(BASEIMAGETAG) --label base-build-date=$(date +"%Y%m%d") . && \ if [ -n "$(PUSHBASEIMAGE)" ] ; then \ @@ -429,7 +409,7 @@ build_base_docker: done pull_base_docker: - @for name in chartserver clair clair-adapter trivy-adapter core db jobservice log nginx notary-server notary-signer portal prepare redis registry registryctl; do \ + @for name in chartserver trivy-adapter core db jobservice log nginx notary-server notary-signer portal prepare redis registry registryctl; do \ echo $$name ; \ $(DOCKERPULL) $(BASEIMAGENAMESPACE)/harbor-$$name-base:$(BASEIMAGETAG) ; \ done diff --git a/make/harbor.yml.tmpl b/make/harbor.yml.tmpl index d51f410f2..3ac666dd1 100644 --- a/make/harbor.yml.tmpl +++ b/make/harbor.yml.tmpl @@ -61,11 +61,6 @@ data_volume: /data # redirect: # disabled: false -# Clair configuration -clair: - # The interval of clair updaters, the unit is hour, set to 0 to disable the updaters. - updaters_interval: 12 - # Trivy configuration # # Trivy DB contains vulnerability information from NVD, Red Hat, and many other upstream vulnerability databases. @@ -147,13 +142,6 @@ _version: 2.0.0 # ssl_mode: disable # max_idle_conns: 2 # max_open_conns: 0 -# clair: -# host: clair_db_host -# port: clair_db_port -# db_name: clair_db_name -# username: clair_db_username -# password: clair_db_password -# ssl_mode: disable # notary_signer: # host: notary_signer_db_host # port: notary_signer_db_port @@ -206,7 +194,6 @@ proxy: components: - core - jobservice - - clair - trivy # metric: diff --git a/make/install.sh b/make/install.sh index b4757154d..6ee85c9b3 100755 --- a/make/install.sh +++ b/make/install.sh @@ -9,15 +9,12 @@ set +o noglob usage=$'Please set hostname and other necessary attributes in harbor.yml first. DO NOT use localhost or 127.0.0.1 for hostname, because Harbor needs to be accessed by external clients. Please set --with-notary if needs enable Notary in Harbor, and set ui_url_protocol/ssl_cert/ssl_cert_key in harbor.yml bacause notary must run under https. -Please set --with-clair if needs enable Clair in Harbor Please set --with-trivy if needs enable Trivy in Harbor Please set --with-chartmuseum if needs enable Chartmuseum in Harbor' item=0 # notary is not enabled by default with_notary=$false -# clair is not enabled by default -with_clair=$false # trivy is not enabled by default with_trivy=$false # chartmuseum is not enabled by default @@ -30,8 +27,6 @@ while [ $# -gt 0 ]; do exit 0;; --with-notary) with_notary=true;; - --with-clair) - with_clair=true;; --with-trivy) with_trivy=true;; --with-chartmuseum) @@ -71,10 +66,6 @@ if [ $with_notary ] then prepare_para="${prepare_para} --with-notary" fi -if [ $with_clair ] -then - prepare_para="${prepare_para} --with-clair" -fi if [ $with_trivy ] then prepare_para="${prepare_para} --with-trivy" diff --git a/make/photon/Makefile b/make/photon/Makefile index 44bb4818e..73d46b5d3 100644 --- a/make/photon/Makefile +++ b/make/photon/Makefile @@ -59,14 +59,6 @@ DOCKERFILEPATH_POSTGRESQL=$(DOCKERFILEPATH)/postgresql DOCKERFILENAME_POSTGRESQL=Dockerfile DOCKERIMAGENAME_POSTGRESQL=goharbor/postgresql-photon -DOCKERFILEPATH_CLAIR=$(DOCKERFILEPATH)/clair -DOCKERFILENAME_CLAIR=Dockerfile -DOCKERIMAGENAME_CLAIR=goharbor/clair-photon - -DOCKERFILEPATH_CLAIR_ADAPTER=$(DOCKERFILEPATH)/clair-adapter -DOCKERFILENAME_CLAIR_ADAPTER=Dockerfile -DOCKERIMAGENAME_CLAIR_ADAPTER=goharbor/clair-adapter-photon - DOCKERFILEPATH_TRIVY_ADAPTER=$(DOCKERFILEPATH)/trivy-adapter DOCKERFILENAME_TRIVY_ADAPTER=Dockerfile DOCKERIMAGENAME_TRIVY_ADAPTER=goharbor/trivy-adapter-photon @@ -137,38 +129,6 @@ _build_log: $(DOCKERBUILD) --build-arg harbor_base_image_version=$(BASEIMAGETAG) --build-arg harbor_base_namespace=$(BASEIMAGENAMESPACE) -f $(DOCKERFILEPATH_LOG)/$(DOCKERFILENAME_LOG) -t $(DOCKERIMAGENAME_LOG):$(VERSIONTAG) . @echo "Done." -_build_clair: - @if [ "$(CLAIRFLAG)" = "true" ] ; then \ - if [ "$(BUILDBIN)" != "true" ] ; then \ - rm -rf $(DOCKERFILEPATH_CLAIR)/binary && mkdir -p $(DOCKERFILEPATH_CLAIR)/binary && \ - $(call _get_binary, $(CLAIRURL), $(DOCKERFILEPATH_CLAIR)/binary/clair); \ - else \ - cd $(DOCKERFILEPATH_CLAIR) && $(DOCKERFILEPATH_CLAIR)/builder $(CLAIRVERSION) && cd - ; \ - fi ; \ - echo "building clair container for photon..." ; \ - $(DOCKERBUILD) --build-arg harbor_base_image_version=$(BASEIMAGETAG) --build-arg harbor_base_namespace=$(BASEIMAGENAMESPACE) --build-arg harbor_base_namespace=$(BASEIMAGENAMESPACE) -f $(DOCKERFILEPATH_CLAIR)/$(DOCKERFILENAME_CLAIR) -t $(DOCKERIMAGENAME_CLAIR):$(VERSIONTAG) . ; \ - rm -rf $(DOCKERFILEPATH_CLAIR)/binary; \ - echo "Done." ; \ - fi - -_build_clair_adapter: - @if [ "$(CLAIRFLAG)" = "true" ] ; then \ - if [ "$(BUILDBIN)" != "true" ] ; then \ - rm -rf $(DOCKERFILEPATH_CLAIR_ADAPTER)/binary && mkdir -p $(DOCKERFILEPATH_CLAIR_ADAPTER)/binary && \ - $(call _extract_archive, $(CLAIR_ADAPTER_DOWNLOAD_URL), $(DOCKERFILEPATH_CLAIR_ADAPTER)/binary/) && \ - mv $(DOCKERFILEPATH_CLAIR_ADAPTER)/binary/scanner-clair $(DOCKERFILEPATH_CLAIR_ADAPTER)/binary/harbor-scanner-clair; \ - else \ - cd $(DOCKERFILEPATH_CLAIR_ADAPTER) && $(DOCKERFILEPATH_CLAIR_ADAPTER)/builder.sh $(CLAIRADAPTERVERSION) && cd - ; \ - fi ; \ - echo "Building Clair adapter container for photon..." ; \ - $(DOCKERBUILD) --build-arg harbor_base_image_version=$(BASEIMAGETAG) \ - --build-arg harbor_base_namespace=$(BASEIMAGENAMESPACE) \ - -f $(DOCKERFILEPATH_CLAIR_ADAPTER)/$(DOCKERFILENAME_CLAIR_ADAPTER) \ - -t $(DOCKERIMAGENAME_CLAIR_ADAPTER):$(VERSIONTAG) . ; \ - rm -rf $(DOCKERFILEPATH_CLAIR_ADAPTER)/binary; \ - echo "Done." ; \ - fi - _build_trivy_adapter: @if [ "$(TRIVYFLAG)" = "true" ] ; then \ rm -rf $(DOCKERFILEPATH_TRIVY_ADAPTER)/binary && mkdir -p $(DOCKERFILEPATH_TRIVY_ADAPTER)/binary ; \ @@ -263,7 +223,7 @@ define _get_binary $(CURL) --connect-timeout 30 -f -k -L $1 -o $2 || exit 1 endef -build: _build_prepare _build_db _build_portal _build_core _build_jobservice _build_log _build_nginx _build_registry _build_registryctl _build_notary _build_clair _build_clair_adapter _build_trivy_adapter _build_redis _build_chart_server +build: _build_prepare _build_db _build_portal _build_core _build_jobservice _build_log _build_nginx _build_registry _build_registryctl _build_notary _build_trivy_adapter _build_redis _build_chart_server cleanimage: @echo "cleaning image for photon..." diff --git a/make/photon/clair-adapter/Dockerfile b/make/photon/clair-adapter/Dockerfile deleted file mode 100644 index 3e40537de..000000000 --- a/make/photon/clair-adapter/Dockerfile +++ /dev/null @@ -1,18 +0,0 @@ -ARG harbor_base_image_version -ARG harbor_base_namespace -FROM ${harbor_base_namespace}/harbor-clair-adapter-base:${harbor_base_image_version} - -COPY ./make/photon/common/install_cert.sh /home/clair-adapter -COPY ./make/photon/clair-adapter/entrypoint.sh /home/clair-adapter -COPY ./make/photon/clair-adapter/binary/harbor-scanner-clair /clair-adapter/clair-adapter - -RUN chown -R clair-adapter:clair-adapter /etc/pki/tls/certs \ - && chown -R clair-adapter:clair-adapter /clair-adapter && chmod u+x /clair-adapter/clair-adapter \ - && chown clair-adapter:clair-adapter /home/clair-adapter/entrypoint.sh && chmod u+x /home/clair-adapter/entrypoint.sh \ - && chown clair-adapter:clair-adapter /home/clair-adapter/install_cert.sh && chmod u+x /home/clair-adapter/install_cert.sh - -HEALTHCHECK --interval=30s --timeout=10s --retries=3 CMD curl -sS http://127.0.0.1:8080/probe/healthy || curl -k -sS https://127.0.0.1:8443/probe/healthy || exit 1 - -USER clair-adapter - -ENTRYPOINT ["/home/clair-adapter/entrypoint.sh"] \ No newline at end of file diff --git a/make/photon/clair-adapter/Dockerfile.base b/make/photon/clair-adapter/Dockerfile.base deleted file mode 100644 index 154fddfc8..000000000 --- a/make/photon/clair-adapter/Dockerfile.base +++ /dev/null @@ -1,7 +0,0 @@ -FROM photon:2.0 - -RUN tdnf install -y shadow >> /dev/null \ - && tdnf clean all \ - && mkdir /clair-adapter/ \ - && groupadd -r -g 10000 clair-adapter \ - && useradd --no-log-init -m -r -g 10000 -u 10000 clair-adapter \ No newline at end of file diff --git a/make/photon/clair-adapter/Dockerfile.binary b/make/photon/clair-adapter/Dockerfile.binary deleted file mode 100644 index 11372ad22..000000000 --- a/make/photon/clair-adapter/Dockerfile.binary +++ /dev/null @@ -1,11 +0,0 @@ -FROM golang:1.14.7 - -ARG VERSION -ARG COMMIT - -ADD . /go/src/github.com/goharbor/harbor-scanner-clair/ -WORKDIR /go/src/github.com/goharbor/harbor-scanner-clair/ - -RUN export GOFLAGS=-mod=vendor GOOS=linux GO111MODULE=on CGO_ENABLED=0 && \ - go build -ldflags "-X main.version=$VERSION -X main.commit=$COMMIT -X main.date=`date -u --iso-8601=seconds`" \ - -o harbor-scanner-clair cmd/harbor-scanner-clair/main.go diff --git a/make/photon/clair-adapter/builder.sh b/make/photon/clair-adapter/builder.sh deleted file mode 100755 index 59d1de308..000000000 --- a/make/photon/clair-adapter/builder.sh +++ /dev/null @@ -1,39 +0,0 @@ -#!/bin/bash - -set +e - -if [ -z $1 ]; then - error "Please set the 'version' variable" - exit 1 -fi - -VERSION="$1" - -set -e - -# the temp folder to store binary file... -mkdir -p binary -rm -rf binary/harbor-scanner-clair || true - -cd $(dirname $0) -cur=$PWD - -# The temporary directory to clone Clair adapter source code -TEMP=$(mktemp -d ${TMPDIR-/tmp}/clair-adapter.XXXXXX) -git clone https://github.com/goharbor/harbor-scanner-clair.git $TEMP -cd $TEMP; git checkout $VERSION; export COMMIT=$(git rev-list -1 HEAD); cd - - -echo "Building Clair adapter binary based on golang:1.14.7..." -cp Dockerfile.binary $TEMP -docker build --build-arg VERSION=${VERSION} --build-arg COMMIT=${COMMIT} -f $TEMP/Dockerfile.binary -t clair-adapter-golang $TEMP - -echo "Copying Clair adapter binary from the container to the local directory..." -ID=$(docker create clair-adapter-golang) -docker cp $ID:/go/src/github.com/goharbor/harbor-scanner-clair/harbor-scanner-clair binary - -docker rm -f $ID -docker rmi -f clair-adapter-golang - -echo "Building Clair adapter binary finished successfully" -cd $cur -rm -rf $TEMP diff --git a/make/photon/clair-adapter/entrypoint.sh b/make/photon/clair-adapter/entrypoint.sh deleted file mode 100644 index 367e70e20..000000000 --- a/make/photon/clair-adapter/entrypoint.sh +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/sh - -set -e - -/home/clair-adapter/install_cert.sh - -/clair-adapter/clair-adapter \ No newline at end of file diff --git a/make/photon/clair/Dockerfile b/make/photon/clair/Dockerfile deleted file mode 100644 index 374b2dfbe..000000000 --- a/make/photon/clair/Dockerfile +++ /dev/null @@ -1,22 +0,0 @@ -ARG harbor_base_image_version -ARG harbor_base_namespace -FROM ${harbor_base_namespace}/harbor-clair-base:${harbor_base_image_version} - -COPY ./make/photon/clair/binary/clair /home/clair/ -COPY ./make/photon/clair/docker-entrypoint.sh /home/clair/ -COPY ./make/photon/clair/dumb-init /home/clair/ -COPY ./make/photon/common/install_cert.sh /home/clair/ - -VOLUME /config - -RUN chown -R clair:clair /etc/pki/tls/certs && chown -R clair:clair /home/clair \ - && chmod u+x /home/clair/clair \ - && chmod u+x /home/clair/docker-entrypoint.sh \ - && chmod u+x /home/clair/install_cert.sh \ - && chmod +x /home/clair/dumb-init - -HEALTHCHECK --interval=30s --timeout=10s --retries=3 CMD curl -sS 127.0.0.1:6061/health || exit 1 - -WORKDIR /home/clair -USER clair -ENTRYPOINT ["./docker-entrypoint.sh"] diff --git a/make/photon/clair/Dockerfile.base b/make/photon/clair/Dockerfile.base deleted file mode 100644 index 80d5df287..000000000 --- a/make/photon/clair/Dockerfile.base +++ /dev/null @@ -1,6 +0,0 @@ -FROM photon:2.0 - -RUN tdnf install -y git shadow rpm xz python-xml >>/dev/null\ - && tdnf clean all \ - && groupadd -r -g 10000 clair \ - && useradd --no-log-init -m -g 10000 -u 10000 clair \ No newline at end of file diff --git a/make/photon/clair/Dockerfile.binary b/make/photon/clair/Dockerfile.binary deleted file mode 100644 index 11fc1416e..000000000 --- a/make/photon/clair/Dockerfile.binary +++ /dev/null @@ -1,7 +0,0 @@ -FROM golang:1.14.7 - -ADD . /go/src/github.com/quay/clair/ -WORKDIR /go/src/github.com/quay/clair/ - -RUN export CLAIR_VERSION=$(git describe --tag --always --dirty) GO111MODULE=on && \ - go build -ldflags "-X github.com/quay/clair/pkg/version.Version=$CLAIR_VERSION" ./cmd/clair diff --git a/make/photon/clair/builder b/make/photon/clair/builder deleted file mode 100755 index 3fc72c636..000000000 --- a/make/photon/clair/builder +++ /dev/null @@ -1,38 +0,0 @@ -#!/bin/bash - -set +e - -if [ -z $1 ]; then - error "Please set the 'version' variable" - exit 1 -fi - -VERSION="$1" - -set -e - -# the temp folder to store binary file... -mkdir -p binary -rm -rf binary/clair || true - -cd `dirname $0` -cur=$PWD - -# the temp folder to store distribution source code... -TEMP=`mktemp -d /$TMPDIR/clair.XXXXXX` -git clone -b $VERSION --single-branch https://github.com/quay/clair.git $TEMP - -echo 'build the clair binary bases on the golang:1.14.7' -cp Dockerfile.binary $TEMP -docker build -f $TEMP/Dockerfile.binary -t clair-golang $TEMP - -echo 'copy the clair binary to local...' -ID=$(docker create clair-golang) -docker cp $ID:/go/src/github.com/quay/clair/clair binary - -docker rm -f $ID -docker rmi -f clair-golang - -echo "Build clair binary success, then to build photon image..." -cd $cur -rm -rf $TEMP diff --git a/make/photon/clair/docker-entrypoint.sh b/make/photon/clair/docker-entrypoint.sh deleted file mode 100644 index d1630b7d5..000000000 --- a/make/photon/clair/docker-entrypoint.sh +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/bash -set -e - -/home/clair/install_cert.sh -/home/clair/dumb-init -- /home/clair/clair -config /etc/clair/config.yaml $* - -set +e diff --git a/make/photon/clair/dumb-init b/make/photon/clair/dumb-init deleted file mode 100755 index 2fb1fa1374a8dcf7e523b7863b16c5d771003a5d..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 46400 zcmd3PePC17`TtFu&=d+cC`eV1pg~&!Z5=8BD!Guz38qp9D2gas8M^5dF=U3C&mb9gBC|E$Cr9vwT-pl2sh_(f!`F);qlfF2&egFJbN$x!_ z&w0*sp7WgNdCqfA)_Qz5r;)-Ra1nJ{4` z$2Q8&^-^O=+uKVs;5~jY(aHSNWVha4eX&@9%a& z2+UCL8Yu|jm}2<|?_!w_cw%TBK7)BhZ&8V#iDMJM0W?Fc00fRxbE+WdM{?u2vC7Nm z1BtW?06Jz0{5_bLM-~0As>490$P{%BzL-*@#s}j&l6T*)kqT5>DyRI9i@N#cC_&Kt z@pv4WbC9W2SK5EUbG9Q#e=^aVE!1Vzj`o9jmvH0@S>y>oKA|cjkn=LYqqR?YD+{Ql z^S`2ot13?!(AEN4c?y8AlC4CyMT=`#WN0%ARgA}LCBfek1Wu~$5|pG@{S)=mDZF3) znM6-?b{KW`lHo>TVKA@YO*@h75sv@Rbp&lpFSOlgS*^Yp{kskM>iKkzqLWYrK~CTm zXx@%G20>mk2(lM_Gf6<`=IROl3Wsw_M^bV^hw^1tJw$3GNQZY-m*iFFrY3o3KD?j=6 z5@7+Gq~eRo-NTr2xaiVy4k#S+4_~~6GUDyak{r6YMjY$v$FY@^zkrpT-~g(6QUQP| z9jr>7!Ax~*XODkmFSH>^XyCiWH2~?R0oUFD2?E0xprZN^y0y5@vKL9F)4ZiEwzmke z8A8CKKZkm~z)n$xc++C-an$LXK}M~<_vq~SJms9+eOd7(tgt>}4le;bxjXJ363kmp zEh{yFAxiTiG!~>@D`zomzu$m|s>*hd4orMGrjbzs_!2xoD=L=basPG7xk%naf3pk9 zL8ZH^IheN?&w}XbR(D=NT@!iNCN8S!!zY+`_H~r;>x+0x*Q2FMSA^QpD!}UNmHlXc zET!6zx(LayAi1wTbz-#9iF0u=v;FJ}FD9#| zydKmp&I;xoC7MNF3gXrOwsN#mMZbN@mmvIKFT^zcoxvxY)aPA7#ZnZiWSDtd=F{|R zhh&cU92o$sZ#2q*dY}E0dJjmiak{EM2AJOd2lF1M_5x0I?_|J2mY~$Dmjln@zxTday{UI z$!r$~mG@&fSQJCSqVpYARRb~P?v%jg ztkCVSMhoKd*~^MYM&@Iv&Ww;ElyB!T<(o~JNUO9zhlWdzHBr^*-Ly`&oo26ka${J9DpnI#$_Y2HZ~4oBGJ#uydE>!qzna>#iVBW<9!~edV7sNx{ zf18}QmOo6F^H$J9;1BhdWq7y{K=c;?^3*Q?@`_%N?dX1;<$1JkQZEN&?Iw`0-g0BI zN_oBIisbVvpyFUG#5FbGsI$4TO+J7DI~CBFDkGnzPC)yzpZ*&dN}gVgHek6i_=-8z{-^QpW2xmv+19+NXYRrK@4}IxQQ1JIqV#`Xxu_6%-=U(Sx|Fj_$PpwcPPb!aAWy%HDc6619^k8zzT$Q3ZjOgy z{@C`*49T>vo_Z`i668!g56V{4Bc%~V$(-+0`tc1EJoc>$A+hGG{ z0=_e8{L9nu;Zy3FvQ4y9Qp%Rj=dplvx|;{t{X?+Gix#lVW2UcJyawG*4SZ2=k)SdW z5DY!ha8b>?&7^6o$G--TmYlQV`O(3-vG|2duCeOJ7u84$r1`9{ZoxcXbZIqcSId;$ zUgf+YhOQ$C_+!Xi^`D@Fa?+<9V#+}&z6T=v6+nbAV9NP<>U$H=qMXz_A@s)8Yi}7B7FnL99Ylt7yR^Wo^l<8S&0~=<&pu1d?qSMywVqH?+CWit8`{Kh_>?a7 z8DJ5Pt@O}%T}@<$@a1fv)KSu}ham|x9FKH{#f`Fj%1KqGbZ2c~D8OtPj70TfELH$d z6qOcB_h=cSvBKNn&_E-s3S$ zvd^IKaHCAITmt}F6*AV{ZUUgtE-~~DRXaN=aA9ywiVzqYhrMN`QY850yw^!t3Jk8d zyo?8=phe3|c%*rlSz)FGQ=NJk52PkNHk2mc`M4l_kSP1XAMAp!@cLz_0@ExL$YMTL z`;-oos^rZ_s$!W#;5K+oox$mYgun&y>Uzr$kVJpV$S3|_7o>F_n$)8yMOG)s?dPYP zyz(Bwllz6Y@N2?kG{?keI-xG&m_+V&j9z1rOk4FdDZZ7Mf7;!S%)n0i^j}T%nYwuf zpoyV>63n~{{$Qt<*YLs$xBHZ@Dt`^$)bGeI{9;yc^>|^b7=9Xgw?y6JO~ENsG2Zo- z(!Ze&{`6_2!A%>w`(?YZ_F4n>RHXYC%Xt+@6L?Ghxe37U0I)YQLtO}|txqLj82+0H zmVY8>8%2$1fk_z|!UHQDISD!5)DiXdma&QUAl7Yogzk|Ar9Q!D(!DjrWyE5fzcS^# znbbD%){p)`58$l@^nky5%kKY8K3$AbCZt6sU5F>SAr4JA`cDW;R(QY{op{hIW5$W0 zSCFzU1;l^tynhl?nptFY9hMC-REmt?v`K+M!Br+9kip_HXZ_mGwB<-vEV17M&u}AC zPP-%H-=UX!OF^P(F?0^?dJDI*=;T_$3gV}RDSn4FI0ejm5SboGnnA&pfI9-8NNhx6 zaAgYcA#K35?mGFz1Xu9Ld6)Qn9c)EUZl_D!*y&m~`8rpb-;wH5cDNOv!_2CVSRgBN zF-!a&Pwp-PCW+5i-x{57Gr8B@};fuWRt zu^T*PmMFhU|Fb0bn8fg5V69ttMtAD$9g3y)ci`K|&6$ej;lJW3I5jW8 zBzcWh2wWdr?MR*KcgT6aK^eh+sW)4B>qAr1&h&QB3NLqfp?yq_r-7RzV8m`FSEqQOIf(94=$N|fEJUy6b(GW`TnHaj4%TU65t8#@V8hGNW}#m@d(+w5Gpz=?1WP1SOQ(gkptOcwV?o0pg~Zw zot`qwDGe$D*6R9f(l9ZTK)qP3X&X|@eZfulH4YFo)r^8h34%|}J zK1ivG&J3nEtV~A>n3aO=My(XNIw+r=QG7KDq&M-rRLaXjUTPw57|%m3h*UuzrnX|u ztrzCwB|+&L@?a#zju%GFmPx;L5nUKl0&g*8!E5TJq}sz5^m|^HnwNsp9bnBRpkU>- zc&Fuc!#MO3>^Bltz-ufLc#9I(g67(EB6PU5+y=mvL^kAr#?5N@3S{KP0l=%&7TMIB zcmrTYL9-C(xUmjr%zTkh{8(nPDAMhzq zu1T%%DV`0g70vr1o(^rUm@?FF zQ}5$XDgF!=`ALI*jl``W-WWCIhra%k25mNGlLx$qXa5j&GOE-ILxDdHQ}idziwspn zx|e*4BUk?#^KTYZ(wcel$24Jr>Q{U=eyPG_7RsIYFqnSVm9(g1^a4Ks^N!%mTV7#g z*FV{T2l`WHPGR*=s>TbJ7W1F%{287-)sLs#c(@hvxn6ymT9Jjn?E;eh(x-eUy~ik@yK4*a zTyJ@DE%M1yZTvZi>Hvl zqZ}eNOdrTIQYZYmky6rrpl+dAU}ROtp@yVvrP=UvkjxYQLaFr^)9WJS=s$;%@%0AC z^W!wDhe7W@f;aVb6vZyUzEm_~Se-K>aso2I!Xj%^>#s5(M`lf7&RJQ||B;xEis`jz z#gDb1P3=M%7Fo1he_wqWuoRWsFVK6UZ?2~faQ7fDxfCP^2KLBv)C?B1qb$0a9{GYm z?)fk5!1t4dx;%=S5!h}rWU%f;;9ID#lH zX8(yBt77)+j+goSyNEA=ff$t4Hh899_q3y%6JyzyWZLZb$h z_bOk*sz0y3G=}8fXPAjF1u;vw`JtwPvzfETSYj4+HIsj$zePmsMzhsLV=zKlPu=d2 zGaMjYkXq2c#5CLz#FOB^iA72&Eiqg#Hqo=Po_|G*HxLi_Kgn_H6$eP*T-}=xnKQ*; z7H3u9DgX@pQT+jIoRfJ?(U}uN;_OpEOVgdLH z*HLq#>aJra`i#}&|w|+n1^A2O^@kkW%A>8!G8tjo1IOVmF07`KYArz7z}Nna^g;c!u9cZ zJ5%UU?A(_fS#0&1j(f9@={xQ+n&YZ}Il(tf%x^Fil-)k@&7)og zvgaG1PJRNf@)0eakrE;&bY)}8eXP#Mswt73OP%m3aZViQZT<^ru?1sV)i7y!q;7hh zwSFrERo6GfjgZZ-1^OvmM5HZQ|5zfZR`6_j4xa9+;R)LHNB~ch?=$igVE|zVZT%$1 zeW+OZ9FfPlCt%ZIVt1)kS8&pOse`=pve>kF_D6@Z=p3xww`94?F4u2%D@PL4)~*3= zy#W01g?wLyp+*JOgu>*aX;c4!CK8h4|AU#IGYSMr%zXGaHVq~Mfq6vGI=+K-osz3_ z$}ZB6VbQGVOasSsFl8?sV{ob{_1bOZ0hD_#5=%+o$tTj~o*`oCLOjPE-xOeJj0~2~ zTw6R;X^^X|EOn+$8LUI2m}zBEhDkjKi=v=?jwb(Gxrm^>|9>dPP!7J{{|b(YTLk@~ z|JJDZo}hdGTOlS^3i=iQt(3SCY?oFOnPV+lnCJ;%E ziA-+q0I{I7%(1p+Aww!@7woW1A9C(|;%DG%msr_3PuX2TI%@WZklJ7>dM-IfpOW$^ z6K~#4I?)8k_>yy^xE5vd(pc>w*3~Pal9lLGSZ|lajh`fvMI?hUD4nlzNp+j1_<2aB zl4A=ov07hutj8Cu=h0ZLGToT8Q?RtGL@Po|taZAh6+U3~SriG!?v)m{KIpJP1icTS zkf5-4-U5%bwCmT?6c;PnhpZTl)xBaPQp?}Qha`VtVxk9HEz0U*zl!f57n9!B*T_ML zu6VzEHm9$b_jUF_|7T(ozqNTA_dpyN&j{6+%vG@grZD2FW~v{-(Da@o!C2HLze zH#h3v@cQs}1Z*waTH2cr9jtC?Y-w+4)Xkq(A3Ta7bG0<0iTmL=yPq80t9(jbRrlE3 z`s{jWvB=NCKb!gy90fjSj0lc@Ir!%aU}bST9n_qfaIeQ;EXZ@RV{jUhIR$4;nuZg zEGSmgNU3v~u4&a)S$s;9{(9idfoA#-I}mmxu)^KG>;_tdolR>+j({(_+a2|%rsx+K zugWf8_BNh4Ic0Wq;+4IFog8V>*RnA3KHzLq=abFf$1iZwJ65R`hcYPAVzn5C`dgHTRn&71*;G!Omh6A40y?k;cFY2^;H{y7%1k&-g|TQBnTA#h)PD+JQL z@(FXkv!}Qtd&gTQ{dMdzm?6LJkIovi2{Tf7sq0Mcu6WE>*aRH!zco6VtW$_DQF#{M z@RLy?shmVuSBu;YTl=i&+fhmA?e39ww*!_-iZ|qT`kY@qdRb&DoKa>;IWO%#?lzrJ zR(z}UxX0CrZ=#fbKtgziH+qNJC%VsqP17Xh27@{ne@ypfKBdzudiJsGy*|@^R@IZ@ zbMEztbH6e*{KKUE6slxs7mx>fOq1N5?oWH5b1=0Tal(@9?&=Kh zl9b)>Vn-#j*I6fq$WAbFUNiZvt&`GLVHq0KV)^`Wkh)`Mx8$r@A!45i)>ed6zEtVQQk$HAOuSl~Rq6}iKss$6ItxY@7{P>`NS#jzGrXD4?#2Ih=)wCiz zlQna_WJddf*ZFZ#hEzZMTmAx8iJSE1{|hCVT!n7z@QJfe{VR8Is)p+T6O)R#g;p77 z&6*1&x%=DI84~tGA>OmHYxFeCudI~#hmhk|s~CO`Wx=1Ex5N zu@}N7fL*+W%?xZp!VjFnOwBC2VH1%8rK=zhnRsgx)cSC1be2i_rztSh9eL1Um8y=X zO7dZoN8ET^GSw0q1_Csl1H)!T-4={Y%q`AU^}F1do+Qbzh$!{$#5$rr{S8DUq8=dN zcCzd$cvsiL5#CTI0{Esu0{Ng6 ztillEF<<$XCl$|;A~W)%o^-5>Y8`wj`OYu>Lw!!Q=;8$ar?D;uGT`;I)`c80K;?L& z3(}cVhsL~ey_scKt8bv9{${u}kj4kze>YzvxF4l*_itS!thu9xCblcwx@I~W^@57& z>O9nh4Oo<<)@k`%I>o@DN}YHsv^}GZ!dv)Lhm0_0Y+}h!-v&9j)6yHA zO%jo}pRb(vi8puTJHHWSnw?6stRe=IlvW9mh51;UdAC14%@_Z`P%lz?dztS%505+1 z;PTHjK!c!Gf*1zNLA>P$QFjn3W~B3ipmryc+d%8@PO^e zwUY_e*M>%Db8!THgXe6*${g+rq$%k(Erl3&Ze25mlnT4r0v(j}0eii0i&4#n4#uUR z6CUl6Shw?)kEL~KSjy6;kM~==@p`?(r<@B;8}HA`&;A$z7!JXseCxlOMW#EjJLN6h zX8_KI3zh@cMeL)E59~r!Y}cpgTjAIBTfIt)wge4{m9tE;ngfYmJR-O%#Ss{WLaBs3 z2{wHY;uzpv@#G$_P_j%$fQnc-MEO|O?DCnhMWQPhzuKeph~f9C_;B%+ZI2#Px=?HP zms0w99RjKH7TDO^WGzQNlU_WPw=tPP0m$s%P<`k{7qHq}#YndWTIB_2I+`aA)2Q!xToTa;w!H zxen;T8Sz+_RI**LgZsM<>Z8TV3+1CZ^4av_3=ftz6p>7Obq(cKJ}qyL2d7;lhW~*+ zf|yr};V7P{YbkwQ%MGqdbp$3*dzl9Ma*eq@^vi+$LYE@18$G&@_ecz1jo$E%xRvw% zT#j#KSpSaPZc~Qo7tvfnN6<|cxh>I~xz@f&4;CmTXfrIJ7iJ#thOTIE z=ZG ziyjs0?H0NFMzPccqYa^JDkQ8VpGy-^Z#j3@*1`jW z*yUITH#vA1$d{4+VxRNXysm!Uj@r}O203&tQTE$Q+Jyms^rT1Y53i$}a zD5>6qo@gK9l`GXr_}uwgRt>1wW=fS0rNNOSl?~UwGywgA%10CNPKA5O_;EI^UK_pN zq(9E#p#Ebv*43P_xiMe``UFX=I6P#apNvlc$_+5YGO{6iTSE_1?58}DUeDIb3Wk6@X!#V4=M6xA^w$wqFGTzeWVp) zev0}Az6c*g_WB$Jm2E&hKir6}?eGcz{9vE~>)a=wPO07G4 z`+%0U|4j}L1d|WX0)z!f%E+{2G#d&ye@M=gqD&Dpk?Uw~z0JG1+TkV}f+mh#-JZd1 zk+Mr+zA1=ULz+ALjI&C7GK9jCsb1e4_d6ESKjkRV+Xjo&t#qo>Phh=Jwl2I&y9$<} zF*?c4>%)>ykPhfL5fclAM^U*Wffd#=ME=-C--8Z&r5)H)-*adHr`#Mxl#0jM<5tdi zL|+#yQ}wRIkWL{O@RoR#uYJm1wNj^*oI^!n$uM_Op0CmBcvK=9@)A6bm$Vdh7>9+% zcuy%4tC#xdzkmW#1d4D|_aB4YpNUvoLtcb6BpO0A^b1gphAPXj-@N34!?K>~EsV{K zOqOASO{Ipc7-4lh8u7+sRK_cJ4-V|5H3c*lv<>*+)v%i&ua>_R5Tt|VusW_$^_IRq z_F}|<5rfiP;BkIgj76wF5$ydix1$_r=@IjLFcY*j-JnT809GH7Km->+%lQbaAL5Gu zY4t{eM0&Lw(OBv|N3s6>4oq)@WB!h2gQUtc*%!%4uN5C<$@2PrqE^uHIYf) z9=O)A)3}NJ0Pq{0ew9THiIofQLXSEM``s{x%MKztxrvtW=(nj)f;-{SkEBXUEsO(u zaPvA86V_Vf_BJJz_VMIZON2l+vAxR|DO`v>za<5{p;-%=f~_}YR#uW1@oYEnNgx2c zxO1aT{RQ;&e7^TLjkX#SI}|du8cBr$o(5!U8!gxq-%}Fb*eN7yOpT;gQ0dp~qUWeY z+kBmFWrDHOHxwNK8Hp~2ubyJ+5bLCE!u~c0)(r?=V~Z9`?WU=C#pWz1XeGBM3ttb1 z6lV1jY|fIu#6ZdjX;pVo>|V)M0@3ey!+KX|eHuj(1;*+VDc)S%m_`;d$$lo+o0xpm zL`D1}mW03|Y+ohflPNL;!5}e|OH?5R#8azZi@F9e|jd)jrd@k{lGdWIz62iJL3yi!6289l6xBepbQ+~ z2>cA46gOghuXpb7PiN7&CT2RTk3i6L2>1|kQ(!NfoIUQ*GP~g|xJ>&14@TU! zxG|M-UZFxu(E$Y)E;_laxb0IC&x@O6EjIm{{(|oP68nL^IM@*FHAxW0ro_ zht17>*wEs*VGrs8Ua!W)-~DFv00B(=h>c57hY-dlyczxB{e2wqu>QwEI^7bSBKYq^ zqo&u=0;i#D^&!J5lRZJ>DZB^USoo{JrHOM37{-WgK$ia~pkc$;e_{Xg3e~3IR3QMV zLFB-eaJRmJv!OA*oDcnrF#zJmVX#Ez630q#D1{pF8S{jy{5MT$@Q>4{82E=8VLem+ zlm^7a@%+ocNdAk7+X02D`=U4F@m5nP7HGf!J}n72e8SylT~S{IQ;-M$#3~nd|TjL z4HGxk_01qJ9AyBorg$YVT<$8n5pjN_pb4iG6)sa|o8aXfbzVL@sAz#QI~C7o$y zyiA#mspcMa3THTqrr}M*zfqKeEp_)OO+I^55iG;mWAX1Q{JR$aZls(l`atxedlaIV z-J=ls+g;ODPtJVE97@5*PHe()r2pnqVu+f~J}Vyrd^9-Q%CdJd(>}c|VmTeO!*v-j z)qq;jhoM8z0VXSVN0p{R_Z-FJ5fa8Z?ewZXw4xuRxP(X=3j6?TaT?#fkIXjX{R*6m zLkYuDFToR9N7Rnoy*~g}2i5l?JO=U7H$cnQU^K_egD4bkl;(?`1_Ty#%q#y15|rKX z27e|Z{{n*}qn!H#1*g~R$EAo3)IF(NC?e3@A;l4*v-<;T&R5tdy-yF3G-plV5`gW`{%Wu}$g(cW)XUfR!0m8ljn7QCm8M={P>n+cr05G5e?^23l`6n+o z^w0cj&yh{uc3scu^5XzfykkDuN@%g4IG)XHq;7UG=uMOlFTapJ_uqipZdFUgBpazem zJBQ6nbt~|eC#<~l9(^L0u7d7ZR&pl3R(x-#|B?gE%f<`AlA}E{un-UJnW2oLEg@^` zLPIo203q!pB^T$aiLp>KJr^4pR-oVi<<+9KOwfSx-+d>T-4 zW6nMPANZnwp%=`(+*pSszCFYL>Ywt3l6MXRPt@E(mHUOX zMS@i8|GF;Hlt)i(Ooo7_lL8{e*BW6%D{T7J>W5$l0MkJx9jdI`A&Qmn@Cc<2l#H%` zkMz;3vK0LiW5vceVaeywS@DLzHeSJ)RS+>m(#YDC>M6`l%#U(nMq}((zzRm-Y2n(H z@b7U-^K|Vlq#Hi$eY8GFA7I%N7R-|>N8sB)9pZiV6kp^%Fen&{ToRcG#r9@zWeP1f zOA)AL`h*p(TIq#PiDHFL7){3EbMQL11};X_+CtLNQs*t{wfB^HcKwIo#K*3ZhaiIC ze9FJG+5FkQ2~SulHfw>E+H^J{Ofws%O|4CeZ)YZtz_LA7Z8ds~_-jxi%cperH-q`{ ztWNNUFZxHCdI)Ky6YE$kv2C%3w1`8b13dz-I3dYnsaf`Z;N}xOhrG^XUh!sxLLF6K z=UZ3i2|m;3US%;hynkze@nDkks8F&OYu3F;=5KUnJiV!`lpZ5#uUT<2ropbHVTcjr zGaDB0Y#Va0Sk5M%2c0R%c6Js^oec`jwnG|fkGYW!fBa~(Nw{DR*C6Y=!aW+Gv97Uaq#j zZNi4Neuz$<&~CCCYV_mu0m`F}DxbZ!7@`Qp7~HtsNLJx50!YLq@iUvW7$I!5?-URb z^E5>D{h+WBPstethVc~YA^gMX>OxFqG=*gk@{3aO&FQd?TWO`Bg}AXvKAJ9{H5a8% zw+B}0sc=P$8)uo6YFSN}yUj%>gJ7(eKB#}N6mNLB%4!V_| zxJ=uaT2?I|x;A(=)jtS`SoI4q!6=uS!zfW2{D0O$|7G;`kbgXVEfPadBH!R1+f{&g zJ+{2Kz;}zccI)?Zk0V_FkkHU^o&djUV@#%f|1TR=+)q}-aeCi>*Yt{ImQa=(y_aq(*{r6MKA~F0bQuIai^00r- z+A;KSpZLrTNX_k}m!FEE0~iPGiA2pu{nxBbqm1RcjlKf#VoJNvVBsnZwxz2sB+8+w7Nx#Grorr_Dd{w##$ zI3TLxK3wc@FH|a%HyaU4ev`>ry~bLWf&Eg%#9&2*p9hVV`OHi7x2dCrMxO#^PxL+$ z5;Abu?=;%O;|QGPne6ai3`g9nNDGx~Gq zzly{=9mK~7rP~!;J>p)${|H?~F`v}Gxik<3T+1kPJLal$p^U@G@A3Z~sEeWZFdy?_ zGY-Mn70go1mDn~$3`AhOCv@Cz&o_O6Gf3X});ZD12Cl*l9M^zVt42*I2EdwcEK@Vs zEI+O~U}1r=!$UCc+9DL%#C^6&(wK(6v8H76y zvc&L>Mhf=8FXa5gB4$SbA&)saPNin?vSMf#7=(t;I;-AH^8_!)#Srby&#D8F1nq4+ z@^B;FQc0^alN+JJX?eG2a*C5 z>Xhol)`5N}r5Ld8f=BB+UGlFq08HY@`!Axe6#ppt5(1;CGcB34nwcF3GD!Rr1B$QU1kEJhjbH%GGwo#{0A>R;o3T+KddSSeKdO&pkj+NN>kF`C)9HMM zZzRLBI)ggjg)k8;6MV_jv7JHk?_VHo`M$&oOcdIeA(g0~Lduk$Eh!*y`R|C1mVVyN zW$Q@==Oz-J%_0X8{CbgRNn>Ho22p+$kc{Q#4$^U=1$*Q}=L2&f>Ev!~F?k^JpNEEw zlF#*)Kfk;oo?wHLV=L_- zTTc%3?4SbCmg^<$(+dAb5*z*kJwfCjrzC{{$`} z-u5bJis4S|#vi8b?J#a8I)&0ooxH;?_xwZ*rK4A*S|5Tm$Fy6H=TI7u@i`A8jD{nA zK3#m)PWY{MERo}vtsSP+DQ9+{0NP>V^;VFUH0!pBj)OSJ4d@tm^iB-jfwtwR9ZT$j zVCs+XlXH=QBTULIZW>M(vTNh&M8Ik} zp?7T}6$cZay#{0GmA@S>KI<@^(#6n=U{fk6J`+V9x_+PwJO4|fBf@|nWH&`KGKpE_ zGncK+z$y2m*i+^DW|9}AsMN_eaE@p-hlN*N0$5`kA7Vou_GbtA9?Jm!r7;Xsd_87f za(un=vHmRd=vDpr9p(LPoF|eTqS1K*zF$XU`SK;4FZ`SJ{Ye%O!)M^qOYnQxhG*>p zV29P#MK%6TF0@MOD*l3uc0db(kJq$SYX)Su(oo@i=JP3CNAZNP+nr~X-Ptu!bE{kV zFuO(!{SLLFv(mBWjtFAzGRlU4JkB;mrgK{0K0QDyryzJwbU{3~@g;;@=5}_)y>c}! z3Lv>j{E)k=s|zvbyWOT3+-^vKCGFfHDNWJaO*pGv3x77ixa_Lv`KqdYEbSKq8M(bn zGF5q<+X9;rQS8rvkfE`M1cY?SZc$E4auuRmJG~Y2?)vr1*Ot36U0oRLGncH%#OI}A z_yEvng*Ec((DLD8>Bo5U-~gl~pBR%Hb1QWvN2poaeT5uy9`rvXpD-C|tgt8Idw)5r z`fLm{Rl)2nIYWIcLd@1SR&^8+y-nV(LwFj3P0^q3qP*;#Zlzj5C8IOWy@59X@?u=M z@K=D9ls#@Zgc2>jOmbj938-5!Wo6w&Jt_H|u#ubxu*?+hR@~1o*K&{>odY-CS=5I| z9{Caf)60kW-(RlaTi@rV*zEV?;C3G5MEzIx8wf~nd)~qdt0SP6+&#Q#hTMHYz>SFP z@kTSX2#ef6nR(W_moF)@=cVH-a0T2Cy#+GZh7yo2et6E+#k5CssTiWoI6OIUF5@TL z$CTrrApX8eQjQ|vyBW7Zc*MD%L^HMnAw;X}a65G|^Z+`cwDqnptZ-iheUp@W_qZl7 zMUAxkq-5%X5$;x2KffGi4S1ssL0@zN3mvwjkf#}3f$d>1Mah?xNc}e0Lvo%EyiV(m z8O=zzZh>R(tnu6O3y;rK{I8>>TJ1|r31r53ri|6eqZgG^1=#3SxmnbURflw+G#B9{K~6V;eltH7+WNn5PL? zww*Y~om^U~NVXho6rUj}1-V^DyHd(F!$!p=8R9b*Bw*_$1`khiFcOgq#)!q2ZXY9- z(n?D_^fRD`LtH5>jRR%;SH6Ud|J3X#cVR@bo8Sjrb01Eb!N_ZAgc7k7YK0wYrX49u zT2yQRVQIy`oWApQ4HGynjZk;&@C(|p;w+`Z71+t4lVA8(@VHG3?FBM8g0W4#Z1pxq4J9nCI*1l8IxWF*vH8i|aT;aXP9--*YGn)SlvDBL<}EV}$@BP4VdpyUyY zLf&!A29l=jmOj#Ou^IAe#5!TQTTo`JOqcMYXcWDd2^t1w#Tq;7$T5_@W zd%3QLIEhu@s$~C_2FMY3p4bM13`srXjP_&HZD}Op-2ilZiFYkp1&kYMTdq?(g|9vX zVxaxN5A2o!KT@AUJ0U3Ko)j^(9uH95MzoxO?nl}EbU#*KOA?zrN?Do6B4@OYai;{^ z3rLW#Pxk@k7$p@BS&dME5CmQP&>ar3Q@!rR1JTV#r2v&hifip!{s` z09c!WWFM>?rGuX{`l%Q$MXdoPy#q>Ov(YYhKO}}neYc$Rd&=R+&uJtNfS3I}<17I4xehkhmj1^s!HV)Yp z5LoCMHxA)5#0e2@Dj?TPBZ_;T#L!vHMC8Gm!UK^3$z~kgf#EWjBF`xshq91rF;W_h z6vSTP8Y2qU5It31L?3ByA!FHk642f7@EBt+mI`P|+lQ=#9ob^3zBxJG+EvI*+Qs#? zHCqfe%W?s2;=5Ui1X~_bINwo@MpCEOUIM@Fzy>DgS2*-|y;~Crw(CGNUXOD4wFM*v z2*m|JQK_RTt!)4jeG@2IU@{8u>^C^>TzpW)(aH1=2Bw>n>DvdUA4Aw@q9G@8)+gbA z(wAO?^xpooSbpar`d|*mH61fOL7!y3-}Ke{C+hKw2m*bR1CqLX9I*o}C$vvMQ3z5>xfBRsRnj78 zoeom-rW3Ohyifb9d^R}^pTtuy4B%*kPk$6B9Z)9et4jJU5;OQ-(7+qH!1FX2%K|qB{4!vjtcxX_K;ih9D1ShF0zVe9E&N#6 zGCR~JAH@-vi;J2PJ_nqdzt>+QcW3+GNs>qmDKxK*DHO=inuu@K^LHj6N2Kogc;J*) z0-WKm3EVh9r2Lk**yos`4q{v6H6$m&CuV0tB1=k(M`>T=R!+I;HkLTQ=Y?XCwN{Fa z$2dHP4KYnZYdok)8wpmSiRP1q5xGZ~2K8I+VglQ(Xu8-BSZ$abmc27`iB0D9VTIz-_ZG{MJnouXjm`X#d0qW?py%hEZb}`2#I5k;Tvr%pFM(4ZnbmmPufJw0n6^75;#6t z?ae*~T73&MHU;4TxZ?Cox-V*`HC`zC5vR{02o2LR@!^q2T!0sP75tC4YM-fYnfPe4 z70(TLXtFO8zutz2U3ggDh~%%U@esqqkCFdy6|!2O9e$06HPzyq+i*(O?*{3q4gWOb zVUYhizQiJ^;V)u%a{8zV0_ znHh7Ucdu_}xQi7Rgp5Nrn>N}ZKK(U16K-7jgBHsp(@AS?)mB{EqDFn`n8~`SSqnEF zta|L|ffk%wB>w;+}uTOW%krS27%*ZsXpi=Bk6$2esaSyFp^;B|sqiNNFP# z_SG@mJh}xcp&``!y4-^SqZxn;GjnKGV(Gra8n`v#|Fc5iL%HV$kR)EcmDI`loB9-A zts9Cq=O6$7VrId?x|ha9e5RV1>sR13qyNzYC;@6JicoAQiBA1*{pOu0e+@MH%{|O* z?*F1)r+(!g#r8htC!)NQ!oE)~B<{^T2C)sEry1r_UkB6DRB}-ja*(~F?;<}3O^Wr% z(}F0?doG4EF^4n@K8R&!p^w_F=mX743hAL~yM%xis4pIY#!vyo=r2g%Nuyta$Re7Z zVwk#~fcZx}9%wdbNk5-}#jqX$&Iwc{167*+F4Y8dXqvk;I{5*wI$E}Exfe~K{&nH*rLu|P1(FuK9Uq?GVUO>Tm=qkTr* zuaMDMh5h4~2=5kRGkDXq|G^tfhNC1Zn$?m&#o=vnI1+{)cGD((gE_$M-J_>@k$e8N zNOiJEJ&F)^Q&FbRR-{Xz;MeLG5QJ;MaT0Yc1hsYGp4j2Q%yk1j1oa zJ}b(vP$|B-G|Sjr;xRkzWIMECn~OH^u+uf3zGS!mdPh9> zxI27S3{iLrhqIyNeBC3XacUw+g>g1VET#KWC1<_()SL7mzIoDwE9ho{Jl&7lXx1cp zr}OP?@X|{c7iUH1zac~)q-`?}N|Y(cq93@#a@*vs ze98E`SkLU!hySIZSo#Gz?ZZU@r62Jj^Swd-Gm2a`HL|X~%y~*I{Ribxd(nx*f&Pk3 zMBdM6kP_&=lk|s64}3g|Z4fuECn{8F7WuO@+}DotpOtUDj1(QGRe}K4AK~8OC1ANY zC|E6){s~3kSrX-6(}Qwq_u=#;?N%U4u}xjtuklLoDWw(krD=5#bl8Y5Pq2rZgl{i< zAOx`JGB^~8AAIyHLh2%4w%V(c(Rjcu9vCcjZiStF8uUetM|Y^1e@M;{98}Q$4s=<4 z9dO3%JH>XN&@W!Lz8`&i`-L9yzN|t?=KQ9(fJn)!9A@czh@MzE+DQ4Zs!tQ522uIx zaD7u^UZH<eb;90rKkY)F0uJ4XllF2!Hzk*5>3((>1>cj7MxBZh!(hyyQtJ>fa|vn{KU$ zYn5nK;@9+R5#lajco5JMsOd^#LOwdDA1b{(5IidujUx{HAr-?u8w$n!u<=w}D=-TY z{o1_%zX==+B*|B*)e_oh=>INMnvu%tF zCFQ*s0m7jW94kWe%Cil4$2mmj4)Hft%(OQIMZkktQ*P&B3WSi&V{1!e_+}9Ju*cHb zv{I_KrkGHp3rDem`2dSN$IBp~{6^d;iw18&gI^)QoGI^+OvNRxxby`|DKkAs)y0js z#SuxFS|;JBL;_D#Q}*$i6E;&B0)R@+eQV#P$EY8HIB%@SQ5*tDf8}5)RPWzm7XqE3 zW8u0=>?i*Z$}l+&F?(KoO2rEu$rkh>Mtkx(vDnH?t;~6#_^T}&5dTjqq5AALP(3p8 zu-gsg7gbD+yA>^3z^`MQ>6>6-bDqB5DPkb3}R%n`XJ0mmE18UxMN!hJPm5Q_VAjN{)RFG!TQy6Im0zd6MKnUQ-9Tf>5mQyQYn6^Aka3DL?I1149Y0Rz-85rqcvk) zDDSXfw@}50R5^oczfYgqQz(!aH)14yPV5d)u?eABuwlV21(>C`W6I4W4rTJ^um&11 zRc^LQ5ggjgxXc8WoAO-}`>*^@H3;JV9Gdtslw>>&rg~x>@J7aR&gA~2?{emQM7${HOw!CVl4BVe z`O<9S&9{=gc>)Co5yr}>P5pEDaaEaeSFq1962>tqA;&ml?(}@yE z0%{ZS!q?pdf4&Z&-{H?m9cUAi4aQ2w01m~aDX446nXmwL9gmp_Mn z4}Z1-KW`*WJINW(Ww0b?PPl?H`f+9%F92ctd5<@{4VEN+F~Z^A9LvH<%x+g_9fUy_=NTln<2J4bEfAHMxZY_2!EgH7N7D~9fmEm2 zijs!?fYW2%D?HZMP@Q;~j@|GH>A~qx4}TpXY`5~U?`Bc63mff@(YT-|m71~9f%VA9 zDw6rp4N1PHbG+c|wJ2_gS9zrk4xnd|9I?EBvf$7#zo(=Rjqph{5wTpzbN#b%g4mLV zXX6yHMKF?cjDy5m8Y-3ykhw8~sRM|^jB#O`l>?oqs)!4E-Vj zBcl(73#2@$c0R%l#WEvn){Ug}^nO-vFddDkV00>$kpLD=y zHU{npUEayE>+$18xDgS*5GHTU>RT7I4e-Jz_1DDw{uIRi{`uVvgh%ti>p#R=rZJD) zN_(m0;hB5{LpSlXAaPdT`cnB3#)c1&dP6mtDyVQ1uMpVZuNR@=s0=OS(&={c7>{P+ zD;+B?P)>0%j?OUny=ti6X+$x8ONnw&NzZcBwzDiIAd6HR1@|M zsEpO9fmw`Y-(%xlj+kqkNgYr;Sf>8UA0za5zm0~Ixb_QlmNQk}cbIC@e`G2#*?e*w z28;WnYOu;^$;W2M{81wcj5#v5gCjg_)L2WRY;C=QOGx4 zX|2ZmAI)Xr7QR~hc%dMA0{)>BdC^}QR471K3v3!4vtrQ?#=VnwAp z42<6;{@xX}SKBkfITI>LWQ?m9@i6`7Nv~c@GSg1NGb>^#gXAZ+dLE*Yl<+KdDkdxR zZ!Dw;vNq#++L(P)>=-DNXUYNk=|k1dq7T?{-jPSuDtwgVTsec8@R z;zBSLxWVTsK9xg&l=Il!!J&#br&_`HvaqI)T4T<^KH`j2hE;)^V`~gij z&Cr@Z(|(N#TyIM76Ey~Dp}n3+$Mk|1^D6Nfx?BuHI2uRnaY4^BbYg}3E;&W^vI+cP zEd7pipM~?(NkX3s>`gRp#iuAl46$IDVwn7o<#U;s$l#{ZL13eHb5Yy30*Mc>Z;PYfOa1CVjU7ueoWjTUsUX+WgtI(~5& zS^UuvxVHpDk6RCRz*uWEvFPJK<~n|NzmfsP;Zdu4IihuNxXPy83lSps%s>Dfb(eQ% z9+?he$T0iJazFxE4&>}be~4zhKg3uW7n-z5m|jddgX8s}o`xpR*u|&ly0^p|I` zc=pE%u(P-xi_mQhM&kMe@}{+OrAZ56tp^KtgN3y*fXbJnQp@7&jTP@sE;-!;*1Oj+ z+4zi8Z{FNnVIr>(Xx6SGSxR{KALx=EVs^1~FuJa#qZ#1Y2vZQ-U27VEVzi7bL5-G3 z^};ATF0J(fHc|!c2gFv;A2SE)k9#NEdnw1mi*s8wD~d)ee?ksN4paLm&G_e#keKmL z;}OZb|NV?FPtJIa-;!foHUW)fbT7T;BaW`W{HMd}Y8O-;av@CVbak8j*I|^?Se2ei z_XS}4CZidOc5;3(c`E$?Nmk>Fzr;w=!gBlfEiC*RpG;a? zN?#-x(R(0JK5yrP7<~d~#%jIt;U4I@{P(kckwAw8rFm}DeLb$Fop>3vB`+Mo@VJP4 zzIjV(>BVcvn0%)yhROgIY>$hFaP3KU7Z(XW+E&NnrM|{RPB$)y!c-$-E8z)uHa8$1Pg}LWD-5y$i^q(0a;I| zubBv3pxov0gh>|w@TZMye83|}c%an5MxIAlOam4u3oLS5C*3!Wa6o}PO8d0&iA#aO zS}I>b2|N|;Cxdue)Mb|V45AE?qXTWL2OH@g7~Ji>Q(eZyhai{cSJCY+nS@wNcUybs zR&${1KnuSw0^2uq*rMjYv z)Eu5i0*(w9a7`Q+Np)7)l-(6zm=T7M1COn@rj;#mRPZF+~ty zRJaE*)`)*kUeQC~l=?-BwRfRD;HsLwhUH_+Av1{gmlO?G|6WSi85rOejY1e1omDBy zhyK}#+ba0-4BwG@1zKj&kRu3eX_hRZ6W>^wr~r2^0b&lnsSv7cmK~*Nbf@@$)5Um! zDupXat^_vd>heW3L_ngA-qpv(aa{K~k)p^WMbef(6f3eP zZkSM&c%&3LwOKpjkrc_Z^}&dgESpiJz1ul*&AZ+6e(=L_YC5zP(Mp1#FbeO5J&;UW|$OW2GP+c%Uir8&x_V;FH@AghQnL*O#9}RAIc4pq2 zdGF1eH*a?Lc3yY~0Duf;@rrNLL2Ue}Fo)&lkKxXbja`5O2}|@g7CzH}ks55r7jlbo zHl$bGe?m{mwp{%hz>?3eewQL_06G8p)XEP=^yZJL_1Ap^JCt5)K<4mE?fCBi_I*rZ z+edu-{qk_^QW6_KCR;8hY3Ijb0Cv1KvYx~yjzGk}gpw_wZRL&cg96#sp;1^83$qoc*~(`1fY|{>XpfLojVx2+{2?cl0cQ^W}G+Q#Ww&MK@W?)z^Ug{QLBR z_x#S4pDkZGaPhsSq^iOJO(lPXwTEVQmwfYYHB(+AN!Lq!0 z2o=B^KSdS~?+BFrokQ5~oErP`!~4DkK&-#veJrh~o_{ySmaz66yflV=Ct6bYE7lhS zX^IZPbif`p11c#|@NXl6O?3=9o7MDtWhKKdR%St5bdgefz~ zr+X~h@=x(e*RZ{u;am1J_pE8#$nh?d`wq?t+^diw3P0kw^M-2*vl==xW93X&*b*lS zf5h>5R^eRNM2N(@(XitRbC+r|ihoRGgf$m!u1pq-!X>$^jn7;D3?EMo6BlB^@_{L{ z=$d=J;RjxswGYCdH$3hOH*eVn)stSV@O&MgLnMHz7AuYMQO7aUiz1{v+U`W)6@+a{ z*@#@0n}HzdPfk9e8v|0gyZBs}cic0kML+NI_>@!dEyq5^GfqBl*e0KvGTiA?JdsG8 zipMKRmd6cLmM`Q4FSt%dcpmqHf^g?7&vCgwW0boH1yTpVx1$6q`!wZqRALG$gdkAn z1~!LuAn3i^vN=R#<)Jzm$My}&7A_a|oaH)pUf8~uh{umgQUL)91DV+$=bZOs_VAt_ z58UTOkLp0qkD+eVS(Tf2Oo$H{Hw-BoT!2D?+EZr1a0Pel+#)f(U@5x&8BwbT3( z0^>sV$igB7P@lU=hpX|yyNM#=W^tG7QW~y%ct`;h96i%_lZr@2N@;k;ut5Qb@@1?n z2`3-qe2Y}XxAFpAMhwmogLA@7JDwosD2%(7?L!yR!Spm~t!0CaJPe3~PH-^9OyRl; zeTL9yM6RGPBj~cXWC_|Lg@&Bf=uwy_bi*Fis)K469mq3*3$^q)D3bsc-1tb4%W+vT zY5kmG<%~3Vf*L?8ITU@y_X}QsZ|^khM37Ek==44T3VX}L1x8N~u^u-RmT$}ok3UT6 zALKvPA71R?^D_cn7^Z2Eq=i2(gw6L#j>w2k{wh*G4nb>~L99GW>;xnrvK==V`cQ^x z*T{1k`QEAcq`OF#p>7S=+j9&yTXm!AQ#ppTp^Dlmvf~)^A*?5S&w|p(VX3EyDtmm~ zmV$>yn8G(QGd$}$d1)V9Cx_0M=DxqkyP+$#^GKHosxXgOjhh>R7UAjcHb))^JEz#vrp7+Co=5u)W}3?^hom1!QpN-Gwfnr zW`CDiZQa@KnYj}gx1S9kKRkFkbtE-;didbr@lm!nk~48|aw0X%`WPuXi`q%1Z2{AR zmSP$rRU*{_g6dhPphOT*9e8?AogMPycYBDjg)p@L-Q=z%#NF z290etPM(t|4YVn2Ofl>zd=52H$a##)eK=OYfj>ef!Xi`cay1bDA+iLDI4CN8x+Xd^AoUblRJT54V(=; zNOH{al&j{<+vP-Hy8;$ic2ClTmk$3A9SH(3WC^R;h zb2779l%VkG06bLsPm5ToK&2B?CUv9~`oRT}p}vC)p_>n-8M=xrseMLB z6YTj8dfc(6*~DT#?c}VC6f&}$g47S&$de1LfhKVQ=NL{L+-%vbWM20HIF*#ZwavIz z!FSw<*T4o1v$mM@O8KdwN)k{g9;u$PY0^kmZkx2gBUBP!w1u)}nNSfa+j%FzI>O1o z$6*s#t_VHGG7e0+?80#un(Sa1gFc3%ZB~yg_;nePL#K=cwo)V-Yts2Aw_EjA=yYKq zkW-I7RD&jkf$Ebx=%RD;XwhWDa@Z(W7|tCuDNl^ZfmRs+8j5t2G*b^U1@4h5%TeaB zLl6X?!NMU;K9VQE6WSPe9pA|~Io&$0`NR2yBM5AiB14F-fn&XH_=VP_PCh(g{g|s)P_KB{UW)sWN)j z$de7Jh7HH&jS8h9&|+dCU^Q(=;CaGDk}EYD{$V;g{BLAmY=sv!Cq`QFg^o@K*(}sS z+0u$2G{osw&W5ECvIe6U%8Sn_htg$Bswdzf{}xInTyoP1@ddr zX_3-sE=C6Iha9?U5`&G+I~Xh#BlhXQ!CW8~GD6^P1?ep8rWNGT%YkjO$7Q$ctZ>GV zb6a#pb7L=J@+0?uXlra!!)=d!xUI9Xb?5E(etgDu3Qwo`=BAEqcieeT^IcoIKYI7} zmU#P)`?`K-`3s-_*zfLs_>oT?7#e-_@X05hocheE&z?SGWK5Brww{{Jxt_oH%;%nE zNzW6mH2zsET!blC`Q6GP!?n39&iXO$U}@=0+txEQ4ajA6KS#b^*J+~+BZCFHwwuv% zS{CKg)^q?163sUqtZ=BOXsuI&+#7gqFRYW1>rGpBzdBJKQfxdqIi|&gds}jU2gEY4 zSI@|jM!Z`?;jiyi@jvT0%&(32X!v6~p4ago>-c**{tq4Z^qt(@cary=?CD$B-M7H| z78q8gEOlgr9Z4Qxwqdgb>)DNUWZy}Yb(52`3-s*Tr|3DX;rwr$&}6z^M6 zXrWUpohWQ$x5ZK35Z}ULceb>)qr3@)t*nV~G^T{qCqSrxnzvHnUT4k$zp{P`|ZvMHINYqNRSF!CwmdBedhOXO6MhLT7A8+m`09qCY4fHi(U%T3?6F zDF@2ik7Eq^k5TS$d*|{dGv3}j*7{_7Gy5pACUGpF{BO(UPow;?)<{%S0pIu-7CH4Pcd*_!nCEK^3ZAiBB<;IcrzCyg6BO}?~IoRGj*t+ShXnF)jjsns7 zJsg)#udl;ymILMg7{?pP{}|BpW|3XzVuy(+xfGgC>g1bHYD19W__Jt!>}J0 z^dBOQ{1YUQ3caXdxpA_6E!OZ#Op!PuNtRXa0VuuWcIo8$`fkDlJ7Xea9+mwzLlX$w zo7k7=gQHKh(jmjEXJk~*vF;ljkmVaaWi|Y`jtBno%uP|FKBfkgV!A2PuTz-tX7G#x z4=!1P-iBidAJ3*(B8vn|xDGw!UIf;52So|Js4v zQ0f!vCkm@$cVjM!!Yi9RE1uoaL=P6 zrweCP`2`i#!q=vMA7Hp&QpRuA_{|%{9|bOv7|N+r<9BWl|4kVK$5nRu9HqUSiHi{b@n|NlYsg{$3jl|wlK=n! From 0c9faea2945bd0f5f82f963ab4f7c753699c713a Mon Sep 17 00:00:00 2001 From: DQ Date: Wed, 21 Oct 2020 17:19:02 +0800 Subject: [PATCH 2/3] Clean up Clair in prepare script Signed-off-by: DQ --- make/photon/prepare/commands/prepare.py | 15 +-- make/photon/prepare/g.py | 2 - make/photon/prepare/models.py | 7 -- make/photon/prepare/scripts/gencert.sh | 21 ---- .../prepare/templates/clair-adapter/env.jinja | 10 -- .../prepare/templates/clair/clair_env.jinja | 3 - .../prepare/templates/clair/config.yaml.jinja | 19 ---- .../templates/clair/postgres_env.jinja | 1 - .../clair/postgresql-init.d/README.md | 7 -- .../docker_compose/docker-compose.yml.jinja | 106 ------------------ make/photon/prepare/utils/clair.py | 43 ------- make/photon/prepare/utils/clair_adapter.py | 18 --- make/photon/prepare/utils/configs.py | 43 +------ make/photon/prepare/utils/core.py | 3 +- make/photon/prepare/utils/docker_compose.py | 5 +- 15 files changed, 9 insertions(+), 294 deletions(-) delete mode 100644 make/photon/prepare/templates/clair-adapter/env.jinja delete mode 100644 make/photon/prepare/templates/clair/clair_env.jinja delete mode 100644 make/photon/prepare/templates/clair/config.yaml.jinja delete mode 100644 make/photon/prepare/templates/clair/postgres_env.jinja delete mode 100644 make/photon/prepare/templates/clair/postgresql-init.d/README.md delete mode 100644 make/photon/prepare/utils/clair.py delete mode 100644 make/photon/prepare/utils/clair_adapter.py diff --git a/make/photon/prepare/commands/prepare.py b/make/photon/prepare/commands/prepare.py index 10b112d51..66ebd8dfc 100644 --- a/make/photon/prepare/commands/prepare.py +++ b/make/photon/prepare/commands/prepare.py @@ -15,8 +15,6 @@ from utils.registry_ctl import prepare_registry_ctl from utils.core import prepare_core from utils.notary import prepare_notary from utils.log import prepare_log_configs -from utils.clair import prepare_clair -from utils.clair_adapter import prepare_clair_adapter from utils.chart import prepare_chartmuseum from utils.docker_compose import prepare_docker_compose from utils.nginx import prepare_nginx, nginx_confd_dir @@ -30,13 +28,12 @@ old_private_key_pem_path, old_crt_path) @click.command() @click.option('--conf', default=input_config_path, help="the path of Harbor configuration file") @click.option('--with-notary', is_flag=True, help="the Harbor instance is to be deployed with notary") -@click.option('--with-clair', is_flag=True, help="the Harbor instance is to be deployed with clair") @click.option('--with-trivy', is_flag=True, help="the Harbor instance is to be deployed with Trivy") @click.option('--with-chartmuseum', is_flag=True, help="the Harbor instance is to be deployed with chart repository supporting") -def prepare(conf, with_notary, with_clair, with_trivy, with_chartmuseum): +def prepare(conf, with_notary, with_trivy, with_chartmuseum): delfile(config_dir) - config_dict = parse_yaml_config(conf, with_notary=with_notary, with_clair=with_clair, with_trivy=with_trivy, with_chartmuseum=with_chartmuseum) + config_dict = parse_yaml_config(conf, with_notary=with_notary, with_trivy=with_trivy, with_chartmuseum=with_chartmuseum) try: validate(config_dict, notary_mode=with_notary) except Exception as e: @@ -47,7 +44,7 @@ def prepare(conf, with_notary, with_clair, with_trivy, with_chartmuseum): prepare_portal(config_dict) prepare_log_configs(config_dict) prepare_nginx(config_dict) - prepare_core(config_dict, with_notary=with_notary, with_clair=with_clair, with_trivy=with_trivy, with_chartmuseum=with_chartmuseum) + prepare_core(config_dict, with_notary=with_notary, with_trivy=with_trivy, with_chartmuseum=with_chartmuseum) prepare_registry(config_dict) prepare_registry_ctl(config_dict) prepare_db(config_dict) @@ -68,14 +65,10 @@ def prepare(conf, with_notary, with_clair, with_trivy, with_chartmuseum): if with_notary: prepare_notary(config_dict, nginx_confd_dir, SSL_CERT_PATH, SSL_CERT_KEY_PATH) - if with_clair: - prepare_clair(config_dict) - prepare_clair_adapter(config_dict) - if with_trivy: prepare_trivy_adapter(config_dict) if with_chartmuseum: prepare_chartmuseum(config_dict) - prepare_docker_compose(config_dict, with_clair, with_trivy, with_notary, with_chartmuseum) + prepare_docker_compose(config_dict, with_trivy, with_notary, with_chartmuseum) diff --git a/make/photon/prepare/g.py b/make/photon/prepare/g.py index 3ae9ca6b4..66a116831 100644 --- a/make/photon/prepare/g.py +++ b/make/photon/prepare/g.py @@ -57,10 +57,8 @@ INTERNAL_NO_PROXY_DN = { 'jobservice', 'registry', 'registryctl', - 'clair', 'chartmuseum', 'notary-server', 'notary-signer', - 'clair-adapter', 'trivy-adapter', } diff --git a/make/photon/prepare/models.py b/make/photon/prepare/models.py index 4efc9b076..6ab26adf9 100644 --- a/make/photon/prepare/models.py +++ b/make/photon/prepare/models.py @@ -19,11 +19,6 @@ class InternalTLS: 'portal.crt', 'portal.key' } - clair_certs_filename = { - 'clair_adapter.crt', 'clair_adapter.key', - 'clair.crt', 'clair.key' - } - trivy_certs_filename = { 'trivy_adapter.crt', 'trivy_adapter.key', } @@ -49,8 +44,6 @@ class InternalTLS: self.tls_dir = tls_dir if self.enabled: self.required_filenames = self.harbor_certs_filename - if kwargs.get('with_clair'): - self.required_filenames.update(self.clair_certs_filename) if kwargs.get('with_notary'): self.required_filenames.update(self.notary_certs_filename) if kwargs.get('with_chartmuseum'): diff --git a/make/photon/prepare/scripts/gencert.sh b/make/photon/prepare/scripts/gencert.sh index a4a24c338..0d5a85c20 100755 --- a/make/photon/prepare/scripts/gencert.sh +++ b/make/photon/prepare/scripts/gencert.sh @@ -77,27 +77,6 @@ openssl req -new \ openssl x509 -req -days $DAYS -sha256 -in registryctl.csr -CA harbor_internal_ca.crt -CAkey harbor_internal_ca.key -CAcreateserial -out registryctl.crt - -# generate clair_adapter key -openssl req -new \ - -newkey rsa:4096 -nodes -sha256 -keyout clair_adapter.key \ - -out clair_adapter.csr \ - -subj "/C=CN/ST=Beijing/L=Beijing/O=VMware/CN=clair-adapter" - -# sign clair_adapter csr with CA certificate and key -openssl x509 -req -days $DAYS -sha256 -in clair_adapter.csr -CA harbor_internal_ca.crt -CAkey harbor_internal_ca.key -CAcreateserial -out clair_adapter.crt - - -# generate clair key -openssl req -new \ - -newkey rsa:4096 -nodes -sha256 -keyout clair.key \ - -out clair.csr \ - -subj "/C=CN/ST=Beijing/L=Beijing/O=VMware/CN=clair" - -# sign clair csr with CA certificate and key -openssl x509 -req -days $DAYS -sha256 -in clair.csr -CA harbor_internal_ca.crt -CAkey harbor_internal_ca.key -CAcreateserial -out clair.crt - - # generate trivy_adapter key openssl req -new \ -newkey rsa:4096 -nodes -sha256 -keyout trivy_adapter.key \ diff --git a/make/photon/prepare/templates/clair-adapter/env.jinja b/make/photon/prepare/templates/clair-adapter/env.jinja deleted file mode 100644 index 741071668..000000000 --- a/make/photon/prepare/templates/clair-adapter/env.jinja +++ /dev/null @@ -1,10 +0,0 @@ -SCANNER_LOG_LEVEL={{log_level}} -SCANNER_CLAIR_URL={{clair_url}} -SCANNER_CLAIR_DATABASE_URL=postgresql://{{clair_db_username}}:{{clair_db_password}}@{{clair_db_host}}:{{clair_db_port}}/{{clair_db_name}}?sslmode={{clair_db_sslmode}} -SCANNER_STORE_REDIS_URL={{redis_url_clair}} - -{%if internal_tls.enabled %} -SCANNER_API_SERVER_ADDR=:8443 -SCANNER_API_SERVER_TLS_CERTIFICATE=/etc/harbor/ssl/clair_adapter.crt -SCANNER_API_SERVER_TLS_KEY=/etc/harbor/ssl/clair_adapter.key -{% endif %} diff --git a/make/photon/prepare/templates/clair/clair_env.jinja b/make/photon/prepare/templates/clair/clair_env.jinja deleted file mode 100644 index 3825ca8fb..000000000 --- a/make/photon/prepare/templates/clair/clair_env.jinja +++ /dev/null @@ -1,3 +0,0 @@ -HTTP_PROXY={{clair_http_proxy}} -HTTPS_PROXY={{clair_https_proxy}} -NO_PROXY={{clair_no_proxy}} diff --git a/make/photon/prepare/templates/clair/config.yaml.jinja b/make/photon/prepare/templates/clair/config.yaml.jinja deleted file mode 100644 index 210df726c..000000000 --- a/make/photon/prepare/templates/clair/config.yaml.jinja +++ /dev/null @@ -1,19 +0,0 @@ -clair: - database: - type: pgsql - options: - source: postgresql://{{clair_db_username}}:{{clair_db_password}}@{{clair_db_host}}:{{clair_db_port}}/{{clair_db_name}}?sslmode={{clair_db_sslmode}} - - # Number of elements kept in the cache - # Values unlikely to change (e.g. namespaces) are cached in order to save prevent needless roundtrips to the database. - cachesize: 16384 - - api: - # API server port - port: 6060 - healthport: 6061 - - # Deadline before an API request will respond with a 503 - timeout: 300s - updater: - interval: {{clair_updaters_interval}}h diff --git a/make/photon/prepare/templates/clair/postgres_env.jinja b/make/photon/prepare/templates/clair/postgres_env.jinja deleted file mode 100644 index 2ce179fb1..000000000 --- a/make/photon/prepare/templates/clair/postgres_env.jinja +++ /dev/null @@ -1 +0,0 @@ -POSTGRES_PASSWORD={{clair_db_password}} diff --git a/make/photon/prepare/templates/clair/postgresql-init.d/README.md b/make/photon/prepare/templates/clair/postgresql-init.d/README.md deleted file mode 100644 index b786ea8c6..000000000 --- a/make/photon/prepare/templates/clair/postgresql-init.d/README.md +++ /dev/null @@ -1,7 +0,0 @@ -This folder used to run some initial sql for clair if needed. - -Just put the sql file in this directory and then start the -clair . - -both .sql and .gz format supported - diff --git a/make/photon/prepare/templates/docker_compose/docker-compose.yml.jinja b/make/photon/prepare/templates/docker_compose/docker-compose.yml.jinja index 8632055de..1969b3d73 100644 --- a/make/photon/prepare/templates/docker_compose/docker-compose.yml.jinja +++ b/make/photon/prepare/templates/docker_compose/docker-compose.yml.jinja @@ -61,9 +61,6 @@ services: {% endif %} networks: - harbor -{% if with_clair %} - - harbor-clair -{% endif %} dns_search: . depends_on: - log @@ -136,11 +133,6 @@ services: harbor-notary: aliases: - harbor-db - {% endif %} - {% if with_clair %} - harbor-clair: - aliases: - - harbor-db {% endif %} dns_search: . env_file: @@ -198,11 +190,6 @@ services: {% if with_notary %} harbor-notary: {% endif %} -{% if with_clair %} - harbor-clair: - aliases: - - harbor-core -{% endif %} {% if with_chartmuseum %} harbor-chartmuseum: aliases: @@ -287,9 +274,6 @@ services: {% endif %} networks: - harbor -{% if with_clair %} - - harbor-clair -{% endif %} dns_search: . depends_on: - core @@ -317,11 +301,6 @@ services: harbor-chartmuseum: aliases: - redis - {% endif %} - {% if with_clair %} - harbor-clair: - aliases: - - redis {% endif %} dns_search: . depends_on: @@ -468,87 +447,6 @@ services: syslog-address: "tcp://127.0.0.1:1514" tag: "notary-signer" {% endif %} -{% if with_clair %} - clair: - networks: - - harbor-clair - container_name: clair - image: goharbor/clair-photon:{{clair_version}} - restart: always - cap_drop: - - ALL - cap_add: - - DAC_OVERRIDE - - SETGID - - SETUID - cpu_quota: 50000 - dns_search: . - depends_on: - - log - {% if external_database == False %} - - postgresql - {% endif %} - volumes: - - type: bind - source: ./common/config/clair/config.yaml - target: /etc/clair/config.yaml - - type: bind - source: ./common/config/shared/trust-certificates - target: /harbor_cust_cert -{%if internal_tls.enabled %} - - type: bind - source: {{internal_tls.clair_crt_path}} - target: /etc/harbor/ssl/clair.crt - - type: bind - source: {{internal_tls.clair_key_path}} - target: /etc/harbor/ssl/clair.key -{% endif %} - logging: - driver: "syslog" - options: - syslog-address: "tcp://127.0.0.1:1514" - tag: "clair" - env_file: - ./common/config/clair/clair_env - clair-adapter: - networks: - - harbor-clair - container_name: clair-adapter - image: goharbor/clair-adapter-photon:{{clair_adapter_version}} - restart: always - cap_drop: - - ALL - cap_add: - - DAC_OVERRIDE - - SETGID - - SETUID - cpu_quota: 50000 - dns_search: . - depends_on: - - clair -{% if external_redis == False %} - - redis -{% endif %} - volumes: - - type: bind - source: ./common/config/shared/trust-certificates - target: /harbor_cust_cert -{%if internal_tls.enabled %} - - type: bind - source: {{internal_tls.clair_adapter_crt_path}} - target: /etc/harbor/ssl/clair_adapter.crt - - type: bind - source: {{internal_tls.clair_adapter_key_path}} - target: /etc/harbor/ssl/clair_adapter.key -{% endif %} - logging: - driver: "syslog" - options: - syslog-address: "tcp://127.0.0.1:1514" - tag: "clair-adapter" - env_file: - ./common/config/clair-adapter/env -{% endif %} {% if with_trivy %} trivy-adapter: container_name: trivy-adapter @@ -643,10 +541,6 @@ networks: notary-sig: external: false {% endif %} -{% if with_clair %} - harbor-clair: - external: false -{% endif %} {% if with_chartmuseum %} harbor-chartmuseum: external: false diff --git a/make/photon/prepare/utils/clair.py b/make/photon/prepare/utils/clair.py deleted file mode 100644 index 8d8680249..000000000 --- a/make/photon/prepare/utils/clair.py +++ /dev/null @@ -1,43 +0,0 @@ -import os, shutil - -from g import templates_dir, config_dir, DEFAULT_UID, DEFAULT_GID -from .jinja import render_jinja -from .misc import prepare_dir - -clair_template_dir = os.path.join(templates_dir, "clair") - -def prepare_clair(config_dict): - clair_config_dir = prepare_dir(config_dir, "clair") - - if os.path.exists(os.path.join(clair_config_dir, "postgresql-init.d")): - print("Copying offline data file for clair DB") - shutil.rmtree(os.path.join(clair_config_dir, "postgresql-init.d")) - - shutil.copytree(os.path.join(clair_template_dir, "postgresql-init.d"), os.path.join(clair_config_dir, "postgresql-init.d")) - - postgres_env_path = os.path.join(clair_config_dir, "postgres_env") - postgres_env_template = os.path.join(clair_template_dir, "postgres_env.jinja") - - clair_config_path = os.path.join(clair_config_dir, "config.yaml") - clair_config_template = os.path.join(clair_template_dir, "config.yaml.jinja") - - clair_env_path = os.path.join(clair_config_dir, "clair_env") - clair_env_template = os.path.join(clair_template_dir, "clair_env.jinja") - - render_jinja( - postgres_env_template, - postgres_env_path, - **config_dict) - - render_jinja( - clair_config_template, - clair_config_path, - uid=DEFAULT_UID, - gid=DEFAULT_GID, - **config_dict) - - # config http proxy for Clair - render_jinja( - clair_env_template, - clair_env_path, - **config_dict) diff --git a/make/photon/prepare/utils/clair_adapter.py b/make/photon/prepare/utils/clair_adapter.py deleted file mode 100644 index 8a55d0900..000000000 --- a/make/photon/prepare/utils/clair_adapter.py +++ /dev/null @@ -1,18 +0,0 @@ -import os - -from g import templates_dir, config_dir -from .jinja import render_jinja -from .misc import prepare_dir - -clair_adapter_template_dir = os.path.join(templates_dir, "clair-adapter") - -def prepare_clair_adapter(config_dict): - clair_adapter_config_dir = prepare_dir(config_dir, "clair-adapter") - - clair_adapter_env_path = os.path.join(clair_adapter_config_dir, "env") - clair_adapter_env_template = os.path.join(clair_adapter_template_dir, "env.jinja") - - render_jinja( - clair_adapter_env_template, - clair_adapter_env_path, - **config_dict) diff --git a/make/photon/prepare/utils/configs.py b/make/photon/prepare/utils/configs.py index ef33c243d..ebbea2bb2 100644 --- a/make/photon/prepare/utils/configs.py +++ b/make/photon/prepare/utils/configs.py @@ -85,7 +85,7 @@ def parse_versions(): return versions -def parse_yaml_config(config_file_path, with_notary, with_clair, with_trivy, with_chartmuseum): +def parse_yaml_config(config_file_path, with_notary, with_trivy, with_chartmuseum): ''' :param configs: config_parser object :returns: dict of configs @@ -102,8 +102,6 @@ def parse_yaml_config(config_file_path, with_notary, with_clair, with_trivy, wit 'core_local_url': 'http://127.0.0.1:8080', 'token_service_url': 'http://core:8080/service/token', 'jobservice_url': 'http://jobservice:8080', - 'clair_url': 'http://clair:6060', - 'clair_adapter_url': 'http://clair-adapter:8080', 'trivy_adapter_url': 'http://trivy-adapter:8080', 'notary_url': 'http://notary-server:4443', 'chart_repository_url': 'http://chartmuseum:9999' @@ -149,15 +147,6 @@ def parse_yaml_config(config_file_path, with_notary, with_clair, with_trivy, wit config_dict['harbor_db_max_idle_conns'] = db_configs.get("max_idle_conns") or default_db_max_idle_conns config_dict['harbor_db_max_open_conns'] = db_configs.get("max_open_conns") or default_db_max_open_conns - if with_clair: - # clair db - config_dict['clair_db_host'] = 'postgresql' - config_dict['clair_db_port'] = 5432 - config_dict['clair_db_name'] = 'postgres' - config_dict['clair_db_username'] = 'postgres' - config_dict['clair_db_password'] = db_configs.get("password") or '' - config_dict['clair_db_sslmode'] = 'disable' - if with_notary: # notary signer config_dict['notary_signer_db_host'] = 'postgresql' @@ -224,12 +213,6 @@ def parse_yaml_config(config_file_path, with_notary, with_clair, with_trivy, wit config_dict[proxy_component + '_https_proxy'] = proxy_config.get('https_proxy') or '' config_dict[proxy_component + '_no_proxy'] = ','.join(all_no_proxy) - # Clair configs, optional - clair_configs = configs.get("clair") or {} - config_dict['clair_db'] = 'postgres' - updaters_interval = clair_configs.get("updaters_interval", None) - config_dict['clair_updaters_interval'] = 12 if updaters_interval is None else updaters_interval - # Trivy configs, optional trivy_configs = configs.get("trivy") or {} config_dict['trivy_github_token'] = trivy_configs.get("github_token") or '' @@ -292,14 +275,6 @@ def parse_yaml_config(config_file_path, with_notary, with_clair, with_trivy, wit config_dict['harbor_db_max_idle_conns'] = external_db_configs['harbor'].get("max_idle_conns") or default_db_max_idle_conns config_dict['harbor_db_max_open_conns'] = external_db_configs['harbor'].get("max_open_conns") or default_db_max_open_conns - if with_clair: - # clair db - config_dict['clair_db_host'] = external_db_configs['clair']['host'] - config_dict['clair_db_port'] = external_db_configs['clair']['port'] - config_dict['clair_db_name'] = external_db_configs['clair']['db_name'] - config_dict['clair_db_username'] = external_db_configs['clair']['username'] - config_dict['clair_db_password'] = external_db_configs['clair']['password'] - config_dict['clair_db_sslmode'] = external_db_configs['clair']['ssl_mode'] if with_notary: # notary signer config_dict['notary_signer_db_host'] = external_db_configs['notary_signer']['host'] @@ -319,7 +294,7 @@ def parse_yaml_config(config_file_path, with_notary, with_clair, with_trivy, wit config_dict['external_database'] = False # update redis configs - config_dict.update(get_redis_configs(configs.get("external_redis", None), with_clair, with_trivy)) + config_dict.update(get_redis_configs(configs.get("external_redis", None), with_trivy)) # auto generated secret string for core config_dict['core_secret'] = generate_random_string(16) @@ -339,7 +314,6 @@ def parse_yaml_config(config_file_path, with_notary, with_clair, with_trivy, wit internal_tls_config['dir'], configs['data_volume'], with_notary=with_notary, - with_clair=with_clair, with_trivy=with_trivy, with_chartmuseum=with_chartmuseum, external_database=config_dict['external_database']) @@ -361,7 +335,6 @@ def parse_yaml_config(config_file_path, with_notary, with_clair, with_trivy, wit config_dict['core_local_url'] = 'https://core:8443' config_dict['token_service_url'] = 'https://core:8443/service/token' config_dict['jobservice_url'] = 'https://jobservice:8443' - config_dict['clair_adapter_url'] = 'https://clair-adapter:8443' config_dict['trivy_adapter_url'] = 'https://trivy-adapter:8443' # config_dict['notary_url'] = 'http://notary-server:4443' config_dict['chart_repository_url'] = 'https://chartmuseum:9443' @@ -404,7 +377,7 @@ def get_redis_url_param(redis=None): return "" -def get_redis_configs(external_redis=None, with_clair=True, with_trivy=True): +def get_redis_configs(external_redis=None, with_trivy=True): """Returns configs for redis >>> get_redis_configs()['external_redis'] @@ -413,8 +386,6 @@ def get_redis_configs(external_redis=None, with_clair=True, with_trivy=True): 'redis://redis:6379/1' >>> get_redis_configs()['redis_url_js'] 'redis://redis:6379/2' - >>> get_redis_configs()['redis_url_clair'] - 'redis://redis:6379/4' >>> get_redis_configs()['trivy_redis_url'] 'redis://redis:6379/5' @@ -433,13 +404,9 @@ def get_redis_configs(external_redis=None, with_clair=True, with_trivy=True): 'redis://anonymous:pass@localhost:6379/1' >>> get_redis_configs({'host': 'localhost', 'password': 'pass'})['redis_url_js'] 'redis://anonymous:pass@localhost:6379/2' - >>> get_redis_configs({'host': 'localhost', 'password': 'pass'})['redis_url_clair'] - 'redis://anonymous:pass@localhost:6379/4' >>> get_redis_configs({'host': 'localhost', 'password': 'pass'})['trivy_redis_url'] 'redis://anonymous:pass@localhost:6379/5' - >>> 'redis_url_clair' not in get_redis_configs(with_clair=False) - True >>> 'trivy_redis_url' not in get_redis_configs(with_trivy=False) True """ @@ -454,7 +421,6 @@ def get_redis_configs(external_redis=None, with_clair=True, with_trivy=True): 'registry_db_index': 1, 'jobservice_db_index': 2, 'chartmuseum_db_index': 3, - 'clair_db_index': 4, 'trivy_db_index': 5, 'idle_timeout_seconds': 30, } @@ -467,9 +433,6 @@ def get_redis_configs(external_redis=None, with_clair=True, with_trivy=True): configs['redis_url_js'] = get_redis_url(redis['jobservice_db_index'], redis) configs['redis_url_reg'] = get_redis_url(redis['registry_db_index'], redis) - if with_clair: - configs['redis_url_clair'] = get_redis_url(redis['clair_db_index'], redis) - if with_trivy: configs['trivy_redis_url'] = get_redis_url(redis['trivy_db_index'], redis) diff --git a/make/photon/prepare/utils/core.py b/make/photon/prepare/utils/core.py index d803431f2..ee29f400a 100644 --- a/make/photon/prepare/utils/core.py +++ b/make/photon/prepare/utils/core.py @@ -13,7 +13,7 @@ core_conf = os.path.join(config_dir, "core", "app.conf") ca_download_dir = os.path.join(data_dir, 'ca_download') -def prepare_core(config_dict, with_notary, with_clair, with_trivy, with_chartmuseum): +def prepare_core(config_dict, with_notary, with_trivy, with_chartmuseum): prepare_dir(ca_download_dir, uid=DEFAULT_UID, gid=DEFAULT_GID) prepare_dir(core_config_dir) # Render Core @@ -29,7 +29,6 @@ def prepare_core(config_dict, with_notary, with_clair, with_trivy, with_chartmus core_conf_env, chart_cache_driver=chart_cache_driver, with_notary=with_notary, - with_clair=with_clair, with_trivy=with_trivy, with_chartmuseum=with_chartmuseum, csrf_key=generate_random_string(32), diff --git a/make/photon/prepare/utils/docker_compose.py b/make/photon/prepare/utils/docker_compose.py index ce6ba31fe..0121175dc 100644 --- a/make/photon/prepare/utils/docker_compose.py +++ b/make/photon/prepare/utils/docker_compose.py @@ -8,7 +8,7 @@ docker_compose_template_path = os.path.join(templates_dir, 'docker_compose', 'do docker_compose_yml_path = '/compose_location/docker-compose.yml' # render docker-compose -def prepare_docker_compose(configs, with_clair, with_trivy, with_notary, with_chartmuseum): +def prepare_docker_compose(configs, with_trivy, with_notary, with_chartmuseum): versions = parse_versions() VERSION_TAG = versions.get('VERSION_TAG') or 'dev' @@ -17,8 +17,6 @@ def prepare_docker_compose(configs, with_clair, with_trivy, with_notary, with_ch 'reg_version': VERSION_TAG, 'redis_version': VERSION_TAG, 'notary_version': VERSION_TAG, - 'clair_version': VERSION_TAG, - 'clair_adapter_version': VERSION_TAG, 'trivy_adapter_version': VERSION_TAG, 'chartmuseum_version': VERSION_TAG, 'data_volume': configs['data_volume'], @@ -28,7 +26,6 @@ def prepare_docker_compose(configs, with_clair, with_trivy, with_notary, with_ch 'external_redis': configs['external_redis'], 'external_database': configs['external_database'], 'with_notary': with_notary, - 'with_clair': with_clair, 'with_trivy': with_trivy, 'with_chartmuseum': with_chartmuseum } From c10a6325d821e711ca2fff4e879e9058ad92906f Mon Sep 17 00:00:00 2001 From: DQ Date: Mon, 9 Nov 2020 19:36:17 +0800 Subject: [PATCH 3/3] Add deprecated msg for clair Signed-off-by: DQ --- make/install.sh | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/make/install.sh b/make/install.sh index 6ee85c9b3..1cc2070d3 100755 --- a/make/install.sh +++ b/make/install.sh @@ -15,6 +15,8 @@ item=0 # notary is not enabled by default with_notary=$false +# clair is deprecated +with_clair=$false # trivy is not enabled by default with_trivy=$false # chartmuseum is not enabled by default @@ -27,6 +29,8 @@ while [ $# -gt 0 ]; do exit 0;; --with-notary) with_notary=true;; + --with-clair) + with_clair=true;; --with-trivy) with_trivy=true;; --with-chartmuseum) @@ -38,6 +42,12 @@ while [ $# -gt 0 ]; do shift || true done +if [ $with_clair ] +then + error "Clair is deprecated please remove it from installation arguments !!!" + exit 1 +fi + workdir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" cd $workdir