pkgs/servers/http/pomerium/external-envoy.diff at netboot-syslinux-multiplatform

tjh.dev / nixpkgs

fork atom

nixpkgs mirror (for testing) github.com/NixOS/nixpkgs

nix

fork atom

nixpkgs / pkgs / servers / http / pomerium / external-envoy.diff

at netboot-syslinux-multiplatform 48 lines 1.3 kB view raw

wrap content

 1diff --git a/pkg/envoy/envoy.go b/pkg/envoy/envoy.go
 2index e32cfc29..9d32c057 100644
 3--- a/pkg/envoy/envoy.go
 4+++ b/pkg/envoy/envoy.go
 5@@ -8,9 +8,9 @@ import (
 6 	"errors"
 7 	"fmt"
 8 	"io"
 9+	"io/fs"
10 	"os"
11 	"os/exec"
12-	"path"
13 	"path/filepath"
14 	"regexp"
15 	"strconv"
16@@ -36,8 +36,12 @@ import (
17 
18 const (
19 	configFileName = "envoy-config.yaml"
20+	workingDirectoryName = ".pomerium-envoy"
21+	embeddedEnvoyPermissions     fs.FileMode = 0o700
22 )
23 
24+var OverrideEnvoyPath = ""
25+
26 type serverOptions struct {
27 	services string
28 	logLevel string
29@@ -60,13 +64,16 @@ type Server struct {
30 
31 // NewServer creates a new server with traffic routed by envoy.
32 func NewServer(ctx context.Context, src config.Source, builder *envoyconfig.Builder) (*Server, error) {
33-	envoyPath, err := Extract()
34+	envoyPath := OverrideEnvoyPath
35+	wd := filepath.Join(os.TempDir(), workingDirectoryName)
36+
37+	err := os.MkdirAll(wd, embeddedEnvoyPermissions)
38 	if err != nil {
39-		return nil, fmt.Errorf("extracting envoy: %w", err)
40+		return nil, fmt.Errorf("error creating temporary working directory for envoy: %w", err)
41 	}
42 
43 	srv := &Server{
44-		wd:        path.Dir(envoyPath),
45+		wd:        wd,
46 		builder:   builder,
47 		grpcPort:  src.GetConfig().GRPCPort,
48 		httpPort:  src.GetConfig().HTTPPort,