diff options
Diffstat (limited to 'nixpkgs/pkgs/servers/http/pomerium/external-envoy.diff')
-rw-r--r-- | nixpkgs/pkgs/servers/http/pomerium/external-envoy.diff | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/nixpkgs/pkgs/servers/http/pomerium/external-envoy.diff b/nixpkgs/pkgs/servers/http/pomerium/external-envoy.diff new file mode 100644 index 000000000000..49f4985ad77c --- /dev/null +++ b/nixpkgs/pkgs/servers/http/pomerium/external-envoy.diff @@ -0,0 +1,48 @@ +diff --git a/pkg/envoy/envoy.go b/pkg/envoy/envoy.go +index e32cfc29..9d32c057 100644 +--- a/pkg/envoy/envoy.go ++++ b/pkg/envoy/envoy.go +@@ -8,9 +8,9 @@ import ( + "errors" + "fmt" + "io" ++ "io/fs" + "os" + "os/exec" +- "path" + "path/filepath" + "regexp" + "strconv" +@@ -36,8 +36,12 @@ import ( + + const ( + configFileName = "envoy-config.yaml" ++ workingDirectoryName = ".pomerium-envoy" ++ embeddedEnvoyPermissions fs.FileMode = 0o700 + ) + ++var OverrideEnvoyPath = "" ++ + type serverOptions struct { + services string + logLevel string +@@ -60,13 +64,16 @@ type Server struct { + + // NewServer creates a new server with traffic routed by envoy. + func NewServer(ctx context.Context, src config.Source, builder *envoyconfig.Builder) (*Server, error) { +- envoyPath, err := Extract() ++ envoyPath := OverrideEnvoyPath ++ wd := filepath.Join(os.TempDir(), workingDirectoryName) ++ ++ err := os.MkdirAll(wd, embeddedEnvoyPermissions) + if err != nil { +- return nil, fmt.Errorf("extracting envoy: %w", err) ++ return nil, fmt.Errorf("error creating temporary working directory for envoy: %w", err) + } + + srv := &Server{ +- wd: path.Dir(envoyPath), ++ wd: wd, + builder: builder, + grpcPort: src.GetConfig().GRPCPort, + httpPort: src.GetConfig().HTTPPort, |