From 54c9d1260f3b7756794a8b8c13e0080831c29203 Mon Sep 17 00:00:00 2001
From: chenjiankun <chenjiankun1@huawei.com>
Date: Thu, 15 Sep 2022 17:31:01 +0800
Subject: [PATCH] docker: ensure layer digest folder removed if
 ls.driver.Remove fails

If image pull fails of context canceled, image layer will perform a
rollback operation. When image layer is released, the diff folder of layer
will be removed first, and then the digest folder will be removed.
If the diff folder fails to be removed, such as operation not permitted or
interrupted by others, both the digest folder and diff folder will remain
on the disk, this will cause image not be complete and not repairable.

So we should remove the digest folder first for image layers rollback
and ensure image can be re-pulled completely.
---
 VERSION-openeuler                             |  2 +-
 docker.spec                                   |  8 ++-
 git-commit                                    |  2 +-
 ...yer-digest-folder-removed-if-ls.driv.patch | 68 +++++++++++++++++++
 series.conf                                   |  1 +
 5 files changed, 78 insertions(+), 3 deletions(-)
 create mode 100644 patch/0232-docker-ensure-layer-digest-folder-removed-if-ls.driv.patch

diff --git a/VERSION-openeuler b/VERSION-openeuler
index 5ee9620..f4d4b29 100644
--- a/VERSION-openeuler
+++ b/VERSION-openeuler
@@ -1 +1 @@
-18.09.0.309
+18.09.0.310
diff --git a/docker.spec b/docker.spec
index 957d0a3..0593e22 100644
--- a/docker.spec
+++ b/docker.spec
@@ -1,6 +1,6 @@
 Name: docker-engine
 Version: 18.09.0
-Release: 309
+Release: 310
 Summary: The open-source application container engine
 Group: Tools/Docker
 
@@ -212,6 +212,12 @@ fi
 %endif
 
 %changelog
+* Thu Sep 15 2022 chenjiankun<chenjiankun1@huawei.com> - 18.09.0-310
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC:ensure layer digest folder removed if ls.driver.Remove fails
+
 * Thu Sep 15 2022 chenjiankun<chenjiankun1@huawei.com> - 18.09.0-309
 - Type:CVE
 - CVE:CVE-2022-36109
diff --git a/git-commit b/git-commit
index 54f45c8..a5e282d 100644
--- a/git-commit
+++ b/git-commit
@@ -1 +1 @@
-1f53e790e570d524f6ebf5b81c914ddda97f0924
+faa0fdd6145546a28a82b18855466b66b5bb77f5
diff --git a/patch/0232-docker-ensure-layer-digest-folder-removed-if-ls.driv.patch b/patch/0232-docker-ensure-layer-digest-folder-removed-if-ls.driv.patch
new file mode 100644
index 0000000..a554b8f
--- /dev/null
+++ b/patch/0232-docker-ensure-layer-digest-folder-removed-if-ls.driv.patch
@@ -0,0 +1,68 @@
+From ef17936c73849e17039f0b1558f6a87f70a35890 Mon Sep 17 00:00:00 2001
+From: zhangsong <zhangsong34@huawei.com>
+Date: Mon, 29 Aug 2022 11:41:15 +0800
+Subject: [PATCH] docker: ensure layer digest folder removed if
+ ls.driver.Remove fails
+
+If image pull fails of context canceled, image layer will perform a
+rollback operation. When image layer is released, the diff folder
+of layer will be removed first, and then the digest folder will be
+removed. If the diff folder fails to be removed, such as operation
+not permitted or interrupted by others, both the digest folder and diff
+folder will remain on the disk, this will cause image not be complete
+and not repairable.
+
+So we should remove the digest folder first for image layers rollback
+and ensure image can be re-pulled completely.
+
+Signed-off-by: zhangsong <zhangsong34@huawei.com>
+---
+ components/engine/layer/layer_store.go | 14 ++++++++++++--
+ 1 file changed, 12 insertions(+), 2 deletions(-)
+
+diff --git a/components/engine/layer/layer_store.go b/components/engine/layer/layer_store.go
+index c514ed80..e3030c3c 100644
+--- a/components/engine/layer/layer_store.go
++++ b/components/engine/layer/layer_store.go
+@@ -311,6 +311,8 @@ func (ls *layerStore) registerWithDescriptor(ts io.Reader, parent ChainID, descr
+ 		// Release parent chain if error
+ 		defer func() {
+ 			if err != nil {
++				logrus.Errorf("Create layer cache id: %s, diff id: %s, chain id: %s, error: %v",
++					p.cacheID, p.diffID, p.chainID, err)
+ 				ls.layerL.Lock()
+ 				ls.releaseLayer(p)
+ 				ls.layerL.Unlock()
+@@ -428,12 +430,18 @@ func (ls *layerStore) Map() map[ChainID]Layer {
+ }
+ 
+ func (ls *layerStore) deleteLayer(layer *roLayer, metadata *Metadata) error {
+-	err := ls.driver.Remove(layer.cacheID)
++	logrus.Debugf("Deleting layer cache id: %s, diff id: %s, chain id: %s",
++		layer.cacheID, layer.diffID, layer.chainID)
++	err := ls.store.Remove(layer.chainID)
+ 	if err != nil {
++		logrus.Errorf("Remove layer store: cache id: %s, diff id: %s, chain id: %s, error: %v",
++			layer.cacheID, layer.diffID, layer.chainID, err)
+ 		return err
+ 	}
+-	err = ls.store.Remove(layer.chainID)
++	err = ls.driver.Remove(layer.cacheID)
+ 	if err != nil {
++		logrus.Errorf("Remove driver store: cache id: %s, diff id: %s, chain id: %s, error: %v",
++			layer.cacheID, layer.diffID, layer.chainID, err)
+ 		return err
+ 	}
+ 	metadata.DiffID = layer.diffID
+@@ -444,6 +452,8 @@ func (ls *layerStore) deleteLayer(layer *roLayer, metadata *Metadata) error {
+ 	}
+ 	metadata.DiffSize = layer.size
+ 
++	logrus.Debugf("Delete layer cache id: %s, diff id: %s, chain id: %s done",
++		layer.cacheID, layer.diffID, layer.chainID)
+ 	return nil
+ }
+ 
+-- 
+2.27.0
+
diff --git a/series.conf b/series.conf
index f7f469c..30ce8a5 100644
--- a/series.conf
+++ b/series.conf
@@ -229,4 +229,5 @@ patch/0228-docker-registry-ensure-default-auth-config-has-address.patch
 patch/0229-docker-fix-terminal-abnormal-after-docker-run.patch
 patch/0230-docker-Add-an-ExitPid-field-for-State-struct-to-reco.patch
 patch/0231-docker-AdditionalGids-must-include-effective-group-I.patch
+patch/0232-docker-ensure-layer-digest-folder-removed-if-ls.driv.patch
 #end