!125 docker: ensure layer digest folder removed if ls.driver.Remove fails

From: @jackchan8 
Reviewed-by: @zhangsong234, @duguhaotian 
Signed-off-by: @duguhaotian

VERSION-openeuler

@@ -1 +1 @@
-18.09.0.309
+18.09.0.310

docker.spec

@@ -1,6 +1,6 @@
 Name: docker-engine
 Version: 18.09.0
-Release: 309
+Release: 310
 Summary: The open-source application container engine
 Group: Tools/Docker
 
@@ -212,6 +212,12 @@ fi
 %endif
 
 %changelog
+* Thu Sep 15 2022 chenjiankun<chenjiankun1@huawei.com> - 18.09.0-310
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC:ensure layer digest folder removed if ls.driver.Remove fails
+
 * Thu Sep 15 2022 chenjiankun<chenjiankun1@huawei.com> - 18.09.0-309
 - Type:CVE
 - CVE:CVE-2022-36109

git-commit

@@ -1 +1 @@
-1f53e790e570d524f6ebf5b81c914ddda97f0924
+faa0fdd6145546a28a82b18855466b66b5bb77f5

patch/0232-docker-ensure-layer-digest-folder-removed-if-ls.driv.patch

@@ -0,0 +1,68 @@
+From ef17936c73849e17039f0b1558f6a87f70a35890 Mon Sep 17 00:00:00 2001
+From: zhangsong <zhangsong34@huawei.com>
+Date: Mon, 29 Aug 2022 11:41:15 +0800
+Subject: [PATCH] docker: ensure layer digest folder removed if
+ ls.driver.Remove fails
+
+If image pull fails of context canceled, image layer will perform a
+rollback operation. When image layer is released, the diff folder
+of layer will be removed first, and then the digest folder will be
+removed. If the diff folder fails to be removed, such as operation
+not permitted or interrupted by others, both the digest folder and diff
+folder will remain on the disk, this will cause image not be complete
+and not repairable.
+
+So we should remove the digest folder first for image layers rollback
+and ensure image can be re-pulled completely.
+
+Signed-off-by: zhangsong <zhangsong34@huawei.com>
+---
+ components/engine/layer/layer_store.go | 14 ++++++++++++--
+ 1 file changed, 12 insertions(+), 2 deletions(-)
+
+diff --git a/components/engine/layer/layer_store.go b/components/engine/layer/layer_store.go
+index c514ed80..e3030c3c 100644
+--- a/components/engine/layer/layer_store.go
++++ b/components/engine/layer/layer_store.go
+@@ -311,6 +311,8 @@ func (ls *layerStore) registerWithDescriptor(ts io.Reader, parent ChainID, descr
+ 		// Release parent chain if error
+ 		defer func() {
+ 			if err != nil {
++				logrus.Errorf("Create layer cache id: %s, diff id: %s, chain id: %s, error: %v",
++					p.cacheID, p.diffID, p.chainID, err)
+ 				ls.layerL.Lock()
+ 				ls.releaseLayer(p)
+ 				ls.layerL.Unlock()
+@@ -428,12 +430,18 @@ func (ls *layerStore) Map() map[ChainID]Layer {
+ }
+ 
+ func (ls *layerStore) deleteLayer(layer *roLayer, metadata *Metadata) error {
+-	err := ls.driver.Remove(layer.cacheID)
++	logrus.Debugf("Deleting layer cache id: %s, diff id: %s, chain id: %s",
++		layer.cacheID, layer.diffID, layer.chainID)
++	err := ls.store.Remove(layer.chainID)
+ 	if err != nil {
++		logrus.Errorf("Remove layer store: cache id: %s, diff id: %s, chain id: %s, error: %v",
++			layer.cacheID, layer.diffID, layer.chainID, err)
+ 		return err
+ 	}
+-	err = ls.store.Remove(layer.chainID)
++	err = ls.driver.Remove(layer.cacheID)
+ 	if err != nil {
++		logrus.Errorf("Remove driver store: cache id: %s, diff id: %s, chain id: %s, error: %v",
++			layer.cacheID, layer.diffID, layer.chainID, err)
+ 		return err
+ 	}
+ 	metadata.DiffID = layer.diffID
+@@ -444,6 +452,8 @@ func (ls *layerStore) deleteLayer(layer *roLayer, metadata *Metadata) error {
+ 	}
+ 	metadata.DiffSize = layer.size
+ 
++	logrus.Debugf("Delete layer cache id: %s, diff id: %s, chain id: %s done",
++		layer.cacheID, layer.diffID, layer.chainID)
+ 	return nil
+ }
+ 
+-- 
+2.27.0
+

series.conf

@@ -229,4 +229,5 @@ patch/0228-docker-registry-ensure-default-auth-config-has-address.patch
 patch/0229-docker-fix-terminal-abnormal-after-docker-run.patch
 patch/0230-docker-Add-an-ExitPid-field-for-State-struct-to-reco.patch
 patch/0231-docker-AdditionalGids-must-include-effective-group-I.patch
+patch/0232-docker-ensure-layer-digest-folder-removed-if-ls.driv.patch
 #end