!95 iSulad: update from master

From: @zh_xiaoyu Reviewed-by: @lifeng2221dd1 Signed-off-by: @lifeng2221dd1
2020-12-08 17:35:47 +08:00 · 2020-12-08 17:35:47 +08:00 · 6557a6eb9e
commit 6557a6eb9e
parent a1fce1239d d4dc71e1d1
6 changed files with 785 additions and 1 deletions
--- a/0019-add-g_oci_image_module_data-in-oci-image-module.patch
+++ b/0019-add-g_oci_image_module_data-in-oci-image-module.patch
@ -0,0 +1,638 @@
+From 0f4d5658caf7e3870b126c3e2314cfc1edc35419 Mon Sep 17 00:00:00 2001
+From: zhangxiaoyu <zhangxiaoyu58@huawei.com>
+Date: Tue, 1 Dec 2020 14:39:59 +0800
+Subject: [PATCH] add g_oci_image_module_data in oci image module
+
+Signed-off-by: zhangxiaoyu <zhangxiaoyu58@huawei.com>
+---
+ src/daemon/modules/image/CMakeLists.txt       |  2 -
+ src/daemon/modules/image/oci/oci_image.c      | 93 ++++++++++++++++++-
+ src/daemon/modules/image/oci/oci_image.h      | 13 +++
+ src/daemon/modules/image/oci/oci_load.c       |  7 +-
+ src/daemon/modules/image/oci/oci_login.c      | 10 +-
+ src/daemon/modules/image/oci/oci_pull.c       | 13 ++-
+ .../modules/image/oci/registry/registry.c     | 14 ++-
+ src/daemon/modules/image/oci/utils_images.c   | 25 ++---
+ src/daemon/modules/image/oci/utils_images.h   |  5 +-
+ test/image/oci/registry/CMakeLists.txt        |  2 -
+ test/image/oci/registry/registry_ut.cc        | 56 ++++++-----
+ test/mocks/oci_image_mock.cc                  |  8 ++
+ test/mocks/oci_image_mock.h                   |  1 +
+ 13 files changed, 182 insertions(+), 67 deletions(-)
+
+diff --git a/src/daemon/modules/image/CMakeLists.txt b/src/daemon/modules/image/CMakeLists.txt
+index a92799a0..00a096e3 100644
+--- a/src/daemon/modules/image/CMakeLists.txt
+++ b/src/daemon/modules/image/CMakeLists.txt
+@@ -67,8 +67,6 @@ add_library(${LIB_ISULAD_IMG} ${LIBTYPE}
+     ${CMAKE_SOURCE_DIR}/src/utils/buffer/buffer.c
+     ${CMAKE_SOURCE_DIR}/src/daemon/common/err_msg.c
+     ${CMAKE_SOURCE_DIR}/src/daemon/common/selinux_label.c
+-    ${CMAKE_SOURCE_DIR}/src/daemon/config/isulad_config.c
+-    ${CMAKE_SOURCE_DIR}/src/daemon/config/daemon_arguments.c
+     ${CMAKE_SOURCE_DIR}/src/daemon/common/sysinfo.c
+     ${CMAKE_SOURCE_DIR}/src/utils/tar/isulad_tar.c
+     ${CMAKE_SOURCE_DIR}/src/utils/tar/util_archive.c
+diff --git a/src/daemon/modules/image/oci/oci_image.c b/src/daemon/modules/image/oci/oci_image.c
+index f4fa1e88..461fbf10 100644
+--- a/src/daemon/modules/image/oci/oci_image.c
+++ b/src/daemon/modules/image/oci/oci_image.c
+@@ -39,6 +39,90 @@
+ 
+ #define IMAGE_NOT_KNOWN_ERR "image not known"
+ 
+struct oci_image_module_data g_oci_image_module_data = { 0 };
+
+static void free_oci_image_data(void)
+{
+    free(g_oci_image_module_data.root_dir);
+    g_oci_image_module_data.root_dir = NULL;
+
+    g_oci_image_module_data.use_decrypted_key = false;
+    g_oci_image_module_data.insecure_skip_verify_enforce = false;
+
+    util_free_array_by_len(g_oci_image_module_data.registry_mirrors, g_oci_image_module_data.registry_mirrors_len);
+    g_oci_image_module_data.registry_mirrors = NULL;
+    g_oci_image_module_data.registry_mirrors_len = 0;
+
+    util_free_array_by_len(g_oci_image_module_data.insecure_registries, g_oci_image_module_data.insecure_registries_len);
+    g_oci_image_module_data.insecure_registries = NULL;
+    g_oci_image_module_data.insecure_registries_len = 0;
+}
+
+static int oci_image_data_init(const isulad_daemon_configs *args)
+{
+    int nret = 0;
+    size_t i;
+    char *p = NULL;
+
+    if (args->graph == NULL) {
+        ERROR("args graph NULL");
+        return -1;
+    }
+    g_oci_image_module_data.root_dir = util_strdup_s(args->graph);
+
+    g_oci_image_module_data.use_decrypted_key = args->use_decrypted_key;
+    g_oci_image_module_data.insecure_skip_verify_enforce = args->insecure_skip_verify_enforce;
+
+    if (util_array_len((const char **)args->registry_mirrors) != args->registry_mirrors_len) {
+        ERROR("registry_mirrors_len is not the length of registry_mirrors");
+        goto free_out;
+    }
+    if (args->registry_mirrors_len != 0) {
+        for (i = 0; i < args->registry_mirrors_len; i++) {
+            p = args->registry_mirrors[i];
+            if (p == NULL) {
+                break;
+            }
+            nret = util_array_append(&g_oci_image_module_data.registry_mirrors, p);
+            if (nret != 0) {
+                ERROR("Out of memory");
+                goto free_out;
+            }
+            g_oci_image_module_data.registry_mirrors_len++;
+        }
+    }
+
+    if (util_array_len((const char **)args->insecure_registries) != args->insecure_registries_len) {
+        ERROR("insecure_registries_len is not the length of insecure_registries");
+        goto free_out;
+    }
+    if (args->insecure_registries_len != 0) {
+        for (i = 0; i < args->insecure_registries_len; i++) {
+            p = args->insecure_registries[i];
+            if (p == NULL) {
+                break;
+            }
+            nret = util_array_append(&g_oci_image_module_data.insecure_registries, p);
+            if (nret != 0) {
+                ERROR("Out of memory");
+                goto free_out;
+            }
+            g_oci_image_module_data.insecure_registries_len++;
+        }
+    }
+
+    return 0;
+
+free_out:
+    free_oci_image_data();
+    return -1;
+}
+
+struct oci_image_module_data *get_oci_image_data(void)
+{
+    return &g_oci_image_module_data;
+}
+
+ // only use overlay as the driver name if specify overlay2 or overlay
+ static char *format_driver_name(const char *driver)
+ {
+@@ -155,7 +239,7 @@ static int recreate_image_tmpdir()
+     char *image_tmp_path = NULL;
+     int ret = 0;
+ 
+-    image_tmp_path = oci_get_isulad_tmpdir();
+    image_tmp_path = oci_get_isulad_tmpdir(g_oci_image_module_data.root_dir);
+     if (image_tmp_path == NULL) {
+         ERROR("failed to get image tmp path");
+         ret = -1;
+@@ -189,6 +273,12 @@ int oci_init(const isulad_daemon_configs *args)
+         return ret;
+     }
+ 
+    ret = oci_image_data_init(args);
+    if (ret != 0) {
+        ERROR("Failed to init oci image");
+        goto out;
+    }
+
+     ret = recreate_image_tmpdir();
+     if (ret != 0) {
+         goto out;
+@@ -213,6 +303,7 @@ out:
+ void oci_exit()
+ {
+     storage_module_exit();
+    free_oci_image_data();
+ }
+ 
+ int oci_pull_rf(const im_pull_request *request, im_pull_response *response)
+diff --git a/src/daemon/modules/image/oci/oci_image.h b/src/daemon/modules/image/oci/oci_image.h
+index a452213d..64a4d8e8 100644
+--- a/src/daemon/modules/image/oci/oci_image.h
+++ b/src/daemon/modules/image/oci/oci_image.h
+@@ -27,6 +27,19 @@
+ extern "C" {
+ #endif
+ 
+struct oci_image_module_data {
+    char *root_dir;
+    bool use_decrypted_key;
+    bool insecure_skip_verify_enforce;
+
+    char **registry_mirrors;
+    size_t registry_mirrors_len;
+
+    char **insecure_registries;
+    size_t insecure_registries_len;
+};
+struct oci_image_module_data *get_oci_image_data(void);
+
+ int oci_init(const isulad_daemon_configs *args);
+ void oci_exit();
+ 
+diff --git a/src/daemon/modules/image/oci/oci_load.c b/src/daemon/modules/image/oci/oci_load.c
+index 97cff34b..80647253 100644
+--- a/src/daemon/modules/image/oci/oci_load.c
+++ b/src/daemon/modules/image/oci/oci_load.c
+@@ -41,6 +41,7 @@
+ #include "utils_array.h"
+ #include "utils_file.h"
+ #include "utils_verify.h"
+#include "oci_image.h"
+ 
+ #define MANIFEST_BIG_DATA_KEY "manifest"
+ #define OCI_SCHEMA_VERSION 2
+@@ -1013,14 +1014,16 @@ static char *oci_load_path_create()
+     int nret = 0;
+     char *image_tmp_path = NULL;
+     char tmp_dir[PATH_MAX] = { 0 };
+    struct oci_image_module_data *oci_image_data = NULL;
+ 
+-    ret = makesure_isulad_tmpdir_perm_right();
+    oci_image_data = get_oci_image_data();
+    ret = makesure_isulad_tmpdir_perm_right(oci_image_data->root_dir);
+     if (ret != 0) {
+         ERROR("failed to make sure permission of image tmp work dir");
+         goto out;
+     }
+ 
+-    image_tmp_path = oci_get_isulad_tmpdir();
+    image_tmp_path = oci_get_isulad_tmpdir(oci_image_data->root_dir);
+     if (image_tmp_path == NULL) {
+         ERROR("failed to get image tmp work dir");
+         ret = -1;
+diff --git a/src/daemon/modules/image/oci/oci_login.c b/src/daemon/modules/image/oci/oci_login.c
+index b95e00e8..547bfc69 100644
+--- a/src/daemon/modules/image/oci/oci_login.c
+++ b/src/daemon/modules/image/oci/oci_login.c
+@@ -23,6 +23,7 @@
+ #include "isulad_config.h"
+ #include "utils_array.h"
+ #include "utils_string.h"
+#include "oci_image.h"
+ 
+ static int is_valid_arguments(const char *server, const char *username, const char *password)
+ {
+@@ -47,6 +48,7 @@ int oci_do_login(const char *server, const char *username, const char *password)
+     char **registry = NULL;
+     char *host = NULL;
+     char **parts = NULL;
+    struct oci_image_module_data *oci_image_data = NULL;
+ 
+     if (is_valid_arguments(server, username, password) != 0) {
+         ERROR("Invalid arguments");
+@@ -60,8 +62,10 @@ int oci_do_login(const char *server, const char *username, const char *password)
+     }
+     host = parts[0];
+ 
+-    options.skip_tls_verify = conf_get_skip_insecure_verify_flag();
+-    insecure_registries = conf_get_insecure_registry_list();
+    oci_image_data = get_oci_image_data();
+    options.skip_tls_verify = oci_image_data->insecure_skip_verify_enforce;
+
+    insecure_registries = oci_image_data->insecure_registries;
+     for (registry = insecure_registries; (registry != NULL) && (*registry != NULL); registry++) {
+         if (!strcmp(*registry, host)) {
+             options.insecure_registry = true;
+@@ -81,8 +85,6 @@ int oci_do_login(const char *server, const char *username, const char *password)
+ out:
+     util_free_array(parts);
+     parts = NULL;
+-    util_free_array(insecure_registries);
+-    insecure_registries = NULL;
+ 
+     return ret;
+ }
+diff --git a/src/daemon/modules/image/oci/oci_pull.c b/src/daemon/modules/image/oci/oci_pull.c
+index 9d94b663..71807553 100644
+--- a/src/daemon/modules/image/oci/oci_pull.c
+++ b/src/daemon/modules/image/oci/oci_pull.c
+@@ -29,6 +29,7 @@
+ #include "utils_array.h"
+ #include "utils_base64.h"
+ #include "utils_string.h"
+#include "oci_image.h"
+ 
+ static int decode_auth(const char *auth, char **username, char **password)
+ {
+@@ -95,6 +96,7 @@ static int pull_image(const im_pull_request *request, char **name)
+     char **mirror = NULL;
+     char *host = NULL;
+     char *with_tag = NULL;
+    struct oci_image_module_data *oci_image_data = NULL;
+ 
+     options = (registry_pull_options *)util_common_calloc_s(sizeof(registry_pull_options));
+     if (options == NULL) {
+@@ -113,8 +115,9 @@ static int pull_image(const im_pull_request *request, char **name)
+         options->auth.password = util_strdup_s(request->password);
+     }
+ 
+-    options->skip_tls_verify = conf_get_skip_insecure_verify_flag();
+-    insecure_registries = conf_get_insecure_registry_list();
+    oci_image_data = get_oci_image_data();
+    options->skip_tls_verify = oci_image_data->insecure_skip_verify_enforce;
+    insecure_registries = oci_image_data->insecure_registries;
+ 
+     host = oci_get_host(request->image);
+     if (host != NULL) {
+@@ -127,7 +130,7 @@ static int pull_image(const im_pull_request *request, char **name)
+             goto out;
+         }
+     } else {
+-        registry_mirrors = conf_get_registry_list();
+        registry_mirrors = oci_image_data->registry_mirrors;
+         if (registry_mirrors == NULL) {
+             ERROR("Invalid image name %s, no host found", request->image);
+             isulad_try_set_error_message("Invalid image name, no host found");
+@@ -160,10 +163,6 @@ static int pull_image(const im_pull_request *request, char **name)
+ out:
+     free(host);
+     host = NULL;
+-    util_free_array(registry_mirrors);
+-    registry_mirrors = NULL;
+-    util_free_array(insecure_registries);
+-    insecure_registries = NULL;
+     free_registry_pull_options(options);
+     options = NULL;
+ 
+diff --git a/src/daemon/modules/image/oci/registry/registry.c b/src/daemon/modules/image/oci/registry/registry.c
+index a94d10b1..b280f96b 100644
+--- a/src/daemon/modules/image/oci/registry/registry.c
+++ b/src/daemon/modules/image/oci/registry/registry.c
+@@ -52,6 +52,7 @@
+ #include "utils_string.h"
+ #include "utils_timestamp.h"
+ #include "utils_verify.h"
+#include "oci_image.h"
+ 
+ #define MANIFEST_BIG_DATA_KEY "manifest"
+ #define MAX_CONCURRENT_DOWNLOAD_NUM 5
+@@ -1685,6 +1686,7 @@ static int prepare_pull_desc(pull_descriptor *desc, registry_pull_options *optio
+     char blobpath[PATH_MAX] = { 0 };
+     char scope[PATH_MAX] = { 0 };
+     char *image_tmp_path = NULL;
+    struct oci_image_module_data *oci_image_data = NULL;
+ 
+     if (desc == NULL || options == NULL) {
+         ERROR("Invalid NULL param");
+@@ -1718,13 +1720,14 @@ static int prepare_pull_desc(pull_descriptor *desc, registry_pull_options *optio
+ 
+     update_host(desc);
+ 
+-    ret = makesure_isulad_tmpdir_perm_right();
+    oci_image_data = get_oci_image_data();
+    ret = makesure_isulad_tmpdir_perm_right(oci_image_data->root_dir);
+     if (ret != 0) {
+         ERROR("failed to make sure permission of image tmp work dir");
+         goto out;
+     }
+ 
+-    image_tmp_path = oci_get_isulad_tmpdir();
+    image_tmp_path = oci_get_isulad_tmpdir(oci_image_data->root_dir);
+     if (image_tmp_path == NULL) {
+         ERROR("failed to get image tmp work dir");
+         ret = -1;
+@@ -1755,7 +1758,7 @@ static int prepare_pull_desc(pull_descriptor *desc, registry_pull_options *optio
+     desc->dest_image_name = util_strdup_s(options->dest_image_name);
+     desc->scope = util_strdup_s(scope);
+     desc->blobpath = util_strdup_s(blobpath);
+-    desc->use_decrypted_key = conf_get_use_decrypted_key_flag();
+    desc->use_decrypted_key = oci_image_data->use_decrypted_key;
+     desc->skip_tls_verify = options->skip_tls_verify;
+     desc->insecure_registry = options->insecure_registry;
+     desc->cancel = false;
+@@ -1928,6 +1931,7 @@ int registry_login(registry_login_options *options)
+ {
+     int ret = 0;
+     pull_descriptor *desc = NULL;
+    struct oci_image_module_data *oci_image_data = NULL;
+ 
+     if (options == NULL || options->host == NULL || options->auth.username == NULL || options->auth.password == NULL ||
+         strlen(options->auth.username) == 0 || strlen(options->auth.password) == 0) {
+@@ -1942,9 +1946,11 @@ int registry_login(registry_login_options *options)
+         goto out;
+     }
+ 
+    oci_image_data = get_oci_image_data();
+
+     desc->host = util_strdup_s(options->host);
+     update_host(desc);
+-    desc->use_decrypted_key = conf_get_use_decrypted_key_flag();
+    desc->use_decrypted_key = oci_image_data->use_decrypted_key;
+     desc->skip_tls_verify = options->skip_tls_verify;
+     desc->insecure_registry = options->insecure_registry;
+     desc->username = util_strdup_s(options->auth.username);
+diff --git a/src/daemon/modules/image/oci/utils_images.c b/src/daemon/modules/image/oci/utils_images.c
+index 7eddd25c..a909b0f3 100644
+--- a/src/daemon/modules/image/oci/utils_images.c
+++ b/src/daemon/modules/image/oci/utils_images.c
+@@ -516,16 +516,13 @@ static int makesure_path_is_dir(char *path)
+     return 0;
+ }
+ 
+-char *oci_get_isulad_tmpdir()
+char *oci_get_isulad_tmpdir(const char *root_dir)
+ {
+     char *isulad_tmpdir = NULL;
+-    char *isulad_root_dir = NULL;
+     char *env_dir = NULL;
+-    int ret = 0;
+ 
+-    isulad_root_dir = conf_get_isulad_rootdir();
+-    if (isulad_root_dir == NULL) {
+-        ERROR("get isulad root dir failed");
+    if (root_dir == NULL) {
+        ERROR("root dir is NULL");
+         return NULL;
+     }
+ 
+@@ -533,31 +530,23 @@ char *oci_get_isulad_tmpdir()
+     if (util_valid_str(env_dir)) {
+         isulad_tmpdir = util_path_join(env_dir, "isulad_tmpdir");
+     } else {
+-        isulad_tmpdir = util_path_join(isulad_root_dir, "isulad_tmpdir");
+        isulad_tmpdir = util_path_join(root_dir, "isulad_tmpdir");
+     }
+     if (isulad_tmpdir == NULL) {
+         ERROR("join temporary directory failed");
+-        ret = -1;
+-        goto out;
+-    }
+-
+-out:
+-    free(isulad_root_dir);
+-    if (ret != 0) {
+-        free(isulad_tmpdir);
+-        isulad_tmpdir = NULL;
+        return NULL;
+     }
+ 
+     return isulad_tmpdir;
+ }
+ 
+-int makesure_isulad_tmpdir_perm_right()
+int makesure_isulad_tmpdir_perm_right(const char *root_dir)
+ {
+     struct stat st = {0};
+     char *isulad_tmpdir = NULL;
+     int ret = 0;
+ 
+-    isulad_tmpdir = oci_get_isulad_tmpdir();
+    isulad_tmpdir = oci_get_isulad_tmpdir(root_dir);
+     if (isulad_tmpdir == NULL) {
+         return -1;
+     }
+diff --git a/src/daemon/modules/image/oci/utils_images.h b/src/daemon/modules/image/oci/utils_images.h
+index cebcc796..4e13c76c 100644
+--- a/src/daemon/modules/image/oci/utils_images.h
+++ b/src/daemon/modules/image/oci/utils_images.h
+@@ -39,7 +39,6 @@ extern "C" {
+ #define REPO_PREFIX_TO_STRIP "library/"
+ #define MAX_ID_BUF_LEN 256
+ 
+-
+ char *oci_get_host(const char *name);
+ char *oci_host_from_mirror(const char *mirror);
+ char *oci_default_tag(const char *name);
+@@ -54,8 +53,8 @@ int add_rootfs_and_history(const layer_blob *layers, size_t layers_len, const re
+                            docker_image_config_v2 *config);
+ bool oci_valid_time(char *time);
+ 
+-char *oci_get_isulad_tmpdir();
+-int makesure_isulad_tmpdir_perm_right();
+char *oci_get_isulad_tmpdir(const char *root_dir);
+int makesure_isulad_tmpdir_perm_right(const char *root_dir);
+ 
+ #ifdef __cplusplus
+ }
+diff --git a/test/image/oci/registry/CMakeLists.txt b/test/image/oci/registry/CMakeLists.txt
+index 36e7cab8..cfc7da87 100644
+--- a/test/image/oci/registry/CMakeLists.txt
+++ b/test/image/oci/registry/CMakeLists.txt
+@@ -19,7 +19,6 @@ add_executable(${EXE}
+     ${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/utils/cutils/utils_timestamp.c
+     ${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/daemon/modules/image/oci/utils_images.c
+     ${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/daemon/common/err_msg.c
+-    ${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/daemon/config/daemon_arguments.c
+     ${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/utils/http/parser.c
+     ${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/utils/buffer/buffer.c
+     ${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/utils/cutils/utils_aes.c
+@@ -36,7 +35,6 @@ add_executable(${EXE}
+     ${CMAKE_CURRENT_SOURCE_DIR}/../../../mocks/storage_mock.cc
+     ${CMAKE_CURRENT_SOURCE_DIR}/../../../mocks/oci_image_mock.cc
+     ${CMAKE_CURRENT_SOURCE_DIR}/../../../mocks/http_mock.cc
+-    ${CMAKE_CURRENT_SOURCE_DIR}/../../../mocks/isulad_config_mock.cc
+     registry_ut.cc)
+ 
+ target_include_directories(${EXE} PUBLIC
+diff --git a/test/image/oci/registry/registry_ut.cc b/test/image/oci/registry/registry_ut.cc
+index 4b264424..f0e35dc0 100644
+--- a/test/image/oci/registry/registry_ut.cc
+++ b/test/image/oci/registry/registry_ut.cc
+@@ -73,7 +73,28 @@ std::string get_dir()
+     return static_cast<std::string>(abs_path) +  "../../../../../test/image/oci/registry";
+ }
+ 
+-void mockCommonAll(MockStorage *mock, MockOciImage *oci_image_mock, MockIsuladConf *isulad_conf_mock);
+void mockCommonAll(MockStorage *mock, MockOciImage *oci_image_mock);
+
+static struct oci_image_module_data g_oci_image_registry = { 0 };
+
+static void oci_image_registry_init()
+{
+    g_oci_image_registry.root_dir = util_strdup_s(get_dir().c_str());
+    g_oci_image_registry.use_decrypted_key = true;
+}
+
+static struct oci_image_module_data *invokeGetOciImageData()
+{
+    return &g_oci_image_registry;
+}
+
+static void oci_image_registry_exit()
+{
+    free(g_oci_image_registry.root_dir);
+    g_oci_image_registry.root_dir = NULL;
+
+    g_oci_image_registry.use_decrypted_key = false;
+}
+ 
+ class RegistryUnitTest : public testing::Test {
+ protected:
+@@ -82,8 +103,8 @@ protected:
+         MockHttp_SetMock(&m_http_mock);
+         MockStorage_SetMock(&m_storage_mock);
+         MockOciImage_SetMock(&m_oci_image_mock);
+-        MockIsuladConf_SetMock(&m_isulad_conf_mock);
+-        mockCommonAll(&m_storage_mock, &m_oci_image_mock, &m_isulad_conf_mock);
+        mockCommonAll(&m_storage_mock, &m_oci_image_mock);
+        oci_image_registry_init();
+     }
+ 
+     void TearDown() override
+@@ -91,13 +112,12 @@ protected:
+         MockHttp_SetMock(nullptr);
+         MockStorage_SetMock(nullptr);
+         MockOciImage_SetMock(nullptr);
+-        MockIsuladConf_SetMock(nullptr);
+        oci_image_registry_exit();
+     }
+ 
+     NiceMock<MockHttp> m_http_mock;
+     NiceMock<MockStorage> m_storage_mock;
+     NiceMock<MockOciImage> m_oci_image_mock;
+-    NiceMock<MockIsuladConf> m_isulad_conf_mock;
+ };
+ 
+ int invokeHttpRequestV1(const char *url, struct http_get_options *options, long *response_code, int recursive_len)
+@@ -505,17 +525,7 @@ static int init_log()
+     return 0;
+ }
+ 
+-static char *invokeConfGetISuladRootDir()
+-{
+-    return util_strdup_s(get_dir().c_str());
+-}
+-
+-static bool invokeConfGetUseDecryptedKeyFlag()
+-{
+-    return true;
+-}
+-
+-void mockCommonAll(MockStorage *mock, MockOciImage *oci_image_mock, MockIsuladConf *isulad_conf_mock)
+void mockCommonAll(MockStorage *mock, MockOciImage *oci_image_mock)
+ {
+     EXPECT_CALL(*mock, StorageImgCreate(::testing::_, ::testing::_, ::testing::_, ::testing::_))
+     .WillRepeatedly(Invoke(invokeStorageImgCreate));
+@@ -549,10 +559,8 @@ void mockCommonAll(MockStorage *mock, MockOciImage *oci_image_mock, MockIsuladCo
+     .WillRepeatedly(Invoke(invokeFreeLayer));
+     EXPECT_CALL(*oci_image_mock, OciValidTime(::testing::_))
+     .WillRepeatedly(Invoke(invokeOciValidTime));
+-    EXPECT_CALL(*isulad_conf_mock, ConfGetISuladRootDir())
+-    .WillRepeatedly(Invoke(invokeConfGetISuladRootDir));
+-    EXPECT_CALL(*isulad_conf_mock, ConfGetUseDecryptedKeyFlag())
+-    .WillRepeatedly(Invoke(invokeConfGetUseDecryptedKeyFlag));
+    EXPECT_CALL(*oci_image_mock, GetOciImageData())
+    .WillRepeatedly(Invoke(invokeGetOciImageData));
+     return;
+ }
+ 
+@@ -610,7 +618,7 @@ TEST_F(RegistryUnitTest, test_pull_v1_image)
+ 
+     EXPECT_CALL(m_http_mock, HttpRequest(::testing::_, ::testing::_, ::testing::_, ::testing::_))
+     .WillRepeatedly(Invoke(invokeHttpRequestV1));
+-    mockCommonAll(&m_storage_mock, &m_oci_image_mock, &m_isulad_conf_mock);
+    mockCommonAll(&m_storage_mock, &m_oci_image_mock);
+     ASSERT_EQ(registry_pull(&options), 0);
+ 
+     ASSERT_EQ(registry_pull(&options), 0);
+@@ -670,7 +678,7 @@ TEST_F(RegistryUnitTest, test_pull_v2_image)
+ 
+     EXPECT_CALL(m_http_mock, HttpRequest(::testing::_, ::testing::_, ::testing::_, ::testing::_))
+     .WillRepeatedly(Invoke(invokeHttpRequestV2));
+-    mockCommonAll(&m_storage_mock, &m_oci_image_mock, &m_isulad_conf_mock);
+    mockCommonAll(&m_storage_mock, &m_oci_image_mock);
+ 
+     // test retry success
+     ASSERT_EQ(registry_pull(&options), 0);
+@@ -704,7 +712,7 @@ TEST_F(RegistryUnitTest, test_pull_oci_image)
+     options->insecure_registry = false;
+     EXPECT_CALL(m_http_mock, HttpRequest(::testing::_, ::testing::_, ::testing::_, ::testing::_))
+     .WillRepeatedly(Invoke(invokeHttpRequestOCI));
+-    mockCommonAll(&m_storage_mock, &m_oci_image_mock, &m_isulad_conf_mock);
+    mockCommonAll(&m_storage_mock, &m_oci_image_mock);
+     ASSERT_EQ(registry_pull(options), 0);
+ 
+     free_registry_pull_options(options);
+@@ -722,7 +730,7 @@ TEST_F(RegistryUnitTest, test_pull_already_exist)
+ 
+     EXPECT_CALL(m_http_mock, HttpRequest(::testing::_, ::testing::_, ::testing::_, ::testing::_))
+     .WillRepeatedly(Invoke(invokeHttpRequestV2));
+-    mockCommonAll(&m_storage_mock, &m_oci_image_mock, &m_isulad_conf_mock);
+    mockCommonAll(&m_storage_mock, &m_oci_image_mock);
+     EXPECT_CALL(m_storage_mock, StorageLayerGet(::testing::_))
+     .WillRepeatedly(Invoke(invokeStorageLayerGet1));
+     ASSERT_EQ(registry_pull(&options), 0);
+diff --git a/test/mocks/oci_image_mock.cc b/test/mocks/oci_image_mock.cc
+index 51987f62..c6451005 100644
+--- a/test/mocks/oci_image_mock.cc
+++ b/test/mocks/oci_image_mock.cc
+@@ -31,3 +31,11 @@ bool oci_valid_time(char *time)
+     }
+     return false;
+ }
+
+struct oci_image_module_data *get_oci_image_data(void)
+{
+    if (g_oci_image_mock != nullptr) {
+        return g_oci_image_mock->GetOciImageData();
+    }
+    return { 0 };
+}
+diff --git a/test/mocks/oci_image_mock.h b/test/mocks/oci_image_mock.h
+index 16b2a3c5..cd1db1fd 100644
+--- a/test/mocks/oci_image_mock.h
+++ b/test/mocks/oci_image_mock.h
+@@ -23,6 +23,7 @@ class MockOciImage {
+ public:
+     virtual ~MockOciImage() = default;
+     MOCK_METHOD1(OciValidTime, bool(char *time));
+    MOCK_METHOD0(GetOciImageData, struct oci_image_module_data * ());
+ };
+ 
+ void MockOciImage_SetMock(MockOciImage *mock);
+-- 
+2.25.1
+
--- a/0020-translate-absolute-path-to-relative-path-when-unpack.patch
+++ b/0020-translate-absolute-path-to-relative-path-when-unpack.patch
@ -0,0 +1,31 @@
+From 8dca81df2e93e7b91b53213adfcd469d4fbb84e8 Mon Sep 17 00:00:00 2001
+From: WangFengTu <wangfengtu@huawei.com>
+Date: Mon, 7 Dec 2020 14:49:34 +0800
+Subject: [PATCH] translate absolute path to relative path when unpack
+
+Signed-off-by: WangFengTu <wangfengtu@huawei.com>
+---
+ src/utils/tar/util_archive.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/src/utils/tar/util_archive.c b/src/utils/tar/util_archive.c
+index 85f75c7f..581503fd 100644
+--- a/src/utils/tar/util_archive.c
+++ b/src/utils/tar/util_archive.c
+@@ -375,6 +375,13 @@ int archive_unpack_handler(const struct io_read_wrapper *content, const char *ds
+             continue;
+         }
+ 
+        // if path in archive is absolute, we need to translate it to relative because
+        // libarchive can not support absolute path when unpack
+        pathname = archive_entry_pathname(entry);
+        if (pathname != NULL && pathname[0] == '/') {
+            archive_entry_set_pathname(entry, pathname + 1);
+        }
+
+         ret = archive_write_header(ext, entry);
+         if (ret != ARCHIVE_OK) {
+             ERROR("Fail to handle tar header: %s", archive_error_string(ext));
+-- 
+2.25.1
+
--- a/0021-clean-code-fix-check-error-in-terminal.c-and-volume_.patch
+++ b/0021-clean-code-fix-check-error-in-terminal.c-and-volume_.patch
@ -0,0 +1,44 @@
+From f28afb0aeea9ff6465400825a64a3d28f83f187a Mon Sep 17 00:00:00 2001
+From: lifeng68 <lifeng68@huawei.com>
+Date: Mon, 7 Dec 2020 14:48:05 +0800
+Subject: [PATCH] clean code: fix check error in terminal.c and volume_cb.c
+
+Signed-off-by: lifeng68 <lifeng68@huawei.com>
+---
+ src/cmd/isulad-shim/terminal.c            | 5 +++--
+ src/daemon/executor/volume_cb/volume_cb.c | 2 +-
+ 2 files changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/src/cmd/isulad-shim/terminal.c b/src/cmd/isulad-shim/terminal.c
+index 9b7d55e6..f803b634 100644
+--- a/src/cmd/isulad-shim/terminal.c
+++ b/src/cmd/isulad-shim/terminal.c
+@@ -268,9 +268,10 @@ void shim_write_container_log_file(log_terminal *terminal, const char *type, cha
+     }
+ 
+     if (buf != NULL && read_count > 0) {
+-        upto = size + read_count;
+-        if (upto > BUF_CACHE_SIZE) {
+        if (read_count > (BUF_CACHE_SIZE - size)) {
+             upto = BUF_CACHE_SIZE;
+        } else {
+            upto = size + read_count;
+         }
+ 
+         if (upto > size) {
+diff --git a/src/daemon/executor/volume_cb/volume_cb.c b/src/daemon/executor/volume_cb/volume_cb.c
+index 8efddad9..13f99517 100644
+--- a/src/daemon/executor/volume_cb/volume_cb.c
+++ b/src/daemon/executor/volume_cb/volume_cb.c
+@@ -70,7 +70,7 @@ static int volume_list_cb(const volume_list_volume_request *request, volume_list
+         goto out;
+     }
+ 
+-    (*response)->volumes = util_common_calloc_s(sizeof(volume_volume *) * list->vols_len);
+    (*response)->volumes = util_smart_calloc_s(sizeof(volume_volume *), list->vols_len);
+     if ((*response)->volumes == NULL) {
+         ERROR("out of memory");
+         cc = ISULAD_ERR_MEMOUT;
+-- 
+2.25.1
+
--- a/0022-iSulad-bugfix-args-use_decrypted_key-is-a-pointer.patch
+++ b/0022-iSulad-bugfix-args-use_decrypted_key-is-a-pointer.patch
@ -0,0 +1,31 @@
+From e744a909cdb3a88ca4cbbe92385e70bf29c690a0 Mon Sep 17 00:00:00 2001
+From: zhangxiaoyu <zhangxiaoyu58@huawei.com>
+Date: Mon, 7 Dec 2020 16:28:19 +0800
+Subject: [PATCH] iSulad: bugfix, args->use_decrypted_key is a pointer
+
+Signed-off-by: zhangxiaoyu <zhangxiaoyu58@huawei.com>
+---
+ src/daemon/modules/image/oci/oci_image.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/src/daemon/modules/image/oci/oci_image.c b/src/daemon/modules/image/oci/oci_image.c
+index 461fbf10..773803fa 100644
+--- a/src/daemon/modules/image/oci/oci_image.c
+++ b/src/daemon/modules/image/oci/oci_image.c
+@@ -70,7 +70,12 @@ static int oci_image_data_init(const isulad_daemon_configs *args)
+     }
+     g_oci_image_module_data.root_dir = util_strdup_s(args->graph);
+ 
+-    g_oci_image_module_data.use_decrypted_key = args->use_decrypted_key;
+    if (args->use_decrypted_key == NULL) {
+        g_oci_image_module_data.use_decrypted_key = true;
+    } else {
+        g_oci_image_module_data.use_decrypted_key = *(args->use_decrypted_key);
+    }
+
+     g_oci_image_module_data.insecure_skip_verify_enforce = args->insecure_skip_verify_enforce;
+ 
+     if (util_array_len((const char **)args->registry_mirrors) != args->registry_mirrors_len) {
+-- 
+2.25.1
+
--- a/0023-verify-peer-only-if-CA-configed.patch
+++ b/0023-verify-peer-only-if-CA-configed.patch
@ -0,0 +1,29 @@
+From b09d3c39641e66160f588b66ac8c3b88cfd726a8 Mon Sep 17 00:00:00 2001
+From: WangFengTu <wangfengtu@huawei.com>
+Date: Mon, 7 Dec 2020 16:26:42 +0800
+Subject: [PATCH] verify peer only if CA configed
+
+rollback ssl verify check condition because some system
+do not have certs configed by default.
+
+Signed-off-by: WangFengTu <wangfengtu@huawei.com>
+---
+ src/daemon/modules/image/oci/registry/http_request.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/daemon/modules/image/oci/registry/http_request.c b/src/daemon/modules/image/oci/registry/http_request.c
+index fb44a7b6..60644ed5 100644
+--- a/src/daemon/modules/image/oci/registry/http_request.c
+++ b/src/daemon/modules/image/oci/registry/http_request.c
+@@ -118,7 +118,7 @@ static int setup_ssl_config(pull_descriptor *desc, struct http_get_options *opti
+         }
+     }
+ 
+-    if (!desc->insecure_registry) {
+    if (options->ca_file != NULL) {
+         options->ssl_verify_peer = true;
+     }
+ 
+-- 
+2.25.1
+
--- a/iSulad.spec
+++ b/iSulad.spec
@ -1,5 +1,5 @@
 %global _version 2.0.7
-%global _release 20201205.145752.gita461cc51
+%global _release 20201207.151847.gita1fce123
 %global is_systemd 1

 Name:      iSulad
@ -30,6 +30,11 @@ Patch0015: 0015-ignore-get-ip-error-for-mutlnetwork.patch
 Patch0016: 0016-support-default-container-log-options.patch
 Patch0017: 0017-add-testcase-for-default-container-log-configs.patch
 Patch0018: 0018-clean-code-ignore-list-containers-error.patch
+Patch0019: 0019-add-g_oci_image_module_data-in-oci-image-module.patch
+Patch0020: 0020-translate-absolute-path-to-relative-path-when-unpack.patch
+Patch0021: 0021-clean-code-fix-check-error-in-terminal.c-and-volume_.patch
+Patch0022: 0022-iSulad-bugfix-args-use_decrypted_key-is-a-pointer.patch
+Patch0023: 0023-verify-peer-only-if-CA-configed.patch

 %ifarch x86_64 aarch64
 Provides:       libhttpclient.so()(64bit)
@ -232,6 +237,12 @@ fi
 %endif

 %changelog
+* Mon Dec 7 2020 zhangxiaoyu <zhangxiaoyu58@huawei.com> - 2.0.7-20201207.151847.gita1fce123
+- Type: update
+- ID: NA
+- SUG: NA
+- DESC: update from master
+
 * Sat Dec 5 2020 lifeng <lifeng68@huawei.com> - 2.0.7-20201205.145752.gita461cc51
 - Type: bugfix
 - ID:NA