packages/iSulad
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!459 update iSulad version to 2.0.17-1

Browse Source 
From: @zh_xiaoyu 
Reviewed-by: @duguhaotian 
Signed-off-by: @duguhaotian
This commit is contained in:
openeuler-ci-bot 2022-10-09 06:17:35 +00:00 committed by Gitee
commit 6588080f6a
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
13 changed files with 8 additions and 1728 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
0001-fix-memleak.patch
View File

@ -1,25 +0,0 @@
From 199971d61cc53ee11b16b353bcd0594abc86cb3e Mon Sep 17 00:00:00 2001
From: WangFengTu <wangfengtu@huawei.com>
Date: Fri, 26 Aug 2022 09:33:05 +0800
Subject: [PATCH 01/11] fix memleak
Signed-off-by: WangFengTu <wangfengtu@huawei.com>
---
src/daemon/entry/cri/websocket/service/ws_server.cc | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/daemon/entry/cri/websocket/service/ws_server.cc b/src/daemon/entry/cri/websocket/service/ws_server.cc
index 63afc9dd..6438c4d7 100644
--- a/src/daemon/entry/cri/websocket/service/ws_server.cc
+++ b/src/daemon/entry/cri/websocket/service/ws_server.cc
@@ -399,6 +399,7 @@ int WebsocketServer::RegisterStreamTask(struct lws *wsi) noexcept
auto insertRet = m_wsis.insert(std::make_pair(socketID, session));
if (!insertRet.second) {
ERROR("failed to insert session data to map");
+ delete session;
return -1;
}
--
2.25.1

175
0002-cleancode-about-rest-register-container.patch
View File

@ -1,175 +0,0 @@
From bf50cef67ac2288bed7013c675df8d35f370dc32 Mon Sep 17 00:00:00 2001
From: zhangxiaoyu <zhangxiaoyu58@huawei.com>
Date: Sat, 27 Aug 2022 10:40:02 +0800
Subject: [PATCH 02/11] cleancode about rest register container
Signed-off-by: zhangxiaoyu <zhangxiaoyu58@huawei.com>
---
src/daemon/common/selinux_label.c | 2 +-
.../connect/rest/rest_containers_service.c | 93 ++++++++++++-------
2 files changed, 62 insertions(+), 33 deletions(-)
diff --git a/src/daemon/common/selinux_label.c b/src/daemon/common/selinux_label.c
index 52422970..145e4b6e 100644
--- a/src/daemon/common/selinux_label.c
+++ b/src/daemon/common/selinux_label.c
@@ -481,7 +481,7 @@ static int uniq_mcs(unsigned int range, char *mcs, size_t len)
c2 = tmp;
}
- nret = snprintf(mcs, len, "s0:c%d,c%d", c1, c2);
+ nret = snprintf(mcs, len, "s0:c%u,c%u", c1, c2);
if (nret < 0 || nret >= len) {
ERROR("Failed to compose mcs");
return -1;
diff --git a/src/daemon/entry/connect/rest/rest_containers_service.c b/src/daemon/entry/connect/rest/rest_containers_service.c
index 53241bef..397660e2 100644
--- a/src/daemon/entry/connect/rest/rest_containers_service.c
+++ b/src/daemon/entry/connect/rest/rest_containers_service.c
@@ -1733,8 +1733,7 @@ out:
free_container_stats_response(cresponse);
}
-/* rest register containers handler */
-int rest_register_containers_handler(evhtp_t *htp)
+static int rest_register_containers_manage_handler(evhtp_t *htp)
{
if (evhtp_set_cb(htp, ContainerServiceCreate, rest_create_cb, NULL) == NULL) {
ERROR("Failed to register create callback");
@@ -1748,10 +1747,6 @@ int rest_register_containers_handler(evhtp_t *htp)
ERROR("Failed to register restart callback");
return -1;
}
- if (evhtp_set_cb(htp, ContainerServiceVersion, rest_version_cb, NULL) == NULL) {
- ERROR("Failed to register version callback");
- return -1;
- }
if (evhtp_set_cb(htp, ContainerServiceUpdate, rest_update_cb, NULL) == NULL) {
ERROR("Failed to register update callback");
return -1;
@@ -1760,62 +1755,96 @@ int rest_register_containers_handler(evhtp_t *htp)
ERROR("Failed to register kill callback");
return -1;
}
- if (evhtp_set_cb(htp, ContainerServiceInspect, rest_container_inspect_cb, NULL) == NULL) {
- ERROR("Failed to register inspect callback");
+ if (evhtp_set_cb(htp, ContainerServiceRemove, rest_remove_cb, NULL) == NULL) {
+ ERROR("Failed to register remove callback");
return -1;
}
- if (evhtp_set_cb(htp, ContainerServiceExec, rest_exec_cb, NULL) == NULL) {
- ERROR("Failed to register exec callback");
+ if (evhtp_set_cb(htp, ContainerServiceStart, rest_start_cb, NULL) == NULL) {
+ ERROR("Failed to register start callback");
return -1;
}
- if (evhtp_set_cb(htp, ContainerServiceAttach, rest_attach_cb, NULL) == NULL) {
- ERROR("Failed to register attach callback");
+ if (evhtp_set_cb(htp, ContainerServicePause, rest_pause_cb, NULL) == NULL) {
+ ERROR("Failed to register pause callback");
return -1;
}
- if (evhtp_set_cb(htp, ContainerServiceRemove, rest_remove_cb, NULL) == NULL) {
- ERROR("Failed to register remove callback");
+ if (evhtp_set_cb(htp, ContainerServiceResume, rest_resume_cb, NULL) == NULL) {
+ ERROR("Failed to register resume callback");
return -1;
}
- if (evhtp_set_cb(htp, ContainerServiceStart, rest_start_cb, NULL) == NULL) {
- ERROR("Failed to register start callback");
+ if (evhtp_set_cb(htp, ContainerServiceWait, rest_wait_cb, NULL) == NULL) {
+ ERROR("Failed to register wait callback");
return -1;
}
- if (evhtp_set_cb(htp, ContainerServiceList, rest_list_cb, NULL) == NULL) {
- ERROR("Failed to register list callback");
+ if (evhtp_set_cb(htp, ContainerServiceExport, rest_export_cb, NULL) == NULL) {
+ ERROR("Failed to register export callback");
+ return -1;
+ }
+ if (evhtp_set_cb(htp, ContainerServiceRename, rest_rename_cb, NULL) == NULL) {
+ ERROR("Failed to register rename callback");
+ return -1;
+ }
+ if (evhtp_set_cb(htp, ContainerServiceResize, rest_resize_cb, NULL) == NULL) {
+ ERROR("Failed to register resize callback");
return -1;
}
- if (evhtp_set_cb(htp, ContainerServiceWait, rest_wait_cb, NULL) == NULL) {
- ERROR("Failed to register wait callback");
+ return 0;
+}
+
+static int rest_register_containers_info_handler(evhtp_t *htp)
+{
+ if (evhtp_set_cb(htp, ContainerServiceVersion, rest_version_cb, NULL) == NULL) {
+ ERROR("Failed to register version callback");
+ return -1;
+ }
+ if (evhtp_set_cb(htp, ContainerServiceInspect, rest_container_inspect_cb, NULL) == NULL) {
+ ERROR("Failed to register inspect callback");
+ return -1;
+ }
+ if (evhtp_set_cb(htp, ContainerServiceList, rest_list_cb, NULL) == NULL) {
+ ERROR("Failed to register list callback");
return -1;
}
if (evhtp_set_cb(htp, ContainerServiceInfo, rest_info_cb, NULL) == NULL) {
ERROR("Failed to register info callback");
return -1;
}
- if (evhtp_set_cb(htp, ContainerServiceExport, rest_export_cb, NULL) == NULL) {
- ERROR("Failed to register export callback");
+ if (evhtp_set_cb(htp, ContainerServiceStats, rest_stats_cb, NULL) == NULL) {
+ ERROR("Failed to register stats callback");
return -1;
}
- if (evhtp_set_cb(htp, ContainerServicePause, rest_pause_cb, NULL) == NULL) {
- ERROR("Failed to register pause callback");
+
+ return 0;
+}
+
+static int rest_register_containers_stream_handler(evhtp_t *htp)
+{
+ if (evhtp_set_cb(htp, ContainerServiceExec, rest_exec_cb, NULL) == NULL) {
+ ERROR("Failed to register exec callback");
return -1;
}
- if (evhtp_set_cb(htp, ContainerServiceResume, rest_resume_cb, NULL) == NULL) {
- ERROR("Failed to register resume callback");
+ if (evhtp_set_cb(htp, ContainerServiceAttach, rest_attach_cb, NULL) == NULL) {
+ ERROR("Failed to register attach callback");
return -1;
}
- if (evhtp_set_cb(htp, ContainerServiceRename, rest_rename_cb, NULL) == NULL) {
- ERROR("Failed to register rename callback");
+
+ return 0;
+}
+
+/* rest register containers handler */
+int rest_register_containers_handler(evhtp_t *htp)
+{
+ if (rest_register_containers_manage_handler(htp) != 0) {
return -1;
}
- if (evhtp_set_cb(htp, ContainerServiceResize, rest_resize_cb, NULL) == NULL) {
- ERROR("Failed to register resize callback");
+
+ if (rest_register_containers_info_handler(htp) != 0) {
return -1;
}
- if (evhtp_set_cb(htp, ContainerServiceStats, rest_stats_cb, NULL) == NULL) {
- ERROR("Failed to register stats callback");
+
+ if (rest_register_containers_stream_handler(htp) != 0) {
return -1;
}
+
return 0;
}
--
2.25.1

284
0003-adapt-to-openssl-3.0.patch
View File

@ -1,284 +0,0 @@
From 194eb950ea072ac313635d75dc3913f48e300edf Mon Sep 17 00:00:00 2001
From: wujing <wujing50@huawei.com>
Date: Wed, 11 May 2022 18:25:40 +0800
Subject: [PATCH 03/11] adapt to openssl 3.0
SHA512_Init&SHA512_Update&SHA512_Final function have been deprecated since OpenSSL 3.0
Signed-off-by: wujing <wujing50@huawei.com>
---
src/daemon/entry/cri/cri_helpers.cc | 45 +++++++---------
src/daemon/entry/cri/cri_helpers.h | 2 -
src/utils/sha256/sha256.c | 79 +++++++++++++++++++++++++++++
3 files changed, 98 insertions(+), 28 deletions(-)
diff --git a/src/daemon/entry/cri/cri_helpers.cc b/src/daemon/entry/cri/cri_helpers.cc
index a5bb09a6..04e4f534 100644
--- a/src/daemon/entry/cri/cri_helpers.cc
+++ b/src/daemon/entry/cri/cri_helpers.cc
@@ -33,6 +33,7 @@
#include "utils.h"
#include "service_container_api.h"
#include "isulad_config.h"
+#include "sha256.h"
namespace CRIHelpers {
const std::string Constants::POD_NETWORK_ANNOTATION_KEY { "network.alpha.kubernetes.io/network" };
@@ -376,30 +377,6 @@ auto IsImageNotFoundError(const std::string &err) -> bool
return err.find("No such image:") != std::string::npos;
}
-auto sha256(const char *val) -> std::string
-{
- if (val == nullptr) {
- return "";
- }
-
- SHA256_CTX ctx;
- SHA256_Init(&ctx);
- SHA256_Update(&ctx, val, strlen(val));
- unsigned char hash[SHA256_DIGEST_LENGTH] = { 0 };
- SHA256_Final(hash, &ctx);
-
- char outputBuffer[(SHA256_DIGEST_LENGTH * 2) + 1] { 0 };
- for (int i = 0; i < SHA256_DIGEST_LENGTH; i++) {
- int ret = snprintf(outputBuffer + (i * 2), 3, "%02x", (unsigned int)hash[i]);
- if (ret >= 3 || ret < 0) {
- return "";
- }
- }
- outputBuffer[SHA256_DIGEST_LENGTH * 2] = 0;
-
- return outputBuffer;
-}
-
auto GetNetworkPlaneFromPodAnno(const std::map<std::string, std::string> &annotations, size_t *len, Errors &error)
-> cri_pod_network_element **
{
@@ -649,6 +626,7 @@ auto CreateCheckpoint(CRI::PodSandboxCheckpoint &checkpoint, Errors &error) -> s
};
parser_error err { nullptr };
char *jsonStr { nullptr };
+ char *digest { nullptr };
std::string result;
checkpoint.CheckpointToCStruct(&criCheckpoint, error);
@@ -662,7 +640,14 @@ auto CreateCheckpoint(CRI::PodSandboxCheckpoint &checkpoint, Errors &error) -> s
error.Errorf("Generate cri checkpoint json failed: %s", err);
goto out;
}
- checkpoint.SetCheckSum(CRIHelpers::sha256(jsonStr));
+
+ digest = sha256_digest_str(jsonStr);
+ if (digest == nullptr) {
+ error.Errorf("Failed to calculate digest");
+ goto out;
+ }
+
+ checkpoint.SetCheckSum(digest);
if (checkpoint.GetCheckSum().empty()) {
error.SetError("checksum is empty");
goto out;
@@ -678,6 +663,7 @@ auto CreateCheckpoint(CRI::PodSandboxCheckpoint &checkpoint, Errors &error) -> s
result = jsonStr;
out:
+ free(digest);
free(err);
free(jsonStr);
free_cri_checkpoint(criCheckpoint);
@@ -694,6 +680,7 @@ void GetCheckpoint(const std::string &jsonCheckPoint, CRI::PodSandboxCheckpoint
std::string tmpChecksum;
char *jsonStr { nullptr };
char *storeChecksum { nullptr };
+ char *digest { nullptr };
criCheckpoint = cri_checkpoint_parse_data(jsonCheckPoint.c_str(), &ctx, &err);
if (criCheckpoint == nullptr) {
@@ -712,7 +699,12 @@ void GetCheckpoint(const std::string &jsonCheckPoint, CRI::PodSandboxCheckpoint
goto out;
}
- if (tmpChecksum != CRIHelpers::sha256(jsonStr)) {
+ digest = sha256_digest_str(jsonStr);
+ if (digest == nullptr) {
+ error.Errorf("Failed to calculate digest");
+ goto out;
+ }
+ if (tmpChecksum != digest) {
ERROR("Checksum of checkpoint is not valid");
error.SetError("checkpoint is corrupted");
goto out;
@@ -720,6 +712,7 @@ void GetCheckpoint(const std::string &jsonCheckPoint, CRI::PodSandboxCheckpoint
checkpoint.CStructToCheckpoint(criCheckpoint, error);
out:
+ free(digest);
free(jsonStr);
free(err);
free_cri_checkpoint(criCheckpoint);
diff --git a/src/daemon/entry/cri/cri_helpers.h b/src/daemon/entry/cri/cri_helpers.h
index 5c2f6517..b3bfafe4 100644
--- a/src/daemon/entry/cri/cri_helpers.h
+++ b/src/daemon/entry/cri/cri_helpers.h
@@ -101,8 +101,6 @@ auto IsContainerNotFoundError(const std::string &err) -> bool;
auto IsImageNotFoundError(const std::string &err) -> bool;
-auto sha256(const char *val) -> std::string;
-
auto GetNetworkPlaneFromPodAnno(const std::map<std::string, std::string> &annotations, size_t *len, Errors &error)
-> cri_pod_network_element **;
diff --git a/src/utils/sha256/sha256.c b/src/utils/sha256/sha256.c
index 7bd60467..938e3692 100644
--- a/src/utils/sha256/sha256.c
+++ b/src/utils/sha256/sha256.c
@@ -21,6 +21,10 @@
#include <string.h>
#include <errno.h>
#include <openssl/sha.h>
+#if OPENSSL_VERSION_MAJOR >= 3
+#include <openssl/evp.h>
+#include <openssl/err.h>
+#endif
#include "isula_libutils/log.h"
#include "utils.h"
@@ -61,7 +65,9 @@ static bool stream_check_error(void *stream, bool isgzip)
char *sha256_digest_str(const char *val)
{
+#if OPENSSL_VERSION_MAJOR < 3
SHA256_CTX ctx;
+#endif
unsigned char hash[SHA256_DIGEST_LENGTH] = { 0x00 };
char output_buffer[(SHA256_DIGEST_LENGTH * 2) + 1] = { 0x00 };
int i = 0;
@@ -70,9 +76,13 @@ char *sha256_digest_str(const char *val)
return NULL;
}
+#if OPENSSL_VERSION_MAJOR >= 3
+ SHA256((const unsigned char *)val, strlen(val), hash);
+#else
SHA256_Init(&ctx);
SHA256_Update(&ctx, val, strlen(val));
SHA256_Final(hash, &ctx);
+#endif
for (i = 0; i < SHA256_DIGEST_LENGTH; i++) {
int ret = snprintf(output_buffer + (i * 2), 3, "%02x", (unsigned int)hash[i]);
@@ -87,8 +97,15 @@ char *sha256_digest_str(const char *val)
char *sha256_digest_file(const char *filename, bool isgzip)
{
+#if OPENSSL_VERSION_MAJOR >= 3
+ EVP_MD_CTX *ctx = NULL;
+ EVP_MD *sha256 = NULL;
+ unsigned char *outdigest = NULL;
+ unsigned int len = 0;
+#else
SHA256_CTX ctx;
unsigned char hash[SHA256_DIGEST_LENGTH] = { 0x00 };
+#endif
char output_buffer[(SHA256_DIGEST_LENGTH * 2) + 1] = { 0x00 };
int i = 0;
char *buffer = NULL;
@@ -117,7 +134,30 @@ char *sha256_digest_file(const char *filename, bool isgzip)
return NULL;
}
+#if OPENSSL_VERSION_MAJOR >= 3
+ ctx = EVP_MD_CTX_new();
+ if (ctx == NULL) {
+ ERROR("Failed to create a context for the digest operation");
+ ERR_print_errors_fp(stderr);
+ ret = -1;
+ goto out;
+ }
+ sha256 = EVP_MD_fetch(NULL, "SHA256", NULL);
+ if (sha256 == NULL) {
+ ERROR("Failed to fetch the SHA256 algorithm implementation for doing the digest");
+ ERR_print_errors_fp(stderr);
+ ret = -1;
+ goto out;
+ }
+ if (!EVP_DigestInit_ex(ctx, sha256, NULL)) {
+ ERROR("Failed to initialise the digest operation");
+ ERR_print_errors_fp(stderr);
+ ret = -1;
+ goto out;
+ }
+#else
SHA256_Init(&ctx);
+#endif
while (true) {
if (isgzip) {
@@ -134,7 +174,16 @@ char *sha256_digest_file(const char *filename, bool isgzip)
}
if (n > 0) {
+#if OPENSSL_VERSION_MAJOR >= 3
+ if (!EVP_DigestUpdate(ctx, (unsigned char *)buffer, n)) {
+ ERROR("Failed to pass the message to be digested");
+ ERR_print_errors_fp(stderr);
+ ret = -1;
+ goto out;
+ }
+#else
SHA256_Update(&ctx, buffer, n);
+#endif
}
if (stream_check_eof(stream, isgzip)) {
@@ -142,6 +191,30 @@ char *sha256_digest_file(const char *filename, bool isgzip)
}
}
+#if OPENSSL_VERSION_MAJOR >= 3
+ outdigest = OPENSSL_malloc(EVP_MD_get_size(sha256));
+ if (outdigest == NULL) {
+ ERROR("Failed to allocate the output buffer");
+ ERR_print_errors_fp(stderr);
+ ret = -1;
+ goto out;
+ }
+ if (!EVP_DigestFinal_ex(ctx, outdigest, &len)) {
+ ERROR("Failed to calculate the digest itself");
+ ERR_print_errors_fp(stderr);
+ ret = -1;
+ goto out;
+ }
+ for (i = 0; i < SHA256_DIGEST_LENGTH; i++) {
+ int sret = snprintf(output_buffer + (i * 2), 3, "%02x", (unsigned int)outdigest[i]);
+ if (sret >= 3 || sret < 0) {
+ ERROR("snprintf failed when calc sha256 from file %s, result is %d", filename, sret);
+ return NULL;
+ }
+ }
+
+ output_buffer[SHA256_DIGEST_LENGTH * 2] = '\0';
+#else
SHA256_Final(hash, &ctx);
for (i = 0; i < SHA256_DIGEST_LENGTH; i++) {
@@ -152,8 +225,14 @@ char *sha256_digest_file(const char *filename, bool isgzip)
}
}
output_buffer[SHA256_DIGEST_LENGTH * 2] = '\0';
+#endif
out:
+#if OPENSSL_VERSION_MAJOR >= 3
+ OPENSSL_free(outdigest);
+ EVP_MD_free(sha256);
+ EVP_MD_CTX_free(ctx);
+#endif
if (isgzip) {
gzclose((gzFile)stream);
} else {
--
2.25.1

25
0004-remove-redundant-header-files.patch
View File

@ -1,25 +0,0 @@
From 64ef4f52a1f75be2dbd1b750a52500818790f501 Mon Sep 17 00:00:00 2001
From: wujing <wujing50@huawei.com>
Date: Thu, 1 Sep 2022 09:41:50 +0800
Subject: [PATCH 04/11] remove redundant header files
Signed-off-by: wujing <wujing50@huawei.com>
---
src/daemon/entry/cri/cri_helpers.cc | 1 -
1 file changed, 1 deletion(-)
diff --git a/src/daemon/entry/cri/cri_helpers.cc b/src/daemon/entry/cri/cri_helpers.cc
index 04e4f534..7df759e1 100644
--- a/src/daemon/entry/cri/cri_helpers.cc
+++ b/src/daemon/entry/cri/cri_helpers.cc
@@ -18,7 +18,6 @@
#include <algorithm>
#include <functional>
#include <iostream>
-#include <openssl/sha.h>
#include <sys/utsname.h>
#include <utility>
--
2.25.1

644
0005-add-isulad-args.patch
View File

@ -1,644 +0,0 @@
From 5a0476a328a39764874257faa23696320656d3e3 Mon Sep 17 00:00:00 2001
From: zhangxiaoyu <zhangxiaoyu58@huawei.com>
Date: Tue, 6 Sep 2022 18:45:53 +0800
Subject: [PATCH 05/11] add isulad args
Signed-off-by: zhangxiaoyu <zhangxiaoyu58@huawei.com>
---
src/cmd/isulad/isulad_commands.c | 18 +++++
src/cmd/isulad/isulad_commands.h | 80 ++++++++++++--------
src/cmd/isulad/main.c | 58 +++------------
src/daemon/config/daemon_arguments.c | 101 ++++++++++++++++++++------
src/daemon/config/daemon_arguments.h | 1 +
src/daemon/config/isulad_config.c | 61 ++++++++++++++--
src/daemon/modules/events/collector.c | 2 +-
7 files changed, 213 insertions(+), 108 deletions(-)
diff --git a/src/cmd/isulad/isulad_commands.c b/src/cmd/isulad/isulad_commands.c
index ba7ca0e7..42d0bde6 100644
--- a/src/cmd/isulad/isulad_commands.c
+++ b/src/cmd/isulad/isulad_commands.c
@@ -105,6 +105,24 @@ out:
return ret;
}
+int server_callback_cri_runtime(command_option_t *option, const char *value)
+{
+ struct service_arguments *args = NULL;
+
+ if (option == NULL || value == NULL) {
+ COMMAND_ERROR("Invalid input arguments");
+ return -1;
+ }
+
+ args = (struct service_arguments *)option->data;
+ if (server_cri_runtime_parser(args, value) != 0) {
+ COMMAND_ERROR("Invalid value \"%s\" for flag --%s", value, option->large);
+ return -1;
+ }
+
+ return 0;
+}
+
int server_callback_container_log_driver(command_option_t *option, const char *value)
{
int ret = 0;
diff --git a/src/cmd/isulad/isulad_commands.h b/src/cmd/isulad/isulad_commands.h
index 0d70da4c..dc278f9c 100644
--- a/src/cmd/isulad/isulad_commands.h
+++ b/src/cmd/isulad/isulad_commands.h
@@ -71,10 +71,10 @@ int command_default_ulimit_append(command_option_t *option, const char *arg);
"host", \
'H', \
&(cmdargs)->hosts, \
- "The socket name used to create gRPC server", \
+ "The socket name used to create gRPC server (default \"unix:///var/run/isulad.sock\")", \
command_valid_socket_append_array }, \
{ CMD_OPT_TYPE_STRING_DUP, false, "pidfile", 'p', &(cmdargs)->json_confs->pidfile, \
- "Save pid into this file", NULL }, \
+ "Save pid into this file (default \"/var/run/isulad.pid\")", NULL }, \
{ CMD_OPT_TYPE_BOOL, false, "help", 0, &(cmdargs)->help, "Show help", NULL }, \
{ CMD_OPT_TYPE_STRING_DUP, \
false, \
@@ -88,14 +88,14 @@ int command_default_ulimit_append(command_option_t *option, const char *arg);
"graph", \
'g', \
&(cmdargs)->json_confs->graph, \
- "Root directory of the iSulad runtime", \
+ "Root directory of the iSulad runtime (default \"/var/lib/isulad\")", \
NULL }, \
{ CMD_OPT_TYPE_STRING_DUP, \
false, \
"state", \
'S', \
&(cmdargs)->json_confs->state, \
- "Root directory for execution state files", \
+ "Root directory for execution state files (default \"/var/run/isulad\")", \
NULL }, \
{ CMD_OPT_TYPE_STRING_DUP, \
false, \
@@ -105,20 +105,20 @@ int command_default_ulimit_append(command_option_t *option, const char *arg);
"timeout duration for waiting on a container to start before it is killed", \
NULL }, \
{ CMD_OPT_TYPE_STRING_DUP, false, "engine", 'e', &(cmdargs)->json_confs->engine, \
- "Select backend engine", NULL }, \
+ "Select backend engine (default lcr)", NULL }, \
{ CMD_OPT_TYPE_STRING_DUP, \
false, \
"log-level", \
'l', \
&(cmdargs)->json_confs->log_level, \
- "Set log level, the levels can be: FATAL ALERT CRIT ERROR WARN NOTICE INFO DEBUG TRACE", \
+ "Set log level, the levels can be: FATAL ALERT CRIT ERROR WARN NOTICE INFO DEBUG TRACE (default INFO)", \
NULL }, \
{ CMD_OPT_TYPE_STRING_DUP, \
false, \
"log-driver", \
0, \
&(cmdargs)->json_confs->log_driver, \
- "Set daemon log driver, such as: file", \
+ "Set daemon log driver, support stdout and file (default file)", \
NULL }, \
{ CMD_OPT_TYPE_CALLBACK, \
false, \
@@ -127,34 +127,34 @@ int command_default_ulimit_append(command_option_t *option, const char *arg);
(cmdargs), \
"Set daemon log driver options, such as: log-path=/tmp/logs/ to set directory where to store daemon logs", \
server_callback_log_opt }, \
- { CMD_OPT_TYPE_CALLBACK, \
- false, \
- "container-log-driver", \
- 0, \
- (cmdargs), \
- "Set default container log driver, such as: json-file", \
- server_callback_container_log_driver }, \
- { CMD_OPT_TYPE_CALLBACK, \
- false, \
- "container-log-opts", \
- 0, \
- (cmdargs), \
- "Set default container log driver options, such as: max-file=7 to set max number of container log files", \
- server_callback_container_log }, \
+ { CMD_OPT_TYPE_CALLBACK, \
+ false, \
+ "container-log-driver", \
+ 0, \
+ (cmdargs), \
+ "Set default container log driver, such as: json-file", \
+ server_callback_container_log_driver }, \
+ { CMD_OPT_TYPE_CALLBACK, \
+ false, \
+ "container-log-opts", \
+ 0, \
+ (cmdargs), \
+ "Set default container log driver options, such as: max-file=7 to set max number of container log files", \
+ server_callback_container_log }, \
{ CMD_OPT_TYPE_BOOL, false, "version", 'V', &(cmdargs)->version, "Print the version", NULL }, \
{ CMD_OPT_TYPE_STRING_DUP, \
false, \
"group", \
'G', \
&(cmdargs)->json_confs->group, \
- "Group for the unix socket(default is isula)", \
+ "Group for the unix socket (default isula)", \
NULL }, \
{ CMD_OPT_TYPE_STRING_DUP, \
false, \
"storage-driver", \
0, \
&(cmdargs)->json_confs->storage_driver, \
- "Storage driver to use(default overlay2)", \
+ "Storage driver to use (default overlay2)", \
NULL }, \
{ CMD_OPT_TYPE_CALLBACK, \
false, \
@@ -166,7 +166,7 @@ int command_default_ulimit_append(command_option_t *option, const char *arg);
SUP_GROUPS_OPT(cmdargs) \
{ CMD_OPT_TYPE_CALLBACK, \
false, \
- "registry-mirrors", \
+ "registry-mirrors", \
0, \
&(cmdargs)->json_confs->registry_mirrors, \
"Registry to be prepended when pulling unqualified images, can be specified multiple times", \
@@ -197,28 +197,28 @@ int command_default_ulimit_append(command_option_t *option, const char *arg);
"pod-sandbox-image", \
0, \
&(cmdargs)->json_confs->pod_sandbox_image, \
- "The image whose network/ipc namespaces containers in each pod will use. (default \"pause-${machine}:3.0\")", \
+ "The image whose network/ipc namespaces containers in each pod will use (default \"pause-${machine}:3.0\")",\
NULL }, \
{ CMD_OPT_TYPE_STRING_DUP, \
false, \
"network-plugin", \
0, \
&(cmdargs)->json_confs->network_plugin, \
- "Set network plugin, default is null, suppport null and cni", \
+ "Set network plugin, suppport null and cni (default null)", \
NULL }, \
{ CMD_OPT_TYPE_STRING_DUP, \
false, \
"cni-bin-dir", \
0, \
&(cmdargs)->json_confs->cni_bin_dir, \
- "The full path of the directory in which to search for CNI plugin binaries. Default: /opt/cni/bin", \
+ "The full path of the directory in which to search for CNI plugin binaries (default \"/opt/cni/bin\")", \
NULL }, \
{ CMD_OPT_TYPE_STRING_DUP, \
false, \
"cni-conf-dir", \
0, \
&(cmdargs)->json_confs->cni_conf_dir, \
- "The full path of the directory in which to search for CNI config files. Default: /etc/cni/net.d", \
+ "The full path of the directory in which to search for CNI config files (default \"/etc/cni/net.d\")", \
NULL }, \
{ CMD_OPT_TYPE_BOOL, \
false, \
@@ -232,14 +232,14 @@ int command_default_ulimit_append(command_option_t *option, const char *arg);
"insecure-skip-verify-enforce", \
0, \
&(cmdargs)->json_confs->insecure_skip_verify_enforce, \
- "Force to skip the insecure verify(default false)", \
+ "Force to skip the insecure verify (default false)", \
NULL }, \
{ CMD_OPT_TYPE_BOOL, \
false, \
"use-decrypted-key", \
0, \
(cmdargs)->json_confs->use_decrypted_key, \
- "Use decrypted private key by default(default true)", \
+ "Use decrypted private key by default (default true)", \
NULL }, \
{ CMD_OPT_TYPE_STRING_DUP, \
false, \
@@ -296,6 +296,26 @@ int command_default_ulimit_append(command_option_t *option, const char *arg);
false, "selinux-enabled", 0, &(cmdargs)->json_confs->selinux_enabled, \
"Enable selinux support", NULL \
}, \
+ { CMD_OPT_TYPE_STRING_DUP, \
+ false, "default-runtime", 0, &(cmdargs)->json_confs->default_runtime, \
+ "Default container runtime (default lcr)", NULL \
+ }, \
+ { CMD_OPT_TYPE_CALLBACK, \
+ false, "cpu-rt-period", 0, &(cmdargs)->json_confs->cpu_rt_period, \
+ "Limit CPU real-time period in microseconds for all containers", command_convert_llong \
+ }, \
+ { CMD_OPT_TYPE_CALLBACK, \
+ false, "cpu-rt-runtime", 0, &(cmdargs)->json_confs->cpu_rt_runtime, \
+ "Limit CPU real-time runtime in microseconds for all containers", command_convert_llong \
+ }, \
+ { CMD_OPT_TYPE_STRING_DUP, \
+ false, "enable-plugins", 0, &(cmdargs)->json_confs->enable_plugins, \
+ "Enable plugins for all containers", NULL \
+ }, \
+ { CMD_OPT_TYPE_CALLBACK, \
+ false, "cri-runtime", 0, (cmdargs), \
+ "CRI runtime class transform", server_callback_cri_runtime \
+ }, \
#ifdef __cplusplus
}
diff --git a/src/cmd/isulad/main.c b/src/cmd/isulad/main.c
index ccba7107..d4f984d5 100644
--- a/src/cmd/isulad/main.c
+++ b/src/cmd/isulad/main.c
@@ -501,47 +501,6 @@ int check_and_set_default_isulad_log_file(struct service_arguments *args)
return 0;
}
-static int set_parent_mount_dir(struct service_arguments *args)
-{
- int ret = -1;
- int nret;
- size_t len;
- char *rootfsdir = NULL;
-
- if (args->json_confs == NULL) {
- ERROR("Empty json configs");
- goto out;
- }
- if (strlen(args->json_confs->graph) > (SIZE_MAX - strlen("/mnt/rootfs")) - 1) {
- ERROR("Root directory of the isulad runtime is too long");
- goto out;
- }
- len = strlen(args->json_confs->graph) + strlen("/mnt/rootfs") + 1;
- if (len > PATH_MAX) {
- ERROR("The size of path exceeds the limit");
- goto out;
- }
- rootfsdir = util_common_calloc_s(len);
- if (rootfsdir == NULL) {
- ERROR("Out of memory");
- goto out;
- }
- nret = snprintf(rootfsdir, len, "%s/mnt/rootfs", args->json_confs->graph);
- if (nret < 0 || (size_t)nret >= len) {
- ERROR("Failed to print string");
- goto out;
- }
-
- free(args->json_confs->rootfsmntdir);
- args->json_confs->rootfsmntdir = util_strdup_s(rootfsdir);
-
- ret = 0;
-
-out:
- free(rootfsdir);
- return ret;
-}
-
static int check_hook_spec_file(const char *hook_spec)
{
struct stat hookstat = { 0 };
@@ -1004,10 +963,6 @@ static int update_server_args(struct service_arguments *args)
return -1;
}
- if (set_parent_mount_dir(args)) {
- return -1;
- }
-
/* parse hook spec */
if (parse_conf_hooks(args) != 0) {
return -1;
@@ -1050,6 +1005,7 @@ static int server_conf_parse_save(int argc, const char **argv)
/* Step2: load json configs and merge into global configs */
if (merge_json_confs_into_global(args) != 0) {
+ ERROR("Failed to merge json conf into global");
ret = -1;
goto out;
}
@@ -1062,6 +1018,7 @@ static int server_conf_parse_save(int argc, const char **argv)
}
if (update_server_args(args) != 0) {
+ ERROR("Failed to update server args");
ret = -1;
goto out;
}
@@ -1165,6 +1122,7 @@ static int isulad_server_pre_init(const struct service_arguments *args, const ch
const char *fifo_full_path)
{
int ret = 0;
+ char *rootfs_mnt_dir = NULL;
#ifdef ENABLE_USERNS_REMAP
char* userns_remap = conf_get_isulad_userns_remap();
char *isulad_root = NULL;
@@ -1228,7 +1186,14 @@ static int isulad_server_pre_init(const struct service_arguments *args, const ch
}
#endif
- if (mount_rootfs_mnt_dir(args->json_confs->rootfsmntdir)) {
+ rootfs_mnt_dir = conf_get_isulad_mount_rootfs();
+ if (rootfs_mnt_dir == NULL) {
+ ERROR("Failed to get isulad mount rootfs");
+ ret = -1;
+ goto out;
+ }
+
+ if (mount_rootfs_mnt_dir(rootfs_mnt_dir)) {
ERROR("Create and mount parent directory failed");
ret = -1;
goto out;
@@ -1241,6 +1206,7 @@ static int isulad_server_pre_init(const struct service_arguments *args, const ch
}
out:
+ free(rootfs_mnt_dir);
#ifdef ENABLE_USERNS_REMAP
free(isulad_root);
free(userns_remap);
diff --git a/src/daemon/config/daemon_arguments.c b/src/daemon/config/daemon_arguments.c
index 719efef0..076c10a6 100644
--- a/src/daemon/config/daemon_arguments.c
+++ b/src/daemon/config/daemon_arguments.c
@@ -148,7 +148,6 @@ int service_arguments_init(struct service_arguments *args)
args->json_confs->pidfile = util_strdup_s(DEFAULT_PID_FILE);
args->json_confs->storage_driver = util_strdup_s("overlay2");
args->json_confs->native_umask = util_strdup_s(UMASK_SECURE);
- args->json_confs->image_service = true;
args->json_confs->image_layer_check = false;
args->json_confs->use_decrypted_key = (bool *)util_common_calloc_s(sizeof(bool));
if (args->json_confs->use_decrypted_key == NULL) {
@@ -165,6 +164,11 @@ int service_arguments_init(struct service_arguments *args)
args->default_ulimit_len = 0;
args->json_confs->websocket_server_listening_port = DEFAULT_WEBSOCKET_SERVER_LISTENING_PORT;
args->json_confs->selinux_enabled = false;
+ args->json_confs->default_runtime = util_strdup_s(DEFAULT_RUNTIME_NAME);
+ args->json_confs->cri_runtimes = (json_map_string_string *)util_common_calloc_s(sizeof(json_map_string_string));
+ if (args->json_confs->cri_runtimes == NULL) {
+ goto free_out;
+ }
ret = 0;
@@ -200,57 +204,108 @@ void service_arguments_free(struct service_arguments *args)
free_default_ulimit(args->default_ulimit);
args->default_ulimit = NULL;
args->default_ulimit_len = 0;
+
+ free(args->json_confs->default_runtime);
+ args->json_confs->default_runtime = NULL;
+
+ free_json_map_string_string(args->json_confs->cri_runtimes);
+ args->json_confs->cri_runtimes = NULL;
}
-/* server log opt parser */
-int server_log_opt_parser(struct service_arguments *args, const char *option)
+static int key_value_opt_parser(const char *option, char **key, char **value)
{
int ret = -1;
- char *key = NULL;
- char *value = NULL;
- char *tmp = NULL;
+ char *tmp_key = NULL;
+ char *tmp_value = NULL;
+ char *tmp_option = NULL;
size_t len = 0;
size_t total_len = 0;
- if (option == NULL || args == NULL) {
- goto out;
- }
-
// option format: key=value
total_len = strlen(option);
- if (args == NULL || total_len <= 2) {
- goto out;
+ if (total_len <= 2) {
+ return -1;
}
- tmp = util_strdup_s(option);
- key = tmp;
- value = strchr(tmp, '=');
+ tmp_option = util_strdup_s(option);
+ tmp_key = tmp_option;
+ tmp_value = strchr(tmp_option, '=');
// option do not contain '='
- if (value == NULL) {
+ if (tmp_value == NULL) {
goto out;
}
- len = (size_t)(value - key);
+ len = (size_t)(tmp_value - tmp_key);
// if option is '=key'
if (len == 0) {
goto out;
}
+
// if option is 'key='
if (total_len == len + 1) {
goto out;
}
- tmp[len] = '\0';
- value += 1;
- ret = parse_log_opts(args, key, value);
+ tmp_option[len] = '\0';
+ *key = util_strdup_s(tmp_key);
+ tmp_option[len] = '=';
+
+ tmp_value += 1;
+ *value = util_strdup_s(tmp_value);
+
+ ret = 0;
+
+out:
+ free(tmp_option);
+ return ret;
+}
+/* server log opt parser */
+int server_log_opt_parser(struct service_arguments *args, const char *option)
+{
+ int ret = -1;
+ char *key = NULL;
+ char *value = NULL;
+
+ if (option == NULL || args == NULL) {
+ return -1;
+ }
+
+ if (key_value_opt_parser(option, &key, &value) != 0) {
+ return -1;
+ }
+
+ ret = parse_log_opts(args, key, value);
if (ret == 0 && args->json_confs != NULL && args->json_confs->log_opts != NULL) {
ret = append_json_map_string_string(args->json_confs->log_opts, key, value);
}
- tmp[len] = '=';
-out:
- free(tmp);
+ free(key);
+ free(value);
+ return ret;
+}
+
+/* server cri runtime parser */
+int server_cri_runtime_parser(struct service_arguments *args, const char *option)
+{
+ int ret = 0;
+ char *key = NULL;
+ char *value = NULL;
+
+ if (option == NULL || args == NULL) {
+ return -1;
+ }
+
+ if (key_value_opt_parser(option, &key, &value) != 0) {
+ return -1;
+ }
+
+ if (args->json_confs != NULL && args->json_confs->cri_runtimes != NULL) {
+ ret = append_json_map_string_string(args->json_confs->cri_runtimes, key, value);
+ }
+
+ free(key);
+ free(value);
return ret;
}
diff --git a/src/daemon/config/daemon_arguments.h b/src/daemon/config/daemon_arguments.h
index 54099c81..49f5961e 100644
--- a/src/daemon/config/daemon_arguments.h
+++ b/src/daemon/config/daemon_arguments.h
@@ -71,6 +71,7 @@ struct service_arguments {
int service_arguments_init(struct service_arguments *args);
void service_arguments_free(struct service_arguments *args);
int server_log_opt_parser(struct service_arguments *args, const char *option);
+int server_cri_runtime_parser(struct service_arguments *args, const char *option);
size_t ulimit_array_len(host_config_ulimits_element **default_ulimit);
diff --git a/src/daemon/config/isulad_config.c b/src/daemon/config/isulad_config.c
index 6f17660b..86a9609a 100644
--- a/src/daemon/config/isulad_config.c
+++ b/src/daemon/config/isulad_config.c
@@ -529,6 +529,34 @@ out:
return result;
}
+static char *get_parent_mount_dir(char *graph)
+{
+ int nret;
+ size_t len;
+ char *rootfsdir = NULL;
+
+ len = strlen(graph) + strlen("/mnt/rootfs") + 1;
+ if (len > PATH_MAX) {
+ ERROR("The size of path exceeds the limit");
+ return NULL;
+ }
+
+ rootfsdir = util_common_calloc_s(len);
+ if (rootfsdir == NULL) {
+ ERROR("Out of memory");
+ return NULL;
+ }
+
+ nret = snprintf(rootfsdir, len, "%s/mnt/rootfs", graph);
+ if (nret < 0 || (size_t)nret >= len) {
+ ERROR("Failed to print string");
+ free(rootfsdir);
+ return NULL;
+ }
+
+ return rootfsdir;
+}
+
/* conf get isulad mount rootfs */
char *conf_get_isulad_mount_rootfs()
{
@@ -540,11 +568,11 @@ char *conf_get_isulad_mount_rootfs()
}
conf = conf_get_server_conf();
- if (conf == NULL || conf->json_confs->rootfsmntdir == NULL) {
+ if (conf == NULL || conf->json_confs == NULL || conf->json_confs->graph == NULL) {
goto out;
}
- path = util_strdup_s(conf->json_confs->rootfsmntdir);
+ path = get_parent_mount_dir(conf->json_confs->graph);
out:
(void)isulad_server_conf_unlock();
@@ -1449,6 +1477,25 @@ static int merge_logs_conf_into_global(struct service_arguments *args, isulad_da
return do_merge_container_logs_conf(args, tmp_json_confs);
}
+static int merge_cri_runtimes_into_global(struct service_arguments *args, isulad_daemon_configs *tmp_json_confs)
+{
+ size_t i;
+
+ if (tmp_json_confs->cri_runtimes == NULL) {
+ return 0;
+ }
+
+ for (i = 0; i < tmp_json_confs->cri_runtimes->len; i++) {
+ if (append_json_map_string_string(args->json_confs->cri_runtimes, tmp_json_confs->cri_runtimes->keys[i],
+ tmp_json_confs->cri_runtimes->values[i]) != 0) {
+ ERROR("Out of memory");
+ return -1;
+ }
+ }
+
+ return 0;
+}
+
static int merge_authorization_conf_into_global(struct service_arguments *args, isulad_daemon_configs *tmp_json_confs)
{
args->json_confs->tls = tmp_json_confs->tls;
@@ -1549,7 +1596,6 @@ int merge_json_confs_into_global(struct service_arguments *args)
#endif
override_string_value(&args->json_confs->native_umask, &tmp_json_confs->native_umask);
override_string_value(&args->json_confs->cgroup_parent, &tmp_json_confs->cgroup_parent);
- override_string_value(&args->json_confs->rootfsmntdir, &tmp_json_confs->rootfsmntdir);
override_string_value(&args->json_confs->start_timeout, &tmp_json_confs->start_timeout);
override_string_value(&args->json_confs->pod_sandbox_image, &tmp_json_confs->pod_sandbox_image);
override_string_value(&args->json_confs->network_plugin, &tmp_json_confs->network_plugin);
@@ -1559,8 +1605,10 @@ int merge_json_confs_into_global(struct service_arguments *args)
args->json_confs->runtimes = tmp_json_confs->runtimes;
tmp_json_confs->runtimes = NULL;
- args->json_confs->cri_runtimes = tmp_json_confs->cri_runtimes;
- tmp_json_confs->cri_runtimes = NULL;
+ if (merge_cri_runtimes_into_global(args, tmp_json_confs)) {
+ ret = -1;
+ goto out;
+ }
#ifdef ENABLE_SUP_GROUPS
args->json_confs->sup_groups = tmp_json_confs->sup_groups;
@@ -1588,9 +1636,6 @@ int merge_json_confs_into_global(struct service_arguments *args)
args->json_confs->cpu_rt_runtime = tmp_json_confs->cpu_rt_runtime;
}
- if (tmp_json_confs->image_service) {
- args->json_confs->image_service = tmp_json_confs->image_service;
- }
if (tmp_json_confs->image_layer_check) {
args->json_confs->image_layer_check = tmp_json_confs->image_layer_check;
}
diff --git a/src/daemon/modules/events/collector.c b/src/daemon/modules/events/collector.c
index 319e777a..9dc4dbe7 100644
--- a/src/daemon/modules/events/collector.c
+++ b/src/daemon/modules/events/collector.c
@@ -578,7 +578,7 @@ static int do_write_events(const stream_func_wrapper *stream, struct isulad_even
goto out;
}
if (!stream->write_func(stream->writer, event)) {
- ERROR("Failed to send exit event for 'events' client");
+ ERROR("Failed to send event for 'events' client");
ret = -1;
goto out;
}
--
2.25.1

45
0006-invalid-free-default-runtime-and-cri-runtime-after-f.patch
View File

@ -1,45 +0,0 @@
From 710aa3de0e21c3566934897dd34a9ac497f808a7 Mon Sep 17 00:00:00 2001
From: zhangxiaoyu <zhangxiaoyu58@huawei.com>
Date: Thu, 8 Sep 2022 10:14:39 +0800
Subject: [PATCH 06/11] invalid free default-runtime and cri-runtime after free
json-confs
Signed-off-by: zhangxiaoyu <zhangxiaoyu58@huawei.com>
---
src/cmd/isulad/isulad_commands.h | 2 +-
src/daemon/config/daemon_arguments.c | 6 ------
2 files changed, 1 insertion(+), 7 deletions(-)
diff --git a/src/cmd/isulad/isulad_commands.h b/src/cmd/isulad/isulad_commands.h
index dc278f9c..a89de5c1 100644
--- a/src/cmd/isulad/isulad_commands.h
+++ b/src/cmd/isulad/isulad_commands.h
@@ -166,7 +166,7 @@ int command_default_ulimit_append(command_option_t *option, const char *arg);
SUP_GROUPS_OPT(cmdargs) \
{ CMD_OPT_TYPE_CALLBACK, \
false, \
- "registry-mirrors", \
+ "registry-mirrors", \
0, \
&(cmdargs)->json_confs->registry_mirrors, \
"Registry to be prepended when pulling unqualified images, can be specified multiple times", \
diff --git a/src/daemon/config/daemon_arguments.c b/src/daemon/config/daemon_arguments.c
index 076c10a6..04173557 100644
--- a/src/daemon/config/daemon_arguments.c
+++ b/src/daemon/config/daemon_arguments.c
@@ -204,12 +204,6 @@ void service_arguments_free(struct service_arguments *args)
free_default_ulimit(args->default_ulimit);
args->default_ulimit = NULL;
args->default_ulimit_len = 0;
-
- free(args->json_confs->default_runtime);
- args->json_confs->default_runtime = NULL;
-
- free_json_map_string_string(args->json_confs->cri_runtimes);
- args->json_confs->cri_runtimes = NULL;
}
static int key_value_opt_parser(const char *option, char **key, char **value)
--
2.25.1

74
0007-calculate-timezone-by-tm_gmtoff.patch
View File

@ -1,74 +0,0 @@
From 15314b8d4159da27717e3e835e2cb0f90b3f7e02 Mon Sep 17 00:00:00 2001
From: zhangxiaoyu <zhangxiaoyu58@huawei.com>
Date: Tue, 13 Sep 2022 20:21:25 +1400
Subject: [PATCH 07/11] calculate timezone by tm_gmtoff
Signed-off-by: zhangxiaoyu <zhangxiaoyu58@huawei.com>
---
src/utils/cutils/utils_timestamp.c | 38 +++++++++++++++++++-----------
1 file changed, 24 insertions(+), 14 deletions(-)
diff --git a/src/utils/cutils/utils_timestamp.c b/src/utils/cutils/utils_timestamp.c
index 640d5dd0..c490c00e 100644
--- a/src/utils/cutils/utils_timestamp.c
+++ b/src/utils/cutils/utils_timestamp.c
@@ -149,13 +149,17 @@ bool util_get_timestamp(const char *str_time, types_timestamp_t *timestamp)
bool get_time_buffer_help(const types_timestamp_t *timestamp, char *timebuffer, size_t maxsize, bool local_utc)
{
- struct tm tm_utc = { 0 };
- struct tm tm_local = { 0 };
- int tm_zone = 0;
- int32_t nanos;
int nret = 0;
- time_t seconds;
+ int tm_zone_hour = 0;
+ int tm_zone_min = 0;
+ int32_t nanos;
+ struct tm tm_local = { 0 };
size_t tmp_size = 0;
+ time_t seconds;
+ bool west_timezone = false;
+ long int tm_gmtoff = 0;
+ const int seconds_per_minutes = 60;
+ const int seconds_per_hour = 3600;
if (timebuffer == NULL || maxsize == 0 || !timestamp->has_seconds) {
return false;
@@ -178,18 +182,24 @@ bool get_time_buffer_help(const types_timestamp_t *timestamp, char *timebuffer,
goto out;
}
- gmtime_r(&seconds, &tm_utc);
- tm_zone = tm_local.tm_hour - tm_utc.tm_hour;
- if (tm_zone < -12) {
- tm_zone += 24;
- } else if (tm_zone > 12) {
- tm_zone -= 24;
+#ifdef __USE_MISC
+ tm_gmtoff = tm_local.tm_gmtoff;
+#else
+ tm_gmtoff = tm_local.__tm_gmtoff;
+#endif
+
+ if (tm_gmtoff < 0) {
+ west_timezone = true;
+ tm_gmtoff = -tm_gmtoff;
}
- if (tm_zone >= 0) {
- nret = snprintf(timebuffer + strlen(timebuffer), tmp_size, ".%09d+%02d:00", nanos, tm_zone);
+ tm_zone_hour = tm_gmtoff / seconds_per_hour;
+ tm_zone_min = (tm_gmtoff - tm_zone_hour * seconds_per_hour) / seconds_per_minutes;
+
+ if (!west_timezone) {
+ nret = snprintf(timebuffer + strlen(timebuffer), tmp_size, ".%09d+%02d:%02d", nanos, tm_zone_hour, tm_zone_min);
} else {
- nret = snprintf(timebuffer + strlen(timebuffer), tmp_size, ".%09d-%02d:00", nanos, -tm_zone);
+ nret = snprintf(timebuffer + strlen(timebuffer), tmp_size, ".%09d-%02d:%02d", nanos, tm_zone_hour, tm_zone_min);
}
out:
--
2.25.1

135
0008-fixbug-add-hostname-env-for-container.patch
View File

@ -1,135 +0,0 @@
From 502cf70a63afa5b5a728d7813b1ff1481badf63a Mon Sep 17 00:00:00 2001
From: haozi007 <liuhao27@huawei.com>
Date: Thu, 8 Sep 2022 20:29:36 +0800
Subject: [PATCH 08/11] [fixbug] add hostname env for container
Signed-off-by: haozi007 <liuhao27@huawei.com>
---
.../executor/container_cb/execution_network.c | 16 +++++++------
src/daemon/modules/spec/specs.c | 13 +++++-----
src/daemon/modules/spec/specs_extend.c | 24 ++++++++++++++-----
3 files changed, 34 insertions(+), 19 deletions(-)
diff --git a/src/daemon/executor/container_cb/execution_network.c b/src/daemon/executor/container_cb/execution_network.c
index fa0ec612..bbc35e80 100644
--- a/src/daemon/executor/container_cb/execution_network.c
+++ b/src/daemon/executor/container_cb/execution_network.c
@@ -890,17 +890,19 @@ static int create_default_hostname(const char *id, const char *rootpath, bool sh
char hostname_content[MAX_HOST_NAME_LEN + 2] = { 0 };
if (v2_spec->config->hostname == NULL) {
+ char hostname[MAX_HOST_NAME_LEN] = { 0 };
if (share_host) {
- char hostname[MAX_HOST_NAME_LEN] = { 0x00 };
ret = gethostname(hostname, sizeof(hostname));
- if (ret != 0) {
- ERROR("Get hostname error");
- goto out;
- }
- v2_spec->config->hostname = util_strdup_s(hostname);
} else {
- v2_spec->config->hostname = util_strdup_s("localhost");
+ // max length of hostname from ID is 12 + '\0'
+ nret = snprintf(hostname, 13, "%s", id);
+ ret = nret < 0 ? 1 : 0;
+ }
+ if (ret != 0) {
+ ERROR("Create hostname error");
+ goto out;
}
+ v2_spec->config->hostname = util_strdup_s(hostname);
}
nret = snprintf(file_path, PATH_MAX, "%s/%s/%s", rootpath, id, "hostname");
diff --git a/src/daemon/modules/spec/specs.c b/src/daemon/modules/spec/specs.c
index 44e38674..ec6385a6 100644
--- a/src/daemon/modules/spec/specs.c
+++ b/src/daemon/modules/spec/specs.c
@@ -2112,6 +2112,13 @@ int merge_all_specs(host_config *host_spec, const char *real_rootfs, container_c
goto out;
}
+ // should before merge process env
+ ret = merge_hostname(oci_spec, host_spec, v2_spec->config);
+ if (ret != 0) {
+ ERROR("Failed to merge hostname");
+ goto out;
+ }
+
ret = merge_process_conf(oci_spec, host_spec, v2_spec->config);
if (ret != 0) {
goto out;
@@ -2138,12 +2145,6 @@ int merge_all_specs(host_config *host_spec, const char *real_rootfs, container_c
goto out;
}
- ret = merge_hostname(oci_spec, host_spec, v2_spec->config);
- if (ret != 0) {
- ERROR("Failed to merge hostname");
- goto out;
- }
-
ret = make_annotations(oci_spec, v2_spec->config, host_spec);
if (ret != 0) {
ret = -1;
diff --git a/src/daemon/modules/spec/specs_extend.c b/src/daemon/modules/spec/specs_extend.c
index 6276a586..c8faa102 100644
--- a/src/daemon/modules/spec/specs_extend.c
+++ b/src/daemon/modules/spec/specs_extend.c
@@ -415,13 +415,19 @@ out:
int merge_env(oci_runtime_spec *oci_spec, const char **env, size_t env_len)
{
int ret = 0;
+ int nret = 0;
size_t new_size = 0;
size_t old_size = 0;
- size_t i = 0;
+ size_t i;
char **temp = NULL;
+ // 10 is lenght of "HOSTNAME=" and '\0'
+ char host_name_env[MAX_HOST_NAME_LEN + 10] = { 0 };
- if (env_len == 0 || env == NULL) {
- return 0;
+ nret = snprintf(host_name_env, sizeof(host_name_env), "HOSTNAME=%s", oci_spec->hostname);
+ if (nret < 0 || (size_t)nret >= sizeof(host_name_env)) {
+ ret = -1;
+ ERROR("Sprint failed");
+ goto out;
}
ret = make_sure_oci_spec_process(oci_spec);
@@ -429,13 +435,14 @@ int merge_env(oci_runtime_spec *oci_spec, const char **env, size_t env_len)
goto out;
}
- if (env_len > LIST_ENV_SIZE_MAX - oci_spec->process->env_len) {
+ if (env_len > LIST_ENV_SIZE_MAX - oci_spec->process->env_len - 1) {
ERROR("The length of envionment variables is too long, the limit is %lld", LIST_ENV_SIZE_MAX);
isulad_set_error_message("The length of envionment variables is too long, the limit is %d", LIST_ENV_SIZE_MAX);
ret = -1;
goto out;
}
- new_size = (oci_spec->process->env_len + env_len) * sizeof(char *);
+ // add 1 for hostname env
+ new_size = (oci_spec->process->env_len + env_len + 1) * sizeof(char *);
old_size = oci_spec->process->env_len * sizeof(char *);
ret = util_mem_realloc((void **)&temp, new_size, oci_spec->process->env, old_size);
if (ret != 0) {
@@ -445,7 +452,12 @@ int merge_env(oci_runtime_spec *oci_spec, const char **env, size_t env_len)
}
oci_spec->process->env = temp;
- for (i = 0; i < env_len; i++) {
+
+ // append hostname env into default oci spec env list
+ oci_spec->process->env[oci_spec->process->env_len] = util_strdup_s(host_name_env);
+ oci_spec->process->env_len++;
+
+ for (i = 0; i < env_len && env != NULL; i++) {
oci_spec->process->env[oci_spec->process->env_len] = util_strdup_s(env[i]);
oci_spec->process->env_len++;
}
--
2.25.1

35
0009-add-testcase-for-check-env-HOSTNAME.patch
View File

@ -1,35 +0,0 @@
From b0664f10a349563376a0db00c1524d01599cd697 Mon Sep 17 00:00:00 2001
From: haozi007 <liuhao27@huawei.com>
Date: Wed, 14 Sep 2022 10:49:22 +0800
Subject: [PATCH 09/11] add testcase for check env HOSTNAME
Signed-off-by: haozi007 <liuhao27@huawei.com>
---
CI/test_cases/container_cases/run.sh | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/CI/test_cases/container_cases/run.sh b/CI/test_cases/container_cases/run.sh
index 29c761d3..1dea51ab 100755
--- a/CI/test_cases/container_cases/run.sh
+++ b/CI/test_cases/container_cases/run.sh
@@ -26,6 +26,17 @@ source ../helpers.sh
function do_test_t()
{
containername=test_basic_run
+
+ tid=$(isula run --name $containername -td busybox)
+ hostname=$(isula exec -it $containername hostname)
+ fn_check_eq "${hostname}" "${tid:0:12}" "default hostname is not id of container"
+ isula exec -it $containername env | grep HOSTNAME
+ fn_check_eq "$?" "0" "check HOSTNAME env failed"
+ isula stop -t 0 $tid
+ fn_check_eq "$?" "0" "stop failed"
+ isula rm $tid
+ fn_check_eq "$?" "0" "rm failed"
+
isula run --name $containername -td busybox
fn_check_eq "$?" "0" "run failed"
testcontainer $containername running
--
2.25.1

105
0010-Add-timezone-CI-test.patch
View File

@ -1,105 +0,0 @@
From eaad0bfcd96ffba436413a46bde5bb96db4e754e Mon Sep 17 00:00:00 2001
From: zhongtao <taozh97@163.com>
Date: Thu, 15 Sep 2022 15:43:42 +1400
Subject: [PATCH 10/11] Add timezone CI test
Signed-off-by: zhongtao <taozh97@163.com>
---
CI/test_cases/container_cases/timezone.sh | 85 +++++++++++++++++++++++
1 file changed, 85 insertions(+)
create mode 100644 CI/test_cases/container_cases/timezone.sh
diff --git a/CI/test_cases/container_cases/timezone.sh b/CI/test_cases/container_cases/timezone.sh
new file mode 100644
index 00000000..d434477d
--- /dev/null
+++ b/CI/test_cases/container_cases/timezone.sh
@@ -0,0 +1,85 @@
+#!/bin/bash
+#
+# attributes: isulad timezone
+# concurrent: NA
+# spend time: 10
+
+#######################################################################
+##- Copyright (c) Huawei Technologies Co., Ltd. 2022. All rights reserved.
+# - iSulad licensed under the Mulan PSL v2.
+# - You can use this software according to the terms and conditions of the Mulan PSL v2.
+# - You may obtain a copy of Mulan PSL v2 at:
+# - http://license.coscl.org.cn/MulanPSL2
+# - THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+# - IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+# - PURPOSE.
+# - See the Mulan PSL v2 for more details.
+##- @Description:CI
+##- @Author: zhongtao
+##- @Create: 2022-09-13
+#######################################################################
+
+source ../helpers.sh
+curcnt_timezone=`readlink /etc/localtime`
+
+function do_check_timezone()
+{
+ ln -sf $1 /etc/localtime
+ localtime=`date "+%:z" | sed 's/://g'`
+
+ check_valgrind_log
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - stop isulad failed" && return ${FAILURE}
+
+ start_isulad_with_valgrind
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - start isulad failed" && return ${FAILURE}
+
+ containername="test_timezone"
+
+ isula run --name $containername $2 /bin/sh
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to run container with image: ${image}" && return ${FAILURE}
+
+ containertime=`isula inspect -f "{{.State.StartedAt}}" $containername | tail -c 7 | sed 's/://g'`
+ fn_check_eq "$localtime" "$containertime" "localtime is $localtime get: $containertime"
+
+ isula rm -f $containername
+}
+
+function test_timezone()
+{
+ local image="busybox"
+ local test="container timezone test => (${FUNCNAME[@]})"
+
+ msg_info "${test} starting..."
+
+ isula pull ${image}
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to pull image: ${image}" && return ${FAILURE}
+
+ isula images | grep busybox
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - missing list image: ${image}" && return ${FAILURE}
+
+ do_check_timezone "/usr/share/zoneinfo/Pacific/Kiritimati" "$image"
+ do_check_timezone "/usr/share/zoneinfo/right/Canada/Newfoundland" "$image"
+ do_check_timezone "/usr/share/zoneinfo/Asia/Kolkata" "$image"
+ do_check_timezone "/usr/share/zoneinfo/right/Pacific/Chatham" "$image"
+ do_check_timezone "/usr/share/zoneinfo/Etc/GMT" "$image"
+
+ ln -sf $curcnt_timezone /etc/localtime
+
+ isula rmi ${image}
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to remove image ${image}" && return ${FAILURE}
+
+ check_valgrind_log
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - stop isulad failed" && return ${FAILURE}
+
+ start_isulad_with_valgrind
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - start isulad failed" && return ${FAILURE}
+
+ msg_info "${test} finished with return ${TC_RET_T}..."
+ return $TC_RET_T
+}
+
+declare -i ans=0
+
+test_timezone || ((ans++))
+
+show_result ${ans} "${curr_path}/${0}"
--
2.25.1

167
0011-fix-maybe-uwait-use-after-free.patch
View File

@ -1,167 +0,0 @@
From 95815fe3332197279259ecc4ace08e2e20a174cf Mon Sep 17 00:00:00 2001
From: zhangxiaoyu <zhangxiaoyu58@huawei.com>
Date: Wed, 28 Sep 2022 10:57:00 +0800
Subject: [PATCH 11/11] fix maybe uwait use after free
Signed-off-by: zhangxiaoyu <zhangxiaoyu58@huawei.com>
---
.../graphdriver/devmapper/wrapper_devmapper.c | 77 +++++++++++++++----
.../graphdriver/devmapper/wrapper_devmapper.h | 3 +
2 files changed, 64 insertions(+), 16 deletions(-)
diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/wrapper_devmapper.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/wrapper_devmapper.c
index 8a1dfff5..2513d64a 100644
--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/wrapper_devmapper.c
+++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/wrapper_devmapper.c
@@ -359,6 +359,17 @@ out:
return ret;
}
+void free_udev_wait_pth_t(udev_wait_pth_t* uwait)
+{
+ if (uwait->cond_init) {
+ pthread_cond_destroy(&uwait->wait_cond);
+ }
+ if (uwait->mutex_init) {
+ pthread_mutex_destroy(&uwait->udev_mutex);
+ }
+ free(uwait);
+}
+
static void *udev_wait_process(void *data)
{
int ret = 0;
@@ -376,13 +387,49 @@ static void *udev_wait_process(void *data)
} else {
uwait->state = DEV_OK;
}
+ if (pthread_cond_wait(&uwait->wait_cond, &uwait->udev_mutex) != 0) {
+ CRIT("Udev wait condition failed");
+ }
pthread_mutex_unlock(&uwait->udev_mutex);
+ free_udev_wait_pth_t(uwait);
+
out:
DAEMON_CLEAR_ERRMSG();
return NULL;
}
+udev_wait_pth_t *init_udev_wait_pth_t(uint32_t cookie)
+{
+ udev_wait_pth_t *uwait = NULL;
+
+ uwait = util_common_calloc_s(sizeof(udev_wait_pth_t));
+ if (uwait == NULL) {
+ ERROR("Out of memory");
+ return NULL;
+ }
+ uwait->cookie = cookie;
+ uwait->state = DEV_INIT;
+ uwait->mutex_init = false;
+ uwait->cond_init = false;
+
+ if (pthread_mutex_init(&uwait->udev_mutex, NULL) != 0) {
+ ERROR("Udev mutex initialized failed");
+ free(uwait);
+ return NULL;
+ }
+ uwait->mutex_init = true;
+
+ if (pthread_cond_init(&uwait->wait_cond, NULL) != 0) {
+ ERROR("Udev condition initialized failed");
+ free_udev_wait_pth_t(uwait);
+ return NULL;
+ }
+ uwait->cond_init = true;
+
+ return uwait;
+}
+
// UdevWait waits for any processes that are waiting for udev to complete the specified cookie.
void dev_udev_wait(uint32_t cookie)
{
@@ -396,51 +443,49 @@ void dev_udev_wait(uint32_t cookie)
return;
}
- uwait = util_common_calloc_s(sizeof(udev_wait_pth_t));
+ // free in udev_wait_process
+ uwait = init_udev_wait_pth_t(cookie);
if (uwait == NULL) {
- ERROR("Out of memory");
return;
}
- uwait->cookie = cookie;
- uwait->state = DEV_INIT;
-
- if (pthread_mutex_init(&uwait->udev_mutex, NULL) != 0) {
- ERROR("Udev mutex initialized failed");
- goto free_out;
- }
if (pthread_create(&tid, NULL, udev_wait_process, uwait) != 0) {
ERROR("devmapper: create udev wait process thread error:%s", strerror(errno));
- goto free_out;
+ free_udev_wait_pth_t(uwait);
+ return;
}
while (true) {
pthread_mutex_lock(&uwait->udev_mutex);
if (uwait->state != DEV_INIT) {
pthread_mutex_unlock(&uwait->udev_mutex);
- goto free_out;
+ goto out;
}
pthread_mutex_unlock(&uwait->udev_mutex);
if (gettimeofday(&end, NULL) != 0) {
ERROR("devmapper: get time failed");
- goto free_out;
+ goto out;
}
timeout = (end.tv_sec - start.tv_sec) + (end.tv_usec - start.tv_usec) / 1000000; // seconds
if (timeout >= (float)dm_udev_wait_timeout) {
if (dm_udev_complete(cookie) != 1) {
ERROR("Failed to complete udev cookie %u on udev wait timeout", cookie);
- goto free_out;
+ goto out;
}
ERROR("Wait on udev cookie time out");
break;
}
}
-free_out:
- pthread_mutex_destroy(&uwait->udev_mutex);
- free(uwait);
+out:
+ pthread_mutex_lock(&uwait->udev_mutex);
+ if (pthread_cond_broadcast(&uwait->wait_cond) != 0) {
+ ERROR("Failed to broadcast wait conditio");
+ }
+ pthread_mutex_unlock(&uwait->udev_mutex);
+ return;
}
int dev_delete_device_force(const char *name)
diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/wrapper_devmapper.h b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/wrapper_devmapper.h
index 6a45db58..5a692980 100644
--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/wrapper_devmapper.h
+++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/wrapper_devmapper.h
@@ -74,7 +74,10 @@ typedef enum {
typedef struct {
uint32_t cookie;
pthread_mutex_t udev_mutex;
+ bool mutex_init;
int state; // 0: ok 1:err_udev_wait 2: err_udev_wait_timeout
+ pthread_cond_t wait_cond;
+ bool cond_init;
} udev_wait_pth_t;
char *dev_strerror(int errnum);
--
2.25.1

22
iSulad.spec
View File

@ -1,5 +1,5 @@
%global _version 2.0.16
%global _release 8
%global _version 2.0.17
%global _release 1
%global is_systemd 1
%global enable_shimv2 1
%global is_embedded 1
@ -13,18 +13,6 @@ URL: https://gitee.com/openeuler/iSulad
Source: https://gitee.com/openeuler/iSulad/repository/archive/v%{version}.tar.gz
BuildRoot: {_tmppath}/iSulad-%{version}
Patch0001: 0001-fix-memleak.patch
Patch0002: 0002-cleancode-about-rest-register-container.patch
Patch0003: 0003-adapt-to-openssl-3.0.patch
Patch0004: 0004-remove-redundant-header-files.patch
Patch0005: 0005-add-isulad-args.patch
Patch0006: 0006-invalid-free-default-runtime-and-cri-runtime-after-f.patch
Patch0007: 0007-calculate-timezone-by-tm_gmtoff.patch
Patch0008: 0008-fixbug-add-hostname-env-for-container.patch
Patch0009: 0009-add-testcase-for-check-env-HOSTNAME.patch
Patch0010: 0010-Add-timezone-CI-test.patch
Patch0011: 0011-fix-maybe-uwait-use-after-free.patch
%ifarch x86_64 aarch64
Provides: libhttpclient.so()(64bit)
Provides: libisula.so()(64bit)
@ -246,6 +234,12 @@ fi
%endif
%changelog
* Sun Oct 09 2022 zhangxiaoyu <zhangxiaoyu58@huawei.com> - 2.0.17-1
- Type: enhancement
- ID: NA
- SUG: NA
- DESC: update iSulad version to 2.0.17-1
* Thu Sep 29 2022 haozi007 <liuhao27@huawei.com> - 2.0.16-8
- Type: enhancement
- ID: NA

BIN
v2.0.16.tar.gz → v2.0.17.tar.gz
View File

Binary file not shown.