packages/iSulad
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

iSulad: update to v2.0.8

Browse Source 
Signed-off-by: lifeng68 <lifeng68@huawei.com>
This commit is contained in:
lifeng68 2020-12-30 16:00:53 +08:00
parent 6557a6eb9e
commit 96970d7818
25 changed files with 8 additions and 4743 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
0001-Add-a-solution-to-the-gpgkey-problem.patch
View File

@ -1,45 +0,0 @@
From a46546cd6c9d3e085beac143eb3b7dcff7f118e5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=A4=A7=E7=BD=97=E9=A9=AC=E7=9A=84=E5=A4=AA=E9=98=B3?=
<weibaohui@yeah.net>
Date: Mon, 23 Nov 2020 22:55:24 +0800
Subject: [PATCH 01/17] Add a solution to the gpgkey problem
---
README.md | 21 +++++++++++++++++++++
1 file changed, 21 insertions(+)
diff --git a/README.md b/README.md
index 08467ddc..9b34d615 100644
--- a/README.md
+++ b/README.md
@@ -25,6 +25,27 @@ Install iSulad with yum:
yum install -y iSulad
```
+if you found this error
+```
+Repository 'openEuler' is missing name in configuration, using id.
+
+You have enabled checking of packages via GPG keys. This is a good thing.
+However, you do not have any GPG public keys installed. You need to download
+the keys for packages you wish to install and install them.
+You can do that by running the command:
+ rpm --import public.gpg.key
+
+
+Alternatively you can specify the url to the key you would like to use
+for a repository in the 'gpgkey' option in a repository section and YUM
+will install it for you.
+
+For more information contact your distribution or package provider.
+
+```
+
+you should run `rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-openEuler` first
+
### Run
We provide `systemd` service to start `iSulad`:
```sh
--
2.25.1

606
0002-change-default-tmp-directory-from-var-tmp-to-var-lib.patch
View File

@ -1,606 +0,0 @@
From e17d4ea9e2e6ec5555429cbc0363748e33170dea Mon Sep 17 00:00:00 2001
From: WangFengTu <wangfengtu@huawei.com>
Date: Mon, 23 Nov 2020 16:52:56 +0800
Subject: [PATCH 02/17] change default tmp directory from /var/tmp to
/var/lib/isulad/tmp
Signed-off-by: WangFengTu <wangfengtu@huawei.com>
---
src/daemon/modules/image/oci/oci_image.c | 21 +++-
src/daemon/modules/image/oci/oci_load.c | 20 ++--
.../modules/image/oci/registry/registry.c | 20 ++--
.../modules/image/oci/storage/storage.c | 34 ------
.../modules/image/oci/storage/storage.h | 2 -
src/daemon/modules/image/oci/utils_images.c | 102 ++++++++++++++----
src/daemon/modules/image/oci/utils_images.h | 3 +-
test/image/oci/registry/CMakeLists.txt | 2 +-
test/image/oci/registry/registry_ut.cc | 22 +++-
test/image/oci/storage/images/CMakeLists.txt | 2 +
.../oci/storage/images/storage_images_ut.cc | 1 +
test/image/oci/storage/rootfs/CMakeLists.txt | 4 +-
.../oci/storage/rootfs/storage_rootfs_ut.cc | 1 +
test/mocks/isulad_config_mock.cc | 16 +++
test/mocks/isulad_config_mock.h | 2 +
15 files changed, 160 insertions(+), 92 deletions(-)
diff --git a/src/daemon/modules/image/oci/oci_image.c b/src/daemon/modules/image/oci/oci_image.c
index f0ba19cb..f4fa1e88 100644
--- a/src/daemon/modules/image/oci/oci_image.c
+++ b/src/daemon/modules/image/oci/oci_image.c
@@ -150,26 +150,34 @@ out:
return ret;
}
-static void cleanup_image_tmpdir()
+static int recreate_image_tmpdir()
{
char *image_tmp_path = NULL;
+ int ret = 0;
- image_tmp_path = get_image_tmp_path();
+ image_tmp_path = oci_get_isulad_tmpdir();
if (image_tmp_path == NULL) {
ERROR("failed to get image tmp path");
- return;
+ ret = -1;
+ goto out;
}
if (util_recursive_rmdir(image_tmp_path, 0)) {
ERROR("failed to remove directory %s", image_tmp_path);
+ ret = -1;
+ goto out;
}
if (util_mkdir_p(image_tmp_path, TEMP_DIRECTORY_MODE)) {
ERROR("failed to create directory %s", image_tmp_path);
+ ret = -1;
+ goto out;
}
+
+out:
free(image_tmp_path);
- return;
+ return ret;
}
int oci_init(const isulad_daemon_configs *args)
@@ -181,7 +189,10 @@ int oci_init(const isulad_daemon_configs *args)
return ret;
}
- cleanup_image_tmpdir();
+ ret = recreate_image_tmpdir();
+ if (ret != 0) {
+ goto out;
+ }
ret = registry_init(NULL, NULL);
if (ret != 0) {
diff --git a/src/daemon/modules/image/oci/oci_load.c b/src/daemon/modules/image/oci/oci_load.c
index 073ad55b..97cff34b 100644
--- a/src/daemon/modules/image/oci/oci_load.c
+++ b/src/daemon/modules/image/oci/oci_load.c
@@ -1011,25 +1011,23 @@ static char *oci_load_path_create()
{
int ret = 0;
int nret = 0;
- char *oci_load_work_dir = NULL;
+ char *image_tmp_path = NULL;
char tmp_dir[PATH_MAX] = { 0 };
- oci_load_work_dir = storage_oci_load_work_dir();
- if (oci_load_work_dir == NULL) {
- ERROR("Failed to get oci load work dir");
- isulad_try_set_error_message("Failed to get oci load work dir");
- ret = -1;
+ ret = makesure_isulad_tmpdir_perm_right();
+ if (ret != 0) {
+ ERROR("failed to make sure permission of image tmp work dir");
goto out;
}
- if (util_mkdir_p(oci_load_work_dir, TEMP_DIRECTORY_MODE) != 0) {
- ERROR("Unable to create oci image load tmp work dir:%s", oci_load_work_dir);
- isulad_try_set_error_message("Unable to create oci image load tmp work dir:%s", oci_load_work_dir);
+ image_tmp_path = oci_get_isulad_tmpdir();
+ if (image_tmp_path == NULL) {
+ ERROR("failed to get image tmp work dir");
ret = -1;
goto out;
}
- nret = snprintf(tmp_dir, PATH_MAX, "%s/oci-image-load-XXXXXX", oci_load_work_dir);
+ nret = snprintf(tmp_dir, PATH_MAX, "%s/oci-image-load-XXXXXX", image_tmp_path);
if (nret < 0 || (size_t)nret >= sizeof(tmp_dir)) {
ERROR("Path is too long");
ret = -1;
@@ -1044,7 +1042,7 @@ static char *oci_load_path_create()
}
out:
- free(oci_load_work_dir);
+ free(image_tmp_path);
return ret == 0 ? util_strdup_s(tmp_dir) : NULL;
}
diff --git a/src/daemon/modules/image/oci/registry/registry.c b/src/daemon/modules/image/oci/registry/registry.c
index 2656b9b2..a94d10b1 100644
--- a/src/daemon/modules/image/oci/registry/registry.c
+++ b/src/daemon/modules/image/oci/registry/registry.c
@@ -1718,7 +1718,13 @@ static int prepare_pull_desc(pull_descriptor *desc, registry_pull_options *optio
update_host(desc);
- image_tmp_path = get_image_tmp_path();
+ ret = makesure_isulad_tmpdir_perm_right();
+ if (ret != 0) {
+ ERROR("failed to make sure permission of image tmp work dir");
+ goto out;
+ }
+
+ image_tmp_path = oci_get_isulad_tmpdir();
if (image_tmp_path == NULL) {
ERROR("failed to get image tmp work dir");
ret = -1;
@@ -1859,18 +1865,6 @@ static void cached_layers_kvfree(void *key, void *value)
int registry_init(char *auths_dir, char *certs_dir)
{
int ret = 0;
- char *image_tmp_path = NULL;
-
- image_tmp_path = get_image_tmp_path();
- if (image_tmp_path == NULL) {
- ERROR("failed to get image tmp path");
- return -1;
- }
-
- if (util_mkdir_p(image_tmp_path, TEMP_DIRECTORY_MODE)) {
- ERROR("failed to create directory %s", image_tmp_path);
- }
- free(image_tmp_path);
auths_set_dir(auths_dir);
certs_set_dir(certs_dir);
diff --git a/src/daemon/modules/image/oci/storage/storage.c b/src/daemon/modules/image/oci/storage/storage.c
index f15531be..0d837079 100644
--- a/src/daemon/modules/image/oci/storage/storage.c
+++ b/src/daemon/modules/image/oci/storage/storage.c
@@ -1715,20 +1715,6 @@ out:
int storage_module_init(struct storage_module_init_options *opts)
{
int ret = 0;
- char *oci_load_work_dir = NULL;
-
- oci_load_work_dir = storage_oci_load_work_dir();
- if (oci_load_work_dir == NULL) {
- ERROR("Get oci load work dir failed");
- ret = -1;
- goto out;
- }
-
- ret = util_recursive_rmdir(oci_load_work_dir, 0);
- if (ret != 0) {
- ERROR("failed to remove dir %s", oci_load_work_dir);
- goto out;
- }
if (check_module_init_opt(opts) != 0) {
ret = -1;
@@ -1783,25 +1769,5 @@ int storage_module_init(struct storage_module_init_options *opts)
}
out:
- free(oci_load_work_dir);
return ret;
}
-
-
-char *storage_oci_load_work_dir()
-{
- char *isulad_tmp = NULL;
- char *oci_load_work_dir = NULL;
-
- isulad_tmp = oci_get_isulad_tmpdir();
- if (isulad_tmp == NULL) {
- ERROR("Failed to get isulad tmp dir");
- goto out;
- }
-
- oci_load_work_dir = util_path_join(isulad_tmp, "isulad-oci-load");
-
-out:
- free(isulad_tmp);
- return oci_load_work_dir;
-}
\ No newline at end of file
diff --git a/src/daemon/modules/image/oci/storage/storage.h b/src/daemon/modules/image/oci/storage/storage.h
index b030a3a5..f2141924 100644
--- a/src/daemon/modules/image/oci/storage/storage.h
+++ b/src/daemon/modules/image/oci/storage/storage.h
@@ -179,8 +179,6 @@ int storage_rootfs_umount(const char *container_id, bool force);
container_inspect_graph_driver *storage_get_metadata_by_container_id(const char *id);
-char *storage_oci_load_work_dir();
-
#ifdef __cplusplus
}
#endif
diff --git a/src/daemon/modules/image/oci/utils_images.c b/src/daemon/modules/image/oci/utils_images.c
index de0eb324..7eddd25c 100644
--- a/src/daemon/modules/image/oci/utils_images.c
+++ b/src/daemon/modules/image/oci/utils_images.c
@@ -27,6 +27,7 @@
#include <stdbool.h>
#include <stdint.h>
#include <stdio.h>
+#include <sys/stat.h>
#include "isula_libutils/log.h"
#include "utils.h"
@@ -36,10 +37,10 @@
#include "utils_file.h"
#include "utils_string.h"
#include "utils_verify.h"
+#include "isulad_config.h"
// nanos of 2038-01-19T03:14:07, the max valid linux time
#define MAX_NANOS 2147483647000000000
-#define ISULAD_DEFAULT_TMP_DIR "/var/tmp"
char *get_last_part(char **parts)
{
@@ -488,36 +489,101 @@ bool oci_valid_time(char *time)
return true;
}
+static int makesure_path_is_dir(char *path)
+{
+ struct stat st = {0};
+
+ if (lstat(path, &st) != 0) {
+ if (errno == ENOENT) {
+ return util_mkdir_p(path, TEMP_DIRECTORY_MODE);
+ }
+ ERROR("lstat %s failed: %s", path, strerror(errno));
+ return -1;
+ }
+
+ if (!S_ISDIR(st.st_mode)) {
+ if (util_recursive_rmdir(path, 0)) {
+ ERROR("failed to remove directory %s", path);
+ return -1;
+ }
+ }
+
+ if (util_mkdir_p(path, TEMP_DIRECTORY_MODE) != 0) {
+ ERROR("make dir:%s failed", path);
+ return -1;
+ }
+
+ return 0;
+}
char *oci_get_isulad_tmpdir()
{
- char *isula_tmp = NULL;
+ char *isulad_tmpdir = NULL;
+ char *isulad_root_dir = NULL;
+ char *env_dir = NULL;
+ int ret = 0;
- isula_tmp = getenv("ISULAD_TMPDIR");
- if (util_valid_str(isula_tmp) && !util_dir_exists(isula_tmp)) {
- if (util_mkdir_p(isula_tmp, TEMP_DIRECTORY_MODE) != 0) {
- ERROR("make dir:%s failed", isula_tmp);
- return NULL;
- }
+ isulad_root_dir = conf_get_isulad_rootdir();
+ if (isulad_root_dir == NULL) {
+ ERROR("get isulad root dir failed");
+ return NULL;
}
- return util_valid_str(isula_tmp) ? util_strdup_s(isula_tmp) : util_strdup_s(ISULAD_DEFAULT_TMP_DIR);
+ env_dir = getenv("ISULAD_TMPDIR");
+ if (util_valid_str(env_dir)) {
+ isulad_tmpdir = util_path_join(env_dir, "isulad_tmpdir");
+ } else {
+ isulad_tmpdir = util_path_join(isulad_root_dir, "isulad_tmpdir");
+ }
+ if (isulad_tmpdir == NULL) {
+ ERROR("join temporary directory failed");
+ ret = -1;
+ goto out;
+ }
+
+out:
+ free(isulad_root_dir);
+ if (ret != 0) {
+ free(isulad_tmpdir);
+ isulad_tmpdir = NULL;
+ }
+
+ return isulad_tmpdir;
}
-char *get_image_tmp_path()
+int makesure_isulad_tmpdir_perm_right()
{
- char *isulad_tmp = NULL;
- char *isula_image = NULL;
+ struct stat st = {0};
+ char *isulad_tmpdir = NULL;
+ int ret = 0;
+
+ isulad_tmpdir = oci_get_isulad_tmpdir();
+ if (isulad_tmpdir == NULL) {
+ return -1;
+ }
- isulad_tmp = oci_get_isulad_tmpdir();
- if (isulad_tmp == NULL) {
- ERROR("Failed to get isulad tmp dir");
+ ret = makesure_path_is_dir(isulad_tmpdir);
+ if (ret != 0) {
+ goto out;
+ }
+
+ if (lstat(isulad_tmpdir, &st) != 0) {
+ ERROR("lstat %s failed: %s", isulad_tmpdir, strerror(errno));
+ ret = -1;
goto out;
}
- isula_image = util_path_join(isulad_tmp, "isula-image");
+ // chown to root
+ ret = lchown(isulad_tmpdir, 0, 0);
+ if (ret == 0 || (ret == EPERM && st.st_uid == 0 && st.st_gid == 0)) {
+ ret = 0;
+ goto out;
+ } else {
+ ERROR("lchown %s failed: %s", isulad_tmpdir, strerror(errno));
+ }
out:
- free(isulad_tmp);
- return isula_image;
+ free(isulad_tmpdir);
+
+ return ret;
}
diff --git a/src/daemon/modules/image/oci/utils_images.h b/src/daemon/modules/image/oci/utils_images.h
index 5dedd569..cebcc796 100644
--- a/src/daemon/modules/image/oci/utils_images.h
+++ b/src/daemon/modules/image/oci/utils_images.h
@@ -55,8 +55,7 @@ int add_rootfs_and_history(const layer_blob *layers, size_t layers_len, const re
bool oci_valid_time(char *time);
char *oci_get_isulad_tmpdir();
-
-char *get_image_tmp_path();
+int makesure_isulad_tmpdir_perm_right();
#ifdef __cplusplus
}
diff --git a/test/image/oci/registry/CMakeLists.txt b/test/image/oci/registry/CMakeLists.txt
index 9e34103c..36e7cab8 100644
--- a/test/image/oci/registry/CMakeLists.txt
+++ b/test/image/oci/registry/CMakeLists.txt
@@ -24,7 +24,6 @@ add_executable(${EXE}
${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/utils/buffer/buffer.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/utils/cutils/utils_aes.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/daemon/modules/image/oci/storage/image_store/image_type.c
- ${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/daemon/config/isulad_config.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/daemon/modules/image/oci/registry_type.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/daemon/common/sysinfo.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/daemon/modules/image/oci/storage/image_store/image_store.c
@@ -37,6 +36,7 @@ add_executable(${EXE}
${CMAKE_CURRENT_SOURCE_DIR}/../../../mocks/storage_mock.cc
${CMAKE_CURRENT_SOURCE_DIR}/../../../mocks/oci_image_mock.cc
${CMAKE_CURRENT_SOURCE_DIR}/../../../mocks/http_mock.cc
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../mocks/isulad_config_mock.cc
registry_ut.cc)
target_include_directories(${EXE} PUBLIC
diff --git a/test/image/oci/registry/registry_ut.cc b/test/image/oci/registry/registry_ut.cc
index f656a49d..25ddf694 100644
--- a/test/image/oci/registry/registry_ut.cc
+++ b/test/image/oci/registry/registry_ut.cc
@@ -43,6 +43,7 @@
#include "aes.h"
#include "auths.h"
#include "oci_image_mock.h"
+#include "isulad_config_mock.h"
using ::testing::Args;
using ::testing::ByRef;
@@ -79,17 +80,21 @@ protected:
MockHttp_SetMock(&m_http_mock);
MockStorage_SetMock(&m_storage_mock);
MockOciImage_SetMock(&m_oci_image_mock);
+ MockIsuladConf_SetMock(&m_isulad_conf_mock);
}
void TearDown() override
{
MockHttp_SetMock(nullptr);
MockStorage_SetMock(nullptr);
+ MockOciImage_SetMock(nullptr);
+ MockIsuladConf_SetMock(nullptr);
}
NiceMock<MockHttp> m_http_mock;
NiceMock<MockStorage> m_storage_mock;
NiceMock<MockOciImage> m_oci_image_mock;
+ NiceMock<MockIsuladConf> m_isulad_conf_mock;
};
int invokeHttpRequestV1(const char *url, struct http_get_options *options, long *response_code, int recursive_len)
@@ -497,7 +502,12 @@ static int init_log()
return 0;
}
-void mockCommonAll(MockStorage *mock, MockOciImage *oci_image_mock)
+static char *invokeConfGetISuladRootDir()
+{
+ return util_strdup_s(get_dir().c_str());
+}
+
+void mockCommonAll(MockStorage *mock, MockOciImage *oci_image_mock, MockIsuladConf *isulad_conf_mock)
{
EXPECT_CALL(*mock, StorageImgCreate(::testing::_, ::testing::_, ::testing::_, ::testing::_))
.WillRepeatedly(Invoke(invokeStorageImgCreate));
@@ -531,6 +541,8 @@ void mockCommonAll(MockStorage *mock, MockOciImage *oci_image_mock)
.WillRepeatedly(Invoke(invokeFreeLayer));
EXPECT_CALL(*oci_image_mock, OciValidTime(::testing::_))
.WillRepeatedly(Invoke(invokeOciValidTime));
+ EXPECT_CALL(*isulad_conf_mock, ConfGetISuladRootDir())
+ .WillRepeatedly(Invoke(invokeConfGetISuladRootDir));
return;
}
@@ -588,7 +600,7 @@ TEST_F(RegistryUnitTest, test_pull_v1_image)
EXPECT_CALL(m_http_mock, HttpRequest(::testing::_, ::testing::_, ::testing::_, ::testing::_))
.WillRepeatedly(Invoke(invokeHttpRequestV1));
- mockCommonAll(&m_storage_mock, &m_oci_image_mock);
+ mockCommonAll(&m_storage_mock, &m_oci_image_mock, &m_isulad_conf_mock);
ASSERT_EQ(registry_pull(&options), 0);
ASSERT_EQ(registry_pull(&options), 0);
@@ -648,7 +660,7 @@ TEST_F(RegistryUnitTest, test_pull_v2_image)
EXPECT_CALL(m_http_mock, HttpRequest(::testing::_, ::testing::_, ::testing::_, ::testing::_))
.WillRepeatedly(Invoke(invokeHttpRequestV2));
- mockCommonAll(&m_storage_mock, &m_oci_image_mock);
+ mockCommonAll(&m_storage_mock, &m_oci_image_mock, &m_isulad_conf_mock);
// test retry success
ASSERT_EQ(registry_pull(&options), 0);
@@ -682,7 +694,7 @@ TEST_F(RegistryUnitTest, test_pull_oci_image)
options->insecure_registry = false;
EXPECT_CALL(m_http_mock, HttpRequest(::testing::_, ::testing::_, ::testing::_, ::testing::_))
.WillRepeatedly(Invoke(invokeHttpRequestOCI));
- mockCommonAll(&m_storage_mock, &m_oci_image_mock);
+ mockCommonAll(&m_storage_mock, &m_oci_image_mock, &m_isulad_conf_mock);
ASSERT_EQ(registry_pull(options), 0);
free_registry_pull_options(options);
@@ -700,7 +712,7 @@ TEST_F(RegistryUnitTest, test_pull_already_exist)
EXPECT_CALL(m_http_mock, HttpRequest(::testing::_, ::testing::_, ::testing::_, ::testing::_))
.WillRepeatedly(Invoke(invokeHttpRequestV2));
- mockCommonAll(&m_storage_mock, &m_oci_image_mock);
+ mockCommonAll(&m_storage_mock, &m_oci_image_mock, &m_isulad_conf_mock);
EXPECT_CALL(m_storage_mock, StorageLayerGet(::testing::_))
.WillRepeatedly(Invoke(invokeStorageLayerGet1));
ASSERT_EQ(registry_pull(&options), 0);
diff --git a/test/image/oci/storage/images/CMakeLists.txt b/test/image/oci/storage/images/CMakeLists.txt
index 82ad4680..b00c5a0e 100644
--- a/test/image/oci/storage/images/CMakeLists.txt
+++ b/test/image/oci/storage/images/CMakeLists.txt
@@ -22,6 +22,7 @@ add_executable(${EXE}
${CMAKE_CURRENT_SOURCE_DIR}/../../../../../src/daemon/modules/image/oci/registry_type.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../../../src/daemon/modules/image/oci/storage/image_store/image_store.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../../mocks/storage_mock.cc
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../mocks/isulad_config_mock.cc
storage_images_ut.cc)
target_include_directories(${EXE} PUBLIC
@@ -34,6 +35,7 @@ target_include_directories(${EXE} PUBLIC
${CMAKE_CURRENT_SOURCE_DIR}/../../../../../src/utils/cutils/map
${CMAKE_CURRENT_SOURCE_DIR}/../../../../../src/utils/sha256
${CMAKE_CURRENT_SOURCE_DIR}/../../../../../src/utils/http
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../src/daemon/config
${CMAKE_CURRENT_SOURCE_DIR}/../../../../../src/daemon/modules/image/oci
${CMAKE_CURRENT_SOURCE_DIR}/../../../../../src/daemon/modules/image/oci/storage
${CMAKE_CURRENT_SOURCE_DIR}/../../../../../src/daemon/modules/image/oci/storage/image_store
diff --git a/test/image/oci/storage/images/storage_images_ut.cc b/test/image/oci/storage/images/storage_images_ut.cc
index 4115e911..234ab742 100644
--- a/test/image/oci/storage/images/storage_images_ut.cc
+++ b/test/image/oci/storage/images/storage_images_ut.cc
@@ -33,6 +33,7 @@
#include "isula_libutils/imagetool_images_list.h"
#include "isula_libutils/imagetool_image.h"
#include "storage_mock.h"
+#include "isulad_config_mock.h"
using ::testing::Args;
using ::testing::ByRef;
diff --git a/test/image/oci/storage/rootfs/CMakeLists.txt b/test/image/oci/storage/rootfs/CMakeLists.txt
index 3ba56bb9..8da8196b 100644
--- a/test/image/oci/storage/rootfs/CMakeLists.txt
+++ b/test/image/oci/storage/rootfs/CMakeLists.txt
@@ -21,6 +21,7 @@ add_executable(${EXE}
${CMAKE_CURRENT_SOURCE_DIR}/../../../../../src/daemon/modules/image/oci/storage/rootfs_store/rootfs.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../../../src/daemon/modules/image/oci/storage/rootfs_store/rootfs_store.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../../mocks/storage_mock.cc
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../mocks/isulad_config_mock.cc
storage_rootfs_ut.cc)
target_include_directories(${EXE} PUBLIC
@@ -33,7 +34,8 @@ target_include_directories(${EXE} PUBLIC
${CMAKE_CURRENT_SOURCE_DIR}/../../../../../src/utils/sha256
${CMAKE_CURRENT_SOURCE_DIR}/../../../../../src/json/schema/src
${CMAKE_BINARY_DIR}/conf
- ${CMAKE_CURRENT_SOURCE_DIR}/../../../../test/mocks
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../test/mocks
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../src/daemon/config
${CMAKE_CURRENT_SOURCE_DIR}/../../../../../src/daemon/modules/image/oci
${CMAKE_CURRENT_SOURCE_DIR}/../../../../../src/daemon/modules/image/oci/storage
${CMAKE_CURRENT_SOURCE_DIR}/../../../../../src/daemon/modules/image/oci/storage/rootfs_store
diff --git a/test/image/oci/storage/rootfs/storage_rootfs_ut.cc b/test/image/oci/storage/rootfs/storage_rootfs_ut.cc
index a4864dad..9cf91fa9 100644
--- a/test/image/oci/storage/rootfs/storage_rootfs_ut.cc
+++ b/test/image/oci/storage/rootfs/storage_rootfs_ut.cc
@@ -30,6 +30,7 @@
#include "utils.h"
#include "path.h"
#include "storage.h"
+#include "isulad_config_mock.h"
std::string META_DATA_CONTENT = "metadata test";
diff --git a/test/mocks/isulad_config_mock.cc b/test/mocks/isulad_config_mock.cc
index 9d993157..88a74a41 100644
--- a/test/mocks/isulad_config_mock.cc
+++ b/test/mocks/isulad_config_mock.cc
@@ -136,3 +136,19 @@ char *conf_get_isulad_storage_driver_backing_fs()
}
return nullptr;
}
+
+char *conf_get_isulad_rootdir()
+{
+ if (g_isulad_conf_mock != nullptr) {
+ return g_isulad_conf_mock->ConfGetISuladRootDir();
+ }
+ return nullptr;
+}
+
+bool conf_get_use_decrypted_key_flag()
+{
+ if (g_isulad_conf_mock != nullptr) {
+ return g_isulad_conf_mock->ConfGetUseDecryptedKeyFlag();
+ }
+ return true;
+}
diff --git a/test/mocks/isulad_config_mock.h b/test/mocks/isulad_config_mock.h
index fdf27cdb..03af3cc9 100644
--- a/test/mocks/isulad_config_mock.h
+++ b/test/mocks/isulad_config_mock.h
@@ -34,6 +34,8 @@ public:
MOCK_METHOD1(GetSystemCpuUsage, int(uint64_t *val));
MOCK_METHOD0(ConfGetIsuladStorageDriverBackingFs, char *());
MOCK_METHOD0(GetMonitordPath, char *(void));
+ MOCK_METHOD0(ConfGetISuladRootDir, char *(void));
+ MOCK_METHOD0(ConfGetUseDecryptedKeyFlag, bool (void));
};
void MockIsuladConf_SetMock(MockIsuladConf *mock);
--
2.25.1

102
0003-update-api.proto-to-v1.19.3-according-to-kubelet.patch
View File

@ -1,102 +0,0 @@
From 5720b90e9515a698b5f9cde21a99194848f2c66a Mon Sep 17 00:00:00 2001
From: gaohuatao <gaohuatao@huawei.com>
Date: Fri, 13 Nov 2020 03:21:16 -0500
Subject: [PATCH 03/17] update api.proto to v1.19.3 according to kubelet
Signed-off-by: gaohuatao <gaohuatao@huawei.com>
---
src/api/services/cri/api.proto | 31 ++++++++++++++++++++
src/daemon/entry/cri/cri_security_context.cc | 7 +++++
2 files changed, 38 insertions(+)
diff --git a/src/api/services/cri/api.proto b/src/api/services/cri/api.proto
index 67e5527e..dc0cfeb9 100644
--- a/src/api/services/cri/api.proto
+++ b/src/api/services/cri/api.proto
@@ -219,6 +219,13 @@ enum NamespaceMode {
// For example, a container with a PID namespace of NODE expects to view
// all of the processes on the host running the kubelet.
NODE = 2;
+ // TARGET targets the namespace of another container. When this is specified,
+ // a target_id must be specified in NamespaceOption and refer to a container
+ // previously created with NamespaceMode CONTAINER. This containers namespace
+ // will be made to match that of container target_id.
+ // For example, a container with a PID namespace of TARGET expects to view
+ // all of the processes that container target_id can view.
+ TARGET = 3;
}
// NamespaceOption provides options for Linux namespaces.
@@ -236,6 +243,10 @@ message NamespaceOption {
// Note: There is currently no way to set CONTAINER scoped IPC in the Kubernetes API.
// Namespaces currently set by the kubelet: POD, NODE
NamespaceMode ipc = 3;
+ // Target Container ID for NamespaceMode of TARGET. This container must have been
+ // previously created in the same pod. It is not possible to specify different targets
+ // for each namespace.
+ string target_id = 4;
}
// Int64Value is the wrapper of int64.
@@ -519,6 +530,10 @@ message ListPodSandboxResponse {
// future it will include more detailed information about the different image types.
message ImageSpec {
string image = 1;
+ // Unstructured key-value map holding arbitrary metadata.
+ // ImageSpec Annotations can be used to help the runtime target specific
+ // images in multi-arch images.
+ map<string, string> annotations = 2;
}
message KeyValue {
@@ -545,6 +560,19 @@ message LinuxContainerResources {
string cpuset_cpus = 6;
// CpusetMems constrains the allowed set of memory nodes. Default: "" (not specified).
string cpuset_mems = 7;
+ // List of HugepageLimits to limit the HugeTLB usage of container per page size. Default: nil (not specified).
+ repeated HugepageLimit hugepage_limits = 8;
+}
+
+// HugepageLimit corresponds to the file`hugetlb.<hugepagesize>.limit_in_byte` in container level cgroup.
+// For example, `PageSize=1GB`, `Limit=1073741824` means setting `1073741824` bytes to hugetlb.1GB.limit_in_bytes.
+message HugepageLimit {
+ // The value of PageSize has the format <size><unit-prefix>B (2MB, 1GB),
+ // and must match the <hugepagesize> of the corresponding control file found in `hugetlb.<hugepagesize>.limit_in_bytes`.
+ // The values of <unit-prefix> are intended to be parsed using base 1024("1KB" = 1024, "1MB" = 1048576, etc).
+ string page_size = 1;
+ // limit in bytes of hugepagesize HugeTLB usage.
+ uint64 limit = 2;
}
// SELinuxOption are the labels to be applied to the container.
@@ -1040,6 +1068,9 @@ message Image {
// User name that will run the command(s). This is used if UID is not set
// and no user is specified when creating container.
string username = 6;
+ // ImageSpec for image which includes annotations
+ ImageSpec spec = 7;
+
}
message ListImagesResponse {
diff --git a/src/daemon/entry/cri/cri_security_context.cc b/src/daemon/entry/cri/cri_security_context.cc
index 634e53ad..1d332261 100644
--- a/src/daemon/entry/cri/cri_security_context.cc
+++ b/src/daemon/entry/cri/cri_security_context.cc
@@ -179,6 +179,13 @@ static void ModifyContainerNamespaceOptions(const runtime::v1alpha2::NamespaceOp
hostConfig->pid_mode = util_strdup_s(sandboxNSMode.c_str());
}
+
+ if (nsOpts.pid() == runtime::v1alpha2::NamespaceMode::TARGET) {
+ std::string targetPidNsMode = "container:" + nsOpts.target_id();
+ free(hostConfig->pid_mode);
+ hostConfig->pid_mode = util_strdup_s(targetPidNsMode.c_str());
+ }
+
/* set common Namespace options */
ModifyCommonNamespaceOptions(nsOpts, hostConfig);
/* modify host network option for container */
--
2.25.1

50
0004-adapt-CI-ISULAD_TMPDIR-testcases.patch
View File

@ -1,50 +0,0 @@
From 3a15d0174b16207915ab5736ee45f5018472b251 Mon Sep 17 00:00:00 2001
From: WangFengTu <wangfengtu@huawei.com>
Date: Tue, 24 Nov 2020 14:51:57 +0800
Subject: [PATCH 04/17] adapt CI ISULAD_TMPDIR testcases
Signed-off-by: WangFengTu <wangfengtu@huawei.com>
---
CI/test_cases/image_cases/isulad_tmpdir.sh | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/CI/test_cases/image_cases/isulad_tmpdir.sh b/CI/test_cases/image_cases/isulad_tmpdir.sh
index 22a6ad42..46849ae7 100644
--- a/CI/test_cases/image_cases/isulad_tmpdir.sh
+++ b/CI/test_cases/image_cases/isulad_tmpdir.sh
@@ -58,8 +58,8 @@ function test_isulad_tmpdir()
export ISULAD_TMPDIR="/var/isula/tmp"
restart_isulad
load_pull_test
- test -d /var/isula/tmp/isula-image
- [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - isula-image not exist in ISULAD_TMPDIR" && ((ret++))
+ test -d /var/isula/tmp/isulad_tmpdir
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - isulad_tmpdir not exist in ISULAD_TMPDIR" && ((ret++))
# The scene of ISULAD_TMPDIR dir is symbol link that it refers to dir exists
rm -rf /var/isula/tmp
@@ -69,8 +69,8 @@ function test_isulad_tmpdir()
export ISULAD_TMPDIR="/var/isula/tmpdir"
restart_isulad
load_pull_test
- test -d /var/isula/tmpdir/isula-image
- [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - isula-image not exist in ISULAD_TMPDIR" && ((ret++))
+ test -d /var/isula/tmpdir/isulad_tmpdir
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - isulad_tmpdir not exist in ISULAD_TMPDIR" && ((ret++))
# rm dest dir of symbol link
rm -rf /var/tmpdir
@@ -86,8 +86,8 @@ function test_isulad_tmpdir()
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - start isulad failed" && ((ret++))
load_pull_test
- test -d /var/tmp/isula-image
- [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - isula-image not exist in /var/tmp" && ((ret++))
+ test -d /var/lib/isulad/isulad_tmpdir
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - isulad_tmpdir not exist in /var/lib/isulad" && ((ret++))
msg_info "${test} finished with return ${ret}..."
return ${ret}
--
2.25.1

75
0005-listening-127.0.0.1-port-in-cri-stream-websocket-ser.patch
View File

@ -1,75 +0,0 @@
From f3f2765e074a489ceeb2364fbb941a40d3232ff5 Mon Sep 17 00:00:00 2001
From: wujing <wujing50@huawei.com>
Date: Tue, 24 Nov 2020 15:13:05 +0800
Subject: [PATCH 05/17] listening 127.0.0.1:port in cri stream websocket server
Signed-off-by: wujing <wujing50@huawei.com>
---
src/daemon/entry/cri/websocket/service/ws_server.cc | 6 ++----
.../modules/image/oci/storage/image_store/image_store.c | 8 ++++----
2 files changed, 6 insertions(+), 8 deletions(-)
diff --git a/src/daemon/entry/cri/websocket/service/ws_server.cc b/src/daemon/entry/cri/websocket/service/ws_server.cc
index 43cecb88..735f2780 100644
--- a/src/daemon/entry/cri/websocket/service/ws_server.cc
+++ b/src/daemon/entry/cri/websocket/service/ws_server.cc
@@ -106,12 +106,10 @@ void WebsocketServer::EmitLog(int level, const char *line)
int WebsocketServer::CreateContext()
{
- unsigned int opts = 0;
int limited;
struct lws_context_creation_info info;
struct rlimit oldLimit, newLimit;
const size_t WS_ULIMIT_FDS = 1024;
- char interface[] = "127.0.0.1";
m_url.SetScheme("ws");
m_url.SetHost("localhost:" + std::to_string(m_listenPort));
@@ -120,13 +118,13 @@ int WebsocketServer::CreateContext()
lws_set_log_level(LLL_ERR | LLL_WARN | LLL_NOTICE | LLL_INFO | LLL_DEBUG, WebsocketServer::EmitLog);
info.port = m_listenPort;
- info.iface = interface;
+ info.iface = "127.0.0.1";
info.protocols = m_protocols;
info.ssl_cert_filepath = nullptr;
info.ssl_private_key_filepath = nullptr;
info.gid = -1;
info.uid = -1;
- info.options = opts | LWS_SERVER_OPTION_VALIDATE_UTF8;
+ info.options = LWS_SERVER_OPTION_VALIDATE_UTF8 | LWS_SERVER_OPTION_DISABLE_IPV6;
info.max_http_header_pool = MAX_HTTP_HEADER_POOL;
info.extensions = nullptr;
diff --git a/src/daemon/modules/image/oci/storage/image_store/image_store.c b/src/daemon/modules/image/oci/storage/image_store/image_store.c
index 0f613dd2..af8573ad 100644
--- a/src/daemon/modules/image/oci/storage/image_store/image_store.c
+++ b/src/daemon/modules/image/oci/storage/image_store/image_store.c
@@ -59,8 +59,8 @@
#define IMAGE_JSON "images.json"
#define MAX_IMAGE_NAME_LENGTH 72
-#define DIGIST_PREFIX "@sha256:"
-#define MAX_IMAGE_DIGST_LENGTH 64
+#define DIGEST_PREFIX "@sha256:"
+#define MAX_IMAGE_DIGEST_LENGTH 64
typedef struct digest_image {
struct linked_list images_list;
@@ -2757,10 +2757,10 @@ static int resort_image_names(const char **names, size_t names_len, char **first
size_t len = strlen(names[i]);
if (strlen(names[i]) > MAX_IMAGE_NAME_LENGTH) {
prefix = util_sub_string(names[i], len - MAX_IMAGE_NAME_LENGTH,
- MAX_IMAGE_NAME_LENGTH - MAX_IMAGE_DIGST_LENGTH);
+ MAX_IMAGE_NAME_LENGTH - MAX_IMAGE_DIGEST_LENGTH);
}
- if (prefix != NULL && strcmp(prefix, DIGIST_PREFIX) == 0) {
+ if (prefix != NULL && strcmp(prefix, DIGEST_PREFIX) == 0) {
if (util_array_append(image_digests, names[i]) != 0) {
ERROR("Failed to append image to digest: %s", names[i]);
ret = -1;
--
2.25.1

50
0006-using-64-bit-unique-token-in-CRI-websockets-server-R.patch
View File

@ -1,50 +0,0 @@
From 7b59f3cead750d00bafe406ab2150f3abd189acb Mon Sep 17 00:00:00 2001
From: wujing <wujing50@huawei.com>
Date: Tue, 24 Nov 2020 17:09:08 +0800
Subject: [PATCH 06/17] using 64 bit unique token in CRI websockets server
Request Cache
Signed-off-by: wujing <wujing50@huawei.com>
---
src/daemon/entry/cri/request_cache.cc | 10 ++++++----
src/daemon/entry/cri/request_cache.h | 2 +-
2 files changed, 7 insertions(+), 5 deletions(-)
diff --git a/src/daemon/entry/cri/request_cache.cc b/src/daemon/entry/cri/request_cache.cc
index 5209bcaf..a3cb3771 100644
--- a/src/daemon/entry/cri/request_cache.cc
+++ b/src/daemon/entry/cri/request_cache.cc
@@ -86,11 +86,13 @@ std::string RequestCache::UniqueToken()
std::default_random_engine e1(r());
std::uniform_int_distribution<int> uniform_dist(1, 254);
// Number of bytes to be TokenLen when base64 encoded.
- const int tokenSize { 16 };
- char rawToken[tokenSize + 1] { 0 };
+ const int tokenSize = ceil(static_cast<double>(TokenLen) * 6 / 8);
+ char rawToken[tokenSize + 1];
+ (void)memset(rawToken, 0, sizeof(rawToken));
for (int i {}; i < maxTries; ++i) {
- char buf[40] { 0 };
- for (size_t j {}; j < tokenSize; ++j) {
+ char buf[TokenLen + 1];
+ (void)memset(buf, 0, sizeof(buf));
+ for (int j {}; j < tokenSize; ++j) {
rawToken[j] = (char)uniform_dist(e1);
}
lws_b64_encode_string(rawToken, (int)strlen(rawToken), buf, (int)sizeof(buf));
diff --git a/src/daemon/entry/cri/request_cache.h b/src/daemon/entry/cri/request_cache.h
index b0b7f491..024f3ba7 100644
--- a/src/daemon/entry/cri/request_cache.h
+++ b/src/daemon/entry/cri/request_cache.h
@@ -52,7 +52,7 @@ private:
static std::mutex m_mutex;
static std::atomic<RequestCache *> m_instance;
const size_t MaxInFlight { 1000 };
- const size_t TokenLen { 8 };
+ const size_t TokenLen { 64 };
};
#endif // DAEMON_ENTRY_CRI_REQUEST_CACHE_H
--
2.25.1

56
0007-add-mock-conf_get_use_decrypted_key_flag-and-setup-a.patch
View File

@ -1,56 +0,0 @@
From c84953295a615da574aa1b42348a6f60105d5482 Mon Sep 17 00:00:00 2001
From: WangFengTu <wangfengtu@huawei.com>
Date: Tue, 24 Nov 2020 20:00:42 +0800
Subject: [PATCH 07/17] add mock conf_get_use_decrypted_key_flag and setup all
common mocks
Signed-off-by: WangFengTu <wangfengtu@huawei.com>
---
test/image/oci/registry/registry_ut.cc | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/test/image/oci/registry/registry_ut.cc b/test/image/oci/registry/registry_ut.cc
index 25ddf694..4b264424 100644
--- a/test/image/oci/registry/registry_ut.cc
+++ b/test/image/oci/registry/registry_ut.cc
@@ -73,6 +73,8 @@ std::string get_dir()
return static_cast<std::string>(abs_path) + "../../../../../test/image/oci/registry";
}
+void mockCommonAll(MockStorage *mock, MockOciImage *oci_image_mock, MockIsuladConf *isulad_conf_mock);
+
class RegistryUnitTest : public testing::Test {
protected:
void SetUp() override
@@ -81,6 +83,7 @@ protected:
MockStorage_SetMock(&m_storage_mock);
MockOciImage_SetMock(&m_oci_image_mock);
MockIsuladConf_SetMock(&m_isulad_conf_mock);
+ mockCommonAll(&m_storage_mock, &m_oci_image_mock, &m_isulad_conf_mock);
}
void TearDown() override
@@ -507,6 +510,11 @@ static char *invokeConfGetISuladRootDir()
return util_strdup_s(get_dir().c_str());
}
+static bool invokeConfGetUseDecryptedKeyFlag()
+{
+ return true;
+}
+
void mockCommonAll(MockStorage *mock, MockOciImage *oci_image_mock, MockIsuladConf *isulad_conf_mock)
{
EXPECT_CALL(*mock, StorageImgCreate(::testing::_, ::testing::_, ::testing::_, ::testing::_))
@@ -543,6 +551,8 @@ void mockCommonAll(MockStorage *mock, MockOciImage *oci_image_mock, MockIsuladCo
.WillRepeatedly(Invoke(invokeOciValidTime));
EXPECT_CALL(*isulad_conf_mock, ConfGetISuladRootDir())
.WillRepeatedly(Invoke(invokeConfGetISuladRootDir));
+ EXPECT_CALL(*isulad_conf_mock, ConfGetUseDecryptedKeyFlag())
+ .WillRepeatedly(Invoke(invokeConfGetUseDecryptedKeyFlag));
return;
}
--
2.25.1

26
0008-show-all-mutl-network-ips.patch
View File

@ -1,26 +0,0 @@
From cd9d3524c53ee2090f6d3c8f079ad7905ca4bd41 Mon Sep 17 00:00:00 2001
From: haozi007 <liuhao27@huawei.com>
Date: Thu, 26 Nov 2020 09:30:05 +0800
Subject: [PATCH 08/17] show all mutl network ips
Signed-off-by: haozi007 <liuhao27@huawei.com>
---
src/daemon/entry/cri/cri_sandbox.cc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/daemon/entry/cri/cri_sandbox.cc b/src/daemon/entry/cri/cri_sandbox.cc
index b44c86c1..772638a1 100644
--- a/src/daemon/entry/cri/cri_sandbox.cc
+++ b/src/daemon/entry/cri/cri_sandbox.cc
@@ -978,7 +978,7 @@ void CRIRuntimeServiceImpl::GetFormatIPsForMultNet(container_inspect *inspect, c
}
for (size_t i = 0; i < len; i++) {
- if (elems[i]->interface == nullptr || strcmp(elems[i]->interface, defaultInterface.c_str()) == 0) {
+ if (elems[i]->interface == nullptr) {
continue;
}
Network::PodNetworkStatus status;
--
2.25.1

554
0009-iSulad-only-qsort-the-configed-mounts.patch
View File

@ -1,554 +0,0 @@
From 25465336f77be1332c4536f90eb6ebd8edfd71de Mon Sep 17 00:00:00 2001
From: lifeng68 <lifeng68@huawei.com>
Date: Fri, 27 Nov 2020 11:29:58 +0800
Subject: [PATCH 09/17] iSulad: only qsort the configed mounts
Signed-off-by: lifeng68 <lifeng68@huawei.com>
---
src/daemon/entry/cri/cri_security_context.cc | 1 -
src/daemon/modules/spec/specs_mount.c | 216 ++++++++++---------
2 files changed, 114 insertions(+), 103 deletions(-)
diff --git a/src/daemon/entry/cri/cri_security_context.cc b/src/daemon/entry/cri/cri_security_context.cc
index 1d332261..cf5b300e 100644
--- a/src/daemon/entry/cri/cri_security_context.cc
+++ b/src/daemon/entry/cri/cri_security_context.cc
@@ -179,7 +179,6 @@ static void ModifyContainerNamespaceOptions(const runtime::v1alpha2::NamespaceOp
hostConfig->pid_mode = util_strdup_s(sandboxNSMode.c_str());
}
-
if (nsOpts.pid() == runtime::v1alpha2::NamespaceMode::TARGET) {
std::string targetPidNsMode = "container:" + nsOpts.target_id();
free(hostConfig->pid_mode);
diff --git a/src/daemon/modules/spec/specs_mount.c b/src/daemon/modules/spec/specs_mount.c
index db7e4fd8..6099a918 100644
--- a/src/daemon/modules/spec/specs_mount.c
+++ b/src/daemon/modules/spec/specs_mount.c
@@ -372,7 +372,8 @@ static defs_mount *mount_point_to_defs_mnt(container_config_v2_common_config_mou
ERROR("Out of memory");
return NULL;
}
- mnt->options = util_common_calloc_s(sizeof(char *) * (options_len + 3)); // +2 for readonly/propagation/selinux_relabel
+ mnt->options =
+ util_common_calloc_s(sizeof(char *) * (options_len + 3)); // +2 for readonly/propagation/selinux_relabel
if (mnt->options == NULL) {
ERROR("Out of memory");
ret = -1;
@@ -647,10 +648,10 @@ out:
return m;
}
-static defs_mount * parse_anonymous_volume(char *volume)
+static defs_mount *parse_anonymous_volume(char *volume)
{
int ret = 0;
- char path[PATH_MAX] = {0};
+ char path[PATH_MAX] = { 0 };
defs_mount *mount_element = NULL;
if (!util_clean_path(volume, path, sizeof(path))) {
@@ -1378,17 +1379,12 @@ out:
}
#endif
-static int merge_fs_mounts_to_oci_and_spec(oci_runtime_spec *oci_spec, defs_mount **mounts, size_t mounts_len,
- container_config_v2_common_config *common_config)
+static int merge_fs_mounts_to_oci_spec(oci_runtime_spec *oci_spec, defs_mount **mounts, size_t mounts_len)
{
int ret = 0;
size_t new_size = 0, old_size = 0;
- size_t new_mp_key_size, new_mp_val_size, old_mp_key_size, old_mp_val_size;
size_t i = 0;
- char **mp_key = NULL;
- container_config_v2_common_config_mount_points_element **mp_val = NULL;
defs_mount **mounts_temp = NULL;
- struct volume *vol = NULL;
if (mounts_len == 0) {
return 0;
@@ -1414,42 +1410,66 @@ static int merge_fs_mounts_to_oci_and_spec(oci_runtime_spec *oci_spec, defs_moun
}
oci_spec->mounts = mounts_temp;
- if (common_config != NULL) {
- if (common_config->mount_points == NULL) {
- common_config->mount_points = util_common_calloc_s(sizeof(container_config_v2_common_config_mount_points));
- if (common_config->mount_points == NULL) {
+ for (i = 0; i < mounts_len; i++) {
+ defs_mount *mnt = mounts[i];
+ oci_spec->mounts[oci_spec->mounts_len] = mnt;
+ oci_spec->mounts_len++;
+ mounts[i] = NULL;
+ }
+
+out:
+ return ret;
+}
+
+static int merge_fs_mounts_to_v2_spec(defs_mount **mounts, size_t mounts_len,
+ container_config_v2_common_config *v2_spec)
+{
+ int ret = 0;
+ size_t new_mp_key_size, new_mp_val_size, old_mp_key_size, old_mp_val_size;
+ size_t i = 0;
+ char **mp_key = NULL;
+ container_config_v2_common_config_mount_points_element **mp_val = NULL;
+ struct volume *vol = NULL;
+
+ if (mounts_len == 0) {
+ return 0;
+ }
+
+ if (v2_spec != NULL) {
+ if (v2_spec->mount_points == NULL) {
+ v2_spec->mount_points = util_common_calloc_s(sizeof(container_config_v2_common_config_mount_points));
+ if (v2_spec->mount_points == NULL) {
ERROR("Out of memory");
ret = -1;
goto out;
}
}
- new_mp_key_size = (common_config->mount_points->len + mounts_len) * sizeof(char *);
- old_mp_key_size = common_config->mount_points->len * sizeof(char *);
- new_mp_val_size = (common_config->mount_points->len + mounts_len) *
+ new_mp_key_size = (v2_spec->mount_points->len + mounts_len) * sizeof(char *);
+ old_mp_key_size = v2_spec->mount_points->len * sizeof(char *);
+ new_mp_val_size = (v2_spec->mount_points->len + mounts_len) *
sizeof(container_config_v2_common_config_mount_points_element *);
- old_mp_val_size =
- common_config->mount_points->len * sizeof(container_config_v2_common_config_mount_points_element *);
+ old_mp_val_size = v2_spec->mount_points->len * sizeof(container_config_v2_common_config_mount_points_element *);
- ret = util_mem_realloc((void **)&mp_key, new_mp_key_size, common_config->mount_points->keys, old_mp_key_size);
+ ret = util_mem_realloc((void **)&mp_key, new_mp_key_size, v2_spec->mount_points->keys, old_mp_key_size);
if (ret != 0) {
ERROR("Failed to realloc memory mount point");
ret = -1;
goto out;
}
- common_config->mount_points->keys = mp_key;
- ret = util_mem_realloc((void **)&mp_val, new_mp_val_size, common_config->mount_points->values, old_mp_val_size);
+ v2_spec->mount_points->keys = mp_key;
+ ret = util_mem_realloc((void **)&mp_val, new_mp_val_size, v2_spec->mount_points->values, old_mp_val_size);
if (ret != 0) {
ERROR("Failed to realloc memory mount point");
ret = -1;
goto out;
}
- common_config->mount_points->values = mp_val;
+ v2_spec->mount_points->values = mp_val;
}
for (i = 0; i < mounts_len; i++) {
defs_mount *mnt = mounts[i];
if (strcmp(mnt->type, "volume") == 0) {
- struct volume_options opts = {.ref = common_config->id};
+ struct volume_options opts = { .ref = v2_spec->id };
// support local volume only currently.
vol = volume_create(VOLUME_DEFAULT_DRIVER_NAME, mnt->source, &opts);
if (vol == NULL) {
@@ -1461,8 +1481,8 @@ static int merge_fs_mounts_to_oci_and_spec(oci_runtime_spec *oci_spec, defs_moun
mnt->source = util_strdup_s(vol->path);
#ifdef ENABLE_SELINUX
- if (oci_spec->linux != NULL) {
- ret = relabel_volume(vol, mnt, oci_spec->linux->mount_label);
+ if (v2_spec->mount_label != NULL) {
+ ret = relabel_volume(vol, mnt, v2_spec->mount_label);
if (ret != 0) {
ERROR("Failed to relabel volume");
ret = -1;
@@ -1472,41 +1492,37 @@ static int merge_fs_mounts_to_oci_and_spec(oci_runtime_spec *oci_spec, defs_moun
#endif
}
- if (common_config != NULL) {
- common_config->mount_points->values[common_config->mount_points->len] = defs_mnt_to_mount_point(mnt);
- if (common_config->mount_points->values[common_config->mount_points->len] == NULL) {
+ if (v2_spec != NULL) {
+ v2_spec->mount_points->values[v2_spec->mount_points->len] = defs_mnt_to_mount_point(mnt);
+ if (v2_spec->mount_points->values[v2_spec->mount_points->len] == NULL) {
ERROR("Failed to transform to mount point");
ret = -1;
goto out;
}
if (vol != NULL) {
- common_config->mount_points->values[common_config->mount_points->len]->name = util_strdup_s(vol->name);
- common_config->mount_points->values[common_config->mount_points->len]->driver = util_strdup_s(vol->driver);
+ v2_spec->mount_points->values[v2_spec->mount_points->len]->name = util_strdup_s(vol->name);
+ v2_spec->mount_points->values[v2_spec->mount_points->len]->driver = util_strdup_s(vol->driver);
}
- common_config->mount_points->values[common_config->mount_points->len]->named = mnt->named;
- common_config->mount_points->keys[common_config->mount_points->len] = util_strdup_s(mnt->destination);
- common_config->mount_points->len++;
+ v2_spec->mount_points->values[v2_spec->mount_points->len]->named = mnt->named;
+ v2_spec->mount_points->keys[v2_spec->mount_points->len] = util_strdup_s(mnt->destination);
+ v2_spec->mount_points->len++;
}
if (vol != NULL && !have_nocopy(mnt)) {
/* if mount point have data and it's mounted from volume,
* we need to copy data from destination mount point to volume */
- ret = copy_data_to_volume(common_config->base_fs, mnt);
+ ret = copy_data_to_volume(v2_spec->base_fs, mnt);
if (ret != 0) {
ERROR("Failed to copy data to volume");
goto out;
}
}
- // mount -t have no type volume, use bind in oci spec
+ // mount -t have no type volume, trans volume to bind
if (strcmp(mnt->type, "volume") == 0) {
free(mnt->type);
mnt->type = util_strdup_s("bind");
}
- oci_spec->mounts[oci_spec->mounts_len] = mnt;
- oci_spec->mounts_len++;
- mounts[i] = NULL;
-
free_volume(vol);
vol = NULL;
}
@@ -2137,39 +2153,36 @@ out:
return ret;
}
-static bool mounts_expand(oci_runtime_spec *container, size_t add_len)
+static bool mounts_expand(defs_mount ***all_mounts, size_t *all_mounts_len, size_t add_len)
{
defs_mount **tmp_mount = NULL;
int ret = 0;
- size_t old_len = container->mounts_len;
+ defs_mount **old_mount = *all_mounts;
+ size_t old_len = *all_mounts_len;
+
if (add_len > SIZE_MAX / sizeof(defs_mount *) - old_len) {
ERROR("Too many mount elements!");
return false;
}
- ret = util_mem_realloc((void **)&tmp_mount, (old_len + add_len) * sizeof(defs_mount *), container->mounts,
+ ret = util_mem_realloc((void **)&tmp_mount, (old_len + add_len) * sizeof(defs_mount *), old_mount,
old_len * sizeof(defs_mount *));
if (ret < 0) {
ERROR("memory realloc failed for mount array expand");
return false;
}
- container->mounts = tmp_mount;
- container->mounts_len = old_len + add_len;
+ *all_mounts = tmp_mount;
+ *all_mounts_len = old_len + add_len;
return true;
}
-static bool mount_file(oci_runtime_spec *container, const char *src_path, const char *dst_path)
+static bool mount_file(defs_mount ***all_mounts, size_t *all_mounts_len, const char *src_path, const char *dst_path)
{
char **options = NULL;
size_t options_len = 2;
bool ret = false;
defs_mount *tmp_mounts = NULL;
- /* mount options */
- if (options_len > SIZE_MAX / sizeof(char *)) {
- ERROR("Options len is too long!");
- goto out_free;
- }
options = util_common_calloc_s(options_len * sizeof(char *));
if (options == NULL) {
ERROR("Out of memory");
@@ -2192,11 +2205,12 @@ static bool mount_file(oci_runtime_spec *container, const char *src_path, const
options = NULL;
/* expand mount array */
- if (!mounts_expand(container, 1)) {
+ if (!mounts_expand(all_mounts, all_mounts_len, 1)) {
goto out_free;
}
+
/* add a new mount node */
- container->mounts[container->mounts_len - 1] = tmp_mounts;
+ (*all_mounts)[(*all_mounts_len) - 1] = tmp_mounts;
ret = true;
out_free:
@@ -2208,17 +2222,14 @@ out_free:
return ret;
}
-static bool add_host_channel_mount(oci_runtime_spec *container, const host_config_host_channel *host_channel)
+static bool add_host_channel_mount(defs_mount ***all_mounts, size_t *all_mounts_len,
+ const host_config_host_channel *host_channel)
{
char **options = NULL;
size_t options_len = 3;
bool ret = false;
defs_mount *tmp_mounts = NULL;
- if (options_len > SIZE_MAX / sizeof(char *)) {
- ERROR("Invalid option size");
- return ret;
- }
options = util_common_calloc_s(options_len * sizeof(char *));
if (options == NULL) {
ERROR("Out of memory");
@@ -2242,15 +2253,14 @@ static bool add_host_channel_mount(oci_runtime_spec *container, const host_confi
options = NULL;
/* expand mount array */
- if (!mounts_expand(container, 1)) {
+ if (!mounts_expand(all_mounts, all_mounts_len, 1)) {
goto out_free;
}
- /* add a new mount node */
- container->mounts[container->mounts_len - 1] = tmp_mounts;
+
+ (*all_mounts)[(*all_mounts_len) - 1] = tmp_mounts;
ret = true;
out_free:
-
if (!ret) {
util_free_array_by_len(options, options_len);
free_defs_mount(tmp_mounts);
@@ -2319,7 +2329,7 @@ static inline bool is_mount_destination_hostname(const char *destination)
* if not exists: append mounts to ocispec by v2_spec
* if exists: replace the source in v2_spec
*/
-static int append_network_files_mounts(oci_runtime_spec *oci_spec, host_config *host_spec,
+static int append_network_files_mounts(defs_mount ***all_mounts, size_t *all_mounts_len, host_config *host_spec,
container_config_v2_common_config *v2_spec)
{
int ret = 0;
@@ -2327,25 +2337,27 @@ static int append_network_files_mounts(oci_runtime_spec *oci_spec, host_config *
bool has_hosts_mount = false;
bool has_resolv_mount = false;
bool has_hostname_mount = false;
+ defs_mount **old_mounts = *all_mounts;
+ size_t old_mounts_len = *all_mounts_len;
#ifdef ENABLE_SELINUX
bool share = namespace_is_container(host_spec->network_mode);
#endif
- for (i = 0; i < oci_spec->mounts_len; i++) {
- if (is_mount_destination_hosts(oci_spec->mounts[i]->destination)) {
+ for (i = 0; i < old_mounts_len; i++) {
+ if (is_mount_destination_hosts(old_mounts[i]->destination)) {
has_hosts_mount = true;
free(v2_spec->hosts_path);
- v2_spec->hosts_path = util_strdup_s(oci_spec->mounts[i]->source);
+ v2_spec->hosts_path = util_strdup_s(old_mounts[i]->source);
}
- if (is_mount_destination_resolv(oci_spec->mounts[i]->destination)) {
+ if (is_mount_destination_resolv(old_mounts[i]->destination)) {
has_resolv_mount = true;
free(v2_spec->resolv_conf_path);
- v2_spec->resolv_conf_path = util_strdup_s(oci_spec->mounts[i]->source);
+ v2_spec->resolv_conf_path = util_strdup_s(old_mounts[i]->source);
}
- if (is_mount_destination_hostname(oci_spec->mounts[i]->destination)) {
+ if (is_mount_destination_hostname(old_mounts[i]->destination)) {
has_hostname_mount = true;
free(v2_spec->hostname_path);
- v2_spec->hostname_path = util_strdup_s(oci_spec->mounts[i]->source);
+ v2_spec->hostname_path = util_strdup_s(old_mounts[i]->source);
}
}
@@ -2361,7 +2373,7 @@ static int append_network_files_mounts(oci_runtime_spec *oci_spec, host_config *
goto out;
}
#endif
- if (!mount_file(oci_spec, v2_spec->hosts_path, ETC_HOSTS)) {
+ if (!mount_file(all_mounts, all_mounts_len, v2_spec->hosts_path, ETC_HOSTS)) {
ERROR("Merge hosts mount failed");
ret = -1;
goto out;
@@ -2379,7 +2391,7 @@ static int append_network_files_mounts(oci_runtime_spec *oci_spec, host_config *
goto out;
}
#endif
- if (!mount_file(oci_spec, v2_spec->resolv_conf_path, RESOLV_CONF_PATH)) {
+ if (!mount_file(all_mounts, all_mounts_len, v2_spec->resolv_conf_path, RESOLV_CONF_PATH)) {
ERROR("Merge resolv.conf mount failed");
ret = -1;
goto out;
@@ -2397,7 +2409,7 @@ static int append_network_files_mounts(oci_runtime_spec *oci_spec, host_config *
return -1;
}
#endif
- if (!mount_file(oci_spec, v2_spec->hostname_path, ETC_HOSTNAME)) {
+ if (!mount_file(all_mounts, all_mounts_len, v2_spec->hostname_path, ETC_HOSTNAME)) {
ERROR("Merge hostname mount failed");
ret = -1;
goto out;
@@ -2497,8 +2509,7 @@ out:
return ret;
}
-static int prepare_share_shm(oci_runtime_spec *oci_spec, host_config *host_spec,
- container_config_v2_common_config *v2_spec)
+static int prepare_share_shm(host_config *host_spec, container_config_v2_common_config *v2_spec)
{
#define MAX_PROPERTY_LEN 64
char shmproperty[MAX_PROPERTY_LEN] = { 0 };
@@ -2551,17 +2562,13 @@ out:
return ret;
}
-static bool add_shm_mount(oci_runtime_spec *container, const char *shm_path)
+static bool add_shm_mount(defs_mount ***all_mounts, size_t *all_mounts_len, const char *shm_path)
{
char **options = NULL;
size_t options_len = 3;
bool ret = false;
defs_mount *tmp_mounts = NULL;
- if (options_len > SIZE_MAX / sizeof(char *)) {
- ERROR("Invalid option size");
- return ret;
- }
options = util_common_calloc_s(options_len * sizeof(char *));
if (options == NULL) {
ERROR("Out of memory");
@@ -2586,11 +2593,11 @@ static bool add_shm_mount(oci_runtime_spec *container, const char *shm_path)
options = NULL;
/* expand mount array */
- if (!mounts_expand(container, 1)) {
+ if (!mounts_expand(all_mounts, all_mounts_len, 1)) {
goto out_free;
}
- /* add a new mount node */
- container->mounts[container->mounts_len - 1] = tmp_mounts;
+
+ (*all_mounts)[(*all_mounts_len) - 1] = tmp_mounts;
ret = true;
out_free:
@@ -2603,8 +2610,7 @@ out_free:
}
#define SHM_MOUNT_POINT "/dev/shm"
-static int setup_ipc_dirs(oci_runtime_spec *oci_spec, host_config *host_spec,
- container_config_v2_common_config *v2_spec)
+static int setup_ipc_dirs(host_config *host_spec, container_config_v2_common_config *v2_spec)
{
int ret = 0;
container_t *cont = NULL;
@@ -2617,7 +2623,7 @@ static int setup_ipc_dirs(oci_runtime_spec *oci_spec, host_config *host_spec,
}
// setup shareable dirs
if (host_spec->ipc_mode == NULL || namespace_is_shareable(host_spec->ipc_mode)) {
- return prepare_share_shm(oci_spec, host_spec, v2_spec);
+ return prepare_share_shm(host_spec, v2_spec);
}
if (namespace_is_container(host_spec->ipc_mode)) {
@@ -2654,7 +2660,7 @@ int destination_compare(const void *p1, const void *p2)
return strcmp(mount_1->destination, mount_2->destination);
}
-static defs_mount * get_conflict_mount_point(defs_mount **mounts, size_t mounts_len, defs_mount *mnt)
+static defs_mount *get_conflict_mount_point(defs_mount **mounts, size_t mounts_len, defs_mount *mnt)
{
size_t i = 0;
@@ -2832,7 +2838,7 @@ static int add_image_config_volumes(container_config *container_spec, defs_mount
defs_mount *mnt = NULL;
defs_mount *conflict = NULL;
- for (i = 0; container_spec->volumes != 0 && i < container_spec->volumes->len; i++) {
+ for (i = 0; container_spec->volumes != 0 && i < container_spec->volumes->len; i++) {
mnt = parse_anonymous_volume(container_spec->volumes->keys[i]);
if (mnt == NULL) {
ERROR("parse binds %s failed", container_spec->volumes->keys[i]);
@@ -2863,8 +2869,8 @@ out:
// 2. if --volumes-from conflict with -v/--mount, drop the mount of --volumes-from
// 3. if anonymous volumes in image config conflict with -v/--mount/--volumes-from,
// drop the anonymous volumes in image config
-static int merge_all_fs_mounts(host_config *host_spec, container_config *container_spec,
- defs_mount ***all_mounts, size_t *all_mounts_len)
+static int merge_all_fs_mounts(host_config *host_spec, container_config *container_spec, defs_mount ***all_mounts,
+ size_t *all_mounts_len)
{
int ret = 0;
defs_mount **merged_mounts = NULL;
@@ -2943,9 +2949,9 @@ int merge_conf_mounts(oci_runtime_spec *oci_spec, host_config *host_spec, contai
}
/* mounts to mount filesystem */
- ret = merge_fs_mounts_to_oci_and_spec(oci_spec, all_fs_mounts, all_fs_mounts_len, v2_spec);
+ ret = merge_fs_mounts_to_v2_spec(all_fs_mounts, all_fs_mounts_len, v2_spec);
if (ret) {
- ERROR("Failed to merge mounts");
+ ERROR("Failed to merge mounts in to v2 spec");
goto out;
}
@@ -2954,7 +2960,7 @@ int merge_conf_mounts(oci_runtime_spec *oci_spec, host_config *host_spec, contai
/* host channel to mount */
if (host_spec->host_channel != NULL) {
- if (!add_host_channel_mount(oci_spec, host_spec->host_channel)) {
+ if (!add_host_channel_mount(&all_fs_mounts, &all_fs_mounts_len, host_spec->host_channel)) {
ERROR("Failed to merge host channel mount");
goto out;
}
@@ -2965,7 +2971,7 @@ int merge_conf_mounts(oci_runtime_spec *oci_spec, host_config *host_spec, contai
}
/* setup ipc dir */
- if (setup_ipc_dirs(oci_spec, host_spec, v2_spec) != 0) {
+ if (setup_ipc_dirs(host_spec, v2_spec) != 0) {
ret = -1;
goto out;
}
@@ -2973,27 +2979,33 @@ int merge_conf_mounts(oci_runtime_spec *oci_spec, host_config *host_spec, contai
/* add ipc mount */
if (v2_spec->shm_path != NULL) {
// check whether duplication
- add_shm_mount(oci_spec, v2_spec->shm_path);
+ add_shm_mount(&all_fs_mounts, &all_fs_mounts_len, v2_spec->shm_path);
}
- if (!has_mount_shm(host_spec, v2_spec) && host_spec->shm_size > 0) {
- ret = change_dev_shm_size(oci_spec, host_spec);
+ if (!host_spec->system_container) {
+ ret = append_network_files_mounts(&all_fs_mounts, &all_fs_mounts_len, host_spec, v2_spec);
if (ret) {
- ERROR("Failed to set dev shm size");
+ ERROR("Failed to append network mounts");
goto out;
}
}
- if (!host_spec->system_container) {
- ret = append_network_files_mounts(oci_spec, host_spec, v2_spec);
+ qsort(all_fs_mounts, all_fs_mounts_len, sizeof(all_fs_mounts[0]), destination_compare);
+
+ ret = merge_fs_mounts_to_oci_spec(oci_spec, all_fs_mounts, all_fs_mounts_len);
+ if (ret) {
+ ERROR("Failed to merge all mounts in to oci spec");
+ goto out;
+ }
+
+ if (!has_mount_shm(host_spec, v2_spec) && host_spec->shm_size > 0) {
+ ret = change_dev_shm_size(oci_spec, host_spec);
if (ret) {
- ERROR("Failed to append network mounts");
+ ERROR("Failed to set dev shm size");
goto out;
}
}
- qsort(oci_spec->mounts, oci_spec->mounts_len, sizeof(oci_spec->mounts[0]), destination_compare);
-
out:
if (mounted) {
(void)im_umount_container_rootfs(v2_spec->image_type, v2_spec->image, v2_spec->id);
--
2.25.1

76
0010-CI-add-testcases-for-bind-proc-and-sys-fs.patch
View File

@ -1,76 +0,0 @@
From 9ad5a2da26efc2a1a15564ddbb72059a1142ec85 Mon Sep 17 00:00:00 2001
From: lifeng68 <lifeng68@huawei.com>
Date: Fri, 27 Nov 2020 16:57:00 +0800
Subject: [PATCH 10/17] CI: add testcases for bind /proc and /sys/fs
Signed-off-by: lifeng68 <lifeng68@huawei.com>
---
.../container_cases/bind_special_dir.sh | 56 +++++++++++++++++++
1 file changed, 56 insertions(+)
create mode 100644 CI/test_cases/container_cases/bind_special_dir.sh
diff --git a/CI/test_cases/container_cases/bind_special_dir.sh b/CI/test_cases/container_cases/bind_special_dir.sh
new file mode 100644
index 00000000..0e61e348
--- /dev/null
+++ b/CI/test_cases/container_cases/bind_special_dir.sh
@@ -0,0 +1,56 @@
+#!/bin/bash
+#
+# attributes: isulad bind special directory
+# concurrent: NA
+# spend time: 5
+
+#######################################################################
+##- @Copyright (C) Huawei Technologies., Ltd. 2020. All rights reserved.
+# - iSulad licensed under the Mulan PSL v2.
+# - You can use this software according to the terms and conditions of the Mulan PSL v2.
+# - You may obtain a copy of Mulan PSL v2 at:
+# - http://license.coscl.org.cn/MulanPSL2
+# - THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+# - IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+# - PURPOSE.
+# - See the Mulan PSL v2 for more details.
+##- @Description:CI
+##- @Author: lifeng
+##- @Create: 2020-11-27
+#######################################################################
+
+declare -r curr_path=$(dirname $(readlink -f "$0"))
+source ../helpers.sh
+
+function test_bind_special_dir()
+{
+ local ret=0
+ local image="busybox"
+ local test="container bind special directory test => (${FUNCNAME[@]})"
+
+ msg_info "${test} starting..."
+
+ isula pull ${image}
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to pull image: ${image}" && return ${FAILURE}
+
+ isula images | grep busybox
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - missing list image: ${image}" && ((ret++))
+
+ c_id=`isula run -itd -v -itd -v /sys/fs:/sys/fs:rw,rshared -v /proc:/proc -v /dev:/dev:ro -v /dev/pts:/dev/pts:rw busybox sh`
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to run container with image: ${image}" && ((ret++))
+
+ isula exec -it $c_id sh -c "ls -al /sys/fs" | grep "cgroup"
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to check container with image: ${image}" && ((ret++))
+
+ isula rm -f $c_id
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to rm container ${c_id}" && ((ret++))
+
+ msg_info "${test} finished with return ${ret}..."
+ return ${ret}
+}
+
+declare -i ans=0
+
+test_bind_special_dir || ((ans++))
+
+show_result ${ans} "${curr_path}/${0}"
--
2.25.1

29
0011-verify-peer-if-it-s-secure-registry.patch
View File

@ -1,29 +0,0 @@
From 1f8f03ebc44a763a7686eda8cbf6341b9c057a6f Mon Sep 17 00:00:00 2001
From: WangFengTu <wangfengtu@huawei.com>
Date: Sat, 28 Nov 2020 10:45:59 +0800
Subject: [PATCH 11/17] verify peer if it's secure registry
we verify peer only when CA file is provided before,
now we verify peer if it's secure registry
Signed-off-by: WangFengTu <wangfengtu@huawei.com>
---
src/daemon/modules/image/oci/registry/http_request.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/daemon/modules/image/oci/registry/http_request.c b/src/daemon/modules/image/oci/registry/http_request.c
index 60644ed5..fb44a7b6 100644
--- a/src/daemon/modules/image/oci/registry/http_request.c
+++ b/src/daemon/modules/image/oci/registry/http_request.c
@@ -118,7 +118,7 @@ static int setup_ssl_config(pull_descriptor *desc, struct http_get_options *opti
}
}
- if (options->ca_file != NULL) {
+ if (!desc->insecure_registry) {
options->ssl_verify_peer = true;
}
--
2.25.1

239
0012-make-sure-all-certs-load-success-if-any-provided.patch
View File

@ -1,239 +0,0 @@
From a242455ecf86e4766ecb8989f8a5c62059c02e7c Mon Sep 17 00:00:00 2001
From: WangFengTu <wangfengtu@huawei.com>
Date: Sat, 28 Nov 2020 11:37:09 +0800
Subject: [PATCH 12/17] make sure all certs load success if any provided
Signed-off-by: WangFengTu <wangfengtu@huawei.com>
---
src/daemon/modules/image/oci/registry/certs.c | 161 ++++++++++++++++--
1 file changed, 149 insertions(+), 12 deletions(-)
diff --git a/src/daemon/modules/image/oci/registry/certs.c b/src/daemon/modules/image/oci/registry/certs.c
index 6574d2bf..f9ef63c9 100644
--- a/src/daemon/modules/image/oci/registry/certs.c
+++ b/src/daemon/modules/image/oci/registry/certs.c
@@ -26,9 +26,11 @@
#include "utils.h"
#include "utils_file.h"
#include "utils_string.h"
+#include "err_msg.h"
#define DEFAULT_ISULAD_CERTD "/etc/isulad/certs.d"
#define CLIENT_CERT_SUFFIX ".cert"
+#define CLIENT_KEY_SUFFIX ".key"
#define CA_SUFFIX ".crt"
static char *g_certs_dir = DEFAULT_ISULAD_CERTD;
@@ -68,18 +70,117 @@ static char *corresponding_key_name(const char *cert_name)
return key_name;
}
+static char *corresponding_cert_name(const char *key_name)
+{
+ char cert_name[PATH_MAX] = {0};
+ char *tmp_key_name = NULL;
+ int sret = 0;
+
+ if (key_name == NULL) {
+ ERROR("Invalid NULL pointer");
+ return NULL;
+ }
+
+ if (strlen(key_name) <= strlen(CLIENT_KEY_SUFFIX)) {
+ ERROR("Invalid key name too short");
+ return NULL;
+ }
+
+ tmp_key_name = util_strdup_s(key_name);
+ tmp_key_name[strlen(tmp_key_name) - strlen(CLIENT_KEY_SUFFIX)] = 0; // strip suffix .key
+
+ sret = snprintf(cert_name, sizeof(cert_name), "%s.cert", tmp_key_name);
+ if (sret < 0 || (size_t)sret >= sizeof(cert_name)) {
+ ERROR("Failed to sprintf cert name");
+ free(tmp_key_name);
+ return NULL;
+ }
+
+ return util_strdup_s(cert_name);
+}
+
+static int get_path_by_cert_name(const char *path, const char *cert_name, char **cert_path, char **key_path)
+{
+ int ret = 0;
+ char *key_name = NULL;
+ char *tmp_key_path = NULL;
+ char *tmp_cert_path = NULL;
+
+ key_name = corresponding_key_name(cert_name);
+ if (key_name == NULL) {
+ ERROR("find corresponding key name for cert failed");
+ ret = -1;
+ goto out;
+ }
+ tmp_key_path = util_path_join(path, key_name);
+ tmp_cert_path = util_path_join(path, cert_name);
+ if (tmp_cert_path == NULL || tmp_key_path == NULL) {
+ ret = -1;
+ ERROR("error join path");
+ goto out;
+ }
+
+ *cert_path = util_strdup_s(tmp_cert_path);
+ *key_path = util_strdup_s(tmp_key_path);
+
+out:
+ free(key_name);
+ free(tmp_cert_path);
+ free(tmp_key_path);
+
+ return ret;
+}
+
+static int get_path_by_key_name(const char *path, const char *key_name, char **cert_path, char **key_path)
+{
+ int ret = 0;
+ char *cert_name = NULL;
+ char *tmp_key_path = NULL;
+ char *tmp_cert_path = NULL;
+
+ cert_name = corresponding_cert_name(key_name);
+ if (cert_name == NULL) {
+ ERROR("find corresponding key name for cert failed");
+ ret = -1;
+ goto out;
+ }
+ tmp_key_path = util_path_join(path, key_name);
+ tmp_cert_path = util_path_join(path, cert_name);
+ if (tmp_cert_path == NULL || tmp_key_path == NULL) {
+ ret = -1;
+ ERROR("error join path");
+ goto out;
+ }
+
+ *cert_path = util_strdup_s(tmp_cert_path);
+ *key_path = util_strdup_s(tmp_key_path);
+
+out:
+ free(cert_name);
+ free(tmp_cert_path);
+ free(tmp_key_path);
+
+ return ret;
+}
+
static int load_certs(const char *path, const char *name, bool use_decrypted_key, char **ca_file, char **cert_file,
char **key_file)
{
int ret = 0;
char *key_name = NULL;
+ char *tmp_key_file = NULL;
+ char *tmp_cert_file = NULL;
- if (path == NULL || ca_file == NULL || cert_file == NULL || key_file == NULL) {
+ if (path == NULL || ca_file == NULL || cert_file == NULL || key_file == NULL || name == NULL) {
ERROR("Invalid NULL pointer");
return -1;
}
- if (*ca_file == NULL && util_has_suffix(name, CA_SUFFIX)) {
+ if (util_has_suffix(name, CA_SUFFIX)) {
+ if (*ca_file != NULL) {
+ ERROR("more than one ca file found, support only one ca file currently, continue to try");
+ goto out;
+ }
*ca_file = util_path_join(path, name);
if (*ca_file == NULL) {
ret = -1;
@@ -87,20 +188,43 @@ static int load_certs(const char *path, const char *name, bool use_decrypted_key
goto out;
}
goto out;
- } else if (*cert_file == NULL && *key_file == NULL && util_has_suffix(name, CLIENT_CERT_SUFFIX)) {
- key_name = corresponding_key_name(name);
- if (key_name == NULL) {
- ERROR("find corresponding key name for cert failed");
+ } else if (util_has_suffix(name, CLIENT_CERT_SUFFIX)) {
+ ret = get_path_by_cert_name(path, name, &tmp_cert_file, &tmp_key_file);
+ if (ret != 0) {
+ ERROR("get path of cert and key by cert name failed");
+ isulad_try_set_error_message("get path of cert and key by cert name failed");
+ goto out;
+ }
+ if (!util_file_exists(tmp_key_file)) {
ret = -1;
+ ERROR("lack corresponding key file for tls cert");
+ isulad_try_set_error_message("lack corresponding key file for tls cert");
goto out;
}
- *key_file = util_path_join(path, key_name);
- *cert_file = util_path_join(path, name);
- if (*cert_file == NULL || *key_file == NULL) {
+ if (*cert_file != NULL) {
+ ERROR("more than one cert file found, support only one cert file currently, continue to try");
+ goto out;
+ }
+ *cert_file = util_strdup_s(tmp_cert_file);
+ goto out;
+ } else if (util_has_suffix(name, CLIENT_KEY_SUFFIX)) {
+ ret = get_path_by_key_name(path, name, &tmp_cert_file, &tmp_key_file);
+ if (ret != 0) {
+ ERROR("get path of cert and key by key name failed");
+ isulad_try_set_error_message("get path of cert and key by key name failed");
+ goto out;
+ }
+ if (!util_file_exists(tmp_cert_file)) {
ret = -1;
- ERROR("error join key name");
+ ERROR("lack corresponding cert file for tls key");
+ isulad_try_set_error_message("lack corresponding cert file for tls key");
+ goto out;
+ }
+ if (*key_file != NULL) {
+ ERROR("more than one key file found, support only one key file currently, continue to try");
goto out;
}
+ *key_file = util_strdup_s(tmp_key_file);
goto out;
} else {
goto out;
@@ -109,6 +233,8 @@ static int load_certs(const char *path, const char *name, bool use_decrypted_key
out:
free(key_name);
key_name = NULL;
+ free(tmp_cert_file);
+ free(tmp_key_file);
if (ret != 0) {
free(*ca_file);
@@ -122,6 +248,15 @@ out:
return ret;
}
+static bool valid_certs(char *ca_file, char *cert_file, char *key_file)
+{
+ if ((ca_file == NULL && cert_file == NULL && key_file == NULL) ||
+ (ca_file != NULL && cert_file != NULL && key_file != NULL)) {
+ return true;
+ }
+ return false;
+}
+
int certs_load(char *host, bool use_decrypted_key, char **ca_file, char **cert_file, char **key_file)
{
int ret = 0;
@@ -170,8 +305,10 @@ int certs_load(char *host, bool use_decrypted_key, char **ca_file, char **cert_f
entry = readdir(dir);
}
- if (*ca_file == NULL || *cert_file == NULL || *key_file == NULL) {
- ERROR("Loaded only part of certs, continue to try");
+ if (!valid_certs(*ca_file, *cert_file, *key_file)) {
+ ERROR("failed to load all certs");
+ isulad_try_set_error_message("failed to load all certs");
+ ret = -1;
}
out:
--
2.25.1

305
0013-add-ch-docs-for-install-iSulad.patch
View File

@ -1,305 +0,0 @@
From da5ab167ebc5765c91630846cd0850acd6ce8814 Mon Sep 17 00:00:00 2001
From: haozi007 <liuhao27@huawei.com>
Date: Thu, 26 Nov 2020 14:58:05 +0800
Subject: [PATCH 13/17] add ch docs for install iSulad
Signed-off-by: haozi007 <liuhao27@huawei.com>
---
README.md | 7 ++
docs/build_guide.md | 22 +++---
docs/build_guide_zh.md | 164 +++++++++++++++++++++++++++++++++++++++++
3 files changed, 182 insertions(+), 11 deletions(-)
create mode 100644 docs/build_guide_zh.md
diff --git a/README.md b/README.md
index 9b34d615..1dd3cf1a 100644
--- a/README.md
+++ b/README.md
@@ -4,9 +4,16 @@
`iSulad` is a lightweight container runtime daemon which is designed for IOT and Cloud infrastructure.`iSulad` has the characteristics of light, fast and not limited by hardware specifications and architecture, and can be applied more widely.
+## Documentation
+
+- [en build guide](./docs/build_guide.md)
+- [cn build guide](./docs/build_guide_zh.md)
+- [more usage guide](https://openeuler.org/zh/docs/20.09/docs/Container/iSula%E5%AE%B9%E5%99%A8%E5%BC%95%E6%93%8E.html)
+
## Getting Started
### Installing
+
To install iSulad, you can use `rpm` or `yum` package manager command with `openEuler` repository.
Or write repository file by hand:
diff --git a/docs/build_guide.md b/docs/build_guide.md
index 912139fa..2ee12c39 100644
--- a/docs/build_guide.md
+++ b/docs/build_guide.md
@@ -7,12 +7,12 @@ If you intend to contribute on iSulad. Thanks for your effort. Every contributio
These dependencies are required for build:
### install basic dependencies based on Centos distribution
-```sh
+```bash
$ sudo yum --enablerepo='*' install -y automake autoconf libtool cmake make libcap libcap-devel libselinux libselinux-devel libseccomp libseccomp-devel yajl-devel git libcgroup tar python3 python3-pip device-mapper-devel libarchive libarchive-devel libcurl-devel zlib-devel glibc-headers openssl-devel gcc gcc-c++ systemd-devel systemd-libs golang libtar libtar-devel
```
### install basic dependencies based on Ubuntu distribution
-```sh
+```bash
$ sudo apt install -y libtool automake autoconf cmake make pkg-config libyajl-dev zlib1g-dev libselinux-dev libseccomp-dev libcap-dev libsystemd-dev git libcurl4-gnutls-dev openssl libdevmapper-dev golang python3 libtar libtar-dev
```
@@ -24,13 +24,13 @@ Please use the protobuf and grpc came with your distribution, if not exists then
Note: grpc-1.22 can not support GCC 9+.
### set ldconfig and pkgconfig
-```
+```bash
$ export PKG_CONFIG_PATH=/usr/local/lib/pkgconfig:$PKG_CONFIG_PATH
$ export LD_LIBRARY_PATH=/usr/local/lib:/usr/lib:$LD_LIBRARY_PATH
$ sudo -E echo "/usr/local/lib" >> /etc/ld.so.conf
```
### build and install protobuf
-```
+```bash
$ git clone https://gitee.com/src-openeuler/protobuf.git
$ cd protobuf
$ git checkout openEuler-20.03-LTS-tag
@@ -44,7 +44,7 @@ $ sudo -E ldconfig
```
### build and install c-ares
-```
+```bash
$ git clone https://gitee.com/src-openeuler/c-ares.git
$ cd c-ares
$ git checkout openEuler-20.03-LTS-tag
@@ -58,7 +58,7 @@ $ sudo -E ldconfig
```
### build and install grpc
-```
+```bash
$ git clone https://gitee.com/src-openeuler/grpc.git
$ cd grpc
$ git checkout openEuler-20.03-LTS-tag
@@ -70,7 +70,7 @@ $ sudo -E ldconfig
```
### build and install http-parser
-```
+```bash
$ git clone https://gitee.com/src-openeuler/http-parser.git
$ cd http-parser
$ git checkout openEuler-20.03-LTS-tag
@@ -82,7 +82,7 @@ $ sudo -E ldconfig
```
### build and install libwebsockets
-```
+```bash
$ git clone https://gitee.com/src-openeuler/libwebsockets.git
$ cd libwebsockets
$ git checkout openEuler-20.03-LTS-tag
@@ -101,7 +101,7 @@ $ sudo -E ldconfig
iSulad depend on some specific versions dependencies.
### build and install lxc
-```
+```bash
$ git clone https://gitee.com/src-openeuler/lxc.git
$ cd lxc
$ tar -zxf lxc-4.0.3.tar.gz
@@ -114,7 +114,7 @@ $ sudo -E make install
```
### build and install lcr
-```
+```bash
$ git clone https://gitee.com/openeuler/lcr.git
$ cd lcr
$ mkdir build
@@ -125,7 +125,7 @@ $ sudo -E make install
```
### build and install clibcni
-```
+```bash
$ git clone https://gitee.com/openeuler/clibcni.git
$ cd clibcni
$ mkdir build
diff --git a/docs/build_guide_zh.md b/docs/build_guide_zh.md
new file mode 100644
index 00000000..182d6fec
--- /dev/null
+++ b/docs/build_guide_zh.md
@@ -0,0 +1,164 @@
+# 源码编译iSulad
+
+我们感谢为iSulad做的任何贡献。
+
+## 各发行版本的基本依赖安装
+
+这些依赖是编译依赖的基础组件:
+
+### openEuler的安装命令
+
+openEuler可以直接通过编译依赖自动安装的方式其他rpm的发行版本也可以参考但是存在部分包名不一致的情况具体如下
+
+```bash
+dnf builddep iSulad.spec
+```
+
+注iSulad.spec直接用源码中的文件即可。
+
+### Centos的安装命令
+
+```bash
+$ sudo yum --enablerepo='*' install -y automake autoconf libtool cmake make libcap libcap-devel libselinux libselinux-devel libseccomp libseccomp-devel yajl-devel git libcgroup tar python3 python3-pip device-mapper-devel libarchive libarchive-devel libcurl-devel zlib-devel glibc-headers openssl-devel gcc gcc-c++ systemd-devel systemd-libs libtar libtar-devel
+```
+
+### Ubuntu的安装命令
+```bash
+$ sudo apt install -y libtool automake autoconf cmake make pkg-config libyajl-dev zlib1g-dev libselinux-dev libseccomp-dev libcap-dev libsystemd-dev git libcurl4-gnutls-dev openssl libdevmapper-dev python3 libtar libtar-dev
+```
+
+## 从源码构建和安装关键依赖
+下面的依赖组件你的包管理中可能不存在或者版本不满足要求。因此需要从源码编译安装。protobuf和grpc建议直接通过包管理安装除非没有或者版本太老。
+
+***注意grpc-1.22不支持GCC 9+。***
+
+### 设置ldconfig和pkgconfig的路径
+
+编译安装的默认路径为`/usr/local/lib/`,因此需要把该路径添加到`PKG_CONFIG_PATH`和`LD_LIBRARY_PATH`从而系统能找到我们编译安装的软件包和lib库。如果安装的`/usr/lib/`,可以忽略这一步。
+
+```bash
+$ export PKG_CONFIG_PATH=/usr/local/lib/pkgconfig:$PKG_CONFIG_PATH
+$ export LD_LIBRARY_PATH=/usr/local/lib:/usr/lib:$LD_LIBRARY_PATH
+$ sudo -E echo "/usr/local/lib" >> /etc/ld.so.conf
+```
+### 编译安装protobuf
+```bash
+$ git clone https://gitee.com/src-openeuler/protobuf.git
+$ cd protobuf
+$ git checkout openEuler-20.03-LTS-tag
+$ tar -xzvf protobuf-all-3.9.0.tar.gz
+$ cd protobuf-3.9.0
+$ sudo -E ./autogen.sh
+$ sudo -E ./configure
+$ sudo -E make -j $(nproc)
+$ sudo -E make install
+$ sudo -E ldconfig
+```
+
+### 编译安装c-ares
+```bash
+$ git clone https://gitee.com/src-openeuler/c-ares.git
+$ cd c-ares
+$ git checkout openEuler-20.03-LTS-tag
+$ tar -xzvf c-ares-1.15.0.tar.gz
+$ cd c-ares-1.15.0
+$ sudo -E autoreconf -if
+$ sudo -E ./configure --enable-shared --disable-dependency-tracking
+$ sudo -E make -j $(nproc)
+$ sudo -E make install
+$ sudo -E ldconfig
+```
+
+### 编译安装grpc
+```bash
+$ git clone https://gitee.com/src-openeuler/grpc.git
+$ cd grpc
+$ git checkout openEuler-20.03-LTS-tag
+$ tar -xzvf grpc-1.22.0.tar.gz
+$ cd grpc-1.22.0
+$ sudo -E make -j $(nproc)
+$ sudo -E make install
+$ sudo -E ldconfig
+```
+
+### 编译安装http-parser
+```bash
+$ git clone https://gitee.com/src-openeuler/http-parser.git
+$ cd http-parser
+$ git checkout openEuler-20.03-LTS-tag
+$ tar -xzvf http-parser-2.9.2.tar.gz
+$ cd http-parser-2.9.2
+$ sudo -E make -j CFLAGS="-Wno-error"
+$ sudo -E make CFLAGS="-Wno-error" install
+$ sudo -E ldconfig
+```
+
+### 编译安装libwebsockets
+```bash
+$ git clone https://gitee.com/src-openeuler/libwebsockets.git
+$ cd libwebsockets
+$ git checkout openEuler-20.03-LTS-tag
+$ tar -xzvf libwebsockets-2.4.2.tar.gz
+$ cd libwebsockets-2.4.2
+$ patch -p1 -F1 -s < ../libwebsockets-fix-coredump.patch
+$ mkdir build
+$ cd build
+$ sudo -E cmake -DLWS_WITH_SSL=0 -DLWS_MAX_SMP=32 -DCMAKE_BUILD_TYPE=Debug ../
+$ sudo -E make -j $(nproc)
+$ sudo -E make install
+$ sudo -E ldconfig
+```
+
+## 编译安装特定依赖版本
+iSulad依赖一些特定版本的组件由于各组件是通过函数接口使用因此**必须保证各组件版本一致**。例如:
+
+- 统一使用各组件的master分支的代码进行构建
+- 后续的releases版本会增加依赖的组件的版本号
+- 也统一可以从[openEuler](https://openeuler.org/zh/download/)的特定OS版本通过包管理工具获取各组件的`src.rpm`包的方式获取源码;
+- 也可以到[src-openeuler](https://gitee.com/src-openeuler)社区获取各组件相同分支的代码;
+
+### 编译安装lxc
+```bash
+$ git clone https://gitee.com/src-openeuler/lxc.git
+$ cd lxc
+$ tar -zxf lxc-4.0.3.tar.gz
+$ ./apply-patches
+$ cd lxc-4.0.3
+$ sudo -E ./autogen.sh
+$ sudo -E ./configure
+$ sudo -E make -j $(nproc)
+$ sudo -E make install
+```
+
+### 编译安装lcr
+```bash
+$ git clone https://gitee.com/openeuler/lcr.git
+$ cd lcr
+$ mkdir build
+$ cd build
+$ sudo -E cmake ..
+$ sudo -E make -j $(nproc)
+$ sudo -E make install
+```
+
+### 编译安装clibcni
+```bash
+$ git clone https://gitee.com/openeuler/clibcni.git
+$ cd clibcni
+$ mkdir build
+$ cd build
+$ sudo -E cmake ..
+$ sudo -E make -j $(nproc)
+$ sudo -E make install
+```
+
+### 编译安装iSulad
+```bash
+$ git clone https://gitee.com/openeuler/iSulad.git
+$ cd iSulad
+$ mkdir build
+$ cd build
+$ sudo -E cmake ..
+$ sudo -E make -j $(nproc)
+$ sudo -E make install
+```
--
2.25.1

34
0014-error-out-if-unpack-layer-failed.patch
View File

@ -1,34 +0,0 @@
From ff793d00c408810e2f434800fa3811f5ba2501a7 Mon Sep 17 00:00:00 2001
From: WangFengTu <wangfengtu@huawei.com>
Date: Thu, 3 Dec 2020 10:32:57 +0800
Subject: [PATCH 14/17] error out if unpack layer failed
Signed-off-by: WangFengTu <wangfengtu@huawei.com>
---
.../modules/image/oci/storage/layer_store/layer_store.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/src/daemon/modules/image/oci/storage/layer_store/layer_store.c b/src/daemon/modules/image/oci/storage/layer_store/layer_store.c
index 704dbd63..87e49d07 100644
--- a/src/daemon/modules/image/oci/storage/layer_store/layer_store.c
+++ b/src/daemon/modules/image/oci/storage/layer_store/layer_store.c
@@ -1061,14 +1061,13 @@ static int apply_diff(layer_t *l, const struct io_read_wrapper *diff)
{
int64_t size = 0;
int ret = 0;
- int nret = 0;
if (diff == NULL) {
return 0;
}
- nret = graphdriver_apply_diff(l->slayer->id, diff);
- if (nret != 0) {
+ ret = graphdriver_apply_diff(l->slayer->id, diff);
+ if (ret != 0) {
goto out;
}
--
2.25.1

27
0015-ignore-get-ip-error-for-mutlnetwork.patch
View File

@ -1,27 +0,0 @@
From b0b1bc36bf4672ce45c0dd2be877083894b62350 Mon Sep 17 00:00:00 2001
From: haozi007 <liuhao27@huawei.com>
Date: Thu, 3 Dec 2020 15:44:27 +0800
Subject: [PATCH 15/17] ignore get ip error for mutlnetwork
Signed-off-by: haozi007 <liuhao27@huawei.com>
---
src/daemon/entry/cri/cri_sandbox.cc | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/daemon/entry/cri/cri_sandbox.cc b/src/daemon/entry/cri/cri_sandbox.cc
index 772638a1..2d623097 100644
--- a/src/daemon/entry/cri/cri_sandbox.cc
+++ b/src/daemon/entry/cri/cri_sandbox.cc
@@ -985,7 +985,8 @@ void CRIRuntimeServiceImpl::GetFormatIPsForMultNet(container_inspect *inspect, c
m_pluginManager->GetPodNetworkStatus(metadata.namespace_(), metadata.name(), elems[i]->interface, inspect->id, status,
error);
if (error.NotEmpty()) {
- goto out;
+ WARN("get status for network: %s failed: %s", elems[i]->name, error.GetCMessage());
+ error.Clear();
}
// add a sentry to make ips of mutlnetwork store from position 2
if (result.size() < 2) {
--
2.25.1

1303
0016-support-default-container-log-options.patch
View File

File diff suppressed because it is too large Load Diff

231
0017-add-testcase-for-default-container-log-configs.patch
View File

@ -1,231 +0,0 @@
From acbcd786e29a9d3764d69db02ad485d94da1315c Mon Sep 17 00:00:00 2001
From: haozi007 <liuhao27@huawei.com>
Date: Thu, 3 Dec 2020 10:36:07 +0800
Subject: [PATCH 17/17] add testcase for default container log configs
Signed-off-by: haozi007 <liuhao27@huawei.com>
---
CI/test_cases/container_cases/log_test.sh | 166 ++++++++++++++++++
.../container_cases/test_data/daemon.json | 37 ++++
2 files changed, 203 insertions(+)
create mode 100755 CI/test_cases/container_cases/log_test.sh
create mode 100644 CI/test_cases/container_cases/test_data/daemon.json
diff --git a/CI/test_cases/container_cases/log_test.sh b/CI/test_cases/container_cases/log_test.sh
new file mode 100755
index 00000000..08abf212
--- /dev/null
+++ b/CI/test_cases/container_cases/log_test.sh
@@ -0,0 +1,166 @@
+#!/bin/bash
+#
+# attributes: isulad container log
+# concurrent: NA
+# spend time: 46
+
+curr_path=$(dirname $(readlink -f "$0"))
+data_path=$(realpath $curr_path/test_data)
+source ../helpers.sh
+
+function do_pre()
+{
+ mv /etc/isulad/daemon.json /etc/isulad/daemon.bak
+ cp ${data_path}/daemon.json /etc/isulad/daemon.json
+}
+
+function do_post()
+{
+ cp -f /etc/isulad/daemon.bak /etc/isulad/daemon.json
+ check_valgrind_log
+ start_isulad_with_valgrind
+}
+
+function do_check_item()
+{
+ cat ${ISULAD_ROOT_PATH}/engine/lcr/$1/config | grep console | grep "$2"
+ if [ $? -ne 0 ]; then
+ msg_err "expect $2"
+ TC_RET_T=$(($TC_RET_T+1))
+ fi
+}
+
+function do_test_syslog_helper()
+{
+ msg_info "this is $0 do_test"
+
+ crictl pull busybox
+ if [ $? -ne 0 ]; then
+ msg_err "Failed to pull busybox image"
+ TC_RET_T=$(($TC_RET_T+1))
+ fi
+
+ cid=`isula run -tid busybox sh`
+ if [ $? -ne 0 ]; then
+ msg_err "Failed to run container"
+ TC_RET_T=$(($TC_RET_T+1))
+ fi
+
+ do_check_item ${cid} "logdriver = syslog"
+
+ if [ "x$1" != "x" ]; then
+ do_check_item ${cid} "syslog_tag = $1"
+ fi
+
+ isula rm -f ${cid}
+ if [ $? -ne 0 ]; then
+ msg_err "Failed to remove container"
+ TC_RET_T=$(($TC_RET_T+1))
+ fi
+
+ return $TC_RET_T
+}
+
+function do_test_json_file_helper()
+{
+ msg_info "this is $0 do_test"
+ local file_cnt=7
+ local file_size=1MB
+
+ if [ "x$1" != "x" ]; then
+ file_cnt=$1
+ fi
+ if [ "x$2" != "x" ]; then
+ file_size=$2
+ fi
+
+ cid=`isula run -tid busybox sh`
+ if [ $? -ne 0 ]; then
+ msg_err "Failed to run container"
+ TC_RET_T=$(($TC_RET_T+1))
+ fi
+
+ do_check_item ${cid} "logdriver = json-file"
+ do_check_item ${cid} "rotate = $file_cnt"
+ do_check_item ${cid} "size = $file_size"
+
+ isula rm -f ${cid}
+ if [ $? -ne 0 ]; then
+ msg_err "Failed to remove container"
+ TC_RET_T=$(($TC_RET_T+1))
+ fi
+
+ return $TC_RET_T
+}
+
+function do_test_container_log()
+{
+ msg_info "this is $0 do_test"
+
+ cid=`isula run -tid --log-driver=json-file busybox sh`
+ if [ $? -ne 0 ]; then
+ msg_err "Failed to run container"
+ TC_RET_T=$(($TC_RET_T+1))
+ fi
+ do_check_item ${cid} "logdriver = json-file"
+ do_check_item ${cid} "rotate = 7"
+ do_check_item ${cid} "size = 1MB"
+
+ cid=`isula run -tid --log-driver=json-file --log-opt="max-file=8" busybox sh`
+ if [ $? -ne 0 ]; then
+ msg_err "Failed to run container"
+ TC_RET_T=$(($TC_RET_T+1))
+ fi
+ do_check_item ${cid} "logdriver = json-file"
+ do_check_item ${cid} "rotate = 8"
+ do_check_item ${cid} "size = 1MB"
+
+ cid=`isula run -tid --log-driver=json-file --log-opt="max-size=128KB" busybox sh`
+ if [ $? -ne 0 ]; then
+ msg_err "Failed to run container"
+ TC_RET_T=$(($TC_RET_T+1))
+ fi
+ do_check_item ${cid} "logdriver = json-file"
+ do_check_item ${cid} "rotate = 7"
+ do_check_item ${cid} "size = 128KB"
+
+ cid=`isula run -tid --log-driver=json-file --log-opt="disable-log=true" busybox sh`
+ if [ $? -ne 0 ]; then
+ msg_err "Failed to run container"
+ TC_RET_T=$(($TC_RET_T+1))
+ fi
+ cat ${ISULAD_ROOT_PATH}/engine/lcr/${cid}/config | grep console | grep "logfile ="
+ if [ $? -eq 0 ]; then
+ msg_err "Failed to disable log"
+ TC_RET_T=$(($TC_RET_T+1))
+ fi
+
+ isula rm -f `isula ps -aq`
+ return $TC_RET_T
+}
+
+function do_test() {
+ check_valgrind_log
+ start_isulad_with_valgrind --log-opts="syslog-tag=xxxx"
+
+ do_test_syslog_helper "xxxx"
+
+ check_valgrind_log
+ start_isulad_with_valgrind --log-driver=json-file --log-opts="max-size=10MB" --log-opts="max-file=3"
+ do_test_json_file_helper "3" "10MB"
+
+ check_valgrind_log
+ start_isulad_with_valgrind
+ do_test_container_log
+}
+
+ret=0
+
+do_pre
+if [ $? -ne 0 ];then
+ let "ret=$ret + 1"
+fi
+
+do_post
+
+show_result $ret "cni base test"
diff --git a/CI/test_cases/container_cases/test_data/daemon.json b/CI/test_cases/container_cases/test_data/daemon.json
new file mode 100644
index 00000000..f8914ed4
--- /dev/null
+++ b/CI/test_cases/container_cases/test_data/daemon.json
@@ -0,0 +1,37 @@
+{
+ "group": "isula",
+ "default-runtime": "lcr",
+ "graph": "/var/lib/isulad",
+ "state": "/var/run/isulad",
+ "engine": "lcr",
+ "log-level": "ERROR",
+ "pidfile": "/var/run/isulad.pid",
+ "log-opts": {
+ "log-file-mode": "0600",
+ "log-path": "/var/lib/isulad",
+ "max-file": "1",
+ "max-size": "30KB"
+ },
+ "log-driver": "stdout",
+ "container-log": {
+ "driver": "syslog"
+ },
+ "hook-spec": "/etc/default/isulad/hooks/default.json",
+ "start-timeout": "2m",
+ "storage-driver": "overlay2",
+ "storage-opts": [
+ "overlay2.override_kernel_check=true"
+ ],
+ "registry-mirrors": [
+ ],
+ "insecure-registries": [
+ ],
+ "pod-sandbox-image": "",
+ "native.umask": "secure",
+ "network-plugin": "",
+ "cni-bin-dir": "",
+ "cni-conf-dir": "",
+ "image-layer-check": false,
+ "use-decrypted-key": true,
+ "insecure-skip-verify-enforce": false
+}
--
2.25.1

136
0018-clean-code-ignore-list-containers-error.patch
View File

@ -1,136 +0,0 @@
From 051be757db25c8ac7e6c4beb1ec219b4fde3641c Mon Sep 17 00:00:00 2001
From: lifeng68 <lifeng68@huawei.com>
Date: Sat, 5 Dec 2020 10:24:58 +0800
Subject: [PATCH 18/18] clean code: ignore list containers error
Signed-off-by: lifeng68 <lifeng68@huawei.com>
---
src/daemon/executor/container_cb/list.c | 82 +++++++++++++++----------
1 file changed, 51 insertions(+), 31 deletions(-)
diff --git a/src/daemon/executor/container_cb/list.c b/src/daemon/executor/container_cb/list.c
index 4c9c9ed..3dea940 100644
--- a/src/daemon/executor/container_cb/list.c
+++ b/src/daemon/executor/container_cb/list.c
@@ -311,44 +311,73 @@ static void dup_id_name(const container_config_v2_common_config *common_config,
}
}
-static int convert_common_config_info(const map_t *map_labels, const container_config_v2_common_config *common_config,
- container_container *isuladinfo)
+static void dup_container_labels(const map_t *map_labels, const container_config_v2_common_config *common_config,
+ container_container *isuladinfo)
{
int ret = 0;
- bool args_err = false;
-
- if (map_labels == NULL || common_config == NULL || isuladinfo == NULL) {
- return -1;
- }
if (common_config->config == NULL) {
- return 0;
+ return;
}
- args_err = (common_config->config->labels != NULL && common_config->config->labels->len != 0);
- if (args_err) {
+
+ if (common_config->config->labels != NULL && common_config->config->labels->len != 0) {
json_map_string_string *labels = common_config->config->labels;
ret = replace_labels(isuladinfo, labels, map_labels);
- if (ret == -1) {
- goto out;
+ if (ret != 0) {
+ ERROR("Failed to dup container %s labels", common_config->id);
}
}
+ return;
+}
+
+static void dup_container_annotations(const container_config_v2_common_config *common_config,
+ container_container *isuladinfo)
+{
+ int ret = 0;
+
+ if (common_config->config == NULL) {
+ return;
+ }
+
ret = replace_annotations(common_config, isuladinfo);
- if (ret == -1) {
- goto out;
+ if (ret != 0) {
+ ERROR("Failed to dup container %s annotations", common_config->id);
}
- dup_id_name(common_config, isuladinfo);
- args_err = (common_config->created != NULL &&
- util_to_unix_nanos_from_str(common_config->created, &isuladinfo->created) != 0);
- if (args_err) {
- ret = -1;
- goto out;
+ return;
+}
+
+static void dup_container_created_time(const container_config_v2_common_config *common_config,
+ container_container *isuladinfo)
+{
+ if (common_config->created != NULL &&
+ util_to_unix_nanos_from_str(common_config->created, &isuladinfo->created) != 0) {
+ ERROR("Failed to dup container %s created time", common_config->id);
+ }
+
+ return;
+}
+
+static int convert_common_config_info(const map_t *map_labels, const container_config_v2_common_config *common_config,
+ container_container *isuladinfo)
+{
+ if (map_labels == NULL || common_config == NULL || isuladinfo == NULL) {
+ return -1;
}
+
+ dup_id_name(common_config, isuladinfo);
+
isuladinfo->restartcount = (uint64_t)common_config->restart_count;
-out:
- return ret;
+
+ dup_container_labels(map_labels, common_config, isuladinfo);
+
+ dup_container_annotations(common_config, isuladinfo);
+
+ dup_container_created_time(common_config, isuladinfo);
+
+ return 0;
}
static int container_info_match(const struct list_context *ctx, const map_t *map_labels,
@@ -413,7 +442,6 @@ static int fill_isuladinfo(container_container *isuladinfo, const container_conf
char *image = NULL;
char *timestr = NULL;
char *defvalue = "-";
- int64_t created_nanos = 0;
ret = convert_common_config_info(map_labels, cont->common_config, isuladinfo);
if (ret != 0) {
@@ -438,14 +466,6 @@ static int fill_isuladinfo(container_container *isuladinfo, const container_conf
isuladinfo->runtime = cont->runtime ? util_strdup_s(cont->runtime) : util_strdup_s("none");
isuladinfo->health_state = container_get_health_state(cont_state);
- if (cont->common_config->created != NULL) {
- ret = util_to_unix_nanos_from_str(cont->common_config->created, &created_nanos);
- if (ret != 0) {
- goto out;
- }
- }
-
- isuladinfo->created = created_nanos;
out:
return ret;
--
2.25.1

638
0019-add-g_oci_image_module_data-in-oci-image-module.patch
View File

@ -1,638 +0,0 @@
From 0f4d5658caf7e3870b126c3e2314cfc1edc35419 Mon Sep 17 00:00:00 2001
From: zhangxiaoyu <zhangxiaoyu58@huawei.com>
Date: Tue, 1 Dec 2020 14:39:59 +0800
Subject: [PATCH] add g_oci_image_module_data in oci image module
Signed-off-by: zhangxiaoyu <zhangxiaoyu58@huawei.com>
---
src/daemon/modules/image/CMakeLists.txt | 2 -
src/daemon/modules/image/oci/oci_image.c | 93 ++++++++++++++++++-
src/daemon/modules/image/oci/oci_image.h | 13 +++
src/daemon/modules/image/oci/oci_load.c | 7 +-
src/daemon/modules/image/oci/oci_login.c | 10 +-
src/daemon/modules/image/oci/oci_pull.c | 13 ++-
.../modules/image/oci/registry/registry.c | 14 ++-
src/daemon/modules/image/oci/utils_images.c | 25 ++---
src/daemon/modules/image/oci/utils_images.h | 5 +-
test/image/oci/registry/CMakeLists.txt | 2 -
test/image/oci/registry/registry_ut.cc | 56 ++++++-----
test/mocks/oci_image_mock.cc | 8 ++
test/mocks/oci_image_mock.h | 1 +
13 files changed, 182 insertions(+), 67 deletions(-)
diff --git a/src/daemon/modules/image/CMakeLists.txt b/src/daemon/modules/image/CMakeLists.txt
index a92799a0..00a096e3 100644
--- a/src/daemon/modules/image/CMakeLists.txt
+++ b/src/daemon/modules/image/CMakeLists.txt
@@ -67,8 +67,6 @@ add_library(${LIB_ISULAD_IMG} ${LIBTYPE}
${CMAKE_SOURCE_DIR}/src/utils/buffer/buffer.c
${CMAKE_SOURCE_DIR}/src/daemon/common/err_msg.c
${CMAKE_SOURCE_DIR}/src/daemon/common/selinux_label.c
- ${CMAKE_SOURCE_DIR}/src/daemon/config/isulad_config.c
- ${CMAKE_SOURCE_DIR}/src/daemon/config/daemon_arguments.c
${CMAKE_SOURCE_DIR}/src/daemon/common/sysinfo.c
${CMAKE_SOURCE_DIR}/src/utils/tar/isulad_tar.c
${CMAKE_SOURCE_DIR}/src/utils/tar/util_archive.c
diff --git a/src/daemon/modules/image/oci/oci_image.c b/src/daemon/modules/image/oci/oci_image.c
index f4fa1e88..461fbf10 100644
--- a/src/daemon/modules/image/oci/oci_image.c
+++ b/src/daemon/modules/image/oci/oci_image.c
@@ -39,6 +39,90 @@
#define IMAGE_NOT_KNOWN_ERR "image not known"
+struct oci_image_module_data g_oci_image_module_data = { 0 };
+
+static void free_oci_image_data(void)
+{
+ free(g_oci_image_module_data.root_dir);
+ g_oci_image_module_data.root_dir = NULL;
+
+ g_oci_image_module_data.use_decrypted_key = false;
+ g_oci_image_module_data.insecure_skip_verify_enforce = false;
+
+ util_free_array_by_len(g_oci_image_module_data.registry_mirrors, g_oci_image_module_data.registry_mirrors_len);
+ g_oci_image_module_data.registry_mirrors = NULL;
+ g_oci_image_module_data.registry_mirrors_len = 0;
+
+ util_free_array_by_len(g_oci_image_module_data.insecure_registries, g_oci_image_module_data.insecure_registries_len);
+ g_oci_image_module_data.insecure_registries = NULL;
+ g_oci_image_module_data.insecure_registries_len = 0;
+}
+
+static int oci_image_data_init(const isulad_daemon_configs *args)
+{
+ int nret = 0;
+ size_t i;
+ char *p = NULL;
+
+ if (args->graph == NULL) {
+ ERROR("args graph NULL");
+ return -1;
+ }
+ g_oci_image_module_data.root_dir = util_strdup_s(args->graph);
+
+ g_oci_image_module_data.use_decrypted_key = args->use_decrypted_key;
+ g_oci_image_module_data.insecure_skip_verify_enforce = args->insecure_skip_verify_enforce;
+
+ if (util_array_len((const char **)args->registry_mirrors) != args->registry_mirrors_len) {
+ ERROR("registry_mirrors_len is not the length of registry_mirrors");
+ goto free_out;
+ }
+ if (args->registry_mirrors_len != 0) {
+ for (i = 0; i < args->registry_mirrors_len; i++) {
+ p = args->registry_mirrors[i];
+ if (p == NULL) {
+ break;
+ }
+ nret = util_array_append(&g_oci_image_module_data.registry_mirrors, p);
+ if (nret != 0) {
+ ERROR("Out of memory");
+ goto free_out;
+ }
+ g_oci_image_module_data.registry_mirrors_len++;
+ }
+ }
+
+ if (util_array_len((const char **)args->insecure_registries) != args->insecure_registries_len) {
+ ERROR("insecure_registries_len is not the length of insecure_registries");
+ goto free_out;
+ }
+ if (args->insecure_registries_len != 0) {
+ for (i = 0; i < args->insecure_registries_len; i++) {
+ p = args->insecure_registries[i];
+ if (p == NULL) {
+ break;
+ }
+ nret = util_array_append(&g_oci_image_module_data.insecure_registries, p);
+ if (nret != 0) {
+ ERROR("Out of memory");
+ goto free_out;
+ }
+ g_oci_image_module_data.insecure_registries_len++;
+ }
+ }
+
+ return 0;
+
+free_out:
+ free_oci_image_data();
+ return -1;
+}
+
+struct oci_image_module_data *get_oci_image_data(void)
+{
+ return &g_oci_image_module_data;
+}
+
// only use overlay as the driver name if specify overlay2 or overlay
static char *format_driver_name(const char *driver)
{
@@ -155,7 +239,7 @@ static int recreate_image_tmpdir()
char *image_tmp_path = NULL;
int ret = 0;
- image_tmp_path = oci_get_isulad_tmpdir();
+ image_tmp_path = oci_get_isulad_tmpdir(g_oci_image_module_data.root_dir);
if (image_tmp_path == NULL) {
ERROR("failed to get image tmp path");
ret = -1;
@@ -189,6 +273,12 @@ int oci_init(const isulad_daemon_configs *args)
return ret;
}
+ ret = oci_image_data_init(args);
+ if (ret != 0) {
+ ERROR("Failed to init oci image");
+ goto out;
+ }
+
ret = recreate_image_tmpdir();
if (ret != 0) {
goto out;
@@ -213,6 +303,7 @@ out:
void oci_exit()
{
storage_module_exit();
+ free_oci_image_data();
}
int oci_pull_rf(const im_pull_request *request, im_pull_response *response)
diff --git a/src/daemon/modules/image/oci/oci_image.h b/src/daemon/modules/image/oci/oci_image.h
index a452213d..64a4d8e8 100644
--- a/src/daemon/modules/image/oci/oci_image.h
+++ b/src/daemon/modules/image/oci/oci_image.h
@@ -27,6 +27,19 @@
extern "C" {
#endif
+struct oci_image_module_data {
+ char *root_dir;
+ bool use_decrypted_key;
+ bool insecure_skip_verify_enforce;
+
+ char **registry_mirrors;
+ size_t registry_mirrors_len;
+
+ char **insecure_registries;
+ size_t insecure_registries_len;
+};
+struct oci_image_module_data *get_oci_image_data(void);
+
int oci_init(const isulad_daemon_configs *args);
void oci_exit();
diff --git a/src/daemon/modules/image/oci/oci_load.c b/src/daemon/modules/image/oci/oci_load.c
index 97cff34b..80647253 100644
--- a/src/daemon/modules/image/oci/oci_load.c
+++ b/src/daemon/modules/image/oci/oci_load.c
@@ -41,6 +41,7 @@
#include "utils_array.h"
#include "utils_file.h"
#include "utils_verify.h"
+#include "oci_image.h"
#define MANIFEST_BIG_DATA_KEY "manifest"
#define OCI_SCHEMA_VERSION 2
@@ -1013,14 +1014,16 @@ static char *oci_load_path_create()
int nret = 0;
char *image_tmp_path = NULL;
char tmp_dir[PATH_MAX] = { 0 };
+ struct oci_image_module_data *oci_image_data = NULL;
- ret = makesure_isulad_tmpdir_perm_right();
+ oci_image_data = get_oci_image_data();
+ ret = makesure_isulad_tmpdir_perm_right(oci_image_data->root_dir);
if (ret != 0) {
ERROR("failed to make sure permission of image tmp work dir");
goto out;
}
- image_tmp_path = oci_get_isulad_tmpdir();
+ image_tmp_path = oci_get_isulad_tmpdir(oci_image_data->root_dir);
if (image_tmp_path == NULL) {
ERROR("failed to get image tmp work dir");
ret = -1;
diff --git a/src/daemon/modules/image/oci/oci_login.c b/src/daemon/modules/image/oci/oci_login.c
index b95e00e8..547bfc69 100644
--- a/src/daemon/modules/image/oci/oci_login.c
+++ b/src/daemon/modules/image/oci/oci_login.c
@@ -23,6 +23,7 @@
#include "isulad_config.h"
#include "utils_array.h"
#include "utils_string.h"
+#include "oci_image.h"
static int is_valid_arguments(const char *server, const char *username, const char *password)
{
@@ -47,6 +48,7 @@ int oci_do_login(const char *server, const char *username, const char *password)
char **registry = NULL;
char *host = NULL;
char **parts = NULL;
+ struct oci_image_module_data *oci_image_data = NULL;
if (is_valid_arguments(server, username, password) != 0) {
ERROR("Invalid arguments");
@@ -60,8 +62,10 @@ int oci_do_login(const char *server, const char *username, const char *password)
}
host = parts[0];
- options.skip_tls_verify = conf_get_skip_insecure_verify_flag();
- insecure_registries = conf_get_insecure_registry_list();
+ oci_image_data = get_oci_image_data();
+ options.skip_tls_verify = oci_image_data->insecure_skip_verify_enforce;
+
+ insecure_registries = oci_image_data->insecure_registries;
for (registry = insecure_registries; (registry != NULL) && (*registry != NULL); registry++) {
if (!strcmp(*registry, host)) {
options.insecure_registry = true;
@@ -81,8 +85,6 @@ int oci_do_login(const char *server, const char *username, const char *password)
out:
util_free_array(parts);
parts = NULL;
- util_free_array(insecure_registries);
- insecure_registries = NULL;
return ret;
}
diff --git a/src/daemon/modules/image/oci/oci_pull.c b/src/daemon/modules/image/oci/oci_pull.c
index 9d94b663..71807553 100644
--- a/src/daemon/modules/image/oci/oci_pull.c
+++ b/src/daemon/modules/image/oci/oci_pull.c
@@ -29,6 +29,7 @@
#include "utils_array.h"
#include "utils_base64.h"
#include "utils_string.h"
+#include "oci_image.h"
static int decode_auth(const char *auth, char **username, char **password)
{
@@ -95,6 +96,7 @@ static int pull_image(const im_pull_request *request, char **name)
char **mirror = NULL;
char *host = NULL;
char *with_tag = NULL;
+ struct oci_image_module_data *oci_image_data = NULL;
options = (registry_pull_options *)util_common_calloc_s(sizeof(registry_pull_options));
if (options == NULL) {
@@ -113,8 +115,9 @@ static int pull_image(const im_pull_request *request, char **name)
options->auth.password = util_strdup_s(request->password);
}
- options->skip_tls_verify = conf_get_skip_insecure_verify_flag();
- insecure_registries = conf_get_insecure_registry_list();
+ oci_image_data = get_oci_image_data();
+ options->skip_tls_verify = oci_image_data->insecure_skip_verify_enforce;
+ insecure_registries = oci_image_data->insecure_registries;
host = oci_get_host(request->image);
if (host != NULL) {
@@ -127,7 +130,7 @@ static int pull_image(const im_pull_request *request, char **name)
goto out;
}
} else {
- registry_mirrors = conf_get_registry_list();
+ registry_mirrors = oci_image_data->registry_mirrors;
if (registry_mirrors == NULL) {
ERROR("Invalid image name %s, no host found", request->image);
isulad_try_set_error_message("Invalid image name, no host found");
@@ -160,10 +163,6 @@ static int pull_image(const im_pull_request *request, char **name)
out:
free(host);
host = NULL;
- util_free_array(registry_mirrors);
- registry_mirrors = NULL;
- util_free_array(insecure_registries);
- insecure_registries = NULL;
free_registry_pull_options(options);
options = NULL;
diff --git a/src/daemon/modules/image/oci/registry/registry.c b/src/daemon/modules/image/oci/registry/registry.c
index a94d10b1..b280f96b 100644
--- a/src/daemon/modules/image/oci/registry/registry.c
+++ b/src/daemon/modules/image/oci/registry/registry.c
@@ -52,6 +52,7 @@
#include "utils_string.h"
#include "utils_timestamp.h"
#include "utils_verify.h"
+#include "oci_image.h"
#define MANIFEST_BIG_DATA_KEY "manifest"
#define MAX_CONCURRENT_DOWNLOAD_NUM 5
@@ -1685,6 +1686,7 @@ static int prepare_pull_desc(pull_descriptor *desc, registry_pull_options *optio
char blobpath[PATH_MAX] = { 0 };
char scope[PATH_MAX] = { 0 };
char *image_tmp_path = NULL;
+ struct oci_image_module_data *oci_image_data = NULL;
if (desc == NULL || options == NULL) {
ERROR("Invalid NULL param");
@@ -1718,13 +1720,14 @@ static int prepare_pull_desc(pull_descriptor *desc, registry_pull_options *optio
update_host(desc);
- ret = makesure_isulad_tmpdir_perm_right();
+ oci_image_data = get_oci_image_data();
+ ret = makesure_isulad_tmpdir_perm_right(oci_image_data->root_dir);
if (ret != 0) {
ERROR("failed to make sure permission of image tmp work dir");
goto out;
}
- image_tmp_path = oci_get_isulad_tmpdir();
+ image_tmp_path = oci_get_isulad_tmpdir(oci_image_data->root_dir);
if (image_tmp_path == NULL) {
ERROR("failed to get image tmp work dir");
ret = -1;
@@ -1755,7 +1758,7 @@ static int prepare_pull_desc(pull_descriptor *desc, registry_pull_options *optio
desc->dest_image_name = util_strdup_s(options->dest_image_name);
desc->scope = util_strdup_s(scope);
desc->blobpath = util_strdup_s(blobpath);
- desc->use_decrypted_key = conf_get_use_decrypted_key_flag();
+ desc->use_decrypted_key = oci_image_data->use_decrypted_key;
desc->skip_tls_verify = options->skip_tls_verify;
desc->insecure_registry = options->insecure_registry;
desc->cancel = false;
@@ -1928,6 +1931,7 @@ int registry_login(registry_login_options *options)
{
int ret = 0;
pull_descriptor *desc = NULL;
+ struct oci_image_module_data *oci_image_data = NULL;
if (options == NULL || options->host == NULL || options->auth.username == NULL || options->auth.password == NULL ||
strlen(options->auth.username) == 0 || strlen(options->auth.password) == 0) {
@@ -1942,9 +1946,11 @@ int registry_login(registry_login_options *options)
goto out;
}
+ oci_image_data = get_oci_image_data();
+
desc->host = util_strdup_s(options->host);
update_host(desc);
- desc->use_decrypted_key = conf_get_use_decrypted_key_flag();
+ desc->use_decrypted_key = oci_image_data->use_decrypted_key;
desc->skip_tls_verify = options->skip_tls_verify;
desc->insecure_registry = options->insecure_registry;
desc->username = util_strdup_s(options->auth.username);
diff --git a/src/daemon/modules/image/oci/utils_images.c b/src/daemon/modules/image/oci/utils_images.c
index 7eddd25c..a909b0f3 100644
--- a/src/daemon/modules/image/oci/utils_images.c
+++ b/src/daemon/modules/image/oci/utils_images.c
@@ -516,16 +516,13 @@ static int makesure_path_is_dir(char *path)
return 0;
}
-char *oci_get_isulad_tmpdir()
+char *oci_get_isulad_tmpdir(const char *root_dir)
{
char *isulad_tmpdir = NULL;
- char *isulad_root_dir = NULL;
char *env_dir = NULL;
- int ret = 0;
- isulad_root_dir = conf_get_isulad_rootdir();
- if (isulad_root_dir == NULL) {
- ERROR("get isulad root dir failed");
+ if (root_dir == NULL) {
+ ERROR("root dir is NULL");
return NULL;
}
@@ -533,31 +530,23 @@ char *oci_get_isulad_tmpdir()
if (util_valid_str(env_dir)) {
isulad_tmpdir = util_path_join(env_dir, "isulad_tmpdir");
} else {
- isulad_tmpdir = util_path_join(isulad_root_dir, "isulad_tmpdir");
+ isulad_tmpdir = util_path_join(root_dir, "isulad_tmpdir");
}
if (isulad_tmpdir == NULL) {
ERROR("join temporary directory failed");
- ret = -1;
- goto out;
- }
-
-out:
- free(isulad_root_dir);
- if (ret != 0) {
- free(isulad_tmpdir);
- isulad_tmpdir = NULL;
+ return NULL;
}
return isulad_tmpdir;
}
-int makesure_isulad_tmpdir_perm_right()
+int makesure_isulad_tmpdir_perm_right(const char *root_dir)
{
struct stat st = {0};
char *isulad_tmpdir = NULL;
int ret = 0;
- isulad_tmpdir = oci_get_isulad_tmpdir();
+ isulad_tmpdir = oci_get_isulad_tmpdir(root_dir);
if (isulad_tmpdir == NULL) {
return -1;
}
diff --git a/src/daemon/modules/image/oci/utils_images.h b/src/daemon/modules/image/oci/utils_images.h
index cebcc796..4e13c76c 100644
--- a/src/daemon/modules/image/oci/utils_images.h
+++ b/src/daemon/modules/image/oci/utils_images.h
@@ -39,7 +39,6 @@ extern "C" {
#define REPO_PREFIX_TO_STRIP "library/"
#define MAX_ID_BUF_LEN 256
-
char *oci_get_host(const char *name);
char *oci_host_from_mirror(const char *mirror);
char *oci_default_tag(const char *name);
@@ -54,8 +53,8 @@ int add_rootfs_and_history(const layer_blob *layers, size_t layers_len, const re
docker_image_config_v2 *config);
bool oci_valid_time(char *time);
-char *oci_get_isulad_tmpdir();
-int makesure_isulad_tmpdir_perm_right();
+char *oci_get_isulad_tmpdir(const char *root_dir);
+int makesure_isulad_tmpdir_perm_right(const char *root_dir);
#ifdef __cplusplus
}
diff --git a/test/image/oci/registry/CMakeLists.txt b/test/image/oci/registry/CMakeLists.txt
index 36e7cab8..cfc7da87 100644
--- a/test/image/oci/registry/CMakeLists.txt
+++ b/test/image/oci/registry/CMakeLists.txt
@@ -19,7 +19,6 @@ add_executable(${EXE}
${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/utils/cutils/utils_timestamp.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/daemon/modules/image/oci/utils_images.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/daemon/common/err_msg.c
- ${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/daemon/config/daemon_arguments.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/utils/http/parser.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/utils/buffer/buffer.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/utils/cutils/utils_aes.c
@@ -36,7 +35,6 @@ add_executable(${EXE}
${CMAKE_CURRENT_SOURCE_DIR}/../../../mocks/storage_mock.cc
${CMAKE_CURRENT_SOURCE_DIR}/../../../mocks/oci_image_mock.cc
${CMAKE_CURRENT_SOURCE_DIR}/../../../mocks/http_mock.cc
- ${CMAKE_CURRENT_SOURCE_DIR}/../../../mocks/isulad_config_mock.cc
registry_ut.cc)
target_include_directories(${EXE} PUBLIC
diff --git a/test/image/oci/registry/registry_ut.cc b/test/image/oci/registry/registry_ut.cc
index 4b264424..f0e35dc0 100644
--- a/test/image/oci/registry/registry_ut.cc
+++ b/test/image/oci/registry/registry_ut.cc
@@ -73,7 +73,28 @@ std::string get_dir()
return static_cast<std::string>(abs_path) + "../../../../../test/image/oci/registry";
}
-void mockCommonAll(MockStorage *mock, MockOciImage *oci_image_mock, MockIsuladConf *isulad_conf_mock);
+void mockCommonAll(MockStorage *mock, MockOciImage *oci_image_mock);
+
+static struct oci_image_module_data g_oci_image_registry = { 0 };
+
+static void oci_image_registry_init()
+{
+ g_oci_image_registry.root_dir = util_strdup_s(get_dir().c_str());
+ g_oci_image_registry.use_decrypted_key = true;
+}
+
+static struct oci_image_module_data *invokeGetOciImageData()
+{
+ return &g_oci_image_registry;
+}
+
+static void oci_image_registry_exit()
+{
+ free(g_oci_image_registry.root_dir);
+ g_oci_image_registry.root_dir = NULL;
+
+ g_oci_image_registry.use_decrypted_key = false;
+}
class RegistryUnitTest : public testing::Test {
protected:
@@ -82,8 +103,8 @@ protected:
MockHttp_SetMock(&m_http_mock);
MockStorage_SetMock(&m_storage_mock);
MockOciImage_SetMock(&m_oci_image_mock);
- MockIsuladConf_SetMock(&m_isulad_conf_mock);
- mockCommonAll(&m_storage_mock, &m_oci_image_mock, &m_isulad_conf_mock);
+ mockCommonAll(&m_storage_mock, &m_oci_image_mock);
+ oci_image_registry_init();
}
void TearDown() override
@@ -91,13 +112,12 @@ protected:
MockHttp_SetMock(nullptr);
MockStorage_SetMock(nullptr);
MockOciImage_SetMock(nullptr);
- MockIsuladConf_SetMock(nullptr);
+ oci_image_registry_exit();
}
NiceMock<MockHttp> m_http_mock;
NiceMock<MockStorage> m_storage_mock;
NiceMock<MockOciImage> m_oci_image_mock;
- NiceMock<MockIsuladConf> m_isulad_conf_mock;
};
int invokeHttpRequestV1(const char *url, struct http_get_options *options, long *response_code, int recursive_len)
@@ -505,17 +525,7 @@ static int init_log()
return 0;
}
-static char *invokeConfGetISuladRootDir()
-{
- return util_strdup_s(get_dir().c_str());
-}
-
-static bool invokeConfGetUseDecryptedKeyFlag()
-{
- return true;
-}
-
-void mockCommonAll(MockStorage *mock, MockOciImage *oci_image_mock, MockIsuladConf *isulad_conf_mock)
+void mockCommonAll(MockStorage *mock, MockOciImage *oci_image_mock)
{
EXPECT_CALL(*mock, StorageImgCreate(::testing::_, ::testing::_, ::testing::_, ::testing::_))
.WillRepeatedly(Invoke(invokeStorageImgCreate));
@@ -549,10 +559,8 @@ void mockCommonAll(MockStorage *mock, MockOciImage *oci_image_mock, MockIsuladCo
.WillRepeatedly(Invoke(invokeFreeLayer));
EXPECT_CALL(*oci_image_mock, OciValidTime(::testing::_))
.WillRepeatedly(Invoke(invokeOciValidTime));
- EXPECT_CALL(*isulad_conf_mock, ConfGetISuladRootDir())
- .WillRepeatedly(Invoke(invokeConfGetISuladRootDir));
- EXPECT_CALL(*isulad_conf_mock, ConfGetUseDecryptedKeyFlag())
- .WillRepeatedly(Invoke(invokeConfGetUseDecryptedKeyFlag));
+ EXPECT_CALL(*oci_image_mock, GetOciImageData())
+ .WillRepeatedly(Invoke(invokeGetOciImageData));
return;
}
@@ -610,7 +618,7 @@ TEST_F(RegistryUnitTest, test_pull_v1_image)
EXPECT_CALL(m_http_mock, HttpRequest(::testing::_, ::testing::_, ::testing::_, ::testing::_))
.WillRepeatedly(Invoke(invokeHttpRequestV1));
- mockCommonAll(&m_storage_mock, &m_oci_image_mock, &m_isulad_conf_mock);
+ mockCommonAll(&m_storage_mock, &m_oci_image_mock);
ASSERT_EQ(registry_pull(&options), 0);
ASSERT_EQ(registry_pull(&options), 0);
@@ -670,7 +678,7 @@ TEST_F(RegistryUnitTest, test_pull_v2_image)
EXPECT_CALL(m_http_mock, HttpRequest(::testing::_, ::testing::_, ::testing::_, ::testing::_))
.WillRepeatedly(Invoke(invokeHttpRequestV2));
- mockCommonAll(&m_storage_mock, &m_oci_image_mock, &m_isulad_conf_mock);
+ mockCommonAll(&m_storage_mock, &m_oci_image_mock);
// test retry success
ASSERT_EQ(registry_pull(&options), 0);
@@ -704,7 +712,7 @@ TEST_F(RegistryUnitTest, test_pull_oci_image)
options->insecure_registry = false;
EXPECT_CALL(m_http_mock, HttpRequest(::testing::_, ::testing::_, ::testing::_, ::testing::_))
.WillRepeatedly(Invoke(invokeHttpRequestOCI));
- mockCommonAll(&m_storage_mock, &m_oci_image_mock, &m_isulad_conf_mock);
+ mockCommonAll(&m_storage_mock, &m_oci_image_mock);
ASSERT_EQ(registry_pull(options), 0);
free_registry_pull_options(options);
@@ -722,7 +730,7 @@ TEST_F(RegistryUnitTest, test_pull_already_exist)
EXPECT_CALL(m_http_mock, HttpRequest(::testing::_, ::testing::_, ::testing::_, ::testing::_))
.WillRepeatedly(Invoke(invokeHttpRequestV2));
- mockCommonAll(&m_storage_mock, &m_oci_image_mock, &m_isulad_conf_mock);
+ mockCommonAll(&m_storage_mock, &m_oci_image_mock);
EXPECT_CALL(m_storage_mock, StorageLayerGet(::testing::_))
.WillRepeatedly(Invoke(invokeStorageLayerGet1));
ASSERT_EQ(registry_pull(&options), 0);
diff --git a/test/mocks/oci_image_mock.cc b/test/mocks/oci_image_mock.cc
index 51987f62..c6451005 100644
--- a/test/mocks/oci_image_mock.cc
+++ b/test/mocks/oci_image_mock.cc
@@ -31,3 +31,11 @@ bool oci_valid_time(char *time)
}
return false;
}
+
+struct oci_image_module_data *get_oci_image_data(void)
+{
+ if (g_oci_image_mock != nullptr) {
+ return g_oci_image_mock->GetOciImageData();
+ }
+ return { 0 };
+}
diff --git a/test/mocks/oci_image_mock.h b/test/mocks/oci_image_mock.h
index 16b2a3c5..cd1db1fd 100644
--- a/test/mocks/oci_image_mock.h
+++ b/test/mocks/oci_image_mock.h
@@ -23,6 +23,7 @@ class MockOciImage {
public:
virtual ~MockOciImage() = default;
MOCK_METHOD1(OciValidTime, bool(char *time));
+ MOCK_METHOD0(GetOciImageData, struct oci_image_module_data * ());
};
void MockOciImage_SetMock(MockOciImage *mock);
--
2.25.1

31
0020-translate-absolute-path-to-relative-path-when-unpack.patch
View File

@ -1,31 +0,0 @@
From 8dca81df2e93e7b91b53213adfcd469d4fbb84e8 Mon Sep 17 00:00:00 2001
From: WangFengTu <wangfengtu@huawei.com>
Date: Mon, 7 Dec 2020 14:49:34 +0800
Subject: [PATCH] translate absolute path to relative path when unpack
Signed-off-by: WangFengTu <wangfengtu@huawei.com>
---
src/utils/tar/util_archive.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/src/utils/tar/util_archive.c b/src/utils/tar/util_archive.c
index 85f75c7f..581503fd 100644
--- a/src/utils/tar/util_archive.c
+++ b/src/utils/tar/util_archive.c
@@ -375,6 +375,13 @@ int archive_unpack_handler(const struct io_read_wrapper *content, const char *ds
continue;
}
+ // if path in archive is absolute, we need to translate it to relative because
+ // libarchive can not support absolute path when unpack
+ pathname = archive_entry_pathname(entry);
+ if (pathname != NULL && pathname[0] == '/') {
+ archive_entry_set_pathname(entry, pathname + 1);
+ }
+
ret = archive_write_header(ext, entry);
if (ret != ARCHIVE_OK) {
ERROR("Fail to handle tar header: %s", archive_error_string(ext));
--
2.25.1

44
0021-clean-code-fix-check-error-in-terminal.c-and-volume_.patch
View File

@ -1,44 +0,0 @@
From f28afb0aeea9ff6465400825a64a3d28f83f187a Mon Sep 17 00:00:00 2001
From: lifeng68 <lifeng68@huawei.com>
Date: Mon, 7 Dec 2020 14:48:05 +0800
Subject: [PATCH] clean code: fix check error in terminal.c and volume_cb.c
Signed-off-by: lifeng68 <lifeng68@huawei.com>
---
src/cmd/isulad-shim/terminal.c | 5 +++--
src/daemon/executor/volume_cb/volume_cb.c | 2 +-
2 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/src/cmd/isulad-shim/terminal.c b/src/cmd/isulad-shim/terminal.c
index 9b7d55e6..f803b634 100644
--- a/src/cmd/isulad-shim/terminal.c
+++ b/src/cmd/isulad-shim/terminal.c
@@ -268,9 +268,10 @@ void shim_write_container_log_file(log_terminal *terminal, const char *type, cha
}
if (buf != NULL && read_count > 0) {
- upto = size + read_count;
- if (upto > BUF_CACHE_SIZE) {
+ if (read_count > (BUF_CACHE_SIZE - size)) {
upto = BUF_CACHE_SIZE;
+ } else {
+ upto = size + read_count;
}
if (upto > size) {
diff --git a/src/daemon/executor/volume_cb/volume_cb.c b/src/daemon/executor/volume_cb/volume_cb.c
index 8efddad9..13f99517 100644
--- a/src/daemon/executor/volume_cb/volume_cb.c
+++ b/src/daemon/executor/volume_cb/volume_cb.c
@@ -70,7 +70,7 @@ static int volume_list_cb(const volume_list_volume_request *request, volume_list
goto out;
}
- (*response)->volumes = util_common_calloc_s(sizeof(volume_volume *) * list->vols_len);
+ (*response)->volumes = util_smart_calloc_s(sizeof(volume_volume *), list->vols_len);
if ((*response)->volumes == NULL) {
ERROR("out of memory");
cc = ISULAD_ERR_MEMOUT;
--
2.25.1

31
0022-iSulad-bugfix-args-use_decrypted_key-is-a-pointer.patch
View File

@ -1,31 +0,0 @@
From e744a909cdb3a88ca4cbbe92385e70bf29c690a0 Mon Sep 17 00:00:00 2001
From: zhangxiaoyu <zhangxiaoyu58@huawei.com>
Date: Mon, 7 Dec 2020 16:28:19 +0800
Subject: [PATCH] iSulad: bugfix, args->use_decrypted_key is a pointer
Signed-off-by: zhangxiaoyu <zhangxiaoyu58@huawei.com>
---
src/daemon/modules/image/oci/oci_image.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/src/daemon/modules/image/oci/oci_image.c b/src/daemon/modules/image/oci/oci_image.c
index 461fbf10..773803fa 100644
--- a/src/daemon/modules/image/oci/oci_image.c
+++ b/src/daemon/modules/image/oci/oci_image.c
@@ -70,7 +70,12 @@ static int oci_image_data_init(const isulad_daemon_configs *args)
}
g_oci_image_module_data.root_dir = util_strdup_s(args->graph);
- g_oci_image_module_data.use_decrypted_key = args->use_decrypted_key;
+ if (args->use_decrypted_key == NULL) {
+ g_oci_image_module_data.use_decrypted_key = true;
+ } else {
+ g_oci_image_module_data.use_decrypted_key = *(args->use_decrypted_key);
+ }
+
g_oci_image_module_data.insecure_skip_verify_enforce = args->insecure_skip_verify_enforce;
if (util_array_len((const char **)args->registry_mirrors) != args->registry_mirrors_len) {
--
2.25.1

29
0023-verify-peer-only-if-CA-configed.patch
View File

@ -1,29 +0,0 @@
From b09d3c39641e66160f588b66ac8c3b88cfd726a8 Mon Sep 17 00:00:00 2001
From: WangFengTu <wangfengtu@huawei.com>
Date: Mon, 7 Dec 2020 16:26:42 +0800
Subject: [PATCH] verify peer only if CA configed
rollback ssl verify check condition because some system
do not have certs configed by default.
Signed-off-by: WangFengTu <wangfengtu@huawei.com>
---
src/daemon/modules/image/oci/registry/http_request.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/daemon/modules/image/oci/registry/http_request.c b/src/daemon/modules/image/oci/registry/http_request.c
index fb44a7b6..60644ed5 100644
--- a/src/daemon/modules/image/oci/registry/http_request.c
+++ b/src/daemon/modules/image/oci/registry/http_request.c
@@ -118,7 +118,7 @@ static int setup_ssl_config(pull_descriptor *desc, struct http_get_options *opti
}
}
- if (!desc->insecure_registry) {
+ if (options->ca_file != NULL) {
options->ssl_verify_peer = true;
}
--
2.25.1

34
iSulad.spec
View File

@ -1,5 +1,5 @@
%global _version 2.0.7 %global _version 2.0.8
%global _release 20201207.151847.gita1fce123 %global _release 20201230.155843.git6557a6eb
%global is_systemd 1 %global is_systemd 1
Name: iSulad Name: iSulad
@ -12,30 +12,6 @@ Source: https://gitee.com/openeuler/iSulad/repository/archive/v%{version}.tar
BuildRoot: {_tmppath}/iSulad-%{version} BuildRoot: {_tmppath}/iSulad-%{version}
ExclusiveArch: x86_64 aarch64 ExclusiveArch: x86_64 aarch64
Patch0001: 0001-Add-a-solution-to-the-gpgkey-problem.patch
Patch0002: 0002-change-default-tmp-directory-from-var-tmp-to-var-lib.patch
Patch0003: 0003-update-api.proto-to-v1.19.3-according-to-kubelet.patch
Patch0004: 0004-adapt-CI-ISULAD_TMPDIR-testcases.patch
Patch0005: 0005-listening-127.0.0.1-port-in-cri-stream-websocket-ser.patch
Patch0006: 0006-using-64-bit-unique-token-in-CRI-websockets-server-R.patch
Patch0007: 0007-add-mock-conf_get_use_decrypted_key_flag-and-setup-a.patch
Patch0008: 0008-show-all-mutl-network-ips.patch
Patch0009: 0009-iSulad-only-qsort-the-configed-mounts.patch
Patch0010: 0010-CI-add-testcases-for-bind-proc-and-sys-fs.patch
Patch0011: 0011-verify-peer-if-it-s-secure-registry.patch
Patch0012: 0012-make-sure-all-certs-load-success-if-any-provided.patch
Patch0013: 0013-add-ch-docs-for-install-iSulad.patch
Patch0014: 0014-error-out-if-unpack-layer-failed.patch
Patch0015: 0015-ignore-get-ip-error-for-mutlnetwork.patch
Patch0016: 0016-support-default-container-log-options.patch
Patch0017: 0017-add-testcase-for-default-container-log-configs.patch
Patch0018: 0018-clean-code-ignore-list-containers-error.patch
Patch0019: 0019-add-g_oci_image_module_data-in-oci-image-module.patch
Patch0020: 0020-translate-absolute-path-to-relative-path-when-unpack.patch
Patch0021: 0021-clean-code-fix-check-error-in-terminal.c-and-volume_.patch
Patch0022: 0022-iSulad-bugfix-args-use_decrypted_key-is-a-pointer.patch
Patch0023: 0023-verify-peer-only-if-CA-configed.patch
%ifarch x86_64 aarch64 %ifarch x86_64 aarch64
Provides: libhttpclient.so()(64bit) Provides: libhttpclient.so()(64bit)
Provides: libisula.so()(64bit) Provides: libisula.so()(64bit)
@ -237,6 +213,12 @@ fi
%endif %endif
%changelog %changelog
* Wed Dec 30 2020 lifeng <lifeng68@huawei.com> - 2.0.8-20201230.155843.git6557a6eb
- Type: update to v2.0.8
- ID: NA
- SUG: NA
- DESC: update from master
* Mon Dec 7 2020 zhangxiaoyu <zhangxiaoyu58@huawei.com> - 2.0.7-20201207.151847.gita1fce123 * Mon Dec 7 2020 zhangxiaoyu <zhangxiaoyu58@huawei.com> - 2.0.7-20201207.151847.gita1fce123
- Type: update - Type: update
- ID: NA - ID: NA

BIN
v2.0.7.tar.gz → v2.0.8.tar.gz
View File

Binary file not shown.