From b7b149d14e5151de48fbee2d43c12bdf9dd829cc Mon Sep 17 00:00:00 2001
From: zhangxiaoyu <zhangxiaoyu58@huawei.com>
Date: Wed, 7 Sep 2022 10:31:03 +0800
Subject: [PATCH] sycn patches from openeuler/iSulad

Signed-off-by: zhangxiaoyu <zhangxiaoyu58@huawei.com>
---
 0001-fix-memleak.patch                        |   6 +-
 ...ancode-about-rest-register-container.patch |  12 +-
 0003-adapt-to-openssl-3.0.patch               | 284 ++++++++
 0004-remove-redundant-header-files.patch      |  25 +
 0005-add-isulad-args.patch                    | 644 ++++++++++++++++++
 iSulad.spec                                   |  15 +-
 6 files changed, 974 insertions(+), 12 deletions(-)
 create mode 100644 0003-adapt-to-openssl-3.0.patch
 create mode 100644 0004-remove-redundant-header-files.patch
 create mode 100644 0005-add-isulad-args.patch

diff --git a/0001-fix-memleak.patch b/0001-fix-memleak.patch
index 93a0e3c..2049bb7 100644
--- a/0001-fix-memleak.patch
+++ b/0001-fix-memleak.patch
@@ -1,7 +1,7 @@
 From 199971d61cc53ee11b16b353bcd0594abc86cb3e Mon Sep 17 00:00:00 2001
 From: WangFengTu <wangfengtu@huawei.com>
 Date: Fri, 26 Aug 2022 09:33:05 +0800
-Subject: [PATCH 1/2] fix memleak
+Subject: [PATCH 1/5] fix memleak
 
 Signed-off-by: WangFengTu <wangfengtu@huawei.com>
 ---
@@ -9,7 +9,7 @@ Signed-off-by: WangFengTu <wangfengtu@huawei.com>
  1 file changed, 1 insertion(+)
 
 diff --git a/src/daemon/entry/cri/websocket/service/ws_server.cc b/src/daemon/entry/cri/websocket/service/ws_server.cc
-index 63afc9d..6438c4d 100644
+index 63afc9dd..6438c4d7 100644
 --- a/src/daemon/entry/cri/websocket/service/ws_server.cc
 +++ b/src/daemon/entry/cri/websocket/service/ws_server.cc
 @@ -399,6 +399,7 @@ int WebsocketServer::RegisterStreamTask(struct lws *wsi) noexcept
@@ -21,5 +21,5 @@ index 63afc9d..6438c4d 100644
      }
  
 -- 
-1.8.3.1
+2.25.1
 
diff --git a/0002-cleancode-about-rest-register-container.patch b/0002-cleancode-about-rest-register-container.patch
index d59d58d..269443d 100644
--- a/0002-cleancode-about-rest-register-container.patch
+++ b/0002-cleancode-about-rest-register-container.patch
@@ -1,16 +1,16 @@
 From bf50cef67ac2288bed7013c675df8d35f370dc32 Mon Sep 17 00:00:00 2001
 From: zhangxiaoyu <zhangxiaoyu58@huawei.com>
 Date: Sat, 27 Aug 2022 10:40:02 +0800
-Subject: [PATCH 2/2] cleancode about rest register container
+Subject: [PATCH 2/5] cleancode about rest register container
 
 Signed-off-by: zhangxiaoyu <zhangxiaoyu58@huawei.com>
 ---
- src/daemon/common/selinux_label.c                  |  2 +-
- .../entry/connect/rest/rest_containers_service.c   | 93 ++++++++++++++--------
+ src/daemon/common/selinux_label.c             |  2 +-
+ .../connect/rest/rest_containers_service.c    | 93 ++++++++++++-------
  2 files changed, 62 insertions(+), 33 deletions(-)
 
 diff --git a/src/daemon/common/selinux_label.c b/src/daemon/common/selinux_label.c
-index 5242297..145e4b6 100644
+index 52422970..145e4b6e 100644
 --- a/src/daemon/common/selinux_label.c
 +++ b/src/daemon/common/selinux_label.c
 @@ -481,7 +481,7 @@ static int uniq_mcs(unsigned int range, char *mcs, size_t len)
@@ -23,7 +23,7 @@ index 5242297..145e4b6 100644
              ERROR("Failed to compose mcs");
              return -1;
 diff --git a/src/daemon/entry/connect/rest/rest_containers_service.c b/src/daemon/entry/connect/rest/rest_containers_service.c
-index 53241be..397660e 100644
+index 53241bef..397660e2 100644
 --- a/src/daemon/entry/connect/rest/rest_containers_service.c
 +++ b/src/daemon/entry/connect/rest/rest_containers_service.c
 @@ -1733,8 +1733,7 @@ out:
@@ -171,5 +171,5 @@ index 53241be..397660e 100644
      return 0;
  }
 -- 
-1.8.3.1
+2.25.1
 
diff --git a/0003-adapt-to-openssl-3.0.patch b/0003-adapt-to-openssl-3.0.patch
new file mode 100644
index 0000000..50cfc1b
--- /dev/null
+++ b/0003-adapt-to-openssl-3.0.patch
@@ -0,0 +1,284 @@
+From 194eb950ea072ac313635d75dc3913f48e300edf Mon Sep 17 00:00:00 2001
+From: wujing <wujing50@huawei.com>
+Date: Wed, 11 May 2022 18:25:40 +0800
+Subject: [PATCH 3/5] adapt to openssl 3.0
+
+SHA512_Init&SHA512_Update&SHA512_Final function have been deprecated since OpenSSL 3.0
+
+Signed-off-by: wujing <wujing50@huawei.com>
+---
+ src/daemon/entry/cri/cri_helpers.cc | 45 +++++++---------
+ src/daemon/entry/cri/cri_helpers.h  |  2 -
+ src/utils/sha256/sha256.c           | 79 +++++++++++++++++++++++++++++
+ 3 files changed, 98 insertions(+), 28 deletions(-)
+
+diff --git a/src/daemon/entry/cri/cri_helpers.cc b/src/daemon/entry/cri/cri_helpers.cc
+index a5bb09a6..04e4f534 100644
+--- a/src/daemon/entry/cri/cri_helpers.cc
++++ b/src/daemon/entry/cri/cri_helpers.cc
+@@ -33,6 +33,7 @@
+ #include "utils.h"
+ #include "service_container_api.h"
+ #include "isulad_config.h"
++#include "sha256.h"
+ 
+ namespace CRIHelpers {
+ const std::string Constants::POD_NETWORK_ANNOTATION_KEY { "network.alpha.kubernetes.io/network" };
+@@ -376,30 +377,6 @@ auto IsImageNotFoundError(const std::string &err) -> bool
+     return err.find("No such image:") != std::string::npos;
+ }
+ 
+-auto sha256(const char *val) -> std::string
+-{
+-    if (val == nullptr) {
+-        return "";
+-    }
+-
+-    SHA256_CTX ctx;
+-    SHA256_Init(&ctx);
+-    SHA256_Update(&ctx, val, strlen(val));
+-    unsigned char hash[SHA256_DIGEST_LENGTH] = { 0 };
+-    SHA256_Final(hash, &ctx);
+-
+-    char outputBuffer[(SHA256_DIGEST_LENGTH * 2) + 1] { 0 };
+-    for (int i = 0; i < SHA256_DIGEST_LENGTH; i++) {
+-        int ret = snprintf(outputBuffer + (i * 2), 3, "%02x", (unsigned int)hash[i]);
+-        if (ret >= 3 || ret < 0) {
+-            return "";
+-        }
+-    }
+-    outputBuffer[SHA256_DIGEST_LENGTH * 2] = 0;
+-
+-    return outputBuffer;
+-}
+-
+ auto GetNetworkPlaneFromPodAnno(const std::map<std::string, std::string> &annotations, size_t *len, Errors &error)
+ -> cri_pod_network_element **
+ {
+@@ -649,6 +626,7 @@ auto CreateCheckpoint(CRI::PodSandboxCheckpoint &checkpoint, Errors &error) -> s
+     };
+     parser_error err { nullptr };
+     char *jsonStr { nullptr };
++    char *digest { nullptr };
+     std::string result;
+ 
+     checkpoint.CheckpointToCStruct(&criCheckpoint, error);
+@@ -662,7 +640,14 @@ auto CreateCheckpoint(CRI::PodSandboxCheckpoint &checkpoint, Errors &error) -> s
+         error.Errorf("Generate cri checkpoint json failed: %s", err);
+         goto out;
+     }
+-    checkpoint.SetCheckSum(CRIHelpers::sha256(jsonStr));
++
++    digest = sha256_digest_str(jsonStr);
++    if (digest == nullptr) {
++        error.Errorf("Failed to calculate digest");
++        goto out;
++    }
++
++    checkpoint.SetCheckSum(digest);
+     if (checkpoint.GetCheckSum().empty()) {
+         error.SetError("checksum is empty");
+         goto out;
+@@ -678,6 +663,7 @@ auto CreateCheckpoint(CRI::PodSandboxCheckpoint &checkpoint, Errors &error) -> s
+ 
+     result = jsonStr;
+ out:
++    free(digest);
+     free(err);
+     free(jsonStr);
+     free_cri_checkpoint(criCheckpoint);
+@@ -694,6 +680,7 @@ void GetCheckpoint(const std::string &jsonCheckPoint, CRI::PodSandboxCheckpoint
+     std::string tmpChecksum;
+     char *jsonStr { nullptr };
+     char *storeChecksum { nullptr };
++    char *digest { nullptr };
+ 
+     criCheckpoint = cri_checkpoint_parse_data(jsonCheckPoint.c_str(), &ctx, &err);
+     if (criCheckpoint == nullptr) {
+@@ -712,7 +699,12 @@ void GetCheckpoint(const std::string &jsonCheckPoint, CRI::PodSandboxCheckpoint
+         goto out;
+     }
+ 
+-    if (tmpChecksum != CRIHelpers::sha256(jsonStr)) {
++    digest = sha256_digest_str(jsonStr);
++    if (digest == nullptr) {
++        error.Errorf("Failed to calculate digest");
++        goto out;
++    }
++    if (tmpChecksum != digest) {
+         ERROR("Checksum of checkpoint is not valid");
+         error.SetError("checkpoint is corrupted");
+         goto out;
+@@ -720,6 +712,7 @@ void GetCheckpoint(const std::string &jsonCheckPoint, CRI::PodSandboxCheckpoint
+ 
+     checkpoint.CStructToCheckpoint(criCheckpoint, error);
+ out:
++    free(digest);
+     free(jsonStr);
+     free(err);
+     free_cri_checkpoint(criCheckpoint);
+diff --git a/src/daemon/entry/cri/cri_helpers.h b/src/daemon/entry/cri/cri_helpers.h
+index 5c2f6517..b3bfafe4 100644
+--- a/src/daemon/entry/cri/cri_helpers.h
++++ b/src/daemon/entry/cri/cri_helpers.h
+@@ -101,8 +101,6 @@ auto IsContainerNotFoundError(const std::string &err) -> bool;
+ 
+ auto IsImageNotFoundError(const std::string &err) -> bool;
+ 
+-auto sha256(const char *val) -> std::string;
+-
+ auto GetNetworkPlaneFromPodAnno(const std::map<std::string, std::string> &annotations, size_t *len, Errors &error)
+ -> cri_pod_network_element **;
+ 
+diff --git a/src/utils/sha256/sha256.c b/src/utils/sha256/sha256.c
+index 7bd60467..938e3692 100644
+--- a/src/utils/sha256/sha256.c
++++ b/src/utils/sha256/sha256.c
+@@ -21,6 +21,10 @@
+ #include <string.h>
+ #include <errno.h>
+ #include <openssl/sha.h>
++#if OPENSSL_VERSION_MAJOR >= 3
++#include <openssl/evp.h>
++#include <openssl/err.h>
++#endif
+ 
+ #include "isula_libutils/log.h"
+ #include "utils.h"
+@@ -61,7 +65,9 @@ static bool stream_check_error(void *stream, bool isgzip)
+ 
+ char *sha256_digest_str(const char *val)
+ {
++#if OPENSSL_VERSION_MAJOR < 3
+     SHA256_CTX ctx;
++#endif
+     unsigned char hash[SHA256_DIGEST_LENGTH] = { 0x00 };
+     char output_buffer[(SHA256_DIGEST_LENGTH * 2) + 1] = { 0x00 };
+     int i = 0;
+@@ -70,9 +76,13 @@ char *sha256_digest_str(const char *val)
+         return NULL;
+     }
+ 
++#if OPENSSL_VERSION_MAJOR >= 3
++    SHA256((const unsigned char *)val, strlen(val), hash);
++#else
+     SHA256_Init(&ctx);
+     SHA256_Update(&ctx, val, strlen(val));
+     SHA256_Final(hash, &ctx);
++#endif
+ 
+     for (i = 0; i < SHA256_DIGEST_LENGTH; i++) {
+         int ret = snprintf(output_buffer + (i * 2), 3, "%02x", (unsigned int)hash[i]);
+@@ -87,8 +97,15 @@ char *sha256_digest_str(const char *val)
+ 
+ char *sha256_digest_file(const char *filename, bool isgzip)
+ {
++#if OPENSSL_VERSION_MAJOR >= 3
++    EVP_MD_CTX *ctx = NULL;
++    EVP_MD *sha256 = NULL;
++    unsigned char *outdigest = NULL;
++    unsigned int len = 0;
++#else
+     SHA256_CTX ctx;
+     unsigned char hash[SHA256_DIGEST_LENGTH] = { 0x00 };
++#endif
+     char output_buffer[(SHA256_DIGEST_LENGTH * 2) + 1] = { 0x00 };
+     int i = 0;
+     char *buffer = NULL;
+@@ -117,7 +134,30 @@ char *sha256_digest_file(const char *filename, bool isgzip)
+         return NULL;
+     }
+ 
++#if OPENSSL_VERSION_MAJOR >= 3
++    ctx = EVP_MD_CTX_new();
++    if (ctx == NULL) {
++        ERROR("Failed to create a context for the digest operation");
++        ERR_print_errors_fp(stderr);
++        ret = -1;
++        goto out;
++    }
++    sha256 = EVP_MD_fetch(NULL, "SHA256", NULL);
++    if (sha256 == NULL) {
++        ERROR("Failed to fetch the SHA256 algorithm implementation for doing the digest");
++        ERR_print_errors_fp(stderr);
++        ret = -1;
++        goto out;
++    }
++    if (!EVP_DigestInit_ex(ctx, sha256, NULL)) {
++        ERROR("Failed to initialise the digest operation");
++        ERR_print_errors_fp(stderr);
++        ret = -1;
++        goto out;
++    }
++#else
+     SHA256_Init(&ctx);
++#endif
+ 
+     while (true) {
+         if (isgzip) {
+@@ -134,7 +174,16 @@ char *sha256_digest_file(const char *filename, bool isgzip)
+         }
+ 
+         if (n > 0) {
++#if OPENSSL_VERSION_MAJOR >= 3
++            if (!EVP_DigestUpdate(ctx, (unsigned char *)buffer, n)) {
++                ERROR("Failed to pass the message to be digested");
++                ERR_print_errors_fp(stderr);
++                ret = -1;
++                goto out;
++            }
++#else
+             SHA256_Update(&ctx, buffer, n);
++#endif
+         }
+ 
+         if (stream_check_eof(stream, isgzip)) {
+@@ -142,6 +191,30 @@ char *sha256_digest_file(const char *filename, bool isgzip)
+         }
+     }
+ 
++#if OPENSSL_VERSION_MAJOR >= 3
++    outdigest = OPENSSL_malloc(EVP_MD_get_size(sha256));
++    if (outdigest == NULL) {
++        ERROR("Failed to allocate the output buffer");
++        ERR_print_errors_fp(stderr);
++        ret = -1;
++        goto out;
++    }
++    if (!EVP_DigestFinal_ex(ctx, outdigest, &len)) {
++        ERROR("Failed to calculate the digest itself");
++        ERR_print_errors_fp(stderr);
++        ret = -1;
++        goto out;
++    }
++    for (i = 0; i < SHA256_DIGEST_LENGTH; i++) {
++        int sret = snprintf(output_buffer + (i * 2), 3, "%02x", (unsigned int)outdigest[i]);
++        if (sret >= 3 || sret < 0) {
++            ERROR("snprintf failed when calc sha256 from file %s, result is %d", filename, sret);
++            return NULL;
++        }
++    }
++
++    output_buffer[SHA256_DIGEST_LENGTH * 2] = '\0';
++#else
+     SHA256_Final(hash, &ctx);
+ 
+     for (i = 0; i < SHA256_DIGEST_LENGTH; i++) {
+@@ -152,8 +225,14 @@ char *sha256_digest_file(const char *filename, bool isgzip)
+         }
+     }
+     output_buffer[SHA256_DIGEST_LENGTH * 2] = '\0';
++#endif
+ 
+ out:
++#if OPENSSL_VERSION_MAJOR >= 3
++    OPENSSL_free(outdigest);
++    EVP_MD_free(sha256);
++    EVP_MD_CTX_free(ctx);
++#endif
+     if (isgzip) {
+         gzclose((gzFile)stream);
+     } else {
+-- 
+2.25.1
+
diff --git a/0004-remove-redundant-header-files.patch b/0004-remove-redundant-header-files.patch
new file mode 100644
index 0000000..ca481d4
--- /dev/null
+++ b/0004-remove-redundant-header-files.patch
@@ -0,0 +1,25 @@
+From 64ef4f52a1f75be2dbd1b750a52500818790f501 Mon Sep 17 00:00:00 2001
+From: wujing <wujing50@huawei.com>
+Date: Thu, 1 Sep 2022 09:41:50 +0800
+Subject: [PATCH 4/5] remove redundant header files
+
+Signed-off-by: wujing <wujing50@huawei.com>
+---
+ src/daemon/entry/cri/cri_helpers.cc | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/src/daemon/entry/cri/cri_helpers.cc b/src/daemon/entry/cri/cri_helpers.cc
+index 04e4f534..7df759e1 100644
+--- a/src/daemon/entry/cri/cri_helpers.cc
++++ b/src/daemon/entry/cri/cri_helpers.cc
+@@ -18,7 +18,6 @@
+ #include <algorithm>
+ #include <functional>
+ #include <iostream>
+-#include <openssl/sha.h>
+ #include <sys/utsname.h>
+ #include <utility>
+ 
+-- 
+2.25.1
+
diff --git a/0005-add-isulad-args.patch b/0005-add-isulad-args.patch
new file mode 100644
index 0000000..78c88e4
--- /dev/null
+++ b/0005-add-isulad-args.patch
@@ -0,0 +1,644 @@
+From 5a0476a328a39764874257faa23696320656d3e3 Mon Sep 17 00:00:00 2001
+From: zhangxiaoyu <zhangxiaoyu58@huawei.com>
+Date: Tue, 6 Sep 2022 18:45:53 +0800
+Subject: [PATCH 5/5] add isulad args
+
+Signed-off-by: zhangxiaoyu <zhangxiaoyu58@huawei.com>
+---
+ src/cmd/isulad/isulad_commands.c      |  18 +++++
+ src/cmd/isulad/isulad_commands.h      |  80 ++++++++++++--------
+ src/cmd/isulad/main.c                 |  58 +++------------
+ src/daemon/config/daemon_arguments.c  | 101 ++++++++++++++++++++------
+ src/daemon/config/daemon_arguments.h  |   1 +
+ src/daemon/config/isulad_config.c     |  61 ++++++++++++++--
+ src/daemon/modules/events/collector.c |   2 +-
+ 7 files changed, 213 insertions(+), 108 deletions(-)
+
+diff --git a/src/cmd/isulad/isulad_commands.c b/src/cmd/isulad/isulad_commands.c
+index ba7ca0e7..42d0bde6 100644
+--- a/src/cmd/isulad/isulad_commands.c
++++ b/src/cmd/isulad/isulad_commands.c
+@@ -105,6 +105,24 @@ out:
+     return ret;
+ }
+ 
++int server_callback_cri_runtime(command_option_t *option, const char *value)
++{
++    struct service_arguments *args = NULL;
++
++    if (option == NULL || value == NULL) {
++        COMMAND_ERROR("Invalid input arguments");
++        return -1;
++    }
++
++    args = (struct service_arguments *)option->data;
++    if (server_cri_runtime_parser(args, value) != 0) {
++        COMMAND_ERROR("Invalid value \"%s\" for flag --%s", value, option->large);
++        return -1;
++    }
++
++    return 0;
++}
++
+ int server_callback_container_log_driver(command_option_t *option, const char *value)
+ {
+     int ret = 0;
+diff --git a/src/cmd/isulad/isulad_commands.h b/src/cmd/isulad/isulad_commands.h
+index 0d70da4c..dc278f9c 100644
+--- a/src/cmd/isulad/isulad_commands.h
++++ b/src/cmd/isulad/isulad_commands.h
+@@ -71,10 +71,10 @@ int command_default_ulimit_append(command_option_t *option, const char *arg);
+         "host",                                                                                                   \
+         'H',                                                                                                      \
+         &(cmdargs)->hosts,                                                                                        \
+-        "The socket name used to create gRPC server",                                                             \
++        "The socket name used to create gRPC server (default \"unix:///var/run/isulad.sock\")",                   \
+         command_valid_socket_append_array },                                                                      \
+     { CMD_OPT_TYPE_STRING_DUP,   false, "pidfile", 'p', &(cmdargs)->json_confs->pidfile,                          \
+-      "Save pid into this file", NULL },                                                                          \
++      "Save pid into this file (default \"/var/run/isulad.pid\")", NULL },                                        \
+     { CMD_OPT_TYPE_BOOL, false, "help", 0, &(cmdargs)->help, "Show help", NULL },                                 \
+     { CMD_OPT_TYPE_STRING_DUP,                                                                                    \
+       false,                                                                                                      \
+@@ -88,14 +88,14 @@ int command_default_ulimit_append(command_option_t *option, const char *arg);
+       "graph",                                                                                                    \
+       'g',                                                                                                        \
+       &(cmdargs)->json_confs->graph,                                                                              \
+-      "Root directory of the iSulad runtime",                                                                     \
++      "Root directory of the iSulad runtime (default \"/var/lib/isulad\")",                                       \
+       NULL },                                                                                                     \
+     { CMD_OPT_TYPE_STRING_DUP,                                                                                    \
+       false,                                                                                                      \
+       "state",                                                                                                    \
+       'S',                                                                                                        \
+       &(cmdargs)->json_confs->state,                                                                              \
+-      "Root directory for execution state files",                                                                 \
++      "Root directory for execution state files (default \"/var/run/isulad\")",                                   \
+       NULL },                                                                                                     \
+     { CMD_OPT_TYPE_STRING_DUP,                                                                                    \
+       false,                                                                                                      \
+@@ -105,20 +105,20 @@ int command_default_ulimit_append(command_option_t *option, const char *arg);
+       "timeout duration for waiting on a container to start before it is killed",                                 \
+       NULL },                                                                                                     \
+     { CMD_OPT_TYPE_STRING_DUP, false, "engine", 'e', &(cmdargs)->json_confs->engine,                              \
+-      "Select backend engine", NULL },                                                                            \
++      "Select backend engine (default lcr)", NULL },                                                              \
+     { CMD_OPT_TYPE_STRING_DUP,                                                                                    \
+       false,                                                                                                      \
+       "log-level",                                                                                                \
+       'l',                                                                                                        \
+       &(cmdargs)->json_confs->log_level,                                                                          \
+-      "Set log level, the levels can be: FATAL ALERT CRIT ERROR WARN NOTICE INFO DEBUG TRACE",                    \
++      "Set log level, the levels can be: FATAL ALERT CRIT ERROR WARN NOTICE INFO DEBUG TRACE (default INFO)",     \
+       NULL },                                                                                                     \
+     { CMD_OPT_TYPE_STRING_DUP,                                                                                    \
+       false,                                                                                                      \
+       "log-driver",                                                                                               \
+       0,                                                                                                          \
+       &(cmdargs)->json_confs->log_driver,                                                                         \
+-      "Set daemon log driver, such as: file",                                                                     \
++      "Set daemon log driver, support stdout and file (default file)",                                            \
+       NULL },                                                                                                     \
+     { CMD_OPT_TYPE_CALLBACK,                                                                                      \
+       false,                                                                                                      \
+@@ -127,34 +127,34 @@ int command_default_ulimit_append(command_option_t *option, const char *arg);
+       (cmdargs),                                                                                                  \
+       "Set daemon log driver options, such as: log-path=/tmp/logs/ to set directory where to store daemon logs",  \
+       server_callback_log_opt },                                                                                  \
+-    { CMD_OPT_TYPE_CALLBACK,                                                                                                  \
+-      false,                                                                                                                  \
+-      "container-log-driver",                                                                                                 \
+-      0,                                                                                                                      \
+-      (cmdargs),                                                                                                              \
+-      "Set default container log driver, such as: json-file",                                                                 \
+-      server_callback_container_log_driver },                                                                                 \
+-    { CMD_OPT_TYPE_CALLBACK,                                                                                                  \
+-      false,                                                                                                                  \
+-      "container-log-opts",                                                                                                   \
+-      0,                                                                                                                      \
+-      (cmdargs),                                                                                                              \
+-      "Set default container log driver options, such as: max-file=7 to set max number of container log files",               \
+-      server_callback_container_log },                                                                                        \
++    { CMD_OPT_TYPE_CALLBACK,                                                                                      \
++      false,                                                                                                      \
++      "container-log-driver",                                                                                     \
++      0,                                                                                                          \
++      (cmdargs),                                                                                                  \
++      "Set default container log driver, such as: json-file",                                                     \
++      server_callback_container_log_driver },                                                                     \
++    { CMD_OPT_TYPE_CALLBACK,                                                                                      \
++      false,                                                                                                      \
++      "container-log-opts",                                                                                       \
++      0,                                                                                                          \
++      (cmdargs),                                                                                                  \
++      "Set default container log driver options, such as: max-file=7 to set max number of container log files",   \
++      server_callback_container_log },                                                                            \
+     { CMD_OPT_TYPE_BOOL, false, "version", 'V', &(cmdargs)->version, "Print the version", NULL },                 \
+     { CMD_OPT_TYPE_STRING_DUP,                                                                                    \
+       false,                                                                                                      \
+       "group",                                                                                                    \
+       'G',                                                                                                        \
+       &(cmdargs)->json_confs->group,                                                                              \
+-      "Group for the unix socket(default is isula)",                                                              \
++      "Group for the unix socket (default isula)",                                                                \
+       NULL },                                                                                                     \
+     { CMD_OPT_TYPE_STRING_DUP,                                                                                    \
+       false,                                                                                                      \
+       "storage-driver",                                                                                           \
+       0,                                                                                                          \
+       &(cmdargs)->json_confs->storage_driver,                                                                     \
+-      "Storage driver to use(default overlay2)",                                                                  \
++      "Storage driver to use (default overlay2)",                                                                 \
+       NULL },                                                                                                     \
+     { CMD_OPT_TYPE_CALLBACK,                                                                                      \
+       false,                                                                                                      \
+@@ -166,7 +166,7 @@ int command_default_ulimit_append(command_option_t *option, const char *arg);
+     SUP_GROUPS_OPT(cmdargs)                                                                                       \
+     { CMD_OPT_TYPE_CALLBACK,                                                                                      \
+       false,                                                                                                      \
+-      "registry-mirrors",                                                                                         \
++      "registry-mirrors",                                                                                          \
+       0,                                                                                                          \
+       &(cmdargs)->json_confs->registry_mirrors,                                                                   \
+       "Registry to be prepended when pulling unqualified images, can be specified multiple times",                \
+@@ -197,28 +197,28 @@ int command_default_ulimit_append(command_option_t *option, const char *arg);
+       "pod-sandbox-image",                                                                                        \
+       0,                                                                                                          \
+       &(cmdargs)->json_confs->pod_sandbox_image,                                                                  \
+-      "The image whose network/ipc namespaces containers in each pod will use. (default \"pause-${machine}:3.0\")", \
++      "The image whose network/ipc namespaces containers in each pod will use (default \"pause-${machine}:3.0\")",\
+       NULL },                                                                                                     \
+     { CMD_OPT_TYPE_STRING_DUP,                                                                                    \
+       false,                                                                                                      \
+       "network-plugin",                                                                                           \
+       0,                                                                                                          \
+       &(cmdargs)->json_confs->network_plugin,                                                                     \
+-      "Set network plugin, default is null, suppport null and cni",                                               \
++      "Set network plugin, suppport null and cni (default null)",                                                 \
+       NULL },                                                                                                     \
+     { CMD_OPT_TYPE_STRING_DUP,                                                                                    \
+       false,                                                                                                      \
+       "cni-bin-dir",                                                                                              \
+       0,                                                                                                          \
+       &(cmdargs)->json_confs->cni_bin_dir,                                                                        \
+-      "The full path of the directory in which to search for CNI plugin binaries. Default: /opt/cni/bin",         \
++      "The full path of the directory in which to search for CNI plugin binaries (default \"/opt/cni/bin\")",     \
+       NULL },                                                                                                     \
+     { CMD_OPT_TYPE_STRING_DUP,                                                                                    \
+       false,                                                                                                      \
+       "cni-conf-dir",                                                                                             \
+       0,                                                                                                          \
+       &(cmdargs)->json_confs->cni_conf_dir,                                                                       \
+-      "The full path of the directory in which to search for CNI config files. Default: /etc/cni/net.d",          \
++      "The full path of the directory in which to search for CNI config files (default \"/etc/cni/net.d\")",      \
+       NULL },                                                                                                     \
+     { CMD_OPT_TYPE_BOOL,                                                                                          \
+       false,                                                                                                      \
+@@ -232,14 +232,14 @@ int command_default_ulimit_append(command_option_t *option, const char *arg);
+       "insecure-skip-verify-enforce",                                                                             \
+       0,                                                                                                          \
+       &(cmdargs)->json_confs->insecure_skip_verify_enforce,                                                       \
+-      "Force to skip the insecure verify(default false)",                                                         \
++      "Force to skip the insecure verify (default false)",                                                        \
+       NULL },                                                                                                     \
+     { CMD_OPT_TYPE_BOOL,                                                                                          \
+       false,                                                                                                      \
+       "use-decrypted-key",                                                                                        \
+       0,                                                                                                          \
+       (cmdargs)->json_confs->use_decrypted_key,                                                                   \
+-      "Use decrypted private key by default(default true)",                                                       \
++      "Use decrypted private key by default (default true)",                                                      \
+       NULL },                                                                                                     \
+     { CMD_OPT_TYPE_STRING_DUP,                                                                                    \
+       false,                                                                                                      \
+@@ -296,6 +296,26 @@ int command_default_ulimit_append(command_option_t *option, const char *arg);
+       false, "selinux-enabled", 0, &(cmdargs)->json_confs->selinux_enabled,                                       \
+       "Enable selinux support", NULL                                                                              \
+     },                                                                                                            \
++    { CMD_OPT_TYPE_STRING_DUP,                                                                                    \
++      false, "default-runtime", 0, &(cmdargs)->json_confs->default_runtime,                                       \
++      "Default container runtime (default lcr)", NULL                                                             \
++    },                                                                                                            \
++    { CMD_OPT_TYPE_CALLBACK,                                                                                      \
++      false, "cpu-rt-period", 0, &(cmdargs)->json_confs->cpu_rt_period,                                           \
++      "Limit CPU real-time period in microseconds for all containers", command_convert_llong                      \
++    },                                                                                                            \
++    { CMD_OPT_TYPE_CALLBACK,                                                                                      \
++      false, "cpu-rt-runtime", 0, &(cmdargs)->json_confs->cpu_rt_runtime,                                         \
++      "Limit CPU real-time runtime in microseconds for all containers", command_convert_llong                     \
++    },                                                                                                            \
++    { CMD_OPT_TYPE_STRING_DUP,                                                                                    \
++      false, "enable-plugins", 0, &(cmdargs)->json_confs->enable_plugins,                                         \
++      "Enable plugins for all containers", NULL                                                                   \
++    },                                                                                                            \
++    { CMD_OPT_TYPE_CALLBACK,                                                                                      \
++      false, "cri-runtime", 0, (cmdargs),                                                                         \
++      "CRI runtime class transform", server_callback_cri_runtime                                                  \
++    },                                                                                                            \
+ 
+ #ifdef __cplusplus
+ }
+diff --git a/src/cmd/isulad/main.c b/src/cmd/isulad/main.c
+index ccba7107..d4f984d5 100644
+--- a/src/cmd/isulad/main.c
++++ b/src/cmd/isulad/main.c
+@@ -501,47 +501,6 @@ int check_and_set_default_isulad_log_file(struct service_arguments *args)
+     return 0;
+ }
+ 
+-static int set_parent_mount_dir(struct service_arguments *args)
+-{
+-    int ret = -1;
+-    int nret;
+-    size_t len;
+-    char *rootfsdir = NULL;
+-
+-    if (args->json_confs == NULL) {
+-        ERROR("Empty json configs");
+-        goto out;
+-    }
+-    if (strlen(args->json_confs->graph) > (SIZE_MAX - strlen("/mnt/rootfs")) - 1) {
+-        ERROR("Root directory of the isulad runtime is too long");
+-        goto out;
+-    }
+-    len = strlen(args->json_confs->graph) + strlen("/mnt/rootfs") + 1;
+-    if (len > PATH_MAX) {
+-        ERROR("The size of path exceeds the limit");
+-        goto out;
+-    }
+-    rootfsdir = util_common_calloc_s(len);
+-    if (rootfsdir == NULL) {
+-        ERROR("Out of memory");
+-        goto out;
+-    }
+-    nret = snprintf(rootfsdir, len, "%s/mnt/rootfs", args->json_confs->graph);
+-    if (nret < 0 || (size_t)nret >= len) {
+-        ERROR("Failed to print string");
+-        goto out;
+-    }
+-
+-    free(args->json_confs->rootfsmntdir);
+-    args->json_confs->rootfsmntdir = util_strdup_s(rootfsdir);
+-
+-    ret = 0;
+-
+-out:
+-    free(rootfsdir);
+-    return ret;
+-}
+-
+ static int check_hook_spec_file(const char *hook_spec)
+ {
+     struct stat hookstat = { 0 };
+@@ -1004,10 +963,6 @@ static int update_server_args(struct service_arguments *args)
+         return -1;
+     }
+ 
+-    if (set_parent_mount_dir(args)) {
+-        return -1;
+-    }
+-
+     /* parse hook spec */
+     if (parse_conf_hooks(args) != 0) {
+         return -1;
+@@ -1050,6 +1005,7 @@ static int server_conf_parse_save(int argc, const char **argv)
+ 
+     /* Step2: load json configs and merge into global configs */
+     if (merge_json_confs_into_global(args) != 0) {
++        ERROR("Failed to merge json conf into global");
+         ret = -1;
+         goto out;
+     }
+@@ -1062,6 +1018,7 @@ static int server_conf_parse_save(int argc, const char **argv)
+     }
+ 
+     if (update_server_args(args) != 0) {
++        ERROR("Failed to update server args");
+         ret = -1;
+         goto out;
+     }
+@@ -1165,6 +1122,7 @@ static int isulad_server_pre_init(const struct service_arguments *args, const ch
+                                   const char *fifo_full_path)
+ {
+     int ret = 0;
++    char *rootfs_mnt_dir = NULL;
+ #ifdef ENABLE_USERNS_REMAP
+     char* userns_remap = conf_get_isulad_userns_remap();
+     char *isulad_root = NULL;
+@@ -1228,7 +1186,14 @@ static int isulad_server_pre_init(const struct service_arguments *args, const ch
+     }
+ #endif
+ 
+-    if (mount_rootfs_mnt_dir(args->json_confs->rootfsmntdir)) {
++    rootfs_mnt_dir = conf_get_isulad_mount_rootfs();
++    if (rootfs_mnt_dir == NULL) {
++        ERROR("Failed to get isulad mount rootfs");
++        ret = -1;
++        goto out;
++    }
++
++    if (mount_rootfs_mnt_dir(rootfs_mnt_dir)) {
+         ERROR("Create and mount parent directory failed");
+         ret = -1;
+         goto out;
+@@ -1241,6 +1206,7 @@ static int isulad_server_pre_init(const struct service_arguments *args, const ch
+     }
+ 
+ out:
++    free(rootfs_mnt_dir);
+ #ifdef ENABLE_USERNS_REMAP
+     free(isulad_root);
+     free(userns_remap);
+diff --git a/src/daemon/config/daemon_arguments.c b/src/daemon/config/daemon_arguments.c
+index 719efef0..076c10a6 100644
+--- a/src/daemon/config/daemon_arguments.c
++++ b/src/daemon/config/daemon_arguments.c
+@@ -148,7 +148,6 @@ int service_arguments_init(struct service_arguments *args)
+     args->json_confs->pidfile = util_strdup_s(DEFAULT_PID_FILE);
+     args->json_confs->storage_driver = util_strdup_s("overlay2");
+     args->json_confs->native_umask = util_strdup_s(UMASK_SECURE);
+-    args->json_confs->image_service = true;
+     args->json_confs->image_layer_check = false;
+     args->json_confs->use_decrypted_key = (bool *)util_common_calloc_s(sizeof(bool));
+     if (args->json_confs->use_decrypted_key == NULL) {
+@@ -165,6 +164,11 @@ int service_arguments_init(struct service_arguments *args)
+     args->default_ulimit_len = 0;
+     args->json_confs->websocket_server_listening_port = DEFAULT_WEBSOCKET_SERVER_LISTENING_PORT;
+     args->json_confs->selinux_enabled = false;
++    args->json_confs->default_runtime = util_strdup_s(DEFAULT_RUNTIME_NAME);
++    args->json_confs->cri_runtimes = (json_map_string_string *)util_common_calloc_s(sizeof(json_map_string_string));
++    if (args->json_confs->cri_runtimes == NULL) {
++        goto free_out;
++    }
+ 
+     ret = 0;
+ 
+@@ -200,57 +204,108 @@ void service_arguments_free(struct service_arguments *args)
+     free_default_ulimit(args->default_ulimit);
+     args->default_ulimit = NULL;
+     args->default_ulimit_len = 0;
++
++    free(args->json_confs->default_runtime);
++    args->json_confs->default_runtime = NULL;
++
++    free_json_map_string_string(args->json_confs->cri_runtimes);
++    args->json_confs->cri_runtimes = NULL;
+ }
+ 
+-/* server log opt parser */
+-int server_log_opt_parser(struct service_arguments *args, const char *option)
++static int key_value_opt_parser(const char *option, char **key, char **value)
+ {
+     int ret = -1;
+-    char *key = NULL;
+-    char *value = NULL;
+-    char *tmp = NULL;
++    char *tmp_key = NULL;
++    char *tmp_value = NULL;
++    char *tmp_option = NULL;
+     size_t len = 0;
+     size_t total_len = 0;
+ 
+-    if (option == NULL || args == NULL) {
+-        goto out;
+-    }
+-
+     // option format: key=value
+     total_len = strlen(option);
+-    if (args == NULL || total_len <= 2) {
+-        goto out;
++    if (total_len <= 2) {
++        return -1;
+     }
+ 
+-    tmp = util_strdup_s(option);
+-    key = tmp;
+-    value = strchr(tmp, '=');
++    tmp_option = util_strdup_s(option);
++    tmp_key = tmp_option;
++    tmp_value = strchr(tmp_option, '=');
+     // option do not contain '='
+-    if (value == NULL) {
++    if (tmp_value == NULL) {
+         goto out;
+     }
+ 
+-    len = (size_t)(value - key);
++    len = (size_t)(tmp_value - tmp_key);
+     // if option is '=key'
+     if (len == 0) {
+         goto out;
+     }
++
+     // if option is 'key='
+     if (total_len == len + 1) {
+         goto out;
+     }
+-    tmp[len] = '\0';
+-    value += 1;
+ 
+-    ret = parse_log_opts(args, key, value);
++    tmp_option[len] = '\0';
++    *key = util_strdup_s(tmp_key);
++    tmp_option[len] = '=';
++
++    tmp_value += 1;
++    *value = util_strdup_s(tmp_value);
++
++    ret = 0;
++
++out:
++    free(tmp_option);
++    return ret;
++}
+ 
++/* server log opt parser */
++int server_log_opt_parser(struct service_arguments *args, const char *option)
++{
++    int ret = -1;
++    char *key = NULL;
++    char *value = NULL;
++
++    if (option == NULL || args == NULL) {
++        return -1;
++    }
++
++    if (key_value_opt_parser(option, &key, &value) != 0) {
++        return -1;
++    }
++
++    ret = parse_log_opts(args, key, value);
+     if (ret == 0 && args->json_confs != NULL && args->json_confs->log_opts != NULL) {
+         ret = append_json_map_string_string(args->json_confs->log_opts, key, value);
+     }
+ 
+-    tmp[len] = '=';
+-out:
+-    free(tmp);
++    free(key);
++    free(value);
++    return ret;
++}
++
++/* server cri runtime parser */
++int server_cri_runtime_parser(struct service_arguments *args, const char *option)
++{
++    int ret = 0;
++    char *key = NULL;
++    char *value = NULL;
++
++    if (option == NULL || args == NULL) {
++        return -1;
++    }
++
++    if (key_value_opt_parser(option, &key, &value) != 0) {
++        return -1;
++    }
++
++    if (args->json_confs != NULL && args->json_confs->cri_runtimes != NULL) {
++        ret = append_json_map_string_string(args->json_confs->cri_runtimes, key, value);
++    }
++
++    free(key);
++    free(value);
+     return ret;
+ }
+ 
+diff --git a/src/daemon/config/daemon_arguments.h b/src/daemon/config/daemon_arguments.h
+index 54099c81..49f5961e 100644
+--- a/src/daemon/config/daemon_arguments.h
++++ b/src/daemon/config/daemon_arguments.h
+@@ -71,6 +71,7 @@ struct service_arguments {
+ int service_arguments_init(struct service_arguments *args);
+ void service_arguments_free(struct service_arguments *args);
+ int server_log_opt_parser(struct service_arguments *args, const char *option);
++int server_cri_runtime_parser(struct service_arguments *args, const char *option);
+ 
+ size_t ulimit_array_len(host_config_ulimits_element **default_ulimit);
+ 
+diff --git a/src/daemon/config/isulad_config.c b/src/daemon/config/isulad_config.c
+index 6f17660b..86a9609a 100644
+--- a/src/daemon/config/isulad_config.c
++++ b/src/daemon/config/isulad_config.c
+@@ -529,6 +529,34 @@ out:
+     return result;
+ }
+ 
++static char *get_parent_mount_dir(char *graph)
++{
++    int nret;
++    size_t len;
++    char *rootfsdir = NULL;
++
++    len = strlen(graph) + strlen("/mnt/rootfs") + 1;
++    if (len > PATH_MAX) {
++        ERROR("The size of path exceeds the limit");
++        return NULL;
++    }
++
++    rootfsdir = util_common_calloc_s(len);
++    if (rootfsdir == NULL) {
++        ERROR("Out of memory");
++        return NULL;
++    }
++
++    nret = snprintf(rootfsdir, len, "%s/mnt/rootfs", graph);
++    if (nret < 0 || (size_t)nret >= len) {
++        ERROR("Failed to print string");
++        free(rootfsdir);
++        return NULL;
++    }
++
++    return rootfsdir;
++}
++
+ /* conf get isulad mount rootfs */
+ char *conf_get_isulad_mount_rootfs()
+ {
+@@ -540,11 +568,11 @@ char *conf_get_isulad_mount_rootfs()
+     }
+ 
+     conf = conf_get_server_conf();
+-    if (conf == NULL || conf->json_confs->rootfsmntdir == NULL) {
++    if (conf == NULL || conf->json_confs == NULL || conf->json_confs->graph == NULL) {
+         goto out;
+     }
+ 
+-    path = util_strdup_s(conf->json_confs->rootfsmntdir);
++    path = get_parent_mount_dir(conf->json_confs->graph);
+ 
+ out:
+     (void)isulad_server_conf_unlock();
+@@ -1449,6 +1477,25 @@ static int merge_logs_conf_into_global(struct service_arguments *args, isulad_da
+     return do_merge_container_logs_conf(args, tmp_json_confs);
+ }
+ 
++static int merge_cri_runtimes_into_global(struct service_arguments *args, isulad_daemon_configs *tmp_json_confs)
++{
++    size_t i;
++
++    if (tmp_json_confs->cri_runtimes == NULL) {
++        return 0;
++    }
++
++    for (i = 0; i < tmp_json_confs->cri_runtimes->len; i++) {
++        if (append_json_map_string_string(args->json_confs->cri_runtimes, tmp_json_confs->cri_runtimes->keys[i],
++                                          tmp_json_confs->cri_runtimes->values[i]) != 0) {
++            ERROR("Out of memory");
++            return -1;
++        }
++    }
++
++    return 0;
++}
++
+ static int merge_authorization_conf_into_global(struct service_arguments *args, isulad_daemon_configs *tmp_json_confs)
+ {
+     args->json_confs->tls = tmp_json_confs->tls;
+@@ -1549,7 +1596,6 @@ int merge_json_confs_into_global(struct service_arguments *args)
+ #endif
+     override_string_value(&args->json_confs->native_umask, &tmp_json_confs->native_umask);
+     override_string_value(&args->json_confs->cgroup_parent, &tmp_json_confs->cgroup_parent);
+-    override_string_value(&args->json_confs->rootfsmntdir, &tmp_json_confs->rootfsmntdir);
+     override_string_value(&args->json_confs->start_timeout, &tmp_json_confs->start_timeout);
+     override_string_value(&args->json_confs->pod_sandbox_image, &tmp_json_confs->pod_sandbox_image);
+     override_string_value(&args->json_confs->network_plugin, &tmp_json_confs->network_plugin);
+@@ -1559,8 +1605,10 @@ int merge_json_confs_into_global(struct service_arguments *args)
+     args->json_confs->runtimes = tmp_json_confs->runtimes;
+     tmp_json_confs->runtimes = NULL;
+ 
+-    args->json_confs->cri_runtimes = tmp_json_confs->cri_runtimes;
+-    tmp_json_confs->cri_runtimes = NULL;
++    if (merge_cri_runtimes_into_global(args, tmp_json_confs)) {
++        ret = -1;
++        goto out;
++    }
+ 
+ #ifdef ENABLE_SUP_GROUPS
+     args->json_confs->sup_groups = tmp_json_confs->sup_groups;
+@@ -1588,9 +1636,6 @@ int merge_json_confs_into_global(struct service_arguments *args)
+         args->json_confs->cpu_rt_runtime = tmp_json_confs->cpu_rt_runtime;
+     }
+ 
+-    if (tmp_json_confs->image_service) {
+-        args->json_confs->image_service = tmp_json_confs->image_service;
+-    }
+     if (tmp_json_confs->image_layer_check) {
+         args->json_confs->image_layer_check = tmp_json_confs->image_layer_check;
+     }
+diff --git a/src/daemon/modules/events/collector.c b/src/daemon/modules/events/collector.c
+index 319e777a..9dc4dbe7 100644
+--- a/src/daemon/modules/events/collector.c
++++ b/src/daemon/modules/events/collector.c
+@@ -578,7 +578,7 @@ static int do_write_events(const stream_func_wrapper *stream, struct isulad_even
+         goto out;
+     }
+     if (!stream->write_func(stream->writer, event)) {
+-        ERROR("Failed to send exit event for 'events' client");
++        ERROR("Failed to send event for 'events' client");
+         ret = -1;
+         goto out;
+     }
+-- 
+2.25.1
+
diff --git a/iSulad.spec b/iSulad.spec
index 570dce5..f71840f 100644
--- a/iSulad.spec
+++ b/iSulad.spec
@@ -1,5 +1,5 @@
 %global _version 2.0.16
-%global _release 2
+%global _release 3
 %global is_systemd 1
 %global enable_shimv2 1
 %global is_embedded 1
@@ -13,8 +13,11 @@ URL:       https://gitee.com/openeuler/iSulad
 Source:    https://gitee.com/openeuler/iSulad/repository/archive/v%{version}.tar.gz
 BuildRoot: {_tmppath}/iSulad-%{version}
 
-Patch001: 0001-fix-memleak.patch
-Patch002: 0002-cleancode-about-rest-register-container.patch
+Patch0001: 0001-fix-memleak.patch
+Patch0002: 0002-cleancode-about-rest-register-container.patch
+Patch0003: 0003-adapt-to-openssl-3.0.patch
+Patch0004: 0004-remove-redundant-header-files.patch
+Patch0005: 0005-add-isulad-args.patch
 
 %ifarch x86_64 aarch64
 Provides:       libhttpclient.so()(64bit)
@@ -242,6 +245,12 @@ fi
 %endif
 
 %changelog
+* Wed Sep 07 2022 zhangxiaoyu <zhangxiaoyu58@huawei.com> - 2.0.16-3
+- Type: enhancement
+- ID: NA
+- SUG: NA
+- DESC: sycn patches from openeuler/iSulad
+
 * Tue Aug 30 2022 leizhongkai <leizhongkai@huawei.com> - 2.0.16-2
 - Type: enhancement
 - ID: NA