diff --git a/0001-add-self-def-runtime-for-shimv2.patch b/0001-add-self-def-runtime-for-shimv2.patch deleted file mode 100644 index d1865ca..0000000 --- a/0001-add-self-def-runtime-for-shimv2.patch +++ /dev/null @@ -1,185 +0,0 @@ -From 717a0c83e3032c2255b257531cfd160b98cd8180 Mon Sep 17 00:00:00 2001 -From: gaohuatao -Date: Tue, 16 Nov 2021 11:30:03 +0800 -Subject: [PATCH 01/14] add self def runtime for shimv2 - -Signed-off-by: gaohuatao ---- - CMakeLists.txt | 2 +- - iSulad.spec | 2 +- - src/contrib/config/daemon.json | 5 ++- - src/daemon/config/isulad_config.c | 3 ++ - .../cri/cri_container_manager_service_impl.cc | 9 +++-- - src/daemon/entry/cri/cri_helpers.cc | 39 +++++++++++++++++++ - src/daemon/entry/cri/cri_helpers.h | 2 + - .../cri_pod_sandbox_manager_service_impl.cc | 5 ++- - 8 files changed, 60 insertions(+), 7 deletions(-) - -diff --git a/CMakeLists.txt b/CMakeLists.txt -index 2cffc0dc..0f7d6b9c 100644 ---- a/CMakeLists.txt -+++ b/CMakeLists.txt -@@ -104,7 +104,7 @@ endif() - install(FILES src/contrib/config/daemon.json - DESTINATION ${conf_prefix}/isulad PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ GROUP_WRITE) - install(FILES src/contrib/config/daemon_constants.json -- DESTINATION ${conf_prefix}/isulad PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ GROUP_WRITE) -+ DESTINATION ${conf_prefix}/isulad PERMISSIONS OWNER_READ GROUP_READ) - install(FILES src/contrib/config/config.json src/contrib/config/systemcontainer_config.json - DESTINATION ${conf_prefix}/default/isulad PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ GROUP_WRITE) - install(FILES src/contrib/config/seccomp_default.json -diff --git a/iSulad.spec b/iSulad.spec -index d6e5778c..c5fd802d 100644 ---- a/iSulad.spec -+++ b/iSulad.spec -@@ -83,7 +83,7 @@ install -m 0644 ../src/daemon/modules/api/image_api.h %{buildroot}/%{_in - - install -d $RPM_BUILD_ROOT/%{_sysconfdir}/isulad - install -m 0640 ../src/contrib/config/daemon.json %{buildroot}/%{_sysconfdir}/isulad/daemon.json --install -m 0640 ../src/contrib/config/daemon_constants.json %{buildroot}/%{_sysconfdir}/isulad/daemon_constants.json -+install -m 0440 ../src/contrib/config/daemon_constants.json %{buildroot}/%{_sysconfdir}/isulad/daemon_constants.json - install -m 0640 ../src/contrib/config/seccomp_default.json %{buildroot}/%{_sysconfdir}/isulad/seccomp_default.json - - install -d $RPM_BUILD_ROOT/%{_sysconfdir}/default/isulad -diff --git a/src/contrib/config/daemon.json b/src/contrib/config/daemon.json -index d2ce4d02..92cd6c47 100644 ---- a/src/contrib/config/daemon.json -+++ b/src/contrib/config/daemon.json -@@ -33,5 +33,8 @@ - "cni-conf-dir": "", - "image-layer-check": false, - "use-decrypted-key": true, -- "insecure-skip-verify-enforce": false -+ "insecure-skip-verify-enforce": false, -+ "cri-runtimes": { -+ "kata": "io.containerd.kata.v2" -+ } - } -diff --git a/src/daemon/config/isulad_config.c b/src/daemon/config/isulad_config.c -index ded3c0f6..f70b4575 100644 ---- a/src/daemon/config/isulad_config.c -+++ b/src/daemon/config/isulad_config.c -@@ -1522,6 +1522,9 @@ int merge_json_confs_into_global(struct service_arguments *args) - args->json_confs->runtimes = tmp_json_confs->runtimes; - tmp_json_confs->runtimes = NULL; - -+ args->json_confs->cri_runtimes = tmp_json_confs->cri_runtimes; -+ tmp_json_confs->cri_runtimes = NULL; -+ - // Daemon storage-driver - if (merge_storage_conf_into_global(args, tmp_json_confs)) { - ret = -1; -diff --git a/src/daemon/entry/cri/cri_container_manager_service_impl.cc b/src/daemon/entry/cri/cri_container_manager_service_impl.cc -index ff98df9b..2e65ab51 100644 ---- a/src/daemon/entry/cri/cri_container_manager_service_impl.cc -+++ b/src/daemon/entry/cri/cri_container_manager_service_impl.cc -@@ -296,8 +296,8 @@ auto ContainerManagerServiceImpl::GenerateCreateContainerCustomConfig( - - if (containerConfig.has_metadata()) { - if (append_json_map_string_string(custom_config->annotations, -- CRIHelpers::Constants::CONTAINER_NAME_ANNOTATION_KEY.c_str(), -- containerConfig.metadata().name().c_str()) != 0) { -+ CRIHelpers::Constants::CONTAINER_NAME_ANNOTATION_KEY.c_str(), -+ containerConfig.metadata().name().c_str()) != 0) { - error.SetError("Append container name into annotation failed"); - goto cleanup; - } -@@ -355,7 +355,10 @@ ContainerManagerServiceImpl::GenerateCreateContainerRequest(const std::string &r - request->id = util_strdup_s(cname.c_str()); - - if (!podSandboxRuntime.empty()) { -- request->runtime = util_strdup_s(podSandboxRuntime.c_str()); -+ request->runtime = CRIHelpers::cri_runtime_convert(podSandboxRuntime.c_str()); -+ if (request->runtime == nullptr) { -+ request->runtime = util_strdup_s(podSandboxRuntime.c_str()); -+ } - } - - if (!containerConfig.image().image().empty()) { -diff --git a/src/daemon/entry/cri/cri_helpers.cc b/src/daemon/entry/cri/cri_helpers.cc -index 137726e6..f45c669f 100644 ---- a/src/daemon/entry/cri/cri_helpers.cc -+++ b/src/daemon/entry/cri/cri_helpers.cc -@@ -32,6 +32,7 @@ - #include "path.h" - #include "utils.h" - #include "service_container_api.h" -+#include "isulad_config.h" - - namespace CRIHelpers { - const std::string Constants::POD_NETWORK_ANNOTATION_KEY { "network.alpha.kubernetes.io/network" }; -@@ -992,4 +993,42 @@ char *GenerateExecSuffix() - return exec_suffix; - } - -+char *cri_runtime_convert(const char *runtime) -+{ -+ char *runtime_val = nullptr; -+ json_map_string_string *cri_shimv2_runtimes = nullptr; -+ -+ if (runtime == nullptr) { -+ return nullptr; -+ } -+ -+ if (isulad_server_conf_rdlock()) { -+ ERROR("Lock isulad server conf failed"); -+ return nullptr; -+ } -+ -+ struct service_arguments *args = conf_get_server_conf(); -+ if (args == nullptr || args->json_confs == nullptr || args->json_confs->cri_runtimes == nullptr) { -+ ERROR("Cannot get cri runtime list"); -+ goto out; -+ } -+ -+ cri_shimv2_runtimes = args->json_confs->cri_runtimes; -+ for (size_t i = 0; i < cri_shimv2_runtimes->len; i++) { -+ if (cri_shimv2_runtimes->keys[i] == nullptr || cri_shimv2_runtimes->values[i] == nullptr) { -+ WARN("CRI runtimes key or value is null"); -+ continue; -+ } -+ -+ if (strcmp(runtime, cri_shimv2_runtimes->keys[i]) == 0) { -+ runtime_val = util_strdup_s(cri_shimv2_runtimes->values[i]); -+ break; -+ } -+ } -+ -+out: -+ (void)isulad_server_conf_unlock(); -+ return runtime_val; -+} -+ - } // namespace CRIHelpers -diff --git a/src/daemon/entry/cri/cri_helpers.h b/src/daemon/entry/cri/cri_helpers.h -index 450c899c..9eccc1da 100644 ---- a/src/daemon/entry/cri/cri_helpers.h -+++ b/src/daemon/entry/cri/cri_helpers.h -@@ -150,6 +150,8 @@ void RemoveContainer(service_executor_t *cb, const std::string &containerID, Err - void StopContainer(service_executor_t *cb, const std::string &containerID, int64_t timeout, Errors &error); - - char *GenerateExecSuffix(); -+ -+char *cri_runtime_convert(const char *runtime); - }; // namespace CRIHelpers - - #endif // DAEMON_ENTRY_CRI_CRI_HELPERS_H -diff --git a/src/daemon/entry/cri/cri_pod_sandbox_manager_service_impl.cc b/src/daemon/entry/cri/cri_pod_sandbox_manager_service_impl.cc -index 8801bea6..0f9ef044 100644 ---- a/src/daemon/entry/cri/cri_pod_sandbox_manager_service_impl.cc -+++ b/src/daemon/entry/cri/cri_pod_sandbox_manager_service_impl.cc -@@ -251,7 +251,10 @@ container_create_request *PodSandboxManagerServiceImpl::PackCreateContainerReque - create_request->id = util_strdup_s(sandboxName.c_str()); - - if (!runtimeHandler.empty()) { -- create_request->runtime = util_strdup_s(runtimeHandler.c_str()); -+ create_request->runtime = CRIHelpers::cri_runtime_convert(runtimeHandler.c_str()); -+ if (create_request->runtime == nullptr) { -+ create_request->runtime = util_strdup_s(runtimeHandler.c_str()); -+ } - } - - create_request->image = util_strdup_s(image.c_str()); --- -2.25.1 - diff --git a/0002-fix-memleak-when-use-multiple-volumes-from.patch b/0002-fix-memleak-when-use-multiple-volumes-from.patch deleted file mode 100644 index 40a0622..0000000 --- a/0002-fix-memleak-when-use-multiple-volumes-from.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 2e6f54021ee4b2b81fb0119714f1c4fffb4a031f Mon Sep 17 00:00:00 2001 -From: WangFengTu -Date: Fri, 19 Nov 2021 15:11:23 +0800 -Subject: [PATCH 02/14] fix memleak when use multiple --volumes-from - -Signed-off-by: WangFengTu ---- - src/daemon/modules/spec/specs_mount.c | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/src/daemon/modules/spec/specs_mount.c b/src/daemon/modules/spec/specs_mount.c -index 175a0fbe..6b6ac87d 100644 ---- a/src/daemon/modules/spec/specs_mount.c -+++ b/src/daemon/modules/spec/specs_mount.c -@@ -2773,6 +2773,11 @@ static int calc_volumes_from_len(host_config *host_spec, size_t *len) - if (cont->common_config != NULL && cont->common_config->mount_points != NULL) { - *len += cont->common_config->mount_points->len; - } -+ -+ free(id); -+ id = NULL; -+ container_unref(cont); -+ cont = NULL; - } - - out: --- -2.25.1 - diff --git a/0003-Modified-the-procedure-of-running-a-pod-to-adapt-to-.patch b/0003-Modified-the-procedure-of-running-a-pod-to-adapt-to-.patch deleted file mode 100644 index efde3b6..0000000 --- a/0003-Modified-the-procedure-of-running-a-pod-to-adapt-to-.patch +++ /dev/null @@ -1,1395 +0,0 @@ -From 1b3922edcd0c254b39d57d91b9e027069cd8c82f Mon Sep 17 00:00:00 2001 -From: chengzrz -Date: Mon, 22 Nov 2021 15:34:04 +0800 -Subject: [PATCH 03/14] Modified the procedure of running a pod to adapt to - kata 2.0 - -Signed-off-by: chengzrz ---- - src/common/constants.h | 2 + - src/daemon/entry/cri/cni_network_plugin.cc | 33 ++++- - src/daemon/entry/cri/cri_constants.cc | 1 + - src/daemon/entry/cri/cri_constants.h | 1 + - src/daemon/entry/cri/cri_helpers.cc | 1 + - src/daemon/entry/cri/cri_helpers.h | 1 + - .../cri_pod_sandbox_manager_service_impl.cc | 128 +++++++++++----- - .../cri_pod_sandbox_manager_service_impl.h | 2 +- - src/daemon/entry/cri/cri_security_context.cc | 3 + - .../executor/container_cb/execution_create.c | 65 +++++++++ - .../executor/container_cb/execution_network.c | 3 +- - .../executor/container_cb/execution_network.h | 1 - - .../modules/api/network_namespace_api.h | 35 +++++ - src/daemon/modules/api/specs_api.h | 4 +- - src/daemon/modules/container/container_unix.c | 1 + - .../modules/service/inspect_container.c | 35 +++++ - .../modules/service/network_namespace_api.c | 80 ++++++++++ - .../modules/service/service_container.c | 15 +- - src/daemon/modules/spec/specs.c | 64 ++++++-- - src/daemon/modules/spec/specs_namespace.c | 86 ++++++++++- - src/daemon/modules/spec/specs_namespace.h | 5 + - src/utils/cutils/namespace.h | 18 +++ - src/utils/cutils/utils_file.c | 23 +++ - src/utils/cutils/utils_file.h | 2 + - src/utils/cutils/utils_network.c | 138 ++++++++++++++++++ - src/utils/cutils/utils_network.h | 33 +++++ - 26 files changed, 713 insertions(+), 67 deletions(-) - create mode 100644 src/daemon/modules/api/network_namespace_api.h - create mode 100644 src/daemon/modules/service/network_namespace_api.c - create mode 100644 src/utils/cutils/utils_network.c - create mode 100644 src/utils/cutils/utils_network.h - -diff --git a/src/common/constants.h b/src/common/constants.h -index 94640fa5..cb6ce189 100644 ---- a/src/common/constants.h -+++ b/src/common/constants.h -@@ -129,6 +129,8 @@ extern "C" { - #define EVENT_ARGS_MAX 255 - #define EVENT_EXTRA_ANNOTATION_MAX 255 - -+#define NETNS_LEN 16 -+ - /* container id max length */ - #define CONTAINER_ID_MAX_LEN 64 - -diff --git a/src/daemon/entry/cri/cni_network_plugin.cc b/src/daemon/entry/cri/cni_network_plugin.cc -index 35273c3e..ffdbeb10 100644 ---- a/src/daemon/entry/cri/cni_network_plugin.cc -+++ b/src/daemon/entry/cri/cni_network_plugin.cc -@@ -28,6 +28,7 @@ - #include "utils.h" - #include "errors.h" - #include "service_container_api.h" -+#include "network_namespace_api.h" - - namespace Network { - static auto GetLoNetwork(std::vector binDirs) -> std::unique_ptr -@@ -486,9 +487,15 @@ void CniNetworkPlugin::SetUpPod(const std::string &ns, const std::string &name, - if (err.NotEmpty()) { - return; - } -- std::string netnsPath = GetNetNS(id, err); -- if (err.NotEmpty()) { -- ERROR("CNI failed to retrieve network namespace path: %s", err.GetCMessage()); -+ -+ auto iter = annotations.find(CRIHelpers::Constants::POD_SANDBOX_KEY); -+ if (iter == annotations.end()) { -+ ERROR("Failed to find sandbox key from annotations"); -+ return; -+ } -+ const std::string netnsPath = iter->second; -+ if (netnsPath.length() == 0) { -+ ERROR("Failed to get network namespace path"); - return; - } - -@@ -517,7 +524,6 @@ void CniNetworkPlugin::SetUpPod(const std::string &ns, const std::string &name, - err.AppendError(tmpErr.GetMessage()); - } - } -- - UnlockNetworkMap(err); - } - -@@ -593,10 +599,21 @@ void CniNetworkPlugin::TearDownPod(const std::string &ns, const std::string &nam - } - Errors tmpErr; - -- std::string netnsPath = GetNetNS(id, err); -- if (err.NotEmpty()) { -- WARN("CNI failed to retrieve network namespace path: %s", err.GetCMessage()); -- err.Clear(); -+ auto iter = annotations.find(CRIHelpers::Constants::POD_SANDBOX_KEY); -+ if (iter == annotations.end()) { -+ ERROR("Failed to find sandbox key from annotations"); -+ return; -+ } -+ std::string netnsPath = iter->second; -+ if (netnsPath.length() == 0) { -+ ERROR("Failed to get network namespace path"); -+ return; -+ } -+ -+ // When netns file does not exist, netnsPath is assigned to an -+ // empty string so that lxc can handle the path properly -+ if (!util_file_exists(netnsPath.c_str())) { -+ netnsPath = ""; - } - - RLockNetworkMap(err); -diff --git a/src/daemon/entry/cri/cri_constants.cc b/src/daemon/entry/cri/cri_constants.cc -index b557d56a..265e38e5 100644 ---- a/src/daemon/entry/cri/cri_constants.cc -+++ b/src/daemon/entry/cri/cri_constants.cc -@@ -16,6 +16,7 @@ - - namespace CRI { - const std::string Constants::namespaceModeHost { "host" }; -+const std::string Constants::namespaceModeFile { "file" }; - const std::string Constants::nameDelimiter { "_" }; - const std::string Constants::kubePrefix { "k8s" }; - const std::string Constants::sandboxContainerName { "POD" }; -diff --git a/src/daemon/entry/cri/cri_constants.h b/src/daemon/entry/cri/cri_constants.h -index 4e964714..95b82660 100644 ---- a/src/daemon/entry/cri/cri_constants.h -+++ b/src/daemon/entry/cri/cri_constants.h -@@ -20,6 +20,7 @@ namespace CRI { - class Constants { - public: - const static std::string namespaceModeHost; -+ const static std::string namespaceModeFile; - // sandboxname default values - const static std::string nameDelimiter; - constexpr static char nameDelimiterChar { '_' }; -diff --git a/src/daemon/entry/cri/cri_helpers.cc b/src/daemon/entry/cri/cri_helpers.cc -index f45c669f..525d65a0 100644 ---- a/src/daemon/entry/cri/cri_helpers.cc -+++ b/src/daemon/entry/cri/cri_helpers.cc -@@ -42,6 +42,7 @@ const std::string Constants::CONTAINER_TYPE_LABEL_CONTAINER { "container" }; - const std::string Constants::CONTAINER_LOGPATH_LABEL_KEY { "cri.container.logpath" }; - const std::string Constants::CONTAINER_HUGETLB_ANNOTATION_KEY { "cri.container.hugetlblimit" }; - const std::string Constants::SANDBOX_ID_LABEL_KEY { "cri.sandbox.id" }; -+const std::string Constants::POD_SANDBOX_KEY { "sandboxkey" }; - const std::string Constants::KUBERNETES_CONTAINER_NAME_LABEL { "io.kubernetes.container.name" }; - const std::string Constants::POD_INFRA_CONTAINER_NAME { "POD" }; - const std::string Constants::DOCKER_IMAGEID_PREFIX { "docker://" }; -diff --git a/src/daemon/entry/cri/cri_helpers.h b/src/daemon/entry/cri/cri_helpers.h -index 9eccc1da..5c2f6517 100644 ---- a/src/daemon/entry/cri/cri_helpers.h -+++ b/src/daemon/entry/cri/cri_helpers.h -@@ -39,6 +39,7 @@ public: - static const std::string CONTAINER_LOGPATH_LABEL_KEY; - static const std::string CONTAINER_HUGETLB_ANNOTATION_KEY; - static const std::string SANDBOX_ID_LABEL_KEY; -+ static const std::string POD_SANDBOX_KEY; - static const std::string KUBERNETES_CONTAINER_NAME_LABEL; - static const std::string POD_INFRA_CONTAINER_NAME; - // DOCKER_IMAGEID_PREFIX is the prefix of image id in container status. -diff --git a/src/daemon/entry/cri/cri_pod_sandbox_manager_service_impl.cc b/src/daemon/entry/cri/cri_pod_sandbox_manager_service_impl.cc -index 0f9ef044..eb1cd09f 100644 ---- a/src/daemon/entry/cri/cri_pod_sandbox_manager_service_impl.cc -+++ b/src/daemon/entry/cri/cri_pod_sandbox_manager_service_impl.cc -@@ -13,6 +13,8 @@ - * Description: provide cri pod sandbox manager service implementation - *********************************************************************************/ - #include "cri_pod_sandbox_manager_service_impl.h" -+ -+#include - #include "isula_libutils/log.h" - #include "isula_libutils/host_config.h" - #include "isula_libutils/container_config.h" -@@ -24,7 +26,11 @@ - #include "naming.h" - #include "service_container_api.h" - #include "cxxutils.h" -+#include "network_namespace_api.h" - #include "cri_image_manager_service_impl.h" -+#include "utils_network.h" -+#include "namespace.h" -+#include "constants.h" - - namespace CRI { - auto PodSandboxManagerServiceImpl::EnsureSandboxImageExists(const std::string &image, Errors &error) -> bool -@@ -49,7 +55,8 @@ auto PodSandboxManagerServiceImpl::EnsureSandboxImageExists(const std::string &i - } - - void PodSandboxManagerServiceImpl::ApplySandboxLinuxOptions(const runtime::v1alpha2::LinuxPodSandboxConfig &lc, -- host_config *hc, container_config *custom_config, Errors &error) -+ host_config *hc, container_config *custom_config, -+ Errors &error) - { - CRISecurity::ApplySandboxSecurityContext(lc, custom_config, hc, error); - if (error.NotEmpty()) { -@@ -279,8 +286,8 @@ error_out: - } - - container_create_request *PodSandboxManagerServiceImpl::GenerateSandboxCreateContainerRequest( -- const runtime::v1alpha2::PodSandboxConfig &config, const std::string &image, -- std::string &jsonCheckpoint, const std::string &runtimeHandler, Errors &error) -+ const runtime::v1alpha2::PodSandboxConfig &config, const std::string &image, std::string &jsonCheckpoint, -+ const std::string &runtimeHandler, Errors &error) - { - container_create_request *create_request = nullptr; - host_config *hostconfig = nullptr; -@@ -338,7 +345,8 @@ cleanup: - - auto PodSandboxManagerServiceImpl::CreateSandboxContainer(const runtime::v1alpha2::PodSandboxConfig &config, - const std::string &image, std::string &jsonCheckpoint, -- const std::string &runtimeHandler, Errors &error) -> std::string -+ const std::string &runtimeHandler, Errors &error) -+-> std::string - { - std::string response_id; - container_create_request *create_request = -@@ -464,16 +472,12 @@ cleanup: - } - - void PodSandboxManagerServiceImpl::SetupSandboxNetwork(const runtime::v1alpha2::PodSandboxConfig &config, -- const std::string &response_id, const std::string &jsonCheckpoint, -- Errors &error) -+ const std::string &response_id, -+ const std::string &jsonCheckpoint, const container_inspect *inspect_data, Errors &error) - { - std::map stdAnnos; - std::map networkOptions; -- -- container_inspect *inspect_data = CRIHelpers::InspectContainer(response_id, error, false); -- if (error.NotEmpty()) { -- return; -- } -+ const char* sandbox_key = get_sandbox_key(inspect_data); - - // Setup sandbox files - if (config.has_dns_config() && inspect_data->resolv_conf_path != nullptr) { -@@ -493,7 +497,10 @@ void PodSandboxManagerServiceImpl::SetupSandboxNetwork(const runtime::v1alpha2:: - CRIHelpers::ProtobufAnnoMapToStd(config.annotations(), stdAnnos); - stdAnnos[CRIHelpers::Constants::POD_CHECKPOINT_KEY] = jsonCheckpoint; - networkOptions["UID"] = config.metadata().uid(); -- -+ if (sandbox_key == NULL) { -+ goto cleanup; -+ } -+ stdAnnos.insert(std::pair(CRIHelpers::Constants::POD_SANDBOX_KEY, sandbox_key)); - m_pluginManager->SetUpPod(config.metadata().namespace_(), config.metadata().name(), - Network::DEFAULT_NETWORK_INTERFACE_NAME, response_id, stdAnnos, networkOptions, error); - if (error.NotEmpty()) { -@@ -503,15 +510,16 @@ void PodSandboxManagerServiceImpl::SetupSandboxNetwork(const runtime::v1alpha2:: - } - - cleanup: -- free_container_inspect(inspect_data); -+ return; - } - -- - auto PodSandboxManagerServiceImpl::RunPodSandbox(const runtime::v1alpha2::PodSandboxConfig &config, - const std::string &runtimeHandler, Errors &error) -> std::string - { - std::string response_id; - std::string jsonCheckpoint; -+ container_inspect *inspect_data = nullptr; -+ char *netnsPath = nullptr; - - if (m_cb == nullptr || m_cb->container.create == nullptr || m_cb->container.start == nullptr) { - error.SetError("Unimplemented callback"); -@@ -539,13 +547,33 @@ auto PodSandboxManagerServiceImpl::RunPodSandbox(const runtime::v1alpha2::PodSan - error.Clear(); - } - -- // Step 4: Start the sandbox container. -- StartSandboxContainer(response_id, error); -+ // Step 4: mount network namespace when network mode is file -+ inspect_data = CRIHelpers::InspectContainer(response_id, error, true); - if (error.NotEmpty()) { - goto cleanup; - } -+ if (inspect_data == nullptr || inspect_data->host_config == nullptr) { -+ error.Errorf("Failed to retrieve inspect data"); -+ ERROR("Failed to retrieve inspect data"); -+ goto cleanup; -+ } -+ netnsPath = get_sandbox_key(inspect_data); -+ if (namespace_is_file(inspect_data->host_config->network_mode)) { -+ if (!util_file_exists(netnsPath) || util_mount_namespace(netnsPath) != 0) { -+ error.Errorf("Failed to mount network namespace"); -+ ERROR("Failed to mount network namespace"); -+ goto cleanup; -+ } -+ } -+ - // Step 5: Setup networking for the sandbox. -- SetupSandboxNetwork(config, response_id, jsonCheckpoint, error); -+ SetupSandboxNetwork(config, response_id, jsonCheckpoint, inspect_data, error); -+ if (error.NotEmpty()) { -+ goto cleanup; -+ } -+ -+ // Step 6: Start the sandbox container. -+ StartSandboxContainer(response_id, error); - if (error.NotEmpty()) { - goto cleanup; - } -@@ -555,13 +583,21 @@ cleanup: - SetNetworkReady(response_id, true, error); - DEBUG("set %s ready", response_id.c_str()); - error.Clear(); -+ } else { -+ if (netnsPath != nullptr && remove_network_namespace(netnsPath) != 0) { -+ ERROR("Failed to remove network namespace"); -+ } - } -+ free_container_inspect(inspect_data); -+ free(netnsPath); - return response_id; - } - - auto PodSandboxManagerServiceImpl::GetRealSandboxIDToStop(const std::string &podSandboxID, bool &hostNetwork, -- std::string &name, std::string &ns, std::string &realSandboxID, -- std::map &stdAnnos, Errors &error) -> int -+ std::string &name, std::string &ns, -+ std::string &realSandboxID, -+ std::map &stdAnnos, Errors &error) -+-> int - { - Errors statusErr; - -@@ -670,16 +706,32 @@ auto PodSandboxManagerServiceImpl::GetNetworkReady(const std::string &podSandbox - } - - auto PodSandboxManagerServiceImpl::ClearCniNetwork(const std::string &realSandboxID, bool hostNetwork, -- const std::string &ns, -- const std::string &name, std::vector &errlist, -+ const std::string &ns, const std::string &name, -+ std::vector &errlist, - std::map &stdAnnos, Errors & - /*error*/) -> int - { - Errors networkErr; -+ container_inspect* inspect_data = nullptr; - - bool ready = GetNetworkReady(realSandboxID, networkErr); - if (!hostNetwork && (ready || networkErr.NotEmpty())) { - Errors pluginErr; -+ -+ // hostNetwork has indicated network mode which render host config unnecessary -+ // so that with_host_config is set to be false. -+ inspect_data = CRIHelpers::InspectContainer(realSandboxID, pluginErr, false); -+ if (pluginErr.NotEmpty()) { -+ ERROR("Failed to inspect container"); -+ } -+ -+ char* netnsPath = get_sandbox_key(inspect_data); -+ if (netnsPath == nullptr) { -+ ERROR("Failed to get network namespace path"); -+ return 0; -+ } -+ -+ stdAnnos.insert(std::pair(CRIHelpers::Constants::POD_SANDBOX_KEY, netnsPath)); - m_pluginManager->TearDownPod(ns, name, Network::DEFAULT_NETWORK_INTERFACE_NAME, realSandboxID, stdAnnos, - pluginErr); - if (pluginErr.NotEmpty()) { -@@ -691,8 +743,13 @@ auto PodSandboxManagerServiceImpl::ClearCniNetwork(const std::string &realSandbo - if (pluginErr.NotEmpty()) { - WARN("set network ready: %s", pluginErr.GetCMessage()); - } -+ // umount netns when cni removed network successfully -+ if (util_umount_namespace(netnsPath) != 0) { -+ ERROR("Failed to umount directory %s:%s", netnsPath, strerror(errno)); -+ } - } - } -+ free_container_inspect(inspect_data); - return 0; - } - -@@ -806,7 +863,6 @@ void PodSandboxManagerServiceImpl::ClearNetworkReady(const std::string &podSandb - } - } - -- - int PodSandboxManagerServiceImpl::DoRemovePodSandbox(const std::string &realSandboxID, std::vector &errors) - { - int ret = 0; -@@ -878,8 +934,8 @@ cleanup: - error.SetAggregate(errors); - } - --auto PodSandboxManagerServiceImpl::SharesHostNetwork(const container_inspect *inspect) -> --runtime::v1alpha2::NamespaceMode -+auto PodSandboxManagerServiceImpl::SharesHostNetwork(const container_inspect *inspect) -+-> runtime::v1alpha2::NamespaceMode - { - if (inspect != nullptr && inspect->host_config != nullptr && (inspect->host_config->network_mode != nullptr) && - std::string(inspect->host_config->network_mode) == CRI::Constants::namespaceModeHost) { -@@ -1032,10 +1088,9 @@ void PodSandboxManagerServiceImpl::GetIPs(const std::string &podSandboxID, const - error.Clear(); - } - --void PodSandboxManagerServiceImpl::SetSandboxStatusNetwork(const container_inspect *inspect, -- const std::string &podSandboxID, -- std::unique_ptr &podStatus, -- Errors &error) -+void PodSandboxManagerServiceImpl::SetSandboxStatusNetwork( -+ const container_inspect *inspect, const std::string &podSandboxID, -+ std::unique_ptr &podStatus, Errors &error) - { - std::vector ips; - size_t i; -@@ -1052,10 +1107,9 @@ void PodSandboxManagerServiceImpl::SetSandboxStatusNetwork(const container_inspe - } - } - --void PodSandboxManagerServiceImpl::PodSandboxStatusToGRPC(const container_inspect *inspect, -- const std::string &podSandboxID, -- std::unique_ptr &podStatus, -- Errors &error) -+void PodSandboxManagerServiceImpl::PodSandboxStatusToGRPC( -+ const container_inspect *inspect, const std::string &podSandboxID, -+ std::unique_ptr &podStatus, Errors &error) - { - int64_t createdAt {}; - runtime::v1alpha2::NamespaceOption *options { nullptr }; -@@ -1129,8 +1183,8 @@ PodSandboxManagerServiceImpl::PodSandboxStatus(const std::string &podSandboxID, - } - - void PodSandboxManagerServiceImpl::ListPodSandboxFromGRPC(const runtime::v1alpha2::PodSandboxFilter *filter, -- container_list_request **request, bool *filterOutReadySandboxes, -- Errors &error) -+ container_list_request **request, -+ bool *filterOutReadySandboxes, Errors &error) - { - *request = (container_list_request *)util_common_calloc_s(sizeof(container_list_request)); - if (*request == nullptr) { -@@ -1175,9 +1229,9 @@ void PodSandboxManagerServiceImpl::ListPodSandboxFromGRPC(const runtime::v1alpha - } - } - --void PodSandboxManagerServiceImpl::ListPodSandboxToGRPC(container_list_response *response, -- std::vector> *pods, -- bool filterOutReadySandboxes, Errors &error) -+void PodSandboxManagerServiceImpl::ListPodSandboxToGRPC( -+ container_list_response *response, std::vector> *pods, -+ bool filterOutReadySandboxes, Errors &error) - { - for (size_t i = 0; i < response->containers_len; i++) { - std::unique_ptr pod(new runtime::v1alpha2::PodSandbox); -diff --git a/src/daemon/entry/cri/cri_pod_sandbox_manager_service_impl.h b/src/daemon/entry/cri/cri_pod_sandbox_manager_service_impl.h -index fa5d153c..34907fa6 100644 ---- a/src/daemon/entry/cri/cri_pod_sandbox_manager_service_impl.h -+++ b/src/daemon/entry/cri/cri_pod_sandbox_manager_service_impl.h -@@ -82,7 +82,7 @@ private: - void SetNetworkReady(const std::string &podSandboxID, bool ready, Errors &error); - void StartSandboxContainer(const std::string &response_id, Errors &error); - void SetupSandboxNetwork(const runtime::v1alpha2::PodSandboxConfig &config, const std::string &response_id, -- const std::string &jsonCheckpoint, Errors &error); -+ const std::string &jsonCheckpoint, const container_inspect *inspect_data, Errors &error); - void SetupSandboxFiles(const std::string &resolvPath, const runtime::v1alpha2::PodSandboxConfig &config, - Errors &error); - void StopContainerHelper(const std::string &containerID, Errors &error); -diff --git a/src/daemon/entry/cri/cri_security_context.cc b/src/daemon/entry/cri/cri_security_context.cc -index b6a5fcdc..3ff8a0cb 100644 ---- a/src/daemon/entry/cri/cri_security_context.cc -+++ b/src/daemon/entry/cri/cri_security_context.cc -@@ -169,6 +169,9 @@ static void ModifyHostNetworkOptionForSandbox(const runtime::v1alpha2::Namespace - hostConfig->network_mode = util_strdup_s(CRI::Constants::namespaceModeHost.c_str()); - free(hostConfig->uts_mode); - hostConfig->uts_mode = util_strdup_s(CRI::Constants::namespaceModeHost.c_str()); -+ } else { -+ free(hostConfig->network_mode); -+ hostConfig->network_mode = util_strdup_s(CRI::Constants::namespaceModeFile.c_str()); - } - // Note: default networkMode is not supported - } -diff --git a/src/daemon/executor/container_cb/execution_create.c b/src/daemon/executor/container_cb/execution_create.c -index 05c0fd78..95a7d9ab 100644 ---- a/src/daemon/executor/container_cb/execution_create.c -+++ b/src/daemon/executor/container_cb/execution_create.c -@@ -46,6 +46,7 @@ - #include "utils.h" - #include "error.h" - #include "constants.h" -+#include "namespace.h" - #include "events_sender_api.h" - #include "sysinfo.h" - #include "service_container_api.h" -@@ -58,6 +59,7 @@ - #include "utils_verify.h" - #include "selinux_label.h" - #include "opt_log.h" -+#include "network_namespace_api.h" - - static int do_init_cpurt_cgroups_path(const char *path, int recursive_depth, const char *mnt_root, - int64_t cpu_rt_period, int64_t cpu_rt_runtime); -@@ -1395,6 +1397,63 @@ out: - return res; - } - -+static char *new_pod_sandbox_key(void) -+{ -+ int nret = 0; -+ char random[NETNS_LEN + 1] = { 0x00 }; -+ char netns[PATH_MAX] = { 0x00 }; -+ const char *netns_fmt = "/var/run/netns/isulacni-%s"; -+ -+ nret = util_generate_random_str(random, NETNS_LEN); -+ if (nret != 0) { -+ ERROR("Failed to generate random netns"); -+ return NULL; -+ } -+ -+ nret = snprintf(netns, sizeof(netns), netns_fmt, random); -+ if (nret < 0 || (size_t)nret >= sizeof(netns)) { -+ ERROR("snprintf netns failed"); -+ return NULL; -+ } -+ -+ return util_strdup_s(netns); -+} -+ -+static int generate_network_settings(const host_config *host_config, container_config_v2_common_config *v2_spec) -+{ -+ container_config_v2_common_config_network_settings *settings = NULL; -+ -+ if (!namespace_is_file(host_config->network_mode)) { -+ return 0; -+ } -+ -+ settings = (container_config_v2_common_config_network_settings *)util_common_calloc_s(sizeof( -+ container_config_v2_common_config_network_settings)); -+ if (settings == NULL) { -+ ERROR("Out of memory"); -+ return -1; -+ } -+ -+ settings->sandbox_key = new_pod_sandbox_key(); -+ if (settings->sandbox_key == NULL) { -+ ERROR("Failed to generate sandbox key"); -+ goto err_out; -+ } -+ -+ if (prepare_network_namespace(settings->sandbox_key) != 0) { -+ ERROR("Failed to create network namespace"); -+ goto err_out; -+ } -+ -+ v2_spec->network_settings = settings; -+ -+ return 0; -+ -+err_out: -+ free_container_config_v2_common_config_network_settings(settings); -+ return -1; -+} -+ - static int cpurt_controller_init(const char *cgroups_path) - { - int ret = 0; -@@ -1568,6 +1627,12 @@ int container_create_cb(const container_create_request *request, container_creat - goto umount_shm; - } - -+ if (generate_network_settings(host_spec, v2_spec) != 0) { -+ ERROR("Failed to generate network settings"); -+ cc = ISULAD_ERR_EXEC; -+ goto umount_shm; -+ } -+ - if (merge_config_for_syscontainer(request, host_spec, v2_spec->config, oci_spec) != 0) { - ERROR("Failed to merge config for syscontainer"); - cc = ISULAD_ERR_EXEC; -diff --git a/src/daemon/executor/container_cb/execution_network.c b/src/daemon/executor/container_cb/execution_network.c -index 2c662bc1..5532e3fc 100644 ---- a/src/daemon/executor/container_cb/execution_network.c -+++ b/src/daemon/executor/container_cb/execution_network.c -@@ -34,6 +34,7 @@ - #include "err_msg.h" - #include "utils_file.h" - #include "utils_string.h" -+#include "network_namespace_api.h" - - static int write_hostname_to_file(const char *rootfs, const char *hostname) - { -@@ -1038,4 +1039,4 @@ int init_container_network_confs(const char *id, const char *rootpath, const hos - - out: - return ret; --} -+} -\ No newline at end of file -diff --git a/src/daemon/executor/container_cb/execution_network.h b/src/daemon/executor/container_cb/execution_network.h -index dee56fed..b6428b05 100644 ---- a/src/daemon/executor/container_cb/execution_network.h -+++ b/src/daemon/executor/container_cb/execution_network.h -@@ -29,7 +29,6 @@ extern "C" { - int merge_network(const host_config *host_spec, const char *rootfs, const char *runtime_root, - const char *id, const char *hostname); - -- - int init_container_network_confs(const char *id, const char *rootpath, const host_config *hc, - container_config_v2_common_config *common_config); - -diff --git a/src/daemon/modules/api/network_namespace_api.h b/src/daemon/modules/api/network_namespace_api.h -new file mode 100644 -index 00000000..9a18b1c0 ---- /dev/null -+++ b/src/daemon/modules/api/network_namespace_api.h -@@ -0,0 +1,35 @@ -+/****************************************************************************** -+ * Copyright (c) Huawei Technologies Co., Ltd. 2021. All rights reserved. -+ * iSulad licensed under the Mulan PSL v2. -+ * You can use this software according to the terms and conditions of the Mulan PSL v2. -+ * You may obtain a copy of Mulan PSL v2 at: -+ * http://license.coscl.org.cn/MulanPSL2 -+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR -+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR -+ * PURPOSE. -+ * See the Mulan PSL v2 for more details. -+ * Author: chengzeruizhi -+ * Create: 2021-10-19 -+ * Description: set up CRI network namespace -+ *********************************************************************************/ -+ -+#ifndef DAEMON_MODULES_API_NETWORK_NAMESPACE_API -+#define DAEMON_MODULES_API_NETWORK_NAMESPACE_API -+ -+#include -+ -+#include "container_api.h" -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+int prepare_network_namespace(const char *netns_path); -+int remove_network_namespace(const char *netns); -+char *get_sandbox_key(const container_inspect *inspect_data); -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif // DAEMON_MODULES_API_NETWORK_NAMESPACE_API -diff --git a/src/daemon/modules/api/specs_api.h b/src/daemon/modules/api/specs_api.h -index 6c4db007..c4ad79aa 100644 ---- a/src/daemon/modules/api/specs_api.h -+++ b/src/daemon/modules/api/specs_api.h -@@ -37,7 +37,9 @@ int save_oci_config(const char *id, const char *rootpath, const oci_runtime_spec - int parse_security_opt(const host_config *host_spec, bool *no_new_privileges, char ***label_opts, - size_t *label_opts_len, char **seccomp_profile); - --int merge_share_namespace(oci_runtime_spec *oci_spec, const host_config *host_spec); -+int merge_share_namespace(oci_runtime_spec *oci_spec, const host_config *host_spec, -+ const container_config_v2_common_config_network_settings *network_settings); -+ - #ifdef __cplusplus - } - #endif -diff --git a/src/daemon/modules/container/container_unix.c b/src/daemon/modules/container/container_unix.c -index 1904161e..98f91ea9 100644 ---- a/src/daemon/modules/container/container_unix.c -+++ b/src/daemon/modules/container/container_unix.c -@@ -45,6 +45,7 @@ - #include "utils_file.h" - #include "utils_string.h" - #include "volume_api.h" -+#include "namespace.h" - - static int parse_container_log_configs(container_t *cont); - -diff --git a/src/daemon/modules/service/inspect_container.c b/src/daemon/modules/service/inspect_container.c -index d678f7bb..b060fe12 100644 ---- a/src/daemon/modules/service/inspect_container.c -+++ b/src/daemon/modules/service/inspect_container.c -@@ -31,6 +31,7 @@ - #include "container_api.h" - #include "isulad_config.h" - #include "err_msg.h" -+#include "namespace.h" - - static int dup_path_and_args(const container_t *cont, char **path, char ***args, size_t *args_len) - { -@@ -458,6 +459,36 @@ out: - return ret; - } - -+static int pack_inspect_network_settings(const container_t *cont, container_inspect *inspect) -+{ -+ if (cont == NULL || cont->common_config == NULL) { -+ ERROR("Failed to get v2 common config from container"); -+ return -1; -+ } -+ -+ if (!namespace_is_file(cont->hostconfig->network_mode)) { -+ return 0; -+ } -+ -+ if (cont->common_config->network_settings == NULL) { -+ ERROR("Failed to get network settings from container"); -+ return -1; -+ } -+ -+ if (inspect->network_settings == NULL) { -+ inspect->network_settings = -+ (container_inspect_network_settings *)util_common_calloc_s(sizeof(container_inspect_network_settings)); -+ if (inspect->network_settings == NULL) { -+ ERROR("Out of memory"); -+ return -1; -+ } -+ } -+ -+ inspect->network_settings->sandbox_key = util_strdup_s(cont->common_config->network_settings->sandbox_key); -+ -+ return 0; -+} -+ - static int merge_default_ulimit_with_ulimit(container_inspect *out_inspect) - { - int ret = 0; -@@ -509,6 +540,10 @@ static container_inspect *pack_inspect_data(const container_t *cont, bool with_h - ERROR("Failed to pack inspect general data, continue to pack other information"); - } - -+ if (pack_inspect_network_settings(cont, inspect) != 0) { -+ ERROR("Failed to pack inspect network settings, continue to pack other information"); -+ } -+ - if (pack_inspect_container_state(cont, inspect) != 0) { - ERROR("Failed to pack inspect state data, continue to pack other information"); - } -diff --git a/src/daemon/modules/service/network_namespace_api.c b/src/daemon/modules/service/network_namespace_api.c -new file mode 100644 -index 00000000..e28e6f74 ---- /dev/null -+++ b/src/daemon/modules/service/network_namespace_api.c -@@ -0,0 +1,80 @@ -+/****************************************************************************** -+ * Copyright (c) Huawei Technologies Co., Ltd. 2021. All rights reserved. -+ * iSulad licensed under the Mulan PSL v2. -+ * You can use this software according to the terms and conditions of the Mulan PSL v2. -+ * You may obtain a copy of Mulan PSL v2 at: -+ * http://license.coscl.org.cn/MulanPSL2 -+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR -+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR -+ * PURPOSE. -+ * See the Mulan PSL v2 for more details. -+ * Author: chengzeruizhi -+ * Create: 2021-10-19 -+ * Description: set up CRI network namespace -+ *********************************************************************************/ -+#define _GNU_SOURCE -+ -+#include "network_namespace_api.h" -+ -+#include -+ -+#include "utils_network.h" -+ -+int prepare_network_namespace(const char *netns_path) -+{ -+ if (netns_path == NULL) { -+ ERROR("Invalid netns_path"); -+ return -1; -+ } -+ -+ if (util_create_netns_file(netns_path) != 0) { -+ ERROR("Failed to prepare network namespace file"); -+ return -1; -+ } -+ -+ return 0; -+} -+ -+int remove_network_namespace(const char *netns_path) -+{ -+ int get_err = 0; -+ -+ if (netns_path == NULL) { -+ ERROR("Invalid netns_path"); -+ return -1; -+ } -+ -+ if (!util_file_exists(netns_path)) { -+ WARN("Namespace file does not exist"); -+ return 0; -+ } -+ -+ if (umount2(netns_path, MNT_DETACH) != 0 && errno != EINVAL) { -+ ERROR("Failed to umount directory %s:%s", netns_path, strerror(errno)); -+ return -1; -+ } -+ -+ if (!util_force_remove_file(netns_path, &get_err)) { -+ ERROR("Failed to remove file %s, error: %s", netns_path, strerror(get_err)); -+ return -1; -+ } -+ -+ return 0; -+} -+ -+char *get_sandbox_key(const container_inspect *inspect_data) -+{ -+ char *sandbox_key = NULL; -+ -+ if (inspect_data == NULL) { -+ ERROR("Invalid container"); -+ return NULL; -+ } -+ if (inspect_data->network_settings == NULL) { -+ ERROR("Inspect data does not have network settings"); -+ return NULL; -+ } -+ sandbox_key = util_strdup_s(inspect_data->network_settings->sandbox_key); -+ -+ return sandbox_key; -+} -\ No newline at end of file -diff --git a/src/daemon/modules/service/service_container.c b/src/daemon/modules/service/service_container.c -index 0bcfb0e9..27288f6d 100644 ---- a/src/daemon/modules/service/service_container.c -+++ b/src/daemon/modules/service/service_container.c -@@ -59,6 +59,8 @@ - #include "utils_string.h" - #include "utils_verify.h" - #include "volume_api.h" -+#include "utils_network.h" -+#include "network_namespace_api.h" - - #define KATA_RUNTIME "kata-runtime" - -@@ -227,7 +229,7 @@ static int renew_oci_config(const container_t *cont, oci_runtime_spec *oci_spec) - goto out; - } - -- ret = merge_share_namespace(oci_spec, cont->hostconfig); -+ ret = merge_share_namespace(oci_spec, cont->hostconfig, cont->common_config->network_settings); - if (ret != 0) { - ERROR("Failed to merge share ns"); - goto out; -@@ -895,6 +897,10 @@ int start_container(container_t *cont, const char *console_fifos[], bool reset_r - } - - set_stopped: -+ if (namespace_is_file(cont->hostconfig->network_mode) && -+ util_umount_namespace(cont->common_config->network_settings->sandbox_key) != 0) { -+ ERROR("Failed to clean up network namespace"); -+ } - container_state_set_error(cont->state, (const char *)g_isulad_errmsg); - util_contain_errmsg(g_isulad_errmsg, &exit_code); - container_state_set_stopped(cont->state, exit_code); -@@ -1085,6 +1091,13 @@ static int do_delete_container(container_t *cont) - goto out; - } - -+ // clean up mounted network namespace -+ if (cont->common_config->network_settings != NULL && -+ util_file_exists(cont->common_config->network_settings->sandbox_key) -+ && remove_network_namespace(cont->common_config->network_settings->sandbox_key) != 0) { -+ ERROR("Failed to remove network when deleting container %s", cont->common_config->id); -+ } -+ - ret = snprintf(container_state, sizeof(container_state), "%s/%s", statepath, id); - if (ret < 0 || (size_t)ret >= sizeof(container_state)) { - ERROR("Failed to sprintf container_state"); -diff --git a/src/daemon/modules/spec/specs.c b/src/daemon/modules/spec/specs.c -index d8d05ba0..fc53bd14 100644 ---- a/src/daemon/modules/spec/specs.c -+++ b/src/daemon/modules/spec/specs.c -@@ -22,14 +22,14 @@ - #include - #include - #include -+#include -+#include -+#include -+#include - #include - #include - --#include "isula_libutils/log.h" - #include "specs_api.h" --#include "isula_libutils/oci_runtime_spec.h" --#include "isula_libutils/oci_runtime_hooks.h" --#include "isula_libutils/host_config.h" - #include "utils.h" - #include "isulad_config.h" - #include "namespace.h" -@@ -1377,10 +1377,9 @@ out: - return ret; - } - --static int merge_share_namespace_helper(const oci_runtime_spec *oci_spec, const char *path, const char *type) -+static int merge_share_namespace_helper(const oci_runtime_spec *oci_spec, const char *ns_path, const char *type) - { - int ret = -1; -- char *ns_path = NULL; - size_t len = 0; - size_t org_len = 0; - size_t i = 0; -@@ -1390,11 +1389,6 @@ static int merge_share_namespace_helper(const oci_runtime_spec *oci_spec, const - len = oci_spec->linux->namespaces_len; - work_ns = oci_spec->linux->namespaces; - -- ret = get_share_namespace_path(type, path, &ns_path); -- if (ret != 0) { -- ERROR("Failed to get share ns type:%s path:%s", type, path); -- goto out; -- } - for (i = 0; i < org_len; i++) { - if (strcmp(type, work_ns[i]->type) == 0) { - free(work_ns[i]->path); -@@ -1433,7 +1427,6 @@ static int merge_share_namespace_helper(const oci_runtime_spec *oci_spec, const - } - ret = 0; - out: -- free(ns_path); - if (work_ns != NULL) { - oci_spec->linux->namespaces = work_ns; - oci_spec->linux->namespaces_len = len; -@@ -1443,14 +1436,55 @@ out: - - static int merge_share_single_namespace(const oci_runtime_spec *oci_spec, const char *path, const char *type) - { -+ int ret = 0; -+ char *ns_path = NULL; -+ - if (path == NULL) { - return 0; - } - -- return merge_share_namespace_helper(oci_spec, path, type); -+ ret = get_share_namespace_path(type, path, &ns_path); -+ if (ret != 0) { -+ ERROR("Failed to get share ns type:%s path:%s", type, path); -+ return -1; -+ } -+ -+ ret = merge_share_namespace_helper(oci_spec, ns_path, type); -+ if (ret != 0) { -+ ERROR("Failed to merge share namespace namespace helper"); -+ } -+ -+ free(ns_path); -+ return ret; -+} -+ -+static int merge_share_network_namespace(oci_runtime_spec *oci_spec, const host_config *host_spec, -+ const container_config_v2_common_config_network_settings *network_settings, const char *type) -+{ -+ int ret = 0; -+ char *ns_path = NULL; -+ -+ if (host_spec->network_mode == NULL) { -+ return 0; -+ } -+ -+ ret = get_network_namespace_path(host_spec, network_settings, type, &ns_path); -+ if (ret != 0) { -+ ERROR("Failed to get network namespace path"); -+ return -1; -+ } -+ -+ ret = merge_share_namespace_helper(oci_spec, ns_path, type); -+ if (ret != 0) { -+ ERROR("Failed to merge share namespace namespace helper"); -+ } -+ -+ free(ns_path); -+ return ret; - } - --int merge_share_namespace(oci_runtime_spec *oci_spec, const host_config *host_spec) -+int merge_share_namespace(oci_runtime_spec *oci_spec, const host_config *host_spec, -+ const container_config_v2_common_config_network_settings *network_settings) - { - int ret = -1; - -@@ -1475,7 +1509,7 @@ int merge_share_namespace(oci_runtime_spec *oci_spec, const host_config *host_sp - } - - // network -- if (merge_share_single_namespace(oci_spec, host_spec->network_mode, TYPE_NAMESPACE_NETWORK) != 0) { -+ if (merge_share_network_namespace(oci_spec, host_spec, network_settings, TYPE_NAMESPACE_NETWORK) != 0) { - ret = -1; - goto out; - } -diff --git a/src/daemon/modules/spec/specs_namespace.c b/src/daemon/modules/spec/specs_namespace.c -index e291f092..eea0b3ff 100644 ---- a/src/daemon/modules/spec/specs_namespace.c -+++ b/src/daemon/modules/spec/specs_namespace.c -@@ -17,15 +17,16 @@ - #include - #include - #include --#include - #include - #include -+#include -+#include - --#include "isula_libutils/log.h" - #include "utils.h" - #include "namespace.h" - #include "container_api.h" - #include "err_msg.h" -+#include "network_namespace_api.h" - - static char *parse_share_namespace_with_prefix(const char *type, const char *path) - { -@@ -133,3 +134,84 @@ char *get_container_process_label(const char *cid) - out: - return result; - } -+ -+typedef int (*namespace_mode_check)(const host_config *host_spec, -+ const container_config_v2_common_config_network_settings *network_settings, -+ const char *type, char **dest_path); -+ -+struct get_netns_path_handler { -+ char *mode; -+ namespace_mode_check handle; -+}; -+ -+static int handle_get_path_from_none(const host_config *host_spec, -+ const container_config_v2_common_config_network_settings *network_settings, -+ const char *type, char **dest_path) -+{ -+ *dest_path = NULL; -+ return 0; -+} -+ -+static int handle_get_path_from_host(const host_config *host_spec, -+ const container_config_v2_common_config_network_settings *network_settings, -+ const char *type, char **dest_path) -+{ -+ *dest_path = namespace_get_host_namespace_path(host_spec->network_mode); -+ if (*dest_path == NULL) { -+ return -1; -+ } -+ return 0; -+} -+ -+static int handle_get_path_from_container(const host_config *host_spec, -+ const container_config_v2_common_config_network_settings *network_settings, const char *type, -+ char **dest_path) -+{ -+ *dest_path = parse_share_namespace_with_prefix(type, host_spec->network_mode); -+ if (*dest_path == NULL) { -+ return -1; -+ } -+ return 0; -+} -+ -+static int handle_get_path_from_file(const host_config *host_spec, -+ const container_config_v2_common_config_network_settings *network_settings, -+ const char *type, char **dest_path) -+{ -+ if (network_settings == NULL || network_settings->sandbox_key == NULL) { -+ ERROR("Invalid sandbox key for file mode network"); -+ return -1; -+ } -+ -+ *dest_path = util_strdup_s(network_settings->sandbox_key); -+ return 0; -+} -+ -+int get_network_namespace_path(const host_config *host_spec, -+ const container_config_v2_common_config_network_settings *network_settings, -+ const char *type, char **dest_path) -+{ -+ int index; -+ int ret = -1; -+ struct get_netns_path_handler handler_jump_table[] = { -+ { SHARE_NAMESPACE_NONE, handle_get_path_from_none }, -+ { SHARE_NAMESPACE_HOST, handle_get_path_from_host }, -+ { SHARE_NAMESPACE_PREFIX, handle_get_path_from_container }, -+ { SHARE_NAMESPACE_FILE, handle_get_path_from_file }, -+ }; -+ size_t jump_table_size = sizeof(handler_jump_table) / sizeof(handler_jump_table[0]); -+ const char *network_mode = host_spec->network_mode; -+ -+ if (network_mode == NULL || dest_path == NULL) { -+ return -1; -+ } -+ -+ for (index = 0; index < jump_table_size; ++index) { -+ if (strncmp(network_mode, handler_jump_table[index].mode, strlen(handler_jump_table[index].mode)) == 0) { -+ ret = handler_jump_table[index].handle(host_spec, network_settings, type, dest_path); -+ return ret; -+ } -+ } -+ -+ return ret; -+} -\ No newline at end of file -diff --git a/src/daemon/modules/spec/specs_namespace.h b/src/daemon/modules/spec/specs_namespace.h -index 526ad4e0..68e41399 100644 ---- a/src/daemon/modules/spec/specs_namespace.h -+++ b/src/daemon/modules/spec/specs_namespace.h -@@ -17,6 +17,8 @@ - - #include - #include -+#include -+#include - - #ifdef __cplusplus - extern "C" { -@@ -24,6 +26,9 @@ extern "C" { - - int get_share_namespace_path(const char *type, const char *src_path, char **dest_path); - char *get_container_process_label(const char *path); -+int get_network_namespace_path(const host_config *host_spec, -+ const container_config_v2_common_config_network_settings *network_settings, -+ const char *type, char **dest_path); - - #ifdef __cplusplus - } -diff --git a/src/utils/cutils/namespace.h b/src/utils/cutils/namespace.h -index cf768056..26a9bb19 100644 ---- a/src/utils/cutils/namespace.h -+++ b/src/utils/cutils/namespace.h -@@ -37,6 +37,8 @@ typedef enum { - #define SHARE_NAMESPACE_HOST "host" - #define SHARE_NAMESPACE_NONE "none" - #define SHARE_NAMESPACE_SHAREABLE "shareable" -+#define SHARE_NAMESPACE_BRIDGE "bridge" -+#define SHARE_NAMESPACE_FILE "file" - - #define SHARE_NAMESPACE_PID_HOST_PATH "/proc/1/ns/pid" - #define SHARE_NAMESPACE_NET_HOST_PATH "/proc/1/ns/net" -@@ -82,6 +84,22 @@ static inline bool namespace_is_container(const char *mode) - return false; - } - -+static inline bool namespace_is_bridge(const char *mode) -+{ -+ if (mode != NULL && strcmp(mode, SHARE_NAMESPACE_BRIDGE) == 0) { -+ return true; -+ } -+ return false; -+} -+ -+static inline bool namespace_is_file(const char *mode) -+{ -+ if (mode != NULL && strcmp(mode, SHARE_NAMESPACE_FILE) == 0) { -+ return true; -+ } -+ return false; -+} -+ - static inline bool namespace_is_shareable(const char *mode) - { - if (mode != NULL && strcmp(mode, SHARE_NAMESPACE_SHAREABLE) == 0) { -diff --git a/src/utils/cutils/utils_file.c b/src/utils/cutils/utils_file.c -index 302e4e32..f4fa4ece 100644 ---- a/src/utils/cutils/utils_file.c -+++ b/src/utils/cutils/utils_file.c -@@ -275,6 +275,29 @@ out: - return ret; - } - -+bool util_force_remove_file(const char *fname, int *saved_errno) -+{ -+ if (unlink(fname) == 0) { -+ return true; -+ } -+ -+ WARN("Failed to delete %s: %s", fname, strerror(errno)); -+ if (*saved_errno == 0) { -+ *saved_errno = errno; -+ } -+ -+ if (mark_file_mutable(fname) != 0) { -+ WARN("Failed to mark file mutable"); -+ } -+ -+ if (unlink(fname) != 0) { -+ ERROR("Failed to delete \"%s\": %s", fname, strerror(errno)); -+ return false; -+ } -+ -+ return true; -+} -+ - static int recursive_rmdir_next_depth(struct stat fstat, const char *fname, int recursive_depth, int *saved_errno, - int failure) - { -diff --git a/src/utils/cutils/utils_file.h b/src/utils/cutils/utils_file.h -index 125f43a3..a7fbbb6b 100644 ---- a/src/utils/cutils/utils_file.h -+++ b/src/utils/cutils/utils_file.h -@@ -36,6 +36,8 @@ bool util_file_exists(const char *f); - - int util_path_remove(const char *path); - -+bool util_force_remove_file(const char *fname, int *saved_errno); -+ - ssize_t util_write_nointr(int fd, const void *buf, size_t count); - - ssize_t util_write_nointr_in_total(int fd, const char *buf, size_t count); -diff --git a/src/utils/cutils/utils_network.c b/src/utils/cutils/utils_network.c -new file mode 100644 -index 00000000..a5d77c93 ---- /dev/null -+++ b/src/utils/cutils/utils_network.c -@@ -0,0 +1,138 @@ -+/****************************************************************************** -+ * Copyright (c) Huawei Technologies Co., Ltd. 2021. All rights reserved. -+ * iSulad licensed under the Mulan PSL v2. -+ * You can use this software according to the terms and conditions of the Mulan PSL v2. -+ * You may obtain a copy of Mulan PSL v2 at: -+ * http://license.coscl.org.cn/MulanPSL2 -+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR -+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR -+ * PURPOSE. -+ * See the Mulan PSL v2 for more details. -+ * Author: chengzeruizhi -+ * Create: 2021-11-17 -+ * Description: provide common network functions -+ ********************************************************************************/ -+ -+#define _GNU_SOURCE -+ -+#include "utils_network.h" -+ -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+ -+#include "utils_fs.h" -+#include "utils_file.h" -+#include "constants.h" -+ -+int util_create_netns_file(const char *netns_path) -+{ -+ int ret = 0; -+ int fd = -1; -+ char *netns_dir = NULL; -+ -+ if (util_file_exists(netns_path)) { -+ ERROR("Namespace file %s exists", netns_path); -+ return -1; -+ } -+ netns_dir = util_path_dir(netns_path); -+ if (netns_dir == NULL) { -+ ERROR("Failed to get path dir for %s", netns_path); -+ return -1; -+ } -+ if (!util_dir_exists(netns_dir) && util_mkdir_p(netns_dir, DEFAULT_HIGHEST_DIRECTORY_MODE) != 0) { -+ ERROR("Failed to create directory for %s", netns_path); -+ ret = -1; -+ goto out; -+ } -+ -+ fd = util_open(netns_path, O_RDWR | O_CREAT | O_TRUNC, DEFAULT_SECURE_FILE_MODE); -+ if (fd < 0) { -+ ERROR("Failed to create namespace file: %s", netns_path); -+ ret = -1; -+ goto out; -+ } -+ close(fd); -+ -+out: -+ free(netns_dir); -+ return ret; -+} -+ -+static void mount_netns(void *netns_path) -+{ -+ int failure = EXIT_FAILURE; -+ int success = EXIT_SUCCESS; -+ char fullpath[PATH_MAX] = { 0x00 }; -+ int ret = 0; -+ -+ if (unshare(CLONE_NEWNET) != 0) { -+ pthread_exit((void *)&failure); -+ } -+ -+ ret = snprintf(fullpath, sizeof(fullpath), "/proc/%d/task/%ld/ns/net", getpid(), (long int)syscall(__NR_gettid)); -+ if (ret < 0 || (size_t)ret >= sizeof(fullpath)) { -+ pthread_exit((void *)&failure); -+ } -+ -+ if (util_mount(fullpath, (char *)netns_path, "none", "bind") != 0) { -+ pthread_exit((void *)&failure); -+ } -+ pthread_exit((void *)&success); -+} -+ -+// this function mounts netns path to /proc/%d/task/%d/ns/net -+int util_mount_namespace(const char *netns_path) -+{ -+ pthread_t newns_thread = 0; -+ int ret = 0; -+ void *status = NULL; -+ -+ ret = pthread_create(&newns_thread, NULL, (void *)&mount_netns, (void *)netns_path); -+ if (ret != 0) { -+ ERROR("Failed to create thread"); -+ return -1; -+ } -+ -+ ret = pthread_join(newns_thread, &status); -+ if (ret != 0) { -+ ERROR("Failed to join thread"); -+ return -1; -+ } else { -+ if (*(int *)status != 0) { -+ ERROR("Failed to initialize network namespace"); -+ return -1; -+ } -+ } -+ return 0; -+} -+ -+int util_umount_namespace(const char *netns_path) -+{ -+ int i = 0; -+ if (netns_path == NULL) { -+ WARN("Invalid path to umount"); -+ } -+ -+ for (i = 0; i < 50; i++) { -+ if (umount2(netns_path, MNT_DETACH) < 0) { -+ switch (errno) { -+ case EBUSY: -+ usleep(50); -+ continue; -+ case EINVAL: -+ return 0; -+ default: -+ continue; -+ } -+ } -+ } -+ ERROR("Failed to umount target %s", netns_path); -+ return -1; -+} -diff --git a/src/utils/cutils/utils_network.h b/src/utils/cutils/utils_network.h -new file mode 100644 -index 00000000..6ec912d8 ---- /dev/null -+++ b/src/utils/cutils/utils_network.h -@@ -0,0 +1,33 @@ -+/****************************************************************************** -+ * Copyright (c) Huawei Technologies Co., Ltd. 2021. All rights reserved. -+ * iSulad licensed under the Mulan PSL v2. -+ * You can use this software according to the terms and conditions of the Mulan PSL v2. -+ * You may obtain a copy of Mulan PSL v2 at: -+ * http://license.coscl.org.cn/MulanPSL2 -+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR -+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR -+ * PURPOSE. -+ * See the Mulan PSL v2 for more details. -+ * Author: chengzeruizhi -+ * Create: 2021-11-17 -+ * Description: provide common network functions -+ ********************************************************************************/ -+ -+#ifndef UTILS_CUTILS_UTILS_NETWORK_H -+#define UTILS_CUTILS_UTILS_NETWORK_H -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+int util_create_netns_file(const char *netns_path); -+ -+int util_mount_namespace(const char *netns_path); -+ -+int util_umount_namespace(const char *netns_path); -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif // UTILS_CUTILS_UTILS_NETWORK_H -\ No newline at end of file --- -2.25.1 - diff --git a/0004-add-new-function-mock-for-ut.patch b/0004-add-new-function-mock-for-ut.patch deleted file mode 100644 index 4694946..0000000 --- a/0004-add-new-function-mock-for-ut.patch +++ /dev/null @@ -1,58 +0,0 @@ -From 1d89d1d6fce7a3f89ce2a984500dede6529c8f53 Mon Sep 17 00:00:00 2001 -From: haozi007 -Date: Fri, 26 Nov 2021 09:45:20 +0000 -Subject: [PATCH 04/14] add new function mock for ut - -Signed-off-by: haozi007 ---- - test/mocks/namespace_mock.cc | 10 ++++++++++ - test/mocks/namespace_mock.h | 1 + - test/specs/specs/specs_ut.cc | 1 + - 3 files changed, 12 insertions(+) - -diff --git a/test/mocks/namespace_mock.cc b/test/mocks/namespace_mock.cc -index 5c0cba6c..da24e406 100644 ---- a/test/mocks/namespace_mock.cc -+++ b/test/mocks/namespace_mock.cc -@@ -47,3 +47,13 @@ char *get_container_process_label(const char *path) - } - return nullptr; - } -+ -+int get_network_namespace_path(const host_config *host_spec, -+ const container_config_v2_common_config_network_settings *network_settings, -+ const char *type, char **dest_path) -+{ -+ if (g_namespace_mock != nullptr) { -+ return g_namespace_mock->GetNetworkNamespacePath(host_spec, network_settings, type, dest_path); -+ } -+ return 0; -+} -\ No newline at end of file -diff --git a/test/mocks/namespace_mock.h b/test/mocks/namespace_mock.h -index b835e028..80e75b0b 100644 ---- a/test/mocks/namespace_mock.h -+++ b/test/mocks/namespace_mock.h -@@ -26,6 +26,7 @@ public: - MOCK_METHOD1(ConnectedContainer, char *(const char *mode)); - MOCK_METHOD3(GetShareNamespacePath, int(const char *type, const char *src_path, char **dest_path)); - MOCK_METHOD1(GetContainerProcessLabel, char *(const char *path)); -+ MOCK_METHOD4(GetNetworkNamespacePath, int(const host_config *, const container_config_v2_common_config_network_settings *, const char *, char **)); - }; - - void MockNamespace_SetMock(MockNamespace *mock); -diff --git a/test/specs/specs/specs_ut.cc b/test/specs/specs/specs_ut.cc -index 2f2a2524..c4014e2e 100644 ---- a/test/specs/specs/specs_ut.cc -+++ b/test/specs/specs/specs_ut.cc -@@ -19,6 +19,7 @@ - #include "mock.h" - #include "isula_libutils/oci_runtime_spec.h" - #include "specs_api.h" -+#include "specs_namespace.h" - #include "isula_libutils/host_config.h" - #include "isula_libutils/container_config.h" - #include "oci_ut_common.h" --- -2.25.1 - diff --git a/0005-delete-isulad-h-flag.patch b/0005-delete-isulad-h-flag.patch deleted file mode 100644 index 92b6074..0000000 --- a/0005-delete-isulad-h-flag.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 07b81da5e3d357c34cf7f5379ba507a16617a5ed Mon Sep 17 00:00:00 2001 -From: gaohuatao -Date: Sat, 27 Nov 2021 11:14:40 +0800 -Subject: [PATCH 05/14] delete isulad h flag - -Signed-off-by: gaohuatao ---- - src/cmd/isulad/isulad_commands.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/cmd/isulad/isulad_commands.c b/src/cmd/isulad/isulad_commands.c -index d0ab029c..c2826c83 100644 ---- a/src/cmd/isulad/isulad_commands.c -+++ b/src/cmd/isulad/isulad_commands.c -@@ -213,8 +213,8 @@ int parse_args(struct service_arguments *args, int argc, const char **argv) - - if (args->argc > 0) { - printf("unresolved arguments: %s;\t" -- "run `%s --help` or `%s -h` for help.\n", -- args->argv[0], argv[0], argv[0]); -+ "run `%s --help` for help.\n", -+ args->argv[0], argv[0]); - return -1; - } - --- -2.25.1 - diff --git a/0006-Fix-memory-leak-in-ClearCniNetwork-when-calling-get_.patch b/0006-Fix-memory-leak-in-ClearCniNetwork-when-calling-get_.patch deleted file mode 100644 index 7016e28..0000000 --- a/0006-Fix-memory-leak-in-ClearCniNetwork-when-calling-get_.patch +++ /dev/null @@ -1,26 +0,0 @@ -From d3d44e344d2ea2213c7d595c957e8ebf0a661fd2 Mon Sep 17 00:00:00 2001 -From: chengzrz -Date: Sat, 27 Nov 2021 11:31:13 +0800 -Subject: [PATCH 06/14] Fix memory leak in ClearCniNetwork when calling - get_sandbox_key - -Signed-off-by: chengzrz ---- - src/daemon/entry/cri/cri_pod_sandbox_manager_service_impl.cc | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/daemon/entry/cri/cri_pod_sandbox_manager_service_impl.cc b/src/daemon/entry/cri/cri_pod_sandbox_manager_service_impl.cc -index eb1cd09f..0a577849 100644 ---- a/src/daemon/entry/cri/cri_pod_sandbox_manager_service_impl.cc -+++ b/src/daemon/entry/cri/cri_pod_sandbox_manager_service_impl.cc -@@ -748,6 +748,7 @@ auto PodSandboxManagerServiceImpl::ClearCniNetwork(const std::string &realSandbo - ERROR("Failed to umount directory %s:%s", netnsPath, strerror(errno)); - } - } -+ free(netnsPath); - } - free_container_inspect(inspect_data); - return 0; --- -2.25.1 - diff --git a/0007-fix-cri-libwebsockets-sync_close_sem-memory-leak.patch b/0007-fix-cri-libwebsockets-sync_close_sem-memory-leak.patch deleted file mode 100644 index 0ab4b26..0000000 --- a/0007-fix-cri-libwebsockets-sync_close_sem-memory-leak.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 23ab9ac224056a2efef00b20cfc973c8e98a1e1d Mon Sep 17 00:00:00 2001 -From: zhangxiaoyu -Date: Fri, 26 Nov 2021 09:51:52 +0800 -Subject: [PATCH 07/14] fix cri libwebsockets sync_close_sem memory leak - -Signed-off-by: zhangxiaoyu ---- - src/daemon/entry/cri/websocket/service/ws_server.cc | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/src/daemon/entry/cri/websocket/service/ws_server.cc b/src/daemon/entry/cri/websocket/service/ws_server.cc -index 509f821e..e4b3a1b4 100644 ---- a/src/daemon/entry/cri/websocket/service/ws_server.cc -+++ b/src/daemon/entry/cri/websocket/service/ws_server.cc -@@ -191,6 +191,8 @@ void WebsocketServer::CloseWsSession(int socketID) - } - (void)sem_wait(session->sync_close_sem); - (void)sem_destroy(session->sync_close_sem); -+ delete session->sync_close_sem; -+ session->sync_close_sem = nullptr; - close(session->pipes.at(0)); - delete session->session_mutex; - session->session_mutex = nullptr; --- -2.25.1 - diff --git a/0008-fix-cpu-variant-get-error.patch b/0008-fix-cpu-variant-get-error.patch deleted file mode 100644 index 317094c..0000000 --- a/0008-fix-cpu-variant-get-error.patch +++ /dev/null @@ -1,96 +0,0 @@ -From 198daf0e54215f76ddb62caa8bea41ff6625db40 Mon Sep 17 00:00:00 2001 -From: WangFengTu -Date: Sat, 27 Nov 2021 14:15:34 +0800 -Subject: [PATCH 08/14] fix cpu variant get error - -Signed-off-by: WangFengTu ---- - src/utils/cutils/utils.c | 14 +++++--------- - src/utils/cutils/utils_file.c | 6 +++++- - src/utils/cutils/utils_file.h | 5 +++++ - 3 files changed, 15 insertions(+), 10 deletions(-) - -diff --git a/src/utils/cutils/utils.c b/src/utils/cutils/utils.c -index a3e192fe..511cde96 100644 ---- a/src/utils/cutils/utils.c -+++ b/src/utils/cutils/utils.c -@@ -1299,12 +1299,11 @@ restart: - static char *get_cpu_variant() - { - char *variant = NULL; -- char *cpuinfo = NULL; -+ char cpuinfo[1024] = { 0 }; - char *start_pos = NULL; - char *end_pos = NULL; - -- cpuinfo = util_read_text_file("/proc/cpuinfo"); -- if (cpuinfo == NULL) { -+ if (util_file2str("/proc/cpuinfo", cpuinfo, sizeof(cpuinfo)) < 0) { - ERROR("read /proc/cpuinfo failed"); - return NULL; - } -@@ -1312,7 +1311,7 @@ static char *get_cpu_variant() - start_pos = strstr(cpuinfo, "CPU architecture"); - if (start_pos == NULL) { - ERROR("can not found the key \"CPU architecture\" when try to get cpu variant"); -- goto out; -+ return NULL; - } - end_pos = strchr(start_pos, '\n'); - if (end_pos != NULL) { -@@ -1321,17 +1320,14 @@ static char *get_cpu_variant() - start_pos = strchr(start_pos, ':'); - if (start_pos == NULL) { - ERROR("can not found delimiter \":\" when try to get cpu variant"); -- goto out; -+ return NULL; - } -+ start_pos += 1; // skip char ":" - util_trim_newline(start_pos); - start_pos = util_trim_space(start_pos); - - variant = util_strings_to_lower(start_pos); - --out: -- free(cpuinfo); -- cpuinfo = NULL; -- - return variant; - } - -diff --git a/src/utils/cutils/utils_file.c b/src/utils/cutils/utils_file.c -index f4fa4ece..00825bea 100644 ---- a/src/utils/cutils/utils_file.c -+++ b/src/utils/cutils/utils_file.c -@@ -815,7 +815,11 @@ char *util_add_path(const char *path, const char *name) - return new_path; - } - --/* note: This function can only read small text file. */ -+/* notes: -+ * 1. Do not use this function to read proc file because proc file in armv8 does not -+ * support fseek and the result of this function is nill string which is unexpected. -+ * 2. This function can only read small text file. -+ */ - char *util_read_text_file(const char *path) - { - char *buf = NULL; -diff --git a/src/utils/cutils/utils_file.h b/src/utils/cutils/utils_file.h -index a7fbbb6b..1465ca7e 100644 ---- a/src/utils/cutils/utils_file.h -+++ b/src/utils/cutils/utils_file.h -@@ -68,6 +68,11 @@ char *util_path_dir(const char *path); - - char *util_add_path(const char *path, const char *name); - -+/* notes: -+ * 1. Do not use this function to read proc file because proc file in armv8 does not -+ * support fseek and the result of this function is nill string which is unexpected. -+ * 2. This function can only read small text file. -+ */ - char *util_read_text_file(const char *path); - - int64_t util_file_size(const char *filename); --- -2.25.1 - diff --git a/0009-fix-unit-test-error-of-registry-in-armv8.patch b/0009-fix-unit-test-error-of-registry-in-armv8.patch deleted file mode 100644 index 5cdbadc..0000000 --- a/0009-fix-unit-test-error-of-registry-in-armv8.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 688254c48fd4a672081d11e1f50ff70e807402f3 Mon Sep 17 00:00:00 2001 -From: WangFengTu -Date: Mon, 29 Nov 2021 11:41:44 +0800 -Subject: [PATCH 09/14] fix unit test error of registry in armv8 - -use the data same as x86 to do unit test in armv8 - -Signed-off-by: WangFengTu ---- - test/image/oci/registry/data/oci/index | 2 +- - test/image/oci/registry/data/v2/manifest_list | 2 +- - 2 files changed, 2 insertions(+), 2 deletions(-) - -diff --git a/test/image/oci/registry/data/oci/index b/test/image/oci/registry/data/oci/index -index d713bde3..c3f09482 100644 ---- a/test/image/oci/registry/data/oci/index -+++ b/test/image/oci/registry/data/oci/index -@@ -20,7 +20,7 @@ Etag: "sha256:bd28e852703450d93220e6733a9f0901b92cd558911528b03fdba56156ae0a02" - "size": 527 - }, - { -- "digest": "sha256:134252904112f8563a17a360957d9ad192e5c1e77463e04be74e71cffd4b41ba", -+ "digest": "sha256:106429d73f57137cc587d2d4f1ad7ffb8c4cedcb564d3fb44a8769e602a4a4ec", - "mediaType": "application/vnd.oci.image.manifest.v1+json", - "platform": { - "architecture": "arm64", -diff --git a/test/image/oci/registry/data/v2/manifest_list b/test/image/oci/registry/data/v2/manifest_list -index b4cf93c5..c1962e3e 100644 ---- a/test/image/oci/registry/data/v2/manifest_list -+++ b/test/image/oci/registry/data/v2/manifest_list -@@ -8,4 +8,4 @@ Docker-Content-Digest: sha256:9ddee63a712cea977267342e8750ecbc60d3aab25f04ceacfa - Docker-Distribution-Api-Version: registry/2.0 - Etag: "sha256:9ddee63a712cea977267342e8750ecbc60d3aab25f04ceacfa795e6fce341793" - --{"manifests":[{"digest":"sha256:2131f09e4044327fd101ca1fd4043e6f3ad921ae7ee901e9142e6e36b354a907","mediaType":"application\/vnd.docker.distribution.manifest.v2+json","platform":{"architecture":"amd64","os":"linux"},"size":527},{"digest":"sha256:ea84577ce8331aaceefd586104ba283201b89b5a614b10ec44b9884722db49d8","mediaType":"application\/vnd.docker.distribution.manifest.v2+json","platform":{"architecture":"arm","os":"linux","variant":"v5"},"size":527},{"digest":"sha256:296361e74fe78e932cdd807743b5e37469518194f95c042135a6c3320ca52ef1","mediaType":"application\/vnd.docker.distribution.manifest.v2+json","platform":{"architecture":"arm","os":"linux","variant":"v6"},"size":527},{"digest":"sha256:5cbe4404234f93a5401b58e0c50408d5c9caace822b70867e4f3e787be83eee9","mediaType":"application\/vnd.docker.distribution.manifest.v2+json","platform":{"architecture":"arm","os":"linux","variant":"v7"},"size":527},{"digest":"sha256:134252904112f8563a17a360957d9ad192e5c1e77463e04be74e71cffd4b41ba","mediaType":"application\/vnd.docker.distribution.manifest.v2+json","platform":{"architecture":"arm64","os":"linux","variant":"v8"},"size":527},{"digest":"sha256:414aeb860595d7078cbe87abaeed05157d6b44907fbd7db30e1cfba9b6902448","mediaType":"application\/vnd.docker.distribution.manifest.v2+json","platform":{"architecture":"386","os":"linux"},"size":527},{"digest":"sha256:116dccaef9ca8b121565a39bd568ede437f084c94bb0642d2aba6b441e38d2f8","mediaType":"application\/vnd.docker.distribution.manifest.v2+json","platform":{"architecture":"mips64le","os":"linux"},"size":527},{"digest":"sha256:5477c332ec926f8221e82a6c9e37dd9d84a401e3b5f71ba7d498956552c880ac","mediaType":"application\/vnd.docker.distribution.manifest.v2+json","platform":{"architecture":"ppc64le","os":"linux"},"size":528},{"digest":"sha256:c304d497f3e0f87f8457401787df738f6f6e62b367bfd7c5f73f5b880b30ab4f","mediaType":"application\/vnd.docker.distribution.manifest.v2+json","platform":{"architecture":"s390x","os":"linux"},"size":528}],"mediaType":"application\/vnd.docker.distribution.manifest.list.v2+json","schemaVersion":2} -\ No newline at end of file -+{"manifests":[{"digest":"sha256:2131f09e4044327fd101ca1fd4043e6f3ad921ae7ee901e9142e6e36b354a907","mediaType":"application\/vnd.docker.distribution.manifest.v2+json","platform":{"architecture":"amd64","os":"linux"},"size":527},{"digest":"sha256:ea84577ce8331aaceefd586104ba283201b89b5a614b10ec44b9884722db49d8","mediaType":"application\/vnd.docker.distribution.manifest.v2+json","platform":{"architecture":"arm","os":"linux","variant":"v5"},"size":527},{"digest":"sha256:296361e74fe78e932cdd807743b5e37469518194f95c042135a6c3320ca52ef1","mediaType":"application\/vnd.docker.distribution.manifest.v2+json","platform":{"architecture":"arm","os":"linux","variant":"v6"},"size":527},{"digest":"sha256:5cbe4404234f93a5401b58e0c50408d5c9caace822b70867e4f3e787be83eee9","mediaType":"application\/vnd.docker.distribution.manifest.v2+json","platform":{"architecture":"arm","os":"linux","variant":"v7"},"size":527},{"digest":"sha256:2131f09e4044327fd101ca1fd4043e6f3ad921ae7ee901e9142e6e36b354a907","mediaType":"application\/vnd.docker.distribution.manifest.v2+json","platform":{"architecture":"arm64","os":"linux","variant":"v8"},"size":527},{"digest":"sha256:414aeb860595d7078cbe87abaeed05157d6b44907fbd7db30e1cfba9b6902448","mediaType":"application\/vnd.docker.distribution.manifest.v2+json","platform":{"architecture":"386","os":"linux"},"size":527},{"digest":"sha256:116dccaef9ca8b121565a39bd568ede437f084c94bb0642d2aba6b441e38d2f8","mediaType":"application\/vnd.docker.distribution.manifest.v2+json","platform":{"architecture":"mips64le","os":"linux"},"size":527},{"digest":"sha256:5477c332ec926f8221e82a6c9e37dd9d84a401e3b5f71ba7d498956552c880ac","mediaType":"application\/vnd.docker.distribution.manifest.v2+json","platform":{"architecture":"ppc64le","os":"linux"},"size":528},{"digest":"sha256:c304d497f3e0f87f8457401787df738f6f6e62b367bfd7c5f73f5b880b30ab4f","mediaType":"application\/vnd.docker.distribution.manifest.v2+json","platform":{"architecture":"s390x","os":"linux"},"size":528}],"mediaType":"application\/vnd.docker.distribution.manifest.list.v2+json","schemaVersion":2} --- -2.25.1 - diff --git a/0010-Modified-cmakelist-of-storage_layer-and-added-a-new-.patch b/0010-Modified-cmakelist-of-storage_layer-and-added-a-new-.patch deleted file mode 100644 index 1e281c9..0000000 --- a/0010-Modified-cmakelist-of-storage_layer-and-added-a-new-.patch +++ /dev/null @@ -1,68 +0,0 @@ -From 7e4b7304134eb0f85b83b02aeeee3c10b2303446 Mon Sep 17 00:00:00 2001 -From: chengzrz -Date: Mon, 29 Nov 2021 14:41:47 +0800 -Subject: [PATCH 10/14] Modified cmakelist of storage_layer and added a new - mock function in isulad_config_mock to fix errors that happen when compiling - with UT option turned on - -Signed-off-by: chengzrz ---- - test/image/oci/storage/layers/CMakeLists.txt | 4 ++++ - test/mocks/isulad_config_mock.cc | 8 ++++++++ - test/mocks/isulad_config_mock.h | 1 + - 3 files changed, 13 insertions(+) - -diff --git a/test/image/oci/storage/layers/CMakeLists.txt b/test/image/oci/storage/layers/CMakeLists.txt -index 4cae382c..3fe8ab7c 100644 ---- a/test/image/oci/storage/layers/CMakeLists.txt -+++ b/test/image/oci/storage/layers/CMakeLists.txt -@@ -22,6 +22,8 @@ add_executable(${DRIVER_EXE} - ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../src/utils/sha256/sha256.c - ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../src/daemon/common/err_msg.c - ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../src/daemon/common/selinux_label.c -+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../src/daemon/config/daemon_arguments.c -+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../src/daemon/config/isulad_config.c - ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../src/daemon/modules/image/oci/storage/layer_store/graphdriver/driver.c - ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c - ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/driver_devmapper.c -@@ -89,6 +91,8 @@ add_executable(${LAYER_EXE} - ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../src/utils/tar/util_archive.c - ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../src/utils/tar/util_gzip.c - ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../src/utils/sha256/sha256.c -+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../src/daemon/config/daemon_arguments.c -+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../src/daemon/config/isulad_config.c - ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../src/daemon/common/err_msg.c - ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../src/daemon/common/selinux_label.c - ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../src/daemon/modules/image/oci/storage/layer_store/layer.c -diff --git a/test/mocks/isulad_config_mock.cc b/test/mocks/isulad_config_mock.cc -index a333c176..eb6970d7 100644 ---- a/test/mocks/isulad_config_mock.cc -+++ b/test/mocks/isulad_config_mock.cc -@@ -170,3 +170,11 @@ isulad_daemon_constants *get_isulad_daemon_constants() - } - return &g_isulad_daemon_constants; - } -+ -+char *conf_get_isulad_userns_remap() -+{ -+ if (g_isulad_conf_mock != nullptr) { -+ return g_isulad_conf_mock->ConfGetIsuladUsernsRemap(); -+ } -+ return nullptr; -+} -\ No newline at end of file -diff --git a/test/mocks/isulad_config_mock.h b/test/mocks/isulad_config_mock.h -index b91b5465..7af20ca5 100644 ---- a/test/mocks/isulad_config_mock.h -+++ b/test/mocks/isulad_config_mock.h -@@ -39,6 +39,7 @@ public: - MOCK_METHOD0(ConfGetUseDecryptedKeyFlag, bool (void)); - MOCK_METHOD0(InitIsuladDaemonConstants, int (void)); - MOCK_METHOD0(GetIsuladDaemonConstants, isulad_daemon_constants * (void)); -+ MOCK_METHOD0(ConfGetIsuladUsernsRemap, char *(void)); - }; - - void MockIsuladConf_SetMock(MockIsuladConf *mock); --- -2.25.1 - diff --git a/0011-add-fuzz-build-in-CI.patch b/0011-add-fuzz-build-in-CI.patch deleted file mode 100644 index 465a399..0000000 --- a/0011-add-fuzz-build-in-CI.patch +++ /dev/null @@ -1,120 +0,0 @@ -From db952e8122e584dbb24d28d36abc2ac1b8ad0c77 Mon Sep 17 00:00:00 2001 -From: zhangxiaoyu -Date: Mon, 29 Nov 2021 16:07:39 +0800 -Subject: [PATCH 11/14] add fuzz build in CI - -Signed-off-by: zhangxiaoyu ---- - CI/make-and-install.sh | 9 +++++++++ - CMakeLists.txt | 4 ++-- - test/fuzz/CMakeLists.txt | 25 +++++++++++++++++++------ - 3 files changed, 30 insertions(+), 8 deletions(-) - -diff --git a/CI/make-and-install.sh b/CI/make-and-install.sh -index 602878bf..3fd88b84 100755 ---- a/CI/make-and-install.sh -+++ b/CI/make-and-install.sh -@@ -74,12 +74,21 @@ rm -rf build - mkdir build && cd build - cmake -DCMAKE_BUILD_TYPE=Debug -DENABLE_UT=ON -DENABLE_SHIM_V2=ON .. - make -j $(nproc) -+make install - ctest -T memcheck --output-on-failure - if [[ $? -ne 0 ]]; then - exit 1 - fi - echo_success "===================RUN DT-LLT TESTCASES END=========================" - -+# build fuzz -+cd $ISULAD_COPY_PATH -+rm -rf build -+mkdir build -+cd build -+cmake -DCMAKE_BUILD_TYPE=Debug -DENABLE_FUZZ=ON .. -+make -j $(nproc) -+ - # build rest version - cd $ISULAD_COPY_PATH - rm -rf build -diff --git a/CMakeLists.txt b/CMakeLists.txt -index 0f7d6b9c..8fc03f2d 100644 ---- a/CMakeLists.txt -+++ b/CMakeLists.txt -@@ -86,9 +86,9 @@ IF(ENABLE_UT) - add_subdirectory(${CMAKE_CURRENT_SOURCE_DIR}/test) - ENDIF(ENABLE_UT) - --IF(ENABLE_FUZZ) -+IF(ENABLE_FUZZ AND (NOT ENABLE_UT)) - add_subdirectory(${CMAKE_CURRENT_SOURCE_DIR}/test) --ENDIF(ENABLE_FUZZ) -+ENDIF(ENABLE_FUZZ AND (NOT ENABLE_UT)) - - # install all files - install(FILES ${CMAKE_BINARY_DIR}/conf/isulad.pc -diff --git a/test/fuzz/CMakeLists.txt b/test/fuzz/CMakeLists.txt -index 816dd3cf..61ab47d7 100644 ---- a/test/fuzz/CMakeLists.txt -+++ b/test/fuzz/CMakeLists.txt -@@ -20,9 +20,18 @@ SET(EXE1 im_config_image_exist_fuzz) - SET(EXE2 im_get_image_count_fuzz) - SET(EXE3 test_volume_mount_spec_fuzz) - SET(EXE4 test_volume_parse_volume_fuzz) --add_executable(${EXE0} im_oci_image_exist_fuzz.cc) --add_executable(${EXE1} im_config_image_exist_fuzz.cc) --add_executable(${EXE2} im_get_image_count_fuzz.cc) -+add_executable(${EXE0} -+ ${CMAKE_CURRENT_SOURCE_DIR}/../../src/daemon/config/isulad_config.c -+ ${CMAKE_CURRENT_SOURCE_DIR}/../../src/daemon/config/daemon_arguments.c -+ im_oci_image_exist_fuzz.cc) -+add_executable(${EXE1} -+ ${CMAKE_CURRENT_SOURCE_DIR}/../../src/daemon/config/isulad_config.c -+ ${CMAKE_CURRENT_SOURCE_DIR}/../../src/daemon/config/daemon_arguments.c -+ im_config_image_exist_fuzz.cc) -+add_executable(${EXE2} -+ ${CMAKE_CURRENT_SOURCE_DIR}/../../src/daemon/config/isulad_config.c -+ ${CMAKE_CURRENT_SOURCE_DIR}/../../src/daemon/config/daemon_arguments.c -+ im_get_image_count_fuzz.cc) - add_executable(${EXE3} - ${CMAKE_CURRENT_SOURCE_DIR}/../../src/utils/cutils/utils.c - ${CMAKE_CURRENT_SOURCE_DIR}/../../src/utils/cutils/path.c -@@ -36,6 +45,8 @@ add_executable(${EXE3} - ${CMAKE_CURRENT_SOURCE_DIR}/../../src/utils/cutils/utils_verify.c - ${CMAKE_CURRENT_SOURCE_DIR}/../../src/utils/sha256/sha256.c - ${CMAKE_CURRENT_SOURCE_DIR}/../../src/utils/cutils/utils_mount_spec.c -+ ${CMAKE_CURRENT_SOURCE_DIR}/../../src/daemon/config/isulad_config.c -+ ${CMAKE_CURRENT_SOURCE_DIR}/../../src/daemon/config/daemon_arguments.c - test_volume_mount_spec_fuzz.cc - ) - add_executable(${EXE4} -@@ -51,6 +62,8 @@ add_executable(${EXE4} - ${CMAKE_CURRENT_SOURCE_DIR}/../../src/utils/cutils/utils_verify.c - ${CMAKE_CURRENT_SOURCE_DIR}/../../src/utils/sha256/sha256.c - ${CMAKE_CURRENT_SOURCE_DIR}/../../src/daemon/modules/spec/parse_volume.c -+ ${CMAKE_CURRENT_SOURCE_DIR}/../../src/daemon/config/isulad_config.c -+ ${CMAKE_CURRENT_SOURCE_DIR}/../../src/daemon/config/daemon_arguments.c - test_volume_parse_volume_fuzz.cc - ) - -@@ -96,15 +109,15 @@ target_include_directories(${EXE4} PUBLIC - - set_target_properties(${EXE0} PROPERTIES LINKER_LANGUAGE CXX) - set_target_properties(${EXE0} PROPERTIES LINK_FLAGS "-fsanitize=address -fsanitize-coverage=trace-pc") --target_link_libraries(${EXE0} ${CMAKE_THREAD_LIBS_INIT} ${ISULA_LIBUTILS_LIBRARY} ${LIB_FUZZING_ENGINE} pthread rt -lisulad_img) -+target_link_libraries(${EXE0} ${CMAKE_THREAD_LIBS_INIT} ${ISULA_LIBUTILS_LIBRARY} ${LIB_FUZZING_ENGINE} pthread rt -lisulad_img -lgcov) - - set_target_properties(${EXE1} PROPERTIES LINKER_LANGUAGE CXX) - set_target_properties(${EXE1} PROPERTIES LINK_FLAGS "-fsanitize=address -fsanitize-coverage=trace-pc") --target_link_libraries(${EXE1} ${CMAKE_THREAD_LIBS_INIT} ${ISULA_LIBUTILS_LIBRARY} ${LIB_FUZZING_ENGINE} pthread rt -lisulad_img) -+target_link_libraries(${EXE1} ${CMAKE_THREAD_LIBS_INIT} ${ISULA_LIBUTILS_LIBRARY} ${LIB_FUZZING_ENGINE} pthread rt -lisulad_img -lgcov) - - set_target_properties(${EXE2} PROPERTIES LINKER_LANGUAGE CXX) - set_target_properties(${EXE2} PROPERTIES LINK_FLAGS "-fsanitize=address -fsanitize-coverage=trace-pc") --target_link_libraries(${EXE2} ${CMAKE_THREAD_LIBS_INIT} ${ISULA_LIBUTILS_LIBRARY} ${LIB_FUZZING_ENGINE} pthread rt -lisulad_img) -+target_link_libraries(${EXE2} ${CMAKE_THREAD_LIBS_INIT} ${ISULA_LIBUTILS_LIBRARY} ${LIB_FUZZING_ENGINE} pthread rt -lisulad_img -lgcov) - - set_target_properties(${EXE3} PROPERTIES LINKER_LANGUAGE CXX) - set_target_properties(${EXE3} PROPERTIES LINK_FLAGS "-fsanitize=address -fsanitize-coverage=trace-pc") --- -2.25.1 - diff --git a/0012-print-valgrind-log.patch b/0012-print-valgrind-log.patch deleted file mode 100644 index 54d2074..0000000 --- a/0012-print-valgrind-log.patch +++ /dev/null @@ -1,26 +0,0 @@ -From cd3cda2bf3880d1e805406cba6e5c6510ef8832b Mon Sep 17 00:00:00 2001 -From: zhangxiaoyu -Date: Wed, 1 Dec 2021 10:14:33 +0800 -Subject: [PATCH 12/14] print valgrind log - -Signed-off-by: zhangxiaoyu ---- - CI/test_cases/helpers.sh | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/CI/test_cases/helpers.sh b/CI/test_cases/helpers.sh -index 27f04749..dd1bf943 100755 ---- a/CI/test_cases/helpers.sh -+++ b/CI/test_cases/helpers.sh -@@ -146,7 +146,7 @@ function check_valgrind_log() { - cat $valgrind_log | grep "are definitely lost" | grep "==$pid==" - if [ $? -eq 0 ];then - echo "Memory leak may checked by valgrind, see valgrind log file: $valgrind_log" -- sed -n '/definitely lost/,// p' $valgrind_log -+ cat $valgrind_log - exit 1 - fi - return 0 --- -2.25.1 - diff --git a/0013-fix-cri-version-memory-leak.patch b/0013-fix-cri-version-memory-leak.patch deleted file mode 100644 index b1e2f35..0000000 --- a/0013-fix-cri-version-memory-leak.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 3750c2f7d6c13289bbfbb278e0e09667468286d0 Mon Sep 17 00:00:00 2001 -From: zhangxiaoyu -Date: Thu, 2 Dec 2021 15:24:11 +0800 -Subject: [PATCH 13/14] fix cri version memory leak - -Signed-off-by: zhangxiaoyu ---- - src/daemon/entry/cri/cri_runtime_versioner_service_impl.cc | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/src/daemon/entry/cri/cri_runtime_versioner_service_impl.cc b/src/daemon/entry/cri/cri_runtime_versioner_service_impl.cc -index 4316b190..6c4ba515 100644 ---- a/src/daemon/entry/cri/cri_runtime_versioner_service_impl.cc -+++ b/src/daemon/entry/cri/cri_runtime_versioner_service_impl.cc -@@ -44,10 +44,10 @@ void RuntimeVersionerServiceImpl::Version(const std::string &apiVersion, - } else { - error.SetError("Failed to call version callback"); - } -- free_container_version_response(response); -- return; -+ } else { -+ VersionResponseToGRPC(response, versionResponse); - } - -- VersionResponseToGRPC(response, versionResponse); -+ free_container_version_response(response); - } - } // namespace CRI -\ No newline at end of file --- -2.25.1 - diff --git a/0014-fix-undefined-reference-in-libisulad_img.so.patch b/0014-fix-undefined-reference-in-libisulad_img.so.patch deleted file mode 100644 index 80710ac..0000000 --- a/0014-fix-undefined-reference-in-libisulad_img.so.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 861a635c95254c7429bc8c23552f529c5a083762 Mon Sep 17 00:00:00 2001 -From: WangFengTu -Date: Thu, 2 Dec 2021 15:24:31 +0800 -Subject: [PATCH 14/14] fix undefined reference in libisulad_img.so - -Signed-off-by: WangFengTu ---- - src/daemon/modules/image/CMakeLists.txt | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/daemon/modules/image/CMakeLists.txt b/src/daemon/modules/image/CMakeLists.txt -index 86b7d8a6..0a004835 100644 ---- a/src/daemon/modules/image/CMakeLists.txt -+++ b/src/daemon/modules/image/CMakeLists.txt -@@ -71,6 +71,7 @@ add_library(${LIB_ISULAD_IMG} ${LIBTYPE} - ${CMAKE_SOURCE_DIR}/src/utils/tar/isulad_tar.c - ${CMAKE_SOURCE_DIR}/src/utils/tar/util_archive.c - ${CMAKE_SOURCE_DIR}/src/utils/tar/util_gzip.c -+ ${CMAKE_SOURCE_DIR}/src/daemon/config/isulad_config.c - ) - - target_include_directories(${LIB_ISULAD_IMG} PUBLIC --- -2.25.1 - diff --git a/0015-fix-undefined-reference-to-service_arguments_free-in.patch b/0015-fix-undefined-reference-to-service_arguments_free-in.patch deleted file mode 100644 index 681db0a..0000000 --- a/0015-fix-undefined-reference-to-service_arguments_free-in.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 08a39a58fe36af1705df60373789d23d258d8327 Mon Sep 17 00:00:00 2001 -From: WangFengTu -Date: Fri, 3 Dec 2021 09:32:39 +0800 -Subject: [PATCH] fix undefined reference to `service_arguments_free' in - libisulad_img.so - -Signed-off-by: WangFengTu ---- - src/daemon/modules/image/CMakeLists.txt | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/daemon/modules/image/CMakeLists.txt b/src/daemon/modules/image/CMakeLists.txt -index 0a004835..14ce571d 100644 ---- a/src/daemon/modules/image/CMakeLists.txt -+++ b/src/daemon/modules/image/CMakeLists.txt -@@ -72,6 +72,7 @@ add_library(${LIB_ISULAD_IMG} ${LIBTYPE} - ${CMAKE_SOURCE_DIR}/src/utils/tar/util_archive.c - ${CMAKE_SOURCE_DIR}/src/utils/tar/util_gzip.c - ${CMAKE_SOURCE_DIR}/src/daemon/config/isulad_config.c -+ ${CMAKE_SOURCE_DIR}/src/daemon/config/daemon_arguments.c - ) - - target_include_directories(${LIB_ISULAD_IMG} PUBLIC --- -2.25.1 - diff --git a/0016-fix-mem-leak.patch b/0016-fix-mem-leak.patch deleted file mode 100644 index 4394b83..0000000 --- a/0016-fix-mem-leak.patch +++ /dev/null @@ -1,42 +0,0 @@ -From b97bdc9e63872bef2164a3b97ab837ac607ccf16 Mon Sep 17 00:00:00 2001 -From: gaohuatao -Date: Fri, 3 Dec 2021 16:36:18 +0800 -Subject: [PATCH] fix mem leak - -Signed-off-by: gaohuatao ---- - src/daemon/modules/image/oci/storage/image_store/image_store.c | 3 ++- - .../modules/image/oci/storage/rootfs_store/rootfs_store.c | 3 ++- - 2 files changed, 4 insertions(+), 2 deletions(-) - -diff --git a/src/daemon/modules/image/oci/storage/image_store/image_store.c b/src/daemon/modules/image/oci/storage/image_store/image_store.c -index d2956114..288d7bd7 100644 ---- a/src/daemon/modules/image/oci/storage/image_store/image_store.c -+++ b/src/daemon/modules/image/oci/storage/image_store/image_store.c -@@ -2980,7 +2980,8 @@ static int append_image_by_directory(const char *image_dir) - im = storage_image_parse_file(image_path, NULL, &err); - if (im == NULL) { - ERROR("Failed to parse images path: %s", err); -- return -1; -+ ret = -1; -+ goto out; - } - - ret = strip_default_hostname(im); -diff --git a/src/daemon/modules/image/oci/storage/rootfs_store/rootfs_store.c b/src/daemon/modules/image/oci/storage/rootfs_store/rootfs_store.c -index 8e1d5a11..378d1a96 100644 ---- a/src/daemon/modules/image/oci/storage/rootfs_store/rootfs_store.c -+++ b/src/daemon/modules/image/oci/storage/rootfs_store/rootfs_store.c -@@ -177,7 +177,8 @@ static int append_container_by_directory(const char *container_dir) - c = storage_rootfs_parse_file(container_path, NULL, &err); - if (c == NULL) { - ERROR("Failed to parse container path: %s", err); -- return -1; -+ ret = -1; -+ goto out; - } - - if (do_append_container(c) != 0) { --- -2.25.1 - diff --git a/0017-isula-pull-does-not-support-format-name-digest.patch b/0017-isula-pull-does-not-support-format-name-digest.patch deleted file mode 100644 index 92fdfb1..0000000 --- a/0017-isula-pull-does-not-support-format-name-digest.patch +++ /dev/null @@ -1,26 +0,0 @@ -From de8ef6a226fdbee53975d6d746a065a24a98ea05 Mon Sep 17 00:00:00 2001 -From: WangFengTu -Date: Mon, 6 Dec 2021 11:07:36 +0800 -Subject: [PATCH] isula pull does not support format name@digest - -Signed-off-by: WangFengTu ---- - src/cmd/isula/images/pull.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/cmd/isula/images/pull.c b/src/cmd/isula/images/pull.c -index 3ba7a715..da9cae52 100644 ---- a/src/cmd/isula/images/pull.c -+++ b/src/cmd/isula/images/pull.c -@@ -25,7 +25,7 @@ - #include "connect.h" - - const char g_cmd_pull_desc[] = "Pull an image or a repository from a registry"; --const char g_cmd_pull_usage[] = "pull [OPTIONS] NAME[:TAG|@DIGEST]"; -+const char g_cmd_pull_usage[] = "pull [OPTIONS] NAME[:TAG]"; - - struct client_arguments g_cmd_pull_args = {}; - --- -2.25.1 - diff --git a/0018-Fixed-dangerous-memory-operations.patch b/0018-Fixed-dangerous-memory-operations.patch deleted file mode 100644 index e89d58b..0000000 --- a/0018-Fixed-dangerous-memory-operations.patch +++ /dev/null @@ -1,144 +0,0 @@ -From 6f337131977c21966cf7a6898cfc81414c07cf05 Mon Sep 17 00:00:00 2001 -From: chengzrz -Date: Mon, 6 Dec 2021 15:34:31 +0800 -Subject: [PATCH] Fixed dangerous memory operations - -Signed-off-by: chengzrz ---- - .../cri_pod_sandbox_manager_service_impl.cc | 3 +- - .../executor/container_cb/execution_create.c | 5 +++ - src/utils/cutils/utils_network.c | 43 +++++++++++++------ - test/mocks/namespace_mock.h | 3 +- - 4 files changed, 40 insertions(+), 14 deletions(-) - -diff --git a/src/daemon/entry/cri/cri_pod_sandbox_manager_service_impl.cc b/src/daemon/entry/cri/cri_pod_sandbox_manager_service_impl.cc -index 0a577849..57297287 100644 ---- a/src/daemon/entry/cri/cri_pod_sandbox_manager_service_impl.cc -+++ b/src/daemon/entry/cri/cri_pod_sandbox_manager_service_impl.cc -@@ -477,7 +477,7 @@ void PodSandboxManagerServiceImpl::SetupSandboxNetwork(const runtime::v1alpha2:: - { - std::map stdAnnos; - std::map networkOptions; -- const char* sandbox_key = get_sandbox_key(inspect_data); -+ char* sandbox_key = get_sandbox_key(inspect_data); - - // Setup sandbox files - if (config.has_dns_config() && inspect_data->resolv_conf_path != nullptr) { -@@ -510,6 +510,7 @@ void PodSandboxManagerServiceImpl::SetupSandboxNetwork(const runtime::v1alpha2:: - } - - cleanup: -+ free(sandbox_key); - return; - } - -diff --git a/src/daemon/executor/container_cb/execution_create.c b/src/daemon/executor/container_cb/execution_create.c -index 95a7d9ab..e647ca06 100644 ---- a/src/daemon/executor/container_cb/execution_create.c -+++ b/src/daemon/executor/container_cb/execution_create.c -@@ -1421,6 +1421,11 @@ static char *new_pod_sandbox_key(void) - - static int generate_network_settings(const host_config *host_config, container_config_v2_common_config *v2_spec) - { -+ if (host_config == NULL || v2_spec == NULL) { -+ ERROR("Invalid input"); -+ return -1; -+ } -+ - container_config_v2_common_config_network_settings *settings = NULL; - - if (!namespace_is_file(host_config->network_mode)) { -diff --git a/src/utils/cutils/utils_network.c b/src/utils/cutils/utils_network.c -index a5d77c93..1ca901ea 100644 ---- a/src/utils/cutils/utils_network.c -+++ b/src/utils/cutils/utils_network.c -@@ -65,26 +65,34 @@ out: - return ret; - } - --static void mount_netns(void *netns_path) -+static void* mount_netns(void *netns_path) - { -- int failure = EXIT_FAILURE; -- int success = EXIT_SUCCESS; -+ int *ecode = (int *)malloc(sizeof(int)); - char fullpath[PATH_MAX] = { 0x00 }; - int ret = 0; - - if (unshare(CLONE_NEWNET) != 0) { -- pthread_exit((void *)&failure); -+ ERROR("Failed to unshare"); -+ goto err_out; - } - - ret = snprintf(fullpath, sizeof(fullpath), "/proc/%d/task/%ld/ns/net", getpid(), (long int)syscall(__NR_gettid)); - if (ret < 0 || (size_t)ret >= sizeof(fullpath)) { -- pthread_exit((void *)&failure); -+ ERROR("Failed to get full path"); -+ goto err_out; - } - - if (util_mount(fullpath, (char *)netns_path, "none", "bind") != 0) { -- pthread_exit((void *)&failure); -+ ERROR("Failed to mount %s", fullpath); -+ goto err_out; - } -- pthread_exit((void *)&success); -+ -+ *ecode = EXIT_SUCCESS; -+ pthread_exit((void *)ecode); -+ -+err_out: -+ *ecode = EXIT_FAILURE; -+ pthread_exit((void *)ecode); - } - - // this function mounts netns path to /proc/%d/task/%d/ns/net -@@ -103,14 +111,25 @@ int util_mount_namespace(const char *netns_path) - ret = pthread_join(newns_thread, &status); - if (ret != 0) { - ERROR("Failed to join thread"); -+ ret = -1; -+ goto out; -+ } -+ -+ if (status == NULL) { -+ ERROR("Failed set exit status"); - return -1; -+ } -+ -+ if (*(int *)status != 0) { -+ ERROR("Failed to initialize network namespace, status code is %d", *(int *)status); -+ ret = -1; - } else { -- if (*(int *)status != 0) { -- ERROR("Failed to initialize network namespace"); -- return -1; -- } -+ ret = 0; - } -- return 0; -+ -+out: -+ free(status); -+ return ret; - } - - int util_umount_namespace(const char *netns_path) -diff --git a/test/mocks/namespace_mock.h b/test/mocks/namespace_mock.h -index 80e75b0b..5bfc2c70 100644 ---- a/test/mocks/namespace_mock.h -+++ b/test/mocks/namespace_mock.h -@@ -26,7 +26,8 @@ public: - MOCK_METHOD1(ConnectedContainer, char *(const char *mode)); - MOCK_METHOD3(GetShareNamespacePath, int(const char *type, const char *src_path, char **dest_path)); - MOCK_METHOD1(GetContainerProcessLabel, char *(const char *path)); -- MOCK_METHOD4(GetNetworkNamespacePath, int(const host_config *, const container_config_v2_common_config_network_settings *, const char *, char **)); -+ MOCK_METHOD4(GetNetworkNamespacePath, int(const host_config *, -+ const container_config_v2_common_config_network_settings *, const char *, char **)); - }; - - void MockNamespace_SetMock(MockNamespace *mock); --- -2.25.1 - diff --git a/0019-add-pull-request-gateway-checker-for-build-and-ut.patch b/0019-add-pull-request-gateway-checker-for-build-and-ut.patch deleted file mode 100644 index 6dbee9c..0000000 --- a/0019-add-pull-request-gateway-checker-for-build-and-ut.patch +++ /dev/null @@ -1,97 +0,0 @@ -From 5a9ab3c983158c8848868e92d5a06fbd7bfc9141 Mon Sep 17 00:00:00 2001 -From: haozi007 -Date: Mon, 6 Dec 2021 09:26:40 +0000 -Subject: [PATCH] add pull request gateway checker for build and ut - -Signed-off-by: haozi007 ---- - CI/pr-gateway.sh | 77 ++++++++++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 77 insertions(+) - create mode 100755 CI/pr-gateway.sh - -diff --git a/CI/pr-gateway.sh b/CI/pr-gateway.sh -new file mode 100755 -index 00000000..c38059b9 ---- /dev/null -+++ b/CI/pr-gateway.sh -@@ -0,0 +1,77 @@ -+#!/bin/bash -+####################################################################### -+##- @Copyright (C) Huawei Technologies., Ltd. 2021. All rights reserved. -+# - iSulad licensed under the Mulan PSL v2. -+# - You can use this software according to the terms and conditions of the Mulan PSL v2. -+# - You may obtain a copy of Mulan PSL v2 at: -+# - http://license.coscl.org.cn/MulanPSL2 -+# - THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR -+# - IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR -+# - PURPOSE. -+# - See the Mulan PSL v2 for more details. -+##- @Description:provide gateway checker for pull request of iSulad -+##- @Author: haozi007 -+##- @Create: 2021-12-06 -+####################################################################### -+tbranch="master" -+if [ $# -eq 1 ]; then -+ tbranch=$1 -+fi -+ -+dnf install -y gtest-devel gmock-devel diffutils cmake gcc-c++ yajl-devel patch make libtool libevent-devel libevhtp-devel grpc grpc-plugins grpc-devel protobuf-devel libcurl libcurl-devel sqlite-devel libarchive-devel device-mapper-devel http-parser-devel libseccomp-devel libcap-devel libselinux-devel libwebsockets libwebsockets-devel systemd-devel git chrpath -+ -+# dnf install -y cargo rust rust-packaging -+ -+cd ~ -+ -+rm -rf lxc -+git clone https://gitee.com/src-openeuler/lxc.git -+pushd lxc -+rm -rf lxc-4.0.3 -+./apply-patches || exit 1 -+pushd lxc-4.0.3 -+./autogen.sh && ./configure || exit 1 -+make -j $(nproc) || exit 1 -+make install -+popd -+popd -+ -+ldconfig -+rm -rf lcr -+git clone https://gitee.com/openeuler/lcr.git -+pushd lcr -+git checkout ${tbranch} -+rm -rf build -+mkdir build -+pushd build -+cmake -DDEBUG=ON -DCMAKE_SKIP_RPATH=TRUE ../ || exit 1 -+make -j $(nproc) || exit 1 -+make install -+popd -+popd -+ -+ldconfig -+rm -rf clibcni -+git clone https://gitee.com/openeuler/clibcni.git -+pushd clibcni -+git checkout ${tbranch} -+rm -rf build -+mkdir build -+pushd build -+cmake -DDEBUG=ON ../ || exit 1 -+make -j $(nproc) || exit 1 -+make install -+popd -+popd -+ -+ldconfig -+pushd iSulad -+rm -rf build -+mkdir build -+pushd build -+cmake -DDEBUG=ON -DCMAKE_INSTALL_PREFIX=/usr -DENABLE_UT=ON -DENABLE_SHIM_V2=OFF ../ || exit 1 -+#cmake -DDEBUG=ON -DCMAKE_INSTALL_PREFIX=/usr -DENABLE_UT=ON -DENABLE_SHIM_V2=ON ../ || exit 1 -+make -j $(nproc) || exit 1 -+ctest -V -+popd -+popd --- -2.25.1 - diff --git a/0020-Optimize-websocket-streaming-service-code.patch b/0020-Optimize-websocket-streaming-service-code.patch deleted file mode 100644 index bd9d764..0000000 --- a/0020-Optimize-websocket-streaming-service-code.patch +++ /dev/null @@ -1,1901 +0,0 @@ -From 3d5ad2160b9fe779433cce497bfa0cb0146bdcb3 Mon Sep 17 00:00:00 2001 -From: wujing -Date: Sat, 4 Dec 2021 21:20:25 +0800 -Subject: [PATCH] Optimize websocket streaming service code - -Signed-off-by: wujing ---- - .../cri/cri_container_manager_service_impl.cc | 28 +- - src/daemon/entry/cri/request_cache.cc | 123 ++----- - src/daemon/entry/cri/request_cache.h | 32 +- - .../cri/websocket/service/attach_serve.cc | 102 +++--- - .../cri/websocket/service/attach_serve.h | 28 +- - .../entry/cri/websocket/service/exec_serve.cc | 158 +++++---- - .../entry/cri/websocket/service/exec_serve.h | 27 +- - .../service/route_callback_register.cc | 80 +++++ - .../service/route_callback_register.h | 61 ++-- - .../cri/websocket/service/stream_server.cc | 6 +- - .../cri/websocket/service/stream_server.h | 4 +- - .../entry/cri/websocket/service/ws_server.cc | 300 +++++++++++------- - .../entry/cri/websocket/service/ws_server.h | 174 +++------- - 13 files changed, 542 insertions(+), 581 deletions(-) - create mode 100644 src/daemon/entry/cri/websocket/service/route_callback_register.cc - -diff --git a/src/daemon/entry/cri/cri_container_manager_service_impl.cc b/src/daemon/entry/cri/cri_container_manager_service_impl.cc -index 2e65ab51..b160ce31 100644 ---- a/src/daemon/entry/cri/cri_container_manager_service_impl.cc -+++ b/src/daemon/entry/cri/cri_container_manager_service_impl.cc -@@ -376,7 +376,8 @@ ContainerManagerServiceImpl::GenerateCreateContainerRequest(const std::string &r - hostconfig->cgroup_parent = util_strdup_s(podSandboxConfig.linux().cgroup_parent().c_str()); - } - -- custom_config = GenerateCreateContainerCustomConfig(cname, realPodSandboxID, containerConfig, podSandboxConfig, error); -+ custom_config = -+ GenerateCreateContainerCustomConfig(cname, realPodSandboxID, containerConfig, podSandboxConfig, error); - if (error.NotEmpty()) { - goto cleanup; - } -@@ -409,11 +410,10 @@ cleanup: - return request; - } - --std::string ContainerManagerServiceImpl::CreateContainer( -- const std::string &podSandboxID, -- const runtime::v1alpha2::ContainerConfig &containerConfig, -- const runtime::v1alpha2::PodSandboxConfig &podSandboxConfig, -- Errors &error) -+std::string ContainerManagerServiceImpl::CreateContainer(const std::string &podSandboxID, -+ const runtime::v1alpha2::ContainerConfig &containerConfig, -+ const runtime::v1alpha2::PodSandboxConfig &podSandboxConfig, -+ Errors &error) - { - std::string response_id; - std::string podSandboxRuntime; -@@ -1305,10 +1305,16 @@ void ContainerManagerServiceImpl::Exec(const runtime::v1alpha2::ExecRequest &req - if (ValidateExecRequest(req, error) != 0) { - return; - } -+ auto execReq = new (std::nothrow) runtime::v1alpha2::ExecRequest(req); -+ if (execReq == nullptr) { -+ error.SetError("out of memory"); -+ return; -+ } - RequestCache *cache = RequestCache::GetInstance(); -- std::string token = cache->InsertExecRequest(req); -+ std::string token = cache->InsertRequest(req.container_id(), execReq); - if (token.empty()) { - error.SetError("failed to get a unique token!"); -+ delete execReq; - return; - } - std::string url = BuildURL("exec", token); -@@ -1350,10 +1356,16 @@ void ContainerManagerServiceImpl::Attach(const runtime::v1alpha2::AttachRequest - error.SetError("Empty attach response arguments"); - return; - } -+ auto attachReq = new (std::nothrow) runtime::v1alpha2::AttachRequest(req); -+ if (attachReq == nullptr) { -+ error.SetError("out of memory"); -+ return; -+ } - RequestCache *cache = RequestCache::GetInstance(); -- std::string token = cache->InsertAttachRequest(req); -+ std::string token = cache->InsertRequest(req.container_id(), attachReq); - if (token.empty()) { - error.SetError("failed to get a unique token!"); -+ delete attachReq; - return; - } - std::string url = BuildURL("attach", token); -diff --git a/src/daemon/entry/cri/request_cache.cc b/src/daemon/entry/cri/request_cache.cc -index 4ff284ab..312a8071 100644 ---- a/src/daemon/entry/cri/request_cache.cc -+++ b/src/daemon/entry/cri/request_cache.cc -@@ -1,5 +1,5 @@ - /****************************************************************************** -- * Copyright (c) Huawei Technologies Co., Ltd. 2017-2019. All rights reserved. -+ * Copyright (c) Huawei Technologies Co., Ltd. 2019-2021. All rights reserved. - * iSulad licensed under the Mulan PSL v2. - * You can use this software according to the terms and conditions of the Mulan PSL v2. - * You may obtain a copy of Mulan PSL v2 at: -@@ -8,8 +8,8 @@ - * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR - * PURPOSE. - * See the Mulan PSL v2 for more details. -- * Author: tanyifeng -- * Create: 2017-11-22 -+ * Author: wujing -+ * Create: 2019-01-02 - * Description: provide request cache function definition - *********************************************************************************/ - #include "request_cache.h" -@@ -19,15 +19,25 @@ - #include - #include - #include --#include "isula_libutils/log.h" -+#include - #include "utils.h" - #include "utils_base64.h" - - std::atomic RequestCache::m_instance; - std::mutex RequestCache::m_mutex; -+ -+void CacheEntry::SetValue(const std::string &t, const std::string &id, ::google::protobuf::Message *request, -+ std::chrono::system_clock::time_point et) -+{ -+ token = t; -+ containerID = id; -+ req = request; -+ expireTime = et; -+} -+ - RequestCache *RequestCache::GetInstance() noexcept - { -- RequestCache *cache = m_instance.load(std::memory_order_relaxed); -+ auto *cache = m_instance.load(std::memory_order_relaxed); - std::atomic_thread_fence(std::memory_order_acquire); - if (cache == nullptr) { - std::lock_guard lock(m_mutex); -@@ -41,25 +51,7 @@ RequestCache *RequestCache::GetInstance() noexcept - return cache; - } - --std::string RequestCache::InsertExecRequest(const runtime::v1alpha2::ExecRequest &req) --{ -- std::lock_guard lock(m_mutex); -- // Remove expired entries. -- GarbageCollection(); -- // If the cache is full, reject the request. -- if (m_ll.size() == MaxInFlight) { -- ERROR("too many cache in flight!"); -- return ""; -- } -- auto token = UniqueToken(); -- CacheEntry tmp; -- tmp.SetValue(token, &req, nullptr, std::chrono::system_clock::now() + std::chrono::minutes(1)); -- m_ll.push_front(tmp); -- m_tokens.insert(std::make_pair(token, tmp)); -- return token; --} -- --std::string RequestCache::InsertAttachRequest(const runtime::v1alpha2::AttachRequest &req) -+std::string RequestCache::InsertRequest(const std::string &containerID, ::google::protobuf::Message *req) - { - std::lock_guard lock(m_mutex); - // Remove expired entries. -@@ -71,7 +63,7 @@ std::string RequestCache::InsertAttachRequest(const runtime::v1alpha2::AttachReq - } - auto token = UniqueToken(); - CacheEntry tmp; -- tmp.SetValue(token, nullptr, &req, std::chrono::system_clock::now() + std::chrono::minutes(1)); -+ tmp.SetValue(token, containerID, req, std::chrono::system_clock::now() + std::chrono::minutes(1)); - m_ll.push_front(tmp); - m_tokens.insert(std::make_pair(token, tmp)); - return token; -@@ -81,10 +73,14 @@ void RequestCache::GarbageCollection() - { - auto now = std::chrono::system_clock::now(); - while (!m_ll.empty()) { -- CacheEntry oldest = m_ll.back(); -+ auto oldest = m_ll.back(); - if (now < oldest.expireTime) { - return; - } -+ if (oldest.req != nullptr) { -+ delete oldest.req; -+ oldest.req = nullptr; -+ } - m_ll.pop_back(); - m_tokens.erase(oldest.token); - } -@@ -103,15 +99,15 @@ std::string RequestCache::UniqueToken() - continue; - } - -- char *b64_encode_buf = nullptr; -- if (util_base64_encode((unsigned char *)rawToken, strlen(rawToken), &b64_encode_buf) < 0) { -+ char *b64EncodeBuf = nullptr; -+ if (util_base64_encode((unsigned char *)rawToken, strlen(rawToken), &b64EncodeBuf) < 0) { - ERROR("Encode raw token to base64 failed"); - continue; - } - -- std::string token(b64_encode_buf); -- free(b64_encode_buf); -- b64_encode_buf = nullptr; -+ std::string token(b64EncodeBuf); -+ free(b64EncodeBuf); -+ b64EncodeBuf = nullptr; - if (token.length() != TokenLen) { - continue; - } -@@ -133,37 +129,13 @@ bool RequestCache::IsValidToken(const std::string &token) - } - - // Consume the token (remove it from the cache) and return the cached request, if found. --runtime::v1alpha2::ExecRequest RequestCache::ConsumeExecRequest(const std::string &token) --{ -- std::lock_guard lock(m_mutex); -- -- if (m_tokens.count(token) == 0 || m_tokens[token].execRequest.size() == 0) { -- ERROR("Invalid token"); -- return runtime::v1alpha2::ExecRequest(); -- } -- -- CacheEntry ele = m_tokens[token]; -- for (auto it = m_ll.begin(); it != m_ll.end(); it++) { -- if (it->token == token) { -- m_ll.erase(it); -- break; -- } -- } -- m_tokens.erase(token); -- if (std::chrono::system_clock::now() > ele.expireTime) { -- return runtime::v1alpha2::ExecRequest(); -- } -- -- return ele.execRequest.at(0); --} -- --runtime::v1alpha2::AttachRequest RequestCache::ConsumeAttachRequest(const std::string &token) -+::google::protobuf::Message *RequestCache::ConsumeRequest(const std::string &token) - { - std::lock_guard lock(m_mutex); - -- if (m_tokens.count(token) == 0 || m_tokens[token].attachRequest.size() == 0) { -+ if (m_tokens.count(token) == 0) { - ERROR("Invalid token"); -- return runtime::v1alpha2::AttachRequest(); -+ return nullptr; - } - - CacheEntry ele = m_tokens[token]; -@@ -175,45 +147,20 @@ runtime::v1alpha2::AttachRequest RequestCache::ConsumeAttachRequest(const std::s - } - m_tokens.erase(token); - if (std::chrono::system_clock::now() > ele.expireTime) { -- return runtime::v1alpha2::AttachRequest(); -- } -- -- return ele.attachRequest.at(0); --} -- --std::string RequestCache::GetExecContainerIDByToken(const std::string &token) --{ -- std::lock_guard lock(m_mutex); -- -- if (m_tokens.count(token) == 0 || m_tokens[token].execRequest.size() == 0) { -- ERROR("Invalid token"); -- return ""; -+ return nullptr; - } - -- return m_tokens[token].execRequest.at(0).container_id(); -+ return ele.req; - } - --std::string RequestCache::GetAttachContainerIDByToken(const std::string &token) -+std::string RequestCache::GetContainerIDByToken(const std::string &token) - { - std::lock_guard lock(m_mutex); - -- if (m_tokens.count(token) == 0 || m_tokens[token].attachRequest.size() == 0) { -+ if (m_tokens.count(token) == 0) { - ERROR("Invalid token"); - return ""; - } - -- return m_tokens[token].attachRequest.at(0).container_id(); --} -- --std::string RequestCache::GetContainerIDByToken(const std::string &method, const std::string &token) --{ -- if (method == "exec") { -- return GetExecContainerIDByToken(token); -- } else if (method == "attach") { -- return GetAttachContainerIDByToken(token); -- } -- -- ERROR("Invalid method: %s", method.c_str()); -- -- return ""; -+ return m_tokens[token].containerID; - } -diff --git a/src/daemon/entry/cri/request_cache.h b/src/daemon/entry/cri/request_cache.h -index d44b4d78..90ae20e8 100644 ---- a/src/daemon/entry/cri/request_cache.h -+++ b/src/daemon/entry/cri/request_cache.h -@@ -1,5 +1,5 @@ - /****************************************************************************** -- * Copyright (c) Huawei Technologies Co., Ltd. 2019. All rights reserved. -+ * Copyright (c) Huawei Technologies Co., Ltd. 2019-2021. All rights reserved. - * iSulad licensed under the Mulan PSL v2. - * You can use this software according to the terms and conditions of the Mulan PSL v2. - * You may obtain a copy of Mulan PSL v2 at: -@@ -23,44 +23,28 @@ - #include - #include - #include --#include "api.pb.h" - - struct CacheEntry { - std::string token; -- std::vector execRequest; -- std::vector attachRequest; -+ std::string containerID; -+ ::google::protobuf::Message *req; - std::chrono::system_clock::time_point expireTime; - -- void SetValue(const std::string &t, -- const runtime::v1alpha2::ExecRequest *execReq, -- const runtime::v1alpha2::AttachRequest *attachReq, -- std::chrono::system_clock::time_point et) -- { -- token = t; -- if (execReq != nullptr) { -- execRequest.push_back(*execReq); -- } else if (attachReq != nullptr) { -- attachRequest.push_back(*attachReq); -- } -- expireTime = et; -- } -+ void SetValue(const std::string &t, const std::string &id, ::google::protobuf::Message *request, -+ std::chrono::system_clock::time_point et); - }; - - class RequestCache { - public: - static RequestCache *GetInstance() noexcept; -- std::string InsertExecRequest(const runtime::v1alpha2::ExecRequest &req); -- std::string InsertAttachRequest(const runtime::v1alpha2::AttachRequest &req); -- runtime::v1alpha2::ExecRequest ConsumeExecRequest(const std::string &token); -- runtime::v1alpha2::AttachRequest ConsumeAttachRequest(const std::string &token); -- std::string GetContainerIDByToken(const std::string &method, const std::string &token); -+ std::string InsertRequest(const std::string &containerID, ::google::protobuf::Message *req); -+ ::google::protobuf::Message *ConsumeRequest(const std::string &token); -+ std::string GetContainerIDByToken(const std::string &token); - bool IsValidToken(const std::string &token); - - private: - void GarbageCollection(); - std::string UniqueToken(); -- std::string GetExecContainerIDByToken(const std::string &token); -- std::string GetAttachContainerIDByToken(const std::string &token); - - private: - RequestCache() = default; -diff --git a/src/daemon/entry/cri/websocket/service/attach_serve.cc b/src/daemon/entry/cri/websocket/service/attach_serve.cc -index cda63c45..abe23f51 100644 ---- a/src/daemon/entry/cri/websocket/service/attach_serve.cc -+++ b/src/daemon/entry/cri/websocket/service/attach_serve.cc -@@ -1,5 +1,5 @@ - /****************************************************************************** -- * Copyright (c) Huawei Technologies Co., Ltd. 2018-2019. All rights reserved. -+ * Copyright (c) Huawei Technologies Co., Ltd. 2018-2021. All rights reserved. - * iSulad licensed under the Mulan PSL v2. - * You can use this software according to the terms and conditions of the Mulan PSL v2. - * You may obtain a copy of Mulan PSL v2 at: -@@ -8,86 +8,78 @@ - * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR - * PURPOSE. - * See the Mulan PSL v2 for more details. -- * Author: lifeng -+ * Author: wujing - * Create: 2018-11-08 - * Description: provide container attach functions - ******************************************************************************/ - - #include "attach_serve.h" -+#include "api.pb.h" -+#include "ws_server.h" -+#include "isula_libutils/log.h" -+#include "callback.h" - #include "utils.h" - --int AttachServe::Execute(session_data *lws_ctx, const std::string &token) -+AttachServe::~AttachServe() - { -- if (lws_ctx == nullptr) { -- return -1; -- } -+ free_container_attach_request(m_request); -+ free_container_attach_response(m_response); -+} - -+void AttachServe::SetServeThreadName() -+{ - prctl(PR_SET_NAME, "AttachServe"); -+} - -- service_executor_t *cb = get_service_executor(); -- if (cb == nullptr || cb->container.attach == nullptr) { -- sem_post(lws_ctx->sync_close_sem); -+int AttachServe::SetContainerStreamRequest(::google::protobuf::Message *request, const std::string &suffix) -+{ -+ auto *grequest = dynamic_cast(request); -+ -+ m_request = static_cast(util_common_calloc_s(sizeof(container_attach_request))); -+ if (m_request == nullptr) { -+ ERROR("Out of memory"); - return -1; - } - -- container_attach_request *container_req = nullptr; -- if (GetContainerRequest(token, &container_req) != 0) { -- ERROR("Failed to get contaner request"); -- sem_post(lws_ctx->sync_close_sem); -+ if (!grequest->container_id().empty()) { -+ m_request->container_id = util_strdup_s(grequest->container_id().c_str()); -+ } -+ m_request->attach_stdin = grequest->stdin(); -+ m_request->attach_stdout = grequest->stdout(); -+ m_request->attach_stderr = grequest->stderr(); -+ -+ return 0; -+} -+ -+int AttachServe::ExecuteStreamCommand(SessionData *lwsCtx) -+{ -+ auto *cb = get_service_executor(); -+ if (cb == nullptr || cb->container.attach == nullptr) { -+ ERROR("Failed to get attach service executor"); -+ sem_post(lwsCtx->syncCloseSem); - return -1; - } - - struct io_write_wrapper stringWriter = { 0 }; -- stringWriter.context = (void *)(lws_ctx); -+ stringWriter.context = (void *)(lwsCtx); - stringWriter.write_func = WsWriteStdoutToClient; - stringWriter.close_func = closeWsConnect; -- container_req->attach_stderr = false; -- -- container_attach_response *container_res = nullptr; -- int ret = cb->container.attach(container_req, &container_res, container_req->attach_stdin ? lws_ctx->pipes.at(0) : -1, -- container_req->attach_stdout ? &stringWriter : nullptr, nullptr); -- if (ret != 0) { -- ERROR("Failed to attach container: %s", container_req->container_id); -- sem_post(lws_ctx->sync_close_sem); -- } -- -- free_container_attach_request(container_req); -- free_container_attach_response(container_res); -+ m_request->attach_stderr = false; - -- return ret; -+ return cb->container.attach(m_request, &m_response, m_request->attach_stdin ? lwsCtx->pipes.at(0) : -1, -+ m_request->attach_stdout ? &stringWriter : nullptr, nullptr); - } - --int AttachServe::GetContainerRequest(const std::string &token, container_attach_request **container_req) -+void AttachServe::ErrorHandler(int ret, SessionData *lwsCtx) - { -- RequestCache *cache = RequestCache::GetInstance(); -- auto request = cache->ConsumeAttachRequest(token); -- -- int ret = RequestFromCri(request, container_req); -- if (ret != 0) { -- ERROR("Failed to transform grpc request!"); -+ if (ret == 0) { -+ return; - } -- -- return ret; -+ ERROR("Failed to attach container: %s", m_request->container_id); -+ sem_post(lwsCtx->syncCloseSem); - } - --int AttachServe::RequestFromCri(const runtime::v1alpha2::AttachRequest &grequest, container_attach_request **request) -+void AttachServe::CloseConnect(SessionData *lwsCtx) - { -- container_attach_request *tmpreq = nullptr; -- -- tmpreq = (container_attach_request *)util_common_calloc_s(sizeof(container_attach_request)); -- if (tmpreq == nullptr) { -- ERROR("Out of memory"); -- return -1; -- } -- -- if (!grequest.container_id().empty()) { -- tmpreq->container_id = util_strdup_s(grequest.container_id().c_str()); -- } -- tmpreq->attach_stdin = grequest.stdin(); -- tmpreq->attach_stdout = grequest.stdout(); -- tmpreq->attach_stderr = grequest.stderr(); -- -- *request = tmpreq; -- -- return 0; -+ (void)lwsCtx; - } -diff --git a/src/daemon/entry/cri/websocket/service/attach_serve.h b/src/daemon/entry/cri/websocket/service/attach_serve.h -index f7b8a017..38e75e29 100644 ---- a/src/daemon/entry/cri/websocket/service/attach_serve.h -+++ b/src/daemon/entry/cri/websocket/service/attach_serve.h -@@ -1,5 +1,5 @@ - /****************************************************************************** -- * Copyright (c) Huawei Technologies Co., Ltd. 2019. All rights reserved. -+ * Copyright (c) Huawei Technologies Co., Ltd. 2019-2021. All rights reserved. - * iSulad licensed under the Mulan PSL v2. - * You can use this software according to the terms and conditions of the Mulan PSL v2. - * You may obtain a copy of Mulan PSL v2 at: -@@ -17,27 +17,27 @@ - #define DAEMON_ENTRY_CRI_WEBSOCKET_SERVICE_ATTACH_SERVE_H - - #include "route_callback_register.h" --#include - #include --#include --#include "ws_server.h" -- --#include "api.pb.h" --#include "isula_libutils/log.h" --#include "callback.h" --#include "request_cache.h" -+#include "isula_libutils/container_attach_request.h" -+#include "isula_libutils/container_attach_response.h" - - class AttachServe : public StreamingServeInterface { - public: - AttachServe() = default; - AttachServe(const AttachServe &) = delete; - AttachServe &operator=(const AttachServe &) = delete; -- virtual ~AttachServe() = default; -- int Execute(session_data *lws_ctx, const std::string &token) override; -+ virtual ~AttachServe(); -+ -+private: -+ virtual void SetServeThreadName() override; -+ virtual int SetContainerStreamRequest(::google::protobuf::Message *grequest, const std::string &suffix) override; -+ virtual int ExecuteStreamCommand(SessionData *lwsCtx) override; -+ virtual void ErrorHandler(int ret, SessionData *lwsCtx) override; -+ virtual void CloseConnect(SessionData *lwsCtx) override; -+ - private: -- int RequestFromCri(const runtime::v1alpha2::AttachRequest &grequest, -- container_attach_request **request); -- int GetContainerRequest(const std::string &token, container_attach_request **container_req); -+ container_attach_request *m_request { nullptr }; -+ container_attach_response *m_response { nullptr }; - }; - #endif // DAEMON_ENTRY_CRI_WEBSOCKET_SERVICE_ATTACH_SERVE_H - -diff --git a/src/daemon/entry/cri/websocket/service/exec_serve.cc b/src/daemon/entry/cri/websocket/service/exec_serve.cc -index 26b552de..b7709c48 100644 ---- a/src/daemon/entry/cri/websocket/service/exec_serve.cc -+++ b/src/daemon/entry/cri/websocket/service/exec_serve.cc -@@ -1,5 +1,5 @@ - /****************************************************************************** -- * Copyright (c) Huawei Technologies Co., Ltd. 2018-2019. All rights reserved. -+ * Copyright (c) Huawei Technologies Co., Ltd. 2018-2021. All rights reserved. - * iSulad licensed under the Mulan PSL v2. - * You can use this software according to the terms and conditions of the Mulan PSL v2. - * You may obtain a copy of Mulan PSL v2 at: -@@ -8,127 +8,111 @@ - * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR - * PURPOSE. - * See the Mulan PSL v2 for more details. -- * Author: lifeng -+ * Author: wujing - * Create: 2018-11-08 - * Description: provide ExecServe functions - ******************************************************************************/ - - #include "exec_serve.h" -+#include - #include "io_wrapper.h" -+#include "ws_server.h" - #include "utils.h" - #include "cri_helpers.h" - --int ExecServe::Execute(session_data *lws_ctx, const std::string &token) -+ExecServe::~ExecServe() - { -- if (lws_ctx == nullptr) { -- return -1; -- } -+ free_container_exec_request(m_request); -+ free_container_exec_response(m_response); -+} - -+void ExecServe::SetServeThreadName() -+{ - prctl(PR_SET_NAME, "ExecServe"); -+} - -- service_executor_t *cb = get_service_executor(); -- if (cb == nullptr || cb->container.exec == nullptr) { -- sem_post(lws_ctx->sync_close_sem); -+int ExecServe::SetContainerStreamRequest(::google::protobuf::Message *request, const std::string &suffix) -+{ -+ auto *grequest = dynamic_cast(request); -+ -+ m_request = static_cast(util_common_calloc_s(sizeof(container_exec_request))); -+ if (m_request == nullptr) { -+ ERROR("Out of memory"); - return -1; - } - -- container_exec_request *container_req = nullptr; -- if (GetContainerRequest(token, lws_ctx->suffix, &container_req) != 0) { -- ERROR("Failed to get contaner request"); -- sem_post(lws_ctx->sync_close_sem); -+ m_request->tty = grequest->tty(); -+ m_request->attach_stdin = grequest->stdin(); -+ m_request->attach_stdout = grequest->stdout(); -+ m_request->attach_stderr = grequest->stderr(); -+ -+ if (!grequest->container_id().empty()) { -+ m_request->container_id = util_strdup_s(grequest->container_id().c_str()); -+ } -+ -+ if (grequest->cmd_size() > 0) { -+ if (static_cast(grequest->cmd_size()) > SIZE_MAX / sizeof(char *)) { -+ ERROR("Too many arguments!"); -+ return -1; -+ } -+ m_request->argv = (char **)util_common_calloc_s(sizeof(char *) * grequest->cmd_size()); -+ if (m_request->argv == nullptr) { -+ ERROR("Out of memory!"); -+ return -1; -+ } -+ for (int i = 0; i < grequest->cmd_size(); i++) { -+ m_request->argv[i] = util_strdup_s(grequest->cmd(i).c_str()); -+ } -+ m_request->argv_len = static_cast(grequest->cmd_size()); -+ } -+ -+ m_request->suffix = util_strdup_s(suffix.c_str()); -+ -+ return 0; -+} -+ -+int ExecServe::ExecuteStreamCommand(SessionData *lwsCtx) -+{ -+ auto *cb = get_service_executor(); -+ if (cb == nullptr || cb->container.exec == nullptr) { -+ ERROR("Failed to get exec service executor"); -+ sem_post(lwsCtx->syncCloseSem); - return -1; - } - - struct io_write_wrapper StdoutstringWriter = { 0 }; -- StdoutstringWriter.context = (void *)lws_ctx; -+ StdoutstringWriter.context = (void *)lwsCtx; - StdoutstringWriter.write_func = WsWriteStdoutToClient; - // the close function of StderrstringWriter is preferred unless StderrstringWriter is nullptr - StdoutstringWriter.close_func = nullptr; - struct io_write_wrapper StderrstringWriter = { 0 }; -- StderrstringWriter.context = (void *)lws_ctx; -+ StderrstringWriter.context = (void *)lwsCtx; - StderrstringWriter.write_func = WsWriteStderrToClient; - StderrstringWriter.close_func = nullptr; - -- container_exec_response *container_res = nullptr; -- int ret = cb->container.exec(container_req, &container_res, container_req->attach_stdin ? lws_ctx->pipes.at(0) : -1, -- container_req->attach_stdout ? &StdoutstringWriter : nullptr, -- container_req->attach_stderr ? &StderrstringWriter : nullptr); -+ return cb->container.exec(m_request, &m_response, m_request->attach_stdin ? lwsCtx->pipes.at(0) : -1, -+ m_request->attach_stdout ? &StdoutstringWriter : nullptr, -+ m_request->attach_stderr ? &StderrstringWriter : nullptr); -+} -+ -+void ExecServe::ErrorHandler(int ret, SessionData *lwsCtx) -+{ - if (ret != 0) { - std::string message; -- if (container_res != nullptr && container_res->errmsg != nullptr) { -- message = container_res->errmsg; -+ if (m_response != nullptr && m_response->errmsg != nullptr) { -+ message = m_response->errmsg; - } else { - message = "Failed to call exec container callback. "; - } -- WsWriteStdoutToClient(lws_ctx, message.c_str(), message.length()); -+ WsWriteStdoutToClient(lwsCtx, message.c_str(), message.length()); - } -- if (container_res != nullptr && container_res->exit_code != 0) { -- std::string exit_info = "Exit code :" + std::to_string((int)container_res->exit_code) + "\n"; -- WsWriteStdoutToClient(lws_ctx, exit_info.c_str(), exit_info.length()); -+ if (m_response != nullptr && m_response->exit_code != 0) { -+ std::string exit_info = "Exit code :" + std::to_string((int)m_response->exit_code) + "\n"; -+ WsWriteStdoutToClient(lwsCtx, exit_info.c_str(), exit_info.length()); - } -- -- free_container_exec_request(container_req); -- free_container_exec_response(container_res); -- -- closeWsConnect((void*)lws_ctx, nullptr); -- -- return ret; - } - --int ExecServe::GetContainerRequest(const std::string &token, const std::string &suffix, -- container_exec_request **container_req) -+void ExecServe::CloseConnect(SessionData *lwsCtx) - { -- RequestCache *cache = RequestCache::GetInstance(); -- auto request = cache->ConsumeExecRequest(token); -- -- int ret = RequestFromCri(request, suffix, container_req); -- if (ret != 0) { -- ERROR("Failed to transform grpc request!"); -- } -- -- return ret; --} -- --int ExecServe::RequestFromCri(const runtime::v1alpha2::ExecRequest &grequest, const std::string &suffix, -- container_exec_request **request) --{ -- container_exec_request *tmpreq = nullptr; -- -- tmpreq = (container_exec_request *)util_common_calloc_s(sizeof(container_exec_request)); -- if (tmpreq == nullptr) { -- ERROR("Out of memory"); -- return -1; -- } -- -- tmpreq->tty = grequest.tty(); -- tmpreq->attach_stdin = grequest.stdin(); -- tmpreq->attach_stdout = grequest.stdout(); -- tmpreq->attach_stderr = grequest.stderr(); -- -- if (!grequest.container_id().empty()) { -- tmpreq->container_id = util_strdup_s(grequest.container_id().c_str()); -- } -- -- if (grequest.cmd_size() > 0) { -- if ((size_t)grequest.cmd_size() > SIZE_MAX / sizeof(char *)) { -- ERROR("Too many arguments!"); -- free_container_exec_request(tmpreq); -- return -1; -- } -- tmpreq->argv = (char **)util_common_calloc_s(sizeof(char *) * grequest.cmd_size()); -- if (tmpreq->argv == nullptr) { -- ERROR("Out of memory!"); -- free_container_exec_request(tmpreq); -- return -1; -- } -- for (int i = 0; i < grequest.cmd_size(); i++) { -- tmpreq->argv[i] = util_strdup_s(grequest.cmd(i).c_str()); -- } -- tmpreq->argv_len = (size_t)grequest.cmd_size(); -- } -- -- tmpreq->suffix = util_strdup_s(suffix.c_str()); -- -- *request = tmpreq; -- return 0; -+ closeWsConnect((void*)lwsCtx, nullptr); - } -diff --git a/src/daemon/entry/cri/websocket/service/exec_serve.h b/src/daemon/entry/cri/websocket/service/exec_serve.h -index 5cccdee8..3afb2abb 100644 ---- a/src/daemon/entry/cri/websocket/service/exec_serve.h -+++ b/src/daemon/entry/cri/websocket/service/exec_serve.h -@@ -1,5 +1,5 @@ - /****************************************************************************** -- * Copyright (c) Huawei Technologies Co., Ltd. 2019. All rights reserved. -+ * Copyright (c) Huawei Technologies Co., Ltd. 2019-2021. All rights reserved. - * iSulad licensed under the Mulan PSL v2. - * You can use this software according to the terms and conditions of the Mulan PSL v2. - * You may obtain a copy of Mulan PSL v2 at: -@@ -20,28 +20,27 @@ - #include - #include - #include --#include --#include "api.grpc.pb.h" --#include "container.grpc.pb.h" - - #include "route_callback_register.h" --#include "isula_libutils/log.h" --#include "callback.h" --#include "ws_server.h" --#include "request_cache.h" --#include "api.pb.h" -+#include "isula_libutils/container_exec_request.h" -+#include "isula_libutils/container_exec_response.h" - - class ExecServe : public StreamingServeInterface { - public: - ExecServe() = default; - ExecServe(const ExecServe &) = delete; - ExecServe &operator=(const ExecServe &) = delete; -- virtual ~ExecServe() = default; -- int Execute(session_data *lws_ctx, const std::string &token) override; -+ virtual ~ExecServe(); - - private: -- int RequestFromCri(const runtime::v1alpha2::ExecRequest &grequest, const std::string &suffix, -- container_exec_request **request); -- int GetContainerRequest(const std::string &token, const std::string &suffix, container_exec_request **request); -+ virtual void SetServeThreadName() override; -+ virtual int SetContainerStreamRequest(::google::protobuf::Message *grequest, const std::string &suffix) override; -+ virtual int ExecuteStreamCommand(SessionData *lwsCtx) override; -+ virtual void ErrorHandler(int ret, SessionData *lwsCtx) override; -+ virtual void CloseConnect(SessionData *lwsCtx) override; -+ -+private: -+ container_exec_request *m_request { nullptr }; -+ container_exec_response *m_response { nullptr }; - }; - #endif // DAEMON_ENTRY_CRI_WEBSOCKET_SERVICE_EXEC_SERVE_H -diff --git a/src/daemon/entry/cri/websocket/service/route_callback_register.cc b/src/daemon/entry/cri/websocket/service/route_callback_register.cc -new file mode 100644 -index 00000000..fb14381f ---- /dev/null -+++ b/src/daemon/entry/cri/websocket/service/route_callback_register.cc -@@ -0,0 +1,80 @@ -+/****************************************************************************** -+ * Copyright (c) Huawei Technologies Co., Ltd. 2021. All rights reserved. -+ * iSulad licensed under the Mulan PSL v2. -+ * You can use this software according to the terms and conditions of the Mulan PSL v2. -+ * You may obtain a copy of Mulan PSL v2 at: -+ * http://license.coscl.org.cn/MulanPSL2 -+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR -+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR -+ * PURPOSE. -+ * See the Mulan PSL v2 for more details. -+ * Description: Streaming service function registration. -+ * Author: wujing -+ * Create: 2021-11-04 -+ ******************************************************************************/ -+#include "route_callback_register.h" -+#include -+#include "ws_server.h" -+ -+int StreamingServeInterface::Execute(SessionData *lwsCtx, const std::string &token) -+{ -+ if (lwsCtx == nullptr) { -+ return -1; -+ } -+ -+ SetServeThreadName(); -+ -+ auto *cache = RequestCache::GetInstance(); -+ auto request = cache->ConsumeRequest(token); -+ if (request == nullptr) { -+ ERROR("Failed to get cache request!"); -+ sem_post(lwsCtx->syncCloseSem); -+ return -1; -+ } -+ -+ if (SetContainerStreamRequest(request, lwsCtx->suffix) != 0) { -+ ERROR("Failed to set container request"); -+ sem_post(lwsCtx->syncCloseSem); -+ return -1; -+ } -+ -+ // request is stored on the heap in the cache and needs to be released after use -+ delete request; -+ request = nullptr; -+ -+ int ret = ExecuteStreamCommand(lwsCtx); -+ -+ ErrorHandler(ret, lwsCtx); -+ -+ CloseConnect(lwsCtx); -+ -+ return ret; -+} -+ -+bool RouteCallbackRegister::IsValidMethod(const std::string &method) -+{ -+ return static_cast(m_registeredcallbacks.count(method)); -+} -+ -+int RouteCallbackRegister::HandleCallback(SessionData *lwsCtx, const std::string &method, const std::string &token) -+{ -+ auto it = m_registeredcallbacks.find(method); -+ if (it != m_registeredcallbacks.end()) { -+ std::shared_ptr callback = it->second; -+ if (callback) { -+ return callback->Execute(lwsCtx, token); -+ } -+ } -+ ERROR("invalid method!"); -+ return -1; -+} -+ -+void RouteCallbackRegister::RegisterCallback(const std::string &path, std::shared_ptr callback) -+{ -+ m_registeredcallbacks.insert(std::pair>(path, callback)); -+} -+ -+int StreamTask::Run() -+{ -+ return m_invoker->HandleCallback(m_lwsCtx, m_method, m_token); -+} -\ No newline at end of file -diff --git a/src/daemon/entry/cri/websocket/service/route_callback_register.h b/src/daemon/entry/cri/websocket/service/route_callback_register.h -index 909c552b..da75fc5b 100644 ---- a/src/daemon/entry/cri/websocket/service/route_callback_register.h -+++ b/src/daemon/entry/cri/websocket/service/route_callback_register.h -@@ -22,9 +22,9 @@ - #include - #include - #include --#include "isula_libutils/log.h" -+#include "request_cache.h" - --struct session_data; -+struct SessionData; - - class StreamingServeInterface { - public: -@@ -32,7 +32,14 @@ public: - StreamingServeInterface(const StreamingServeInterface &) = delete; - StreamingServeInterface &operator=(const StreamingServeInterface &) = delete; - virtual ~StreamingServeInterface() = default; -- virtual int Execute(session_data *lws_ctx, const std::string &token) = 0; -+ int Execute(SessionData *lwsCtx, const std::string &token); -+ -+protected: -+ virtual void SetServeThreadName() = 0; -+ virtual int SetContainerStreamRequest(::google::protobuf::Message *grequest, const std::string &suffix) = 0; -+ virtual int ExecuteStreamCommand(SessionData *lwsCtx) = 0; -+ virtual void ErrorHandler(int ret, SessionData *lwsCtx) = 0; -+ virtual void CloseConnect(SessionData *lwsCtx) = 0; - }; - - class RouteCallbackRegister { -@@ -41,30 +48,10 @@ public: - RouteCallbackRegister(const RouteCallbackRegister &) = delete; - RouteCallbackRegister &operator=(const RouteCallbackRegister &) = delete; - virtual ~RouteCallbackRegister() = default; -- bool IsValidMethod(const std::string &method) -- { -- return static_cast(m_registeredcallbacks.count(method)); -- } - -- int HandleCallback(session_data *lws_ctx, const std::string &method, -- const std::string &token) -- { -- auto it = m_registeredcallbacks.find(method); -- if (it != m_registeredcallbacks.end()) { -- std::shared_ptr callback = it->second; -- if (callback) { -- return callback->Execute(lws_ctx, token); -- } -- } -- ERROR("invalid method!"); -- return -1; -- } -- void RegisterCallback(const std::string &path, -- std::shared_ptr callback) -- { -- m_registeredcallbacks.insert(std::pair>(path, callback)); -- } -+ bool IsValidMethod(const std::string &method); -+ int HandleCallback(SessionData *lwsCtx, const std::string &method, const std::string &token); -+ void RegisterCallback(const std::string &path, std::shared_ptr callback); - - private: - std::map> m_registeredcallbacks; -@@ -72,24 +59,24 @@ private: - - class StreamTask { - public: -- StreamTask(RouteCallbackRegister *invoker, session_data *lws_ctx, -- const std::string &method, -+ StreamTask(RouteCallbackRegister *invoker, SessionData *lwsCtx, const std::string &method, - const std::string &token) -- : m_invoker(invoker), m_lws_ctx(lws_ctx), m_method(method), m_token(token) {} -+ : m_invoker(invoker) -+ , m_lwsCtx(lwsCtx) -+ , m_method(method) -+ , m_token(token) -+ { -+ } - StreamTask(const StreamTask &) = delete; - StreamTask &operator=(const StreamTask &) = delete; - virtual ~StreamTask() = default; -- int Run() -- { -- return m_invoker->HandleCallback(m_lws_ctx, m_method, m_token); -- } -+ int Run(); -+ - private: -- RouteCallbackRegister *m_invoker{ nullptr }; -- session_data *m_lws_ctx; -+ RouteCallbackRegister *m_invoker { nullptr }; -+ SessionData *m_lwsCtx; - std::string m_method; - std::string m_token; - }; - - #endif // DAEMON_ENTRY_CRI_WEBSOCKET_SERVICE_ROUTE_CALLBACK_REGISTER_H -- -- -diff --git a/src/daemon/entry/cri/websocket/service/stream_server.cc b/src/daemon/entry/cri/websocket/service/stream_server.cc -index b4df642f..4342e006 100644 ---- a/src/daemon/entry/cri/websocket/service/stream_server.cc -+++ b/src/daemon/entry/cri/websocket/service/stream_server.cc -@@ -22,7 +22,7 @@ - - void websocket_server_init(Errors &err) - { -- WebsocketServer *server = WebsocketServer::GetInstance(); -+ auto *server = WebsocketServer::GetInstance(); - server->RegisterCallback(std::string("exec"), std::make_shared()); - server->RegisterCallback(std::string("attach"), std::make_shared()); - server->Start(err); -@@ -30,13 +30,13 @@ void websocket_server_init(Errors &err) - - void websocket_server_wait(void) - { -- WebsocketServer *server = WebsocketServer::GetInstance(); -+ auto *server = WebsocketServer::GetInstance(); - server->Wait(); - } - - void websocket_server_shutdown(void) - { -- WebsocketServer *server = WebsocketServer::GetInstance(); -+ auto *server = WebsocketServer::GetInstance(); - server->Shutdown(); - } - -diff --git a/src/daemon/entry/cri/websocket/service/stream_server.h b/src/daemon/entry/cri/websocket/service/stream_server.h -index 43e42b83..ba6b3672 100644 ---- a/src/daemon/entry/cri/websocket/service/stream_server.h -+++ b/src/daemon/entry/cri/websocket/service/stream_server.h -@@ -1,5 +1,5 @@ - /****************************************************************************** -- * Copyright (c) Huawei Technologies Co., Ltd. 2018-2019. All rights reserved. -+ * Copyright (c) Huawei Technologies Co., Ltd. 2018-2021. All rights reserved. - * iSulad licensed under the Mulan PSL v2. - * You can use this software according to the terms and conditions of the Mulan PSL v2. - * You may obtain a copy of Mulan PSL v2 at: -@@ -8,7 +8,7 @@ - * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR - * PURPOSE. - * See the Mulan PSL v2 for more details. -- * Author: lifeng -+ * Author: wujing - * Create: 2018-11-08 - * Description: provide websocket stream service definition - ******************************************************************************/ -diff --git a/src/daemon/entry/cri/websocket/service/ws_server.cc b/src/daemon/entry/cri/websocket/service/ws_server.cc -index e4b3a1b4..0e462737 100644 ---- a/src/daemon/entry/cri/websocket/service/ws_server.cc -+++ b/src/daemon/entry/cri/websocket/service/ws_server.cc -@@ -1,5 +1,5 @@ - /****************************************************************************** -- * Copyright (c) Huawei Technologies Co., Ltd. 2018-2019. All rights reserved. -+ * Copyright (c) Huawei Technologies Co., Ltd. 2019-2021. All rights reserved. - * iSulad licensed under the Mulan PSL v2. - * You can use this software according to the terms and conditions of the Mulan PSL v2. - * You may obtain a copy of Mulan PSL v2 at: -@@ -8,8 +8,8 @@ - * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR - * PURPOSE. - * See the Mulan PSL v2 for more details. -- * Author: lifeng -- * Create: 2018-11-08 -+ * Author: wujing -+ * Create: 2019-01-02 - * Description: provide websocket server functions - ******************************************************************************/ - -@@ -19,34 +19,132 @@ - #include - #include - #include -+#include - #include "cxxutils.h" --#include "isula_libutils/log.h" - #include "utils.h" - #include "request_cache.h" - #include "constants.h" - #include "isulad_config.h" - #include "callback.h" - #include "cri_helpers.h" -+#include "isula_libutils/cri_terminal_size.h" - - struct lws_context *WebsocketServer::m_context = nullptr; - std::atomic WebsocketServer::m_instance; - RWMutex WebsocketServer::m_mutex; --std::unordered_map WebsocketServer::m_wsis; -+std::unordered_map WebsocketServer::m_wsis; -+ -+namespace { -+const int MAX_BUF_LEN = 256; -+const int MAX_HTTP_HEADER_POOL = 8; -+// io copy maximum single transfer 4K, let max total buffer size: 1GB -+const int FIFO_LIST_BUFFER_MAX_LEN = 262144; -+const int SESSION_CAPABILITY = 300; -+const int MAX_SESSION_NUM = 128; -+}; // namespace -+ -+enum WebsocketChannel { STDINCHANNEL = 0, STDOUTCHANNEL, STDERRCHANNEL, ERRORCHANNEL, RESIZECHANNEL }; -+ -+unsigned char *SessionData::FrontMessage() -+{ -+ unsigned char *message = nullptr; -+ -+ if (sessionMutex == nullptr) { -+ return nullptr; -+ } -+ -+ sessionMutex->lock(); -+ message = buffer.front(); -+ sessionMutex->unlock(); -+ -+ return message; -+} -+ -+void SessionData::PopMessage() -+{ -+ if (sessionMutex == nullptr) { -+ return; -+ } -+ -+ sessionMutex->lock(); -+ buffer.pop_front(); -+ sessionMutex->unlock(); -+} -+ -+int SessionData::PushMessage(unsigned char *message) -+{ -+ if (sessionMutex == nullptr) { -+ return -1; -+ } -+ -+ sessionMutex->lock(); -+ -+ // In extreme scenarios, websocket data cannot be processed, -+ // ignore the data coming in later to prevent iSulad from getting stuck -+ if (close || buffer.size() >= FIFO_LIST_BUFFER_MAX_LEN) { -+ free(message); -+ sessionMutex->unlock(); -+ return -1; -+ } -+ -+ buffer.push_back(message); -+ sessionMutex->unlock(); -+ return 0; -+} -+ -+bool SessionData::IsClosed() -+{ -+ bool c = false; -+ -+ if (sessionMutex == nullptr) { -+ return true; -+ } -+ -+ sessionMutex->lock(); -+ c = close; -+ sessionMutex->unlock(); -+ -+ return c; -+} -+ -+void SessionData::CloseSession() -+{ -+ if (sessionMutex == nullptr) { -+ return; -+ } -+ -+ sessionMutex->lock(); -+ close = true; -+ sessionMutex->unlock(); -+} -+ -+void SessionData::EraseAllMessage() -+{ -+ if (sessionMutex == nullptr) { -+ return; -+ } -+ -+ sessionMutex->lock(); -+ for (auto iter = buffer.begin(); iter != buffer.end();) { -+ free(*iter); -+ *iter = NULL; -+ iter = buffer.erase(iter); -+ } -+ sessionMutex->unlock(); -+} - - WebsocketServer *WebsocketServer::GetInstance() noexcept - { - static std::once_flag flag; - -- std::call_once(flag, [] { -- m_instance = new WebsocketServer; -- }); -+ std::call_once(flag, [] { m_instance = new WebsocketServer; }); - - return m_instance; - } - - WebsocketServer::WebsocketServer() - { -- m_force_exit = 0; -+ m_forceExit = 0; - m_wsis.reserve(SESSION_CAPABILITY); - } - -@@ -60,19 +158,9 @@ url::URLDatum WebsocketServer::GetWebsocketUrl() - return m_url; - } - --void WebsocketServer::ReadLockAllWsSession() --{ -- m_mutex.rdlock(); --} -- --void WebsocketServer::UnlockAllWsSession() --{ -- m_mutex.unlock(); --} -- - void WebsocketServer::Shutdown() - { -- m_force_exit = 1; -+ m_forceExit = 1; - lws_cancel_service(m_context); - } - -@@ -99,15 +187,12 @@ void WebsocketServer::EmitLog(int level, const char *line) - - int WebsocketServer::CreateContext() - { -- int limited; -- struct lws_context_creation_info info; -- struct rlimit oldLimit, newLimit; -- const size_t WS_ULIMIT_FDS = 1024; -+ const size_t WS_ULIMIT_FDS { 1024 }; - - m_url.SetScheme("ws"); - m_url.SetHost("localhost:" + std::to_string(m_listenPort)); - -- (void)memset(&info, 0, sizeof(info)); -+ lws_context_creation_info info { 0x00 }; - lws_set_log_level(LLL_ERR | LLL_WARN | LLL_NOTICE | LLL_INFO | LLL_DEBUG, WebsocketServer::EmitLog); - - info.port = m_listenPort; -@@ -125,9 +210,10 @@ int WebsocketServer::CreateContext() - * belowing lws_create_context limit the fds of websocket to RLIMIT_NOFILE, - * and malloced memory according to it. To reduce memory, we recover it to 1024 before create m_context. - */ -+ rlimit oldLimit, newLimit; - newLimit.rlim_cur = WS_ULIMIT_FDS; - newLimit.rlim_max = WS_ULIMIT_FDS; -- limited = prlimit(0, RLIMIT_NOFILE, &newLimit, &oldLimit); -+ int limited = prlimit(0, RLIMIT_NOFILE, &newLimit, &oldLimit); - if (limited != 0) { - WARN("Can not set ulimit of RLIMIT_NOFILE: %s", strerror(errno)); - } -@@ -145,8 +231,7 @@ int WebsocketServer::CreateContext() - return 0; - } - --void WebsocketServer::RegisterCallback(const std::string &path, -- std::shared_ptr callback) -+void WebsocketServer::RegisterCallback(const std::string &path, std::shared_ptr callback) - { - m_handler.RegisterCallback(path, callback); - } -@@ -158,8 +243,8 @@ void WebsocketServer::CloseAllWsSession() - it->second->EraseAllMessage(); - close(it->second->pipes.at(0)); - close(it->second->pipes.at(1)); -- (void)sem_destroy(it->second->sync_close_sem); -- delete it->second->session_mutex; -+ (void)sem_destroy(it->second->syncCloseSem); -+ delete it->second->sessionMutex; - delete it->second; - } - m_wsis.clear(); -@@ -189,23 +274,23 @@ void WebsocketServer::CloseWsSession(int socketID) - close(session->pipes.at(1)); - session->pipes.at(1) = -1; - } -- (void)sem_wait(session->sync_close_sem); -- (void)sem_destroy(session->sync_close_sem); -- delete session->sync_close_sem; -- session->sync_close_sem = nullptr; -+ (void)sem_wait(session->syncCloseSem); -+ (void)sem_destroy(session->syncCloseSem); -+ delete session->syncCloseSem; -+ session->syncCloseSem = nullptr; - close(session->pipes.at(0)); -- delete session->session_mutex; -- session->session_mutex = nullptr; -+ delete session->sessionMutex; -+ session->sessionMutex = nullptr; - delete session; - }).detach(); - } - --int WebsocketServer::GenerateSessionData(session_data *session, const std::string containerID) noexcept -+int WebsocketServer::GenerateSessionData(SessionData *session, const std::string containerID) noexcept - { - char *suffix = nullptr; -- int read_pipe_fd[PIPE_FD_NUM] = {-1, -1}; -- std::mutex *buf_mutex = nullptr; -- sem_t *sync_close_sem = nullptr; -+ int readPipeFd[2] = { -1, -1 }; -+ std::mutex *bufMutex = nullptr; -+ sem_t *syncCloseSem = nullptr; - - suffix = CRIHelpers::GenerateExecSuffix(); - if (suffix == nullptr) { -@@ -213,24 +298,24 @@ int WebsocketServer::GenerateSessionData(session_data *session, const std::strin - return -1; - } - -- if (InitRWPipe(read_pipe_fd) < 0) { -+ if (InitRWPipe(readPipeFd) < 0) { - ERROR("failed to init read/write pipe!"); - goto out; - } - -- buf_mutex = new std::mutex; -- sync_close_sem = new sem_t; -+ bufMutex = new std::mutex; -+ syncCloseSem = new sem_t; - -- if (sem_init(sync_close_sem, 0, 0) != 0) { -+ if (sem_init(syncCloseSem, 0, 0) != 0) { - ERROR("Semaphore initialization failed"); - goto out; - } - -- session->pipes = std::array { read_pipe_fd[0], read_pipe_fd[1] }; -- session->session_mutex = buf_mutex; -- session->sync_close_sem = sync_close_sem; -+ session->pipes = std::array { readPipeFd[0], readPipeFd[1] }; -+ session->sessionMutex = bufMutex; -+ session->syncCloseSem = syncCloseSem; - session->close = false; -- session->container_id = containerID; -+ session->containerID = containerID; - session->suffix = std::string(suffix); - - free(suffix); -@@ -241,17 +326,17 @@ out: - if (suffix != nullptr) { - free(suffix); - } -- if (read_pipe_fd[1] >= 0) { -- close(read_pipe_fd[1]); -+ if (readPipeFd[1] >= 0) { -+ close(readPipeFd[1]); - } -- if (read_pipe_fd[0] >= 0) { -- close(read_pipe_fd[0]); -+ if (readPipeFd[0] >= 0) { -+ close(readPipeFd[0]); - } -- if (buf_mutex != nullptr) { -- delete buf_mutex; -+ if (bufMutex != nullptr) { -+ delete bufMutex; - } -- if (sync_close_sem) { -- delete sync_close_sem; -+ if (syncCloseSem) { -+ delete syncCloseSem; - } - - return -1; -@@ -269,10 +354,9 @@ int WebsocketServer::RegisterStreamTask(struct lws *wsi) noexcept - buf[sizeof(buf) - 1] = '\0'; - // format: "/cri/" + method + "/" + token + "/" + arg(container=cmd) - auto vec = CXXUtils::Split(buf + 1, '/'); -- RequestCache *cache = RequestCache::GetInstance(); -- if (vec.size() < MIN_VEC_SIZE || -- !m_handler.IsValidMethod(vec.at(1)) || -- !cache->IsValidToken(vec.at(2))) { -+ auto *cache = RequestCache::GetInstance(); -+ // buffer contains at least 3 parts: cri, method, token -+ if (vec.size() < 3 || !m_handler.IsValidMethod(vec.at(1)) || !cache->IsValidToken(vec.at(2))) { - ERROR("invalid url(%s): incorrect format!", buf); - return -1; - } -@@ -288,13 +372,13 @@ int WebsocketServer::RegisterStreamTask(struct lws *wsi) noexcept - return -1; - } - -- std::string containerID = cache->GetContainerIDByToken(vec.at(1), vec.at(2)); -+ auto containerID = cache->GetContainerIDByToken(vec.at(2)); - if (containerID.empty()) { - ERROR("Failed to get container id from %s request", vec.at(1).c_str()); - return -1; - } - -- session_data *session = new (std::nothrow) session_data; -+ auto *session = new (std::nothrow) SessionData; - if (session == nullptr) { - ERROR("Out of memory"); - return -1; -@@ -304,7 +388,7 @@ int WebsocketServer::RegisterStreamTask(struct lws *wsi) noexcept - return -1; - } - -- std::string suffixID = session->suffix; -+ auto suffixID = session->suffix; - auto insertRet = m_wsis.insert(std::make_pair(socketID, session)); - if (!insertRet.second) { - ERROR("failed to insert session data to map"); -@@ -351,8 +435,8 @@ int WebsocketServer::Wswrite(struct lws *wsi, const unsigned char *message) - if (strlen((const char *)(&message[LWS_PRE + 1])) == 0) { - return 0; - } -- int n = lws_write(wsi, (unsigned char *)(&message[LWS_PRE]), -- strlen((const char *)(&message[LWS_PRE + 1])) + 1, LWS_WRITE_TEXT); -+ auto n = lws_write(wsi, (unsigned char *)(&message[LWS_PRE]), strlen((const char *)(&message[LWS_PRE + 1])) + 1, -+ LWS_WRITE_TEXT); - if (n < 0) { - ERROR("ERROR %d writing to socket, hanging up", n); - return -1; -@@ -362,21 +446,18 @@ int WebsocketServer::Wswrite(struct lws *wsi, const unsigned char *message) - return 0; - } - --int WebsocketServer::parseTerminalSize(const char *jsonData, size_t len, uint16_t &width, uint16_t &height) -+int WebsocketServer::ParseTerminalSize(const char *jsonData, size_t len, uint16_t &width, uint16_t &height) - { -- int ret = 0; -- parser_error err = nullptr; -- cri_terminal_size *terminalSize = nullptr; -- - if (jsonData == nullptr || len == 0) { - return -1; - } - - // No terminator is included in json data, and len contains a character occupied by channal - std::string jsonDataStr { jsonData, len - 1 }; -- -+ parser_error err = nullptr; -+ int ret = 0; - // parse json data. eg: {"Width":xx,"Height":xx} -- terminalSize = cri_terminal_size_parse_data(jsonDataStr.c_str(), nullptr, &err); -+ cri_terminal_size *terminalSize = cri_terminal_size_parse_data(jsonDataStr.c_str(), nullptr, &err); - if (terminalSize == nullptr) { - ERROR("Failed to parse json: %s", err); - ret = -1; -@@ -391,29 +472,22 @@ int WebsocketServer::parseTerminalSize(const char *jsonData, size_t len, uint16_ - return ret; - } - --int WebsocketServer::ResizeTerminal( -- int socketID, const char *jsonData, size_t len, -- const std::string &containerID, -- const std::string &suffix) -+int WebsocketServer::ResizeTerminal(int socketID, const char *jsonData, size_t len, const std::string &containerID, -+ const std::string &suffix) - { -- int ret; -- service_executor_t *cb = nullptr; -- struct isulad_container_resize_request *req = nullptr; -- struct isulad_container_resize_response *res = nullptr; -- uint16_t width = 0; -- uint16_t height = 0; -- -- cb = get_service_executor(); -+ auto *cb = get_service_executor(); - if (cb == nullptr || cb->container.resize == nullptr) { - return -1; - } - -- if (parseTerminalSize(jsonData, len, width, height) != 0) { -+ uint16_t width = 0; -+ uint16_t height = 0; -+ if (ParseTerminalSize(jsonData, len, width, height) != 0) { - return -1; - } - -- req = (struct isulad_container_resize_request *)util_common_calloc_s( -- sizeof(struct isulad_container_resize_request)); -+ auto *req = static_cast( -+ util_common_calloc_s(sizeof(struct isulad_container_resize_request))); - if (req == nullptr) { - ERROR("Out of memory"); - return -1; -@@ -424,12 +498,12 @@ int WebsocketServer::ResizeTerminal( - req->height = height; - req->width = width; - -- ret = cb->container.resize(req, &res); -+ struct isulad_container_resize_response *res = nullptr; -+ int ret = cb->container.resize(req, &res); - - isulad_container_resize_request_free(req); - isulad_container_resize_response_free(res); - -- - return ret; - } - -@@ -442,9 +516,7 @@ void WebsocketServer::Receive(int socketID, void *in, size_t len) - } - - if (*static_cast(in) == WebsocketChannel::RESIZECHANNEL) { -- std::string containerID = it->second->container_id; -- std::string suffix = it->second->suffix; -- if (ResizeTerminal(socketID, (char *)in + 1, len, containerID, suffix) != 0) { -+ if (ResizeTerminal(socketID, (char *)in + 1, len, it->second->containerID, it->second->suffix) != 0) { - ERROR("Failed to resize terminal tty"); - return; - } -@@ -459,8 +531,7 @@ void WebsocketServer::Receive(int socketID, void *in, size_t len) - } - } - --int WebsocketServer::Callback(struct lws *wsi, enum lws_callback_reasons reason, -- void *user, void *in, size_t len) -+int WebsocketServer::Callback(struct lws *wsi, enum lws_callback_reasons reason, void *user, void *in, size_t len) - { - switch (reason) { - case LWS_CALLBACK_HTTP: -@@ -493,11 +564,11 @@ int WebsocketServer::Callback(struct lws *wsi, enum lws_callback_reasons reason, - return -1; - } - -- auto isSessionClosed = it->second->IsClosed(); -+ auto sessionClosed = it->second->IsClosed(); - while (!it->second->buffer.empty()) { -- unsigned char *message = it->second->FrontMessage(); -+ auto *message = it->second->FrontMessage(); - // send success! free it and erase for list -- if (WebsocketServer::GetInstance()->Wswrite(wsi, (const unsigned char *)message) == 0) { -+ if (WebsocketServer::GetInstance()->Wswrite(wsi, const_cast(message)) == 0) { - free(message); - it->second->PopMessage(); - } else { -@@ -508,7 +579,7 @@ int WebsocketServer::Callback(struct lws *wsi, enum lws_callback_reasons reason, - } - - // avoid: push message to buffer and set closed true -- if (isSessionClosed) { -+ if (sessionClosed) { - DEBUG("websocket session disconnected"); - return -1; - } -@@ -517,7 +588,7 @@ int WebsocketServer::Callback(struct lws *wsi, enum lws_callback_reasons reason, - break; - case LWS_CALLBACK_RECEIVE: { - ReadGuard lock(m_mutex); -- WebsocketServer::GetInstance()->Receive(lws_get_socket_fd(wsi), (char *)in, len); -+ WebsocketServer::GetInstance()->Receive(lws_get_socket_fd(wsi), static_cast(in), len); - } - break; - case LWS_CALLBACK_CLOSED: { -@@ -538,7 +609,7 @@ void WebsocketServer::ServiceWorkThread(int threadid) - - prctl(PR_SET_NAME, "WebsocketServer"); - -- while (n >= 0 && !m_force_exit) { -+ while (n >= 0 && !m_forceExit) { - n = lws_service(m_context, 0); - } - } -@@ -553,16 +624,17 @@ void WebsocketServer::Start(Errors &err) - - if (CreateContext() < 0) { - err.SetError("Websocket server start failed! please check your network status" -- "(eg: port " + std::to_string(m_listenPort) + " is occupied)"); -+ "(eg: port " + -+ std::to_string(m_listenPort) + " is occupied)"); - return; - } -- m_pthread_service = std::thread(&WebsocketServer::ServiceWorkThread, this, 0); -+ m_pthreadService = std::thread(&WebsocketServer::ServiceWorkThread, this, 0); - } - - void WebsocketServer::Wait() - { -- if (m_pthread_service.joinable()) { -- m_pthread_service.join(); -+ if (m_pthreadService.joinable()) { -+ m_pthreadService.join(); - } - - CloseAllWsSession(); -@@ -571,19 +643,17 @@ void WebsocketServer::Wait() - } - - namespace { -- --void DoWriteToClient(session_data *session, -- const void *data, size_t len, WebsocketChannel channel) -+void DoWriteToClient(SessionData *session, const void *data, size_t len, WebsocketChannel channel) - { -- unsigned char *buf = (unsigned char *)util_common_calloc_s(LWS_PRE + MAX_BUFFER_SIZE + 1); -+ auto *buf = static_cast(util_common_calloc_s(LWS_PRE + MAX_BUFFER_SIZE + 1)); - if (buf == nullptr) { - ERROR("Out of memory"); - return; - } - // Determine if it is standard output channel or error channel -- buf[LWS_PRE] = channel; -+ buf[LWS_PRE] = static_cast(channel); - -- (void)memcpy(&buf[LWS_PRE + 1], (void *)data, len); -+ (void)memcpy(&buf[LWS_PRE + 1], const_cast(data), len); - - // push back to message list - if (session->PushMessage(buf) != 0) { -@@ -594,7 +664,7 @@ void DoWriteToClient(session_data *session, - - ssize_t WsWriteToClient(void *context, const void *data, size_t len, WebsocketChannel channel) - { -- auto *lwsCtx = static_cast(context); -+ auto *lwsCtx = static_cast(context); - - // CloseWsSession wait IOCopy finished, and then delete session in m_wsis - // So don't need rdlock m_wsis here -@@ -605,7 +675,7 @@ ssize_t WsWriteToClient(void *context, const void *data, size_t len, WebsocketCh - DoWriteToClient(lwsCtx, data, len, channel); - return static_cast(len); - } --}; -+}; // namespace - - ssize_t WsWriteStdoutToClient(void *context, const void *data, size_t len) - { -@@ -636,12 +706,12 @@ int closeWsConnect(void *context, char **err) - return -1; - } - -- auto *lwsCtx = static_cast(context); -+ auto *lwsCtx = static_cast(context); - - lwsCtx->CloseSession(); - -- if (lwsCtx->sync_close_sem != nullptr) { -- (void)sem_post(lwsCtx->sync_close_sem); -+ if (lwsCtx->syncCloseSem != nullptr) { -+ (void)sem_post(lwsCtx->syncCloseSem); - } - - return 0; -diff --git a/src/daemon/entry/cri/websocket/service/ws_server.h b/src/daemon/entry/cri/websocket/service/ws_server.h -index 3ab8e22f..2d3bb4a7 100644 ---- a/src/daemon/entry/cri/websocket/service/ws_server.h -+++ b/src/daemon/entry/cri/websocket/service/ws_server.h -@@ -1,5 +1,5 @@ - /****************************************************************************** -- * Copyright (c) Huawei Technologies Co., Ltd. 2019. All rights reserved. -+ * Copyright (c) Huawei Technologies Co., Ltd. 2019-2021. All rights reserved. - * iSulad licensed under the Mulan PSL v2. - * You can use this software according to the terms and conditions of the Mulan PSL v2. - * You may obtain a copy of Mulan PSL v2 at: -@@ -17,7 +17,6 @@ - #define DAEMON_ENTRY_CRI_WEBSOCKET_SERVICE_WS_SERVER_H - #include - #include --#include - #include - #include - #include -@@ -29,140 +28,40 @@ - #include "url.h" - #include "errors.h" - #include "read_write_lock.h" --#include "isula_libutils/cri_terminal_size.h" - --#define MAX_ECHO_PAYLOAD 4096 --#define MAX_ARRAY_LEN 2 --#define MAX_BUF_LEN 256 --#define MAX_PROTOCOL_NUM 2 --#define MAX_HTTP_HEADER_POOL 8 --#define MIN_VEC_SIZE 3 --#define PIPE_FD_NUM 2 --#define BUF_BASE_SIZE 1024 --#define LWS_TIMEOUT 50 --// io copy maximum single transfer 4K, let max total buffer size: 1GB --#define FIFO_LIST_BUFFER_MAX_LEN 262144 --#define SESSION_CAPABILITY 300 --#define MAX_SESSION_NUM 128 -+namespace -+{ -+const int MAX_ECHO_PAYLOAD = 4096; -+const int MAX_ARRAY_LEN = 2; -+const int MAX_PROTOCOL_NUM = 2; -+}; // namespace - --enum WebsocketChannel { -- STDINCHANNEL = 0, -- STDOUTCHANNEL, -- STDERRCHANNEL, -- ERRORCHANNEL, -- RESIZECHANNEL --}; -- --struct session_data { -+struct SessionData { - std::array pipes; - volatile bool close; -- std::mutex *session_mutex; -- sem_t *sync_close_sem; -+ std::mutex *sessionMutex; -+ sem_t *syncCloseSem; - std::list buffer; -- std::string container_id; -+ std::string containerID; - std::string suffix; - -- unsigned char *FrontMessage() -- { -- unsigned char *message = nullptr; -- -- if (session_mutex == nullptr) { -- return nullptr; -- } -- -- session_mutex->lock(); -- message = buffer.front(); -- session_mutex->unlock(); -- -- return message; -- } -- -- void PopMessage() -- { -- if (session_mutex == nullptr) { -- return; -- } -- -- session_mutex->lock(); -- buffer.pop_front(); -- session_mutex->unlock(); -- } -- -- int PushMessage(unsigned char *message) -- { -- if (session_mutex == nullptr) { -- return -1; -- } -- -- session_mutex->lock(); -- -- // In extreme scenarios, websocket data cannot be processed, -- // ignore the data coming in later to prevent iSulad from getting stuck -- if (close || buffer.size() >= FIFO_LIST_BUFFER_MAX_LEN) { -- free(message); -- session_mutex->unlock(); -- return -1; -- } -- -- buffer.push_back(message); -- session_mutex->unlock(); -- return 0; -- } -- -- bool IsClosed() -- { -- bool c = false; -- -- if (session_mutex == nullptr) { -- return true; -- } -- -- session_mutex->lock(); -- c = close; -- session_mutex->unlock(); -- -- return c; -- } -- -- void CloseSession() -- { -- if (session_mutex == nullptr) { -- return; -- } -- -- session_mutex->lock(); -- close = true; -- session_mutex->unlock(); -- } -- -- void EraseAllMessage() -- { -- if (session_mutex == nullptr) { -- return; -- } -- -- session_mutex->lock(); -- for (auto iter = buffer.begin(); iter != buffer.end();) { -- free(*iter); -- *iter = NULL; -- iter = buffer.erase(iter); -- } -- session_mutex->unlock(); -- } -+ unsigned char *FrontMessage(); -+ void PopMessage(); -+ int PushMessage(unsigned char *message); -+ bool IsClosed(); -+ void CloseSession(); -+ void EraseAllMessage(); - }; - - class WebsocketServer { - public: - static WebsocketServer *GetInstance() noexcept; -- static std::atomic m_instance; - void Start(Errors &err); - void Wait(); - void Shutdown(); - void RegisterCallback(const std::string &path, std::shared_ptr callback); - url::URLDatum GetWebsocketUrl(); - void SetLwsSendedFlag(int socketID, bool sended); -- void ReadLockAllWsSession(); -- void UnlockAllWsSession(); - - private: - WebsocketServer(); -@@ -171,33 +70,41 @@ private: - virtual ~WebsocketServer(); - int InitRWPipe(int read_fifo[]); - std::vector split(std::string str, char r); -- static void EmitLog(int level, const char *line); -+ - int CreateContext(); - inline void Receive(int socketID, void *in, size_t len); -- int Wswrite(struct lws *wsi, const unsigned char *message); -+ int Wswrite(struct lws *wsi, const unsigned char *message); - inline void DumpHandshakeInfo(struct lws *wsi) noexcept; - int RegisterStreamTask(struct lws *wsi) noexcept; -- int GenerateSessionData(session_data *session, const std::string containerID) noexcept; -- static int Callback(struct lws *wsi, enum lws_callback_reasons reason, -- void *user, void *in, size_t len); -+ int GenerateSessionData(SessionData *session, const std::string containerID) noexcept; - void ServiceWorkThread(int threadid); - void CloseWsSession(int socketID); - void CloseAllWsSession(); -- int ResizeTerminal(int socketID, const char *jsonData, size_t len, -- const std::string &containerID, const std::string &suffix); -- int parseTerminalSize(const char *jsonData, size_t len, uint16_t &width, uint16_t &height); -+ int ResizeTerminal(int socketID, const char *jsonData, size_t len, const std::string &containerID, -+ const std::string &suffix); -+ int ParseTerminalSize(const char *jsonData, size_t len, uint16_t &width, uint16_t &height); -+ -+private: -+ // redirect libwebsockets logs to iSulad -+ static void EmitLog(int level, const char *line); -+ // libwebsockets Callback function -+ static int Callback(struct lws *wsi, enum lws_callback_reasons reason, void *user, void *in, size_t len); - - private: -+ static std::atomic m_instance; - static RWMutex m_mutex; - static struct lws_context *m_context; -- volatile int m_force_exit = 0; -- std::thread m_pthread_service; -- const struct lws_protocols m_protocols[MAX_PROTOCOL_NUM] = { -- { "channel.k8s.io", Callback, 0, MAX_ECHO_PAYLOAD, }, -- { nullptr, nullptr, 0, 0 } -- }; -+ volatile int m_forceExit = 0; -+ std::thread m_pthreadService; -+ const struct lws_protocols m_protocols[MAX_PROTOCOL_NUM] = { { -+ "channel.k8s.io", -+ Callback, -+ 0, -+ MAX_ECHO_PAYLOAD, -+ }, -+ { nullptr, nullptr, 0, 0 } }; - RouteCallbackRegister m_handler; -- static std::unordered_map m_wsis; -+ static std::unordered_map m_wsis; - url::URLDatum m_url; - int m_listenPort; - }; -@@ -207,4 +114,3 @@ ssize_t WsWriteStderrToClient(void *context, const void *data, size_t len); - int closeWsConnect(void *context, char **err); - - #endif // DAEMON_ENTRY_CRI_WEBSOCKET_SERVICE_WS_SERVER_H -- --- -2.25.1 - diff --git a/0021-Fixed-a-bug-that-occurs-when-starting-container-in-h.patch b/0021-Fixed-a-bug-that-occurs-when-starting-container-in-h.patch deleted file mode 100644 index 66a2f6e..0000000 --- a/0021-Fixed-a-bug-that-occurs-when-starting-container-in-h.patch +++ /dev/null @@ -1,36 +0,0 @@ -From fcc132e592ba1f9c427e02ef6f930eb208a6ebca Mon Sep 17 00:00:00 2001 -From: chengzrz -Date: Thu, 9 Dec 2021 14:56:39 +0800 -Subject: [PATCH] Fixed a bug that occurs when starting container in host mode - -Signed-off-by: chengzrz ---- - src/daemon/modules/spec/specs_namespace.c | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/src/daemon/modules/spec/specs_namespace.c b/src/daemon/modules/spec/specs_namespace.c -index eea0b3ff..e9f98d00 100644 ---- a/src/daemon/modules/spec/specs_namespace.c -+++ b/src/daemon/modules/spec/specs_namespace.c -@@ -156,7 +156,7 @@ static int handle_get_path_from_host(const host_config *host_spec, - const container_config_v2_common_config_network_settings *network_settings, - const char *type, char **dest_path) - { -- *dest_path = namespace_get_host_namespace_path(host_spec->network_mode); -+ *dest_path = namespace_get_host_namespace_path(type); - if (*dest_path == NULL) { - return -1; - } -@@ -209,6 +209,9 @@ int get_network_namespace_path(const host_config *host_spec, - for (index = 0; index < jump_table_size; ++index) { - if (strncmp(network_mode, handler_jump_table[index].mode, strlen(handler_jump_table[index].mode)) == 0) { - ret = handler_jump_table[index].handle(host_spec, network_settings, type, dest_path); -+ if (ret != 0) { -+ ERROR("Failed to get ns path, network mode is %s, type is %s", network_mode, type); -+ } - return ret; - } - } --- -2.25.1 - diff --git a/0022-fix-memory-leak-in-CniNetworkPlugin.patch b/0022-fix-memory-leak-in-CniNetworkPlugin.patch deleted file mode 100644 index 30d9f73..0000000 --- a/0022-fix-memory-leak-in-CniNetworkPlugin.patch +++ /dev/null @@ -1,29 +0,0 @@ -From f321f120a7b5d987fb12fbca6942b9866a9c7400 Mon Sep 17 00:00:00 2001 -From: zhangxiaoyu -Date: Tue, 21 Dec 2021 16:13:49 +0800 -Subject: [PATCH 22/23] fix memory leak in CniNetworkPlugin - -Signed-off-by: zhangxiaoyu ---- - src/daemon/entry/cri/cni_network_plugin.cc | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/src/daemon/entry/cri/cni_network_plugin.cc b/src/daemon/entry/cri/cni_network_plugin.cc -index ffdbeb10..b86b21e8 100644 ---- a/src/daemon/entry/cri/cni_network_plugin.cc -+++ b/src/daemon/entry/cri/cni_network_plugin.cc -@@ -165,9 +165,10 @@ void CniNetworkPlugin::PlatformInit(Errors &error) - { - char *tpath { nullptr }; - char *serr { nullptr }; -- tpath = look_path(const_cast("nsenter"), &serr); -+ tpath = look_path(std::string("nsenter").c_str(), &serr); - if (tpath == nullptr) { - error.SetError(serr); -+ free(serr); - return; - } - m_nsenterPath = tpath; --- -2.25.1 - diff --git a/0023-fix-codex-error.patch b/0023-fix-codex-error.patch deleted file mode 100644 index 7fb670c..0000000 --- a/0023-fix-codex-error.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 8cd3a33c5e0ded33f2e8d3d2bb41f93c298bc2c5 Mon Sep 17 00:00:00 2001 -From: WangFengTu -Date: Mon, 27 Dec 2021 10:07:51 +0800 -Subject: [PATCH 23/23] fix codex error - -Signed-off-by: WangFengTu ---- - src/daemon/modules/image/oci/oci_import.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/daemon/modules/image/oci/oci_import.c b/src/daemon/modules/image/oci/oci_import.c -index ebb555fd..ae2f547a 100644 ---- a/src/daemon/modules/image/oci/oci_import.c -+++ b/src/daemon/modules/image/oci/oci_import.c -@@ -256,7 +256,7 @@ static int create_manifest(import_desc *desc) - } - manifest->layers_len = 1; - -- manifest->layers[0] = util_common_calloc_s(sizeof(registry_manifest_schema2_layers_element *)); -+ manifest->layers[0] = util_common_calloc_s(sizeof(registry_manifest_schema2_layers_element)); - if (manifest->layers[0] == NULL) { - ERROR("out of memory"); - isulad_try_set_error_message("out of memory"); --- -2.25.1 - diff --git a/0024-fix-compile-error-when-building-embedded-image.patch b/0024-fix-compile-error-when-building-embedded-image.patch deleted file mode 100644 index 36babcd..0000000 --- a/0024-fix-compile-error-when-building-embedded-image.patch +++ /dev/null @@ -1,816 +0,0 @@ -From ce905c49d29446ea9f60d5a9466b7b68e019a03a Mon Sep 17 00:00:00 2001 -From: WangFengTu -Date: Thu, 30 Dec 2021 09:55:40 +0800 -Subject: [PATCH] fix compile error when building embedded image - -Signed-off-by: WangFengTu ---- - cmake/checker.cmake | 14 ++-- - src/CMakeLists.txt | 28 ++++++-- - src/cmd/isula/extend/stats.c | 9 +-- - src/cmd/isula/main.c | 4 ++ - src/cmd/isula/stream/CMakeLists.txt | 11 ++- - src/cmd/isulad/isulad_commands.c | 3 +- - src/cmd/isulad/main.c | 4 ++ - .../executor/container_cb/execution_stream.c | 8 ++- - src/daemon/executor/container_cb/list.c | 2 +- - src/daemon/modules/image/CMakeLists.txt | 40 +++++++++-- - src/daemon/modules/image/embedded/db/db_all.c | 2 +- - src/daemon/modules/image/embedded/lim.c | 10 +-- - src/daemon/modules/log/log_gather.c | 5 +- - src/daemon/modules/plugin/plugin.c | 9 +-- - src/daemon/modules/spec/verify.c | 9 +-- - src/utils/cutils/utils.c | 2 +- - src/utils/cutils/utils_base64.c | 2 +- - src/utils/tar/CMakeLists.txt | 7 ++ - src/utils/tar/isulad_tar.c | 68 ------------------ - src/utils/tar/isulad_tar.h | 7 -- - src/utils/tar/util_gzip.c | 69 +++++++++++++++++++ - src/utils/tar/util_gzip.h | 7 ++ - 22 files changed, 200 insertions(+), 120 deletions(-) - -diff --git a/cmake/checker.cmake b/cmake/checker.cmake -index 7f3ef888..17a324f6 100644 ---- a/cmake/checker.cmake -+++ b/cmake/checker.cmake -@@ -56,6 +56,7 @@ find_library(LIBYAJL_LIBRARY yajl - HINTS ${PC_LIBYAJL_LIBDIR} ${PC_LIBYAJL_LIBRARY_DIRS}) - _CHECK(LIBYAJL_LIBRARY "LIBYAJL_LIBRARY-NOTFOUND" "libyajl.so") - -+if (ENABLE_OCI_IMAGE) - # check libarchive - pkg_check_modules(PC_LIBARCHIVE REQUIRED "libarchive>=3.4") - find_path(LIBARCHIVE_INCLUDE_DIR archive.h -@@ -65,17 +66,18 @@ find_library(LIBARCHIVE_LIBRARY archive - HINTS ${PC_LIBARCHIVE_LIBDIR} ${PC_LIBARCHIVE_LIBRARY_DIRS}) - _CHECK(LIBARCHIVE_LIBRARY "LIBARCHIVE_LIBRARY-NOTFOUND" "libarchive.so") - --# check libcrypto --pkg_check_modules(PC_CRYPTO REQUIRED "libcrypto") --find_library(CRYPTO_LIBRARY crypto -- HINTS ${PC_CRYPTO_LIBDIR} ${PC_LIBCRYPTO_LIBRARY_DIRS}) --_CHECK(CRYPTO_LIBRARY "CRYPTO_LIBRARY-NOTFOUND" "libcrypto.so") -- - # check websocket - find_path(WEBSOCKET_INCLUDE_DIR libwebsockets.h) - _CHECK(WEBSOCKET_INCLUDE_DIR "WEBSOCKET_INCLUDE_DIR-NOTFOUND" libwebsockets.h) - find_library(WEBSOCKET_LIBRARY websockets) - _CHECK(WEBSOCKET_LIBRARY "WEBSOCKET_LIBRARY-NOTFOUND" "libwebsockets.so") -+endif() -+ -+# check libcrypto -+pkg_check_modules(PC_CRYPTO REQUIRED "libcrypto") -+find_library(CRYPTO_LIBRARY crypto -+ HINTS ${PC_CRYPTO_LIBDIR} ${PC_LIBCRYPTO_LIBRARY_DIRS}) -+_CHECK(CRYPTO_LIBRARY "CRYPTO_LIBRARY-NOTFOUND" "libcrypto.so") - - find_path(HTTP_PARSER_INCLUDE_DIR http_parser.h) - _CHECK(HTTP_PARSER_INCLUDE_DIR "HTTP_PARSER_INCLUDE_DIR-NOTFOUND" "http_parser.h") -diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt -index 034190a3..1401784b 100644 ---- a/src/CMakeLists.txt -+++ b/src/CMakeLists.txt -@@ -73,14 +73,19 @@ set_target_properties(libisula PROPERTIES PREFIX "") - - target_link_libraries(libisula - ${LIBYAJL_LIBRARY} -- ${SELINUX_LIBRARY} - ${ISULA_LIBUTILS_LIBRARY} -- ${LIBARCHIVE_LIBRARY} - ${LIBTAR_LIBRARY} -- ${WEBSOCKET_LIBRARY} - ${CRYPTO_LIBRARY} - ) - -+if (ENABLE_OCI_IMAGE) -+ target_link_libraries(libisula ${LIBARCHIVE_LIBRARY} ${WEBSOCKET_LIBRARY}) -+endif() -+ -+if (ENABLE_SELINUX) -+ target_link_libraries(libisula ${SELINUX_LIBRARY}) -+endif() -+ - if (ENABLE_SHIM_V2) - target_link_libraries(libisula ${LIBSHIM_V2_LIBRARY}) - endif() -@@ -110,7 +115,12 @@ add_executable(isulad-shim - ${SHARED_SRCS} - ) - target_include_directories(isulad-shim PUBLIC ${ISULAD_SHIM_INCS} ${SHARED_INCS}) --target_link_libraries(isulad-shim ${LIBYAJL_LIBRARY} ${ISULA_LIBUTILS_LIBRARY} ${LIBARCHIVE_LIBRARY} ${LIBTAR_LIBRARY} ${ZLIB_LIBRARY} ${CRYPTO_LIBRARY} -lpthread) -+ -+target_link_libraries(isulad-shim ${LIBYAJL_LIBRARY} ${ISULA_LIBUTILS_LIBRARY} ${LIBTAR_LIBRARY} ${ZLIB_LIBRARY} ${CRYPTO_LIBRARY} -lpthread) -+ -+if (ENABLE_OCI_IMAGE) -+ target_link_libraries(isulad-shim ${LIBARCHIVE_LIBRARY}) -+endif() - - # ------ build isula-shim finish ------- - -@@ -132,7 +142,15 @@ target_include_directories(isulad PUBLIC - ${CMAKE_CURRENT_SOURCE_DIR}/utils/http - ) - --target_link_libraries(isulad ${LIBYAJL_LIBRARY} ${SYSTEMD_LIBRARY} ${SELINUX_LIBRARY} ${LIBARCHIVE_LIBRARY} ${LIBTAR_LIBRARY} ${WEBSOCKET_LIBRARY} ${CRYPTO_LIBRARY}) -+target_link_libraries(isulad ${LIBYAJL_LIBRARY} ${SYSTEMD_LIBRARY} ${LIBTAR_LIBRARY} ${CRYPTO_LIBRARY}) -+ -+if (ENABLE_OCI_IMAGE) -+ target_link_libraries(isulad ${LIBARCHIVE_LIBRARY} ${WEBSOCKET_LIBRARY}) -+endif() -+ -+if (ENABLE_SELINUX) -+ target_link_libraries(isulad ${SELINUX_LIBRARY}) -+endif() - - target_link_libraries(isulad -ldl ${ZLIB_LIBRARY} ${ISULA_LIBUTILS_LIBRARY} -lpthread libhttpclient) - -diff --git a/src/cmd/isula/extend/stats.c b/src/cmd/isula/extend/stats.c -index 35458f14..21ea34b9 100644 ---- a/src/cmd/isula/extend/stats.c -+++ b/src/cmd/isula/extend/stats.c -@@ -20,6 +20,7 @@ - #include - #include - #include -+#include - - #include "client_arguments.h" - #include "utils.h" -@@ -171,10 +172,10 @@ static void stats_print_original_data(const struct isula_container_info *stats) - short_id[SHORTIDLEN] = '\0'; - } - -- printf("%-16s %-10llu %-10s %-20lu %-20lu %-15u %-15lu %-15lu %-15lu %-15lu %-15lu %-15lu %-40s", short_id, -- (unsigned long long)stats->pids_current, stats->status, stats->cpu_use_nanos, stats->cpu_system_use, -- stats->online_cpus, stats->blkio_read, stats->blkio_write, stats->mem_used, stats->mem_limit, -- stats->kmem_used, stats->cache, stats->name); -+ printf("%-16s %-10" PRIu64 " %-10s %-20" PRIu64 " %-20" PRIu64 " %-15u %-15" PRIu64 " %-15" PRIu64 " %-15" PRIu64 -+ " %-15" PRIu64 " %-15" PRIu64 " %-15" PRIu64 " %-40s", short_id, stats->pids_current, stats->status, -+ stats->cpu_use_nanos, stats->cpu_system_use, stats->online_cpus, stats->blkio_read, stats->blkio_write, -+ stats->mem_used, stats->mem_limit, stats->kmem_used, stats->cache, stats->name); - - free(short_id); - } -diff --git a/src/cmd/isula/main.c b/src/cmd/isula/main.c -index a69df5d5..4e7cf1ca 100644 ---- a/src/cmd/isula/main.c -+++ b/src/cmd/isula/main.c -@@ -203,6 +203,7 @@ struct command g_commands[] = { - { NULL, false, NULL, NULL, NULL, NULL } // End of the list - }; - -+#ifdef ENABLE_OCI_IMAGE - static int set_locale() - { - int ret = 0; -@@ -217,12 +218,15 @@ static int set_locale() - out: - return ret; - } -+#endif - - int main(int argc, char **argv) - { -+#ifdef ENABLE_OCI_IMAGE - if (set_locale() != 0) { - exit(ECOMMON); - } -+#endif - - if (connect_client_ops_init()) { - return ECOMMON; -diff --git a/src/cmd/isula/stream/CMakeLists.txt b/src/cmd/isula/stream/CMakeLists.txt -index 332435bc..eeb7e4dd 100644 ---- a/src/cmd/isula/stream/CMakeLists.txt -+++ b/src/cmd/isula/stream/CMakeLists.txt -@@ -1,7 +1,14 @@ - # get current directory sources files --aux_source_directory(${CMAKE_CURRENT_SOURCE_DIR} isula_stream_srcs) -+aux_source_directory(${CMAKE_CURRENT_SOURCE_DIR} local_isula_stream_srcs) -+ -+# use a separate micro defination for libarchive -+if (DISABLE_OCI) -+ list(REMOVE_ITEM local_isula_stream_srcs -+ ${CMAKE_CURRENT_SOURCE_DIR}/cp.c -+ ) -+endif() - - set(ISULA_STREAM_SRCS -- ${isula_stream_srcs} -+ ${local_isula_stream_srcs} - PARENT_SCOPE - ) -diff --git a/src/cmd/isulad/isulad_commands.c b/src/cmd/isulad/isulad_commands.c -index c2826c83..b37c7208 100644 ---- a/src/cmd/isulad/isulad_commands.c -+++ b/src/cmd/isulad/isulad_commands.c -@@ -19,6 +19,7 @@ - #include - #include - #include -+#include - - #include "config.h" - #include "isula_libutils/log.h" -@@ -250,7 +251,7 @@ static int check_args_log_conf(const struct service_arguments *args) - /* validate max-size */ - if ((args->json_confs->log_driver && strcasecmp("file", args->json_confs->log_driver) == 0) && - (args->max_size < (4 * 1024))) { -- ERROR("Max-size \"%ld\" must large than 4KB.", args->max_size); -+ ERROR("Max-size \"%" PRId64 "\" must large than 4KB.", args->max_size); - ret = -1; - goto out; - } -diff --git a/src/cmd/isulad/main.c b/src/cmd/isulad/main.c -index c981bf1c..16a4f15b 100644 ---- a/src/cmd/isulad/main.c -+++ b/src/cmd/isulad/main.c -@@ -1448,6 +1448,7 @@ out: - return ret; - } - -+#ifdef ENABLE_OCI_IMAGE - static int set_locale() - { - int ret = 0; -@@ -1462,6 +1463,7 @@ static int set_locale() - out: - return ret; - } -+#endif - - /* - * Takes socket path as argument -@@ -1478,9 +1480,11 @@ int main(int argc, char **argv) - exit(ECOMMON); - } - -+#ifdef ENABLE_OCI_IMAGE - if (set_locale() != 0) { - exit(ECOMMON); - } -+#endif - - http_global_init(); - -diff --git a/src/daemon/executor/container_cb/execution_stream.c b/src/daemon/executor/container_cb/execution_stream.c -index 4b6cdb10..0921eb19 100644 ---- a/src/daemon/executor/container_cb/execution_stream.c -+++ b/src/daemon/executor/container_cb/execution_stream.c -@@ -40,6 +40,7 @@ - #include - #include - #include -+#include - - #include "isula_libutils/log.h" - #include "io_wrapper.h" -@@ -343,6 +344,7 @@ pack_response: - return (cc == ISULAD_SUCCESS) ? 0 : -1; - } - -+#ifdef ENABLE_OCI_IMAGE - static int copy_from_container_cb_check(const struct isulad_copy_from_container_request *request, - struct isulad_copy_from_container_response **response, container_t **cont) - { -@@ -963,6 +965,7 @@ pack_response: - free(dst_base); - return ret; - } -+#endif - - static int container_logs_cb_check(const struct isulad_logs_request *request, struct isulad_logs_response *response) - { -@@ -1626,7 +1629,8 @@ static int container_logs_cb(const struct isulad_logs_request *request, stream_f - goto out; - } - -- EVENT("Event: {Object: %s, Content: path: %s, rotate: %d, size: %ld }", id, log_config->path, log_config->rotate, -+ EVENT("Event: {Object: %s, Content: path: %s, rotate: %d, size: %" PRId64 " }", id, log_config->path, -+ log_config->rotate, - log_config->size); - - nret = check_log_config(log_config); -@@ -1670,7 +1674,9 @@ void container_stream_callback_init(service_container_callback_t *cb) - { - cb->attach = container_attach_cb; - cb->exec = container_exec_cb; -+#ifdef ENABLE_OCI_IMAGE - cb->copy_from_container = copy_from_container_cb; - cb->copy_to_container = copy_to_container_cb; -+#endif - cb->logs = container_logs_cb; - } -diff --git a/src/daemon/executor/container_cb/list.c b/src/daemon/executor/container_cb/list.c -index d8f26328..67fef06e 100644 ---- a/src/daemon/executor/container_cb/list.c -+++ b/src/daemon/executor/container_cb/list.c -@@ -620,7 +620,7 @@ static int pack_list_containers(char **idsarray, const struct list_context *ctx, - } - - if (container_nums > (SIZE_MAX / sizeof(container_container *))) { -- ERROR("Get too many containers:%ld", container_nums); -+ ERROR("Get too many containers:%zu", container_nums); - ret = -1; - goto out; - } -diff --git a/src/daemon/modules/image/CMakeLists.txt b/src/daemon/modules/image/CMakeLists.txt -index 14ce571d..bfab0334 100644 ---- a/src/daemon/modules/image/CMakeLists.txt -+++ b/src/daemon/modules/image/CMakeLists.txt -@@ -45,7 +45,7 @@ set(IMAGE_INCS - # set sources and headers for libisulad_img - set(LIB_ISULAD_IMG libisulad_img) - --add_library(${LIB_ISULAD_IMG} ${LIBTYPE} -+set(LIB_ISULAD_IMG_SRCS - ${local_image_srcs} - ${CMAKE_SOURCE_DIR}/src/utils/cutils/utils.c - ${CMAKE_SOURCE_DIR}/src/utils/cutils/utils_regex.c -@@ -66,15 +66,29 @@ add_library(${LIB_ISULAD_IMG} ${LIBTYPE} - ${CMAKE_SOURCE_DIR}/src/utils/sha256/sha256.c - ${CMAKE_SOURCE_DIR}/src/utils/buffer/buffer.c - ${CMAKE_SOURCE_DIR}/src/daemon/common/err_msg.c -- ${CMAKE_SOURCE_DIR}/src/daemon/common/selinux_label.c - ${CMAKE_SOURCE_DIR}/src/daemon/common/sysinfo.c -- ${CMAKE_SOURCE_DIR}/src/utils/tar/isulad_tar.c -- ${CMAKE_SOURCE_DIR}/src/utils/tar/util_archive.c - ${CMAKE_SOURCE_DIR}/src/utils/tar/util_gzip.c - ${CMAKE_SOURCE_DIR}/src/daemon/config/isulad_config.c - ${CMAKE_SOURCE_DIR}/src/daemon/config/daemon_arguments.c - ) - -+if (ENALBE_SELINUX) -+ list(APPEND LIB_ISULAD_IMG_SRCS -+ ${CMAKE_SOURCE_DIR}/src/daemon/common/selinux_label.c -+ ) -+endif() -+ -+if (ENABLE_OCI_IMAGE) -+ list(APPEND LIB_ISULAD_IMG_SRCS -+ ${CMAKE_SOURCE_DIR}/src/utils/tar/isulad_tar.c -+ ${CMAKE_SOURCE_DIR}/src/utils/tar/util_archive.c -+ ) -+endif() -+ -+add_library(${LIB_ISULAD_IMG} ${LIBTYPE} -+ ${LIB_ISULAD_IMG_SRCS} -+ ) -+ - target_include_directories(${LIB_ISULAD_IMG} PUBLIC - ${local_image_incs} - ${CMAKE_SOURCE_DIR}/src/daemon/modules/api -@@ -97,9 +111,21 @@ target_link_libraries(${LIB_ISULAD_IMG} - ${ISULA_LIBUTILS_LIBRARY} - ${DEVMAPPER_LIBRARY} - ${LIBTAR_LIBRARY} -- ${SELINUX_LIBRARY} -- ${LIBARCHIVE_LIBRARY} -- -lpthread -lcrypto -lz libhttpclient) -+ ${CRYPTO_LIBRARY} -+ ${ZLIB_LIBRARY} -+ -lpthread libhttpclient) -+ -+if (ENABLE_OCI_IMAGE) -+ target_link_libraries(${LIB_ISULAD_IMG} -+ ${LIBARCHIVE_LIBRARY} -+ ) -+endif() -+ -+if (ENALBE_SELINUX) -+ target_link_libraries(${LIB_ISULAD_IMG} -+ ${SELINUX_LIBRARY} -+ ) -+endif() - - target_compile_definitions(${LIB_ISULAD_IMG} PRIVATE LIB_ISULAD_IMG_SO) - -diff --git a/src/daemon/modules/image/embedded/db/db_all.c b/src/daemon/modules/image/embedded/db/db_all.c -index 9a611589..47e6e2e0 100644 ---- a/src/daemon/modules/image/embedded/db/db_all.c -+++ b/src/daemon/modules/image/embedded/db/db_all.c -@@ -694,7 +694,7 @@ static int read_all_images_info(sqlite3_stmt *stmt, void **data) - goto cleanup; - } - if ((*imagesinfo)->imagesnum > (SIZE_MAX / sizeof(struct db_image *) - 1)) { -- ERROR("List of images is too long:%ld", (*imagesinfo)->imagesnum); -+ ERROR("List of images is too long:%zu", (*imagesinfo)->imagesnum); - goto cleanup; - } - oldsize = (*imagesinfo)->imagesnum * sizeof(struct db_image *); -diff --git a/src/daemon/modules/image/embedded/lim.c b/src/daemon/modules/image/embedded/lim.c -index a3834d3c..538cfff6 100644 ---- a/src/daemon/modules/image/embedded/lim.c -+++ b/src/daemon/modules/image/embedded/lim.c -@@ -196,7 +196,7 @@ static bool validate_layer_path_in_host_real(size_t layer_index, char *path_in_h - } - - if (!util_valid_file(real_path, fmod)) { -- ERROR("invalid path in host %s, real path is %s, layer %ld", path_in_host, real_path, layer_index); -+ ERROR("invalid path in host %s, real path is %s, layer %zu", path_in_host, real_path, layer_index); - if (fmod == (uint32_t)S_IFREG) { - isulad_try_set_error_message( - "Invalid content in manifest: layer(except first layer) is not a regular file"); -@@ -218,13 +218,13 @@ static bool validate_layer_path_in_host(size_t layer_index, const char *location - if (layer_index == 0) { - /* layer 0 is absolute path of rootfs device or host / */ - if (!valid_absolute_path(path_in_host)) { -- ERROR("path in host %s not a absolute path, layer %lu", path_in_host, layer_index); -+ ERROR("path in host %s not a absolute path, layer %zu", path_in_host, layer_index); - isulad_try_set_error_message("Invalid content in manifest: first layer path in host must be absolute path"); - return false; - } - - if ((int)fmod == S_IFDIR && strcmp(path_in_host, "/") != 0) { -- ERROR("expected / as root, got %s, layer %lu", path_in_host, layer_index); -+ ERROR("expected / as root, got %s, layer %zu", path_in_host, layer_index); - isulad_try_set_error_message("Invalid content in manifest: first layer path in host must be /"); - return false; - } -@@ -235,7 +235,7 @@ static bool validate_layer_path_in_host(size_t layer_index, const char *location - char parent_location[PATH_MAX] = { 0 }; - int sret = 0; - if (!valid_relative_path(path_in_host)) { -- ERROR("path in host %s not a relative path, layer %lu", path_in_host, layer_index); -+ ERROR("path in host %s not a relative path, layer %zu", path_in_host, layer_index); - isulad_try_set_error_message("Invalid content in manifest:" - " layer path in host(except first layer) must be relative path"); - return false; -@@ -409,7 +409,7 @@ static bool validate_image_name(char *image_name) - static bool validate_image_layers_number(size_t layers_len) - { - if (layers_len > LAYER_NUM_MAX || layers_len < 1) { -- ERROR("invalid layers number %ld maxium is %d", layers_len, LAYER_NUM_MAX); -+ ERROR("invalid layers number %zu maxium is %d", layers_len, LAYER_NUM_MAX); - isulad_try_set_error_message("Invalid content in manifest: layer empty or max depth exceeded"); - return false; - } -diff --git a/src/daemon/modules/log/log_gather.c b/src/daemon/modules/log/log_gather.c -index b9813917..51c112a3 100644 ---- a/src/daemon/modules/log/log_gather.c -+++ b/src/daemon/modules/log/log_gather.c -@@ -26,11 +26,12 @@ - #include - #include - #include -+#include - - #include "log_gather_api.h" - #include "isula_libutils/log.h" - #include "utils.h" --#include "isulad_tar.h" -+#include "util_gzip.h" - #include "utils_file.h" - - typedef int (*log_save_t)(const void *buf, size_t count); -@@ -223,7 +224,7 @@ static int check_log_file() - if (ret != 0) { - COMMAND_ERROR("Rotate log file %s failed.", g_log_file); - } else { -- INFO("Log file large than %lu, rotate it.", g_max_size); -+ INFO("Log file large than %" PRIu64", rotate it.", g_max_size); - } - } else { - ret = 0; -diff --git a/src/daemon/modules/plugin/plugin.c b/src/daemon/modules/plugin/plugin.c -index 25326567..9fe6dc8b 100644 ---- a/src/daemon/modules/plugin/plugin.c -+++ b/src/daemon/modules/plugin/plugin.c -@@ -31,6 +31,7 @@ - #include - #include - #include -+#include - - #include "isula_libutils/log.h" - #include "plugin_api.h" -@@ -519,7 +520,7 @@ static int pm_register_plugin(const char *name, const char *addr) - goto failed; - } - -- INFO("add activated plugin %s 0x%lx", plugin->name, plugin->manifest->watch_event); -+ INFO("add activated plugin %s 0x%" PRIx64, plugin->name, plugin->manifest->watch_event); - return 0; - - failed: -@@ -854,7 +855,7 @@ bool plugin_is_watching(plugin_t *plugin, uint64_t pe) - } - plugin_unlock(plugin); - -- INFO("plugin %s watching=%s for event 0x%lx", plugin->name, (ok ? "true" : "false"), pe); -+ INFO("plugin %s watching=%s for event 0x%" PRIx64, plugin->name, (ok ? "true" : "false"), pe); - - return ok; - } -@@ -885,7 +886,7 @@ static int unpack_activate_response(const struct parsed_http_message *message, v - goto out; - } - -- INFO("get resp 0x%lx", resp->watch_event); -+ INFO("get resp 0x%" PRIx64, resp->watch_event); - manifest->init_type = resp->init_type; - manifest->watch_event = resp->watch_event; - -@@ -1371,7 +1372,7 @@ static int plugin_event_handle_dispath_impl(const char *cid, const char *plugins - ret = plugin_event_post_remove_handle(plugin, cid); - break; - default: -- ERROR("plugin event %ld not support.", pe); -+ ERROR("plugin event %" PRIu64 " not support.", pe); - ret = -1; - break; - } -diff --git a/src/daemon/modules/spec/verify.c b/src/daemon/modules/spec/verify.c -index 57501cde..245beb8b 100644 ---- a/src/daemon/modules/spec/verify.c -+++ b/src/daemon/modules/spec/verify.c -@@ -34,6 +34,7 @@ - #include - #include - #include -+#include - - #include "constants.h" - #include "err_msg.h" -@@ -962,8 +963,8 @@ static bool check_hugetlbs_repeated(size_t newlen, const char *pagesize, - - for (j = 0; j < newlen; j++) { - if (newtlb[j] != NULL && newtlb[j]->page_size != NULL && !strcmp(newtlb[j]->page_size, pagesize)) { -- WARN("hugetlb-limit setting of %s is repeated, former setting %lu will be replaced with %lu", pagesize, -- newtlb[j]->limit, hugetlb->limit); -+ WARN("hugetlb-limit setting of %s is repeated, former setting %" PRIu64 " will be replaced with %" PRIu64, -+ pagesize, newtlb[j]->limit, hugetlb->limit); - newtlb[j]->limit = hugetlb->limit; - repeated = true; - goto out; -@@ -1090,7 +1091,7 @@ static int verify_resources_device(defs_resources *resources) - - for (i = 0; i < resources->devices_len; i++) { - if (!util_valid_device_mode(resources->devices[i]->access)) { -- ERROR("Invalid device mode \"%s\" for device \"%ld %ld\"", resources->devices[i]->access, -+ ERROR("Invalid device mode \"%s\" for device \"%" PRId64" %" PRId64 "\"", resources->devices[i]->access, - resources->devices[i]->major, resources->devices[i]->minor); - isulad_set_error_message("Invalid device mode \"%s\" for device \"%ld %ld\"", resources->devices[i]->access, - resources->devices[i]->major, resources->devices[i]->minor); -@@ -1678,7 +1679,7 @@ static int add_hugetbl_element(host_config_hugetlbs_element ***hugetlb, size_t * - for (j = 0; j < *len; j++) { - if (strcmp((*hugetlb)[j]->page_size, pagesize) == 0) { - WARN("Hostconfig: hugetlb-limit setting of %s is repeated, " -- "former setting %lu will be replaced with %lu", -+ "former setting %" PRIu64 " will be replaced with %" PRIu64, - pagesize, (*hugetlb)[j]->limit, element->limit); - (*hugetlb)[j]->limit = element->limit; - goto out; -diff --git a/src/utils/cutils/utils.c b/src/utils/cutils/utils.c -index 511cde96..850b2329 100644 ---- a/src/utils/cutils/utils.c -+++ b/src/utils/cutils/utils.c -@@ -1358,7 +1358,7 @@ int util_normalized_host_os_arch(char **host_os, char **host_arch, char **host_v - *host_arch = util_strdup_s("arm64"); - } else if ((strcasecmp("armhf", uts.machine) == 0) || (strcasecmp("armel", uts.machine) == 0)) { - *host_arch = util_strdup_s("arm"); -- } else if ((strcasecmp("mips64le", uts.machine) == 0) || (strcasecmp("mips64el", uts.machine) == 0)) { -+ } else if ((strcasecmp("mips64le", uts.machine) == 0) || (strcasecmp("mips64el", uts.machine) == 0)) { - *host_arch = util_strdup_s("mips64le"); - } else { - *host_arch = util_strdup_s(uts.machine); -diff --git a/src/utils/cutils/utils_base64.c b/src/utils/cutils/utils_base64.c -index 2eb6b6bd..a2b0d7a4 100644 ---- a/src/utils/cutils/utils_base64.c -+++ b/src/utils/cutils/utils_base64.c -@@ -115,7 +115,7 @@ size_t util_base64_decode_len(const char *input, size_t len) - size_t padding_count = 0; - - if (input == NULL || len < 4 || len % 4 != 0) { -- ERROR("Invalid param for base64 decode length, length is %ld", len); -+ ERROR("Invalid param for base64 decode length, length is %zu", len); - return -1; - } - -diff --git a/src/utils/tar/CMakeLists.txt b/src/utils/tar/CMakeLists.txt -index 0f3a56c1..97532ad1 100644 ---- a/src/utils/tar/CMakeLists.txt -+++ b/src/utils/tar/CMakeLists.txt -@@ -1,6 +1,13 @@ - # get current directory sources files - aux_source_directory(${CMAKE_CURRENT_SOURCE_DIR} local_tar_srcs) - -+if (DISABLE_OCI) -+ list(REMOVE_ITEM local_tar_srcs -+ ${CMAKE_CURRENT_SOURCE_DIR}/util_archive.c -+ ${CMAKE_CURRENT_SOURCE_DIR}/isulad_tar.c -+ ) -+endif() -+ - set(TAR_SRCS - ${local_tar_srcs} - PARENT_SCOPE -diff --git a/src/utils/tar/isulad_tar.c b/src/utils/tar/isulad_tar.c -index 03277373..228e091a 100644 ---- a/src/utils/tar/isulad_tar.c -+++ b/src/utils/tar/isulad_tar.c -@@ -19,8 +19,6 @@ - #include - #include - #include --#include --#include - #include - #include - #include -@@ -50,72 +48,6 @@ void free_archive_copy_info(struct archive_copy_info *info) - free(info); - } - --/* -- * compress file. -- * param filename: archive file to compres. -- * return: zero if compress success, non-zero if not. -- */ --int gzip(const char *filename, size_t len) --{ -- int pipefd[2] = { -1, -1 }; -- int status = 0; -- pid_t pid = 0; -- -- if (filename == NULL) { -- return -1; -- } -- if (len == 0) { -- return -1; -- } -- -- if (pipe2(pipefd, O_CLOEXEC) != 0) { -- ERROR("Failed to create pipe\n"); -- return -1; -- } -- -- pid = fork(); -- if (pid == -1) { -- ERROR("Failed to fork()\n"); -- close(pipefd[0]); -- close(pipefd[1]); -- return -1; -- } -- -- if (pid == 0) { -- // child process, dup2 pipefd[1] to stderr -- close(pipefd[0]); -- dup2(pipefd[1], 2); -- -- if (!util_valid_cmd_arg(filename)) { -- fprintf(stderr, "Invalid filename: %s\n", filename); -- exit(EXIT_FAILURE); -- } -- -- execlp("gzip", "gzip", "-f", filename, NULL); -- -- fprintf(stderr, "Failed to exec gzip"); -- exit(EXIT_FAILURE); -- } -- -- ssize_t size_read = 0; -- char buffer[BUFSIZ] = { 0 }; -- -- close(pipefd[1]); -- -- if (waitpid(pid, &status, 0) != pid) { -- close(pipefd[0]); -- return -1; -- } -- -- size_read = read(pipefd[0], buffer, BUFSIZ); -- close(pipefd[0]); -- -- if (size_read) { -- ERROR("Received error:\n%s", buffer); -- } -- return status; --} -- - static int get_rebase_name(const char *path, const char *real_path, char **resolved_path, char **rebase_name) - { - int nret; -diff --git a/src/utils/tar/isulad_tar.h b/src/utils/tar/isulad_tar.h -index c773fe9b..31d2d24a 100644 ---- a/src/utils/tar/isulad_tar.h -+++ b/src/utils/tar/isulad_tar.h -@@ -47,13 +47,6 @@ struct archive_tar_resource_rebase_opts { - char *include_file; - }; - --/* -- * compress file. -- * param filename : archive file to compres. -- * return: zero if compress success, non-zero if not. -- */ --int gzip(const char *filename, size_t len); -- - struct archive_copy_info *copy_info_source_path(const char *path, bool follow_link, char **err); - - char *prepare_archive_copy(const struct archive_copy_info *srcinfo, const struct archive_copy_info *dstinfo, -diff --git a/src/utils/tar/util_gzip.c b/src/utils/tar/util_gzip.c -index 8733bcbc..9b17e9d7 100644 ---- a/src/utils/tar/util_gzip.c -+++ b/src/utils/tar/util_gzip.c -@@ -16,6 +16,8 @@ - #include "util_gzip.h" - #include - #include -+#include -+#include - - #include "utils.h" - #include "isula_libutils/log.h" -@@ -151,3 +153,70 @@ out: - - return ret; - } -+ -+/* -+ * compress file. -+ * param filename: archive file to compres. -+ * return: zero if compress success, non-zero if not. -+ */ -+int gzip(const char *filename, size_t len) -+{ -+ int pipefd[2] = { -1, -1 }; -+ int status = 0; -+ pid_t pid = 0; -+ -+ if (filename == NULL) { -+ return -1; -+ } -+ if (len == 0) { -+ return -1; -+ } -+ -+ if (pipe2(pipefd, O_CLOEXEC) != 0) { -+ ERROR("Failed to create pipe\n"); -+ return -1; -+ } -+ -+ pid = fork(); -+ if (pid == -1) { -+ ERROR("Failed to fork()\n"); -+ close(pipefd[0]); -+ close(pipefd[1]); -+ return -1; -+ } -+ -+ if (pid == 0) { -+ // child process, dup2 pipefd[1] to stderr -+ close(pipefd[0]); -+ dup2(pipefd[1], 2); -+ dup2(pipefd[1], 2); -+ -+ if (!util_valid_cmd_arg(filename)) { -+ fprintf(stderr, "Invalid filename: %s\n", filename); -+ exit(EXIT_FAILURE); -+ } -+ -+ execlp("gzip", "gzip", "-f", filename, NULL); -+ -+ fprintf(stderr, "Failed to exec gzip"); -+ exit(EXIT_FAILURE); -+ } -+ -+ ssize_t size_read = 0; -+ char buffer[BUFSIZ] = { 0 }; -+ -+ close(pipefd[1]); -+ -+ if (waitpid(pid, &status, 0) != pid) { -+ close(pipefd[0]); -+ return -1; -+ } -+ -+ size_read = read(pipefd[0], buffer, BUFSIZ); -+ close(pipefd[0]); -+ -+ if (size_read) { -+ ERROR("Received error:\n%s", buffer); -+ } -+ return status; -+} -diff --git a/src/utils/tar/util_gzip.h b/src/utils/tar/util_gzip.h -index 637997bd..7d881e92 100644 ---- a/src/utils/tar/util_gzip.h -+++ b/src/utils/tar/util_gzip.h -@@ -28,6 +28,13 @@ int util_gzip_z(const char *srcfile, const char *dstfile, const mode_t mode); - // Decompress - int util_gzip_d(const char *srcfile, const FILE *destfp); - -+/* -+ * compress file. -+ * param filename: archive file to compres. -+ * return: zero if compress success, non-zero if not. -+ */ -+int gzip(const char *filename, size_t len); -+ - #ifdef __cplusplus - } - #endif --- -2.25.1 - diff --git a/0025-fix-compile-error-with-grpc-1.41.x.patch b/0025-fix-compile-error-with-grpc-1.41.x.patch deleted file mode 100644 index 46d6dba..0000000 --- a/0025-fix-compile-error-with-grpc-1.41.x.patch +++ /dev/null @@ -1,61 +0,0 @@ -From e24056c1c09eecace5197feb813fe29e19e30ede Mon Sep 17 00:00:00 2001 -From: zhangxiaoyu -Date: Tue, 11 Jan 2022 10:00:37 +0800 -Subject: [PATCH] fix compile error with grpc 1.41.x - -Signed-off-by: zhangxiaoyu ---- - cmake/checker.cmake | 2 ++ - src/CMakeLists.txt | 9 +++++++++ - 2 files changed, 11 insertions(+) - -diff --git a/cmake/checker.cmake b/cmake/checker.cmake -index 17a324f6..946ee730 100644 ---- a/cmake/checker.cmake -+++ b/cmake/checker.cmake -@@ -147,6 +147,8 @@ if (GRPC_CONNECTOR OR ENABLE_OCI_IMAGE) - _CHECK(GRPC_LIBRARY "GRPC_LIBRARY-NOTFOUND" "libgrpc.so") - find_library(GPR_LIBRARY gpr) - _CHECK(GPR_LIBRARY "GPR_LIBRARY-NOTFOUND" "libgpr.so") -+ # no check -+ find_library(ABSL_SYNC_LIB absl_synchronization) - - # check devmapper - find_path(DEVMAPPER_INCLUDE_DIR libdevmapper.h) -diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt -index 1401784b..30f451d4 100644 ---- a/src/CMakeLists.txt -+++ b/src/CMakeLists.txt -@@ -95,6 +95,9 @@ if (GRPC_CONNECTOR) - target_link_libraries(libisula -Wl,--as-needed -lstdc++) - target_link_libraries(libisula -Wl,--as-needed ${PROTOBUF_LIBRARY}) - target_link_libraries(libisula -Wl,--no-as-needed ${GRPC_PP_REFLECTION_LIBRARY} ${GRPC_PP_LIBRARY} ${GRPC_LIBRARY} ${GPR_LIBRARY}) -+ if(ABSL_SYNC_LIB) -+ target_link_libraries(libisula -Wl,--no-as-needed ${ABSL_SYNC_LIB}) -+ endif() - else() - target_link_libraries(libisula ${EVHTP_LIBRARY} ${EVENT_LIBRARY} ${ZLIB_LIBRARY} -ldl libhttpclient) - endif() -@@ -167,6 +170,9 @@ if (GRPC_CONNECTOR) - target_link_libraries(isulad -Wl,--as-needed -lstdc++) - target_link_libraries(isulad -Wl,--as-needed ${PROTOBUF_LIBRARY}) - target_link_libraries(isulad -Wl,--no-as-needed ${GRPC_PP_REFLECTION_LIBRARY} ${GRPC_PP_LIBRARY} ${GRPC_LIBRARY} ${GPR_LIBRARY}) -+ if(ABSL_SYNC_LIB) -+ target_link_libraries(isulad -Wl,--no-as-needed ${ABSL_SYNC_LIB}) -+ endif() - target_link_libraries(isulad ${CLIBCNI_LIBRARY}) - else() - message("Restful iSulad") -@@ -182,6 +188,9 @@ if (ENABLE_OCI_IMAGE) - target_link_libraries(isulad -Wl,--as-needed -ldevmapper) - target_link_libraries(isulad -Wl,--as-needed ${PROTOBUF_LIBRARY}) - target_link_libraries(isulad -Wl,--no-as-needed ${GRPC_PP_REFLECTION_LIBRARY} ${GRPC_PP_LIBRARY} ${GRPC_LIBRARY} ${GPR_LIBRARY}) -+ if(ABSL_SYNC_LIB) -+ target_link_libraries(isulad -Wl,--no-as-needed ${ABSL_SYNC_LIB}) -+ endif() - endif() - - if (ISULAD_GCOV) --- -2.25.1 - diff --git a/0026-fix-compile-error-of-isula-transform.patch b/0026-fix-compile-error-of-isula-transform.patch deleted file mode 100644 index d3bc415..0000000 --- a/0026-fix-compile-error-of-isula-transform.patch +++ /dev/null @@ -1,35 +0,0 @@ -From b13bdf63b048f49e2e269737073e8f5b894cd3aa Mon Sep 17 00:00:00 2001 -From: WangFengTu -Date: Wed, 12 Jan 2022 14:16:41 +0800 -Subject: [PATCH] fix compile error of isula-transform - -Signed-off-by: WangFengTu ---- - src/daemon/modules/image/CMakeLists.txt | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/daemon/modules/image/CMakeLists.txt b/src/daemon/modules/image/CMakeLists.txt -index bfab0334..315014d6 100644 ---- a/src/daemon/modules/image/CMakeLists.txt -+++ b/src/daemon/modules/image/CMakeLists.txt -@@ -72,7 +72,7 @@ set(LIB_ISULAD_IMG_SRCS - ${CMAKE_SOURCE_DIR}/src/daemon/config/daemon_arguments.c - ) - --if (ENALBE_SELINUX) -+if (ENABLE_SELINUX) - list(APPEND LIB_ISULAD_IMG_SRCS - ${CMAKE_SOURCE_DIR}/src/daemon/common/selinux_label.c - ) -@@ -121,7 +121,7 @@ if (ENABLE_OCI_IMAGE) - ) - endif() - --if (ENALBE_SELINUX) -+if (ENABLE_SELINUX) - target_link_libraries(${LIB_ISULAD_IMG} - ${SELINUX_LIBRARY} - ) --- -2.25.1 - diff --git a/iSulad.spec b/iSulad.spec index 6f1919f..7d4a9be 100644 --- a/iSulad.spec +++ b/iSulad.spec @@ -1,5 +1,5 @@ -%global _version 2.0.10 -%global _release 15 +%global _version 2.0.11 +%global _release 1 %global is_systemd 1 %global enable_shimv2 1 %global is_embedded 1 @@ -13,33 +13,6 @@ URL: https://gitee.com/openeuler/iSulad Source: https://gitee.com/openeuler/iSulad/repository/archive/v%{version}.tar.gz BuildRoot: {_tmppath}/iSulad-%{version} -Patch0001: 0001-add-self-def-runtime-for-shimv2.patch -Patch0002: 0002-fix-memleak-when-use-multiple-volumes-from.patch -Patch0003: 0003-Modified-the-procedure-of-running-a-pod-to-adapt-to-.patch -Patch0004: 0004-add-new-function-mock-for-ut.patch -Patch0005: 0005-delete-isulad-h-flag.patch -Patch0006: 0006-Fix-memory-leak-in-ClearCniNetwork-when-calling-get_.patch -Patch0007: 0007-fix-cri-libwebsockets-sync_close_sem-memory-leak.patch -Patch0008: 0008-fix-cpu-variant-get-error.patch -Patch0009: 0009-fix-unit-test-error-of-registry-in-armv8.patch -Patch0010: 0010-Modified-cmakelist-of-storage_layer-and-added-a-new-.patch -Patch0011: 0011-add-fuzz-build-in-CI.patch -Patch0012: 0012-print-valgrind-log.patch -Patch0013: 0013-fix-cri-version-memory-leak.patch -Patch0014: 0014-fix-undefined-reference-in-libisulad_img.so.patch -Patch0015: 0015-fix-undefined-reference-to-service_arguments_free-in.patch -Patch0016: 0016-fix-mem-leak.patch -Patch0017: 0017-isula-pull-does-not-support-format-name-digest.patch -Patch0018: 0018-Fixed-dangerous-memory-operations.patch -Patch0019: 0019-add-pull-request-gateway-checker-for-build-and-ut.patch -Patch0020: 0020-Optimize-websocket-streaming-service-code.patch -Patch0021: 0021-Fixed-a-bug-that-occurs-when-starting-container-in-h.patch -Patch0022: 0022-fix-memory-leak-in-CniNetworkPlugin.patch -Patch0023: 0023-fix-codex-error.patch -Patch0024: 0024-fix-compile-error-when-building-embedded-image.patch -Patch0025: 0025-fix-compile-error-with-grpc-1.41.x.patch -Patch0026: 0026-fix-compile-error-of-isula-transform.patch - %ifarch x86_64 aarch64 Provides: libhttpclient.so()(64bit) Provides: libisula.so()(64bit) @@ -62,8 +35,8 @@ BuildRequires: sqlite-devel Requires: sqlite %endif -%define lcrver 2.0.6 -%define clibcniver 2.0.6 +%define lcrver 2.0.7 +%define clibcniver 2.0.7 BuildRequires: lcr-devel >= %{lcrver} clibcni-devel >= %{clibcniver} @@ -93,7 +66,7 @@ This is a umbrella project for gRPC-services based Lightweight Container Runtime Daemon, written by C. %prep -%autosetup -n %{name} -Sgit -p1 +%autosetup -n iSulad-v%{_version} -Sgit -p1 %build mkdir -p build @@ -263,6 +236,12 @@ fi %endif %changelog +* Thu Feb 24 2022 wangfengtu - 2.0.11-1 +- Type: enhancement +- ID: NA +- SUG: NA +- DESC: update version to v2.0.11 + * Wed Jan 12 2022 wangfengtu - 2.0.10-15 - Type: bugfix - ID: NA diff --git a/v2.0.10.tar.gz b/v2.0.11.tar.gz similarity index 52% rename from v2.0.10.tar.gz rename to v2.0.11.tar.gz index d0cd06c..51a4f5b 100644 Binary files a/v2.0.10.tar.gz and b/v2.0.11.tar.gz differ