!11 isula-build: bump version to 0.9.3

From: @DCCooper Reviewed-by: @jingxiaolu Signed-off-by: @jingxiaolu
2020-09-10 21:00:39 +08:00 · 2020-09-10 21:00:39 +08:00 · 5bd679ffe1
commit 5bd679ffe1
parent 1b4e6d4ae1 9c4dec0622
15 changed files with 405 additions and 19 deletions
--- a/1
+++ b/1
@ -0,0 +1 @@
 0.9.3-1
--- a/39
+++ b/39
@ -0,0 +1,39 @@
 #!/bin/bash
 # Copyright (c) Huawei Technologies Co., Ltd. 2019-2020. All rights reserved.
 # Description: This shell script is used to apply patches for the project
 # Author: lixiang172@huawei.com
 # Create: 2020-08-21
 set -ex
 pkg=isula-build
 cwd=${PWD}
 src=${cwd}/${pkg}
 tar_file=v"$(awk -F"-" '{print $1}' < VERSION-openeuler)".tar.gz
 tar -zxvf "${tar_file}"
 if [ ! -d patch ]; then
    tar -zxvf patch.tar.gz
 fi
 cd "${src}"
 git init
 git add .
 git config user.name 'build'
 git config user.email 'build@obs.com'
 git commit -m 'init build'
 cd "${cwd}"
 series=${cwd}/series.conf
 while IPF= read -r line; do
    if [[ "${line}" =~ ^patch* ]]; then
        echo "git apply ${cwd}/${line}"
        cd "${src}" && git apply "${cwd}/${line}"
    fi
 done <"${series}"
 cd "${cwd}"
 cp -rf "${src}"/* .
 cp -f VERSION-openeuler VERSION
 rm -rf "${src}"
--- a/gen-commit.sh
+++ b/gen-commit.sh
@ -1,12 +0,0 @@
 #!/bin/sh
 # Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved.
 # Description: This shell script is used to generate commitID store file.
 # Author: xiadanni1@huawei.com
 # Create: 2020-07-20
 changeID=`git log -1 | grep Change-Id | awk '{print $2}' | head -c 40`
 if [ "${changeID}" = "" ]; then
    changeID=`date | sha256sum | head -c 40`
 fi
 echo "${changeID}" > git-commit 
--- a/gen-version.sh
+++ b/gen-version.sh
@ -0,0 +1,84 @@
 #!/bin/bash
 ###################################################################################################
 # Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved.
 # iSula-Kits licensed under the Mulan PSL v2.
 # You can use this software according to the terms and conditions of the Mulan PSL v2.
 # You may obtain a copy of Mulan PSL v2 at:
 #     http://license.coscl.org.cn/MulanPSL2
 # THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
 # IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
 # PURPOSE.
 # See the Mulan PSL v2 for more details.
 # Author: Xiang Li
 # Create: 2020-05-18
 # Description: This script used for update isula-build version and release. Enjoy and cherrs
 ###################################################################################################
 # Basic info
 top_dir=$(git rev-parse --show-toplevel)
 version_file="${top_dir}/VERSION-openeuler"
 spec_file="${top_dir}/isula-build.spec"
 commit_file=${top_dir}/git-commit
 color=$(tput setaf 2) # red
 color_reset=$(tput sgr0)
 # Commit ID
 changeID=`git log -1 | grep Change-Id | awk '{print $2}' | head -c 40`
 if [ "${changeID}" = "" ]; then
    changeID=`date | sha256sum | head -c 40`
 fi
 echo "${changeID}" > ${top_dir}/git-commit
 commit_id=$(cat ${commit_file}|cut -c1-7)
 old_all=$(cat "${version_file}")
 old_version=$(cat "${version_file}" | awk -F"-" '{print $1}')
 old_release=$(cat "${version_file}" | awk -F"-" '{print $2}')
 major_old_version=$(echo "${old_version}" | awk -F "." '{print $1}')
 minor_old_version=$(echo "${old_version}" | awk -F "." '{print $2}')
 revision_old_version=$(echo "${old_version}" | awk -F "." '{print $3}')
 # Read user input
 read -rp "update version: Major(1), Minor(2), Revision(3), Release(4) [1/2/3/4]: " input
 case ${input} in
    1)
        major_old_version=$((major_old_version + 1))
        minor_old_version="0"
        revision_old_version="0"
        new_release_num="1"
        ;;
    2)
        minor_old_version=$((minor_old_version + 1))
        revision_old_version="0"
        new_release_num="1"
        ;;
    3)
        revision_old_version=$((revision_old_version + 1))
        new_release_num="1"
        ;;
    4)
        new_release_num=$((old_release + 1))
        ;;
    *)
        echo "Wrong input, Version Not modified: ${old_version}"
        exit 0
        ;;
 esac
 # VERSION format:
 # Major.Minor.Revision
 new_version=${major_old_version}.${minor_old_version}.${revision_old_version}
 new_release="${new_release_num}"
 new_all=${new_version}-${new_release_num}
 # Replace version and release for spec and VERSION files
 sed -i -e "s/^Version: .*$/Version: ${new_version}/g" "${spec_file}"
 sed -i -e "s/^Release: .*$/Release: ${new_release}/g" "${spec_file}"
 echo "${new_all}" > "${version_file}"
 if [[ "${old_all}" != "${new_all}" ]]; then
    printf 'Version: %s -> %s\n' "${old_all}" "${color}${new_all}${color_reset}"
 fi
--- a/2
+++ b/2
@ -1 +1 @@
-ef9ec57767334bc4880898a14ce05a5920e48fb6
+fd832e9c4d84b42249d267ce922c3444f20c260b
--- a/isula-build.spec
+++ b/isula-build.spec
@ -1,13 +1,18 @@
 %global is_systemd 1
 Name: isula-build
-Version: 0.9.2
+Version: 0.9.3
-Release: 3
+Release: 1
 Summary: A tool to build container images
 License: Mulan PSL V2
 URL: https://gitee.com/openeuler/isula-build
 Source0: https://gitee.com/openeuler/isula-build/repository/archive/v%{version}.tar.gz
 Source1: git-commit
 Source2: VERSION-openeuler
 Source3: apply-patches
 Source4: gen-version.sh
 Source5: series.conf
 Source6: patch.tar.gz
 BuildRequires: make btrfs-progs-devel device-mapper-devel glib2-devel gpgme-devel
 BuildRequires: libassuan-devel libseccomp-devel git bzip2 go-md2man systemd-devel
 BuildRequires: golang >= 1.13
@ -20,10 +25,16 @@ Requires: systemd-units
 isula-build is a tool used for container images building.
 %prep
-%autosetup -n %{name}
+cp %{SOURCE0} .
 cp %{SOURCE1} .
 cp %{SOURCE2} .
 cp %{SOURCE3} .
 cp %{SOURCE4} .
 cp %{SOURCE5} .
 cp %{SOURCE6} .
 %build
-cp %{SOURCE1} .
+sh ./apply-patches
 %{make_build} safe
 ./bin/isula-build completion > __isula-build
@ -42,7 +53,7 @@ install -d %{buildroot}%{_sysconfdir}/isula-build
 install -p -m 600 ./cmd/daemon/config/configuration.toml %{buildroot}%{_sysconfdir}/isula-build/configuration.toml
 install -p -m 600 ./cmd/daemon/config/storage.toml %{buildroot}%{_sysconfdir}/isula-build/storage.toml
 install -p -m 600 ./cmd/daemon/config/registries.toml %{buildroot}%{_sysconfdir}/isula-build/registries.toml
-install -p -m 600 ./cmd/daemon/config/policy.json %{buildroot}%{_sysconfdir}/isula-build/policy.json
+install -p -m 400 ./cmd/daemon/config/policy.json %{buildroot}%{_sysconfdir}/isula-build/policy.json
 # install bash completion script
 install -d %{buildroot}/usr/share/bash-completion/completions
 install -p -m 600 __isula-build %{buildroot}/usr/share/bash-completion/completions/isula-build
@ -65,6 +76,9 @@ rm -rf %{buildroot}
 /usr/share/bash-completion/completions/isula-build
 %changelog
 * Thu Sep 10 2020 lixiang <lixiang172@huawei.com> - 0.9.3-1
 - Bump version to 0.9.3
 * Fri Sep 04 2020 lixiang <lixiang172@huawei.com> - 0.9.2-3
 - Fix Source0 and do not startup after install by default
--- a/patch/0013-vendor-change-auth.json-file-mode-from-0700-to-0600.patch
+++ b/patch/0013-vendor-change-auth.json-file-mode-from-0700-to-0600.patch
@ -0,0 +1,29 @@
 From bde19bc4f9fce45ea09974fdd138cad111b9269c Mon Sep 17 00:00:00 2001
 From: lixiang <lixiang172@huawei.com>
 Date: Mon, 24 Aug 2020 10:17:20 +0800
 Subject: [PATCH] vendor:change auth.json file mode from 0700 to 0600
 reason: change auth.json file mode from 0700 to 0600
 See details in https://github.com/containers/image/issues/974
 Signed-off-by: lixiang <lixiang172@huawei.com>
 ---
 .../github.com/containers/image/v5/pkg/docker/config/config.go  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/vendor/github.com/containers/image/v5/pkg/docker/config/config.go b/vendor/github.com/containers/image/v5/pkg/docker/config/config.go
 index ce85af18..e0b8b9b1 100644
 --- a/vendor/github.com/containers/image/v5/pkg/docker/config/config.go
 +++ b/vendor/github.com/containers/image/v5/pkg/docker/config/config.go
@@ -326,7 +326,7 @@ func modifyJSON(sys *types.SystemContext, editor func(auths *dockerConfigFile) (
 	}
 	dir := filepath.Dir(path)
 -	if err = os.MkdirAll(dir, 0700); err != nil {
 +	if err = os.MkdirAll(dir, 0600); err != nil {
 		return err
 	}
 -- 
 2.19.1
--- a/patch/0014-store-recover-use-graphLock-when-mount-a-layer.patch
+++ b/patch/0014-store-recover-use-graphLock-when-mount-a-layer.patch
@ -0,0 +1,26 @@
 From 3703d88fbb74b216d8aaa2237d18c373fefa8f6e Mon Sep 17 00:00:00 2001
 From: liuzekun <liuzekun@huawei.com>
 Date: Fri, 21 Aug 2020 06:24:42 -0400
 Subject: [PATCH] store: recover use graphLock when mount a layer
 Signed-off-by: liuzekun <liuzekun@huawei.com>
 ---
 vendor/github.com/containers/storage/store.go | 2 ++
 1 file changed, 2 insertions(+)
 diff --git a/vendor/github.com/containers/storage/store.go b/vendor/github.com/containers/storage/store.go
 index 937bf8c..8f84412 100644
 --- a/vendor/github.com/containers/storage/store.go
 +++ b/vendor/github.com/containers/storage/store.go
@@ -2630,6 +2630,8 @@ func (s *store) mount(id string, options drivers.MountOpts) (string, error) {
 	if err != nil {
 		return "", err
 	}
 +	s.graphLock.Lock()
 +	defer s.graphLock.Unlock()
 	rlstore.Lock()
 	defer rlstore.Unlock()
 	if modified, err := rlstore.Modified(); modified || err != nil {
 -- 
 2.19.1
--- a/patch/0027-fix-goroutine-leak-with-close-tarLogger-in-a-defer-c.patch
+++ b/patch/0027-fix-goroutine-leak-with-close-tarLogger-in-a-defer-c.patch
@ -0,0 +1,34 @@
 From 241e0fdd31cf5f5905ab41b2bab1d0f247274bc3 Mon Sep 17 00:00:00 2001
 From: liuzekun <liuzekun@huawei.com>
 Date: Wed, 2 Sep 2020 06:10:55 -0400
 Subject: [PATCH] isula-build:fix goroutine leak with close tatLogger in a
 defer clause
 Signed-off-by: liuzekun <liuzekun@huawei.com>
 ---
 vendor/github.com/containers/storage/layers.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/vendor/github.com/containers/storage/layers.go b/vendor/github.com/containers/storage/layers.go
 index dc21f75..1fc25ba 100644
 --- a/vendor/github.com/containers/storage/layers.go
 +++ b/vendor/github.com/containers/storage/layers.go
@@ -1346,6 +1346,7 @@ func (r *layerStore) ApplyDiff(to string, diff io.Reader) (size int64, err error
 	if err != nil {
 		return -1, err
 	}
 +	defer idLogger.Close()
 	options := drivers.ApplyDiffOpts{
 		Diff:       payload,
 		Mappings:   r.layerMappings(layer),
@@ -1356,7 +1357,6 @@ func (r *layerStore) ApplyDiff(to string, diff io.Reader) (size int64, err error
 		return -1, err
 	}
 	compressor.Close()
 -	idLogger.Close()
 	if err == nil {
 		if err := os.MkdirAll(filepath.Dir(r.tspath(layer.ID)), 0700); err != nil {
 			return -1, err
 -- 
 2.19.1
--- a/patch/0030-xattr-support-ima-and-evm.patch
+++ b/patch/0030-xattr-support-ima-and-evm.patch
@ -0,0 +1,93 @@
 From b179511d671e84c83d895444f1d0bc45152dc3ba Mon Sep 17 00:00:00 2001
 From: yangfeiyu <yangfeiyu2@huawei.com>
 Date: Sat, 22 Aug 2020 16:44:16 +0800
 Subject: [PATCH] xattr: support ima and evm
 reason: support ima and evm
 Signed-off-by: yangfeiyu <yangfeiyu2@huawei.com>
 ---
 .../containers/storage/pkg/archive/archive.go | 50 +++++++++----------
 1 file changed, 25 insertions(+), 25 deletions(-)
 mode change 100644 => 100755 vendor/github.com/containers/storage/pkg/archive/archive.go
 diff --git a/vendor/github.com/containers/storage/pkg/archive/archive.go b/vendor/github.com/containers/storage/pkg/archive/archive.go
 old mode 100644
 new mode 100755
 index 78744e0..dd3b750
 --- a/vendor/github.com/containers/storage/pkg/archive/archive.go
 +++ b/vendor/github.com/containers/storage/pkg/archive/archive.go
@@ -396,7 +396,7 @@ func ReadSecurityXattrToTarHeader(path string, hdr *tar.Header) error {
 	if hdr.Xattrs == nil {
 		hdr.Xattrs = make(map[string]string)
 	}
 -	for _, xattr := range []string{"security.capability", "security.ima"} {
 +	for _, xattr := range []string{"security.capability", "security.ima", "security.evm"} {
 		capability, err := system.Lgetxattr(path, xattr)
 		if err != nil && err != system.EOPNOTSUPP && err != system.ErrNotSupportedPlatform {
 			return errors.Wrapf(err, "failed to read %q attribute from %q", xattr, path)
@@ -693,30 +693,7 @@ func createTarFile(path, extractDir string, hdr *tar.Header, reader io.Reader, L
 			}
 		}
 	}
 -
 -	var errors []string
 -	for key, value := range hdr.Xattrs {
 -		if err := system.Lsetxattr(path, key, []byte(value), 0); err != nil {
 -			if err == syscall.ENOTSUP || (err == syscall.EPERM && inUserns) {
 -				// We ignore errors here because not all graphdrivers support
 -				// xattrs *cough* old versions of AUFS *cough*. However only
 -				// ENOTSUP should be emitted in that case, otherwise we still
 -				// bail.  We also ignore EPERM errors if we are running in a
 -				// user namespace.
 -				errors = append(errors, err.Error())
 -				continue
 -			}
 -			return err
 -		}
 -
 -	}
 -
 -	if len(errors) > 0 {
 -		logrus.WithFields(logrus.Fields{
 -			"errors": errors,
 -		}).Warn("ignored xattrs in archive: underlying filesystem doesn't support them")
 -	}
 -
 +	
 	// There is no LChmod, so ignore mode for symlink. Also, this
 	// must happen after chown, as that can modify the file mode
 	if err := handleLChmod(hdr, path, hdrInfo); err != nil {
@@ -746,6 +723,29 @@ func createTarFile(path, extractDir string, hdr *tar.Header, reader io.Reader, L
 			return err
 		}
 	}
 +
 +	var errors []string
 +	for key, value := range hdr.Xattrs {
 +		if err := system.Lsetxattr(path, key, []byte(value), 0); err != nil {
 +			if err == syscall.ENOTSUP || (err == syscall.EPERM && inUserns) {
 +				// We ignore errors here because not all graphdrivers support
 +				// xattrs *cough* old versions of AUFS *cough*. However only
 +				// ENOTSUP should be emitted in that case, otherwise we still
 +				// bail.  We also ignore EPERM errors if we are running in a
 +				// user namespace.
 +				errors = append(errors, err.Error())
 +				continue
 +			}
 +			return err
 +		}
 +
 +	}
 +
 +	if len(errors) > 0 {
 +		logrus.WithFields(logrus.Fields{
 +			"errors": errors,
 +		}).Warn("ignored xattrs in archive: underlying filesystem doesn't support them")
 +	}
 	return nil
 }
 -- 
 2.23.0
--- a/patch/0033-isula-build-remove-docker-releated-path-for-authenti.patch
+++ b/patch/0033-isula-build-remove-docker-releated-path-for-authenti.patch
@ -0,0 +1,30 @@
 From 1c39c596b5d4a07f88edbc8200a9952e357561f2 Mon Sep 17 00:00:00 2001
 From: lixiang <lixiang172@huawei.com>
 Date: Fri, 4 Sep 2020 09:42:31 +0800
 Subject: [PATCH] isula-build:remove docker releated path for authentication
 reason: remove docker releated authentication path ${HOME}/.docker/config.json and ${HOME}/.dockercfg
 Signed-off-by: lixiang <lixiang172@huawei.com>
 ---
 .../containers/image/v5/pkg/docker/config/config.go           | 4 ----
 1 file changed, 4 deletions(-)
 diff --git a/vendor/github.com/containers/image/v5/pkg/docker/config/config.go b/vendor/github.com/containers/image/v5/pkg/docker/config/config.go
 index 1a2ed7c3..125e21d9 100644
 --- a/vendor/github.com/containers/image/v5/pkg/docker/config/config.go
 +++ b/vendor/github.com/containers/image/v5/pkg/docker/config/config.go
@@ -159,10 +159,6 @@ func getAuthFilePaths(sys *types.SystemContext) []authPath {
 		// Logging the error as a warning instead and moving on to pulling the image
 		logrus.Warnf("%v: Trying to pull image in the event that it is a public image.", err)
 	}
 -	paths = append(paths,
 -		authPath{path: filepath.Join(homedir.Get(), dockerHomePath), legacyFormat: false},
 -		authPath{path: filepath.Join(homedir.Get(), dockerLegacyHomePath), legacyFormat: true},
 -	)
 	return paths
 }
 -- 
 2.19.1
--- a/patch/0037-isula-build-fix-goroutine-leak-problem.patch
+++ b/patch/0037-isula-build-fix-goroutine-leak-problem.patch
@ -0,0 +1,42 @@
 From 56012b7a20cd09c91788f610321fefe82f4bbb5f Mon Sep 17 00:00:00 2001
 From: yangfeiyu <yangfeiyu2@huawei.com>
 Date: Mon, 7 Sep 2020 20:57:34 +0800
 Subject: [PATCH] isula-build: fix goroutine leak problem
 reason:
 when import a zstd tar file, goroutine will leak because of
 the unclosing channel of tar stream
 Signed-off-by: yangfeiyu <yangfeiyu2@huawei.com>
 ---
 vendor/github.com/containers/storage/layers.go              | 1 +
 vendor/github.com/containers/storage/pkg/archive/archive.go | 1 +
 2 files changed, 2 insertions(+)
 diff --git a/vendor/github.com/containers/storage/layers.go b/vendor/github.com/containers/storage/layers.go
 index 1fc25bab..2d2cf08e 100644
 --- a/vendor/github.com/containers/storage/layers.go
 +++ b/vendor/github.com/containers/storage/layers.go
@@ -1329,6 +1329,7 @@ func (r *layerStore) ApplyDiff(to string, diff io.Reader) (size int64, err error
 	if err != nil {
 		return -1, err
 	}
 +	defer uncompressed.Close()
 	uncompressedDigest := digest.Canonical.Digester()
 	uncompressedCounter := ioutils.NewWriteCounter(uncompressedDigest.Hash())
 	uidLog := make(map[uint32]struct{})
 diff --git a/vendor/github.com/containers/storage/pkg/archive/archive.go b/vendor/github.com/containers/storage/pkg/archive/archive.go
 index dd3b7506..58c4d184 100755
 --- a/vendor/github.com/containers/storage/pkg/archive/archive.go
 +++ b/vendor/github.com/containers/storage/pkg/archive/archive.go
@@ -139,6 +139,7 @@ func IsArchivePath(path string) bool {
 	if err != nil {
 		return false
 	}
 +	defer rdr.Close()
 	r := tar.NewReader(rdr)
 	_, err = r.Next()
 	return err == nil
 -- 
 2.23.0
--- a/series.conf
+++ b/series.conf
@ -0,0 +1,6 @@
 patch/0013-vendor-change-auth.json-file-mode-from-0700-to-0600.patch
 patch/0014-store-recover-use-graphLock-when-mount-a-layer.patch
 patch/0027-fix-goroutine-leak-with-close-tarLogger-in-a-defer-c.patch
 patch/0030-xattr-support-ima-and-evm.patch
 patch/0033-isula-build-remove-docker-releated-path-for-authenti.patch
 patch/0037-isula-build-fix-goroutine-leak-problem.patch
--- a/v0.9.2.tar.gz
+++ b/v0.9.2.tar.gz
--- a/v0.9.3.tar.gz
+++ b/v0.9.3.tar.gz
`@ -1 +1 @@`
	`ef9ec57767334bc4880898a14ce05a5920e48fb6`	`fd832e9c4d84b42249d267ce922c3444f20c260b`