diff --git a/VERSION-openeuler b/VERSION-openeuler new file mode 100644 index 0000000..e50d6d7 --- /dev/null +++ b/VERSION-openeuler @@ -0,0 +1 @@ +0.9.3-1 diff --git a/apply-patches b/apply-patches new file mode 100755 index 0000000..1b64e8c --- /dev/null +++ b/apply-patches @@ -0,0 +1,39 @@ +#!/bin/bash +# Copyright (c) Huawei Technologies Co., Ltd. 2019-2020. All rights reserved. +# Description: This shell script is used to apply patches for the project +# Author: lixiang172@huawei.com +# Create: 2020-08-21 + +set -ex + +pkg=isula-build +cwd=${PWD} +src=${cwd}/${pkg} +tar_file=v"$(awk -F"-" '{print $1}' < VERSION-openeuler)".tar.gz + +tar -zxvf "${tar_file}" +if [ ! -d patch ]; then + tar -zxvf patch.tar.gz +fi + +cd "${src}" +git init +git add . +git config user.name 'build' +git config user.email 'build@obs.com' +git commit -m 'init build' +cd "${cwd}" + +series=${cwd}/series.conf +while IPF= read -r line; do + if [[ "${line}" =~ ^patch* ]]; then + echo "git apply ${cwd}/${line}" + cd "${src}" && git apply "${cwd}/${line}" + fi +done <"${series}" + +cd "${cwd}" + +cp -rf "${src}"/* . +cp -f VERSION-openeuler VERSION +rm -rf "${src}" diff --git a/gen-commit.sh b/gen-commit.sh deleted file mode 100644 index 63a12c5..0000000 --- a/gen-commit.sh +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/sh - -# Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. -# Description: This shell script is used to generate commitID store file. -# Author: xiadanni1@huawei.com -# Create: 2020-07-20 - -changeID=`git log -1 | grep Change-Id | awk '{print $2}' | head -c 40` -if [ "${changeID}" = "" ]; then - changeID=`date | sha256sum | head -c 40` -fi -echo "${changeID}" > git-commit diff --git a/gen-version.sh b/gen-version.sh new file mode 100755 index 0000000..24fe2e1 --- /dev/null +++ b/gen-version.sh @@ -0,0 +1,84 @@ +#!/bin/bash +################################################################################################### +# Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. +# iSula-Kits licensed under the Mulan PSL v2. +# You can use this software according to the terms and conditions of the Mulan PSL v2. +# You may obtain a copy of Mulan PSL v2 at: +# http://license.coscl.org.cn/MulanPSL2 +# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR +# PURPOSE. +# See the Mulan PSL v2 for more details. +# Author: Xiang Li +# Create: 2020-05-18 +# Description: This script used for update isula-build version and release. Enjoy and cherrs +################################################################################################### + +# Basic info +top_dir=$(git rev-parse --show-toplevel) +version_file="${top_dir}/VERSION-openeuler" +spec_file="${top_dir}/isula-build.spec" +commit_file=${top_dir}/git-commit +color=$(tput setaf 2) # red +color_reset=$(tput sgr0) + +# Commit ID +changeID=`git log -1 | grep Change-Id | awk '{print $2}' | head -c 40` +if [ "${changeID}" = "" ]; then + changeID=`date | sha256sum | head -c 40` +fi +echo "${changeID}" > ${top_dir}/git-commit +commit_id=$(cat ${commit_file}|cut -c1-7) + +old_all=$(cat "${version_file}") +old_version=$(cat "${version_file}" | awk -F"-" '{print $1}') +old_release=$(cat "${version_file}" | awk -F"-" '{print $2}') +major_old_version=$(echo "${old_version}" | awk -F "." '{print $1}') +minor_old_version=$(echo "${old_version}" | awk -F "." '{print $2}') +revision_old_version=$(echo "${old_version}" | awk -F "." '{print $3}') + + +# Read user input +read -rp "update version: Major(1), Minor(2), Revision(3), Release(4) [1/2/3/4]: " input +case ${input} in + 1) + major_old_version=$((major_old_version + 1)) + minor_old_version="0" + revision_old_version="0" + new_release_num="1" + ;; + 2) + minor_old_version=$((minor_old_version + 1)) + revision_old_version="0" + new_release_num="1" + ;; + 3) + revision_old_version=$((revision_old_version + 1)) + new_release_num="1" + ;; + 4) + new_release_num=$((old_release + 1)) + ;; + + *) + echo "Wrong input, Version Not modified: ${old_version}" + exit 0 + ;; +esac + + +# VERSION format: +# Major.Minor.Revision +new_version=${major_old_version}.${minor_old_version}.${revision_old_version} +new_release="${new_release_num}" +new_all=${new_version}-${new_release_num} + +# Replace version and release for spec and VERSION files +sed -i -e "s/^Version: .*$/Version: ${new_version}/g" "${spec_file}" +sed -i -e "s/^Release: .*$/Release: ${new_release}/g" "${spec_file}" +echo "${new_all}" > "${version_file}" + +if [[ "${old_all}" != "${new_all}" ]]; then + printf 'Version: %s -> %s\n' "${old_all}" "${color}${new_all}${color_reset}" +fi + diff --git a/git-commit b/git-commit index b06efe3..8122565 100644 --- a/git-commit +++ b/git-commit @@ -1 +1 @@ -ef9ec57767334bc4880898a14ce05a5920e48fb6 +fd832e9c4d84b42249d267ce922c3444f20c260b diff --git a/isula-build.spec b/isula-build.spec index c78f2e9..a182eb7 100644 --- a/isula-build.spec +++ b/isula-build.spec @@ -1,13 +1,18 @@ %global is_systemd 1 Name: isula-build -Version: 0.9.2 -Release: 3 +Version: 0.9.3 +Release: 1 Summary: A tool to build container images License: Mulan PSL V2 URL: https://gitee.com/openeuler/isula-build Source0: https://gitee.com/openeuler/isula-build/repository/archive/v%{version}.tar.gz -Source1: git-commit +Source1: git-commit +Source2: VERSION-openeuler +Source3: apply-patches +Source4: gen-version.sh +Source5: series.conf +Source6: patch.tar.gz BuildRequires: make btrfs-progs-devel device-mapper-devel glib2-devel gpgme-devel BuildRequires: libassuan-devel libseccomp-devel git bzip2 go-md2man systemd-devel BuildRequires: golang >= 1.13 @@ -20,10 +25,16 @@ Requires: systemd-units isula-build is a tool used for container images building. %prep -%autosetup -n %{name} +cp %{SOURCE0} . +cp %{SOURCE1} . +cp %{SOURCE2} . +cp %{SOURCE3} . +cp %{SOURCE4} . +cp %{SOURCE5} . +cp %{SOURCE6} . %build -cp %{SOURCE1} . +sh ./apply-patches %{make_build} safe ./bin/isula-build completion > __isula-build @@ -42,7 +53,7 @@ install -d %{buildroot}%{_sysconfdir}/isula-build install -p -m 600 ./cmd/daemon/config/configuration.toml %{buildroot}%{_sysconfdir}/isula-build/configuration.toml install -p -m 600 ./cmd/daemon/config/storage.toml %{buildroot}%{_sysconfdir}/isula-build/storage.toml install -p -m 600 ./cmd/daemon/config/registries.toml %{buildroot}%{_sysconfdir}/isula-build/registries.toml -install -p -m 600 ./cmd/daemon/config/policy.json %{buildroot}%{_sysconfdir}/isula-build/policy.json +install -p -m 400 ./cmd/daemon/config/policy.json %{buildroot}%{_sysconfdir}/isula-build/policy.json # install bash completion script install -d %{buildroot}/usr/share/bash-completion/completions install -p -m 600 __isula-build %{buildroot}/usr/share/bash-completion/completions/isula-build @@ -65,6 +76,9 @@ rm -rf %{buildroot} /usr/share/bash-completion/completions/isula-build %changelog +* Thu Sep 10 2020 lixiang - 0.9.3-1 +- Bump version to 0.9.3 + * Fri Sep 04 2020 lixiang - 0.9.2-3 - Fix Source0 and do not startup after install by default diff --git a/patch/0013-vendor-change-auth.json-file-mode-from-0700-to-0600.patch b/patch/0013-vendor-change-auth.json-file-mode-from-0700-to-0600.patch new file mode 100644 index 0000000..26c3fc0 --- /dev/null +++ b/patch/0013-vendor-change-auth.json-file-mode-from-0700-to-0600.patch @@ -0,0 +1,29 @@ +From bde19bc4f9fce45ea09974fdd138cad111b9269c Mon Sep 17 00:00:00 2001 +From: lixiang +Date: Mon, 24 Aug 2020 10:17:20 +0800 +Subject: [PATCH] vendor:change auth.json file mode from 0700 to 0600 + +reason: change auth.json file mode from 0700 to 0600 +See details in https://github.com/containers/image/issues/974 + +Signed-off-by: lixiang +--- + .../github.com/containers/image/v5/pkg/docker/config/config.go | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/vendor/github.com/containers/image/v5/pkg/docker/config/config.go b/vendor/github.com/containers/image/v5/pkg/docker/config/config.go +index ce85af18..e0b8b9b1 100644 +--- a/vendor/github.com/containers/image/v5/pkg/docker/config/config.go ++++ b/vendor/github.com/containers/image/v5/pkg/docker/config/config.go +@@ -326,7 +326,7 @@ func modifyJSON(sys *types.SystemContext, editor func(auths *dockerConfigFile) ( + } + + dir := filepath.Dir(path) +- if err = os.MkdirAll(dir, 0700); err != nil { ++ if err = os.MkdirAll(dir, 0600); err != nil { + return err + } + +-- +2.19.1 + diff --git a/patch/0014-store-recover-use-graphLock-when-mount-a-layer.patch b/patch/0014-store-recover-use-graphLock-when-mount-a-layer.patch new file mode 100644 index 0000000..5ce1380 --- /dev/null +++ b/patch/0014-store-recover-use-graphLock-when-mount-a-layer.patch @@ -0,0 +1,26 @@ +From 3703d88fbb74b216d8aaa2237d18c373fefa8f6e Mon Sep 17 00:00:00 2001 +From: liuzekun +Date: Fri, 21 Aug 2020 06:24:42 -0400 +Subject: [PATCH] store: recover use graphLock when mount a layer + +Signed-off-by: liuzekun +--- + vendor/github.com/containers/storage/store.go | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/vendor/github.com/containers/storage/store.go b/vendor/github.com/containers/storage/store.go +index 937bf8c..8f84412 100644 +--- a/vendor/github.com/containers/storage/store.go ++++ b/vendor/github.com/containers/storage/store.go +@@ -2630,6 +2630,8 @@ func (s *store) mount(id string, options drivers.MountOpts) (string, error) { + if err != nil { + return "", err + } ++ s.graphLock.Lock() ++ defer s.graphLock.Unlock() + rlstore.Lock() + defer rlstore.Unlock() + if modified, err := rlstore.Modified(); modified || err != nil { +-- +2.19.1 + diff --git a/patch/0027-fix-goroutine-leak-with-close-tarLogger-in-a-defer-c.patch b/patch/0027-fix-goroutine-leak-with-close-tarLogger-in-a-defer-c.patch new file mode 100644 index 0000000..9080541 --- /dev/null +++ b/patch/0027-fix-goroutine-leak-with-close-tarLogger-in-a-defer-c.patch @@ -0,0 +1,34 @@ +From 241e0fdd31cf5f5905ab41b2bab1d0f247274bc3 Mon Sep 17 00:00:00 2001 +From: liuzekun +Date: Wed, 2 Sep 2020 06:10:55 -0400 +Subject: [PATCH] isula-build:fix goroutine leak with close tatLogger in a + defer clause + +Signed-off-by: liuzekun +--- + vendor/github.com/containers/storage/layers.go | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/vendor/github.com/containers/storage/layers.go b/vendor/github.com/containers/storage/layers.go +index dc21f75..1fc25ba 100644 +--- a/vendor/github.com/containers/storage/layers.go ++++ b/vendor/github.com/containers/storage/layers.go +@@ -1346,6 +1346,7 @@ func (r *layerStore) ApplyDiff(to string, diff io.Reader) (size int64, err error + if err != nil { + return -1, err + } ++ defer idLogger.Close() + options := drivers.ApplyDiffOpts{ + Diff: payload, + Mappings: r.layerMappings(layer), +@@ -1356,7 +1357,6 @@ func (r *layerStore) ApplyDiff(to string, diff io.Reader) (size int64, err error + return -1, err + } + compressor.Close() +- idLogger.Close() + if err == nil { + if err := os.MkdirAll(filepath.Dir(r.tspath(layer.ID)), 0700); err != nil { + return -1, err +-- +2.19.1 + diff --git a/patch/0030-xattr-support-ima-and-evm.patch b/patch/0030-xattr-support-ima-and-evm.patch new file mode 100644 index 0000000..7116c88 --- /dev/null +++ b/patch/0030-xattr-support-ima-and-evm.patch @@ -0,0 +1,93 @@ +From b179511d671e84c83d895444f1d0bc45152dc3ba Mon Sep 17 00:00:00 2001 +From: yangfeiyu +Date: Sat, 22 Aug 2020 16:44:16 +0800 +Subject: [PATCH] xattr: support ima and evm + +reason: support ima and evm + +Signed-off-by: yangfeiyu +--- + .../containers/storage/pkg/archive/archive.go | 50 +++++++++---------- + 1 file changed, 25 insertions(+), 25 deletions(-) + mode change 100644 => 100755 vendor/github.com/containers/storage/pkg/archive/archive.go + +diff --git a/vendor/github.com/containers/storage/pkg/archive/archive.go b/vendor/github.com/containers/storage/pkg/archive/archive.go +old mode 100644 +new mode 100755 +index 78744e0..dd3b750 +--- a/vendor/github.com/containers/storage/pkg/archive/archive.go ++++ b/vendor/github.com/containers/storage/pkg/archive/archive.go +@@ -396,7 +396,7 @@ func ReadSecurityXattrToTarHeader(path string, hdr *tar.Header) error { + if hdr.Xattrs == nil { + hdr.Xattrs = make(map[string]string) + } +- for _, xattr := range []string{"security.capability", "security.ima"} { ++ for _, xattr := range []string{"security.capability", "security.ima", "security.evm"} { + capability, err := system.Lgetxattr(path, xattr) + if err != nil && err != system.EOPNOTSUPP && err != system.ErrNotSupportedPlatform { + return errors.Wrapf(err, "failed to read %q attribute from %q", xattr, path) +@@ -693,30 +693,7 @@ func createTarFile(path, extractDir string, hdr *tar.Header, reader io.Reader, L + } + } + } +- +- var errors []string +- for key, value := range hdr.Xattrs { +- if err := system.Lsetxattr(path, key, []byte(value), 0); err != nil { +- if err == syscall.ENOTSUP || (err == syscall.EPERM && inUserns) { +- // We ignore errors here because not all graphdrivers support +- // xattrs *cough* old versions of AUFS *cough*. However only +- // ENOTSUP should be emitted in that case, otherwise we still +- // bail. We also ignore EPERM errors if we are running in a +- // user namespace. +- errors = append(errors, err.Error()) +- continue +- } +- return err +- } +- +- } +- +- if len(errors) > 0 { +- logrus.WithFields(logrus.Fields{ +- "errors": errors, +- }).Warn("ignored xattrs in archive: underlying filesystem doesn't support them") +- } +- ++ + // There is no LChmod, so ignore mode for symlink. Also, this + // must happen after chown, as that can modify the file mode + if err := handleLChmod(hdr, path, hdrInfo); err != nil { +@@ -746,6 +723,29 @@ func createTarFile(path, extractDir string, hdr *tar.Header, reader io.Reader, L + return err + } + } ++ ++ var errors []string ++ for key, value := range hdr.Xattrs { ++ if err := system.Lsetxattr(path, key, []byte(value), 0); err != nil { ++ if err == syscall.ENOTSUP || (err == syscall.EPERM && inUserns) { ++ // We ignore errors here because not all graphdrivers support ++ // xattrs *cough* old versions of AUFS *cough*. However only ++ // ENOTSUP should be emitted in that case, otherwise we still ++ // bail. We also ignore EPERM errors if we are running in a ++ // user namespace. ++ errors = append(errors, err.Error()) ++ continue ++ } ++ return err ++ } ++ ++ } ++ ++ if len(errors) > 0 { ++ logrus.WithFields(logrus.Fields{ ++ "errors": errors, ++ }).Warn("ignored xattrs in archive: underlying filesystem doesn't support them") ++ } + return nil + } + +-- +2.23.0 + diff --git a/patch/0033-isula-build-remove-docker-releated-path-for-authenti.patch b/patch/0033-isula-build-remove-docker-releated-path-for-authenti.patch new file mode 100644 index 0000000..5148294 --- /dev/null +++ b/patch/0033-isula-build-remove-docker-releated-path-for-authenti.patch @@ -0,0 +1,30 @@ +From 1c39c596b5d4a07f88edbc8200a9952e357561f2 Mon Sep 17 00:00:00 2001 +From: lixiang +Date: Fri, 4 Sep 2020 09:42:31 +0800 +Subject: [PATCH] isula-build:remove docker releated path for authentication + +reason: remove docker releated authentication path ${HOME}/.docker/config.json and ${HOME}/.dockercfg + +Signed-off-by: lixiang +--- + .../containers/image/v5/pkg/docker/config/config.go | 4 ---- + 1 file changed, 4 deletions(-) + +diff --git a/vendor/github.com/containers/image/v5/pkg/docker/config/config.go b/vendor/github.com/containers/image/v5/pkg/docker/config/config.go +index 1a2ed7c3..125e21d9 100644 +--- a/vendor/github.com/containers/image/v5/pkg/docker/config/config.go ++++ b/vendor/github.com/containers/image/v5/pkg/docker/config/config.go +@@ -159,10 +159,6 @@ func getAuthFilePaths(sys *types.SystemContext) []authPath { + // Logging the error as a warning instead and moving on to pulling the image + logrus.Warnf("%v: Trying to pull image in the event that it is a public image.", err) + } +- paths = append(paths, +- authPath{path: filepath.Join(homedir.Get(), dockerHomePath), legacyFormat: false}, +- authPath{path: filepath.Join(homedir.Get(), dockerLegacyHomePath), legacyFormat: true}, +- ) + return paths + } + +-- +2.19.1 + diff --git a/patch/0037-isula-build-fix-goroutine-leak-problem.patch b/patch/0037-isula-build-fix-goroutine-leak-problem.patch new file mode 100644 index 0000000..7d3b118 --- /dev/null +++ b/patch/0037-isula-build-fix-goroutine-leak-problem.patch @@ -0,0 +1,42 @@ +From 56012b7a20cd09c91788f610321fefe82f4bbb5f Mon Sep 17 00:00:00 2001 +From: yangfeiyu +Date: Mon, 7 Sep 2020 20:57:34 +0800 +Subject: [PATCH] isula-build: fix goroutine leak problem + +reason: +when import a zstd tar file, goroutine will leak because of +the unclosing channel of tar stream + +Signed-off-by: yangfeiyu +--- + vendor/github.com/containers/storage/layers.go | 1 + + vendor/github.com/containers/storage/pkg/archive/archive.go | 1 + + 2 files changed, 2 insertions(+) + +diff --git a/vendor/github.com/containers/storage/layers.go b/vendor/github.com/containers/storage/layers.go +index 1fc25bab..2d2cf08e 100644 +--- a/vendor/github.com/containers/storage/layers.go ++++ b/vendor/github.com/containers/storage/layers.go +@@ -1329,6 +1329,7 @@ func (r *layerStore) ApplyDiff(to string, diff io.Reader) (size int64, err error + if err != nil { + return -1, err + } ++ defer uncompressed.Close() + uncompressedDigest := digest.Canonical.Digester() + uncompressedCounter := ioutils.NewWriteCounter(uncompressedDigest.Hash()) + uidLog := make(map[uint32]struct{}) +diff --git a/vendor/github.com/containers/storage/pkg/archive/archive.go b/vendor/github.com/containers/storage/pkg/archive/archive.go +index dd3b7506..58c4d184 100755 +--- a/vendor/github.com/containers/storage/pkg/archive/archive.go ++++ b/vendor/github.com/containers/storage/pkg/archive/archive.go +@@ -139,6 +139,7 @@ func IsArchivePath(path string) bool { + if err != nil { + return false + } ++ defer rdr.Close() + r := tar.NewReader(rdr) + _, err = r.Next() + return err == nil +-- +2.23.0 + diff --git a/series.conf b/series.conf new file mode 100644 index 0000000..a82657b --- /dev/null +++ b/series.conf @@ -0,0 +1,6 @@ +patch/0013-vendor-change-auth.json-file-mode-from-0700-to-0600.patch +patch/0014-store-recover-use-graphLock-when-mount-a-layer.patch +patch/0027-fix-goroutine-leak-with-close-tarLogger-in-a-defer-c.patch +patch/0030-xattr-support-ima-and-evm.patch +patch/0033-isula-build-remove-docker-releated-path-for-authenti.patch +patch/0037-isula-build-fix-goroutine-leak-problem.patch diff --git a/v0.9.2.tar.gz b/v0.9.2.tar.gz deleted file mode 100644 index a2e0f8d..0000000 Binary files a/v0.9.2.tar.gz and /dev/null differ diff --git a/v0.9.3.tar.gz b/v0.9.3.tar.gz new file mode 100644 index 0000000..1a78e52 Binary files /dev/null and b/v0.9.3.tar.gz differ