isula-build:bump version to 0.9.3

Signed-off-by: DCCooper <1866858@gmail.com>
2020-09-10 18:24:16 +08:00 · 2020-09-10 18:24:16 +08:00 · 9c4dec0622
commit 9c4dec0622
parent 1b4e6d4ae1
15 changed files with 405 additions and 19 deletions
--- a/1
+++ b/1
@ -0,0 +1 @@
+0.9.3-1
--- a/39
+++ b/39
@ -0,0 +1,39 @@
+#!/bin/bash
+# Copyright (c) Huawei Technologies Co., Ltd. 2019-2020. All rights reserved.
+# Description: This shell script is used to apply patches for the project
+# Author: lixiang172@huawei.com
+# Create: 2020-08-21
+
+set -ex
+
+pkg=isula-build
+cwd=${PWD}
+src=${cwd}/${pkg}
+tar_file=v"$(awk -F"-" '{print $1}' < VERSION-openeuler)".tar.gz
+
+tar -zxvf "${tar_file}"
+if [ ! -d patch ]; then
+    tar -zxvf patch.tar.gz
+fi
+
+cd "${src}"
+git init
+git add .
+git config user.name 'build'
+git config user.email 'build@obs.com'
+git commit -m 'init build'
+cd "${cwd}"
+
+series=${cwd}/series.conf
+while IPF= read -r line; do
+    if [[ "${line}" =~ ^patch* ]]; then
+        echo "git apply ${cwd}/${line}"
+        cd "${src}" && git apply "${cwd}/${line}"
+    fi
+done <"${series}"
+
+cd "${cwd}"
+
+cp -rf "${src}"/* .
+cp -f VERSION-openeuler VERSION
+rm -rf "${src}"
--- a/gen-commit.sh
+++ b/gen-commit.sh
@ -1,12 +0,0 @@
-#!/bin/sh
-
-# Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved.
-# Description: This shell script is used to generate commitID store file.
-# Author: xiadanni1@huawei.com
-# Create: 2020-07-20
-
-changeID=`git log -1 | grep Change-Id | awk '{print $2}' | head -c 40`
-if [ "${changeID}" = "" ]; then
-    changeID=`date | sha256sum | head -c 40`
-fi
-echo "${changeID}" > git-commit 
--- a/gen-version.sh
+++ b/gen-version.sh
@ -0,0 +1,84 @@
+#!/bin/bash
+###################################################################################################
+# Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved.
+# iSula-Kits licensed under the Mulan PSL v2.
+# You can use this software according to the terms and conditions of the Mulan PSL v2.
+# You may obtain a copy of Mulan PSL v2 at:
+#     http://license.coscl.org.cn/MulanPSL2
+# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+# PURPOSE.
+# See the Mulan PSL v2 for more details.
+# Author: Xiang Li
+# Create: 2020-05-18
+# Description: This script used for update isula-build version and release. Enjoy and cherrs
+###################################################################################################
+
+# Basic info
+top_dir=$(git rev-parse --show-toplevel)
+version_file="${top_dir}/VERSION-openeuler"
+spec_file="${top_dir}/isula-build.spec"
+commit_file=${top_dir}/git-commit
+color=$(tput setaf 2) # red
+color_reset=$(tput sgr0)
+
+# Commit ID
+changeID=`git log -1 | grep Change-Id | awk '{print $2}' | head -c 40`
+if [ "${changeID}" = "" ]; then
+    changeID=`date | sha256sum | head -c 40`
+fi
+echo "${changeID}" > ${top_dir}/git-commit
+commit_id=$(cat ${commit_file}|cut -c1-7)
+
+old_all=$(cat "${version_file}")
+old_version=$(cat "${version_file}" | awk -F"-" '{print $1}')
+old_release=$(cat "${version_file}" | awk -F"-" '{print $2}')
+major_old_version=$(echo "${old_version}" | awk -F "." '{print $1}')
+minor_old_version=$(echo "${old_version}" | awk -F "." '{print $2}')
+revision_old_version=$(echo "${old_version}" | awk -F "." '{print $3}')
+
+
+# Read user input
+read -rp "update version: Major(1), Minor(2), Revision(3), Release(4) [1/2/3/4]: " input
+case ${input} in
+    1)
+        major_old_version=$((major_old_version + 1))
+        minor_old_version="0"
+        revision_old_version="0"
+        new_release_num="1"
+        ;;
+    2)
+        minor_old_version=$((minor_old_version + 1))
+        revision_old_version="0"
+        new_release_num="1"
+        ;;
+    3)
+        revision_old_version=$((revision_old_version + 1))
+        new_release_num="1"
+        ;;
+    4)
+        new_release_num=$((old_release + 1))
+        ;;
+
+    *)
+        echo "Wrong input, Version Not modified: ${old_version}"
+        exit 0
+        ;;
+esac
+
+
+# VERSION format:
+# Major.Minor.Revision
+new_version=${major_old_version}.${minor_old_version}.${revision_old_version}
+new_release="${new_release_num}"
+new_all=${new_version}-${new_release_num}
+
+# Replace version and release for spec and VERSION files
+sed -i -e "s/^Version: .*$/Version: ${new_version}/g" "${spec_file}"
+sed -i -e "s/^Release: .*$/Release: ${new_release}/g" "${spec_file}"
+echo "${new_all}" > "${version_file}"
+
+if [[ "${old_all}" != "${new_all}" ]]; then
+    printf 'Version: %s -> %s\n' "${old_all}" "${color}${new_all}${color_reset}"
+fi
+
--- a/2
+++ b/2
@ -1 +1 @@
-ef9ec57767334bc4880898a14ce05a5920e48fb6
+fd832e9c4d84b42249d267ce922c3444f20c260b
--- a/isula-build.spec
+++ b/isula-build.spec
@ -1,13 +1,18 @@
 %global is_systemd 1

 Name: isula-build
-Version: 0.9.2
-Release: 3
+Version: 0.9.3
+Release: 1
 Summary: A tool to build container images
 License: Mulan PSL V2
 URL: https://gitee.com/openeuler/isula-build
 Source0: https://gitee.com/openeuler/isula-build/repository/archive/v%{version}.tar.gz
 Source1: git-commit
+Source2: VERSION-openeuler
+Source3: apply-patches
+Source4: gen-version.sh
+Source5: series.conf
+Source6: patch.tar.gz
 BuildRequires: make btrfs-progs-devel device-mapper-devel glib2-devel gpgme-devel
 BuildRequires: libassuan-devel libseccomp-devel git bzip2 go-md2man systemd-devel
 BuildRequires: golang >= 1.13
@ -20,10 +25,16 @@ Requires: systemd-units
 isula-build is a tool used for container images building.

 %prep
-%autosetup -n %{name}
+cp %{SOURCE0} .
+cp %{SOURCE1} .
+cp %{SOURCE2} .
+cp %{SOURCE3} .
+cp %{SOURCE4} .
+cp %{SOURCE5} .
+cp %{SOURCE6} .

 %build
-cp %{SOURCE1} .
+sh ./apply-patches
 %{make_build} safe
 ./bin/isula-build completion > __isula-build

@ -42,7 +53,7 @@ install -d %{buildroot}%{_sysconfdir}/isula-build
 install -p -m 600 ./cmd/daemon/config/configuration.toml %{buildroot}%{_sysconfdir}/isula-build/configuration.toml
 install -p -m 600 ./cmd/daemon/config/storage.toml %{buildroot}%{_sysconfdir}/isula-build/storage.toml
 install -p -m 600 ./cmd/daemon/config/registries.toml %{buildroot}%{_sysconfdir}/isula-build/registries.toml
-install -p -m 600 ./cmd/daemon/config/policy.json %{buildroot}%{_sysconfdir}/isula-build/policy.json
+install -p -m 400 ./cmd/daemon/config/policy.json %{buildroot}%{_sysconfdir}/isula-build/policy.json
 # install bash completion script
 install -d %{buildroot}/usr/share/bash-completion/completions
 install -p -m 600 __isula-build %{buildroot}/usr/share/bash-completion/completions/isula-build
@ -65,6 +76,9 @@ rm -rf %{buildroot}
 /usr/share/bash-completion/completions/isula-build

 %changelog
+* Thu Sep 10 2020 lixiang <lixiang172@huawei.com> - 0.9.3-1
+- Bump version to 0.9.3
+
 * Fri Sep 04 2020 lixiang <lixiang172@huawei.com> - 0.9.2-3
 - Fix Source0 and do not startup after install by default

--- a/patch/0013-vendor-change-auth.json-file-mode-from-0700-to-0600.patch
+++ b/patch/0013-vendor-change-auth.json-file-mode-from-0700-to-0600.patch
@ -0,0 +1,29 @@
+From bde19bc4f9fce45ea09974fdd138cad111b9269c Mon Sep 17 00:00:00 2001
+From: lixiang <lixiang172@huawei.com>
+Date: Mon, 24 Aug 2020 10:17:20 +0800
+Subject: [PATCH] vendor:change auth.json file mode from 0700 to 0600
+
+reason: change auth.json file mode from 0700 to 0600
+See details in https://github.com/containers/image/issues/974
+
+Signed-off-by: lixiang <lixiang172@huawei.com>
+---
+ .../github.com/containers/image/v5/pkg/docker/config/config.go  | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/vendor/github.com/containers/image/v5/pkg/docker/config/config.go b/vendor/github.com/containers/image/v5/pkg/docker/config/config.go
+index ce85af18..e0b8b9b1 100644
+--- a/vendor/github.com/containers/image/v5/pkg/docker/config/config.go
+++ b/vendor/github.com/containers/image/v5/pkg/docker/config/config.go
+@@ -326,7 +326,7 @@ func modifyJSON(sys *types.SystemContext, editor func(auths *dockerConfigFile) (
+ 	}
+ 
+ 	dir := filepath.Dir(path)
+-	if err = os.MkdirAll(dir, 0700); err != nil {
+	if err = os.MkdirAll(dir, 0600); err != nil {
+ 		return err
+ 	}
+ 
+-- 
+2.19.1
+
--- a/patch/0014-store-recover-use-graphLock-when-mount-a-layer.patch
+++ b/patch/0014-store-recover-use-graphLock-when-mount-a-layer.patch
@ -0,0 +1,26 @@
+From 3703d88fbb74b216d8aaa2237d18c373fefa8f6e Mon Sep 17 00:00:00 2001
+From: liuzekun <liuzekun@huawei.com>
+Date: Fri, 21 Aug 2020 06:24:42 -0400
+Subject: [PATCH] store: recover use graphLock when mount a layer
+
+Signed-off-by: liuzekun <liuzekun@huawei.com>
+---
+ vendor/github.com/containers/storage/store.go | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/vendor/github.com/containers/storage/store.go b/vendor/github.com/containers/storage/store.go
+index 937bf8c..8f84412 100644
+--- a/vendor/github.com/containers/storage/store.go
+++ b/vendor/github.com/containers/storage/store.go
+@@ -2630,6 +2630,8 @@ func (s *store) mount(id string, options drivers.MountOpts) (string, error) {
+ 	if err != nil {
+ 		return "", err
+ 	}
+	s.graphLock.Lock()
+	defer s.graphLock.Unlock()
+ 	rlstore.Lock()
+ 	defer rlstore.Unlock()
+ 	if modified, err := rlstore.Modified(); modified || err != nil {
+-- 
+2.19.1
+
--- a/patch/0027-fix-goroutine-leak-with-close-tarLogger-in-a-defer-c.patch
+++ b/patch/0027-fix-goroutine-leak-with-close-tarLogger-in-a-defer-c.patch
@ -0,0 +1,34 @@
+From 241e0fdd31cf5f5905ab41b2bab1d0f247274bc3 Mon Sep 17 00:00:00 2001
+From: liuzekun <liuzekun@huawei.com>
+Date: Wed, 2 Sep 2020 06:10:55 -0400
+Subject: [PATCH] isula-build:fix goroutine leak with close tatLogger in a
+ defer clause
+
+Signed-off-by: liuzekun <liuzekun@huawei.com>
+---
+ vendor/github.com/containers/storage/layers.go | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/vendor/github.com/containers/storage/layers.go b/vendor/github.com/containers/storage/layers.go
+index dc21f75..1fc25ba 100644
+--- a/vendor/github.com/containers/storage/layers.go
+++ b/vendor/github.com/containers/storage/layers.go
+@@ -1346,6 +1346,7 @@ func (r *layerStore) ApplyDiff(to string, diff io.Reader) (size int64, err error
+ 	if err != nil {
+ 		return -1, err
+ 	}
+	defer idLogger.Close()
+ 	options := drivers.ApplyDiffOpts{
+ 		Diff:       payload,
+ 		Mappings:   r.layerMappings(layer),
+@@ -1356,7 +1357,6 @@ func (r *layerStore) ApplyDiff(to string, diff io.Reader) (size int64, err error
+ 		return -1, err
+ 	}
+ 	compressor.Close()
+-	idLogger.Close()
+ 	if err == nil {
+ 		if err := os.MkdirAll(filepath.Dir(r.tspath(layer.ID)), 0700); err != nil {
+ 			return -1, err
+-- 
+2.19.1
+
--- a/patch/0030-xattr-support-ima-and-evm.patch
+++ b/patch/0030-xattr-support-ima-and-evm.patch
@ -0,0 +1,93 @@
+From b179511d671e84c83d895444f1d0bc45152dc3ba Mon Sep 17 00:00:00 2001
+From: yangfeiyu <yangfeiyu2@huawei.com>
+Date: Sat, 22 Aug 2020 16:44:16 +0800
+Subject: [PATCH] xattr: support ima and evm
+
+reason: support ima and evm
+
+Signed-off-by: yangfeiyu <yangfeiyu2@huawei.com>
+---
+ .../containers/storage/pkg/archive/archive.go | 50 +++++++++----------
+ 1 file changed, 25 insertions(+), 25 deletions(-)
+ mode change 100644 => 100755 vendor/github.com/containers/storage/pkg/archive/archive.go
+
+diff --git a/vendor/github.com/containers/storage/pkg/archive/archive.go b/vendor/github.com/containers/storage/pkg/archive/archive.go
+old mode 100644
+new mode 100755
+index 78744e0..dd3b750
+--- a/vendor/github.com/containers/storage/pkg/archive/archive.go
+++ b/vendor/github.com/containers/storage/pkg/archive/archive.go
+@@ -396,7 +396,7 @@ func ReadSecurityXattrToTarHeader(path string, hdr *tar.Header) error {
+ 	if hdr.Xattrs == nil {
+ 		hdr.Xattrs = make(map[string]string)
+ 	}
+-	for _, xattr := range []string{"security.capability", "security.ima"} {
+	for _, xattr := range []string{"security.capability", "security.ima", "security.evm"} {
+ 		capability, err := system.Lgetxattr(path, xattr)
+ 		if err != nil && err != system.EOPNOTSUPP && err != system.ErrNotSupportedPlatform {
+ 			return errors.Wrapf(err, "failed to read %q attribute from %q", xattr, path)
+@@ -693,30 +693,7 @@ func createTarFile(path, extractDir string, hdr *tar.Header, reader io.Reader, L
+ 			}
+ 		}
+ 	}
+-
+-	var errors []string
+-	for key, value := range hdr.Xattrs {
+-		if err := system.Lsetxattr(path, key, []byte(value), 0); err != nil {
+-			if err == syscall.ENOTSUP || (err == syscall.EPERM && inUserns) {
+-				// We ignore errors here because not all graphdrivers support
+-				// xattrs *cough* old versions of AUFS *cough*. However only
+-				// ENOTSUP should be emitted in that case, otherwise we still
+-				// bail.  We also ignore EPERM errors if we are running in a
+-				// user namespace.
+-				errors = append(errors, err.Error())
+-				continue
+-			}
+-			return err
+-		}
+-
+-	}
+-
+-	if len(errors) > 0 {
+-		logrus.WithFields(logrus.Fields{
+-			"errors": errors,
+-		}).Warn("ignored xattrs in archive: underlying filesystem doesn't support them")
+-	}
+-
+	
+ 	// There is no LChmod, so ignore mode for symlink. Also, this
+ 	// must happen after chown, as that can modify the file mode
+ 	if err := handleLChmod(hdr, path, hdrInfo); err != nil {
+@@ -746,6 +723,29 @@ func createTarFile(path, extractDir string, hdr *tar.Header, reader io.Reader, L
+ 			return err
+ 		}
+ 	}
+
+	var errors []string
+	for key, value := range hdr.Xattrs {
+		if err := system.Lsetxattr(path, key, []byte(value), 0); err != nil {
+			if err == syscall.ENOTSUP || (err == syscall.EPERM && inUserns) {
+				// We ignore errors here because not all graphdrivers support
+				// xattrs *cough* old versions of AUFS *cough*. However only
+				// ENOTSUP should be emitted in that case, otherwise we still
+				// bail.  We also ignore EPERM errors if we are running in a
+				// user namespace.
+				errors = append(errors, err.Error())
+				continue
+			}
+			return err
+		}
+
+	}
+
+	if len(errors) > 0 {
+		logrus.WithFields(logrus.Fields{
+			"errors": errors,
+		}).Warn("ignored xattrs in archive: underlying filesystem doesn't support them")
+	}
+ 	return nil
+ }
+ 
+-- 
+2.23.0
+
--- a/patch/0033-isula-build-remove-docker-releated-path-for-authenti.patch
+++ b/patch/0033-isula-build-remove-docker-releated-path-for-authenti.patch
@ -0,0 +1,30 @@
+From 1c39c596b5d4a07f88edbc8200a9952e357561f2 Mon Sep 17 00:00:00 2001
+From: lixiang <lixiang172@huawei.com>
+Date: Fri, 4 Sep 2020 09:42:31 +0800
+Subject: [PATCH] isula-build:remove docker releated path for authentication
+
+reason: remove docker releated authentication path ${HOME}/.docker/config.json and ${HOME}/.dockercfg
+
+Signed-off-by: lixiang <lixiang172@huawei.com>
+---
+ .../containers/image/v5/pkg/docker/config/config.go           | 4 ----
+ 1 file changed, 4 deletions(-)
+
+diff --git a/vendor/github.com/containers/image/v5/pkg/docker/config/config.go b/vendor/github.com/containers/image/v5/pkg/docker/config/config.go
+index 1a2ed7c3..125e21d9 100644
+--- a/vendor/github.com/containers/image/v5/pkg/docker/config/config.go
+++ b/vendor/github.com/containers/image/v5/pkg/docker/config/config.go
+@@ -159,10 +159,6 @@ func getAuthFilePaths(sys *types.SystemContext) []authPath {
+ 		// Logging the error as a warning instead and moving on to pulling the image
+ 		logrus.Warnf("%v: Trying to pull image in the event that it is a public image.", err)
+ 	}
+-	paths = append(paths,
+-		authPath{path: filepath.Join(homedir.Get(), dockerHomePath), legacyFormat: false},
+-		authPath{path: filepath.Join(homedir.Get(), dockerLegacyHomePath), legacyFormat: true},
+-	)
+ 	return paths
+ }
+ 
+-- 
+2.19.1
+
--- a/patch/0037-isula-build-fix-goroutine-leak-problem.patch
+++ b/patch/0037-isula-build-fix-goroutine-leak-problem.patch
@ -0,0 +1,42 @@
+From 56012b7a20cd09c91788f610321fefe82f4bbb5f Mon Sep 17 00:00:00 2001
+From: yangfeiyu <yangfeiyu2@huawei.com>
+Date: Mon, 7 Sep 2020 20:57:34 +0800
+Subject: [PATCH] isula-build: fix goroutine leak problem
+
+reason:
+when import a zstd tar file, goroutine will leak because of
+the unclosing channel of tar stream
+
+Signed-off-by: yangfeiyu <yangfeiyu2@huawei.com>
+---
+ vendor/github.com/containers/storage/layers.go              | 1 +
+ vendor/github.com/containers/storage/pkg/archive/archive.go | 1 +
+ 2 files changed, 2 insertions(+)
+
+diff --git a/vendor/github.com/containers/storage/layers.go b/vendor/github.com/containers/storage/layers.go
+index 1fc25bab..2d2cf08e 100644
+--- a/vendor/github.com/containers/storage/layers.go
+++ b/vendor/github.com/containers/storage/layers.go
+@@ -1329,6 +1329,7 @@ func (r *layerStore) ApplyDiff(to string, diff io.Reader) (size int64, err error
+ 	if err != nil {
+ 		return -1, err
+ 	}
+	defer uncompressed.Close()
+ 	uncompressedDigest := digest.Canonical.Digester()
+ 	uncompressedCounter := ioutils.NewWriteCounter(uncompressedDigest.Hash())
+ 	uidLog := make(map[uint32]struct{})
+diff --git a/vendor/github.com/containers/storage/pkg/archive/archive.go b/vendor/github.com/containers/storage/pkg/archive/archive.go
+index dd3b7506..58c4d184 100755
+--- a/vendor/github.com/containers/storage/pkg/archive/archive.go
+++ b/vendor/github.com/containers/storage/pkg/archive/archive.go
+@@ -139,6 +139,7 @@ func IsArchivePath(path string) bool {
+ 	if err != nil {
+ 		return false
+ 	}
+	defer rdr.Close()
+ 	r := tar.NewReader(rdr)
+ 	_, err = r.Next()
+ 	return err == nil
+-- 
+2.23.0
+
--- a/series.conf
+++ b/series.conf
@ -0,0 +1,6 @@
+patch/0013-vendor-change-auth.json-file-mode-from-0700-to-0600.patch
+patch/0014-store-recover-use-graphLock-when-mount-a-layer.patch
+patch/0027-fix-goroutine-leak-with-close-tarLogger-in-a-defer-c.patch
+patch/0030-xattr-support-ima-and-evm.patch
+patch/0033-isula-build-remove-docker-releated-path-for-authenti.patch
+patch/0037-isula-build-fix-goroutine-leak-problem.patch
--- a/v0.9.2.tar.gz
+++ b/v0.9.2.tar.gz
--- a/v0.9.3.tar.gz
+++ b/v0.9.3.tar.gz