packages/iSulad
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Sync patches from upstream

Browse Source
This commit is contained in:
武积超 2025-01-07 20:19:36 +08:00
parent 71091c8ccb
commit 16b7f398e3
35 changed files with 14556 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
0142-pull-failure-shows-error-reason.patch Normal file
View File

@ -0,0 +1,27 @@
From dd3f733949a0c6c9256a63b54079e9a7b8aa7fe6 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Fri, 25 Oct 2024 02:50:01 +1400
Subject: [PATCH 142/156] pull failure shows error reason
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
src/daemon/entry/connect/grpc/grpc_images_service.cc | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/daemon/entry/connect/grpc/grpc_images_service.cc b/src/daemon/entry/connect/grpc/grpc_images_service.cc
index 32f0446e..6135945a 100644
--- a/src/daemon/entry/connect/grpc/grpc_images_service.cc
+++ b/src/daemon/entry/connect/grpc/grpc_images_service.cc
@@ -691,6 +691,9 @@ Status ImagesServiceImpl::PullImage(ServerContext *context, const PullImageReque
stream.writer = (void *)writer;
ret = cb->image.pull(image_req, &stream, &image_res);
+ if (image_res->errmsg != NULL) {
+ errmsg = image_res->errmsg;
+ }
free_image_pull_image_request(image_req);
free_image_pull_image_response(image_res);
if (ret == 0) {
--
2.34.1

44
0143-move-CGROUP2_SUPER_MAGIC-define-to-cgroup.c.patch Normal file
View File

@ -0,0 +1,44 @@
From d0bb2c00769ab41ada532a04338b91032d7ada2e Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Sat, 26 Oct 2024 16:59:09 +1400
Subject: [PATCH 143/156] move CGROUP2_SUPER_MAGIC define to cgroup.c
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
src/daemon/common/cgroup/cgroup.c | 4 ++++
src/daemon/common/cgroup/cgroup_v2.c | 4 ----
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/src/daemon/common/cgroup/cgroup.c b/src/daemon/common/cgroup/cgroup.c
index 77fafdae..a6846c03 100644
--- a/src/daemon/common/cgroup/cgroup.c
+++ b/src/daemon/common/cgroup/cgroup.c
@@ -36,6 +36,10 @@
#define CGROUP_SUPER_MAGIC 0x27e0eb
#endif
+#ifndef CGROUP2_SUPER_MAGIC
+#define CGROUP2_SUPER_MAGIC 0x63677270
+#endif
+
static cgroup_ops g_cgroup_ops;
static int get_cgroup_version_for_init(void)
diff --git a/src/daemon/common/cgroup/cgroup_v2.c b/src/daemon/common/cgroup/cgroup_v2.c
index ce72e6c4..078425d2 100644
--- a/src/daemon/common/cgroup/cgroup_v2.c
+++ b/src/daemon/common/cgroup/cgroup_v2.c
@@ -52,10 +52,6 @@
#define CGROUP2_CPUSET_CPUS_EFFECTIVE_PATH CGROUP_MOUNTPOINT"/cpuset.cpus.effective"
#define CGROUP2_CPUSET_MEMS_EFFECTIVE_PATH CGROUP_MOUNTPOINT"/cpuset.mems.effective"
-#ifndef CGROUP2_SUPER_MAGIC
-#define CGROUP2_SUPER_MAGIC 0x63677270
-#endif
-
static int get_value_ull_v2(const char *content, const char *match, void *result)
{
uint64_t ull_result = 0;
--
2.34.1

189
0144-update-centos-build-script.patch Normal file
View File

@ -0,0 +1,189 @@
From 10aa1ba26eecdf044c1a97e05db53d286e19a3af Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Sat, 26 Oct 2024 18:24:21 +1400
Subject: [PATCH 144/156] update centos build script
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
CI/dockerfiles/Dockerfile-centos | 10 ++-
docs/build_docs/README_zh.md | 4 +
.../script/install_iSulad_on_Centos_7.sh | 83 +++----------------
3 files changed, 23 insertions(+), 74 deletions(-)
diff --git a/CI/dockerfiles/Dockerfile-centos b/CI/dockerfiles/Dockerfile-centos
index af3ce035..0b11014b 100644
--- a/CI/dockerfiles/Dockerfile-centos
+++ b/CI/dockerfiles/Dockerfile-centos
@@ -24,6 +24,11 @@
FROM centos:7.6.1810
MAINTAINER LiFeng <lifeng68@huawei.com>
+RUN sed -i 's/mirror.centos.org/archive.kernel.org\/centos-vault/g' /etc/yum.repos.d/*.repo
+RUN sed -i s/^#.*baseurl=http/baseurl=http/g /etc/yum.repos.d/*.repo
+RUN sed -i s/^mirrorlist=http/#mirrorlist=http/g /etc/yum.repos.d/*.repo
+RUN echo "sslverify=false" | tee -a /etc/yum.conf
+
# Install dependency package
RUN yum clean all && yum makecache && yum install -y epel-release && yum swap -y fakesystemd systemd && \
yum update -y && \
@@ -113,6 +118,9 @@ RUN git config --global http.sslverify false
# install rust
RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
+RUN mkdir -p /root/.cargo/
+RUN touch ${HOME}/.cargo/config
+
# configure rust
RUN echo "[source.crates-io]" >> ${HOME}/.cargo/config && \
echo "[source.local-registry]" >> ${HOME}/.cargo/config && \
@@ -286,7 +294,7 @@ RUN export PKG_CONFIG_PATH=/usr/local/lib/pkgconfig:$PKG_CONFIG_PATH && \
make install && \
ldconfig
-RUN dnf install -y ncurses-devel && dnf clean all
+RUN yum install -y ncurses-devel && yum clean all
VOLUME [ "/sys/fs/cgroup" ]
CMD ["/usr/sbin/init"]
diff --git a/docs/build_docs/README_zh.md b/docs/build_docs/README_zh.md
index f27fbc4f..6450bf7e 100644
--- a/docs/build_docs/README_zh.md
+++ b/docs/build_docs/README_zh.md
@@ -40,6 +40,8 @@ $ cd iSulad/docs/build_docs/guide/script
$ sudo ./install_iSulad_on_Centos_7.sh
```
+若需要在centos容器中编译iSulad可参照iSulad编译可使用的镜像dockerfile[Dockerfile-ubuntu](../../CI/dockerfiles/Dockerfile-ubuntu)。
+
### Ubuntu
我们同样在代码仓中提供了在Ubuntu上自动化安装的脚本: [install_iSulad_on_Ubuntu_20_04_LTS](./guide/script/install_iSulad_on_Ubuntu_20_04_LTS.sh)您只需要执行这个脚本就可以自动编译安装iSulad以及其依赖的组件。
@@ -51,6 +53,8 @@ $ sudo chmod +x ./install_iSulad_on_Ubuntu_20_04_LTS.sh
$ sudo ./install_iSulad_on_Ubuntu_20_04_LTS.sh
```
+若需要在ubuntu容器中编译iSulad可参照iSulad编译可使用的镜像dockerfile[Dockerfile-centos](../../CI/dockerfiles/)。
+
## 构建指南
我们提供了多种构建iSulad的方式
diff --git a/docs/build_docs/guide/script/install_iSulad_on_Centos_7.sh b/docs/build_docs/guide/script/install_iSulad_on_Centos_7.sh
index b268d777..d83520e1 100755
--- a/docs/build_docs/guide/script/install_iSulad_on_Centos_7.sh
+++ b/docs/build_docs/guide/script/install_iSulad_on_Centos_7.sh
@@ -5,93 +5,29 @@ set -x
set -e
# install neccessary packages
-yum install -y patch automake autoconf libtool cmake make libcap libcap-devel libselinux libselinux-devel libseccomp libseccomp-devel yajl-devel git libcgroup tar python3 python3-pip device-mapper-devel libcurl-devel zlib-devel glibc-headers openssl-devel gcc gcc-c++ systemd-devel systemd-libs golang libtar libtar-devel which
+# yum install -y patch automake autoconf libtool cmake make libcap libcap-devel libselinux libselinux-devel libseccomp libseccomp-devel yajl-devel git libcgroup tar python3 python3-pip device-mapper-devel libcurl-devel zlib-devel glibc-headers openssl-devel gcc gcc-c++ systemd-devel systemd-libs golang libtar libtar-devel which
# export LDFLAGS
export PKG_CONFIG_PATH=/usr/local/lib/pkgconfig:$PKG_CONFIG_PATH
export LD_LIBRARY_PATH=/usr/local/lib:/usr/lib:$LD_LIBRARY_PATH
- echo "/usr/local/lib" >> /etc/ld.so.conf
+echo "/usr/local/lib" >> /etc/ld.so.conf
BUILD_DIR=/tmp/build_isulad
rm -rf $BUILD_DIR
mkdir -p $BUILD_DIR
-# build libarchive
-cd $BUILD_DIR
-git clone https://gitee.com/src-openeuler/libarchive.git
-cd libarchive
-git checkout -b openEuler-20.03-LTS-tag openEuler-20.03-LTS-tag
-tar -zxvf libarchive-3.4.1.tar.gz
-cd libarchive-3.4.1
-patch -p1 -F1 -s < ../libarchive-uninitialized-value.patch
-cd build
-cmake -DCMAKE_USE_SYSTEM_LIBRARIES=ON ../
-make -j $(nproc)
-make install
-ldconfig
-
-# build protobuf
-cd $BUILD_DIR
-git clone https://gitee.com/src-openeuler/protobuf.git
-cd protobuf
-git checkout openEuler-20.03-LTS-tag
-tar -xzvf protobuf-all-3.9.0.tar.gz
-cd protobuf-3.9.0
-./autogen.sh
-./configure
-make -j $(nproc)
-make install
-ldconfig
-
-# build c-ares
-cd $BUILD_DIR
-git clone https://gitee.com/src-openeuler/c-ares.git
-cd c-ares
-git checkout openEuler-20.03-LTS-tag
-tar -xzvf c-ares-1.15.0.tar.gz
-cd c-ares-1.15.0
-autoreconf -if
-./configure --enable-shared --disable-dependency-tracking
-make -j $(nproc)
-make install
-ldconfig
-
-# build grpc
-cd $BUILD_DIR
-git clone https://gitee.com/src-openeuler/grpc.git
-cd grpc
-git checkout openEuler-20.03-LTS-tag
-tar -xzvf grpc-1.22.0.tar.gz
-cd grpc-1.22.0
-make -j $(nproc)
-make install
-ldconfig
-
-# build libwebsockets
-cd $BUILD_DIR
-git clone https://gitee.com/src-openeuler/libwebsockets.git
-cd libwebsockets
-git checkout openEuler-20.03-LTS-tag
-tar -xzvf libwebsockets-2.4.2.tar.gz
-cd libwebsockets-2.4.2
-patch -p1 -F1 -s < ../libwebsockets-fix-coredump.patch
-mkdir build
-cd build
-cmake -DLWS_WITH_SSL=0 -DLWS_MAX_SMP=32 -DCMAKE_BUILD_TYPE=Debug ../
-make -j $(nproc)
-make install
-ldconfig
-
# build lxc
cd $BUILD_DIR
git clone https://gitee.com/src-openeuler/lxc.git
cd lxc
+git config --global --add safe.directory $BUILD_DIR/lxc/lxc-5.0.2
./apply-patches
-cd lxc-4.0.3
-./autogen.sh
-./configure
-make -j
+cd lxc-5.0.2
+sed -i 's/return open(rpath, (int)((unsigned int)flags | O_CLOEXEC));/return open(rpath, (int)((unsigned int)flags | O_CLOEXEC), 0);/g' src/lxc/isulad_utils.c
+meson setup -Disulad=true \
+ -Dprefix=/usr build
+meson compile -C build
make install
# build lcr
@@ -118,8 +54,9 @@ make install
cd $BUILD_DIR
git clone https://gitee.com/openeuler/iSulad.git
cd iSulad
+sed -i 's/-O2 -Wall -fPIE/-O2 -Wall -fPIE -std=gnu99/g' cmake/set_build_flags.cmake
mkdir build
cd build
-cmake ..
+cmake -DDISABLE_WERROR=on ../
make
make install
--
2.34.1

97
0145-cni-change-error-info.patch Normal file
View File

@ -0,0 +1,97 @@
From 445642718fd3dd7867aad9fc8e6eb5b7dafadcb6 Mon Sep 17 00:00:00 2001
From: liuxu <liuxu156@huawei.com>
Date: Fri, 1 Nov 2024 12:56:38 +0800
Subject: [PATCH 145/156] cni:change error info
Signed-off-by: liuxu <liuxu156@huawei.com>
---
.../modules/network/cni_operator/cni_operate.c | 8 ++++----
.../network/cni_operator/libcni/libcni_api.c | 14 +++++++++++++-
.../network/cni_operator/libcni/libcni_api.h | 2 +-
3 files changed, 18 insertions(+), 6 deletions(-)
diff --git a/src/daemon/modules/network/cni_operator/cni_operate.c b/src/daemon/modules/network/cni_operator/cni_operate.c
index 6db6db51..80a2642d 100644
--- a/src/daemon/modules/network/cni_operator/cni_operate.c
+++ b/src/daemon/modules/network/cni_operator/cni_operate.c
@@ -731,13 +731,13 @@ static int update_runtime_conf_cni_args_by_cached(cni_cached_info *info, struct
return 0;
}
-static int get_configs_from_cached(const char *network, struct runtime_conf *rc, char **conf_list)
+static int get_configs_from_cached(const char *network, const char *cni_version, struct runtime_conf *rc, char **conf_list)
{
int ret = 0;
size_t i;
cni_cached_info *info = NULL;
- info = cni_get_network_list_cached_info(network, rc);
+ info = cni_get_network_list_cached_info(network, cni_version, rc);
if (info == NULL) {
return 0;
}
@@ -857,7 +857,7 @@ int check_network_plane(const struct cni_manager *manager, const struct cni_netw
goto out;
}
- ret = get_configs_from_cached(list->list->name, rc, NULL);
+ ret = get_configs_from_cached(list->list->name, list->list->cni_version, rc, NULL);
if (ret != 0) {
ERROR("Get cached info failed");
ret = -1;
@@ -901,7 +901,7 @@ int detach_network_plane(const struct cni_manager *manager, const struct cni_net
goto out;
}
- ret = get_configs_from_cached(list->list->name, rc, NULL);
+ ret = get_configs_from_cached(list->list->name, list->list->cni_version, rc, NULL);
if (ret != 0) {
ERROR("Get cached info failed");
ret = -1;
diff --git a/src/daemon/modules/network/cni_operator/libcni/libcni_api.c b/src/daemon/modules/network/cni_operator/libcni/libcni_api.c
index 7ba983af..c55c8e9d 100644
--- a/src/daemon/modules/network/cni_operator/libcni/libcni_api.c
+++ b/src/daemon/modules/network/cni_operator/libcni/libcni_api.c
@@ -81,13 +81,25 @@ struct cni_opt_result *cni_get_network_list_cached_result(const struct cni_netwo
return result;
}
-cni_cached_info *cni_get_network_list_cached_info(const char *network, const struct runtime_conf *rc)
+cni_cached_info *cni_get_network_list_cached_info(const char *network, const char *cni_version, const struct runtime_conf *rc)
{
+ bool greater = false;
if (network == NULL) {
ERROR("Empty network");
return NULL;
}
+ if (util_version_greater_than_or_equal_to(cni_version, SUPPORT_CACHE_AND_CHECK_VERSION, &greater) != 0) {
+ ERROR("Invalid cni version %s", cni_version);
+ return NULL;
+ }
+
+ // CACHE was added in CNI spec version 0.4.0 and higher
+ if (!greater) {
+ WARN("result version: %s is too old, do not save this cache", cni_version);
+ return NULL;
+ }
+
return cni_cache_read(g_module_conf.cache_dir, network, rc);
}
diff --git a/src/daemon/modules/network/cni_operator/libcni/libcni_api.h b/src/daemon/modules/network/cni_operator/libcni/libcni_api.h
index 2f10d6e9..bf16f168 100644
--- a/src/daemon/modules/network/cni_operator/libcni/libcni_api.h
+++ b/src/daemon/modules/network/cni_operator/libcni/libcni_api.h
@@ -75,7 +75,7 @@ bool cni_module_init(const char *cache_dir, const char * const *paths, size_t pa
struct cni_opt_result *cni_get_network_list_cached_result(const struct cni_network_list_conf *list,
const struct runtime_conf *rc);
-cni_cached_info *cni_get_network_list_cached_info(const char *network, const struct runtime_conf *rc);
+cni_cached_info *cni_get_network_list_cached_info(const char *network, const char *cni_version, const struct runtime_conf *rc);
int cni_add_network_list(const struct cni_network_list_conf *list, const struct runtime_conf *rc,
struct cni_opt_result **pret);
--
2.34.1

233
0146-bugfix-for-sem_wait-call-when-errno-is-EINTR.patch Normal file
View File

@ -0,0 +1,233 @@
From 70f5e98110b2c63755f283712eebbd075787081b Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Tue, 5 Nov 2024 03:15:04 +1400
Subject: [PATCH 146/156] bugfix for sem_wait call when errno is EINTR
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
src/cmd/isula/base/start.c | 4 +++-
src/cmd/isula/client_console.c | 4 +++-
src/cmd/isula/stream/attach.c | 8 ++++++--
src/cmd/isula/stream/exec.c | 4 +++-
src/cmd/isulad-shim/process.c | 4 +++-
src/cmd/isulad/main.c | 8 ++++++--
src/daemon/entry/connect/grpc/grpc_containers_service.cc | 8 ++++++--
src/daemon/entry/cri/streams/attach_serve.cc | 4 +++-
src/daemon/entry/cri/streams/websocket/ws_server.cc | 5 ++++-
src/daemon/modules/events/collector.c | 8 ++++++--
src/daemon/modules/service/io_handler.c | 4 +++-
11 files changed, 46 insertions(+), 15 deletions(-)
diff --git a/src/cmd/isula/base/start.c b/src/cmd/isula/base/start.c
index 6a066638..3f8c13ee 100644
--- a/src/cmd/isula/base/start.c
+++ b/src/cmd/isula/base/start.c
@@ -193,7 +193,9 @@ out:
void client_wait_fifo_exit(const struct client_arguments *args)
{
if (args->custom_conf.attach_stdin || args->custom_conf.attach_stdout || args->custom_conf.attach_stderr) {
- sem_wait(&g_console_waitexit_sem);
+ while(sem_wait(&g_console_waitexit_sem) == -1 && errno == EINTR) {
+ continue;
+ }
}
}
diff --git a/src/cmd/isula/client_console.c b/src/cmd/isula/client_console.c
index 555f59b6..fb6f6c05 100644
--- a/src/cmd/isula/client_console.c
+++ b/src/cmd/isula/client_console.c
@@ -259,7 +259,9 @@ int start_client_console_thread(struct command_fifo_config *console_fifos, bool
return -1;
}
- sem_wait(console_fifos->wait_open);
+ while(sem_wait(console_fifos->wait_open) == -1 && errno == EINTR) {
+ continue;
+ }
return 0;
}
diff --git a/src/cmd/isula/stream/attach.c b/src/cmd/isula/stream/attach.c
index b61c9350..bc3eb141 100644
--- a/src/cmd/isula/stream/attach.c
+++ b/src/cmd/isula/stream/attach.c
@@ -285,7 +285,9 @@ static int container_wait_thread(struct client_arguments *args, uint32_t *exit_c
(void)sem_destroy(&sem_started);
return -1;
}
- (void)sem_wait(&sem_started);
+ while(sem_wait(&sem_started) == -1 && errno == EINTR) {
+ continue;
+ }
(void)sem_destroy(&sem_started);
return 0;
}
@@ -366,7 +368,9 @@ static int client_attach(struct client_arguments *args, uint32_t *exit_code)
}
#ifndef GRPC_CONNECTOR
- sem_wait(&g_attach_waitexit_sem);
+ while(sem_wait(&g_attach_waitexit_sem) == -1 && errno == EINTR) {
+ continue;
+ }
#endif
if (clock_gettime(CLOCK_REALTIME, &ts) == -1) {
diff --git a/src/cmd/isula/stream/exec.c b/src/cmd/isula/stream/exec.c
index cacb0278..6eab4d4f 100644
--- a/src/cmd/isula/stream/exec.c
+++ b/src/cmd/isula/stream/exec.c
@@ -380,7 +380,9 @@ static int local_cmd_exec(struct client_arguments *args, uint32_t *exit_code)
ret = client_exec(args, command_fifos, exit_code);
if (ret == 0 &&
(args->custom_conf.attach_stdin || args->custom_conf.attach_stdout || args->custom_conf.attach_stderr)) {
- sem_wait(&g_command_waitexit_sem);
+ while(sem_wait(&g_command_waitexit_sem) == -1 && errno == EINTR) {
+ continue;
+ }
}
out:
delete_command_fifo(command_fifos);
diff --git a/src/cmd/isulad-shim/process.c b/src/cmd/isulad-shim/process.c
index 18fae03f..11903a5c 100644
--- a/src/cmd/isulad-shim/process.c
+++ b/src/cmd/isulad-shim/process.c
@@ -1237,7 +1237,9 @@ int process_io_start(process_t *p, pthread_t *tid_epoll)
if (ret != SHIM_OK) {
return SHIM_SYS_ERR(errno);
}
- (void)sem_wait(&p->sem_mainloop);
+ while(sem_wait(&p->sem_mainloop) == -1 && errno == EINTR) {
+ continue;
+ }
(void)sem_destroy(&p->sem_mainloop);
return SHIM_OK;
diff --git a/src/cmd/isulad/main.c b/src/cmd/isulad/main.c
index 0228caa8..7c6148fd 100644
--- a/src/cmd/isulad/main.c
+++ b/src/cmd/isulad/main.c
@@ -1648,7 +1648,9 @@ static void *do_shutdown_handler(void *arg)
prctl(PR_SET_NAME, "Shutdown");
- sem_wait(&g_daemon_shutdown_sem);
+ while(sem_wait(&g_daemon_shutdown_sem) == -1 && errno == EINTR) {
+ continue;
+ }
daemon_shutdown();
@@ -1868,7 +1870,9 @@ int main(int argc, char **argv)
server_common_start();
- sem_wait(&g_daemon_wait_shutdown_sem);
+ while(sem_wait(&g_daemon_wait_shutdown_sem) == -1 && errno == EINTR) {
+ continue;
+ }
DAEMON_CLEAR_ERRMSG();
return 0;
diff --git a/src/daemon/entry/connect/grpc/grpc_containers_service.cc b/src/daemon/entry/connect/grpc/grpc_containers_service.cc
index c5e7c275..0a46b36c 100644
--- a/src/daemon/entry/connect/grpc/grpc_containers_service.cc
+++ b/src/daemon/entry/connect/grpc/grpc_containers_service.cc
@@ -306,7 +306,9 @@ Status ContainerServiceImpl::RemoteStart(ServerContext *context,
// close pipe 1 first, make sure io copy thread exit
close(read_pipe_fd[1]);
if (container_req->attach_stderr && ret == 0) {
- (void)sem_wait(&sem);
+ while(sem_wait(&sem) == -1 && errno == EINTR) {
+ continue;
+ }
}
(void)sem_destroy(&sem);
close(read_pipe_fd[0]);
@@ -656,7 +658,9 @@ Status ContainerServiceImpl::Attach(ServerContext *context, ServerReaderWriter<A
close(pipefd[1]);
// Waiting sem, make sure the sem is posted always in attach callback.
if (container_req->attach_stderr && ret == 0) {
- (void)sem_wait(&sem_stderr);
+ while(sem_wait(&sem_stderr) == -1 && errno == EINTR) {
+ continue;
+ }
}
(void)sem_destroy(&sem_stderr);
close(pipefd[0]);
diff --git a/src/daemon/entry/cri/streams/attach_serve.cc b/src/daemon/entry/cri/streams/attach_serve.cc
index 3d59e539..9c0e56c4 100644
--- a/src/daemon/entry/cri/streams/attach_serve.cc
+++ b/src/daemon/entry/cri/streams/attach_serve.cc
@@ -145,7 +145,9 @@ int AttachServe::ExecuteStreamCommand(SessionData *lwsCtx, void *request)
WsWriteStdoutToClient(lwsCtx, message.c_str(), message.length());
} else {
// wait io copy thread complete
- (void)sem_wait(&attachSem);
+ while(sem_wait(&attachSem) == -1 && errno == EINTR) {
+ continue;
+ }
}
(void)sem_destroy(&attachSem);
diff --git a/src/daemon/entry/cri/streams/websocket/ws_server.cc b/src/daemon/entry/cri/streams/websocket/ws_server.cc
index a8d89b36..7e3225b2 100644
--- a/src/daemon/entry/cri/streams/websocket/ws_server.cc
+++ b/src/daemon/entry/cri/streams/websocket/ws_server.cc
@@ -193,7 +193,10 @@ void WebsocketServer::CloseWsSession(int socketID)
close(session->pipes.at(1));
session->pipes.at(1) = -1;
}
- (void)sem_wait(session->syncCloseSem);
+
+ while(sem_wait(session->syncCloseSem) == -1 && errno == EINTR) {
+ continue;
+ }
(void)sem_destroy(session->syncCloseSem);
delete session->syncCloseSem;
session->syncCloseSem = nullptr;
diff --git a/src/daemon/modules/events/collector.c b/src/daemon/modules/events/collector.c
index af688742..eb79bf81 100644
--- a/src/daemon/modules/events/collector.c
+++ b/src/daemon/modules/events/collector.c
@@ -932,7 +932,9 @@ int add_monitor_client(char *name, const types_timestamp_t *since, const types_t
goto sem_free;
}
- sem_wait(&context_info->context_sem);
+ while(sem_wait(&context_info->context_sem) == -1 && errno == EINTR) {
+ continue;
+ }
sem_free:
sem_destroy(&context_info->context_sem);
@@ -1002,7 +1004,9 @@ static int start_monitored()
goto out;
}
- sem_wait(msync.monitord_sem);
+ while(sem_wait(msync.monitord_sem) == -1 && errno == EINTR) {
+ continue;
+ }
sem_destroy(msync.monitord_sem);
if (monitored_exitcode) {
isulad_set_error_message("Monitored start failed");
diff --git a/src/daemon/modules/service/io_handler.c b/src/daemon/modules/service/io_handler.c
index 474fa650..f3b47737 100644
--- a/src/daemon/modules/service/io_handler.c
+++ b/src/daemon/modules/service/io_handler.c
@@ -485,7 +485,9 @@ static int start_io_copy_thread(int sync_fd, bool detach, struct io_copy_arg *co
return -1;
}
- sem_wait(&thread_arg.wait_sem);
+ while(sem_wait(&thread_arg.wait_sem) == -1 && errno == EINTR) {
+ continue;
+ }
sem_destroy(&thread_arg.wait_sem);
return 0;
}
--
2.34.1

229
0147-add-no-pivot-root-support.patch Normal file
View File

@ -0,0 +1,229 @@
From 3a925ead33267d44cafd182a85e75c9c3ac25d58 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Wed, 6 Nov 2024 15:24:30 +0800
Subject: [PATCH 147/156] add no pivot root support
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
cmake/options.cmake | 7 +++++++
src/cmd/isula/base/create.c | 7 +++++++
src/cmd/isula/base/create.h | 11 ++++++++++
src/cmd/isula/base/run.c | 3 +++
src/cmd/isula/client_arguments.h | 4 ++++
src/cmd/isula/isula_host_spec.c | 5 +++++
src/cmd/isula/isula_host_spec.h | 4 ++++
src/cmd/isulad-shim/process.c | 6 ++++++
src/daemon/modules/api/runtime_api.h | 1 +
.../modules/runtime/isula/isula_rt_ops.c | 3 +++
.../modules/service/service_container.c | 20 +++++++++++++++++++
11 files changed, 71 insertions(+)
diff --git a/cmake/options.cmake b/cmake/options.cmake
index 41177fe0..15d7044a 100644
--- a/cmake/options.cmake
+++ b/cmake/options.cmake
@@ -168,6 +168,13 @@ if (ENABLE_NATIVE_NETWORK OR ENABLE_GRPC)
set(ENABLE_NETWORK 1)
endif()
+option(ENABLE_NO_PIVOT_ROOT "Enable no pivot root" ON)
+if (ENABLE_NO_PIVOT_ROOT STREQUAL "ON")
+ add_definitions(-DENABLE_NO_PIVOT_ROOT)
+ set(ENABLE_NO_PIVOT_ROOT 1)
+ message("${Green}-- Enable no pivot root${ColourReset}")
+endif()
+
option(ENABLE_PLUGIN "enable plugin module" OFF)
if (ENABLE_PLUGIN STREQUAL "ON")
add_definitions(-DENABLE_PLUGIN=1)
diff --git a/src/cmd/isula/base/create.c b/src/cmd/isula/base/create.c
index b04dddb5..7331676a 100644
--- a/src/cmd/isula/base/create.c
+++ b/src/cmd/isula/base/create.c
@@ -1292,6 +1292,10 @@ static isula_host_config_t *request_pack_host_config(const struct client_argumen
hostconfig->publish_all = args->custom_conf.publish_all;
#endif
+#ifdef ENABLE_NO_PIVOT_ROOT
+ hostconfig->no_pivot_root = args->custom_conf.no_pivot_root;
+#endif
+
return hostconfig;
error_out:
@@ -1750,6 +1754,9 @@ int cmd_create_main(int argc, const char **argv)
COMMON_OPTIONS(g_cmd_create_args)
#ifdef ENABLE_NATIVE_NETWORK
CREATE_NETWORK_OPTIONS(g_cmd_create_args)
+#endif
+#ifdef ENABLE_NO_PIVOT_ROOT
+ NO_PIVOT_ROOT_OPTIONS(g_cmd_create_args)
#endif
};
diff --git a/src/cmd/isula/base/create.h b/src/cmd/isula/base/create.h
index 9eb471b4..b4205a88 100644
--- a/src/cmd/isula/base/create.h
+++ b/src/cmd/isula/base/create.h
@@ -39,6 +39,17 @@ extern "C" {
#define USERNS_OPT(cmdargs)
#endif
+#ifdef ENABLE_NO_PIVOT_ROOT
+#define NO_PIVOT_ROOT_OPTIONS(cmdargs) \
+ { CMD_OPT_TYPE_BOOL, \
+ false, \
+ "no-pivot", \
+ 0, \
+ &(cmdargs).custom_conf.no_pivot_root, \
+ "disable use of pivot-root (oci runtime only)", \
+ NULL },
+#endif
+
#define CREATE_OPTIONS(cmdargs) \
{ \
CMD_OPT_TYPE_BOOL, \
diff --git a/src/cmd/isula/base/run.c b/src/cmd/isula/base/run.c
index 8d48244c..15e035c1 100644
--- a/src/cmd/isula/base/run.c
+++ b/src/cmd/isula/base/run.c
@@ -150,6 +150,9 @@ int cmd_run_main(int argc, const char **argv)
CREATE_EXTEND_OPTIONS(g_cmd_run_args) RUN_OPTIONS(g_cmd_run_args)
#ifdef ENABLE_NATIVE_NETWORK
CREATE_NETWORK_OPTIONS(g_cmd_run_args)
+#endif
+#ifdef ENABLE_NO_PIVOT_ROOT
+ NO_PIVOT_ROOT_OPTIONS(g_cmd_run_args)
#endif
};
isula_libutils_default_log_config(argv[0], &lconf);
diff --git a/src/cmd/isula/client_arguments.h b/src/cmd/isula/client_arguments.h
index 76d01122..debcc903 100644
--- a/src/cmd/isula/client_arguments.h
+++ b/src/cmd/isula/client_arguments.h
@@ -237,6 +237,10 @@ struct custom_configs {
/* publish a container's port to the host */
char **publish;
#endif
+
+#ifdef ENABLE_NO_PIVOT_ROOT
+ bool no_pivot_root;
+#endif
};
struct args_cgroup_resources {
diff --git a/src/cmd/isula/isula_host_spec.c b/src/cmd/isula/isula_host_spec.c
index 9e902ed9..4c2fefa4 100644
--- a/src/cmd/isula/isula_host_spec.c
+++ b/src/cmd/isula/isula_host_spec.c
@@ -1729,6 +1729,11 @@ int generate_hostconfig(const isula_host_config_t *srcconfig, char **hostconfigs
#ifdef ENABLE_NATIVE_NETWORK
dstconfig->port_bindings = srcconfig->port_bindings;
#endif
+
+#ifdef ENABLE_NO_PIVOT_ROOT
+ dstconfig->no_pivot_root = srcconfig->no_pivot_root;
+#endif
+
*hostconfigstr = host_config_generate_json(dstconfig, &ctx, &err);
#ifdef ENABLE_NATIVE_NETWORK
dstconfig->port_bindings = NULL;
diff --git a/src/cmd/isula/isula_host_spec.h b/src/cmd/isula/isula_host_spec.h
index 25a54236..f00526e4 100644
--- a/src/cmd/isula/isula_host_spec.h
+++ b/src/cmd/isula/isula_host_spec.h
@@ -163,6 +163,10 @@ typedef struct isula_host_config {
bool publish_all;
defs_map_string_object_port_bindings *port_bindings;
#endif
+
+#ifdef ENABLE_NO_PIVOT_ROOT
+ bool no_pivot_root;
+#endif
} isula_host_config_t;
int generate_hostconfig(const isula_host_config_t *srcconfig, char **hostconfigstr);
diff --git a/src/cmd/isulad-shim/process.c b/src/cmd/isulad-shim/process.c
index 11903a5c..10d21565 100644
--- a/src/cmd/isulad-shim/process.c
+++ b/src/cmd/isulad-shim/process.c
@@ -1298,6 +1298,12 @@ static void get_runtime_cmd(process_t *p, const char *log_path, const char *pid_
params[i++] = "create";
params[i++] = "--bundle";
params[i++] = p->bundle;
+#ifdef ENABLE_NO_PIVOT_ROOT
+ if (getenv("ISULAD_RAMDISK") != NULL || p->state->no_pivot_root) {
+ params[i++] = "--no-pivot";
+ }
+#endif
+
}
params[i++] = "--pid-file";
params[i++] = pid_path;
diff --git a/src/daemon/modules/api/runtime_api.h b/src/daemon/modules/api/runtime_api.h
index bd170c30..930710ca 100644
--- a/src/daemon/modules/api/runtime_api.h
+++ b/src/daemon/modules/api/runtime_api.h
@@ -84,6 +84,7 @@ typedef struct _rt_create_params_t {
bool tty;
bool open_stdin;
const char *task_addr;
+ bool no_pivot_root;
} rt_create_params_t;
typedef struct _rt_start_params_t {
diff --git a/src/daemon/modules/runtime/isula/isula_rt_ops.c b/src/daemon/modules/runtime/isula/isula_rt_ops.c
index dc156154..e628c3fe 100644
--- a/src/daemon/modules/runtime/isula/isula_rt_ops.c
+++ b/src/daemon/modules/runtime/isula/isula_rt_ops.c
@@ -1209,6 +1209,9 @@ int rt_isula_create(const char *id, const char *runtime, const rt_create_params_
p.runtime_args_len = runtime_args_len;
p.attach_socket = attach_socket;
p.systemd_cgroup = conf_get_systemd_cgroup();
+#ifdef ENABLE_NO_PIVOT_ROOT
+ p.no_pivot_root = params->no_pivot_root;
+#endif
copy_process(&p, config->process);
copy_annotations(&p, config->annotations);
diff --git a/src/daemon/modules/service/service_container.c b/src/daemon/modules/service/service_container.c
index 4157c631..754c28ac 100644
--- a/src/daemon/modules/service/service_container.c
+++ b/src/daemon/modules/service/service_container.c
@@ -743,6 +743,23 @@ static int do_oci_spec_update(const char *id, oci_runtime_spec *oci_spec, contai
return 0;
}
+static bool pack_no_pivot_root(const container_t *cont)
+{
+ size_t i = 0;
+ bool ret = false;
+
+ ret = cont->hostconfig->no_pivot_root;
+ if (cont->common_config->config->annotations != NULL) {
+ for (i = 0; i < cont->common_config->config->annotations->len; i++) {
+ if (strcmp(cont->common_config->config->annotations->keys[i], "ISULAD_RAMDISK") == 0) {
+ ret = true;
+ break;
+ }
+ }
+ }
+ return ret;
+}
+
static int do_start_container(container_t *cont, const char *console_fifos[], bool reset_rm, pid_ppid_info_t *pid_info)
{
int ret = 0;
@@ -906,6 +923,9 @@ static int do_start_container(container_t *cont, const char *console_fifos[], bo
create_params.exit_fifo = exit_fifo;
create_params.tty = tty;
create_params.open_stdin = open_stdin;
+#ifdef ENABLE_NO_PIVOT_ROOT
+ create_params.no_pivot_root = pack_no_pivot_root(cont);
+#endif
#ifdef ENABLE_CRI_API_V1
if (cont->common_config->sandbox_info != NULL) {
create_params.task_addr = cont->common_config->sandbox_info->task_address;
--
2.34.1

227
0148-fix-issues-Isula-ps-cannot-display-port-mapping.patch Normal file
View File

@ -0,0 +1,227 @@
From 6d5121eacdb42a4dd7c2ea498c534b893b80e405 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E6=AD=A6=E7=A7=AF=E8=B6=85?= <wujichao1@huawei.com>
Date: Thu, 7 Nov 2024 20:17:41 +0800
Subject: [PATCH 148/156] fix issues: Isula ps cannot display port mapping
---
src/api/services/containers/container.proto | 1 +
.../connect/grpc/grpc_containers_client.cc | 2 +
src/client/connect/protocol_type.c | 4 ++
src/client/connect/protocol_type.h | 1 +
src/cmd/isula/information/ps.c | 9 ++-
.../connect/grpc/container/list_service.cc | 3 +
src/daemon/executor/container_cb/list.c | 2 +
src/daemon/modules/api/container_api.h | 2 +
src/daemon/modules/container/container_unix.c | 56 ++++++++++++++++++-
9 files changed, 77 insertions(+), 3 deletions(-)
diff --git a/src/api/services/containers/container.proto b/src/api/services/containers/container.proto
index 8d05681e..113fcb10 100644
--- a/src/api/services/containers/container.proto
+++ b/src/api/services/containers/container.proto
@@ -65,6 +65,7 @@ message Container {
string name = 16;
string health_state = 17;
int64 created = 18;
+ string ports = 19;
}
message Container_info {
diff --git a/src/client/connect/grpc/grpc_containers_client.cc b/src/client/connect/grpc/grpc_containers_client.cc
index adeac0ba..f042290e 100644
--- a/src/client/connect/grpc/grpc_containers_client.cc
+++ b/src/client/connect/grpc/grpc_containers_client.cc
@@ -1241,6 +1241,8 @@ private:
util_strdup_s("none");
response->container_summary[index]->command = !in.command().empty() ? util_strdup_s(in.command().c_str()) :
util_strdup_s("-");
+ response->container_summary[index]->ports = !in.ports().empty() ? util_strdup_s(in.ports().c_str()) :
+ nullptr;
const char *starttime = !in.startat().empty() ? in.startat().c_str() : "-";
response->container_summary[index]->startat = util_strdup_s(starttime);
diff --git a/src/client/connect/protocol_type.c b/src/client/connect/protocol_type.c
index 57dcf753..d0ab9732 100644
--- a/src/client/connect/protocol_type.c
+++ b/src/client/connect/protocol_type.c
@@ -531,6 +531,10 @@ void isula_list_response_free(struct isula_list_response *response)
free(response->container_summary[i]->command);
response->container_summary[i]->command = NULL;
}
+ if (response->container_summary[i]->ports != NULL) {
+ free(response->container_summary[i]->ports);
+ response->container_summary[i]->ports = NULL;
+ }
if (response->container_summary[i]->startat != NULL) {
free(response->container_summary[i]->startat);
response->container_summary[i]->startat = NULL;
diff --git a/src/client/connect/protocol_type.h b/src/client/connect/protocol_type.h
index 2b445c5a..02e315bf 100644
--- a/src/client/connect/protocol_type.h
+++ b/src/client/connect/protocol_type.h
@@ -204,6 +204,7 @@ struct isula_container_summary_info {
char *id;
char *image;
char *command;
+ char *ports;
char *name;
Container_Status status;
uint32_t exit_code;
diff --git a/src/cmd/isula/information/ps.c b/src/cmd/isula/information/ps.c
index 13c35dc7..6bdc157f 100644
--- a/src/cmd/isula/information/ps.c
+++ b/src/cmd/isula/information/ps.c
@@ -332,7 +332,8 @@ static void print_basic_container_info_item(const struct isula_container_summary
} else if (strcmp(name, "Created") == 0) {
print_created_field(in->created, length->created_length);
} else if (strcmp(name, "Ports") == 0) {
- printf("%-*s", (int)length->ports_length, " ");
+ const char *ports = (in->ports != NULL ? in->ports : "N/A");
+ printf("%-*s", (int)length->ports_length, ports);
}
}
@@ -515,6 +516,12 @@ static void list_field_width(struct isula_container_summary_info **info, const s
l->command_length = (unsigned int)cmd_len;
}
}
+ if (in->ports != NULL) {
+ size_t ports_len = strlen(in->ports);
+ if (ports_len > l->ports_length) {
+ l->ports_length = (unsigned int)ports_len;
+ }
+ }
calculate_str_length(in->name, &l->name_length);
calculate_str_length(in->runtime, &l->runtime_length);
diff --git a/src/daemon/entry/connect/grpc/container/list_service.cc b/src/daemon/entry/connect/grpc/container/list_service.cc
index e831acbc..dfd48191 100644
--- a/src/daemon/entry/connect/grpc/container/list_service.cc
+++ b/src/daemon/entry/connect/grpc/container/list_service.cc
@@ -121,6 +121,9 @@ void ContainerListService::FillResponseTogRPC(void *containerRes, containers::Li
if (response->containers[i]->command != nullptr) {
container->set_command(response->containers[i]->command);
}
+ if (response->containers[i]->ports != nullptr) {
+ container->set_ports(response->containers[i]->ports);
+ }
container->set_exit_code(response->containers[i]->exit_code);
container->set_restartcount(response->containers[i]->restartcount);
if (response->containers[i]->startat != nullptr) {
diff --git a/src/daemon/executor/container_cb/list.c b/src/daemon/executor/container_cb/list.c
index 243eb4d2..2e8c7a79 100644
--- a/src/daemon/executor/container_cb/list.c
+++ b/src/daemon/executor/container_cb/list.c
@@ -609,6 +609,8 @@ static int fill_container_info(container_container *container_info, const contai
container_info->status = (int)container_state_judge_status(cont_state);
+ container_info->ports = container_get_ports(cont);
+
container_info->command = container_get_command(cont);
image = container_get_image(cont);
container_info->image = image ? image : util_strdup_s("none");
diff --git a/src/daemon/modules/api/container_api.h b/src/daemon/modules/api/container_api.h
index a6ec8e22..e4d7fc25 100644
--- a/src/daemon/modules/api/container_api.h
+++ b/src/daemon/modules/api/container_api.h
@@ -185,6 +185,8 @@ int container_v2_spec_merge_container_spec(container_config_v2_common_config *v2
char *container_get_command(const container_t *cont);
+char *container_get_ports(const container_t *cont);
+
char *container_get_image(const container_t *cont);
int container_exit_on_next(container_t *cont);
diff --git a/src/daemon/modules/container/container_unix.c b/src/daemon/modules/container/container_unix.c
index 6f345ea0..812ab9e1 100644
--- a/src/daemon/modules/container/container_unix.c
+++ b/src/daemon/modules/container/container_unix.c
@@ -20,6 +20,7 @@
#include <isula_libutils/container_config_v2.h>
#include <isula_libutils/host_config.h>
#include <isula_libutils/json_common.h>
+#include <isula_libutils/auto_cleanup.h>
#include <limits.h>
#include <pthread.h>
#include <stdbool.h>
@@ -1253,7 +1254,7 @@ char *container_get_command(const container_t *cont)
if (cont->common_config->path != NULL) {
nret = util_array_append(&args, cont->common_config->path);
if (nret < 0) {
- ERROR("Appned string failed");
+ ERROR("Append string failed");
goto cleanup;
}
}
@@ -1268,7 +1269,7 @@ char *container_get_command(const container_t *cont)
nret = util_array_append(&args, arg);
free(arg);
if (nret < 0) {
- ERROR("Appned string failed");
+ ERROR("Append string failed");
goto cleanup;
}
}
@@ -1280,6 +1281,57 @@ cleanup:
return cmd;
}
+/* container get ports */
+char *container_get_ports(const container_t *cont)
+{
+ int nret;
+ size_t i, j, ports_num = 0;
+ __isula_auto_array_t char **args = NULL;
+ char *ports = NULL;
+
+ if (cont == NULL || cont->hostconfig == NULL || cont->hostconfig->port_bindings == NULL) {
+ return NULL;
+ }
+
+ for (i = 0; cont->hostconfig->port_bindings->keys != NULL && i < cont->hostconfig->port_bindings->len; i++) {
+ for (j = 0; j < cont->hostconfig->port_bindings->values[i]->element->host_len; j++) {
+ __isula_auto_free char *arg = NULL;
+ char *host_ip = cont->hostconfig->port_bindings->values[i]->element->host[j]->host_ip;
+ if (host_ip == NULL) {
+ host_ip = "0.0.0.0";
+ }
+ char *host_port = cont->hostconfig->port_bindings->values[i]->element->host[j]->host_port;
+ if (host_port == NULL) {
+ host_port = "";
+ }
+ char *cont_port_type = cont->hostconfig->port_bindings->keys[i];
+ if (cont_port_type == NULL) {
+ cont_port_type = "";
+ }
+ size_t total_len = strlen(host_ip) + strlen(host_port) + strlen(cont_port_type) + 4; // 4 for ":->" and null terminator
+ arg = util_common_calloc_s(total_len);
+ if (arg == NULL) {
+ ERROR("Out of memory");
+ return ports;
+ }
+ nret = snprintf(arg, total_len, "%s:%s->%s", host_ip, host_port, cont_port_type);
+ if (nret < 0 || (size_t)nret >= total_len) {
+ ERROR("Failed to print string");
+ return ports;
+ }
+ nret = util_array_append(&args, arg);
+ if (nret < 0) {
+ ERROR("Append string failed");
+ return ports;
+ }
+ ports_num++;
+ }
+ }
+ ports = util_string_join(", ", (const char **)args, ports_num);
+
+ return ports;
+}
+
/* container get image */
char *container_get_image(const container_t *cont)
{
--
2.34.1

87
0149-move-nri-call-in-stop-and-remove-con.patch Normal file
View File

@ -0,0 +1,87 @@
From db60c64138b45539fe70282c853ac2dae5954924 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Thu, 14 Nov 2024 17:34:49 +0800
Subject: [PATCH 149/156] move nri call in stop and remove con
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
src/daemon/common/cri/cri_helpers.cc | 18 ++++++++++++++++++
.../cri/v1/v1_cri_container_manager_service.cc | 14 --------------
2 files changed, 18 insertions(+), 14 deletions(-)
diff --git a/src/daemon/common/cri/cri_helpers.cc b/src/daemon/common/cri/cri_helpers.cc
index a8cbd996..aa8e3c19 100644
--- a/src/daemon/common/cri/cri_helpers.cc
+++ b/src/daemon/common/cri/cri_helpers.cc
@@ -32,6 +32,10 @@
#include "isulad_config.h"
#include "sha256.h"
+#ifdef ENABLE_NRI
+#include "nri_adaption.h"
+#endif
+
namespace CRIHelpers {
const std::string Constants::POD_NETWORK_ANNOTATION_KEY { "network.alpha.kubernetes.io/network" };
const std::string Constants::CONTAINER_TYPE_LABEL_KEY { "cri.isulad.type" };
@@ -660,6 +664,13 @@ void RemoveContainerHelper(service_executor_t *cb, const std::string &containerI
goto cleanup;
}
+#ifdef ENABLE_NRI
+ if (!NRIAdaptation::GetInstance()->RemoveContainer(containerID, error)) {
+ ERROR("NRI RemoveContainer notification failed: %s", error.GetCMessage());
+ }
+ error.Clear();
+#endif
+
if (cb->container.remove(request, &response) != 0) {
if (response != nullptr && response->errmsg != nullptr) {
error.SetError(response->errmsg);
@@ -719,6 +730,13 @@ void StopContainerHelper(service_executor_t *cb, const std::string &containerID,
error.SetError(msg);
}
+#ifdef ENABLE_NRI
+ if (!NRIAdaptation::GetInstance()->StopContainer(containerID, error)) {
+ ERROR("NRI StopContainer notification failed: %s", error.GetCMessage());
+ }
+ error.Clear();
+#endif
+
free_container_stop_request(request);
free_container_stop_response(response);
}
diff --git a/src/daemon/entry/cri/v1/v1_cri_container_manager_service.cc b/src/daemon/entry/cri/v1/v1_cri_container_manager_service.cc
index 1e84d14c..b585b49c 100644
--- a/src/daemon/entry/cri/v1/v1_cri_container_manager_service.cc
+++ b/src/daemon/entry/cri/v1/v1_cri_container_manager_service.cc
@@ -618,25 +618,11 @@ cleanup:
void ContainerManagerService::StopContainer(const std::string &containerID, int64_t timeout, Errors &error)
{
-#ifdef ENABLE_NRI
- Errors nriErr;
-#endif
CRIHelpers::StopContainer(m_cb, containerID, timeout, error);
-#ifdef ENABLE_NRI
- if (!NRIAdaptation::GetInstance()->StopContainer(containerID, nriErr)) {
- ERROR("NRI StopContainer notification failed: %s", nriErr.GetCMessage());
- }
-#endif
}
void ContainerManagerService::RemoveContainer(const std::string &containerID, Errors &error)
{
-#ifdef ENABLE_NRI
- Errors nriErr;
- if (!NRIAdaptation::GetInstance()->RemoveContainer(containerID, nriErr)) {
- ERROR("NRI RemoveContainer notification failed: %s", nriErr.GetCMessage());
- }
-#endif
CRIHelpers::RemoveContainer(m_cb, containerID, error);
if (error.NotEmpty()) {
WARN("Failed to remove container %s", containerID.c_str());
--
2.34.1

548
0150-add-missing-con-linux-info-for-nri-module.patch Normal file
View File

@ -0,0 +1,548 @@
From 140166e0f385a2f23502efeeba4113536736c3c8 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Thu, 14 Nov 2024 16:45:08 +0800
Subject: [PATCH 150/156] add missing con linux info for nri module
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
src/daemon/common/nri/nri_convert.cc | 482 ++++++++++++++++++++++++++-
1 file changed, 480 insertions(+), 2 deletions(-)
diff --git a/src/daemon/common/nri/nri_convert.cc b/src/daemon/common/nri/nri_convert.cc
index 30caf1dd..d862d992 100644
--- a/src/daemon/common/nri/nri_convert.cc
+++ b/src/daemon/common/nri/nri_convert.cc
@@ -15,12 +15,16 @@
#include "nri_convert.h"
+#include <sys/stat.h>
+#include <sys/sysmacros.h>
+
#include "container_api.h"
#include "v1_cri_helpers.h"
#include "path.h"
#include "transform.h"
#include "nri_utils.h"
#include "cstruct_wrapper.h"
+#include "specs_api.h"
static int64_t DefaultOOMScoreAdj = 0;
@@ -385,6 +389,462 @@ error_out:
return false;
}
+static int ConvertDevice(const char *host_path, const char *container_path, const char *permissions,
+ nri_linux_device &device, nri_linux_device_cgroup &deviceCgroup)
+{
+ int ret = 0;
+ struct stat st;
+ const char *dev_type = NULL;
+ unsigned int file_mode = 0;
+
+ if (host_path == NULL) {
+ return -1;
+ }
+
+ ret = stat(host_path, &st);
+ if (ret < 0) {
+ ERROR("device %s no exists", host_path);
+ return -1;
+ }
+
+ file_mode = st.st_mode & 0777;
+
+ /* check device type first */
+ if (S_ISBLK(st.st_mode)) {
+ file_mode |= S_IFBLK;
+ dev_type = "b";
+ } else if (S_ISCHR(st.st_mode)) {
+ file_mode |= S_IFCHR;
+ dev_type = "c";
+ } else {
+ ERROR("Cannot determine the device number for device %s", host_path);
+ return -1;
+ }
+
+ /* fill spec dev */
+ device.major = (int64_t)major(st.st_rdev);
+ device.minor = (int64_t)minor(st.st_rdev);
+ device.uid = (uint32_t *)util_common_calloc_s(sizeof(uint32_t*));
+ if (device.uid == nullptr) {
+ ERROR("Out of memory");
+ return -1;
+ }
+ *(device.uid) = st.st_uid;
+ device.gid = (uint32_t *)util_common_calloc_s(sizeof(uint32_t*));
+ if (device.gid == nullptr) {
+ ERROR("Out of memory");
+ return -1;
+ }
+ *(device.gid) = st.st_gid;
+ device.file_mode = (uint32_t *)util_common_calloc_s(sizeof(uint32_t));
+ if (device.file_mode == nullptr) {
+ ERROR("Out of memory");
+ return -1;
+ }
+ *(device.file_mode) = (int)file_mode;
+ device.type = util_strdup_s(dev_type);
+ device.path = util_strdup_s(container_path);
+
+ /* fill spec cgroup dev */
+ deviceCgroup.allow = true;
+ deviceCgroup.access = util_strdup_s(permissions);
+ deviceCgroup.type = util_strdup_s(dev_type);
+ deviceCgroup.major = (int64_t *)util_common_calloc_s(sizeof(int64_t));
+ if (deviceCgroup.major == nullptr) {
+ ERROR("Out of memory");
+ return -1;
+ }
+ *(deviceCgroup.major) = (int64_t)major(st.st_rdev);
+ deviceCgroup.minor = (int64_t *)util_common_calloc_s(sizeof(int64_t));
+ if (deviceCgroup.minor == nullptr) {
+ ERROR("Out of memory");
+ return -1;
+ }
+ *(deviceCgroup.minor) = (int64_t)minor(st.st_rdev);
+
+ return 0;
+}
+
+static int ConvertHostConfigDevices(const host_config_devices_element *dev_map, nri_linux_device &device,
+ nri_linux_device_cgroup &deviceCgroup)
+{
+ return ConvertDevice(dev_map->path_on_host, dev_map->path_in_container,
+ dev_map->cgroup_permissions, device, deviceCgroup);
+}
+
+static int ConLinuxDeviceToNRI(const host_config *config, nri_container &con)
+{
+ size_t i;
+
+ if (config->devices_len == 0 && config->nri_devices_len == 0) {
+ return 0;
+ }
+ con.linux->devices = (nri_linux_device **)util_smart_calloc_s(sizeof(nri_linux_device *),
+ config->devices_len + config->nri_devices_len);
+ if (con.linux->devices == nullptr) {
+ ERROR("Out of memory");
+ return -1;
+ }
+
+ con.linux->resources->devices = (nri_linux_device_cgroup **)util_smart_calloc_s(sizeof(nri_linux_device_cgroup *),
+ config->devices_len);
+ if (con.linux->resources->devices == nullptr) {
+ ERROR("Out of memory");
+ return -1;
+ }
+
+ for (i = 0; i < config->devices_len; i++) {
+ nri_linux_device *device = (nri_linux_device *)util_common_calloc_s(sizeof(nri_linux_device));
+ if (device == nullptr) {
+ ERROR("Out of memory");
+ return -1;
+ }
+
+ nri_linux_device_cgroup *deviceCgroup = (nri_linux_device_cgroup *)util_common_calloc_s(sizeof(
+ nri_linux_device_cgroup));
+ if (deviceCgroup == nullptr) {
+ ERROR("Out of memory");
+ free_nri_linux_device(device);
+ return -1;
+ }
+
+ if (ConvertHostConfigDevices(config->devices[i], *device, *deviceCgroup) != 0) {
+ ERROR("Failed to convert host config devices");
+ free_nri_linux_device(device);
+ free_nri_linux_device_cgroup(deviceCgroup);
+ return -1;
+ }
+
+ con.linux->devices[i] = device;
+ con.linux->resources->devices[i] = deviceCgroup;
+ con.linux->devices_len++;
+ con.linux->resources->devices_len++;
+ }
+
+ for (i = 0; i < config->nri_devices_len; i++) {
+ nri_linux_device *device = (nri_linux_device *)util_common_calloc_s(sizeof(nri_linux_device));
+ if (device == nullptr) {
+ ERROR("Out of memory");
+ return -1;
+ }
+
+ device->file_mode = (uint32_t *)util_common_calloc_s(sizeof(uint32_t));
+ if (device->file_mode == nullptr) {
+ ERROR("Out of memory");
+ free_nri_linux_device(device);
+ return -1;
+ }
+ *(device->file_mode) = config->nri_devices[i]->file_mode;
+
+ device->path = util_strdup_s(config->nri_devices[i]->path);
+ device->type = util_strdup_s(config->nri_devices[i]->type);
+ device->major = config->nri_devices[i]->major;
+ device->minor = config->nri_devices[i]->minor;
+
+ device->uid = (uint32_t *)util_common_calloc_s(sizeof(uint32_t));
+ if (device->uid == nullptr) {
+ ERROR("Out of memory");
+ free_nri_linux_device(device);
+ return -1;
+ }
+ *(device->uid) = config->nri_devices[i]->uid;
+
+ device->gid = (uint32_t *)util_common_calloc_s(sizeof(uint32_t));
+ if (device->gid == nullptr) {
+ ERROR("Out of memory");
+ free_nri_linux_device(device);
+ return -1;
+ }
+ *(device->gid) = config->nri_devices[i]->gid;
+ con.linux->devices[i + config->devices_len] = device;
+ con.linux->devices_len++;
+ }
+
+ return 0;
+}
+
+static int ConvertCRIV1Devices(const ::runtime::v1::Device &dev_map, nri_linux_device &device,
+ nri_linux_device_cgroup &deviceCgroup)
+{
+ return ConvertDevice(dev_map.host_path().c_str(), dev_map.container_path().c_str(),
+ dev_map.permissions().c_str(), device, deviceCgroup);
+}
+
+static bool ConLinuxResourcesCpuToNRI(const host_config *config, nri_linux_cpu &cpu)
+{
+ cpu.shares = (uint64_t *)util_common_calloc_s(sizeof(uint64_t));
+ if (cpu.shares == nullptr) {
+ ERROR("Out of memory");
+ return false;
+ }
+ *(cpu.shares) = config->cpu_shares;
+
+ cpu.quota = (int64_t *)util_common_calloc_s(sizeof(int64_t));
+ if (cpu.quota == nullptr) {
+ ERROR("Out of memory");
+ return false;
+ }
+ *(cpu.quota) = config->cpu_quota;
+
+ cpu.period = (uint64_t *)util_common_calloc_s(sizeof(uint64_t));
+ if (cpu.period == nullptr) {
+ ERROR("Out of memory");
+ return false;
+ }
+ *(cpu.period) = config->cpu_period;
+
+ cpu.cpus = util_strdup_s(config->cpuset_cpus);
+ cpu.mems = util_strdup_s(config->cpuset_mems);
+
+ return true;
+}
+
+static bool ConLinuxResourcesMemoryToNRI(const host_config *config, nri_linux_memory &memory)
+{
+ memory.limit = (int64_t *)util_common_calloc_s(sizeof(int64_t));
+ if (memory.limit == nullptr) {
+ ERROR("Out of memory");
+ return false;
+ }
+ *(memory.limit) = config->memory;
+
+ memory.reservation = (int64_t *)util_common_calloc_s(sizeof(int64_t));
+ if (memory.reservation == nullptr) {
+ ERROR("Out of memory");
+ return false;
+ }
+
+ *(memory.reservation) = config->memory_reservation;
+
+ memory.swap = (int64_t *)util_common_calloc_s(sizeof(int64_t));
+ if (memory.swap == nullptr) {
+ ERROR("Out of memory");
+ return false;
+ }
+ *(memory.swap) = config->memory_swap;
+
+ memory.kernel = (int64_t *)util_common_calloc_s(sizeof(int64_t));
+ if (memory.kernel == nullptr) {
+ ERROR("Out of memory");
+ return false;
+ }
+ *(memory.kernel) = config->kernel_memory;
+
+ // isulad has not set kernel_tcp
+ memory.kernel_tcp = nullptr;
+
+ if (config->memory_swappiness != nullptr) {
+ memory.swappiness = (uint64_t *)util_common_calloc_s(sizeof(uint64_t));
+ if (memory.swappiness == nullptr) {
+ ERROR("Out of memory");
+ return false;
+ }
+ *(memory.swappiness) = *(config->memory_swappiness);
+ }
+
+ memory.disable_oom_killer = (uint8_t *)util_common_calloc_s(sizeof(uint8_t));
+ if (memory.disable_oom_killer == nullptr) {
+ ERROR("Out of memory");
+ return false;
+ }
+ *(memory.disable_oom_killer) = config->oom_kill_disable;
+
+ // isulad has not set use_hierarchy
+ memory.use_hierarchy = (uint8_t *)util_common_calloc_s(sizeof(uint8_t));
+ if (memory.use_hierarchy == nullptr) {
+ ERROR("Out of memory");
+ return false;
+ }
+ *(memory.use_hierarchy) = false;
+ return true;
+}
+
+auto ConLinuxResourcesToNRI(const host_config *config) -> nri_linux_resources *
+{
+ nri_linux_resources *resources = nullptr;
+ size_t i;
+
+ resources = init_nri_linux_resources();
+ if (resources == nullptr) {
+ ERROR("Failed to init nri linux resources");
+ return nullptr;
+ }
+
+ if (!ConLinuxResourcesCpuToNRI(config, *resources->cpu)) {
+ ERROR("Failed to transform cpu to nri");
+ goto error_out;
+ }
+
+ if (!ConLinuxResourcesMemoryToNRI(config, *resources->memory)) {
+ ERROR("Failed to transform memory to nri");
+ goto error_out;
+ }
+
+ resources->hugepage_limits = (nri_hugepage_limit **)util_smart_calloc_s(sizeof(nri_hugepage_limit *),
+ config->hugetlbs_len);
+ if (resources->hugepage_limits == nullptr) {
+ ERROR("Out of memory");
+ goto error_out;
+ }
+
+ for (i = 0; i < config->hugetlbs_len; i++) {
+ resources->hugepage_limits[i] = (nri_hugepage_limit *)util_common_calloc_s(sizeof(nri_hugepage_limit));
+ if (resources->hugepage_limits[i] == nullptr) {
+ ERROR("Out of memory");
+ goto error_out;
+ }
+ resources->hugepage_limits[i]->page_size = util_strdup_s(config->hugetlbs[i]->page_size);
+ resources->hugepage_limits[i]->limit = config->hugetlbs[i]->limit;
+ resources->hugepage_limits_len++;
+ }
+
+ // resources.blockio_class is not support
+ // resources.rdt_class is not support
+ // They are not standard fields in oci spec
+
+ if (dup_json_map_string_string(config->unified, resources->unified) != 0) {
+ ERROR("Failed to copy unified map");
+ goto error_out;
+ }
+
+ // resources.devices is set in ConLinuxDeviceToNRI
+
+ return resources;
+
+error_out:
+ free_nri_linux_resources(resources);
+ resources = nullptr;
+ return resources;
+}
+
+static bool ConLinuxToNRI(const char *id, const host_config *config, nri_container &con)
+{
+ con.linux = (nri_linux_container *)util_common_calloc_s(sizeof(nri_linux_container));
+ if (con.linux == nullptr) {
+ ERROR("Out of memory");
+ return false;
+ }
+
+ con.linux->resources = ConLinuxResourcesToNRI(config);
+ if (con.linux->resources == nullptr) {
+ ERROR("Failed to transform resources to nri for con : %s", id);
+ return false;
+ }
+
+ if (ConLinuxDeviceToNRI(config, con) != 0) {
+ ERROR("Failed to transform devices to nri for con : %s", id);
+ return false;
+ }
+
+ con.linux->oom_score_adj = (int64_t *)util_common_calloc_s(sizeof(int64_t));
+ if (con.linux->oom_score_adj == nullptr) {
+ ERROR("Out of memory");
+ return false;
+ }
+
+ *(con.linux->oom_score_adj) = config->oom_score_adj;
+
+ con.linux->cgroups_path = merge_container_cgroups_path(id, config);
+ if (con.linux->cgroups_path == NULL) {
+ WARN("nri container cgroups path is NULL");
+ }
+ return true;
+}
+
+static int ConConfigLinuxDeviceToNRI(const runtime::v1::ContainerConfig &containerConfig, nri_container &con)
+{
+ int i;
+ int conConfigDevicesSize = containerConfig.devices_size();
+
+ if (conConfigDevicesSize == 0) {
+ return 0;
+ }
+ con.linux->devices = (nri_linux_device **)util_smart_calloc_s(sizeof(nri_linux_device *), conConfigDevicesSize);
+ if (con.linux->devices == nullptr) {
+ ERROR("Out of memory");
+ return -1;
+ }
+
+ if (con.linux->resources == nullptr) {
+ con.linux->resources = init_nri_linux_resources();
+ if (con.linux->resources == nullptr) {
+ ERROR("Failed to init nri linux resources");
+ return -1;
+ }
+ }
+
+ con.linux->resources->devices = (nri_linux_device_cgroup **)util_smart_calloc_s(sizeof(nri_linux_device_cgroup *),
+ conConfigDevicesSize);
+ if (con.linux->resources->devices == nullptr) {
+ ERROR("Out of memory");
+ return -1;
+ }
+
+ for (i = 0; i < conConfigDevicesSize; i++) {
+ nri_linux_device *device = (nri_linux_device *)util_common_calloc_s(sizeof(nri_linux_device));
+ if (device == nullptr) {
+ ERROR("Out of memory");
+ return -1;
+ }
+
+ nri_linux_device_cgroup *deviceCgroup = (nri_linux_device_cgroup *)util_common_calloc_s(sizeof(
+ nri_linux_device_cgroup));
+ if (deviceCgroup == nullptr) {
+ ERROR("Out of memory");
+ free_nri_linux_device(device);
+ return -1;
+ }
+
+ if (ConvertCRIV1Devices(containerConfig.devices(i), *device, *deviceCgroup) != 0) {
+ ERROR("Failed to convert CRI v1 devices");
+ free_nri_linux_device(device);
+ free_nri_linux_device_cgroup(deviceCgroup);
+ return -1;
+ }
+
+ con.linux->devices[i] = device;
+ con.linux->resources->devices[i] = deviceCgroup;
+ con.linux->devices_len++;
+ con.linux->resources->devices_len++;
+ }
+
+ return 0;
+}
+
+static bool ConConfigLinuxToNRI(const runtime::v1::ContainerConfig &containerConfig, nri_container &con)
+{
+ const char *name = containerConfig.metadata().name().c_str();
+ con.linux = (nri_linux_container *)util_common_calloc_s(sizeof(nri_linux_container));
+ if (con.linux == nullptr) {
+ ERROR("Out of memory");
+ return false;
+ }
+
+ if (containerConfig.has_linux() && containerConfig.linux().has_resources()) {
+ con.linux->resources = LinuxResourcesToNRI(containerConfig.linux().resources());
+ if (con.linux->resources == nullptr) {
+ ERROR("Failed to transform resources to nri for con : %s", name);
+ return false;
+ }
+
+ con.linux->oom_score_adj = (int64_t *)util_common_calloc_s(sizeof(int64_t));
+ if (con.linux->oom_score_adj == nullptr) {
+ ERROR("Out of memory");
+ return false;
+ }
+ *(con.linux->oom_score_adj) = containerConfig.linux().resources().oom_score_adj();
+ }
+
+ if (ConConfigLinuxDeviceToNRI(containerConfig, con) != 0) {
+ ERROR("Failed to convert devices to nri for con : %s", name);
+ return false;
+ }
+
+ // ContainerToNRIByConfig is called when CreateContainer, and cannot get pid at this time
+ con.linux->cgroups_path = NULL;
+ return true;
+}
+
// container info is incomplete because container in excution is not created
auto ContainerToNRIByConConfig(const runtime::v1::ContainerConfig &containerConfig, nri_container &con) -> bool
{
@@ -395,6 +855,9 @@ auto ContainerToNRIByConConfig(const runtime::v1::ContainerConfig &containerConf
Errors tmpError;
+ // ContainerToNRIByConfig is called when CreateConatiner, and the status is 0(CONTAINER_UNKNOWN) at this time
+ con.state = 0;
+
con.labels = Transform::ProtobufMapToJsonMapForString(containerConfig.labels(), tmpError);
if (con.labels == nullptr) {
ERROR("Failed to transform labels to nri for con : %s, : %s", con.name, tmpError.GetMessage().c_str());
@@ -426,9 +889,18 @@ auto ContainerToNRIByConConfig(const runtime::v1::ContainerConfig &containerConf
ERROR("Failed to transform mounts to nri for con : %s", con.name);
return false;
}
- return true;
- // todo: can not get container hooks and pid from containerConfig
+ if (!ConConfigLinuxToNRI(containerConfig, con)) {
+ ERROR("Failed to convert conatiner linux info to nri for con : %s", con.name);
+ return false;
+ }
+
+ // todo: CRI module can not get container hooks from containerConfig
+ // ContainerToNRIByConfig is called when CreateConatiner, and cannot get pid at this time
+
+ // rlimit not support in containerd
+
+ return true;
}
// container info is incomplete because container in excution is not created
@@ -486,6 +958,11 @@ auto ContainerToNRIByID(const std::string &id, nri_container &con) -> bool
goto out;
}
+ if (!ConLinuxToNRI(cont->common_config->id, cont->hostconfig, con)) {
+ ERROR("Failed to transform conatiner linux info to nri for con : %s", con.name);
+ goto out;
+ }
+
// todo: can convert hostconfig's hook_spec to nri spec
con.pid = container_state_get_pid(cont->state);
@@ -644,6 +1121,7 @@ auto ContainersToNRI(std::vector<std::unique_ptr<runtime::v1::Container>> &conta
}
if (!ContainerToNRIByID(containers[i].get()->id(), *con)) {
ERROR("Failed to transform container to nri for container : %s", containers[i]->metadata().name().c_str());
+ free_nri_container(con);
return false;
}
cons.push_back(con);
--
2.34.1

1600
0151-sandbox-sandbox-api-update.patch Normal file
View File

File diff suppressed because it is too large Load Diff

48
0152-add-omitted-macro-definition.patch Normal file
View File

@ -0,0 +1,48 @@
From 9aadae1a71243bab41f5bf43c60f8f1b72806d54 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Fri, 22 Nov 2024 02:40:13 +1400
Subject: [PATCH 152/156] add omitted macro definition
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
src/daemon/modules/api/runtime_api.h | 2 ++
src/daemon/modules/service/service_container.c | 2 ++
2 files changed, 4 insertions(+)
diff --git a/src/daemon/modules/api/runtime_api.h b/src/daemon/modules/api/runtime_api.h
index 930710ca..1f23efe3 100644
--- a/src/daemon/modules/api/runtime_api.h
+++ b/src/daemon/modules/api/runtime_api.h
@@ -84,7 +84,9 @@ typedef struct _rt_create_params_t {
bool tty;
bool open_stdin;
const char *task_addr;
+#ifdef ENABLE_NO_PIVOT_ROOT
bool no_pivot_root;
+#endif
} rt_create_params_t;
typedef struct _rt_start_params_t {
diff --git a/src/daemon/modules/service/service_container.c b/src/daemon/modules/service/service_container.c
index 754c28ac..8e80e936 100644
--- a/src/daemon/modules/service/service_container.c
+++ b/src/daemon/modules/service/service_container.c
@@ -743,6 +743,7 @@ static int do_oci_spec_update(const char *id, oci_runtime_spec *oci_spec, contai
return 0;
}
+#ifdef ENABLE_NO_PIVOT_ROOT
static bool pack_no_pivot_root(const container_t *cont)
{
size_t i = 0;
@@ -759,6 +760,7 @@ static bool pack_no_pivot_root(const container_t *cont)
}
return ret;
}
+#endif
static int do_start_container(container_t *cont, const char *console_fifos[], bool reset_rm, pid_ppid_info_t *pid_info)
{
--
2.34.1

4272
0153-sandbox-sandbox-api-adapt-rust-interface.patch Normal file
View File

File diff suppressed because it is too large Load Diff

25
0154-add-linux-capability.h-head-file.patch Normal file
View File

@ -0,0 +1,25 @@
From 94cf20fe53c0a42f703dd6a0122c619c0ee06715 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Sat, 23 Nov 2024 03:45:22 +1400
Subject: [PATCH 154/156] add linux/capability.h head file
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
src/utils/cutils/utils_cap.h | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/utils/cutils/utils_cap.h b/src/utils/cutils/utils_cap.h
index c7e78ac2..e741b565 100644
--- a/src/utils/cutils/utils_cap.h
+++ b/src/utils/cutils/utils_cap.h
@@ -18,6 +18,7 @@
#include <stdbool.h>
#include <stddef.h>
+#include <linux/capability.h>
#ifdef __cplusplus
extern "C" {
--
2.34.1

34
0155-sandbox-fix-unused-variables.patch Normal file
View File

@ -0,0 +1,34 @@
From baa25031fcf68443bc1262bebec69a54fed38d88 Mon Sep 17 00:00:00 2001
From: liuxu <liuxu156@huawei.com>
Date: Mon, 25 Nov 2024 15:18:13 +0800
Subject: [PATCH 155/156] sandbox:fix unused variables
Signed-off-by: liuxu <liuxu156@huawei.com>
---
.../sandboxer/controller/client/grpc_sandboxer_client.cc | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/src/daemon/sandbox/sandboxer/controller/client/grpc_sandboxer_client.cc b/src/daemon/sandbox/sandboxer/controller/client/grpc_sandboxer_client.cc
index d7ff76d7..5b7f3c1c 100644
--- a/src/daemon/sandbox/sandboxer/controller/client/grpc_sandboxer_client.cc
+++ b/src/daemon/sandbox/sandboxer/controller/client/grpc_sandboxer_client.cc
@@ -92,7 +92,6 @@ auto SandboxerClient::InitCreateRequest(sandbox_create_request &request,
(void)memcpy(request.options->value, encoded.c_str(), encoded.size());
request.options->value_len = encoded.size();
request.netns_path = util_strdup_s(params.netNSPath.c_str());
- sandbox_mount **mounts = NULL;
size_t mounts_len = params.mounts.size();
if (mounts_len > 0) {
request.rootfs = (sandbox_mount**)util_common_calloc_s(mounts_len * sizeof(sandbox_mount *));
@@ -112,7 +111,7 @@ auto SandboxerClient::InitCreateRequest(sandbox_create_request &request,
free(m);
return false;
}
- mounts[request.rootfs_len++] = m;
+ request.rootfs[request.rootfs_len++] = m;
m = NULL;
}
}
--
2.34.1

3021
0156-sandbox-sandbox-api-adapt-rust-interface-UT.patch Normal file
View File

File diff suppressed because it is too large Load Diff

80
0157-bugfix-for-nri-init.patch Normal file
View File

@ -0,0 +1,80 @@
From 08b996a54c6330e704cbc9271f348a62e24fe880 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Wed, 18 Dec 2024 22:43:26 +1400
Subject: [PATCH 157/158] bugfix for nri init
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
src/daemon/common/nri/nri_convert.cc | 7 ++++---
src/daemon/nri/nri_plugin_ops.cc | 28 +++++++++++++---------------
2 files changed, 17 insertions(+), 18 deletions(-)
diff --git a/src/daemon/common/nri/nri_convert.cc b/src/daemon/common/nri/nri_convert.cc
index d862d992..6e571d9a 100644
--- a/src/daemon/common/nri/nri_convert.cc
+++ b/src/daemon/common/nri/nri_convert.cc
@@ -196,7 +196,6 @@ auto PodSandboxToNRI(const std::shared_ptr<const sandbox::Sandbox> &sandbox, nri
pod._namespace = util_strdup_s(sandbox->GetSandboxConfig().metadata().namespace_().c_str());
}
-
pod.labels = Transform::ProtobufMapToJsonMapForString(sandbox->GetSandboxConfig().labels(), tmpError);
if (pod.labels == nullptr) {
ERROR("Failed to transform labels to nri for pod : %s, : %s", pod.name, tmpError.GetMessage().c_str());
@@ -971,9 +970,11 @@ auto ContainerToNRIByID(const std::string &id, nri_container &con) -> bool
goto out;
}
- con.pod_sandbox_id = util_strdup_s(cont->common_config->sandbox_info->id);
- ret = true;
+ if (cont->common_config->sandbox_info!= nullptr && cont->common_config->sandbox_info->id != nullptr) {
+ con.pod_sandbox_id = util_strdup_s(cont->common_config->sandbox_info->id);
+ }
+ ret = true;
out:
container_unref(cont);
return ret;
diff --git a/src/daemon/nri/nri_plugin_ops.cc b/src/daemon/nri/nri_plugin_ops.cc
index e2f88b63..7953f7de 100644
--- a/src/daemon/nri/nri_plugin_ops.cc
+++ b/src/daemon/nri/nri_plugin_ops.cc
@@ -42,22 +42,20 @@ bool nri_adaption_init(void)
{
Errors error;
- if (!conf_get_nri_support()) {
- return true;
- }
-
- nri_runtime_callbacks callbacks;
- callbacks.register_plugin = nri_registry_containers;
- callbacks.update_containers = nri_update_containers;
- if (nri_runtime_service_init(callbacks) != 0) {
- ERROR("Failed to init runtime service\n");
- return false;
- }
+ if (conf_get_nri_support()) {
+ nri_runtime_callbacks callbacks;
+ callbacks.register_plugin = nri_registry_containers;
+ callbacks.update_containers = nri_update_containers;
+ if (nri_runtime_service_init(callbacks) != 0) {
+ ERROR("Failed to init runtime service\n");
+ return false;
+ }
- if (conf_get_nri_external_support()) {
- if (!start_external_listener()) {
- ERROR("Failed to start external listener\n");
- goto clean_out;
+ if (conf_get_nri_external_support()) {
+ if (!start_external_listener()) {
+ ERROR("Failed to start external listener\n");
+ goto clean_out;
+ }
}
}
--
2.25.1

87
0158-Revert-move-nri-call-in-stop-and-remove-con.patch Normal file
View File

@ -0,0 +1,87 @@
From e160e82c1a7eff3c9cca9794a4db04508e9ffb05 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Wed, 18 Dec 2024 22:54:32 +1400
Subject: [PATCH 158/158] Revert "move nri call in stop and remove con"
This reverts commit db60c64138b45539fe70282c853ac2dae5954924.
---
src/daemon/common/cri/cri_helpers.cc | 18 ------------------
.../cri/v1/v1_cri_container_manager_service.cc | 14 ++++++++++++++
2 files changed, 14 insertions(+), 18 deletions(-)
diff --git a/src/daemon/common/cri/cri_helpers.cc b/src/daemon/common/cri/cri_helpers.cc
index aa8e3c19..a8cbd996 100644
--- a/src/daemon/common/cri/cri_helpers.cc
+++ b/src/daemon/common/cri/cri_helpers.cc
@@ -32,10 +32,6 @@
#include "isulad_config.h"
#include "sha256.h"
-#ifdef ENABLE_NRI
-#include "nri_adaption.h"
-#endif
-
namespace CRIHelpers {
const std::string Constants::POD_NETWORK_ANNOTATION_KEY { "network.alpha.kubernetes.io/network" };
const std::string Constants::CONTAINER_TYPE_LABEL_KEY { "cri.isulad.type" };
@@ -664,13 +660,6 @@ void RemoveContainerHelper(service_executor_t *cb, const std::string &containerI
goto cleanup;
}
-#ifdef ENABLE_NRI
- if (!NRIAdaptation::GetInstance()->RemoveContainer(containerID, error)) {
- ERROR("NRI RemoveContainer notification failed: %s", error.GetCMessage());
- }
- error.Clear();
-#endif
-
if (cb->container.remove(request, &response) != 0) {
if (response != nullptr && response->errmsg != nullptr) {
error.SetError(response->errmsg);
@@ -730,13 +719,6 @@ void StopContainerHelper(service_executor_t *cb, const std::string &containerID,
error.SetError(msg);
}
-#ifdef ENABLE_NRI
- if (!NRIAdaptation::GetInstance()->StopContainer(containerID, error)) {
- ERROR("NRI StopContainer notification failed: %s", error.GetCMessage());
- }
- error.Clear();
-#endif
-
free_container_stop_request(request);
free_container_stop_response(response);
}
diff --git a/src/daemon/entry/cri/v1/v1_cri_container_manager_service.cc b/src/daemon/entry/cri/v1/v1_cri_container_manager_service.cc
index b585b49c..1e84d14c 100644
--- a/src/daemon/entry/cri/v1/v1_cri_container_manager_service.cc
+++ b/src/daemon/entry/cri/v1/v1_cri_container_manager_service.cc
@@ -618,11 +618,25 @@ cleanup:
void ContainerManagerService::StopContainer(const std::string &containerID, int64_t timeout, Errors &error)
{
+#ifdef ENABLE_NRI
+ Errors nriErr;
+#endif
CRIHelpers::StopContainer(m_cb, containerID, timeout, error);
+#ifdef ENABLE_NRI
+ if (!NRIAdaptation::GetInstance()->StopContainer(containerID, nriErr)) {
+ ERROR("NRI StopContainer notification failed: %s", nriErr.GetCMessage());
+ }
+#endif
}
void ContainerManagerService::RemoveContainer(const std::string &containerID, Errors &error)
{
+#ifdef ENABLE_NRI
+ Errors nriErr;
+ if (!NRIAdaptation::GetInstance()->RemoveContainer(containerID, nriErr)) {
+ ERROR("NRI RemoveContainer notification failed: %s", nriErr.GetCMessage());
+ }
+#endif
CRIHelpers::RemoveContainer(m_cb, containerID, error);
if (error.NotEmpty()) {
WARN("Failed to remove container %s", containerID.c_str());
--
2.25.1

31
0159-bugfix-overwriting-when-i-is-len-1.patch Normal file
View File

@ -0,0 +1,31 @@
From 9006b2901cb17b5cf0fa3579334ddb765ac3fe11 Mon Sep 17 00:00:00 2001
From: liuxu <liuxu156@huawei.com>
Date: Mon, 25 Nov 2024 19:42:02 +0800
Subject: [PATCH 01/19] bugfix:overwriting when i is len-1
Signed-off-by: liuxu <liuxu156@huawei.com>
---
src/daemon/modules/spec/specs.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/src/daemon/modules/spec/specs.c b/src/daemon/modules/spec/specs.c
index 36e89343..67a47257 100644
--- a/src/daemon/modules/spec/specs.c
+++ b/src/daemon/modules/spec/specs.c
@@ -2779,8 +2779,11 @@ void spec_remove_mount(oci_runtime_spec *oci_spec, const char *dest)
for (i = 0; i < oci_spec->mounts_len; i++) {
if (strcmp(oci_spec->mounts[i]->destination, dest) == 0) {
free_defs_mount(oci_spec->mounts[i]);
- (void)memcpy((void **)&oci_spec->mounts[i], (void **)&oci_spec->mounts[i + 1],
- (oci_spec->mounts_len - i - 1) * sizeof(void *));
+ oci_spec->mounts[i] = NULL;
+ if (i != oci_spec->mounts_len - 1) {
+ (void)memcpy((void **)&oci_spec->mounts[i], (void **)&oci_spec->mounts[i + 1],
+ (oci_spec->mounts_len - i - 1) * sizeof(void *));
+ }
oci_spec->mounts_len--;
return;
}
--
2.23.0

25
0160-bug-fix-Isula-ps-not-display-N-A-when-ports-empty.patch Normal file
View File

@ -0,0 +1,25 @@
From f55efffaeb1f28ac4e4e1b60b820b2b4694067b4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E6=AD=A6=E7=A7=AF=E8=B6=85?= <wujichao1@huawei.com>
Date: Tue, 26 Nov 2024 20:29:29 +0800
Subject: [PATCH 02/19] bug fix: Isula ps not display N/A when ports empty
---
src/cmd/isula/information/ps.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/cmd/isula/information/ps.c b/src/cmd/isula/information/ps.c
index 6bdc157f..5f46ef22 100644
--- a/src/cmd/isula/information/ps.c
+++ b/src/cmd/isula/information/ps.c
@@ -332,7 +332,7 @@ static void print_basic_container_info_item(const struct isula_container_summary
} else if (strcmp(name, "Created") == 0) {
print_created_field(in->created, length->created_length);
} else if (strcmp(name, "Ports") == 0) {
- const char *ports = (in->ports != NULL ? in->ports : "N/A");
+ const char *ports = (in->ports != NULL ? in->ports : " ");
printf("%-*s", (int)length->ports_length, ports);
}
}
--
2.23.0

28
0161-bugfix-for-workdir-len-verify.patch Normal file
View File

@ -0,0 +1,28 @@
From 3c9d51bfdf0e71ac846946d746003139bf3a02c8 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Tue, 26 Nov 2024 23:46:52 +1400
Subject: [PATCH 03/19] bugfix for workdir len verify
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
src/daemon/modules/runtime/isula/isula_rt_ops.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/daemon/modules/runtime/isula/isula_rt_ops.c b/src/daemon/modules/runtime/isula/isula_rt_ops.c
index e628c3fe..22608e4c 100644
--- a/src/daemon/modules/runtime/isula/isula_rt_ops.c
+++ b/src/daemon/modules/runtime/isula/isula_rt_ops.c
@@ -786,8 +786,8 @@ static int shielded_output_check(const char *output, const char *workdir)
return 0;
}
- if (sizeof(chdir_pattern) > PATH_MAX - strlen("chdir ") - strlen(" failed")) {
- INFO("chdir_pattern is too long");
+ if (strlen(workdir) > PATH_MAX - strlen("chdir ") - strlen(" failed")) {
+ INFO("workdir is too long");
return -1;
}
--
2.23.0

115
0162-bugfix-fix-exec-detach-for-shim-v2.patch Normal file
View File

@ -0,0 +1,115 @@
From 6766ace88ac35f217b5e6b6ddab7c30e126a7956 Mon Sep 17 00:00:00 2001
From: liuxu <liuxu156@huawei.com>
Date: Tue, 26 Nov 2024 15:37:46 +0800
Subject: [PATCH 04/19] bugfix:fix exec --detach for shim v2
Signed-off-by: liuxu <liuxu156@huawei.com>
---
.../modules/runtime/isula/isula_rt_ops.c | 11 ++----
src/daemon/modules/runtime/runtime_common.h | 35 +++++++++++++++++++
src/daemon/modules/runtime/shim/shim_rt_ops.c | 4 ++-
3 files changed, 40 insertions(+), 10 deletions(-)
create mode 100644 src/daemon/modules/runtime/runtime_common.h
diff --git a/src/daemon/modules/runtime/isula/isula_rt_ops.c b/src/daemon/modules/runtime/isula/isula_rt_ops.c
index e628c3fe..11288310 100644
--- a/src/daemon/modules/runtime/isula/isula_rt_ops.c
+++ b/src/daemon/modules/runtime/isula/isula_rt_ops.c
@@ -56,6 +56,7 @@
#include "utils_file.h"
#include "console.h"
#include "shim_constants.h"
+#include "runtime_common.h"
#define SHIM_BINARY "isulad-shim"
#define RESIZE_FIFO_NAME "resize_fifo"
@@ -1393,14 +1394,6 @@ int rt_isula_rm(const char *id, const char *runtime, const rt_rm_params_t *param
return 0;
}
-static bool fg_exec(const rt_exec_params_t *params)
-{
- if (params->console_fifos[0] != NULL || params->console_fifos[1] != NULL || params->console_fifos[2] != NULL) {
- return true;
- }
- return false;
-}
-
static char *try_generate_random_id()
{
char *id = NULL;
@@ -1536,7 +1529,7 @@ int rt_isula_exec(const char *id, const char *runtime, const rt_exec_params_t *p
}
}
- args.fg = fg_exec(params);
+ args.fg = rt_fg_exec(params);
args.id = id;
args.workdir = workdir;
args.bundle = bundle;
diff --git a/src/daemon/modules/runtime/runtime_common.h b/src/daemon/modules/runtime/runtime_common.h
new file mode 100644
index 00000000..dde47110
--- /dev/null
+++ b/src/daemon/modules/runtime/runtime_common.h
@@ -0,0 +1,35 @@
+/******************************************************************************
+ * Copyright (c) Huawei Technologies Co., Ltd. 2024. All rights reserved.
+ * iSulad licensed under the Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ * http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+ * PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ * Author: liuxu
+ * Create: 2024-11-28
+ * Description: runtime common definition
+ ******************************************************************************/
+
+#ifndef DAEMON_MODULES_RUNTIME_COMMON_H
+#define DAEMON_MODULES_RUNTIME_COMMON_H
+
+#include "runtime_api.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+static inline bool rt_fg_exec(const rt_exec_params_t *params)
+{
+ return params->console_fifos[0] != NULL || params->console_fifos[1] != NULL || params->console_fifos[2] != NULL;
+}
+
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif // DAEMON_MODULES_RUNTIME_COMMON_H
diff --git a/src/daemon/modules/runtime/shim/shim_rt_ops.c b/src/daemon/modules/runtime/shim/shim_rt_ops.c
index fc4d8e3a..fce18ade 100644
--- a/src/daemon/modules/runtime/shim/shim_rt_ops.c
+++ b/src/daemon/modules/runtime/shim/shim_rt_ops.c
@@ -36,6 +36,7 @@
#include "shim_rt_monitor.h"
#include "supervisor.h"
#include "isulad_config.h"
+#include "runtime_common.h"
#define EXIT_SIGNAL_OFFSET_X 128
@@ -589,7 +590,8 @@ int rt_shim_exec(const char *id, const char *runtime, const rt_exec_params_t *pa
goto out;
}
- if (shim_v2_wait(id, params->suffix, exit_code) != 0) {
+ if (rt_fg_exec(params) &&
+ shim_v2_wait(id, params->suffix, exit_code) != 0) {
ERROR("%s: failed to wait exec process", id);
ret = -1;
goto out;
--
2.23.0

114
0163-image-layer-fix-code-style.patch Normal file
View File

@ -0,0 +1,114 @@
From 255fada49877e854690d628dc7832c3e459fd5aa Mon Sep 17 00:00:00 2001
From: liuxu <liuxu156@huawei.com>
Date: Thu, 5 Dec 2024 19:59:15 +0800
Subject: [PATCH 05/19] image layer:fix code style
Signed-off-by: liuxu <liuxu156@huawei.com>
---
.../modules/image/oci/storage/layer_store/layer.c | 9 +++++----
.../modules/image/oci/storage/layer_store/layer.h | 6 +++---
.../image/oci/storage/layer_store/layer_store.c | 11 ++++++-----
.../image/oci/storage/layer_store/layer_store.h | 5 +++--
4 files changed, 17 insertions(+), 14 deletions(-)
diff --git a/src/daemon/modules/image/oci/storage/layer_store/layer.c b/src/daemon/modules/image/oci/storage/layer_store/layer.c
index 4beb3d10..8fd9aa5b 100644
--- a/src/daemon/modules/image/oci/storage/layer_store/layer.c
+++ b/src/daemon/modules/image/oci/storage/layer_store/layer.c
@@ -15,16 +15,17 @@
#include "layer.h"
-#include <isula_libutils/json_common.h>
-#include <isula_libutils/storage_layer.h>
#include <stdlib.h>
#include <string.h>
+#include <isula_libutils/json_common.h>
+#include <isula_libutils/storage_layer.h>
+#include <isula_libutils/storage_mount_point.h>
+#include <isula_libutils/log.h>
+
#include "constants.h"
-#include "isula_libutils/storage_mount_point.h"
#include "util_atomic.h"
#include "utils.h"
-#include "isula_libutils/log.h"
#include "utils_file.h"
void free_layer_t(layer_t *ptr)
diff --git a/src/daemon/modules/image/oci/storage/layer_store/layer.h b/src/daemon/modules/image/oci/storage/layer_store/layer.h
index 9387efe0..94831ef4 100644
--- a/src/daemon/modules/image/oci/storage/layer_store/layer.h
+++ b/src/daemon/modules/image/oci/storage/layer_store/layer.h
@@ -20,9 +20,9 @@
#include <stdbool.h>
#include <stddef.h>
-#include "isula_libutils/storage_layer.h"
-#include "isula_libutils/storage_mount_point.h"
-#include "isula_libutils/log.h"
+#include <isula_libutils/storage_layer.h>
+#include <isula_libutils/storage_mount_point.h>
+#include <isula_libutils/log.h>
#ifdef __cplusplus
extern "C" {
diff --git a/src/daemon/modules/image/oci/storage/layer_store/layer_store.c b/src/daemon/modules/image/oci/storage/layer_store/layer_store.c
index 3ffe0ca7..bb2e7edc 100644
--- a/src/daemon/modules/image/oci/storage/layer_store/layer_store.c
+++ b/src/daemon/modules/image/oci/storage/layer_store/layer_store.c
@@ -19,6 +19,11 @@
#include <stdio.h>
#include <limits.h>
#include <dirent.h>
+#include <stdint.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/stat.h>
+
#include <isula_libutils/container_inspect.h>
#include <isula_libutils/storage_layer.h>
#include <isula_libutils/storage_mount_point.h>
@@ -26,10 +31,6 @@
#include <isula_libutils/log.h>
#include <isula_libutils/storage_entry.h>
#include <isula_libutils/go_crc64.h>
-#include <stdint.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/stat.h>
#include "util_archive.h"
#include "storage.h"
@@ -1709,7 +1710,7 @@ static int load_layers_from_json_files()
}
ret = 0;
- goto unlock_out;
+
unlock_out:
layer_store_unlock();
return ret;
diff --git a/src/daemon/modules/image/oci/storage/layer_store/layer_store.h b/src/daemon/modules/image/oci/storage/layer_store/layer_store.h
index eba406d4..a1b0857e 100644
--- a/src/daemon/modules/image/oci/storage/layer_store/layer_store.h
+++ b/src/daemon/modules/image/oci/storage/layer_store/layer_store.h
@@ -16,11 +16,12 @@
#define DAEMON_MODULES_IMAGE_OCI_STORAGE_LAYER_STORE_LAYER_STORE_H
#include <stdint.h>
-#include <isula_libutils/imagetool_fs_info.h>
-#include <isula_libutils/json_common.h>
#include <stdbool.h>
#include <stddef.h>
+#include <isula_libutils/imagetool_fs_info.h>
+#include <isula_libutils/json_common.h>
+
#include "storage.h"
#include "io_wrapper.h"
--
2.23.0

207
0164-image-store-add-UT.patch Normal file
View File

@ -0,0 +1,207 @@
From 2a3078132c461c45cba2932a75517314db06dcbd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E6=AD=A6=E7=A7=AF=E8=B6=85?= <wujichao1@huawei.com>
Date: Fri, 6 Dec 2024 16:32:03 +0800
Subject: [PATCH 06/19] image store: add UT
---
.../oci/storage/images/storage_images_ut.cc | 53 ++++++++++++++++++-
1 file changed, 51 insertions(+), 2 deletions(-)
diff --git a/test/image/oci/storage/images/storage_images_ut.cc b/test/image/oci/storage/images/storage_images_ut.cc
index 001090fe..ad0084d6 100644
--- a/test/image/oci/storage/images/storage_images_ut.cc
+++ b/test/image/oci/storage/images/storage_images_ut.cc
@@ -269,12 +269,21 @@ TEST_F(StorageImagesCompatibilityUnitTest, test_load_v1_image)
EXPECT_CALL(m_storage_mock, FreeLayerList(_)).WillRepeatedly(Invoke(invokeFreeLayerList));
opts.storage_root = strdup(store_real_path);
opts.driver_name = strdup("overlay");
+
+ std::string converted_image_id { "597fa49c3dbc5dd1e84120dd1906b65223afd479a7e094c085b580060c0fccec" };
+ ASSERT_FALSE(image_store_exists(converted_image_id.c_str())); // before init must false
+ ASSERT_EQ(image_store_delete(converted_image_id.c_str()), -1); // before init must false
+
ASSERT_EQ(image_store_init(&opts), 0);
+ // init twice will go to errror branch "Image store has already been initialized"
+ ASSERT_EQ(image_store_init(&opts), -1);
free(opts.storage_root);
free(opts.driver_name);
- std::string converted_image_id { "597fa49c3dbc5dd1e84120dd1906b65223afd479a7e094c085b580060c0fccec" };
ASSERT_TRUE(image_store_exists(converted_image_id.c_str()));
+ const char* null_id = NULL;
+ ASSERT_FALSE(image_store_exists(null_id));
ASSERT_EQ(image_store_delete(converted_image_id.c_str()), 0);
+ ASSERT_EQ(image_store_delete(null_id), -1);
}
class StorageImagesUnitTest : public testing::Test {
@@ -320,6 +329,8 @@ protected:
TEST_F(StorageImagesUnitTest, test_images_load)
{
+ const char* null_id = NULL;
+ ASSERT_EQ(image_store_get_image(null_id), nullptr);
auto image = image_store_get_image(ids.at(0).c_str());
ASSERT_NE(image, nullptr);
@@ -345,11 +356,17 @@ TEST_F(StorageImagesUnitTest, test_images_load)
char **names { nullptr };
size_t names_len { 0 };
+
+ ASSERT_EQ(image_store_big_data_names(null_id, &names, &names_len), -1);
ASSERT_EQ(image_store_big_data_names(ids.at(0).c_str(), &names, &names_len), 0);
ASSERT_EQ(names_len, 2);
ASSERT_STREQ(names[0], "sha256:39891ff67da98ab8540d71320915f33d2eb80ab42908e398472cab3c1ce7ac10");
ASSERT_STREQ(names[1], "manifest");
+ const char* null_name = NULL;
+ ASSERT_EQ(image_store_big_data_size(null_id, names[0]), -1);
+ ASSERT_EQ(image_store_big_data_size(ids.at(0).c_str(), null_name), -1);
+
ASSERT_EQ(image_store_big_data_size(ids.at(0).c_str(), names[0]), 2235);
ASSERT_EQ(image_store_big_data_size(ids.at(0).c_str(), names[1]), 741);
for (size_t i {}; i < names_len; ++i) {
@@ -418,7 +435,11 @@ TEST_F(StorageImagesUnitTest, test_image_store_create)
std::cout << buffer << std::endl;
std::string key = "sha256:" + std::string(created_image);
+ const char* null_key = NULL;
ASSERT_EQ(image_store_set_big_data(created_image, key.c_str(), buffer.c_str()), 0);
+ ASSERT_EQ(image_store_set_big_data(created_image, null_key, buffer.c_str()), -1);
+ const char* null_id = NULL;
+ ASSERT_EQ(image_store_set_big_data(null_id, key.c_str(), buffer.c_str()), -1);
std::string img_store_path = std::string(store_real_path) + "/overlay-images/";
ASSERT_TRUE(dirExists((img_store_path + id).c_str()));
@@ -440,10 +461,13 @@ TEST_F(StorageImagesUnitTest, test_image_store_create)
std::cout << "manifest :" << std::endl;
std::cout << manifest_content << std::endl;
+ ASSERT_EQ(image_store_big_data(null_id, "manifest"), nullptr);
+ ASSERT_EQ(image_store_big_data(id.c_str(), null_key), nullptr);
char *data = image_store_big_data(id.c_str(), "manifest");
ASSERT_STREQ(data, manifest_content.c_str());
free(data);
+ ASSERT_EQ(image_store_get_image(null_id), nullptr);
auto image = image_store_get_image(id.c_str());
ASSERT_NE(image, nullptr);
ASSERT_NE(image->created, nullptr);
@@ -476,16 +500,19 @@ TEST_F(StorageImagesUnitTest, test_image_store_create)
free_imagetool_image(image);
char *toplayer = nullptr;
+ ASSERT_EQ(image_store_top_layer(null_id), nullptr);
ASSERT_STREQ((toplayer = image_store_top_layer(id.c_str())),
"6194458b07fcf01f1483d96cd6c34302ffff7f382bb151a6d023c4e80ba3050a");
free(toplayer);
+ ASSERT_EQ(image_store_set_image_size(null_id, 1000), -1);
ASSERT_EQ(image_store_set_image_size(id.c_str(), 1000), 0);
image = image_store_get_image(id.c_str());
ASSERT_EQ(image->size, 1000);
free_imagetool_image(image);
+ ASSERT_EQ(image_store_add_name(null_id, "isula.org/library/test:latest"), -1);
ASSERT_EQ(image_store_add_name(id.c_str(), "isula.org/library/test:latest"), 0);
image = image_store_get_image(id.c_str());
ASSERT_EQ(image->repo_tags_len, 2);
@@ -497,6 +524,9 @@ TEST_F(StorageImagesUnitTest, test_image_store_create)
img_names = (char **)util_common_calloc_s(2 * sizeof(char *));
img_names[0] = util_strdup_s("busybox:latest");
img_names[1] = util_strdup_s("centos:3.0");
+ size_t names_len = 0;
+ ASSERT_EQ(image_store_set_names(null_id, (const char **)img_names, 2), -1);
+ ASSERT_EQ(image_store_set_names(id.c_str(), (const char **)img_names, names_len), -1);
ASSERT_EQ(image_store_set_names(id.c_str(), (const char **)img_names, 2), 0);
image = image_store_get_image(id.c_str());
ASSERT_EQ(image->repo_tags_len, 2);
@@ -505,13 +535,17 @@ TEST_F(StorageImagesUnitTest, test_image_store_create)
util_free_array_by_len(img_names, 2);
free_imagetool_image(image);
+ ASSERT_EQ(image_store_set_metadata(null_id, "{metadata}"), -1);
ASSERT_EQ(image_store_set_metadata(id.c_str(), "{metadata}"), 0);
char *manifest_val = nullptr;
+
+ ASSERT_EQ(image_store_metadata(null_id), nullptr);
ASSERT_STREQ((manifest_val = image_store_metadata(id.c_str())), "{metadata}");
free(manifest_val);
free(created_image);
+ ASSERT_EQ(image_store_delete(null_id), -1);
ASSERT_EQ(image_store_delete(id.c_str()), 0);
ASSERT_EQ(image_store_get_image(id.c_str()), nullptr);
ASSERT_FALSE(dirExists((img_store_path + id).c_str()));
@@ -530,6 +564,7 @@ TEST_F(StorageImagesUnitTest, test_image_store_create)
std::cout << cp_command << std::endl;
ASSERT_EQ(system(cp_command.c_str()), 0);
+ ASSERT_EQ(image_store_big_data_digest(random_id, null_key), nullptr);
char *digest = image_store_big_data_digest(random_id, "manifest");
ASSERT_STREQ(digest, "sha256:fdb7b1fccaaa535cb8211a194dd6314acc643f3a36d1a7d2b79c299a9173fa7e");
free(digest);
@@ -547,6 +582,8 @@ TEST_F(StorageImagesUnitTest, test_image_store_lookup)
std::string truncatedId { "e4db68de4ff27" };
std::string incorrectId { "4db68de4ff27" };
+ const char* null_id = NULL;
+ ASSERT_EQ(image_store_lookup(null_id), nullptr);
char *value = nullptr;
ASSERT_STREQ((value = image_store_lookup(name.c_str())), id.c_str());
free(value);
@@ -563,6 +600,8 @@ TEST_F(StorageImagesUnitTest, test_image_store_exists)
std::string truncatedId { "398" };
std::string incorrectId { "ff67da98ab8540d713209" };
+ const char* null_id = NULL;
+ ASSERT_FALSE(image_store_exists(null_id));
ASSERT_TRUE(image_store_exists(name.c_str()));
ASSERT_TRUE(image_store_exists(truncatedId.c_str()));
ASSERT_FALSE(image_store_exists(incorrectId.c_str()));
@@ -584,6 +623,7 @@ TEST_F(StorageImagesUnitTest, test_image_store_metadata)
TEST_F(StorageImagesUnitTest, test_image_store_get_all_images)
{
imagetool_images_list *images_list = nullptr;
+ ASSERT_EQ(image_store_get_all_images(images_list), -1);
images_list = (imagetool_images_list *)util_common_calloc_s(sizeof(imagetool_images_list));
ASSERT_NE(images_list, nullptr);
@@ -613,7 +653,12 @@ TEST_F(StorageImagesUnitTest, test_image_store_get_something)
ASSERT_EQ(image_store_get_images_number(), 2);
ASSERT_EQ(image_store_get_fs_info(fs_info), 0);
+ imagetool_fs_info *null_fs_info = nullptr;
+ ASSERT_EQ(image_store_get_fs_info(null_fs_info), -1);
+
ASSERT_EQ(image_store_get_names(ids.at(0).c_str(), &names, &names_len), 0);
+ const char* null_id = NULL;
+ ASSERT_EQ(image_store_get_names(null_id, &names, &names_len), -1);
ASSERT_EQ(names_len, 1);
ASSERT_STREQ(names[0], "imagehub.isulad.com/official/centos:latest");
@@ -632,7 +677,9 @@ TEST_F(StorageImagesUnitTest, test_image_store_delete)
ASSERT_FALSE(image_store_exists(elem.c_str()));
ASSERT_FALSE(dirExists((std::string(store_real_path) + "/overlay-images/" + elem).c_str()));
}
-
+ const char* null_id = NULL;
+ ASSERT_FALSE(image_store_exists(null_id));
+ ASSERT_EQ(image_store_delete(null_id), -1);
Restore();
}
@@ -646,6 +693,8 @@ TEST_F(StorageImagesUnitTest, test_image_store_remove_single_name)
}
ASSERT_EQ(image_store_add_name(ids.at(0).c_str(), "imagehub.isulad.com/official/busybox:latest"), 0);
+ const char* null_id = NULL;
+ ASSERT_EQ(image_store_add_name(null_id, "imagehub.isulad.com/official/busybox:latest"), -1);
Restore();
}
--
2.23.0

125
0165-bugfix-do-purge-container-when-do_start_container-fa.patch Normal file
View File

@ -0,0 +1,125 @@
From a6b8a2c04df21d940ce0d22128b776c00d460bba Mon Sep 17 00:00:00 2001
From: liuxu <liuxu156@huawei.com>
Date: Fri, 6 Dec 2024 10:39:22 +0800
Subject: [PATCH 07/19] bugfix:do purge container when do_start_container
failed
Signed-off-by: liuxu <liuxu156@huawei.com>
---
.../modules/container/restore/restore.c | 1 +
.../modules/container/supervisor/supervisor.c | 4 +--
.../modules/service/service_container.c | 25 ++++++++++++++++---
3 files changed, 23 insertions(+), 7 deletions(-)
diff --git a/src/daemon/modules/container/restore/restore.c b/src/daemon/modules/container/restore/restore.c
index 52f68d21..44ed14df 100644
--- a/src/daemon/modules/container/restore/restore.c
+++ b/src/daemon/modules/container/restore/restore.c
@@ -95,6 +95,7 @@ static int restore_supervisor(const container_t *cont)
if (container_supervisor_add_exit_monitor(exit_fifo_fd, exit_fifo, &pid_info, cont)) {
ERROR("Failed to add exit monitor to supervisor");
+ close(exit_fifo_fd);
ret = -1;
goto out;
}
diff --git a/src/daemon/modules/container/supervisor/supervisor.c b/src/daemon/modules/container/supervisor/supervisor.c
index 294783eb..f77f58d7 100644
--- a/src/daemon/modules/container/supervisor/supervisor.c
+++ b/src/daemon/modules/container/supervisor/supervisor.c
@@ -328,7 +328,6 @@ int container_supervisor_add_exit_monitor(int fd, const char *exit_fifo, const p
if (pid_info == NULL || cont == NULL || cont->common_config == NULL) {
ERROR("Invalid input arguments");
- close(fd);
return -1;
}
@@ -336,7 +335,6 @@ int container_supervisor_add_exit_monitor(int fd, const char *exit_fifo, const p
cgroup_path = merge_container_cgroups_path(cont->common_config->id, cont->hostconfig);
if (cgroup_path == NULL) {
ERROR("Failed to get cgroup path");
- close(fd);
return -1;
}
#endif
@@ -344,7 +342,6 @@ int container_supervisor_add_exit_monitor(int fd, const char *exit_fifo, const p
data = util_common_calloc_s(sizeof(struct supervisor_handler_data));
if (data == NULL) {
ERROR("Memory out");
- close(fd);
return -1;
}
@@ -385,6 +382,7 @@ int container_supervisor_add_exit_monitor(int fd, const char *exit_fifo, const p
goto out;
err:
+ data->fd = -1;
supervisor_handler_data_free(data);
#ifdef ENABLE_OOM_MONITOR
common_free_cgroup_oom_handler_info(oom_handler_info);
diff --git a/src/daemon/modules/service/service_container.c b/src/daemon/modules/service/service_container.c
index 8e80e936..250e8299 100644
--- a/src/daemon/modules/service/service_container.c
+++ b/src/daemon/modules/service/service_container.c
@@ -283,7 +283,6 @@ static int do_post_start_on_success(container_t *cont, int exit_fifo_fd,
{
int ret = 0;
- // exit_fifo_fd was closed in container_supervisor_add_exit_monitor
if (container_supervisor_add_exit_monitor(exit_fifo_fd, exit_fifo, pid_info, cont)) {
ERROR("Failed to add exit monitor to supervisor");
ret = -1;
@@ -936,7 +935,11 @@ static int do_start_container(container_t *cont, const char *console_fifos[], bo
if (runtime_create(id, runtime, &create_params) != 0) {
ret = -1;
+#ifdef ENABLE_CRI_API_V1
+ goto clean_prepare_container;
+#else
goto close_exit_fd;
+#endif
}
start_params.rootpath = cont->root_path;
@@ -959,19 +962,33 @@ static int do_start_container(container_t *cont, const char *console_fifos[], bo
if (do_post_start_on_success(cont, exit_fifo_fd, exit_fifo, pid_info) != 0) {
ERROR("Failed to do post start on runtime start success");
ret = -1;
- goto clean_resources;
+#ifdef ENABLE_CRI_API_V1
+ goto clean_prepare_container;
+#else
+ goto close_exit_fd;
+#endif
}
} else {
// wait monitor cleanup cgroup and processes finished
wait_exit_fifo(id, exit_fifo_fd);
+#ifdef ENABLE_CRI_API_V1
+ goto clean_prepare_container;
+#else
goto close_exit_fd;
+#endif
}
goto out;
+#ifdef ENABLE_CRI_API_V1
+clean_prepare_container:
+ if (cont->common_config->sandbox_info != NULL &&
+ sandbox_purge_container(cont->common_config) != 0) {
+ ERROR("Failed to remove container %s from sandbox", id);
+ }
+#endif
+
close_exit_fd:
close(exit_fifo_fd);
-
-clean_resources:
clean_resources_on_failure(cont, engine_log_path, loglevel);
out:
--
2.23.0

101
0166-supplementary-registry-design-documentation.patch Normal file
View File

File diff suppressed because one or more lines are too long

1167
0167-sandbox-del-shim_sandbox-and-change-sandbox-ops.patch Normal file
View File

File diff suppressed because it is too large Load Diff

348
0168-UT-del-shim_sandbox-and-change-sandbox-ops.patch Normal file
View File

@ -0,0 +1,348 @@
From 1e9031cc064f6980250287641e6b3311af755485 Mon Sep 17 00:00:00 2001
From: liuxu <liuxu156@huawei.com>
Date: Sat, 30 Nov 2024 09:50:33 +0800
Subject: [PATCH 02/11] UT: del shim_sandbox and change sandbox ops
Signed-off-by: liuxu <liuxu156@huawei.com>
---
test/mocks/sandbox_mock.cc | 26 ++++++++
test/mocks/sandbox_mock.h | 9 +++
test/mocks/sandboxer_sandbox_mock.cc | 35 +++++-----
test/mocks/sandboxer_sandbox_mock.h | 13 ++--
test/mocks/shim_sandbox_mock.cc | 72 ---------------------
test/mocks/shim_sandbox_mock.h | 43 ------------
test/sandbox/sandbox/CMakeLists.txt | 1 -
test/sandbox/sandbox/sandbox_ut.cc | 5 +-
test/sandbox/sandbox_manager/CMakeLists.txt | 1 -
9 files changed, 61 insertions(+), 144 deletions(-)
delete mode 100644 test/mocks/shim_sandbox_mock.cc
delete mode 100644 test/mocks/shim_sandbox_mock.h
diff --git a/test/mocks/sandbox_mock.cc b/test/mocks/sandbox_mock.cc
index 9db57a93..cce5a1b6 100644
--- a/test/mocks/sandbox_mock.cc
+++ b/test/mocks/sandbox_mock.cc
@@ -221,4 +221,30 @@ bool Sandbox::Remove(Errors &error)
}
return true;
}
+
+void Sandbox::LoadSandboxTasks() {}
+
+auto Sandbox::PrepareContainer(const char *containerId, const char *baseFs,
+ const oci_runtime_spec *ociSpec,
+ const char *consoleFifos[]) -> int
+{
+ return 0;
+}
+
+auto Sandbox::PrepareExec(const char *containerId, const char *execId,
+ defs_process *processSpec, const char *consoleFifos[]) -> int
+{
+ return 0;
+}
+
+auto Sandbox::PurgeContainer(const char *containerId) -> int
+{
+ return 0;
+}
+
+auto Sandbox::PurgeExec(const char *containerId, const char *execId) -> int
+{
+ return 0;
+}
+
}
\ No newline at end of file
diff --git a/test/mocks/sandbox_mock.h b/test/mocks/sandbox_mock.h
index 98f40ad2..4908bcd9 100644
--- a/test/mocks/sandbox_mock.h
+++ b/test/mocks/sandbox_mock.h
@@ -58,6 +58,15 @@ public:
MOCK_METHOD2(Stop, bool(uint32_t timeoutSecs, Errors &error));
MOCK_METHOD1(Remove, bool(Errors &error));
MOCK_METHOD1(Status, void(runtime::v1::PodSandboxStatus &status));
+
+ MOCK_METHOD0(LoadSandboxTasks, void());
+ MOCK_METHOD4(PrepareContainer, int(const char *containerId, const char *baseFs,
+ const oci_runtime_spec *ociSpec,
+ const char *consoleFifos[]));
+ MOCK_METHOD4(PrepareExec, int(const char *containerId, const char *execId,
+ defs_process *processSpec, const char *consoleFifos[]));
+ MOCK_METHOD1(PurgeContainer, int(const char *containerId));
+ MOCK_METHOD2(PurgeExec, int(const char *containerId, const char *execId));
};
void MockSandbox_SetMock(MockSandbox *mock);
diff --git a/test/mocks/sandboxer_sandbox_mock.cc b/test/mocks/sandboxer_sandbox_mock.cc
index cce58842..6ebe2820 100644
--- a/test/mocks/sandboxer_sandbox_mock.cc
+++ b/test/mocks/sandboxer_sandbox_mock.cc
@@ -33,40 +33,39 @@ void MockSandboxerSandbox_SetMock(MockSandboxerSandbox *mock)
void SandboxerSandbox::LoadSandboxTasks() {}
-auto SandboxerSandbox::SaveSandboxTasks() -> bool
+auto SandboxerSandbox::PrepareContainer(const char *containerId, const char *baseFs,
+ const oci_runtime_spec *ociSpec,
+ const char *consoleFifos[]) -> int
{
if (g_sandboxer_sandbox_mock != nullptr) {
- return g_sandboxer_sandbox_mock->SaveSandboxTasks();
+ return g_sandboxer_sandbox_mock->PrepareContainer(containerId, baseFs, ociSpec, consoleFifos);
}
- return true;
-}
+ return 0;
+}
-auto SandboxerSandbox::AddSandboxTasks(sandbox_task *task) -> bool
+auto SandboxerSandbox::PrepareExec(const char *containerId, const char *execId,
+ defs_process *processSpec, const char *consoleFifos[]) -> int
{
if (g_sandboxer_sandbox_mock != nullptr) {
- return g_sandboxer_sandbox_mock->AddSandboxTasks(task);
+ return g_sandboxer_sandbox_mock->PrepareExec(containerId, execId, processSpec, consoleFifos);
}
- return true;
-}
+ return 0;
+}
-auto SandboxerSandbox::GetAnySandboxTasks() -> std::string
+auto SandboxerSandbox::PurgeContainer(const char *containerId) -> int
{
if (g_sandboxer_sandbox_mock != nullptr) {
- return g_sandboxer_sandbox_mock->GetAnySandboxTasks();
+ return g_sandboxer_sandbox_mock->PurgeContainer(containerId);
}
- return std::string("Nothing for sandboxer.");
+ return 0;
}
-void SandboxerSandbox::DeleteSandboxTasks(const char *containerId) {}
-
-auto SandboxerSandbox::AddSandboxTasksProcess(const char *containerId, sandbox_process *processes) -> bool
+auto SandboxerSandbox::PurgeExec(const char *containerId, const char *execId) -> int
{
if (g_sandboxer_sandbox_mock != nullptr) {
- return g_sandboxer_sandbox_mock->AddSandboxTasksProcess(containerId, processes);
+ return g_sandboxer_sandbox_mock->PurgeExec(containerId, execId);
}
- return true;
+ return 0;
}
-void SandboxerSandbox::DeleteSandboxTasksProcess(const char *containerId, const char *execId) {}
-
}
\ No newline at end of file
diff --git a/test/mocks/sandboxer_sandbox_mock.h b/test/mocks/sandboxer_sandbox_mock.h
index 4f76e5fc..020fe4d6 100644
--- a/test/mocks/sandboxer_sandbox_mock.h
+++ b/test/mocks/sandboxer_sandbox_mock.h
@@ -28,12 +28,13 @@ public:
virtual ~MockSandboxerSandbox() = default;
MOCK_METHOD0(LoadSandboxTasks, void());
- MOCK_METHOD0(SaveSandboxTasks, bool());
- MOCK_METHOD1(AddSandboxTasks, bool(sandbox_task *task));
- MOCK_METHOD0(GetAnySandboxTasks, std::string());
- MOCK_METHOD1(DeleteSandboxTasks, void(const char *containerId));
- MOCK_METHOD2(AddSandboxTasksProcess, bool(const char *containerId, sandbox_process *processes));
- MOCK_METHOD2(DeleteSandboxTasksProcess, void(const char *containerId, const char *execId));
+ MOCK_METHOD4(PrepareContainer, int(const char *containerId, const char *baseFs,
+ const oci_runtime_spec *ociSpec,
+ const char *consoleFifos[]));
+ MOCK_METHOD4(PrepareExec, int(const char *containerId, const char *execId,
+ defs_process *processSpec, const char *consoleFifos[]));
+ MOCK_METHOD1(PurgeContainer, int(const char *containerId));
+ MOCK_METHOD2(PurgeExec, int(const char *containerId, const char *execId));
};
void MockSandboxerSandbox_SetMock(MockSandboxerSandbox *mock);
diff --git a/test/mocks/shim_sandbox_mock.cc b/test/mocks/shim_sandbox_mock.cc
deleted file mode 100644
index ccefb424..00000000
--- a/test/mocks/shim_sandbox_mock.cc
+++ /dev/null
@@ -1,72 +0,0 @@
-/******************************************************************************
- * Copyright (c) Huawei Technologies Co., Ltd. 2023. All rights reserved.
- * iSulad licensed under the Mulan PSL v2.
- * You can use this software according to the terms and conditions of the Mulan PSL v2.
- * You may obtain a copy of Mulan PSL v2 at:
- * http://license.coscl.org.cn/MulanPSL2
- * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
- * PURPOSE.
- * See the Mulan PSL v2 for more details.
- * Author: liuxu
- * Create: 2024-11-21
- * Description: provide sandbox mock
- ******************************************************************************/
-
-#include <gmock/gmock.h>
-#include "shim_sandbox_mock.h"
-
-namespace sandbox {
-MockShimSandbox *g_shim_sandbox_mock = nullptr;
-
-ShimSandbox::ShimSandbox(const std::string id, const std::string &rootdir, const std::string &statedir, const std::string name,
- const RuntimeInfo info, std::string netMode, std::string netNsPath, const runtime::v1::PodSandboxConfig sandboxConfig,
- std::string image):Sandbox(id, rootdir, statedir, name, info, netMode,
- netNsPath, sandboxConfig, image)
-{
-}
-
-void MockShimSandbox_SetMock(MockShimSandbox *mock)
-{
- g_shim_sandbox_mock = mock;
-}
-
-void ShimSandbox::LoadSandboxTasks() {}
-
-auto ShimSandbox::SaveSandboxTasks() -> bool
-{
- if (g_shim_sandbox_mock != nullptr) {
- return g_shim_sandbox_mock->SaveSandboxTasks();
- }
- return true;
-}
-
-auto ShimSandbox::AddSandboxTasks(sandbox_task *task) -> bool
-{
- if (g_shim_sandbox_mock != nullptr) {
- return g_shim_sandbox_mock->AddSandboxTasks(task);
- }
- return true;
-}
-
-auto ShimSandbox::GetAnySandboxTasks() -> std::string
-{
- if (g_shim_sandbox_mock != nullptr) {
- return g_shim_sandbox_mock->GetAnySandboxTasks();
- }
- return std::string("Nothing for shim.");
-}
-
-void ShimSandbox::DeleteSandboxTasks(const char *containerId) {}
-
-auto ShimSandbox::AddSandboxTasksProcess(const char *containerId, sandbox_process *processes) -> bool
-{
- if (g_shim_sandbox_mock != nullptr) {
- return g_shim_sandbox_mock->AddSandboxTasksProcess(containerId, processes);
- }
- return true;
-}
-
-void ShimSandbox::DeleteSandboxTasksProcess(const char *containerId, const char *execId) {}
-
-}
\ No newline at end of file
diff --git a/test/mocks/shim_sandbox_mock.h b/test/mocks/shim_sandbox_mock.h
deleted file mode 100644
index 1b16a4cc..00000000
--- a/test/mocks/shim_sandbox_mock.h
+++ /dev/null
@@ -1,43 +0,0 @@
-/******************************************************************************
- * Copyright (c) Huawei Technologies Co., Ltd. 2023. All rights reserved.
- * iSulad licensed under the Mulan PSL v2.
- * You can use this software according to the terms and conditions of the Mulan PSL v2.
- * You may obtain a copy of Mulan PSL v2 at:
- * http://license.coscl.org.cn/MulanPSL2
- * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
- * PURPOSE.
- * See the Mulan PSL v2 for more details.
- * Author: liuxu
- * Create: 2024-11-21
- * Description: provide sandbox mock
- ******************************************************************************/
-
-#ifndef _ISULAD_TEST_MOCKS_SHIM_SANDBOX_MOCK_H
-#define _ISULAD_TEST_MOCKS_SHIM_SANDBOX_MOCK_H
-
-#include <gmock/gmock.h>
-#include "sandbox_mock.h"
-#include "shim_sandbox.h"
-
-namespace sandbox {
-
-class MockShimSandbox : public MockSandbox {
-public:
- MockShimSandbox() = default;
- virtual ~MockShimSandbox() = default;
-
- MOCK_METHOD0(LoadSandboxTasks, void());
- MOCK_METHOD0(SaveSandboxTasks, bool());
- MOCK_METHOD1(AddSandboxTasks, bool(sandbox_task *task));
- MOCK_METHOD0(GetAnySandboxTasks, std::string());
- MOCK_METHOD1(DeleteSandboxTasks, void(const char *containerId));
- MOCK_METHOD2(AddSandboxTasksProcess, bool(const char *containerId, sandbox_process *processes));
- MOCK_METHOD2(DeleteSandboxTasksProcess, void(const char *containerId, const char *execId));
-};
-
-void MockShimSandbox_SetMock(MockShimSandbox *mock);
-
-}
-
-#endif
diff --git a/test/sandbox/sandbox/CMakeLists.txt b/test/sandbox/sandbox/CMakeLists.txt
index 9ee67033..6dd6c3ee 100644
--- a/test/sandbox/sandbox/CMakeLists.txt
+++ b/test/sandbox/sandbox/CMakeLists.txt
@@ -16,7 +16,6 @@ add_executable(${EXE}
${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/sandbox/sandbox_task.cc
${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/sandbox/controller_manager.cc
${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/sandbox/sandboxer/controller/sandboxer_controller.cc
- ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/sandbox/shim/shim_sandbox.cc
${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/common/id_name_manager.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/config/isulad_config.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../test/sandbox/controller/controller_common.cc
diff --git a/test/sandbox/sandbox/sandbox_ut.cc b/test/sandbox/sandbox/sandbox_ut.cc
index 192d46ef..dd84d8fb 100644
--- a/test/sandbox/sandbox/sandbox_ut.cc
+++ b/test/sandbox/sandbox/sandbox_ut.cc
@@ -16,7 +16,6 @@
#include <gtest/gtest.h>
#include "sandbox.h"
-#include "shim_sandbox.h"
namespace sandbox {
@@ -41,7 +40,7 @@ TEST_F(SandboxTest, TestDefaultGetters)
std::string name = "test";
RuntimeInfo info = {"runc", "shim", "kuasar"};
- auto sandbox = new ShimSandbox(id, rootdir, statedir, name, info);
+ auto sandbox = new Sandbox(id, rootdir, statedir, name, info);
ASSERT_NE(sandbox, nullptr);
ASSERT_EQ(sandbox->IsReady(), false);
@@ -67,7 +66,7 @@ TEST_F(SandboxTest, TestGettersAndSetters)
std::string statedir = "/test2/statedir";
std::string mode = "host";
- auto sandbox = new ShimSandbox(id, rootdir, statedir);
+ auto sandbox = new Sandbox(id, rootdir, statedir);
ASSERT_NE(sandbox, nullptr);
sandbox->SetNetMode(mode);
diff --git a/test/sandbox/sandbox_manager/CMakeLists.txt b/test/sandbox/sandbox_manager/CMakeLists.txt
index 9254263c..a7dd8c9d 100644
--- a/test/sandbox/sandbox_manager/CMakeLists.txt
+++ b/test/sandbox/sandbox_manager/CMakeLists.txt
@@ -12,7 +12,6 @@ add_executable(${EXE}
${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cpputils/read_write_lock.cc
${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cpputils/transform.cc
${CMAKE_CURRENT_SOURCE_DIR}/../../../test/mocks/sandbox_mock.cc
- ${CMAKE_CURRENT_SOURCE_DIR}/../../../test/mocks/shim_sandbox_mock.cc
${CMAKE_CURRENT_SOURCE_DIR}/../../../test/mocks/sandboxer_sandbox_mock.cc
${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/sandbox/sandbox_manager.cc
${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/common/id_name_manager.c
--
2.23.0

135
0169-add-image-storage-unit-test.patch Normal file
View File

@ -0,0 +1,135 @@
From 7dfa69162cd5ef01592808df555626a0688e6f4c Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Wed, 11 Dec 2024 19:09:20 +1400
Subject: [PATCH 03/11] add image storage unit test
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
.../oci/storage/image_store/image_store.c | 4 +-
test/image/oci/storage/images/CMakeLists.txt | 2 +
.../oci/storage/images/storage_images_ut.cc | 51 +++++++++++++++++++
3 files changed, 56 insertions(+), 1 deletion(-)
diff --git a/src/daemon/modules/image/oci/storage/image_store/image_store.c b/src/daemon/modules/image/oci/storage/image_store/image_store.c
index afe53764..71bf36e0 100644
--- a/src/daemon/modules/image/oci/storage/image_store/image_store.c
+++ b/src/daemon/modules/image/oci/storage/image_store/image_store.c
@@ -27,6 +27,8 @@
#include <pthread.h>
#include <stdlib.h>
+#include <isula_libutils/utils_macro.h>
+
#include "utils.h"
#include "utils_file.h"
#include "utils_images.h"
@@ -3004,7 +3006,7 @@ static int do_append_image(storage_image *im)
return 0;
}
-static void strip_host_prefix(char **name)
+STATIC void strip_host_prefix(char **name)
{
char *new_image_name = NULL;
diff --git a/test/image/oci/storage/images/CMakeLists.txt b/test/image/oci/storage/images/CMakeLists.txt
index 28e0b505..04e60a69 100644
--- a/test/image/oci/storage/images/CMakeLists.txt
+++ b/test/image/oci/storage/images/CMakeLists.txt
@@ -2,6 +2,8 @@ project(iSulad_UT)
SET(EXE storage_images_ut)
+add_definitions(-DUNIT_TEST=ON)
+
add_executable(${EXE}
${CMAKE_CURRENT_SOURCE_DIR}/../../../../../src/utils/cutils/utils.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../../../src/utils/cutils/utils_regex.c
diff --git a/test/image/oci/storage/images/storage_images_ut.cc b/test/image/oci/storage/images/storage_images_ut.cc
index ad0084d6..15da586e 100644
--- a/test/image/oci/storage/images/storage_images_ut.cc
+++ b/test/image/oci/storage/images/storage_images_ut.cc
@@ -46,6 +46,10 @@ using ::testing::AtLeast;
using ::testing::Invoke;
using ::testing::_;
+extern "C" {
+ void strip_host_prefix(char **name);
+}
+
std::string GetDirectory()
{
char abs_path[PATH_MAX] { 0x00 };
@@ -299,11 +303,13 @@ protected:
ASSERT_EQ(image_store_init(&opts), 0);
free(opts.storage_root);
free(opts.driver_name);
+ MockIsuladConf_SetMock(&m_isulad_conf);
}
void TearDown() override
{
image_store_free();
+ MockIsuladConf_SetMock(nullptr);
}
void BackUp()
@@ -325,6 +331,7 @@ protected:
std::vector<std::string> ids { "39891ff67da98ab8540d71320915f33d2eb80ab42908e398472cab3c1ce7ac10",
"e4db68de4ff27c2adfea0c54bbb73a61a42f5b667c326de4d7d5b19ab71c6a3b" };
char store_real_path[PATH_MAX] = { 0x00 };
+ NiceMock<MockIsuladConf> m_isulad_conf;
};
TEST_F(StorageImagesUnitTest, test_images_load)
@@ -714,3 +721,47 @@ TEST_F(StorageImagesUnitTest, test_image_store_remove_multi_name)
Restore();
}
+
+static isulad_daemon_constants *g_test_isulad_daemon_constants = NULL;
+
+isulad_daemon_constants *invoke_get_isulad_daemon_constants(void)
+{
+ g_test_isulad_daemon_constants = (isulad_daemon_constants *)util_common_calloc_s(sizeof(isulad_daemon_constants));
+ if (g_test_isulad_daemon_constants == NULL) {
+ return NULL;
+ }
+ g_test_isulad_daemon_constants->default_host = util_strdup_s("docker.io");
+
+ return g_test_isulad_daemon_constants;
+}
+
+TEST_F(StorageImagesUnitTest, test_strip_host_prefix)
+{
+ char *name = util_strdup_s("docker.io/test_image");
+ std::string test_name = "test_image";
+ std::string test_name_origin = "docker.io/test_image";
+ char *null_name = NULL;
+
+ strip_host_prefix(&name);
+ ASSERT_STREQ(name, test_name_origin.c_str());
+
+ EXPECT_CALL(m_isulad_conf, GetIsuladDaemonConstants()).WillRepeatedly(Invoke(invoke_get_isulad_daemon_constants));
+
+ strip_host_prefix(&name);
+ ASSERT_STREQ(name, test_name.c_str());
+
+ strip_host_prefix(&null_name);
+ ASSERT_EQ(null_name, nullptr);
+
+ free(name);
+ free_isulad_daemon_constants(g_test_isulad_daemon_constants);
+}
+
+#ifdef ENABLE_REMOTE_LAYER_STORE
+TEST_F(StorageImagesUnitTest, test_remote_layer_common)
+{
+ ASSERT_EQ(remote_append_image_by_directory_with_lock(NULL), -1);
+ ASSERT_EQ(remote_remove_image_from_memory_with_lock(NULL), -1);
+ ASSERT_EQ(remote_image_get_top_layer_from_json(NULL), nullptr);
+}
+#endif
--
2.23.0

165
0170-fix-some-bad-code.patch Normal file
View File

@ -0,0 +1,165 @@
From 0340a8248e8a4fb133ab3638679755d8590dafae Mon Sep 17 00:00:00 2001
From: xuxuepeng <xuxuepeng1@huawei.com>
Date: Wed, 11 Dec 2024 13:03:21 +0800
Subject: [PATCH 04/11] fix some bad code
Signed-off-by: xuxuepeng <xuxuepeng1@huawei.com>
---
.../storage/layer_store/graphdriver/driver.c | 19 +++++----------
.../graphdriver/overlay2/driver_overlay2.c | 24 ++++++++++++++-----
2 files changed, 24 insertions(+), 19 deletions(-)
diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/driver.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/driver.c
index 94235b80..99fd573c 100644
--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/driver.c
+++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/driver.c
@@ -121,36 +121,31 @@ static inline void driver_unlock()
int graphdriver_init(const struct storage_module_init_options *opts)
{
- int ret = 0;
size_t i = 0;
char driver_home[PATH_MAX] = { 0 };
if (opts == NULL || opts->storage_root == NULL || opts->driver_name == NULL) {
- ret = -1;
- goto out;
+ return -1;
}
int nret = snprintf(driver_home, PATH_MAX, "%s/%s", opts->storage_root, opts->driver_name);
if (nret < 0 || (size_t)nret >= PATH_MAX) {
ERROR("Sprintf graph driver path failed");
- ret = -1;
- goto out;
+ return -1;
}
for (i = 0; i < g_numdrivers; i++) {
if (strcmp(opts->driver_name, g_drivers[i].name) == 0) {
if (pthread_rwlock_init(&(g_drivers[i].rwlock), NULL) != 0) {
ERROR("Failed to init driver rwlock");
- ret = -1;
- goto out;
+ return -1;
}
#ifdef ENABLE_REMOTE_LAYER_STORE
g_drivers[i].enable_remote_layer = opts->enable_remote_layer;
#endif
if (g_drivers[i].ops->init(&g_drivers[i], driver_home, (const char **)opts->driver_opts,
opts->driver_opts_len) != 0) {
- ret = -1;
- goto out;
+ return -1;
}
g_graphdriver = &g_drivers[i];
break;
@@ -159,12 +154,10 @@ int graphdriver_init(const struct storage_module_init_options *opts)
if (i == g_numdrivers) {
ERROR("unsupported driver %s", opts->driver_name);
- ret = -1;
- goto out;
+ return -1;
}
-out:
- return ret;
+ return 0;
}
int graphdriver_create_rw(const char *id, const char *parent, struct driver_create_opts *create_opts)
diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c
index 6d45f463..cc24909a 100644
--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c
+++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c
@@ -64,6 +64,9 @@ struct io_read_wrapper;
#define QUOTA_SIZE_OPTION "overlay2.size"
#define QUOTA_BASESIZE_OPTIONS "overlay2.basesize"
+#define OVERRIDE_KERNELCHECK_OPTIONS "overlay2.override_kernel_check"
+#define SKIP_MOUNT_HOME_OPTIONS "overlay2.skip_mount_home"
+#define MOUNT_OPTIONS "overlay2.mountopt"
// MAX_LAYER_ID_LENGTH represents the number of random characters which can be used to create the unique link identifer
// for every layer. If this value is too long then the page size limit for the mount command may be exceeded.
// The idLength should be selected such that following equation is true (512 is a buffer for label metadata).
@@ -150,7 +153,7 @@ static int overlay2_parse_options(struct graphdriver *driver, const char **optio
goto out;
}
overlay_opts->default_quota = converted;
- } else if (strcasecmp(dup, "overlay2.override_kernel_check") == 0) {
+ } else if (strcasecmp(dup, OVERRIDE_KERNELCHECK_OPTIONS) == 0) {
bool converted_bool = 0;
ret = util_str_to_bool(val, &converted_bool);
if (ret != 0) {
@@ -160,7 +163,7 @@ static int overlay2_parse_options(struct graphdriver *driver, const char **optio
goto out;
}
overlay_opts->override_kernelcheck = converted_bool;
- } else if (strcasecmp(dup, "overlay2.skip_mount_home") == 0) {
+ } else if (strcasecmp(dup, SKIP_MOUNT_HOME_OPTIONS) == 0) {
bool converted_bool = 0;
ret = util_str_to_bool(val, &converted_bool);
if (ret != 0) {
@@ -170,7 +173,7 @@ static int overlay2_parse_options(struct graphdriver *driver, const char **optio
goto out;
}
overlay_opts->skip_mount_home = converted_bool;
- } else if (strcasecmp(dup, "overlay2.mountopt") == 0) {
+ } else if (strcasecmp(dup, MOUNT_OPTIONS) == 0) {
overlay_opts->mount_options = util_strdup_s(val);
} else {
ERROR("Overlay2: unknown option: '%s'", dup);
@@ -693,6 +696,10 @@ static char *get_lower(const char *parent, const char *driver_home)
goto out;
}
+ /*
+ * lower format: "l/5697636c0104156cb2bd94be25", so "/" and "\0" must be
+ * counted in the size for snprintf.
+ */
lower_len = strlen(OVERLAY_LINK_DIR) + 1 + strlen(parent_link) + 1;
parent_lower_file = util_path_join(parent_dir, OVERLAY_LAYER_LOWER);
@@ -707,6 +714,11 @@ static char *get_lower(const char *parent, const char *driver_home)
ERROR("parent lower %s too large", parent_link_file);
goto out;
}
+ /*
+ * with parent link, the lower format will be like
+ * "l/5697636c0104156cb2bd94be25:l/df53b618a57bb50a61755b5623",
+ * so ":" must be counted.
+ */
lower_len = lower_len + strlen(parent_lowers) + 1;
}
@@ -911,7 +923,7 @@ static int do_create_remote_ro(const char *id, const char *parent, const struct
#ifdef ENABLE_USERNS_REMAP
if (set_file_owner_for_userns_remap(layer_dir, userns_remap) != 0) {
ERROR("Unable to change directory %s owner for user remap.", layer_dir);
- goto out;
+ goto err_out;
}
#endif
@@ -977,7 +989,7 @@ static int do_create(const char *id, const char *parent, const struct graphdrive
if (set_file_owner_for_userns_remap(layer_dir, userns_remap) != 0) {
ERROR("Unable to change directory %s owner for user remap.", layer_dir);
ret = -1;
- goto out;
+ goto err_out;
}
#endif
@@ -1790,7 +1802,7 @@ out:
return ret;
}
-bool is_valid_layer_link(const char *link_id, const struct graphdriver *driver)
+static bool is_valid_layer_link(const char *link_id, const struct graphdriver *driver)
{
bool valid = false;
char *link_dir = NULL;
--
2.23.0

578
0171-registry-module-code-improve.patch Normal file
View File

@ -0,0 +1,578 @@
From 4f030e07e99dfe996897b69c9d950f3226363afe Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Wed, 11 Dec 2024 04:04:45 +1400
Subject: [PATCH 05/11] registry module code improve
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
src/daemon/modules/image/oci/oci_pull.c | 2 +-
.../modules/image/oci/registry/http_request.c | 30 +++-----
.../modules/image/oci/registry/registry.c | 74 +++++++++----------
.../image/oci/registry/registry_apiv1.c | 11 +--
.../image/oci/registry/registry_apiv2.c | 62 +++++-----------
5 files changed, 72 insertions(+), 107 deletions(-)
diff --git a/src/daemon/modules/image/oci/oci_pull.c b/src/daemon/modules/image/oci/oci_pull.c
index 1c486974..245d14fd 100644
--- a/src/daemon/modules/image/oci/oci_pull.c
+++ b/src/daemon/modules/image/oci/oci_pull.c
@@ -105,7 +105,7 @@ static int pull_image(const im_pull_request *request, progress_status_map *progr
options = (registry_pull_options *)util_common_calloc_s(sizeof(registry_pull_options));
if (options == NULL) {
ERROR("Out of memory");
- goto out;
+ return ret;
}
if (request->auth != NULL) {
diff --git a/src/daemon/modules/image/oci/registry/http_request.c b/src/daemon/modules/image/oci/registry/http_request.c
index 80fc2184..b9b29c39 100644
--- a/src/daemon/modules/image/oci/registry/http_request.c
+++ b/src/daemon/modules/image/oci/registry/http_request.c
@@ -16,9 +16,6 @@
#define _GNU_SOURCE /* See feature_test_macros(7) */
#include "http_request.h"
#include <curl/curl.h>
-#include <isula_libutils/json_common.h>
-#include <isula_libutils/log.h>
-#include <isula_libutils/registry_token.h>
#include <pthread.h>
#include <stdbool.h>
#include <stdio.h>
@@ -27,6 +24,10 @@
#include <strings.h>
#include <time.h>
+#include <isula_libutils/json_common.h>
+#include <isula_libutils/log.h>
+#include <isula_libutils/registry_token.h>
+
#include "buffer.h"
#include "certs.h"
#include "err_msg.h"
@@ -128,7 +129,6 @@ static int setup_ssl_config(pull_descriptor *desc, struct http_get_options *opti
options->ssl_verify_host = !desc->skip_tls_verify;
out:
-
free(host);
host = NULL;
@@ -437,16 +437,14 @@ static int setup_common_options(pull_descriptor *desc, struct http_get_options *
if (ret != 0) {
ERROR("Failed setup ssl config");
isulad_try_set_error_message("setup ssl config failed");
- ret = -1;
- goto out;
+ return -1;
}
if (custom_headers != NULL) {
options->custom_headers = util_str_array_dup(custom_headers, util_array_len(custom_headers));
if (options->custom_headers == NULL) {
ERROR("dup headers failed");
- ret = -1;
- goto out;
+ return -1;
}
}
@@ -454,14 +452,10 @@ static int setup_common_options(pull_descriptor *desc, struct http_get_options *
if (ret != 0) {
ERROR("setup auth challenges failed");
isulad_try_set_error_message("setup auth challenges failed");
- ret = -1;
- goto out;
+ return -1;
}
options->debug = false;
-
-out:
-
return ret;
}
@@ -478,21 +472,16 @@ static int setup_get_token_options(pull_descriptor *desc, struct http_get_option
ret = setup_ssl_config(desc, options, url);
if (ret != 0) {
ERROR("Failed setup ssl config");
- ret = -1;
- goto out;
+ return -1;
}
ret = setup_auth_basic(desc, &options->custom_headers);
if (ret != 0) {
ERROR("dup headers failed");
- ret = -1;
- goto out;
+ return -1;
}
options->debug = false;
-
-out:
-
return ret;
}
@@ -526,7 +515,6 @@ static int http_request_buf_options(pull_descriptor *desc, struct http_get_optio
*output = util_strdup_s(output_buffer->contents);
out:
-
buffer_free(output_buffer);
return ret;
diff --git a/src/daemon/modules/image/oci/registry/registry.c b/src/daemon/modules/image/oci/registry/registry.c
index 2e99255a..9a3b59a1 100644
--- a/src/daemon/modules/image/oci/registry/registry.c
+++ b/src/daemon/modules/image/oci/registry/registry.c
@@ -20,13 +20,21 @@
#include <string.h>
#include <limits.h>
#include <errno.h>
+#include <pthread.h>
+#include <stdlib.h>
+
#include <isula_libutils/docker_image_rootfs.h>
#include <isula_libutils/json_common.h>
#include <isula_libutils/oci_image_content_descriptor.h>
#include <isula_libutils/oci_image_manifest.h>
#include <isula_libutils/oci_image_spec.h>
-#include <pthread.h>
-#include <stdlib.h>
+#include <isula_libutils/registry_manifest_schema2.h>
+#include <isula_libutils/registry_manifest_schema1.h>
+#include <isula_libutils/docker_image_config_v2.h>
+#include <isula_libutils/image_manifest_v1_compatibility.h>
+#ifdef ENABLE_IMAGE_SEARCH
+#include <isula_libutils/image_search_image.h>
+#endif
#include "mediatype.h"
#include "isula_libutils/log.h"
@@ -35,13 +43,6 @@
#include "registry_apiv1.h"
#include "certs.h"
#include "auths.h"
-#include "isula_libutils/registry_manifest_schema2.h"
-#include "isula_libutils/registry_manifest_schema1.h"
-#include "isula_libutils/docker_image_config_v2.h"
-#include "isula_libutils/image_manifest_v1_compatibility.h"
-#ifdef ENABLE_IMAGE_SEARCH
-#include "isula_libutils/image_search_image.h"
-#endif
#include "sha256.h"
#include "map.h"
#include "linked_list.h"
@@ -536,7 +537,6 @@ static char *calc_chain_id(char *parent_chain_id, char *diff_id)
full_digest = util_full_digest(digest);
out:
-
free(digest);
digest = NULL;
@@ -797,7 +797,6 @@ static int set_config(pull_descriptor *desc, char *image_id)
}
out:
-
free(config_str);
config_str = NULL;
@@ -812,17 +811,15 @@ static int set_loaded_time(pull_descriptor *desc, char *image_id)
if (!util_get_now_time_stamp(&now)) {
ret = -1;
ERROR("get now time stamp failed");
- goto out;
+ return ret;
}
ret = storage_img_set_loaded_time(image_id, &now);
if (ret != 0) {
ERROR("set loaded time failed");
- goto out;
+ return ret;
}
-out:
-
return ret;
}
@@ -984,7 +981,6 @@ static int parse_docker_config(pull_descriptor *desc)
desc->config.create_time = util_to_timestamp_from_str(config->created);
out:
-
free_docker_image_config_v2(config);
config = NULL;
free(err);
@@ -1084,17 +1080,15 @@ static int fetch_and_parse_config(pull_descriptor *desc)
ret = fetch_config(desc);
if (ret != 0) {
ERROR("fetch config failed");
- goto out;
+ return ret;
}
ret = parse_config(desc);
if (ret != 0) {
ERROR("parse config failed");
- goto out;
+ return ret;
}
-out:
-
return ret;
}
@@ -1110,17 +1104,15 @@ static int fetch_and_parse_manifest(pull_descriptor *desc)
ret = fetch_manifest(desc);
if (ret != 0) {
ERROR("fetch manifest failed");
- goto out;
+ return ret;
}
ret = parse_manifest(desc);
if (ret != 0) {
ERROR("parse manifest failed");
- goto out;
+ return ret;
}
-out:
-
return ret;
}
@@ -2116,6 +2108,26 @@ static void cached_layers_kvfree(void *key, void *value)
return;
}
+static void free_registry_global(registry_global *registry)
+{
+ if (registry == NULL) {
+ return;
+ }
+
+ if (registry->cond_inited) {
+ pthread_cond_destroy(&registry->cond);
+ }
+ if (registry->mutex_inited) {
+ pthread_mutex_destroy(&registry->mutex);
+ }
+ if (registry->image_mutex_inited) {
+ pthread_mutex_destroy(&registry->image_mutex);
+ }
+ map_free(registry->cached_layers);
+ registry->cached_layers = NULL;
+ free(registry);
+}
+
int registry_init(char *auths_dir, char *certs_dir)
{
int ret = 0;
@@ -2160,18 +2172,7 @@ int registry_init(char *auths_dir, char *certs_dir)
out:
if (ret != 0) {
- if (g_shared->cond_inited) {
- pthread_cond_destroy(&g_shared->cond);
- }
- if (g_shared->mutex_inited) {
- pthread_mutex_destroy(&g_shared->mutex);
- }
- if (g_shared->image_mutex_inited) {
- pthread_mutex_destroy(&g_shared->image_mutex);
- }
- map_free(g_shared->cached_layers);
- g_shared->cached_layers = NULL;
- free(g_shared);
+ free_registry_global(g_shared);
g_shared = NULL;
}
@@ -2221,7 +2222,6 @@ int registry_login(registry_login_options *options)
}
out:
-
free_pull_desc(desc);
desc = NULL;
diff --git a/src/daemon/modules/image/oci/registry/registry_apiv1.c b/src/daemon/modules/image/oci/registry/registry_apiv1.c
index 6da24c1d..d45f3876 100644
--- a/src/daemon/modules/image/oci/registry/registry_apiv1.c
+++ b/src/daemon/modules/image/oci/registry/registry_apiv1.c
@@ -18,12 +18,16 @@
#include <stdio.h>
#include <string.h>
#include <limits.h>
-#include <isula_libutils/http_parser.h>
-#include <isula_libutils/json_common.h>
#include <stdbool.h>
#include <stdlib.h>
#include <strings.h>
+#include <isula_libutils/http_parser.h>
+#include <isula_libutils/json_common.h>
+#include <isula_libutils/oci_image_index.h>
+#include <isula_libutils/registry_manifest_list.h>
+#include <isula_libutils/imagetool_search_result.h>
+
#include "registry_type.h"
#include "isula_libutils/log.h"
#include "http.h"
@@ -31,9 +35,6 @@
#include "utils.h"
#include "parser.h"
#include "mediatype.h"
-#include "isula_libutils/oci_image_index.h"
-#include "isula_libutils/registry_manifest_list.h"
-#include "isula_libutils/imagetool_search_result.h"
#include "auths.h"
#include "err_msg.h"
#include "sha256.h"
diff --git a/src/daemon/modules/image/oci/registry/registry_apiv2.c b/src/daemon/modules/image/oci/registry/registry_apiv2.c
index dd49fab7..5d83b425 100644
--- a/src/daemon/modules/image/oci/registry/registry_apiv2.c
+++ b/src/daemon/modules/image/oci/registry/registry_apiv2.c
@@ -18,12 +18,15 @@
#include <stdio.h>
#include <string.h>
#include <limits.h>
-#include <isula_libutils/http_parser.h>
-#include <isula_libutils/json_common.h>
#include <stdbool.h>
#include <stdlib.h>
#include <strings.h>
+#include <isula_libutils/http_parser.h>
+#include <isula_libutils/json_common.h>
+#include <isula_libutils/oci_image_index.h>
+#include <isula_libutils/registry_manifest_list.h>
+
#include "registry_type.h"
#include "isula_libutils/log.h"
#include "http.h"
@@ -31,8 +34,6 @@
#include "utils.h"
#include "parser.h"
#include "mediatype.h"
-#include "isula_libutils/oci_image_index.h"
-#include "isula_libutils/registry_manifest_list.h"
#include "auths.h"
#include "err_msg.h"
#include "sha256.h"
@@ -60,7 +61,6 @@ static void set_body_null_if_exist(char *message)
static int parse_http_header(char *resp_buf, size_t buf_size, struct parsed_http_message *message)
{
char *real_message = NULL;
- int ret = 0;
if (resp_buf == NULL || message == NULL) {
ERROR("Invalid NULL param");
@@ -70,8 +70,7 @@ static int parse_http_header(char *resp_buf, size_t buf_size, struct parsed_http
real_message = strstr(resp_buf, "HTTP/1.1");
if (real_message == NULL) {
ERROR("Failed to parse response, the response do not have HTTP/1.1");
- ret = -1;
- goto out;
+ return -1;
}
set_body_null_if_exist(real_message);
@@ -79,13 +78,10 @@ static int parse_http_header(char *resp_buf, size_t buf_size, struct parsed_http
ret = parse_http(real_message, strlen(real_message), message, HTTP_RESPONSE);
if (ret != 0) {
ERROR("Failed to parse response: %s", real_message);
- ret = -1;
- goto out;
+ return -1;
}
-out:
-
- return ret;
+ return 0;
}
static int parse_challenges(pull_descriptor *desc, char *schema, char *params)
@@ -225,7 +221,6 @@ static void free_parsed_http_message(struct parsed_http_message **message)
(*message)->body = NULL;
free(*message);
*message = NULL;
- return;
}
static struct parsed_http_message *get_parsed_message(char *http_head)
@@ -386,7 +381,7 @@ static int registry_ping(pull_descriptor *desc)
ret = registry_pingv2(desc, "https");
if (ret == 0) {
desc->protocol = util_strdup_s("https");
- goto out;
+ return ret;
}
if (desc->insecure_registry) {
@@ -396,15 +391,13 @@ static int registry_ping(pull_descriptor *desc)
ret = registry_pingv2(desc, "http");
if (ret != 0) {
ERROR("ping %s with http failed", desc->host);
- goto out;
+ return ret;
}
desc->protocol = util_strdup_s("http");
} else {
ERROR("ping %s with https failed", desc->host);
}
-out:
-
return ret;
}
@@ -552,7 +545,6 @@ static int parse_manifest_head(char *http_head, char **content_type, char **dige
}
out:
-
if (ret != 0) {
free(*content_type);
*content_type = NULL;
@@ -584,19 +576,16 @@ static int append_manifests_accepts(char ***custom_headers)
sret = snprintf(accept, MAX_ACCEPT_LEN, "Accept: %s", mediatypes[i]);
if (sret < 0 || (size_t)sret >= MAX_ACCEPT_LEN) {
ERROR("Failed to sprintf accept media type %s", mediatypes[i]);
- ret = -1;
- goto out;
+ return -1;
}
ret = util_array_append(custom_headers, accept);
if (ret != 0) {
ERROR("append accepts failed");
- goto out;
+ return ret;
}
}
-out:
-
return ret;
}
@@ -703,7 +692,6 @@ static int fetch_manifest_list(pull_descriptor *desc, char *file, char **content
}
out:
-
free(http_head);
http_head = NULL;
util_free_array(custom_headers);
@@ -727,7 +715,6 @@ static void try_log_resp_body(char *path, char *file)
ERROR("Get %s response message body: %s", path, body);
}
free(body);
- return;
}
static int fetch_data(pull_descriptor *desc, char *path, char *file, char *content_type, char *digest)
@@ -1009,25 +996,22 @@ static int fetch_manifest_data(pull_descriptor *desc, char *file, char **content
ERROR("select manifest failed, manifests:%s", manifest_text);
free(manifest_text);
manifest_text = NULL;
- goto out;
+ return ret;
}
sret = snprintf(path, sizeof(path), "/v2/%s/manifests/%s", desc->name, *digest);
if (sret < 0 || (size_t)sret >= sizeof(path)) {
ERROR("Failed to sprintf path for manifest");
- ret = -1;
- goto out;
+ return -1;
}
ret = fetch_data(desc, path, file, *content_type, *digest);
if (ret != 0) {
ERROR("registry: Get %s failed", path);
- goto out;
+ return ret;
}
}
-out:
-
return ret;
}
@@ -1096,20 +1080,17 @@ int fetch_config(pull_descriptor *desc)
sret = snprintf(path, sizeof(path), "/v2/%s/blobs/%s", desc->name, desc->config.digest);
if (sret < 0 || (size_t)sret >= sizeof(path)) {
ERROR("Failed to sprintf path for config");
- ret = -1;
- goto out;
+ return -1;
}
ret = fetch_data(desc, path, file, desc->config.media_type, desc->config.digest);
if (ret != 0) {
ERROR("registry: Get %s failed", path);
- goto out;
+ return ret;
}
desc->config.file = util_strdup_s(file);
-out:
-
return ret;
}
@@ -1141,18 +1122,15 @@ int fetch_layer(pull_descriptor *desc, size_t index)
sret = snprintf(path, sizeof(path), "/v2/%s/blobs/%s", desc->name, layer->digest);
if (sret < 0 || (size_t)sret >= sizeof(path)) {
ERROR("Failed to sprintf path for layer %zu, name %s, digest %s", index, desc->name, layer->digest);
- ret = -1;
- goto out;
+ return -1;
}
ret = fetch_data(desc, path, file, layer->media_type, layer->digest);
if (ret != 0) {
ERROR("registry: Get %s failed", path);
- goto out;
+ return ret;
}
-out:
-
return ret;
}
@@ -1185,7 +1163,6 @@ int parse_login(char *http_head, char *host)
}
out:
-
free_parsed_http_message(&message);
return ret;
@@ -1230,7 +1207,6 @@ int login_to_registry(pull_descriptor *desc)
goto out;
}
out:
-
free(resp_buffer);
resp_buffer = NULL;
--
2.23.0

147
0172-image-store-fix-code-style.patch Normal file
View File

@ -0,0 +1,147 @@
From 02a8be62cc7c1a492be5c9bc1fdf816b7d223b96 Mon Sep 17 00:00:00 2001
From: zhongjiawei <zhongjiawei1@huawei.com>
Date: Wed, 11 Dec 2024 15:48:55 +0800
Subject: [PATCH 06/11] image store:fix code style
---
.../oci/storage/image_store/image_store.c | 29 +++++++++----------
.../oci/storage/image_store/image_store.h | 9 +++---
.../oci/storage/image_store/image_type.c | 6 ++--
.../oci/storage/image_store/image_type.h | 6 ++--
4 files changed, 25 insertions(+), 25 deletions(-)
diff --git a/src/daemon/modules/image/oci/storage/image_store/image_store.c b/src/daemon/modules/image/oci/storage/image_store/image_store.c
index 71bf36e0..1909e7f7 100644
--- a/src/daemon/modules/image/oci/storage/image_store/image_store.c
+++ b/src/daemon/modules/image/oci/storage/image_store/image_store.c
@@ -19,33 +19,34 @@
#include <stdio.h>
#include <string.h>
#include <sha256.h>
+#include <limits.h>
+#include <pthread.h>
+#include <stdlib.h>
+
+#include <isula_libutils/defs.h>
+#include <isula_libutils/log.h>
#include <isula_libutils/storage_image.h>
#include <isula_libutils/imagetool_images_list.h>
#include <isula_libutils/json_common.h>
#include <isula_libutils/auto_cleanup.h>
-#include <limits.h>
-#include <pthread.h>
-#include <stdlib.h>
+#include <isula_libutils/imagetool_image.h>
+#include <isula_libutils/imagetool_image_summary.h>
+#include <isula_libutils/registry_manifest_schema1.h>
+#include <isula_libutils/registry_manifest_schema2.h>
+#include <isula_libutils/oci_image_manifest.h>
+#include <isula_libutils/image_manifest_v1_compatibility.h>
#include <isula_libutils/utils_macro.h>
#include "utils.h"
#include "utils_file.h"
#include "utils_images.h"
-#include "isula_libutils/log.h"
#include "constants.h"
#include "utils_array.h"
#include "utils_string.h"
#include "utils_regex.h"
-#include "isula_libutils/defs.h"
#include "map.h"
#include "utils_convert.h"
-#include "isula_libutils/imagetool_image.h"
-#include "isula_libutils/imagetool_image_summary.h"
-#include "isula_libutils/registry_manifest_schema1.h"
-#include "isula_libutils/registry_manifest_schema2.h"
-#include "isula_libutils/oci_image_manifest.h"
-#include "isula_libutils/image_manifest_v1_compatibility.h"
#include "registry_type.h"
#include "mediatype.h"
#include "storage.h"
@@ -1361,8 +1362,7 @@ int image_store_set_big_data(const char *id, const char *key, const char *data)
if (!image_store_lock(EXCLUSIVE)) {
ERROR("Failed to lock image store with exclusive lock, not allowed to change image big data assignments");
- ret = -1;
- goto out;
+ return -1;
}
img = lookup(id);
@@ -1648,8 +1648,7 @@ int image_store_get_names(const char *id, char ***names, size_t *names_len)
if (!image_store_lock(SHARED)) {
ERROR("Failed to lock image store with shared lock, not allowed to get image names assignments");
- ret = -1;
- goto out;
+ return -1;
}
img = lookup(id);
diff --git a/src/daemon/modules/image/oci/storage/image_store/image_store.h b/src/daemon/modules/image/oci/storage/image_store/image_store.h
index 4544f84b..82bc1696 100644
--- a/src/daemon/modules/image/oci/storage/image_store/image_store.h
+++ b/src/daemon/modules/image/oci/storage/image_store/image_store.h
@@ -18,16 +18,17 @@
#include <stdbool.h>
#include <string.h>
#include <pthread.h>
-#include <isula_libutils/imagetool_fs_info.h>
#include <stdint.h>
+#include <isula_libutils/imagetool_fs_info.h>
+#include <isula_libutils/imagetool_image.h>
+#include <isula_libutils/imagetool_images_list.h>
+#include <isula_libutils/imagetool_image_summary.h>
+
#include "storage.h"
#include "utils_timestamp.h"
#include "map.h"
#include "linked_list.h"
-#include "isula_libutils/imagetool_image.h"
-#include "isula_libutils/imagetool_images_list.h"
-#include "isula_libutils/imagetool_image_summary.h"
#ifdef __cplusplus
extern "C" {
diff --git a/src/daemon/modules/image/oci/storage/image_store/image_type.c b/src/daemon/modules/image/oci/storage/image_store/image_type.c
index 50a81db2..67421cd6 100644
--- a/src/daemon/modules/image/oci/storage/image_store/image_type.c
+++ b/src/daemon/modules/image/oci/storage/image_store/image_type.c
@@ -19,11 +19,11 @@
#include <stdlib.h>
#include <stdio.h>
-#include "isula_libutils/storage_image.h"
+#include <isula_libutils/storage_image.h>
+#include <isula_libutils/log.h>
+
#include "util_atomic.h"
#include "utils.h"
-#include "isula_libutils/log.h"
-
#include "utils_images.h"
static image_t *create_empty_image()
diff --git a/src/daemon/modules/image/oci/storage/image_store/image_type.h b/src/daemon/modules/image/oci/storage/image_store/image_type.h
index d8376644..bbf7a7dc 100644
--- a/src/daemon/modules/image/oci/storage/image_store/image_type.h
+++ b/src/daemon/modules/image/oci/storage/image_store/image_type.h
@@ -19,9 +19,9 @@
#include <stdint.h>
#include <pthread.h>
-#include "isula_libutils/storage_image.h"
-#include "isula_libutils/log.h"
-#include "isula_libutils/oci_image_spec.h"
+#include <isula_libutils/storage_image.h>
+#include <isula_libutils/log.h>
+#include <isula_libutils/oci_image_spec.h>
#ifdef __cplusplus
extern "C" {
--
2.23.0

64
0173-bugfix-mem-leak.patch Normal file
View File

@ -0,0 +1,64 @@
From 3144357f7c735e24af180b9352378618ce8b2368 Mon Sep 17 00:00:00 2001
From: liuxu <liuxu156@huawei.com>
Date: Wed, 11 Dec 2024 11:32:06 +0800
Subject: [PATCH 07/11] bugfix: mem leak
Signed-off-by: liuxu <liuxu156@huawei.com>
---
src/daemon/executor/container_cb/execution_network.c | 2 ++
src/daemon/modules/service/inspect_container.c | 2 ++
src/utils/cutils/utils.c | 9 ++++++++-
3 files changed, 12 insertions(+), 1 deletion(-)
diff --git a/src/daemon/executor/container_cb/execution_network.c b/src/daemon/executor/container_cb/execution_network.c
index a145e33a..8e34998c 100644
--- a/src/daemon/executor/container_cb/execution_network.c
+++ b/src/daemon/executor/container_cb/execution_network.c
@@ -1213,6 +1213,8 @@ static int generate_network_element(const char **bridges, const size_t len, defs
defs_map_string_object_networks_element *), len);
if (networks->values == NULL) {
ERROR("Out of memory ");
+ free(networks->keys);
+ networks->keys = NULL;
return -1;
}
diff --git a/src/daemon/modules/service/inspect_container.c b/src/daemon/modules/service/inspect_container.c
index 40cf7aa1..ca3955c6 100644
--- a/src/daemon/modules/service/inspect_container.c
+++ b/src/daemon/modules/service/inspect_container.c
@@ -629,6 +629,8 @@ static int do_transform_cni_to_map(container_network_settings *settings)
util_smart_calloc_s(sizeof(defs_map_string_object_port_bindings_element *), settings->cni_ports_len);
if (result->values == NULL) {
ERROR("Out of memory");
+ free(result->keys);
+ result->keys = NULL;
ret = -1;
goto out;
}
diff --git a/src/utils/cutils/utils.c b/src/utils/cutils/utils.c
index 69f6dbf0..cf207acc 100644
--- a/src/utils/cutils/utils.c
+++ b/src/utils/cutils/utils.c
@@ -1609,10 +1609,17 @@ defs_map_string_object *dup_map_string_empty_object(defs_map_string_object *src)
}
dst->keys = util_smart_calloc_s(sizeof(char *), src->len);
+ if (dst->keys == NULL) {
+ ERROR("Out of memory");
+ ret = -1;
+ goto out;
+ }
dst->values = util_smart_calloc_s(sizeof(defs_map_string_object_element *), src->len);
- if (dst->keys == NULL || dst->values == NULL) {
+ if (dst->values == NULL) {
ERROR("Out of memory");
ret = -1;
+ free(dst->keys);
+ dst->keys = NULL;
goto out;
}
--
2.23.0

25
0174-bugfix-for-parse_http_header.patch Normal file
View File

@ -0,0 +1,25 @@
From 7a3d70dba97facedf1394e65a80f7cc12be8273c Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Wed, 18 Dec 2024 16:37:33 +1400
Subject: [PATCH 08/11] bugfix for parse_http_header
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
src/daemon/modules/image/oci/registry/registry_apiv2.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/daemon/modules/image/oci/registry/registry_apiv2.c b/src/daemon/modules/image/oci/registry/registry_apiv2.c
index 5d83b425..7f33646d 100644
--- a/src/daemon/modules/image/oci/registry/registry_apiv2.c
+++ b/src/daemon/modules/image/oci/registry/registry_apiv2.c
@@ -61,6 +61,7 @@ static void set_body_null_if_exist(char *message)
static int parse_http_header(char *resp_buf, size_t buf_size, struct parsed_http_message *message)
{
char *real_message = NULL;
+ int ret = 0;
if (resp_buf == NULL || message == NULL) {
ERROR("Invalid NULL param");
--
2.23.0

244
0175-add-layer-storage-ut-test.patch Normal file
View File

@ -0,0 +1,244 @@
From 96ce67b474de6d6cff1a87cd652ff00dafda7d6e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E6=AD=A6=E7=A7=AF=E8=B6=85?= <wujichao1@huawei.com>
Date: Tue, 24 Dec 2024 19:39:26 +0800
Subject: [PATCH 11/11] add layer storage ut test
---
test/image/oci/storage/layers/CMakeLists.txt | 1 +
.../oci/storage/layers/storage_layers_ut.cc | 166 +++++++++++++++++-
2 files changed, 165 insertions(+), 2 deletions(-)
diff --git a/test/image/oci/storage/layers/CMakeLists.txt b/test/image/oci/storage/layers/CMakeLists.txt
index e1c76453..c4384e8f 100644
--- a/test/image/oci/storage/layers/CMakeLists.txt
+++ b/test/image/oci/storage/layers/CMakeLists.txt
@@ -148,5 +148,6 @@ target_link_libraries(${LAYER_EXE}
${LIBTAR_LIBRARY}
-lwebsockets -lcrypto -lyajl -larchive ${SELINUX_LIBRARY} -ldevmapper -lz -lcap)
+set_target_properties(${LAYER_EXE} PROPERTIES LINK_FLAGS "-Wl,--wrap,map_new -Wl,--wrap,map_insert -Wl,--wrap,map_search -Wl,--wrap,util_common_calloc_s -Wl,--wrap,util_smart_calloc_s")
add_test(NAME ${LAYER_EXE} COMMAND ${LAYER_EXE} --gtest_output=xml:${LAYER_EXE}-Results.xml)
set_tests_properties(${LAYER_EXE} PROPERTIES TIMEOUT 120)
diff --git a/test/image/oci/storage/layers/storage_layers_ut.cc b/test/image/oci/storage/layers/storage_layers_ut.cc
index 73611fdc..a03f4ce8 100644
--- a/test/image/oci/storage/layers/storage_layers_ut.cc
+++ b/test/image/oci/storage/layers/storage_layers_ut.cc
@@ -29,6 +29,8 @@
#include "storage.h"
#include "layer.h"
#include "driver_quota_mock.h"
+#include "map.h"
+#include "mock.h"
using ::testing::Args;
using ::testing::ByRef;
@@ -41,6 +43,95 @@ using ::testing::AtLeast;
using ::testing::Invoke;
using ::testing::_;
+static int g_map_search_count = 0;
+static int g_map_search_match = 1;
+static int g_map_new_count = 0;
+static int g_map_new_match = 1;
+static int g_map_insert_count = 0;
+static int g_map_insert_match = 1;
+
+extern "C" {
+ DECLARE_WRAPPER_V(map_new, map_t *, (map_type_t kvtype, map_cmp_func comparator, map_kvfree_func kvfree));
+ DEFINE_WRAPPER_V(map_new, map_t *, (map_type_t kvtype, map_cmp_func comparator, map_kvfree_func kvfree), (kvtype, comparator, kvfree));
+ DECLARE_WRAPPER_V(map_insert, bool, (map_t *map, void *key, void *value));
+ DEFINE_WRAPPER_V(map_insert, bool, (map_t *map, void *key, void *value), (map, key, value));
+ DECLARE_WRAPPER_V(map_search, void *, (const map_t *map, void *key));
+ DEFINE_WRAPPER_V(map_search, void *, (const map_t *map, void *key), (map, key));
+
+ DECLARE_WRAPPER_V(util_smart_calloc_s, void *, (size_t size, size_t len));
+ DEFINE_WRAPPER_V(util_smart_calloc_s, void *, (size_t size, size_t len), (size, len));
+ DECLARE_WRAPPER_V(util_common_calloc_s, void *, (size_t size));
+ DEFINE_WRAPPER_V(util_common_calloc_s, void *, (size_t size), (size));
+}
+
+/*
+* Repeatedly calling the function executes the wrapper function and original function in the following order:
+* wrapper function; original function, wrapper function; original function, original function, wrapper function;...
+* Similar to regular queues (1 means wrapper, 0 means original): 1; 0 1; 0 0 1; 0 0 0 1; ...
+* It's used to MOCK a function that repeat permutation.
+* If you want a regular queue, the variables needs to be assigned back to the initial value.
+*/
+static map_t *map_new_return_null(map_type_t kvtype, map_cmp_func comparator, map_kvfree_func kvfree)
+{
+ g_map_new_count++;
+ if (g_map_new_count == g_map_new_match) {
+ g_map_new_match++;
+ g_map_new_count = 0;
+ return nullptr;
+ } else {
+ return __real_map_new(kvtype, comparator, kvfree);
+ }
+}
+
+/*
+* Repeatedly calling the function executes the wrapper function and original function in the following order:
+* wrapper function; original function, wrapper function; original function, original function, wrapper function;...
+* Similar to regular queues (1 means wrapper, 0 means original): 1; 0 1; 0 0 1; 0 0 0 1; ...
+* It's used to MOCK a function that repeat permutation.
+* If you want a regular queue, the variables needs to be assigned back to the initial value.
+*/
+static bool map_insert_return_false(map_t *map, void *key, void *value)
+{
+ g_map_insert_count++;
+ if (g_map_insert_count == g_map_insert_match) {
+ g_map_insert_match++;
+ g_map_insert_count = 0;
+ return false;
+ } else {
+ return __real_map_insert(map, key, value);
+ }
+}
+
+/*
+* Repeatedly calling the function executes the wrapper function and original function in the following order:
+* wrapper function; original function, wrapper function; original function, original function, wrapper function;...
+* Similar to regular queues (1 means wrapper, 0 means original): 1; 0 1; 0 0 1; 0 0 0 1; ...
+* It's used to MOCK a function that repeat permutation.
+* If you want a regular queue, the variables needs to be assigned back to the initial value.
+*/
+void *map_search_fail(const map_t *map, void *key)
+{
+ g_map_search_count++;
+ if (g_map_search_count == g_map_search_match) {
+ g_map_search_match++;
+ g_map_search_count = 0;
+ return nullptr;
+ } else {
+ return __real_map_search(map, key);
+ }
+
+}
+
+void *util_common_calloc_s_fail(size_t size)
+{
+ return nullptr;
+}
+
+void *util_smart_calloc_s_fail(size_t size, size_t len)
+{
+ return nullptr;
+}
+
std::string GetDirectory()
{
char abs_path[PATH_MAX] { 0x00 };
@@ -178,6 +269,7 @@ protected:
std::string isulad_dir = "/tmp/isulad/";
mkdir(isulad_dir.c_str(), 0755);
std::string root_dir = isulad_dir + "data";
+ mkdir(root_dir.c_str(), 0755);
std::string run_dir = isulad_dir + "data/run";
std::string data_dir = GetDirectory() + "/data";
@@ -194,12 +286,40 @@ protected:
opts.storage_root = strdup(real_path);
ASSERT_STRNE(util_clean_path(run_dir.c_str(), real_run_path, sizeof(real_run_path)), nullptr);
opts.storage_run_root = strdup(real_run_path);
- opts.driver_name = strdup("overlay");
opts.driver_opts = static_cast<char **>(util_smart_calloc_s(sizeof(char *), 1));
opts.driver_opts[0] = strdup("overlay2.skip_mount_home=true");
opts.driver_opts_len = 1;
-
+#ifdef ENABLE_REMOTE_LAYER_STORE
+ opts.enable_remote_layer = true;
+#endif
EXPECT_CALL(m_driver_quota_mock, QuotaCtl(_, _, _, _)).WillRepeatedly(Invoke(invokeQuotaCtl));
+
+ opts.driver_name = NULL;
+ ASSERT_EQ(layer_store_init(&opts), -1);
+
+ char over_path_max_driver_name[5000] { 0x00 }; // PATH_MAX = 4096
+ std::memset(over_path_max_driver_name, 'a', 4999);
+ over_path_max_driver_name[4999]= '\0';
+ opts.driver_name = over_path_max_driver_name;
+ ASSERT_EQ(layer_store_init(&opts), -1);
+
+ opts.driver_name = strdup("overlay");
+ MOCK_SET_V(map_new, map_new_return_null);
+ g_map_new_count = 0;
+ g_map_new_match = 1;
+ ASSERT_EQ(layer_store_init(&opts), -1);
+ ASSERT_EQ(layer_store_init(&opts), -1);
+ ASSERT_EQ(layer_store_init(&opts), -1);
+ ASSERT_EQ(layer_store_init(&opts), -1);
+ MOCK_CLEAR(map_new);
+
+ MOCK_SET_V(map_insert, map_insert_return_false);
+ g_map_insert_count = 0;
+ g_map_insert_match = 1;
+ ASSERT_EQ(layer_store_init(&opts), -1);
+ ASSERT_EQ(layer_store_init(&opts), -1);
+ MOCK_CLEAR(map_insert);
+
ASSERT_EQ(layer_store_init(&opts), 0);
free(opts.storage_root);
@@ -238,6 +358,13 @@ TEST_F(StorageLayersUnitTest, test_layers_load)
struct layer_list *layer_list = (struct layer_list *)util_common_calloc_s(sizeof(struct layer_list));
ASSERT_NE(layer_list, nullptr);
+ ASSERT_EQ(layer_store_list(NULL), -1);
+ MOCK_SET_V(util_smart_calloc_s, util_smart_calloc_s_fail);
+ ASSERT_EQ(layer_store_list(layer_list), -1);
+ MOCK_CLEAR(util_smart_calloc_s);
+ MOCK_SET_V(util_common_calloc_s, util_common_calloc_s_fail);
+ ASSERT_EQ(layer_store_list(layer_list), -1);
+ MOCK_CLEAR(util_common_calloc_s);
ASSERT_EQ(layer_store_list(layer_list), 0);
ASSERT_EQ(layer_list->layers_len, 2);
@@ -315,6 +442,18 @@ TEST_F(StorageLayersUnitTest, test_layer_store_by_compress_digest)
std::string id { "9c27e219663c25e0f28493790cc0b88bc973ba3b1686355f221c38a36978ac63" };
struct layer_list *layer_list = (struct layer_list *)util_common_calloc_s(sizeof(struct layer_list));
+ MOCK_SET_V(util_smart_calloc_s, util_smart_calloc_s_fail);
+ ASSERT_EQ(layer_store_by_compress_digest(compress.c_str(), layer_list), -1);
+ MOCK_CLEAR(util_smart_calloc_s);
+ MOCK_SET_V(util_common_calloc_s, util_common_calloc_s_fail);
+ ASSERT_EQ(layer_store_by_compress_digest(compress.c_str(), layer_list), -1);
+ MOCK_CLEAR(util_common_calloc_s);
+ MOCK_SET_V(map_search, map_search_fail);
+ g_map_search_count = 0;
+ g_map_search_match = 1;
+ ASSERT_EQ(layer_store_by_compress_digest(compress.c_str(), layer_list), -1);
+ MOCK_CLEAR(map_search);
+
ASSERT_EQ(layer_store_by_compress_digest(compress.c_str(), layer_list), 0);
ASSERT_EQ(layer_list->layers_len, 1);
@@ -324,3 +463,26 @@ TEST_F(StorageLayersUnitTest, test_layer_store_by_compress_digest)
free_layer_list(layer_list);
}
+
+#ifdef ENABLE_REMOTE_LAYER_STORE
+TEST_F(StorageLayersUnitTest, test_remote_layer_common)
+{
+ ASSERT_EQ(remote_layer_remove_memory_stores_with_lock(NULL), -1);
+ char arr[] = "random_id";
+ const char *random_id = arr;
+ MOCK_SET_V(map_search, map_search_fail);
+ g_map_search_count = 0;
+ g_map_search_match = 1;
+ ASSERT_EQ(remote_layer_remove_memory_stores_with_lock(random_id), 0);
+ MOCK_CLEAR(map_search);
+
+ ASSERT_EQ(remote_load_one_layer(NULL), -1);
+ MOCK_SET_V(map_search, map_search_fail);
+ g_map_search_count = 0;
+ g_map_search_match = 1;
+ ASSERT_EQ(remote_load_one_layer(random_id), -1);
+ MOCK_CLEAR(map_search);
+
+ ASSERT_EQ(remote_load_one_layer(random_id), -1);
+}
+#endif
--
2.23.0

92
iSulad.spec
View File

@ -1,12 +1,17 @@
%global _version 2.1.5
%global _release 12
%global _release 18
%global is_systemd 1
%global enable_criv1 1
%global enable_cdi 1
%global enable_cdi 0
%global enable_shimv2 1
%global is_embedded 1
%global cpp_std 17
%ifarch x86_64 aarch64
%global enable_nri 0
%global enable_sandboxer 0
%endif
Name: iSulad
Version: %{_version}
Release: %{_release}
@ -157,6 +162,40 @@ Patch0138: 0138-bugfix-for-log-in-make_safedir_is_noexec.patch
Patch0139: 0139-containers-in-paused-state-are-not-allowed-to-start.patch
Patch0140: 0140-remove-meaningless-code.patch
Patch0141: 0141-fix-unqualified-call-to-std-move.patch
Patch0142: 0142-pull-failure-shows-error-reason.patch
Patch0143: 0143-move-CGROUP2_SUPER_MAGIC-define-to-cgroup.c.patch
Patch0144: 0144-update-centos-build-script.patch
Patch0145: 0145-cni-change-error-info.patch
Patch0146: 0146-bugfix-for-sem_wait-call-when-errno-is-EINTR.patch
Patch0147: 0147-add-no-pivot-root-support.patch
Patch0148: 0148-fix-issues-Isula-ps-cannot-display-port-mapping.patch
Patch0149: 0149-move-nri-call-in-stop-and-remove-con.patch
Patch0150: 0150-add-missing-con-linux-info-for-nri-module.patch
Patch0151: 0151-sandbox-sandbox-api-update.patch
Patch0152: 0152-add-omitted-macro-definition.patch
Patch0153: 0153-sandbox-sandbox-api-adapt-rust-interface.patch
Patch0154: 0154-add-linux-capability.h-head-file.patch
Patch0155: 0155-sandbox-fix-unused-variables.patch
Patch0156: 0156-sandbox-sandbox-api-adapt-rust-interface-UT.patch
Patch0157: 0157-bugfix-for-nri-init.patch
Patch0158: 0158-Revert-move-nri-call-in-stop-and-remove-con.patch
Patch0159: 0159-bugfix-overwriting-when-i-is-len-1.patch
Patch0160: 0160-bug-fix-Isula-ps-not-display-N-A-when-ports-empty.patch
Patch0161: 0161-bugfix-for-workdir-len-verify.patch
Patch0162: 0162-bugfix-fix-exec-detach-for-shim-v2.patch
Patch0163: 0163-image-layer-fix-code-style.patch
Patch0164: 0164-image-store-add-UT.patch
Patch0165: 0165-bugfix-do-purge-container-when-do_start_container-fa.patch
Patch0166: 0166-supplementary-registry-design-documentation.patch
Patch0167: 0167-sandbox-del-shim_sandbox-and-change-sandbox-ops.patch
Patch0168: 0168-UT-del-shim_sandbox-and-change-sandbox-ops.patch
Patch0169: 0169-add-image-storage-unit-test.patch
Patch0170: 0170-fix-some-bad-code.patch
Patch0171: 0171-registry-module-code-improve.patch
Patch0172: 0172-image-store-fix-code-style.patch
Patch0173: 0173-bugfix-mem-leak.patch
Patch0174: 0174-bugfix-for-parse_http_header.patch
Patch0175: 0175-add-layer-storage-ut-test.patch
%ifarch x86_64 aarch64
Provides: libhttpclient.so()(64bit)
@ -197,7 +236,9 @@ BuildRequires: libevhtp-devel libevent-devel
%if 0%{?enable_shimv2}
BuildRequires: lib-shim-v2 lib-shim-v2-devel
%endif
%if 0%{?enable_nri} || 0%{?enable_sandboxer}
BuildRequires: isula-rust-extensions-devel
%endif
Requires: libisula > %{lcrver_lower} libisula < %{lcrver_upper}
Requires: lcr > %{lcrver_lower} lcr < %{lcrver_upper}
@ -211,6 +252,9 @@ BuildRequires: libevhtp libevent
%if 0%{?enable_shimv2}
Requires: lib-shim-v2
%endif
%if 0%{?enable_nri} || 0%{?enable_sandboxer}
Requires: isula-rust-extensions
%endif
%description
This is a umbrella project for gRPC-services based Lightweight Container
@ -232,6 +276,12 @@ cd build
%if 0%{?enable_cdi}
-DENABLE_CDI=ON \
%endif
%if 0%{?enable_nri}
-DENABLE_NRI=ON \
%endif
%if 0%{?enable_sandboxer}
-DENABLE_SANDBOXER=ON \
%endif
%endif
%if 0%{?enable_shimv2}
-DENABLE_SHIM_V2=ON \
@ -414,6 +464,42 @@ fi
%endif
%changelog
* Mon Dec 30 2024 jingxiaolu<lujingxiao@huawei.com> - 2.1.5-18
- Type: bugfix
- ID: NA
- SUG: NA
- DESC: sync patches from upstream for refactoring sandbox and bugfixing
* Mon Dec 30 2024 jingxiaolu<lujingxiao@huawei.com> - 2.1.5-17
- Type: bugfix
- ID: NA
- SUG: NA
- DESC: sync patches from upstream
* Wed Dec 18 2024 zhongtao <zhongtao17@huawei.com> - 2.1.5-16
- Type: bugfix
- ID: NA
- SUG: NA
- DESC: bugfix for nri
* Thu Nov 28 2024 liuxu <liuxu156@huawei.com> - 2.1.5-15
- Type: update
- ID: NA
- SUG: NA
- DESC: sandboxer require isula-rust-extensions
* Mon Nov 25 2024 liuxu <liuxu156@huawei.com> - 2.1.5-14
- Type: update
- ID: NA
- SUG: NA
- DESC: upgrade from upstream
* Thu Nov 21 2024 zhongtao <zhongtao17@huawei.com> - 2.1.5-13
- Type: bugfix
- ID: NA
- SUG: NA
- DESC: enable nri support only on specified architecture
* Mon Oct 21 2024 wujichao <wujichao1@huawei.com> - 2.1.5-12
- Type: update
- ID: NA