packages/iSulad
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: packages:421daf389b9453fa98131c2bc7072bdc74872820
Branches Tags
packages:main
...
compare: packages:fe32ae8d82045a28b1a2a07375b1b1424510503f
Branches Tags
packages:main

10 Commits
421daf389b ... fe32ae8d82

Author SHA1 Message Date
openeuler-ci-bot
fe32ae8d82
!766 Sync patches from upstream 
From: @wu-jichao123 
Reviewed-by: @liuxu180400617, @taotao-sauce 
Signed-off-by: @taotao-sauce
 2025-01-08 02:50:30 +00:00
武积超
16b7f398e3 Sync patches from upstream 2025-01-08 10:16:48 +08:00
openeuler-ci-bot
71091c8ccb
!732 combine ten similar submissions into one(0125-fix-clang-build-error.patch) and Upgrade from upstream 
From: @wu-jichao123 
Reviewed-by: @taotao-sauce 
Signed-off-by: @taotao-sauce
 2024-10-22 11:38:15 +00:00
武积超
cc5fe464ca combine ten similar submissions into one(0125-fix-clang-build-error.patch) and Upgrade from upstream 2024-10-22 16:14:15 +08:00
openeuler-ci-bot
57e97c4818
!721 [sync] PR-694: code improve and bugfix 
From: @openeuler-sync-bot 
Reviewed-by: @taotao-sauce 
Signed-off-by: @taotao-sauce
 2024-06-12 08:07:48 +00:00
zhongtao
de6b71d1cc code improve and bugfix 
Signed-off-by: zhongtao <zhongtao17@huawei.com>
(cherry picked from commit 287b224ffae5e96750bd13f62b91e8ec09dfb4fa)
 2024-06-12 15:17:59 +08:00
openeuler-ci-bot
6c010c2f09
!718 [sync] PR-692: [sync] PR-691: upgrade from upstream 
From: @openeuler-sync-bot 
Reviewed-by: @taotao-sauce 
Signed-off-by: @taotao-sauce
 2024-06-12 07:11:30 +00:00
liuxu
46e4260acc upgrade from upstream 
Signed-off-by: liuxu <liuxu156@huawei.com>
(cherry picked from commit 62839b92349e898b3919ae5c0479e15aa5a5d349)
(cherry picked from commit 35baa929a4aee84aff4d1da11f425620cd1c8668)
 2024-06-12 14:51:51 +08:00
openeuler-ci-bot
334015ba35
!715 [sync] PR-689: remove extra %s in CreateContainerLogSymlink and allow env variable has an empty value 
From: @openeuler-sync-bot 
Reviewed-by: @taotao-sauce 
Signed-off-by: @taotao-sauce
 2024-06-12 06:51:15 +00:00
zhongtao
f65c3f63e5 remove extra %s in CreateContainerLogSymlink and allow env variable has an empty value 
Signed-off-by: zhongtao <zhongtao17@huawei.com>
(cherry picked from commit 6d8610bd54520c4357e9b002b14a054a0ec66252)
 2024-06-12 14:26:57 +08:00
101 changed files with 29980 additions and 3 deletions
Show Stats Expand all files Collapse all files

741
0076-cdi-add-UT.patch Normal file
View File

@ -0,0 +1,741 @@
From 0cd088174c94c56ee86506dab9a6a33f6e8fdaa4 Mon Sep 17 00:00:00 2001
From: liuxu <liuxu156@huawei.com>
Date: Thu, 25 Apr 2024 10:52:20 +0800
Subject: [PATCH 76/78] cdi:add UT
Signed-off-by: liuxu <liuxu156@huawei.com>
---
CI/make-and-install.sh | 4 +-
test/cutils/CMakeLists.txt | 1 +
test/cutils/utils_array/utils_array_ut.cc | 128 ++++++++++
test/cutils/utils_utils/utils_utils_ut.cc | 12 +
test/cutils/utils_version/CMakeLists.txt | 17 ++
test/cutils/utils_version/utils_version_ut.cc | 71 ++++++
.../image/oci/oci_config_merge/CMakeLists.txt | 1 +
test/mocks/cdi_operate_api_mock.cc | 58 +++++
test/mocks/cdi_operate_api_mock.h | 35 +++
test/sandbox/controller/shim/CMakeLists.txt | 1 +
test/specs/specs/CMakeLists.txt | 1 +
test/specs/specs/specs_ut.cc | 241 ++++++++++++++++++
test/specs/specs_extend/CMakeLists.txt | 1 +
13 files changed, 569 insertions(+), 2 deletions(-)
create mode 100644 test/cutils/utils_version/CMakeLists.txt
create mode 100644 test/cutils/utils_version/utils_version_ut.cc
create mode 100644 test/mocks/cdi_operate_api_mock.cc
create mode 100644 test/mocks/cdi_operate_api_mock.h
diff --git a/CI/make-and-install.sh b/CI/make-and-install.sh
index 9bb984cd..9d4c5533 100755
--- a/CI/make-and-install.sh
+++ b/CI/make-and-install.sh
@@ -72,7 +72,7 @@ cd $ISULAD_COPY_PATH
sed -i 's/fd == STDIN_FILENO || fd == STDOUT_FILENO || fd == STDERR_FILENO/fd == 0 || fd == 1 || fd == 2 || fd >= 1000/g' ./src/utils/cutils/utils.c
rm -rf build
mkdir build && cd build
-cmake -DCMAKE_BUILD_TYPE=Debug -DENABLE_UT=ON -DENABLE_CRI_API_V1=ON -DENABLE_SHIM_V2=ON -DENABLE_METRICS=ON ..
+cmake -DCMAKE_BUILD_TYPE=Debug -DENABLE_UT=ON -DENABLE_CRI_API_V1=ON -DENABLE_CDI=ON -DENABLE_SHIM_V2=ON -DENABLE_METRICS=ON ..
make -j $(nproc)
make install
ctest -E "driver_devmapper_ut" -T memcheck --output-on-failure
@@ -103,7 +103,7 @@ rm -rf build
mkdir build
cd build
if [[ ${enable_gcov} -ne 0 ]]; then
- cmake -DLIB_INSTALL_DIR=${builddir}/lib -DCMAKE_INSTALL_PREFIX=${builddir} -DCMAKE_INSTALL_SYSCONFDIR=${builddir}/etc -DCMAKE_BUILD_TYPE=Debug -DGCOV=ON -DENABLE_EMBEDDED=ON -DENABLE_COVERAGE=ON -DENABLE_CRI_API_V1=ON -DENABLE_UT=ON -DENABLE_METRICS=ON -DENABLE_REMOTE_LAYER_STORE=ON -DENABLE_GRPC_REMOTE_CONNECT=ON ..
+ cmake -DLIB_INSTALL_DIR=${builddir}/lib -DCMAKE_INSTALL_PREFIX=${builddir} -DCMAKE_INSTALL_SYSCONFDIR=${builddir}/etc -DCMAKE_BUILD_TYPE=Debug -DGCOV=ON -DENABLE_EMBEDDED=ON -DENABLE_COVERAGE=ON -DENABLE_CRI_API_V1=ON -DENABLE_CDI=ON -DENABLE_UT=ON -DENABLE_METRICS=ON -DENABLE_REMOTE_LAYER_STORE=ON -DENABLE_GRPC_REMOTE_CONNECT=ON ..
else
cmake -DLIB_INSTALL_DIR=${builddir}/lib -DCMAKE_INSTALL_PREFIX=${builddir} -DCMAKE_INSTALL_SYSCONFDIR=${builddir}/etc -DENABLE_EMBEDDED=ON -DENABLE_METRICS=ON -DENABLE_REMOTE_LAYER_STORE=ON -DENABLE_CRI_API_V1=ON -DENABLE_GRPC_REMOTE_CONNECT=ON ..
fi
diff --git a/test/cutils/CMakeLists.txt b/test/cutils/CMakeLists.txt
index 9e681cc9..bd9def02 100644
--- a/test/cutils/CMakeLists.txt
+++ b/test/cutils/CMakeLists.txt
@@ -34,4 +34,5 @@ add_subdirectory(utils_utils)
add_subdirectory(utils_verify)
add_subdirectory(utils_network)
add_subdirectory(utils_transform)
+add_subdirectory(utils_version)
add_subdirectory(map)
diff --git a/test/cutils/utils_array/utils_array_ut.cc b/test/cutils/utils_array/utils_array_ut.cc
index 7bd13c25..6c6e76fa 100644
--- a/test/cutils/utils_array/utils_array_ut.cc
+++ b/test/cutils/utils_array/utils_array_ut.cc
@@ -50,6 +50,33 @@ TEST(utils_array, test_util_free_array)
util_free_array(array);
}
+TEST(utils_array, test_util_copy_array_by_len)
+{
+ char **array = nullptr;
+ char **array_copy = nullptr;
+ size_t len = 3;
+
+ array = (char **)util_common_calloc_s(4 * sizeof(char *));
+ ASSERT_NE(array, nullptr);
+ array[0] = util_strdup_s("test1");
+ array[1] = util_strdup_s("test2");
+ array[2] = util_strdup_s("test3");
+
+ array_copy = util_copy_array_by_len(array, len);
+ ASSERT_NE(array_copy, nullptr);
+ for (size_t i = 0; i < len; i++) {
+ ASSERT_EQ(strcmp(array_copy[i], array[i]), 0);
+ free(array[i]);
+ free(array_copy[i]);
+ }
+
+ ASSERT_EQ(util_copy_array_by_len(array, 0), nullptr);
+ ASSERT_EQ(util_copy_array_by_len(nullptr, len), nullptr);
+
+ free(array);
+ free(array_copy);
+}
+
TEST(utils_array, test_util_grow_array)
{
char **array = nullptr;
@@ -229,6 +256,34 @@ TEST(utils_array, test_util_append_string_array)
sarray = nullptr;
}
+TEST(utils_array, test_util_copy_string_array)
+{
+ __isula_auto_string_array_t string_array *sarray_copy = nullptr;
+ __isula_auto_string_array_t string_array *sarray = (string_array *)util_common_calloc_s(sizeof(string_array));
+ ASSERT_NE(sarray, nullptr);
+ int ret;
+
+ ret = util_append_string_array(sarray, "1234567890");
+ ASSERT_EQ(ret, 0);
+ ret = util_append_string_array(sarray, "abc");
+ ASSERT_EQ(ret, 0);
+ ret = util_append_string_array(sarray, "bcd");
+ ASSERT_EQ(ret, 0);
+ ASSERT_EQ(sarray->len, 3);
+
+ sarray_copy = util_copy_string_array(sarray);
+ ASSERT_NE(sarray_copy, nullptr);
+ ASSERT_EQ(sarray_copy->len, sarray->len);
+ for (size_t i = 0; i < sarray_copy->len; i++) {
+ ASSERT_EQ(strcmp(sarray_copy->items[i], sarray->items[i]), 0);
+ }
+
+ ASSERT_EQ(util_copy_string_array(nullptr), nullptr);
+ sarray->cap = 0;
+ ASSERT_EQ(util_copy_string_array(sarray), nullptr);
+ sarray->cap = sarray->len;
+}
+
TEST(utils_array, test_util_string_array_contain)
{
string_array *sarray = (string_array *)util_common_calloc_s(sizeof(string_array));
@@ -299,3 +354,76 @@ TEST(utils_array, test_util_common_array_append_pointer)
delete element1;
delete element2;
}
+
+static void common_array_free_mock(void *ptr)
+{
+ (void)ptr;
+ return;
+}
+
+TEST(utils_array, test_util_append_common_array)
+{
+ __isula_auto_common_array_t common_array *carray = nullptr;
+ int ret;
+ int value1 = 1;
+ int value2 = 2;
+ int value3 = 3;
+
+ carray = util_common_array_new(1, common_array_free_mock, util_clone_ptr);
+ ASSERT_NE(carray, nullptr);
+
+ ret = util_append_common_array(carray, &value1);
+ ASSERT_EQ(ret, 0);
+ ASSERT_EQ(carray->items[0], &value1);
+ ASSERT_EQ(carray->len, 1);
+
+ ret = util_append_common_array(carray, &value2);
+ ASSERT_EQ(ret, 0);
+ ret = util_append_common_array(carray, &value3);
+ ASSERT_EQ(ret, 0);
+ ASSERT_EQ(carray->items[1], &value2);
+ ASSERT_EQ(carray->items[2], &value3);
+ ASSERT_EQ(carray->len, 3);
+
+ carray->clone_item_cb = nullptr;
+ ASSERT_EQ(util_append_common_array(carray, &value1), -1);
+ carray->clone_item_cb = util_clone_ptr;
+ ASSERT_EQ(util_append_common_array(carray, nullptr), 0);
+}
+
+TEST(utils_array, test_util_merge_common_array)
+{
+ __isula_auto_common_array_t common_array *carray1 = nullptr;
+ __isula_auto_common_array_t common_array *carray2 = nullptr;
+ int ret;
+ int value1 = 1;
+ int value2 = 2;
+
+ carray1 = util_common_array_new(1, common_array_free_mock, util_clone_ptr);
+ ASSERT_NE(carray1, nullptr);
+ carray2 = util_common_array_new(1, common_array_free_mock, util_clone_ptr);
+ ASSERT_NE(carray2, nullptr);
+
+ ret = util_append_common_array(carray1, &value1);
+ ASSERT_EQ(ret, 0);
+ ASSERT_EQ(carray1->items[0], &value1);
+ ASSERT_EQ(carray1->len, 1);
+ ret = util_append_common_array(carray2, &value2);
+ ASSERT_EQ(ret, 0);
+ ASSERT_EQ(carray2->items[0], &value2);
+ ASSERT_EQ(carray2->len, 1);
+
+ ret = util_merge_common_array(carray1, carray2);
+ ASSERT_EQ(ret, 0);
+ ASSERT_EQ(carray1->items[1], &value2);
+ ASSERT_EQ(carray1->len, 2);
+
+ ASSERT_EQ(util_merge_common_array(nullptr, carray2), -1);
+ ASSERT_EQ(util_merge_common_array(carray1, nullptr), -1);
+ carray1->clone_item_cb = nullptr;
+ ASSERT_EQ(util_merge_common_array(carray1, carray2), -1);
+ carray1->clone_item_cb = util_clone_ptr;
+ carray2->clone_item_cb = nullptr;
+ ASSERT_EQ(util_merge_common_array(carray1, carray2), -1);
+ carray2->clone_item_cb = util_clone_ptr;
+}
\ No newline at end of file
diff --git a/test/cutils/utils_utils/utils_utils_ut.cc b/test/cutils/utils_utils/utils_utils_ut.cc
index 0720d1b1..a61e5a21 100644
--- a/test/cutils/utils_utils/utils_utils_ut.cc
+++ b/test/cutils/utils_utils/utils_utils_ut.cc
@@ -54,6 +54,18 @@ static int status_to_exit_code(int status)
return exit_code;
}
+TEST(utils_utils, test_util_swap_ptr)
+{
+ int val1 = 1;
+ int val2 = 2;
+ int *ptr1 = &val1;
+ int *ptr2 = &val2;
+
+ util_swap_ptr((void **)&ptr1, (void **)&ptr2);
+ ASSERT_EQ(*ptr1, val2);
+ ASSERT_EQ(*ptr2, val1);
+}
+
TEST(utils_utils, test_util_mem_realloc)
{
char *old = nullptr;
diff --git a/test/cutils/utils_version/CMakeLists.txt b/test/cutils/utils_version/CMakeLists.txt
new file mode 100644
index 00000000..1ada8e93
--- /dev/null
+++ b/test/cutils/utils_version/CMakeLists.txt
@@ -0,0 +1,17 @@
+project(iSulad_UT)
+
+SET(EXE utils_version_ut)
+
+add_executable(${EXE}
+ utils_version_ut.cc)
+
+target_include_directories(${EXE} PUBLIC
+ ${GTEST_INCLUDE_DIR}
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../include
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/common
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils
+ )
+
+target_link_libraries(${EXE} ${GTEST_BOTH_LIBRARIES} ${CMAKE_THREAD_LIBS_INIT} ${ISULA_LIBUTILS_LIBRARY} libutils_ut -lcrypto -lyajl -lz)
+add_test(NAME ${EXE} COMMAND ${EXE} --gtest_output=xml:${EXE}-Results.xml)
+set_tests_properties(${EXE} PROPERTIES TIMEOUT 120)
diff --git a/test/cutils/utils_version/utils_version_ut.cc b/test/cutils/utils_version/utils_version_ut.cc
new file mode 100644
index 00000000..d1fc0932
--- /dev/null
+++ b/test/cutils/utils_version/utils_version_ut.cc
@@ -0,0 +1,71 @@
+/******************************************************************************
+ * Copyright (c) Huawei Technologies Co., Ltd. 2024. All rights reserved.
+ * iSulad licensed under the Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ * http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+ * PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ * Author: liuxu
+ * Create: 2024-04-25
+ * Description: utils version unit test
+ *******************************************************************************/
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <climits>
+#include <gtest/gtest.h>
+#include "mock.h"
+#include "utils_version.h"
+#include "utils.h"
+
+TEST(utils_version, test_util_version_compare)
+{
+ const char *version1 = "1.1.1";
+ const char *version2 = "1.1.2";
+ int diff_value = 0;
+
+ ASSERT_EQ(util_version_compare(version1, version2, &diff_value), 0);
+ ASSERT_TRUE(diff_value < 0);
+ ASSERT_EQ(util_version_compare(version1, version1, &diff_value), 0);
+ ASSERT_TRUE(diff_value == 0);
+ ASSERT_EQ(util_version_compare(version2, version1, &diff_value), 0);
+ ASSERT_TRUE(diff_value > 0);
+
+ ASSERT_EQ(util_version_compare(version1, nullptr, &diff_value), -1);
+ ASSERT_EQ(util_version_compare(nullptr, version2, &diff_value), -1);
+ ASSERT_EQ(util_version_compare(version1, version2, nullptr), -1);
+ ASSERT_EQ(util_version_compare("1.1.1.1", version2, nullptr), -1);
+ ASSERT_EQ(util_version_compare(version1, "a.b.1.1", nullptr), -1);
+}
+
+TEST(utils_version, test_util_version_greater_than)
+{
+ const char *version1 = "0.6.0";
+ const char *version2 = "1.0.0";
+ bool result = true;
+
+ ASSERT_EQ(util_version_greater_than(version1, version2, &result), 0);
+ ASSERT_FALSE(result);
+ ASSERT_EQ(util_version_greater_than(version1, version1, &result), 0);
+ ASSERT_FALSE(result);
+ ASSERT_EQ(util_version_greater_than(version2, version1, &result), 0);
+ ASSERT_TRUE(result);
+}
+
+TEST(utils_version, test_util_version_greater_than_or_equal_to)
+{
+ const char *version1 = "0.6.0";
+ const char *version2 = "1.0.0";
+ bool result = true;
+
+ ASSERT_EQ(util_version_greater_than_or_equal_to(version1, version2, &result), 0);
+ ASSERT_FALSE(result);
+ ASSERT_EQ(util_version_greater_than_or_equal_to(version1, version1, &result), 0);
+ ASSERT_TRUE(result);
+ ASSERT_EQ(util_version_greater_than_or_equal_to(version2, version1, &result), 0);
+ ASSERT_TRUE(result);
+}
+
diff --git a/test/image/oci/oci_config_merge/CMakeLists.txt b/test/image/oci/oci_config_merge/CMakeLists.txt
index ffd3999d..38ade4ec 100644
--- a/test/image/oci/oci_config_merge/CMakeLists.txt
+++ b/test/image/oci/oci_config_merge/CMakeLists.txt
@@ -47,6 +47,7 @@ add_executable(${EXE}
${CMAKE_CURRENT_SOURCE_DIR}/../../../../test/mocks/selinux_label_mock.cc
${CMAKE_CURRENT_SOURCE_DIR}/../../../../test/mocks/storage_mock.cc
${CMAKE_CURRENT_SOURCE_DIR}/../../../../test/mocks/image_mock.cc
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../test/mocks/cdi_operate_api_mock.cc
oci_config_merge_ut.cc)
target_include_directories(${EXE} PUBLIC
diff --git a/test/mocks/cdi_operate_api_mock.cc b/test/mocks/cdi_operate_api_mock.cc
new file mode 100644
index 00000000..d8f9f9d4
--- /dev/null
+++ b/test/mocks/cdi_operate_api_mock.cc
@@ -0,0 +1,58 @@
+/******************************************************************************
+ * Copyright (c) Huawei Technologies Co., Ltd. 2023. All rights reserved.
+ * iSulad licensed under the Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ * http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+ * PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ * Author: jikai
+ * Create: 2023-10-20
+ * Description: provide image api mock
+ ******************************************************************************/
+
+#include "cdi_operate_api_mock.h"
+
+namespace {
+std::shared_ptr<MockCdiOperateApi> g_cdi_operate_api_mock = nullptr;
+}
+
+void MockCdiOperateApi_SetMock(std::shared_ptr<MockCdiOperateApi> mock)
+{
+ g_cdi_operate_api_mock = mock;
+}
+
+int cdi_operate_registry_init(char **specs_dirs, size_t specs_dirs_len)
+{
+ if (g_cdi_operate_api_mock != nullptr) {
+ return g_cdi_operate_api_mock->CdiOperateRegistryInit(specs_dirs, specs_dirs_len);
+ }
+ return 0;
+}
+
+int cdi_operate_refresh(void)
+{
+ if (g_cdi_operate_api_mock != nullptr) {
+ return g_cdi_operate_api_mock->CdiOperateRefresh();
+ }
+ return 0;
+}
+
+int cdi_operate_inject_devices(oci_runtime_spec *spec, string_array *devices)
+{
+ if (g_cdi_operate_api_mock != nullptr) {
+ return g_cdi_operate_api_mock->CdiOperateInjectDevices(spec, devices);
+ }
+ return 0;
+}
+
+int cdi_operate_parse_annotations(json_map_string_string *annotations, string_array **keys,
+ string_array **devices, char **error)
+{
+ if (g_cdi_operate_api_mock != nullptr) {
+ return g_cdi_operate_api_mock->CdiOperateParseAnnotations(annotations, keys, devices, error);
+ }
+ return 0;
+}
\ No newline at end of file
diff --git a/test/mocks/cdi_operate_api_mock.h b/test/mocks/cdi_operate_api_mock.h
new file mode 100644
index 00000000..c118ee7a
--- /dev/null
+++ b/test/mocks/cdi_operate_api_mock.h
@@ -0,0 +1,35 @@
+/******************************************************************************
+ * Copyright (c) Huawei Technologies Co., Ltd. 2023. All rights reserved.
+ * iSulad licensed under the Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ * http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+ * PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ * Author: liuxu
+ * Create: 2024-04-24
+ * Description: provide cdi api mock
+ ******************************************************************************/
+
+#ifndef ISULAD_TEST_MOCKS_CDI_OPERATE_API_MOCK_H
+#define ISULAD_TEST_MOCKS_CDI_OPERATE_API_MOCK_H
+
+#include <gmock/gmock.h>
+#include <memory>
+
+#include "cdi_operate_api.h"
+
+class MockCdiOperateApi {
+public:
+ MOCK_METHOD2(CdiOperateRegistryInit, int(char **specs_dirs, size_t specs_dirs_len));
+ MOCK_METHOD0(CdiOperateRefresh, int(void));
+ MOCK_METHOD2(CdiOperateInjectDevices, int(oci_runtime_spec *spec, string_array *devices));
+ MOCK_METHOD4(CdiOperateParseAnnotations, int(json_map_string_string *annotations, string_array **keys,
+ string_array **devices, char **error));
+};
+
+void MockCdiOperateApi_SetMock(std::shared_ptr<MockCdiOperateApi> mock);
+
+#endif
diff --git a/test/sandbox/controller/shim/CMakeLists.txt b/test/sandbox/controller/shim/CMakeLists.txt
index 26a66e51..d18d1861 100644
--- a/test/sandbox/controller/shim/CMakeLists.txt
+++ b/test/sandbox/controller/shim/CMakeLists.txt
@@ -21,6 +21,7 @@ add_executable(${EXE}
${CMAKE_CURRENT_SOURCE_DIR}/../../../../test/mocks/callback_mock.cc
${CMAKE_CURRENT_SOURCE_DIR}/../../../../test/mocks/image_api_mock.cc
${CMAKE_CURRENT_SOURCE_DIR}/../../../../test/mocks/service_container_api_mock.cc
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../test/mocks/cdi_operate_api_mock.cc
${CMAKE_CURRENT_SOURCE_DIR}/../../../../test/sandbox/controller/controller_common.cc
${CMAKE_CURRENT_SOURCE_DIR}/../../../../test/sandbox/controller/shim/shim_controller_ut.cc
)
diff --git a/test/specs/specs/CMakeLists.txt b/test/specs/specs/CMakeLists.txt
index 12c11f51..892d44d7 100644
--- a/test/specs/specs/CMakeLists.txt
+++ b/test/specs/specs/CMakeLists.txt
@@ -44,6 +44,7 @@ add_executable(${EXE}
${CMAKE_CURRENT_SOURCE_DIR}/../../../test/mocks/storage_mock.cc
${CMAKE_CURRENT_SOURCE_DIR}/../../../test/mocks/image_mock.cc
${CMAKE_CURRENT_SOURCE_DIR}/../../../test/mocks/sender_mock.cc
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../test/mocks/cdi_operate_api_mock.cc
specs_ut.cc)
target_include_directories(${EXE} PUBLIC
diff --git a/test/specs/specs/specs_ut.cc b/test/specs/specs/specs_ut.cc
index 6c42216d..47836e5b 100644
--- a/test/specs/specs/specs_ut.cc
+++ b/test/specs/specs/specs_ut.cc
@@ -564,6 +564,247 @@ TEST_F(SpecsUnitTest, test_update_devcies_for_oci_spec)
free(err);
}
+#ifdef ENABLE_CDI
+TEST_F(SpecsUnitTest, test_defs_process_add_multiple_env)
+{
+ size_t env_len = 2;
+ char **envs = (char **)util_common_calloc_s(sizeof(char *) * env_len);
+ ASSERT_NE(envs, nullptr);
+ defs_process *dp = (defs_process *)util_common_calloc_s(sizeof(defs_process));
+ ASSERT_NE(dp, nullptr);
+ dp->env_len = 1;
+ dp->env = (char **)util_common_calloc_s(sizeof(char *) * dp->env_len);
+ ASSERT_NE(dp->env, nullptr);
+
+ envs[0] = util_strdup_s("key0=value0");
+ envs[1] = util_strdup_s("key1=value1");
+ dp->env[0] = util_strdup_s("key0=value0_old");
+ ASSERT_EQ(defs_process_add_multiple_env(dp, (const char **)envs, env_len), 0);
+ ASSERT_EQ(dp->env_len, 2);
+ ASSERT_EQ(strcmp(dp->env[0], envs[0]), 0);
+ ASSERT_EQ(strcmp(dp->env[1], envs[1]), 0);
+
+ ASSERT_EQ(defs_process_add_multiple_env(dp, nullptr, env_len), 0);
+ ASSERT_EQ(defs_process_add_multiple_env(dp, (const char **)envs, 0), 0);
+ ASSERT_EQ(defs_process_add_multiple_env(nullptr, (const char **)envs, env_len), -1);
+
+ free(envs[0]);
+ envs[0] = util_strdup_s("=value0");
+ ASSERT_EQ(defs_process_add_multiple_env(dp, (const char **)envs, env_len), -1);
+ free(envs[0]);
+ envs[0] = util_strdup_s("key0=");
+ ASSERT_EQ(defs_process_add_multiple_env(dp, (const char **)envs, env_len), -1);
+ free(envs[0]);
+ envs[0] = util_strdup_s("key0xxxx");
+ ASSERT_EQ(defs_process_add_multiple_env(dp, (const char **)envs, env_len), -1);
+
+ free(dp->env[0]);
+ dp->env[0] = util_strdup_s("=value0");
+ ASSERT_EQ(defs_process_add_multiple_env(dp, (const char **)envs, env_len), -1);
+ free(dp->env[0]);
+ dp->env[0] = util_strdup_s("key0=");
+ ASSERT_EQ(defs_process_add_multiple_env(dp, (const char **)envs, env_len), -1);
+ free(dp->env[0]);
+ dp->env[0] = util_strdup_s("key0xxxx");
+ ASSERT_EQ(defs_process_add_multiple_env(dp, (const char **)envs, env_len), -1);
+
+ free_defs_process(dp);
+ free(envs[0]);
+ free(envs[1]);
+ free(envs);
+}
+
+TEST_F(SpecsUnitTest, test_spec_add_multiple_process_env)
+{
+ size_t env_len = 2;
+ char **envs = (char **)util_common_calloc_s(sizeof(char *) * env_len);
+ ASSERT_NE(envs, nullptr);
+ oci_runtime_spec *oci_spec = (oci_runtime_spec *)util_common_calloc_s(sizeof(oci_runtime_spec));
+ ASSERT_NE(oci_spec, nullptr);
+ oci_spec->process = (defs_process *)util_common_calloc_s(sizeof(defs_process));
+ ASSERT_NE(oci_spec->process, nullptr);
+ oci_spec->process->env_len = 1;
+ oci_spec->process->env = (char **)util_common_calloc_s(sizeof(char *) * oci_spec->process->env_len);
+ ASSERT_NE(oci_spec->process->env, nullptr);
+
+ envs[0] = util_strdup_s("key0=value0");
+ envs[1] = util_strdup_s("key1=value1");
+ oci_spec->process->env[0] = util_strdup_s("key0=value0_old");
+ ASSERT_EQ(spec_add_multiple_process_env(oci_spec, (const char **)envs, env_len), 0);
+ ASSERT_EQ(oci_spec->process->env_len, 2);
+ ASSERT_EQ(strcmp(oci_spec->process->env[0], envs[0]), 0);
+ ASSERT_EQ(strcmp(oci_spec->process->env[1], envs[1]), 0);
+
+ ASSERT_EQ(spec_add_multiple_process_env(oci_spec, nullptr, env_len), 0);
+ ASSERT_EQ(spec_add_multiple_process_env(oci_spec, (const char **)envs, 0), 0);
+ ASSERT_EQ(spec_add_multiple_process_env(nullptr, (const char **)envs, env_len), -1);
+
+ free(envs[0]);
+ envs[0] = util_strdup_s("=value0");
+ ASSERT_EQ(spec_add_multiple_process_env(oci_spec, (const char **)envs, env_len), -1);
+ free(envs[0]);
+ envs[0] = util_strdup_s("key0=");
+ ASSERT_EQ(spec_add_multiple_process_env(oci_spec, (const char **)envs, env_len), -1);
+ free(envs[0]);
+ envs[0] = util_strdup_s("key0xxxx");
+ ASSERT_EQ(spec_add_multiple_process_env(oci_spec, (const char **)envs, env_len), -1);
+
+ free(oci_spec->process->env[0]);
+ oci_spec->process->env[0] = util_strdup_s("=value0");
+ ASSERT_EQ(spec_add_multiple_process_env(oci_spec, (const char **)envs, env_len), -1);
+ free(oci_spec->process->env[0]);
+ oci_spec->process->env[0] = util_strdup_s("key0=");
+ ASSERT_EQ(spec_add_multiple_process_env(oci_spec, (const char **)envs, env_len), -1);
+ free(oci_spec->process->env[0]);
+ oci_spec->process->env[0] = util_strdup_s("key0xxxx");
+ ASSERT_EQ(spec_add_multiple_process_env(oci_spec, (const char **)envs, env_len), -1);
+
+ free_oci_runtime_spec(oci_spec);
+ free(envs[0]);
+ free(envs[1]);
+ free(envs);
+}
+
+TEST_F(SpecsUnitTest, test_spec_add_device)
+{
+ defs_device *device = (defs_device *)util_common_calloc_s(sizeof(defs_device));
+ ASSERT_NE(device, nullptr);
+ oci_runtime_spec *oci_spec = (oci_runtime_spec *)util_common_calloc_s(sizeof(oci_runtime_spec));
+ ASSERT_NE(oci_spec, nullptr);
+ oci_spec->linux = (oci_runtime_config_linux *)util_common_calloc_s(sizeof(oci_runtime_config_linux));
+ ASSERT_NE(oci_spec->linux, nullptr);
+ oci_spec->linux->devices_len = 1;
+ oci_spec->linux->devices = (defs_device **)util_common_calloc_s(sizeof(defs_device *) * oci_spec->linux->devices_len);
+ ASSERT_NE(oci_spec->linux->devices, nullptr);
+
+ device->path = util_strdup_s("/device/path");
+ oci_spec->linux->devices[0] = (defs_device *)util_common_calloc_s(sizeof(defs_device));
+ ASSERT_NE(oci_spec->linux->devices[0], nullptr);
+ oci_spec->linux->devices[0]->path = util_strdup_s("/device/path");
+ ASSERT_EQ(spec_add_device(oci_spec, device), 0);
+ ASSERT_EQ(oci_spec->linux->devices[0], device);
+
+ oci_spec->linux->devices[0] = nullptr;
+ oci_spec->linux->devices_len = 0;
+ ASSERT_EQ(spec_add_device(oci_spec, device), 0);
+ ASSERT_EQ(oci_spec->linux->devices_len, 1);
+ ASSERT_EQ(oci_spec->linux->devices[0], device);
+
+ ASSERT_EQ(spec_add_device(oci_spec, nullptr), -1);
+ ASSERT_EQ(spec_add_device(nullptr, device), -1);
+
+ free_oci_runtime_spec(oci_spec);
+}
+
+TEST_F(SpecsUnitTest, test_spec_add_linux_resources_device)
+{
+ oci_runtime_spec *oci_spec = (oci_runtime_spec *)util_common_calloc_s(sizeof(oci_runtime_spec));
+ ASSERT_NE(oci_spec, nullptr);
+ oci_spec->linux = (oci_runtime_config_linux *)util_common_calloc_s(sizeof(oci_runtime_config_linux));
+ ASSERT_NE(oci_spec->linux, nullptr);
+ oci_spec->linux->resources = (defs_resources *)util_common_calloc_s(sizeof(defs_resources));
+ ASSERT_NE(oci_spec->linux->resources, nullptr);
+ oci_spec->linux->resources->devices_len = 1;
+ oci_spec->linux->resources->devices = (defs_device_cgroup **)util_common_calloc_s(sizeof(defs_device_cgroup *) * oci_spec->linux->resources->devices_len);
+ ASSERT_NE(oci_spec->linux->resources->devices, nullptr);
+
+ oci_spec->linux->resources->devices[0] = (defs_device_cgroup *)util_common_calloc_s(sizeof(defs_device_cgroup));
+ ASSERT_NE(oci_spec->linux->resources->devices[0], nullptr);
+ ASSERT_EQ(spec_add_linux_resources_device(oci_spec, true, "bind", 10, 9, "rwm"), 0);
+ ASSERT_EQ(oci_spec->linux->resources->devices_len, 2);
+ ASSERT_EQ(oci_spec->linux->resources->devices[1]->allow, true);
+ ASSERT_EQ(strcmp(oci_spec->linux->resources->devices[1]->type, "bind"), 0);
+ ASSERT_EQ(oci_spec->linux->resources->devices[1]->major, 10);
+ ASSERT_EQ(oci_spec->linux->resources->devices[1]->minor, 9);
+ ASSERT_EQ(strcmp(oci_spec->linux->resources->devices[1]->access, "rwm"), 0);
+
+ ASSERT_EQ(spec_add_linux_resources_device(nullptr, true, "bind", 10, 9, "rwm"), -1);
+
+ free_oci_runtime_spec(oci_spec);
+}
+
+TEST_F(SpecsUnitTest, test_spec_remove_mount)
+{
+ oci_runtime_spec *oci_spec = (oci_runtime_spec *)util_common_calloc_s(sizeof(oci_runtime_spec));
+ ASSERT_NE(oci_spec, nullptr);
+ oci_spec->mounts_len = 2;
+ oci_spec->mounts = (defs_mount **)util_common_calloc_s(sizeof(defs_mount *) * oci_spec->mounts_len);
+ ASSERT_NE(oci_spec->mounts, nullptr);
+
+ oci_spec->mounts[0] = (defs_mount *)util_common_calloc_s(sizeof(defs_mount));
+ ASSERT_NE(oci_spec->mounts[0], nullptr);
+ oci_spec->mounts[1] = (defs_mount *)util_common_calloc_s(sizeof(defs_mount));
+ ASSERT_NE(oci_spec->mounts[1], nullptr);
+ oci_spec->mounts[0]->destination = util_strdup_s("/mount/path/0");
+ oci_spec->mounts[1]->destination = util_strdup_s("/mount/path/1");
+ spec_remove_mount(oci_spec, oci_spec->mounts[0]->destination);
+ ASSERT_EQ(oci_spec->mounts_len, 1);
+ ASSERT_EQ(strcmp(oci_spec->mounts[0]->destination, "/mount/path/1"), 0);
+
+ free_oci_runtime_spec(oci_spec);
+}
+
+TEST_F(SpecsUnitTest, test_spec_add_mount)
+{
+ defs_mount *mnt = (defs_mount *)util_common_calloc_s(sizeof(defs_mount));
+ ASSERT_NE(mnt, nullptr);
+ oci_runtime_spec *oci_spec = (oci_runtime_spec *)util_common_calloc_s(sizeof(oci_runtime_spec));
+ ASSERT_NE(oci_spec, nullptr);
+ oci_spec->mounts_len = 1;
+ oci_spec->mounts = (defs_mount **)util_common_calloc_s(sizeof(defs_mount *) * oci_spec->mounts_len );
+ ASSERT_NE(oci_spec->mounts, nullptr);
+
+ oci_spec->mounts[0] = (defs_mount *)util_common_calloc_s(sizeof(defs_mount));
+ ASSERT_NE(oci_spec->mounts[0], nullptr);
+ oci_spec->mounts[0]->destination = util_strdup_s("/mount/path/0");
+ ASSERT_EQ(spec_add_mount(oci_spec, mnt), 0);
+ ASSERT_EQ(oci_spec->mounts_len, 2);
+ ASSERT_EQ(oci_spec->mounts[1], mnt);
+
+ ASSERT_EQ(spec_add_mount(nullptr, mnt), -1);
+ ASSERT_EQ(spec_add_mount(oci_spec, nullptr), -1);
+
+ free_oci_runtime_spec(oci_spec);
+}
+
+#define TEST_SPEC_ADD_HOOKS_ITEM_DEF(hooktype) \
+ void test_spec_add_##hooktype##_hook(void) \
+ { \
+ defs_hook *hook = (defs_hook *)util_common_calloc_s(sizeof(defs_hook)); \
+ ASSERT_NE(hook, nullptr); \
+ oci_runtime_spec *oci_spec = (oci_runtime_spec *)util_common_calloc_s(sizeof(oci_runtime_spec)); \
+ ASSERT_NE(oci_spec, nullptr); \
+ oci_spec->hooks = (oci_runtime_spec_hooks *)util_common_calloc_s(sizeof(oci_runtime_spec_hooks)); \
+ ASSERT_NE(oci_spec->hooks, nullptr); \
+ oci_spec->hooks->hooktype##_len = 1; \
+ oci_spec->hooks->hooktype = (defs_hook **)util_common_calloc_s(sizeof(defs_hook *) * oci_spec->hooks->hooktype##_len); \
+ ASSERT_NE(oci_spec->hooks->hooktype, nullptr); \
+ \
+ oci_spec->hooks->hooktype[0] = (defs_hook *)util_common_calloc_s(sizeof(defs_hook)); \
+ ASSERT_NE(oci_spec->hooks->hooktype[0], nullptr); \
+ ASSERT_EQ(spec_add_##hooktype##_hook(oci_spec, hook), 0); \
+ ASSERT_EQ(oci_spec->hooks->hooktype##_len, 2); \
+ ASSERT_EQ(oci_spec->hooks->hooktype[1], hook); \
+ \
+ ASSERT_EQ(spec_add_##hooktype##_hook(nullptr, hook), -1); \
+ ASSERT_EQ(spec_add_##hooktype##_hook(oci_spec, nullptr), -1); \
+ \
+ free_oci_runtime_spec(oci_spec); \
+ }
+
+TEST_SPEC_ADD_HOOKS_ITEM_DEF(prestart)
+TEST_SPEC_ADD_HOOKS_ITEM_DEF(poststart)
+TEST_SPEC_ADD_HOOKS_ITEM_DEF(poststop)
+
+TEST_F(SpecsUnitTest, test_spec_add_hook)
+{
+ test_spec_add_prestart_hook();
+ test_spec_add_poststart_hook();
+ test_spec_add_poststop_hook();
+}
+
+#endif /* ENABLE_CDI */
+
/********************************* UT for merge caps *******************************************/
struct capabilities_lens {
size_t bounding_len;
diff --git a/test/specs/specs_extend/CMakeLists.txt b/test/specs/specs_extend/CMakeLists.txt
index 2fd37e1c..bd4d2dd6 100644
--- a/test/specs/specs_extend/CMakeLists.txt
+++ b/test/specs/specs_extend/CMakeLists.txt
@@ -44,6 +44,7 @@ add_executable(${EXE}
${CMAKE_CURRENT_SOURCE_DIR}/../../../test/mocks/storage_mock.cc
${CMAKE_CURRENT_SOURCE_DIR}/../../../test/mocks/image_mock.cc
${CMAKE_CURRENT_SOURCE_DIR}/../../../test/mocks/sender_mock.cc
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../test/mocks/cdi_operate_api_mock.cc
specs_extend_ut.cc)
target_include_directories(${EXE} PUBLIC
--
2.25.1

26
0077-remove-extra-s-in-CreateContainerLogSymlink.patch Normal file
View File

@ -0,0 +1,26 @@
From cade2ae3b53848bbedb3f89ff45333f3871e878a Mon Sep 17 00:00:00 2001
From: jikai <jikai11@huawei.com>
Date: Thu, 25 Apr 2024 12:46:10 +0000
Subject: [PATCH 77/78] remove extra %s in CreateContainerLogSymlink
Signed-off-by: jikai <jikai11@huawei.com>
---
src/daemon/common/cri/cri_helpers.cc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/daemon/common/cri/cri_helpers.cc b/src/daemon/common/cri/cri_helpers.cc
index 5189ac00..d7ec9f36 100644
--- a/src/daemon/common/cri/cri_helpers.cc
+++ b/src/daemon/common/cri/cri_helpers.cc
@@ -552,7 +552,7 @@ void CreateContainerLogSymlink(const std::string &containerID, Errors &error)
if (symlink(realPath.c_str(), path.c_str()) != 0) {
SYSERROR("failed to create symbolic link %s to the container log file %s for container %s", path.c_str(), realPath.c_str(),
containerID.c_str());
- error.Errorf("failed to create symbolic link %s to the container log file %s for container %s: %s", path.c_str(),
+ error.Errorf("failed to create symbolic link %s to the container log file %s for container %s", path.c_str(),
realPath.c_str(), containerID.c_str());
}
}
--
2.25.1

69
0078-allow-env-variable-has-an-empty-value.patch Normal file
View File

@ -0,0 +1,69 @@
From f0212d54afc695b2039f09456b10c47f8edaf2de Mon Sep 17 00:00:00 2001
From: jikai <jikai11@huawei.com>
Date: Sat, 27 Apr 2024 14:32:19 +0800
Subject: [PATCH 78/78] allow env variable has an empty value
Signed-off-by: jikai <jikai11@huawei.com>
---
src/daemon/modules/spec/specs_extend.c | 10 ++++++----
src/utils/cutils/utils_string.c | 3 +++
2 files changed, 9 insertions(+), 4 deletions(-)
diff --git a/src/daemon/modules/spec/specs_extend.c b/src/daemon/modules/spec/specs_extend.c
index 199cba54..8cad2cbe 100644
--- a/src/daemon/modules/spec/specs_extend.c
+++ b/src/daemon/modules/spec/specs_extend.c
@@ -195,6 +195,7 @@ static int generate_env_map_from_file(FILE *fp, json_map_string_string *env_map)
char *pline = NULL;
size_t length = 0;
char *saveptr = NULL;
+ char empty_str[1] = {'\0'};
while (getline(&pline, &length, fp) != -1) {
util_trim_newline(pline);
@@ -204,7 +205,9 @@ static int generate_env_map_from_file(FILE *fp, json_map_string_string *env_map)
}
key = strtok_r(pline, "=", &saveptr);
value = strtok_r(NULL, "=", &saveptr);
- if (key != NULL && value != NULL) {
+ // value of an env varible is allowed to be empty
+ value = value ? value : empty_str;
+ if (key != NULL) {
key = util_trim_space(key);
value = util_trim_space(value);
if ((size_t)(MAX_BUFFER_SIZE - 1) - strlen(key) < strlen(value)) {
@@ -291,15 +294,14 @@ static int check_env_need_append(const oci_runtime_spec *oci_spec, const char *e
{
size_t i = 0;
char *key = NULL;
- char *value = NULL;
char *saveptr = NULL;
for (i = 0; i < oci_spec->process->env_len; i++) {
char *tmp_env = NULL;
tmp_env = util_strdup_s(oci_spec->process->env[i]);
key = strtok_r(tmp_env, "=", &saveptr);
- value = strtok_r(NULL, "=", &saveptr);
- if (key == NULL || value == NULL) {
+ // value of an env varible is allowed to be empty
+ if (key == NULL) {
ERROR("Bad env format");
free(tmp_env);
tmp_env = NULL;
diff --git a/src/utils/cutils/utils_string.c b/src/utils/cutils/utils_string.c
index 64afb570..11a65f19 100644
--- a/src/utils/cutils/utils_string.c
+++ b/src/utils/cutils/utils_string.c
@@ -534,6 +534,9 @@ static char *util_left_trim_space(char *str)
{
char *begin = str;
char *tmp = str;
+ if (strlen(str) == 0) {
+ return str;
+ }
while (isspace(*begin)) {
begin++;
}
--
2.25.1

72
0079-Fix-Failed-to-execute-image-pull-on-name-tag-digest-.patch Normal file
View File

@ -0,0 +1,72 @@
From 1d90c5a855a267bb156d53b6a43bc451a993efd5 Mon Sep 17 00:00:00 2001
From: huj13k4n9 <huj13k4n9@qq.com>
Date: Mon, 29 Apr 2024 12:52:17 +0800
Subject: [PATCH 79/85] Fix 'Failed to execute image pull' on 'name:tag@digest'
type image name
---
src/daemon/modules/image/oci/utils_images.c | 6 ++++++
src/utils/cutils/utils_verify.c | 3 ++-
src/utils/cutils/utils_verify.h | 3 ++-
3 files changed, 10 insertions(+), 2 deletions(-)
diff --git a/src/daemon/modules/image/oci/utils_images.c b/src/daemon/modules/image/oci/utils_images.c
index d94388bd..b4e2a1a8 100644
--- a/src/daemon/modules/image/oci/utils_images.c
+++ b/src/daemon/modules/image/oci/utils_images.c
@@ -207,6 +207,7 @@ int oci_split_image_name(const char *image_name, char **host, char **name, char
char *tag_digest_pos = NULL;
char *name_pos = NULL;
char *tmp_image_name = NULL;
+ char *name_end_pos = NULL;
if (!util_valid_image_name(image_name)) {
ERROR("Invalid full image name %s", image_name);
@@ -234,6 +235,11 @@ int oci_split_image_name(const char *image_name, char **host, char **name, char
*name_pos = '\0';
name_pos++;
if (name != NULL) {
+ // Need to check if image name contains tag
+ name_end_pos = strchr(name_pos, ':');
+ if (name_end_pos != NULL) {
+ *name_end_pos = '\0';
+ }
*name = util_strdup_s(name_pos);
}
if (host != NULL) {
diff --git a/src/utils/cutils/utils_verify.c b/src/utils/cutils/utils_verify.c
index cd636fff..474e28f0 100644
--- a/src/utils/cutils/utils_verify.c
+++ b/src/utils/cutils/utils_verify.c
@@ -319,6 +319,7 @@ bool util_valid_image_name(const char *name)
}
}
+ // In name check phase, image name with both tag and digest is also allowed
if (util_reg_match(__NamePattern, copy)) {
goto cleanup;
}
@@ -767,4 +768,4 @@ bool util_valid_search_name(const char *name)
return true;
}
-#endif
\ No newline at end of file
+#endif
diff --git a/src/utils/cutils/utils_verify.h b/src/utils/cutils/utils_verify.h
index bafd2a82..fc59f6c0 100644
--- a/src/utils/cutils/utils_verify.h
+++ b/src/utils/cutils/utils_verify.h
@@ -32,7 +32,8 @@ extern "C" {
#define __NamePattern \
"^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])" \
"((\\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+)?(:[0-9]+)?/)?[a-z0-9]" \
- "+((([._]|__|[-]*)[a-z0-9]+)+)?((/[a-z0-9]+((([._]|__|[-]*)[a-z0-9]+)+)?)+)?$"
+ "+((([._]|__|[-]*)[a-z0-9]+)+)?((/[a-z0-9]+((([._]|__|[-]*)[a-z0-9]+)+)?)+)?" \
+ "(:([A-Za-z_0-9][A-Za-z_0-9.-]{0,127}))?$"
#define __DIGESTPattern "@[a-z0-9]+:[a-z0-9]{32,}"
--
2.34.1

148
0080-bugfix-for-hostname-env-set-only-once.patch Normal file
View File

@ -0,0 +1,148 @@
From 8ff32819d84f59085c4c541b00f9671db55d0fd1 Mon Sep 17 00:00:00 2001
From: jikai <jikai11@huawei.com>
Date: Mon, 29 Apr 2024 09:14:53 +0800
Subject: [PATCH 80/85] bugfix for hostname env: set only once
Signed-off-by: jikai <jikai11@huawei.com>
---
src/daemon/modules/spec/specs.c | 11 +++++-
src/daemon/modules/spec/specs_extend.c | 52 +++++++++++++++++---------
src/daemon/modules/spec/specs_extend.h | 2 +
3 files changed, 46 insertions(+), 19 deletions(-)
diff --git a/src/daemon/modules/spec/specs.c b/src/daemon/modules/spec/specs.c
index 77ca70f9..65a860d4 100644
--- a/src/daemon/modules/spec/specs.c
+++ b/src/daemon/modules/spec/specs.c
@@ -1863,14 +1863,21 @@ static int merge_process_conf(oci_runtime_spec *oci_spec, const host_config *hos
goto out;
}
- /* environment variables */
+ /* 1. merge env from container_spec: --env or --env-file */
ret = merge_env(oci_spec, (const char **)container_spec->env, container_spec->env_len);
if (ret != 0) {
ERROR("Failed to merge environment variables");
goto out;
}
- /* env target file */
+ /* 2. merge default env hostname, only if hostname not set before */
+ ret = merge_hostname_env(oci_spec);
+ if (ret != 0) {
+ ERROR("Failed to merge hostname env");
+ goto out;
+ }
+
+ /* 3. persist env from --env-target-file, only if the env not set before, system container only */
ret = merge_env_target_file(oci_spec, host_spec->env_target_file);
if (ret != 0) {
ERROR("Failed to merge env target file");
diff --git a/src/daemon/modules/spec/specs_extend.c b/src/daemon/modules/spec/specs_extend.c
index 8cad2cbe..4c154281 100644
--- a/src/daemon/modules/spec/specs_extend.c
+++ b/src/daemon/modules/spec/specs_extend.c
@@ -420,34 +420,23 @@ out:
int merge_env(oci_runtime_spec *oci_spec, const char **env, size_t env_len)
{
int ret = 0;
- int nret = 0;
size_t new_size = 0;
size_t old_size = 0;
size_t i;
char **temp = NULL;
- // 10 is lenght of "HOSTNAME=" and '\0'
- char host_name_env[MAX_HOST_NAME_LEN + 10] = { 0 };
-
- nret = snprintf(host_name_env, sizeof(host_name_env), "HOSTNAME=%s", oci_spec->hostname);
- if (nret < 0 || (size_t)nret >= sizeof(host_name_env)) {
- ret = -1;
- ERROR("Sprint failed");
- goto out;
- }
ret = make_sure_oci_spec_process(oci_spec);
if (ret < 0) {
goto out;
}
- if (env_len > LIST_ENV_SIZE_MAX - oci_spec->process->env_len - 1) {
+ if (env_len > LIST_ENV_SIZE_MAX - oci_spec->process->env_len) {
ERROR("The length of envionment variables is too long, the limit is %lld", LIST_ENV_SIZE_MAX);
isulad_set_error_message("The length of envionment variables is too long, the limit is %d", LIST_ENV_SIZE_MAX);
ret = -1;
goto out;
}
- // add 1 for hostname env
- new_size = (oci_spec->process->env_len + env_len + 1) * sizeof(char *);
+ new_size = (oci_spec->process->env_len + env_len) * sizeof(char *);
old_size = oci_spec->process->env_len * sizeof(char *);
ret = util_mem_realloc((void **)&temp, new_size, oci_spec->process->env, old_size);
if (ret != 0) {
@@ -458,10 +447,6 @@ int merge_env(oci_runtime_spec *oci_spec, const char **env, size_t env_len)
oci_spec->process->env = temp;
- // append hostname env into default oci spec env list
- oci_spec->process->env[oci_spec->process->env_len] = util_strdup_s(host_name_env);
- oci_spec->process->env_len++;
-
for (i = 0; i < env_len && env != NULL; i++) {
oci_spec->process->env[oci_spec->process->env_len] = util_strdup_s(env[i]);
oci_spec->process->env_len++;
@@ -470,6 +455,39 @@ out:
return ret;
}
+int merge_hostname_env(oci_runtime_spec *oci_spec)
+{
+ int nret = 0;
+ bool is_append = true;
+ // 10 is lenght of "HOSTNAME=" and '\0'
+ char host_name_env[MAX_HOST_NAME_LEN + 10] = { 0 };
+ const char *envs[1] = {host_name_env};
+
+ if (make_sure_oci_spec_process(oci_spec) < 0) {
+ return -1;
+ }
+
+ if (check_env_need_append(oci_spec, "HOSTNAME", &is_append) < 0) {
+ return -1;
+ }
+
+ if (!is_append) {
+ return 0;
+ }
+
+ nret = snprintf(host_name_env, sizeof(host_name_env), "HOSTNAME=%s", oci_spec->hostname);
+ if (nret < 0 || (size_t)nret >= sizeof(host_name_env)) {
+ ERROR("Sprint failed");
+ return -1;
+ }
+
+ if (merge_env(oci_spec, (const char **)envs, 1) < 0) {
+ return -1;
+ }
+
+ return 0;
+}
+
char *oci_container_get_env(const oci_runtime_spec *oci_spec, const char *key)
{
const defs_process *op = NULL;
diff --git a/src/daemon/modules/spec/specs_extend.h b/src/daemon/modules/spec/specs_extend.h
index d70f5bec..15ec6b2f 100644
--- a/src/daemon/modules/spec/specs_extend.h
+++ b/src/daemon/modules/spec/specs_extend.h
@@ -50,6 +50,8 @@ int make_userns_remap(oci_runtime_spec *container, const char *user_remap);
int merge_env(oci_runtime_spec *oci_spec, const char **env, size_t env_len);
+int merge_hostname_env(oci_runtime_spec *oci_spec);
+
int merge_env_target_file(oci_runtime_spec *oci_spec, const char *env_target_file);
char *oci_container_get_env(const oci_runtime_spec *oci_spec, const char *key);
--
2.34.1

86
0081-set-the-sandbox-status-to-not-ready-under-abnormal-c.patch Normal file
View File

@ -0,0 +1,86 @@
From 934d289aa535bbb87bfe484c4de34275b968fb87 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Wed, 8 May 2024 11:40:40 +0800
Subject: [PATCH 81/85] set the sandbox status to not ready under abnormal
circumstances
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
src/daemon/sandbox/sandbox.cc | 34 +++++++++++++++++++++++++---------
src/daemon/sandbox/sandbox.h | 1 +
2 files changed, 26 insertions(+), 9 deletions(-)
diff --git a/src/daemon/sandbox/sandbox.cc b/src/daemon/sandbox/sandbox.cc
index bae5b8db..279bf628 100644
--- a/src/daemon/sandbox/sandbox.cc
+++ b/src/daemon/sandbox/sandbox.cc
@@ -371,6 +371,8 @@ void Sandbox::DoUpdateStatus(std::unique_ptr<ControllerSandboxStatus> status, Er
m_state.exitedAt = status->exitedAt;
if (status->state == std::string(SANDBOX_READY_STATE_STR)) {
m_state.status = SANDBOX_STATUS_RUNNING;
+ } else {
+ m_state.status = SANDBOX_STATUS_STOPPED;
}
}
@@ -459,6 +461,24 @@ auto Sandbox::Save(Errors &error) -> bool
return true;
}
+bool Sandbox::DoStatusUpdateAndWaitInLoad(const std::string &sandboxID, Errors &error)
+{
+ if (!UpdateStatus(error)) {
+ ERROR("Failed to update status of Sandbox, id='%s'", sandboxID.c_str());
+ return false;
+ }
+
+ // Regardless of whether the sandbox is ready,
+ // Wait() is required to call to monitor whether the kuasar sandbox is ready or exits.
+ // TODO: distinguish the meaning of Wait() return value in different states of sandbox
+ if (!m_controller->Wait(shared_from_this(), sandboxID, error)) {
+ ERROR("Failed to restore wait callback");
+ return false;
+ }
+
+ return true;
+}
+
auto Sandbox::Load(Errors &error) -> bool
{
if (!LoadState(error)) {
@@ -478,15 +498,11 @@ auto Sandbox::Load(Errors &error) -> bool
LoadNetworkSetting();
- if (!UpdateStatus(error)) {
- ERROR("Failed to update status of Sandbox, id='%s'", m_id.c_str());
- return false;
- }
-
- // TODO: distinguish the meaning of Wait() return value in different states of sandbox
- if (!m_controller->Wait(shared_from_this(), m_id, error)) {
- ERROR("Failed to restore wait callback");
- return false;
+ // When the sandbox status acquisition fails or wait fails, the sandbox status is set to not ready,
+ // and the user decides whether to delete the sandbox.
+ if (!DoStatusUpdateAndWaitInLoad(m_id, error)) {
+ WriteGuard<RWMutex> lock(m_stateMutex);
+ m_state.status = SANDBOX_STATUS_STOPPED;
}
return true;
diff --git a/src/daemon/sandbox/sandbox.h b/src/daemon/sandbox/sandbox.h
index 20a8e338..42fbee2a 100644
--- a/src/daemon/sandbox/sandbox.h
+++ b/src/daemon/sandbox/sandbox.h
@@ -156,6 +156,7 @@ private:
auto SetupSandboxFiles(Errors &error) -> bool;
void DoUpdateStatus(std::unique_ptr<ControllerSandboxStatus> status, Errors &error);
void DoUpdateExitedStatus(const ControllerExitInfo &exitInfo);
+ bool DoStatusUpdateAndWaitInLoad(const std::string &sandboxID, Errors &error);
auto GetMetadataJsonPath() -> std::string;
auto GetStatePath() -> std::string;
--
2.34.1

60
0082-fix-shim-controller-set-incorrect-sandbox-status-sta.patch Normal file
View File

@ -0,0 +1,60 @@
From 1d51e3e9f14199854cc2d586651c5809345aee18 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Wed, 8 May 2024 14:48:47 +0800
Subject: [PATCH 82/85] fix shim controller set incorrect sandbox status state
Signed-off-by: jikai <jikai11@huawei.com>
---
src/daemon/sandbox/controller/controller.h | 3 +++
src/daemon/sandbox/controller/shim/shim_controller.cc | 6 ++++--
src/daemon/sandbox/sandbox.cc | 3 ---
3 files changed, 7 insertions(+), 5 deletions(-)
diff --git a/src/daemon/sandbox/controller/controller.h b/src/daemon/sandbox/controller/controller.h
index f479a0ac..9ad45855 100644
--- a/src/daemon/sandbox/controller/controller.h
+++ b/src/daemon/sandbox/controller/controller.h
@@ -27,6 +27,9 @@
namespace sandbox {
+#define SANDBOX_READY_STATE_STR "SANDBOX_READY"
+#define SANDBOX_NOTREADY_STATE_STR "SANDBOX_NOTREADY"
+
struct ControllerMountInfo {
std::string source;
std::string destination;
diff --git a/src/daemon/sandbox/controller/shim/shim_controller.cc b/src/daemon/sandbox/controller/shim/shim_controller.cc
index 4da637c7..ce09c076 100644
--- a/src/daemon/sandbox/controller/shim/shim_controller.cc
+++ b/src/daemon/sandbox/controller/shim/shim_controller.cc
@@ -446,8 +446,10 @@ void ShimController::InspectResponseToSandboxStatus(container_inspect *inspect,
sandboxStatus.id = inspect->id;
if (inspect->state != nullptr) {
sandboxStatus.pid = inspect->state->pid;
- if (inspect->state->status != nullptr) {
- sandboxStatus.state = std::string(inspect->state->status);
+ if (inspect->state->running) {
+ sandboxStatus.state = std::string(SANDBOX_READY_STATE_STR);
+ } else {
+ sandboxStatus.state = std::string(SANDBOX_NOTREADY_STATE_STR);
}
}
diff --git a/src/daemon/sandbox/sandbox.cc b/src/daemon/sandbox/sandbox.cc
index 279bf628..d44abb99 100644
--- a/src/daemon/sandbox/sandbox.cc
+++ b/src/daemon/sandbox/sandbox.cc
@@ -39,9 +39,6 @@
#include "utils_timestamp.h"
#include "mailbox.h"
-#define SANDBOX_READY_STATE_STR "SANDBOX_READY"
-#define SANDBOX_NOTREADY_STATE_STR "SANDBOX_NOTREADY"
-
namespace sandbox {
const std::string SHM_MOUNT_POINT = "/dev/shm";
--
2.34.1

158
0083-fix-bug-for-invalid-env-write.patch Normal file
View File

@ -0,0 +1,158 @@
From fb48f036fece9d64c4cfc19c52091afad5f42fd9 Mon Sep 17 00:00:00 2001
From: jikai <jikai11@huawei.com>
Date: Sat, 11 May 2024 03:46:02 +0000
Subject: [PATCH 83/85] fix bug for invalid env write
Signed-off-by: jikai <jikai11@huawei.com>
---
src/daemon/modules/spec/specs_extend.c | 57 +++++++++-----------------
src/utils/cutils/utils_verify.c | 25 +++++++++++
src/utils/cutils/utils_verify.h | 2 +
3 files changed, 46 insertions(+), 38 deletions(-)
diff --git a/src/daemon/modules/spec/specs_extend.c b/src/daemon/modules/spec/specs_extend.c
index 4c154281..f4208405 100644
--- a/src/daemon/modules/spec/specs_extend.c
+++ b/src/daemon/modules/spec/specs_extend.c
@@ -190,41 +190,33 @@ int make_userns_remap(oci_runtime_spec *container, const char *user_remap)
static int generate_env_map_from_file(FILE *fp, json_map_string_string *env_map)
{
int ret = 0;
- char *key = NULL;
- char *value = NULL;
- char *pline = NULL;
+ __isula_auto_free char *pline = NULL;
size_t length = 0;
- char *saveptr = NULL;
- char empty_str[1] = {'\0'};
while (getline(&pline, &length, fp) != -1) {
+ __isula_auto_free char *key = NULL;
+ __isula_auto_free char *value = NULL;
util_trim_newline(pline);
pline = util_trim_space(pline);
if (pline == NULL || pline[0] == '#') {
continue;
}
- key = strtok_r(pline, "=", &saveptr);
- value = strtok_r(NULL, "=", &saveptr);
- // value of an env varible is allowed to be empty
- value = value ? value : empty_str;
- if (key != NULL) {
- key = util_trim_space(key);
- value = util_trim_space(value);
- if ((size_t)(MAX_BUFFER_SIZE - 1) - strlen(key) < strlen(value)) {
- ERROR("env length exceed %d bytes", MAX_BUFFER_SIZE);
- ret = -1;
- goto out;
- }
- ret = append_json_map_string_string(env_map, key, value);
- if (ret < 0) {
- ERROR("append env to map failed");
- goto out;
- }
+ if (util_valid_split_env(pline, &key, &value) < 0) {
+ // ignore invalid env
+ continue;
+ }
+ if ((size_t)(MAX_BUFFER_SIZE - 1) - strlen(key) < strlen(value)) {
+ ERROR("env length exceed %d bytes", MAX_BUFFER_SIZE);
+ return -1;
+ }
+ ret = append_json_map_string_string(env_map, key, value);
+ if (ret < 0) {
+ ERROR("append env to map failed");
+ return -1;
}
}
-out:
- free(pline);
- return ret;
+
+ return 0;
}
static json_map_string_string *parse_env_target_file(const char *env_path)
@@ -293,28 +285,17 @@ static int do_append_env(char ***env, size_t *env_len, const char *key, const ch
static int check_env_need_append(const oci_runtime_spec *oci_spec, const char *env_key, bool *is_append)
{
size_t i = 0;
- char *key = NULL;
- char *saveptr = NULL;
for (i = 0; i < oci_spec->process->env_len; i++) {
- char *tmp_env = NULL;
- tmp_env = util_strdup_s(oci_spec->process->env[i]);
- key = strtok_r(tmp_env, "=", &saveptr);
- // value of an env varible is allowed to be empty
- if (key == NULL) {
+ __isula_auto_free char *key = NULL;
+ if (util_valid_split_env(oci_spec->process->env[i], &key, NULL) < 0) {
ERROR("Bad env format");
- free(tmp_env);
- tmp_env = NULL;
return -1;
}
if (strcmp(key, env_key) == 0) {
*is_append = false;
- free(tmp_env);
- tmp_env = NULL;
return 0;
}
- free(tmp_env);
- tmp_env = NULL;
}
return 0;
}
diff --git a/src/utils/cutils/utils_verify.c b/src/utils/cutils/utils_verify.c
index 474e28f0..6f1da12c 100644
--- a/src/utils/cutils/utils_verify.c
+++ b/src/utils/cutils/utils_verify.c
@@ -651,6 +651,31 @@ bool util_valid_device_cgroup_rule(const char *value)
return util_reg_match(patten, value) == 0;
}
+int util_valid_split_env(const char *env, char **key, char **value)
+{
+ __isula_auto_array_t char **arr = NULL;
+
+ arr = util_string_split_n(env, '=', 2);
+ if (arr == NULL) {
+ ERROR("Failed to split env string");
+ return -1;
+ }
+
+ if (strlen(arr[0]) == 0) {
+ ERROR("Invalid environment variable: %s", env);
+ return -1;
+ }
+
+ if (key != NULL) {
+ *key = util_strdup_s(arr[0]);
+ }
+ if (value != NULL) {
+ *value = util_strdup_s(util_array_len((const char **)arr) > 1 ? arr[1] : "");
+ }
+
+ return 0;
+}
+
int util_valid_env(const char *env, char **dst)
{
int ret = 0;
diff --git a/src/utils/cutils/utils_verify.h b/src/utils/cutils/utils_verify.h
index fc59f6c0..58b22b85 100644
--- a/src/utils/cutils/utils_verify.h
+++ b/src/utils/cutils/utils_verify.h
@@ -119,6 +119,8 @@ bool util_valid_positive_interger(const char *value);
bool util_valid_device_cgroup_rule(const char *value);
+int util_valid_split_env(const char *env, char **key, char **value);
+
int util_valid_env(const char *env, char **dst);
bool util_valid_sysctl(const char *sysctl_key);
--
2.34.1

26
0084-trim-key-value-for-env.patch Normal file
View File

@ -0,0 +1,26 @@
From de9ed770a254c8f67ac228f56fe461e1c834609c Mon Sep 17 00:00:00 2001
From: jikai <jikai11@huawei.com>
Date: Sat, 11 May 2024 07:51:35 +0000
Subject: [PATCH 84/85] trim key/value for env
Signed-off-by: jikai <jikai11@huawei.com>
---
src/daemon/modules/spec/specs_extend.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/daemon/modules/spec/specs_extend.c b/src/daemon/modules/spec/specs_extend.c
index f4208405..926aaf3c 100644
--- a/src/daemon/modules/spec/specs_extend.c
+++ b/src/daemon/modules/spec/specs_extend.c
@@ -205,6 +205,8 @@ static int generate_env_map_from_file(FILE *fp, json_map_string_string *env_map)
// ignore invalid env
continue;
}
+ key = util_trim_space(key);
+ value = util_trim_space(value);
if ((size_t)(MAX_BUFFER_SIZE - 1) - strlen(key) < strlen(value)) {
ERROR("env length exceed %d bytes", MAX_BUFFER_SIZE);
return -1;
--
2.34.1

135
0085-cdi-allow-env-variable-has-an-empty-value.patch Normal file
View File

@ -0,0 +1,135 @@
From 9208d73274da0bd18c0d77cdf59ead3dc8e06021 Mon Sep 17 00:00:00 2001
From: liuxu <liuxu156@huawei.com>
Date: Fri, 10 May 2024 18:12:49 +0800
Subject: [PATCH 85/85] cdi:allow env variable has an empty value
Signed-off-by: liuxu <liuxu156@huawei.com>
---
src/daemon/modules/spec/specs.c | 28 ++++++----------------------
test/specs/specs/specs_ut.cc | 16 ++++++++--------
2 files changed, 14 insertions(+), 30 deletions(-)
diff --git a/src/daemon/modules/spec/specs.c b/src/daemon/modules/spec/specs.c
index 65a860d4..e779c22e 100644
--- a/src/daemon/modules/spec/specs.c
+++ b/src/daemon/modules/spec/specs.c
@@ -2607,17 +2607,11 @@ int spec_module_init(void)
static int add_env(defs_process *dp, const char *env, const char *key)
{
size_t i;
- char *oci_key = NULL;
- char *oci_value = NULL;
- char *saveptr = NULL;
- __isula_auto_free char *tmp_env = NULL;
for (i = 0; i < dp->env_len; i++) {
- tmp_env = util_strdup_s(dp->env[i]);
- oci_key = strtok_r(tmp_env, "=", &saveptr);
- oci_value = strtok_r(NULL, "=", &saveptr);
- if (oci_key == NULL || oci_value == NULL) {
- ERROR("Bad env format");
+ __isula_auto_free char *oci_key = NULL;
+ if (util_valid_split_env(dp->env[i], &oci_key, NULL) < 0) {
+ ERROR("Bad env format, %s", dp->env[i]);
return -1;
}
if (strcmp(key, oci_key) == 0) {
@@ -2625,8 +2619,6 @@ static int add_env(defs_process *dp, const char *env, const char *key)
dp->env[i] = util_strdup_s(env);
return 0;
}
- free(tmp_env);
- tmp_env = NULL;
}
if (util_mem_realloc((void **)&dp->env, (dp->env_len + 1) * sizeof(char *),
(void *)dp->env, dp->env_len * sizeof(char *)) != 0) {
@@ -2641,10 +2633,6 @@ static int add_env(defs_process *dp, const char *env, const char *key)
int defs_process_add_multiple_env(defs_process *dp, const char **envs, size_t env_len)
{
size_t i;
- char *key = NULL;
- char *value = NULL;
- char *saveptr = NULL;
- __isula_auto_free char *tmp_env = NULL;
if (envs == NULL || env_len == 0) {
DEBUG("empty envs");
@@ -2656,18 +2644,14 @@ int defs_process_add_multiple_env(defs_process *dp, const char **envs, size_t en
}
for (i = 0; i < env_len; i++) {
- tmp_env = util_strdup_s(envs[i]);
- key = strtok_r(tmp_env, "=", &saveptr);
- value = strtok_r(NULL, "=", &saveptr);
- if (key == NULL || value == NULL) {
- ERROR("Bad env format: %s", tmp_env);
+ __isula_auto_free char *key = NULL;
+ if (util_valid_split_env(envs[i], &key, NULL) < 0) {
+ ERROR("Bad env format: %s", envs[i]);
return -1;
}
if (add_env(dp, envs[i], key) != 0) {
return -1;
}
- free(tmp_env);
- tmp_env = NULL;
}
return 0;
diff --git a/test/specs/specs/specs_ut.cc b/test/specs/specs/specs_ut.cc
index 47836e5b..3f108f0f 100644
--- a/test/specs/specs/specs_ut.cc
+++ b/test/specs/specs/specs_ut.cc
@@ -593,20 +593,20 @@ TEST_F(SpecsUnitTest, test_defs_process_add_multiple_env)
ASSERT_EQ(defs_process_add_multiple_env(dp, (const char **)envs, env_len), -1);
free(envs[0]);
envs[0] = util_strdup_s("key0=");
- ASSERT_EQ(defs_process_add_multiple_env(dp, (const char **)envs, env_len), -1);
+ ASSERT_EQ(defs_process_add_multiple_env(dp, (const char **)envs, env_len), 0);
free(envs[0]);
envs[0] = util_strdup_s("key0xxxx");
- ASSERT_EQ(defs_process_add_multiple_env(dp, (const char **)envs, env_len), -1);
+ ASSERT_EQ(defs_process_add_multiple_env(dp, (const char **)envs, env_len), 0);
free(dp->env[0]);
dp->env[0] = util_strdup_s("=value0");
ASSERT_EQ(defs_process_add_multiple_env(dp, (const char **)envs, env_len), -1);
free(dp->env[0]);
dp->env[0] = util_strdup_s("key0=");
- ASSERT_EQ(defs_process_add_multiple_env(dp, (const char **)envs, env_len), -1);
+ ASSERT_EQ(defs_process_add_multiple_env(dp, (const char **)envs, env_len), 0);
free(dp->env[0]);
dp->env[0] = util_strdup_s("key0xxxx");
- ASSERT_EQ(defs_process_add_multiple_env(dp, (const char **)envs, env_len), -1);
+ ASSERT_EQ(defs_process_add_multiple_env(dp, (const char **)envs, env_len), 0);
free_defs_process(dp);
free(envs[0]);
@@ -644,20 +644,20 @@ TEST_F(SpecsUnitTest, test_spec_add_multiple_process_env)
ASSERT_EQ(spec_add_multiple_process_env(oci_spec, (const char **)envs, env_len), -1);
free(envs[0]);
envs[0] = util_strdup_s("key0=");
- ASSERT_EQ(spec_add_multiple_process_env(oci_spec, (const char **)envs, env_len), -1);
+ ASSERT_EQ(spec_add_multiple_process_env(oci_spec, (const char **)envs, env_len), 0);
free(envs[0]);
envs[0] = util_strdup_s("key0xxxx");
- ASSERT_EQ(spec_add_multiple_process_env(oci_spec, (const char **)envs, env_len), -1);
+ ASSERT_EQ(spec_add_multiple_process_env(oci_spec, (const char **)envs, env_len), 0);
free(oci_spec->process->env[0]);
oci_spec->process->env[0] = util_strdup_s("=value0");
ASSERT_EQ(spec_add_multiple_process_env(oci_spec, (const char **)envs, env_len), -1);
free(oci_spec->process->env[0]);
oci_spec->process->env[0] = util_strdup_s("key0=");
- ASSERT_EQ(spec_add_multiple_process_env(oci_spec, (const char **)envs, env_len), -1);
+ ASSERT_EQ(spec_add_multiple_process_env(oci_spec, (const char **)envs, env_len), 0);
free(oci_spec->process->env[0]);
oci_spec->process->env[0] = util_strdup_s("key0xxxx");
- ASSERT_EQ(spec_add_multiple_process_env(oci_spec, (const char **)envs, env_len), -1);
+ ASSERT_EQ(spec_add_multiple_process_env(oci_spec, (const char **)envs, env_len), 0);
free_oci_runtime_spec(oci_spec);
free(envs[0]);
--
2.34.1

359
0086-cdi-test-case-and-gateway.patch Normal file
View File

@ -0,0 +1,359 @@
From 3fb6de60ecf10278a676a41f8d0c334d1f90d303 Mon Sep 17 00:00:00 2001
From: liuxu <liuxu156@huawei.com>
Date: Wed, 17 Apr 2024 18:02:48 +0800
Subject: [PATCH 086/108] cdi:test case and gateway
Signed-off-by: liuxu <liuxu156@huawei.com>
---
CI/make-and-install.sh | 2 +-
CI/test_cases/container_cases/cdi_test.sh | 205 ++++++++++++++++++
.../criconfigs/container-config-cdi.json | 50 +++++
.../test_data/cdi_devices.json | 53 +++++
4 files changed, 309 insertions(+), 1 deletion(-)
create mode 100755 CI/test_cases/container_cases/cdi_test.sh
create mode 100644 CI/test_cases/container_cases/criconfigs/container-config-cdi.json
create mode 100644 CI/test_cases/container_cases/test_data/cdi_devices.json
diff --git a/CI/make-and-install.sh b/CI/make-and-install.sh
index 9d4c5533..61281965 100755
--- a/CI/make-and-install.sh
+++ b/CI/make-and-install.sh
@@ -105,7 +105,7 @@ cd build
if [[ ${enable_gcov} -ne 0 ]]; then
cmake -DLIB_INSTALL_DIR=${builddir}/lib -DCMAKE_INSTALL_PREFIX=${builddir} -DCMAKE_INSTALL_SYSCONFDIR=${builddir}/etc -DCMAKE_BUILD_TYPE=Debug -DGCOV=ON -DENABLE_EMBEDDED=ON -DENABLE_COVERAGE=ON -DENABLE_CRI_API_V1=ON -DENABLE_CDI=ON -DENABLE_UT=ON -DENABLE_METRICS=ON -DENABLE_REMOTE_LAYER_STORE=ON -DENABLE_GRPC_REMOTE_CONNECT=ON ..
else
- cmake -DLIB_INSTALL_DIR=${builddir}/lib -DCMAKE_INSTALL_PREFIX=${builddir} -DCMAKE_INSTALL_SYSCONFDIR=${builddir}/etc -DENABLE_EMBEDDED=ON -DENABLE_METRICS=ON -DENABLE_REMOTE_LAYER_STORE=ON -DENABLE_CRI_API_V1=ON -DENABLE_GRPC_REMOTE_CONNECT=ON ..
+ cmake -DLIB_INSTALL_DIR=${builddir}/lib -DCMAKE_INSTALL_PREFIX=${builddir} -DCMAKE_INSTALL_SYSCONFDIR=${builddir}/etc -DENABLE_EMBEDDED=ON -DENABLE_METRICS=ON -DENABLE_REMOTE_LAYER_STORE=ON -DENABLE_CRI_API_V1=ON -DENABLE_CDI=ON -DENABLE_GRPC_REMOTE_CONNECT=ON ..
fi
make -j $(nproc)
make install
diff --git a/CI/test_cases/container_cases/cdi_test.sh b/CI/test_cases/container_cases/cdi_test.sh
new file mode 100755
index 00000000..dd7b1177
--- /dev/null
+++ b/CI/test_cases/container_cases/cdi_test.sh
@@ -0,0 +1,205 @@
+#!/bin/bash
+#
+# attributes: isulad cdi
+# concurrent: NA
+# spend time: 41
+
+#######################################################################
+##- Copyright (c) Huawei Technologies Co., Ltd. 2024. All rights reserved.
+# - iSulad licensed under the Mulan PSL v2.
+# - You can use this software according to the terms and conditions of the Mulan PSL v2.
+# - You may obtain a copy of Mulan PSL v2 at:
+# - http://license.coscl.org.cn/MulanPSL2
+# - THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+# - IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+# - PURPOSE.
+# - See the Mulan PSL v2 for more details.
+##- @Description:CI
+##- @Author: liuxu
+##- @Create: 2024-04-16
+#######################################################################
+
+source ../helpers.sh
+curr_path=$(dirname $(readlink -f "$0"))
+data_path=$(realpath $curr_path/criconfigs)
+pause_img_path=$(realpath $curr_path/test_data)
+cdi_static_dir="/etc/cdi"
+
+function do_pre()
+{
+ cp /etc/isulad/daemon.json /etc/isulad/daemon.bak
+ sed -i "s#\"pod-sandbox-image\": \"\"#\"pod-sandbox-image\": \"mirrorgooglecontainers/pause-amd64:3.0\"#g" /etc/isulad/daemon.json
+ sed -i "/\"cni-conf-dir\": \".*\"/a\ \ \ \ \"enable-cri-v1\": true," /etc/isulad/daemon.json
+ sed -i "/\"cni-conf-dir\": \".*\"/a\ \ \ \ \"enable-cdi\": true," /etc/isulad/daemon.json
+
+ check_valgrind_log
+ start_isulad_without_valgrind
+
+ isula load -i ${pause_img_path}/pause.tar
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to load pause" && return ${FAILURE}
+
+ isula pull busybox
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to pull busybox" && return ${FAILURE}
+
+ crictl images | grep "mirrorgooglecontainers/pause-amd64"
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - Failed to find mirrorgooglecontainers/pause-amd64 image" && return ${FAILURE}
+
+ return 0
+}
+
+function do_post()
+{
+ cp -f /etc/isulad/daemon.bak /etc/isulad/daemon.json
+ check_valgrind_log
+ start_isulad_without_valgrind
+}
+
+function verify_injected_vendor0() {
+ # check env
+ output=$(crictl exec --sync "$1" sh -c 'echo $VENDOR0')
+ [[ "$output" != "injected" ]] && msg_err "${FUNCNAME[0]}:${LINENO} - env check failed" && return ${FAILURE}
+
+ # check hooks
+ cat /tmp/cdi_hook_test.log | grep "prestart"
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - hook check failed" && return ${FAILURE}
+
+ # check mounts
+ output=$(crictl exec --sync "$1" sh -c 'stat -c %a /tmp/cdi_mounts_test')
+ [[ "$output" != "755" ]] && msg_err "${FUNCNAME[0]}:${LINENO} - mount check failed" && return ${FAILURE}
+
+ return 0
+}
+
+function verify_injected_loop8() {
+ # check env
+ output=$(crictl exec --sync "$1" sh -c 'echo $LOOP8')
+ [[ "$output" != "CDI8" ]] && msg_err "${FUNCNAME[0]}:${LINENO} - env check failed" && return ${FAILURE}
+
+ # check device nodes
+ output=$(crictl exec --sync "$1" sh -c 'stat -c %a /dev/loop8')
+ [[ "$output" != "640" ]] && msg_err "${FUNCNAME[0]}:${LINENO} - device nodes check failed" && return ${FAILURE}
+ output=$(crictl exec --sync "$1" sh -c 'stat -c %t.%T /dev/loop8')
+ [[ "$output" != "7.8" ]] && msg_err "${FUNCNAME[0]}:${LINENO} - device nodes check failed" && return ${FAILURE}
+ output=$(crictl exec --sync "$1" sh -c 'stat -c %t.%T /dev/loop8c')
+ [[ "$output" != "7.b" ]] && msg_err "${FUNCNAME[0]}:${LINENO} - device nodes check failed" && return ${FAILURE}
+
+ # check mounts
+ output=$(crictl exec --sync "$1" sh -c 'stat -c %a /tmp/cdi_mounts_test_loop8')
+ [[ "$output" != "755" ]] && msg_err "${FUNCNAME[0]}:${LINENO} - mount check failed" && return ${FAILURE}
+
+ return 0
+}
+
+function verify_injected_loop9() {
+ # check env
+ output=$(crictl exec --sync "$1" sh -c 'echo $LOOP9')
+ [[ "$output" != "present" ]] && msg_err "${FUNCNAME[0]}:${LINENO} - env check failed" && return ${FAILURE}
+
+ # check device nodes
+ output=$(crictl exec --sync "$1" sh -c 'stat -c %a /dev/loop9')
+ [[ "$output" != "644" ]] && msg_err "${FUNCNAME[0]}:${LINENO} - device nodes check failed" && return ${FAILURE}
+ output=$(crictl exec --sync "$1" sh -c 'stat -c %t.%T /dev/loop9')
+ [[ "$output" != "7.9" ]] && msg_err "${FUNCNAME[0]}:${LINENO} - device nodes check failed" && return ${FAILURE}
+
+ return 0
+}
+
+function check_full_cdi()
+{
+ verify_injected_vendor0 $1
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - verify_injected_vendor0 failed" && return ${FAILURE}
+
+ verify_injected_loop8 $1
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - verify_injected_loop8 failed" && return ${FAILURE}
+
+ verify_injected_loop9 $1
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - verify_injected_loop9 failed" && return ${FAILURE}
+
+ return 0
+}
+
+function do_test_help()
+{
+ msg_info "cdi test starting..."
+
+ isula rm -f `isula ps -a -q`
+
+ sid=`crictl runp ${data_path}/$1`
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - Failed to run sandbox" && return ${FAILURE}
+
+ cid=`crictl create $sid ${data_path}/$2 ${data_path}/$1`
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - create container failed" && return ${FAILURE}
+
+ crictl start $cid
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - start container failed" && return ${FAILURE}
+
+ crictl stats
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - stats container failed" && return ${FAILURE}
+
+ check_full_cdi $cid
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - check cdi failed" && return ${FAILURE}
+
+ crictl stop $cid
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - stop container failed" && return ${FAILURE}
+
+ crictl rm $cid
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - rm container failed" && return ${FAILURE}
+
+ crictl stopp $sid
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - stop sandbox failed" && return ${FAILURE}
+
+ crictl rmp $sid
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - rm sandbox failed" && return ${FAILURE}
+
+ return 0
+}
+
+function do_test_full_cdi()
+{
+ if [ ! -d "$cdi_static_dir" ]; then
+ mkdir -p "$cdi_static_dir"
+ fi
+ cp -f ${pause_img_path}/cdi_devices.json ${cdi_static_dir}/cdi_devices.json
+
+ mkdir -p /tmp/cdi_mounts_test
+ cat > /tmp/cdi_mounts_test_loop8 << EOF
+origin data
+EOF
+ chmod 755 /tmp/cdi_mounts_test_loop8
+ mkdir -p /tmp/cdi_mounts_test_loop9
+
+ mknod /dev/loop8 b 7 8
+ mknod /dev/loop9 b 7 9
+ mknod /dev/loop8c c 7 11
+
+ cat > /tmp/cdi_printargs.sh << EOF
+#!/bin/bash
+echo "\$(date +'%Y-%m-%d %H:%M:%S') Input parameter: \$1 \$2" >> /tmp/cdi_hook_test.log
+EOF
+ chmod 755 /tmp/cdi_printargs.sh
+
+ do_test_help "sandbox-config.json" "container-config-cdi.json" || ((ans++))
+
+ rm -f /tmp/cdi_printargs.sh
+ rm -f /tmp/cdi_hook_test.log
+ rm -f /dev/loop8
+ rm -f /dev/loop9
+ rm -f /dev/loop8c
+
+ rm -f ${cdi_static_dir}/cdi_devices.json
+ rm -f /tmp/cdi_printargs
+ rmdir /tmp/cdi_mounts_test
+ rm -f /tmp/cdi_mounts_test_loop8
+ rmdir /tmp/cdi_mounts_test_loop9
+ rm -f /tmp/cdi_printargs.sh
+
+ return 0
+}
+
+declare -i ans=0
+
+do_pre || ((ans++))
+do_test_full_cdi || ((ans++))
+do_post
+
+show_result ${ans} "${curr_path}/${0}"
diff --git a/CI/test_cases/container_cases/criconfigs/container-config-cdi.json b/CI/test_cases/container_cases/criconfigs/container-config-cdi.json
new file mode 100644
index 00000000..b9805c8a
--- /dev/null
+++ b/CI/test_cases/container_cases/criconfigs/container-config-cdi.json
@@ -0,0 +1,50 @@
+{
+ "metadata": {
+ "name": "haozi"
+ },
+ "image":{
+ "image": "busybox:latest"
+ },
+ "command": [
+ "/bin/sh",
+ "-c",
+ "i=0; while true; do echo \"$i: $(date)\"; i=$((i+1)); sleep 10; done"
+ ],
+ "labels": {
+ "filter_label_key": "filter_label_val"
+ },
+ "annotations": {
+ "extension.network.kubernetes.io/cni/instancename": "pod_instance_name",
+ "cdi.k8s.io/test": "vendor0.com/device=loop8,vendor0.com/device=loop9"
+ },
+ "CDI_Devices":[
+ { "Name": "vendor0.com/device=loop8" },
+ { "Name": "vendor0.com/device=loop9" }
+ ],
+ "mounts" : [
+ {
+ "container_path": "/tmp/contpath",
+ "host_path": "/tmp/hostpath",
+ "readonly": true,
+ "selinux_relabel": true,
+ "propagation": 0
+ },
+ {
+ "container_path": "/tmp/contpath2",
+ "host_path": "/tmp/hostpath2",
+ "readonly": false,
+ "selinux_relabel": false,
+ "propagation": 0
+ }
+ ],
+ "linux": {
+ "security_context": {
+ "namespace_options": {
+ "host_network": true,
+ "host_pid": false,
+ "host_ipc": false
+ }
+ }
+ },
+ "log_path": "cri_test.log"
+}
diff --git a/CI/test_cases/container_cases/test_data/cdi_devices.json b/CI/test_cases/container_cases/test_data/cdi_devices.json
new file mode 100644
index 00000000..f7fe65d4
--- /dev/null
+++ b/CI/test_cases/container_cases/test_data/cdi_devices.json
@@ -0,0 +1,53 @@
+{
+ "cdiVersion": "0.6.0",
+ "kind": "vendor0.com/device",
+ "annotations":{
+ "cdi_annotation":"cdi_annotation_value"
+ },
+ "devices": [
+ {
+ "name": "loop8",
+ "annotations":{
+ "loop8_annotation":"loop8_annotation_value"
+ },
+ "containerEdits": {
+ "env": [
+ "LOOP8=CDI8",
+ "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/dev"
+ ],
+ "deviceNodes": [
+ {"path": "/dev/loop8", "type": "b", "fileMode": 416},
+ {"path": "/dev/loop8c", "type": "c"}
+ ],
+ "mounts": [
+ {"hostPath": "/tmp/cdi_mounts_test_loop8", "containerPath": "/tmp/cdi_mounts_test_loop8", "options": ["ro","nosuid","nodev","bind"]},
+ {"hostPath": "tmpfs", "containerPath": "/tmp/data", "type": "tmpfs", "options": ["nosuid","strictatime","mode=755","size=65536k"]}
+ ]
+ }
+ },{
+ "name": "loop9",
+ "containerEdits": {
+ "env":["LOOP9=present"],
+ "deviceNodes": [{
+ "path": "/dev/loop9", "type": "b", "major": 7, "minor": 9, "fileMode": 420
+ }
+ ]
+ }
+ }
+ ],
+ "containerEdits": {
+ "env": [
+ "VENDOR0=injected",
+ "BAR=BARVALUE1"
+ ],
+ "hooks": [
+ {"hookName": "prestart", "path": "/tmp/cdi_printargs.sh", "args":["prestart0", "prestart1"], "env":["prestartenv=value"]},
+ {"hookName": "prestart", "path": "/tmp/cdi_printargs.sh", "args":["prestart0", "prestart1"], "env":["prestartenv=value"]},
+ {"hookName": "poststart", "path": "/tmp/cdi_printargs.sh", "args":["poststart0", "poststart1"], "env":["poststartenv=value"]},
+ {"hookName": "poststop", "path": "/tmp/cdi_printargs.sh", "args":["poststop0", "poststop1"], "env":["poststopenv=value"]}
+ ],
+ "mounts": [
+ {"hostPath": "/tmp/cdi_mounts_test", "containerPath": "/tmp/cdi_mounts_test", "options": ["ro","nosuid","nodev","bind"]}
+ ]
+ }
+}
\ No newline at end of file
--
2.25.1

1690
0087-code-improve.patch Normal file
View File

File diff suppressed because it is too large Load Diff

29
0088-testcase-close-cdi-testcase.patch Normal file
View File

@ -0,0 +1,29 @@
From eba353bef72bf62cd47f1b03a9fbd4c621ad479e Mon Sep 17 00:00:00 2001
From: liuxu <liuxu156@huawei.com>
Date: Thu, 16 May 2024 18:00:01 +0800
Subject: [PATCH 088/108] testcase:close cdi testcase
Signed-off-by: liuxu <liuxu156@huawei.com>
---
CI/test_cases/container_cases/cdi_test.sh | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/CI/test_cases/container_cases/cdi_test.sh b/CI/test_cases/container_cases/cdi_test.sh
index dd7b1177..f9fd4567 100755
--- a/CI/test_cases/container_cases/cdi_test.sh
+++ b/CI/test_cases/container_cases/cdi_test.sh
@@ -198,8 +198,8 @@ EOF
declare -i ans=0
-do_pre || ((ans++))
-do_test_full_cdi || ((ans++))
-do_post
+# do_pre || ((ans++))
+# do_test_full_cdi || ((ans++))
+# do_post
show_result ${ans} "${curr_path}/${0}"
--
2.25.1

68
0089-docs-update-cni-doc.patch Normal file
View File

@ -0,0 +1,68 @@
From 7fc8578097b9f8254962dc4fb277492b3251e5cb Mon Sep 17 00:00:00 2001
From: liuxu <liuxu156@huawei.com>
Date: Thu, 16 May 2024 17:56:08 +0800
Subject: [PATCH 089/108] docs:update cni doc
Signed-off-by: liuxu <liuxu156@huawei.com>
---
README.md | 2 +-
README_zh.md | 2 +-
docs/design/README.md | 2 ++
docs/design/README_zh.md | 2 ++
4 files changed, 6 insertions(+), 2 deletions(-)
diff --git a/README.md b/README.md
index 694ddbc2..7ddc62ab 100644
--- a/README.md
+++ b/README.md
@@ -228,7 +228,7 @@ Using [ptcr](https://gitee.com/openeuler/ptcr) as a performance test tool , it s
The standard specification versions that `iSulad` is compatible with are as follows:
- Compatible with OCI 1.0.0.
-- Compatible with CNI 0.3.0 and above.
+- Compatible with CNI 0.3.0 - 1.0.0, iSulad supports CNI 1.0.0 from 2.1.4 version.
- Compatible with lcr 2.1.x and above.
## Kubernetes Support
diff --git a/README_zh.md b/README_zh.md
index 5db28f3a..45ac66ac 100755
--- a/README_zh.md
+++ b/README_zh.md
@@ -224,7 +224,7 @@ $ sudo isula rm test
`iSulad` 能够兼容的标准规范版本如下:
- 兼容 1.0.0 版本的OCI
-- 兼容 0.3.0 版本以上的CNI
+- 兼容 0.3.0-1.0.0 版本的CNIiSulad从2.1.4版本后支持 CNI 1.0.0版本
- 兼容 2.1.x 版本以上的lcr
## Kubernetes Support
diff --git a/docs/design/README.md b/docs/design/README.md
index d2a3702d..c171cb20 100644
--- a/docs/design/README.md
+++ b/docs/design/README.md
@@ -43,6 +43,8 @@ This section contains some design documents for users who want to learn more abo
- You can see how the cni operator modules are designed in [cni_operator_design](./detailed/Network/cni_operator_design.md).
+- You can see how the cni operator modules update to CNI v1.0.0 in [cni_1.0.0_change](./detailed/Network/cni_1.0.0_change.md)。
+
- You can see how the CRI adapter modules are designed in [CRI_adapter_design](./detailed/Network/CRI_adapter_design.md).
- You can see how the native network adapter modules are designed in [native_network_adapter_design](./detailed/Network/native_network_adapter_design.md).
diff --git a/docs/design/README_zh.md b/docs/design/README_zh.md
index c6172b6f..0f4cf13e 100644
--- a/docs/design/README_zh.md
+++ b/docs/design/README_zh.md
@@ -49,6 +49,8 @@
- 查看 cni operator 模块的设计文档: [cni_operator_design](./detailed/Network/cni_operator_design_zh.md) 。
+- 查看 cni operator 模块升级到CNI v1.0.0的设计文档: [cni_1.0.0_change](./detailed/Network/cni_1.0.0_change.md) 。
+
- 查看 CRI adapter 模块的设计文档: [CRI_adapter_design](./detailed/Network/CRI_adapter_design_zh.md) 。
- 查看 native network adapter 模块的设计文档: [native_network_adapter_design](./detailed/Network/native_network_adapter_design_zh.md) 。
--
2.25.1

100
0090-modify-the-user-error-log-to-be-the-same-as-before.patch Normal file
View File

@ -0,0 +1,100 @@
From 3b0f34c7cd55686cf18f65efbdc0be8a84f13e3e Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Mon, 20 May 2024 17:54:04 +1400
Subject: [PATCH 090/108] modify the user error log to be the same as before
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
src/daemon/common/id_name_manager.c | 4 +--
.../executor/container_cb/execution_create.c | 26 +++++++++++--------
.../container_cb/execution_information.c | 4 ++-
3 files changed, 20 insertions(+), 14 deletions(-)
diff --git a/src/daemon/common/id_name_manager.c b/src/daemon/common/id_name_manager.c
index 263a584d..f64094b9 100644
--- a/src/daemon/common/id_name_manager.c
+++ b/src/daemon/common/id_name_manager.c
@@ -242,7 +242,7 @@ static bool try_add_name(const char *name)
}
if (!util_valid_container_name(name)) {
- ERROR("Failed to add invalid name: %s", name);
+ ERROR("Invalid container name (%s), only [a-zA-Z0-9][a-zA-Z0-9_.-]+$ are allowed.", name);
return false;
}
@@ -262,7 +262,7 @@ static bool try_remove_name(const char *name)
}
if (!util_valid_container_name(name)) {
- ERROR("Failed to remove invalid name: %s", name);
+ ERROR("Invalid container name (%s), only [a-zA-Z0-9][a-zA-Z0-9_.-]+$ are allowed.", name);
return false;
}
diff --git a/src/daemon/executor/container_cb/execution_create.c b/src/daemon/executor/container_cb/execution_create.c
index 785b4e27..041089dd 100644
--- a/src/daemon/executor/container_cb/execution_create.c
+++ b/src/daemon/executor/container_cb/execution_create.c
@@ -761,8 +761,17 @@ static int maintain_container_id(const container_create_request *request, char *
#endif
if (!nret) {
- ERROR("Failed to add entry to id name manager with new id and name");
- isulad_set_error_message("Failed to add entry to id name manager with new id and name");
+ __isula_auto_free char *used_id = NULL;
+ used_id = container_name_index_get(name);
+ if(used_id != NULL) {
+ ERROR("Name %s is in use by container %s", name, used_id);
+ isulad_set_error_message("Conflict. The name \"%s\" is already in use by container %s. "
+ "You have to remove (or rename) that container to be able to reuse that name.",
+ name, used_id);
+ } else {
+ ERROR("Failed to add entry to id name manager with new id and name");
+ isulad_set_error_message("Failed to add entry to id name manager with new id and name");
+ }
ret = -1;
goto out;
}
@@ -775,19 +784,14 @@ static int maintain_container_id(const container_create_request *request, char *
goto out;
}
- char *used_id = NULL;
- used_id = container_name_index_get(name);
- ERROR("Name %s is in use by container %s", name, used_id);
- isulad_set_error_message("Conflict. The name \"%s\" is already in use by container %s. "
- "You have to remove (or rename) that container to be able to reuse that name.",
- name, used_id);
- free(used_id);
- used_id = NULL;
- ret = -1;
if (!skip_id_name_manage && !id_name_manager_remove_entry(id, name)) {
WARN("Failed to remove %s and %s from id name manager", id, name);
}
+ ERROR("Failed to add %s to container name index", name);
+ isulad_set_error_message("Failed to add %s to container name index", name);
+ ret = -1;
+
out:
*out_id = id;
*out_name = name;
diff --git a/src/daemon/executor/container_cb/execution_information.c b/src/daemon/executor/container_cb/execution_information.c
index c02cc830..58924257 100644
--- a/src/daemon/executor/container_cb/execution_information.c
+++ b/src/daemon/executor/container_cb/execution_information.c
@@ -1149,7 +1149,9 @@ static int container_rename(container_t *cont, const char *new_name)
if (!id_name_manager_rename(new_name, old_name)) {
ERROR("Failed to rename %s to %s in id-name manager", old_name, new_name);
- isulad_set_error_message("Failed to rename %s to %s in id-name manager", old_name, new_name);
+ isulad_set_error_message("Conflict. The name \"%s\" is already in use by container %s. "
+ "You have to remove (or rename) that container to be able to reuse that name.",
+ new_name, new_name);
ret = -1;
goto out;
}
--
2.25.1

54
0091-add-enable-cri-v1-in-k8s-integration.patch Normal file
View File

@ -0,0 +1,54 @@
From 1f69ffe589f7225a1db83377e276ddbab963bd16 Mon Sep 17 00:00:00 2001
From: jikai <jikai11@huawei.com>
Date: Tue, 21 May 2024 01:13:08 +0000
Subject: [PATCH 091/108] add enable cri v1 in k8s integration
Signed-off-by: jikai <jikai11@huawei.com>
---
docs/manual/k8s_integration.md | 9 +++++++++
docs/manual/k8s_integration_zh.md | 9 +++++++++
2 files changed, 18 insertions(+)
diff --git a/docs/manual/k8s_integration.md b/docs/manual/k8s_integration.md
index 8fcd0a54..14de0ef4 100644
--- a/docs/manual/k8s_integration.md
+++ b/docs/manual/k8s_integration.md
@@ -20,6 +20,15 @@
if `hosts` is not configured, the default endpoint is `unix:///var/run/isulad.sock`.
+ `iSulad` supports both `CRI V1alpha2` and `CRI V1`, and uses `CRI V1alph2` by default.
+ If `CRI V1` is required, it can be configured in `/etc/isulad/daemon.json` to enable `CRI V1`:
+
+ ```json
+ "enable-cri-v1": true,
+ ```
+
+ If `iSulad` is compiled from source codes, `-D ENABLE_CRI_API_V1=ON` option is required in cmake.
+
2. Restart `isulad`:
```bash
diff --git a/docs/manual/k8s_integration_zh.md b/docs/manual/k8s_integration_zh.md
index 6dda1e4d..26ba6cc4 100644
--- a/docs/manual/k8s_integration_zh.md
+++ b/docs/manual/k8s_integration_zh.md
@@ -20,6 +20,15 @@
如果`hosts`没有配置,默认的`endpoint`为``unix:///var/run/isulad.sock``
+ `iSulad`同时支持`CRI V1alpha2`和`CRI V1`两种`CRI`接口,默认使用`CRI V1alph2`,若需使用`CRI V1`
+ 需要在`/etc/isulad/daemon.json`对`iSulad`进行相关配置,配置方式为:
+
+ ```json
+ "enable-cri-v1": true,
+ ```
+
+ 若使用源码编译`iSulad`还需在编译时增加cmake编译选项`-D ENABLE_CRI_API_V1=ON`。
+
2. 重启`isulad`
```bash
--
2.25.1

317
0092-isolate-oom-monitor-codes.patch Normal file
View File

@ -0,0 +1,317 @@
From d97656a8b99f4fa95a9c15abfbac777a94b84d55 Mon Sep 17 00:00:00 2001
From: jikai <jikai11@huawei.com>
Date: Mon, 20 May 2024 08:48:00 +0000
Subject: [PATCH 092/108] isolate oom monitor codes
Signed-off-by: jikai <jikai11@huawei.com>
---
cmake/options.cmake | 7 +++++++
src/daemon/common/cgroup/cgroup.c | 2 ++
src/daemon/common/cgroup/cgroup.h | 2 ++
src/daemon/common/cgroup/cgroup_common.h | 4 ++++
src/daemon/common/cgroup/cgroup_v1.c | 8 ++++++++
src/daemon/common/cgroup/cgroup_v2.c | 8 ++++++++
src/daemon/common/cri/v1/v1_cri_helpers.cc | 2 ++
src/daemon/modules/container/container_state.c | 2 ++
.../modules/container/supervisor/supervisor.c | 14 ++++++++++++++
9 files changed, 49 insertions(+)
diff --git a/cmake/options.cmake b/cmake/options.cmake
index a15b8194..5b17f631 100644
--- a/cmake/options.cmake
+++ b/cmake/options.cmake
@@ -58,6 +58,13 @@ if (ENABLE_SANDBOXER STREQUAL "ON")
message("${Green}-- Enable sandbox API${ColourReset}")
endif()
+option(ENABLE_OOM_MONITOR "Enable oom monitor" ON)
+IF (ENABLE_OOM_MONITOR STREQUAL "ON")
+ add_definitions(-DENABLE_OOM_MONITOR)
+ set(ENABLE_OOM_MONITOR 1)
+ message("${Green}-- Enable oom monitor${ColourReset}")
+endif()
+
option(ENABLE_SYSTEMD_NOTIFY "Enable systemd notify" ON)
if (ENABLE_SYSTEMD_NOTIFY STREQUAL "ON")
add_definitions(-DSYSTEMD_NOTIFY)
diff --git a/src/daemon/common/cgroup/cgroup.c b/src/daemon/common/cgroup/cgroup.c
index 71bf9801..77fafdae 100644
--- a/src/daemon/common/cgroup/cgroup.c
+++ b/src/daemon/common/cgroup/cgroup.c
@@ -197,6 +197,7 @@ char *common_convert_cgroup_path(const char *cgroup_path)
return util_strdup_s(result);
}
+#ifdef ENABLE_OOM_MONITOR
cgroup_oom_handler_info_t *common_get_cgroup_oom_handler(int fd, const char *name, const char *cgroup_path,
const char *exit_fifo)
{
@@ -225,3 +226,4 @@ void common_free_cgroup_oom_handler_info(cgroup_oom_handler_info_t *info)
free(info->cgroup_memory_event_path);
free(info);
}
+#endif
diff --git a/src/daemon/common/cgroup/cgroup.h b/src/daemon/common/cgroup/cgroup.h
index 0bbb70a0..1ebbfa98 100644
--- a/src/daemon/common/cgroup/cgroup.h
+++ b/src/daemon/common/cgroup/cgroup.h
@@ -43,9 +43,11 @@ char *common_get_own_cgroup_path(const char *subsystem);
char *common_convert_cgroup_path(const char *cgroup_path);
+#ifdef ENABLE_OOM_MONITOR
cgroup_oom_handler_info_t *common_get_cgroup_oom_handler(int fd, const char *name, const char *cgroup_path,
const char *exit_fifo);
void common_free_cgroup_oom_handler_info(cgroup_oom_handler_info_t *info);
+#endif
#ifdef __cplusplus
}
diff --git a/src/daemon/common/cgroup/cgroup_common.h b/src/daemon/common/cgroup/cgroup_common.h
index 46a7de50..01fc669c 100644
--- a/src/daemon/common/cgroup/cgroup_common.h
+++ b/src/daemon/common/cgroup/cgroup_common.h
@@ -116,6 +116,7 @@ typedef struct {
cgroup_pids_metrics_t cgpids_metrics;
} cgroup_metrics_t;
+#ifdef ENABLE_OOM_MONITOR
#define CGROUP_OOM_HANDLE_CONTINUE false
#define CGROUP_OOM_HANDLE_CLOSE true
@@ -126,6 +127,7 @@ typedef struct _cgroup_oom_handler_info_t {
char *cgroup_memory_event_path;
bool (*oom_event_handler)(int, void *);
} cgroup_oom_handler_info_t;
+#endif
typedef struct {
int (*get_cgroup_version)(void);
@@ -140,8 +142,10 @@ typedef struct {
char *(*get_init_cgroup_path)(const char *subsystem);
char *(*get_own_cgroup_path)(const char *subsystem);
+#ifdef ENABLE_OOM_MONITOR
cgroup_oom_handler_info_t *(*get_cgroup_oom_handler)(int fd, const char *name, const char *cgroup_path,
const char *exit_fifo);
+#endif
} cgroup_ops;
#ifdef __cplusplus
diff --git a/src/daemon/common/cgroup/cgroup_v1.c b/src/daemon/common/cgroup/cgroup_v1.c
index 45b1d096..018336ea 100644
--- a/src/daemon/common/cgroup/cgroup_v1.c
+++ b/src/daemon/common/cgroup/cgroup_v1.c
@@ -20,12 +20,16 @@
#include <stdio.h>
#include <stdlib.h>
+#ifdef ENABLE_OOM_MONITOR
#include <sys/eventfd.h>
+#endif
#include "utils.h"
#include "sysinfo.h"
#include "err_msg.h"
+#ifdef ENABLE_OOM_MONITOR
#include "events_sender_api.h"
+#endif
#define CGROUP_HUGETLB_LIMIT "hugetlb.%s.limit_in_bytes"
#define CGROUP_MOUNT_PATH_PREFIX "/sys/fs/cgroup/"
@@ -1052,6 +1056,7 @@ static char *common_get_cgroup_path(const char *path, const char *subsystem)
return res;
}
+#ifdef ENABLE_OOM_MONITOR
static bool oom_cb_cgroup_v1(int fd, void *cbdata)
{
cgroup_oom_handler_info_t *info = (cgroup_oom_handler_info_t *)cbdata;
@@ -1205,6 +1210,7 @@ cleanup:
common_free_cgroup_oom_handler_info(info);
return NULL;
}
+#endif
char *get_init_cgroup_path_v1(const char *subsystem)
{
@@ -1232,6 +1238,8 @@ int cgroup_v1_ops_init(cgroup_ops *ops)
ops->get_cgroup_mnt_and_root_path = get_cgroup_mnt_and_root_path_v1;
ops->get_init_cgroup_path = get_init_cgroup_path_v1;
ops->get_own_cgroup_path = get_own_cgroup_v1;
+#ifdef ENABLE_OOM_MONITOR
ops->get_cgroup_oom_handler = get_cgroup_oom_handler_v1;
+#endif
return 0;
}
\ No newline at end of file
diff --git a/src/daemon/common/cgroup/cgroup_v2.c b/src/daemon/common/cgroup/cgroup_v2.c
index 76754dc1..ce72e6c4 100644
--- a/src/daemon/common/cgroup/cgroup_v2.c
+++ b/src/daemon/common/cgroup/cgroup_v2.c
@@ -17,14 +17,18 @@
#include <stdio.h>
#include <stdlib.h>
#include <sys/stat.h>
+#ifdef ENABLE_OOM_MONITOR
#include <sys/inotify.h>
+#endif
#include <isula_libutils/auto_cleanup.h>
#include "utils.h"
#include "path.h"
#include "sysinfo.h"
+#ifdef ENABLE_OOM_MONITOR
#include "events_sender_api.h"
+#endif
// Cgroup V2 Item Definition
#define CGROUP2_CPU_WEIGHT "cpu.weight"
@@ -416,6 +420,7 @@ static int get_cgroup_mnt_and_root_v2(const char *subsystem, char **mountpoint,
return 0;
}
+#ifdef ENABLE_OOM_MONITOR
static bool oom_cb_cgroup_v2(int fd, void *cbdata)
{
const size_t events_size = sizeof(struct inotify_event) + NAME_MAX + 1;
@@ -547,6 +552,7 @@ cleanup:
common_free_cgroup_oom_handler_info(info);
return NULL;
}
+#endif
int get_cgroup_version_v2()
{
@@ -562,6 +568,8 @@ int cgroup_v2_ops_init(cgroup_ops *ops)
ops->get_cgroup_info = get_cgroup_info_v2;
ops->get_cgroup_metrics = get_cgroup_metrics_v2;
ops->get_cgroup_mnt_and_root_path = get_cgroup_mnt_and_root_v2;
+#ifdef ENABLE_OOM_MONITOR
ops->get_cgroup_oom_handler = get_cgroup_oom_handler_v2;
+#endif
return 0;
}
\ No newline at end of file
diff --git a/src/daemon/common/cri/v1/v1_cri_helpers.cc b/src/daemon/common/cri/v1/v1_cri_helpers.cc
index 478dd105..31b6b137 100644
--- a/src/daemon/common/cri/v1/v1_cri_helpers.cc
+++ b/src/daemon/common/cri/v1/v1_cri_helpers.cc
@@ -517,9 +517,11 @@ void UpdateBaseStatusFromInspect(
} else { // Case 3
state = runtime::v1::CONTAINER_CREATED;
}
+#ifdef ENABLE_OOM_MONITOR
if (inspect->state->oom_killed == true) {
reason = "OOMKilled";
}
+#endif
if (inspect->state->error != nullptr) {
message = inspect->state->error;
}
diff --git a/src/daemon/modules/container/container_state.c b/src/daemon/modules/container/container_state.c
index 452a2b26..f8ad0537 100644
--- a/src/daemon/modules/container/container_state.c
+++ b/src/daemon/modules/container/container_state.c
@@ -587,7 +587,9 @@ container_inspect_state *container_state_to_inspect_state(container_state_t *s)
state->running = s->state->running;
state->paused = s->state->paused;
state->restarting = s->state->restarting;
+#ifdef ENABLE_OOM_MONITOR
state->oom_killed = s->state->oom_killed;
+#endif
state->pid = s->state->pid;
state->exit_code = s->state->exit_code;
diff --git a/src/daemon/modules/container/supervisor/supervisor.c b/src/daemon/modules/container/supervisor/supervisor.c
index 39d9fdb8..294783eb 100644
--- a/src/daemon/modules/container/supervisor/supervisor.c
+++ b/src/daemon/modules/container/supervisor/supervisor.c
@@ -42,8 +42,10 @@
#ifdef ENABLE_CRI_API_V1
#include "sandbox_ops.h"
#endif
+#ifdef ENABLE_OOM_MONITOR
#include "cgroup.h"
#include "specs_api.h"
+#endif
pthread_mutex_t g_supervisor_lock = PTHREAD_MUTEX_INITIALIZER;
struct epoll_descr g_supervisor_descr;
@@ -286,6 +288,7 @@ static int supervisor_exit_cb(int fd, uint32_t events, void *cbdata, struct epol
return EPOLL_LOOP_HANDLE_CONTINUE;
}
+#ifdef ENABLE_OOM_MONITOR
static int oom_handle_cb(int fd, uint32_t events, void *cbdata, struct epoll_descr *descr)
{
cgroup_oom_handler_info_t *oom_handler_info = (cgroup_oom_handler_info_t *)cbdata;
@@ -305,6 +308,7 @@ static int oom_handle_cb(int fd, uint32_t events, void *cbdata, struct epoll_des
return EPOLL_LOOP_HANDLE_CONTINUE;
}
+#endif
/* supervisor add exit monitor */
int container_supervisor_add_exit_monitor(int fd, const char *exit_fifo, const pid_ppid_info_t *pid_info,
@@ -312,8 +316,10 @@ int container_supervisor_add_exit_monitor(int fd, const char *exit_fifo, const p
{
int ret = 0;
struct supervisor_handler_data *data = NULL;
+#ifdef ENABLE_OOM_MONITOR
cgroup_oom_handler_info_t *oom_handler_info = NULL;
__isula_auto_free char *cgroup_path = NULL;
+#endif
if (fd < 0) {
ERROR("Invalid exit fifo fd");
@@ -326,12 +332,14 @@ int container_supervisor_add_exit_monitor(int fd, const char *exit_fifo, const p
return -1;
}
+#ifdef ENABLE_OOM_MONITOR
cgroup_path = merge_container_cgroups_path(cont->common_config->id, cont->hostconfig);
if (cgroup_path == NULL) {
ERROR("Failed to get cgroup path");
close(fd);
return -1;
}
+#endif
data = util_common_calloc_s(sizeof(struct supervisor_handler_data));
if (data == NULL) {
@@ -353,9 +361,12 @@ int container_supervisor_add_exit_monitor(int fd, const char *exit_fifo, const p
data->pid_info.start_time = pid_info->start_time;
data->pid_info.ppid = pid_info->ppid;
data->pid_info.pstart_time = pid_info->pstart_time;
+#ifdef ENABLE_OOM_MONITOR
oom_handler_info = common_get_cgroup_oom_handler(fd, cont->common_config->id, cgroup_path, exit_fifo);
+#endif
supervisor_handler_lock();
+#ifdef ENABLE_OOM_MONITOR
if (oom_handler_info != NULL) {
ret = epoll_loop_add_handler(&g_supervisor_descr, oom_handler_info->oom_event_fd, oom_handle_cb, oom_handler_info);
if (ret != 0) {
@@ -363,6 +374,7 @@ int container_supervisor_add_exit_monitor(int fd, const char *exit_fifo, const p
goto err;
}
}
+#endif
ret = epoll_loop_add_handler(&g_supervisor_descr, fd, supervisor_exit_cb, data);
if (ret != 0) {
@@ -374,7 +386,9 @@ int container_supervisor_add_exit_monitor(int fd, const char *exit_fifo, const p
err:
supervisor_handler_data_free(data);
+#ifdef ENABLE_OOM_MONITOR
common_free_cgroup_oom_handler_info(oom_handler_info);
+#endif
out:
supervisor_handler_unlock();
return ret;
--
2.25.1

64
0093-change-fork-process-exit-mode.patch Normal file
View File

@ -0,0 +1,64 @@
From 0ff5a421e31096fbd10cf00c45a3849297023391 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Thu, 23 May 2024 01:09:41 +1400
Subject: [PATCH 093/108] change fork process exit mode
---
src/utils/tar/util_archive.c | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/src/utils/tar/util_archive.c b/src/utils/tar/util_archive.c
index 52b51162..204dab83 100644
--- a/src/utils/tar/util_archive.c
+++ b/src/utils/tar/util_archive.c
@@ -897,9 +897,9 @@ int archive_unpack(const struct io_read_wrapper *content, const char *dstdir, co
child_out:
if (ret != 0) {
- exit(EXIT_FAILURE);
+ _exit(EXIT_FAILURE);
}
- exit(EXIT_SUCCESS);
+ _exit(EXIT_SUCCESS);
}
close(pipe_stderr[1]);
pipe_stderr[1] = -1;
@@ -1342,9 +1342,9 @@ int archive_chroot_tar(const char *path, const char *file, const char *root_dir,
child_out:
if (ret != 0) {
- exit(EXIT_FAILURE);
+ _exit(EXIT_FAILURE);
} else {
- exit(EXIT_SUCCESS);
+ _exit(EXIT_SUCCESS);
}
}
close(pipe_for_read[1]);
@@ -1577,9 +1577,9 @@ int archive_chroot_untar_stream(const struct io_read_wrapper *context, const cha
child_out:
if (ret != 0) {
- exit(EXIT_FAILURE);
+ _exit(EXIT_FAILURE);
}
- exit(EXIT_SUCCESS);
+ _exit(EXIT_SUCCESS);
}
close(pipe_stderr[1]);
@@ -1727,9 +1727,9 @@ child_out:
free(tar_base_name);
if (ret != 0) {
- exit(EXIT_FAILURE);
+ _exit(EXIT_FAILURE);
} else {
- exit(EXIT_SUCCESS);
+ _exit(EXIT_SUCCESS);
}
}
--
2.25.1

26
0094-fix-error-log-for-verify_cpu_realtime.patch Normal file
View File

@ -0,0 +1,26 @@
From 1671a136d1b7d209c453a8ad2b1bf062a3afbe09 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Tue, 28 May 2024 17:23:45 +1400
Subject: [PATCH 094/108] fix error log for verify_cpu_realtime
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
src/daemon/modules/spec/verify.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/daemon/modules/spec/verify.c b/src/daemon/modules/spec/verify.c
index 57e16ef9..1ce76c1d 100644
--- a/src/daemon/modules/spec/verify.c
+++ b/src/daemon/modules/spec/verify.c
@@ -390,7 +390,7 @@ static int verify_cpu_realtime(const sysinfo_t *sysinfo, int64_t realtime_period
if (realtime_runtime != 0 && !(sysinfo->cgcpuinfo.cpu_rt_runtime)) {
ERROR("Invalid --cpu-rt-runtime: Your kernel does not support cgroup rt runtime");
- isulad_set_error_message("Invalid --cpu-rt-period: Your kernel does not support cgroup rt runtime");
+ isulad_set_error_message("Invalid --cpu-rt-runtime: Your kernel does not support cgroup rt runtime");
ret = -1;
goto out;
}
--
2.25.1

54
0095-bugfix-change-max-network-name-len.patch Normal file
View File

@ -0,0 +1,54 @@
From e2a7e6bfb0f0e97e5e1543fac7a5e0807fadaba0 Mon Sep 17 00:00:00 2001
From: liuxu <liuxu156@huawei.com>
Date: Thu, 30 May 2024 16:50:56 +0800
Subject: [PATCH 095/108] bugfix: change max network name len
Signed-off-by: liuxu <liuxu156@huawei.com>
---
docs/design/detailed/Network/native_network_adapter_design.md | 2 +-
.../design/detailed/Network/native_network_adapter_design_zh.md | 2 +-
src/utils/cutils/utils.h | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/docs/design/detailed/Network/native_network_adapter_design.md b/docs/design/detailed/Network/native_network_adapter_design.md
index b58989eb..1010bd73 100644
--- a/docs/design/detailed/Network/native_network_adapter_design.md
+++ b/docs/design/detailed/Network/native_network_adapter_design.md
@@ -204,7 +204,7 @@ Client:
1. Parse the parameters passed in by the user.
2. Verify the incoming parameters, including:
- Only one network is allowed to be created at a time, that is, at most one name can be specified.
- - If name is specified, check whether the length of name exceeds MAX_NETWORK_NAME_LEN(128).
+ - If name is specified, check whether the length of name exceeds MAX_NETWORK_NAME_LEN(255).
3. Send the request to the server
Server:
diff --git a/docs/design/detailed/Network/native_network_adapter_design_zh.md b/docs/design/detailed/Network/native_network_adapter_design_zh.md
index 30860f3d..62c4b6ef 100644
--- a/docs/design/detailed/Network/native_network_adapter_design_zh.md
+++ b/docs/design/detailed/Network/native_network_adapter_design_zh.md
@@ -204,7 +204,7 @@ int native_network_add_container_list(const char *network_name, const char *cont
1. 解析用户传入的参数
2. 对传入的参数进行校验,包括
- 每次只允许创建一个网络, 即最多指定一个name
- - 若指定name检查name长度是否超过MAX_NETWORK_NAME_LEN(128)
+ - 若指定name检查name长度是否超过MAX_NETWORK_NAME_LEN(255)
3. 发送请求到服务端
服务端:
diff --git a/src/utils/cutils/utils.h b/src/utils/cutils/utils.h
index 3671272a..4417a165 100644
--- a/src/utils/cutils/utils.h
+++ b/src/utils/cutils/utils.h
@@ -99,7 +99,7 @@ int malloc_trim(size_t pad);
#define MAX_IMAGE_REF_LEN 384
#define MAX_CONTAINER_NAME_LEN 1024
#define MAX_RUNTIME_NAME_LEN 32
-#define MAX_NETWORK_NAME_LEN 128
+#define MAX_NETWORK_NAME_LEN 255
#define LOGIN_USERNAME_LEN 255
#define LOGIN_PASSWORD_LEN 255
--
2.25.1

26
0096-del-useless-info.patch Normal file
View File

@ -0,0 +1,26 @@
From b36cfa4325f43b3fa1468ba360b3d51f6ef1c3ca Mon Sep 17 00:00:00 2001
From: liuxu <liuxu156@huawei.com>
Date: Thu, 30 May 2024 17:14:48 +0800
Subject: [PATCH 096/108] del useless info
Signed-off-by: liuxu <liuxu156@huawei.com>
---
release_notes | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/release_notes b/release_notes
index 2d564c7e..fdcd3690 100644
--- a/release_notes
+++ b/release_notes
@@ -72,7 +72,7 @@
dev stats:
- 357 files changed, 7886 insertions(+), 2849 deletions(-)
- - contributors: zhongtao, jikai, haozi007, jake, liuxu, xuxuepeng, zhangxiaoyu, sailorvii, chen524, dreamloy, l00804245, yangjiaqi
+ - contributors: zhongtao, jikai, haozi007, jake, liuxu, xuxuepeng, zhangxiaoyu, sailorvii, chen524, dreamloy, yangjiaqi
2023-11-07 xuepengxu release 2.1.4
- !2238 modify the default value of EANBLE_IMAGE_LIBARAY to off * modify the default value of EANBLE_IMAGE_LIBARAY to off
--
2.25.1

83
0097-code-improve.patch Normal file
View File

@ -0,0 +1,83 @@
From 2aa26649f20ae5992ace7bb8cb62a5ee9c3f7a81 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Thu, 30 May 2024 21:30:43 +1400
Subject: [PATCH 097/108] code improve
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
src/cmd/isula/volume/prune.c | 2 +-
src/cmd/options/opt_log.c | 2 +-
src/daemon/executor/container_cb/execution_extend.c | 3 ++-
src/daemon/executor/container_cb/execution_information.c | 2 +-
src/daemon/modules/image/oci/registry_type.c | 2 +-
5 files changed, 6 insertions(+), 5 deletions(-)
diff --git a/src/cmd/isula/volume/prune.c b/src/cmd/isula/volume/prune.c
index c8d632ed..3b5bfbf1 100644
--- a/src/cmd/isula/volume/prune.c
+++ b/src/cmd/isula/volume/prune.c
@@ -79,7 +79,7 @@ out:
int cmd_volume_prune_main(int argc, const char **argv)
{
- int i = 0;
+ size_t i = 0;
struct isula_libutils_log_config lconf = { 0 };
int exit_code = 1;
command_t cmd;
diff --git a/src/cmd/options/opt_log.c b/src/cmd/options/opt_log.c
index b1abcfaf..8ffb9966 100644
--- a/src/cmd/options/opt_log.c
+++ b/src/cmd/options/opt_log.c
@@ -67,7 +67,7 @@ static int log_opt_syslog_facility(const char *key, const char *value, char **pa
"authpriv", "ftp", "local0", "local1", "local2",
"local3", "local4", "local5", "local6", "local7"
};
- int i;
+ size_t i;
size_t f_len = sizeof(facility_values) / sizeof(const char *);
for (i = 0; i < f_len; i++) {
diff --git a/src/daemon/executor/container_cb/execution_extend.c b/src/daemon/executor/container_cb/execution_extend.c
index 52401633..ed072848 100644
--- a/src/daemon/executor/container_cb/execution_extend.c
+++ b/src/daemon/executor/container_cb/execution_extend.c
@@ -990,7 +990,8 @@ out:
static int update_container_unified(const char *id, const host_config *hostconfig, host_config *chostconfig)
{
- int i, cgroup_version;
+ int cgroup_version;
+ size_t i;
if (hostconfig->unified == NULL || hostconfig->unified->len == 0) {
return 0;
diff --git a/src/daemon/executor/container_cb/execution_information.c b/src/daemon/executor/container_cb/execution_information.c
index 58924257..4aee3aef 100644
--- a/src/daemon/executor/container_cb/execution_information.c
+++ b/src/daemon/executor/container_cb/execution_information.c
@@ -244,7 +244,7 @@ static int get_proxy_env(char **proxy, const char *type)
}
*col_pos = '\0';
nret = snprintf(*proxy, proxy_len, "%s:%s%s", tmp_proxy, mask_str, at_pos);
- if (nret < 0 || nret >= proxy_len) {
+ if (nret < 0 || (size_t)nret >= proxy_len) {
ret = -1;
free(*proxy);
*proxy = NULL;
diff --git a/src/daemon/modules/image/oci/registry_type.c b/src/daemon/modules/image/oci/registry_type.c
index 6c9ff747..7a2c25ed 100644
--- a/src/daemon/modules/image/oci/registry_type.c
+++ b/src/daemon/modules/image/oci/registry_type.c
@@ -59,7 +59,7 @@ void free_layer_blob(layer_blob *layer)
void free_pull_desc(pull_descriptor *desc)
{
- int i = 0;
+ size_t i = 0;
if (desc == NULL) {
return;
--
2.25.1

33
0098-cdi-add-debug-info.patch Normal file
View File

@ -0,0 +1,33 @@
From 5a5f4879246783932ab620b2461a7cd832ddc1f0 Mon Sep 17 00:00:00 2001
From: liuxu <liuxu156@huawei.com>
Date: Fri, 31 May 2024 16:38:26 +0800
Subject: [PATCH 098/108] cdi:add debug info
Signed-off-by: liuxu <liuxu156@huawei.com>
---
src/daemon/modules/device/cdi/cdi_cache.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/daemon/modules/device/cdi/cdi_cache.c b/src/daemon/modules/device/cdi/cdi_cache.c
index e9a9b804..cd7158dd 100644
--- a/src/daemon/modules/device/cdi/cdi_cache.c
+++ b/src/daemon/modules/device/cdi/cdi_cache.c
@@ -306,6 +306,7 @@ static void refresh_scan_spec_func(struct cdi_scan_fn_maps *scan_fn_maps, const
ERROR("Failed to insert device to devices by name %s", qualified);
goto error_out;
}
+ DEBUG("Add device %s into memory", qualified);
free(qualified);
qualified = NULL;
}
@@ -445,6 +446,7 @@ static int cdi_inject_devices(struct cdi_cache *c, oci_runtime_spec *oci_spec, s
for (i = 0; i < devices->len; i++) {
device = devices->items[i];
+ DEBUG("Search cdi devices %s.", device);
d = map_search(c->devices, (void *)device);
if (d == NULL) {
if (util_append_string_array(unresolved, device) != 0) {
--
2.25.1

28
0099-bugfix-cni-network-name-UT.patch Normal file
View File

@ -0,0 +1,28 @@
From 4a98535064319a9df3143d9c4b397f44fbbb56c5 Mon Sep 17 00:00:00 2001
From: liuxu <liuxu156@huawei.com>
Date: Mon, 3 Jun 2024 16:11:06 +0800
Subject: [PATCH 099/108] bugfix:cni network name UT
Signed-off-by: liuxu <liuxu156@huawei.com>
---
test/cutils/utils_network/utils_network_ut.cc | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/test/cutils/utils_network/utils_network_ut.cc b/test/cutils/utils_network/utils_network_ut.cc
index 33eb6eb5..68f6f011 100644
--- a/test/cutils/utils_network/utils_network_ut.cc
+++ b/test/cutils/utils_network/utils_network_ut.cc
@@ -344,8 +344,8 @@ TEST(utils_network, test_net_contain_ip)
TEST(utils_network, test_validate_network_name)
{
ASSERT_EQ(util_validate_network_name(nullptr), false);
- ASSERT_EQ(util_validate_network_name(std::string(128, 'a').c_str()), true);
- ASSERT_EQ(util_validate_network_name(std::string(129, 'a').c_str()), false);
+ ASSERT_EQ(util_validate_network_name(std::string(255, 'a').c_str()), true);
+ ASSERT_EQ(util_validate_network_name(std::string(256, 'a').c_str()), false);
ASSERT_EQ(util_validate_network_name(std::string(".abce").c_str()), false);
}
--
2.25.1

40
0100-bugfix-malloc-right-type-size.patch Normal file
View File

@ -0,0 +1,40 @@
From 7bf26415fcba090e281324ba92f7d7e6487b94fc Mon Sep 17 00:00:00 2001
From: liuxu <liuxu156@huawei.com>
Date: Tue, 4 Jun 2024 16:30:19 +0800
Subject: [PATCH 100/108] bugfix:malloc right type size
Signed-off-by: liuxu <liuxu156@huawei.com>
---
src/client/connect/rest/rest_volumes_client.c | 2 +-
src/daemon/modules/service/service_network.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/client/connect/rest/rest_volumes_client.c b/src/client/connect/rest/rest_volumes_client.c
index 88254e6c..2327c28e 100644
--- a/src/client/connect/rest/rest_volumes_client.c
+++ b/src/client/connect/rest/rest_volumes_client.c
@@ -251,7 +251,7 @@ static int prune_request_to_rest(const struct isula_prune_volume_request *reques
parser_error err = NULL;
int ret = 0;
- nrequest = util_common_calloc_s(sizeof(volume_list_volume_request));
+ nrequest = util_common_calloc_s(sizeof(volume_prune_volume_request));
if (nrequest == NULL) {
ERROR("Out of memory");
return -1;
diff --git a/src/daemon/modules/service/service_network.c b/src/daemon/modules/service/service_network.c
index 6754cf1a..fe6dbf1d 100644
--- a/src/daemon/modules/service/service_network.c
+++ b/src/daemon/modules/service/service_network.c
@@ -74,7 +74,7 @@ static struct attach_net_conf_list *build_attach_networks(const defs_map_string_
return NULL;
}
- list = (struct attach_net_conf_list *)util_common_calloc_s(sizeof(struct attach_net_conf));
+ list = (struct attach_net_conf_list *)util_common_calloc_s(sizeof(struct attach_net_conf_list));
if (list == NULL) {
ERROR("Out of memory");
return NULL;
--
2.25.1

26
0101-use-isula_clean_path-rather-than-realpath.patch Normal file
View File

@ -0,0 +1,26 @@
From 60a2b15e0090018b7850b37369964bf62e253419 Mon Sep 17 00:00:00 2001
From: jikai <jikai11@huawei.com>
Date: Wed, 5 Jun 2024 02:07:23 +0000
Subject: [PATCH 101/108] use isula_clean_path rather than realpath
Signed-off-by: jikai <jikai11@huawei.com>
---
src/cmd/isulad-shim/process.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/cmd/isulad-shim/process.c b/src/cmd/isulad-shim/process.c
index 18fae03f..dd41c77f 100644
--- a/src/cmd/isulad-shim/process.c
+++ b/src/cmd/isulad-shim/process.c
@@ -489,7 +489,7 @@ static bool attach_fifopath_security_check(process_t *p, const char *fifopath)
return false;
}
- if (realpath(fifopath, real_path) == NULL) {
+ if (isula_clean_path(fifopath, real_path, sizeof(real_path)) == NULL) {
ERROR("Failed to get realpath for '%s': %d.", real_path, SHIM_SYS_ERR(errno));
return false;
}
--
2.25.1

32
0102-fix-false-engine-rootpath-reference.patch Normal file
View File

@ -0,0 +1,32 @@
From fa25a8923e47ed6b65e0bcd08954589f5b26092c Mon Sep 17 00:00:00 2001
From: jikai <jikai11@huawei.com>
Date: Wed, 5 Jun 2024 02:10:48 +0000
Subject: [PATCH 102/108] fix false engine rootpath reference
Signed-off-by: jikai <jikai11@huawei.com>
---
src/daemon/config/isulad_config.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/daemon/config/isulad_config.c b/src/daemon/config/isulad_config.c
index 80689bce..d7b54498 100644
--- a/src/daemon/config/isulad_config.c
+++ b/src/daemon/config/isulad_config.c
@@ -398,12 +398,12 @@ char *conf_get_sandbox_rootpath(void)
ERROR("Get rootpath failed");
return epath;
}
- if (strlen(rootpath) > (PATH_MAX - strlen(ENGINE_ROOTPATH_NAME)) - 2) {
+ if (strlen(rootpath) > (PATH_MAX - strlen(SANDBOX_ROOTPATH_NAME)) - 2) {
ERROR("Root path is too long");
return epath;
}
// rootpath + "/" + SANDBOX_ROOTPATH_NAME + "/0"
- len = strlen(rootpath) + 1 + strlen(ENGINE_ROOTPATH_NAME) + 1;
+ len = strlen(rootpath) + 1 + strlen(SANDBOX_ROOTPATH_NAME) + 1;
epath = util_smart_calloc_s(sizeof(char), len);
if (epath == NULL) {
ERROR("Out of memory");
--
2.25.1

25
0103-bugfix-add-note.patch Normal file
View File

@ -0,0 +1,25 @@
From 8eea40e09aa34da85cfa191f07cfe7e123c9809d Mon Sep 17 00:00:00 2001
From: liuxu <liuxu156@huawei.com>
Date: Wed, 5 Jun 2024 10:18:06 +0800
Subject: [PATCH 103/108] bugfix:add note
Signed-off-by: liuxu <liuxu156@huawei.com>
---
src/utils/cutils/utils_array.h | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/utils/cutils/utils_array.h b/src/utils/cutils/utils_array.h
index 0c4fd217..553c2c13 100644
--- a/src/utils/cutils/utils_array.h
+++ b/src/utils/cutils/utils_array.h
@@ -30,6 +30,7 @@ void util_free_array_by_len(char **array, size_t len);
void util_free_array(char **array);
+// this function just copies the first len elements of array and does not automatically add NULL element in the end.
char **util_copy_array_by_len(char **array, size_t len);
int util_grow_array(char ***orig_array, size_t *orig_capacity, size_t size,
--
2.25.1

64
0104-bugfix-adapt-network-name-max-len.patch Normal file
View File

@ -0,0 +1,64 @@
From 174f7d9d959bd129675651ccf7ef460794188b63 Mon Sep 17 00:00:00 2001
From: liuxu <liuxu156@huawei.com>
Date: Wed, 5 Jun 2024 10:40:22 +0800
Subject: [PATCH 104/108] bugfix:adapt network name max len
Signed-off-by: liuxu <liuxu156@huawei.com>
---
CI/test_cases/network_cases/network_create.sh | 5 +++--
src/utils/cutils/utils.h | 7 ++++++-
test/cutils/utils_network/utils_network_ut.cc | 4 ++--
3 files changed, 11 insertions(+), 5 deletions(-)
diff --git a/CI/test_cases/network_cases/network_create.sh b/CI/test_cases/network_cases/network_create.sh
index 3107da12..da54fdd0 100755
--- a/CI/test_cases/network_cases/network_create.sh
+++ b/CI/test_cases/network_cases/network_create.sh
@@ -33,8 +33,9 @@ function test_network_create()
local name1="cni1"
local name2="cni2"
local name3="a"
- for i in $(seq 1 7);do
- name3=${name3}${name3}
+ local basechar="a"
+ for i in $(seq 1 199);do
+ name3=${name3}${basechar}
done
local name4=${name3}b
local invalid_name=".xx"
diff --git a/src/utils/cutils/utils.h b/src/utils/cutils/utils.h
index 4417a165..ce0ca703 100644
--- a/src/utils/cutils/utils.h
+++ b/src/utils/cutils/utils.h
@@ -99,7 +99,12 @@ int malloc_trim(size_t pad);
#define MAX_IMAGE_REF_LEN 384
#define MAX_CONTAINER_NAME_LEN 1024
#define MAX_RUNTIME_NAME_LEN 32
-#define MAX_NETWORK_NAME_LEN 255
+/*
+ * Linux limits the length of the file name to 255,
+ * isulad will create file by name "${ISULAD_CNI_NETWORK_CONF_FILE_PRE}${network_name}.conflist"
+ * when create native network,so we limit the length of the network name to 200.
+ */
+#define MAX_NETWORK_NAME_LEN 200
#define LOGIN_USERNAME_LEN 255
#define LOGIN_PASSWORD_LEN 255
diff --git a/test/cutils/utils_network/utils_network_ut.cc b/test/cutils/utils_network/utils_network_ut.cc
index 68f6f011..be85e398 100644
--- a/test/cutils/utils_network/utils_network_ut.cc
+++ b/test/cutils/utils_network/utils_network_ut.cc
@@ -344,8 +344,8 @@ TEST(utils_network, test_net_contain_ip)
TEST(utils_network, test_validate_network_name)
{
ASSERT_EQ(util_validate_network_name(nullptr), false);
- ASSERT_EQ(util_validate_network_name(std::string(255, 'a').c_str()), true);
- ASSERT_EQ(util_validate_network_name(std::string(256, 'a').c_str()), false);
+ ASSERT_EQ(util_validate_network_name(std::string(200, 'a').c_str()), true);
+ ASSERT_EQ(util_validate_network_name(std::string(201, 'a').c_str()), false);
ASSERT_EQ(util_validate_network_name(std::string(".abce").c_str()), false);
}
--
2.25.1

140
0105-start-sandbox-before-setup-network-by-default.patch Normal file
View File

@ -0,0 +1,140 @@
From e6b3528acff10fb2bc62e2da0c3754f1e36cbd54 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Wed, 5 Jun 2024 10:04:59 +0800
Subject: [PATCH 105/108] start sandbox before setup network by default
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
src/daemon/common/cri/cri_helpers.cc | 12 +++++++
src/daemon/common/cri/cri_helpers.h | 3 ++
.../cri_pod_sandbox_manager_service.cc | 34 +++++++++++++------
src/daemon/modules/spec/specs.c | 2 +-
src/utils/cutils/utils_file.c | 2 +-
5 files changed, 41 insertions(+), 12 deletions(-)
diff --git a/src/daemon/common/cri/cri_helpers.cc b/src/daemon/common/cri/cri_helpers.cc
index 68d569cc..8117403c 100644
--- a/src/daemon/common/cri/cri_helpers.cc
+++ b/src/daemon/common/cri/cri_helpers.cc
@@ -47,6 +47,8 @@ const std::string Constants::DOCKER_IMAGEID_PREFIX { "docker://" };
const std::string Constants::DOCKER_PULLABLE_IMAGEID_PREFIX { "docker-pullable://" };
const std::string Constants::RUNTIME_READY { "RuntimeReady" };
const std::string Constants::NETWORK_READY { "NetworkReady" };
+// Kata 2.x need create network namespace and setup network befoce run podsandbox
+const std::string Constants::NETWORK_SETUP_ANNOTATION_KEY { "cri.sandbox.network.setup.v2" };
const std::string Constants::POD_CHECKPOINT_KEY { "cri.sandbox.isulad.checkpoint" };
const std::string Constants::CONTAINER_TYPE_ANNOTATION_KEY { "io.kubernetes.cri.container-type" };
const std::string Constants::CONTAINER_NAME_ANNOTATION_KEY { "io.kubernetes.cri.container-name" };
@@ -1140,4 +1142,14 @@ auto GetPodSELinuxLabelOpts(const std::string &selinuxLabel, Errors &error)
return fmtiSuladOpts(selinuxOpts, securityOptSep);
}
+bool SetupNetworkFirst(const std::map<std::string, std::string> &annotations)
+{
+ auto iter = annotations.find(CRIHelpers::Constants::NETWORK_SETUP_ANNOTATION_KEY);
+ if (iter == annotations.end()) {
+ return false;
+ }
+
+ return iter->second == std::string("true");
+}
+
} // namespace CRIHelpers
diff --git a/src/daemon/common/cri/cri_helpers.h b/src/daemon/common/cri/cri_helpers.h
index 5c450b32..11a80b45 100644
--- a/src/daemon/common/cri/cri_helpers.h
+++ b/src/daemon/common/cri/cri_helpers.h
@@ -49,6 +49,7 @@ public:
static const std::string DOCKER_PULLABLE_IMAGEID_PREFIX;
static const std::string RUNTIME_READY;
static const std::string NETWORK_READY;
+ static const std::string NETWORK_SETUP_ANNOTATION_KEY;
static const std::string POD_CHECKPOINT_KEY;
static const size_t MAX_CHECKPOINT_KEY_LEN { 250 };
static const std::string CONTAINER_TYPE_ANNOTATION_KEY;
@@ -151,6 +152,8 @@ auto GetPodSELinuxLabelOpts(const std::string &selinuxLabel, Errors &error) -> s
auto GetlegacySeccompiSuladOpts(const std::string &seccompProfile, Errors &error) -> std::vector<iSuladOpt>;
auto GetSeccompiSuladOptsByPath(const char *dstpath, Errors &error) -> std::vector<iSuladOpt>;
+
+bool SetupNetworkFirst(const std::map<std::string, std::string> &annotations);
}; // namespace CRIHelpers
#endif // DAEMON_ENTRY_CRI_CRI_HELPERS_H
diff --git a/src/daemon/entry/cri/v1alpha/cri_pod_sandbox_manager_service.cc b/src/daemon/entry/cri/v1alpha/cri_pod_sandbox_manager_service.cc
index af6b5fff..f852f4df 100644
--- a/src/daemon/entry/cri/v1alpha/cri_pod_sandbox_manager_service.cc
+++ b/src/daemon/entry/cri/v1alpha/cri_pod_sandbox_manager_service.cc
@@ -655,19 +655,33 @@ auto PodSandboxManagerService::RunPodSandbox(const runtime::v1alpha2::PodSandbox
}
}
- // Step 7: Setup networking for the sandbox.
- SetupSandboxNetwork(config, response_id, inspect_data, networkOptions, stdAnnos, network_setting_json, error);
- if (error.NotEmpty()) {
- goto cleanup_ns;
- }
+ // Step 7: According to the annotation and network namespace mode,
+ // determine the order of start sandbox and setup network.
+ if (CRIHelpers::SetupNetworkFirst(stdAnnos)) {
+ // Step 7.1: Setup networking for the sandbox, and then start the sandbox container.
+ SetupSandboxNetwork(config, response_id, inspect_data, networkOptions, stdAnnos, network_setting_json, error);
+ if (error.NotEmpty()) {
+ goto cleanup_ns;
+ }
- // Step 8: Start the sandbox container.
- StartSandboxContainer(response_id, error);
- if (error.NotEmpty()) {
- goto cleanup_network;
+ StartSandboxContainer(response_id, error);
+ if (error.NotEmpty()) {
+ goto cleanup_network;
+ }
+ } else {
+ // Step 7.2: (Default)Start the sandbox container, and then setup networking for the sandbox.
+ StartSandboxContainer(response_id, error);
+ if (error.NotEmpty()) {
+ goto cleanup_ns;
+ }
+
+ SetupSandboxNetwork(config, response_id, inspect_data, networkOptions, stdAnnos, network_setting_json, error);
+ if (error.NotEmpty()) {
+ goto cleanup_ns;
+ }
}
- // Step 9: Save network settings json to disk
+ // Step 8: Save network settings json to disk
if (namespace_is_cni(inspect_data->host_config->network_mode)) {
Errors tmpErr;
UpdatePodSandboxNetworkSettings(response_id, network_setting_json, tmpErr);
diff --git a/src/daemon/modules/spec/specs.c b/src/daemon/modules/spec/specs.c
index 122f9992..f0538e26 100644
--- a/src/daemon/modules/spec/specs.c
+++ b/src/daemon/modules/spec/specs.c
@@ -1601,7 +1601,7 @@ static int merge_share_network_namespace(const oci_runtime_spec *oci_spec, const
int ret = 0;
char *ns_path = NULL;
- if (host_spec->network_mode == NULL) {
+ if (host_spec->network_mode == NULL || strlen(host_spec->network_mode) == 0) {
return 0;
}
diff --git a/src/utils/cutils/utils_file.c b/src/utils/cutils/utils_file.c
index 6fc6852d..90bb156f 100644
--- a/src/utils/cutils/utils_file.c
+++ b/src/utils/cutils/utils_file.c
@@ -85,7 +85,7 @@ bool util_file_exists(const char *f)
struct stat buf;
int nret;
- if (f == NULL) {
+ if (f == NULL || strlen(f) == 0) {
return false;
}
--
2.25.1

28
0106-Revert-use-isula_clean_path-rather-than-realpath.patch Normal file
View File

@ -0,0 +1,28 @@
From f690c9a2dff298b41dc607e4ea6dd09113a322fb Mon Sep 17 00:00:00 2001
From: jikai <jikai11@huawei.com>
Date: Thu, 6 Jun 2024 02:13:36 +0000
Subject: [PATCH 106/108] Revert "use isula_clean_path rather than realpath"
This reverts commit 60a2b15e0090018b7850b37369964bf62e253419.
Signed-off-by: jikai <jikai11@huawei.com>
---
src/cmd/isulad-shim/process.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/cmd/isulad-shim/process.c b/src/cmd/isulad-shim/process.c
index dd41c77f..18fae03f 100644
--- a/src/cmd/isulad-shim/process.c
+++ b/src/cmd/isulad-shim/process.c
@@ -489,7 +489,7 @@ static bool attach_fifopath_security_check(process_t *p, const char *fifopath)
return false;
}
- if (isula_clean_path(fifopath, real_path, sizeof(real_path)) == NULL) {
+ if (realpath(fifopath, real_path) == NULL) {
ERROR("Failed to get realpath for '%s': %d.", real_path, SHIM_SYS_ERR(errno));
return false;
}
--
2.25.1

28
0107-bugfix-for-start-sandbox-before-setup-network-by-def.patch Normal file
View File

@ -0,0 +1,28 @@
From 63f4f9bc9c36825d85a14f6a33102194d30e12a7 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Fri, 7 Jun 2024 02:24:49 +1400
Subject: [PATCH 107/108] bugfix for start sandbox before setup network by
default
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
.../entry/cri/v1alpha/cri_pod_sandbox_manager_service.cc | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/daemon/entry/cri/v1alpha/cri_pod_sandbox_manager_service.cc b/src/daemon/entry/cri/v1alpha/cri_pod_sandbox_manager_service.cc
index f852f4df..bc3f4031 100644
--- a/src/daemon/entry/cri/v1alpha/cri_pod_sandbox_manager_service.cc
+++ b/src/daemon/entry/cri/v1alpha/cri_pod_sandbox_manager_service.cc
@@ -677,6 +677,9 @@ auto PodSandboxManagerService::RunPodSandbox(const runtime::v1alpha2::PodSandbox
SetupSandboxNetwork(config, response_id, inspect_data, networkOptions, stdAnnos, network_setting_json, error);
if (error.NotEmpty()) {
+ Errors stopError;
+ StopContainerHelper(response_id, stopError);
+ WARN("Error stop container: %s: %s", response_id.c_str(), stopError.GetCMessage());
goto cleanup_ns;
}
}
--
2.25.1

59
0108-skip-test-rely-on-docker.io.patch Normal file
View File

@ -0,0 +1,59 @@
From d3e7b0b0d19ca4937716d835e3627714157d6cc3 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Tue, 11 Jun 2024 17:14:58 +0800
Subject: [PATCH 108/108] skip test rely on docker.io
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
CI/test_cases/image_cases/image_search.sh | 4 +++-
CI/test_cases/image_cases/integration_check.sh | 2 +-
CI/test_cases/image_cases/registry.sh | 5 +++--
3 files changed, 7 insertions(+), 4 deletions(-)
diff --git a/CI/test_cases/image_cases/image_search.sh b/CI/test_cases/image_cases/image_search.sh
index 11af02f1..4bf0e099 100755
--- a/CI/test_cases/image_cases/image_search.sh
+++ b/CI/test_cases/image_cases/image_search.sh
@@ -76,7 +76,9 @@ function test_image_search()
declare -i ans=0
-test_image_search || ((ans++))
+# unable to pull image from docker.io without agent, skip this test
+# registry API v1 is not implemented in https://3laho3y3.mirror.aliyuncs.com and isula search cannot be tested
+# test_image_search || ((ans++))
show_result ${ans} "${curr_path}/${0}"
diff --git a/CI/test_cases/image_cases/integration_check.sh b/CI/test_cases/image_cases/integration_check.sh
index 6ec3ab52..f340348d 100755
--- a/CI/test_cases/image_cases/integration_check.sh
+++ b/CI/test_cases/image_cases/integration_check.sh
@@ -27,7 +27,7 @@ image="busybox"
function test_image_info()
{
local ret=0
- local uimage="docker.io/library/nats"
+ local uimage="nats"
local test="list && inspect image info test => (${FUNCNAME[@]})"
local lid
local cid
diff --git a/CI/test_cases/image_cases/registry.sh b/CI/test_cases/image_cases/registry.sh
index e33983d6..7ea9a0c5 100755
--- a/CI/test_cases/image_cases/registry.sh
+++ b/CI/test_cases/image_cases/registry.sh
@@ -74,8 +74,9 @@ function isula_pull()
isula run --rm -ti busybox echo hello 2>&1 | grep pulling
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - --pull missing failed" && ((ret++))
- isula pull docker.io/library/busybox:latest
- [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - --pull docker.io/library/busybox:latest failed" && ((ret++))
+ # Unable to pull image from docker.io without agent, skip this test
+ # isula pull docker.io/library/busybox:latest
+ # [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - --pull docker.io/library/busybox:latest failed" && ((ret++))
isula pull 3laho3y3.mirror.aliyuncs.com/library/busybox
fn_check_eq "$?" "0" "isula pull 3laho3y3.mirror.aliyuncs.com/library/busybox"
--
2.25.1

26
0109-modify-default-registry-mirrors-in-ci-test.patch Normal file
View File

@ -0,0 +1,26 @@
From d6284e5e786e1407c2ce5ef098a39c154650bd38 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Wed, 12 Jun 2024 10:57:39 +0800
Subject: [PATCH 109/149] modify default registry mirrors in ci test
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
CI/test_cases/container_cases/test_data/daemon.json | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/CI/test_cases/container_cases/test_data/daemon.json b/CI/test_cases/container_cases/test_data/daemon.json
index 2664c6b2..ab7d0360 100644
--- a/CI/test_cases/container_cases/test_data/daemon.json
+++ b/CI/test_cases/container_cases/test_data/daemon.json
@@ -24,7 +24,7 @@
"overlay2.override_kernel_check=true"
],
"registry-mirrors": [
- "docker.io"
+ "https://3laho3y3.mirror.aliyuncs.com"
],
"insecure-registries": [
],
--
2.25.1

25
0110-add-timestamp-in-PodSandboxStatu-response.patch Normal file
View File

@ -0,0 +1,25 @@
From 5087d7501308660970aa9e7c12cf5be7a3d9b063 Mon Sep 17 00:00:00 2001
From: jikai <jikai11@huawei.com>
Date: Wed, 12 Jun 2024 15:20:17 +0000
Subject: [PATCH 110/149] add timestamp in PodSandboxStatu response
Signed-off-by: jikai <jikai11@huawei.com>
---
src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc b/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc
index fa726e2c..2a458a6d 100644
--- a/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc
+++ b/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc
@@ -910,6 +910,7 @@ void PodSandboxManagerService::PodSandboxStatus(const std::string &podSandboxID,
for (auto &containerStatus : containerStatuses) {
*(reply->add_containers_statuses()) = *containerStatus;
}
+ reply->set_timestamp(util_get_now_time_nanos());
return;
}
--
2.25.1

75
0111-bugfix-for-file-param-verify.patch Normal file
View File

@ -0,0 +1,75 @@
From d0fd2c2bf87d7befaa8810a70d7eb2061664f02f Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Fri, 14 Jun 2024 09:55:28 +0800
Subject: [PATCH 111/149] bugfix for file param verify
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
src/cmd/isula/base/create.c | 19 +++++++++++++++++++
src/cmd/isula/images/load.c | 6 ++++++
2 files changed, 25 insertions(+)
diff --git a/src/cmd/isula/base/create.c b/src/cmd/isula/base/create.c
index 543b8fd6..b04dddb5 100644
--- a/src/cmd/isula/base/create.c
+++ b/src/cmd/isula/base/create.c
@@ -292,6 +292,12 @@ static int append_env_variables_to_conf(const char *env_file, isula_container_co
int ret = 0;
size_t file_size;
+ if (util_dir_exists(env_file)) {
+ COMMAND_ERROR("Env file is a directory: %s", env_file);
+ ret = -1;
+ goto out;
+ }
+
if (!util_file_exists(env_file)) {
COMMAND_ERROR("env file not exists: %s", env_file);
ret = -1;
@@ -427,6 +433,12 @@ static int append_labels_to_conf(const char *label_file, isula_container_config_
int ret = 0;
size_t file_size;
+ if (util_dir_exists(label_file)) {
+ COMMAND_ERROR("Label file is a directory: %s", label_file);
+ ret = -1;
+ goto out;
+ }
+
if (!util_file_exists(label_file)) {
COMMAND_ERROR("label file not exists: %s", label_file);
ret = -1;
@@ -2357,6 +2369,13 @@ static int create_check_env_target_file(const struct client_arguments *args)
ret = -1;
goto out;
}
+
+ if (util_dir_exists(env_path)) {
+ COMMAND_ERROR("Env target file is a directory: %s", env_path);
+ ret = -1;
+ goto out;
+ }
+
if (!util_file_exists(env_path)) {
goto out;
}
diff --git a/src/cmd/isula/images/load.c b/src/cmd/isula/images/load.c
index 314e5d5e..cb39dee7 100644
--- a/src/cmd/isula/images/load.c
+++ b/src/cmd/isula/images/load.c
@@ -162,6 +162,12 @@ int cmd_load_main(int argc, const char **argv)
g_cmd_load_args.file = file;
}
+ if (util_dir_exists(g_cmd_load_args.file)) {
+ COMMAND_ERROR("Load file is a directory: %s", g_cmd_load_args.file);
+ ret = -1;
+ exit(exit_code);
+ }
+
if (!util_file_exists(g_cmd_load_args.file)) {
COMMAND_ERROR("File %s is not exist", g_cmd_load_args.file);
exit(exit_code);
--
2.25.1

26
0112-bugfix-change-cni-log-info.patch Normal file
View File

@ -0,0 +1,26 @@
From 359a6673e01bef937adcc17f99ee94b67caca32e Mon Sep 17 00:00:00 2001
From: liuxu <liuxu156@huawei.com>
Date: Fri, 14 Jun 2024 17:12:58 +0800
Subject: [PATCH 112/149] bugfix:change cni log info
Signed-off-by: liuxu <liuxu156@huawei.com>
---
.../modules/network/cni_operator/libcni/invoke/libcni_exec.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/daemon/modules/network/cni_operator/libcni/invoke/libcni_exec.c b/src/daemon/modules/network/cni_operator/libcni/invoke/libcni_exec.c
index 74d6d74a..1e4a7138 100644
--- a/src/daemon/modules/network/cni_operator/libcni/invoke/libcni_exec.c
+++ b/src/daemon/modules/network/cni_operator/libcni/invoke/libcni_exec.c
@@ -247,7 +247,7 @@ static char *env_stringify(char *(*pargs)[2], size_t len)
bool invalid_arg = (pargs == NULL || len == 0);
if (invalid_arg) {
- ERROR("Invalid arguments");
+ DEBUG("Empty arguments");
return NULL;
}
--
2.25.1

43
0113-move-shutdown-handle-after-init-module.patch Normal file
View File

@ -0,0 +1,43 @@
From 0ae6244c6bfed229a46d300888977a4967e1d718 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Wed, 19 Jun 2024 09:50:51 +0800
Subject: [PATCH 113/149] move shutdown handle after init module
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
src/cmd/isulad/main.c | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/src/cmd/isulad/main.c b/src/cmd/isulad/main.c
index 3e2249d7..52ac3172 100644
--- a/src/cmd/isulad/main.c
+++ b/src/cmd/isulad/main.c
@@ -1669,11 +1669,6 @@ static int start_daemon_threads()
{
int ret = -1;
- if (new_shutdown_handler()) {
- ERROR("Create new shutdown handler thread failed");
- goto out;
- }
-
if (events_module_init() != 0) {
goto out;
}
@@ -1825,6 +1820,13 @@ int main(int argc, char **argv)
goto failure;
}
+ // after all modules are initialized, enable the shutdown handler to
+ // prevent shutdown handler from cleaning up incompletely initialized modules.
+ if (new_shutdown_handler()) {
+ ERROR("Create new shutdown handler thread failed");
+ goto failure;
+ }
+
#ifdef ENABLE_PLUGIN
if (start_plugin_manager()) {
ERROR("Failed to init plugin_manager");
--
2.25.1

56
0114-bugfix-for-null-pointer-reference.patch Normal file
View File

@ -0,0 +1,56 @@
From 701180b53d1c52376f753b94c5cf09987ae789b3 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Tue, 18 Jun 2024 16:02:25 +0800
Subject: [PATCH 114/149] bugfix for null pointer reference
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
src/daemon/entry/connect/grpc/grpc_service.cc | 14 ++++++++++++--
1 file changed, 12 insertions(+), 2 deletions(-)
diff --git a/src/daemon/entry/connect/grpc/grpc_service.cc b/src/daemon/entry/connect/grpc/grpc_service.cc
index 1d8de922..300af082 100644
--- a/src/daemon/entry/connect/grpc/grpc_service.cc
+++ b/src/daemon/entry/connect/grpc/grpc_service.cc
@@ -100,7 +100,9 @@ public:
{
// Wait for the server to shutdown. Note that some other thread must be
// responsible for shutting down the server for this call to ever return.
- m_server->Wait();
+ if (m_server != nullptr) {
+ m_server->Wait();
+ }
// Wait for stream server to shutdown
m_criService.Wait();
@@ -109,7 +111,9 @@ public:
void Shutdown(void)
{
// call CRI to shutdown stream server, shutdown cri first to notify events thread to exit
- m_criService.Shutdown();
+ if (m_server != nullptr) {
+ m_server->Shutdown();
+ }
m_server->Shutdown();
@@ -242,10 +246,16 @@ int grpc_server_init(const struct service_arguments *args)
void grpc_server_wait(void)
{
+ if (g_grpcserver == nullptr) {
+ return;
+ }
g_grpcserver->Wait();
}
void grpc_server_shutdown(void)
{
+ if (g_grpcserver == nullptr) {
+ return;
+ }
g_grpcserver->Shutdown();
}
--
2.25.1

33
0115-bugfix-for-m_criService-shutdown.patch Normal file
View File

@ -0,0 +1,33 @@
From 93b1df1a1d3fcf6d285102f3cc1f79e6241aa393 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Thu, 4 Jul 2024 10:58:38 +0800
Subject: [PATCH 115/149] bugfix for m_criService shutdown
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
src/daemon/entry/connect/grpc/grpc_service.cc | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/daemon/entry/connect/grpc/grpc_service.cc b/src/daemon/entry/connect/grpc/grpc_service.cc
index 300af082..fb5ec3cb 100644
--- a/src/daemon/entry/connect/grpc/grpc_service.cc
+++ b/src/daemon/entry/connect/grpc/grpc_service.cc
@@ -111,12 +111,12 @@ public:
void Shutdown(void)
{
// call CRI to shutdown stream server, shutdown cri first to notify events thread to exit
+ m_criService.Shutdown();
+
if (m_server != nullptr) {
m_server->Shutdown();
}
-
- m_server->Shutdown();
-
+
// Shutdown daemon, this operation should remove socket file.
for (const auto &address : m_socketPath) {
if (address.find(UNIX_SOCKET_PREFIX) == 0) {
--
2.25.1

54
0116-fix-bug-in-ci-test.patch Normal file
View File

@ -0,0 +1,54 @@
From c7cf33c432b3d9479b2fe365169d4b9a37cae8f7 Mon Sep 17 00:00:00 2001
From: jikai <jikai11@huawei.com>
Date: Tue, 9 Jul 2024 12:30:01 +0000
Subject: [PATCH 116/149] fix bug in ci test
Signed-off-by: jikai <jikai11@huawei.com>
---
CI/test_cases/container_cases/run.sh | 6 +++---
CI/test_cases/helpers.sh | 5 +++--
2 files changed, 6 insertions(+), 5 deletions(-)
diff --git a/CI/test_cases/container_cases/run.sh b/CI/test_cases/container_cases/run.sh
index 1bfd388b..ef04b547 100755
--- a/CI/test_cases/container_cases/run.sh
+++ b/CI/test_cases/container_cases/run.sh
@@ -26,9 +26,9 @@ source ../helpers.sh
function do_test_t()
{
tid=`isula run --runtime $1 -tid --name hostname busybox`
- chostname=`isula exec -it $tid hostname`
- clean_hostname=$(echo "$hostname" | sed 's/[\x01-\x1F\x7F]//g')
- fn_check_eq "${clean_hostname}" "${tid:0:12}" "default hostname is not id of container"
+ # should not use -it option, otherwise the hostname will containe special characters such as '$' or '\r'
+ hostname=`isula exec $tid hostname`
+ fn_check_eq "${hostname}" "${tid:0:12}" "default hostname is not id of container"
isula exec -it hostname env | grep HOSTNAME
fn_check_eq "$?" "0" "check HOSTNAME env failed"
isula stop -t 0 $tid
diff --git a/CI/test_cases/helpers.sh b/CI/test_cases/helpers.sh
index c5eba8a2..0288b4ea 100755
--- a/CI/test_cases/helpers.sh
+++ b/CI/test_cases/helpers.sh
@@ -52,15 +52,16 @@ function cut_output_lines() {
return $retval
}
+# use string compare to check the result
function fn_check_eq() {
- if [[ "$1" -ne "$2" ]];then
+ if [ "x$1" != "x$2" ];then
echo "$3"
TC_RET_T=$(($TC_RET_T+1))
fi
}
function fn_check_ne() {
- if [[ "$1" -eq "$2" ]];then
+ if [[ "x$1" == "x$2" ]];then
echo "$3"
TC_RET_T=$(($TC_RET_T+1))
fi
--
2.25.1

502
0117-add-nri-design-doc.patch Normal file
View File

File diff suppressed because one or more lines are too long

1051
0118-NRI-add-nri-head-file-and-common-func.patch Normal file
View File

File diff suppressed because it is too large Load Diff

51
0119-skip-calling-cni-plugin-cleanup-when-network-namespa.patch Normal file
View File

@ -0,0 +1,51 @@
From ee720f966fdf14a99b8ebc685f3948bb8b29ba73 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Tue, 13 Aug 2024 10:56:44 +0800
Subject: [PATCH 119/149] skip calling cni plugin cleanup when network
namespace is not mounted
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
.../entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc | 7 +++++++
.../entry/cri/v1alpha/cri_pod_sandbox_manager_service.cc | 7 +++++++
2 files changed, 14 insertions(+)
diff --git a/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc b/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc
index 2a458a6d..77faf48a 100644
--- a/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc
+++ b/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc
@@ -435,6 +435,13 @@ void PodSandboxManagerService::ClearCniNetwork(const std::shared_ptr<sandbox::Sa
return;
}
+ // If the network namespace is not mounted, the network has been cleaned up
+ // and there is no need to call the cni plugin.
+ if (!util_detect_mounted(sandboxKey.c_str())) {
+ WARN("Network namespace %s not exist", sandboxKey.c_str());
+ return;
+ }
+
const auto config = sandbox->GetSandboxConfig();
std::map<std::string, std::string> stdAnnos;
CRIHelpers::ProtobufAnnoMapToStd(config.annotations(), stdAnnos);
diff --git a/src/daemon/entry/cri/v1alpha/cri_pod_sandbox_manager_service.cc b/src/daemon/entry/cri/v1alpha/cri_pod_sandbox_manager_service.cc
index bc3f4031..5590827e 100644
--- a/src/daemon/entry/cri/v1alpha/cri_pod_sandbox_manager_service.cc
+++ b/src/daemon/entry/cri/v1alpha/cri_pod_sandbox_manager_service.cc
@@ -848,6 +848,13 @@ auto PodSandboxManagerService::ClearCniNetwork(const std::string &realSandboxID,
goto cleanup;
}
+ // If the network namespace is not mounted, the network has been cleaned up
+ // and there is no need to call the cni plugin.
+ if (!util_detect_mounted(netnsPath.c_str())) {
+ WARN("Network namespace %s not exist", netnsPath.c_str());
+ goto cleanup;
+ }
+
stdAnnos.insert(std::pair<std::string, std::string>(CRIHelpers::Constants::POD_SANDBOX_KEY, netnsPath));
pluginErr.Clear();
m_pluginManager->TearDownPod(ns, name, Network::DEFAULT_NETWORK_INTERFACE_NAME, realSandboxID, stdAnnos,
--
2.25.1

2254
0120-nri-add-convert-and-utils-impl-for-nri.patch Normal file
View File

File diff suppressed because it is too large Load Diff

72
0121-get-realpath-before-ns-mountpoint-verification.patch Normal file
View File

@ -0,0 +1,72 @@
From 6357caaf6bcf413b58e587fe3df5c508275713ee Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Thu, 15 Aug 2024 19:21:19 +1400
Subject: [PATCH 121/149] get realpath before ns mountpoint verification
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
.../entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc | 9 +++++++--
.../entry/cri/v1alpha/cri_pod_sandbox_manager_service.cc | 9 +++++++--
2 files changed, 14 insertions(+), 4 deletions(-)
diff --git a/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc b/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc
index 77faf48a..3ece885f 100644
--- a/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc
+++ b/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc
@@ -424,6 +424,7 @@ cleanup_sandbox:
void PodSandboxManagerService::ClearCniNetwork(const std::shared_ptr<sandbox::Sandbox> sandbox, Errors &error)
{
+ char real_path[PATH_MAX] = { 0 };
std::string networkMode = sandbox->GetNetMode();
if (!namespace_is_cni(networkMode.c_str()) || !sandbox->GetNetworkReady()) {
return;
@@ -435,10 +436,14 @@ void PodSandboxManagerService::ClearCniNetwork(const std::shared_ptr<sandbox::Sa
return;
}
+ if (realpath(sandboxKey.c_str(), real_path) == NULL) {
+ ERROR("Failed to get %s realpath", sandboxKey.c_str());
+ }
+
// If the network namespace is not mounted, the network has been cleaned up
// and there is no need to call the cni plugin.
- if (!util_detect_mounted(sandboxKey.c_str())) {
- WARN("Network namespace %s not exist", sandboxKey.c_str());
+ if (strlen(real_path) != 0 && !util_detect_mounted(real_path)) {
+ ERROR("Network namespace %s not exist", real_path);
return;
}
diff --git a/src/daemon/entry/cri/v1alpha/cri_pod_sandbox_manager_service.cc b/src/daemon/entry/cri/v1alpha/cri_pod_sandbox_manager_service.cc
index 5590827e..1c343cda 100644
--- a/src/daemon/entry/cri/v1alpha/cri_pod_sandbox_manager_service.cc
+++ b/src/daemon/entry/cri/v1alpha/cri_pod_sandbox_manager_service.cc
@@ -826,6 +826,7 @@ auto PodSandboxManagerService::ClearCniNetwork(const std::string &realSandboxID,
/*error*/) -> int
{
Errors networkErr;
+ char real_path[PATH_MAX] = { 0 };
bool ready = GetNetworkReady(realSandboxID, networkErr);
if (hostNetwork || (!ready && networkErr.Empty())) {
@@ -848,10 +849,14 @@ auto PodSandboxManagerService::ClearCniNetwork(const std::string &realSandboxID,
goto cleanup;
}
+ if (realpath(netnsPath.c_str(), real_path) == NULL) {
+ ERROR("Failed to get %s realpath", netnsPath.c_str());
+ }
+
// If the network namespace is not mounted, the network has been cleaned up
// and there is no need to call the cni plugin.
- if (!util_detect_mounted(netnsPath.c_str())) {
- WARN("Network namespace %s not exist", netnsPath.c_str());
+ if (strlen(real_path) != 0 && !util_detect_mounted(real_path)) {
+ ERROR("Network namespace %s not exist", real_path);
goto cleanup;
}
--
2.25.1

4724
0122-nri-impl-for-nri-plugin-and-adaption.patch Normal file
View File

File diff suppressed because it is too large Load Diff

287
0123-code-improve-for-codecheck.patch Normal file
View File

@ -0,0 +1,287 @@
From 8e442712354a9d4f766d1f90b018fd1246cb9ef2 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Wed, 4 Sep 2024 16:26:59 +1400
Subject: [PATCH 123/149] code improve for codecheck
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
src/daemon/common/sysinfo.h | 8 ++++----
src/daemon/entry/cri/network_plugin.cc | 2 +-
src/daemon/mailbox/message_queue.h | 8 ++++----
src/daemon/mailbox/message_subscriber.h | 8 ++++++++
src/daemon/modules/runtime/shim/shim_rt_monitor.cc | 2 ++
src/daemon/nri/nri_adaption.h | 1 -
src/daemon/sandbox/sandbox_manager.cc | 5 ++---
src/utils/cutils/blocking_queue.h | 2 +-
src/utils/cutils/utils_aes.h | 2 +-
src/utils/cutils/utils_cap.h | 7 +++----
src/utils/cutils/utils_fs.h | 2 +-
src/utils/cutils/utils_network.c | 2 ++
src/utils/cutils/utils_string.h | 3 +--
src/utils/tar/util_archive.h | 5 ++---
src/utils/tar/util_gzip.h | 2 +-
15 files changed, 33 insertions(+), 26 deletions(-)
diff --git a/src/daemon/common/sysinfo.h b/src/daemon/common/sysinfo.h
index 6142487b..e6bb7f95 100644
--- a/src/daemon/common/sysinfo.h
+++ b/src/daemon/common/sysinfo.h
@@ -15,16 +15,16 @@
#ifndef DAEMON_COMMON_SYSINFO_H
#define DAEMON_COMMON_SYSINFO_H
-#ifdef __cplusplus
-extern "C" {
-#endif
-
#include <stdbool.h>
#include <stdint.h>
#include <isula_libutils/auto_cleanup.h>
#include "cgroup.h"
+#ifdef __cplusplus
+extern "C" {
+#endif
+
typedef struct {
// Number of processors currently online (i.e., available).
int ncpus;
diff --git a/src/daemon/entry/cri/network_plugin.cc b/src/daemon/entry/cri/network_plugin.cc
index f8f9c7e6..439d0224 100644
--- a/src/daemon/entry/cri/network_plugin.cc
+++ b/src/daemon/entry/cri/network_plugin.cc
@@ -198,7 +198,7 @@ void InitNetworkPlugin(std::vector<std::shared_ptr<NetworkPlugin>> *plugins, std
if (networkPluginName.empty()) {
DEBUG("network plugin name empty");
- *result = std::shared_ptr<NetworkPlugin>(new (std::nothrow) NoopNetworkPlugin);
+ *result = std::make_shared<NoopNetworkPlugin>();
if (*result == nullptr) {
ERROR("Out of memory");
return;
diff --git a/src/daemon/mailbox/message_queue.h b/src/daemon/mailbox/message_queue.h
index 7905840f..c9bbc9e2 100644
--- a/src/daemon/mailbox/message_queue.h
+++ b/src/daemon/mailbox/message_queue.h
@@ -16,10 +16,6 @@
#ifndef DAEMON_MESSAGE_MESSAGE_QUEUE_H
#define DAEMON_MESSAGE_MESSAGE_QUEUE_H
-#ifdef __cplusplus
-extern "C" {
-#endif
-
#include <pthread.h>
#include "blocking_queue.h"
@@ -27,6 +23,10 @@ extern "C" {
#include "map.h"
#include "message_subscriber.h"
+#ifdef __cplusplus
+extern "C" {
+#endif
+
typedef struct message_queue {
blocking_queue *messages;
diff --git a/src/daemon/mailbox/message_subscriber.h b/src/daemon/mailbox/message_subscriber.h
index de4574d9..2987b60d 100644
--- a/src/daemon/mailbox/message_subscriber.h
+++ b/src/daemon/mailbox/message_subscriber.h
@@ -19,6 +19,10 @@
#include "blocking_queue.h"
#include "mailbox_message.h"
+#ifdef __cplusplus
+extern "C" {
+#endif
+
typedef struct {
blocking_queue *queue;
} message_subscriber;
@@ -38,4 +42,8 @@ define_auto_cleanup_callback(message_subscriber_destroy, message_subscriber);
// define auto free macro for blocking queue
#define __isula_auto_subscriber auto_cleanup_tag(message_subscriber_destroy)
+#ifdef __cplusplus
+}
+#endif
+
#endif
diff --git a/src/daemon/modules/runtime/shim/shim_rt_monitor.cc b/src/daemon/modules/runtime/shim/shim_rt_monitor.cc
index 2547a206..97f5cd68 100644
--- a/src/daemon/modules/runtime/shim/shim_rt_monitor.cc
+++ b/src/daemon/modules/runtime/shim/shim_rt_monitor.cc
@@ -30,6 +30,8 @@
#include "utils.h"
#include "error.h"
+// The shim v2 header file needs to be modified to
+// use extern "C" to wrap external functions.
extern "C" {
#include <shim_v2.h>
}
diff --git a/src/daemon/nri/nri_adaption.h b/src/daemon/nri/nri_adaption.h
index 27a6d93e..6bd41941 100644
--- a/src/daemon/nri/nri_adaption.h
+++ b/src/daemon/nri/nri_adaption.h
@@ -16,7 +16,6 @@
#ifndef DAEMON_NRI_PLUGIN_NRI_ADAPTION_H
#define DAEMON_NRI_PLUGIN_NRI_ADAPTION_H
-// #include "read_write_lock.h"
#include <isula_libutils/nri_update_containers_request.h>
#include <isula_libutils/nri_update_containers_response.h>
diff --git a/src/daemon/sandbox/sandbox_manager.cc b/src/daemon/sandbox/sandbox_manager.cc
index cee444f4..4159993f 100644
--- a/src/daemon/sandbox/sandbox_manager.cc
+++ b/src/daemon/sandbox/sandbox_manager.cc
@@ -109,8 +109,7 @@ auto SandboxManager::CreateSandbox(const std::string &name, RuntimeInfo &info, s
return nullptr;
}
- sandbox = std::shared_ptr<Sandbox>(new Sandbox(id, m_rootdir, m_statedir, name, info, netMode, netNsPath,
- sandboxConfig, image));
+ sandbox = std::make_shared<Sandbox>(id, m_rootdir, m_statedir, name, info, netMode, netNsPath, sandboxConfig, image);
if (sandbox == nullptr) {
ERROR("Failed to malloc for sandbox: %s", name.c_str());
error.Errorf("Failed to malloc for sandbox: %s", name.c_str());
@@ -452,7 +451,7 @@ auto SandboxManager::LoadSandbox(std::string &id) -> std::shared_ptr<Sandbox>
return nullptr;
}
- sandbox = std::shared_ptr<Sandbox>(new Sandbox(id, m_rootdir, m_statedir));
+ sandbox = std::make_shared<Sandbox>(id, m_rootdir, m_statedir);
if (sandbox == nullptr) {
ERROR("Failed to malloc for sandboxes: %s", id.c_str());
return nullptr;
diff --git a/src/utils/cutils/blocking_queue.h b/src/utils/cutils/blocking_queue.h
index 257779c3..e6931501 100644
--- a/src/utils/cutils/blocking_queue.h
+++ b/src/utils/cutils/blocking_queue.h
@@ -26,7 +26,7 @@
extern "C" {
#endif
-#define BLOCKING_QUEUE_NO_TIMEOUT -1
+#define BLOCKING_QUEUE_NO_TIMEOUT (-1)
typedef struct blocking_node {
void *data;
diff --git a/src/utils/cutils/utils_aes.h b/src/utils/cutils/utils_aes.h
index bd2c2065..8ff6dad8 100644
--- a/src/utils/cutils/utils_aes.h
+++ b/src/utils/cutils/utils_aes.h
@@ -26,7 +26,7 @@ extern "C" {
#define AES_256_CFB_KEY_LEN 32
#define AES_256_CFB_IV_LEN 16
-int util_aes_key(const char *key_path, bool create, unsigned char *aeskey);
+int util_aes_key(const char *key_file, bool create, unsigned char *aeskey);
// note: Input bytes is "IV+data", "bytes+AES_256_CFB_IV_LEN" is the real data to be encoded.
// The output length is the input "len" and add the '\0' after end of the length.
diff --git a/src/utils/cutils/utils_cap.h b/src/utils/cutils/utils_cap.h
index de63d070..c7e78ac2 100644
--- a/src/utils/cutils/utils_cap.h
+++ b/src/utils/cutils/utils_cap.h
@@ -16,14 +16,13 @@
#ifndef UTILS_CUTILS_UTILS_CAP_H
#define UTILS_CUTILS_UTILS_CAP_H
+#include <stdbool.h>
+#include <stddef.h>
+
#ifdef __cplusplus
extern "C" {
#endif
-#include <stdbool.h>
-#include <stddef.h>
-#include <linux/capability.h>
-
bool util_valid_cap(const char *cap);
/**
diff --git a/src/utils/cutils/utils_fs.h b/src/utils/cutils/utils_fs.h
index c44fed8c..438af416 100644
--- a/src/utils/cutils/utils_fs.h
+++ b/src/utils/cutils/utils_fs.h
@@ -34,7 +34,7 @@ bool util_detect_mounted(const char *path);
int util_ensure_mounted_as(const char *dst, const char *mntopts);
int util_mount_from(const char *base, const char *src, const char *dst, const char *mtype, const char *mntopts);
typedef int (*mount_info_call_back_t)(const char *, const char *);
-bool util_deal_with_mount_info(mount_info_call_back_t cb, const char *);
+bool util_deal_with_mount_info(mount_info_call_back_t cb, const char *pattern);
bool util_check_readonly_fs(const char *path);
#ifdef __cplusplus
}
diff --git a/src/utils/cutils/utils_network.c b/src/utils/cutils/utils_network.c
index bb6a2f87..be33ec87 100644
--- a/src/utils/cutils/utils_network.c
+++ b/src/utils/cutils/utils_network.c
@@ -801,6 +801,8 @@ static bool is_invalid_char(char c)
return true;
case ' ':
return true;
+ default:
+ return false;
}
return false;
}
diff --git a/src/utils/cutils/utils_string.h b/src/utils/cutils/utils_string.h
index 0de2266c..d37343d5 100644
--- a/src/utils/cutils/utils_string.h
+++ b/src/utils/cutils/utils_string.h
@@ -17,7 +17,6 @@
#define UTILS_CUTILS_UTILS_STRING_H
#include <stdbool.h>
#include <stddef.h>
-#include <stdint.h>
#include <sys/types.h>
#ifdef __cplusplus
@@ -48,7 +47,7 @@ char **util_string_split(const char *src_str, char _sep);
// note that every delimiter bytes is considered to be a single delimiter
char **util_string_split_multi(const char *src_str, char delim);
-char **util_string_split_n(const char *src_str, char delim, size_t n);
+char **util_string_split_n(const char *src, char sep, size_t n);
const char *util_str_skip_str(const char *str, const char *skip);
diff --git a/src/utils/tar/util_archive.h b/src/utils/tar/util_archive.h
index 8f0ab2a4..98597d53 100644
--- a/src/utils/tar/util_archive.h
+++ b/src/utils/tar/util_archive.h
@@ -53,9 +53,8 @@ int archive_chroot_tar(const char *path, const char *file, const char *root_dir,
int archive_chroot_tar_stream(const char *chroot_dir, const char *tar_path, const char *src_base,
const char *dst_base, const char *root_dir, struct io_read_wrapper *content);
-int archive_chroot_untar_stream(const struct io_read_wrapper *content, const char *chroot_dir,
- const char *untar_dir, const char *src_base, const char *dst_base,
- const char *root_dir, char **errmsg);
+int archive_chroot_untar_stream(const struct io_read_wrapper *context, const char *chroot_dir, const char *untar_dir,
+ const char *src_base, const char *dst_base, const char *root_dir, char **errmsg);
int archive_copy_oci_tar_split_and_ret_size(int src_fd, const char *dist_file, int64_t *ret_size);
diff --git a/src/utils/tar/util_gzip.h b/src/utils/tar/util_gzip.h
index 7d881e92..7797c5f9 100644
--- a/src/utils/tar/util_gzip.h
+++ b/src/utils/tar/util_gzip.h
@@ -26,7 +26,7 @@ extern "C" {
int util_gzip_z(const char *srcfile, const char *dstfile, const mode_t mode);
// Decompress
-int util_gzip_d(const char *srcfile, const FILE *destfp);
+int util_gzip_d(const char *srcfile, const FILE *dstfp);
/*
* compress file.
--
2.25.1

137
0124-change-pull-registry-to-hub.oepkgs.net.patch Normal file
View File

@ -0,0 +1,137 @@
From d6f7f7d3e2d644d2208ccc35f1de225b54c452a7 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Fri, 6 Sep 2024 17:45:58 +0800
Subject: [PATCH 124/149] change pull registry to hub.oepkgs.net
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
CI/make-and-install.sh | 4 ++--
.../container_cases/test_data/daemon.json | 2 +-
CI/test_cases/image_cases/image_digest.sh | 6 ++---
CI/test_cases/image_cases/image_search.sh | 2 +-
CI/test_cases/image_cases/registry.sh | 22 +++++++++----------
5 files changed, 18 insertions(+), 18 deletions(-)
diff --git a/CI/make-and-install.sh b/CI/make-and-install.sh
index 61281965..2c2a4241 100755
--- a/CI/make-and-install.sh
+++ b/CI/make-and-install.sh
@@ -95,7 +95,7 @@ cmake -DLIB_INSTALL_DIR=${restbuilddir}/lib -DCMAKE_INSTALL_PREFIX=${restbuilddi
make -j $(nproc)
make install
sed -i 's/"log-driver": "stdout"/"log-driver": "file"/g' ${restbuilddir}/etc/isulad/daemon.json
-sed -i "/registry-mirrors/a\ \"https://3laho3y3.mirror.aliyuncs.com\"" ${restbuilddir}/etc/isulad/daemon.json
+sed -i "/registry-mirrors/a\ \"https://hub.oepkgs.net\"" ${restbuilddir}/etc/isulad/daemon.json
#build grpc version
cd $ISULAD_COPY_PATH
@@ -110,4 +110,4 @@ fi
make -j $(nproc)
make install
sed -i 's/"log-driver": "stdout"/"log-driver": "file"/g' ${builddir}/etc/isulad/daemon.json
-sed -i "/registry-mirrors/a\ \"https://3laho3y3.mirror.aliyuncs.com\"" ${builddir}/etc/isulad/daemon.json
+sed -i "/registry-mirrors/a\ \"https://hub.oepkgs.net\"" ${builddir}/etc/isulad/daemon.json
diff --git a/CI/test_cases/container_cases/test_data/daemon.json b/CI/test_cases/container_cases/test_data/daemon.json
index ab7d0360..20b001c0 100644
--- a/CI/test_cases/container_cases/test_data/daemon.json
+++ b/CI/test_cases/container_cases/test_data/daemon.json
@@ -24,7 +24,7 @@
"overlay2.override_kernel_check=true"
],
"registry-mirrors": [
- "https://3laho3y3.mirror.aliyuncs.com"
+ "https://hub.oepkgs.net"
],
"insecure-registries": [
],
diff --git a/CI/test_cases/image_cases/image_digest.sh b/CI/test_cases/image_cases/image_digest.sh
index cc8b0e48..20774e07 100755
--- a/CI/test_cases/image_cases/image_digest.sh
+++ b/CI/test_cases/image_cases/image_digest.sh
@@ -25,9 +25,9 @@ source ../helpers.sh
function test_image_with_digest()
{
local ret=0
- local image="3laho3y3.mirror.aliyuncs.com/library/busybox"
- local image2="3laho3y3.mirror.aliyuncs.com/library/ubuntu"
- local image_digest="3laho3y3.mirror.aliyuncs.com/library/busybox@sha256:62ffc2ed7554e4c6d360bce40bbcf196573dd27c4ce080641a2c59867e732dee"
+ local image="hub.oepkgs.net/library/busybox"
+ local image2="hub.oepkgs.net/library/ubuntu"
+ local image_digest="hub.oepkgs.net/library/busybox@sha256:6066ca124f8c2686b7ae71aa1d6583b28c6dc3df3bdc386f2c89b92162c597d9"
local test="pull && inspect && tag image with digest test => (${FUNCNAME[@]})"
msg_info "${test} starting..."
diff --git a/CI/test_cases/image_cases/image_search.sh b/CI/test_cases/image_cases/image_search.sh
index 4bf0e099..9ac680ce 100755
--- a/CI/test_cases/image_cases/image_search.sh
+++ b/CI/test_cases/image_cases/image_search.sh
@@ -77,7 +77,7 @@ function test_image_search()
declare -i ans=0
# unable to pull image from docker.io without agent, skip this test
-# registry API v1 is not implemented in https://3laho3y3.mirror.aliyuncs.com and isula search cannot be tested
+# registry API v1 is not implemented in https://hub.oepkgs.net and isula search cannot be tested
# test_image_search || ((ans++))
show_result ${ans} "${curr_path}/${0}"
diff --git a/CI/test_cases/image_cases/registry.sh b/CI/test_cases/image_cases/registry.sh
index 7ea9a0c5..e56d99d3 100755
--- a/CI/test_cases/image_cases/registry.sh
+++ b/CI/test_cases/image_cases/registry.sh
@@ -78,8 +78,8 @@ function isula_pull()
# isula pull docker.io/library/busybox:latest
# [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - --pull docker.io/library/busybox:latest failed" && ((ret++))
- isula pull 3laho3y3.mirror.aliyuncs.com/library/busybox
- fn_check_eq "$?" "0" "isula pull 3laho3y3.mirror.aliyuncs.com/library/busybox"
+ isula pull hub.oepkgs.net/library/busybox
+ fn_check_eq "$?" "0" "isula pull hub.oepkgs.net/library/busybox"
rm -f /etc/isulad/daemon.json.bak
cp /etc/isulad/daemon.json /etc/isulad/daemon.json.bak
@@ -98,7 +98,7 @@ function isula_pull()
cp /etc/isulad/daemon.json.bak /etc/isulad/daemon.json
rm -f /etc/isulad/daemon.json.bak
- isula rmi 3laho3y3.mirror.aliyuncs.com/library/busybox
+ isula rmi hub.oepkgs.net/library/busybox
check_valgrind_log
fn_check_eq "$?" "0" "stop isulad with check valgrind"
@@ -109,12 +109,12 @@ function isula_pull()
function isula_login()
{
- isula login -u test -p test 3laho3y3.mirror.aliyuncs.com
- fn_check_eq "$?" "0" "isula login -u test -p test 3laho3y3.mirror.aliyuncs.com"
+ isula login -u isulaci -p iSula123 hub.oepkgs.net
+ fn_check_eq "$?" "0" "isula login -u isulaci -p iSula123 hub.oepkgs.net"
# double login for memory leak check
- isula login -u test -p test 3laho3y3.mirror.aliyuncs.com
- fn_check_eq "$?" "0" "isula login -u test -p test 3laho3y3.mirror.aliyuncs.com"
+ isula login -u isulaci -p iSula123 hub.oepkgs.net
+ fn_check_eq "$?" "0" "isula login -u isulaci -p iSula123 hub.oepkgs.net"
# use username/password to pull busybox for memmory leak check
isula pull busybox
@@ -123,12 +123,12 @@ function isula_login()
function isula_logout()
{
- isula logout 3laho3y3.mirror.aliyuncs.com
- fn_check_eq "$?" "0" "isula logout 3laho3y3.mirror.aliyuncs.com"
+ isula logout hub.oepkgs.net
+ fn_check_eq "$?" "0" "isula logout hub.oepkgs.net"
# double logout for memory leak check
- isula logout 3laho3y3.mirror.aliyuncs.com
- fn_check_eq "$?" "0" "isula logout 3laho3y3.mirror.aliyuncs.com"
+ isula logout hub.oepkgs.net
+ fn_check_eq "$?" "0" "isula logout hub.oepkgs.net"
}
function do_test_t()
--
2.25.1

216
0125-fix-clang-build-error.patch Normal file
View File

@ -0,0 +1,216 @@
From d141d8bfc7a602b0f139bef42a1c73dc673687de Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E6=AD=A6=E7=A7=AF=E8=B6=85?= <wujichao1@huawei.com>
Date: Mon, 21 Oct 2024 19:39:38 +0800
Subject: [PATCH] fix-clang-build-error
---
src/daemon/common/cri/cri_helpers.cc | 4 ++--
src/daemon/entry/cri/streams/stream_server.h | 4 ++--
.../entry/cri/v1/v1_cri_container_manager_service.cc | 2 +-
.../entry/cri/v1/v1_cri_image_manager_service_impl.cc | 2 +-
.../entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc | 10 +++++-----
src/daemon/entry/cri/v1/v1_cri_runtime_service_impl.h | 2 +-
.../entry/cri/v1alpha/cri_container_manager_service.cc | 2 +-
.../cri/v1alpha/cri_pod_sandbox_manager_service.cc | 6 +++---
src/daemon/sandbox/sandbox.cc | 2 +-
src/daemon/sandbox/sandbox_ops.cc | 2 +-
10 files changed, 18 insertions(+), 18 deletions(-)
diff --git a/src/daemon/common/cri/cri_helpers.cc b/src/daemon/common/cri/cri_helpers.cc
index 8117403c..a8cbd996 100644
--- a/src/daemon/common/cri/cri_helpers.cc
+++ b/src/daemon/common/cri/cri_helpers.cc
@@ -525,8 +525,8 @@ void RemoveContainerLogSymlink(const std::string &containerID, Errors &error)
if (!path.empty()) {
// Only remove the symlink when container log path is specified.
if (util_path_remove(path.c_str()) != 0 && errno != ENOENT) {
- SYSERROR("Failed to remove container %s log symlink %s.", containerID.c_str(), path);
- error.Errorf("Failed to remove container %s log symlink %s.", containerID.c_str(), path);
+ SYSERROR("Failed to remove container %s log symlink %s.", containerID.c_str(), path.c_str());
+ error.Errorf("Failed to remove container %s log symlink %s.", containerID.c_str(), path.c_str());
}
}
}
diff --git a/src/daemon/entry/cri/streams/stream_server.h b/src/daemon/entry/cri/streams/stream_server.h
index 81aa9987..028dfc84 100644
--- a/src/daemon/entry/cri/streams/stream_server.h
+++ b/src/daemon/entry/cri/streams/stream_server.h
@@ -17,6 +17,8 @@
#include "errors.h"
#include "url.h"
+url::URLDatum cri_stream_server_url(void);
+
#ifdef __cplusplus
extern "C" {
#endif
@@ -27,8 +29,6 @@ void cri_stream_server_wait(void);
void cri_stream_server_shutdown(void);
-url::URLDatum cri_stream_server_url(void);
-
#ifdef __cplusplus
}
#endif
diff --git a/src/daemon/entry/cri/v1/v1_cri_container_manager_service.cc b/src/daemon/entry/cri/v1/v1_cri_container_manager_service.cc
index d3fdd76a..1e84d14c 100644
--- a/src/daemon/entry/cri/v1/v1_cri_container_manager_service.cc
+++ b/src/daemon/entry/cri/v1/v1_cri_container_manager_service.cc
@@ -744,7 +744,7 @@ void ContainerManagerService::ListContainersToGRPC(container_list_response *resp
CRIHelpersV1::ContainerStatusToRuntime(Container_Status(response->containers[i]->status));
container->set_state(state);
- containers.push_back(move(container));
+ containers.push_back(std::move(container));
}
}
diff --git a/src/daemon/entry/cri/v1/v1_cri_image_manager_service_impl.cc b/src/daemon/entry/cri/v1/v1_cri_image_manager_service_impl.cc
index 71918706..561a40d5 100644
--- a/src/daemon/entry/cri/v1/v1_cri_image_manager_service_impl.cc
+++ b/src/daemon/entry/cri/v1/v1_cri_image_manager_service_impl.cc
@@ -149,7 +149,7 @@ void ImageManagerServiceImpl::list_images_to_grpc(im_list_response *response,
imagetool_image_summary *element = list_images->images[i];
conv_image_to_grpc(element, image);
- images.push_back(move(image));
+ images.push_back(std::move(image));
}
}
diff --git a/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc b/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc
index b629b1c3..a5f98619 100644
--- a/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc
+++ b/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc
@@ -536,7 +536,7 @@ auto PodSandboxManagerService::GetContainerListResponse(const std::string &readS
if (CRIHelpers::FiltersAddLabel(list_request->filters, CRIHelpers::Constants::SANDBOX_ID_LABEL_KEY,
readSandboxID) != 0) {
std::string tmp_errmsg = "Failed to add label in sandbox" + readSandboxID;
- ERROR(tmp_errmsg.c_str());
+ ERROR("%s", tmp_errmsg.c_str());
errors.push_back(tmp_errmsg);
return nullptr;
}
@@ -551,7 +551,7 @@ auto PodSandboxManagerService::GetContainerListResponse(const std::string &readS
}
if (ret != 0) {
if (list_response != nullptr && list_response->errmsg != nullptr) {
- ERROR(list_response->errmsg);
+ ERROR("%s", list_response->errmsg);
errors.push_back(list_response->errmsg);
} else {
ERROR("Failed to call list container callback");
@@ -1218,7 +1218,7 @@ void PodSandboxManagerService::PodSandboxStatsToGRPC(const std::string &id, cons
return;
}
- podStats = move(podStatsPtr);
+ podStats = std::move(podStatsPtr);
return;
}
@@ -1227,7 +1227,7 @@ auto PodSandboxManagerService::PodSandboxStats(const std::string &podSandboxID,
Errors &error) -> std::unique_ptr<runtime::v1::PodSandboxStats>
{
Errors tmpErr;
- cgroup_metrics_t cgroupMetrics { 0 };
+ cgroup_metrics_t cgroupMetrics {{ 0 }};
std::vector<Network::NetworkInterfaceStats> netMetrics;
std::map<std::string, std::string> annotations;
std::unique_ptr<runtime::v1::PodSandboxStats> podStats { nullptr };
@@ -1368,7 +1368,7 @@ void PodSandboxManagerService::ListPodSandboxStats(const runtime::v1::PodSandbox
continue;
}
- podsStats.push_back(move(podStats));
+ podsStats.push_back(std::move(podStats));
}
}
diff --git a/src/daemon/entry/cri/v1/v1_cri_runtime_service_impl.h b/src/daemon/entry/cri/v1/v1_cri_runtime_service_impl.h
index 3d93c7bb..33539a32 100644
--- a/src/daemon/entry/cri/v1/v1_cri_runtime_service_impl.h
+++ b/src/daemon/entry/cri/v1/v1_cri_runtime_service_impl.h
@@ -104,7 +104,7 @@ protected:
private:
std::string m_podSandboxImage;
std::shared_ptr<Network::PluginManager> m_pluginManager { nullptr };
- bool m_enablePodEvents;
+ [[maybe_unused]] bool m_enablePodEvents;
};
} // namespace CRIV1
#endif // DAEMON_ENTRY_CRI_V1_CRI_RUNTIME_SERVICE_IMPL_H
diff --git a/src/daemon/entry/cri/v1alpha/cri_container_manager_service.cc b/src/daemon/entry/cri/v1alpha/cri_container_manager_service.cc
index dbefa143..97acecd9 100644
--- a/src/daemon/entry/cri/v1alpha/cri_container_manager_service.cc
+++ b/src/daemon/entry/cri/v1alpha/cri_container_manager_service.cc
@@ -687,7 +687,7 @@ void ContainerManagerService::ListContainersToGRPC(container_list_response *resp
CRIHelpersV1Alpha::ContainerStatusToRuntime(Container_Status(response->containers[i]->status));
container->set_state(state);
- pods.push_back(move(container));
+ pods.push_back(std::move(container));
}
}
diff --git a/src/daemon/entry/cri/v1alpha/cri_pod_sandbox_manager_service.cc b/src/daemon/entry/cri/v1alpha/cri_pod_sandbox_manager_service.cc
index 1c343cda..3c128645 100644
--- a/src/daemon/entry/cri/v1alpha/cri_pod_sandbox_manager_service.cc
+++ b/src/daemon/entry/cri/v1alpha/cri_pod_sandbox_manager_service.cc
@@ -1573,7 +1573,7 @@ void PodSandboxManagerService::PodSandboxStatsToGRPC(const std::string &id, cons
return;
}
- podStats = move(podStatsPtr);
+ podStats = std::move(podStatsPtr);
return;
}
@@ -1583,7 +1583,7 @@ auto PodSandboxManagerService::PodSandboxStats(const std::string &podSandboxID,
{
Errors tmpErr;
container_inspect *inspectData { nullptr };
- cgroup_metrics_t cgroupMetrics { 0 };
+ cgroup_metrics_t cgroupMetrics {{ 0 }};
std::vector<Network::NetworkInterfaceStats> netMetrics;
std::map<std::string, std::string> annotations;
std::unique_ptr<runtime::v1alpha2::PodSandboxStats> podStats { nullptr };
@@ -1733,7 +1733,7 @@ void PodSandboxManagerService::ListPodSandboxStats(const runtime::v1alpha2::PodS
continue;
}
- podsStats.push_back(move(podStats));
+ podsStats.push_back(std::move(podStats));
}
}
diff --git a/src/daemon/sandbox/sandbox.cc b/src/daemon/sandbox/sandbox.cc
index d44abb99..dec082bc 100644
--- a/src/daemon/sandbox/sandbox.cc
+++ b/src/daemon/sandbox/sandbox.cc
@@ -847,7 +847,7 @@ auto Sandbox::SaveState(Errors &error) -> bool
nret = util_atomic_write_file(path.c_str(), stateJson.c_str(), stateJson.length(), CONFIG_FILE_MODE, false);
if (nret != 0) {
- SYSERROR("Failed to write file %s");
+ SYSERROR("Failed to write file %s", path.c_str());
error.Errorf("Failed to write file %s", path.c_str());
return false;
}
diff --git a/src/daemon/sandbox/sandbox_ops.cc b/src/daemon/sandbox/sandbox_ops.cc
index b7fb40bf..22cfea95 100644
--- a/src/daemon/sandbox/sandbox_ops.cc
+++ b/src/daemon/sandbox/sandbox_ops.cc
@@ -72,7 +72,7 @@ static int do_sandbox_prepare(const container_config_v2_common_config *config,
params.containerId = config->id;
params.execId = (nullptr == exec_id) ? "" : exec_id;
- params.spec = std::move(std::unique_ptr<std::string>(new std::string(oci_spec)));
+ params.spec = std::unique_ptr<std::string>(new std::string(oci_spec));
if (generate_ctrl_rootfs(params, config) != 0) {
ERROR("Invalid rootfs");
--
2.25.1

25
0126-add-a-new-registry-to-prevent-missing-mirrors.patch Normal file
View File

@ -0,0 +1,25 @@
From a7a851f5be6c37665d948ec7587de062b6295bbe Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Sat, 7 Sep 2024 11:24:44 +0800
Subject: [PATCH 133/149] add a new registry to prevent missing mirrors
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
CI/test_cases/container_cases/test_data/daemon.json | 1 +
1 file changed, 1 insertion(+)
diff --git a/CI/test_cases/container_cases/test_data/daemon.json b/CI/test_cases/container_cases/test_data/daemon.json
index 20b001c0..cf7e0b9d 100644
--- a/CI/test_cases/container_cases/test_data/daemon.json
+++ b/CI/test_cases/container_cases/test_data/daemon.json
@@ -24,6 +24,7 @@
"overlay2.override_kernel_check=true"
],
"registry-mirrors": [
+ "https://docker.chenby.cn",
"https://hub.oepkgs.net"
],
"insecure-registries": [
--
2.25.1

47
0127-change-image-digest-ci-test-for-registry-change.patch Normal file
View File

@ -0,0 +1,47 @@
From be8e1822b771576ef2f225da90dc6f0551477c0e Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Sat, 7 Sep 2024 14:49:33 +0800
Subject: [PATCH 134/149] change image digest ci test for registry change
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
CI/make-and-install.sh | 5 ++---
CI/test_cases/image_cases/image_digest.sh | 2 +-
2 files changed, 3 insertions(+), 4 deletions(-)
diff --git a/CI/make-and-install.sh b/CI/make-and-install.sh
index 2c2a4241..599afcb9 100755
--- a/CI/make-and-install.sh
+++ b/CI/make-and-install.sh
@@ -95,7 +95,7 @@ cmake -DLIB_INSTALL_DIR=${restbuilddir}/lib -DCMAKE_INSTALL_PREFIX=${restbuilddi
make -j $(nproc)
make install
sed -i 's/"log-driver": "stdout"/"log-driver": "file"/g' ${restbuilddir}/etc/isulad/daemon.json
-sed -i "/registry-mirrors/a\ \"https://hub.oepkgs.net\"" ${restbuilddir}/etc/isulad/daemon.json
+sed -i "/registry-mirrors/a\ \"https://hub.oepkgs.net\",\\n \"https://docker.chenby.cn\"" ${builddir}/etc/isulad/daemon.json
#build grpc version
cd $ISULAD_COPY_PATH
@@ -109,5 +109,4 @@ else
fi
make -j $(nproc)
make install
-sed -i 's/"log-driver": "stdout"/"log-driver": "file"/g' ${builddir}/etc/isulad/daemon.json
-sed -i "/registry-mirrors/a\ \"https://hub.oepkgs.net\"" ${builddir}/etc/isulad/daemon.json
+sed -i "/registry-mirrors/a\ \"https://hub.oepkgs.net\",\\n \"https://docker.chenby.cn\"" ${builddir}/etc/isulad/daemon.json
diff --git a/CI/test_cases/image_cases/image_digest.sh b/CI/test_cases/image_cases/image_digest.sh
index 20774e07..ec1cbaa5 100755
--- a/CI/test_cases/image_cases/image_digest.sh
+++ b/CI/test_cases/image_cases/image_digest.sh
@@ -26,7 +26,7 @@ function test_image_with_digest()
{
local ret=0
local image="hub.oepkgs.net/library/busybox"
- local image2="hub.oepkgs.net/library/ubuntu"
+ local image2="ubuntu"
local image_digest="hub.oepkgs.net/library/busybox@sha256:6066ca124f8c2686b7ae71aa1d6583b28c6dc3df3bdc386f2c89b92162c597d9"
local test="pull && inspect && tag image with digest test => (${FUNCNAME[@]})"
--
2.25.1

26
0128-bugfix-for-ci-make-and-install-shell.patch Normal file
View File

@ -0,0 +1,26 @@
From cc266a7c27cc40099f545b19d16fce49aee9a403 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Mon, 9 Sep 2024 10:51:43 +0800
Subject: [PATCH 135/149] bugfix for ci make and install shell
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
CI/make-and-install.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/CI/make-and-install.sh b/CI/make-and-install.sh
index 599afcb9..1498d700 100755
--- a/CI/make-and-install.sh
+++ b/CI/make-and-install.sh
@@ -95,7 +95,7 @@ cmake -DLIB_INSTALL_DIR=${restbuilddir}/lib -DCMAKE_INSTALL_PREFIX=${restbuilddi
make -j $(nproc)
make install
sed -i 's/"log-driver": "stdout"/"log-driver": "file"/g' ${restbuilddir}/etc/isulad/daemon.json
-sed -i "/registry-mirrors/a\ \"https://hub.oepkgs.net\",\\n \"https://docker.chenby.cn\"" ${builddir}/etc/isulad/daemon.json
+sed -i "/registry-mirrors/a\ \"https://hub.oepkgs.net\",\\n \"https://docker.chenby.cn\"" ${restbuilddir}/etc/isulad/daemon.json
#build grpc version
cd $ISULAD_COPY_PATH
--
2.25.1

28
0129-do-not-use-1000-as-the-test-gid-to-prevent-conflicts.patch Normal file
View File

@ -0,0 +1,28 @@
From 10af937fc2e095bce2da902c20e1f6b5e6178387 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Mon, 9 Sep 2024 17:18:52 +0800
Subject: [PATCH 136/149] do not use 1000 as the test gid to prevent conflicts
with existing gids in the image
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
CI/test_cases/container_cases/exec_additional_gids.sh | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/CI/test_cases/container_cases/exec_additional_gids.sh b/CI/test_cases/container_cases/exec_additional_gids.sh
index 2edfd750..a62ab78c 100755
--- a/CI/test_cases/container_cases/exec_additional_gids.sh
+++ b/CI/test_cases/container_cases/exec_additional_gids.sh
@@ -25,7 +25,8 @@ source ../helpers.sh
test_log=$(mktemp /tmp/additional_gids_test_XXX)
USERNAME="user"
-USER_UID="1000"
+# Do not use 1000 as the test gid because "ubuntu:x:1000:" already exists in the ubuntu image
+USER_UID="1002"
USER_GID="$USER_UID"
ADDITIONAL_GID="1001"
ADDITIONAL_GROUP="additional"
--
2.25.1

224
0130-only-use-the-openeuler-mirror-registry-in-ci.patch Normal file
View File

@ -0,0 +1,224 @@
From d77740f686c90861198498ac760f0bb8a5bcc593 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Tue, 10 Sep 2024 15:16:37 +0800
Subject: [PATCH 139/149] only use the openeuler mirror registry in ci
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
CI/make-and-install.sh | 4 ++--
CI/test_cases/container_cases/exec_additional_gids.sh | 3 ++-
CI/test_cases/container_cases/runc_exec.sh | 2 +-
CI/test_cases/image_cases/image_digest.sh | 2 +-
CI/test_cases/image_cases/image_load.sh | 8 +++++---
CI/test_cases/image_cases/image_tag.sh | 2 +-
CI/test_cases/image_cases/images_list.sh | 2 +-
CI/test_cases/image_cases/integration_check.sh | 2 +-
CI/test_cases/manual_cases/oom_monitor.sh | 4 ++--
CI/test_cases/manual_cases/security_selinux.sh | 6 +++---
10 files changed, 19 insertions(+), 16 deletions(-)
diff --git a/CI/make-and-install.sh b/CI/make-and-install.sh
index 1498d700..09a68da6 100755
--- a/CI/make-and-install.sh
+++ b/CI/make-and-install.sh
@@ -95,7 +95,7 @@ cmake -DLIB_INSTALL_DIR=${restbuilddir}/lib -DCMAKE_INSTALL_PREFIX=${restbuilddi
make -j $(nproc)
make install
sed -i 's/"log-driver": "stdout"/"log-driver": "file"/g' ${restbuilddir}/etc/isulad/daemon.json
-sed -i "/registry-mirrors/a\ \"https://hub.oepkgs.net\",\\n \"https://docker.chenby.cn\"" ${restbuilddir}/etc/isulad/daemon.json
+sed -i "/registry-mirrors/a\ \"https://hub.oepkgs.net\"" ${restbuilddir}/etc/isulad/daemon.json
#build grpc version
cd $ISULAD_COPY_PATH
@@ -109,4 +109,4 @@ else
fi
make -j $(nproc)
make install
-sed -i "/registry-mirrors/a\ \"https://hub.oepkgs.net\",\\n \"https://docker.chenby.cn\"" ${builddir}/etc/isulad/daemon.json
+sed -i "/registry-mirrors/a\ \"https://hub.oepkgs.net\"" ${builddir}/etc/isulad/daemon.json
\ No newline at end of file
diff --git a/CI/test_cases/container_cases/exec_additional_gids.sh b/CI/test_cases/container_cases/exec_additional_gids.sh
index a62ab78c..a5eaf652 100755
--- a/CI/test_cases/container_cases/exec_additional_gids.sh
+++ b/CI/test_cases/container_cases/exec_additional_gids.sh
@@ -38,13 +38,14 @@ function additional_gids_test()
{
local ret=0
local runtime=$1
+ local ubuntu_image="isulad/ubuntu"
test="exec additional gids test => test_exec_additional_gids => $runtime"
msg_info "${test} starting..."
isula rm -f `isula ps -a -q`
- isula run -tid --runtime $runtime -n $cont_name ubuntu bash
+ isula run -tid --runtime $runtime -n $cont_name ${ubuntu_image} bash
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to run container" && ((ret++))
isula exec $cont_name bash -c "groupadd --gid $USER_GID $USERNAME \
diff --git a/CI/test_cases/container_cases/runc_exec.sh b/CI/test_cases/container_cases/runc_exec.sh
index aa7020ee..32553694 100755
--- a/CI/test_cases/container_cases/runc_exec.sh
+++ b/CI/test_cases/container_cases/runc_exec.sh
@@ -26,7 +26,7 @@ test="exec_runc_test => (${FUNCNAME[@]})"
function exec_runc_test()
{
local ret=0
- local image="ubuntu"
+ local image="isulad/ubuntu"
local container_name="test_busybox"
isula pull ${image}
diff --git a/CI/test_cases/image_cases/image_digest.sh b/CI/test_cases/image_cases/image_digest.sh
index ec1cbaa5..5036239a 100755
--- a/CI/test_cases/image_cases/image_digest.sh
+++ b/CI/test_cases/image_cases/image_digest.sh
@@ -26,7 +26,7 @@ function test_image_with_digest()
{
local ret=0
local image="hub.oepkgs.net/library/busybox"
- local image2="ubuntu"
+ local image2="isulad/ubuntu"
local image_digest="hub.oepkgs.net/library/busybox@sha256:6066ca124f8c2686b7ae71aa1d6583b28c6dc3df3bdc386f2c89b92162c597d9"
local test="pull && inspect && tag image with digest test => (${FUNCNAME[@]})"
diff --git a/CI/test_cases/image_cases/image_load.sh b/CI/test_cases/image_cases/image_load.sh
index d50b3203..8a6c256a 100755
--- a/CI/test_cases/image_cases/image_load.sh
+++ b/CI/test_cases/image_cases/image_load.sh
@@ -28,6 +28,7 @@ function test_image_load()
{
local ret=0
local test="isula load image test => (${FUNCNAME[@]})"
+ local ubuntu_image="isulad/ubuntu"
msg_info "${test} starting..."
@@ -61,7 +62,7 @@ function test_image_load()
isula load -i $mult_image
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - load image failed: ${mult_image}" && ((ret++))
- ubuntu_id=`isula inspect -f '{{.image.id}}' ubuntu`
+ ubuntu_id=`isula inspect -f '{{.image.id}}' ${ubuntu_image}`
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - fail to inspect image: ubuntu" && ((ret++))
busybox_id=`isula inspect -f '{{.image.id}}' busybox`
@@ -83,11 +84,12 @@ function test_concurrent_load()
{
local ret=0
local test="isula load image test => (${FUNCNAME[@]})"
+ local ubuntu_image="isulad/ubuntu"
msg_info "${test} starting..."
# clean exist image
- ubuntu_id=`isula inspect -f '{{.image.id}}' ubuntu`
+ ubuntu_id=`isula inspect -f '{{.image.id}}' ${ubuntu_image}`
busybox_id=`isula inspect -f '{{.image.id}}' busybox`
isula rmi $ubuntu_id $busybox_id
@@ -105,7 +107,7 @@ function test_concurrent_load()
tail -n 50 /var/lib/isulad/isulad.log
- ubuntu_id=`isula inspect -f '{{.image.id}}' ubuntu`
+ ubuntu_id=`isula inspect -f '{{.image.id}}' ${ubuntu_image}`
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - fail to inspect image: ubuntu" && ((ret++))
top_layer_id=$(isula inspect -f '{{.image.top_layer}}' ${ubuntu_id})
diff --git a/CI/test_cases/image_cases/image_tag.sh b/CI/test_cases/image_cases/image_tag.sh
index 551d8249..0b8dd3e8 100755
--- a/CI/test_cases/image_cases/image_tag.sh
+++ b/CI/test_cases/image_cases/image_tag.sh
@@ -23,7 +23,7 @@ declare -r curr_path=$(dirname $(readlink -f "$0"))
source ../helpers.sh
image_busybox="busybox"
-image_hello="hello-world"
+image_hello="isulad/hello-world"
function test_tag_image()
{
diff --git a/CI/test_cases/image_cases/images_list.sh b/CI/test_cases/image_cases/images_list.sh
index 56cde5b6..a192a75c 100755
--- a/CI/test_cases/image_cases/images_list.sh
+++ b/CI/test_cases/image_cases/images_list.sh
@@ -25,7 +25,7 @@ source ../helpers.sh
function test_image_list()
{
local ret=0
- local image="hello-world"
+ local image="isulad/hello-world"
local image_busybox="busybox"
local INVALID_IMAGE="k~k"
local test="list images info test => (${FUNCNAME[@]})"
diff --git a/CI/test_cases/image_cases/integration_check.sh b/CI/test_cases/image_cases/integration_check.sh
index f340348d..6a55706c 100755
--- a/CI/test_cases/image_cases/integration_check.sh
+++ b/CI/test_cases/image_cases/integration_check.sh
@@ -27,7 +27,7 @@ image="busybox"
function test_image_info()
{
local ret=0
- local uimage="nats"
+ local uimage="isulad/nats"
local test="list && inspect image info test => (${FUNCNAME[@]})"
local lid
local cid
diff --git a/CI/test_cases/manual_cases/oom_monitor.sh b/CI/test_cases/manual_cases/oom_monitor.sh
index a1c2503d..8e991cc8 100755
--- a/CI/test_cases/manual_cases/oom_monitor.sh
+++ b/CI/test_cases/manual_cases/oom_monitor.sh
@@ -26,7 +26,7 @@ test_data_path=$(realpath $curr_path/test_data)
function test_oom_monitor()
{
local ret=0
- local ubuntu_image="ubuntu"
+ local ubuntu_image="isulad/ubuntu"
local test="container oom monitor test => (${FUNCNAME[@]})"
containername="oommonitor"
@@ -35,7 +35,7 @@ function test_oom_monitor()
isula pull ${ubuntu_image}
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to pull image: ${ubuntu_image}" && return ${FAILURE}
- isula images | grep ubuntu
+ isula images | grep ${ubuntu_image}
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - missing list image: ${ubuntu_image}" && ((ret++))
# use more than 10m memory limit, otherwise it might fail to run
diff --git a/CI/test_cases/manual_cases/security_selinux.sh b/CI/test_cases/manual_cases/security_selinux.sh
index c558befe..cf94c809 100755
--- a/CI/test_cases/manual_cases/security_selinux.sh
+++ b/CI/test_cases/manual_cases/security_selinux.sh
@@ -87,7 +87,7 @@ function daemon_disable_selinux()
function test_isulad_selinux_file_label()
{
local ret=0
- local image="centos"
+ local image="isulad/centos"
local test="isulad selinux file label test => (${FUNCNAME[@]})"
msg_info "${test} starting..."
@@ -144,7 +144,7 @@ function test_isulad_selinux_file_label()
function test_isulad_selinux_process_label()
{
local ret=0
- local image="centos"
+ local image="isulad/centos"
local test="isulad selinux process label test => (${FUNCNAME[@]})"
msg_info "${test} starting..."
@@ -172,7 +172,7 @@ function test_isulad_selinux_process_label()
function test_isulad_selinux_mount_mode()
{
local ret=0
- local image="centos"
+ local image="isulad/centos"
local test="isulad selinux mount mode test => (${FUNCNAME[@]})"
msg_info "${test} starting..."
--
2.25.1

25
0131-modify-alpine-image-source-to-isulad-alpine.patch Normal file
View File

@ -0,0 +1,25 @@
From c90dab4057f73614537b3765ee06173c55d4d39c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E6=AD=A6=E7=A7=AF=E8=B6=85?= <wujichao1@huawei.com>
Date: Wed, 11 Sep 2024 10:34:48 +0800
Subject: [PATCH 140/149] modify alpine image source to isulad/alpine
---
CI/test_cases/image_cases/integration_check.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/CI/test_cases/image_cases/integration_check.sh b/CI/test_cases/image_cases/integration_check.sh
index 6a55706c..f5ae94e9 100755
--- a/CI/test_cases/image_cases/integration_check.sh
+++ b/CI/test_cases/image_cases/integration_check.sh
@@ -55,7 +55,7 @@ function test_image_info()
ucid=$(isula create ${uimage})
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - create container failed" && ((ret++))
- isula run -tid --name checker alpine
+ isula run -tid --name checker isulad/alpine
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - run container failed" && ((ret++))
tmp_fname=$(echo -n "/var/run/isulad/storage" | sha256sum | awk '{print $1}')
--
2.25.1

26
0132-update-docs-design-README_zh.md.patch Normal file
View File

@ -0,0 +1,26 @@
From a38db853128d0fe1c521829a4f2b17dc08f31aed Mon Sep 17 00:00:00 2001
From: chen524 <chenkui_yewu@cmss.chinamobile.com>
Date: Wed, 11 Sep 2024 04:18:46 +0000
Subject: [PATCH 141/149] update docs/design/README_zh.md.
Signed-off-by: chen524 <chenkui_yewu@cmss.chinamobile.com>
---
docs/design/README_zh.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/docs/design/README_zh.md b/docs/design/README_zh.md
index 0f4cf13e..1a23207d 100644
--- a/docs/design/README_zh.md
+++ b/docs/design/README_zh.md
@@ -37,7 +37,7 @@
- 查看 image store 模块的设计文档: [image_store_design](./detailed/Image/image_store_design_zh.md) 。
-- 查看 layer store 模块的设计文档 [layer_store_degisn](./detailed/Image/layer_store_degisn_zh.md) 。
+- 查看 layer store 模块的设计文档: [layer_store_degisn](./detailed/Image/layer_store_degisn_zh.md) 。
- 查看 registry 模块的设计文档: [registry_degisn](./detailed/Image/registry_degisn_zh.md) 。
--
2.25.1

34
0133-modify-the-image-name-isulad-ubuntu-to-ubuntu.patch Normal file
View File

@ -0,0 +1,34 @@
From 18a8120dfa71b50879b562692013a308b9508224 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E6=AD=A6=E7=A7=AF=E8=B6=85?= <wujichao1@huawei.com>
Date: Wed, 11 Sep 2024 17:03:08 +0800
Subject: [PATCH 142/149] modify the image name: isulad/ubuntu to ubuntu
---
CI/test_cases/image_cases/image_load.sh | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/CI/test_cases/image_cases/image_load.sh b/CI/test_cases/image_cases/image_load.sh
index 8a6c256a..8a3fd7b3 100755
--- a/CI/test_cases/image_cases/image_load.sh
+++ b/CI/test_cases/image_cases/image_load.sh
@@ -28,7 +28,7 @@ function test_image_load()
{
local ret=0
local test="isula load image test => (${FUNCNAME[@]})"
- local ubuntu_image="isulad/ubuntu"
+ local ubuntu_image="ubuntu"
msg_info "${test} starting..."
@@ -84,7 +84,7 @@ function test_concurrent_load()
{
local ret=0
local test="isula load image test => (${FUNCNAME[@]})"
- local ubuntu_image="isulad/ubuntu"
+ local ubuntu_image="ubuntu"
msg_info "${test} starting..."
--
2.25.1

116
0134-ignore-chdir-failed-errmsg-when-kill-and-delete.patch Normal file
View File

@ -0,0 +1,116 @@
From f3a8da522798e68a6ba5e8f00163c4a6d05a30d0 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Wed, 7 Aug 2024 23:44:12 +1400
Subject: [PATCH 143/149] ignore chdir failed errmsg when kill and delete
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
.../modules/runtime/isula/isula_rt_ops.c | 44 ++++++++++++++-----
1 file changed, 32 insertions(+), 12 deletions(-)
diff --git a/src/daemon/modules/runtime/isula/isula_rt_ops.c b/src/daemon/modules/runtime/isula/isula_rt_ops.c
index 62cff3cf..dc156154 100644
--- a/src/daemon/modules/runtime/isula/isula_rt_ops.c
+++ b/src/daemon/modules/runtime/isula/isula_rt_ops.c
@@ -69,7 +69,7 @@
#define RESOURCE_FNAME_FORMATS "%s/resources.json"
// handle string from stderr output.
-typedef int(*handle_output_callback_t)(const char *output);
+typedef int(*handle_output_callback_t)(const char *output, const char *workdir);
typedef struct {
bool fg;
const char *id;
@@ -757,7 +757,7 @@ static int runtime_call_simple(const char *workdir, const char *runtime, const c
// we consider the runtime call simple succeeded,
// even if the process exit with failure.
if (stderr_msg != NULL && cb != NULL) {
- ret = cb(stderr_msg);
+ ret = cb(stderr_msg, workdir);
}
}
@@ -768,17 +768,37 @@ static int runtime_call_simple(const char *workdir, const char *runtime, const c
// oci runtime return -1 if the container 'does not exist'
// if output contains 'does not exist', means nothing to kill or delete, return 0
+// util_exec_cmd return -1 if chdir failed
+// if output contains 'chdir %s failed', means state dir damaged, return 0
// this will change the exit status of kill or delete command
-static int non_existent_output_check(const char *output)
+static int shielded_output_check(const char *output, const char *workdir)
{
- char *pattern = "does not exist";
+ int nret = 0;
+ const char *nonexist_pattern = "does not exist";
+ char chdir_pattern[PATH_MAX] = { 0 };
- if (output == NULL) {
+ if (output == NULL || workdir == NULL) {
return -1;
}
// container not exist, kill or delete success, return 0
- if (util_strings_contains_word(output, pattern)) {
+ if (util_strings_contains_word(output, nonexist_pattern)) {
+ return 0;
+ }
+
+ if (sizeof(chdir_pattern) > PATH_MAX - strlen("chdir ") - strlen(" failed")) {
+ INFO("chdir_pattern is too long");
+ return -1;
+ }
+
+ nret = snprintf(chdir_pattern, sizeof(chdir_pattern), "chdir %s failed", workdir);
+ if (nret < 0 || (size_t)nret >= sizeof(chdir_pattern)) {
+ INFO("Failed to make full chdir_pattern");
+ return -1;
+ }
+
+ // if output contains 'chdir ${workdir} failed', means state dir damaged, return 0
+ if (util_strings_contains_word(output, chdir_pattern)) {
return 0;
}
@@ -786,15 +806,15 @@ static int non_existent_output_check(const char *output)
return -1;
}
-// kill success or non_existent_output_check succeed return 0, DO_RETRY_CALL will break;
+// kill success or shielded_output_check succeed return 0, DO_RETRY_CALL will break;
// if kill failed, recheck on shim alive, if not alive, kill succeed, still return 0;
// else, return -1, DO_RETRY_CALL will call this again;
static int runtime_call_kill_and_check(const char *workdir, const char *runtime, const char *id)
{
int ret = -1;
- // kill succeed, return 0; non_existent_output_check succeed, return 0;
- ret = runtime_call_simple(workdir, runtime, "kill", NULL, 0, id, non_existent_output_check);
+ // kill succeed, return 0; shielded_output_check succeed, return 0;
+ ret = runtime_call_simple(workdir, runtime, "kill", NULL, 0, id, shielded_output_check);
if (ret == 0) {
return 0;
}
@@ -814,8 +834,8 @@ static int runtime_call_delete_force(const char *workdir, const char *runtime, c
// if the container does not exist when force deleting it,
// runc will report an error and isulad does not need to retry the deletion again.
// related PR ID:d1a743674a98e23d348b29f52c43436356f56b79
- // non_existent_output_check succeed, return 0;
- return runtime_call_simple(workdir, runtime, "delete", opts, 1, id, non_existent_output_check);
+ // shielded_output_check succeed, return 0;
+ return runtime_call_simple(workdir, runtime, "delete", opts, 1, id, shielded_output_check);
}
#define ExitSignalOffset 128
@@ -1825,7 +1845,7 @@ static int create_resources_json_file(const char *workdir, const shim_client_cgr
}
// show std error msg, always return -1.
-static int show_stderr(const char *err)
+static int show_stderr(const char *err, const char *workdir)
{
isulad_set_error_message(err);
return -1;
--
2.25.1

28
0135-followlocation-only-not-with-head.patch Normal file
View File

@ -0,0 +1,28 @@
From f526268e2b78330dfe6b63eb5f6ece7417f4c06e Mon Sep 17 00:00:00 2001
From: jikai <jikai11@huawei.com>
Date: Sat, 27 Apr 2024 14:38:58 +0800
Subject: [PATCH 144/149] followlocation only not with head
Signed-off-by: jikai <jikai11@huawei.com>
---
src/utils/http/http.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/utils/http/http.c b/src/utils/http/http.c
index 8b74f773..c9bb5959 100644
--- a/src/utils/http/http.c
+++ b/src/utils/http/http.c
@@ -495,7 +495,9 @@ int http_request(const char *url, struct http_get_options *options, long *respon
if (options->resume) {
curl_easy_setopt(curl_handle, CURLOPT_RESUME_FROM_LARGE, (curl_off_t)fsize);
}
- curl_easy_setopt(curl_handle, CURLOPT_FOLLOWLOCATION, 1L);
+ if (options->with_head == 0) {
+ curl_easy_setopt(curl_handle, CURLOPT_FOLLOWLOCATION, 1L);
+ }
curl_easy_setopt(curl_handle, CURLOPT_WRITEDATA, pagefile);
curl_easy_setopt(curl_handle, CURLOPT_WRITEFUNCTION, fwrite_file);
} else {
--
2.25.1

28
0136-update-docs-design-detailed-Image-image_storage_driv.patch Normal file
View File

@ -0,0 +1,28 @@
From 06dca49eacebb94a6d38de5042e3608bce0e366f Mon Sep 17 00:00:00 2001
From: Beans <gujiateng_yewu@cmss.chinamobile.com>
Date: Tue, 24 Sep 2024 03:15:14 +0000
Subject: [PATCH 145/149] update
docs/design/detailed/Image/image_storage_driver_design_zh.md. This place is
spelled wrong.
Signed-off-by: Beans <gujiateng_yewu@cmss.chinamobile.com>
---
docs/design/detailed/Image/image_storage_driver_design_zh.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/docs/design/detailed/Image/image_storage_driver_design_zh.md b/docs/design/detailed/Image/image_storage_driver_design_zh.md
index ea82df14..9799fc31 100644
--- a/docs/design/detailed/Image/image_storage_driver_design_zh.md
+++ b/docs/design/detailed/Image/image_storage_driver_design_zh.md
@@ -116,7 +116,7 @@ int graphdriver_cleanup(void)
## 3.1 Driver 初始化
-Driver 初始化初始化流程:
+Driver 初始化流程:
![driver_init](https://images.gitee.com/uploads/images/2020/0327/103821_1d31a134_5226885.png)
Overlay 模块初始化流程:
--
2.25.1

77
0137-upgrade-isulad-compilation-script-install_iSulad_on_.patch Normal file
View File

@ -0,0 +1,77 @@
From b9b6e5bd6984db8ab33ea1f7d8650113d8c21fd1 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Fri, 27 Sep 2024 17:26:03 +1400
Subject: [PATCH 146/149] upgrade isulad compilation script
install_iSulad_on_Ubuntu_20_04_LTS
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
CI/dockerfiles/Dockerfile-ubuntu | 2 +-
.../install_iSulad_on_Ubuntu_20_04_LTS.sh | 26 +++++++++++++++----
2 files changed, 22 insertions(+), 6 deletions(-)
diff --git a/CI/dockerfiles/Dockerfile-ubuntu b/CI/dockerfiles/Dockerfile-ubuntu
index 09a20eb5..6420173a 100644
--- a/CI/dockerfiles/Dockerfile-ubuntu
+++ b/CI/dockerfiles/Dockerfile-ubuntu
@@ -83,8 +83,8 @@ RUN apt update -y && apt upgrade -y && \
patch \
tcpdump
+RUN apt install -y ninja-build meson
RUN apt install -y libncurses-dev && apt autoremove -y
-RUN pip3 install meson ninja
RUN echo "export PKG_CONFIG_PATH=/usr/local/lib/pkgconfig:$PKG_CONFIG_PATH" >> /etc/bashrc && \
echo "export LD_LIBRARY_PATH=/usr/local/lib:/usr/lib:$LD_LIBRARY_PATH" >> /etc/bashrc && \
diff --git a/docs/build_docs/guide/script/install_iSulad_on_Ubuntu_20_04_LTS.sh b/docs/build_docs/guide/script/install_iSulad_on_Ubuntu_20_04_LTS.sh
index f44bddb4..35995ff4 100755
--- a/docs/build_docs/guide/script/install_iSulad_on_Ubuntu_20_04_LTS.sh
+++ b/docs/build_docs/guide/script/install_iSulad_on_Ubuntu_20_04_LTS.sh
@@ -7,10 +7,25 @@ set -e
export PKG_CONFIG_PATH=/usr/local/lib/pkgconfig:$PKG_CONFIG_PATH
export LD_LIBRARY_PATH=/usr/local/lib:/usr/lib:/lib/x86_64-linux-gnu/:$LD_LIBRARY_PATH
echo "/usr/local/lib" >> /etc/ld.so.conf
-apt install -y g++ libprotobuf-dev protobuf-compiler protobuf-compiler-grpc libgrpc++-dev libgrpc-dev libtool automake autoconf cmake make pkg-config libyajl-dev zlib1g-dev libselinux1-dev libseccomp-dev libcap-dev libsystemd-dev git libarchive-dev libcurl4-gnutls-dev openssl libdevmapper-dev python3 libtar0 libtar-dev libwebsockets-dev
+
+
+if [ ! -e "/etc/timezone" ]; then
+ export TZ=Asia/Shanghai
+ ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone
+fi
+
+apt update -y && apt upgrade -y
+apt install -y g++ systemd libprotobuf-dev protobuf-compiler protobuf-compiler-grpc libgrpc++-dev libgrpc-dev libtool automake autoconf cmake make pkg-config libyajl-dev zlib1g-dev libselinux1-dev libseccomp-dev libcap-dev libsystemd-dev git libarchive-dev libcurl4-gnutls-dev openssl libdevmapper-dev python3 libtar0 libtar-dev libwebsockets-dev
+
+apt install -y runc
+
+apt install -y docbook2x ninja-build meson
+apt install -y libncurses-dev
BUILD_DIR=/tmp/build_isulad
+git config --global http.sslverify false
+
rm -rf $BUILD_DIR
mkdir -p $BUILD_DIR
@@ -18,11 +33,12 @@ mkdir -p $BUILD_DIR
cd $BUILD_DIR
git clone https://gitee.com/src-openeuler/lxc.git
cd lxc
+git config --global --add safe.directory $BUILD_DIR/lxc/lxc-5.0.2
./apply-patches
-cd lxc-4.0.3
-./autogen.sh
-./configure
-make -j $(nproc)
+cd lxc-5.0.2
+meson setup -Disulad=true \
+ -Dprefix=/usr build
+meson compile -C build
make install
# build lcr
--
2.25.1

26
0138-bugfix-for-log-in-make_safedir_is_noexec.patch Normal file
View File

@ -0,0 +1,26 @@
From d0bfea1f4858672345d1b885bfb9ee1f6072c396 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Sun, 29 Sep 2024 17:22:42 +1400
Subject: [PATCH 147/149] bugfix for log in make_safedir_is_noexec
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
src/utils/tar/util_archive.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/utils/tar/util_archive.c b/src/utils/tar/util_archive.c
index 985e0f16..b946dd39 100644
--- a/src/utils/tar/util_archive.c
+++ b/src/utils/tar/util_archive.c
@@ -219,7 +219,7 @@ static int make_safedir_is_noexec(const char *flock_path, const char *dstdir, ch
}
if (realpath(isulad_tmpdir_env, cleanpath) == NULL) {
- ERROR("Failed to get real path for %s", isula_tmpdir);
+ SYSERROR("Failed to get real path for %s", isulad_tmpdir_env);
return -1;
}
--
2.25.1

29
0139-containers-in-paused-state-are-not-allowed-to-start.patch Normal file
View File

@ -0,0 +1,29 @@
From 5721206da703bf827cd125feb8f9bf518f10f69c Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Mon, 14 Oct 2024 19:27:57 +0800
Subject: [PATCH 148/149] containers in paused state are not allowed to start
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
src/daemon/executor/container_cb/execution.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/src/daemon/executor/container_cb/execution.c b/src/daemon/executor/container_cb/execution.c
index f924a208..2e54f085 100644
--- a/src/daemon/executor/container_cb/execution.c
+++ b/src/daemon/executor/container_cb/execution.c
@@ -584,6 +584,11 @@ static int container_start_cb(const container_start_request *request, container_
if (container_is_running(cont->state)) {
INFO("Container is already running");
+ if (container_is_paused(cont->state)) {
+ cc = ISULAD_ERR_EXEC;
+ ERROR("cannot start a paused container, try unpause instead");
+ isulad_set_error_message("cannot start a paused container, try unpause instead");
+ }
goto pack_response;
}
--
2.25.1

38
0140-remove-meaningless-code.patch Normal file
View File

@ -0,0 +1,38 @@
From e7778ed261d2550ea6e2179b856d0ee22241b858 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Mon, 14 Oct 2024 20:42:58 +0800
Subject: [PATCH 149/149] remove meaningless code
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
src/daemon/entry/cri/v1/v1_cri_runtime_service_impl.cc | 1 -
src/daemon/entry/cri/v1/v1_cri_runtime_service_impl.h | 1 -
2 files changed, 2 deletions(-)
diff --git a/src/daemon/entry/cri/v1/v1_cri_runtime_service_impl.cc b/src/daemon/entry/cri/v1/v1_cri_runtime_service_impl.cc
index 56c89c1e..23b620c3 100644
--- a/src/daemon/entry/cri/v1/v1_cri_runtime_service_impl.cc
+++ b/src/daemon/entry/cri/v1/v1_cri_runtime_service_impl.cc
@@ -24,7 +24,6 @@ CRIRuntimeServiceImpl::CRIRuntimeServiceImpl(const std::string &podSandboxImage,
, m_containerManager(new ContainerManagerService(cb))
, m_podSandboxManager(new PodSandboxManagerService(podSandboxImage, cb, pluginManager, enablePodEvents))
, m_runtimeManager(new RuntimeManagerService(cb, pluginManager))
- , m_enablePodEvents(enablePodEvents)
{
}
diff --git a/src/daemon/entry/cri/v1/v1_cri_runtime_service_impl.h b/src/daemon/entry/cri/v1/v1_cri_runtime_service_impl.h
index 33539a32..1d399a85 100644
--- a/src/daemon/entry/cri/v1/v1_cri_runtime_service_impl.h
+++ b/src/daemon/entry/cri/v1/v1_cri_runtime_service_impl.h
@@ -104,7 +104,6 @@ protected:
private:
std::string m_podSandboxImage;
std::shared_ptr<Network::PluginManager> m_pluginManager { nullptr };
- [[maybe_unused]] bool m_enablePodEvents;
};
} // namespace CRIV1
#endif // DAEMON_ENTRY_CRI_V1_CRI_RUNTIME_SERVICE_IMPL_H
--
2.25.1

25
0141-fix-unqualified-call-to-std-move.patch Normal file
View File

@ -0,0 +1,25 @@
From f7e8abb13d1f1fd4b3c322853c91ef490da7141b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E6=AD=A6=E7=A7=AF=E8=B6=85?= <wujichao1@huawei.com>
Date: Tue, 22 Oct 2024 15:57:55 +0800
Subject: [PATCH] fix unqualified call to "std::move"
---
src/daemon/entry/cri/v1alpha/cri_image_manager_service_impl.cc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/daemon/entry/cri/v1alpha/cri_image_manager_service_impl.cc b/src/daemon/entry/cri/v1alpha/cri_image_manager_service_impl.cc
index cf636428..a14dc626 100644
--- a/src/daemon/entry/cri/v1alpha/cri_image_manager_service_impl.cc
+++ b/src/daemon/entry/cri/v1alpha/cri_image_manager_service_impl.cc
@@ -149,7 +149,7 @@ void ImageManagerServiceImpl::list_images_to_grpc(im_list_response *response,
imagetool_image_summary *element = list_images->images[i];
conv_image_to_grpc(element, image);
- images.push_back(move(image));
+ images.push_back(std::move(image));
}
}
--
2.25.1

27
0142-pull-failure-shows-error-reason.patch Normal file
View File

@ -0,0 +1,27 @@
From dd3f733949a0c6c9256a63b54079e9a7b8aa7fe6 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Fri, 25 Oct 2024 02:50:01 +1400
Subject: [PATCH 142/156] pull failure shows error reason
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
src/daemon/entry/connect/grpc/grpc_images_service.cc | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/daemon/entry/connect/grpc/grpc_images_service.cc b/src/daemon/entry/connect/grpc/grpc_images_service.cc
index 32f0446e..6135945a 100644
--- a/src/daemon/entry/connect/grpc/grpc_images_service.cc
+++ b/src/daemon/entry/connect/grpc/grpc_images_service.cc
@@ -691,6 +691,9 @@ Status ImagesServiceImpl::PullImage(ServerContext *context, const PullImageReque
stream.writer = (void *)writer;
ret = cb->image.pull(image_req, &stream, &image_res);
+ if (image_res->errmsg != NULL) {
+ errmsg = image_res->errmsg;
+ }
free_image_pull_image_request(image_req);
free_image_pull_image_response(image_res);
if (ret == 0) {
--
2.34.1

44
0143-move-CGROUP2_SUPER_MAGIC-define-to-cgroup.c.patch Normal file
View File

@ -0,0 +1,44 @@
From d0bb2c00769ab41ada532a04338b91032d7ada2e Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Sat, 26 Oct 2024 16:59:09 +1400
Subject: [PATCH 143/156] move CGROUP2_SUPER_MAGIC define to cgroup.c
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
src/daemon/common/cgroup/cgroup.c | 4 ++++
src/daemon/common/cgroup/cgroup_v2.c | 4 ----
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/src/daemon/common/cgroup/cgroup.c b/src/daemon/common/cgroup/cgroup.c
index 77fafdae..a6846c03 100644
--- a/src/daemon/common/cgroup/cgroup.c
+++ b/src/daemon/common/cgroup/cgroup.c
@@ -36,6 +36,10 @@
#define CGROUP_SUPER_MAGIC 0x27e0eb
#endif
+#ifndef CGROUP2_SUPER_MAGIC
+#define CGROUP2_SUPER_MAGIC 0x63677270
+#endif
+
static cgroup_ops g_cgroup_ops;
static int get_cgroup_version_for_init(void)
diff --git a/src/daemon/common/cgroup/cgroup_v2.c b/src/daemon/common/cgroup/cgroup_v2.c
index ce72e6c4..078425d2 100644
--- a/src/daemon/common/cgroup/cgroup_v2.c
+++ b/src/daemon/common/cgroup/cgroup_v2.c
@@ -52,10 +52,6 @@
#define CGROUP2_CPUSET_CPUS_EFFECTIVE_PATH CGROUP_MOUNTPOINT"/cpuset.cpus.effective"
#define CGROUP2_CPUSET_MEMS_EFFECTIVE_PATH CGROUP_MOUNTPOINT"/cpuset.mems.effective"
-#ifndef CGROUP2_SUPER_MAGIC
-#define CGROUP2_SUPER_MAGIC 0x63677270
-#endif
-
static int get_value_ull_v2(const char *content, const char *match, void *result)
{
uint64_t ull_result = 0;
--
2.34.1

189
0144-update-centos-build-script.patch Normal file
View File

@ -0,0 +1,189 @@
From 10aa1ba26eecdf044c1a97e05db53d286e19a3af Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Sat, 26 Oct 2024 18:24:21 +1400
Subject: [PATCH 144/156] update centos build script
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
CI/dockerfiles/Dockerfile-centos | 10 ++-
docs/build_docs/README_zh.md | 4 +
.../script/install_iSulad_on_Centos_7.sh | 83 +++----------------
3 files changed, 23 insertions(+), 74 deletions(-)
diff --git a/CI/dockerfiles/Dockerfile-centos b/CI/dockerfiles/Dockerfile-centos
index af3ce035..0b11014b 100644
--- a/CI/dockerfiles/Dockerfile-centos
+++ b/CI/dockerfiles/Dockerfile-centos
@@ -24,6 +24,11 @@
FROM centos:7.6.1810
MAINTAINER LiFeng <lifeng68@huawei.com>
+RUN sed -i 's/mirror.centos.org/archive.kernel.org\/centos-vault/g' /etc/yum.repos.d/*.repo
+RUN sed -i s/^#.*baseurl=http/baseurl=http/g /etc/yum.repos.d/*.repo
+RUN sed -i s/^mirrorlist=http/#mirrorlist=http/g /etc/yum.repos.d/*.repo
+RUN echo "sslverify=false" | tee -a /etc/yum.conf
+
# Install dependency package
RUN yum clean all && yum makecache && yum install -y epel-release && yum swap -y fakesystemd systemd && \
yum update -y && \
@@ -113,6 +118,9 @@ RUN git config --global http.sslverify false
# install rust
RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
+RUN mkdir -p /root/.cargo/
+RUN touch ${HOME}/.cargo/config
+
# configure rust
RUN echo "[source.crates-io]" >> ${HOME}/.cargo/config && \
echo "[source.local-registry]" >> ${HOME}/.cargo/config && \
@@ -286,7 +294,7 @@ RUN export PKG_CONFIG_PATH=/usr/local/lib/pkgconfig:$PKG_CONFIG_PATH && \
make install && \
ldconfig
-RUN dnf install -y ncurses-devel && dnf clean all
+RUN yum install -y ncurses-devel && yum clean all
VOLUME [ "/sys/fs/cgroup" ]
CMD ["/usr/sbin/init"]
diff --git a/docs/build_docs/README_zh.md b/docs/build_docs/README_zh.md
index f27fbc4f..6450bf7e 100644
--- a/docs/build_docs/README_zh.md
+++ b/docs/build_docs/README_zh.md
@@ -40,6 +40,8 @@ $ cd iSulad/docs/build_docs/guide/script
$ sudo ./install_iSulad_on_Centos_7.sh
```
+若需要在centos容器中编译iSulad可参照iSulad编译可使用的镜像dockerfile[Dockerfile-ubuntu](../../CI/dockerfiles/Dockerfile-ubuntu)。
+
### Ubuntu
我们同样在代码仓中提供了在Ubuntu上自动化安装的脚本: [install_iSulad_on_Ubuntu_20_04_LTS](./guide/script/install_iSulad_on_Ubuntu_20_04_LTS.sh)您只需要执行这个脚本就可以自动编译安装iSulad以及其依赖的组件。
@@ -51,6 +53,8 @@ $ sudo chmod +x ./install_iSulad_on_Ubuntu_20_04_LTS.sh
$ sudo ./install_iSulad_on_Ubuntu_20_04_LTS.sh
```
+若需要在ubuntu容器中编译iSulad可参照iSulad编译可使用的镜像dockerfile[Dockerfile-centos](../../CI/dockerfiles/)。
+
## 构建指南
我们提供了多种构建iSulad的方式
diff --git a/docs/build_docs/guide/script/install_iSulad_on_Centos_7.sh b/docs/build_docs/guide/script/install_iSulad_on_Centos_7.sh
index b268d777..d83520e1 100755
--- a/docs/build_docs/guide/script/install_iSulad_on_Centos_7.sh
+++ b/docs/build_docs/guide/script/install_iSulad_on_Centos_7.sh
@@ -5,93 +5,29 @@ set -x
set -e
# install neccessary packages
-yum install -y patch automake autoconf libtool cmake make libcap libcap-devel libselinux libselinux-devel libseccomp libseccomp-devel yajl-devel git libcgroup tar python3 python3-pip device-mapper-devel libcurl-devel zlib-devel glibc-headers openssl-devel gcc gcc-c++ systemd-devel systemd-libs golang libtar libtar-devel which
+# yum install -y patch automake autoconf libtool cmake make libcap libcap-devel libselinux libselinux-devel libseccomp libseccomp-devel yajl-devel git libcgroup tar python3 python3-pip device-mapper-devel libcurl-devel zlib-devel glibc-headers openssl-devel gcc gcc-c++ systemd-devel systemd-libs golang libtar libtar-devel which
# export LDFLAGS
export PKG_CONFIG_PATH=/usr/local/lib/pkgconfig:$PKG_CONFIG_PATH
export LD_LIBRARY_PATH=/usr/local/lib:/usr/lib:$LD_LIBRARY_PATH
- echo "/usr/local/lib" >> /etc/ld.so.conf
+echo "/usr/local/lib" >> /etc/ld.so.conf
BUILD_DIR=/tmp/build_isulad
rm -rf $BUILD_DIR
mkdir -p $BUILD_DIR
-# build libarchive
-cd $BUILD_DIR
-git clone https://gitee.com/src-openeuler/libarchive.git
-cd libarchive
-git checkout -b openEuler-20.03-LTS-tag openEuler-20.03-LTS-tag
-tar -zxvf libarchive-3.4.1.tar.gz
-cd libarchive-3.4.1
-patch -p1 -F1 -s < ../libarchive-uninitialized-value.patch
-cd build
-cmake -DCMAKE_USE_SYSTEM_LIBRARIES=ON ../
-make -j $(nproc)
-make install
-ldconfig
-
-# build protobuf
-cd $BUILD_DIR
-git clone https://gitee.com/src-openeuler/protobuf.git
-cd protobuf
-git checkout openEuler-20.03-LTS-tag
-tar -xzvf protobuf-all-3.9.0.tar.gz
-cd protobuf-3.9.0
-./autogen.sh
-./configure
-make -j $(nproc)
-make install
-ldconfig
-
-# build c-ares
-cd $BUILD_DIR
-git clone https://gitee.com/src-openeuler/c-ares.git
-cd c-ares
-git checkout openEuler-20.03-LTS-tag
-tar -xzvf c-ares-1.15.0.tar.gz
-cd c-ares-1.15.0
-autoreconf -if
-./configure --enable-shared --disable-dependency-tracking
-make -j $(nproc)
-make install
-ldconfig
-
-# build grpc
-cd $BUILD_DIR
-git clone https://gitee.com/src-openeuler/grpc.git
-cd grpc
-git checkout openEuler-20.03-LTS-tag
-tar -xzvf grpc-1.22.0.tar.gz
-cd grpc-1.22.0
-make -j $(nproc)
-make install
-ldconfig
-
-# build libwebsockets
-cd $BUILD_DIR
-git clone https://gitee.com/src-openeuler/libwebsockets.git
-cd libwebsockets
-git checkout openEuler-20.03-LTS-tag
-tar -xzvf libwebsockets-2.4.2.tar.gz
-cd libwebsockets-2.4.2
-patch -p1 -F1 -s < ../libwebsockets-fix-coredump.patch
-mkdir build
-cd build
-cmake -DLWS_WITH_SSL=0 -DLWS_MAX_SMP=32 -DCMAKE_BUILD_TYPE=Debug ../
-make -j $(nproc)
-make install
-ldconfig
-
# build lxc
cd $BUILD_DIR
git clone https://gitee.com/src-openeuler/lxc.git
cd lxc
+git config --global --add safe.directory $BUILD_DIR/lxc/lxc-5.0.2
./apply-patches
-cd lxc-4.0.3
-./autogen.sh
-./configure
-make -j
+cd lxc-5.0.2
+sed -i 's/return open(rpath, (int)((unsigned int)flags | O_CLOEXEC));/return open(rpath, (int)((unsigned int)flags | O_CLOEXEC), 0);/g' src/lxc/isulad_utils.c
+meson setup -Disulad=true \
+ -Dprefix=/usr build
+meson compile -C build
make install
# build lcr
@@ -118,8 +54,9 @@ make install
cd $BUILD_DIR
git clone https://gitee.com/openeuler/iSulad.git
cd iSulad
+sed -i 's/-O2 -Wall -fPIE/-O2 -Wall -fPIE -std=gnu99/g' cmake/set_build_flags.cmake
mkdir build
cd build
-cmake ..
+cmake -DDISABLE_WERROR=on ../
make
make install
--
2.34.1

97
0145-cni-change-error-info.patch Normal file
View File

@ -0,0 +1,97 @@
From 445642718fd3dd7867aad9fc8e6eb5b7dafadcb6 Mon Sep 17 00:00:00 2001
From: liuxu <liuxu156@huawei.com>
Date: Fri, 1 Nov 2024 12:56:38 +0800
Subject: [PATCH 145/156] cni:change error info
Signed-off-by: liuxu <liuxu156@huawei.com>
---
.../modules/network/cni_operator/cni_operate.c | 8 ++++----
.../network/cni_operator/libcni/libcni_api.c | 14 +++++++++++++-
.../network/cni_operator/libcni/libcni_api.h | 2 +-
3 files changed, 18 insertions(+), 6 deletions(-)
diff --git a/src/daemon/modules/network/cni_operator/cni_operate.c b/src/daemon/modules/network/cni_operator/cni_operate.c
index 6db6db51..80a2642d 100644
--- a/src/daemon/modules/network/cni_operator/cni_operate.c
+++ b/src/daemon/modules/network/cni_operator/cni_operate.c
@@ -731,13 +731,13 @@ static int update_runtime_conf_cni_args_by_cached(cni_cached_info *info, struct
return 0;
}
-static int get_configs_from_cached(const char *network, struct runtime_conf *rc, char **conf_list)
+static int get_configs_from_cached(const char *network, const char *cni_version, struct runtime_conf *rc, char **conf_list)
{
int ret = 0;
size_t i;
cni_cached_info *info = NULL;
- info = cni_get_network_list_cached_info(network, rc);
+ info = cni_get_network_list_cached_info(network, cni_version, rc);
if (info == NULL) {
return 0;
}
@@ -857,7 +857,7 @@ int check_network_plane(const struct cni_manager *manager, const struct cni_netw
goto out;
}
- ret = get_configs_from_cached(list->list->name, rc, NULL);
+ ret = get_configs_from_cached(list->list->name, list->list->cni_version, rc, NULL);
if (ret != 0) {
ERROR("Get cached info failed");
ret = -1;
@@ -901,7 +901,7 @@ int detach_network_plane(const struct cni_manager *manager, const struct cni_net
goto out;
}
- ret = get_configs_from_cached(list->list->name, rc, NULL);
+ ret = get_configs_from_cached(list->list->name, list->list->cni_version, rc, NULL);
if (ret != 0) {
ERROR("Get cached info failed");
ret = -1;
diff --git a/src/daemon/modules/network/cni_operator/libcni/libcni_api.c b/src/daemon/modules/network/cni_operator/libcni/libcni_api.c
index 7ba983af..c55c8e9d 100644
--- a/src/daemon/modules/network/cni_operator/libcni/libcni_api.c
+++ b/src/daemon/modules/network/cni_operator/libcni/libcni_api.c
@@ -81,13 +81,25 @@ struct cni_opt_result *cni_get_network_list_cached_result(const struct cni_netwo
return result;
}
-cni_cached_info *cni_get_network_list_cached_info(const char *network, const struct runtime_conf *rc)
+cni_cached_info *cni_get_network_list_cached_info(const char *network, const char *cni_version, const struct runtime_conf *rc)
{
+ bool greater = false;
if (network == NULL) {
ERROR("Empty network");
return NULL;
}
+ if (util_version_greater_than_or_equal_to(cni_version, SUPPORT_CACHE_AND_CHECK_VERSION, &greater) != 0) {
+ ERROR("Invalid cni version %s", cni_version);
+ return NULL;
+ }
+
+ // CACHE was added in CNI spec version 0.4.0 and higher
+ if (!greater) {
+ WARN("result version: %s is too old, do not save this cache", cni_version);
+ return NULL;
+ }
+
return cni_cache_read(g_module_conf.cache_dir, network, rc);
}
diff --git a/src/daemon/modules/network/cni_operator/libcni/libcni_api.h b/src/daemon/modules/network/cni_operator/libcni/libcni_api.h
index 2f10d6e9..bf16f168 100644
--- a/src/daemon/modules/network/cni_operator/libcni/libcni_api.h
+++ b/src/daemon/modules/network/cni_operator/libcni/libcni_api.h
@@ -75,7 +75,7 @@ bool cni_module_init(const char *cache_dir, const char * const *paths, size_t pa
struct cni_opt_result *cni_get_network_list_cached_result(const struct cni_network_list_conf *list,
const struct runtime_conf *rc);
-cni_cached_info *cni_get_network_list_cached_info(const char *network, const struct runtime_conf *rc);
+cni_cached_info *cni_get_network_list_cached_info(const char *network, const char *cni_version, const struct runtime_conf *rc);
int cni_add_network_list(const struct cni_network_list_conf *list, const struct runtime_conf *rc,
struct cni_opt_result **pret);
--
2.34.1

233
0146-bugfix-for-sem_wait-call-when-errno-is-EINTR.patch Normal file
View File

@ -0,0 +1,233 @@
From 70f5e98110b2c63755f283712eebbd075787081b Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Tue, 5 Nov 2024 03:15:04 +1400
Subject: [PATCH 146/156] bugfix for sem_wait call when errno is EINTR
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
src/cmd/isula/base/start.c | 4 +++-
src/cmd/isula/client_console.c | 4 +++-
src/cmd/isula/stream/attach.c | 8 ++++++--
src/cmd/isula/stream/exec.c | 4 +++-
src/cmd/isulad-shim/process.c | 4 +++-
src/cmd/isulad/main.c | 8 ++++++--
src/daemon/entry/connect/grpc/grpc_containers_service.cc | 8 ++++++--
src/daemon/entry/cri/streams/attach_serve.cc | 4 +++-
src/daemon/entry/cri/streams/websocket/ws_server.cc | 5 ++++-
src/daemon/modules/events/collector.c | 8 ++++++--
src/daemon/modules/service/io_handler.c | 4 +++-
11 files changed, 46 insertions(+), 15 deletions(-)
diff --git a/src/cmd/isula/base/start.c b/src/cmd/isula/base/start.c
index 6a066638..3f8c13ee 100644
--- a/src/cmd/isula/base/start.c
+++ b/src/cmd/isula/base/start.c
@@ -193,7 +193,9 @@ out:
void client_wait_fifo_exit(const struct client_arguments *args)
{
if (args->custom_conf.attach_stdin || args->custom_conf.attach_stdout || args->custom_conf.attach_stderr) {
- sem_wait(&g_console_waitexit_sem);
+ while(sem_wait(&g_console_waitexit_sem) == -1 && errno == EINTR) {
+ continue;
+ }
}
}
diff --git a/src/cmd/isula/client_console.c b/src/cmd/isula/client_console.c
index 555f59b6..fb6f6c05 100644
--- a/src/cmd/isula/client_console.c
+++ b/src/cmd/isula/client_console.c
@@ -259,7 +259,9 @@ int start_client_console_thread(struct command_fifo_config *console_fifos, bool
return -1;
}
- sem_wait(console_fifos->wait_open);
+ while(sem_wait(console_fifos->wait_open) == -1 && errno == EINTR) {
+ continue;
+ }
return 0;
}
diff --git a/src/cmd/isula/stream/attach.c b/src/cmd/isula/stream/attach.c
index b61c9350..bc3eb141 100644
--- a/src/cmd/isula/stream/attach.c
+++ b/src/cmd/isula/stream/attach.c
@@ -285,7 +285,9 @@ static int container_wait_thread(struct client_arguments *args, uint32_t *exit_c
(void)sem_destroy(&sem_started);
return -1;
}
- (void)sem_wait(&sem_started);
+ while(sem_wait(&sem_started) == -1 && errno == EINTR) {
+ continue;
+ }
(void)sem_destroy(&sem_started);
return 0;
}
@@ -366,7 +368,9 @@ static int client_attach(struct client_arguments *args, uint32_t *exit_code)
}
#ifndef GRPC_CONNECTOR
- sem_wait(&g_attach_waitexit_sem);
+ while(sem_wait(&g_attach_waitexit_sem) == -1 && errno == EINTR) {
+ continue;
+ }
#endif
if (clock_gettime(CLOCK_REALTIME, &ts) == -1) {
diff --git a/src/cmd/isula/stream/exec.c b/src/cmd/isula/stream/exec.c
index cacb0278..6eab4d4f 100644
--- a/src/cmd/isula/stream/exec.c
+++ b/src/cmd/isula/stream/exec.c
@@ -380,7 +380,9 @@ static int local_cmd_exec(struct client_arguments *args, uint32_t *exit_code)
ret = client_exec(args, command_fifos, exit_code);
if (ret == 0 &&
(args->custom_conf.attach_stdin || args->custom_conf.attach_stdout || args->custom_conf.attach_stderr)) {
- sem_wait(&g_command_waitexit_sem);
+ while(sem_wait(&g_command_waitexit_sem) == -1 && errno == EINTR) {
+ continue;
+ }
}
out:
delete_command_fifo(command_fifos);
diff --git a/src/cmd/isulad-shim/process.c b/src/cmd/isulad-shim/process.c
index 18fae03f..11903a5c 100644
--- a/src/cmd/isulad-shim/process.c
+++ b/src/cmd/isulad-shim/process.c
@@ -1237,7 +1237,9 @@ int process_io_start(process_t *p, pthread_t *tid_epoll)
if (ret != SHIM_OK) {
return SHIM_SYS_ERR(errno);
}
- (void)sem_wait(&p->sem_mainloop);
+ while(sem_wait(&p->sem_mainloop) == -1 && errno == EINTR) {
+ continue;
+ }
(void)sem_destroy(&p->sem_mainloop);
return SHIM_OK;
diff --git a/src/cmd/isulad/main.c b/src/cmd/isulad/main.c
index 0228caa8..7c6148fd 100644
--- a/src/cmd/isulad/main.c
+++ b/src/cmd/isulad/main.c
@@ -1648,7 +1648,9 @@ static void *do_shutdown_handler(void *arg)
prctl(PR_SET_NAME, "Shutdown");
- sem_wait(&g_daemon_shutdown_sem);
+ while(sem_wait(&g_daemon_shutdown_sem) == -1 && errno == EINTR) {
+ continue;
+ }
daemon_shutdown();
@@ -1868,7 +1870,9 @@ int main(int argc, char **argv)
server_common_start();
- sem_wait(&g_daemon_wait_shutdown_sem);
+ while(sem_wait(&g_daemon_wait_shutdown_sem) == -1 && errno == EINTR) {
+ continue;
+ }
DAEMON_CLEAR_ERRMSG();
return 0;
diff --git a/src/daemon/entry/connect/grpc/grpc_containers_service.cc b/src/daemon/entry/connect/grpc/grpc_containers_service.cc
index c5e7c275..0a46b36c 100644
--- a/src/daemon/entry/connect/grpc/grpc_containers_service.cc
+++ b/src/daemon/entry/connect/grpc/grpc_containers_service.cc
@@ -306,7 +306,9 @@ Status ContainerServiceImpl::RemoteStart(ServerContext *context,
// close pipe 1 first, make sure io copy thread exit
close(read_pipe_fd[1]);
if (container_req->attach_stderr && ret == 0) {
- (void)sem_wait(&sem);
+ while(sem_wait(&sem) == -1 && errno == EINTR) {
+ continue;
+ }
}
(void)sem_destroy(&sem);
close(read_pipe_fd[0]);
@@ -656,7 +658,9 @@ Status ContainerServiceImpl::Attach(ServerContext *context, ServerReaderWriter<A
close(pipefd[1]);
// Waiting sem, make sure the sem is posted always in attach callback.
if (container_req->attach_stderr && ret == 0) {
- (void)sem_wait(&sem_stderr);
+ while(sem_wait(&sem_stderr) == -1 && errno == EINTR) {
+ continue;
+ }
}
(void)sem_destroy(&sem_stderr);
close(pipefd[0]);
diff --git a/src/daemon/entry/cri/streams/attach_serve.cc b/src/daemon/entry/cri/streams/attach_serve.cc
index 3d59e539..9c0e56c4 100644
--- a/src/daemon/entry/cri/streams/attach_serve.cc
+++ b/src/daemon/entry/cri/streams/attach_serve.cc
@@ -145,7 +145,9 @@ int AttachServe::ExecuteStreamCommand(SessionData *lwsCtx, void *request)
WsWriteStdoutToClient(lwsCtx, message.c_str(), message.length());
} else {
// wait io copy thread complete
- (void)sem_wait(&attachSem);
+ while(sem_wait(&attachSem) == -1 && errno == EINTR) {
+ continue;
+ }
}
(void)sem_destroy(&attachSem);
diff --git a/src/daemon/entry/cri/streams/websocket/ws_server.cc b/src/daemon/entry/cri/streams/websocket/ws_server.cc
index a8d89b36..7e3225b2 100644
--- a/src/daemon/entry/cri/streams/websocket/ws_server.cc
+++ b/src/daemon/entry/cri/streams/websocket/ws_server.cc
@@ -193,7 +193,10 @@ void WebsocketServer::CloseWsSession(int socketID)
close(session->pipes.at(1));
session->pipes.at(1) = -1;
}
- (void)sem_wait(session->syncCloseSem);
+
+ while(sem_wait(session->syncCloseSem) == -1 && errno == EINTR) {
+ continue;
+ }
(void)sem_destroy(session->syncCloseSem);
delete session->syncCloseSem;
session->syncCloseSem = nullptr;
diff --git a/src/daemon/modules/events/collector.c b/src/daemon/modules/events/collector.c
index af688742..eb79bf81 100644
--- a/src/daemon/modules/events/collector.c
+++ b/src/daemon/modules/events/collector.c
@@ -932,7 +932,9 @@ int add_monitor_client(char *name, const types_timestamp_t *since, const types_t
goto sem_free;
}
- sem_wait(&context_info->context_sem);
+ while(sem_wait(&context_info->context_sem) == -1 && errno == EINTR) {
+ continue;
+ }
sem_free:
sem_destroy(&context_info->context_sem);
@@ -1002,7 +1004,9 @@ static int start_monitored()
goto out;
}
- sem_wait(msync.monitord_sem);
+ while(sem_wait(msync.monitord_sem) == -1 && errno == EINTR) {
+ continue;
+ }
sem_destroy(msync.monitord_sem);
if (monitored_exitcode) {
isulad_set_error_message("Monitored start failed");
diff --git a/src/daemon/modules/service/io_handler.c b/src/daemon/modules/service/io_handler.c
index 474fa650..f3b47737 100644
--- a/src/daemon/modules/service/io_handler.c
+++ b/src/daemon/modules/service/io_handler.c
@@ -485,7 +485,9 @@ static int start_io_copy_thread(int sync_fd, bool detach, struct io_copy_arg *co
return -1;
}
- sem_wait(&thread_arg.wait_sem);
+ while(sem_wait(&thread_arg.wait_sem) == -1 && errno == EINTR) {
+ continue;
+ }
sem_destroy(&thread_arg.wait_sem);
return 0;
}
--
2.34.1

229
0147-add-no-pivot-root-support.patch Normal file
View File

@ -0,0 +1,229 @@
From 3a925ead33267d44cafd182a85e75c9c3ac25d58 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Wed, 6 Nov 2024 15:24:30 +0800
Subject: [PATCH 147/156] add no pivot root support
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
cmake/options.cmake | 7 +++++++
src/cmd/isula/base/create.c | 7 +++++++
src/cmd/isula/base/create.h | 11 ++++++++++
src/cmd/isula/base/run.c | 3 +++
src/cmd/isula/client_arguments.h | 4 ++++
src/cmd/isula/isula_host_spec.c | 5 +++++
src/cmd/isula/isula_host_spec.h | 4 ++++
src/cmd/isulad-shim/process.c | 6 ++++++
src/daemon/modules/api/runtime_api.h | 1 +
.../modules/runtime/isula/isula_rt_ops.c | 3 +++
.../modules/service/service_container.c | 20 +++++++++++++++++++
11 files changed, 71 insertions(+)
diff --git a/cmake/options.cmake b/cmake/options.cmake
index 41177fe0..15d7044a 100644
--- a/cmake/options.cmake
+++ b/cmake/options.cmake
@@ -168,6 +168,13 @@ if (ENABLE_NATIVE_NETWORK OR ENABLE_GRPC)
set(ENABLE_NETWORK 1)
endif()
+option(ENABLE_NO_PIVOT_ROOT "Enable no pivot root" ON)
+if (ENABLE_NO_PIVOT_ROOT STREQUAL "ON")
+ add_definitions(-DENABLE_NO_PIVOT_ROOT)
+ set(ENABLE_NO_PIVOT_ROOT 1)
+ message("${Green}-- Enable no pivot root${ColourReset}")
+endif()
+
option(ENABLE_PLUGIN "enable plugin module" OFF)
if (ENABLE_PLUGIN STREQUAL "ON")
add_definitions(-DENABLE_PLUGIN=1)
diff --git a/src/cmd/isula/base/create.c b/src/cmd/isula/base/create.c
index b04dddb5..7331676a 100644
--- a/src/cmd/isula/base/create.c
+++ b/src/cmd/isula/base/create.c
@@ -1292,6 +1292,10 @@ static isula_host_config_t *request_pack_host_config(const struct client_argumen
hostconfig->publish_all = args->custom_conf.publish_all;
#endif
+#ifdef ENABLE_NO_PIVOT_ROOT
+ hostconfig->no_pivot_root = args->custom_conf.no_pivot_root;
+#endif
+
return hostconfig;
error_out:
@@ -1750,6 +1754,9 @@ int cmd_create_main(int argc, const char **argv)
COMMON_OPTIONS(g_cmd_create_args)
#ifdef ENABLE_NATIVE_NETWORK
CREATE_NETWORK_OPTIONS(g_cmd_create_args)
+#endif
+#ifdef ENABLE_NO_PIVOT_ROOT
+ NO_PIVOT_ROOT_OPTIONS(g_cmd_create_args)
#endif
};
diff --git a/src/cmd/isula/base/create.h b/src/cmd/isula/base/create.h
index 9eb471b4..b4205a88 100644
--- a/src/cmd/isula/base/create.h
+++ b/src/cmd/isula/base/create.h
@@ -39,6 +39,17 @@ extern "C" {
#define USERNS_OPT(cmdargs)
#endif
+#ifdef ENABLE_NO_PIVOT_ROOT
+#define NO_PIVOT_ROOT_OPTIONS(cmdargs) \
+ { CMD_OPT_TYPE_BOOL, \
+ false, \
+ "no-pivot", \
+ 0, \
+ &(cmdargs).custom_conf.no_pivot_root, \
+ "disable use of pivot-root (oci runtime only)", \
+ NULL },
+#endif
+
#define CREATE_OPTIONS(cmdargs) \
{ \
CMD_OPT_TYPE_BOOL, \
diff --git a/src/cmd/isula/base/run.c b/src/cmd/isula/base/run.c
index 8d48244c..15e035c1 100644
--- a/src/cmd/isula/base/run.c
+++ b/src/cmd/isula/base/run.c
@@ -150,6 +150,9 @@ int cmd_run_main(int argc, const char **argv)
CREATE_EXTEND_OPTIONS(g_cmd_run_args) RUN_OPTIONS(g_cmd_run_args)
#ifdef ENABLE_NATIVE_NETWORK
CREATE_NETWORK_OPTIONS(g_cmd_run_args)
+#endif
+#ifdef ENABLE_NO_PIVOT_ROOT
+ NO_PIVOT_ROOT_OPTIONS(g_cmd_run_args)
#endif
};
isula_libutils_default_log_config(argv[0], &lconf);
diff --git a/src/cmd/isula/client_arguments.h b/src/cmd/isula/client_arguments.h
index 76d01122..debcc903 100644
--- a/src/cmd/isula/client_arguments.h
+++ b/src/cmd/isula/client_arguments.h
@@ -237,6 +237,10 @@ struct custom_configs {
/* publish a container's port to the host */
char **publish;
#endif
+
+#ifdef ENABLE_NO_PIVOT_ROOT
+ bool no_pivot_root;
+#endif
};
struct args_cgroup_resources {
diff --git a/src/cmd/isula/isula_host_spec.c b/src/cmd/isula/isula_host_spec.c
index 9e902ed9..4c2fefa4 100644
--- a/src/cmd/isula/isula_host_spec.c
+++ b/src/cmd/isula/isula_host_spec.c
@@ -1729,6 +1729,11 @@ int generate_hostconfig(const isula_host_config_t *srcconfig, char **hostconfigs
#ifdef ENABLE_NATIVE_NETWORK
dstconfig->port_bindings = srcconfig->port_bindings;
#endif
+
+#ifdef ENABLE_NO_PIVOT_ROOT
+ dstconfig->no_pivot_root = srcconfig->no_pivot_root;
+#endif
+
*hostconfigstr = host_config_generate_json(dstconfig, &ctx, &err);
#ifdef ENABLE_NATIVE_NETWORK
dstconfig->port_bindings = NULL;
diff --git a/src/cmd/isula/isula_host_spec.h b/src/cmd/isula/isula_host_spec.h
index 25a54236..f00526e4 100644
--- a/src/cmd/isula/isula_host_spec.h
+++ b/src/cmd/isula/isula_host_spec.h
@@ -163,6 +163,10 @@ typedef struct isula_host_config {
bool publish_all;
defs_map_string_object_port_bindings *port_bindings;
#endif
+
+#ifdef ENABLE_NO_PIVOT_ROOT
+ bool no_pivot_root;
+#endif
} isula_host_config_t;
int generate_hostconfig(const isula_host_config_t *srcconfig, char **hostconfigstr);
diff --git a/src/cmd/isulad-shim/process.c b/src/cmd/isulad-shim/process.c
index 11903a5c..10d21565 100644
--- a/src/cmd/isulad-shim/process.c
+++ b/src/cmd/isulad-shim/process.c
@@ -1298,6 +1298,12 @@ static void get_runtime_cmd(process_t *p, const char *log_path, const char *pid_
params[i++] = "create";
params[i++] = "--bundle";
params[i++] = p->bundle;
+#ifdef ENABLE_NO_PIVOT_ROOT
+ if (getenv("ISULAD_RAMDISK") != NULL || p->state->no_pivot_root) {
+ params[i++] = "--no-pivot";
+ }
+#endif
+
}
params[i++] = "--pid-file";
params[i++] = pid_path;
diff --git a/src/daemon/modules/api/runtime_api.h b/src/daemon/modules/api/runtime_api.h
index bd170c30..930710ca 100644
--- a/src/daemon/modules/api/runtime_api.h
+++ b/src/daemon/modules/api/runtime_api.h
@@ -84,6 +84,7 @@ typedef struct _rt_create_params_t {
bool tty;
bool open_stdin;
const char *task_addr;
+ bool no_pivot_root;
} rt_create_params_t;
typedef struct _rt_start_params_t {
diff --git a/src/daemon/modules/runtime/isula/isula_rt_ops.c b/src/daemon/modules/runtime/isula/isula_rt_ops.c
index dc156154..e628c3fe 100644
--- a/src/daemon/modules/runtime/isula/isula_rt_ops.c
+++ b/src/daemon/modules/runtime/isula/isula_rt_ops.c
@@ -1209,6 +1209,9 @@ int rt_isula_create(const char *id, const char *runtime, const rt_create_params_
p.runtime_args_len = runtime_args_len;
p.attach_socket = attach_socket;
p.systemd_cgroup = conf_get_systemd_cgroup();
+#ifdef ENABLE_NO_PIVOT_ROOT
+ p.no_pivot_root = params->no_pivot_root;
+#endif
copy_process(&p, config->process);
copy_annotations(&p, config->annotations);
diff --git a/src/daemon/modules/service/service_container.c b/src/daemon/modules/service/service_container.c
index 4157c631..754c28ac 100644
--- a/src/daemon/modules/service/service_container.c
+++ b/src/daemon/modules/service/service_container.c
@@ -743,6 +743,23 @@ static int do_oci_spec_update(const char *id, oci_runtime_spec *oci_spec, contai
return 0;
}
+static bool pack_no_pivot_root(const container_t *cont)
+{
+ size_t i = 0;
+ bool ret = false;
+
+ ret = cont->hostconfig->no_pivot_root;
+ if (cont->common_config->config->annotations != NULL) {
+ for (i = 0; i < cont->common_config->config->annotations->len; i++) {
+ if (strcmp(cont->common_config->config->annotations->keys[i], "ISULAD_RAMDISK") == 0) {
+ ret = true;
+ break;
+ }
+ }
+ }
+ return ret;
+}
+
static int do_start_container(container_t *cont, const char *console_fifos[], bool reset_rm, pid_ppid_info_t *pid_info)
{
int ret = 0;
@@ -906,6 +923,9 @@ static int do_start_container(container_t *cont, const char *console_fifos[], bo
create_params.exit_fifo = exit_fifo;
create_params.tty = tty;
create_params.open_stdin = open_stdin;
+#ifdef ENABLE_NO_PIVOT_ROOT
+ create_params.no_pivot_root = pack_no_pivot_root(cont);
+#endif
#ifdef ENABLE_CRI_API_V1
if (cont->common_config->sandbox_info != NULL) {
create_params.task_addr = cont->common_config->sandbox_info->task_address;
--
2.34.1

227
0148-fix-issues-Isula-ps-cannot-display-port-mapping.patch Normal file
View File

@ -0,0 +1,227 @@
From 6d5121eacdb42a4dd7c2ea498c534b893b80e405 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E6=AD=A6=E7=A7=AF=E8=B6=85?= <wujichao1@huawei.com>
Date: Thu, 7 Nov 2024 20:17:41 +0800
Subject: [PATCH 148/156] fix issues: Isula ps cannot display port mapping
---
src/api/services/containers/container.proto | 1 +
.../connect/grpc/grpc_containers_client.cc | 2 +
src/client/connect/protocol_type.c | 4 ++
src/client/connect/protocol_type.h | 1 +
src/cmd/isula/information/ps.c | 9 ++-
.../connect/grpc/container/list_service.cc | 3 +
src/daemon/executor/container_cb/list.c | 2 +
src/daemon/modules/api/container_api.h | 2 +
src/daemon/modules/container/container_unix.c | 56 ++++++++++++++++++-
9 files changed, 77 insertions(+), 3 deletions(-)
diff --git a/src/api/services/containers/container.proto b/src/api/services/containers/container.proto
index 8d05681e..113fcb10 100644
--- a/src/api/services/containers/container.proto
+++ b/src/api/services/containers/container.proto
@@ -65,6 +65,7 @@ message Container {
string name = 16;
string health_state = 17;
int64 created = 18;
+ string ports = 19;
}
message Container_info {
diff --git a/src/client/connect/grpc/grpc_containers_client.cc b/src/client/connect/grpc/grpc_containers_client.cc
index adeac0ba..f042290e 100644
--- a/src/client/connect/grpc/grpc_containers_client.cc
+++ b/src/client/connect/grpc/grpc_containers_client.cc
@@ -1241,6 +1241,8 @@ private:
util_strdup_s("none");
response->container_summary[index]->command = !in.command().empty() ? util_strdup_s(in.command().c_str()) :
util_strdup_s("-");
+ response->container_summary[index]->ports = !in.ports().empty() ? util_strdup_s(in.ports().c_str()) :
+ nullptr;
const char *starttime = !in.startat().empty() ? in.startat().c_str() : "-";
response->container_summary[index]->startat = util_strdup_s(starttime);
diff --git a/src/client/connect/protocol_type.c b/src/client/connect/protocol_type.c
index 57dcf753..d0ab9732 100644
--- a/src/client/connect/protocol_type.c
+++ b/src/client/connect/protocol_type.c
@@ -531,6 +531,10 @@ void isula_list_response_free(struct isula_list_response *response)
free(response->container_summary[i]->command);
response->container_summary[i]->command = NULL;
}
+ if (response->container_summary[i]->ports != NULL) {
+ free(response->container_summary[i]->ports);
+ response->container_summary[i]->ports = NULL;
+ }
if (response->container_summary[i]->startat != NULL) {
free(response->container_summary[i]->startat);
response->container_summary[i]->startat = NULL;
diff --git a/src/client/connect/protocol_type.h b/src/client/connect/protocol_type.h
index 2b445c5a..02e315bf 100644
--- a/src/client/connect/protocol_type.h
+++ b/src/client/connect/protocol_type.h
@@ -204,6 +204,7 @@ struct isula_container_summary_info {
char *id;
char *image;
char *command;
+ char *ports;
char *name;
Container_Status status;
uint32_t exit_code;
diff --git a/src/cmd/isula/information/ps.c b/src/cmd/isula/information/ps.c
index 13c35dc7..6bdc157f 100644
--- a/src/cmd/isula/information/ps.c
+++ b/src/cmd/isula/information/ps.c
@@ -332,7 +332,8 @@ static void print_basic_container_info_item(const struct isula_container_summary
} else if (strcmp(name, "Created") == 0) {
print_created_field(in->created, length->created_length);
} else if (strcmp(name, "Ports") == 0) {
- printf("%-*s", (int)length->ports_length, " ");
+ const char *ports = (in->ports != NULL ? in->ports : "N/A");
+ printf("%-*s", (int)length->ports_length, ports);
}
}
@@ -515,6 +516,12 @@ static void list_field_width(struct isula_container_summary_info **info, const s
l->command_length = (unsigned int)cmd_len;
}
}
+ if (in->ports != NULL) {
+ size_t ports_len = strlen(in->ports);
+ if (ports_len > l->ports_length) {
+ l->ports_length = (unsigned int)ports_len;
+ }
+ }
calculate_str_length(in->name, &l->name_length);
calculate_str_length(in->runtime, &l->runtime_length);
diff --git a/src/daemon/entry/connect/grpc/container/list_service.cc b/src/daemon/entry/connect/grpc/container/list_service.cc
index e831acbc..dfd48191 100644
--- a/src/daemon/entry/connect/grpc/container/list_service.cc
+++ b/src/daemon/entry/connect/grpc/container/list_service.cc
@@ -121,6 +121,9 @@ void ContainerListService::FillResponseTogRPC(void *containerRes, containers::Li
if (response->containers[i]->command != nullptr) {
container->set_command(response->containers[i]->command);
}
+ if (response->containers[i]->ports != nullptr) {
+ container->set_ports(response->containers[i]->ports);
+ }
container->set_exit_code(response->containers[i]->exit_code);
container->set_restartcount(response->containers[i]->restartcount);
if (response->containers[i]->startat != nullptr) {
diff --git a/src/daemon/executor/container_cb/list.c b/src/daemon/executor/container_cb/list.c
index 243eb4d2..2e8c7a79 100644
--- a/src/daemon/executor/container_cb/list.c
+++ b/src/daemon/executor/container_cb/list.c
@@ -609,6 +609,8 @@ static int fill_container_info(container_container *container_info, const contai
container_info->status = (int)container_state_judge_status(cont_state);
+ container_info->ports = container_get_ports(cont);
+
container_info->command = container_get_command(cont);
image = container_get_image(cont);
container_info->image = image ? image : util_strdup_s("none");
diff --git a/src/daemon/modules/api/container_api.h b/src/daemon/modules/api/container_api.h
index a6ec8e22..e4d7fc25 100644
--- a/src/daemon/modules/api/container_api.h
+++ b/src/daemon/modules/api/container_api.h
@@ -185,6 +185,8 @@ int container_v2_spec_merge_container_spec(container_config_v2_common_config *v2
char *container_get_command(const container_t *cont);
+char *container_get_ports(const container_t *cont);
+
char *container_get_image(const container_t *cont);
int container_exit_on_next(container_t *cont);
diff --git a/src/daemon/modules/container/container_unix.c b/src/daemon/modules/container/container_unix.c
index 6f345ea0..812ab9e1 100644
--- a/src/daemon/modules/container/container_unix.c
+++ b/src/daemon/modules/container/container_unix.c
@@ -20,6 +20,7 @@
#include <isula_libutils/container_config_v2.h>
#include <isula_libutils/host_config.h>
#include <isula_libutils/json_common.h>
+#include <isula_libutils/auto_cleanup.h>
#include <limits.h>
#include <pthread.h>
#include <stdbool.h>
@@ -1253,7 +1254,7 @@ char *container_get_command(const container_t *cont)
if (cont->common_config->path != NULL) {
nret = util_array_append(&args, cont->common_config->path);
if (nret < 0) {
- ERROR("Appned string failed");
+ ERROR("Append string failed");
goto cleanup;
}
}
@@ -1268,7 +1269,7 @@ char *container_get_command(const container_t *cont)
nret = util_array_append(&args, arg);
free(arg);
if (nret < 0) {
- ERROR("Appned string failed");
+ ERROR("Append string failed");
goto cleanup;
}
}
@@ -1280,6 +1281,57 @@ cleanup:
return cmd;
}
+/* container get ports */
+char *container_get_ports(const container_t *cont)
+{
+ int nret;
+ size_t i, j, ports_num = 0;
+ __isula_auto_array_t char **args = NULL;
+ char *ports = NULL;
+
+ if (cont == NULL || cont->hostconfig == NULL || cont->hostconfig->port_bindings == NULL) {
+ return NULL;
+ }
+
+ for (i = 0; cont->hostconfig->port_bindings->keys != NULL && i < cont->hostconfig->port_bindings->len; i++) {
+ for (j = 0; j < cont->hostconfig->port_bindings->values[i]->element->host_len; j++) {
+ __isula_auto_free char *arg = NULL;
+ char *host_ip = cont->hostconfig->port_bindings->values[i]->element->host[j]->host_ip;
+ if (host_ip == NULL) {
+ host_ip = "0.0.0.0";
+ }
+ char *host_port = cont->hostconfig->port_bindings->values[i]->element->host[j]->host_port;
+ if (host_port == NULL) {
+ host_port = "";
+ }
+ char *cont_port_type = cont->hostconfig->port_bindings->keys[i];
+ if (cont_port_type == NULL) {
+ cont_port_type = "";
+ }
+ size_t total_len = strlen(host_ip) + strlen(host_port) + strlen(cont_port_type) + 4; // 4 for ":->" and null terminator
+ arg = util_common_calloc_s(total_len);
+ if (arg == NULL) {
+ ERROR("Out of memory");
+ return ports;
+ }
+ nret = snprintf(arg, total_len, "%s:%s->%s", host_ip, host_port, cont_port_type);
+ if (nret < 0 || (size_t)nret >= total_len) {
+ ERROR("Failed to print string");
+ return ports;
+ }
+ nret = util_array_append(&args, arg);
+ if (nret < 0) {
+ ERROR("Append string failed");
+ return ports;
+ }
+ ports_num++;
+ }
+ }
+ ports = util_string_join(", ", (const char **)args, ports_num);
+
+ return ports;
+}
+
/* container get image */
char *container_get_image(const container_t *cont)
{
--
2.34.1

87
0149-move-nri-call-in-stop-and-remove-con.patch Normal file
View File

@ -0,0 +1,87 @@
From db60c64138b45539fe70282c853ac2dae5954924 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Thu, 14 Nov 2024 17:34:49 +0800
Subject: [PATCH 149/156] move nri call in stop and remove con
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
src/daemon/common/cri/cri_helpers.cc | 18 ++++++++++++++++++
.../cri/v1/v1_cri_container_manager_service.cc | 14 --------------
2 files changed, 18 insertions(+), 14 deletions(-)
diff --git a/src/daemon/common/cri/cri_helpers.cc b/src/daemon/common/cri/cri_helpers.cc
index a8cbd996..aa8e3c19 100644
--- a/src/daemon/common/cri/cri_helpers.cc
+++ b/src/daemon/common/cri/cri_helpers.cc
@@ -32,6 +32,10 @@
#include "isulad_config.h"
#include "sha256.h"
+#ifdef ENABLE_NRI
+#include "nri_adaption.h"
+#endif
+
namespace CRIHelpers {
const std::string Constants::POD_NETWORK_ANNOTATION_KEY { "network.alpha.kubernetes.io/network" };
const std::string Constants::CONTAINER_TYPE_LABEL_KEY { "cri.isulad.type" };
@@ -660,6 +664,13 @@ void RemoveContainerHelper(service_executor_t *cb, const std::string &containerI
goto cleanup;
}
+#ifdef ENABLE_NRI
+ if (!NRIAdaptation::GetInstance()->RemoveContainer(containerID, error)) {
+ ERROR("NRI RemoveContainer notification failed: %s", error.GetCMessage());
+ }
+ error.Clear();
+#endif
+
if (cb->container.remove(request, &response) != 0) {
if (response != nullptr && response->errmsg != nullptr) {
error.SetError(response->errmsg);
@@ -719,6 +730,13 @@ void StopContainerHelper(service_executor_t *cb, const std::string &containerID,
error.SetError(msg);
}
+#ifdef ENABLE_NRI
+ if (!NRIAdaptation::GetInstance()->StopContainer(containerID, error)) {
+ ERROR("NRI StopContainer notification failed: %s", error.GetCMessage());
+ }
+ error.Clear();
+#endif
+
free_container_stop_request(request);
free_container_stop_response(response);
}
diff --git a/src/daemon/entry/cri/v1/v1_cri_container_manager_service.cc b/src/daemon/entry/cri/v1/v1_cri_container_manager_service.cc
index 1e84d14c..b585b49c 100644
--- a/src/daemon/entry/cri/v1/v1_cri_container_manager_service.cc
+++ b/src/daemon/entry/cri/v1/v1_cri_container_manager_service.cc
@@ -618,25 +618,11 @@ cleanup:
void ContainerManagerService::StopContainer(const std::string &containerID, int64_t timeout, Errors &error)
{
-#ifdef ENABLE_NRI
- Errors nriErr;
-#endif
CRIHelpers::StopContainer(m_cb, containerID, timeout, error);
-#ifdef ENABLE_NRI
- if (!NRIAdaptation::GetInstance()->StopContainer(containerID, nriErr)) {
- ERROR("NRI StopContainer notification failed: %s", nriErr.GetCMessage());
- }
-#endif
}
void ContainerManagerService::RemoveContainer(const std::string &containerID, Errors &error)
{
-#ifdef ENABLE_NRI
- Errors nriErr;
- if (!NRIAdaptation::GetInstance()->RemoveContainer(containerID, nriErr)) {
- ERROR("NRI RemoveContainer notification failed: %s", nriErr.GetCMessage());
- }
-#endif
CRIHelpers::RemoveContainer(m_cb, containerID, error);
if (error.NotEmpty()) {
WARN("Failed to remove container %s", containerID.c_str());
--
2.34.1

548
0150-add-missing-con-linux-info-for-nri-module.patch Normal file
View File

@ -0,0 +1,548 @@
From 140166e0f385a2f23502efeeba4113536736c3c8 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Thu, 14 Nov 2024 16:45:08 +0800
Subject: [PATCH 150/156] add missing con linux info for nri module
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
src/daemon/common/nri/nri_convert.cc | 482 ++++++++++++++++++++++++++-
1 file changed, 480 insertions(+), 2 deletions(-)
diff --git a/src/daemon/common/nri/nri_convert.cc b/src/daemon/common/nri/nri_convert.cc
index 30caf1dd..d862d992 100644
--- a/src/daemon/common/nri/nri_convert.cc
+++ b/src/daemon/common/nri/nri_convert.cc
@@ -15,12 +15,16 @@
#include "nri_convert.h"
+#include <sys/stat.h>
+#include <sys/sysmacros.h>
+
#include "container_api.h"
#include "v1_cri_helpers.h"
#include "path.h"
#include "transform.h"
#include "nri_utils.h"
#include "cstruct_wrapper.h"
+#include "specs_api.h"
static int64_t DefaultOOMScoreAdj = 0;
@@ -385,6 +389,462 @@ error_out:
return false;
}
+static int ConvertDevice(const char *host_path, const char *container_path, const char *permissions,
+ nri_linux_device &device, nri_linux_device_cgroup &deviceCgroup)
+{
+ int ret = 0;
+ struct stat st;
+ const char *dev_type = NULL;
+ unsigned int file_mode = 0;
+
+ if (host_path == NULL) {
+ return -1;
+ }
+
+ ret = stat(host_path, &st);
+ if (ret < 0) {
+ ERROR("device %s no exists", host_path);
+ return -1;
+ }
+
+ file_mode = st.st_mode & 0777;
+
+ /* check device type first */
+ if (S_ISBLK(st.st_mode)) {
+ file_mode |= S_IFBLK;
+ dev_type = "b";
+ } else if (S_ISCHR(st.st_mode)) {
+ file_mode |= S_IFCHR;
+ dev_type = "c";
+ } else {
+ ERROR("Cannot determine the device number for device %s", host_path);
+ return -1;
+ }
+
+ /* fill spec dev */
+ device.major = (int64_t)major(st.st_rdev);
+ device.minor = (int64_t)minor(st.st_rdev);
+ device.uid = (uint32_t *)util_common_calloc_s(sizeof(uint32_t*));
+ if (device.uid == nullptr) {
+ ERROR("Out of memory");
+ return -1;
+ }
+ *(device.uid) = st.st_uid;
+ device.gid = (uint32_t *)util_common_calloc_s(sizeof(uint32_t*));
+ if (device.gid == nullptr) {
+ ERROR("Out of memory");
+ return -1;
+ }
+ *(device.gid) = st.st_gid;
+ device.file_mode = (uint32_t *)util_common_calloc_s(sizeof(uint32_t));
+ if (device.file_mode == nullptr) {
+ ERROR("Out of memory");
+ return -1;
+ }
+ *(device.file_mode) = (int)file_mode;
+ device.type = util_strdup_s(dev_type);
+ device.path = util_strdup_s(container_path);
+
+ /* fill spec cgroup dev */
+ deviceCgroup.allow = true;
+ deviceCgroup.access = util_strdup_s(permissions);
+ deviceCgroup.type = util_strdup_s(dev_type);
+ deviceCgroup.major = (int64_t *)util_common_calloc_s(sizeof(int64_t));
+ if (deviceCgroup.major == nullptr) {
+ ERROR("Out of memory");
+ return -1;
+ }
+ *(deviceCgroup.major) = (int64_t)major(st.st_rdev);
+ deviceCgroup.minor = (int64_t *)util_common_calloc_s(sizeof(int64_t));
+ if (deviceCgroup.minor == nullptr) {
+ ERROR("Out of memory");
+ return -1;
+ }
+ *(deviceCgroup.minor) = (int64_t)minor(st.st_rdev);
+
+ return 0;
+}
+
+static int ConvertHostConfigDevices(const host_config_devices_element *dev_map, nri_linux_device &device,
+ nri_linux_device_cgroup &deviceCgroup)
+{
+ return ConvertDevice(dev_map->path_on_host, dev_map->path_in_container,
+ dev_map->cgroup_permissions, device, deviceCgroup);
+}
+
+static int ConLinuxDeviceToNRI(const host_config *config, nri_container &con)
+{
+ size_t i;
+
+ if (config->devices_len == 0 && config->nri_devices_len == 0) {
+ return 0;
+ }
+ con.linux->devices = (nri_linux_device **)util_smart_calloc_s(sizeof(nri_linux_device *),
+ config->devices_len + config->nri_devices_len);
+ if (con.linux->devices == nullptr) {
+ ERROR("Out of memory");
+ return -1;
+ }
+
+ con.linux->resources->devices = (nri_linux_device_cgroup **)util_smart_calloc_s(sizeof(nri_linux_device_cgroup *),
+ config->devices_len);
+ if (con.linux->resources->devices == nullptr) {
+ ERROR("Out of memory");
+ return -1;
+ }
+
+ for (i = 0; i < config->devices_len; i++) {
+ nri_linux_device *device = (nri_linux_device *)util_common_calloc_s(sizeof(nri_linux_device));
+ if (device == nullptr) {
+ ERROR("Out of memory");
+ return -1;
+ }
+
+ nri_linux_device_cgroup *deviceCgroup = (nri_linux_device_cgroup *)util_common_calloc_s(sizeof(
+ nri_linux_device_cgroup));
+ if (deviceCgroup == nullptr) {
+ ERROR("Out of memory");
+ free_nri_linux_device(device);
+ return -1;
+ }
+
+ if (ConvertHostConfigDevices(config->devices[i], *device, *deviceCgroup) != 0) {
+ ERROR("Failed to convert host config devices");
+ free_nri_linux_device(device);
+ free_nri_linux_device_cgroup(deviceCgroup);
+ return -1;
+ }
+
+ con.linux->devices[i] = device;
+ con.linux->resources->devices[i] = deviceCgroup;
+ con.linux->devices_len++;
+ con.linux->resources->devices_len++;
+ }
+
+ for (i = 0; i < config->nri_devices_len; i++) {
+ nri_linux_device *device = (nri_linux_device *)util_common_calloc_s(sizeof(nri_linux_device));
+ if (device == nullptr) {
+ ERROR("Out of memory");
+ return -1;
+ }
+
+ device->file_mode = (uint32_t *)util_common_calloc_s(sizeof(uint32_t));
+ if (device->file_mode == nullptr) {
+ ERROR("Out of memory");
+ free_nri_linux_device(device);
+ return -1;
+ }
+ *(device->file_mode) = config->nri_devices[i]->file_mode;
+
+ device->path = util_strdup_s(config->nri_devices[i]->path);
+ device->type = util_strdup_s(config->nri_devices[i]->type);
+ device->major = config->nri_devices[i]->major;
+ device->minor = config->nri_devices[i]->minor;
+
+ device->uid = (uint32_t *)util_common_calloc_s(sizeof(uint32_t));
+ if (device->uid == nullptr) {
+ ERROR("Out of memory");
+ free_nri_linux_device(device);
+ return -1;
+ }
+ *(device->uid) = config->nri_devices[i]->uid;
+
+ device->gid = (uint32_t *)util_common_calloc_s(sizeof(uint32_t));
+ if (device->gid == nullptr) {
+ ERROR("Out of memory");
+ free_nri_linux_device(device);
+ return -1;
+ }
+ *(device->gid) = config->nri_devices[i]->gid;
+ con.linux->devices[i + config->devices_len] = device;
+ con.linux->devices_len++;
+ }
+
+ return 0;
+}
+
+static int ConvertCRIV1Devices(const ::runtime::v1::Device &dev_map, nri_linux_device &device,
+ nri_linux_device_cgroup &deviceCgroup)
+{
+ return ConvertDevice(dev_map.host_path().c_str(), dev_map.container_path().c_str(),
+ dev_map.permissions().c_str(), device, deviceCgroup);
+}
+
+static bool ConLinuxResourcesCpuToNRI(const host_config *config, nri_linux_cpu &cpu)
+{
+ cpu.shares = (uint64_t *)util_common_calloc_s(sizeof(uint64_t));
+ if (cpu.shares == nullptr) {
+ ERROR("Out of memory");
+ return false;
+ }
+ *(cpu.shares) = config->cpu_shares;
+
+ cpu.quota = (int64_t *)util_common_calloc_s(sizeof(int64_t));
+ if (cpu.quota == nullptr) {
+ ERROR("Out of memory");
+ return false;
+ }
+ *(cpu.quota) = config->cpu_quota;
+
+ cpu.period = (uint64_t *)util_common_calloc_s(sizeof(uint64_t));
+ if (cpu.period == nullptr) {
+ ERROR("Out of memory");
+ return false;
+ }
+ *(cpu.period) = config->cpu_period;
+
+ cpu.cpus = util_strdup_s(config->cpuset_cpus);
+ cpu.mems = util_strdup_s(config->cpuset_mems);
+
+ return true;
+}
+
+static bool ConLinuxResourcesMemoryToNRI(const host_config *config, nri_linux_memory &memory)
+{
+ memory.limit = (int64_t *)util_common_calloc_s(sizeof(int64_t));
+ if (memory.limit == nullptr) {
+ ERROR("Out of memory");
+ return false;
+ }
+ *(memory.limit) = config->memory;
+
+ memory.reservation = (int64_t *)util_common_calloc_s(sizeof(int64_t));
+ if (memory.reservation == nullptr) {
+ ERROR("Out of memory");
+ return false;
+ }
+
+ *(memory.reservation) = config->memory_reservation;
+
+ memory.swap = (int64_t *)util_common_calloc_s(sizeof(int64_t));
+ if (memory.swap == nullptr) {
+ ERROR("Out of memory");
+ return false;
+ }
+ *(memory.swap) = config->memory_swap;
+
+ memory.kernel = (int64_t *)util_common_calloc_s(sizeof(int64_t));
+ if (memory.kernel == nullptr) {
+ ERROR("Out of memory");
+ return false;
+ }
+ *(memory.kernel) = config->kernel_memory;
+
+ // isulad has not set kernel_tcp
+ memory.kernel_tcp = nullptr;
+
+ if (config->memory_swappiness != nullptr) {
+ memory.swappiness = (uint64_t *)util_common_calloc_s(sizeof(uint64_t));
+ if (memory.swappiness == nullptr) {
+ ERROR("Out of memory");
+ return false;
+ }
+ *(memory.swappiness) = *(config->memory_swappiness);
+ }
+
+ memory.disable_oom_killer = (uint8_t *)util_common_calloc_s(sizeof(uint8_t));
+ if (memory.disable_oom_killer == nullptr) {
+ ERROR("Out of memory");
+ return false;
+ }
+ *(memory.disable_oom_killer) = config->oom_kill_disable;
+
+ // isulad has not set use_hierarchy
+ memory.use_hierarchy = (uint8_t *)util_common_calloc_s(sizeof(uint8_t));
+ if (memory.use_hierarchy == nullptr) {
+ ERROR("Out of memory");
+ return false;
+ }
+ *(memory.use_hierarchy) = false;
+ return true;
+}
+
+auto ConLinuxResourcesToNRI(const host_config *config) -> nri_linux_resources *
+{
+ nri_linux_resources *resources = nullptr;
+ size_t i;
+
+ resources = init_nri_linux_resources();
+ if (resources == nullptr) {
+ ERROR("Failed to init nri linux resources");
+ return nullptr;
+ }
+
+ if (!ConLinuxResourcesCpuToNRI(config, *resources->cpu)) {
+ ERROR("Failed to transform cpu to nri");
+ goto error_out;
+ }
+
+ if (!ConLinuxResourcesMemoryToNRI(config, *resources->memory)) {
+ ERROR("Failed to transform memory to nri");
+ goto error_out;
+ }
+
+ resources->hugepage_limits = (nri_hugepage_limit **)util_smart_calloc_s(sizeof(nri_hugepage_limit *),
+ config->hugetlbs_len);
+ if (resources->hugepage_limits == nullptr) {
+ ERROR("Out of memory");
+ goto error_out;
+ }
+
+ for (i = 0; i < config->hugetlbs_len; i++) {
+ resources->hugepage_limits[i] = (nri_hugepage_limit *)util_common_calloc_s(sizeof(nri_hugepage_limit));
+ if (resources->hugepage_limits[i] == nullptr) {
+ ERROR("Out of memory");
+ goto error_out;
+ }
+ resources->hugepage_limits[i]->page_size = util_strdup_s(config->hugetlbs[i]->page_size);
+ resources->hugepage_limits[i]->limit = config->hugetlbs[i]->limit;
+ resources->hugepage_limits_len++;
+ }
+
+ // resources.blockio_class is not support
+ // resources.rdt_class is not support
+ // They are not standard fields in oci spec
+
+ if (dup_json_map_string_string(config->unified, resources->unified) != 0) {
+ ERROR("Failed to copy unified map");
+ goto error_out;
+ }
+
+ // resources.devices is set in ConLinuxDeviceToNRI
+
+ return resources;
+
+error_out:
+ free_nri_linux_resources(resources);
+ resources = nullptr;
+ return resources;
+}
+
+static bool ConLinuxToNRI(const char *id, const host_config *config, nri_container &con)
+{
+ con.linux = (nri_linux_container *)util_common_calloc_s(sizeof(nri_linux_container));
+ if (con.linux == nullptr) {
+ ERROR("Out of memory");
+ return false;
+ }
+
+ con.linux->resources = ConLinuxResourcesToNRI(config);
+ if (con.linux->resources == nullptr) {
+ ERROR("Failed to transform resources to nri for con : %s", id);
+ return false;
+ }
+
+ if (ConLinuxDeviceToNRI(config, con) != 0) {
+ ERROR("Failed to transform devices to nri for con : %s", id);
+ return false;
+ }
+
+ con.linux->oom_score_adj = (int64_t *)util_common_calloc_s(sizeof(int64_t));
+ if (con.linux->oom_score_adj == nullptr) {
+ ERROR("Out of memory");
+ return false;
+ }
+
+ *(con.linux->oom_score_adj) = config->oom_score_adj;
+
+ con.linux->cgroups_path = merge_container_cgroups_path(id, config);
+ if (con.linux->cgroups_path == NULL) {
+ WARN("nri container cgroups path is NULL");
+ }
+ return true;
+}
+
+static int ConConfigLinuxDeviceToNRI(const runtime::v1::ContainerConfig &containerConfig, nri_container &con)
+{
+ int i;
+ int conConfigDevicesSize = containerConfig.devices_size();
+
+ if (conConfigDevicesSize == 0) {
+ return 0;
+ }
+ con.linux->devices = (nri_linux_device **)util_smart_calloc_s(sizeof(nri_linux_device *), conConfigDevicesSize);
+ if (con.linux->devices == nullptr) {
+ ERROR("Out of memory");
+ return -1;
+ }
+
+ if (con.linux->resources == nullptr) {
+ con.linux->resources = init_nri_linux_resources();
+ if (con.linux->resources == nullptr) {
+ ERROR("Failed to init nri linux resources");
+ return -1;
+ }
+ }
+
+ con.linux->resources->devices = (nri_linux_device_cgroup **)util_smart_calloc_s(sizeof(nri_linux_device_cgroup *),
+ conConfigDevicesSize);
+ if (con.linux->resources->devices == nullptr) {
+ ERROR("Out of memory");
+ return -1;
+ }
+
+ for (i = 0; i < conConfigDevicesSize; i++) {
+ nri_linux_device *device = (nri_linux_device *)util_common_calloc_s(sizeof(nri_linux_device));
+ if (device == nullptr) {
+ ERROR("Out of memory");
+ return -1;
+ }
+
+ nri_linux_device_cgroup *deviceCgroup = (nri_linux_device_cgroup *)util_common_calloc_s(sizeof(
+ nri_linux_device_cgroup));
+ if (deviceCgroup == nullptr) {
+ ERROR("Out of memory");
+ free_nri_linux_device(device);
+ return -1;
+ }
+
+ if (ConvertCRIV1Devices(containerConfig.devices(i), *device, *deviceCgroup) != 0) {
+ ERROR("Failed to convert CRI v1 devices");
+ free_nri_linux_device(device);
+ free_nri_linux_device_cgroup(deviceCgroup);
+ return -1;
+ }
+
+ con.linux->devices[i] = device;
+ con.linux->resources->devices[i] = deviceCgroup;
+ con.linux->devices_len++;
+ con.linux->resources->devices_len++;
+ }
+
+ return 0;
+}
+
+static bool ConConfigLinuxToNRI(const runtime::v1::ContainerConfig &containerConfig, nri_container &con)
+{
+ const char *name = containerConfig.metadata().name().c_str();
+ con.linux = (nri_linux_container *)util_common_calloc_s(sizeof(nri_linux_container));
+ if (con.linux == nullptr) {
+ ERROR("Out of memory");
+ return false;
+ }
+
+ if (containerConfig.has_linux() && containerConfig.linux().has_resources()) {
+ con.linux->resources = LinuxResourcesToNRI(containerConfig.linux().resources());
+ if (con.linux->resources == nullptr) {
+ ERROR("Failed to transform resources to nri for con : %s", name);
+ return false;
+ }
+
+ con.linux->oom_score_adj = (int64_t *)util_common_calloc_s(sizeof(int64_t));
+ if (con.linux->oom_score_adj == nullptr) {
+ ERROR("Out of memory");
+ return false;
+ }
+ *(con.linux->oom_score_adj) = containerConfig.linux().resources().oom_score_adj();
+ }
+
+ if (ConConfigLinuxDeviceToNRI(containerConfig, con) != 0) {
+ ERROR("Failed to convert devices to nri for con : %s", name);
+ return false;
+ }
+
+ // ContainerToNRIByConfig is called when CreateContainer, and cannot get pid at this time
+ con.linux->cgroups_path = NULL;
+ return true;
+}
+
// container info is incomplete because container in excution is not created
auto ContainerToNRIByConConfig(const runtime::v1::ContainerConfig &containerConfig, nri_container &con) -> bool
{
@@ -395,6 +855,9 @@ auto ContainerToNRIByConConfig(const runtime::v1::ContainerConfig &containerConf
Errors tmpError;
+ // ContainerToNRIByConfig is called when CreateConatiner, and the status is 0(CONTAINER_UNKNOWN) at this time
+ con.state = 0;
+
con.labels = Transform::ProtobufMapToJsonMapForString(containerConfig.labels(), tmpError);
if (con.labels == nullptr) {
ERROR("Failed to transform labels to nri for con : %s, : %s", con.name, tmpError.GetMessage().c_str());
@@ -426,9 +889,18 @@ auto ContainerToNRIByConConfig(const runtime::v1::ContainerConfig &containerConf
ERROR("Failed to transform mounts to nri for con : %s", con.name);
return false;
}
- return true;
- // todo: can not get container hooks and pid from containerConfig
+ if (!ConConfigLinuxToNRI(containerConfig, con)) {
+ ERROR("Failed to convert conatiner linux info to nri for con : %s", con.name);
+ return false;
+ }
+
+ // todo: CRI module can not get container hooks from containerConfig
+ // ContainerToNRIByConfig is called when CreateConatiner, and cannot get pid at this time
+
+ // rlimit not support in containerd
+
+ return true;
}
// container info is incomplete because container in excution is not created
@@ -486,6 +958,11 @@ auto ContainerToNRIByID(const std::string &id, nri_container &con) -> bool
goto out;
}
+ if (!ConLinuxToNRI(cont->common_config->id, cont->hostconfig, con)) {
+ ERROR("Failed to transform conatiner linux info to nri for con : %s", con.name);
+ goto out;
+ }
+
// todo: can convert hostconfig's hook_spec to nri spec
con.pid = container_state_get_pid(cont->state);
@@ -644,6 +1121,7 @@ auto ContainersToNRI(std::vector<std::unique_ptr<runtime::v1::Container>> &conta
}
if (!ContainerToNRIByID(containers[i].get()->id(), *con)) {
ERROR("Failed to transform container to nri for container : %s", containers[i]->metadata().name().c_str());
+ free_nri_container(con);
return false;
}
cons.push_back(con);
--
2.34.1

1600
0151-sandbox-sandbox-api-update.patch Normal file
View File

File diff suppressed because it is too large Load Diff

48
0152-add-omitted-macro-definition.patch Normal file
View File

@ -0,0 +1,48 @@
From 9aadae1a71243bab41f5bf43c60f8f1b72806d54 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Fri, 22 Nov 2024 02:40:13 +1400
Subject: [PATCH 152/156] add omitted macro definition
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
src/daemon/modules/api/runtime_api.h | 2 ++
src/daemon/modules/service/service_container.c | 2 ++
2 files changed, 4 insertions(+)
diff --git a/src/daemon/modules/api/runtime_api.h b/src/daemon/modules/api/runtime_api.h
index 930710ca..1f23efe3 100644
--- a/src/daemon/modules/api/runtime_api.h
+++ b/src/daemon/modules/api/runtime_api.h
@@ -84,7 +84,9 @@ typedef struct _rt_create_params_t {
bool tty;
bool open_stdin;
const char *task_addr;
+#ifdef ENABLE_NO_PIVOT_ROOT
bool no_pivot_root;
+#endif
} rt_create_params_t;
typedef struct _rt_start_params_t {
diff --git a/src/daemon/modules/service/service_container.c b/src/daemon/modules/service/service_container.c
index 754c28ac..8e80e936 100644
--- a/src/daemon/modules/service/service_container.c
+++ b/src/daemon/modules/service/service_container.c
@@ -743,6 +743,7 @@ static int do_oci_spec_update(const char *id, oci_runtime_spec *oci_spec, contai
return 0;
}
+#ifdef ENABLE_NO_PIVOT_ROOT
static bool pack_no_pivot_root(const container_t *cont)
{
size_t i = 0;
@@ -759,6 +760,7 @@ static bool pack_no_pivot_root(const container_t *cont)
}
return ret;
}
+#endif
static int do_start_container(container_t *cont, const char *console_fifos[], bool reset_rm, pid_ppid_info_t *pid_info)
{
--
2.34.1

4272
0153-sandbox-sandbox-api-adapt-rust-interface.patch Normal file
View File

File diff suppressed because it is too large Load Diff

25
0154-add-linux-capability.h-head-file.patch Normal file
View File

@ -0,0 +1,25 @@
From 94cf20fe53c0a42f703dd6a0122c619c0ee06715 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Sat, 23 Nov 2024 03:45:22 +1400
Subject: [PATCH 154/156] add linux/capability.h head file
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
src/utils/cutils/utils_cap.h | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/utils/cutils/utils_cap.h b/src/utils/cutils/utils_cap.h
index c7e78ac2..e741b565 100644
--- a/src/utils/cutils/utils_cap.h
+++ b/src/utils/cutils/utils_cap.h
@@ -18,6 +18,7 @@
#include <stdbool.h>
#include <stddef.h>
+#include <linux/capability.h>
#ifdef __cplusplus
extern "C" {
--
2.34.1

34
0155-sandbox-fix-unused-variables.patch Normal file
View File

@ -0,0 +1,34 @@
From baa25031fcf68443bc1262bebec69a54fed38d88 Mon Sep 17 00:00:00 2001
From: liuxu <liuxu156@huawei.com>
Date: Mon, 25 Nov 2024 15:18:13 +0800
Subject: [PATCH 155/156] sandbox:fix unused variables
Signed-off-by: liuxu <liuxu156@huawei.com>
---
.../sandboxer/controller/client/grpc_sandboxer_client.cc | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/src/daemon/sandbox/sandboxer/controller/client/grpc_sandboxer_client.cc b/src/daemon/sandbox/sandboxer/controller/client/grpc_sandboxer_client.cc
index d7ff76d7..5b7f3c1c 100644
--- a/src/daemon/sandbox/sandboxer/controller/client/grpc_sandboxer_client.cc
+++ b/src/daemon/sandbox/sandboxer/controller/client/grpc_sandboxer_client.cc
@@ -92,7 +92,6 @@ auto SandboxerClient::InitCreateRequest(sandbox_create_request &request,
(void)memcpy(request.options->value, encoded.c_str(), encoded.size());
request.options->value_len = encoded.size();
request.netns_path = util_strdup_s(params.netNSPath.c_str());
- sandbox_mount **mounts = NULL;
size_t mounts_len = params.mounts.size();
if (mounts_len > 0) {
request.rootfs = (sandbox_mount**)util_common_calloc_s(mounts_len * sizeof(sandbox_mount *));
@@ -112,7 +111,7 @@ auto SandboxerClient::InitCreateRequest(sandbox_create_request &request,
free(m);
return false;
}
- mounts[request.rootfs_len++] = m;
+ request.rootfs[request.rootfs_len++] = m;
m = NULL;
}
}
--
2.34.1

3021
0156-sandbox-sandbox-api-adapt-rust-interface-UT.patch Normal file
View File

File diff suppressed because it is too large Load Diff

80
0157-bugfix-for-nri-init.patch Normal file
View File

@ -0,0 +1,80 @@
From 08b996a54c6330e704cbc9271f348a62e24fe880 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Wed, 18 Dec 2024 22:43:26 +1400
Subject: [PATCH 157/158] bugfix for nri init
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
src/daemon/common/nri/nri_convert.cc | 7 ++++---
src/daemon/nri/nri_plugin_ops.cc | 28 +++++++++++++---------------
2 files changed, 17 insertions(+), 18 deletions(-)
diff --git a/src/daemon/common/nri/nri_convert.cc b/src/daemon/common/nri/nri_convert.cc
index d862d992..6e571d9a 100644
--- a/src/daemon/common/nri/nri_convert.cc
+++ b/src/daemon/common/nri/nri_convert.cc
@@ -196,7 +196,6 @@ auto PodSandboxToNRI(const std::shared_ptr<const sandbox::Sandbox> &sandbox, nri
pod._namespace = util_strdup_s(sandbox->GetSandboxConfig().metadata().namespace_().c_str());
}
-
pod.labels = Transform::ProtobufMapToJsonMapForString(sandbox->GetSandboxConfig().labels(), tmpError);
if (pod.labels == nullptr) {
ERROR("Failed to transform labels to nri for pod : %s, : %s", pod.name, tmpError.GetMessage().c_str());
@@ -971,9 +970,11 @@ auto ContainerToNRIByID(const std::string &id, nri_container &con) -> bool
goto out;
}
- con.pod_sandbox_id = util_strdup_s(cont->common_config->sandbox_info->id);
- ret = true;
+ if (cont->common_config->sandbox_info!= nullptr && cont->common_config->sandbox_info->id != nullptr) {
+ con.pod_sandbox_id = util_strdup_s(cont->common_config->sandbox_info->id);
+ }
+ ret = true;
out:
container_unref(cont);
return ret;
diff --git a/src/daemon/nri/nri_plugin_ops.cc b/src/daemon/nri/nri_plugin_ops.cc
index e2f88b63..7953f7de 100644
--- a/src/daemon/nri/nri_plugin_ops.cc
+++ b/src/daemon/nri/nri_plugin_ops.cc
@@ -42,22 +42,20 @@ bool nri_adaption_init(void)
{
Errors error;
- if (!conf_get_nri_support()) {
- return true;
- }
-
- nri_runtime_callbacks callbacks;
- callbacks.register_plugin = nri_registry_containers;
- callbacks.update_containers = nri_update_containers;
- if (nri_runtime_service_init(callbacks) != 0) {
- ERROR("Failed to init runtime service\n");
- return false;
- }
+ if (conf_get_nri_support()) {
+ nri_runtime_callbacks callbacks;
+ callbacks.register_plugin = nri_registry_containers;
+ callbacks.update_containers = nri_update_containers;
+ if (nri_runtime_service_init(callbacks) != 0) {
+ ERROR("Failed to init runtime service\n");
+ return false;
+ }
- if (conf_get_nri_external_support()) {
- if (!start_external_listener()) {
- ERROR("Failed to start external listener\n");
- goto clean_out;
+ if (conf_get_nri_external_support()) {
+ if (!start_external_listener()) {
+ ERROR("Failed to start external listener\n");
+ goto clean_out;
+ }
}
}
--
2.25.1

87
0158-Revert-move-nri-call-in-stop-and-remove-con.patch Normal file
View File

@ -0,0 +1,87 @@
From e160e82c1a7eff3c9cca9794a4db04508e9ffb05 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Wed, 18 Dec 2024 22:54:32 +1400
Subject: [PATCH 158/158] Revert "move nri call in stop and remove con"
This reverts commit db60c64138b45539fe70282c853ac2dae5954924.
---
src/daemon/common/cri/cri_helpers.cc | 18 ------------------
.../cri/v1/v1_cri_container_manager_service.cc | 14 ++++++++++++++
2 files changed, 14 insertions(+), 18 deletions(-)
diff --git a/src/daemon/common/cri/cri_helpers.cc b/src/daemon/common/cri/cri_helpers.cc
index aa8e3c19..a8cbd996 100644
--- a/src/daemon/common/cri/cri_helpers.cc
+++ b/src/daemon/common/cri/cri_helpers.cc
@@ -32,10 +32,6 @@
#include "isulad_config.h"
#include "sha256.h"
-#ifdef ENABLE_NRI
-#include "nri_adaption.h"
-#endif
-
namespace CRIHelpers {
const std::string Constants::POD_NETWORK_ANNOTATION_KEY { "network.alpha.kubernetes.io/network" };
const std::string Constants::CONTAINER_TYPE_LABEL_KEY { "cri.isulad.type" };
@@ -664,13 +660,6 @@ void RemoveContainerHelper(service_executor_t *cb, const std::string &containerI
goto cleanup;
}
-#ifdef ENABLE_NRI
- if (!NRIAdaptation::GetInstance()->RemoveContainer(containerID, error)) {
- ERROR("NRI RemoveContainer notification failed: %s", error.GetCMessage());
- }
- error.Clear();
-#endif
-
if (cb->container.remove(request, &response) != 0) {
if (response != nullptr && response->errmsg != nullptr) {
error.SetError(response->errmsg);
@@ -730,13 +719,6 @@ void StopContainerHelper(service_executor_t *cb, const std::string &containerID,
error.SetError(msg);
}
-#ifdef ENABLE_NRI
- if (!NRIAdaptation::GetInstance()->StopContainer(containerID, error)) {
- ERROR("NRI StopContainer notification failed: %s", error.GetCMessage());
- }
- error.Clear();
-#endif
-
free_container_stop_request(request);
free_container_stop_response(response);
}
diff --git a/src/daemon/entry/cri/v1/v1_cri_container_manager_service.cc b/src/daemon/entry/cri/v1/v1_cri_container_manager_service.cc
index b585b49c..1e84d14c 100644
--- a/src/daemon/entry/cri/v1/v1_cri_container_manager_service.cc
+++ b/src/daemon/entry/cri/v1/v1_cri_container_manager_service.cc
@@ -618,11 +618,25 @@ cleanup:
void ContainerManagerService::StopContainer(const std::string &containerID, int64_t timeout, Errors &error)
{
+#ifdef ENABLE_NRI
+ Errors nriErr;
+#endif
CRIHelpers::StopContainer(m_cb, containerID, timeout, error);
+#ifdef ENABLE_NRI
+ if (!NRIAdaptation::GetInstance()->StopContainer(containerID, nriErr)) {
+ ERROR("NRI StopContainer notification failed: %s", nriErr.GetCMessage());
+ }
+#endif
}
void ContainerManagerService::RemoveContainer(const std::string &containerID, Errors &error)
{
+#ifdef ENABLE_NRI
+ Errors nriErr;
+ if (!NRIAdaptation::GetInstance()->RemoveContainer(containerID, nriErr)) {
+ ERROR("NRI RemoveContainer notification failed: %s", nriErr.GetCMessage());
+ }
+#endif
CRIHelpers::RemoveContainer(m_cb, containerID, error);
if (error.NotEmpty()) {
WARN("Failed to remove container %s", containerID.c_str());
--
2.25.1

31
0159-bugfix-overwriting-when-i-is-len-1.patch Normal file
View File

@ -0,0 +1,31 @@
From 9006b2901cb17b5cf0fa3579334ddb765ac3fe11 Mon Sep 17 00:00:00 2001
From: liuxu <liuxu156@huawei.com>
Date: Mon, 25 Nov 2024 19:42:02 +0800
Subject: [PATCH 01/19] bugfix:overwriting when i is len-1
Signed-off-by: liuxu <liuxu156@huawei.com>
---
src/daemon/modules/spec/specs.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/src/daemon/modules/spec/specs.c b/src/daemon/modules/spec/specs.c
index 36e89343..67a47257 100644
--- a/src/daemon/modules/spec/specs.c
+++ b/src/daemon/modules/spec/specs.c
@@ -2779,8 +2779,11 @@ void spec_remove_mount(oci_runtime_spec *oci_spec, const char *dest)
for (i = 0; i < oci_spec->mounts_len; i++) {
if (strcmp(oci_spec->mounts[i]->destination, dest) == 0) {
free_defs_mount(oci_spec->mounts[i]);
- (void)memcpy((void **)&oci_spec->mounts[i], (void **)&oci_spec->mounts[i + 1],
- (oci_spec->mounts_len - i - 1) * sizeof(void *));
+ oci_spec->mounts[i] = NULL;
+ if (i != oci_spec->mounts_len - 1) {
+ (void)memcpy((void **)&oci_spec->mounts[i], (void **)&oci_spec->mounts[i + 1],
+ (oci_spec->mounts_len - i - 1) * sizeof(void *));
+ }
oci_spec->mounts_len--;
return;
}
--
2.23.0

25
0160-bug-fix-Isula-ps-not-display-N-A-when-ports-empty.patch Normal file
View File

@ -0,0 +1,25 @@
From f55efffaeb1f28ac4e4e1b60b820b2b4694067b4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E6=AD=A6=E7=A7=AF=E8=B6=85?= <wujichao1@huawei.com>
Date: Tue, 26 Nov 2024 20:29:29 +0800
Subject: [PATCH 02/19] bug fix: Isula ps not display N/A when ports empty
---
src/cmd/isula/information/ps.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/cmd/isula/information/ps.c b/src/cmd/isula/information/ps.c
index 6bdc157f..5f46ef22 100644
--- a/src/cmd/isula/information/ps.c
+++ b/src/cmd/isula/information/ps.c
@@ -332,7 +332,7 @@ static void print_basic_container_info_item(const struct isula_container_summary
} else if (strcmp(name, "Created") == 0) {
print_created_field(in->created, length->created_length);
} else if (strcmp(name, "Ports") == 0) {
- const char *ports = (in->ports != NULL ? in->ports : "N/A");
+ const char *ports = (in->ports != NULL ? in->ports : " ");
printf("%-*s", (int)length->ports_length, ports);
}
}
--
2.23.0

28
0161-bugfix-for-workdir-len-verify.patch Normal file
View File

@ -0,0 +1,28 @@
From 3c9d51bfdf0e71ac846946d746003139bf3a02c8 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Tue, 26 Nov 2024 23:46:52 +1400
Subject: [PATCH 03/19] bugfix for workdir len verify
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
src/daemon/modules/runtime/isula/isula_rt_ops.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/daemon/modules/runtime/isula/isula_rt_ops.c b/src/daemon/modules/runtime/isula/isula_rt_ops.c
index e628c3fe..22608e4c 100644
--- a/src/daemon/modules/runtime/isula/isula_rt_ops.c
+++ b/src/daemon/modules/runtime/isula/isula_rt_ops.c
@@ -786,8 +786,8 @@ static int shielded_output_check(const char *output, const char *workdir)
return 0;
}
- if (sizeof(chdir_pattern) > PATH_MAX - strlen("chdir ") - strlen(" failed")) {
- INFO("chdir_pattern is too long");
+ if (strlen(workdir) > PATH_MAX - strlen("chdir ") - strlen(" failed")) {
+ INFO("workdir is too long");
return -1;
}
--
2.23.0

115
0162-bugfix-fix-exec-detach-for-shim-v2.patch Normal file
View File

@ -0,0 +1,115 @@
From 6766ace88ac35f217b5e6b6ddab7c30e126a7956 Mon Sep 17 00:00:00 2001
From: liuxu <liuxu156@huawei.com>
Date: Tue, 26 Nov 2024 15:37:46 +0800
Subject: [PATCH 04/19] bugfix:fix exec --detach for shim v2
Signed-off-by: liuxu <liuxu156@huawei.com>
---
.../modules/runtime/isula/isula_rt_ops.c | 11 ++----
src/daemon/modules/runtime/runtime_common.h | 35 +++++++++++++++++++
src/daemon/modules/runtime/shim/shim_rt_ops.c | 4 ++-
3 files changed, 40 insertions(+), 10 deletions(-)
create mode 100644 src/daemon/modules/runtime/runtime_common.h
diff --git a/src/daemon/modules/runtime/isula/isula_rt_ops.c b/src/daemon/modules/runtime/isula/isula_rt_ops.c
index e628c3fe..11288310 100644
--- a/src/daemon/modules/runtime/isula/isula_rt_ops.c
+++ b/src/daemon/modules/runtime/isula/isula_rt_ops.c
@@ -56,6 +56,7 @@
#include "utils_file.h"
#include "console.h"
#include "shim_constants.h"
+#include "runtime_common.h"
#define SHIM_BINARY "isulad-shim"
#define RESIZE_FIFO_NAME "resize_fifo"
@@ -1393,14 +1394,6 @@ int rt_isula_rm(const char *id, const char *runtime, const rt_rm_params_t *param
return 0;
}
-static bool fg_exec(const rt_exec_params_t *params)
-{
- if (params->console_fifos[0] != NULL || params->console_fifos[1] != NULL || params->console_fifos[2] != NULL) {
- return true;
- }
- return false;
-}
-
static char *try_generate_random_id()
{
char *id = NULL;
@@ -1536,7 +1529,7 @@ int rt_isula_exec(const char *id, const char *runtime, const rt_exec_params_t *p
}
}
- args.fg = fg_exec(params);
+ args.fg = rt_fg_exec(params);
args.id = id;
args.workdir = workdir;
args.bundle = bundle;
diff --git a/src/daemon/modules/runtime/runtime_common.h b/src/daemon/modules/runtime/runtime_common.h
new file mode 100644
index 00000000..dde47110
--- /dev/null
+++ b/src/daemon/modules/runtime/runtime_common.h
@@ -0,0 +1,35 @@
+/******************************************************************************
+ * Copyright (c) Huawei Technologies Co., Ltd. 2024. All rights reserved.
+ * iSulad licensed under the Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ * http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+ * PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ * Author: liuxu
+ * Create: 2024-11-28
+ * Description: runtime common definition
+ ******************************************************************************/
+
+#ifndef DAEMON_MODULES_RUNTIME_COMMON_H
+#define DAEMON_MODULES_RUNTIME_COMMON_H
+
+#include "runtime_api.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+static inline bool rt_fg_exec(const rt_exec_params_t *params)
+{
+ return params->console_fifos[0] != NULL || params->console_fifos[1] != NULL || params->console_fifos[2] != NULL;
+}
+
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif // DAEMON_MODULES_RUNTIME_COMMON_H
diff --git a/src/daemon/modules/runtime/shim/shim_rt_ops.c b/src/daemon/modules/runtime/shim/shim_rt_ops.c
index fc4d8e3a..fce18ade 100644
--- a/src/daemon/modules/runtime/shim/shim_rt_ops.c
+++ b/src/daemon/modules/runtime/shim/shim_rt_ops.c
@@ -36,6 +36,7 @@
#include "shim_rt_monitor.h"
#include "supervisor.h"
#include "isulad_config.h"
+#include "runtime_common.h"
#define EXIT_SIGNAL_OFFSET_X 128
@@ -589,7 +590,8 @@ int rt_shim_exec(const char *id, const char *runtime, const rt_exec_params_t *pa
goto out;
}
- if (shim_v2_wait(id, params->suffix, exit_code) != 0) {
+ if (rt_fg_exec(params) &&
+ shim_v2_wait(id, params->suffix, exit_code) != 0) {
ERROR("%s: failed to wait exec process", id);
ret = -1;
goto out;
--
2.23.0

114
0163-image-layer-fix-code-style.patch Normal file
View File

@ -0,0 +1,114 @@
From 255fada49877e854690d628dc7832c3e459fd5aa Mon Sep 17 00:00:00 2001
From: liuxu <liuxu156@huawei.com>
Date: Thu, 5 Dec 2024 19:59:15 +0800
Subject: [PATCH 05/19] image layer:fix code style
Signed-off-by: liuxu <liuxu156@huawei.com>
---
.../modules/image/oci/storage/layer_store/layer.c | 9 +++++----
.../modules/image/oci/storage/layer_store/layer.h | 6 +++---
.../image/oci/storage/layer_store/layer_store.c | 11 ++++++-----
.../image/oci/storage/layer_store/layer_store.h | 5 +++--
4 files changed, 17 insertions(+), 14 deletions(-)
diff --git a/src/daemon/modules/image/oci/storage/layer_store/layer.c b/src/daemon/modules/image/oci/storage/layer_store/layer.c
index 4beb3d10..8fd9aa5b 100644
--- a/src/daemon/modules/image/oci/storage/layer_store/layer.c
+++ b/src/daemon/modules/image/oci/storage/layer_store/layer.c
@@ -15,16 +15,17 @@
#include "layer.h"
-#include <isula_libutils/json_common.h>
-#include <isula_libutils/storage_layer.h>
#include <stdlib.h>
#include <string.h>
+#include <isula_libutils/json_common.h>
+#include <isula_libutils/storage_layer.h>
+#include <isula_libutils/storage_mount_point.h>
+#include <isula_libutils/log.h>
+
#include "constants.h"
-#include "isula_libutils/storage_mount_point.h"
#include "util_atomic.h"
#include "utils.h"
-#include "isula_libutils/log.h"
#include "utils_file.h"
void free_layer_t(layer_t *ptr)
diff --git a/src/daemon/modules/image/oci/storage/layer_store/layer.h b/src/daemon/modules/image/oci/storage/layer_store/layer.h
index 9387efe0..94831ef4 100644
--- a/src/daemon/modules/image/oci/storage/layer_store/layer.h
+++ b/src/daemon/modules/image/oci/storage/layer_store/layer.h
@@ -20,9 +20,9 @@
#include <stdbool.h>
#include <stddef.h>
-#include "isula_libutils/storage_layer.h"
-#include "isula_libutils/storage_mount_point.h"
-#include "isula_libutils/log.h"
+#include <isula_libutils/storage_layer.h>
+#include <isula_libutils/storage_mount_point.h>
+#include <isula_libutils/log.h>
#ifdef __cplusplus
extern "C" {
diff --git a/src/daemon/modules/image/oci/storage/layer_store/layer_store.c b/src/daemon/modules/image/oci/storage/layer_store/layer_store.c
index 3ffe0ca7..bb2e7edc 100644
--- a/src/daemon/modules/image/oci/storage/layer_store/layer_store.c
+++ b/src/daemon/modules/image/oci/storage/layer_store/layer_store.c
@@ -19,6 +19,11 @@
#include <stdio.h>
#include <limits.h>
#include <dirent.h>
+#include <stdint.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/stat.h>
+
#include <isula_libutils/container_inspect.h>
#include <isula_libutils/storage_layer.h>
#include <isula_libutils/storage_mount_point.h>
@@ -26,10 +31,6 @@
#include <isula_libutils/log.h>
#include <isula_libutils/storage_entry.h>
#include <isula_libutils/go_crc64.h>
-#include <stdint.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/stat.h>
#include "util_archive.h"
#include "storage.h"
@@ -1709,7 +1710,7 @@ static int load_layers_from_json_files()
}
ret = 0;
- goto unlock_out;
+
unlock_out:
layer_store_unlock();
return ret;
diff --git a/src/daemon/modules/image/oci/storage/layer_store/layer_store.h b/src/daemon/modules/image/oci/storage/layer_store/layer_store.h
index eba406d4..a1b0857e 100644
--- a/src/daemon/modules/image/oci/storage/layer_store/layer_store.h
+++ b/src/daemon/modules/image/oci/storage/layer_store/layer_store.h
@@ -16,11 +16,12 @@
#define DAEMON_MODULES_IMAGE_OCI_STORAGE_LAYER_STORE_LAYER_STORE_H
#include <stdint.h>
-#include <isula_libutils/imagetool_fs_info.h>
-#include <isula_libutils/json_common.h>
#include <stdbool.h>
#include <stddef.h>
+#include <isula_libutils/imagetool_fs_info.h>
+#include <isula_libutils/json_common.h>
+
#include "storage.h"
#include "io_wrapper.h"
--
2.23.0

207
0164-image-store-add-UT.patch Normal file
View File

@ -0,0 +1,207 @@
From 2a3078132c461c45cba2932a75517314db06dcbd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E6=AD=A6=E7=A7=AF=E8=B6=85?= <wujichao1@huawei.com>
Date: Fri, 6 Dec 2024 16:32:03 +0800
Subject: [PATCH 06/19] image store: add UT
---
.../oci/storage/images/storage_images_ut.cc | 53 ++++++++++++++++++-
1 file changed, 51 insertions(+), 2 deletions(-)
diff --git a/test/image/oci/storage/images/storage_images_ut.cc b/test/image/oci/storage/images/storage_images_ut.cc
index 001090fe..ad0084d6 100644
--- a/test/image/oci/storage/images/storage_images_ut.cc
+++ b/test/image/oci/storage/images/storage_images_ut.cc
@@ -269,12 +269,21 @@ TEST_F(StorageImagesCompatibilityUnitTest, test_load_v1_image)
EXPECT_CALL(m_storage_mock, FreeLayerList(_)).WillRepeatedly(Invoke(invokeFreeLayerList));
opts.storage_root = strdup(store_real_path);
opts.driver_name = strdup("overlay");
+
+ std::string converted_image_id { "597fa49c3dbc5dd1e84120dd1906b65223afd479a7e094c085b580060c0fccec" };
+ ASSERT_FALSE(image_store_exists(converted_image_id.c_str())); // before init must false
+ ASSERT_EQ(image_store_delete(converted_image_id.c_str()), -1); // before init must false
+
ASSERT_EQ(image_store_init(&opts), 0);
+ // init twice will go to errror branch "Image store has already been initialized"
+ ASSERT_EQ(image_store_init(&opts), -1);
free(opts.storage_root);
free(opts.driver_name);
- std::string converted_image_id { "597fa49c3dbc5dd1e84120dd1906b65223afd479a7e094c085b580060c0fccec" };
ASSERT_TRUE(image_store_exists(converted_image_id.c_str()));
+ const char* null_id = NULL;
+ ASSERT_FALSE(image_store_exists(null_id));
ASSERT_EQ(image_store_delete(converted_image_id.c_str()), 0);
+ ASSERT_EQ(image_store_delete(null_id), -1);
}
class StorageImagesUnitTest : public testing::Test {
@@ -320,6 +329,8 @@ protected:
TEST_F(StorageImagesUnitTest, test_images_load)
{
+ const char* null_id = NULL;
+ ASSERT_EQ(image_store_get_image(null_id), nullptr);
auto image = image_store_get_image(ids.at(0).c_str());
ASSERT_NE(image, nullptr);
@@ -345,11 +356,17 @@ TEST_F(StorageImagesUnitTest, test_images_load)
char **names { nullptr };
size_t names_len { 0 };
+
+ ASSERT_EQ(image_store_big_data_names(null_id, &names, &names_len), -1);
ASSERT_EQ(image_store_big_data_names(ids.at(0).c_str(), &names, &names_len), 0);
ASSERT_EQ(names_len, 2);
ASSERT_STREQ(names[0], "sha256:39891ff67da98ab8540d71320915f33d2eb80ab42908e398472cab3c1ce7ac10");
ASSERT_STREQ(names[1], "manifest");
+ const char* null_name = NULL;
+ ASSERT_EQ(image_store_big_data_size(null_id, names[0]), -1);
+ ASSERT_EQ(image_store_big_data_size(ids.at(0).c_str(), null_name), -1);
+
ASSERT_EQ(image_store_big_data_size(ids.at(0).c_str(), names[0]), 2235);
ASSERT_EQ(image_store_big_data_size(ids.at(0).c_str(), names[1]), 741);
for (size_t i {}; i < names_len; ++i) {
@@ -418,7 +435,11 @@ TEST_F(StorageImagesUnitTest, test_image_store_create)
std::cout << buffer << std::endl;
std::string key = "sha256:" + std::string(created_image);
+ const char* null_key = NULL;
ASSERT_EQ(image_store_set_big_data(created_image, key.c_str(), buffer.c_str()), 0);
+ ASSERT_EQ(image_store_set_big_data(created_image, null_key, buffer.c_str()), -1);
+ const char* null_id = NULL;
+ ASSERT_EQ(image_store_set_big_data(null_id, key.c_str(), buffer.c_str()), -1);
std::string img_store_path = std::string(store_real_path) + "/overlay-images/";
ASSERT_TRUE(dirExists((img_store_path + id).c_str()));
@@ -440,10 +461,13 @@ TEST_F(StorageImagesUnitTest, test_image_store_create)
std::cout << "manifest :" << std::endl;
std::cout << manifest_content << std::endl;
+ ASSERT_EQ(image_store_big_data(null_id, "manifest"), nullptr);
+ ASSERT_EQ(image_store_big_data(id.c_str(), null_key), nullptr);
char *data = image_store_big_data(id.c_str(), "manifest");
ASSERT_STREQ(data, manifest_content.c_str());
free(data);
+ ASSERT_EQ(image_store_get_image(null_id), nullptr);
auto image = image_store_get_image(id.c_str());
ASSERT_NE(image, nullptr);
ASSERT_NE(image->created, nullptr);
@@ -476,16 +500,19 @@ TEST_F(StorageImagesUnitTest, test_image_store_create)
free_imagetool_image(image);
char *toplayer = nullptr;
+ ASSERT_EQ(image_store_top_layer(null_id), nullptr);
ASSERT_STREQ((toplayer = image_store_top_layer(id.c_str())),
"6194458b07fcf01f1483d96cd6c34302ffff7f382bb151a6d023c4e80ba3050a");
free(toplayer);
+ ASSERT_EQ(image_store_set_image_size(null_id, 1000), -1);
ASSERT_EQ(image_store_set_image_size(id.c_str(), 1000), 0);
image = image_store_get_image(id.c_str());
ASSERT_EQ(image->size, 1000);
free_imagetool_image(image);
+ ASSERT_EQ(image_store_add_name(null_id, "isula.org/library/test:latest"), -1);
ASSERT_EQ(image_store_add_name(id.c_str(), "isula.org/library/test:latest"), 0);
image = image_store_get_image(id.c_str());
ASSERT_EQ(image->repo_tags_len, 2);
@@ -497,6 +524,9 @@ TEST_F(StorageImagesUnitTest, test_image_store_create)
img_names = (char **)util_common_calloc_s(2 * sizeof(char *));
img_names[0] = util_strdup_s("busybox:latest");
img_names[1] = util_strdup_s("centos:3.0");
+ size_t names_len = 0;
+ ASSERT_EQ(image_store_set_names(null_id, (const char **)img_names, 2), -1);
+ ASSERT_EQ(image_store_set_names(id.c_str(), (const char **)img_names, names_len), -1);
ASSERT_EQ(image_store_set_names(id.c_str(), (const char **)img_names, 2), 0);
image = image_store_get_image(id.c_str());
ASSERT_EQ(image->repo_tags_len, 2);
@@ -505,13 +535,17 @@ TEST_F(StorageImagesUnitTest, test_image_store_create)
util_free_array_by_len(img_names, 2);
free_imagetool_image(image);
+ ASSERT_EQ(image_store_set_metadata(null_id, "{metadata}"), -1);
ASSERT_EQ(image_store_set_metadata(id.c_str(), "{metadata}"), 0);
char *manifest_val = nullptr;
+
+ ASSERT_EQ(image_store_metadata(null_id), nullptr);
ASSERT_STREQ((manifest_val = image_store_metadata(id.c_str())), "{metadata}");
free(manifest_val);
free(created_image);
+ ASSERT_EQ(image_store_delete(null_id), -1);
ASSERT_EQ(image_store_delete(id.c_str()), 0);
ASSERT_EQ(image_store_get_image(id.c_str()), nullptr);
ASSERT_FALSE(dirExists((img_store_path + id).c_str()));
@@ -530,6 +564,7 @@ TEST_F(StorageImagesUnitTest, test_image_store_create)
std::cout << cp_command << std::endl;
ASSERT_EQ(system(cp_command.c_str()), 0);
+ ASSERT_EQ(image_store_big_data_digest(random_id, null_key), nullptr);
char *digest = image_store_big_data_digest(random_id, "manifest");
ASSERT_STREQ(digest, "sha256:fdb7b1fccaaa535cb8211a194dd6314acc643f3a36d1a7d2b79c299a9173fa7e");
free(digest);
@@ -547,6 +582,8 @@ TEST_F(StorageImagesUnitTest, test_image_store_lookup)
std::string truncatedId { "e4db68de4ff27" };
std::string incorrectId { "4db68de4ff27" };
+ const char* null_id = NULL;
+ ASSERT_EQ(image_store_lookup(null_id), nullptr);
char *value = nullptr;
ASSERT_STREQ((value = image_store_lookup(name.c_str())), id.c_str());
free(value);
@@ -563,6 +600,8 @@ TEST_F(StorageImagesUnitTest, test_image_store_exists)
std::string truncatedId { "398" };
std::string incorrectId { "ff67da98ab8540d713209" };
+ const char* null_id = NULL;
+ ASSERT_FALSE(image_store_exists(null_id));
ASSERT_TRUE(image_store_exists(name.c_str()));
ASSERT_TRUE(image_store_exists(truncatedId.c_str()));
ASSERT_FALSE(image_store_exists(incorrectId.c_str()));
@@ -584,6 +623,7 @@ TEST_F(StorageImagesUnitTest, test_image_store_metadata)
TEST_F(StorageImagesUnitTest, test_image_store_get_all_images)
{
imagetool_images_list *images_list = nullptr;
+ ASSERT_EQ(image_store_get_all_images(images_list), -1);
images_list = (imagetool_images_list *)util_common_calloc_s(sizeof(imagetool_images_list));
ASSERT_NE(images_list, nullptr);
@@ -613,7 +653,12 @@ TEST_F(StorageImagesUnitTest, test_image_store_get_something)
ASSERT_EQ(image_store_get_images_number(), 2);
ASSERT_EQ(image_store_get_fs_info(fs_info), 0);
+ imagetool_fs_info *null_fs_info = nullptr;
+ ASSERT_EQ(image_store_get_fs_info(null_fs_info), -1);
+
ASSERT_EQ(image_store_get_names(ids.at(0).c_str(), &names, &names_len), 0);
+ const char* null_id = NULL;
+ ASSERT_EQ(image_store_get_names(null_id, &names, &names_len), -1);
ASSERT_EQ(names_len, 1);
ASSERT_STREQ(names[0], "imagehub.isulad.com/official/centos:latest");
@@ -632,7 +677,9 @@ TEST_F(StorageImagesUnitTest, test_image_store_delete)
ASSERT_FALSE(image_store_exists(elem.c_str()));
ASSERT_FALSE(dirExists((std::string(store_real_path) + "/overlay-images/" + elem).c_str()));
}
-
+ const char* null_id = NULL;
+ ASSERT_FALSE(image_store_exists(null_id));
+ ASSERT_EQ(image_store_delete(null_id), -1);
Restore();
}
@@ -646,6 +693,8 @@ TEST_F(StorageImagesUnitTest, test_image_store_remove_single_name)
}
ASSERT_EQ(image_store_add_name(ids.at(0).c_str(), "imagehub.isulad.com/official/busybox:latest"), 0);
+ const char* null_id = NULL;
+ ASSERT_EQ(image_store_add_name(null_id, "imagehub.isulad.com/official/busybox:latest"), -1);
Restore();
}
--
2.23.0

125
0165-bugfix-do-purge-container-when-do_start_container-fa.patch Normal file
View File

@ -0,0 +1,125 @@
From a6b8a2c04df21d940ce0d22128b776c00d460bba Mon Sep 17 00:00:00 2001
From: liuxu <liuxu156@huawei.com>
Date: Fri, 6 Dec 2024 10:39:22 +0800
Subject: [PATCH 07/19] bugfix:do purge container when do_start_container
failed
Signed-off-by: liuxu <liuxu156@huawei.com>
---
.../modules/container/restore/restore.c | 1 +
.../modules/container/supervisor/supervisor.c | 4 +--
.../modules/service/service_container.c | 25 ++++++++++++++++---
3 files changed, 23 insertions(+), 7 deletions(-)
diff --git a/src/daemon/modules/container/restore/restore.c b/src/daemon/modules/container/restore/restore.c
index 52f68d21..44ed14df 100644
--- a/src/daemon/modules/container/restore/restore.c
+++ b/src/daemon/modules/container/restore/restore.c
@@ -95,6 +95,7 @@ static int restore_supervisor(const container_t *cont)
if (container_supervisor_add_exit_monitor(exit_fifo_fd, exit_fifo, &pid_info, cont)) {
ERROR("Failed to add exit monitor to supervisor");
+ close(exit_fifo_fd);
ret = -1;
goto out;
}
diff --git a/src/daemon/modules/container/supervisor/supervisor.c b/src/daemon/modules/container/supervisor/supervisor.c
index 294783eb..f77f58d7 100644
--- a/src/daemon/modules/container/supervisor/supervisor.c
+++ b/src/daemon/modules/container/supervisor/supervisor.c
@@ -328,7 +328,6 @@ int container_supervisor_add_exit_monitor(int fd, const char *exit_fifo, const p
if (pid_info == NULL || cont == NULL || cont->common_config == NULL) {
ERROR("Invalid input arguments");
- close(fd);
return -1;
}
@@ -336,7 +335,6 @@ int container_supervisor_add_exit_monitor(int fd, const char *exit_fifo, const p
cgroup_path = merge_container_cgroups_path(cont->common_config->id, cont->hostconfig);
if (cgroup_path == NULL) {
ERROR("Failed to get cgroup path");
- close(fd);
return -1;
}
#endif
@@ -344,7 +342,6 @@ int container_supervisor_add_exit_monitor(int fd, const char *exit_fifo, const p
data = util_common_calloc_s(sizeof(struct supervisor_handler_data));
if (data == NULL) {
ERROR("Memory out");
- close(fd);
return -1;
}
@@ -385,6 +382,7 @@ int container_supervisor_add_exit_monitor(int fd, const char *exit_fifo, const p
goto out;
err:
+ data->fd = -1;
supervisor_handler_data_free(data);
#ifdef ENABLE_OOM_MONITOR
common_free_cgroup_oom_handler_info(oom_handler_info);
diff --git a/src/daemon/modules/service/service_container.c b/src/daemon/modules/service/service_container.c
index 8e80e936..250e8299 100644
--- a/src/daemon/modules/service/service_container.c
+++ b/src/daemon/modules/service/service_container.c
@@ -283,7 +283,6 @@ static int do_post_start_on_success(container_t *cont, int exit_fifo_fd,
{
int ret = 0;
- // exit_fifo_fd was closed in container_supervisor_add_exit_monitor
if (container_supervisor_add_exit_monitor(exit_fifo_fd, exit_fifo, pid_info, cont)) {
ERROR("Failed to add exit monitor to supervisor");
ret = -1;
@@ -936,7 +935,11 @@ static int do_start_container(container_t *cont, const char *console_fifos[], bo
if (runtime_create(id, runtime, &create_params) != 0) {
ret = -1;
+#ifdef ENABLE_CRI_API_V1
+ goto clean_prepare_container;
+#else
goto close_exit_fd;
+#endif
}
start_params.rootpath = cont->root_path;
@@ -959,19 +962,33 @@ static int do_start_container(container_t *cont, const char *console_fifos[], bo
if (do_post_start_on_success(cont, exit_fifo_fd, exit_fifo, pid_info) != 0) {
ERROR("Failed to do post start on runtime start success");
ret = -1;
- goto clean_resources;
+#ifdef ENABLE_CRI_API_V1
+ goto clean_prepare_container;
+#else
+ goto close_exit_fd;
+#endif
}
} else {
// wait monitor cleanup cgroup and processes finished
wait_exit_fifo(id, exit_fifo_fd);
+#ifdef ENABLE_CRI_API_V1
+ goto clean_prepare_container;
+#else
goto close_exit_fd;
+#endif
}
goto out;
+#ifdef ENABLE_CRI_API_V1
+clean_prepare_container:
+ if (cont->common_config->sandbox_info != NULL &&
+ sandbox_purge_container(cont->common_config) != 0) {
+ ERROR("Failed to remove container %s from sandbox", id);
+ }
+#endif
+
close_exit_fd:
close(exit_fifo_fd);
-
-clean_resources:
clean_resources_on_failure(cont, engine_log_path, loglevel);
out:
--
2.23.0

101
0166-supplementary-registry-design-documentation.patch Normal file
View File

File diff suppressed because one or more lines are too long

1167
0167-sandbox-del-shim_sandbox-and-change-sandbox-ops.patch Normal file
View File

File diff suppressed because it is too large Load Diff

348
0168-UT-del-shim_sandbox-and-change-sandbox-ops.patch Normal file
View File

@ -0,0 +1,348 @@
From 1e9031cc064f6980250287641e6b3311af755485 Mon Sep 17 00:00:00 2001
From: liuxu <liuxu156@huawei.com>
Date: Sat, 30 Nov 2024 09:50:33 +0800
Subject: [PATCH 02/11] UT: del shim_sandbox and change sandbox ops
Signed-off-by: liuxu <liuxu156@huawei.com>
---
test/mocks/sandbox_mock.cc | 26 ++++++++
test/mocks/sandbox_mock.h | 9 +++
test/mocks/sandboxer_sandbox_mock.cc | 35 +++++-----
test/mocks/sandboxer_sandbox_mock.h | 13 ++--
test/mocks/shim_sandbox_mock.cc | 72 ---------------------
test/mocks/shim_sandbox_mock.h | 43 ------------
test/sandbox/sandbox/CMakeLists.txt | 1 -
test/sandbox/sandbox/sandbox_ut.cc | 5 +-
test/sandbox/sandbox_manager/CMakeLists.txt | 1 -
9 files changed, 61 insertions(+), 144 deletions(-)
delete mode 100644 test/mocks/shim_sandbox_mock.cc
delete mode 100644 test/mocks/shim_sandbox_mock.h
diff --git a/test/mocks/sandbox_mock.cc b/test/mocks/sandbox_mock.cc
index 9db57a93..cce5a1b6 100644
--- a/test/mocks/sandbox_mock.cc
+++ b/test/mocks/sandbox_mock.cc
@@ -221,4 +221,30 @@ bool Sandbox::Remove(Errors &error)
}
return true;
}
+
+void Sandbox::LoadSandboxTasks() {}
+
+auto Sandbox::PrepareContainer(const char *containerId, const char *baseFs,
+ const oci_runtime_spec *ociSpec,
+ const char *consoleFifos[]) -> int
+{
+ return 0;
+}
+
+auto Sandbox::PrepareExec(const char *containerId, const char *execId,
+ defs_process *processSpec, const char *consoleFifos[]) -> int
+{
+ return 0;
+}
+
+auto Sandbox::PurgeContainer(const char *containerId) -> int
+{
+ return 0;
+}
+
+auto Sandbox::PurgeExec(const char *containerId, const char *execId) -> int
+{
+ return 0;
+}
+
}
\ No newline at end of file
diff --git a/test/mocks/sandbox_mock.h b/test/mocks/sandbox_mock.h
index 98f40ad2..4908bcd9 100644
--- a/test/mocks/sandbox_mock.h
+++ b/test/mocks/sandbox_mock.h
@@ -58,6 +58,15 @@ public:
MOCK_METHOD2(Stop, bool(uint32_t timeoutSecs, Errors &error));
MOCK_METHOD1(Remove, bool(Errors &error));
MOCK_METHOD1(Status, void(runtime::v1::PodSandboxStatus &status));
+
+ MOCK_METHOD0(LoadSandboxTasks, void());
+ MOCK_METHOD4(PrepareContainer, int(const char *containerId, const char *baseFs,
+ const oci_runtime_spec *ociSpec,
+ const char *consoleFifos[]));
+ MOCK_METHOD4(PrepareExec, int(const char *containerId, const char *execId,
+ defs_process *processSpec, const char *consoleFifos[]));
+ MOCK_METHOD1(PurgeContainer, int(const char *containerId));
+ MOCK_METHOD2(PurgeExec, int(const char *containerId, const char *execId));
};
void MockSandbox_SetMock(MockSandbox *mock);
diff --git a/test/mocks/sandboxer_sandbox_mock.cc b/test/mocks/sandboxer_sandbox_mock.cc
index cce58842..6ebe2820 100644
--- a/test/mocks/sandboxer_sandbox_mock.cc
+++ b/test/mocks/sandboxer_sandbox_mock.cc
@@ -33,40 +33,39 @@ void MockSandboxerSandbox_SetMock(MockSandboxerSandbox *mock)
void SandboxerSandbox::LoadSandboxTasks() {}
-auto SandboxerSandbox::SaveSandboxTasks() -> bool
+auto SandboxerSandbox::PrepareContainer(const char *containerId, const char *baseFs,
+ const oci_runtime_spec *ociSpec,
+ const char *consoleFifos[]) -> int
{
if (g_sandboxer_sandbox_mock != nullptr) {
- return g_sandboxer_sandbox_mock->SaveSandboxTasks();
+ return g_sandboxer_sandbox_mock->PrepareContainer(containerId, baseFs, ociSpec, consoleFifos);
}
- return true;
-}
+ return 0;
+}
-auto SandboxerSandbox::AddSandboxTasks(sandbox_task *task) -> bool
+auto SandboxerSandbox::PrepareExec(const char *containerId, const char *execId,
+ defs_process *processSpec, const char *consoleFifos[]) -> int
{
if (g_sandboxer_sandbox_mock != nullptr) {
- return g_sandboxer_sandbox_mock->AddSandboxTasks(task);
+ return g_sandboxer_sandbox_mock->PrepareExec(containerId, execId, processSpec, consoleFifos);
}
- return true;
-}
+ return 0;
+}
-auto SandboxerSandbox::GetAnySandboxTasks() -> std::string
+auto SandboxerSandbox::PurgeContainer(const char *containerId) -> int
{
if (g_sandboxer_sandbox_mock != nullptr) {
- return g_sandboxer_sandbox_mock->GetAnySandboxTasks();
+ return g_sandboxer_sandbox_mock->PurgeContainer(containerId);
}
- return std::string("Nothing for sandboxer.");
+ return 0;
}
-void SandboxerSandbox::DeleteSandboxTasks(const char *containerId) {}
-
-auto SandboxerSandbox::AddSandboxTasksProcess(const char *containerId, sandbox_process *processes) -> bool
+auto SandboxerSandbox::PurgeExec(const char *containerId, const char *execId) -> int
{
if (g_sandboxer_sandbox_mock != nullptr) {
- return g_sandboxer_sandbox_mock->AddSandboxTasksProcess(containerId, processes);
+ return g_sandboxer_sandbox_mock->PurgeExec(containerId, execId);
}
- return true;
+ return 0;
}
-void SandboxerSandbox::DeleteSandboxTasksProcess(const char *containerId, const char *execId) {}
-
}
\ No newline at end of file
diff --git a/test/mocks/sandboxer_sandbox_mock.h b/test/mocks/sandboxer_sandbox_mock.h
index 4f76e5fc..020fe4d6 100644
--- a/test/mocks/sandboxer_sandbox_mock.h
+++ b/test/mocks/sandboxer_sandbox_mock.h
@@ -28,12 +28,13 @@ public:
virtual ~MockSandboxerSandbox() = default;
MOCK_METHOD0(LoadSandboxTasks, void());
- MOCK_METHOD0(SaveSandboxTasks, bool());
- MOCK_METHOD1(AddSandboxTasks, bool(sandbox_task *task));
- MOCK_METHOD0(GetAnySandboxTasks, std::string());
- MOCK_METHOD1(DeleteSandboxTasks, void(const char *containerId));
- MOCK_METHOD2(AddSandboxTasksProcess, bool(const char *containerId, sandbox_process *processes));
- MOCK_METHOD2(DeleteSandboxTasksProcess, void(const char *containerId, const char *execId));
+ MOCK_METHOD4(PrepareContainer, int(const char *containerId, const char *baseFs,
+ const oci_runtime_spec *ociSpec,
+ const char *consoleFifos[]));
+ MOCK_METHOD4(PrepareExec, int(const char *containerId, const char *execId,
+ defs_process *processSpec, const char *consoleFifos[]));
+ MOCK_METHOD1(PurgeContainer, int(const char *containerId));
+ MOCK_METHOD2(PurgeExec, int(const char *containerId, const char *execId));
};
void MockSandboxerSandbox_SetMock(MockSandboxerSandbox *mock);
diff --git a/test/mocks/shim_sandbox_mock.cc b/test/mocks/shim_sandbox_mock.cc
deleted file mode 100644
index ccefb424..00000000
--- a/test/mocks/shim_sandbox_mock.cc
+++ /dev/null
@@ -1,72 +0,0 @@
-/******************************************************************************
- * Copyright (c) Huawei Technologies Co., Ltd. 2023. All rights reserved.
- * iSulad licensed under the Mulan PSL v2.
- * You can use this software according to the terms and conditions of the Mulan PSL v2.
- * You may obtain a copy of Mulan PSL v2 at:
- * http://license.coscl.org.cn/MulanPSL2
- * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
- * PURPOSE.
- * See the Mulan PSL v2 for more details.
- * Author: liuxu
- * Create: 2024-11-21
- * Description: provide sandbox mock
- ******************************************************************************/
-
-#include <gmock/gmock.h>
-#include "shim_sandbox_mock.h"
-
-namespace sandbox {
-MockShimSandbox *g_shim_sandbox_mock = nullptr;
-
-ShimSandbox::ShimSandbox(const std::string id, const std::string &rootdir, const std::string &statedir, const std::string name,
- const RuntimeInfo info, std::string netMode, std::string netNsPath, const runtime::v1::PodSandboxConfig sandboxConfig,
- std::string image):Sandbox(id, rootdir, statedir, name, info, netMode,
- netNsPath, sandboxConfig, image)
-{
-}
-
-void MockShimSandbox_SetMock(MockShimSandbox *mock)
-{
- g_shim_sandbox_mock = mock;
-}
-
-void ShimSandbox::LoadSandboxTasks() {}
-
-auto ShimSandbox::SaveSandboxTasks() -> bool
-{
- if (g_shim_sandbox_mock != nullptr) {
- return g_shim_sandbox_mock->SaveSandboxTasks();
- }
- return true;
-}
-
-auto ShimSandbox::AddSandboxTasks(sandbox_task *task) -> bool
-{
- if (g_shim_sandbox_mock != nullptr) {
- return g_shim_sandbox_mock->AddSandboxTasks(task);
- }
- return true;
-}
-
-auto ShimSandbox::GetAnySandboxTasks() -> std::string
-{
- if (g_shim_sandbox_mock != nullptr) {
- return g_shim_sandbox_mock->GetAnySandboxTasks();
- }
- return std::string("Nothing for shim.");
-}
-
-void ShimSandbox::DeleteSandboxTasks(const char *containerId) {}
-
-auto ShimSandbox::AddSandboxTasksProcess(const char *containerId, sandbox_process *processes) -> bool
-{
- if (g_shim_sandbox_mock != nullptr) {
- return g_shim_sandbox_mock->AddSandboxTasksProcess(containerId, processes);
- }
- return true;
-}
-
-void ShimSandbox::DeleteSandboxTasksProcess(const char *containerId, const char *execId) {}
-
-}
\ No newline at end of file
diff --git a/test/mocks/shim_sandbox_mock.h b/test/mocks/shim_sandbox_mock.h
deleted file mode 100644
index 1b16a4cc..00000000
--- a/test/mocks/shim_sandbox_mock.h
+++ /dev/null
@@ -1,43 +0,0 @@
-/******************************************************************************
- * Copyright (c) Huawei Technologies Co., Ltd. 2023. All rights reserved.
- * iSulad licensed under the Mulan PSL v2.
- * You can use this software according to the terms and conditions of the Mulan PSL v2.
- * You may obtain a copy of Mulan PSL v2 at:
- * http://license.coscl.org.cn/MulanPSL2
- * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
- * PURPOSE.
- * See the Mulan PSL v2 for more details.
- * Author: liuxu
- * Create: 2024-11-21
- * Description: provide sandbox mock
- ******************************************************************************/
-
-#ifndef _ISULAD_TEST_MOCKS_SHIM_SANDBOX_MOCK_H
-#define _ISULAD_TEST_MOCKS_SHIM_SANDBOX_MOCK_H
-
-#include <gmock/gmock.h>
-#include "sandbox_mock.h"
-#include "shim_sandbox.h"
-
-namespace sandbox {
-
-class MockShimSandbox : public MockSandbox {
-public:
- MockShimSandbox() = default;
- virtual ~MockShimSandbox() = default;
-
- MOCK_METHOD0(LoadSandboxTasks, void());
- MOCK_METHOD0(SaveSandboxTasks, bool());
- MOCK_METHOD1(AddSandboxTasks, bool(sandbox_task *task));
- MOCK_METHOD0(GetAnySandboxTasks, std::string());
- MOCK_METHOD1(DeleteSandboxTasks, void(const char *containerId));
- MOCK_METHOD2(AddSandboxTasksProcess, bool(const char *containerId, sandbox_process *processes));
- MOCK_METHOD2(DeleteSandboxTasksProcess, void(const char *containerId, const char *execId));
-};
-
-void MockShimSandbox_SetMock(MockShimSandbox *mock);
-
-}
-
-#endif
diff --git a/test/sandbox/sandbox/CMakeLists.txt b/test/sandbox/sandbox/CMakeLists.txt
index 9ee67033..6dd6c3ee 100644
--- a/test/sandbox/sandbox/CMakeLists.txt
+++ b/test/sandbox/sandbox/CMakeLists.txt
@@ -16,7 +16,6 @@ add_executable(${EXE}
${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/sandbox/sandbox_task.cc
${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/sandbox/controller_manager.cc
${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/sandbox/sandboxer/controller/sandboxer_controller.cc
- ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/sandbox/shim/shim_sandbox.cc
${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/common/id_name_manager.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/config/isulad_config.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../test/sandbox/controller/controller_common.cc
diff --git a/test/sandbox/sandbox/sandbox_ut.cc b/test/sandbox/sandbox/sandbox_ut.cc
index 192d46ef..dd84d8fb 100644
--- a/test/sandbox/sandbox/sandbox_ut.cc
+++ b/test/sandbox/sandbox/sandbox_ut.cc
@@ -16,7 +16,6 @@
#include <gtest/gtest.h>
#include "sandbox.h"
-#include "shim_sandbox.h"
namespace sandbox {
@@ -41,7 +40,7 @@ TEST_F(SandboxTest, TestDefaultGetters)
std::string name = "test";
RuntimeInfo info = {"runc", "shim", "kuasar"};
- auto sandbox = new ShimSandbox(id, rootdir, statedir, name, info);
+ auto sandbox = new Sandbox(id, rootdir, statedir, name, info);
ASSERT_NE(sandbox, nullptr);
ASSERT_EQ(sandbox->IsReady(), false);
@@ -67,7 +66,7 @@ TEST_F(SandboxTest, TestGettersAndSetters)
std::string statedir = "/test2/statedir";
std::string mode = "host";
- auto sandbox = new ShimSandbox(id, rootdir, statedir);
+ auto sandbox = new Sandbox(id, rootdir, statedir);
ASSERT_NE(sandbox, nullptr);
sandbox->SetNetMode(mode);
diff --git a/test/sandbox/sandbox_manager/CMakeLists.txt b/test/sandbox/sandbox_manager/CMakeLists.txt
index 9254263c..a7dd8c9d 100644
--- a/test/sandbox/sandbox_manager/CMakeLists.txt
+++ b/test/sandbox/sandbox_manager/CMakeLists.txt
@@ -12,7 +12,6 @@ add_executable(${EXE}
${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cpputils/read_write_lock.cc
${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cpputils/transform.cc
${CMAKE_CURRENT_SOURCE_DIR}/../../../test/mocks/sandbox_mock.cc
- ${CMAKE_CURRENT_SOURCE_DIR}/../../../test/mocks/shim_sandbox_mock.cc
${CMAKE_CURRENT_SOURCE_DIR}/../../../test/mocks/sandboxer_sandbox_mock.cc
${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/sandbox/sandbox_manager.cc
${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/common/id_name_manager.c
--
2.23.0

135
0169-add-image-storage-unit-test.patch Normal file
View File

@ -0,0 +1,135 @@
From 7dfa69162cd5ef01592808df555626a0688e6f4c Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Wed, 11 Dec 2024 19:09:20 +1400
Subject: [PATCH 03/11] add image storage unit test
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
.../oci/storage/image_store/image_store.c | 4 +-
test/image/oci/storage/images/CMakeLists.txt | 2 +
.../oci/storage/images/storage_images_ut.cc | 51 +++++++++++++++++++
3 files changed, 56 insertions(+), 1 deletion(-)
diff --git a/src/daemon/modules/image/oci/storage/image_store/image_store.c b/src/daemon/modules/image/oci/storage/image_store/image_store.c
index afe53764..71bf36e0 100644
--- a/src/daemon/modules/image/oci/storage/image_store/image_store.c
+++ b/src/daemon/modules/image/oci/storage/image_store/image_store.c
@@ -27,6 +27,8 @@
#include <pthread.h>
#include <stdlib.h>
+#include <isula_libutils/utils_macro.h>
+
#include "utils.h"
#include "utils_file.h"
#include "utils_images.h"
@@ -3004,7 +3006,7 @@ static int do_append_image(storage_image *im)
return 0;
}
-static void strip_host_prefix(char **name)
+STATIC void strip_host_prefix(char **name)
{
char *new_image_name = NULL;
diff --git a/test/image/oci/storage/images/CMakeLists.txt b/test/image/oci/storage/images/CMakeLists.txt
index 28e0b505..04e60a69 100644
--- a/test/image/oci/storage/images/CMakeLists.txt
+++ b/test/image/oci/storage/images/CMakeLists.txt
@@ -2,6 +2,8 @@ project(iSulad_UT)
SET(EXE storage_images_ut)
+add_definitions(-DUNIT_TEST=ON)
+
add_executable(${EXE}
${CMAKE_CURRENT_SOURCE_DIR}/../../../../../src/utils/cutils/utils.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../../../src/utils/cutils/utils_regex.c
diff --git a/test/image/oci/storage/images/storage_images_ut.cc b/test/image/oci/storage/images/storage_images_ut.cc
index ad0084d6..15da586e 100644
--- a/test/image/oci/storage/images/storage_images_ut.cc
+++ b/test/image/oci/storage/images/storage_images_ut.cc
@@ -46,6 +46,10 @@ using ::testing::AtLeast;
using ::testing::Invoke;
using ::testing::_;
+extern "C" {
+ void strip_host_prefix(char **name);
+}
+
std::string GetDirectory()
{
char abs_path[PATH_MAX] { 0x00 };
@@ -299,11 +303,13 @@ protected:
ASSERT_EQ(image_store_init(&opts), 0);
free(opts.storage_root);
free(opts.driver_name);
+ MockIsuladConf_SetMock(&m_isulad_conf);
}
void TearDown() override
{
image_store_free();
+ MockIsuladConf_SetMock(nullptr);
}
void BackUp()
@@ -325,6 +331,7 @@ protected:
std::vector<std::string> ids { "39891ff67da98ab8540d71320915f33d2eb80ab42908e398472cab3c1ce7ac10",
"e4db68de4ff27c2adfea0c54bbb73a61a42f5b667c326de4d7d5b19ab71c6a3b" };
char store_real_path[PATH_MAX] = { 0x00 };
+ NiceMock<MockIsuladConf> m_isulad_conf;
};
TEST_F(StorageImagesUnitTest, test_images_load)
@@ -714,3 +721,47 @@ TEST_F(StorageImagesUnitTest, test_image_store_remove_multi_name)
Restore();
}
+
+static isulad_daemon_constants *g_test_isulad_daemon_constants = NULL;
+
+isulad_daemon_constants *invoke_get_isulad_daemon_constants(void)
+{
+ g_test_isulad_daemon_constants = (isulad_daemon_constants *)util_common_calloc_s(sizeof(isulad_daemon_constants));
+ if (g_test_isulad_daemon_constants == NULL) {
+ return NULL;
+ }
+ g_test_isulad_daemon_constants->default_host = util_strdup_s("docker.io");
+
+ return g_test_isulad_daemon_constants;
+}
+
+TEST_F(StorageImagesUnitTest, test_strip_host_prefix)
+{
+ char *name = util_strdup_s("docker.io/test_image");
+ std::string test_name = "test_image";
+ std::string test_name_origin = "docker.io/test_image";
+ char *null_name = NULL;
+
+ strip_host_prefix(&name);
+ ASSERT_STREQ(name, test_name_origin.c_str());
+
+ EXPECT_CALL(m_isulad_conf, GetIsuladDaemonConstants()).WillRepeatedly(Invoke(invoke_get_isulad_daemon_constants));
+
+ strip_host_prefix(&name);
+ ASSERT_STREQ(name, test_name.c_str());
+
+ strip_host_prefix(&null_name);
+ ASSERT_EQ(null_name, nullptr);
+
+ free(name);
+ free_isulad_daemon_constants(g_test_isulad_daemon_constants);
+}
+
+#ifdef ENABLE_REMOTE_LAYER_STORE
+TEST_F(StorageImagesUnitTest, test_remote_layer_common)
+{
+ ASSERT_EQ(remote_append_image_by_directory_with_lock(NULL), -1);
+ ASSERT_EQ(remote_remove_image_from_memory_with_lock(NULL), -1);
+ ASSERT_EQ(remote_image_get_top_layer_from_json(NULL), nullptr);
+}
+#endif
--
2.23.0

165
0170-fix-some-bad-code.patch Normal file
View File

@ -0,0 +1,165 @@
From 0340a8248e8a4fb133ab3638679755d8590dafae Mon Sep 17 00:00:00 2001
From: xuxuepeng <xuxuepeng1@huawei.com>
Date: Wed, 11 Dec 2024 13:03:21 +0800
Subject: [PATCH 04/11] fix some bad code
Signed-off-by: xuxuepeng <xuxuepeng1@huawei.com>
---
.../storage/layer_store/graphdriver/driver.c | 19 +++++----------
.../graphdriver/overlay2/driver_overlay2.c | 24 ++++++++++++++-----
2 files changed, 24 insertions(+), 19 deletions(-)
diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/driver.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/driver.c
index 94235b80..99fd573c 100644
--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/driver.c
+++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/driver.c
@@ -121,36 +121,31 @@ static inline void driver_unlock()
int graphdriver_init(const struct storage_module_init_options *opts)
{
- int ret = 0;
size_t i = 0;
char driver_home[PATH_MAX] = { 0 };
if (opts == NULL || opts->storage_root == NULL || opts->driver_name == NULL) {
- ret = -1;
- goto out;
+ return -1;
}
int nret = snprintf(driver_home, PATH_MAX, "%s/%s", opts->storage_root, opts->driver_name);
if (nret < 0 || (size_t)nret >= PATH_MAX) {
ERROR("Sprintf graph driver path failed");
- ret = -1;
- goto out;
+ return -1;
}
for (i = 0; i < g_numdrivers; i++) {
if (strcmp(opts->driver_name, g_drivers[i].name) == 0) {
if (pthread_rwlock_init(&(g_drivers[i].rwlock), NULL) != 0) {
ERROR("Failed to init driver rwlock");
- ret = -1;
- goto out;
+ return -1;
}
#ifdef ENABLE_REMOTE_LAYER_STORE
g_drivers[i].enable_remote_layer = opts->enable_remote_layer;
#endif
if (g_drivers[i].ops->init(&g_drivers[i], driver_home, (const char **)opts->driver_opts,
opts->driver_opts_len) != 0) {
- ret = -1;
- goto out;
+ return -1;
}
g_graphdriver = &g_drivers[i];
break;
@@ -159,12 +154,10 @@ int graphdriver_init(const struct storage_module_init_options *opts)
if (i == g_numdrivers) {
ERROR("unsupported driver %s", opts->driver_name);
- ret = -1;
- goto out;
+ return -1;
}
-out:
- return ret;
+ return 0;
}
int graphdriver_create_rw(const char *id, const char *parent, struct driver_create_opts *create_opts)
diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c
index 6d45f463..cc24909a 100644
--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c
+++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c
@@ -64,6 +64,9 @@ struct io_read_wrapper;
#define QUOTA_SIZE_OPTION "overlay2.size"
#define QUOTA_BASESIZE_OPTIONS "overlay2.basesize"
+#define OVERRIDE_KERNELCHECK_OPTIONS "overlay2.override_kernel_check"
+#define SKIP_MOUNT_HOME_OPTIONS "overlay2.skip_mount_home"
+#define MOUNT_OPTIONS "overlay2.mountopt"
// MAX_LAYER_ID_LENGTH represents the number of random characters which can be used to create the unique link identifer
// for every layer. If this value is too long then the page size limit for the mount command may be exceeded.
// The idLength should be selected such that following equation is true (512 is a buffer for label metadata).
@@ -150,7 +153,7 @@ static int overlay2_parse_options(struct graphdriver *driver, const char **optio
goto out;
}
overlay_opts->default_quota = converted;
- } else if (strcasecmp(dup, "overlay2.override_kernel_check") == 0) {
+ } else if (strcasecmp(dup, OVERRIDE_KERNELCHECK_OPTIONS) == 0) {
bool converted_bool = 0;
ret = util_str_to_bool(val, &converted_bool);
if (ret != 0) {
@@ -160,7 +163,7 @@ static int overlay2_parse_options(struct graphdriver *driver, const char **optio
goto out;
}
overlay_opts->override_kernelcheck = converted_bool;
- } else if (strcasecmp(dup, "overlay2.skip_mount_home") == 0) {
+ } else if (strcasecmp(dup, SKIP_MOUNT_HOME_OPTIONS) == 0) {
bool converted_bool = 0;
ret = util_str_to_bool(val, &converted_bool);
if (ret != 0) {
@@ -170,7 +173,7 @@ static int overlay2_parse_options(struct graphdriver *driver, const char **optio
goto out;
}
overlay_opts->skip_mount_home = converted_bool;
- } else if (strcasecmp(dup, "overlay2.mountopt") == 0) {
+ } else if (strcasecmp(dup, MOUNT_OPTIONS) == 0) {
overlay_opts->mount_options = util_strdup_s(val);
} else {
ERROR("Overlay2: unknown option: '%s'", dup);
@@ -693,6 +696,10 @@ static char *get_lower(const char *parent, const char *driver_home)
goto out;
}
+ /*
+ * lower format: "l/5697636c0104156cb2bd94be25", so "/" and "\0" must be
+ * counted in the size for snprintf.
+ */
lower_len = strlen(OVERLAY_LINK_DIR) + 1 + strlen(parent_link) + 1;
parent_lower_file = util_path_join(parent_dir, OVERLAY_LAYER_LOWER);
@@ -707,6 +714,11 @@ static char *get_lower(const char *parent, const char *driver_home)
ERROR("parent lower %s too large", parent_link_file);
goto out;
}
+ /*
+ * with parent link, the lower format will be like
+ * "l/5697636c0104156cb2bd94be25:l/df53b618a57bb50a61755b5623",
+ * so ":" must be counted.
+ */
lower_len = lower_len + strlen(parent_lowers) + 1;
}
@@ -911,7 +923,7 @@ static int do_create_remote_ro(const char *id, const char *parent, const struct
#ifdef ENABLE_USERNS_REMAP
if (set_file_owner_for_userns_remap(layer_dir, userns_remap) != 0) {
ERROR("Unable to change directory %s owner for user remap.", layer_dir);
- goto out;
+ goto err_out;
}
#endif
@@ -977,7 +989,7 @@ static int do_create(const char *id, const char *parent, const struct graphdrive
if (set_file_owner_for_userns_remap(layer_dir, userns_remap) != 0) {
ERROR("Unable to change directory %s owner for user remap.", layer_dir);
ret = -1;
- goto out;
+ goto err_out;
}
#endif
@@ -1790,7 +1802,7 @@ out:
return ret;
}
-bool is_valid_layer_link(const char *link_id, const struct graphdriver *driver)
+static bool is_valid_layer_link(const char *link_id, const struct graphdriver *driver)
{
bool valid = false;
char *link_dir = NULL;
--
2.23.0

578
0171-registry-module-code-improve.patch Normal file
View File

@ -0,0 +1,578 @@
From 4f030e07e99dfe996897b69c9d950f3226363afe Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Wed, 11 Dec 2024 04:04:45 +1400
Subject: [PATCH 05/11] registry module code improve
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
src/daemon/modules/image/oci/oci_pull.c | 2 +-
.../modules/image/oci/registry/http_request.c | 30 +++-----
.../modules/image/oci/registry/registry.c | 74 +++++++++----------
.../image/oci/registry/registry_apiv1.c | 11 +--
.../image/oci/registry/registry_apiv2.c | 62 +++++-----------
5 files changed, 72 insertions(+), 107 deletions(-)
diff --git a/src/daemon/modules/image/oci/oci_pull.c b/src/daemon/modules/image/oci/oci_pull.c
index 1c486974..245d14fd 100644
--- a/src/daemon/modules/image/oci/oci_pull.c
+++ b/src/daemon/modules/image/oci/oci_pull.c
@@ -105,7 +105,7 @@ static int pull_image(const im_pull_request *request, progress_status_map *progr
options = (registry_pull_options *)util_common_calloc_s(sizeof(registry_pull_options));
if (options == NULL) {
ERROR("Out of memory");
- goto out;
+ return ret;
}
if (request->auth != NULL) {
diff --git a/src/daemon/modules/image/oci/registry/http_request.c b/src/daemon/modules/image/oci/registry/http_request.c
index 80fc2184..b9b29c39 100644
--- a/src/daemon/modules/image/oci/registry/http_request.c
+++ b/src/daemon/modules/image/oci/registry/http_request.c
@@ -16,9 +16,6 @@
#define _GNU_SOURCE /* See feature_test_macros(7) */
#include "http_request.h"
#include <curl/curl.h>
-#include <isula_libutils/json_common.h>
-#include <isula_libutils/log.h>
-#include <isula_libutils/registry_token.h>
#include <pthread.h>
#include <stdbool.h>
#include <stdio.h>
@@ -27,6 +24,10 @@
#include <strings.h>
#include <time.h>
+#include <isula_libutils/json_common.h>
+#include <isula_libutils/log.h>
+#include <isula_libutils/registry_token.h>
+
#include "buffer.h"
#include "certs.h"
#include "err_msg.h"
@@ -128,7 +129,6 @@ static int setup_ssl_config(pull_descriptor *desc, struct http_get_options *opti
options->ssl_verify_host = !desc->skip_tls_verify;
out:
-
free(host);
host = NULL;
@@ -437,16 +437,14 @@ static int setup_common_options(pull_descriptor *desc, struct http_get_options *
if (ret != 0) {
ERROR("Failed setup ssl config");
isulad_try_set_error_message("setup ssl config failed");
- ret = -1;
- goto out;
+ return -1;
}
if (custom_headers != NULL) {
options->custom_headers = util_str_array_dup(custom_headers, util_array_len(custom_headers));
if (options->custom_headers == NULL) {
ERROR("dup headers failed");
- ret = -1;
- goto out;
+ return -1;
}
}
@@ -454,14 +452,10 @@ static int setup_common_options(pull_descriptor *desc, struct http_get_options *
if (ret != 0) {
ERROR("setup auth challenges failed");
isulad_try_set_error_message("setup auth challenges failed");
- ret = -1;
- goto out;
+ return -1;
}
options->debug = false;
-
-out:
-
return ret;
}
@@ -478,21 +472,16 @@ static int setup_get_token_options(pull_descriptor *desc, struct http_get_option
ret = setup_ssl_config(desc, options, url);
if (ret != 0) {
ERROR("Failed setup ssl config");
- ret = -1;
- goto out;
+ return -1;
}
ret = setup_auth_basic(desc, &options->custom_headers);
if (ret != 0) {
ERROR("dup headers failed");
- ret = -1;
- goto out;
+ return -1;
}
options->debug = false;
-
-out:
-
return ret;
}
@@ -526,7 +515,6 @@ static int http_request_buf_options(pull_descriptor *desc, struct http_get_optio
*output = util_strdup_s(output_buffer->contents);
out:
-
buffer_free(output_buffer);
return ret;
diff --git a/src/daemon/modules/image/oci/registry/registry.c b/src/daemon/modules/image/oci/registry/registry.c
index 2e99255a..9a3b59a1 100644
--- a/src/daemon/modules/image/oci/registry/registry.c
+++ b/src/daemon/modules/image/oci/registry/registry.c
@@ -20,13 +20,21 @@
#include <string.h>
#include <limits.h>
#include <errno.h>
+#include <pthread.h>
+#include <stdlib.h>
+
#include <isula_libutils/docker_image_rootfs.h>
#include <isula_libutils/json_common.h>
#include <isula_libutils/oci_image_content_descriptor.h>
#include <isula_libutils/oci_image_manifest.h>
#include <isula_libutils/oci_image_spec.h>
-#include <pthread.h>
-#include <stdlib.h>
+#include <isula_libutils/registry_manifest_schema2.h>
+#include <isula_libutils/registry_manifest_schema1.h>
+#include <isula_libutils/docker_image_config_v2.h>
+#include <isula_libutils/image_manifest_v1_compatibility.h>
+#ifdef ENABLE_IMAGE_SEARCH
+#include <isula_libutils/image_search_image.h>
+#endif
#include "mediatype.h"
#include "isula_libutils/log.h"
@@ -35,13 +43,6 @@
#include "registry_apiv1.h"
#include "certs.h"
#include "auths.h"
-#include "isula_libutils/registry_manifest_schema2.h"
-#include "isula_libutils/registry_manifest_schema1.h"
-#include "isula_libutils/docker_image_config_v2.h"
-#include "isula_libutils/image_manifest_v1_compatibility.h"
-#ifdef ENABLE_IMAGE_SEARCH
-#include "isula_libutils/image_search_image.h"
-#endif
#include "sha256.h"
#include "map.h"
#include "linked_list.h"
@@ -536,7 +537,6 @@ static char *calc_chain_id(char *parent_chain_id, char *diff_id)
full_digest = util_full_digest(digest);
out:
-
free(digest);
digest = NULL;
@@ -797,7 +797,6 @@ static int set_config(pull_descriptor *desc, char *image_id)
}
out:
-
free(config_str);
config_str = NULL;
@@ -812,17 +811,15 @@ static int set_loaded_time(pull_descriptor *desc, char *image_id)
if (!util_get_now_time_stamp(&now)) {
ret = -1;
ERROR("get now time stamp failed");
- goto out;
+ return ret;
}
ret = storage_img_set_loaded_time(image_id, &now);
if (ret != 0) {
ERROR("set loaded time failed");
- goto out;
+ return ret;
}
-out:
-
return ret;
}
@@ -984,7 +981,6 @@ static int parse_docker_config(pull_descriptor *desc)
desc->config.create_time = util_to_timestamp_from_str(config->created);
out:
-
free_docker_image_config_v2(config);
config = NULL;
free(err);
@@ -1084,17 +1080,15 @@ static int fetch_and_parse_config(pull_descriptor *desc)
ret = fetch_config(desc);
if (ret != 0) {
ERROR("fetch config failed");
- goto out;
+ return ret;
}
ret = parse_config(desc);
if (ret != 0) {
ERROR("parse config failed");
- goto out;
+ return ret;
}
-out:
-
return ret;
}
@@ -1110,17 +1104,15 @@ static int fetch_and_parse_manifest(pull_descriptor *desc)
ret = fetch_manifest(desc);
if (ret != 0) {
ERROR("fetch manifest failed");
- goto out;
+ return ret;
}
ret = parse_manifest(desc);
if (ret != 0) {
ERROR("parse manifest failed");
- goto out;
+ return ret;
}
-out:
-
return ret;
}
@@ -2116,6 +2108,26 @@ static void cached_layers_kvfree(void *key, void *value)
return;
}
+static void free_registry_global(registry_global *registry)
+{
+ if (registry == NULL) {
+ return;
+ }
+
+ if (registry->cond_inited) {
+ pthread_cond_destroy(&registry->cond);
+ }
+ if (registry->mutex_inited) {
+ pthread_mutex_destroy(&registry->mutex);
+ }
+ if (registry->image_mutex_inited) {
+ pthread_mutex_destroy(&registry->image_mutex);
+ }
+ map_free(registry->cached_layers);
+ registry->cached_layers = NULL;
+ free(registry);
+}
+
int registry_init(char *auths_dir, char *certs_dir)
{
int ret = 0;
@@ -2160,18 +2172,7 @@ int registry_init(char *auths_dir, char *certs_dir)
out:
if (ret != 0) {
- if (g_shared->cond_inited) {
- pthread_cond_destroy(&g_shared->cond);
- }
- if (g_shared->mutex_inited) {
- pthread_mutex_destroy(&g_shared->mutex);
- }
- if (g_shared->image_mutex_inited) {
- pthread_mutex_destroy(&g_shared->image_mutex);
- }
- map_free(g_shared->cached_layers);
- g_shared->cached_layers = NULL;
- free(g_shared);
+ free_registry_global(g_shared);
g_shared = NULL;
}
@@ -2221,7 +2222,6 @@ int registry_login(registry_login_options *options)
}
out:
-
free_pull_desc(desc);
desc = NULL;
diff --git a/src/daemon/modules/image/oci/registry/registry_apiv1.c b/src/daemon/modules/image/oci/registry/registry_apiv1.c
index 6da24c1d..d45f3876 100644
--- a/src/daemon/modules/image/oci/registry/registry_apiv1.c
+++ b/src/daemon/modules/image/oci/registry/registry_apiv1.c
@@ -18,12 +18,16 @@
#include <stdio.h>
#include <string.h>
#include <limits.h>
-#include <isula_libutils/http_parser.h>
-#include <isula_libutils/json_common.h>
#include <stdbool.h>
#include <stdlib.h>
#include <strings.h>
+#include <isula_libutils/http_parser.h>
+#include <isula_libutils/json_common.h>
+#include <isula_libutils/oci_image_index.h>
+#include <isula_libutils/registry_manifest_list.h>
+#include <isula_libutils/imagetool_search_result.h>
+
#include "registry_type.h"
#include "isula_libutils/log.h"
#include "http.h"
@@ -31,9 +35,6 @@
#include "utils.h"
#include "parser.h"
#include "mediatype.h"
-#include "isula_libutils/oci_image_index.h"
-#include "isula_libutils/registry_manifest_list.h"
-#include "isula_libutils/imagetool_search_result.h"
#include "auths.h"
#include "err_msg.h"
#include "sha256.h"
diff --git a/src/daemon/modules/image/oci/registry/registry_apiv2.c b/src/daemon/modules/image/oci/registry/registry_apiv2.c
index dd49fab7..5d83b425 100644
--- a/src/daemon/modules/image/oci/registry/registry_apiv2.c
+++ b/src/daemon/modules/image/oci/registry/registry_apiv2.c
@@ -18,12 +18,15 @@
#include <stdio.h>
#include <string.h>
#include <limits.h>
-#include <isula_libutils/http_parser.h>
-#include <isula_libutils/json_common.h>
#include <stdbool.h>
#include <stdlib.h>
#include <strings.h>
+#include <isula_libutils/http_parser.h>
+#include <isula_libutils/json_common.h>
+#include <isula_libutils/oci_image_index.h>
+#include <isula_libutils/registry_manifest_list.h>
+
#include "registry_type.h"
#include "isula_libutils/log.h"
#include "http.h"
@@ -31,8 +34,6 @@
#include "utils.h"
#include "parser.h"
#include "mediatype.h"
-#include "isula_libutils/oci_image_index.h"
-#include "isula_libutils/registry_manifest_list.h"
#include "auths.h"
#include "err_msg.h"
#include "sha256.h"
@@ -60,7 +61,6 @@ static void set_body_null_if_exist(char *message)
static int parse_http_header(char *resp_buf, size_t buf_size, struct parsed_http_message *message)
{
char *real_message = NULL;
- int ret = 0;
if (resp_buf == NULL || message == NULL) {
ERROR("Invalid NULL param");
@@ -70,8 +70,7 @@ static int parse_http_header(char *resp_buf, size_t buf_size, struct parsed_http
real_message = strstr(resp_buf, "HTTP/1.1");
if (real_message == NULL) {
ERROR("Failed to parse response, the response do not have HTTP/1.1");
- ret = -1;
- goto out;
+ return -1;
}
set_body_null_if_exist(real_message);
@@ -79,13 +78,10 @@ static int parse_http_header(char *resp_buf, size_t buf_size, struct parsed_http
ret = parse_http(real_message, strlen(real_message), message, HTTP_RESPONSE);
if (ret != 0) {
ERROR("Failed to parse response: %s", real_message);
- ret = -1;
- goto out;
+ return -1;
}
-out:
-
- return ret;
+ return 0;
}
static int parse_challenges(pull_descriptor *desc, char *schema, char *params)
@@ -225,7 +221,6 @@ static void free_parsed_http_message(struct parsed_http_message **message)
(*message)->body = NULL;
free(*message);
*message = NULL;
- return;
}
static struct parsed_http_message *get_parsed_message(char *http_head)
@@ -386,7 +381,7 @@ static int registry_ping(pull_descriptor *desc)
ret = registry_pingv2(desc, "https");
if (ret == 0) {
desc->protocol = util_strdup_s("https");
- goto out;
+ return ret;
}
if (desc->insecure_registry) {
@@ -396,15 +391,13 @@ static int registry_ping(pull_descriptor *desc)
ret = registry_pingv2(desc, "http");
if (ret != 0) {
ERROR("ping %s with http failed", desc->host);
- goto out;
+ return ret;
}
desc->protocol = util_strdup_s("http");
} else {
ERROR("ping %s with https failed", desc->host);
}
-out:
-
return ret;
}
@@ -552,7 +545,6 @@ static int parse_manifest_head(char *http_head, char **content_type, char **dige
}
out:
-
if (ret != 0) {
free(*content_type);
*content_type = NULL;
@@ -584,19 +576,16 @@ static int append_manifests_accepts(char ***custom_headers)
sret = snprintf(accept, MAX_ACCEPT_LEN, "Accept: %s", mediatypes[i]);
if (sret < 0 || (size_t)sret >= MAX_ACCEPT_LEN) {
ERROR("Failed to sprintf accept media type %s", mediatypes[i]);
- ret = -1;
- goto out;
+ return -1;
}
ret = util_array_append(custom_headers, accept);
if (ret != 0) {
ERROR("append accepts failed");
- goto out;
+ return ret;
}
}
-out:
-
return ret;
}
@@ -703,7 +692,6 @@ static int fetch_manifest_list(pull_descriptor *desc, char *file, char **content
}
out:
-
free(http_head);
http_head = NULL;
util_free_array(custom_headers);
@@ -727,7 +715,6 @@ static void try_log_resp_body(char *path, char *file)
ERROR("Get %s response message body: %s", path, body);
}
free(body);
- return;
}
static int fetch_data(pull_descriptor *desc, char *path, char *file, char *content_type, char *digest)
@@ -1009,25 +996,22 @@ static int fetch_manifest_data(pull_descriptor *desc, char *file, char **content
ERROR("select manifest failed, manifests:%s", manifest_text);
free(manifest_text);
manifest_text = NULL;
- goto out;
+ return ret;
}
sret = snprintf(path, sizeof(path), "/v2/%s/manifests/%s", desc->name, *digest);
if (sret < 0 || (size_t)sret >= sizeof(path)) {
ERROR("Failed to sprintf path for manifest");
- ret = -1;
- goto out;
+ return -1;
}
ret = fetch_data(desc, path, file, *content_type, *digest);
if (ret != 0) {
ERROR("registry: Get %s failed", path);
- goto out;
+ return ret;
}
}
-out:
-
return ret;
}
@@ -1096,20 +1080,17 @@ int fetch_config(pull_descriptor *desc)
sret = snprintf(path, sizeof(path), "/v2/%s/blobs/%s", desc->name, desc->config.digest);
if (sret < 0 || (size_t)sret >= sizeof(path)) {
ERROR("Failed to sprintf path for config");
- ret = -1;
- goto out;
+ return -1;
}
ret = fetch_data(desc, path, file, desc->config.media_type, desc->config.digest);
if (ret != 0) {
ERROR("registry: Get %s failed", path);
- goto out;
+ return ret;
}
desc->config.file = util_strdup_s(file);
-out:
-
return ret;
}
@@ -1141,18 +1122,15 @@ int fetch_layer(pull_descriptor *desc, size_t index)
sret = snprintf(path, sizeof(path), "/v2/%s/blobs/%s", desc->name, layer->digest);
if (sret < 0 || (size_t)sret >= sizeof(path)) {
ERROR("Failed to sprintf path for layer %zu, name %s, digest %s", index, desc->name, layer->digest);
- ret = -1;
- goto out;
+ return -1;
}
ret = fetch_data(desc, path, file, layer->media_type, layer->digest);
if (ret != 0) {
ERROR("registry: Get %s failed", path);
- goto out;
+ return ret;
}
-out:
-
return ret;
}
@@ -1185,7 +1163,6 @@ int parse_login(char *http_head, char *host)
}
out:
-
free_parsed_http_message(&message);
return ret;
@@ -1230,7 +1207,6 @@ int login_to_registry(pull_descriptor *desc)
goto out;
}
out:
-
free(resp_buffer);
resp_buffer = NULL;
--
2.23.0

147
0172-image-store-fix-code-style.patch Normal file
View File

@ -0,0 +1,147 @@
From 02a8be62cc7c1a492be5c9bc1fdf816b7d223b96 Mon Sep 17 00:00:00 2001
From: zhongjiawei <zhongjiawei1@huawei.com>
Date: Wed, 11 Dec 2024 15:48:55 +0800
Subject: [PATCH 06/11] image store:fix code style
---
.../oci/storage/image_store/image_store.c | 29 +++++++++----------
.../oci/storage/image_store/image_store.h | 9 +++---
.../oci/storage/image_store/image_type.c | 6 ++--
.../oci/storage/image_store/image_type.h | 6 ++--
4 files changed, 25 insertions(+), 25 deletions(-)
diff --git a/src/daemon/modules/image/oci/storage/image_store/image_store.c b/src/daemon/modules/image/oci/storage/image_store/image_store.c
index 71bf36e0..1909e7f7 100644
--- a/src/daemon/modules/image/oci/storage/image_store/image_store.c
+++ b/src/daemon/modules/image/oci/storage/image_store/image_store.c
@@ -19,33 +19,34 @@
#include <stdio.h>
#include <string.h>
#include <sha256.h>
+#include <limits.h>
+#include <pthread.h>
+#include <stdlib.h>
+
+#include <isula_libutils/defs.h>
+#include <isula_libutils/log.h>
#include <isula_libutils/storage_image.h>
#include <isula_libutils/imagetool_images_list.h>
#include <isula_libutils/json_common.h>
#include <isula_libutils/auto_cleanup.h>
-#include <limits.h>
-#include <pthread.h>
-#include <stdlib.h>
+#include <isula_libutils/imagetool_image.h>
+#include <isula_libutils/imagetool_image_summary.h>
+#include <isula_libutils/registry_manifest_schema1.h>
+#include <isula_libutils/registry_manifest_schema2.h>
+#include <isula_libutils/oci_image_manifest.h>
+#include <isula_libutils/image_manifest_v1_compatibility.h>
#include <isula_libutils/utils_macro.h>
#include "utils.h"
#include "utils_file.h"
#include "utils_images.h"
-#include "isula_libutils/log.h"
#include "constants.h"
#include "utils_array.h"
#include "utils_string.h"
#include "utils_regex.h"
-#include "isula_libutils/defs.h"
#include "map.h"
#include "utils_convert.h"
-#include "isula_libutils/imagetool_image.h"
-#include "isula_libutils/imagetool_image_summary.h"
-#include "isula_libutils/registry_manifest_schema1.h"
-#include "isula_libutils/registry_manifest_schema2.h"
-#include "isula_libutils/oci_image_manifest.h"
-#include "isula_libutils/image_manifest_v1_compatibility.h"
#include "registry_type.h"
#include "mediatype.h"
#include "storage.h"
@@ -1361,8 +1362,7 @@ int image_store_set_big_data(const char *id, const char *key, const char *data)
if (!image_store_lock(EXCLUSIVE)) {
ERROR("Failed to lock image store with exclusive lock, not allowed to change image big data assignments");
- ret = -1;
- goto out;
+ return -1;
}
img = lookup(id);
@@ -1648,8 +1648,7 @@ int image_store_get_names(const char *id, char ***names, size_t *names_len)
if (!image_store_lock(SHARED)) {
ERROR("Failed to lock image store with shared lock, not allowed to get image names assignments");
- ret = -1;
- goto out;
+ return -1;
}
img = lookup(id);
diff --git a/src/daemon/modules/image/oci/storage/image_store/image_store.h b/src/daemon/modules/image/oci/storage/image_store/image_store.h
index 4544f84b..82bc1696 100644
--- a/src/daemon/modules/image/oci/storage/image_store/image_store.h
+++ b/src/daemon/modules/image/oci/storage/image_store/image_store.h
@@ -18,16 +18,17 @@
#include <stdbool.h>
#include <string.h>
#include <pthread.h>
-#include <isula_libutils/imagetool_fs_info.h>
#include <stdint.h>
+#include <isula_libutils/imagetool_fs_info.h>
+#include <isula_libutils/imagetool_image.h>
+#include <isula_libutils/imagetool_images_list.h>
+#include <isula_libutils/imagetool_image_summary.h>
+
#include "storage.h"
#include "utils_timestamp.h"
#include "map.h"
#include "linked_list.h"
-#include "isula_libutils/imagetool_image.h"
-#include "isula_libutils/imagetool_images_list.h"
-#include "isula_libutils/imagetool_image_summary.h"
#ifdef __cplusplus
extern "C" {
diff --git a/src/daemon/modules/image/oci/storage/image_store/image_type.c b/src/daemon/modules/image/oci/storage/image_store/image_type.c
index 50a81db2..67421cd6 100644
--- a/src/daemon/modules/image/oci/storage/image_store/image_type.c
+++ b/src/daemon/modules/image/oci/storage/image_store/image_type.c
@@ -19,11 +19,11 @@
#include <stdlib.h>
#include <stdio.h>
-#include "isula_libutils/storage_image.h"
+#include <isula_libutils/storage_image.h>
+#include <isula_libutils/log.h>
+
#include "util_atomic.h"
#include "utils.h"
-#include "isula_libutils/log.h"
-
#include "utils_images.h"
static image_t *create_empty_image()
diff --git a/src/daemon/modules/image/oci/storage/image_store/image_type.h b/src/daemon/modules/image/oci/storage/image_store/image_type.h
index d8376644..bbf7a7dc 100644
--- a/src/daemon/modules/image/oci/storage/image_store/image_type.h
+++ b/src/daemon/modules/image/oci/storage/image_store/image_type.h
@@ -19,9 +19,9 @@
#include <stdint.h>
#include <pthread.h>
-#include "isula_libutils/storage_image.h"
-#include "isula_libutils/log.h"
-#include "isula_libutils/oci_image_spec.h"
+#include <isula_libutils/storage_image.h>
+#include <isula_libutils/log.h>
+#include <isula_libutils/oci_image_spec.h>
#ifdef __cplusplus
extern "C" {
--
2.23.0

64
0173-bugfix-mem-leak.patch Normal file
View File

@ -0,0 +1,64 @@
From 3144357f7c735e24af180b9352378618ce8b2368 Mon Sep 17 00:00:00 2001
From: liuxu <liuxu156@huawei.com>
Date: Wed, 11 Dec 2024 11:32:06 +0800
Subject: [PATCH 07/11] bugfix: mem leak
Signed-off-by: liuxu <liuxu156@huawei.com>
---
src/daemon/executor/container_cb/execution_network.c | 2 ++
src/daemon/modules/service/inspect_container.c | 2 ++
src/utils/cutils/utils.c | 9 ++++++++-
3 files changed, 12 insertions(+), 1 deletion(-)
diff --git a/src/daemon/executor/container_cb/execution_network.c b/src/daemon/executor/container_cb/execution_network.c
index a145e33a..8e34998c 100644
--- a/src/daemon/executor/container_cb/execution_network.c
+++ b/src/daemon/executor/container_cb/execution_network.c
@@ -1213,6 +1213,8 @@ static int generate_network_element(const char **bridges, const size_t len, defs
defs_map_string_object_networks_element *), len);
if (networks->values == NULL) {
ERROR("Out of memory ");
+ free(networks->keys);
+ networks->keys = NULL;
return -1;
}
diff --git a/src/daemon/modules/service/inspect_container.c b/src/daemon/modules/service/inspect_container.c
index 40cf7aa1..ca3955c6 100644
--- a/src/daemon/modules/service/inspect_container.c
+++ b/src/daemon/modules/service/inspect_container.c
@@ -629,6 +629,8 @@ static int do_transform_cni_to_map(container_network_settings *settings)
util_smart_calloc_s(sizeof(defs_map_string_object_port_bindings_element *), settings->cni_ports_len);
if (result->values == NULL) {
ERROR("Out of memory");
+ free(result->keys);
+ result->keys = NULL;
ret = -1;
goto out;
}
diff --git a/src/utils/cutils/utils.c b/src/utils/cutils/utils.c
index 69f6dbf0..cf207acc 100644
--- a/src/utils/cutils/utils.c
+++ b/src/utils/cutils/utils.c
@@ -1609,10 +1609,17 @@ defs_map_string_object *dup_map_string_empty_object(defs_map_string_object *src)
}
dst->keys = util_smart_calloc_s(sizeof(char *), src->len);
+ if (dst->keys == NULL) {
+ ERROR("Out of memory");
+ ret = -1;
+ goto out;
+ }
dst->values = util_smart_calloc_s(sizeof(defs_map_string_object_element *), src->len);
- if (dst->keys == NULL || dst->values == NULL) {
+ if (dst->values == NULL) {
ERROR("Out of memory");
ret = -1;
+ free(dst->keys);
+ dst->keys = NULL;
goto out;
}
--
2.23.0

25
0174-bugfix-for-parse_http_header.patch Normal file
View File

@ -0,0 +1,25 @@
From 7a3d70dba97facedf1394e65a80f7cc12be8273c Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Wed, 18 Dec 2024 16:37:33 +1400
Subject: [PATCH 08/11] bugfix for parse_http_header
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
src/daemon/modules/image/oci/registry/registry_apiv2.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/daemon/modules/image/oci/registry/registry_apiv2.c b/src/daemon/modules/image/oci/registry/registry_apiv2.c
index 5d83b425..7f33646d 100644
--- a/src/daemon/modules/image/oci/registry/registry_apiv2.c
+++ b/src/daemon/modules/image/oci/registry/registry_apiv2.c
@@ -61,6 +61,7 @@ static void set_body_null_if_exist(char *message)
static int parse_http_header(char *resp_buf, size_t buf_size, struct parsed_http_message *message)
{
char *real_message = NULL;
+ int ret = 0;
if (resp_buf == NULL || message == NULL) {
ERROR("Invalid NULL param");
--
2.23.0

244
0175-add-layer-storage-ut-test.patch Normal file
View File

@ -0,0 +1,244 @@
From 96ce67b474de6d6cff1a87cd652ff00dafda7d6e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E6=AD=A6=E7=A7=AF=E8=B6=85?= <wujichao1@huawei.com>
Date: Tue, 24 Dec 2024 19:39:26 +0800
Subject: [PATCH 11/11] add layer storage ut test
---
test/image/oci/storage/layers/CMakeLists.txt | 1 +
.../oci/storage/layers/storage_layers_ut.cc | 166 +++++++++++++++++-
2 files changed, 165 insertions(+), 2 deletions(-)
diff --git a/test/image/oci/storage/layers/CMakeLists.txt b/test/image/oci/storage/layers/CMakeLists.txt
index e1c76453..c4384e8f 100644
--- a/test/image/oci/storage/layers/CMakeLists.txt
+++ b/test/image/oci/storage/layers/CMakeLists.txt
@@ -148,5 +148,6 @@ target_link_libraries(${LAYER_EXE}
${LIBTAR_LIBRARY}
-lwebsockets -lcrypto -lyajl -larchive ${SELINUX_LIBRARY} -ldevmapper -lz -lcap)
+set_target_properties(${LAYER_EXE} PROPERTIES LINK_FLAGS "-Wl,--wrap,map_new -Wl,--wrap,map_insert -Wl,--wrap,map_search -Wl,--wrap,util_common_calloc_s -Wl,--wrap,util_smart_calloc_s")
add_test(NAME ${LAYER_EXE} COMMAND ${LAYER_EXE} --gtest_output=xml:${LAYER_EXE}-Results.xml)
set_tests_properties(${LAYER_EXE} PROPERTIES TIMEOUT 120)
diff --git a/test/image/oci/storage/layers/storage_layers_ut.cc b/test/image/oci/storage/layers/storage_layers_ut.cc
index 73611fdc..a03f4ce8 100644
--- a/test/image/oci/storage/layers/storage_layers_ut.cc
+++ b/test/image/oci/storage/layers/storage_layers_ut.cc
@@ -29,6 +29,8 @@
#include "storage.h"
#include "layer.h"
#include "driver_quota_mock.h"
+#include "map.h"
+#include "mock.h"
using ::testing::Args;
using ::testing::ByRef;
@@ -41,6 +43,95 @@ using ::testing::AtLeast;
using ::testing::Invoke;
using ::testing::_;
+static int g_map_search_count = 0;
+static int g_map_search_match = 1;
+static int g_map_new_count = 0;
+static int g_map_new_match = 1;
+static int g_map_insert_count = 0;
+static int g_map_insert_match = 1;
+
+extern "C" {
+ DECLARE_WRAPPER_V(map_new, map_t *, (map_type_t kvtype, map_cmp_func comparator, map_kvfree_func kvfree));
+ DEFINE_WRAPPER_V(map_new, map_t *, (map_type_t kvtype, map_cmp_func comparator, map_kvfree_func kvfree), (kvtype, comparator, kvfree));
+ DECLARE_WRAPPER_V(map_insert, bool, (map_t *map, void *key, void *value));
+ DEFINE_WRAPPER_V(map_insert, bool, (map_t *map, void *key, void *value), (map, key, value));
+ DECLARE_WRAPPER_V(map_search, void *, (const map_t *map, void *key));
+ DEFINE_WRAPPER_V(map_search, void *, (const map_t *map, void *key), (map, key));
+
+ DECLARE_WRAPPER_V(util_smart_calloc_s, void *, (size_t size, size_t len));
+ DEFINE_WRAPPER_V(util_smart_calloc_s, void *, (size_t size, size_t len), (size, len));
+ DECLARE_WRAPPER_V(util_common_calloc_s, void *, (size_t size));
+ DEFINE_WRAPPER_V(util_common_calloc_s, void *, (size_t size), (size));
+}
+
+/*
+* Repeatedly calling the function executes the wrapper function and original function in the following order:
+* wrapper function; original function, wrapper function; original function, original function, wrapper function;...
+* Similar to regular queues (1 means wrapper, 0 means original): 1; 0 1; 0 0 1; 0 0 0 1; ...
+* It's used to MOCK a function that repeat permutation.
+* If you want a regular queue, the variables needs to be assigned back to the initial value.
+*/
+static map_t *map_new_return_null(map_type_t kvtype, map_cmp_func comparator, map_kvfree_func kvfree)
+{
+ g_map_new_count++;
+ if (g_map_new_count == g_map_new_match) {
+ g_map_new_match++;
+ g_map_new_count = 0;
+ return nullptr;
+ } else {
+ return __real_map_new(kvtype, comparator, kvfree);
+ }
+}
+
+/*
+* Repeatedly calling the function executes the wrapper function and original function in the following order:
+* wrapper function; original function, wrapper function; original function, original function, wrapper function;...
+* Similar to regular queues (1 means wrapper, 0 means original): 1; 0 1; 0 0 1; 0 0 0 1; ...
+* It's used to MOCK a function that repeat permutation.
+* If you want a regular queue, the variables needs to be assigned back to the initial value.
+*/
+static bool map_insert_return_false(map_t *map, void *key, void *value)
+{
+ g_map_insert_count++;
+ if (g_map_insert_count == g_map_insert_match) {
+ g_map_insert_match++;
+ g_map_insert_count = 0;
+ return false;
+ } else {
+ return __real_map_insert(map, key, value);
+ }
+}
+
+/*
+* Repeatedly calling the function executes the wrapper function and original function in the following order:
+* wrapper function; original function, wrapper function; original function, original function, wrapper function;...
+* Similar to regular queues (1 means wrapper, 0 means original): 1; 0 1; 0 0 1; 0 0 0 1; ...
+* It's used to MOCK a function that repeat permutation.
+* If you want a regular queue, the variables needs to be assigned back to the initial value.
+*/
+void *map_search_fail(const map_t *map, void *key)
+{
+ g_map_search_count++;
+ if (g_map_search_count == g_map_search_match) {
+ g_map_search_match++;
+ g_map_search_count = 0;
+ return nullptr;
+ } else {
+ return __real_map_search(map, key);
+ }
+
+}
+
+void *util_common_calloc_s_fail(size_t size)
+{
+ return nullptr;
+}
+
+void *util_smart_calloc_s_fail(size_t size, size_t len)
+{
+ return nullptr;
+}
+
std::string GetDirectory()
{
char abs_path[PATH_MAX] { 0x00 };
@@ -178,6 +269,7 @@ protected:
std::string isulad_dir = "/tmp/isulad/";
mkdir(isulad_dir.c_str(), 0755);
std::string root_dir = isulad_dir + "data";
+ mkdir(root_dir.c_str(), 0755);
std::string run_dir = isulad_dir + "data/run";
std::string data_dir = GetDirectory() + "/data";
@@ -194,12 +286,40 @@ protected:
opts.storage_root = strdup(real_path);
ASSERT_STRNE(util_clean_path(run_dir.c_str(), real_run_path, sizeof(real_run_path)), nullptr);
opts.storage_run_root = strdup(real_run_path);
- opts.driver_name = strdup("overlay");
opts.driver_opts = static_cast<char **>(util_smart_calloc_s(sizeof(char *), 1));
opts.driver_opts[0] = strdup("overlay2.skip_mount_home=true");
opts.driver_opts_len = 1;
-
+#ifdef ENABLE_REMOTE_LAYER_STORE
+ opts.enable_remote_layer = true;
+#endif
EXPECT_CALL(m_driver_quota_mock, QuotaCtl(_, _, _, _)).WillRepeatedly(Invoke(invokeQuotaCtl));
+
+ opts.driver_name = NULL;
+ ASSERT_EQ(layer_store_init(&opts), -1);
+
+ char over_path_max_driver_name[5000] { 0x00 }; // PATH_MAX = 4096
+ std::memset(over_path_max_driver_name, 'a', 4999);
+ over_path_max_driver_name[4999]= '\0';
+ opts.driver_name = over_path_max_driver_name;
+ ASSERT_EQ(layer_store_init(&opts), -1);
+
+ opts.driver_name = strdup("overlay");
+ MOCK_SET_V(map_new, map_new_return_null);
+ g_map_new_count = 0;
+ g_map_new_match = 1;
+ ASSERT_EQ(layer_store_init(&opts), -1);
+ ASSERT_EQ(layer_store_init(&opts), -1);
+ ASSERT_EQ(layer_store_init(&opts), -1);
+ ASSERT_EQ(layer_store_init(&opts), -1);
+ MOCK_CLEAR(map_new);
+
+ MOCK_SET_V(map_insert, map_insert_return_false);
+ g_map_insert_count = 0;
+ g_map_insert_match = 1;
+ ASSERT_EQ(layer_store_init(&opts), -1);
+ ASSERT_EQ(layer_store_init(&opts), -1);
+ MOCK_CLEAR(map_insert);
+
ASSERT_EQ(layer_store_init(&opts), 0);
free(opts.storage_root);
@@ -238,6 +358,13 @@ TEST_F(StorageLayersUnitTest, test_layers_load)
struct layer_list *layer_list = (struct layer_list *)util_common_calloc_s(sizeof(struct layer_list));
ASSERT_NE(layer_list, nullptr);
+ ASSERT_EQ(layer_store_list(NULL), -1);
+ MOCK_SET_V(util_smart_calloc_s, util_smart_calloc_s_fail);
+ ASSERT_EQ(layer_store_list(layer_list), -1);
+ MOCK_CLEAR(util_smart_calloc_s);
+ MOCK_SET_V(util_common_calloc_s, util_common_calloc_s_fail);
+ ASSERT_EQ(layer_store_list(layer_list), -1);
+ MOCK_CLEAR(util_common_calloc_s);
ASSERT_EQ(layer_store_list(layer_list), 0);
ASSERT_EQ(layer_list->layers_len, 2);
@@ -315,6 +442,18 @@ TEST_F(StorageLayersUnitTest, test_layer_store_by_compress_digest)
std::string id { "9c27e219663c25e0f28493790cc0b88bc973ba3b1686355f221c38a36978ac63" };
struct layer_list *layer_list = (struct layer_list *)util_common_calloc_s(sizeof(struct layer_list));
+ MOCK_SET_V(util_smart_calloc_s, util_smart_calloc_s_fail);
+ ASSERT_EQ(layer_store_by_compress_digest(compress.c_str(), layer_list), -1);
+ MOCK_CLEAR(util_smart_calloc_s);
+ MOCK_SET_V(util_common_calloc_s, util_common_calloc_s_fail);
+ ASSERT_EQ(layer_store_by_compress_digest(compress.c_str(), layer_list), -1);
+ MOCK_CLEAR(util_common_calloc_s);
+ MOCK_SET_V(map_search, map_search_fail);
+ g_map_search_count = 0;
+ g_map_search_match = 1;
+ ASSERT_EQ(layer_store_by_compress_digest(compress.c_str(), layer_list), -1);
+ MOCK_CLEAR(map_search);
+
ASSERT_EQ(layer_store_by_compress_digest(compress.c_str(), layer_list), 0);
ASSERT_EQ(layer_list->layers_len, 1);
@@ -324,3 +463,26 @@ TEST_F(StorageLayersUnitTest, test_layer_store_by_compress_digest)
free_layer_list(layer_list);
}
+
+#ifdef ENABLE_REMOTE_LAYER_STORE
+TEST_F(StorageLayersUnitTest, test_remote_layer_common)
+{
+ ASSERT_EQ(remote_layer_remove_memory_stores_with_lock(NULL), -1);
+ char arr[] = "random_id";
+ const char *random_id = arr;
+ MOCK_SET_V(map_search, map_search_fail);
+ g_map_search_count = 0;
+ g_map_search_match = 1;
+ ASSERT_EQ(remote_layer_remove_memory_stores_with_lock(random_id), 0);
+ MOCK_CLEAR(map_search);
+
+ ASSERT_EQ(remote_load_one_layer(NULL), -1);
+ MOCK_SET_V(map_search, map_search_fail);
+ g_map_search_count = 0;
+ g_map_search_match = 1;
+ ASSERT_EQ(remote_load_one_layer(random_id), -1);
+ MOCK_CLEAR(map_search);
+
+ ASSERT_EQ(remote_load_one_layer(random_id), -1);
+}
+#endif
--
2.23.0

Some files were not shown because too many files have changed in this diff Show More