packages/iSulad
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!584 upgrade from upstream

Browse Source 
Merge pull request !584 from zhangxiaoyu/openEuler-20.03-LTS-SP3
This commit is contained in:
haozi007 2023-06-01 06:21:34 +00:00 committed by Gitee
commit 306526da91
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
21 changed files with 4975 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
0060-fix-security-warning.patch Normal file
View File

@ -0,0 +1,58 @@
From 3520955126742b1bc9e49ce2d1ec6e10ac04bd3c Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Mon, 8 May 2023 10:37:53 +0800
Subject: [PATCH 60/79] fix security warning
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
src/cmd/isulad-shim/process.c | 6 +++---
src/cmd/isulad-shim/process.h | 2 +-
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/src/cmd/isulad-shim/process.c b/src/cmd/isulad-shim/process.c
index c31f8af6..f1391ecb 100644
--- a/src/cmd/isulad-shim/process.c
+++ b/src/cmd/isulad-shim/process.c
@@ -1164,7 +1164,7 @@ static int try_wait_all_child(void)
return 1;
}
-static int waitpid_with_timeout(int ctr_pid, int *status, const int64_t timeout)
+static int waitpid_with_timeout(int ctr_pid, int *status, const uint64_t timeout)
{
int nret = 0;
time_t start_time = time(NULL);
@@ -1210,7 +1210,7 @@ static int waitpid_with_timeout(int ctr_pid, int *status, const int64_t timeout
* If timeout <= 0, blocking wait in reap_container.
* If timeout > 0, non-blocking wait pid with timeout.
*/
-static int wait_container_process_with_timeout(process_t *p, const unsigned int timeout, int *status)
+static int wait_container_process_with_timeout(process_t *p, const uint64_t timeout, int *status)
{
int ret = SHIM_ERR;
@@ -1248,7 +1248,7 @@ static int wait_container_process_with_timeout(process_t *p, const unsigned int
}
-int process_signal_handle_routine(process_t *p, const pthread_t tid_epoll, const unsigned int timeout)
+int process_signal_handle_routine(process_t *p, const pthread_t tid_epoll, const uint64_t timeout)
{
int nret = 0;
int ret = 0;
diff --git a/src/cmd/isulad-shim/process.h b/src/cmd/isulad-shim/process.h
index 4cb6462c..93e01e7b 100644
--- a/src/cmd/isulad-shim/process.h
+++ b/src/cmd/isulad-shim/process.h
@@ -70,7 +70,7 @@ process_t* new_process(char *id, char *bundle, char *runtime);
int process_io_start(process_t *p, pthread_t *tid_epoll);
int create_process(process_t *p);
-int process_signal_handle_routine(process_t *p, const pthread_t tid_epoll, const unsigned int timeout);
+int process_signal_handle_routine(process_t *p, const pthread_t tid_epoll, const uint64_t timeout);
#ifdef __cplusplus
}
--
2.25.1

71
0061-add-testcase-for-hook-env.patch Normal file
View File

@ -0,0 +1,71 @@
From dd1e6907ec841d378699fdbbbf0033666b1b43c7 Mon Sep 17 00:00:00 2001
From: zhangxiaoyu <zhangxiaoyu58@huawei.com>
Date: Mon, 8 May 2023 17:38:38 +0800
Subject: [PATCH 61/79] add testcase for hook env
Signed-off-by: zhangxiaoyu <zhangxiaoyu58@huawei.com>
---
.../container_cases/hook_spec_test.sh | 30 +++++++++++++++++++
.../test_data/env-hookspec.json | 9 ++++++
2 files changed, 39 insertions(+)
create mode 100644 CI/test_cases/container_cases/test_data/env-hookspec.json
diff --git a/CI/test_cases/container_cases/hook_spec_test.sh b/CI/test_cases/container_cases/hook_spec_test.sh
index a0f70e37..c88ed340 100755
--- a/CI/test_cases/container_cases/hook_spec_test.sh
+++ b/CI/test_cases/container_cases/hook_spec_test.sh
@@ -59,6 +59,36 @@ function test_hook_spec()
rm -rf $runlog
+ cat > /tmp/env.sh <<EOF
+#!/bin/bash
+
+env > /tmp/envfile
+EOF
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to generate env shell" && ((ret++))
+
+ chmod +x /tmp/env.sh
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to chmod env shell" && ((ret++))
+
+ CONT=`isula run -itd --hook-spec ${test_data_path}/env-hookspec.json ${image}`
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to run container with image: ${image}" && ((ret++))
+
+ isula stop -t 0 ${CONT}
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to stop ${CONT}" && ((ret++))
+
+ isula rm ${CONT}
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to rm ${CONT}" && ((ret++))
+
+ # debug
+ cat /tmp/envfile
+ cat /tmp/envfile | grep "PATH=/usr/local/bin:/usr/bin"
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - set ocihook PATH env failed" && ((ret++))
+
+ cat /tmp/envfile | grep "AAA=bbb"
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - set ocihook env failed" && ((ret++))
+
+ rm -rf /tmp/env.sh
+ rm -rf /tmp/envfile
+
msg_info "${test} finished with return ${ret}..."
return ${ret}
}
diff --git a/CI/test_cases/container_cases/test_data/env-hookspec.json b/CI/test_cases/container_cases/test_data/env-hookspec.json
new file mode 100644
index 00000000..2a63a355
--- /dev/null
+++ b/CI/test_cases/container_cases/test_data/env-hookspec.json
@@ -0,0 +1,9 @@
+{
+ "prestart": [
+ {
+ "args": ["/tmp/env.sh"],
+ "path": "/tmp/env.sh",
+ "env": ["PATH=/usr/local/bin:/usr/bin", "AAA=bbb"]
+ }
+ ]
+}
--
2.25.1

371
0062-fix-security-warning.patch Normal file
View File

@ -0,0 +1,371 @@
From 3f103151b1d54d76bb46179a3dac05e918983e79 Mon Sep 17 00:00:00 2001
From: "Neil.wrz" <wangrunze13@huawei.com>
Date: Sun, 7 May 2023 02:37:30 -0700
Subject: [PATCH 62/79] fix security warning
Signed-off-by: Neil.wrz <wangrunze13@huawei.com>
---
.../oci/storage/image_store/image_store.c | 2 +-
.../remote_layer_support/image_remote_impl.c | 36 +++++++++++++---
.../remote_layer_support/layer_remote_impl.c | 41 +++++++++++++++----
.../overlay_remote_impl.c | 38 ++++++++++++++---
.../remote_layer_support/remote_support.c | 19 ++++++++-
.../ro_symlink_maintain.c | 2 -
.../modules/image/oci/storage/storage.c | 2 +
7 files changed, 116 insertions(+), 24 deletions(-)
diff --git a/src/daemon/modules/image/oci/storage/image_store/image_store.c b/src/daemon/modules/image/oci/storage/image_store/image_store.c
index 7837f9db..d436eba2 100644
--- a/src/daemon/modules/image/oci/storage/image_store/image_store.c
+++ b/src/daemon/modules/image/oci/storage/image_store/image_store.c
@@ -3647,7 +3647,7 @@ int image_store_init(struct storage_module_init_options *opts)
}
#ifdef ENABLE_REMOTE_LAYER_STORE
- remote_image_init(g_image_store->dir);
+ ret = remote_image_init(g_image_store->dir);
#endif
out:
diff --git a/src/daemon/modules/image/oci/storage/remote_layer_support/image_remote_impl.c b/src/daemon/modules/image/oci/storage/remote_layer_support/image_remote_impl.c
index a822ea81..1ac0139f 100644
--- a/src/daemon/modules/image/oci/storage/remote_layer_support/image_remote_impl.c
+++ b/src/daemon/modules/image/oci/storage/remote_layer_support/image_remote_impl.c
@@ -36,10 +36,28 @@ struct remote_image_data *remote_image_create(const char *remote_home, const cha
ERROR("Out of memory");
return NULL;
}
+
data->image_home = remote_home;
image_byid_old = map_new(MAP_STR_BOOL, MAP_DEFAULT_CMP_FUNC, MAP_DEFAULT_FREE_FUNC);
+ if (image_byid_old == NULL) {
+ ERROR("Failed to cerate image_byid_old");
+ goto free_out;
+ }
+
image_byid_new = map_new(MAP_STR_BOOL, MAP_DEFAULT_CMP_FUNC, MAP_DEFAULT_FREE_FUNC);
+ if (image_byid_new == NULL) {
+ ERROR("Failed to cerate image_byid_new");
+ goto free_out;
+ }
+
return data;
+
+free_out:
+ map_free(image_byid_old);
+ map_free(image_byid_new);
+ free(data);
+
+ return NULL;
}
void remote_image_destroy(struct remote_image_data *data)
@@ -97,7 +115,9 @@ static int remote_dir_scan(void *data)
// for refresh, we don't care v1 image, cause image should be handled by master isulad
// when master isulad pull images
if (!is_v1_image) {
- map_insert(image_byid_new, util_strdup_s(image_dirs[i]), (void *)&exist);
+ if (!map_insert(image_byid_new, image_dirs[i], (void *)&exist)) {
+ WARN("Failed to insert image %s to map", image_dirs[i]);
+ }
}
}
@@ -113,7 +133,7 @@ static int remote_image_add(void *data)
char *top_layer = NULL;
map_t *tmp_map = NULL;
bool exist = true;
- int i = 0;
+ size_t i = 0;
int ret = 0;
if (data == NULL) {
@@ -127,13 +147,17 @@ static int remote_image_add(void *data)
top_layer = remote_image_get_top_layer_from_json(array_added[i]);
if (top_layer != NULL && !remote_layer_layer_valid(top_layer)) {
WARN("Current not find valid under layer, remoet image:%s not added", array_added[i]);
- map_remove(image_byid_new, (void *)array_added[i]);
+ if (!map_remove(image_byid_new, (void *)array_added[i])) {
+ WARN("image %s will not be loaded from remote.", array_added[i]);
+ }
continue;
}
if (remote_append_image_by_directory_with_lock(array_added[i]) != 0) {
ERROR("Failed to load image into memrory: %s", array_added[i]);
- map_remove(image_byid_new, (void *)array_added[i]);
+ if (!map_remove(image_byid_new, (void *)array_added[i])) {
+ WARN("image %s will not be loaded from remote", array_added[i]);
+ }
ret = -1;
}
}
@@ -141,7 +165,9 @@ static int remote_image_add(void *data)
for (i = 0; i < util_array_len((const char **)array_deleted); i++) {
if (remote_remove_image_from_memory_with_lock(array_deleted[i]) != 0) {
ERROR("Failed to remove remote memory store");
- map_insert(image_byid_new, array_deleted[i], (void *)&exist);
+ if (!map_insert(image_byid_new, array_deleted[i], (void *)&exist)) {
+ WARN("image %s will not be removed from local", array_deleted[i]);
+ }
ret = -1;
}
}
diff --git a/src/daemon/modules/image/oci/storage/remote_layer_support/layer_remote_impl.c b/src/daemon/modules/image/oci/storage/remote_layer_support/layer_remote_impl.c
index 3e3afff6..b1a1e944 100644
--- a/src/daemon/modules/image/oci/storage/remote_layer_support/layer_remote_impl.c
+++ b/src/daemon/modules/image/oci/storage/remote_layer_support/layer_remote_impl.c
@@ -36,13 +36,30 @@ struct remote_layer_data *remote_layer_create(const char *layer_home, const char
ERROR("Out of memory");
return NULL;
}
- data->layer_home = util_strdup_s(layer_home);
- data->layer_ro = util_strdup_s(layer_ro);
+ data->layer_home = layer_home;
+ data->layer_ro = layer_ro;
+
layer_byid_old = map_new(MAP_STR_BOOL, MAP_DEFAULT_CMP_FUNC, MAP_DEFAULT_FREE_FUNC);
+ if (layer_byid_old == NULL) {
+ ERROR("Failed to cerate layer_byid_old");
+ goto free_out;
+ }
+
layer_byid_new = map_new(MAP_STR_BOOL, MAP_DEFAULT_CMP_FUNC, MAP_DEFAULT_FREE_FUNC);
+ if (layer_byid_new == NULL) {
+ ERROR("Failed to cerate layer_byid_new");
+ goto free_out;
+ }
return data;
-};
+
+free_out:
+ map_free(layer_byid_old);
+ map_free(layer_byid_new);
+ free(data);
+
+ return NULL;
+}
void remote_layer_destroy(struct remote_layer_data *data)
{
@@ -59,7 +76,7 @@ static bool layer_walk_dir_cb(const char *path_name, const struct dirent *sub_di
{
bool exist = true;
- if (!map_insert(layer_byid_new, util_strdup_s(sub_dir->d_name), (void *)&exist)) {
+ if (!map_insert(layer_byid_new, (void *)sub_dir->d_name, (void *)&exist)) {
ERROR("can't insert remote layer into map");
return false;
}
@@ -165,7 +182,7 @@ static int remote_layer_add(struct remote_layer_data *data)
char **array_deleted = NULL;
map_t *tmp_map = NULL;
bool exist = true;
- int i = 0;
+ size_t i = 0;
if (data == NULL) {
return -1;
@@ -175,15 +192,19 @@ static int remote_layer_add(struct remote_layer_data *data)
array_deleted = remote_deleted_layers(layer_byid_old, layer_byid_new);
for (i = 0; i < util_array_len((const char **)array_added); i++) {
- if (!remote_overlay_layer_valid(array_added[i]) != 0) {
+ if (!remote_overlay_layer_valid(array_added[i])) {
WARN("remote overlay layer current not valid: %s", array_added[i]);
- map_remove(layer_byid_new, (void *)array_added[i]);
+ if (!map_remove(layer_byid_new, (void *)array_added[i])) {
+ WARN("layer %s will not be loaded from remote", array_added[i]);
+ }
continue;
}
if (add_one_remote_layer(data, array_added[i]) != 0) {
ERROR("Failed to add remote layer: %s", array_added[i]);
- map_remove(layer_byid_new, (void *)array_added[i]);
+ if (!map_remove(layer_byid_new, (void *)array_added[i])) {
+ WARN("layer %s will not be loaded from remote", array_added[i]);
+ }
ret = -1;
}
}
@@ -191,7 +212,9 @@ static int remote_layer_add(struct remote_layer_data *data)
for (i = 0; i < util_array_len((const char **)array_deleted); i++) {
if (remove_one_remote_layer(data, array_deleted[i]) != 0) {
ERROR("Failed to delete remote overlay layer: %s", array_deleted[i]);
- map_insert(layer_byid_new, array_deleted[i], (void *)&exist);
+ if (!map_insert(layer_byid_new, array_deleted[i], (void *)&exist)) {
+ WARN("layer %s will not be removed from local", array_deleted[i]);
+ }
ret = -1;
}
}
diff --git a/src/daemon/modules/image/oci/storage/remote_layer_support/overlay_remote_impl.c b/src/daemon/modules/image/oci/storage/remote_layer_support/overlay_remote_impl.c
index de2e583c..30caf175 100644
--- a/src/daemon/modules/image/oci/storage/remote_layer_support/overlay_remote_impl.c
+++ b/src/daemon/modules/image/oci/storage/remote_layer_support/overlay_remote_impl.c
@@ -42,13 +42,37 @@ struct remote_overlay_data *remote_overlay_create(const char *remote_home, const
ERROR("Out of memory");
return NULL;
}
+
data->overlay_home = remote_home;
data->overlay_ro = remote_ro;
+
overlay_byid_old = map_new(MAP_STR_BOOL, MAP_DEFAULT_CMP_FUNC, MAP_DEFAULT_FREE_FUNC);
+ if (overlay_byid_old == NULL) {
+ ERROR("Failed to cerate overlay_byid_old");
+ goto free_out;
+ }
+
overlay_byid_new = map_new(MAP_STR_BOOL, MAP_DEFAULT_CMP_FUNC, MAP_DEFAULT_FREE_FUNC);
+ if (overlay_byid_new == NULL) {
+ ERROR("Failed to cerate overlay_byid_new");
+ goto free_out;
+ }
+
overlay_id_link = map_new(MAP_STR_STR, MAP_DEFAULT_CMP_FUNC, MAP_DEFAULT_FREE_FUNC);
+ if (overlay_id_link == NULL) {
+ ERROR("Failed to cerate overlay_id_link");
+ goto free_out;
+ }
return data;
+
+free_out:
+ map_free(overlay_byid_old);
+ map_free(overlay_byid_new);
+ map_free(overlay_id_link);
+ free(data);
+
+ return NULL;
}
void remote_overlay_destroy(struct remote_overlay_data *data)
@@ -66,7 +90,7 @@ void remote_overlay_destroy(struct remote_overlay_data *data)
static bool overlay_walk_dir_cb(const char *path_name, const struct dirent *sub_dir, void *context)
{
bool exist = true;
- if (!map_insert(overlay_byid_new, util_strdup_s(sub_dir->d_name), (void *)&exist)) {
+ if (!map_insert(overlay_byid_new, (void *)sub_dir->d_name, (void *)&exist)) {
ERROR("can't insert remote layer into map");
return false;
}
@@ -254,7 +278,7 @@ static int add_one_remote_overlay_layer(struct remote_overlay_data *data, const
ret = -1;
}
- if (!map_insert(overlay_id_link, util_strdup_s(overlay_id), (void *)diff_symlink)) {
+ if (!map_insert(overlay_id_link, (void *)overlay_id, (void *)diff_symlink)) {
ERROR("can't insert remote layer into map");
ret = -1;
}
@@ -275,7 +299,7 @@ static int remote_image_add(struct remote_overlay_data *data)
char **array_deleted = NULL;
map_t *tmp_map = NULL;
bool exist = true;
- int i = 0;
+ size_t i = 0;
if (data == NULL) {
return -1;
@@ -287,7 +311,9 @@ static int remote_image_add(struct remote_overlay_data *data)
for (i = 0; i < util_array_len((const char **)array_added); i++) {
if (add_one_remote_overlay_layer(data, array_added[i]) != 0) {
ERROR("Failed to add remote overlay layer: %s", array_added[i]);
- map_remove(overlay_byid_new, (void *)array_added[i]);
+ if (!map_remove(overlay_byid_new, (void *)array_added[i])) {
+ WARN("overlay layer %s will not be loaded from remote", array_added[i]);
+ }
ret = -1;
}
}
@@ -295,7 +321,9 @@ static int remote_image_add(struct remote_overlay_data *data)
for (i = 0; i < util_array_len((const char **)array_deleted); i++) {
if (remove_one_remote_overlay_layer(data, array_deleted[i]) != 0) {
ERROR("Failed to delete remote overlay layer: %s", array_deleted[i]);
- map_insert(overlay_byid_new, array_deleted[i], (void *)&exist);
+ if (!map_insert(overlay_byid_new, array_deleted[i], (void *)&exist)) {
+ WARN("overlay layer %s will be deleted from local", array_deleted[i]);
+ }
ret = -1;
}
}
diff --git a/src/daemon/modules/image/oci/storage/remote_layer_support/remote_support.c b/src/daemon/modules/image/oci/storage/remote_layer_support/remote_support.c
index 7d457755..748298cb 100644
--- a/src/daemon/modules/image/oci/storage/remote_layer_support/remote_support.c
+++ b/src/daemon/modules/image/oci/storage/remote_layer_support/remote_support.c
@@ -65,7 +65,10 @@ static void *remote_refresh_ro_symbol_link(void *arg)
util_usleep_nointerupt(5 * 1000 * 1000);
DEBUG("remote refresh start\n");
- remote_refresh_lock(supporters.remote_lock, true);
+ if (!remote_refresh_lock(supporters.remote_lock, true)) {
+ WARN("Failed to lock remote store failed, try to lock after 5 seconds");
+ continue;
+ }
remote_overlay_refresh(refresh_supporters->overlay_data);
remote_layer_refresh(refresh_supporters->layer_data);
remote_image_refresh(refresh_supporters->image_data);
@@ -127,18 +130,30 @@ static char **map_diff(const map_t *map_a, const map_t *map_b)
char **array = NULL;
map_itor *itor = map_itor_new(map_a);
bool *found = NULL;
+ int ret = 0;
// iter new_map, every item not in old, append them to new_layers
for (; map_itor_valid(itor); map_itor_next(itor)) {
char *id = map_itor_key(itor);
found = map_search(map_b, id);
if (found == NULL) {
- util_array_append(&array, util_strdup_s(id));
+ ret = util_array_append(&array, id);
+ if (ret != 0) {
+ ERROR("Failed to add diff item %s to array", id);
+ break;
+ }
}
}
map_itor_free(itor);
+ // if array is null then return directly
+ // if array is not null, free array and return NULL
+ if (ret != 0 && array != NULL) {
+ util_free_array(array);
+ array = NULL;
+ }
+
return array;
}
diff --git a/src/daemon/modules/image/oci/storage/remote_layer_support/ro_symlink_maintain.c b/src/daemon/modules/image/oci/storage/remote_layer_support/ro_symlink_maintain.c
index a3aa3aa4..0e2b671b 100644
--- a/src/daemon/modules/image/oci/storage/remote_layer_support/ro_symlink_maintain.c
+++ b/src/daemon/modules/image/oci/storage/remote_layer_support/ro_symlink_maintain.c
@@ -27,8 +27,6 @@
#include "utils.h"
#include "utils_file.h"
-#define REMOTE_RO_LAYER_DIR "RO"
-
// overlay-layers and overlay-layers/RO
static char *image_home;
diff --git a/src/daemon/modules/image/oci/storage/storage.c b/src/daemon/modules/image/oci/storage/storage.c
index 836ccf4d..07c3830b 100644
--- a/src/daemon/modules/image/oci/storage/storage.c
+++ b/src/daemon/modules/image/oci/storage/storage.c
@@ -1876,6 +1876,8 @@ int storage_module_init(struct storage_module_init_options *opts)
#ifdef ENABLE_REMOTE_LAYER_STORE
if (opts->enable_remote_layer && remote_start_refresh_thread(opts->remote_lock) != 0) {
ERROR("Failed to start remote refresh thread");
+ ret = -1;
+ goto out;
}
#endif
--
2.25.1

69
0063-add-try_generate_exec_id-func-for-health-check.patch Normal file
View File

@ -0,0 +1,69 @@
From 4abeb19ab3064725d1c84e80a33b16aca5f9d8ba Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Wed, 10 May 2023 21:04:25 +0800
Subject: [PATCH 63/79] add try_generate_exec_id func for health check
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
.../modules/runtime/isula/isula_rt_ops.c | 31 +++++++++++++++++--
1 file changed, 29 insertions(+), 2 deletions(-)
diff --git a/src/daemon/modules/runtime/isula/isula_rt_ops.c b/src/daemon/modules/runtime/isula/isula_rt_ops.c
index ceaf464e..85a2fbc8 100644
--- a/src/daemon/modules/runtime/isula/isula_rt_ops.c
+++ b/src/daemon/modules/runtime/isula/isula_rt_ops.c
@@ -1082,6 +1082,28 @@ static bool fg_exec(const rt_exec_params_t *params)
return false;
}
+static char *try_generate_exec_id()
+{
+ char *id = NULL;
+
+ id = util_common_calloc_s(sizeof(char) * (CONTAINER_EXEC_ID_MAX_LEN + 1));
+ if (id == NULL) {
+ ERROR("Out of memory");
+ return NULL;
+ }
+
+ if (util_generate_random_str(id, (size_t)CONTAINER_EXEC_ID_MAX_LEN) != 0) {
+ ERROR("Generate id failed");
+ goto err_out;
+ }
+
+ return id;
+
+err_out:
+ free(id);
+ return NULL;
+}
+
int rt_isula_exec(const char *id, const char *runtime, const rt_exec_params_t *params, int *exit_code)
{
char *exec_id = NULL;
@@ -1097,7 +1119,7 @@ int rt_isula_exec(const char *id, const char *runtime, const rt_exec_params_t *p
shim_client_process_state p = { 0 };
char *timeout = NULL;
- if (id == NULL || runtime == NULL || params == NULL || exit_code == NULL || params->suffix == NULL) {
+ if (id == NULL || runtime == NULL || params == NULL || exit_code == NULL) {
ERROR("nullptr arguments not allowed");
return -1;
}
@@ -1110,7 +1132,12 @@ int rt_isula_exec(const char *id, const char *runtime, const rt_exec_params_t *p
return -1;
}
- exec_id = util_strdup_s(params->suffix);
+ if (params->suffix != NULL) {
+ exec_id = util_strdup_s(params->suffix);
+ } else {
+ // in the health check scenario, suffix is empty
+ exec_id = try_generate_exec_id();
+ }
if (exec_id == NULL) {
ERROR("Out of memory or generate exec id failed");
return -1;
--
2.25.1

992
0064-split-remote-grpc-code-by-macro.patch Normal file
View File

@ -0,0 +1,992 @@
From 84cc7186842b45844b017a5bc8afa16b28bac668 Mon Sep 17 00:00:00 2001
From: zhangxiaoyu <zhangxiaoyu58@huawei.com>
Date: Thu, 11 May 2023 10:27:08 +0800
Subject: [PATCH 64/79] split remote grpc code by macro
Signed-off-by: zhangxiaoyu <zhangxiaoyu58@huawei.com>
---
cmake/options.cmake | 6 ++
src/client/connect/connect.h | 2 +
src/client/connect/grpc/client_base.h | 12 ++-
.../connect/grpc/grpc_containers_client.cc | 22 +++++-
src/cmd/isula/client_arguments.c | 10 +++
src/cmd/isula/client_arguments.h | 15 +++-
src/cmd/isulad-shim/common.h | 4 +-
src/cmd/isulad/isulad_commands.c | 1 +
src/cmd/isulad/isulad_commands.h | 78 ++++++++++---------
src/cmd/isulad/main.c | 31 +++++---
src/common/constants.h | 2 +
src/daemon/config/daemon_arguments.c | 4 +
src/daemon/config/isulad_config.c | 4 +
.../connect/grpc/grpc_server_tls_auth.cc | 6 +-
src/daemon/entry/connect/grpc/grpc_service.cc | 11 +++
.../cri/cri_container_manager_service_impl.cc | 6 +-
src/daemon/entry/cri/cri_helpers.cc | 2 +-
.../oci/storage/image_store/image_store.c | 14 ++--
.../oci/storage/layer_store/layer_store.c | 14 ++--
.../remote_layer_support/image_remote_impl.c | 3 +-
src/utils/cutils/utils_verify.c | 6 ++
.../remote_layer_support/remote_layer_ut.cc | 2 +-
22 files changed, 181 insertions(+), 74 deletions(-)
diff --git a/cmake/options.cmake b/cmake/options.cmake
index 701082dd..d8b88dec 100644
--- a/cmake/options.cmake
+++ b/cmake/options.cmake
@@ -90,6 +90,12 @@ if (ENABLE_SELINUX STREQUAL "ON")
message("${Green}-- Enable selinux${ColourReset}")
endif()
+option(ENABLE_GRPC_REMOTE_CONNECT "enable gRPC remote connect" ON)
+if (ENABLE_GRPC_REMOTE_CONNECT STREQUAL "ON")
+ add_definitions(-DENABLE_GRPC_REMOTE_CONNECT=1)
+ set(ENABLE_GRPC_REMOTE_CONNECT 1)
+endif()
+
option(ENABLE_SHIM_V2 "enable shim v2 runtime" OFF)
if (ENABLE_SHIM_V2 STREQUAL "ON")
add_definitions(-DENABLE_SHIM_V2=1)
diff --git a/src/client/connect/connect.h b/src/client/connect/connect.h
index 1b2ea5b3..68c6d57f 100644
--- a/src/client/connect/connect.h
+++ b/src/client/connect/connect.h
@@ -24,12 +24,14 @@ extern "C" {
typedef struct {
unsigned int deadline;
char *socket;
+#ifdef ENABLE_GRPC_REMOTE_CONNECT
// gRPC tls config
bool tls;
bool tls_verify;
char *ca_file;
char *cert_file;
char *key_file;
+#endif
} client_connect_config_t;
#ifdef __cplusplus
diff --git a/src/client/connect/grpc/client_base.h b/src/client/connect/grpc/client_base.h
index dbe130cd..4a29765a 100644
--- a/src/client/connect/grpc/client_base.h
+++ b/src/client/connect/grpc/client_base.h
@@ -44,9 +44,10 @@ public:
auto *arguments = reinterpret_cast<client_connect_config_t *>(args);
std::string socket_address = arguments->socket;
- const std::string tcp_prefix = "tcp://";
deadline = arguments->deadline;
+#ifdef ENABLE_GRPC_REMOTE_CONNECT
+ const std::string tcp_prefix = "tcp://";
if (socket_address.compare(0, tcp_prefix.length(), tcp_prefix) == 0) {
socket_address.erase(0, tcp_prefix.length());
}
@@ -76,9 +77,12 @@ public:
// Connect to gRPC server with ssl/tls authentication mechanism.
stub_ = SV::NewStub(channel);
} else {
+#endif
// Connect to gRPC server without ssl/tls authentication mechanism.
stub_ = SV::NewStub(grpc::CreateChannel(socket_address, grpc::InsecureChannelCredentials()));
+#ifdef ENABLE_GRPC_REMOTE_CONNECT
}
+#endif
}
virtual ~ClientBase() = default;
@@ -109,12 +113,14 @@ public:
context.set_deadline(tDeadline);
}
+#ifdef ENABLE_GRPC_REMOTE_CONNECT
// Set metadata for authorization
if (SetMetadataInfo(context) != 0) {
ERROR("Failed to set metadata info for authorization");
response->cc = ISULAD_ERR_INPUT;
return -1;
}
+#endif
ret = request_to_grpc(request, &req);
if (ret != 0) {
@@ -187,6 +193,7 @@ protected:
return ss.str();
}
+#ifdef ENABLE_GRPC_REMOTE_CONNECT
auto SetMetadataInfo(ClientContext &context) -> int
{
// Set common name from cert.perm
@@ -204,10 +211,13 @@ protected:
return 0;
}
+#endif
std::unique_ptr<sTB> stub_;
+#ifdef ENABLE_GRPC_REMOTE_CONNECT
std::string m_tlsMode { ClientBaseConstants::TLS_OFF };
std::string m_certFile;
+#endif
unsigned int deadline;
};
diff --git a/src/client/connect/grpc/grpc_containers_client.cc b/src/client/connect/grpc/grpc_containers_client.cc
index 1528b2ee..301e172b 100644
--- a/src/client/connect/grpc/grpc_containers_client.cc
+++ b/src/client/connect/grpc/grpc_containers_client.cc
@@ -298,6 +298,7 @@ public:
}
};
+#ifdef ENABLE_GRPC_REMOTE_CONNECT
class RemoteStartWriteToServerTask : public StoppableThread {
public:
explicit RemoteStartWriteToServerTask(
@@ -442,6 +443,8 @@ out:
return (response->cc == ISULAD_SUCCESS) ? 0 : -1;
}
};
+#endif
+
class ContainerTop : public ClientBase<ContainerService, ContainerService::Stub, isula_top_request, TopRequest,
isula_top_response, TopResponse> {
public:
@@ -868,6 +871,7 @@ public:
}
};
+#ifdef ENABLE_GRPC_REMOTE_CONNECT
class RemoteExecWriteToServerTask : public StoppableThread {
public:
explicit RemoteExecWriteToServerTask(
@@ -1035,6 +1039,7 @@ out:
return (response->cc == ISULAD_SUCCESS) ? 0 : -1;
}
};
+#endif
class ContainerInspect : public ClientBase<ContainerService, ContainerService::Stub, isula_inspect_request,
InspectContainerRequest, isula_inspect_response, InspectContainerResponse> {
@@ -1351,6 +1356,7 @@ public:
ERROR("Missing container id in the request");
return -1;
}
+#ifdef ENABLE_GRPC_REMOTE_CONNECT
#ifdef OPENSSL_VERIFY
// Set common name from cert.perm
char common_name_value[ClientBaseConstants::COMMON_NAME_LEN] = { 0 };
@@ -1362,6 +1368,7 @@ public:
}
context.AddMetadata("username", std::string(common_name_value, strlen(common_name_value)));
context.AddMetadata("tls_mode", m_tlsMode);
+#endif
#endif
context.AddMetadata("container-id", std::string(request->name));
context.AddMetadata("attach-stdin", request->attach_stdin ? "true" : "false");
@@ -1742,11 +1749,13 @@ public:
Status status;
container_events_format_t *isula_event = nullptr;
+#ifdef ENABLE_GRPC_REMOTE_CONNECT
if (SetMetadataInfo(context) != 0) {
ERROR("Failed to set metadata info for authorization");
response->cc = ISULAD_ERR_INPUT;
return -1;
}
+#endif
ret = events_request_to_grpc(request, &req);
if (ret != 0) {
@@ -1926,6 +1935,7 @@ public:
return -1;
}
+#ifdef ENABLE_GRPC_REMOTE_CONNECT
#ifdef OPENSSL_VERIFY
// Set common name from cert.perm
char common_name_value[ClientBaseConstants::COMMON_NAME_LEN] = { 0 };
@@ -1938,6 +1948,7 @@ public:
}
ctx->context.AddMetadata("username", std::string(common_name_value, strlen(common_name_value)));
ctx->context.AddMetadata("tls_mode", m_tlsMode);
+#endif
#endif
auto reader = stub_->CopyFromContainer(&ctx->context, ctx->request);
reader->WaitForInitialMetadata();
@@ -2073,6 +2084,7 @@ public:
goto out;
}
context.AddMetadata("isulad-copy-to-container", json);
+#ifdef ENABLE_GRPC_REMOTE_CONNECT
#ifdef OPENSSL_VERIFY
{
// Set common name from cert.perm
@@ -2088,6 +2100,7 @@ public:
context.AddMetadata("tls_mode", m_tlsMode);
}
#endif
+#endif
out:
free(err);
@@ -2146,6 +2159,7 @@ public:
ClientContext context;
LogsRequest grequest;
+#ifdef ENABLE_GRPC_REMOTE_CONNECT
#ifdef OPENSSL_VERIFY
// Set common name from cert.perm
char common_name_value[ClientBaseConstants::COMMON_NAME_LEN] = { 0 };
@@ -2157,6 +2171,7 @@ public:
}
context.AddMetadata("username", std::string(common_name_value, strlen(common_name_value)));
context.AddMetadata("tls_mode", m_tlsMode);
+#endif
#endif
if (logs_request_to_grpc(request, &grequest) != 0) {
@@ -2234,13 +2249,11 @@ auto grpc_containers_client_ops_init(isula_connect_ops *ops) -> int
ops->container.info = container_func<isula_info_request, isula_info_response, ContainerInfo>;
ops->container.create = container_func<isula_create_request, isula_create_response, ContainerCreate>;
ops->container.start = container_func<isula_start_request, isula_start_response, ContainerStart>;
- ops->container.remote_start = container_func<isula_start_request, isula_start_response, ContainerRemoteStart>;
ops->container.stop = container_func<isula_stop_request, isula_stop_response, ContainerStop>;
ops->container.restart = container_func<isula_restart_request, isula_restart_response, ContainerRestart>;
ops->container.remove = container_func<isula_delete_request, isula_delete_response, ContainerDelete>;
ops->container.list = container_func<isula_list_request, isula_list_response, ContainerList>;
ops->container.exec = container_func<isula_exec_request, isula_exec_response, ContainerExec>;
- ops->container.remote_exec = container_func<isula_exec_request, isula_exec_response, ContainerRemoteExec>;
ops->container.attach = container_func<isula_attach_request, isula_attach_response, ContainerAttach>;
ops->container.pause = container_func<isula_pause_request, isula_pause_response, ContainerPause>;
ops->container.resume = container_func<isula_resume_request, isula_resume_response, ContainerResume>;
@@ -2260,5 +2273,10 @@ auto grpc_containers_client_ops_init(isula_connect_ops *ops) -> int
ops->container.resize = container_func<isula_resize_request, isula_resize_response, ContainerResize>;
ops->container.logs = container_func<isula_logs_request, isula_logs_response, ContainerLogs>;
+#ifdef ENABLE_GRPC_REMOTE_CONNECT
+ ops->container.remote_start = container_func<isula_start_request, isula_start_response, ContainerRemoteStart>;
+ ops->container.remote_exec = container_func<isula_exec_request, isula_exec_response, ContainerRemoteExec>;
+#endif
+
return 0;
}
diff --git a/src/cmd/isula/client_arguments.c b/src/cmd/isula/client_arguments.c
index 8f8c2657..2340beec 100644
--- a/src/cmd/isula/client_arguments.c
+++ b/src/cmd/isula/client_arguments.c
@@ -31,6 +31,8 @@ client_connect_config_t get_connect_config(const struct client_arguments *args)
client_connect_config_t config = { 0 };
config.socket = args->socket;
+
+#ifdef ENABLE_GRPC_REMOTE_CONNECT
// unix socket not support tls
if (strncmp(args->socket, "tcp://", strlen("tcp://"))) {
config.tls_verify = false;
@@ -49,9 +51,12 @@ client_connect_config_t get_connect_config(const struct client_arguments *args)
config.cert_file = args->cert_file;
config.key_file = args->key_file;
}
+#endif
+
return config;
}
+#ifdef ENABLE_GRPC_REMOTE_CONNECT
static int set_default_tls_options(struct client_arguments *args)
{
int ret = -1;
@@ -104,6 +109,7 @@ out:
free(cert_path);
return ret;
}
+#endif
/* client arguments init */
int client_arguments_init(struct client_arguments *args)
@@ -127,9 +133,11 @@ int client_arguments_init(struct client_arguments *args)
(void)memset(&args->custom_conf, 0, sizeof(struct custom_configs));
(void)memset(&args->cr, 0, sizeof(struct args_cgroup_resources));
+#ifdef ENABLE_GRPC_REMOTE_CONNECT
if (set_default_tls_options(args) != 0) {
return -1;
}
+#endif
// default swappiness should be set to -1
args->cr.swappiness = -1;
@@ -241,6 +249,7 @@ void client_arguments_free(struct client_arguments *args)
util_free_array(custom_conf->security);
custom_conf->security = NULL;
+#ifdef ENABLE_GRPC_REMOTE_CONNECT
free(args->ca_file);
args->ca_file = NULL;
@@ -249,6 +258,7 @@ void client_arguments_free(struct client_arguments *args)
free(args->key_file);
args->key_file = NULL;
+#endif
util_free_array(custom_conf->blkio_throttle_read_bps_device);
custom_conf->blkio_throttle_read_bps_device = NULL;
diff --git a/src/cmd/isula/client_arguments.h b/src/cmd/isula/client_arguments.h
index 087ea056..0b08bcb2 100644
--- a/src/cmd/isula/client_arguments.h
+++ b/src/cmd/isula/client_arguments.h
@@ -348,12 +348,14 @@ struct client_arguments {
json_map_string_string *annotations;
+#ifdef ENABLE_GRPC_REMOTE_CONNECT
// gRPC tls config
bool tls;
bool tls_verify;
char *ca_file;
char *cert_file;
char *key_file;
+#endif
do_resize_call_back_t resize_cb;
struct winsize s_pre_wsz;
@@ -361,9 +363,10 @@ struct client_arguments {
#define LOG_OPTIONS(log) { CMD_OPT_TYPE_BOOL_FALSE, false, "debug", 'D', &(log).quiet, "Enable debug mode", NULL },
-#define COMMON_OPTIONS(cmdargs) \
- { CMD_OPT_TYPE_STRING_DUP, false, "host", 'H', &(cmdargs).socket, "Daemon socket(s) to connect to", \
- command_valid_socket }, \
+#ifdef ENABLE_GRPC_REMOTE_CONNECT
+#define COMMON_OPTIONS(cmdargs) \
+ { CMD_OPT_TYPE_STRING_DUP, false, "host", 'H', &(cmdargs).socket, "Daemon socket(s) to connect to", \
+ command_valid_socket }, \
{ CMD_OPT_TYPE_BOOL, false, "tls", 0, &(cmdargs).tls, "Use TLS; implied by --tlsverify", NULL }, \
{ CMD_OPT_TYPE_BOOL, false, "tlsverify", 0, &(cmdargs).tls_verify, "Use TLS and verify the remote", NULL }, \
{ CMD_OPT_TYPE_STRING_DUP, \
@@ -388,6 +391,12 @@ struct client_arguments {
"Path to TLS key file (default \"/root/.iSulad/key.pem\")", \
NULL }, \
{ CMD_OPT_TYPE_BOOL, false, "help", 0, &(cmdargs).help, "Print usage", NULL },
+#else
+#define COMMON_OPTIONS(cmdargs) \
+ { CMD_OPT_TYPE_STRING_DUP, false, "host", 'H', &(cmdargs).socket, "Daemon socket(s) to connect to", \
+ command_valid_socket }, \
+ { CMD_OPT_TYPE_BOOL, false, "help", 0, &(cmdargs).help, "Print usage", NULL },
+#endif
#define VERSION_OPTIONS(cmdargs) \
{ CMD_OPT_TYPE_BOOL, false, "version", 0, NULL, "Print version information and quit", NULL },
diff --git a/src/cmd/isulad-shim/common.h b/src/cmd/isulad-shim/common.h
index d733823b..b3f52dc3 100644
--- a/src/cmd/isulad-shim/common.h
+++ b/src/cmd/isulad-shim/common.h
@@ -35,8 +35,8 @@ extern "C" {
#define SHIM_ERR_TIMEOUT (-4)
// common exit code is defined in stdlib.h
-// EXIT_FAILURE 1 : Failing exit status.
-// EXIT_SUCCESS 0 : Successful exit status.
+// EXIT_FAILURE 1 : Failing exit status.
+// EXIT_SUCCESS 0 : Successful exit status.
// custom shim exit code
// SHIM_EXIT_TIMEOUT 2: Container process timeout exit code
#define SHIM_EXIT_TIMEOUT 2
diff --git a/src/cmd/isulad/isulad_commands.c b/src/cmd/isulad/isulad_commands.c
index 42d0bde6..e814109e 100644
--- a/src/cmd/isulad/isulad_commands.c
+++ b/src/cmd/isulad/isulad_commands.c
@@ -225,6 +225,7 @@ int parse_args(struct service_arguments *args, int argc, const char **argv)
command_t cmd = { 0 };
struct command_option options[] = {
ISULAD_OPTIONS(args)
+ ISULAD_TLS_OPTIONS(args)
};
command_init_isulad(&cmd, options, sizeof(options) / sizeof(options[0]), argc, (const char **)argv, isulad_desc,
isulad_usage);
diff --git a/src/cmd/isulad/isulad_commands.h b/src/cmd/isulad/isulad_commands.h
index a89de5c1..e5bcb6c8 100644
--- a/src/cmd/isulad/isulad_commands.h
+++ b/src/cmd/isulad/isulad_commands.h
@@ -65,6 +65,48 @@ int command_default_ulimit_append(command_option_t *option, const char *arg);
#define USERNS_REMAP_OPT(cmdargs)
#endif
+#ifdef ENABLE_GRPC_REMOTE_CONNECT
+#define ISULAD_TLS_OPTIONS(cmdargs) \
+ { CMD_OPT_TYPE_STRING_DUP, \
+ false, \
+ "authorization-plugin", \
+ 0, \
+ &(cmdargs)->json_confs->authorization_plugin, \
+ "Use authorization plugin", \
+ NULL }, \
+ { CMD_OPT_TYPE_BOOL, false, "tls", 0, &(cmdargs)->json_confs->tls, "Use TLS; implied by --tlsverify", NULL }, \
+ { CMD_OPT_TYPE_BOOL, \
+ false, \
+ "tlsverify", \
+ 0, \
+ &(cmdargs)->json_confs->tls_verify, \
+ "Use TLS and verify the remote", \
+ NULL }, \
+ { CMD_OPT_TYPE_STRING_DUP, \
+ false, \
+ "tlscacert", \
+ 0, \
+ &(cmdargs)->json_confs->tls_config->ca_file, \
+ "Trust certs signed only by this CA (default \"/root/.iSulad/ca.pem\")", \
+ NULL }, \
+ { CMD_OPT_TYPE_STRING_DUP, \
+ false, \
+ "tlscert", \
+ 0, \
+ &(cmdargs)->json_confs->tls_config->cert_file, \
+ "Path to TLS certificate file (default \"/root/.iSulad/cert.pem\")", \
+ NULL }, \
+ { CMD_OPT_TYPE_STRING_DUP, \
+ false, \
+ "tlskey", \
+ 0, \
+ &(cmdargs)->json_confs->tls_config->key_file, \
+ "Path to TLS key file (default \"/root/.iSulad/key.pem\")", \
+ NULL },
+#else
+#define ISULAD_TLS_OPTIONS(cmdargs)
+#endif
+
#define ISULAD_OPTIONS(cmdargs) \
{ CMD_OPT_TYPE_CALLBACK, \
false, \
@@ -241,42 +283,6 @@ int command_default_ulimit_append(command_option_t *option, const char *arg);
(cmdargs)->json_confs->use_decrypted_key, \
"Use decrypted private key by default (default true)", \
NULL }, \
- { CMD_OPT_TYPE_STRING_DUP, \
- false, \
- "authorization-plugin", \
- 0, \
- &(cmdargs)->json_confs->authorization_plugin, \
- "Use authorization plugin", \
- NULL }, \
- { CMD_OPT_TYPE_BOOL, false, "tls", 0, &(cmdargs)->json_confs->tls, "Use TLS; implied by --tlsverify", NULL }, \
- { CMD_OPT_TYPE_BOOL, \
- false, \
- "tlsverify", \
- 0, \
- &(cmdargs)->json_confs->tls_verify, \
- "Use TLS and verify the remote", \
- NULL }, \
- { CMD_OPT_TYPE_STRING_DUP, \
- false, \
- "tlscacert", \
- 0, \
- &(cmdargs)->json_confs->tls_config->ca_file, \
- "Trust certs signed only by this CA (default \"/root/.iSulad/ca.pem\")", \
- NULL }, \
- { CMD_OPT_TYPE_STRING_DUP, \
- false, \
- "tlscert", \
- 0, \
- &(cmdargs)->json_confs->tls_config->cert_file, \
- "Path to TLS certificate file (default \"/root/.iSulad/cert.pem\")", \
- NULL }, \
- { CMD_OPT_TYPE_STRING_DUP, \
- false, \
- "tlskey", \
- 0, \
- &(cmdargs)->json_confs->tls_config->key_file, \
- "Path to TLS key file (default \"/root/.iSulad/key.pem\")", \
- NULL }, \
{ CMD_OPT_TYPE_CALLBACK, \
false, \
"default-ulimit", \
diff --git a/src/cmd/isulad/main.c b/src/cmd/isulad/main.c
index 6d121f33..f5ded220 100644
--- a/src/cmd/isulad/main.c
+++ b/src/cmd/isulad/main.c
@@ -695,6 +695,7 @@ out:
}
#endif
+#ifdef ENABLE_GRPC_REMOTE_CONNECT
// update values for options after flag parsing is complete
static int update_tls_options(struct service_arguments *args)
{
@@ -745,6 +746,7 @@ static int update_tls_options(struct service_arguments *args)
out:
return ret;
}
+#endif
static int update_set_default_log_file(struct service_arguments *args)
{
@@ -946,9 +948,11 @@ static int update_server_args(struct service_arguments *args)
}
#endif
+#ifdef ENABLE_GRPC_REMOTE_CONNECT
if (update_tls_options(args)) {
return -1;
}
+#endif
if (update_set_default_log_file(args) != 0) {
return -1;
@@ -1284,17 +1288,20 @@ static char *parse_host(bool tls, const char *val)
char *host = NULL;
char *tmp = util_strdup_s(val);
tmp = util_trim_space(tmp);
- if (tmp == NULL) {
- if (tls) {
- host = util_strdup_s(DEFAULT_TLS_HOST);
- } else {
- host = util_strdup_s(DEFAULT_UNIX_SOCKET);
- }
- } else {
+
+ if (tmp != NULL) {
host = util_strdup_s(val);
+ free(tmp);
+ return host;
+ }
+
+#ifdef ENABLE_GRPC_REMOTE_CONNECT
+ if (tls) {
+ return util_strdup_s(DEFAULT_TLS_HOST);
}
- free(tmp);
- return host;
+#endif
+
+ return util_strdup_s(DEFAULT_UNIX_SOCKET);
}
static int listener_init(const char *proto, const char *addr, const char *socket_group)
@@ -1329,7 +1336,11 @@ static int load_listener(const struct service_arguments *args)
for (i = 0; i < args->hosts_len; i++) {
char *proto_addr = NULL;
+#ifdef ENABLE_GRPC_REMOTE_CONNECT
proto_addr = parse_host(args->json_confs->tls, args->hosts[i]);
+#else
+ proto_addr = parse_host(false, args->hosts[i]);
+#endif
proto = strtok_r(proto_addr, delim, &addr);
if (proto == NULL) {
ERROR("Failed to get proto");
@@ -1339,11 +1350,13 @@ static int load_listener(const struct service_arguments *args)
}
addr += strlen("://") - 1;
+#ifdef ENABLE_GRPC_REMOTE_CONNECT
if (strncmp(proto, "tcp", strlen("tcp")) == 0 &&
(args->json_confs->tls_config == NULL || !args->json_confs->tls_verify)) {
WARN("[!] DON'T BIND ON ANY IP ADDRESS WITHOUT setting"
" --tlsverify IF YOU DON'T KNOW WHAT YOU'RE DOING [!]");
}
+#endif
// note: If we're binding to a TCP port, make sure that a container doesn't try to use it.
ret = listener_init(proto, args->hosts[i], args->json_confs->group);
diff --git a/src/common/constants.h b/src/common/constants.h
index 1a4cb7c4..37854291 100644
--- a/src/common/constants.h
+++ b/src/common/constants.h
@@ -121,8 +121,10 @@ extern "C" {
#define OCI_IMAGE_GRAPH_ROOTPATH_NAME "storage"
+#ifdef ENABLE_GRPC_REMOTE_CONNECT
#define DEFAULT_TCP_HOST "tcp://localhost:2375"
#define DEFAULT_TLS_HOST "tcp://localhost:2376"
+#endif
#define AUTH_PLUGIN "authz-broker"
diff --git a/src/daemon/config/daemon_arguments.c b/src/daemon/config/daemon_arguments.c
index 04173557..078fb4a1 100644
--- a/src/daemon/config/daemon_arguments.c
+++ b/src/daemon/config/daemon_arguments.c
@@ -27,6 +27,7 @@
#include "utils_array.h"
#include "utils_file.h"
+#ifdef ENABLE_GRPC_REMOTE_CONNECT
static int set_daemon_default_tls_options(struct service_arguments *args)
{
int ret = -1;
@@ -87,6 +88,7 @@ out:
free(cert_path);
return ret;
}
+#endif
int service_arguments_init(struct service_arguments *args)
{
@@ -156,9 +158,11 @@ int service_arguments_init(struct service_arguments *args)
*(args->json_confs->use_decrypted_key) = true;
args->json_confs->insecure_skip_verify_enforce = false;
+#ifdef ENABLE_GRPC_REMOTE_CONNECT
if (set_daemon_default_tls_options(args) != 0) {
goto free_out;
}
+#endif
args->default_ulimit = NULL;
args->default_ulimit_len = 0;
diff --git a/src/daemon/config/isulad_config.c b/src/daemon/config/isulad_config.c
index 996917c4..d9644756 100644
--- a/src/daemon/config/isulad_config.c
+++ b/src/daemon/config/isulad_config.c
@@ -1496,6 +1496,7 @@ static int merge_cri_runtimes_into_global(struct service_arguments *args, isulad
return 0;
}
+#ifdef ENABLE_GRPC_REMOTE_CONNECT
static int merge_authorization_conf_into_global(struct service_arguments *args, isulad_daemon_configs *tmp_json_confs)
{
args->json_confs->tls = tmp_json_confs->tls;
@@ -1511,6 +1512,7 @@ static int merge_authorization_conf_into_global(struct service_arguments *args,
return 0;
}
+#endif
static int merge_storage_conf_into_global(struct service_arguments *args, isulad_daemon_configs *tmp_json_confs)
{
@@ -1651,10 +1653,12 @@ int merge_json_confs_into_global(struct service_arguments *args)
args->json_confs->insecure_skip_verify_enforce = tmp_json_confs->insecure_skip_verify_enforce;
}
+#ifdef ENABLE_GRPC_REMOTE_CONNECT
if (merge_authorization_conf_into_global(args, tmp_json_confs)) {
ret = -1;
goto out;
}
+#endif
if (merge_default_ulimits_conf_into_global(args, tmp_json_confs)) {
ret = -1;
diff --git a/src/daemon/entry/connect/grpc/grpc_server_tls_auth.cc b/src/daemon/entry/connect/grpc/grpc_server_tls_auth.cc
index 6e958e23..737bb129 100644
--- a/src/daemon/entry/connect/grpc/grpc_server_tls_auth.cc
+++ b/src/daemon/entry/connect/grpc/grpc_server_tls_auth.cc
@@ -17,6 +17,7 @@
#include <map>
#include <stdlib.h>
#include "http.h"
+#include "constants.h"
namespace AuthorizationPluginConfig {
std::string auth_plugin = "";
@@ -25,6 +26,7 @@ std::string auth_plugin = "";
namespace GrpcServerTlsAuth {
Status auth(ServerContext *context, std::string action)
{
+#ifdef ENABLE_GRPC_REMOTE_CONNECT
const std::multimap<grpc::string_ref, grpc::string_ref> &init_metadata = context->client_metadata();
auto tls_mode_kv = init_metadata.find("tls_mode");
if (tls_mode_kv == init_metadata.end()) {
@@ -36,7 +38,7 @@ Status auth(ServerContext *context, std::string action)
}
if (AuthorizationPluginConfig::auth_plugin.empty()) {
return Status::OK;
- } else if (AuthorizationPluginConfig::auth_plugin == "authz-broker") {
+ } else if (AuthorizationPluginConfig::auth_plugin == AUTH_PLUGIN) {
auto username_kv = init_metadata.find("username");
if (username_kv == init_metadata.end()) {
return Status(StatusCode::UNKNOWN, "unknown error");
@@ -55,6 +57,8 @@ Status auth(ServerContext *context, std::string action)
} else {
return Status(StatusCode::UNIMPLEMENTED, "authorization plugin invalid");
}
+#endif
+
return Status::OK;
}
} // namespace GrpcServerTlsAuth
diff --git a/src/daemon/entry/connect/grpc/grpc_service.cc b/src/daemon/entry/connect/grpc/grpc_service.cc
index ab3e32ab..050a43f8 100644
--- a/src/daemon/entry/connect/grpc/grpc_service.cc
+++ b/src/daemon/entry/connect/grpc/grpc_service.cc
@@ -54,13 +54,19 @@ public:
ERROR("Init runtime service failed: %s", err.GetCMessage());
return -1;
}
+
+ // hosts has been validate by util_validate_socket
auto hosts = std::vector<std::string>(args->hosts, args->hosts + args->hosts_len);
for (auto host : hosts) {
+#ifdef ENABLE_GRPC_REMOTE_CONNECT
if (host.find("tcp://") == 0) {
m_tcpPath.push_back(host.erase(0, std::string("tcp://").length()));
} else {
+#endif
m_socketPath.push_back(host);
+#ifdef ENABLE_GRPC_REMOTE_CONNECT
}
+#endif
}
if (ListeningPort(args, err)) {
@@ -109,6 +115,7 @@ public:
private:
int ListeningPort(const struct service_arguments *args, Errors &err)
{
+#ifdef ENABLE_GRPC_REMOTE_CONNECT
if (args->json_confs->tls) {
if (args->json_confs->authorization_plugin != nullptr) {
AuthorizationPluginConfig::auth_plugin = args->json_confs->authorization_plugin;
@@ -152,6 +159,8 @@ private:
INFO("Server listening on %s", address.c_str());
}
}
+#endif
+
// Listen on the given socket address without any authentication mechanism.
for (const auto &address : m_socketPath) {
m_builder.AddListeningPort(address, grpc::InsecureServerCredentials());
@@ -187,7 +196,9 @@ private:
RuntimeRuntimeServiceImpl m_runtimeRuntimeService;
RuntimeImageServiceImpl m_runtimeImageService;
ServerBuilder m_builder;
+#ifdef ENABLE_GRPC_REMOTE_CONNECT
std::vector<std::string> m_tcpPath;
+#endif
std::vector<std::string> m_socketPath;
std::unique_ptr<Server> m_server;
};
diff --git a/src/daemon/entry/cri/cri_container_manager_service_impl.cc b/src/daemon/entry/cri/cri_container_manager_service_impl.cc
index 5398c088..101824ae 100644
--- a/src/daemon/entry/cri/cri_container_manager_service_impl.cc
+++ b/src/daemon/entry/cri/cri_container_manager_service_impl.cc
@@ -1228,14 +1228,14 @@ void ContainerManagerServiceImpl::UpdateContainerResources(const std::string &co
}
if (resources.hugepage_limits_size() != 0) {
hostconfig->hugetlbs = (host_config_hugetlbs_element **)util_smart_calloc_s(
- sizeof(host_config_hugetlbs_element *), resources.hugepage_limits_size());
+ sizeof(host_config_hugetlbs_element *), resources.hugepage_limits_size());
if (hostconfig->hugetlbs == nullptr) {
error.SetError("Out of memory");
return;
}
- for (int i = 0; i < resources.hugepage_limits_size(); i++) {
+ for (int i = 0; i < resources.hugepage_limits_size(); i++) {
hostconfig->hugetlbs[i] =
- (host_config_hugetlbs_element *)util_common_calloc_s(sizeof(host_config_hugetlbs_element));
+ (host_config_hugetlbs_element *)util_common_calloc_s(sizeof(host_config_hugetlbs_element));
if (hostconfig->hugetlbs[i] == nullptr) {
error.SetError("Out of memory");
goto cleanup;
diff --git a/src/daemon/entry/cri/cri_helpers.cc b/src/daemon/entry/cri/cri_helpers.cc
index e588b6c4..e2d00bc7 100644
--- a/src/daemon/entry/cri/cri_helpers.cc
+++ b/src/daemon/entry/cri/cri_helpers.cc
@@ -457,7 +457,7 @@ void UpdateCreateConfig(container_config *createConfig, host_config *hc,
}
for (int i = 0; i < rOpts.hugepage_limits_size(); i++) {
hc->hugetlbs[i] =
- (host_config_hugetlbs_element *)util_common_calloc_s(sizeof(host_config_hugetlbs_element));
+ (host_config_hugetlbs_element *)util_common_calloc_s(sizeof(host_config_hugetlbs_element));
if (hc->hugetlbs[i] == nullptr) {
error.SetError("Out of memory");
return;
diff --git a/src/daemon/modules/image/oci/storage/image_store/image_store.c b/src/daemon/modules/image/oci/storage/image_store/image_store.c
index d436eba2..f6ddd03b 100644
--- a/src/daemon/modules/image/oci/storage/image_store/image_store.c
+++ b/src/daemon/modules/image/oci/storage/image_store/image_store.c
@@ -133,7 +133,7 @@ static void free_image_store(image_store_t *store)
(void)map_free(store->bydigest);
store->bydigest = NULL;
- linked_list_for_each_safe (item, &(store->images_list), next) {
+ linked_list_for_each_safe(item, &(store->images_list), next) {
linked_list_del(item);
image_ref_dec((image_t *)item->elem);
free(item);
@@ -165,7 +165,7 @@ static void image_store_digest_field_kvfree(void *key, void *value)
free(key);
if (val != NULL) {
- linked_list_for_each_safe (item, &(val->images_list), next) {
+ linked_list_for_each_safe(item, &(val->images_list), next) {
linked_list_del(item);
free(item);
item = NULL;
@@ -501,7 +501,7 @@ static void digest_image_slice_without_value(digest_image_t *digest_filter_image
return;
}
- linked_list_for_each_safe (item, &(digest_filter_images->images_list), next) {
+ linked_list_for_each_safe(item, &(digest_filter_images->images_list), next) {
tmp = (image_t *)item->elem;
if (strcmp(tmp->simage->id, img->simage->id) == 0) {
linked_list_del(item);
@@ -582,7 +582,7 @@ static int remove_image_from_memory(const char *id)
goto out;
}
- linked_list_for_each_safe (item, &(g_image_store->images_list), next) {
+ linked_list_for_each_safe(item, &(g_image_store->images_list), next) {
image_t *tmp = (image_t *)item->elem;
if (strcmp(tmp->simage->id, id) != 0) {
continue;
@@ -681,7 +681,7 @@ static void free_digest_image(digest_image_t *ptr)
return;
}
- linked_list_for_each_safe (item, &(ptr->images_list), next) {
+ linked_list_for_each_safe(item, &(ptr->images_list), next) {
linked_list_del(item);
free(item);
item = NULL;
@@ -2679,7 +2679,7 @@ int image_store_get_all_images(imagetool_images_list *images_list)
goto unlock;
}
- linked_list_for_each_safe (item, &(g_image_store->images_list), next) {
+ linked_list_for_each_safe(item, &(g_image_store->images_list), next) {
imagetool_image_summary *imginfo = NULL;
image_t *img = (image_t *)item->elem;
imginfo = get_image_summary(img);
@@ -3546,7 +3546,7 @@ static void image_store_check_all_images()
return;
}
- linked_list_for_each_safe (item, &(g_image_store->images_list), next) {
+ linked_list_for_each_safe(item, &(g_image_store->images_list), next) {
image_t *img = (image_t *)item->elem;
if (img->spec == NULL) {
ERROR("Failed to check spec info of image: %s, try to delete", img->simage->id);
diff --git a/src/daemon/modules/image/oci/storage/layer_store/layer_store.c b/src/daemon/modules/image/oci/storage/layer_store/layer_store.c
index 12fca5ff..6024d734 100644
--- a/src/daemon/modules/image/oci/storage/layer_store/layer_store.c
+++ b/src/daemon/modules/image/oci/storage/layer_store/layer_store.c
@@ -136,7 +136,7 @@ void layer_store_cleanup()
map_free(g_metadata.by_uncompress_digest);
g_metadata.by_uncompress_digest = NULL;
- linked_list_for_each_safe (item, &(g_metadata.layers_list), next) {
+ linked_list_for_each_safe(item, &(g_metadata.layers_list), next) {
linked_list_del(item);
layer_ref_dec((layer_t *)item->elem);
free(item);
@@ -167,7 +167,7 @@ static void free_digest_layer_t(digest_layer_t *ptr)
return;
}
- linked_list_for_each_safe (item, &(ptr->layer_list), next) {
+ linked_list_for_each_safe(item, &(ptr->layer_list), next) {
linked_list_del(item);
free(item->elem);
item->elem = NULL;
@@ -622,7 +622,7 @@ static int delete_digest_from_map(map_t *by_digest, const char *digest, const ch
return 0;
}
- linked_list_for_each_safe (item, &(old_list->layer_list), next) {
+ linked_list_for_each_safe(item, &(old_list->layer_list), next) {
char *t_id = (char *)item->elem;
if (strcmp(t_id, id) == 0) {
linked_list_del(item);
@@ -735,7 +735,7 @@ static int remove_memory_stores(const char *id)
}
}
- linked_list_for_each_safe (item, &(g_metadata.layers_list), next) {
+ linked_list_for_each_safe(item, &(g_metadata.layers_list), next) {
layer_t *tl = (layer_t *)item->elem;
if (strcmp(tl->slayer->id, id) != 0) {
continue;
@@ -1505,7 +1505,7 @@ int layer_store_list(struct layer_list *resp)
goto unlock;
}
- linked_list_for_each_safe (item, &(g_metadata.layers_list), next) {
+ linked_list_for_each_safe(item, &(g_metadata.layers_list), next) {
layer_t *l = (layer_t *)item->elem;
resp->layers[i] = util_common_calloc_s(sizeof(struct layer));
if (resp->layers[i] == NULL) {
@@ -1548,7 +1548,7 @@ static int layers_by_digest_map(map_t *m, const char *digest, struct layer_list
goto free_out;
}
- linked_list_for_each_safe (item, &(id_list->layer_list), next) {
+ linked_list_for_each_safe(item, &(id_list->layer_list), next) {
layer_t *l = NULL;
resp->layers[i] = util_common_calloc_s(sizeof(struct layer));
if (resp->layers[i] == NULL) {
@@ -1902,7 +1902,7 @@ static int load_layers_from_json_files()
goto unlock_out;
}
- linked_list_for_each_safe (item, &(g_metadata.layers_list), next) {
+ linked_list_for_each_safe(item, &(g_metadata.layers_list), next) {
layer_t *tl = (layer_t *)item->elem;
size_t i = 0;
diff --git a/src/daemon/modules/image/oci/storage/remote_layer_support/image_remote_impl.c b/src/daemon/modules/image/oci/storage/remote_layer_support/image_remote_impl.c
index 1ac0139f..92bf901d 100644
--- a/src/daemon/modules/image/oci/storage/remote_layer_support/image_remote_impl.c
+++ b/src/daemon/modules/image/oci/storage/remote_layer_support/image_remote_impl.c
@@ -184,7 +184,8 @@ static int remote_image_add(void *data)
return ret;
}
-void remote_image_refresh(struct remote_image_data *data) {
+void remote_image_refresh(struct remote_image_data *data)
+{
if (remote_dir_scan(data) != 0) {
ERROR("remote overlay failed to scan dir, skip refresh");
return;
diff --git a/src/utils/cutils/utils_verify.c b/src/utils/cutils/utils_verify.c
index ea43a40a..c2836ae3 100644
--- a/src/utils/cutils/utils_verify.c
+++ b/src/utils/cutils/utils_verify.c
@@ -121,6 +121,7 @@ int util_validate_absolute_path(const char *path)
return nret;
}
+#ifdef ENABLE_GRPC_REMOTE_CONNECT
static bool util_vaildate_tcp_socket(const char *socket)
{
if (socket == NULL) {
@@ -132,6 +133,7 @@ static bool util_vaildate_tcp_socket(const char *socket)
"|([1-5][0-9]{4})|([1-9][0-9]{0,3})|0))$",
socket) == 0;
}
+#endif
bool util_validate_unix_socket(const char *socket)
{
@@ -162,7 +164,11 @@ bool util_validate_unix_socket(const char *socket)
bool util_validate_socket(const char *socket)
{
+#ifdef ENABLE_GRPC_REMOTE_CONNECT
return util_validate_unix_socket(socket) || util_vaildate_tcp_socket(socket);
+#else
+ return util_validate_unix_socket(socket);
+#endif
}
bool util_valid_device_mode(const char *mode)
diff --git a/test/image/oci/storage/remote_layer_support/remote_layer_ut.cc b/test/image/oci/storage/remote_layer_support/remote_layer_ut.cc
index 5f5e92fb..13e535c5 100644
--- a/test/image/oci/storage/remote_layer_support/remote_layer_ut.cc
+++ b/test/image/oci/storage/remote_layer_support/remote_layer_ut.cc
@@ -74,7 +74,7 @@ void mockCommonAll(MockRemoteStore *mock)
TEST(remote_Layer_ut, test_map_diff)
{
- // old: a b x
+ // old: a b x
// new: x b c
map_t *old_one = map_new(MAP_STR_BOOL, MAP_DEFAULT_CMP_FUNC, MAP_DEFAULT_FREE_FUNC);
map_t *new_one = map_new(MAP_STR_BOOL, MAP_DEFAULT_CMP_FUNC, MAP_DEFAULT_FREE_FUNC);
--
2.25.1

93
0065-move-signal_routine-and-g_log_fd-to-common-and-and-s.patch Normal file
View File

@ -0,0 +1,93 @@
From bf0cdaea061f27938551a2f89ab89eda7afee853 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Sat, 13 May 2023 09:58:35 +0800
Subject: [PATCH 65/79] move signal_routine and g_log_fd to common and and some
incoming parameter verification
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
src/cmd/isulad-shim/common.c | 13 +++++++++++++
src/cmd/isulad-shim/common.h | 1 +
src/cmd/isulad-shim/main.c | 13 +------------
src/daemon/modules/runtime/isula/isula_rt_ops.c | 5 +++++
4 files changed, 20 insertions(+), 12 deletions(-)
diff --git a/src/cmd/isulad-shim/common.c b/src/cmd/isulad-shim/common.c
index 18443385..3787cdfb 100644
--- a/src/cmd/isulad-shim/common.c
+++ b/src/cmd/isulad-shim/common.c
@@ -29,6 +29,19 @@
#include <limits.h>
#include <time.h>
+int g_log_fd = -1;
+
+void signal_routine(int sig)
+{
+ switch (sig) {
+ case SIGALRM:
+ write_message(g_log_fd, ERR_MSG, "runtime timeout");
+ exit(EXIT_FAILURE);
+ default:
+ break;
+ }
+}
+
int set_fd_no_inherited(int fd)
{
int ret = SHIM_ERR;
diff --git a/src/cmd/isulad-shim/common.h b/src/cmd/isulad-shim/common.h
index b3f52dc3..8cef5de2 100644
--- a/src/cmd/isulad-shim/common.h
+++ b/src/cmd/isulad-shim/common.h
@@ -58,6 +58,7 @@ extern "C" {
#define CONTAINER_ACTION_REBOOT 129
#define CONTAINER_ACTION_SHUTDOWN 130
+void signal_routine(int sig);
void util_usleep_nointerupt(unsigned long usec);
/**
diff --git a/src/cmd/isulad-shim/main.c b/src/cmd/isulad-shim/main.c
index 0cccdf06..ed55805c 100644
--- a/src/cmd/isulad-shim/main.c
+++ b/src/cmd/isulad-shim/main.c
@@ -26,18 +26,7 @@
#include "common.h"
#include "process.h"
-int g_log_fd = -1;
-
-void signal_routine(int sig)
-{
- switch (sig) {
- case SIGALRM:
- write_message(g_log_fd, ERR_MSG, "runtime timeout");
- exit(EXIT_FAILURE);
- default:
- break;
- }
-}
+extern int g_log_fd;
static void set_timeout_exit(unsigned int timeout)
{
diff --git a/src/daemon/modules/runtime/isula/isula_rt_ops.c b/src/daemon/modules/runtime/isula/isula_rt_ops.c
index 85a2fbc8..510bb17f 100644
--- a/src/daemon/modules/runtime/isula/isula_rt_ops.c
+++ b/src/daemon/modules/runtime/isula/isula_rt_ops.c
@@ -1572,6 +1572,11 @@ out:
int rt_isula_kill(const char *id, const char *runtime, const rt_kill_params_t *params)
{
+ if (id == NULL || runtime == NULL || params == NULL || params->pid < 0) {
+ ERROR("Invalid arguments not allowed");
+ return -1;
+ }
+
if (util_process_alive(params->pid, params->start_time) == false) {
if (params->signal == params->stop_signal || params->signal == SIGKILL) {
WARN("Process %d is not alive", params->pid);
--
2.25.1

914
0066-add-ut-for-runc.patch Normal file
View File

@ -0,0 +1,914 @@
From 907826d6d53c0fa1e2aa2c2abd175a12009f5839 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Sat, 13 May 2023 10:00:28 +0800
Subject: [PATCH 66/79] add ut for runc
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
test/cmd/CMakeLists.txt | 2 +-
test/cmd/isulad-shim/CMakeLists.txt | 22 +-
test/cmd/isulad-shim/common/CMakeLists.txt | 23 ++
test/cmd/isulad-shim/common/common_ut.cc | 344 ++++++++++++++++++
test/cmd/isulad-shim/isulad-shim_ut.cc | 123 -------
test/cmd/isulad-shim/process/CMakeLists.txt | 22 ++
test/cmd/isulad-shim/process/process_ut.cc | 49 +++
.../isulad-shim/shim-mainloop/CMakeLists.txt | 20 +
.../shim-mainloop/shim_mainloop_ut.cc | 55 +++
test/cutils/utils_utils/CMakeLists.txt | 2 +
test/cutils/utils_utils/utils_utils_ut.cc | 61 ++++
test/runtime/isula/isula_rt_ops_ut.cc | 59 +++
12 files changed, 639 insertions(+), 143 deletions(-)
create mode 100644 test/cmd/isulad-shim/common/CMakeLists.txt
create mode 100644 test/cmd/isulad-shim/common/common_ut.cc
delete mode 100644 test/cmd/isulad-shim/isulad-shim_ut.cc
create mode 100644 test/cmd/isulad-shim/process/CMakeLists.txt
create mode 100644 test/cmd/isulad-shim/process/process_ut.cc
create mode 100644 test/cmd/isulad-shim/shim-mainloop/CMakeLists.txt
create mode 100644 test/cmd/isulad-shim/shim-mainloop/shim_mainloop_ut.cc
diff --git a/test/cmd/CMakeLists.txt b/test/cmd/CMakeLists.txt
index 2d4cc751..cf0152ff 100644
--- a/test/cmd/CMakeLists.txt
+++ b/test/cmd/CMakeLists.txt
@@ -1,4 +1,4 @@
project(iSulad_UT)
add_subdirectory(isula)
-add_subdirectory(isulad-shim)
+add_subdirectory(isulad-shim)
\ No newline at end of file
diff --git a/test/cmd/isulad-shim/CMakeLists.txt b/test/cmd/isulad-shim/CMakeLists.txt
index 122538ff..47d03350 100644
--- a/test/cmd/isulad-shim/CMakeLists.txt
+++ b/test/cmd/isulad-shim/CMakeLists.txt
@@ -1,21 +1,5 @@
project(iSulad_UT)
-SET(EXE isulad-shim_ut)
-
-add_executable(${EXE}
- ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/cmd/isulad-shim/process.c
- ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/cmd/isulad-shim/common.c
- ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/cmd/isulad-shim/terminal.c
- ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/cmd/isulad-shim/mainloop.c
- isulad-shim_ut.cc)
-
-target_include_directories(${EXE} PUBLIC
- ${GTEST_INCLUDE_DIR}
- ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/cmd/isulad-shim
- ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/common
- ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/sha256
- ${CMAKE_BINARY_DIR}/conf
- )
-target_link_libraries(${EXE} ${GTEST_BOTH_LIBRARIES} ${GMOCK_LIBRARY} ${GMOCK_MAIN_LIBRARY} ${CMAKE_THREAD_LIBS_INIT} ${ISULA_LIBUTILS_LIBRARY} -lcrypto -lyajl -lz)
-add_test(NAME ${EXE} COMMAND ${EXE} --gtest_output=xml:${EXE}-Results.xml)
-set_tests_properties(${EXE} PROPERTIES TIMEOUT 120)
+add_subdirectory(shim-mainloop)
+add_subdirectory(process)
+add_subdirectory(common)
\ No newline at end of file
diff --git a/test/cmd/isulad-shim/common/CMakeLists.txt b/test/cmd/isulad-shim/common/CMakeLists.txt
new file mode 100644
index 00000000..94ec2703
--- /dev/null
+++ b/test/cmd/isulad-shim/common/CMakeLists.txt
@@ -0,0 +1,23 @@
+project(iSulad_UT)
+
+SET(EXE common_ut)
+
+add_executable(${EXE}
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/cmd/isulad-shim/process.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/cmd/isulad-shim/common.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/cmd/isulad-shim/terminal.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/cmd/isulad-shim/mainloop.c
+ common_ut.cc)
+
+target_include_directories(${EXE} PUBLIC
+ ${GTEST_INCLUDE_DIR}
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/cmd/isulad-shim
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/common
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/utils/sha256
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../include
+ ${CMAKE_BINARY_DIR}/conf
+ )
+set_target_properties(${EXE} PROPERTIES LINK_FLAGS "-Wl,--wrap,calloc")
+target_link_libraries(${EXE} ${GTEST_BOTH_LIBRARIES} ${GMOCK_LIBRARY} ${GMOCK_MAIN_LIBRARY} ${CMAKE_THREAD_LIBS_INIT} ${ISULA_LIBUTILS_LIBRARY} -lcrypto -lyajl -lz)
+add_test(NAME ${EXE} COMMAND ${EXE} --gtest_output=xml:${EXE}-Results.xml)
+set_tests_properties(${EXE} PROPERTIES TIMEOUT 120)
\ No newline at end of file
diff --git a/test/cmd/isulad-shim/common/common_ut.cc b/test/cmd/isulad-shim/common/common_ut.cc
new file mode 100644
index 00000000..cb790b21
--- /dev/null
+++ b/test/cmd/isulad-shim/common/common_ut.cc
@@ -0,0 +1,344 @@
+/*
+ * Copyright (c) Huawei Technologies Co., Ltd. 2020-2023. All rights reserved.
+ * iSulad licensed under the Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ * http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+ * PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ * Description: common unit test
+ * Author: leizhongkai
+ * Create: 2020-02-25
+ */
+
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <unistd.h>
+#include <gtest/gtest.h>
+#include <gmock/gmock.h>
+#include "mock.h"
+
+#include "mainloop.h"
+#include "process.h"
+#include "common.h"
+
+using ::testing::Args;
+using ::testing::ByRef;
+using ::testing::SetArgPointee;
+using ::testing::DoAll;
+using ::testing::NiceMock;
+using ::testing::Return;
+using ::testing::NotNull;
+using ::testing::AtLeast;
+using ::testing::Invoke;
+using ::testing::_;
+
+using namespace std;
+
+extern "C" {
+ DECLARE_WRAPPER(calloc, void *, (size_t nmemb, size_t size));
+ DEFINE_WRAPPER(calloc, void *, (size_t nmemb, size_t size), (nmemb, size));
+}
+
+class CommonUnitTest : public testing::Test {
+public:
+ void SetUp() override
+ {
+ }
+ void TearDown() override
+ {
+ }
+};
+
+TEST(shim, test_signal_routine)
+{
+ signal_routine(SIGCONT);
+}
+
+TEST_F(CommonUnitTest, test_open_no_inherit)
+{
+ string exist_file = "/tmp/test_open_no_inherit_exist";
+ string non_file = "/tmp/test_open_no_inherit_non";
+ int fd_exist = -1;
+
+ fd_exist = open_no_inherit(exist_file.c_str(), O_CREAT | O_WRONLY | O_APPEND | O_SYNC, 0640);
+ EXPECT_GT(fd_exist, 0);
+ EXPECT_EQ(open_no_inherit(non_file.c_str(), O_WRONLY, -1), -1);
+
+ close(fd_exist);
+ unlink(exist_file.c_str());
+}
+
+TEST_F(CommonUnitTest, test_read_write_nointr)
+{
+ char buf[32] = { 0 };
+ string test_file = "/tmp/test_read_nointr";
+ string test_string = "hello";
+ int fd_wr = -1;
+ int fd_rd = -1;
+ int nwrite = -1;
+ int nread = -1;
+
+ EXPECT_EQ(read_nointr(-1, nullptr, 32), -1);
+ EXPECT_EQ(read_nointr(0, nullptr, 32), -1);
+ EXPECT_EQ(read_nointr(1, nullptr, 32), -1);
+
+ fd_wr = open_no_inherit(test_file.c_str(), O_CREAT | O_RDWR | O_APPEND | O_SYNC, 0640);
+ EXPECT_GT(fd_wr, 0);
+ nwrite = write_nointr_in_total(fd_wr, test_string.c_str(), 5);
+ EXPECT_EQ(nwrite, 5);
+ fd_rd = open(test_file.c_str(), O_RDONLY);
+ nread = read_nointr(fd_rd, buf, 32);
+ EXPECT_EQ(nread, 5);
+
+ close(fd_wr);
+ close(fd_rd);
+ unlink(test_file.c_str());
+}
+
+TEST_F(CommonUnitTest, test_file_exist)
+{
+ string exist_file = "/tmp/test_exist_exist";
+ string non_file = "/tmp/test_exist_non";
+ int fd_exist = -1;
+
+ fd_exist = open_no_inherit(exist_file.c_str(), O_CREAT | O_WRONLY | O_APPEND | O_SYNC, 0640);
+ EXPECT_GT(fd_exist, 0);
+ EXPECT_TRUE(file_exists(exist_file.c_str()));
+ EXPECT_FALSE(file_exists(non_file.c_str()));
+
+ close(fd_exist);
+ unlink(exist_file.c_str());
+}
+
+
+TEST_F(CommonUnitTest, test_combined_output)
+{
+ string exist_cmd = "ls";
+ string non_cmd = "aaa";
+ const char *params[MAX_RUNTIME_ARGS] = { nullptr };
+ char output[BUFSIZ] = { 0 };
+ int output_len = BUFSIZ;
+
+ params[0] = exist_cmd.c_str();
+ EXPECT_EQ(cmd_combined_output(exist_cmd.c_str(), params, output, &output_len), 0);
+
+ params[0] = non_cmd.c_str();
+ EXPECT_EQ(cmd_combined_output(non_cmd.c_str(), params, output, &output_len), -1);
+}
+
+TEST_F(CommonUnitTest, test_util_array_len)
+{
+ const char *array_long[] = { "abcd", "1234", "a1b", nullptr };
+
+ ASSERT_EQ(util_array_len(nullptr), 0);
+
+ ASSERT_EQ(util_array_len(array_long), 3);
+}
+
+TEST_F(CommonUnitTest, test_util_free_array)
+{
+ char **array = nullptr;
+
+ array = (char **)util_common_calloc_s(4 * sizeof(char *));
+ ASSERT_NE(array, nullptr);
+ array[0] = util_strdup_s("test1");
+ array[1] = util_strdup_s("test2");
+ array[2] = util_strdup_s("test3");
+ array[3] = nullptr;
+
+ util_free_array(nullptr);
+ util_free_array(array);
+}
+
+TEST(utils_array, test_util_grow_array)
+{
+ char **array = nullptr;
+ size_t capacity = 0;
+ int ret;
+
+ capacity = 1;
+ array = (char **)util_common_calloc_s(sizeof(char *));
+ ASSERT_NE(array, nullptr);
+ ret = util_grow_array(&array, &capacity, 1, 1);
+ ASSERT_EQ(ret, 0);
+ ASSERT_NE(array, nullptr);
+ ASSERT_EQ(array[0], nullptr);
+ ASSERT_EQ(array[1], nullptr);
+ ASSERT_EQ(capacity, 2);
+ util_free_array(array);
+ array = nullptr;
+ capacity = 0;
+
+ capacity = 1;
+ array = (char **)util_common_calloc_s(capacity * sizeof(char *));
+ ASSERT_NE(array, nullptr);
+ ret = util_grow_array(&array, &capacity, 1, 2);
+ ASSERT_EQ(ret, 0);
+ ASSERT_NE(array, nullptr);
+ ASSERT_EQ(array[0], nullptr);
+ ASSERT_EQ(array[1], nullptr);
+ ASSERT_EQ(array[2], nullptr);
+ ASSERT_EQ(capacity, 3);
+ util_free_array(array);
+ array = nullptr;
+ capacity = 0;
+
+ capacity = 1;
+ array = (char **)util_common_calloc_s(capacity * sizeof(char *));
+ ASSERT_NE(array, nullptr);
+ ret = util_grow_array(&array, &capacity, 1, 4);
+ ASSERT_EQ(ret, 0);
+ ASSERT_NE(array, nullptr);
+ ASSERT_EQ(array[0], nullptr);
+ ASSERT_EQ(array[1], nullptr);
+ ASSERT_EQ(array[2], nullptr);
+ ASSERT_EQ(array[3], nullptr);
+ ASSERT_EQ(array[4], nullptr);
+ ASSERT_EQ(capacity, 5);
+ util_free_array(array);
+ array = nullptr;
+ capacity = 0;
+
+ capacity = 1;
+ array = (char **)util_common_calloc_s(capacity * sizeof(char *));
+ ASSERT_NE(array, nullptr);
+ ret = util_grow_array(&array, &capacity, 1, 0);
+ ASSERT_NE(ret, 0);
+ util_free_array(array);
+ array = nullptr;
+ capacity = 0;
+
+ capacity = 1;
+ array = (char **)util_common_calloc_s(capacity * sizeof(char *));
+ ASSERT_NE(array, nullptr);
+ ret = util_grow_array(&array, &capacity, 4, 1);
+ ASSERT_EQ(ret, 0);
+ ASSERT_NE(array, nullptr);
+ ASSERT_EQ(array[0], nullptr);
+ ASSERT_EQ(array[1], nullptr);
+ ASSERT_EQ(array[2], nullptr);
+ ASSERT_EQ(array[3], nullptr);
+ ASSERT_EQ(array[4], nullptr);
+ ASSERT_EQ(capacity, 5);
+ util_free_array(array);
+ array = nullptr;
+ capacity = 0;
+
+ capacity = 1;
+ array = (char **)util_common_calloc_s(capacity * sizeof(char *));
+ ASSERT_NE(array, nullptr);
+ ret = util_grow_array(&array, &capacity, 0, 1);
+ ASSERT_EQ(ret, 0);
+ ASSERT_NE(array, nullptr);
+ ASSERT_EQ(array[0], nullptr);
+ ASSERT_EQ(capacity, 1);
+ util_free_array(array);
+ array = nullptr;
+ capacity = 0;
+
+ capacity = 1;
+ array = (char **)util_common_calloc_s(capacity * sizeof(char *));
+ ASSERT_NE(array, nullptr);
+ ret = util_grow_array(&array, nullptr, 1, 1);
+ ASSERT_NE(ret, 0);
+ util_free_array(array);
+ array = nullptr;
+ capacity = 0;
+
+ capacity = 1;
+ array = (char **)util_common_calloc_s(capacity * sizeof(char *));
+ ASSERT_NE(array, nullptr);
+ ret = util_grow_array(nullptr, &capacity, 1, 1);
+ ASSERT_NE(ret, 0);
+ util_free_array(array);
+ array = nullptr;
+ capacity = 0;
+}
+
+TEST(utils_string_ut, test_util_string_split_multi)
+{
+ char **result = nullptr;
+
+ result = util_string_split_multi("abcd,,,1234999999999", ',');
+ ASSERT_NE(result, nullptr);
+ ASSERT_STREQ(result[0], "abcd");
+ free(result[0]);
+ ASSERT_STREQ(result[1], "");
+ free(result[1]);
+ ASSERT_STREQ(result[2], "");
+ free(result[2]);
+ ASSERT_STREQ(result[3], "1234999999999");
+ free(result[3]);
+ ASSERT_STREQ(result[4], nullptr);
+ free(result);
+
+ result = util_string_split_multi("abcd,1234,*&^(,defgz", ',');
+ ASSERT_NE(result, nullptr);
+ ASSERT_STREQ(result[0], "abcd");
+ free(result[0]);
+ ASSERT_STREQ(result[1], "1234");
+ free(result[1]);
+ ASSERT_STREQ(result[2], "*&^(");
+ free(result[2]);
+ ASSERT_STREQ(result[3], "defgz");
+ free(result[3]);
+ ASSERT_STREQ(result[4], nullptr);
+ free(result);
+
+ result = util_string_split_multi(",abcd,12340000000000", ',');
+ ASSERT_NE(result, nullptr);
+ ASSERT_STREQ(result[0], "");
+ free(result[0]);
+ ASSERT_STREQ(result[1], "abcd");
+ free(result[1]);
+ ASSERT_STREQ(result[2], "12340000000000");
+ free(result[2]);
+ ASSERT_STREQ(result[3], nullptr);
+ free(result);
+
+ result = util_string_split_multi("abcd,12340000000000,", ',');
+ ASSERT_NE(result, nullptr);
+ ASSERT_STREQ(result[0], "abcd");
+ free(result[0]);
+ ASSERT_STREQ(result[1], "12340000000000");
+ free(result[1]);
+ ASSERT_STREQ(result[2], "");
+ free(result[2]);
+ ASSERT_STREQ(result[3], nullptr);
+ free(result);
+
+ result = util_string_split_multi("abcd,1234,", 'x');
+ ASSERT_NE(result, nullptr);
+ ASSERT_STREQ(result[0], "abcd,1234,");
+ free(result[0]);
+ ASSERT_STREQ(result[1], nullptr);
+ free(result);
+
+ result = util_string_split_multi(",", ',');
+ ASSERT_NE(result, nullptr);
+ ASSERT_STREQ(result[0], "");
+ free(result[0]);
+ ASSERT_STREQ(result[1], "");
+ free(result[1]);
+ ASSERT_STREQ(result[2], nullptr);
+ free(result);
+
+ result = util_string_split_multi("", ',');
+ ASSERT_NE(result, nullptr);
+ ASSERT_STREQ(result[0], "");
+ free(result[0]);
+ ASSERT_STREQ(result[1], nullptr);
+ free(result);
+
+ result = util_string_split_multi(nullptr, ',');
+ ASSERT_EQ(result, nullptr);
+
+ MOCK_SET(calloc, nullptr);
+ result = util_string_split_multi("abcd,12340000000000,", ',');
+ ASSERT_EQ(result, nullptr);
+ MOCK_CLEAR(calloc);
+}
\ No newline at end of file
diff --git a/test/cmd/isulad-shim/isulad-shim_ut.cc b/test/cmd/isulad-shim/isulad-shim_ut.cc
deleted file mode 100644
index 8c116ac8..00000000
--- a/test/cmd/isulad-shim/isulad-shim_ut.cc
+++ /dev/null
@@ -1,123 +0,0 @@
-/*
- * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved.
- * Description: isulad-shim unit test
- * Author: leizhongkai
- * Create: 2020-02-25
- */
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <fcntl.h>
-#include <unistd.h>
-#include <gtest/gtest.h>
-#include <gmock/gmock.h>
-
-#include "mainloop.h"
-#include "process.h"
-#include "common.h"
-
-int g_log_fd = -1;
-
-using ::testing::Args;
-using ::testing::ByRef;
-using ::testing::SetArgPointee;
-using ::testing::DoAll;
-using ::testing::NiceMock;
-using ::testing::Return;
-using ::testing::NotNull;
-using ::testing::AtLeast;
-using ::testing::Invoke;
-using ::testing::_;
-
-using namespace std;
-
-class IsuladShimUnitTest : public testing::Test {
-public:
- void SetUp() override
- {
- }
- void TearDown() override
- {
- }
-};
-
-TEST_F(IsuladShimUnitTest, test_new_process)
-{
- string id = "aaaabbbbccccdddd";
- string bundle = "/home/isulad/bundle";
- string runtime = "kata-runtime";
-
- process_t *p = new_process((char*)id.c_str(), (char*)bundle.c_str(), (char*)runtime.c_str());
- ASSERT_TRUE(p == nullptr);
-}
-
-TEST_F(IsuladShimUnitTest, test_open_no_inherit)
-{
- string exist_file = "/tmp/test_open_no_inherit_exist";
- string non_file = "/tmp/test_open_no_inherit_non";
- int fd_exist = -1;
-
- fd_exist = open_no_inherit(exist_file.c_str(), O_CREAT | O_WRONLY | O_APPEND | O_SYNC, 0640);
- EXPECT_GT(fd_exist, 0);
- EXPECT_EQ(open_no_inherit(non_file.c_str(), O_WRONLY, -1), -1);
-
- close(fd_exist);
- unlink(exist_file.c_str());
-}
-
-TEST_F(IsuladShimUnitTest, test_read_write_nointr)
-{
- char buf[32] = { 0 };
- string test_file = "/tmp/test_read_nointr";
- string test_string = "hello";
- int fd_wr = -1;
- int fd_rd = -1;
- int nwrite = -1;
- int nread = -1;
-
- EXPECT_EQ(read_nointr(-1, nullptr, 32), -1);
- EXPECT_EQ(read_nointr(0, nullptr, 32), -1);
- EXPECT_EQ(read_nointr(1, nullptr, 32), -1);
-
- fd_wr = open_no_inherit(test_file.c_str(), O_CREAT | O_RDWR | O_APPEND | O_SYNC, 0640);
- EXPECT_GT(fd_wr, 0);
- nwrite = write_nointr_in_total(fd_wr, test_string.c_str(), 5);
- EXPECT_EQ(nwrite, 5);
- fd_rd = open(test_file.c_str(), O_RDONLY);
- nread = read_nointr(fd_rd, buf, 32);
- EXPECT_EQ(nread, 5);
-
- close(fd_wr);
- close(fd_rd);
- unlink(test_file.c_str());
-}
-
-TEST_F(IsuladShimUnitTest, test_file_exist)
-{
- string exist_file = "/tmp/test_exist_exist";
- string non_file = "/tmp/test_exist_non";
- int fd_exist = -1;
-
- fd_exist = open_no_inherit(exist_file.c_str(), O_CREAT | O_WRONLY | O_APPEND | O_SYNC, 0640);
- EXPECT_GT(fd_exist, 0);
- EXPECT_TRUE(file_exists(exist_file.c_str()));
- EXPECT_FALSE(file_exists(non_file.c_str()));
-
- close(fd_exist);
- unlink(exist_file.c_str());
-}
-
-
-TEST_F(IsuladShimUnitTest, test_combined_output)
-{
- string exist_cmd = "ls";
- string non_cmd = "aaa";
- const char *params[MAX_RUNTIME_ARGS] = { nullptr };
- char output[BUFSIZ] = { 0 };
- int output_len = BUFSIZ;
-
- params[0] = exist_cmd.c_str();
- EXPECT_EQ(cmd_combined_output(exist_cmd.c_str(), params, output, &output_len), 0);
-
- params[0] = non_cmd.c_str();
- EXPECT_EQ(cmd_combined_output(non_cmd.c_str(), params, output, &output_len), -1);
-}
diff --git a/test/cmd/isulad-shim/process/CMakeLists.txt b/test/cmd/isulad-shim/process/CMakeLists.txt
new file mode 100644
index 00000000..dc96dc01
--- /dev/null
+++ b/test/cmd/isulad-shim/process/CMakeLists.txt
@@ -0,0 +1,22 @@
+project(iSulad_UT)
+
+SET(EXE process_ut)
+
+add_executable(${EXE}
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../test/mocks/mainloop_mock.cc
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/cmd/isulad-shim/mainloop.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/cmd/isulad-shim/common.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/cmd/isulad-shim/process.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/cmd/isulad-shim/terminal.c
+ process_ut.cc)
+
+target_include_directories(${EXE} PUBLIC
+ ${GTEST_INCLUDE_DIR}
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/cmd/isulad-shim
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../include
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../test/mocks
+ )
+
+target_link_libraries(${EXE} ${GTEST_BOTH_LIBRARIES} ${GMOCK_LIBRARY} ${GMOCK_MAIN_LIBRARY} ${CMAKE_THREAD_LIBS_INIT} ${ISULA_LIBUTILS_LIBRARY} -lcrypto -lyajl -lz)
+add_test(NAME ${EXE} COMMAND ${EXE} --gtest_output=xml:${EXE}-Results.xml)
+set_tests_properties(${EXE} PROPERTIES TIMEOUT 120)
\ No newline at end of file
diff --git a/test/cmd/isulad-shim/process/process_ut.cc b/test/cmd/isulad-shim/process/process_ut.cc
new file mode 100644
index 00000000..292d5b2c
--- /dev/null
+++ b/test/cmd/isulad-shim/process/process_ut.cc
@@ -0,0 +1,49 @@
+/*
+ * Copyright (c) Huawei Technologies Co., Ltd. 2023. All rights reserved.
+ * iSulad licensed under the Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ * http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+ * PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ * Description: process unit test
+ * Author: leizhongkai
+ * Create: 2020-02-25
+ */
+
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <unistd.h>
+#include <gtest/gtest.h>
+#include <gmock/gmock.h>
+
+#include "mainloop.h"
+#include "process.h"
+#include "common.h"
+
+
+using ::testing::Args;
+using ::testing::ByRef;
+using ::testing::SetArgPointee;
+using ::testing::DoAll;
+using ::testing::NiceMock;
+using ::testing::Return;
+using ::testing::NotNull;
+using ::testing::AtLeast;
+using ::testing::Invoke;
+using ::testing::_;
+
+using namespace std;
+
+TEST(process, test_new_process)
+{
+ string id = "aaaabbbbccccdddd";
+ string bundle = "/home/isulad/bundle";
+ string runtime = "kata-runtime";
+
+ process_t *p = new_process((char*)id.c_str(), (char*)bundle.c_str(), (char*)runtime.c_str());
+ ASSERT_TRUE(p == nullptr);
+}
\ No newline at end of file
diff --git a/test/cmd/isulad-shim/shim-mainloop/CMakeLists.txt b/test/cmd/isulad-shim/shim-mainloop/CMakeLists.txt
new file mode 100644
index 00000000..457720ad
--- /dev/null
+++ b/test/cmd/isulad-shim/shim-mainloop/CMakeLists.txt
@@ -0,0 +1,20 @@
+project(iSulad_UT)
+
+SET(EXE shim_mainloop_ut)
+
+add_executable(${EXE}
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../test/mocks/mainloop_mock.cc
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/cmd/isulad-shim/mainloop.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/cmd/isulad-shim/common.c
+ shim_mainloop_ut.cc)
+
+target_include_directories(${EXE} PUBLIC
+ ${GTEST_INCLUDE_DIR}
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/cmd/isulad-shim
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../include
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../test/mocks
+ )
+
+target_link_libraries(${EXE} ${GTEST_BOTH_LIBRARIES} ${GMOCK_LIBRARY} ${GMOCK_MAIN_LIBRARY} ${CMAKE_THREAD_LIBS_INIT} ${ISULA_LIBUTILS_LIBRARY} -lcrypto -lyajl -lz)
+add_test(NAME ${EXE} COMMAND ${EXE} --gtest_output=xml:${EXE}-Results.xml)
+set_tests_properties(${EXE} PROPERTIES TIMEOUT 120)
\ No newline at end of file
diff --git a/test/cmd/isulad-shim/shim-mainloop/shim_mainloop_ut.cc b/test/cmd/isulad-shim/shim-mainloop/shim_mainloop_ut.cc
new file mode 100644
index 00000000..ec3815c3
--- /dev/null
+++ b/test/cmd/isulad-shim/shim-mainloop/shim_mainloop_ut.cc
@@ -0,0 +1,55 @@
+/*
+ * Copyright (c) Huawei Technologies Co., Ltd. 2022. All rights reserved.
+ * iSulad licensed under the Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ * http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+ * PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ * Description: mainloop unit test
+ * Author: zhangxiaoyu
+ * Create: 2022-10-11
+ */
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <gtest/gtest.h>
+#include "mainloop.h"
+#include "mainloop_mock.h"
+
+using ::testing::NiceMock;
+using ::testing::Invoke;
+using ::testing::Return;
+using ::testing::_;
+
+class ShimMainloopUnitTest : public testing::Test {
+protected:
+ void SetUp() override
+ {
+ Mainloop_SetMock(&m_mainloop_mock);
+ EXPECT_CALL(m_mainloop_mock, Close(_)).WillRepeatedly(Return(0));
+ EXPECT_CALL(m_mainloop_mock, EpollCreate1(_)).WillRepeatedly(Return(0));
+ EXPECT_CALL(m_mainloop_mock, EpollCtl(_, _, _, _)).WillRepeatedly(Return(0));
+ EXPECT_CALL(m_mainloop_mock, EpollWait(_, _, _, _)).WillRepeatedly(Return(0));
+ }
+
+ void TearDown() override
+ {
+ Mainloop_SetMock(nullptr);
+ }
+
+ NiceMock<MockMainloop> m_mainloop_mock;
+};
+
+TEST_F(ShimMainloopUnitTest, test_mainloop)
+{
+ struct epoll_descr descr = { 0 };
+
+ ASSERT_EQ(epoll_loop_open(&descr), 0);
+ ASSERT_EQ(epoll_loop_add_handler(&descr, 111, nullptr, nullptr), 0);
+ ASSERT_EQ(epoll_loop(&descr, -1), 0);
+ ASSERT_EQ(epoll_loop_del_handler(&descr, 111), 0);
+ ASSERT_EQ(epoll_loop_close(&descr), 0);
+}
diff --git a/test/cutils/utils_utils/CMakeLists.txt b/test/cutils/utils_utils/CMakeLists.txt
index 99a83e7a..6d276390 100644
--- a/test/cutils/utils_utils/CMakeLists.txt
+++ b/test/cutils/utils_utils/CMakeLists.txt
@@ -12,6 +12,8 @@ target_include_directories(${EXE} PUBLIC
${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/map
${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils
)
+
+set_target_properties(${EXE} PROPERTIES LINK_FLAGS "-Wl,--wrap,waitpid")
target_link_libraries(${EXE} ${GTEST_BOTH_LIBRARIES} ${CMAKE_THREAD_LIBS_INIT} ${ISULA_LIBUTILS_LIBRARY} libutils_ut -lcrypto -lyajl -lz)
add_test(NAME ${EXE} COMMAND ${EXE} --gtest_output=xml:${EXE}-Results.xml)
set_tests_properties(${EXE} PROPERTIES TIMEOUT 120)
diff --git a/test/cutils/utils_utils/utils_utils_ut.cc b/test/cutils/utils_utils/utils_utils_ut.cc
index 6c7ece24..79583174 100644
--- a/test/cutils/utils_utils/utils_utils_ut.cc
+++ b/test/cutils/utils_utils/utils_utils_ut.cc
@@ -15,6 +15,44 @@
#include <gtest/gtest.h>
#include "utils.h"
+#include "mock.h"
+
+static pid_t test_pid = -1;
+
+extern "C" {
+ DECLARE_WRAPPER_V(waitpid, pid_t, (__pid_t pid, int *stat_loc, int options));
+ DEFINE_WRAPPER_V(waitpid, pid_t, (__pid_t pid, int *stat_loc, int options),(pid, stat_loc, options));
+}
+
+static pid_t waitpid_none_zero(__pid_t pid, int *stat_loc, int options)
+{
+ *stat_loc = 256;
+ return test_pid;
+}
+
+static pid_t waitpid_zero(__pid_t pid, int *stat_loc, int options)
+{
+ *stat_loc = 0;
+ return test_pid;
+}
+
+#define ExitSignalOffset 128
+static int status_to_exit_code(int status)
+{
+ int exit_code = 0;
+
+ if (WIFEXITED(status)) {
+ exit_code = WEXITSTATUS(status);
+ } else {
+ exit_code = -1;
+ }
+ if (WIFSIGNALED(status)) {
+ int signal;
+ signal = WTERMSIG(status);
+ exit_code = ExitSignalOffset + signal;
+ }
+ return exit_code;
+}
TEST(utils_utils, test_util_mem_realloc)
{
@@ -297,4 +335,27 @@ TEST(utils_utils, test_do_retry_call)
DO_RETRY_CALL(10, 100, nret, retry_call_test, 11);
ASSERT_EQ(global_total, 10);
ASSERT_EQ(nret, -1);
+}
+
+TEST(utils_utils, test_util_waitpid_with_timeout)
+{
+ int64_t timeout = 2;
+ pid_t pid = getpid();
+ int status = 0;
+
+ test_pid = pid;
+ MOCK_SET_V(waitpid, waitpid_none_zero);
+ status = util_waitpid_with_timeout(test_pid, timeout, nullptr);
+ ASSERT_EQ(status, 256);
+ ASSERT_EQ(status_to_exit_code(status), 1);
+ MOCK_CLEAR(waitpid);
+
+ MOCK_SET_V(waitpid, waitpid_zero);
+ status = util_waitpid_with_timeout(test_pid, timeout, nullptr);
+ ASSERT_EQ(status, 0);
+ ASSERT_EQ(status_to_exit_code(status), 0);
+ MOCK_CLEAR(waitpid);
+
+ ASSERT_EQ(util_waitpid_with_timeout(pid, timeout, nullptr), -1);
+
}
\ No newline at end of file
diff --git a/test/runtime/isula/isula_rt_ops_ut.cc b/test/runtime/isula/isula_rt_ops_ut.cc
index 03c213a5..9e014ac3 100644
--- a/test/runtime/isula/isula_rt_ops_ut.cc
+++ b/test/runtime/isula/isula_rt_ops_ut.cc
@@ -163,3 +163,62 @@ TEST_F(IsulaRtOpsUnitTest, test_rt_isula_exec_resize)
close(fd);
ASSERT_EQ(system(rm_path.c_str()), 0);
}
+
+TEST_F(IsulaRtOpsUnitTest, test_rt_isula_update)
+{
+ rt_update_params_t params = {};
+ ASSERT_EQ(rt_isula_update(nullptr, nullptr, nullptr), -1);
+
+ ASSERT_EQ(rt_isula_update("123", nullptr, nullptr), -1);
+ ASSERT_EQ(rt_isula_update("123", "runtime", nullptr), -1);
+ ASSERT_EQ(rt_isula_update("123", "runtime", &params), -1);
+}
+
+TEST_F(IsulaRtOpsUnitTest, test_rt_isula_pause)
+{
+ rt_pause_params_t params = {};
+ ASSERT_EQ(rt_isula_pause(nullptr, nullptr, nullptr), -1);
+
+ ASSERT_EQ(rt_isula_pause("123", nullptr, nullptr), -1);
+ ASSERT_EQ(rt_isula_pause("123", "runtime", nullptr), -1);
+ ASSERT_EQ(rt_isula_pause("123", "runtime", &params), -1);
+}
+
+TEST_F(IsulaRtOpsUnitTest, test_rt_isula_resume)
+{
+ rt_resume_params_t params = {};
+ ASSERT_EQ(rt_isula_resume(nullptr, nullptr, nullptr), -1);
+
+ ASSERT_EQ(rt_isula_resume("123", nullptr, nullptr), -1);
+ ASSERT_EQ(rt_isula_resume("123", "runtime", nullptr), -1);
+ ASSERT_EQ(rt_isula_resume("123", "runtime", &params), -1);
+}
+
+TEST_F(IsulaRtOpsUnitTest, test_rt_isula_resources_stats)
+{
+ rt_stats_params_t params = {};
+ struct runtime_container_resources_stats_info stats = {};
+
+ ASSERT_EQ(rt_isula_resources_stats(nullptr, nullptr, nullptr, nullptr), -1);
+
+ ASSERT_EQ(rt_isula_resources_stats("123", nullptr, nullptr, nullptr), -1);
+ ASSERT_EQ(rt_isula_resources_stats("123", "runtime", nullptr, nullptr), -1);
+ ASSERT_EQ(rt_isula_resources_stats("123", "runtime", &params, nullptr), -1);
+ params.state = "/var/run/isulad/runtime";
+ ASSERT_EQ(rt_isula_resources_stats("123", "runtime", &params, &stats), -1);
+}
+
+TEST_F(IsulaRtOpsUnitTest, test_rt_isula_kill)
+{
+ rt_kill_params_t kill_params = {
+ .signal = SIGTERM,
+ .stop_signal = SIGKILL,
+ .pid = -1,
+ .start_time = 12345,
+ };
+ ASSERT_EQ(rt_isula_kill(nullptr, nullptr, nullptr), -1);
+
+ ASSERT_EQ(rt_isula_kill("123", nullptr, nullptr), -1);
+ ASSERT_EQ(rt_isula_kill("123", "runtime", nullptr), -1);
+ ASSERT_EQ(rt_isula_kill("123", "runtime", &kill_params), -1);
+}
\ No newline at end of file
--
2.25.1

1621
0067-runc-add-ci-for-runc.patch Normal file
View File

File diff suppressed because it is too large Load Diff

45
0068-fix-ci-error.patch Normal file
View File

@ -0,0 +1,45 @@
From 1894ea2f37e13a49acddc9dff0362a8286f8e73d Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Sat, 13 May 2023 14:13:17 +0800
Subject: [PATCH 68/79] fix ci error
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
CI/test_cases/container_cases/update.sh | 21 +++++++++++----------
1 file changed, 11 insertions(+), 10 deletions(-)
diff --git a/CI/test_cases/container_cases/update.sh b/CI/test_cases/container_cases/update.sh
index 39049b54..9147b9e0 100755
--- a/CI/test_cases/container_cases/update.sh
+++ b/CI/test_cases/container_cases/update.sh
@@ -119,16 +119,17 @@ function do_test_t()
done
fi
if [[ ${main} -lt 5 ]] || [[ ${main} -eq 5 ]] && [[ ${minor} -lt 11 ]] && [[ ${enable} -eq 1 ]]; then
- isula update --kernel-memory 2000000000 $containername
- fn_check_eq "$?" "0" "update failed"
-
- isula start $containername
- fn_check_eq "$?" "0" "start failed"
- tmp=`isula exec $containername cat /sys/fs/cgroup/memory/memory.kmem.limit_in_bytes`
- value=$(($tmp - 2000000000))
- if [[ $value -lt -10000 || $value -gt 10000 ]]; then
- echo "Failed to check running reservation memory"
- TC_RET_T=$(($TC_RET_T+1))
+ isula update --kernel-memory 2000000000 $containername
+ fn_check_eq "$?" "0" "update failed"
+
+ isula start $containername
+ fn_check_eq "$?" "0" "start failed"
+ tmp=`isula exec $containername cat /sys/fs/cgroup/memory/memory.kmem.limit_in_bytes`
+ value=$(($tmp - 2000000000))
+ if [[ $value -lt -10000 || $value -gt 10000 ]]; then
+ echo "Failed to check running reservation memory"
+ TC_RET_T=$(($TC_RET_T+1))
+ fi
fi
isula rm -f $containername
--
2.25.1

53
0069-restore-bind_special_dir.sh.patch Normal file
View File

@ -0,0 +1,53 @@
From 455046d295cd9a5d02eb80c49437e1875496de40 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Sun, 14 May 2023 13:41:45 +0800
Subject: [PATCH 69/79] restore bind_special_dir.sh
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
CI/test_cases/container_cases/bind_special_dir.sh | 15 +++------------
1 file changed, 3 insertions(+), 12 deletions(-)
diff --git a/CI/test_cases/container_cases/bind_special_dir.sh b/CI/test_cases/container_cases/bind_special_dir.sh
index ee8cd0f5..e855404b 100755
--- a/CI/test_cases/container_cases/bind_special_dir.sh
+++ b/CI/test_cases/container_cases/bind_special_dir.sh
@@ -25,9 +25,8 @@ source ../helpers.sh
function test_bind_special_dir()
{
local ret=0
- local runtime=$1
local image="busybox"
- local test="container bind special directory test with ($runtime) => (${FUNCNAME[@]})"
+ local test="container bind special directory test => (${FUNCNAME[@]})"
msg_info "${test} starting..."
@@ -37,12 +36,7 @@ function test_bind_special_dir()
isula images | grep busybox
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - missing list image: ${image}" && ((ret++))
- # when create container in container, runc not support to mount /dev
- if [ $runtime == "runc" ]; then
- c_id=`isula run -itd -v -itd --runtime=$runtime -v /sys/fs:/sys/fs:rw,rshared -v /proc:/proc -v /dev/pts:/dev/pts:rw busybox sh`
- else
- c_id=`isula run --runtime=$runtime -itd -v -itd -v /sys/fs:/sys/fs:rw,rshared -v /proc:/proc -v /dev:/dev:ro -v /dev/pts:/dev/pts:rw busybox sh`
- fi
+ c_id=`isula run -itd -v -itd -v /sys/fs:/sys/fs:rw,rshared -v /proc:/proc -v /dev:/dev:ro -v /dev/pts:/dev/pts:rw busybox sh`
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to run container with image: ${image}" && ((ret++))
isula exec -it $c_id sh -c "ls -al /sys/fs" | grep "cgroup"
@@ -57,9 +51,6 @@ function test_bind_special_dir()
declare -i ans=0
-for element in ${RUNTIME_LIST[@]};
-do
- test_bind_special_dir $element || ((ans++))
-done
+test_bind_special_dir || ((ans++))
show_result ${ans} "${curr_path}/${0}"
--
2.25.1

62
0070-ensure-isulad_io-not-NULL-before-close-fd.patch Normal file
View File

@ -0,0 +1,62 @@
From e485c54e69c42f1af056f47ac2e16d9cb2d03042 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Sun, 14 May 2023 14:25:22 +0800
Subject: [PATCH 70/79] ensure isulad_io not NULL before close fd
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
src/cmd/isulad-shim/process.c | 28 ++++++++++++++++------------
1 file changed, 16 insertions(+), 12 deletions(-)
diff --git a/src/cmd/isulad-shim/process.c b/src/cmd/isulad-shim/process.c
index f1391ecb..aa3aa37c 100644
--- a/src/cmd/isulad-shim/process.c
+++ b/src/cmd/isulad-shim/process.c
@@ -194,6 +194,10 @@ static int stdin_cb(int fd, uint32_t events, void *cbdata, struct epoll_descr *d
} else {
fd_to = &(p->shim_io->in);
}
+
+ if (fd_to == NULL || *fd_to == -1) {
+ return EPOLL_LOOP_HANDLE_CONTINUE;
+ }
w_count = write_nointr_in_total(*fd_to, p->buf, r_count);
if (w_count < 0) {
/* When any error occurs, set the write fd -1 */
@@ -797,21 +801,21 @@ static int init_isulad_stdio(process_t *p)
return SHIM_OK;
failure:
if (p->isulad_io != NULL) {
+ if (p->isulad_io->in > 0) {
+ close(p->isulad_io->in);
+ }
+ if (p->isulad_io->out > 0) {
+ close(p->isulad_io->out);
+ }
+ if (p->isulad_io->err > 0) {
+ close(p->isulad_io->err);
+ }
+ if (p->isulad_io->resize > 0) {
+ close(p->isulad_io->resize);
+ }
free(p->isulad_io);
p->isulad_io = NULL;
}
- if (p->isulad_io->in > 0) {
- close(p->isulad_io->in);
- }
- if (p->isulad_io->out > 0) {
- close(p->isulad_io->out);
- }
- if (p->isulad_io->err > 0) {
- close(p->isulad_io->err);
- }
- if (p->isulad_io->resize > 0) {
- close(p->isulad_io->resize);
- }
return SHIM_ERR;
}
--
2.25.1

75
0071-recheck-delete-command-exit-status.patch Normal file
View File

@ -0,0 +1,75 @@
From 7f9b6a7f3fed2244123a235388614eaeff8c8fe4 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Tue, 16 May 2023 15:16:13 +0800
Subject: [PATCH 71/79] recheck delete command exit status
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
.../modules/runtime/isula/isula_rt_ops.c | 24 ++++++++++++-------
1 file changed, 15 insertions(+), 9 deletions(-)
diff --git a/src/daemon/modules/runtime/isula/isula_rt_ops.c b/src/daemon/modules/runtime/isula/isula_rt_ops.c
index 510bb17f..fab0b657 100644
--- a/src/daemon/modules/runtime/isula/isula_rt_ops.c
+++ b/src/daemon/modules/runtime/isula/isula_rt_ops.c
@@ -630,9 +630,9 @@ static int runtime_call_simple(const char *workdir, const char *runtime, const c
}
// oci runtime return -1 if the container 'does not exist'
-// if output contains 'does not exist', means nothing to kill, return 0
-// this will change the exit status of kill command
-static int kill_output_check(const char *output)
+// if output contains 'does not exist', means nothing to kill or delete, return 0
+// this will change the exit status of kill or delete command
+static int non_existent_output_check(const char *output)
{
char *pattern = "does not exist";
@@ -640,24 +640,24 @@ static int kill_output_check(const char *output)
return -1;
}
- // container not exist, kill success, return 0
+ // container not exist, kill or delete success, return 0
if (util_strings_contains_word(output, pattern)) {
return 0;
}
- // kill failed, return -1
+ // kill or delete failed, return -1
return -1;
}
-// kill success or kill_output_check succeed return 0, DO_RETRY_CALL will break;
+// kill success or non_existent_output_check succeed return 0, DO_RETRY_CALL will break;
// if kill failed, recheck on shim alive, if not alive, kill succeed, still return 0;
// else, return -1, DO_RETRY_CALL will call this again;
static int runtime_call_kill_and_check(const char *workdir, const char *runtime, const char *id)
{
int ret = -1;
- // kill succeed, return 0; kill_output_check succeed, return 0;
- ret = runtime_call_simple(workdir, runtime, "kill", NULL, 0, id, kill_output_check);
+ // kill succeed, return 0; non_existent_output_check succeed, return 0;
+ ret = runtime_call_simple(workdir, runtime, "kill", NULL, 0, id, non_existent_output_check);
if (ret == 0) {
return 0;
}
@@ -672,7 +672,13 @@ static int runtime_call_kill_and_check(const char *workdir, const char *runtime,
static int runtime_call_delete_force(const char *workdir, const char *runtime, const char *id)
{
const char *opts[1] = { "--force" };
- return runtime_call_simple(workdir, runtime, "delete", opts, 1, id, NULL);
+ // delete succeed, return 0;
+ // When the runc version is less than or equal to v1.0.0-rc3,
+ // if the container does not exist when force deleting it,
+ // runc will report an error and isulad does not need to retry the deletion again.
+ // related PR ID:d1a743674a98e23d348b29f52c43436356f56b79
+ // non_existent_output_check succeed, return 0;
+ return runtime_call_simple(workdir, runtime, "delete", opts, 1, id, non_existent_output_check);
}
#define ExitSignalOffset 128
--
2.25.1

31
0072-restore-execSync-return-value.patch Normal file
View File

@ -0,0 +1,31 @@
From a337c4744539590b98c4e377b5b12334edff520e Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Thu, 18 May 2023 19:10:13 +0800
Subject: [PATCH 72/79] restore execSync return value
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
src/daemon/entry/connect/grpc/runtime_runtime_service.cc | 7 -------
1 file changed, 7 deletions(-)
diff --git a/src/daemon/entry/connect/grpc/runtime_runtime_service.cc b/src/daemon/entry/connect/grpc/runtime_runtime_service.cc
index 4cc5a4ee..451eeeef 100644
--- a/src/daemon/entry/connect/grpc/runtime_runtime_service.cc
+++ b/src/daemon/entry/connect/grpc/runtime_runtime_service.cc
@@ -289,13 +289,6 @@ grpc::Status RuntimeRuntimeServiceImpl::ExecSync(grpc::ServerContext *context,
return grpc::Status(grpc::StatusCode::UNKNOWN, error.GetMessage());
}
- if (reply->exit_code() != 0) {
- ERROR("Object: CRI, Type: Sync exec in container: %s with exit code: %d", request->container_id().c_str(),
- reply->exit_code());
- error.SetError(reply->stderr());
- return grpc::Status(grpc::StatusCode::UNKNOWN, error.GetMessage());
- }
-
WARN("Event: {Object: CRI, Type: sync execed Container: %s}", request->container_id().c_str());
return grpc::Status::OK;
--
2.25.1

75
0073-fix-memory-leak-and-array-access-out-of-range.patch Normal file
View File

@ -0,0 +1,75 @@
From 300e968a212ce13d8979fe42175a60f609f5e077 Mon Sep 17 00:00:00 2001
From: "Neil.wrz" <wangrunze13@huawei.com>
Date: Tue, 23 May 2023 19:01:40 -0700
Subject: [PATCH 73/79] fix memory leak and array access out of range
Signed-off-by: Neil.wrz <wangrunze13@huawei.com>
---
.../oci/storage/remote_layer_support/remote_support.c | 4 ++--
.../storage/remote_layer_support/ro_symlink_maintain.c | 2 +-
src/utils/http/parser.c | 10 ++++++++++
3 files changed, 13 insertions(+), 3 deletions(-)
diff --git a/src/daemon/modules/image/oci/storage/remote_layer_support/remote_support.c b/src/daemon/modules/image/oci/storage/remote_layer_support/remote_support.c
index 748298cb..400678c4 100644
--- a/src/daemon/modules/image/oci/storage/remote_layer_support/remote_support.c
+++ b/src/daemon/modules/image/oci/storage/remote_layer_support/remote_support.c
@@ -105,12 +105,12 @@ int remote_start_refresh_thread(pthread_rwlock_t *remote_lock)
res = pthread_create(&a_thread, NULL, remote_refresh_ro_symbol_link, (void *)&supporters);
if (res != 0) {
CRIT("Thread creation failed");
- return -1;
+ goto free_out;
}
if (pthread_detach(a_thread) != 0) {
SYSERROR("Failed to detach 0x%lx", a_thread);
- return -1;
+ goto free_out;
}
return 0;
diff --git a/src/daemon/modules/image/oci/storage/remote_layer_support/ro_symlink_maintain.c b/src/daemon/modules/image/oci/storage/remote_layer_support/ro_symlink_maintain.c
index 0e2b671b..2bcc43e6 100644
--- a/src/daemon/modules/image/oci/storage/remote_layer_support/ro_symlink_maintain.c
+++ b/src/daemon/modules/image/oci/storage/remote_layer_support/ro_symlink_maintain.c
@@ -136,7 +136,7 @@ static int do_build_ro_dir(const char *home, const char *id)
nret = asprintf(&ro_layer_dir, "%s/%s/%s", home, REMOTE_RO_LAYER_DIR, id);
if (nret < 0 || nret > PATH_MAX) {
SYSERROR("Failed to create ro layer dir path");
- return -1;
+ goto out;
}
if (util_mkdir_p(ro_layer_dir, IMAGE_STORE_PATH_MODE) != 0) {
diff --git a/src/utils/http/parser.c b/src/utils/http/parser.c
index 12df2435..a79893ba 100644
--- a/src/utils/http/parser.c
+++ b/src/utils/http/parser.c
@@ -88,6 +88,11 @@ static int parser_cb_header_field(http_parser *parser, const char *buf,
m->num_headers++;
}
+ if (m->num_headers == 0) {
+ ERROR("Failed to parse header field because headers num is 0");
+ return -1;
+ }
+
strlncat(m->headers[m->num_headers - 1][0], sizeof(m->headers[m->num_headers - 1][0]), buf, len);
m->last_header_element = FIELD;
@@ -100,6 +105,11 @@ static int parser_cb_header_value(http_parser *parser, const char *buf,
size_t len)
{
struct parsed_http_message *m = parser->data;
+
+ if (m->num_headers == 0) {
+ ERROR("Failed to parse header value because headers num is 0");
+ return -1;
+ }
strlncat(m->headers[m->num_headers - 1][1], sizeof(m->headers[m->num_headers - 1][1]), buf, len);
m->last_header_element = VALUE;
--
2.25.1

143
0074-fix-memory-leak-of-top_layer.patch Normal file
View File

@ -0,0 +1,143 @@
From d027738842ba071802e87a18857c79603cb12db8 Mon Sep 17 00:00:00 2001
From: "Neil.wrz" <wangrunze13@huawei.com>
Date: Wed, 24 May 2023 18:35:33 -0700
Subject: [PATCH 74/79] fix memory leak of top_layer
Signed-off-by: Neil.wrz <wangrunze13@huawei.com>
---
.../oci/storage/image_store/image_store.c | 3 +-
.../remote_layer_support/image_remote_impl.c | 50 +++++++++++++------
.../overlay_remote_impl.c | 4 +-
.../ro_symlink_maintain.c | 1 +
4 files changed, 39 insertions(+), 19 deletions(-)
diff --git a/src/daemon/modules/image/oci/storage/image_store/image_store.c b/src/daemon/modules/image/oci/storage/image_store/image_store.c
index f6ddd03b..d89c28f4 100644
--- a/src/daemon/modules/image/oci/storage/image_store/image_store.c
+++ b/src/daemon/modules/image/oci/storage/image_store/image_store.c
@@ -3684,7 +3684,8 @@ int remote_append_image_by_directory_with_lock(const char *id)
nret = snprintf(image_path, sizeof(image_path), "%s/%s", g_image_store->dir, id);
if (nret < 0 || (size_t)nret >= sizeof(image_path)) {
ERROR("Failed to get image path");
- return -1;
+ ret = -1;
+ goto out;
}
ret = append_image_by_directory(image_path);
diff --git a/src/daemon/modules/image/oci/storage/remote_layer_support/image_remote_impl.c b/src/daemon/modules/image/oci/storage/remote_layer_support/image_remote_impl.c
index 92bf901d..b4a53ec1 100644
--- a/src/daemon/modules/image/oci/storage/remote_layer_support/image_remote_impl.c
+++ b/src/daemon/modules/image/oci/storage/remote_layer_support/image_remote_impl.c
@@ -126,11 +126,43 @@ out:
return ret;
}
+static int check_top_layer_and_add_image(const char *id)
+{
+ char *top_layer = NULL;
+ int ret = 0;
+
+ top_layer = remote_image_get_top_layer_from_json(id);
+ if (top_layer == NULL) {
+ WARN("Can't get top layer id for image: %s, image not add", id);
+ return 0;
+ }
+
+ if (!remote_layer_layer_valid(top_layer)) {
+ WARN("Current not find valid under layer, remote image:%s not add", id);
+ if (!map_remove(image_byid_new, (void *)id)) {
+ WARN("image %s will not be loaded from remote.", id);
+ }
+ goto out;
+ }
+
+ if (remote_append_image_by_directory_with_lock(id) != 0) {
+ ERROR("Failed to load image into memrory: %s", id);
+ if (!map_remove(image_byid_new, (void *)id)) {
+ WARN("image %s will not be loaded from remote", id);
+ }
+ ret = -1;
+ }
+
+out:
+ free(top_layer);
+
+ return ret;
+}
+
static int remote_image_add(void *data)
{
char **array_added = NULL;
char **array_deleted = NULL;
- char *top_layer = NULL;
map_t *tmp_map = NULL;
bool exist = true;
size_t i = 0;
@@ -144,20 +176,7 @@ static int remote_image_add(void *data)
array_deleted = remote_deleted_layers(image_byid_old, image_byid_new);
for (i = 0; i < util_array_len((const char **)array_added); i++) {
- top_layer = remote_image_get_top_layer_from_json(array_added[i]);
- if (top_layer != NULL && !remote_layer_layer_valid(top_layer)) {
- WARN("Current not find valid under layer, remoet image:%s not added", array_added[i]);
- if (!map_remove(image_byid_new, (void *)array_added[i])) {
- WARN("image %s will not be loaded from remote.", array_added[i]);
- }
- continue;
- }
-
- if (remote_append_image_by_directory_with_lock(array_added[i]) != 0) {
- ERROR("Failed to load image into memrory: %s", array_added[i]);
- if (!map_remove(image_byid_new, (void *)array_added[i])) {
- WARN("image %s will not be loaded from remote", array_added[i]);
- }
+ if (check_top_layer_and_add_image(array_added[i]) != 0) {
ret = -1;
}
}
@@ -179,7 +198,6 @@ static int remote_image_add(void *data)
util_free_array(array_added);
util_free_array(array_deleted);
- free(top_layer);
return ret;
}
diff --git a/src/daemon/modules/image/oci/storage/remote_layer_support/overlay_remote_impl.c b/src/daemon/modules/image/oci/storage/remote_layer_support/overlay_remote_impl.c
index 30caf175..238506c2 100644
--- a/src/daemon/modules/image/oci/storage/remote_layer_support/overlay_remote_impl.c
+++ b/src/daemon/modules/image/oci/storage/remote_layer_support/overlay_remote_impl.c
@@ -292,7 +292,7 @@ free_out:
return ret;
}
-static int remote_image_add(struct remote_overlay_data *data)
+static int remote_overlay_add(struct remote_overlay_data *data)
{
int ret = 0;
char **array_added = NULL;
@@ -346,7 +346,7 @@ void remote_overlay_refresh(struct remote_overlay_data *data)
return;
}
- if (remote_image_add(data) != 0) {
+ if (remote_overlay_add(data) != 0) {
ERROR("refresh overlay failed");
}
}
diff --git a/src/daemon/modules/image/oci/storage/remote_layer_support/ro_symlink_maintain.c b/src/daemon/modules/image/oci/storage/remote_layer_support/ro_symlink_maintain.c
index 2bcc43e6..4d234aab 100644
--- a/src/daemon/modules/image/oci/storage/remote_layer_support/ro_symlink_maintain.c
+++ b/src/daemon/modules/image/oci/storage/remote_layer_support/ro_symlink_maintain.c
@@ -135,6 +135,7 @@ static int do_build_ro_dir(const char *home, const char *id)
nret = asprintf(&ro_layer_dir, "%s/%s/%s", home, REMOTE_RO_LAYER_DIR, id);
if (nret < 0 || nret > PATH_MAX) {
+ ret = -1;
SYSERROR("Failed to create ro layer dir path");
goto out;
}
--
2.25.1

33
0075-ensure-define-in-local-and-use-correctly-type.patch Normal file
View File

@ -0,0 +1,33 @@
From dd476a11320c3ab1cca088017fafe7925f5636e6 Mon Sep 17 00:00:00 2001
From: haozi007 <liuhao27@huawei.com>
Date: Sat, 27 May 2023 10:18:40 +0800
Subject: [PATCH 75/79] ensure define in local and use correctly type
Signed-off-by: haozi007 <liuhao27@huawei.com>
---
src/cmd/isula/volume/prune.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/cmd/isula/volume/prune.c b/src/cmd/isula/volume/prune.c
index 2a3bca3e..c8d632ed 100644
--- a/src/cmd/isula/volume/prune.c
+++ b/src/cmd/isula/volume/prune.c
@@ -85,7 +85,6 @@ int cmd_volume_prune_main(int argc, const char **argv)
command_t cmd;
char **volumes = NULL;
size_t volumes_len = 0;
- char ch = 'n';
struct command_option options[] = { LOG_OPTIONS(lconf) COMMON_OPTIONS(g_cmd_volume_prune_args)
PRUNE_OPTIONS(g_cmd_volume_prune_args)
};
@@ -113,6 +112,7 @@ int cmd_volume_prune_main(int argc, const char **argv)
}
if (!g_cmd_volume_prune_args.force) {
+ int ch;
printf("WARNING! This will remove all local volumes not used by at least one container.\n");
printf("Are you sure you want to continue? [y/N]");
ch = getchar();
--
2.25.1

89
0076-fix-don-t-cleanup-when-remote-ro-is-enabled.patch Normal file
View File

@ -0,0 +1,89 @@
From ba7bca853f2b2ec1cdfabe37a464776745cbb0ab Mon Sep 17 00:00:00 2001
From: "Neil.wrz" <wangrunze13@huawei.com>
Date: Sun, 28 May 2023 19:26:19 -0700
Subject: [PATCH 76/79] fix don't cleanup when remote ro is enabled
Signed-off-by: Neil.wrz <wangrunze13@huawei.com>
---
src/cmd/isulad/main.c | 2 +-
src/daemon/modules/api/leftover_cleanup_api.h | 4 +++-
.../container/leftover_cleanup/leftover_cleanup_api.c | 9 ++++++++-
.../layer_store/graphdriver/overlay2/driver_overlay2.c | 6 ++++++
4 files changed, 18 insertions(+), 3 deletions(-)
diff --git a/src/cmd/isulad/main.c b/src/cmd/isulad/main.c
index f5ded220..0cb7b50e 100644
--- a/src/cmd/isulad/main.c
+++ b/src/cmd/isulad/main.c
@@ -1249,7 +1249,7 @@ static int isulad_server_init_common()
#ifndef DISABLE_CLEANUP
// to cleanup leftover, init clean module before other modules.
- if (clean_module_init() != 0) {
+ if (clean_module_init(args->json_confs) != 0) {
ERROR("Failed to init clean module");
goto out;
}
diff --git a/src/daemon/modules/api/leftover_cleanup_api.h b/src/daemon/modules/api/leftover_cleanup_api.h
index 32a41258..26c4509b 100644
--- a/src/daemon/modules/api/leftover_cleanup_api.h
+++ b/src/daemon/modules/api/leftover_cleanup_api.h
@@ -15,6 +15,8 @@
#ifndef DAEMON_MODULES_API_LEFTOVER_CLEANUP_API_H
#define DAEMON_MODULES_API_LEFTOVER_CLEANUP_API_H
+#include <isula_libutils/isulad_daemon_configs.h>
+
#if defined(__cplusplus) || defined(c_plusplus)
extern "C" {
#endif
@@ -23,7 +25,7 @@ typedef enum {
BROKEN_ROOTFS = 1
} cleanup_ctx_data_t;
-int clean_module_init();
+int clean_module_init(const isulad_daemon_configs *args);
void clean_module_fill_ctx(cleanup_ctx_data_t data_type, void *data);
diff --git a/src/daemon/modules/container/leftover_cleanup/leftover_cleanup_api.c b/src/daemon/modules/container/leftover_cleanup/leftover_cleanup_api.c
index 7bdaef22..8f077916 100644
--- a/src/daemon/modules/container/leftover_cleanup/leftover_cleanup_api.c
+++ b/src/daemon/modules/container/leftover_cleanup/leftover_cleanup_api.c
@@ -20,8 +20,15 @@
struct clean_ctx *g_clean_ctx = NULL;
struct cleaners *g_clns = NULL;
-int clean_module_init()
+int clean_module_init(const isulad_daemon_configs *args)
{
+ if (args->storage_enable_remote_layer) {
+ // need to disable cleanup
+ // cause cleanup may cleanup local broken RO layer
+ // while this RO layer is valid for remote
+ return 0;
+ }
+
// create cleaners and clean_ctx
g_clns = cleaners_init();
if (g_clns == NULL) {
diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c
index eedbeef2..5ad487f9 100644
--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c
+++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c
@@ -1204,6 +1204,12 @@ int overlay2_rm_layer(const char *id, const struct graphdriver *driver)
}
#ifdef ENABLE_REMOTE_LAYER_STORE
+ if (!util_fileself_exists(layer_dir)) {
+ WARN("layer direcotry is already removed, can't remove twice");
+ ret = 0;
+ goto out;
+ }
+
if (lstat(layer_dir, &stat_buf) < 0) {
SYSERROR("Failed to lstat path: %s", layer_dir);
ret = -1;
--
2.25.1

32
0077-fix-layer-imcomplete-cause-isulad-core.patch Normal file
View File

@ -0,0 +1,32 @@
From 4a57a1eb29b3af344dbc833c067205cf36a9ecf1 Mon Sep 17 00:00:00 2001
From: zhangxiaoyu <zhangxiaoyu58@huawei.com>
Date: Tue, 30 May 2023 18:59:14 +0800
Subject: [PATCH 77/79] fix layer imcomplete cause isulad core
Signed-off-by: zhangxiaoyu <zhangxiaoyu58@huawei.com>
---
src/daemon/modules/image/oci/storage/layer_store/layer_store.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/daemon/modules/image/oci/storage/layer_store/layer_store.c b/src/daemon/modules/image/oci/storage/layer_store/layer_store.c
index 6024d734..800a1cd7 100644
--- a/src/daemon/modules/image/oci/storage/layer_store/layer_store.c
+++ b/src/daemon/modules/image/oci/storage/layer_store/layer_store.c
@@ -1937,12 +1937,13 @@ static int load_layers_from_json_files()
// check complete
if (tl->slayer->incompelte) {
+ // item and tl will free after this function
if (do_delete_layer(tl->slayer->id) != 0) {
ERROR("delete layer: %s failed", tl->slayer->id);
ret = -1;
goto unlock_out;
}
- should_save = true;
+ continue;
}
if (should_save && save_layer(tl) != 0) {
--
2.25.1

92
0078-add-load-layer-testcase.patch Normal file
View File

@ -0,0 +1,92 @@
From f66a0071c916dd96535957acdbe94db658575ae6 Mon Sep 17 00:00:00 2001
From: zhangxiaoyu <zhangxiaoyu58@huawei.com>
Date: Tue, 30 May 2023 19:00:02 +0800
Subject: [PATCH 78/79] add load layer testcase
Signed-off-by: zhangxiaoyu <zhangxiaoyu58@huawei.com>
---
CI/test_cases/image_cases/load_layers.sh | 72 ++++++++++++++++++++++++
1 file changed, 72 insertions(+)
create mode 100755 CI/test_cases/image_cases/load_layers.sh
diff --git a/CI/test_cases/image_cases/load_layers.sh b/CI/test_cases/image_cases/load_layers.sh
new file mode 100755
index 00000000..af604064
--- /dev/null
+++ b/CI/test_cases/image_cases/load_layers.sh
@@ -0,0 +1,72 @@
+#!/bin/bash
+#
+# attributes: isulad basic load layers
+# concurrent: NA
+# spend time: 5
+
+#######################################################################
+##- Copyright (c) Huawei Technologies Co., Ltd. 2023. All rights reserved.
+# - iSulad licensed under the Mulan PSL v2.
+# - You can use this software according to the terms and conditions of the Mulan PSL v2.
+# - You may obtain a copy of Mulan PSL v2 at:
+# - http://license.coscl.org.cn/MulanPSL2
+# - THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+# - IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+# - PURPOSE.
+# - See the Mulan PSL v2 for more details.
+##- @Description:CI
+##- @Author: zhangxiaoyu
+##- @Create: 2023-05-30
+#######################################################################
+
+declare -r curr_path=$(dirname $(readlink -f "$0"))
+source ../helpers.sh
+
+function test_load_layers()
+{
+ local ret=0
+ local image="busybox"
+ local test="load layers test => (${FUNCNAME[@]})"
+
+ msg_info "${test} starting..."
+
+ isula pull ${image}
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to pull image: ${image}" && return ${FAILURE}
+
+ isula images | grep busybox
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - missing list image: ${image}" && ((ret++))
+
+ CONT=$(isula run -itd busybox)
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to run container with image: ${image}" && ((ret++))
+
+ local json_file=/var/lib/isulad/storage/overlay-layers/${CONT}/layer.json
+ test -f ${json_file}
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - layer json not exist" && ((ret++))
+
+ check_valgrind_log
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - stop isulad failed" && ((ret++))
+
+ sed -i '2i \"incompelte\"\: true\,' ${json_file}
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to modify layer json" && ((ret++))
+
+ start_isulad_with_valgrind
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - start isulad failed" && ((ret++))
+
+ test -f ${json_file}
+ [[ $? -eq 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - layer json not exist" && ((ret++))
+
+ isula rm -f ${CONT}
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to remove ${CONT}" && ((ret++))
+
+ isula rmi ${image}
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to rmi image ${image}" && ((ret++))
+
+ msg_info "${test} finished with return ${ret}..."
+ return ${ret}
+}
+
+declare -i ans=0
+
+test_load_layers || ((ans++))
+
+show_result ${ans} "${curr_path}/${0}"
--
2.25.1

29
0079-2037-archive-reader-close-if-copy-to-container-faile.patch Normal file
View File

@ -0,0 +1,29 @@
From bef050c8d5887f3bcf923dd5a275d9c67f47a6d4 Mon Sep 17 00:00:00 2001
From: zhangxiaoyu <zhangxiaoyu58@huawei.com>
Date: Thu, 1 Jun 2023 02:46:35 +0000
Subject: [PATCH 79/79] !2037 archive reader close if copy to container failed
* archive reader close if copy to container failed
---
src/cmd/isula/stream/cp.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/src/cmd/isula/stream/cp.c b/src/cmd/isula/stream/cp.c
index f85602ed..2b0a79c7 100644
--- a/src/cmd/isula/stream/cp.c
+++ b/src/cmd/isula/stream/cp.c
@@ -214,10 +214,8 @@ static int client_copy_to_container(const struct client_arguments *args, const c
config = get_connect_config(args);
ret = ops->container.copy_to_container(&request, response, &config);
- if (ret) {
- goto out;
- }
+ // archive reader close if copy to container failed
nret = archive_reader.close(archive_reader.context, &archive_err);
if (nret < 0) {
ret = nret;
--
2.25.1

28
iSulad.spec
View File

@ -1,5 +1,5 @@
%global _version 2.0.18
%global _release 8
%global _release 9
%global is_systemd 1
%global enable_shimv2 1
%global is_embedded 1
@ -72,6 +72,26 @@ Patch0056: 0056-remove-unused-headers.patch
Patch0057: 0057-change-isulad-shim-epoll-struct.patch
Patch0058: 0058-fix-memrealloc-size-error.patch
Patch0059: 0059-convert-struct-lcr-start-exec-request.patch
Patch0060: 0060-fix-security-warning.patch
Patch0061: 0061-add-testcase-for-hook-env.patch
Patch0062: 0062-fix-security-warning.patch
Patch0063: 0063-add-try_generate_exec_id-func-for-health-check.patch
Patch0064: 0064-split-remote-grpc-code-by-macro.patch
Patch0065: 0065-move-signal_routine-and-g_log_fd-to-common-and-and-s.patch
Patch0066: 0066-add-ut-for-runc.patch
Patch0067: 0067-runc-add-ci-for-runc.patch
Patch0068: 0068-fix-ci-error.patch
Patch0069: 0069-restore-bind_special_dir.sh.patch
Patch0070: 0070-ensure-isulad_io-not-NULL-before-close-fd.patch
Patch0071: 0071-recheck-delete-command-exit-status.patch
Patch0072: 0072-restore-execSync-return-value.patch
Patch0073: 0073-fix-memory-leak-and-array-access-out-of-range.patch
Patch0074: 0074-fix-memory-leak-of-top_layer.patch
Patch0075: 0075-ensure-define-in-local-and-use-correctly-type.patch
Patch0076: 0076-fix-don-t-cleanup-when-remote-ro-is-enabled.patch
Patch0077: 0077-fix-layer-imcomplete-cause-isulad-core.patch
Patch0078: 0078-add-load-layer-testcase.patch
Patch0079: 0079-2037-archive-reader-close-if-copy-to-container-faile.patch
%ifarch x86_64 aarch64
Provides: libhttpclient.so()(64bit)
@ -316,6 +336,12 @@ fi
%endif
%changelog
* Thu Jun 01 2023 zhangxiaoyu <zhangxiaoyu58@huawei.com> - 2.0.18-9
- Type: bugfix
- ID: NA
- SUG: NA
- DESC: upgrade from upstream
* Mon May 08 2023 penghaitao <htpengc@isoftstone.com> - 2.0.18-8
- Type: bugfix
- ID: NA