diff --git a/0079-Fix-Failed-to-execute-image-pull-on-name-tag-digest-.patch b/0079-Fix-Failed-to-execute-image-pull-on-name-tag-digest-.patch new file mode 100644 index 0000000000000000000000000000000000000000..6c9fc35a292d036876d56d4a06617093fe0c4698 --- /dev/null +++ b/0079-Fix-Failed-to-execute-image-pull-on-name-tag-digest-.patch @@ -0,0 +1,72 @@ +From 1d90c5a855a267bb156d53b6a43bc451a993efd5 Mon Sep 17 00:00:00 2001 +From: huj13k4n9 +Date: Mon, 29 Apr 2024 12:52:17 +0800 +Subject: [PATCH 79/85] Fix 'Failed to execute image pull' on 'name:tag@digest' + type image name + +--- + src/daemon/modules/image/oci/utils_images.c | 6 ++++++ + src/utils/cutils/utils_verify.c | 3 ++- + src/utils/cutils/utils_verify.h | 3 ++- + 3 files changed, 10 insertions(+), 2 deletions(-) + +diff --git a/src/daemon/modules/image/oci/utils_images.c b/src/daemon/modules/image/oci/utils_images.c +index d94388bd..b4e2a1a8 100644 +--- a/src/daemon/modules/image/oci/utils_images.c ++++ b/src/daemon/modules/image/oci/utils_images.c +@@ -207,6 +207,7 @@ int oci_split_image_name(const char *image_name, char **host, char **name, char + char *tag_digest_pos = NULL; + char *name_pos = NULL; + char *tmp_image_name = NULL; ++ char *name_end_pos = NULL; + + if (!util_valid_image_name(image_name)) { + ERROR("Invalid full image name %s", image_name); +@@ -234,6 +235,11 @@ int oci_split_image_name(const char *image_name, char **host, char **name, char + *name_pos = '\0'; + name_pos++; + if (name != NULL) { ++ // Need to check if image name contains tag ++ name_end_pos = strchr(name_pos, ':'); ++ if (name_end_pos != NULL) { ++ *name_end_pos = '\0'; ++ } + *name = util_strdup_s(name_pos); + } + if (host != NULL) { +diff --git a/src/utils/cutils/utils_verify.c b/src/utils/cutils/utils_verify.c +index cd636fff..474e28f0 100644 +--- a/src/utils/cutils/utils_verify.c ++++ b/src/utils/cutils/utils_verify.c +@@ -319,6 +319,7 @@ bool util_valid_image_name(const char *name) + } + } + ++ // In name check phase, image name with both tag and digest is also allowed + if (util_reg_match(__NamePattern, copy)) { + goto cleanup; + } +@@ -767,4 +768,4 @@ bool util_valid_search_name(const char *name) + + return true; + } +-#endif +\ No newline at end of file ++#endif +diff --git a/src/utils/cutils/utils_verify.h b/src/utils/cutils/utils_verify.h +index bafd2a82..fc59f6c0 100644 +--- a/src/utils/cutils/utils_verify.h ++++ b/src/utils/cutils/utils_verify.h +@@ -32,7 +32,8 @@ extern "C" { + #define __NamePattern \ + "^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])" \ + "((\\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+)?(:[0-9]+)?/)?[a-z0-9]" \ +- "+((([._]|__|[-]*)[a-z0-9]+)+)?((/[a-z0-9]+((([._]|__|[-]*)[a-z0-9]+)+)?)+)?$" ++ "+((([._]|__|[-]*)[a-z0-9]+)+)?((/[a-z0-9]+((([._]|__|[-]*)[a-z0-9]+)+)?)+)?" \ ++ "(:([A-Za-z_0-9][A-Za-z_0-9.-]{0,127}))?$" + + #define __DIGESTPattern "@[a-z0-9]+:[a-z0-9]{32,}" + +-- +2.34.1 + diff --git a/0080-bugfix-for-hostname-env-set-only-once.patch b/0080-bugfix-for-hostname-env-set-only-once.patch new file mode 100644 index 0000000000000000000000000000000000000000..191a7905b278a93927ae2683510f250f6756a2ef --- /dev/null +++ b/0080-bugfix-for-hostname-env-set-only-once.patch @@ -0,0 +1,148 @@ +From 8ff32819d84f59085c4c541b00f9671db55d0fd1 Mon Sep 17 00:00:00 2001 +From: jikai +Date: Mon, 29 Apr 2024 09:14:53 +0800 +Subject: [PATCH 80/85] bugfix for hostname env: set only once + +Signed-off-by: jikai +--- + src/daemon/modules/spec/specs.c | 11 +++++- + src/daemon/modules/spec/specs_extend.c | 52 +++++++++++++++++--------- + src/daemon/modules/spec/specs_extend.h | 2 + + 3 files changed, 46 insertions(+), 19 deletions(-) + +diff --git a/src/daemon/modules/spec/specs.c b/src/daemon/modules/spec/specs.c +index 77ca70f9..65a860d4 100644 +--- a/src/daemon/modules/spec/specs.c ++++ b/src/daemon/modules/spec/specs.c +@@ -1863,14 +1863,21 @@ static int merge_process_conf(oci_runtime_spec *oci_spec, const host_config *hos + goto out; + } + +- /* environment variables */ ++ /* 1. merge env from container_spec: --env or --env-file */ + ret = merge_env(oci_spec, (const char **)container_spec->env, container_spec->env_len); + if (ret != 0) { + ERROR("Failed to merge environment variables"); + goto out; + } + +- /* env target file */ ++ /* 2. merge default env hostname, only if hostname not set before */ ++ ret = merge_hostname_env(oci_spec); ++ if (ret != 0) { ++ ERROR("Failed to merge hostname env"); ++ goto out; ++ } ++ ++ /* 3. persist env from --env-target-file, only if the env not set before, system container only */ + ret = merge_env_target_file(oci_spec, host_spec->env_target_file); + if (ret != 0) { + ERROR("Failed to merge env target file"); +diff --git a/src/daemon/modules/spec/specs_extend.c b/src/daemon/modules/spec/specs_extend.c +index 8cad2cbe..4c154281 100644 +--- a/src/daemon/modules/spec/specs_extend.c ++++ b/src/daemon/modules/spec/specs_extend.c +@@ -420,34 +420,23 @@ out: + int merge_env(oci_runtime_spec *oci_spec, const char **env, size_t env_len) + { + int ret = 0; +- int nret = 0; + size_t new_size = 0; + size_t old_size = 0; + size_t i; + char **temp = NULL; +- // 10 is lenght of "HOSTNAME=" and '\0' +- char host_name_env[MAX_HOST_NAME_LEN + 10] = { 0 }; +- +- nret = snprintf(host_name_env, sizeof(host_name_env), "HOSTNAME=%s", oci_spec->hostname); +- if (nret < 0 || (size_t)nret >= sizeof(host_name_env)) { +- ret = -1; +- ERROR("Sprint failed"); +- goto out; +- } + + ret = make_sure_oci_spec_process(oci_spec); + if (ret < 0) { + goto out; + } + +- if (env_len > LIST_ENV_SIZE_MAX - oci_spec->process->env_len - 1) { ++ if (env_len > LIST_ENV_SIZE_MAX - oci_spec->process->env_len) { + ERROR("The length of envionment variables is too long, the limit is %lld", LIST_ENV_SIZE_MAX); + isulad_set_error_message("The length of envionment variables is too long, the limit is %d", LIST_ENV_SIZE_MAX); + ret = -1; + goto out; + } +- // add 1 for hostname env +- new_size = (oci_spec->process->env_len + env_len + 1) * sizeof(char *); ++ new_size = (oci_spec->process->env_len + env_len) * sizeof(char *); + old_size = oci_spec->process->env_len * sizeof(char *); + ret = util_mem_realloc((void **)&temp, new_size, oci_spec->process->env, old_size); + if (ret != 0) { +@@ -458,10 +447,6 @@ int merge_env(oci_runtime_spec *oci_spec, const char **env, size_t env_len) + + oci_spec->process->env = temp; + +- // append hostname env into default oci spec env list +- oci_spec->process->env[oci_spec->process->env_len] = util_strdup_s(host_name_env); +- oci_spec->process->env_len++; +- + for (i = 0; i < env_len && env != NULL; i++) { + oci_spec->process->env[oci_spec->process->env_len] = util_strdup_s(env[i]); + oci_spec->process->env_len++; +@@ -470,6 +455,39 @@ out: + return ret; + } + ++int merge_hostname_env(oci_runtime_spec *oci_spec) ++{ ++ int nret = 0; ++ bool is_append = true; ++ // 10 is lenght of "HOSTNAME=" and '\0' ++ char host_name_env[MAX_HOST_NAME_LEN + 10] = { 0 }; ++ const char *envs[1] = {host_name_env}; ++ ++ if (make_sure_oci_spec_process(oci_spec) < 0) { ++ return -1; ++ } ++ ++ if (check_env_need_append(oci_spec, "HOSTNAME", &is_append) < 0) { ++ return -1; ++ } ++ ++ if (!is_append) { ++ return 0; ++ } ++ ++ nret = snprintf(host_name_env, sizeof(host_name_env), "HOSTNAME=%s", oci_spec->hostname); ++ if (nret < 0 || (size_t)nret >= sizeof(host_name_env)) { ++ ERROR("Sprint failed"); ++ return -1; ++ } ++ ++ if (merge_env(oci_spec, (const char **)envs, 1) < 0) { ++ return -1; ++ } ++ ++ return 0; ++} ++ + char *oci_container_get_env(const oci_runtime_spec *oci_spec, const char *key) + { + const defs_process *op = NULL; +diff --git a/src/daemon/modules/spec/specs_extend.h b/src/daemon/modules/spec/specs_extend.h +index d70f5bec..15ec6b2f 100644 +--- a/src/daemon/modules/spec/specs_extend.h ++++ b/src/daemon/modules/spec/specs_extend.h +@@ -50,6 +50,8 @@ int make_userns_remap(oci_runtime_spec *container, const char *user_remap); + + int merge_env(oci_runtime_spec *oci_spec, const char **env, size_t env_len); + ++int merge_hostname_env(oci_runtime_spec *oci_spec); ++ + int merge_env_target_file(oci_runtime_spec *oci_spec, const char *env_target_file); + + char *oci_container_get_env(const oci_runtime_spec *oci_spec, const char *key); +-- +2.34.1 + diff --git a/0081-set-the-sandbox-status-to-not-ready-under-abnormal-c.patch b/0081-set-the-sandbox-status-to-not-ready-under-abnormal-c.patch new file mode 100644 index 0000000000000000000000000000000000000000..91a57f20cb03adce957e7408a9032b40529b45e1 --- /dev/null +++ b/0081-set-the-sandbox-status-to-not-ready-under-abnormal-c.patch @@ -0,0 +1,86 @@ +From 934d289aa535bbb87bfe484c4de34275b968fb87 Mon Sep 17 00:00:00 2001 +From: zhongtao +Date: Wed, 8 May 2024 11:40:40 +0800 +Subject: [PATCH 81/85] set the sandbox status to not ready under abnormal + circumstances + +Signed-off-by: zhongtao +--- + src/daemon/sandbox/sandbox.cc | 34 +++++++++++++++++++++++++--------- + src/daemon/sandbox/sandbox.h | 1 + + 2 files changed, 26 insertions(+), 9 deletions(-) + +diff --git a/src/daemon/sandbox/sandbox.cc b/src/daemon/sandbox/sandbox.cc +index bae5b8db..279bf628 100644 +--- a/src/daemon/sandbox/sandbox.cc ++++ b/src/daemon/sandbox/sandbox.cc +@@ -371,6 +371,8 @@ void Sandbox::DoUpdateStatus(std::unique_ptr status, Er + m_state.exitedAt = status->exitedAt; + if (status->state == std::string(SANDBOX_READY_STATE_STR)) { + m_state.status = SANDBOX_STATUS_RUNNING; ++ } else { ++ m_state.status = SANDBOX_STATUS_STOPPED; + } + } + +@@ -459,6 +461,24 @@ auto Sandbox::Save(Errors &error) -> bool + return true; + } + ++bool Sandbox::DoStatusUpdateAndWaitInLoad(const std::string &sandboxID, Errors &error) ++{ ++ if (!UpdateStatus(error)) { ++ ERROR("Failed to update status of Sandbox, id='%s'", sandboxID.c_str()); ++ return false; ++ } ++ ++ // Regardless of whether the sandbox is ready, ++ // Wait() is required to call to monitor whether the kuasar sandbox is ready or exits. ++ // TODO: distinguish the meaning of Wait() return value in different states of sandbox ++ if (!m_controller->Wait(shared_from_this(), sandboxID, error)) { ++ ERROR("Failed to restore wait callback"); ++ return false; ++ } ++ ++ return true; ++} ++ + auto Sandbox::Load(Errors &error) -> bool + { + if (!LoadState(error)) { +@@ -478,15 +498,11 @@ auto Sandbox::Load(Errors &error) -> bool + + LoadNetworkSetting(); + +- if (!UpdateStatus(error)) { +- ERROR("Failed to update status of Sandbox, id='%s'", m_id.c_str()); +- return false; +- } +- +- // TODO: distinguish the meaning of Wait() return value in different states of sandbox +- if (!m_controller->Wait(shared_from_this(), m_id, error)) { +- ERROR("Failed to restore wait callback"); +- return false; ++ // When the sandbox status acquisition fails or wait fails, the sandbox status is set to not ready, ++ // and the user decides whether to delete the sandbox. ++ if (!DoStatusUpdateAndWaitInLoad(m_id, error)) { ++ WriteGuard lock(m_stateMutex); ++ m_state.status = SANDBOX_STATUS_STOPPED; + } + + return true; +diff --git a/src/daemon/sandbox/sandbox.h b/src/daemon/sandbox/sandbox.h +index 20a8e338..42fbee2a 100644 +--- a/src/daemon/sandbox/sandbox.h ++++ b/src/daemon/sandbox/sandbox.h +@@ -156,6 +156,7 @@ private: + auto SetupSandboxFiles(Errors &error) -> bool; + void DoUpdateStatus(std::unique_ptr status, Errors &error); + void DoUpdateExitedStatus(const ControllerExitInfo &exitInfo); ++ bool DoStatusUpdateAndWaitInLoad(const std::string &sandboxID, Errors &error); + + auto GetMetadataJsonPath() -> std::string; + auto GetStatePath() -> std::string; +-- +2.34.1 + diff --git a/0082-fix-shim-controller-set-incorrect-sandbox-status-sta.patch b/0082-fix-shim-controller-set-incorrect-sandbox-status-sta.patch new file mode 100644 index 0000000000000000000000000000000000000000..13df472fa2eb3c3671d9f526774f2f6ad72d8957 --- /dev/null +++ b/0082-fix-shim-controller-set-incorrect-sandbox-status-sta.patch @@ -0,0 +1,60 @@ +From 1d51e3e9f14199854cc2d586651c5809345aee18 Mon Sep 17 00:00:00 2001 +From: zhongtao +Date: Wed, 8 May 2024 14:48:47 +0800 +Subject: [PATCH 82/85] fix shim controller set incorrect sandbox status state + +Signed-off-by: jikai +--- + src/daemon/sandbox/controller/controller.h | 3 +++ + src/daemon/sandbox/controller/shim/shim_controller.cc | 6 ++++-- + src/daemon/sandbox/sandbox.cc | 3 --- + 3 files changed, 7 insertions(+), 5 deletions(-) + +diff --git a/src/daemon/sandbox/controller/controller.h b/src/daemon/sandbox/controller/controller.h +index f479a0ac..9ad45855 100644 +--- a/src/daemon/sandbox/controller/controller.h ++++ b/src/daemon/sandbox/controller/controller.h +@@ -27,6 +27,9 @@ + + namespace sandbox { + ++#define SANDBOX_READY_STATE_STR "SANDBOX_READY" ++#define SANDBOX_NOTREADY_STATE_STR "SANDBOX_NOTREADY" ++ + struct ControllerMountInfo { + std::string source; + std::string destination; +diff --git a/src/daemon/sandbox/controller/shim/shim_controller.cc b/src/daemon/sandbox/controller/shim/shim_controller.cc +index 4da637c7..ce09c076 100644 +--- a/src/daemon/sandbox/controller/shim/shim_controller.cc ++++ b/src/daemon/sandbox/controller/shim/shim_controller.cc +@@ -446,8 +446,10 @@ void ShimController::InspectResponseToSandboxStatus(container_inspect *inspect, + sandboxStatus.id = inspect->id; + if (inspect->state != nullptr) { + sandboxStatus.pid = inspect->state->pid; +- if (inspect->state->status != nullptr) { +- sandboxStatus.state = std::string(inspect->state->status); ++ if (inspect->state->running) { ++ sandboxStatus.state = std::string(SANDBOX_READY_STATE_STR); ++ } else { ++ sandboxStatus.state = std::string(SANDBOX_NOTREADY_STATE_STR); + } + } + +diff --git a/src/daemon/sandbox/sandbox.cc b/src/daemon/sandbox/sandbox.cc +index 279bf628..d44abb99 100644 +--- a/src/daemon/sandbox/sandbox.cc ++++ b/src/daemon/sandbox/sandbox.cc +@@ -39,9 +39,6 @@ + #include "utils_timestamp.h" + #include "mailbox.h" + +-#define SANDBOX_READY_STATE_STR "SANDBOX_READY" +-#define SANDBOX_NOTREADY_STATE_STR "SANDBOX_NOTREADY" +- + namespace sandbox { + + const std::string SHM_MOUNT_POINT = "/dev/shm"; +-- +2.34.1 + diff --git a/0083-fix-bug-for-invalid-env-write.patch b/0083-fix-bug-for-invalid-env-write.patch new file mode 100644 index 0000000000000000000000000000000000000000..527fe0ffb919e384cf85795568cfd265b99350a7 --- /dev/null +++ b/0083-fix-bug-for-invalid-env-write.patch @@ -0,0 +1,158 @@ +From fb48f036fece9d64c4cfc19c52091afad5f42fd9 Mon Sep 17 00:00:00 2001 +From: jikai +Date: Sat, 11 May 2024 03:46:02 +0000 +Subject: [PATCH 83/85] fix bug for invalid env write + +Signed-off-by: jikai +--- + src/daemon/modules/spec/specs_extend.c | 57 +++++++++----------------- + src/utils/cutils/utils_verify.c | 25 +++++++++++ + src/utils/cutils/utils_verify.h | 2 + + 3 files changed, 46 insertions(+), 38 deletions(-) + +diff --git a/src/daemon/modules/spec/specs_extend.c b/src/daemon/modules/spec/specs_extend.c +index 4c154281..f4208405 100644 +--- a/src/daemon/modules/spec/specs_extend.c ++++ b/src/daemon/modules/spec/specs_extend.c +@@ -190,41 +190,33 @@ int make_userns_remap(oci_runtime_spec *container, const char *user_remap) + static int generate_env_map_from_file(FILE *fp, json_map_string_string *env_map) + { + int ret = 0; +- char *key = NULL; +- char *value = NULL; +- char *pline = NULL; ++ __isula_auto_free char *pline = NULL; + size_t length = 0; +- char *saveptr = NULL; +- char empty_str[1] = {'\0'}; + + while (getline(&pline, &length, fp) != -1) { ++ __isula_auto_free char *key = NULL; ++ __isula_auto_free char *value = NULL; + util_trim_newline(pline); + pline = util_trim_space(pline); + if (pline == NULL || pline[0] == '#') { + continue; + } +- key = strtok_r(pline, "=", &saveptr); +- value = strtok_r(NULL, "=", &saveptr); +- // value of an env varible is allowed to be empty +- value = value ? value : empty_str; +- if (key != NULL) { +- key = util_trim_space(key); +- value = util_trim_space(value); +- if ((size_t)(MAX_BUFFER_SIZE - 1) - strlen(key) < strlen(value)) { +- ERROR("env length exceed %d bytes", MAX_BUFFER_SIZE); +- ret = -1; +- goto out; +- } +- ret = append_json_map_string_string(env_map, key, value); +- if (ret < 0) { +- ERROR("append env to map failed"); +- goto out; +- } ++ if (util_valid_split_env(pline, &key, &value) < 0) { ++ // ignore invalid env ++ continue; ++ } ++ if ((size_t)(MAX_BUFFER_SIZE - 1) - strlen(key) < strlen(value)) { ++ ERROR("env length exceed %d bytes", MAX_BUFFER_SIZE); ++ return -1; ++ } ++ ret = append_json_map_string_string(env_map, key, value); ++ if (ret < 0) { ++ ERROR("append env to map failed"); ++ return -1; + } + } +-out: +- free(pline); +- return ret; ++ ++ return 0; + } + + static json_map_string_string *parse_env_target_file(const char *env_path) +@@ -293,28 +285,17 @@ static int do_append_env(char ***env, size_t *env_len, const char *key, const ch + static int check_env_need_append(const oci_runtime_spec *oci_spec, const char *env_key, bool *is_append) + { + size_t i = 0; +- char *key = NULL; +- char *saveptr = NULL; + + for (i = 0; i < oci_spec->process->env_len; i++) { +- char *tmp_env = NULL; +- tmp_env = util_strdup_s(oci_spec->process->env[i]); +- key = strtok_r(tmp_env, "=", &saveptr); +- // value of an env varible is allowed to be empty +- if (key == NULL) { ++ __isula_auto_free char *key = NULL; ++ if (util_valid_split_env(oci_spec->process->env[i], &key, NULL) < 0) { + ERROR("Bad env format"); +- free(tmp_env); +- tmp_env = NULL; + return -1; + } + if (strcmp(key, env_key) == 0) { + *is_append = false; +- free(tmp_env); +- tmp_env = NULL; + return 0; + } +- free(tmp_env); +- tmp_env = NULL; + } + return 0; + } +diff --git a/src/utils/cutils/utils_verify.c b/src/utils/cutils/utils_verify.c +index 474e28f0..6f1da12c 100644 +--- a/src/utils/cutils/utils_verify.c ++++ b/src/utils/cutils/utils_verify.c +@@ -651,6 +651,31 @@ bool util_valid_device_cgroup_rule(const char *value) + return util_reg_match(patten, value) == 0; + } + ++int util_valid_split_env(const char *env, char **key, char **value) ++{ ++ __isula_auto_array_t char **arr = NULL; ++ ++ arr = util_string_split_n(env, '=', 2); ++ if (arr == NULL) { ++ ERROR("Failed to split env string"); ++ return -1; ++ } ++ ++ if (strlen(arr[0]) == 0) { ++ ERROR("Invalid environment variable: %s", env); ++ return -1; ++ } ++ ++ if (key != NULL) { ++ *key = util_strdup_s(arr[0]); ++ } ++ if (value != NULL) { ++ *value = util_strdup_s(util_array_len((const char **)arr) > 1 ? arr[1] : ""); ++ } ++ ++ return 0; ++} ++ + int util_valid_env(const char *env, char **dst) + { + int ret = 0; +diff --git a/src/utils/cutils/utils_verify.h b/src/utils/cutils/utils_verify.h +index fc59f6c0..58b22b85 100644 +--- a/src/utils/cutils/utils_verify.h ++++ b/src/utils/cutils/utils_verify.h +@@ -119,6 +119,8 @@ bool util_valid_positive_interger(const char *value); + + bool util_valid_device_cgroup_rule(const char *value); + ++int util_valid_split_env(const char *env, char **key, char **value); ++ + int util_valid_env(const char *env, char **dst); + + bool util_valid_sysctl(const char *sysctl_key); +-- +2.34.1 + diff --git a/0084-trim-key-value-for-env.patch b/0084-trim-key-value-for-env.patch new file mode 100644 index 0000000000000000000000000000000000000000..628f77dc6e753614b9050afc2e71c0ff448daf15 --- /dev/null +++ b/0084-trim-key-value-for-env.patch @@ -0,0 +1,26 @@ +From de9ed770a254c8f67ac228f56fe461e1c834609c Mon Sep 17 00:00:00 2001 +From: jikai +Date: Sat, 11 May 2024 07:51:35 +0000 +Subject: [PATCH 84/85] trim key/value for env + +Signed-off-by: jikai +--- + src/daemon/modules/spec/specs_extend.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/daemon/modules/spec/specs_extend.c b/src/daemon/modules/spec/specs_extend.c +index f4208405..926aaf3c 100644 +--- a/src/daemon/modules/spec/specs_extend.c ++++ b/src/daemon/modules/spec/specs_extend.c +@@ -205,6 +205,8 @@ static int generate_env_map_from_file(FILE *fp, json_map_string_string *env_map) + // ignore invalid env + continue; + } ++ key = util_trim_space(key); ++ value = util_trim_space(value); + if ((size_t)(MAX_BUFFER_SIZE - 1) - strlen(key) < strlen(value)) { + ERROR("env length exceed %d bytes", MAX_BUFFER_SIZE); + return -1; +-- +2.34.1 + diff --git a/0085-cdi-allow-env-variable-has-an-empty-value.patch b/0085-cdi-allow-env-variable-has-an-empty-value.patch new file mode 100644 index 0000000000000000000000000000000000000000..a694d75e8c74537d702d4dd34a9b78bfc489559e --- /dev/null +++ b/0085-cdi-allow-env-variable-has-an-empty-value.patch @@ -0,0 +1,135 @@ +From 9208d73274da0bd18c0d77cdf59ead3dc8e06021 Mon Sep 17 00:00:00 2001 +From: liuxu +Date: Fri, 10 May 2024 18:12:49 +0800 +Subject: [PATCH 85/85] cdi:allow env variable has an empty value + +Signed-off-by: liuxu +--- + src/daemon/modules/spec/specs.c | 28 ++++++---------------------- + test/specs/specs/specs_ut.cc | 16 ++++++++-------- + 2 files changed, 14 insertions(+), 30 deletions(-) + +diff --git a/src/daemon/modules/spec/specs.c b/src/daemon/modules/spec/specs.c +index 65a860d4..e779c22e 100644 +--- a/src/daemon/modules/spec/specs.c ++++ b/src/daemon/modules/spec/specs.c +@@ -2607,17 +2607,11 @@ int spec_module_init(void) + static int add_env(defs_process *dp, const char *env, const char *key) + { + size_t i; +- char *oci_key = NULL; +- char *oci_value = NULL; +- char *saveptr = NULL; +- __isula_auto_free char *tmp_env = NULL; + + for (i = 0; i < dp->env_len; i++) { +- tmp_env = util_strdup_s(dp->env[i]); +- oci_key = strtok_r(tmp_env, "=", &saveptr); +- oci_value = strtok_r(NULL, "=", &saveptr); +- if (oci_key == NULL || oci_value == NULL) { +- ERROR("Bad env format"); ++ __isula_auto_free char *oci_key = NULL; ++ if (util_valid_split_env(dp->env[i], &oci_key, NULL) < 0) { ++ ERROR("Bad env format, %s", dp->env[i]); + return -1; + } + if (strcmp(key, oci_key) == 0) { +@@ -2625,8 +2619,6 @@ static int add_env(defs_process *dp, const char *env, const char *key) + dp->env[i] = util_strdup_s(env); + return 0; + } +- free(tmp_env); +- tmp_env = NULL; + } + if (util_mem_realloc((void **)&dp->env, (dp->env_len + 1) * sizeof(char *), + (void *)dp->env, dp->env_len * sizeof(char *)) != 0) { +@@ -2641,10 +2633,6 @@ static int add_env(defs_process *dp, const char *env, const char *key) + int defs_process_add_multiple_env(defs_process *dp, const char **envs, size_t env_len) + { + size_t i; +- char *key = NULL; +- char *value = NULL; +- char *saveptr = NULL; +- __isula_auto_free char *tmp_env = NULL; + + if (envs == NULL || env_len == 0) { + DEBUG("empty envs"); +@@ -2656,18 +2644,14 @@ int defs_process_add_multiple_env(defs_process *dp, const char **envs, size_t en + } + + for (i = 0; i < env_len; i++) { +- tmp_env = util_strdup_s(envs[i]); +- key = strtok_r(tmp_env, "=", &saveptr); +- value = strtok_r(NULL, "=", &saveptr); +- if (key == NULL || value == NULL) { +- ERROR("Bad env format: %s", tmp_env); ++ __isula_auto_free char *key = NULL; ++ if (util_valid_split_env(envs[i], &key, NULL) < 0) { ++ ERROR("Bad env format: %s", envs[i]); + return -1; + } + if (add_env(dp, envs[i], key) != 0) { + return -1; + } +- free(tmp_env); +- tmp_env = NULL; + } + + return 0; +diff --git a/test/specs/specs/specs_ut.cc b/test/specs/specs/specs_ut.cc +index 47836e5b..3f108f0f 100644 +--- a/test/specs/specs/specs_ut.cc ++++ b/test/specs/specs/specs_ut.cc +@@ -593,20 +593,20 @@ TEST_F(SpecsUnitTest, test_defs_process_add_multiple_env) + ASSERT_EQ(defs_process_add_multiple_env(dp, (const char **)envs, env_len), -1); + free(envs[0]); + envs[0] = util_strdup_s("key0="); +- ASSERT_EQ(defs_process_add_multiple_env(dp, (const char **)envs, env_len), -1); ++ ASSERT_EQ(defs_process_add_multiple_env(dp, (const char **)envs, env_len), 0); + free(envs[0]); + envs[0] = util_strdup_s("key0xxxx"); +- ASSERT_EQ(defs_process_add_multiple_env(dp, (const char **)envs, env_len), -1); ++ ASSERT_EQ(defs_process_add_multiple_env(dp, (const char **)envs, env_len), 0); + + free(dp->env[0]); + dp->env[0] = util_strdup_s("=value0"); + ASSERT_EQ(defs_process_add_multiple_env(dp, (const char **)envs, env_len), -1); + free(dp->env[0]); + dp->env[0] = util_strdup_s("key0="); +- ASSERT_EQ(defs_process_add_multiple_env(dp, (const char **)envs, env_len), -1); ++ ASSERT_EQ(defs_process_add_multiple_env(dp, (const char **)envs, env_len), 0); + free(dp->env[0]); + dp->env[0] = util_strdup_s("key0xxxx"); +- ASSERT_EQ(defs_process_add_multiple_env(dp, (const char **)envs, env_len), -1); ++ ASSERT_EQ(defs_process_add_multiple_env(dp, (const char **)envs, env_len), 0); + + free_defs_process(dp); + free(envs[0]); +@@ -644,20 +644,20 @@ TEST_F(SpecsUnitTest, test_spec_add_multiple_process_env) + ASSERT_EQ(spec_add_multiple_process_env(oci_spec, (const char **)envs, env_len), -1); + free(envs[0]); + envs[0] = util_strdup_s("key0="); +- ASSERT_EQ(spec_add_multiple_process_env(oci_spec, (const char **)envs, env_len), -1); ++ ASSERT_EQ(spec_add_multiple_process_env(oci_spec, (const char **)envs, env_len), 0); + free(envs[0]); + envs[0] = util_strdup_s("key0xxxx"); +- ASSERT_EQ(spec_add_multiple_process_env(oci_spec, (const char **)envs, env_len), -1); ++ ASSERT_EQ(spec_add_multiple_process_env(oci_spec, (const char **)envs, env_len), 0); + + free(oci_spec->process->env[0]); + oci_spec->process->env[0] = util_strdup_s("=value0"); + ASSERT_EQ(spec_add_multiple_process_env(oci_spec, (const char **)envs, env_len), -1); + free(oci_spec->process->env[0]); + oci_spec->process->env[0] = util_strdup_s("key0="); +- ASSERT_EQ(spec_add_multiple_process_env(oci_spec, (const char **)envs, env_len), -1); ++ ASSERT_EQ(spec_add_multiple_process_env(oci_spec, (const char **)envs, env_len), 0); + free(oci_spec->process->env[0]); + oci_spec->process->env[0] = util_strdup_s("key0xxxx"); +- ASSERT_EQ(spec_add_multiple_process_env(oci_spec, (const char **)envs, env_len), -1); ++ ASSERT_EQ(spec_add_multiple_process_env(oci_spec, (const char **)envs, env_len), 0); + + free_oci_runtime_spec(oci_spec); + free(envs[0]); +-- +2.34.1 + diff --git a/iSulad.spec b/iSulad.spec index 15f06d1c2f447c29413d54f6e5aac9e52f74cfd3..460c059118f650d548800fdb54c8df7ed93dfda8 100644 --- a/iSulad.spec +++ b/iSulad.spec @@ -1,5 +1,5 @@ %global _version 2.1.5 -%global _release 8 +%global _release 9 %global is_systemd 1 %global enable_criv1 1 %global enable_cdi 1 @@ -94,6 +94,13 @@ Patch0075: 0075-bugfix-for-setting-cpu-rt-to-a-negative-value-when-e.patch Patch0076: 0076-cdi-add-UT.patch Patch0077: 0077-remove-extra-s-in-CreateContainerLogSymlink.patch Patch0078: 0078-allow-env-variable-has-an-empty-value.patch +Patch0079: 0079-Fix-Failed-to-execute-image-pull-on-name-tag-digest-.patch +Patch0080: 0080-bugfix-for-hostname-env-set-only-once.patch +Patch0081: 0081-set-the-sandbox-status-to-not-ready-under-abnormal-c.patch +Patch0082: 0082-fix-shim-controller-set-incorrect-sandbox-status-sta.patch +Patch0083: 0083-fix-bug-for-invalid-env-write.patch +Patch0084: 0084-trim-key-value-for-env.patch +Patch0085: 0085-cdi-allow-env-variable-has-an-empty-value.patch %ifarch x86_64 aarch64 Provides: libhttpclient.so()(64bit) @@ -351,6 +358,12 @@ fi %endif %changelog +* Sat May 11 2024 liuxu - 2.1.5-9 +- Type: update +- ID: NA +- SUG: NA +- DESC: upgrade from upstream + * Mon Apr 29 2024 zhongtao - 2.1.5-8 - Type: update - ID: NA