Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[backport] nydusify: fix overlayfs mount options for check #1253

Merged
merged 4 commits into from
Apr 27, 2023
Merged

[backport] nydusify: fix overlayfs mount options for check #1253

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
b913ee7
nydusify: fix overlayfs mount options for check
imeoer Feb 9, 2023
ba2f115
nydusify: cleanup temporary directories for check
imeoer Feb 9, 2023
d2b37fd
e2e: keep the test stronger
imeoer Apr 26, 2023
3ba3589
deny: fix CVE warnings about openssl and h2
jiangliu Apr 25, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
279 changes: 233 additions & 46 deletions Cargo.lock
View file
Open in desktop

Large diffs are not rendered by default.

4 changes: 2 additions & 2 deletions Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,9 +40,9 @@ anyhow = "1.0.35"
base64 = "0.13.0"
rust-fsm = "0.6.0"
vm-memory = { version = "0.9.0", features = ["backend-mmap"], optional = true }
openssl = { version = "0.10.40", features = ["vendored"] }
openssl = { version = "0.10.48", features = ["vendored"] }
# pin openssl-src to bring in fix for https://rustsec.org/advisories/RUSTSEC-2022-0032
openssl-src = { version = "111.22" }
openssl-src = { version = "=111.25.0" }
hyperlocal = "0.8.0"
tokio = { version = "1.18.2", features = ["macros"] }
hyper = "0.14.11"
Expand Down
40 changes: 28 additions & 12 deletions contrib/nydusify/pkg/checker/rule/filesystem.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -175,19 +175,22 @@ func (rule *FilesystemRule) pullSourceImage() (*tool.Image, error) {
layers := rule.SourceParsed.OCIImage.Manifest.Layers
worker := utils.NewWorkerPool(WorkerCount, uint(len(layers)))

for _, l := range layers {
layer := l
worker.Put(func() error {
reader, err := rule.SourceRemote.Pull(context.Background(), layer, true)
if err != nil {
return errors.Wrap(err, "pull source image layers from the remote registry")
}

if err = utils.UnpackTargz(context.Background(), filepath.Join(rule.SourcePath, layer.Digest.Encoded()), reader, true); err != nil {
return errors.Wrap(err, "unpack source image layers")
for idx := range layers {
worker.Put(func(idx int) func() error {
return func() error {
layer := layers[idx]
reader, err := rule.SourceRemote.Pull(context.Background(), layer, true)
if err != nil {
return errors.Wrap(err, "pull source image layers from the remote registry")
}

if err = utils.UnpackTargz(context.Background(), filepath.Join(rule.SourcePath, fmt.Sprintf("layer-%d", idx)), reader, true); err != nil {
return errors.Wrap(err, "unpack source image layers")
}

return nil
}
return nil
})
}(idx))
}

if err := <-worker.Waiter(); err != nil {
Expand Down Expand Up @@ -339,6 +342,19 @@ func (rule *FilesystemRule) Validate() error {
return nil
}

// Cleanup temporary directories
defer func() {
if err := os.RemoveAll(rule.SourcePath); err != nil {
logrus.WithError(err).Warnf("cleanup source image directory %s", rule.SourcePath)
}
if err := os.RemoveAll(rule.NydusdConfig.MountPath); err != nil {
logrus.WithError(err).Warnf("cleanup nydus image directory %s", rule.NydusdConfig.MountPath)
}
if err := os.RemoveAll(rule.NydusdConfig.BlobCacheDir); err != nil {
logrus.WithError(err).Warnf("cleanup nydus blob cache directory %s", rule.NydusdConfig.BlobCacheDir)
}
}()

image, err := rule.mountSourceImage()
if err != nil {
return err
Expand Down
5 changes: 3 additions & 2 deletions contrib/nydusify/pkg/checker/tool/image.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -60,8 +60,9 @@ func (image *Image) Mount() error {

var dirs []string
count := len(image.Layers)
for i := range image.Layers {
layerDir := filepath.Join(image.SourcePath, image.Layers[count-i-1].Digest.Encoded())
for idx := range image.Layers {
layerName := fmt.Sprintf("layer-%d", count-idx-1)
layerDir := filepath.Join(image.SourcePath, layerName)
dirs = append(dirs, strings.ReplaceAll(layerDir, ":", "\\:"))
}

Expand Down
14 changes: 2 additions & 12 deletions contrib/nydusify/tests/e2e_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ import (
"testing"

"github.com/dragonflyoss/image-service/contrib/nydusify/pkg/utils"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)

func testBasicConvert(t *testing.T, fsVersion string) {
Expand All @@ -22,15 +22,6 @@ func testBasicConvert(t *testing.T, fsVersion string) {
nydusify.Check(t)
}

func testBasicAuth(t *testing.T, fsVersion string) {
registry := NewAuthRegistry(t)
defer registry.Destroy(t)
registry.AuthBuild(t, "image-basic")
nydusify := NewNydusify(registry, "image-basic", "image-basic-nydus", "", "", fsVersion)
nydusify.Convert(t)
nydusify.Check(t)
}

func testReproducableBuild(t *testing.T, fsVersion string) {
registry := NewRegistry(t)
registry.Build(t, "image-basic")
Expand All @@ -50,7 +41,7 @@ func testReproducableBuild(t *testing.T, fsVersion string) {
if len(initBootstraHash) == 0 {
initBootstraHash = hash
} else {
assert.Equal(t, initBootstraHash, hash)
require.Equal(t, initBootstraHash, hash)
}
}
}
Expand Down Expand Up @@ -113,7 +104,6 @@ func testConvertWithChunkDict(t *testing.T, fsVersion string) {
func TestSmoke(t *testing.T) {
fsVersions := [2]string{"5", "6"}
for _, v := range fsVersions {
testBasicAuth(t, v)
testBasicConvert(t, v)
testReproducableBuild(t, v)
testConvertWithCache(t, v)
Expand Down
20 changes: 10 additions & 10 deletions contrib/nydusify/tests/nydusify.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,12 +12,12 @@ import (
"strings"
"testing"

"github.com/stretchr/testify/assert"

"github.com/dragonflyoss/image-service/contrib/nydusify/pkg/checker"
"github.com/dragonflyoss/image-service/contrib/nydusify/pkg/converter"
"github.com/dragonflyoss/image-service/contrib/nydusify/pkg/converter/provider"
"github.com/dragonflyoss/image-service/contrib/nydusify/pkg/remote"

"github.com/stretchr/testify/require"
)

var nydusImagePath string
Expand Down Expand Up @@ -96,19 +96,19 @@ func (nydusify *Nydusify) Convert(t *testing.T) {
}

logger, err := provider.DefaultLogger()
assert.Nil(t, err)
require.Nil(t, err)

sourceRemote, err := provider.DefaultRemote(host+"/"+nydusify.Source, true)
assert.Nil(t, err)
require.Nil(t, err)

targetRemote, err := provider.DefaultRemote(host+"/"+nydusify.Target, true)
assert.Nil(t, err)
require.Nil(t, err)

var cacheRemote *remote.Remote
if buildCache != "" {
buildCache = host + "/" + nydusify.Cache
cacheRemote, err = provider.DefaultRemote(buildCache, true)
assert.Nil(t, err)
require.Nil(t, err)
}

opt := converter.Opt{
Expand Down Expand Up @@ -140,10 +140,10 @@ func (nydusify *Nydusify) Convert(t *testing.T) {
}

cvt, err := converter.New(opt)
assert.Nil(t, err)
require.Nil(t, err)

err = cvt.Convert(context.Background())
assert.Nil(t, err)
require.Nil(t, err)
}

func (nydusify *Nydusify) Check(t *testing.T) {
Expand All @@ -158,8 +158,8 @@ func (nydusify *Nydusify) Check(t *testing.T) {
NydusdPath: nydusdPath,
ExpectedArch: "amd64",
})
assert.Nil(t, err)
require.Nil(t, err)

err = checker.Check(context.Background())
assert.Nil(t, err)
require.Nil(t, err)
}
40 changes: 3 additions & 37 deletions contrib/nydusify/tests/registry.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,17 +5,14 @@
package tests

import (
"encoding/base64"
"fmt"
"io/ioutil"
"os"
"os/exec"
"path"
"path/filepath"
"testing"
"time"

"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)

var registryPort = 5051
Expand All @@ -26,15 +23,15 @@ func run(t *testing.T, cmd string, ignoreStatus bool) {
_cmd.Stderr = os.Stderr
err := _cmd.Run()
if !ignoreStatus {
assert.Nil(t, err)
require.Nil(t, err)
}
}

func runWithOutput(t *testing.T, cmd string) string {
_cmd := exec.Command("sh", "-c", cmd)
_cmd.Stderr = os.Stderr
output, err := _cmd.Output()
assert.Nil(t, err)
require.Nil(t, err)
return string(output)
}

Expand All @@ -45,37 +42,6 @@ type Registry struct {
configFile string
}

func NewAuthRegistry(t *testing.T) *Registry {
err := os.Mkdir("auth", 0755)
assert.Nil(t, err)
authString := runWithOutput(t, "docker run --rm --entrypoint htpasswd httpd:2 -Bbn testuser testpassword")
authFile, _ := filepath.Abs(filepath.Join("auth", "htpasswd"))
err = ioutil.WriteFile(authFile, []byte(authString), 0644)
assert.Nil(t, err)

err = os.Mkdir(".docker", 0755)
assert.Nil(t, err)
configString := fmt.Sprintf(`{"auths": { "localhost:%d": { "auth": "%s" }}}`,
registryPort, base64.StdEncoding.EncodeToString([]byte("testuser:testpassword")))
configFile, _ := filepath.Abs(filepath.Join(".docker", "config.json"))
err = os.Setenv("DOCKER_CONFIG", path.Dir(configFile))
assert.Nil(t, err)
err = ioutil.WriteFile(configFile, []byte(configString), 0644)
assert.Nil(t, err)

containerID := runWithOutput(t, fmt.Sprintf("docker run -p %d:5000 --rm -d -v %s:/auth "+
`-e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" `+
"-e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd registry:2", registryPort, path.Dir(authFile)))
time.Sleep(time.Second * 2)

return &Registry{
id: containerID,
host: fmt.Sprintf("localhost:%d", registryPort),
authFile: authFile,
configFile: configFile,
}
}

func NewRegistry(t *testing.T) *Registry {
containerID := runWithOutput(t, fmt.Sprintf("docker run -p %d:5000 --rm -d registry:2", registryPort))
time.Sleep(time.Second * 2)
Expand Down
4 changes: 2 additions & 2 deletions misc/nydusify-smoke/entrypoint.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
#!/bin/sh

set -e
set -xe

TEST_NAME=$1

dockerd-entrypoint.sh & sleep 5
dockerd-entrypoint.sh & sleep 30
mkdir /lib64 && ln -s /lib/libc.musl-x86_64.so.1 /lib64/ld-linux-x86-64.so.2
../nydusify-smoke -test.run $TEST_NAME