diff --git a/0001-KubeOS-add-oci-image-digests-check-when-upgrade-and-.patch b/0001-KubeOS-add-oci-image-digests-check-when-upgrade-and-.patch deleted file mode 100644 index 6cd006f..0000000 --- a/0001-KubeOS-add-oci-image-digests-check-when-upgrade-and-.patch +++ /dev/null @@ -1,116 +0,0 @@ -From 42f5a3e38ea6e23f5aff146f65ad20025088fc84 Mon Sep 17 00:00:00 2001 -From: liyuanr -Date: Mon, 29 May 2023 11:12:52 +0800 -Subject: [PATCH] KubeOS: add oci image digests check when upgrade and fix the - issue with the software version display - -add check of digests of the oci image for upgrade after -os-agent pulls image when os upgrading. - -Fix the issue where the softwares version is empty - -Signed-off-by: liyuanr ---- - Makefile | 2 +- - cmd/agent/server/containerd_image.go | 3 ++ - cmd/agent/server/docker_image.go | 3 ++ - cmd/agent/server/utils.go | 44 ++++++++++++++++++++++++++++ - docs/quick-start.md | 8 ++--- - 5 files changed, 55 insertions(+), 5 deletions(-) - -diff --git a/Makefile b/Makefile -index 9d9fbea..27cf175 100644 ---- a/Makefile -+++ b/Makefile -@@ -30,7 +30,7 @@ endif - - VERSION_FILE := ./VERSION - VERSION := $(shell cat $(VERSION_FILE)) --PACKAGE:=openeuler.org/saiyan/pkg/version -+PACKAGE:=openeuler.org/KubeOS/pkg/version - BUILDFLAGS = -buildmode=pie -trimpath - LDFLAGS = -w -s -buildid=IdByKubeOS -linkmode=external -extldflags=-static -extldflags=-zrelro -extldflags=-Wl,-z,now -X ${PACKAGE}.Version=${VERSION} - ENV = CGO_CFLAGS="-fstack-protector-all" CGO_CPPFLAGS="-D_FORTIFY_SOURCE=2 -O2" -diff --git a/cmd/agent/server/containerd_image.go b/cmd/agent/server/containerd_image.go -index 0b614b5..b019b72 100644 ---- a/cmd/agent/server/containerd_image.go -+++ b/cmd/agent/server/containerd_image.go -@@ -48,6 +48,9 @@ func (c conImageHandler) getRootfsArchive(req *pb.UpdateRequest, neededPath prep - if err := runCommand("crictl", "pull", imageName); err != nil { - return "", err - } -+ if err := checkOCIImageDigestMatch("containerd", imageName, req.CheckSum); err != nil { -+ return "", err -+ } - if err := checkAndCleanMount(mountPath); err != nil { - logrus.Errorln("containerd clean environment error", err) - return "", err -diff --git a/cmd/agent/server/docker_image.go b/cmd/agent/server/docker_image.go -index 2a52634..e6fa9d6 100644 ---- a/cmd/agent/server/docker_image.go -+++ b/cmd/agent/server/docker_image.go -@@ -38,6 +38,9 @@ func (d dockerImageHandler) getRootfsArchive(req *pb.UpdateRequest, neededPath p - if err := runCommand("docker", "pull", imageName); err != nil { - return "", err - } -+ if err := checkOCIImageDigestMatch("docker", imageName, req.CheckSum); err != nil { -+ return "", err -+ } - containerName := "kubeos-temp" - dockerPsCmd := "docker ps -a -f=name=" + containerName + "| awk 'NR==2' | awk '{print $1}'" - existId, err := runCommandWithOut("bash", "-c", dockerPsCmd) -diff --git a/cmd/agent/server/utils.go b/cmd/agent/server/utils.go -index 111497c..092417b 100644 ---- a/cmd/agent/server/utils.go -+++ b/cmd/agent/server/utils.go -@@ -264,3 +264,47 @@ func checkFileExist(path string) (bool, error) { - return false, err - } - } -+ -+func checkOCIImageDigestMatch(containerRuntime string, imageName string, checkSum string) error { -+ var cmdOutput string -+ var err error -+ switch containerRuntime { -+ case "containerd": -+ cmdOutput, err = runCommandWithOut("crictl", "inspecti", "--output", "go-template", -+ "--template", "{{.status.repoDigests}}", imageName) -+ if err != nil { -+ return err -+ } -+ case "docker": -+ cmdOutput, err = runCommandWithOut("docker", "inspect", "--format", "{{.RepoDigests}}", imageName) -+ if err != nil { -+ return err -+ } -+ default: -+ logrus.Errorln("containerRuntime ", containerRuntime, " cannot be recognized") -+ return fmt.Errorf("containerRuntime %s cannot be recognized", containerRuntime) -+ } -+ // cmdOutput format is as follows: -+ // [imageRepository/imageName:imageTag@sha256:digests] -+ // parse the output and get digest -+ var imageDigests string -+ outArray := strings.Split(cmdOutput, "@") -+ if strings.HasPrefix(outArray[len(outArray)-1], "sha256") { -+ pasredArray := strings.Split(strings.TrimSuffix(outArray[len(outArray)-1], "]"), ":") -+ // 2 is the expected length of the array after dividing "imageName:imageTag@sha256:digests" based on ':' -+ rightLen := 2 -+ if len(pasredArray) == rightLen { -+ digestIndex := 1 // 1 is the index of digest data in pasredArray -+ imageDigests = pasredArray[digestIndex] -+ } -+ } -+ if imageDigests == "" { -+ logrus.Errorln("error when get ", imageName, " digests") -+ return fmt.Errorf("error when get %s digests", imageName) -+ } -+ if imageDigests != checkSum { -+ logrus.Errorln("checkSumFailed ", imageDigests, " mismatch to ", checkSum) -+ return fmt.Errorf("checkSumFailed %s mismatch to %s", imageDigests, checkSum) -+ } -+ return nil -+} --- -2.33.0.windows.2 - diff --git a/0002-KubeOS-support-generate-coredump.patch b/0002-KubeOS-support-generate-coredump.patch deleted file mode 100644 index 4583fc3..0000000 --- a/0002-KubeOS-support-generate-coredump.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 20d0487753b045a0a0af19dffd0d5deec25fd672 Mon Sep 17 00:00:00 2001 -From: liyuanr -Date: Wed, 14 Jun 2023 16:00:03 +0800 -Subject: [PATCH] KubeOS:support generate coredump - -For Go language applications, generating coredump -requires declaring the environment variable GOTRACEBACK=crash, -so the service of os agent adds Environment=GOTRACEBACK=crash -to support generating coredump - -Signed-off-by: liyuanr ---- - files/os-agent.service | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/files/os-agent.service b/files/os-agent.service -index cf71d08..f778804 100644 ---- a/files/os-agent.service -+++ b/files/os-agent.service -@@ -12,6 +12,7 @@ - Description=Agent For KubeOS - - [Service] -+Environment=GOTRACEBACK=crash - ExecStart=/usr/bin/os-agent - KillMode=process - Restart=on-failure --- -2.33.0.windows.2 - diff --git a/KubeOS.spec b/KubeOS.spec index e937c6d..e34ddc8 100644 --- a/KubeOS.spec +++ b/KubeOS.spec @@ -1,16 +1,16 @@ # Copyright (c) Huawei Technologies Co., Ltd. 2021. All rights reserved. Name: KubeOS -Version: 1.0.3 -Release: 3 +Version: 1.0.7 +Release: 1 Summary: O&M platform used to update the whole OS as an entirety License: Mulan PSL v2 Source0: https://gitee.com/openeuler/KubeOS/repository/archive/v%{version}.tar.gz -Patch1: 0001-KubeOS-add-oci-image-digests-check-when-upgrade-and-.patch -Patch2: 0002-KubeOS-support-generate-coredump.patch + BuildRoot: %{_tmppath}/%{name}-%{version}-build -BuildRequires: make +BuildRequires: make rust cargo openssl-devel BuildRequires: golang >= 1.13 + %description This is an O&M platform used to update the whole OS as an entirety, it should be running in kubernetes environment. @@ -19,10 +19,10 @@ it should be running in kubernetes environment. %autosetup -n %{name}-v%{version} -p1 %package scripts -Summary: Scripts to build the os image and binaries of os-proxy and os-operator +Summary: CLI tool to build various type of KubeOS image and binaries of os-proxy and os-operator Requires: qemu-img, parted, bc, tar, docker, dosfstools %description scripts -The scripts package includes scripts which could build the os image and binaries of os-proxy and os-operator +The scripts package includes a cli tool which could build various type of KubeOS image and binaries of os-proxy and os-operator %define debug_package %{nil} %define __debug_install_post \ @@ -30,85 +30,53 @@ The scripts package includes scripts which could build the os image and binaries %{nil} %build +mkdir ./.cargo +cat << EOF >> ./.cargo/config.toml + +[source.crates-io] +replace-with = "vendored-sources" + +[source.vendored-sources] +directory = "KubeOS-Rust/vendor" +EOF + make %install install -d %{buildroot}%{_bindir} #install binary install -d -m 0740 %{buildroot}/opt/kubeOS/bin -install -p -m 0500 ./bin/os-agent %{buildroot}/opt/kubeOS/bin -install -p -m 0500 ./bin/proxy %{buildroot}/opt/kubeOS/bin +install -p -m 0500 ./bin/rust/release/os-agent %{buildroot}/opt/kubeOS/bin +install -p -m 0500 ./bin/rust/release/proxy %{buildroot}/opt/kubeOS/bin install -p -m 0500 ./bin/operator %{buildroot}/opt/kubeOS/bin +install -d -m 0740 %{buildroot}/opt/kubeOS/scripts +install -p -m 0500 ./bin/rust/release/kbimg %{buildroot}/opt/kubeOS/scripts #install artifacts -install -d -m 0740 %{buildroot}/opt/kubeOS/scripts -install -p -m 0600 ./scripts/rpmlist %{buildroot}/opt/kubeOS/scripts -install -p -m 0500 ./scripts/kbimg.sh %{buildroot}/opt/kubeOS/scripts -install -p -m 0500 ./scripts/set_in_chroot.sh %{buildroot}/opt/kubeOS/scripts -install -p -m 0600 ./scripts/grub.cfg %{buildroot}/opt/kubeOS/scripts -install -p -m 0500 ./scripts/bootloader.sh %{buildroot}/opt/kubeOS/scripts -install -p -m 0500 ./scripts/Dockerfile %{buildroot}/opt/kubeOS/scripts - -install -d -m 0740 %{buildroot}/opt/kubeOS/scripts/common -install -p -m 0500 ./scripts/common/globalVariables.sh %{buildroot}/opt/kubeOS/scripts/common -install -p -m 0500 ./scripts/common/log.sh %{buildroot}/opt/kubeOS/scripts/common -install -p -m 0500 ./scripts/common/utils.sh %{buildroot}/opt/kubeOS/scripts/common - -install -d -m 0740 %{buildroot}/opt/kubeOS/scripts/create -install -p -m 0500 ./scripts/create/imageCreate.sh %{buildroot}/opt/kubeOS/scripts/create -install -p -m 0500 ./scripts/create/rootfsCreate.sh %{buildroot}/opt/kubeOS/scripts/create - -install -d -m 0740 %{buildroot}/opt/kubeOS/scripts/00bootup -install -p -m 0600 ./scripts/00bootup/Global.cfg %{buildroot}/opt/kubeOS/scripts/00bootup -install -p -m 0500 ./scripts/00bootup/module-setup.sh %{buildroot}/opt/kubeOS/scripts/00bootup -install -p -m 0500 ./scripts/00bootup/mount.sh %{buildroot}/opt/kubeOS/scripts/00bootup - -install -d -m 0740 %{buildroot}/opt/kubeOS/files -install -p -m 0600 ./files/boot-efi.mount %{buildroot}/opt/kubeOS/files -install -p -m 0600 ./files/etc.mount %{buildroot}/opt/kubeOS/files -install -p -m 0600 ./files/persist.mount %{buildroot}/opt/kubeOS/files -install -p -m 0600 ./files/var.mount %{buildroot}/opt/kubeOS/files -install -p -m 0600 ./files/os-agent.service %{buildroot}/opt/kubeOS/files -install -p -m 0600 ./files/os-release %{buildroot}/opt/kubeOS/files +install -p -m 0600 ./KubeOS-Rust/kbimg/kbimg.toml %{buildroot}/opt/kubeOS/scripts %files -%attr(0500,root,root) /opt/kubeOS/bin/os-agent %defattr(-,root,root,0500) -%attr(0600,root,root) /opt/kubeOS/files/boot-efi.mount -%attr(0600,root,root) /opt/kubeOS/files/etc.mount -%attr(0600,root,root) /opt/kubeOS/files/persist.mount -%attr(0600,root,root) /opt/kubeOS/files/var.mount -%attr(0600,root,root) /opt/kubeOS/files/os-agent.service -%attr(0600,root,root) /opt/kubeOS/files/os-release +%attr(0500,root,root) /opt/kubeOS/bin/os-agent %files scripts %attr(0500,root,root) /opt/kubeOS/bin/proxy %attr(0500,root,root) /opt/kubeOS/bin/operator %defattr(-,root,root,0500) -%attr(0600,root,root) /opt/kubeOS/scripts/rpmlist -%attr(0500,root,root) /opt/kubeOS/scripts/kbimg.sh -%attr(0500,root,root) /opt/kubeOS/scripts/set_in_chroot.sh -%attr(0600,root,root) /opt/kubeOS/scripts/grub.cfg -%attr(0500,root,root) /opt/kubeOS/scripts/bootloader.sh -%attr(0500,root,root) /opt/kubeOS/scripts/Dockerfile - -%attr(0500,root,root) /opt/kubeOS/scripts/common/globalVariables.sh -%attr(0500,root,root) /opt/kubeOS/scripts/common/log.sh -%attr(0500,root,root) /opt/kubeOS/scripts/common/utils.sh - -%attr(0500,root,root) /opt/kubeOS/scripts/create/imageCreate.sh -%attr(0500,root,root) /opt/kubeOS/scripts/create/rootfsCreate.sh - -%attr(0600,root,root) /opt/kubeOS/scripts/00bootup/Global.cfg -%attr(0500,root,root) /opt/kubeOS/scripts/00bootup/module-setup.sh -%attr(0500,root,root) /opt/kubeOS/scripts/00bootup/mount.sh - +%attr(0600,root,root) /opt/kubeOS/scripts/kbimg.toml +%attr(0500,root,root) /opt/kubeOS/scripts/kbimg %clean rm -rfv %{buildroot} %changelog -* Wed June 14 2023 liyuanrong - 1.0.3-3 +* Tue Nov 26 2024 Yuhang Wei - 1.0.7-1 +- Type:requirement +- CVE:NA +- SUG:restart +- DESC:update version to 1.0.7 + +* Wed Jun 14 2023 liyuanrong - 1.0.3-3 - Type:requirement - CVE:NA - SUG:restart @@ -198,7 +166,7 @@ rm -rfv %{buildroot} - SUG:restart - DESC:fix bugs of checks in generate.sh and change module path -* Fri Oct 30 2021 liyuanrong - 1.0.1-2 +* Sat Oct 30 2021 liyuanrong - 1.0.1-2 - Type:requirement - CVE:NA - SUG:restart diff --git a/v1.0.3.tar.gz b/v1.0.3.tar.gz deleted file mode 100644 index 751d782..0000000 Binary files a/v1.0.3.tar.gz and /dev/null differ diff --git a/v1.0.7.tar.gz b/v1.0.7.tar.gz new file mode 100644 index 0000000..9912155 Binary files /dev/null and b/v1.0.7.tar.gz differ