iSulad-kit: remove seucerec new

Signed-off-by: Nopeneuler-iSula <isula@huawei.com>

cmd/isulad_kit/grpc.go

@@ -359,7 +359,6 @@ func (s *grpcImageService) PullImage(ctx context.Context, req *pb.PullImageReque
 	}
 
 	popts.tlsVerify = s.gopts.TLSVerify
-	popts.useDecryptedKey = s.gopts.UseDecryptedKey
 
 	imageRef, err := imagePull(s.gopts, popts, req.Image.Image)
 
@@ -658,7 +657,6 @@ func (s *grpcImageService) Login(ctx context.Context, req *pb.LoginRequest) (*pb
 	sys := &types.SystemContext{
 		DockerInsecureSkipTLSVerify:       types.NewOptionalBool(!s.gopts.TLSVerify),
 		DockerDaemonInsecureSkipTLSVerify: !s.gopts.TLSVerify,
-		UseDecryptedKey:                   types.NewOptionalBool(s.gopts.UseDecryptedKey),
 		AuthFilePath:                      defaultAuthFilePath(),
 	}
 
@@ -686,7 +684,6 @@ func (s *grpcImageService) Logout(ctx context.Context, req *pb.LogoutRequest) (*
 	sys := &types.SystemContext{
 		DockerInsecureSkipTLSVerify:       types.NewOptionalBool(!s.gopts.TLSVerify),
 		DockerDaemonInsecureSkipTLSVerify: !s.gopts.TLSVerify,
-		UseDecryptedKey:                   types.NewOptionalBool(s.gopts.UseDecryptedKey),
 		AuthFilePath:                      defaultAuthFilePath(),
 	}
 

cmd/isulad_kit/image_pull.go

@@ -25,11 +25,10 @@ import (
 )
 
 type pullOptions struct {
-	username        string
-	password        string
-	certDir         string
-	tlsVerify       bool
-	useDecryptedKey bool
+	username  string
+	password  string
+	certDir   string
+	tlsVerify bool
 }
 
 func decodeAuth(s string) (string, string, error) {
@@ -61,7 +60,6 @@ func imagePull(gopts *globalOptions, popts *pullOptions, image string) (string,
 	options.SourceCtx = &types.SystemContext{
 		DockerCertPath:              popts.certDir,
 		DockerInsecureSkipTLSVerify: types.NewOptionalBool(!popts.tlsVerify),
-		UseDecryptedKey:             types.NewOptionalBool(popts.useDecryptedKey),
 		AuthFilePath:                defaultAuthFilePath(),
 	}
 

cmd/isulad_kit/utils.go

@@ -45,7 +45,6 @@ type globalOptions struct {
 	InsecurePolicy     bool
 	CmdTimeout         time.Duration
 	TLSVerify          bool
-	UseDecryptedKey    bool
 
 	Daemon bool
 }
@@ -63,15 +62,6 @@ func defaultAuthFilePath() string {
 	return filepath.Join(homedir.Get(), ".isulad/auths.json")
 }
 
-func useDecryptedKey(c *cli.Context, flagPrefix string) bool {
-	if c.IsSet(flagPrefix + "use-decrypted-key") {
-		return c.BoolT(flagPrefix + "use-decrypted-key")
-	}
-
-	// If not set, default true.
-	return true
-}
-
 func tlsVerify(c *cli.Context, flagPrefix string) bool {
 	if c.IsSet(flagPrefix + "tls-verify") {
 		return c.BoolT(flagPrefix + "tls-verify")
@@ -95,7 +85,6 @@ func contextFromGlobalOptions(c *cli.Context, flagPrefix string) (*types.SystemC
 		DockerDaemonHost:                  c.String(flagPrefix + "daemon-host"),
 		DockerDaemonCertPath:              c.String(flagPrefix + "cert-dir"),
 		DockerDaemonInsecureSkipTLSVerify: !c.BoolT(flagPrefix + "tls-verify"),
-		UseDecryptedKey:                   types.NewOptionalBool(useDecryptedKey(c, flagPrefix)),
 	}
 	if c.IsSet(flagPrefix + "creds") {
 		var err error
@@ -311,6 +300,5 @@ func getGlobalOptions(c *cli.Context) (*globalOptions, error) {
 		InsecurePolicy:     c.GlobalBool("insecure-policy"),
 		CmdTimeout:         c.GlobalDuration("command-timeout"),
 		TLSVerify:          tlsVerify(c, ""),
-		UseDecryptedKey:    useDecryptedKey(c, ""),
 	}, nil
 }

patch/0001-add-image-load-time-and-append-image-names.patch

-From caa9d007c1870126c890b41f7f9cd2350446b935 Mon Sep 17 00:00:00 2001
+From fc0cf2b9187dc6fd0384efc748f788d0bb767cae Mon Sep 17 00:00:00 2001
 From: LiFeng <lifeng68@huawei.com>
 Date: Tue, 2 Apr 2019 23:37:17 -0400
-Subject: [PATCH 01/37] add image load time and append image names
+Subject: [PATCH 01/33] add image load time and append image names
 
 reason: 1. add image load time
         2. append image names when pull image

patch/0002-add-image-integration-check.patch

-From e326b7438f50255ab348c8e042f61803c43acf2f Mon Sep 17 00:00:00 2001
+From 17f8d29c68abf2c5a0e6e29df8572db3623085f7 Mon Sep 17 00:00:00 2001
 From: LiFeng <lifeng68@huawei.com>
 Date: Thu, 4 Apr 2019 11:03:15 -0400
-Subject: [PATCH 02/37] add image integration check
+Subject: [PATCH 02/33] add image integration check
 
 Signed-off-by: LiFeng <lifeng68@huawei.com>
 ---

patch/0003-vendor-support-setting-rootfs-quota.patch

-From afb41b482deb03d07739ed7abaf90a6829eb4a29 Mon Sep 17 00:00:00 2001
+From d2ab2eb5e5a15fef97aa4919c6375a5ecca3e7a4 Mon Sep 17 00:00:00 2001
 From: TanYiFeng <tanyifeng1@huawei.com>
 Date: Tue, 9 Apr 2019 01:32:27 -0400
-Subject: [PATCH 03/37] vendor: support setting rootfs quota
+Subject: [PATCH 03/33] vendor: support setting rootfs quota
 
 Signed-off-by: TanYiFeng <tanyifeng1@huawei.com>
 ---

patch/0004-isulad-kit-vendor-check-overlay-support-as-docker.patch

-From ae402a8598307fe233ef67e64d6dd4e67b808884 Mon Sep 17 00:00:00 2001
+From 8176abf4a775dd410d8aad449484948698c0514e Mon Sep 17 00:00:00 2001
 From: TanYiFeng <tanyifeng1@huawei.com>
 Date: Tue, 9 Apr 2019 12:19:49 -0400
-Subject: [PATCH 04/37] isulad-kit-vendor: check overlay support as docker
+Subject: [PATCH 04/33] isulad-kit-vendor: check overlay support as docker
 
 we may got failed if always detect multi lower layer mount,
 when writed data more than rootfs quota for arm machine

patch/0005-isulad-kit-vendor-fix-parseSize-of-float-accurancy.patch

-From a69c141629c7c194c4e5a05313d94f14fc1389a8 Mon Sep 17 00:00:00 2001
+From 5c50782ea002a38d8219b7ad4581dbbb227ae5ad Mon Sep 17 00:00:00 2001
 From: TanYiFeng <tanyifeng1@huawei.com>
 Date: Tue, 16 Apr 2019 00:44:20 -0400
-Subject: [PATCH 05/37] isulad-kit-vendor: fix parseSize of float accurancy
+Subject: [PATCH 05/33] isulad-kit-vendor: fix parseSize of float accurancy
 
 Signed-off-by: TanYiFeng <tanyifeng1@huawei.com>
 ---

patch/0006-limit-the-minimum-size-of-rootfs-quota-to-4k.patch

-From 2a88caa00212e4c6a87362804f199cc1afed9094 Mon Sep 17 00:00:00 2001
+From d926675bff5ec271b30e00fc3e7be563d8735047 Mon Sep 17 00:00:00 2001
 From: TanYiFeng <tanyifeng1@huawei.com>
 Date: Tue, 16 Apr 2019 10:53:52 -0400
-Subject: [PATCH 06/37] limit the minimum size of rootfs quota to 4k
+Subject: [PATCH 06/33] limit the minimum size of rootfs quota to 4k
 
 Signed-off-by: TanYiFeng <tanyifeng1@huawei.com>
 ---

patch/0007-delete-try-to-delete-metadata-before-image-data.patch

-From 939bc7649ade3ca4417a0904eaba2f22013b70ca Mon Sep 17 00:00:00 2001
+From 87e6994f72deafada44df64a965e0f76399cff9b Mon Sep 17 00:00:00 2001
 From: LiFeng <lifeng68@huawei.com>
 Date: Thu, 18 Apr 2019 05:04:18 -0400
-Subject: [PATCH 07/37] delete: try to delete metadata before image data
+Subject: [PATCH 07/33] delete: try to delete metadata before image data
 
 Signed-off-by: LiFeng <lifeng68@huawei.com>
 ---

patch/0008-same-add-group-should-skip.patch

-From 8ceea621c6e13f42a0219d85b3bf2342cabc798d Mon Sep 17 00:00:00 2001
+From 84bae263f4e6636aba7512d3eec672ff3fa1c999 Mon Sep 17 00:00:00 2001
 From: LiuHao <liuhao27@huawei.com>
 Date: Fri, 19 Apr 2019 17:15:29 +0800
-Subject: [PATCH 08/37] same add group should skip
+Subject: [PATCH 08/33] same add group should skip
 
 same add group should skip
 

patch/0009-add-support-pull-image-from-LSWR.patch

-From 0158e87083b81e183b40a7278c590c37620d853c Mon Sep 17 00:00:00 2001
-From: LiFeng <lifeng68@huawei.com>
-Date: Mon, 15 Apr 2019 06:43:06 -0400
-Subject: [PATCH 09/37] add support pull image from LSWR
-
-Signed-off-by: LiFeng <lifeng68@huawei.com>
----
- .../containers/image/docker/docker_client.go  | 13 +++-
- .../containers/image/oci/layout/oci_src.go    |  2 +-
- .../pkg/tlsclientconfig/tlsclientconfig.go    | 75 ++++++++++++++++++-
- .../containers/image/types/types.go           |  3 +
- 4 files changed, 88 insertions(+), 5 deletions(-)
-
-diff --git a/vendor/github.com/containers/image/docker/docker_client.go b/vendor/github.com/containers/image/docker/docker_client.go
-index 23d2ac7..6725707 100644
---- a/vendor/github.com/containers/image/docker/docker_client.go
-+++ b/vendor/github.com/containers/image/docker/docker_client.go
-@@ -53,7 +53,7 @@ var (
- 	ErrV1NotSupported = errors.New("can't talk to a V1 docker registry")
- 	// ErrUnauthorizedForCredentials is returned when the status code returned is 401
- 	ErrUnauthorizedForCredentials = errors.New("unable to retrieve auth token: invalid username/password")
--	systemPerHostCertDirPaths     = [2]string{"/etc/containers/certs.d", "/etc/docker/certs.d"}
-+	systemPerHostCertDirPaths     = [3]string{"/etc/isulad/certs.d", "/etc/containers/certs.d", "/etc/docker/certs.d"}
- )
- 
- // extensionSignature and extensionSignatureList come from github.com/openshift/origin/pkg/dockerregistry/server/signaturedispatcher.go:
-@@ -242,7 +242,16 @@ func newDockerClient(sys *types.SystemContext, registry, reference string) (*doc
- 	if err != nil {
- 		return nil, err
- 	}
--	if err := tlsclientconfig.SetupCertificates(certDir, tr.TLSClientConfig); err != nil {
-+
-+	// Check if Decrypted key shall be used (default=true) which
-+	// be specified in the SystemContext UseDecryptedKey.
-+	IsDecrypted := true
-+	if sys != nil && sys.UseDecryptedKey != types.OptionalBoolUndefined {
-+		// Only use the SystemContext if the actual value is defined.
-+		IsDecrypted = sys.UseDecryptedKey == types.OptionalBoolTrue
-+	}
-+
-+	if err := tlsclientconfig.SetupCertificates(certDir, tr.TLSClientConfig, IsDecrypted); err != nil {
- 		return nil, err
- 	}
- 
-diff --git a/vendor/github.com/containers/image/oci/layout/oci_src.go b/vendor/github.com/containers/image/oci/layout/oci_src.go
-index cc536f6..2b544c9 100644
---- a/vendor/github.com/containers/image/oci/layout/oci_src.go
-+++ b/vendor/github.com/containers/image/oci/layout/oci_src.go
-@@ -29,7 +29,7 @@ func newImageSource(sys *types.SystemContext, ref ociReference) (types.ImageSour
- 	tr.TLSClientConfig = tlsconfig.ServerDefault()
- 
- 	if sys != nil && sys.OCICertPath != "" {
--		if err := tlsclientconfig.SetupCertificates(sys.OCICertPath, tr.TLSClientConfig); err != nil {
-+		if err := tlsclientconfig.SetupCertificates(sys.OCICertPath, tr.TLSClientConfig, true); err != nil {
- 			return nil, err
- 		}
- 		tr.TLSClientConfig.InsecureSkipVerify = sys.OCIInsecureSkipTLSVerify
-diff --git a/vendor/github.com/containers/image/pkg/tlsclientconfig/tlsclientconfig.go b/vendor/github.com/containers/image/pkg/tlsclientconfig/tlsclientconfig.go
-index 6785564..b564e23 100644
---- a/vendor/github.com/containers/image/pkg/tlsclientconfig/tlsclientconfig.go
-+++ b/vendor/github.com/containers/image/pkg/tlsclientconfig/tlsclientconfig.go
-@@ -9,15 +9,75 @@ import (
- 	"path/filepath"
- 	"strings"
- 	"time"
-+	"fmt"
-+	"crypto/rand"
-+
- 
- 	"github.com/docker/go-connections/sockets"
- 	"github.com/docker/go-connections/tlsconfig"
- 	"github.com/pkg/errors"
- 	"github.com/sirupsen/logrus"
-+
-+	_ "pkg/gopkgs/cbb_adapt/src/go/aeswithkey"
-+	"pkg/gopkgs/cbb_adapt/src/go/gcrypto"
- )
- 
-+var (
-+	// ErrAlreadyExists is an error returned if an image being pushed
-+	// already exists on the remote side
-+	ErrAlreadyExists = errors.New("Image already exists")
-+	psmPath          = "/etc/isulad/psm"
-+	IsDecrypted      = false
-+)
-+
-+func decodeKeyFile(key, originKey string, directory string) error {
-+	//directory is like to /etc/docker/certs.d/ip:port
-+	fields := strings.Split(directory, "/")
-+	rootKeyFolder := fields[len(fields)-1]
-+	if len(rootKeyFolder) <= 1 {
-+		return fmt.Errorf("get rootKeyFolder err")
-+	}
-+	if env := os.Getenv("PAAS_CRYPTO_PATH"); env == "" {
-+		if err := os.Setenv("PAAS_CRYPTO_PATH", filepath.Join(psmPath, rootKeyFolder)); err != nil {
-+			return err
-+		}
-+	}
-+
-+	psmCrypto, err := gcrypto.New("aeswithkey")
-+	if err != nil {
-+		return err
-+	}
-+
-+	data, err := ioutil.ReadFile(key)
-+	if err != nil {
-+		return err
-+	}
-+
-+	decdata, err := psmCrypto.Decrypt(0, string(data))
-+	if err != nil {
-+		return err
-+	}
-+
-+	if err := ioutil.WriteFile(originKey, []byte(decdata), 0600); err != nil {
-+		return err
-+	}
-+	return nil
-+}
-+
-+func randStr(strSize int) string {
-+	dictionary := "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
-+
-+	var bytes = make([]byte, strSize)
-+	rand.Read(bytes)
-+
-+	for k, v := range bytes {
-+		bytes[k] = dictionary[v%byte(len(dictionary))]
-+	}
-+	return string(bytes)
-+}
-+
- // SetupCertificates opens all .crt, .cert, and .key files in dir and appends / loads certs and key pairs as appropriate to tlsc
--func SetupCertificates(dir string, tlsc *tls.Config) error {
-+func SetupCertificates(dir string, tlsc *tls.Config, IsDecrypted bool) error {
- 	logrus.Debugf("Looking for TLS certificates and private keys in %s", dir)
- 	fs, err := ioutil.ReadDir(dir)
- 	if err != nil {
-@@ -63,7 +123,18 @@ func SetupCertificates(dir string, tlsc *tls.Config) error {
- 			if !hasFile(fs, keyName) {
- 				return errors.Errorf("missing key %s for client certificate %s. Note that CA certificates should use the extension .crt", keyName, certName)
- 			}
--			cert, err := tls.LoadX509KeyPair(filepath.Join(dir, certName), filepath.Join(dir, keyName))
-+			keyPath := filepath.Join(dir, keyName)
-+			keyOriginPath := keyPath
-+
-+			if !IsDecrypted {
-+				keyOriginPath = filepath.Join(dir, "origin"+randStr(10)+keyName)
-+				defer os.Remove(keyOriginPath)
-+				if err := decodeKeyFile(keyPath, keyOriginPath, dir); err != nil {
-+					return err
-+				}
-+			}
-+
-+			cert, err := tls.LoadX509KeyPair(filepath.Join(dir, certName), keyOriginPath)
- 			if err != nil {
- 				return err
- 			}
-diff --git a/vendor/github.com/containers/image/types/types.go b/vendor/github.com/containers/image/types/types.go
-index 9fdab23..814218d 100644
---- a/vendor/github.com/containers/image/types/types.go
-+++ b/vendor/github.com/containers/image/types/types.go
-@@ -509,6 +509,9 @@ type SystemContext struct {
- 	// === dir.Transport overrides ===
- 	// DirForceCompress compresses the image layers if set to true
- 	DirForceCompress bool
-+
-+	// Use decrypted private key by default (defaults to true)
-+	UseDecryptedKey OptionalBool
- }
- 
- // ProgressProperties is used to pass information from the copy code to a monitor which
--- 
-2.19.1
-

patch/0010-optimize-concurrent-run.patch → patch/0009-optimize-concurrent-run.patch

-From 48aa9b497927fe4553ed7ce042c3bbd17137e7f4 Mon Sep 17 00:00:00 2001
+From 83a63d4af195dbde6e8b8bd17e13d799e0410f1a Mon Sep 17 00:00:00 2001
 From: LiuHao <liuhao27@huawei.com>
 Date: Thu, 25 Apr 2019 18:00:18 +0800
-Subject: [PATCH 10/37] optimize concurrent run
+Subject: [PATCH 09/33] optimize concurrent run
 
 Signed-off-by: LiuHao <liuhao27@huawei.com>
 ---

patch/0011-abnormal-scene-container-restart-failure.patch → patch/0010-abnormal-scene-container-restart-failure.patch

-From a6fba11062b946bedfcab131cab838f5a57fea69 Mon Sep 17 00:00:00 2001
+From 47d25c55dd0260e3a06331674a2842d04e7db683 Mon Sep 17 00:00:00 2001
 From: WuJing <wujing50@huawei.com>
 Date: Mon, 29 Apr 2019 16:46:09 +0800
-Subject: [PATCH 11/37] abnormal scene container restart failure
+Subject: [PATCH 10/33] abnormal scene container restart failure
 
 Solve the problem that the mountpoint.json write
 fails due to an abnormal condition, causing the container to fail to

patch/0012-optimize-isulad_kit-operator.patch → patch/0011-optimize-isulad_kit-operator.patch

-From deb3d62ed9324c29f7de8de7439b1aeb4fab1a3b Mon Sep 17 00:00:00 2001
+From 81faeea638017ba9c6b9ec8088eb237c92669333 Mon Sep 17 00:00:00 2001
 From: LiuHao <liuhao27@huawei.com>
 Date: Thu, 2 May 2019 11:25:07 +0800
-Subject: [PATCH 12/37] optimize isulad_kit operator
+Subject: [PATCH 11/33] optimize isulad_kit operator
 
 get mountpoint from driver
 

patch/0013-fix-compile-error.patch → patch/0012-fix-compile-error.patch

-From 77cea42ea897712ef5cdd48786f409f67d9b1464 Mon Sep 17 00:00:00 2001
+From 815c9e5eb6ab2f8a3adbcd9957e9d4ff88ae5c0b Mon Sep 17 00:00:00 2001
 From: LiuHao <liuhao27@huawei.com>
 Date: Thu, 2 May 2019 11:56:34 +0800
-Subject: [PATCH 13/37] fix compile error
+Subject: [PATCH 12/33] fix compile error
 
 fix compile error
 

patch/0014-rmi-try-to-remove-all-layers-info-when-rmi.patch → patch/0013-rmi-try-to-remove-all-layers-info-when-rmi.patch

-From b96878a9983dd32a3d6611b1de17cce48bd70dd3 Mon Sep 17 00:00:00 2001
+From 2be6dc7520ca8e1ab48d6b314c1749ad5a02f3e1 Mon Sep 17 00:00:00 2001
 From: LiFeng <lifeng68@huawei.com>
 Date: Tue, 7 May 2019 03:40:58 -0400
-Subject: [PATCH 14/37] rmi: try to remove all layers info when rmi
+Subject: [PATCH 13/33] rmi: try to remove all layers info when rmi
 
 Signed-off-by: LiFeng <lifeng68@huawei.com>
 ---

patch/0015-isulad-kit-vendor-ensure-remove-container-rootfs-dir.patch → patch/0014-isulad-kit-vendor-ensure-remove-container-rootfs-dir.patch

-From 7734cae0053c7d784953ccbfc89fa167d128684b Mon Sep 17 00:00:00 2001
+From 0cb5729e334d3ba3f4be5e76fab3b7a9d9304294 Mon Sep 17 00:00:00 2001
 From: WuJing <wujing50@huawei.com>
 Date: Mon, 13 May 2019 09:31:43 +0800
-Subject: [PATCH 15/37] isulad-kit-vendor: ensure remove container rootfs dir
+Subject: [PATCH 14/33] isulad-kit-vendor: ensure remove container rootfs dir
  when errmsg contain "File name too long"
 
 Signed-off-by: WuJing <wujing50@huawei.com>

patch/0016-split-mountpoints.json-and-layers.json-in-save.patch → patch/0015-split-mountpoints.json-and-layers.json-in-save.patch

-From ec5e3c77801c9cbae97ae6a52d1fc0068678cc4a Mon Sep 17 00:00:00 2001
+From 011da4e4c1e3f31cdcfa8cf916829aa7af6b56fb Mon Sep 17 00:00:00 2001
 From: LiFeng <lifeng68@huawei.com>
 Date: Mon, 13 May 2019 04:58:15 -0400
-Subject: [PATCH 16/37] split mountpoints.json and layers.json in save
+Subject: [PATCH 15/33] split mountpoints.json and layers.json in save
 
 Signed-off-by: LiFeng <lifeng68@huawei.com>
 ---

patch/0017-isulad-kit-vendor-fix-bug-of-concurrent-run-with-quo.patch → patch/0016-isulad-kit-vendor-fix-bug-of-concurrent-run-with-quo.patch

-From 38f99081df7542a235afc95fc2328701dee23c09 Mon Sep 17 00:00:00 2001
+From 5e63fd8b3adc325a94156eda2a0107bc7fe9dbfe Mon Sep 17 00:00:00 2001
 From: TanYiFeng <tanyifeng1@huawei.com>
 Date: Mon, 20 May 2019 10:05:08 -0400
-Subject: [PATCH 17/37] isulad-kit-vendor: fix bug of concurrent run with quota
+Subject: [PATCH 16/33] isulad-kit-vendor: fix bug of concurrent run with quota
 
 reason: setProjectQuota using common mutex to avoid set the same
 project id for diffrent containers, this may also get the same

patch/0018-isulad-kit-vendor-fix-compile-error.patch → patch/0017-isulad-kit-vendor-fix-compile-error.patch

-From e7510a3954a69d7adadba52f360385b7f42994bb Mon Sep 17 00:00:00 2001
+From 1cc7c66b4515cedc063a35b17218ccccf8fa121c Mon Sep 17 00:00:00 2001
 From: TanYiFeng <tanyifeng1@huawei.com>
 Date: Mon, 20 May 2019 10:31:12 -0400
-Subject: [PATCH 18/37] isulad-kit-vendor: fix compile error
+Subject: [PATCH 17/33] isulad-kit-vendor: fix compile error
 
 Signed-off-by: TanYiFeng <tanyifeng1@huawei.com>
 ---

patch/0019-remove-unused-code.patch → patch/0018-remove-unused-code.patch

-From 3f012d3947566cb927bb038a474e7183d2172563 Mon Sep 17 00:00:00 2001
+From 2bebeff68f9149eea92def7156ed8a0811cbb711 Mon Sep 17 00:00:00 2001
 From: TanYiFeng <tanyifeng1@huawei.com>
 Date: Mon, 20 May 2019 10:45:55 -0400
-Subject: [PATCH 19/37] remove unused code
+Subject: [PATCH 18/33] remove unused code
 
 Signed-off-by: TanYiFeng <tanyifeng1@huawei.com>
 ---

patch/0020-optimize-mount-operator.patch → patch/0019-optimize-mount-operator.patch

-From b4a137907bff40b93880f5100313cd8e59457e2c Mon Sep 17 00:00:00 2001
+From 2b70c1c8c986ad7dd856b285820b4a19ea1df4e6 Mon Sep 17 00:00:00 2001
 From: LiuHao <liuhao27@huawei.com>
 Date: Sat, 25 May 2019 16:45:28 +0800
-Subject: [PATCH 20/37] optimize mount operator
+Subject: [PATCH 19/33] optimize mount operator
 
 1. split mountpoints.json to each container
 2. refactor mount operator

patch/0021-Fix-file-retention-bug.patch → patch/0020-Fix-file-retention-bug.patch

-From ca5d2684569dcc6065802f18b914ae11cb24e03a Mon Sep 17 00:00:00 2001
+From 1b3e952ab182ee72cb5220ef06d5c32ec01dde0c Mon Sep 17 00:00:00 2001
 From: WuJing <wujing50@huawei.com>
 Date: Mon, 10 Jun 2019 10:54:43 +0800
-Subject: [PATCH 21/37] Fix file retention bug
+Subject: [PATCH 20/33] Fix file retention bug
 
 Signed-off-by: WuJing <wujing50@huawei.com>
 ---

patch/0022-set-layer-MountCount-0-without-mount-point-file.patch → patch/0021-set-layer-MountCount-0-without-mount-point-file.patch

-From a79a854d01ef33293975533be5cc56a3582c05d9 Mon Sep 17 00:00:00 2001
+From 079b4f37d5f48d0336972dc5fea3257a5af3a8bb Mon Sep 17 00:00:00 2001
 From: LiFeng <lifeng68@huawei.com>
 Date: Mon, 10 Jun 2019 09:41:44 -0400
-Subject: [PATCH 22/37] set layer MountCount = 0 without mount point file
+Subject: [PATCH 21/33] set layer MountCount = 0 without mount point file
 
 Signed-off-by: LiFeng <lifeng68@huawei.com>
 ---

patch/0023-encrypt-auth-config-and-add-lock.patch → patch/0022-encrypt-auth-config-and-add-lock.patch

-From bd0e2481d325ff0ee50571a1c239a18c5fd79bcb Mon Sep 17 00:00:00 2001
+From 6ccf8ef7ee5dd97b493acb7d12d756f51cf93307 Mon Sep 17 00:00:00 2001
 From: WangFengTu <wangfengtu@huawei.com>
 Date: Tue, 18 Jun 2019 14:12:33 +0800
-Subject: [PATCH 23/37] encrypt auth config and add lock
+Subject: [PATCH 22/33] encrypt auth config and add lock
 
 Signed-off-by: WangFengTu <wangfengtu@huawei.com>
 ---

patch/0024-Change-perm-and-add-max-file-size-check.patch → patch/0023-Change-perm-and-add-max-file-size-check.patch

-From 7bfd69f462e50c5a3bfb8bead8e09bf1bd6fb8b9 Mon Sep 17 00:00:00 2001
+From 232785bbef3b66e0eb49f43b0060bafdefda9500 Mon Sep 17 00:00:00 2001
 From: WangFengTu <wangfengtu@huawei.com>
 Date: Thu, 4 Jul 2019 16:19:56 +0800
-Subject: [PATCH 24/37] Change perm and add max file size check
+Subject: [PATCH 23/33] Change perm and add max file size check
 
 Signed-off-by: WangFengTu <wangfengtu@huawei.com>
 ---

patch/0026-force-remove-dir-with-rm-rf-in-overlay.patch → patch/0024-force-remove-dir-with-rm-rf-in-overlay.patch

-From e2b184674529e9451e561685d50c670af0fc541f Mon Sep 17 00:00:00 2001
+From a97a35708f385a63275443141e4e9c88ace63ade Mon Sep 17 00:00:00 2001
 From: LiFeng <lifeng68@huawei.com>
 Date: Thu, 18 Jul 2019 06:20:49 -0400
-Subject: [PATCH 26/37] force remove dir with rm -rf in overlay
+Subject: [PATCH 24/33] force remove dir with rm -rf in overlay
 
 Signed-off-by: LiFeng <lifeng68@huawei.com>
 ---

patch/0027-EnsureRemoveAll-make-retry-count-from-5-to-50.patch → patch/0025-EnsureRemoveAll-make-retry-count-from-5-to-50.patch

-From 82af1705862245ba2687745dd6356a48750e5ea5 Mon Sep 17 00:00:00 2001
+From f0d765e9c1e877b8a0cb91714e2efa9cdcc1965e Mon Sep 17 00:00:00 2001
 From: LiFeng <lifeng68@huawei.com>
 Date: Mon, 22 Jul 2019 03:52:09 -0400
-Subject: [PATCH 27/37] EnsureRemoveAll make retry count from 5 to 50
+Subject: [PATCH 25/33] EnsureRemoveAll make retry count from 5 to 50
 
 Signed-off-by: LiFeng <lifeng68@huawei.com>
 ---

patch/0028-report-error-log-when-openDir-failed.patch → patch/0026-report-error-log-when-openDir-failed.patch

-From 030a1acc03372c336ec69e0939d08513d5bd26bb Mon Sep 17 00:00:00 2001
+From e53e55aa780a7cd93d9e6f272f9ee61921a1ee92 Mon Sep 17 00:00:00 2001
 From: TanYiFeng <tanyifeng1@huawei.com>
 Date: Fri, 26 Jul 2019 05:02:55 -0400
-Subject: [PATCH 28/37] report error log when openDir failed
+Subject: [PATCH 26/33] report error log when openDir failed
 
 Signed-off-by: TanYiFeng <tanyifeng1@huawei.com>
 ---

patch/0029-ignore-ENOENT-if-direcotry-has-been-removed-when-fin.patch → patch/0027-ignore-ENOENT-if-direcotry-has-been-removed-when-fin.patch

-From 18c535402178aac24348f7b681e407fd1b5a745d Mon Sep 17 00:00:00 2001
+From bc90841e43a761f6e70576d3523852f0ad38c05e Mon Sep 17 00:00:00 2001
 From: TanYiFeng <tanyifeng1@huawei.com>
 Date: Fri, 9 Aug 2019 04:56:23 -0400
-Subject: [PATCH 29/37] ignore ENOENT if direcotry has been removed when find
+Subject: [PATCH 27/33] ignore ENOENT if direcotry has been removed when find
  next project id
 
 Signed-off-by: TanYiFeng <tanyifeng1@huawei.com>

patch/0030-fixbug-cause-by-remove-container.json-in-run-dir.patch → patch/0028-fixbug-cause-by-remove-container.json-in-run-dir.patch

-From 429ea92090cea1951fb19081feebf62f48b16400 Mon Sep 17 00:00:00 2001
+From ef7ac4ba83e948393e21b9729158c28596097052 Mon Sep 17 00:00:00 2001
 From: LiuHao <liuhao27@huawei.com>
 Date: Fri, 9 Aug 2019 17:07:33 +0800
-Subject: [PATCH 30/37] fixbug: cause by remove container.json in run dir
+Subject: [PATCH 28/33] fixbug: cause by remove container.json in run dir
 
 Start container will load container.json in run dir.
 If it is not exist, start container will failed.

patch/0033-Performace-optimization.patch → patch/0029-Performace-optimization.patch

-From 6fab278a260666e6f3777498dcc41ff176ef8cbd Mon Sep 17 00:00:00 2001
+From 583e4a7128f34f68c14739602de4150d815666f9 Mon Sep 17 00:00:00 2001
 From: WangFengTu <wangfengtu@huawei.com>
 Date: Tue, 26 Nov 2019 22:06:55 -0500
-Subject: [PATCH 33/37] Performace optimization
+Subject: [PATCH 29/33] Performace optimization
 
 1.Seprate big json file to small json files.
 2.Migation json files for above change.

patch/0034-Support-load-multiple-images.patch → patch/0030-Support-load-multiple-images.patch

-From 571d52d1848b632220b7ba17a28ad2ecda4a99e8 Mon Sep 17 00:00:00 2001
+From f16647e5614db21c76cdb7f7a50389039cb82eae Mon Sep 17 00:00:00 2001
 From: WangFengTu <wangfengtu@huawei.com>
 Date: Mon, 18 Nov 2019 21:20:52 -0500
-Subject: [PATCH 34/37] Support load multiple images
+Subject: [PATCH 30/33] Support load multiple images
 
 Signed-off-by: WangFengTu <wangfengtu@huawei.com>
 ---

patch/0035-SWR-response-406-Not-Acceptable-if-oci-image-in-firs.patch → patch/0031-SWR-response-406-Not-Acceptable-if-oci-image-in-firs.patch

-From 11f81dfadc2b40a2469ab1347e67be5c2415e8d2 Mon Sep 17 00:00:00 2001
+From eba24af5644d0a6c053b1318cac120bd29c5b5e3 Mon Sep 17 00:00:00 2001
 From: WangFengTu <wangfengtu@huawei.com>
 Date: Fri, 29 Nov 2019 03:21:02 -0500
-Subject: [PATCH 35/37] SWR response "406: Not Acceptable" if oci image in
+Subject: [PATCH 31/33] SWR response "406: Not Acceptable" if oci image in
  first
 
 Signed-off-by: WangFengTu <wangfengtu@huawei.com>

patch/0031-isulad-kit-fix-default-max-to-20480.patch

-From 1c96ca8bafd4b21e7ae896f14d77bbe73de685e9 Mon Sep 17 00:00:00 2001
-From: LiFeng <lifeng68@huawei.com>
-Date: Thu, 24 Oct 2019 00:12:47 -0400
-Subject: [PATCH 31/37] isulad-kit: fix default max to 20480
-
-Signed-off-by: LiFeng <lifeng68@huawei.com>
----
- vendor/pkg/gopkgs/cbb_adapt/src/go/aeswithkey/aeswithkey.go | 5 +++--
- 1 file changed, 3 insertions(+), 2 deletions(-)
-
-diff --git a/vendor/pkg/gopkgs/cbb_adapt/src/go/aeswithkey/aeswithkey.go b/vendor/pkg/gopkgs/cbb_adapt/src/go/aeswithkey/aeswithkey.go
-index 1db2511..1c5cc62 100644
---- a/vendor/pkg/gopkgs/cbb_adapt/src/go/aeswithkey/aeswithkey.go
-+++ b/vendor/pkg/gopkgs/cbb_adapt/src/go/aeswithkey/aeswithkey.go
-@@ -95,7 +95,8 @@ const (
- 	PBKDF2_HMAC_SHA256 = 2
- 	ROOTMATERIAL       = "root.key"
- 	SHAREDMATERIAL     = "common_shared.key"
--	PBKDF2_ITERATION   = 2048
-+	PBKDF2_ITERATION   = 10000
-+	MAX_ITERATION      = 20480
- 	ENCRYPTED          = 1
- 	UNENCRYPTED        = 0
- 	MATERIAL_VERSION_1 = 1
-@@ -370,7 +371,7 @@ func newMaterial(info []byte) (*MaterialItem, error) {
- 	}
- 
- 	//check iteration, it is not constant, but could not too mush, to prevent DoS attacks
--	if material.Iteration > PBKDF2_ITERATION*10 {
-+	if material.Iteration > MAX_ITERATION {
- 		return nil, fmt.Errorf("material iteration %d is too lager.", material.Iteration)
- 	}
- 
--- 
-2.19.1
-

patch/0032-Fix-docker-pull-failed-caused-by-unexpected-key.patch

-From ec993a6e61e582efdc6622724115ae5360a391d3 Mon Sep 17 00:00:00 2001
-From: WangFengTu <wangfengtu@huawei.com>
-Date: Wed, 13 Nov 2019 11:27:55 +0800
-Subject: [PATCH 32/37] Fix docker pull failed caused by unexpected key
-
-Temporary created key should not be used to match cert.
-Ignore the key by adding a prefix as a filter.
-
-Signed-off-by: WangFengTu <wangfengtu@huawei.com>
----
- .../image/pkg/tlsclientconfig/tlsclientconfig.go       | 10 +++++-----
- 1 file changed, 5 insertions(+), 5 deletions(-)
-
-diff --git a/vendor/github.com/containers/image/pkg/tlsclientconfig/tlsclientconfig.go b/vendor/github.com/containers/image/pkg/tlsclientconfig/tlsclientconfig.go
-index b564e23..89ca1ec 100644
---- a/vendor/github.com/containers/image/pkg/tlsclientconfig/tlsclientconfig.go
-+++ b/vendor/github.com/containers/image/pkg/tlsclientconfig/tlsclientconfig.go
-@@ -1,7 +1,9 @@
- package tlsclientconfig
- 
- import (
-+	"crypto/rand"
- 	"crypto/tls"
-+	"fmt"
- 	"io/ioutil"
- 	"net"
- 	"net/http"
-@@ -9,9 +11,6 @@ import (
- 	"path/filepath"
- 	"strings"
- 	"time"
--	"fmt"
--	"crypto/rand"
--
- 
- 	"github.com/docker/go-connections/sockets"
- 	"github.com/docker/go-connections/tlsconfig"
-@@ -28,6 +27,7 @@ var (
- 	ErrAlreadyExists = errors.New("Image already exists")
- 	psmPath          = "/etc/isulad/psm"
- 	IsDecrypted      = false
-+	tmpKeyPrefix     = ".tmp_origin"
- )
- 
- func decodeKeyFile(key, originKey string, directory string) error {
-@@ -127,7 +127,7 @@ func SetupCertificates(dir string, tlsc *tls.Config, IsDecrypted bool) error {
- 			keyOriginPath := keyPath
- 
- 			if !IsDecrypted {
--				keyOriginPath = filepath.Join(dir, "origin"+randStr(10)+keyName)
-+				keyOriginPath = filepath.Join(dir, tmpKeyPrefix+randStr(10)+keyName)
- 				defer os.Remove(keyOriginPath)
- 				if err := decodeKeyFile(keyPath, keyOriginPath, dir); err != nil {
- 					return err
-@@ -140,7 +140,7 @@ func SetupCertificates(dir string, tlsc *tls.Config, IsDecrypted bool) error {
- 			}
- 			tlsc.Certificates = append(tlsc.Certificates, cert)
- 		}
--		if strings.HasSuffix(f.Name(), ".key") {
-+		if strings.HasSuffix(f.Name(), ".key") && !strings.HasPrefix(f.Name(), tmpKeyPrefix) {
- 			keyName := f.Name()
- 			certName := keyName[:len(keyName)-4] + ".cert"
- 			logrus.Debugf(" key: %s", fullPath)
--- 
-2.19.1
-

patch/0036-log-message-of-get-mountpoint-failed.patch → patch/0032-log-message-of-get-mountpoint-failed.patch

-From b6bd368d91ef112e05384aaf492db6b9f0e29cd4 Mon Sep 17 00:00:00 2001
+From 6345b249449998e94e72f3687f010e487f4001ed Mon Sep 17 00:00:00 2001
 From: LiuHao <liuhao27@huawei.com>
 Date: Thu, 5 Dec 2019 10:13:52 +0800
-Subject: [PATCH 36/37] log message of get mountpoint failed
+Subject: [PATCH 32/33] log message of get mountpoint failed
 
 Signed-off-by: LiuHao <liuhao27@huawei.com>
 ---

patch/0037-Save-config-to-disk-if-images-s-name-is-removed.patch → patch/0033-Save-config-to-disk-if-images-s-name-is-removed.patch

-From bb19e84131191c92b332acf8e26957b51ba2d530 Mon Sep 17 00:00:00 2001
+From 687cf422c56ad9974a3a01306fb18ba66d83ec4c Mon Sep 17 00:00:00 2001
 From: WangFengTu <wangfengtu@huawei.com>
 Date: Wed, 18 Dec 2019 07:29:06 -0500
-Subject: [PATCH 37/37] Save config to disk if images's name is removed
+Subject: [PATCH 33/33] Save config to disk if images's name is removed
 
 Signed-off-by: WangFengTu <wangfengtu@huawei.com>
 ---

patch/series-patch.conf

@@ -6,32 +6,28 @@
 0006-limit-the-minimum-size-of-rootfs-quota-to-4k.patch
 0007-delete-try-to-delete-metadata-before-image-data.patch
 0008-same-add-group-should-skip.patch
-0009-add-support-pull-image-from-LSWR.patch
-0010-optimize-concurrent-run.patch
-0011-abnormal-scene-container-restart-failure.patch
-0012-optimize-isulad_kit-operator.patch
-0013-fix-compile-error.patch
-0014-rmi-try-to-remove-all-layers-info-when-rmi.patch
-0015-isulad-kit-vendor-ensure-remove-container-rootfs-dir.patch
-0016-split-mountpoints.json-and-layers.json-in-save.patch
-0017-isulad-kit-vendor-fix-bug-of-concurrent-run-with-quo.patch
-0018-isulad-kit-vendor-fix-compile-error.patch
-0019-remove-unused-code.patch
-0020-optimize-mount-operator.patch
-0021-Fix-file-retention-bug.patch
-0022-set-layer-MountCount-0-without-mount-point-file.patch
-0023-encrypt-auth-config-and-add-lock.patch
-0024-Change-perm-and-add-max-file-size-check.patch
-0025-add-cbb_adapt-files-as-patch.patch
-0026-force-remove-dir-with-rm-rf-in-overlay.patch
-0027-EnsureRemoveAll-make-retry-count-from-5-to-50.patch
-0028-report-error-log-when-openDir-failed.patch
-0029-ignore-ENOENT-if-direcotry-has-been-removed-when-fin.patch
-0030-fixbug-cause-by-remove-container.json-in-run-dir.patch
-0031-isulad-kit-fix-default-max-to-20480.patch
-0032-Fix-docker-pull-failed-caused-by-unexpected-key.patch
-0033-Performace-optimization.patch
-0034-Support-load-multiple-images.patch
-0035-SWR-response-406-Not-Acceptable-if-oci-image-in-firs.patch
-0036-log-message-of-get-mountpoint-failed.patch
-0037-Save-config-to-disk-if-images-s-name-is-removed.patch
+0009-optimize-concurrent-run.patch
+0010-abnormal-scene-container-restart-failure.patch
+0011-optimize-isulad_kit-operator.patch
+0012-fix-compile-error.patch
+0013-rmi-try-to-remove-all-layers-info-when-rmi.patch
+0014-isulad-kit-vendor-ensure-remove-container-rootfs-dir.patch
+0015-split-mountpoints.json-and-layers.json-in-save.patch
+0016-isulad-kit-vendor-fix-bug-of-concurrent-run-with-quo.patch
+0017-isulad-kit-vendor-fix-compile-error.patch
+0018-remove-unused-code.patch
+0019-optimize-mount-operator.patch
+0020-Fix-file-retention-bug.patch
+0021-set-layer-MountCount-0-without-mount-point-file.patch
+0022-encrypt-auth-config-and-add-lock.patch
+0023-Change-perm-and-add-max-file-size-check.patch
+0024-force-remove-dir-with-rm-rf-in-overlay.patch
+0025-EnsureRemoveAll-make-retry-count-from-5-to-50.patch
+0026-report-error-log-when-openDir-failed.patch
+0027-ignore-ENOENT-if-direcotry-has-been-removed-when-fin.patch
+0028-fixbug-cause-by-remove-container.json-in-run-dir.patch
+0029-Performace-optimization.patch
+0030-Support-load-multiple-images.patch
+0031-SWR-response-406-Not-Acceptable-if-oci-image-in-firs.patch
+0032-log-message-of-get-mountpoint-failed.patch
+0033-Save-config-to-disk-if-images-s-name-is-removed.patch