Merge pull request #599 from ginglis13/patch-soci

ginglis13 · web-flow · commit 96d7a4dcd99e · 2025-07-22T17:07:23.000-07:00
soci-snapshotter: add patches from upstream
diff --git a/packages/soci-snapshotter/1001-remove-image-if-rebase-or-initial-fetch-fails.patch b/packages/soci-snapshotter/1001-remove-image-if-rebase-or-initial-fetch-fails.patch
@@ -0,0 +1,95 @@
+From 8b2bf80a852b68e7bdc24fcb5d35772566376ada Mon Sep 17 00:00:00 2001
+From: David Son <davbson@amazon.com>
+Date: Tue, 8 Jul 2025 23:32:29 +0000
+Subject: [PATCH] Remove image if rebase or initial fetch fails
+
+If an image is unable to be claimed, the associated image pull with this
+request will fail, so it would make sense to also remove the rest of the
+jobs associated with this image.
+
+Additionally, if the initial authorization fetch fails, we should also
+remove the image from unpackJobs to avoid blocking future image pulls.
+
+Signed-off-by: David Son <davbson@amazon.com>
+---
+ fs/fs.go | 51 ++++++++++++++++++++++++++++++---------------------
+ 1 file changed, 30 insertions(+), 21 deletions(-)
+
+diff --git a/fs/fs.go b/fs/fs.go
+index 1eaac517..7a789b91 100644
+--- a/fs/fs.go
++++ b/fs/fs.go
+@@ -478,33 +478,41 @@ func (fs *filesystem) preloadAllLayers(ctx context.Context, desc ocispec.Descrip
+ 	premountCtx = namespaces.WithNamespace(premountCtx, ns)
+ 	imageJob := fs.inProgressImageUnpacks.GetOrAddImageJob(imageDigest, cancel)
+ 
+-	// We only want to premount all layers that don't exist yet.
+-	// Since layer order is deterministic, we can safely assume that
+-	// every layer after this needs to be premounted as well.
+-	startPremounting := false
+-	for _, l := range manifest.Layers {
+-		if images.IsLayerType(l.MediaType) {
+-			if l.Digest.String() == desc.Digest.String() {
+-				startPremounting = true
+-
+-				// We don't have to preauthorize if we only do one request at a time
+-				if fs.inProgressImageUnpacks.imagePullCfg.MaxConcurrentDownloadsPerImage != 1 {
+-					err = remoteStore.doInitialFetch(ctx, constructRef(refspec, desc))
+-					if err != nil {
+-						return fmt.Errorf("error doing initial client fetch: %w", err)
++	// If we fail anywhere after making the image job, we must remove the associated image job
++	premountAll := func() error {
++		// We only want to premount all layers that don't exist yet.
++		// Since layer order is deterministic, we can safely assume that
++		// every layer after this needs to be premounted as well.
++		startPremounting := false
++		for _, l := range manifest.Layers {
++			if images.IsLayerType(l.MediaType) {
++				if l.Digest.String() == desc.Digest.String() {
++					startPremounting = true
++
++					// We don't have to preauthorize if we only do one request at a time
++					if fs.inProgressImageUnpacks.imagePullCfg.MaxConcurrentDownloadsPerImage != 1 {
++						err = remoteStore.doInitialFetch(ctx, constructRef(refspec, desc))
++						if err != nil {
++							return fmt.Errorf("error doing initial client fetch: %w", err)
++						}
+ 					}
+ 				}
+-			}
+-			if startPremounting {
+-				layerJob, err := fs.inProgressImageUnpacks.AddLayerJob(imageJob, l.Digest.String())
+-				if err != nil {
+-					return fmt.Errorf("error adding layer job: %w", err)
++				if startPremounting {
++					layerJob, err := fs.inProgressImageUnpacks.AddLayerJob(imageJob, l.Digest.String())
++					if err != nil {
++						return fmt.Errorf("error adding layer job: %w", err)
++					}
++					go fs.premount(premountCtx, l, refspec, remoteStore, diffIDMap, layerJob)
+ 				}
+-				go fs.premount(premountCtx, l, refspec, remoteStore, diffIDMap, layerJob)
+ 			}
+ 		}
++		return nil
+ 	}
+-	return nil
++
++	if err := premountAll(); err != nil {
++		fs.inProgressImageUnpacks.RemoveImageWithError(imageDigest, err)
++	}
++	return err
+ }
+ 
+ func (fs *filesystem) premount(ctx context.Context, desc ocispec.Descriptor, refspec reference.Spec, remoteStore resolverStorage, diffIDMap map[string]digest.Digest, layerJob *layerUnpackJob) error {
+@@ -559,6 +567,7 @@ func (fs *filesystem) premount(ctx context.Context, desc ocispec.Descriptor, ref
+ func (fs *filesystem) rebase(ctx context.Context, dgst digest.Digest, imageDigest, mountpoint string) error {
+ 	layerJob, err := fs.inProgressImageUnpacks.Claim(imageDigest, dgst.String())
+ 	if err != nil {
++		fs.inProgressImageUnpacks.RemoveImageWithError(imageDigest, err)
+ 		return fmt.Errorf("error attempting to claim job to rebase: %w", err)
+ 	}
+ 	defer func() {
+-- 
+2.47.1
+
diff --git a/packages/soci-snapshotter/1002-move-some-parallelpull-integration-to-helper-funcs.patch b/packages/soci-snapshotter/1002-move-some-parallelpull-integration-to-helper-funcs.patch
@@ -0,0 +1,67 @@
+From 3aa90d17adf339e04972d33f3925c0fcf5e691f9 Mon Sep 17 00:00:00 2001
+From: David Son <davbson@amazon.com>
+Date: Fri, 18 Jul 2025 19:47:42 +0000
+Subject: [PATCH] Move some ParallelPull integration to helper funcs
+
+Signed-off-by: David Son <davbson@amazon.com>
+---
+ integration/pull_test.go | 12 ++----------
+ integration/util_test.go | 12 ++++++++++++
+ 2 files changed, 14 insertions(+), 10 deletions(-)
+
+diff --git a/integration/pull_test.go b/integration/pull_test.go
+index 686fa10e..bf8ad2c7 100644
+--- a/integration/pull_test.go
++++ b/integration/pull_test.go
+@@ -885,11 +885,7 @@ func TestPullWithParallelism(t *testing.T) {
+ 		},
+ 		{
+ 			name: "set chunk size",
+-			opts: []snapshotterConfigOpt{
+-				func(cfg *config.Config) {
+-					cfg.PullModes.Parallel.ConcurrentDownloadChunkSize = 1_000_000
+-				},
+-			},
++			opts: []snapshotterConfigOpt{withConcurrentDownloadChunkSize(1_000_000)},
+ 		},
+ 	}
+ 
+@@ -902,11 +898,7 @@ func TestPullWithParallelism(t *testing.T) {
+ 		},
+ 		{
+ 			name: "parallel unpacking",
+-			opts: []snapshotterConfigOpt{
+-				func(cfg *config.Config) {
+-					cfg.PullModes.Parallel.MaxConcurrentUnpacks = 3
+-				},
+-			},
++			opts: []snapshotterConfigOpt{withConcurrentUnpacks(3)},
+ 		},
+ 	}
+ 
+diff --git a/integration/util_test.go b/integration/util_test.go
+index ac2c84df..332a95ef 100644
+--- a/integration/util_test.go
++++ b/integration/util_test.go
+@@ -377,6 +377,18 @@ func withUnboundedPullUnpack() snapshotterConfigOpt {
+ 	}
+ }
+ 
++func withConcurrentDownloadChunkSize(chunkSize int64) snapshotterConfigOpt {
++	return func(c *config.Config) {
++		c.PullModes.Parallel.ConcurrentDownloadChunkSize = chunkSize
++	}
++}
++
++func withConcurrentUnpacks(n int64) snapshotterConfigOpt {
++	return func(c *config.Config) {
++		c.PullModes.Parallel.MaxConcurrentUnpacks = n
++	}
++}
++
+ func withDiscardUnpackedLayers() snapshotterConfigOpt {
+ 	return func(c *config.Config) {
+ 		c.PullModes.Parallel.DiscardUnpackedLayers = true
+-- 
+2.47.1
+
diff --git a/packages/soci-snapshotter/1003-hard-fail-on-config-parsing-errors.patch b/packages/soci-snapshotter/1003-hard-fail-on-config-parsing-errors.patch
@@ -0,0 +1,174 @@
+From 73dd46eed7a77f5f5b454eaeb1c227fb5efab320 Mon Sep 17 00:00:00 2001
+From: David Son <davbson@amazon.com>
+Date: Fri, 18 Jul 2025 19:42:35 +0000
+Subject: [PATCH] Hard-fail on config parsing errors
+
+Signed-off-by: David Son <davbson@amazon.com>
+---
+ config/config.go            | 21 ++++++++++++-----
+ config/config_test.go       | 12 ++++++++++
+ integration/startup_test.go | 46 +++++++++++++++++++++++++++++++++++++
+ integration/util_test.go    |  6 +++++
+ 4 files changed, 79 insertions(+), 6 deletions(-)
+
+diff --git a/config/config.go b/config/config.go
+index 25251c0f..6deb4818 100644
+--- a/config/config.go
++++ b/config/config.go
+@@ -39,6 +39,7 @@
+ package config
+ 
+ import (
++	"errors"
+ 	"fmt"
+ 	"os"
+ 
+@@ -84,8 +85,8 @@ func NewConfig() *Config {
+ 
+ 	// Set any defaults which do not align with Go zero values.
+ 	var initParsers = []configParser{defaultPullModes, defaultDirectoryCacheConfig}
+-	for _, p := range append(initParsers, parsers...) {
+-		p(cfg)
++	if err := parseConfig(cfg, append(initParsers, parsers...)); err != nil {
++		return nil
+ 	}
+ 
+ 	return cfg
+@@ -102,18 +103,26 @@ func NewConfigFromToml(cfgPath string) (*Config, error) {
+ 	defer f.Close()
+ 
+ 	cfg := NewConfig()
++	if cfg == nil {
++		return nil, errors.New("error creating default config")
++	}
+ 	// Get configuration from specified file
+ 	if err = toml.NewDecoder(f).Decode(cfg); err != nil {
+ 		return nil, fmt.Errorf("failed to load config file %q: %w", cfgPath, err)
+ 	}
+-	parseConfig(cfg)
++	if err := parseConfig(cfg, parsers); err != nil {
++		return nil, fmt.Errorf("config file at %q: %w", cfgPath, err)
++	}
+ 	return cfg, nil
+ }
+ 
+-func parseConfig(cfg *Config) {
+-	for _, p := range parsers {
+-		p(cfg)
++func parseConfig(cfg *Config, cfgParsers []configParser) error {
++	for _, p := range cfgParsers {
++		if err := p(cfg); err != nil {
++			return fmt.Errorf("failed to parse config: %v", err)
++		}
+ 	}
++	return nil
+ }
+ 
+ func parseRootConfig(cfg *Config) error {
+diff --git a/config/config_test.go b/config/config_test.go
+index c1b73720..4facc5e3 100644
+--- a/config/config_test.go
++++ b/config/config_test.go
+@@ -265,6 +265,18 @@ concurrent_download_chunk_size = "1MB"
+ 				}
+ 			},
+ 		},
++		{
++			name: "IncorrectChunkConfig",
++			config: []byte(`
++[pull_modes.parallel_pull_unpack]
++concurrent_download_chunk_size = "badchunksize"
++`),
++			assert: func(t *testing.T, actual *Config, err error) {
++				if err == nil {
++					t.Error("Expected error, got none")
++				}
++			},
++		},
+ 	}
+ 
+ 	for _, test := range tests {
+diff --git a/integration/startup_test.go b/integration/startup_test.go
+index f69488bb..e1774205 100644
+--- a/integration/startup_test.go
++++ b/integration/startup_test.go
+@@ -21,9 +21,11 @@ import (
+ 	"regexp"
+ 	"strings"
+ 	"testing"
++	"time"
+ 
+ 	"github.com/awslabs/soci-snapshotter/config"
+ 	shell "github.com/awslabs/soci-snapshotter/util/dockershell"
++	"github.com/awslabs/soci-snapshotter/util/testutil"
+ 	"github.com/rs/xid"
+ )
+ 
+@@ -137,3 +139,47 @@ func TestSnapshotterSystemdStartup(t *testing.T) {
+ 		})
+ 	}
+ }
++
++// TestSnapshotterStartupWithBadConfig ensures snapshotter does not start if snapshotter values are incorrect.
++// Note that incorrect fields are ignored by TOML and thus are expected to work
++func TestSnapshotterStartupWithBadConfig(t *testing.T) {
++	tests := []struct {
++		name           string
++		opts           []snapshotterConfigOpt
++		expectedErrStr string
++	}{
++		{
++			name:           "Bad parallel pull size",
++			opts:           []snapshotterConfigOpt{withParallelPullMode(), withConcurrentDownloadChunkSizeStr("badstring")},
++			expectedErrStr: "invalid size format",
++		},
++	}
++
++	for _, tc := range tests {
++		t.Run(tc.name, func(tt *testing.T) {
++			sh, cleanup := newSnapshotterBaseShell(t)
++			defer cleanup()
++			// rebootContainerd would be ideal here, but that always uses a config,
++			// so we just manually start SOCI with/without a config file.
++			err := testutil.KillMatchingProcess(sh, "soci-snapshotter-grpc")
++			if err != nil {
++				sh.Fatal("failed to kill soci: %v", err)
++			}
++			configToml := getSnapshotterConfigToml(t, tc.opts...)
++			snRunCmd := []string{"/usr/local/bin/soci-snapshotter-grpc", "--log-level", sociLogLevel}
++			snRunCmd = addConfig(t, sh, configToml, snRunCmd...)
++
++			errCh := make(chan error, 1)
++			go func() {
++				_, err := sh.OLog(snRunCmd...)
++				errCh <- err
++			}()
++
++			select {
++			case <-errCh:
++			case <-time.After(2 * time.Second):
++				t.Fatalf("expected err %s but snapshotter did not fail within 2 seconds", tc.expectedErrStr)
++			}
++		})
++	}
++}
+diff --git a/integration/util_test.go b/integration/util_test.go
+index 332a95ef..dda17f5f 100644
+--- a/integration/util_test.go
++++ b/integration/util_test.go
+@@ -383,6 +383,12 @@ func withConcurrentDownloadChunkSize(chunkSize int64) snapshotterConfigOpt {
+ 	}
+ }
+ 
++func withConcurrentDownloadChunkSizeStr(chunkSizeStr string) snapshotterConfigOpt {
++	return func(c *config.Config) {
++		c.PullModes.Parallel.ConcurrentDownloadChunkSizeStr = chunkSizeStr
++	}
++}
++
+ func withConcurrentUnpacks(n int64) snapshotterConfigOpt {
+ 	return func(c *config.Config) {
+ 		c.PullModes.Parallel.MaxConcurrentUnpacks = n
+-- 
+2.47.1
+
diff --git a/packages/soci-snapshotter/soci-snapshotter.spec b/packages/soci-snapshotter/soci-snapshotter.spec
@@ -17,6 +17,10 @@ Source101: soci-snapshotter.service
 Source102: soci-snapshotter.socket
 Source1000: clarify.toml
 
+Patch1001: 1001-remove-image-if-rebase-or-initial-fetch-fails.patch
+Patch1002: 1002-move-some-parallelpull-integration-to-helper-funcs.patch
+Patch1003: 1003-hard-fail-on-config-parsing-errors.patch
+
 BuildRequires: %{_cross_os}glibc-devel
 BuildRequires: %{_cross_os}libz-devel
 Requires: %{name}(binaries)
@@ -43,7 +47,7 @@ Conflicts: (%{_cross_os}image-feature(no-fips) or %{name}-bin)
 %{summary}.
 
 %prep
-%setup -n %{gorepo}-%{gover} -q
+%autosetup -n %{gorepo}-%{gover} -p1
 %setup -T -D -n %{gorepo}-%{gover} -b 1 -q
 %setup -T -D -n %{gorepo}-%{gover} -b 2 -q
 
