Sync to upstream: Keep cbl-mariner for pkg/blobplugin/Dockerfile

avoltz · Dec 4, 2023 · 97ab8d1 · 97ab8d1
1 parent 6fb7911
commit 97ab8d1
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 31 deletions.
diff --git a/pkg/blobplugin/Dockerfile b/pkg/blobplugin/Dockerfile
@@ -12,7 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-FROM registry.k8s.io/build-image/debian-base:bookworm-v1.0.0
+FROM mcr.microsoft.com/cbl-mariner/base/core:2.0
 
 ARG ARCH=amd64
 ARG binary=./_output/${ARCH}/blobplugin
@@ -21,44 +21,19 @@ COPY ${binary} /blobplugin
 RUN mkdir /blobfuse-proxy/
 
 COPY ./pkg/blobfuse-proxy/init.sh /blobfuse-proxy/
-COPY ./pkg/blobfuse-proxy/install-proxy-ubuntu.sh /blobfuse-proxy/
-COPY ./pkg/blobfuse-proxy/install-proxy-rhcos.sh /blobfuse-proxy/
-COPY ./pkg/blobfuse-proxy/install-proxy-mariner.sh /blobfuse-proxy/
 COPY ./pkg/blobfuse-proxy/blobfuse-proxy.service /blobfuse-proxy/
 COPY ./_output/${ARCH}/blobfuse-proxy /blobfuse-proxy/
 
 RUN chmod +x /blobfuse-proxy/init.sh && \
- chmod +x /blobfuse-proxy/install-proxy-ubuntu.sh && \
- chmod +x /blobfuse-proxy/install-proxy-rhcos.sh && \
- chmod +x /blobfuse-proxy/install-proxy-mariner.sh && \
  chmod +x /blobfuse-proxy/blobfuse-proxy.service && \
  chmod +x /blobfuse-proxy/blobfuse-proxy
 
-# packages that are only needed by aznfs: procps conntrack iptables bind9-host iproute2 bash netcat sysvinit-utils.
-RUN apt update && apt upgrade -y && apt-mark unhold libcap2 && clean-install ca-certificates uuid-dev util-linux mount udev wget e2fsprogs nfs-common netbase procps conntrack iptables bind9-host iproute2 bash netcat-traditional sysvinit-utils kmod
+# Currently no CBL-Mariner image with fix for "curl"/"zlib" CVE-2023-38545/CVE-2023-38546/CVE-2023-45853.
+# So, temporarily do update here. Remove "curl"/"zlib" when image is updated.
+RUN tdnf updateinfo && \
+    tdnf install -y util-linux e2fsprogs nfs-utils quota-rpc rpcbind blobfuse2 fuse3 libcap-ng libcap ca-certificates curl zlib && \
+    tdnf clean all
 
-# install aznfs
-RUN if [ "$ARCH" = "amd64" ] ; then \
-  wget -O aznfs.tar.gz https://github.com/Azure/AZNFS-mount/releases/download/1.0.8/aznfs-1.0.8-1.x86_64.tar.gz; \
-else \
-  wget -O aznfs.tar.gz https://github.com/Azure/AZNFS-mount/releases/download/1.0.8/aznfs-1.0.8-1.arm64.tar.gz;fi
-RUN tar xvzf aznfs.tar.gz -C / --keep-directory-symlink && rm aznfs.tar.gz
-
-# install azcopy
-ARG azcopyURL=https://azcopyvnext.azureedge.net/releases/release-10.21.2-20231106/azcopy_linux_amd64_10.21.2.tar.gz
-RUN if [ "$ARCH" == "arm64" ] ; then \
-  azcopyURL=https://azcopyvnext.azureedge.net/releases/release-10.21.2-20231106/azcopy_linux_arm64_10.21.2.tar.gz; fi
-RUN wget -O azcopy.tar.gz ${azcopyURL} && \
-  tar xvzf azcopy.tar.gz -C . && rm azcopy.tar.gz && \
-  mv ./azcopy_linux_$ARCH_*/azcopy /usr/local/bin/azcopy && \
-  rm -rf ./azcopy_linux_$ARCH_*
-RUN chmod +x /usr/local/bin/azcopy
-
-RUN if [ "$ARCH" = "amd64" ] ; then \
-  clean-install libcurl4-gnutls-dev && \
-  wget -O /blobfuse-proxy/packages-microsoft-prod-22.04.deb https://packages.microsoft.com/config/ubuntu/22.04/packages-microsoft-prod.deb && \
-  wget -O /blobfuse-proxy/packages-microsoft-prod-18.04.deb https://packages.microsoft.com/config/ubuntu/18.04/packages-microsoft-prod.deb && \
-  dpkg -i /blobfuse-proxy/packages-microsoft-prod-18.04.deb && apt update && apt install blobfuse blobfuse2 fuse -y && apt remove wget -y; fi
 LABEL maintainers="andyzhangx"
 LABEL description="Azure Blob Storage CSI driver"
 

diff --git a/pkg/edgecache/manager.go b/pkg/edgecache/manager.go
@@ -145,8 +145,11 @@ func (m *Manager) MountVolume(account string, container string, suffix string, t
 	}, m.mountEndpoint)
 }
 
+//revive:disable:unused-parameter
 func (m *Manager) UnmountVolume(volumeID string, targetPath string) error {
 	return m.callWithConnection(func(conn grpc.ClientConnInterface) error {
 		return sendUnmount(csi_mounts.NewCSIMountsClient(conn), targetPath)
 	}, m.mountEndpoint)
 }
+
+//revive:enable:unused-parameter
diff --git a/pkg/util/pvutil_test.go b/pkg/util/pvutil_test.go
@@ -71,11 +71,14 @@ func pv() *v1.PersistentVolume {
 	}
 }
 
+//revive:disable:unused-parameter
 func conflictError(action kubetesting.Action) (bool, runtime.Object, error) {
 	conflictError := kuberrors.NewApplyConflict([]metav1.StatusCause{}, "OperationNotPermitted")
 	return true, nil, conflictError
 }
 
+//revive:enable:unused-parameter
+
 func TestGetPVByVolumeID(t *testing.T) {
 	t.Run("ListFail", func(t *testing.T) {
 		client := fake.NewSimpleClientset()