-
Notifications
You must be signed in to change notification settings - Fork 97
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feats: support encrypting nydus data blobs #498
Conversation
Codecov Report
Additional details and impacted files@@ Coverage Diff @@
## main #498 +/- ##
==========================================
- Coverage 37.91% 37.89% -0.02%
==========================================
Files 60 60
Lines 7074 7077 +3
==========================================
Hits 2682 2682
- Misses 4080 4083 +3
Partials 312 312
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
e59db29
to
5946d38
Compare
5946d38
to
c21f63f
Compare
eb0dfdc
to
4f663c3
Compare
I've add a test for encrypt since last commit in order to revole the code coverage problem. But it seems that the CI is not based on the latest nydus-image, causing the smoke unit test to fail. 😢 cc @changweige |
Is there any plan for the next nydusd/nydus-image release with an image encryption feature? |
cc @jiangliu |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Overall looks good to me. But for the sake of compatibility, we have to check if the underlying nydus toolchain meets our feature requirements in the function DetectFeatures
. In this PR, the required feature would be --encrypt
.
If there is no concrete plan for the next nydus-image release, we can move the CI test to another PR and just check if the underlying nydus-image has the feature |
yes
codecov/patch would fail due to 0.00% of diff hit if I don't add the CI test. PR can still be merged even if this test failed? |
In fact the result from |
4f663c3
to
6a7c58c
Compare
@@ -32,6 +32,9 @@ const ( | |||
// into a big batch chunk, which can reduce the the size of the image | |||
// and accelerate the runtime file loading. | |||
FeatureBatchSize Feature = "--batch-size" | |||
// The option `--encrypt` enables converting directories, tar files | |||
// or OCI images into encrypted nydus blob. | |||
FeatureEncrypt Feature = "--encrypt" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should we detect if the required feature encrypt
is supported by nydus-image? Seems we only define a constant here.
requiredFeatures := tool.NewFeatures(tool.FeatureTar2Rafs)
if opt.BatchSize != "" && opt.BatchSize != "0" {
requiredFeatures.Add(tool.FeatureBatchSize)
}
detectedFeatures, err := tool.DetectFeatures(builderPath, required features, tool.GetHelp)
if err != nil {
return nil, err
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done
Support encrypting nydus data blobs. Signed-off-by: taohong <[email protected]>
6a7c58c
to
3915fce
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGMT
Thanks |
support encrypting nydus data blobs
Related issue