diff --git a/internal/gcs-sidecar/handlers.go b/internal/gcs-sidecar/handlers.go index 18286c2fd0..87b6d330b8 100644 --- a/internal/gcs-sidecar/handlers.go +++ b/internal/gcs-sidecar/handlers.go @@ -4,7 +4,7 @@ package bridge import ( - "encoding/base64" + "encoding/hex" "encoding/json" "fmt" "os" @@ -578,20 +578,40 @@ func (b *Bridge) modifySettings(req *request) (err error) { containerID := wcowBlockCimMounts.ContainerID log.G(ctx).Tracef("WCOWBlockCIMMounts Add { %v}", wcowBlockCimMounts) - // The block device takes some time to show up. Wait for a few seconds. - time.Sleep(2 * time.Second) - var layerCIMs []*cimfs.BlockCIM layerHashes := make([]string, len(wcowBlockCimMounts.BlockCIMs)) layerDigests := make([][]byte, len(wcowBlockCimMounts.BlockCIMs)) for i, blockCimDevice := range wcowBlockCimMounts.BlockCIMs { // Get the scsi device path for the blockCim lun - devNumber, err := windevice.GetDeviceNumberFromControllerLUN( - req.ctx, - 0, /* controller is always 0 for wcow */ - uint8(blockCimDevice.Lun)) - if err != nil { - return fmt.Errorf("err getting scsiDevPath: %w", err) + // The block device takes some time to show up. Retry for up to 2 seconds. + var devNumber uint32 + waitStartTime := time.Now() + logTime := waitStartTime.Add(time.Second) + logged := false + for { + devNumber, err = windevice.GetDeviceNumberFromControllerLUN( + req.ctx, + 0, /* controller is always 0 for wcow */ + uint8(blockCimDevice.Lun)) + if err == nil { + break + } + + // Check if we've exceeded max wait time + if time.Since(waitStartTime) >= 2*time.Second { + return fmt.Errorf("err getting scsiDevPath after 2s: %w", err) + } + + // Log if taking longer than expected + if !logged && logTime.Before(time.Now()) { + log.G(ctx).WithFields(map[string]interface{}{ + "lun": blockCimDevice.Lun, + "elapsed": time.Since(waitStartTime), + }).Warn("waiting for block CIM device to show up") + logged = true + } + + time.Sleep(10 * time.Millisecond) } physicalDevPath := fmt.Sprintf(devPathFormat, devNumber) layerCim := cimfs.BlockCIM{ @@ -604,7 +624,7 @@ func (b *Bridge) modifySettings(req *request) (err error) { return fmt.Errorf("failed to get CIM verification info: %w", err) } layerDigests[i] = cimRootDigestBytes - layerHashes[i] = base64.URLEncoding.EncodeToString(cimRootDigestBytes) + layerHashes[i] = hex.EncodeToString(cimRootDigestBytes) layerCIMs = append(layerCIMs, &layerCim) log.G(ctx).Debugf("block CIM layer digest %s, path: %s\n", layerHashes[i], physicalDevPath) diff --git a/pkg/ociwclayer/cim/import.go b/pkg/ociwclayer/cim/import.go index a16326ada2..e217aa694b 100644 --- a/pkg/ociwclayer/cim/import.go +++ b/pkg/ociwclayer/cim/import.go @@ -7,7 +7,7 @@ import ( "archive/tar" "bufio" "context" - "encoding/base64" + "encoding/hex" "errors" "fmt" "io" @@ -98,8 +98,8 @@ func WithParentLayers(parentLayers []*cimfs.BlockCIM) BlockCIMLayerImportOpt { func writeIntegrityChecksumInfoFile(ctx context.Context, blockPath string) error { log.G(ctx).Debugf("writing integrity checksum file for block CIM `%s`", blockPath) - // for convenience write a file that has the base64 encoded root digest of the generated verified CIM. - // this same base64 string can be used in the confidential policy. + // for convenience write a file that has the hex encoded root digest of the generated verified CIM. + // this same hex string can be used in the confidential policy. digest, err := cimfs.GetVerificationInfo(blockPath) if err != nil { return fmt.Errorf("failed to query verified info of the CIM layer: %w", err) @@ -111,7 +111,7 @@ func writeIntegrityChecksumInfoFile(ctx context.Context, blockPath string) error } defer digestFile.Close() - digestStr := base64.URLEncoding.EncodeToString(digest) + digestStr := hex.EncodeToString(digest) if wn, err := digestFile.WriteString(digestStr); err != nil { return fmt.Errorf("failed to write verification info: %w", err) } else if wn != len(digestStr) {