CWCOW: roothash and graceful timeout fixes

internal/gcs-sidecar/handlers.go

@@ -4,7 +4,7 @@
 package bridge
 
 import (
-	"encoding/base64"
+	"encoding/hex"
 	"encoding/json"
 	"fmt"
 	"os"
@@ -578,20 +578,40 @@ func (b *Bridge) modifySettings(req *request) (err error) {
 				containerID := wcowBlockCimMounts.ContainerID
 				log.G(ctx).Tracef("WCOWBlockCIMMounts Add { %v}", wcowBlockCimMounts)
 
-				// The block device takes some time to show up. Wait for a few seconds.
-				time.Sleep(2 * time.Second)
-
 				var layerCIMs []*cimfs.BlockCIM
 				layerHashes := make([]string, len(wcowBlockCimMounts.BlockCIMs))
 				layerDigests := make([][]byte, len(wcowBlockCimMounts.BlockCIMs))
 				for i, blockCimDevice := range wcowBlockCimMounts.BlockCIMs {
 					// Get the scsi device path for the blockCim lun
-					devNumber, err := windevice.GetDeviceNumberFromControllerLUN(
-						req.ctx,
-						0, /* controller is always 0 for wcow */
-						uint8(blockCimDevice.Lun))
-					if err != nil {
-						return fmt.Errorf("err getting scsiDevPath: %w", err)
+					// The block device takes some time to show up. Retry for up to 2 seconds.
+					var devNumber uint32
+					waitStartTime := time.Now()
+					logTime := waitStartTime.Add(time.Second)
+					logged := false
+					for {
+						devNumber, err = windevice.GetDeviceNumberFromControllerLUN(
+							req.ctx,
+							0, /* controller is always 0 for wcow */
+							uint8(blockCimDevice.Lun))
+						if err == nil {
+							break
+						}
+
+						// Check if we've exceeded max wait time
+						if time.Since(waitStartTime) >= 2*time.Second {
+							return fmt.Errorf("err getting scsiDevPath after 2s: %w", err)
+						}
+
+						// Log if taking longer than expected
+						if !logged && logTime.Before(time.Now()) {
+							log.G(ctx).WithFields(map[string]interface{}{
+								"lun":     blockCimDevice.Lun,
+								"elapsed": time.Since(waitStartTime),
+							}).Warn("waiting for block CIM device to show up")
+							logged = true
+						}
+
+						time.Sleep(10 * time.Millisecond)
 					}
 					physicalDevPath := fmt.Sprintf(devPathFormat, devNumber)
 					layerCim := cimfs.BlockCIM{
@@ -604,7 +624,7 @@ func (b *Bridge) modifySettings(req *request) (err error) {
 						return fmt.Errorf("failed to get CIM verification info: %w", err)
 					}
 					layerDigests[i] = cimRootDigestBytes
-					layerHashes[i] = base64.URLEncoding.EncodeToString(cimRootDigestBytes)
+					layerHashes[i] = hex.EncodeToString(cimRootDigestBytes)
 					layerCIMs = append(layerCIMs, &layerCim)
 
 					log.G(ctx).Debugf("block CIM layer digest %s, path: %s\n", layerHashes[i], physicalDevPath)

pkg/ociwclayer/cim/import.go

@@ -7,7 +7,7 @@ import (
 	"archive/tar"
 	"bufio"
 	"context"
-	"encoding/base64"
+	"encoding/hex"
 	"errors"
 	"fmt"
 	"io"
@@ -98,8 +98,8 @@ func WithParentLayers(parentLayers []*cimfs.BlockCIM) BlockCIMLayerImportOpt {
 
 func writeIntegrityChecksumInfoFile(ctx context.Context, blockPath string) error {
 	log.G(ctx).Debugf("writing integrity checksum file for block CIM `%s`", blockPath)
-	// for convenience write a file that has the base64 encoded root digest of the generated verified CIM.
-	// this same base64 string can be used in the confidential policy.
+	// for convenience write a file that has the hex encoded root digest of the generated verified CIM.
+	// this same hex string can be used in the confidential policy.
 	digest, err := cimfs.GetVerificationInfo(blockPath)
 	if err != nil {
 		return fmt.Errorf("failed to query verified info of the CIM layer: %w", err)
@@ -111,7 +111,7 @@ func writeIntegrityChecksumInfoFile(ctx context.Context, blockPath string) error
 	}
 	defer digestFile.Close()
 
-	digestStr := base64.URLEncoding.EncodeToString(digest)
+	digestStr := hex.EncodeToString(digest)
 	if wn, err := digestFile.WriteString(digestStr); err != nil {
 		return fmt.Errorf("failed to write verification info: %w", err)
 	} else if wn != len(digestStr) {