Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Make minio package support legacy MD5 checksum #23768

Merged
merged 8 commits into from
Mar 28, 2023

Conversation

wxiaoguang
Copy link
Contributor

@wxiaoguang wxiaoguang commented Mar 28, 2023

A feedback from discord: https://discord.com/channels/322538954119184384/561007778139734027/1090185427115319386

Some storages like:

They do not support "x-amz-checksum-algorithm" header

But minio recently uses that header with CRC32C by default. So we have to tell minio to use legacy MD5 checksum.

I guess this needs to be backported because IIRC we 1.19 and 1.20 are using similar minio package.

The minio package code for SendContentMD5 looks like this:

image

@GiteaBot GiteaBot added the lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. label Mar 28, 2023
@KN4CK3R
Copy link
Member

KN4CK3R commented Mar 28, 2023

Should we make that configurable? That setting feels like "legacy" and may prevent working with newer services.

@wxiaoguang
Copy link
Contributor Author

wxiaoguang commented Mar 28, 2023

Should we make that configurable? That setting feels like "legacy" and may prevent working with newer services.

I feel that it won't break newer services because it seems that newer services should have the ability to handle such behavior.

And I haven't got a clear idea about how to configure the minio behavior clearly, for example, there are a lot of options.

image

If you really prefer to introduce a new option, what's the possible/suitable name for it in your mind?

wxiaoguang and others added 2 commits March 28, 2023 18:04
Co-authored-by: Yarden Shoham <git@yardenshoham.com>
@wxiaoguang
Copy link
Contributor Author

wxiaoguang commented Mar 28, 2023

@KN4CK3R I found a low-level bug in MinIO package, it ignores some errors if the written side could match the expected size. The bug only happens when SendContentMD5=true

So I have to fix the bug on our side , see dc7fc8b , recordError

@lunny
Copy link
Member

lunny commented Mar 28, 2023

@KN4CK3R I found a low-level bug in MinIO package, it ignores some errors if the written side could match the expected size. The bug only happens when SendContentMD5=true

So I have to fix the bug on our side , see dc7fc8b , recordError

Could we upgrade our minio sdk to test if it's fixed?

@wxiaoguang
Copy link
Contributor Author

@KN4CK3R I found a low-level bug in MinIO package, it ignores some errors if the written side could match the expected size. The bug only happens when SendContentMD5=true
So I have to fix the bug on our side , see dc7fc8b , recordError

Could we upgrade our minio sdk to test if it's fixed?

Even if MinIO package gets fixed, it doesn't guarantee that other packages never have similar behaviors.

The root problem is that Gitea's hashingReader tries to hijack the "Read" procedure, but there is no clearly defined behavior for it, caller could do anything they like. So, we should always do the extra check, to make sure it works correctly for all cases.

@GiteaBot GiteaBot added lgtm/need 1 This PR needs approval from one additional maintainer to be merged. and removed lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. labels Mar 28, 2023
@lunny lunny added the type/enhancement An improvement of existing functionality label Mar 28, 2023
@lunny lunny added this to the 1.20.0 milestone Mar 28, 2023
@GiteaBot GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Mar 28, 2023
modules/lfs/content_store.go Outdated Show resolved Hide resolved
modules/lfs/content_store.go Outdated Show resolved Hide resolved
modules/lfs/content_store.go Outdated Show resolved Hide resolved
modules/lfs/content_store.go Outdated Show resolved Hide resolved
modules/lfs/content_store.go Outdated Show resolved Hide resolved
@KN4CK3R
Copy link
Member

KN4CK3R commented Mar 28, 2023

@codecov-commenter
Copy link

codecov-commenter commented Mar 28, 2023

Codecov Report

Merging #23768 (13bdd8a) into main (f521e88) will decrease coverage by 0.03%.
The diff coverage is 36.88%.

❗ Current head 13bdd8a differs from pull request most recent head 6b6eac4. Consider uploading reports for the commit 6b6eac4 to get more accurate results

@@            Coverage Diff             @@
##             main   #23768      +/-   ##
==========================================
- Coverage   47.14%   47.11%   -0.03%     
==========================================
  Files        1149     1155       +6     
  Lines      151446   152517    +1071     
==========================================
+ Hits        71397    71863     +466     
- Misses      71611    72178     +567     
- Partials     8438     8476      +38     
Impacted Files Coverage Δ
cmd/dump.go 0.66% <0.00%> (-0.01%) ⬇️
cmd/migrate_storage.go 5.76% <0.00%> (-0.12%) ⬇️
cmd/web.go 0.00% <0.00%> (ø)
models/actions/run.go 1.64% <0.00%> (-0.08%) ⬇️
models/actions/runner.go 1.44% <ø> (ø)
models/packages/package.go 45.45% <0.00%> (-1.13%) ⬇️
models/user/search.go 77.50% <0.00%> (-6.29%) ⬇️
modules/actions/workflows.go 0.00% <0.00%> (ø)
modules/context/context.go 64.54% <0.00%> (-3.53%) ⬇️
modules/doctor/storage.go 30.65% <0.00%> (-1.29%) ⬇️
... and 41 more

... and 48 files with indirect coverage changes

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

@wxiaoguang
Copy link
Contributor Author

@KN4CK3R All done in 13bdd8a

@wxiaoguang wxiaoguang changed the title Make minio package use legacy MD5 checksum Make minio package support legacy MD5 checksum Mar 28, 2023
@douglasparker
Copy link

Thank you so much! This was the missing piece for me to migrate my projects to Gitea! 🥳

@jolheiser jolheiser enabled auto-merge (squash) March 28, 2023 14:45
@jolheiser jolheiser merged commit 5727056 into go-gitea:main Mar 28, 2023
@wxiaoguang wxiaoguang deleted the fix-minio-checksum branch March 28, 2023 15:14
wxiaoguang added a commit to wxiaoguang/gitea that referenced this pull request Mar 28, 2023
A feedback from discord:
https://discord.com/channels/322538954119184384/561007778139734027/1090185427115319386

Some storages like:

 * https://developers.cloudflare.com/r2/api/s3/api/
 * https://www.backblaze.com/b2/docs/s3_compatible_api.html

They do not support "x-amz-checksum-algorithm" header

But minio recently uses that header with CRC32C by default. So we have
to tell minio to use legacy MD5 checksum.

I guess this needs to be backported because IIRC we 1.19 and 1.20 are
using similar minio package.

The minio package code for SendContentMD5 looks like this:

<details>

<img width="755" alt="image"
src="https://user-images.githubusercontent.com/2114189/228186768-4f2f6f67-62b9-4aee-9251-5af714ad9674.png">

</details>
# Conflicts:
#	custom/conf/app.example.ini
#	tests/pgsql.ini.tmpl
lunny pushed a commit that referenced this pull request Mar 28, 2023
Backport #23768 (no source code conflict, only some unrelated
docs/test-ini conflicts)

Some storages like:

 * https://developers.cloudflare.com/r2/api/s3/api/
 * https://www.backblaze.com/b2/docs/s3_compatible_api.html

They do not support "x-amz-checksum-algorithm" header

But minio recently uses that header with CRC32C by default. So we have
to tell minio to use legacy MD5 checksum.
zjjhot added a commit to zjjhot/gitea that referenced this pull request Mar 29, 2023
* upstream/main:
  Refactor internal API for git commands, use meaningful messages instead of "Internal Server Error" (go-gitea#23687)
  Add CSS rules for basic colored labels (go-gitea#23774)
  Add meilisearch support (go-gitea#23136)
  Add missing translation for `actions.runners.reset_registration_token_success` (go-gitea#23732)
  [skip ci] Updated translations via Crowdin
  Implement Issue Config (go-gitea#20956)
  Set repository link based on the url in package.json for npm packages (go-gitea#20379)
  Add API to manage issue dependencies (go-gitea#17935)
  Add creation time in tag list page (go-gitea#23693)
  Make minio package support legacy MD5 checksum (go-gitea#23768)
  Yarden Shoham has a new email address (go-gitea#23767)
  fix br display for packages curls (go-gitea#23737)
@go-gitea go-gitea locked and limited conversation to collaborators May 3, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. type/enhancement An improvement of existing functionality
Projects
None yet
Development

Successfully merging this pull request may close these issues.

9 participants