Merge branch 'multi_arch_support'

Author: Roy

Dockerfile

@@ -1,8 +1,8 @@
-from sonatype/nexus3:3.41.1
+FROM ccr.ccs.tencentyun.com/webankpartners/nexus3:3.86.2
 LABEL maintainer = "Webank CTB Team"
 USER root
 RUN rm -f /etc/yum.repos.d/redhat.repo /etc/yum.repos.d/ubi.repo
-ADD build/Centos-8.repo /etc/yum.repos.d/ubi.repo
+ADD build/Centos-9.repo /etc/yum.repos.d/base.repo
 ADD artifacts-corepy/requirements.txt /tmp/requirements.txt
 ADD artifacts-corepy/dist/* /tmp/
 RUN mkdir -p /etc/artifacts_corepy/
@@ -12,7 +12,7 @@ ADD artifacts-corepy/etc/* /etc/artifacts_corepy/
 ADD nexus-data.tar.gz /nexus-data-init
 
 # Install && Clean up
-RUN microdnf clean all && microdnf makecache && microdnf -y install  python3 python3-devel swig openssl-devel gcc libev-devel make  && \
+RUN microdnf clean all && microdnf makecache && microdnf -y install expat python3 python3-devel swig openssl-devel gcc libev-devel make  && \
     pip3 install -i http://mirrors.tencentyun.com/pypi/simple/ --trusted-host mirrors.tencentyun.com -r /tmp/requirements.txt && \
     pip3 install /tmp/*.whl && microdnf -y remove python3-devel swig openssl-devel gcc libev-devel make && rm -rf /tmp/* && microdnf clean all
 ADD build/start_all.sh /scripts/start_all.sh

Dockerfile_nonexus

@@ -1,4 +1,4 @@
-FROM python:3.8-slim-buster
+FROM ccr.ccs.tencentyun.com/webankpartners/python:3.8.20-slim-bullseye
 LABEL maintainer = "Webank CTB Team"
 RUN sed -i 's/deb.debian.org/mirrors.tencentyun.com/g' /etc/apt/sources.list
 RUN sed -i 's/security.debian.org/mirrors.tencentyun.com/g' /etc/apt/sources.list

Makefile

@@ -1,28 +1,39 @@
 current_dir=$(shell pwd)
-version=$(shell bash ./build/version.sh)
+version=${PLUGIN_VERSION}
 date=$(shell date +%Y%m%d%H%M%S)
-project_name=$(shell basename "${current_dir}")
+project_name ?= $(shell basename "${current_dir}")
 remote_docker_image_registry=ccr.ccs.tencentyun.com/webankpartners/wecube-plugins-artifacts
-with_nexus='true'
+arch ?= amd64          # 默认amd64，可选 ARCH=amd64/arm64
+with_nexus ?= true     # 默认true，可选 WITH_NEXUS=true/false
+ifeq ($(with_nexus),true)
+dockerfile := Dockerfile
+else
+dockerfile := Dockerfile_nonexus
+endif
 
-clean_py:
-	rm -rf $(current_dir)/artifacts-corepy/dist/
 
-build_py: clean_py
+
+clean:
+	rm -rf package
+	rm -rf artifacts-corepy/dist/
+	rm -rf artifacts-ui/dist/
+
+build: clean
 	pip3 install wheel
 	cd artifacts-corepy && python3 setup.py bdist_wheel
-	cd artifacts-ui &&  npm install --force && npm run plugin
+	docker run --rm  -v $(current_dir):/home/node/app -w /home/node/app node:16.20.2 sh -c "npm set registry https://mirrors.cloud.tencent.com/npm/ && cd /home/node/app/artifacts-ui && npm install --force && npm run plugin"
 
-image_py: build_py
+image: build
+ifeq ($(with_nexus),true)
 	wget -O nexus-data.tar.gz https://wecube-1259801214.cos.ap-guangzhou.myqcloud.com/nexus-data/nexus-data.tar.gz
-	@if [ $(with_nexus) == 'true' ]; \
-	then \
-		docker build -t $(project_name):$(version) .; \
-	else \
-		docker build -t $(project_name):$(version) -f Dockerfile_nonexus .; \
-	fi
+endif
+ifeq ($(arch),arm64)
+	docker buildx build --platform linux/arm64 -t $(project_name):$(version) -f $(dockerfile) . --load
+else
+	docker build -t $(project_name):$(version) -f $(dockerfile) .
+endif
 
-package_py: image_py
+package: image
 	rm -rf package
 	mkdir -p package
 	cd package && docker save $(project_name):$(version) -o image.tar
@@ -32,13 +43,13 @@ package_py: image_py
 	cd package && sed -i "s~{{VERSION}}~$(version)~g" register.xml
 	cd artifacts-ui/dist && zip -r ui.zip .
 	cd package && cp ../artifacts-ui/dist/ui.zip .
-	cd package && zip -r $(project_name)-$(version).zip .
+	cd package && zip -r $(project_name)-$(version)-$(arch).zip .
 	docker rmi $(project_name):$(version)
 
-upload_py: package_py
+upload: package
 	$(eval container_id:=$(shell docker run -v $(current_dir)/package:/package -itd --entrypoint=/bin/sh minio/mc))
 	docker exec $(container_id) mc config host add wecubeS3 $(s3_server_url) $(s3_access_key) $(s3_secret_key) wecubeS3
-	docker exec $(container_id) mc cp /package/$(project_name)-$(version).zip wecubeS3/wecube-plugin-package-bucket
+	docker exec $(container_id) mc cp /package/$(project_name)-$(version)-$(arch).zip wecubeS3/wecube-plugin-package-bucket
 	docker stop $(container_id)
 	docker rm -f $(container_id)
-	rm -rf $(project_name)-$(version).zip
+	rm -rf $(project_name)-$(version)-$(arch).zip

artifacts-corepy/artifacts_corepy/common/wecube.py

@@ -9,6 +9,7 @@
 import base64
 import logging
 import random
+from cryptography.hazmat.primitives import serialization
 
 from talos.core import config
 from talos.core.i18n import _
@@ -18,16 +19,48 @@
 CONF = config.CONF
 
 
+def rsa_pkcs1_v15_pad(message: bytes, key_size: int) -> bytes:
+    """
+    Implements PKCS#1 v1.5 padding for private key encryption.
+    Block = 0x00 | 0x01 | PS(0xff...) | 0x00 | message
+    """
+    max_msg_len = key_size - 11
+    if len(message) > max_msg_len:
+        raise ValueError("Message too long")
+    ps = b"\xff" * (key_size - len(message) - 3)
+    return b"\x00\x01" + ps + b"\x00" + message
+
+
 def encrypt(message, rsa_key):
-    import M2Crypto.RSA
-    template = '''-----BEGIN PRIVATE KEY-----
-%s
------END PRIVATE KEY-----'''
-    key_pem = template % rsa_key
-    privat_key = M2Crypto.RSA.load_key_string(key_pem.encode())
-    ciphertext = privat_key.private_encrypt(message.encode(), M2Crypto.RSA.pkcs1_padding)
-    encrypted_message = base64.b64encode(ciphertext).decode()
-    return encrypted_message
+    key_pem = f"""-----BEGIN PRIVATE KEY-----
+{rsa_key}
+-----END PRIVATE KEY-----"""
+    private_key = serialization.load_pem_private_key(
+        key_pem.encode(),
+        password=None,
+    )
+    numbers = private_key.private_numbers()
+    n = numbers.public_numbers.n
+    d = numbers.d
+    # Key size in bytes
+    key_size = (n.bit_length() + 7) // 8
+    # PKCS#1 v1.5 padding
+    padded = rsa_pkcs1_v15_pad(message.encode(), key_size)
+    # Raw RSA private key exponentiation (like M2Crypto.private_encrypt)
+    ciphertext_int = pow(int.from_bytes(padded, "big"), d, n)
+    ciphertext = ciphertext_int.to_bytes(key_size, "big")
+    return base64.b64encode(ciphertext).decode()
+
+# def encrypt(message, rsa_key):
+#     import M2Crypto.RSA
+#     template = '''-----BEGIN PRIVATE KEY-----
+# %s
+# -----END PRIVATE KEY-----'''
+#     key_pem = template % rsa_key
+#     privat_key = M2Crypto.RSA.load_key_string(key_pem.encode())
+#     ciphertext = privat_key.private_encrypt(message.encode(), M2Crypto.RSA.pkcs1_padding)
+#     encrypted_message = base64.b64encode(ciphertext).decode()
+#     return encrypted_message
 
 
 class WeCubeClient(utils.ClientMixin):

artifacts-corepy/requirements.txt

@@ -2,7 +2,7 @@
 # of appearance. Changing the order has an impact on the overall integration
 # process, which may cause wedges in the gate later.
 greenlet==1.1.2
-talos-api==1.3.6
+talos-api
 requests==2.27.1
 requests_toolbelt==1.0.0
 pyjwt<2.0.0
@@ -13,5 +13,5 @@ gunicorn==21.2.0
 apscheduler==3.10.4
 pytz==2023.3.post1
 # for platform login encryption, apt install swig
-M2Crypto==0.40.1
+cryptography==46.0.3
 pymysql