mirror of
git://git.yoctoproject.org/meta-virtualization.git
synced 2025-07-19 20:59:41 +02:00
108e089f7e
649 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Bruce Ashfield
|
108e089f7e |
global: update licence values to SPDX values
These changes are the result of running the convert-spdx-licenses.py oe-core script. There's no impact to the build, but we will avoid issues when interacting with core QA by the alignment. Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> |
||
|
Bruce Ashfield
|
f895d152d2 |
cri-o: update to use SKIP_RECIPE
oe-core has remove PNBLACKLIST in favour of SKIP_RECIPE, so we update our recipe accordingly to avoid warnings. Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> |
||
|
Bruce Ashfield
|
cf1c2ed8eb |
runc-docker: update to v1.1.0
Bumping runc to version v1.1.0-1-gd7f7b22a, which comprises the following commits:
d7f7b22a VERSION: back to development
067aaf85 VERSION: release runc v1.1.0
c0e300f1 Refuse to build runc without nsenter
e155b332 build(deps): bump github.com/checkpoint-restore/go-criu/v5
5c7e8981 libct/cg: rm go 1.15 compatibility
4773769c VERSION: back to development
55df1fc4 VERSION: release v1.1.0-rc.1
a8f9d5de CHANGELOG: add an in-repo changelog file
6d2067a4 script/seccomp.sh: fix argc check
457ca62f script/release_*.sh: fix usage
c729594c deps: update libseccomp to 2.5.3
5d779620 tests/int: use update_config in hooks test
9e798e26 tests/int: ability to specify binary
97688ddf types/features: clarify MountOptions
deb0a5f2 Mark `runc features` experimental
382eba43 Support recursive mount attrs ("rro", "rnosuid", "rnodev", ...)
ba935a51 Support nosymfollow mount option (kernel 5.10)
f8c48e46 go.mod: golang.org/x/sys v0.0.0-20211116061358-0a5406a5449c
acd8f12f release: correctly handle binary signing for "make releaseall"
d72d057b runc init: avoid netlink message length overflows
25112dd1 libct/intelrdt: remove unused type
c4a61aa9 ci: enable extra linters for new code
520702da Add `runc features` command
02475d9c .golangci.lint: add unparam linter
953e56c5 libct/int: runContainer: drop console arg
6c0bfcb1 libct/cg/fs/blkio_test: ignore unparam warning
06b3fd9d libct/cg/ebpf: drop finalize return value
86733013 notify_socket: setupSpec: drop ctx arg and return value
741568eb libct/cg/devices: addRule: ignore unparam warning
fc44e3f6 tty: Close: rm return value
36483465 tty: ClosePostStart: rm return value
f3f4b6d1 tty: recvtty: rm process arg
e6318635 tty: rm inheritStdio return value
d23b8109 checkpoint: rm getDefaultImagePath arg
dd140401 libct: fixStdioPermissions: rm config arg
b357bc13 libct/factory: rm id param from loadState
b950b778 libct/utils: ResolveRootfs: remove
35d20c4e chown cgroup to process uid in container namespace
ec0f35bc libct/system/xattrs: remove
e9ed2000 build(deps): bump github.com/opencontainers/selinux from 1.9.1 to 1.10.0
e3dd80fa Vagrantfile.fedora: revert excluding systemd
1da84d1a libct/cg: TestGetHugePageSizeImpl: use t.Run
1362291a Avoid non-op when the list of `Hooks` is empty
f13a9325 libct/cg: HugePageSizes: simplify code and test
39d4c8d5 libct/cg: lazy init for HugePageSizes
a4d4c4dd libct/cg: GetHugePageSize -> HugePageSizes
dde509df specconv: do not permit null bytes in mount fields
50105de1 Fix failure with rw bind mount of a ro fuse
982b9a1d libct/standard_init: fix linter warning
643f8a2b libct/specconv: nits
b247cd39 runc run: fix ro /dev
029b73c1 libct/spec: replace isValidName regex with a function
6907beca libct/specconv: remove isSecSuffix regex
37c5fd55 libct/specconv: make parseMountOptions return Mount
2c3792ba libct/specconv: make mountFlags and extensionFlags global
81586e19 libct/specconv: reuse mountPropagationMapping in parseMountOptions
8fe1e8bf libct/specconv: rm some init allocations
712157f6 Revert "ci: temporarily disable criu repo gpg check"
f252eb54 test/int/mount.bats: refer to github issue
7563a8f0 libct: wrap more unix errors
db4ad6a7 libcontainer/system: rm Prlimit
0880c001 .cirrus.yml: silence vagrant up
b028ecb3 Vagrantfile.fedora: exclude systemd from upgrade
12a36265 ci/cirrus: update to Go 1.17.3
02d527d2 go.mod: github.com/moby/sys/mountinfo v0.5.0
0e21d56e go.mod: golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359
b2d64fed build(deps): bump github.com/checkpoint-restore/go-criu/v5
a9bb11ec Fix the conversion of sysctl variable dots and slashes
0f933d54 Rename package validate_test to package validate
68c2b6a7 runc run: refuse a frozen cgroup
d08bc0c1 runc run: warn on non-empty cgroup
dd696235 runc exec: reject paused container unless --ignore-paused
4b25a4e8 CI: update Fedora to 35
7324496f tests/int: fix userns for Fedora 35
05272718 tests/int/cgroups: fix for misc controller
fc658fb6 build(deps): bump github.com/godbus/dbus/v5 from 5.0.5 to 5.0.6
972aea3a libct/configs/validate: allow / in sysctl names
95f8ecdd fix `libcontainer/integration/exec_test.go:1859:8: undefined: ioutil`
dc473cad build(deps): bump github.com/cilium/ebpf from 0.6.2 to 0.7.0
8542322d libcontainer: Add unit tests with userns and mounts
55162941 Remove io/ioutil use
6a4f4a6a libcontainer/ignoreTerminateErrors: simplify for Go 1.16+
12e99a0f Require Go >= 1.16
3d986766 ci/gha: install latest stable Go version
c5ca778f ci: temporarily disable criu repo gpg check
81fdc8ce New integration tests for user namespaces bind sources
9c444070 Open bind mount sources from the host userns
a80e1217 libct/intelrdt: add Root()
794cd66d libct/system: Exec: wrap the error
6eba68de build(deps): bump github.com/opencontainers/selinux from 1.8.5 to 1.9.1
e395d2dc libct: Init: remove LockOSThread
916c6a15 libct/cg/fs2: fix GetStats for unsupported hugetlb
f9667e63 Make DevicesGroup's "TestingSkipFinalCheck" attribute public
2e0ceaa9 fix createDevices when no Linux section
fae5d8b5 release: add s390x
f95063ed Dockerfile: fix for seccomp
7758d3fb libct/cg/sd/v2: Destroy: remove cgroups recursively
580e43ec contrib: rm init from bash completion
0202c398 runc exec: implement --cgroup
cc15b887 tests: add integration test for cgroups hybrid
a8435007 cgroups: join cgroup v2 when using hybrid mode
39914db6 runc exec: don't skip non-existing cgroups
7d446c63 libct/cg.WriteCgroupProcs: improve errors
cc1d7466 exec.go: nit
0d297b71 ci/gha: test criu-dev with latest go
16aedc31 ci/gha: remove debug info
3fd1851c CI/GHA: switch to OBS criu repo
81dc5599 Dockerfile: fix apt-key warning
2bf560fb Dockerfile: use Debian_11 repo for criu
99ddc1be libct/cg/fs: rm m.config == nil checks
57edce46 libct/cg: add Resources=nil unit test
1af4ed11 libct/cg/sd/v2: move fsMgr init to NewUnifiedManager
9a2146fa libct/cg/sd/v2: move path init to NewUnifiedManager
39be6e97 libct/cg/fs2: minor optimization
b14a6cf9 libct/cg/sd/v1: move path init to NewLegacyManager
fcc48168 libct/cg/fs: document path removal
6c5441e5 libct/cg/fs: move paths init to NewManager
097c6d74 libct/cg: simplify getting cgroup manager
3c8db638 script/release.sh: update libseccomp to 2.5.2
f30244ee make release: add cross-build
23d79aae Makefile: only build runc for static target
d2b6899e Makefile: fixes for seccompagent
43b36dc4 Support changing of lsm mount context on restore
412d68d1 Vendor in go-criu v5.1.0
163e2523 libct/cg: replace bitset with std math/big library
6806b2c1 runc delete -f: fix for cg v1 + paused container
e6928865 libct/cg/fs: refactor
7d1cb320 libct/cg/fs: rename join to apply
5c7cb837 libct/cg/fs: micro optimization
19b542a5 libct/cg/fs: move internal code out of fs.go
eb09df74 libct/cg/sd/v1: initPaths: minor optimization
63c84917 libct/cg/sd/v1: optimize initPaths
c7e0864d libct/cg/sd/v1: factor out initPaths
dc907e8d libct/cg/sd/v*.go: nit
d974b22a create, run: amend final errors
9ba2f65d startContainer: minor refactor
1545ea69 delete, start: remove newline from errors
af641cd5 seccomp: Add test using the seccomp agent example
08659080 build(deps): bump github.com/bits-and-blooms/bitset from 1.2.0 to 1.2.1
622acd24 build(deps): bump github.com/opencontainers/selinux from 1.8.4 to 1.8.5
47abdcee ci/gha: update golangci-lint to 1.42.1
704a1878 contrib/cmd/seccompagent: fix build tags
49137c2a ci/gha: bump shfmt to 3.3.1
f1b703fc libct/nsenter/nsexec.c: honor _LIBCONTAINER_LOGLEVEL
d5ffe83f libct/nsenter/nsexec.c: factor out getenv_int
d2f49d45 libct/nsenter/nsexec.c: improve bail
6c4a3b13 runc init: pass _LIBCONTAINER_LOGLEVEL as int
0a3577c6 utils_linux: simplify newProcess
51cd519e seccomp agent: Return non-zero on failures
8b790e4f seccomp agent: Use arch SCMP_ARCH_X86_64
4a4d4f10 Add support for seccomp actions ActKillThread and ActKillProcess
4a751b05 seccomp: drop unnecessary const SCMP_ACT_* defines
72b5c3ca build(deps): bump github.com/godbus/dbus/v5 from 5.0.4 to 5.0.5
00772cae tests: add functional tests for seccomp notify
5ae831d9 tests: add functional tests for seccomp
e21a9ee8 contrib: add sample seccomp agent
c64aaf0e libcontainer/specconv: extend SetupSeccomp tests
2b025c01 Implement Seccomp Notify
4e7aeff6 libcontainer/utils: introduce SendFds
c55530be vendoring: Use libseccomp with notify support
64358c4d optimize log: move WriteJSON defer as early as possible
39d0ee18 script/release.sh: fix for opensuse
a20c8b29 runc --debug: shorter caller info
b55b3081 libct/logs: do not show caller in nsexec logs
c3910e73 libct/logs: parse log level implicitly
c4826905 libct/logs: test: make more robust
33dcb994 libct/nsenter/nsenter_test.go: logging nits
78b27155 libct/nsenter: test: rm misleading comments
2c46455c libct/nsenter: test: improve TestNsenterChildLogging
feb1fe11 libct/nsenter: test: fix TestNsenterValidPaths
3df6a02f libct/nsenter: test: improve newPipe
347c371b CI: Mark CGO warnings as errors
d8da0035 *: add go-1.17+ go:build tags
1b17ec95 libct/cg: rm "unsupported.go" files
dbb9fc03 libct/*: remove linux build tag from some pkgs
c5b0be78 Rm build tags from main pkg
9ff64c3d *: rm redundant linux build tag
895e0a5c nsenter: fix typo in bail message
1f5798f7 improve error message when dbus-user-session is not installed
63944578 tests/int: add a "update cpu period with pod limit set" test
1b2adcfe libct/cg/v1: workaround CPU quota period set failure
09b80811 Revert "libct/devices: change devices.Type to be a string"
538ba846 libct/error.go: rm ConfigError
6145628f configs/validate: audit all returned errors
bbcf96f9 libct/cg/devices: stop using regex
fb629db6 tests/int/helpers: fix shellcheck warnings
f65276db tests/int/helpers: rm $bundle handling
b3d14488 Add support for rdma cgroup introduced in Linux Kernel 4.11
8d8415ee libct/logs: remove ConfigureLogging
f77fb7a3 init.go, main.go: don't use logs.ConfigureLogging
93937000 libcontainer/intelrdt: update code comments
a37a89f4 libct/system: add I and P process states
f90008ae libct/system.Stat: fix/improve/speedup
412c6f06 libct/system/proc_test: fix, improve, add benchmark
74ae9e0f checkpoint: resolve symlink for external bind mount(fix ci broken)
24d318b8 Dockerfile: switch to bullseye
9a095e44 libct/cg/sd/v1: add SkipFreezeOnSet knob
fec49f2a libct/cg/sd/v1: add freezeBeforeSet unit test
41043673 libct/cg/sd/v1: Fix unnecessary freeze/thaw
a5871801 ci: add go1.17
75761bcc Fix codespell warnings, add codespell to ci
db8330c9 libct/nsenter: fix unused-result warning
844d6774 CI: Validate compilation without buildtags
51508210 libct/nsenter: nullify pointer on asprintf error
2ab6484f libct/nsenter: no need to check size_t less than 0
f0dbefac .cirrus.yum: retry yum if failed
814f3ae1 libct/devices: change devices.Type to be a string
74b5c34e .cirrus.yml: simplify
77fb9aff build(deps): bump github.com/containerd/console from 1.0.2 to 1.0.3
bd50e7c4 libct/cg/OpenFile: check cgroupFd on error
ab577f6f MAINTAINERS: add Sebastiaan van Stijn
2bab4a56 libct/nsenter: fix logging race in nsexec
bda1bd7a build(deps): bump github.com/opencontainers/selinux from 1.8.3 to 1.8.4
c2d9668c libct/cg/OpenFile: fix openat2 vs top cgroup dir
1b4c30fd libcontainer/intelrdt: always run unit tests
79d292b9 libcontainer/intelrdt: verify ClosID existence
17e3b41d libcontainer/intelrdt: support ClosID parameter
7296dc17 libcontainer/intelrdt: refactor clos path handling
1cbfe234 libct/cg: rm dead code
d0c3bc44 libct/cg: GetAllPids: optimize for go 1.16+
363468d0 libct/cg: improve GetAllPids and readProcsFile
504271a3 libct/cg: move GetAllPids out of utils.go
fc99ab7e build(deps): bump github.com/opencontainers/selinux from 1.8.2 to 1.8.3
0f94799e man/runc-run.8: document --keep option
cb824629 proposal: add --keep to runc run
e06465ac ci/cirrus: remove unused code
120f7406 ci/gha: add latest criu-dev test run
60e02b4b runc exec: fail with exit code of 255
18f434e1 script/release.sh: make builds reproducible
61e201ab makefile: update ldflags and add strip for static builds
5110bd2f nsenter: remove cgroupns sync mechanism
7a0302f0 runc init: simplify
a91ce306 libct/*_test.go: use t.TempDir
3bc606e9 libct/int: adapt to Go 1.15
1eeaf113 libct/intelrdt/*_test.go: use t.TempDir
f6a56f60 libct/cg/fs/*_test.go: use t.TempDir
2d1645d2 libct/cg/fscommon: drop go 1.13 compatibility
6215b2f3 ci/gha: drop Go 1.13
a952b5aa README, go.mod: require go 1.15+
12a1dccb Revert "libcontainer: avoid using t.Cleanup"
015fa29a Revert "Revert "Makefile: rm go 1.13 workaround""
5dd92fd9 libct/seccomp: skip redundant rules
e44bee10 libct/seccomp: warn about unknown syscalls
073e085c libct/seccomp: ConvertStringToAction: fix doc
9f656dbb Do not use Vagrant for CentOS 7/8
d4480164 tests/rootless.sh: fixup for "update rt" test
86af5248 tests/int: fix "update rt period and runtime" for rootless
cc0b1644 README.md: remove abandoned versioning policy
87bfd20f Evaluate Cirrus CI for Vagrant tests
a7110262 libct/cg/sd: add TestPodSkipDevicesUpdate
52dd96db libct/cg/sd: TestFreezePodCgroup: rm explicit freeze
f2db8798 libct/cg/sd/v1: Set: avoid unnecessary freeze/thaw
5dc32604 libct/int/TestFreeze: test freeze/thaw via Set
af1688a5 libct/int: allow subtests
67cfd3d4 libct/cg/sd/v1: Set: don't overwrite r.Freezer
d02b0061 ci/gha: run on release-* branches after a push
57e3c541 cgroupv2: ebpf: ignore inaccessible existing programs
fe518a06 vendor: update github.com/cilium/ebpf
3e5c1997 libct/cg/sd: Add freezer tests
294c4866 libct/cg/fs/freezer.GetState: report current cgroup state
f33be7cc libct/cg/sd: Don't freeze cgroup on cgroup v2 Set
d41a273d Update device update tests
be1d5f83 ci: enable unconvert linter, fix its warnings
6be088d6 tests/int/dev: add CAP_SYSLOG to /dev/kmsg tests
9f2a1f4d deps: update to github.com/cyphar/filepath-securejoin@v0.2.3
24d5daf5 libct/user: fix parsing long /etc/group lines
226dfab0 libct/user: ParseGroupFilter: use TrimSpace
120e3a77 libct/user: use []byte more, avoid allocations
83776dd8 libcontainer: Bail on close(2) failures
7d479e6b libcontainer: Don't close fds already closed
e39ad650 retry unix.EINTR for container init process
c508a7bc libct/rootfs: consolidate utils imports
1bbeadae tests/int/no_pivot: fix for new kernels
0229a77a libcontainer/intelrdt: privatize some ids
8f8dfc49 libcontainer/intelrdt: move NewLastCmdError down
00d15629 libct/intelrdt: simplify NewLastCmdError
e0ce428b libct/intelrdt: remove NotFoundError type
feff2c45 libct/intelrdt: fix potential nil dereference
82498e3d libct/specconf: remove unneeded checks
bc96a59d build(deps): bump google.golang.org/protobuf from 1.26.0 to 1.27.1
70fdc057 Revert "checkpoint: resolve symlink for external bind mount"
e618c02d libct/stacktrace: remove
e918d021 libcontainer: rm own error system
60c647a7 libct/error: rm ConsoleExists
a7cfb23b *: stop using pkg/errors
b60e2edf libct/cg: stop using pkg/errors
a6cc36a8 libct/cg/ebpf: stop using pkg/errors
f137aaa2 libct/cg/devices: stop using pkg/errors
ebb08128 .golangci.yml: enable errorlint
56e47804 *: ignore errorlint warnings about unix.* errors
f6a0899b *: use errors.As and errors.Is
5d2a11ad tty.go: don't use pkg/errors, use errors.Is
c6fed264 libct/keys: stop using pkg/errors
adbac31d libct: fix errorlint warning about strconv.NumError
7be93a66 *: fmt.Errorf: use %w when appropriate
d8ba4128 libct/rootfs: improve some errors
36aefad4 libct: wrap unix.Mount/Unmount errors
825335b2 libct/cg/fs2: fix/unify parsing errors
5a186d39 libct/cg/fs: fix/unify parsing errors
f813174d libct/cg/fscommon: introduce and use ParseError
adcd3b44 libct/cg/fs[2]: simplify getting pid stats
4e330942 libct/cg/fs/stats_util_test: fix errors
563225d5 libct/StartInitialization: fix errors
3fee59f9 libct/cg/fs/*_test: simplify errors
fdf4e90e libct/cg/fscommon.ParseKeyValue: no need to wrap err
627a06ad Replace fmt.Errorf w/o %-style to errors.New
242b3283 libct/cg/fscommon: rm unused var
92e8d9b9 libct/intelrdt: error message nits
041caf10 VERSION: back to development
dfc0f069 man/*: revamp
85aabe23 C/R: let criu use its default if --work-path is not set
e8bd33ae runc --help: improve log options description
cf4ecaed runc update: hide --kernel* options
4065c394 exec: rm --no-subreaper flag
da22625f checkpoint: resolve symlink for external bind mount
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
||
|
Bruce Ashfield
|
1af45b1490 |
runc: update to v1.1.0
Bumping runc to version v1.1.0-1-gd7f7b22a, which comprises the following commits:
d7f7b22a VERSION: back to development
067aaf85 VERSION: release runc v1.1.0
c0e300f1 Refuse to build runc without nsenter
e155b332 build(deps): bump github.com/checkpoint-restore/go-criu/v5
5c7e8981 libct/cg: rm go 1.15 compatibility
4773769c VERSION: back to development
55df1fc4 VERSION: release v1.1.0-rc.1
a8f9d5de CHANGELOG: add an in-repo changelog file
6d2067a4 script/seccomp.sh: fix argc check
457ca62f script/release_*.sh: fix usage
c729594c deps: update libseccomp to 2.5.3
5d779620 tests/int: use update_config in hooks test
9e798e26 tests/int: ability to specify binary
97688ddf types/features: clarify MountOptions
deb0a5f2 Mark `runc features` experimental
382eba43 Support recursive mount attrs ("rro", "rnosuid", "rnodev", ...)
ba935a51 Support nosymfollow mount option (kernel 5.10)
f8c48e46 go.mod: golang.org/x/sys v0.0.0-20211116061358-0a5406a5449c
acd8f12f release: correctly handle binary signing for "make releaseall"
d72d057b runc init: avoid netlink message length overflows
25112dd1 libct/intelrdt: remove unused type
c4a61aa9 ci: enable extra linters for new code
520702da Add `runc features` command
02475d9c .golangci.lint: add unparam linter
953e56c5 libct/int: runContainer: drop console arg
6c0bfcb1 libct/cg/fs/blkio_test: ignore unparam warning
06b3fd9d libct/cg/ebpf: drop finalize return value
86733013 notify_socket: setupSpec: drop ctx arg and return value
741568eb libct/cg/devices: addRule: ignore unparam warning
fc44e3f6 tty: Close: rm return value
36483465 tty: ClosePostStart: rm return value
f3f4b6d1 tty: recvtty: rm process arg
e6318635 tty: rm inheritStdio return value
d23b8109 checkpoint: rm getDefaultImagePath arg
dd140401 libct: fixStdioPermissions: rm config arg
b357bc13 libct/factory: rm id param from loadState
b950b778 libct/utils: ResolveRootfs: remove
35d20c4e chown cgroup to process uid in container namespace
ec0f35bc libct/system/xattrs: remove
e9ed2000 build(deps): bump github.com/opencontainers/selinux from 1.9.1 to 1.10.0
e3dd80fa Vagrantfile.fedora: revert excluding systemd
1da84d1a libct/cg: TestGetHugePageSizeImpl: use t.Run
1362291a Avoid non-op when the list of `Hooks` is empty
f13a9325 libct/cg: HugePageSizes: simplify code and test
39d4c8d5 libct/cg: lazy init for HugePageSizes
a4d4c4dd libct/cg: GetHugePageSize -> HugePageSizes
dde509df specconv: do not permit null bytes in mount fields
50105de1 Fix failure with rw bind mount of a ro fuse
982b9a1d libct/standard_init: fix linter warning
643f8a2b libct/specconv: nits
b247cd39 runc run: fix ro /dev
029b73c1 libct/spec: replace isValidName regex with a function
6907beca libct/specconv: remove isSecSuffix regex
37c5fd55 libct/specconv: make parseMountOptions return Mount
2c3792ba libct/specconv: make mountFlags and extensionFlags global
81586e19 libct/specconv: reuse mountPropagationMapping in parseMountOptions
8fe1e8bf libct/specconv: rm some init allocations
712157f6 Revert "ci: temporarily disable criu repo gpg check"
f252eb54 test/int/mount.bats: refer to github issue
7563a8f0 libct: wrap more unix errors
db4ad6a7 libcontainer/system: rm Prlimit
0880c001 .cirrus.yml: silence vagrant up
b028ecb3 Vagrantfile.fedora: exclude systemd from upgrade
12a36265 ci/cirrus: update to Go 1.17.3
02d527d2 go.mod: github.com/moby/sys/mountinfo v0.5.0
0e21d56e go.mod: golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359
b2d64fed build(deps): bump github.com/checkpoint-restore/go-criu/v5
a9bb11ec Fix the conversion of sysctl variable dots and slashes
0f933d54 Rename package validate_test to package validate
68c2b6a7 runc run: refuse a frozen cgroup
d08bc0c1 runc run: warn on non-empty cgroup
dd696235 runc exec: reject paused container unless --ignore-paused
4b25a4e8 CI: update Fedora to 35
7324496f tests/int: fix userns for Fedora 35
05272718 tests/int/cgroups: fix for misc controller
fc658fb6 build(deps): bump github.com/godbus/dbus/v5 from 5.0.5 to 5.0.6
972aea3a libct/configs/validate: allow / in sysctl names
95f8ecdd fix `libcontainer/integration/exec_test.go:1859:8: undefined: ioutil`
dc473cad build(deps): bump github.com/cilium/ebpf from 0.6.2 to 0.7.0
8542322d libcontainer: Add unit tests with userns and mounts
55162941 Remove io/ioutil use
6a4f4a6a libcontainer/ignoreTerminateErrors: simplify for Go 1.16+
12e99a0f Require Go >= 1.16
3d986766 ci/gha: install latest stable Go version
c5ca778f ci: temporarily disable criu repo gpg check
81fdc8ce New integration tests for user namespaces bind sources
9c444070 Open bind mount sources from the host userns
a80e1217 libct/intelrdt: add Root()
794cd66d libct/system: Exec: wrap the error
6eba68de build(deps): bump github.com/opencontainers/selinux from 1.8.5 to 1.9.1
e395d2dc libct: Init: remove LockOSThread
916c6a15 libct/cg/fs2: fix GetStats for unsupported hugetlb
f9667e63 Make DevicesGroup's "TestingSkipFinalCheck" attribute public
2e0ceaa9 fix createDevices when no Linux section
fae5d8b5 release: add s390x
f95063ed Dockerfile: fix for seccomp
7758d3fb libct/cg/sd/v2: Destroy: remove cgroups recursively
580e43ec contrib: rm init from bash completion
0202c398 runc exec: implement --cgroup
cc15b887 tests: add integration test for cgroups hybrid
a8435007 cgroups: join cgroup v2 when using hybrid mode
39914db6 runc exec: don't skip non-existing cgroups
7d446c63 libct/cg.WriteCgroupProcs: improve errors
cc1d7466 exec.go: nit
0d297b71 ci/gha: test criu-dev with latest go
16aedc31 ci/gha: remove debug info
3fd1851c CI/GHA: switch to OBS criu repo
81dc5599 Dockerfile: fix apt-key warning
2bf560fb Dockerfile: use Debian_11 repo for criu
99ddc1be libct/cg/fs: rm m.config == nil checks
57edce46 libct/cg: add Resources=nil unit test
1af4ed11 libct/cg/sd/v2: move fsMgr init to NewUnifiedManager
9a2146fa libct/cg/sd/v2: move path init to NewUnifiedManager
39be6e97 libct/cg/fs2: minor optimization
b14a6cf9 libct/cg/sd/v1: move path init to NewLegacyManager
fcc48168 libct/cg/fs: document path removal
6c5441e5 libct/cg/fs: move paths init to NewManager
097c6d74 libct/cg: simplify getting cgroup manager
3c8db638 script/release.sh: update libseccomp to 2.5.2
f30244ee make release: add cross-build
23d79aae Makefile: only build runc for static target
d2b6899e Makefile: fixes for seccompagent
43b36dc4 Support changing of lsm mount context on restore
412d68d1 Vendor in go-criu v5.1.0
163e2523 libct/cg: replace bitset with std math/big library
6806b2c1 runc delete -f: fix for cg v1 + paused container
e6928865 libct/cg/fs: refactor
7d1cb320 libct/cg/fs: rename join to apply
5c7cb837 libct/cg/fs: micro optimization
19b542a5 libct/cg/fs: move internal code out of fs.go
eb09df74 libct/cg/sd/v1: initPaths: minor optimization
63c84917 libct/cg/sd/v1: optimize initPaths
c7e0864d libct/cg/sd/v1: factor out initPaths
dc907e8d libct/cg/sd/v*.go: nit
d974b22a create, run: amend final errors
9ba2f65d startContainer: minor refactor
1545ea69 delete, start: remove newline from errors
af641cd5 seccomp: Add test using the seccomp agent example
08659080 build(deps): bump github.com/bits-and-blooms/bitset from 1.2.0 to 1.2.1
622acd24 build(deps): bump github.com/opencontainers/selinux from 1.8.4 to 1.8.5
47abdcee ci/gha: update golangci-lint to 1.42.1
704a1878 contrib/cmd/seccompagent: fix build tags
49137c2a ci/gha: bump shfmt to 3.3.1
f1b703fc libct/nsenter/nsexec.c: honor _LIBCONTAINER_LOGLEVEL
d5ffe83f libct/nsenter/nsexec.c: factor out getenv_int
d2f49d45 libct/nsenter/nsexec.c: improve bail
6c4a3b13 runc init: pass _LIBCONTAINER_LOGLEVEL as int
0a3577c6 utils_linux: simplify newProcess
51cd519e seccomp agent: Return non-zero on failures
8b790e4f seccomp agent: Use arch SCMP_ARCH_X86_64
4a4d4f10 Add support for seccomp actions ActKillThread and ActKillProcess
4a751b05 seccomp: drop unnecessary const SCMP_ACT_* defines
72b5c3ca build(deps): bump github.com/godbus/dbus/v5 from 5.0.4 to 5.0.5
00772cae tests: add functional tests for seccomp notify
5ae831d9 tests: add functional tests for seccomp
e21a9ee8 contrib: add sample seccomp agent
c64aaf0e libcontainer/specconv: extend SetupSeccomp tests
2b025c01 Implement Seccomp Notify
4e7aeff6 libcontainer/utils: introduce SendFds
c55530be vendoring: Use libseccomp with notify support
64358c4d optimize log: move WriteJSON defer as early as possible
39d0ee18 script/release.sh: fix for opensuse
a20c8b29 runc --debug: shorter caller info
b55b3081 libct/logs: do not show caller in nsexec logs
c3910e73 libct/logs: parse log level implicitly
c4826905 libct/logs: test: make more robust
33dcb994 libct/nsenter/nsenter_test.go: logging nits
78b27155 libct/nsenter: test: rm misleading comments
2c46455c libct/nsenter: test: improve TestNsenterChildLogging
feb1fe11 libct/nsenter: test: fix TestNsenterValidPaths
3df6a02f libct/nsenter: test: improve newPipe
347c371b CI: Mark CGO warnings as errors
d8da0035 *: add go-1.17+ go:build tags
1b17ec95 libct/cg: rm "unsupported.go" files
dbb9fc03 libct/*: remove linux build tag from some pkgs
c5b0be78 Rm build tags from main pkg
9ff64c3d *: rm redundant linux build tag
895e0a5c nsenter: fix typo in bail message
1f5798f7 improve error message when dbus-user-session is not installed
63944578 tests/int: add a "update cpu period with pod limit set" test
1b2adcfe libct/cg/v1: workaround CPU quota period set failure
09b80811 Revert "libct/devices: change devices.Type to be a string"
538ba846 libct/error.go: rm ConfigError
6145628f configs/validate: audit all returned errors
bbcf96f9 libct/cg/devices: stop using regex
fb629db6 tests/int/helpers: fix shellcheck warnings
f65276db tests/int/helpers: rm $bundle handling
b3d14488 Add support for rdma cgroup introduced in Linux Kernel 4.11
8d8415ee libct/logs: remove ConfigureLogging
f77fb7a3 init.go, main.go: don't use logs.ConfigureLogging
93937000 libcontainer/intelrdt: update code comments
a37a89f4 libct/system: add I and P process states
f90008ae libct/system.Stat: fix/improve/speedup
412c6f06 libct/system/proc_test: fix, improve, add benchmark
74ae9e0f checkpoint: resolve symlink for external bind mount(fix ci broken)
24d318b8 Dockerfile: switch to bullseye
9a095e44 libct/cg/sd/v1: add SkipFreezeOnSet knob
fec49f2a libct/cg/sd/v1: add freezeBeforeSet unit test
41043673 libct/cg/sd/v1: Fix unnecessary freeze/thaw
a5871801 ci: add go1.17
75761bcc Fix codespell warnings, add codespell to ci
db8330c9 libct/nsenter: fix unused-result warning
844d6774 CI: Validate compilation without buildtags
51508210 libct/nsenter: nullify pointer on asprintf error
2ab6484f libct/nsenter: no need to check size_t less than 0
f0dbefac .cirrus.yum: retry yum if failed
814f3ae1 libct/devices: change devices.Type to be a string
74b5c34e .cirrus.yml: simplify
77fb9aff build(deps): bump github.com/containerd/console from 1.0.2 to 1.0.3
bd50e7c4 libct/cg/OpenFile: check cgroupFd on error
ab577f6f MAINTAINERS: add Sebastiaan van Stijn
2bab4a56 libct/nsenter: fix logging race in nsexec
bda1bd7a build(deps): bump github.com/opencontainers/selinux from 1.8.3 to 1.8.4
c2d9668c libct/cg/OpenFile: fix openat2 vs top cgroup dir
1b4c30fd libcontainer/intelrdt: always run unit tests
79d292b9 libcontainer/intelrdt: verify ClosID existence
17e3b41d libcontainer/intelrdt: support ClosID parameter
7296dc17 libcontainer/intelrdt: refactor clos path handling
1cbfe234 libct/cg: rm dead code
d0c3bc44 libct/cg: GetAllPids: optimize for go 1.16+
363468d0 libct/cg: improve GetAllPids and readProcsFile
504271a3 libct/cg: move GetAllPids out of utils.go
fc99ab7e build(deps): bump github.com/opencontainers/selinux from 1.8.2 to 1.8.3
0f94799e man/runc-run.8: document --keep option
cb824629 proposal: add --keep to runc run
e06465ac ci/cirrus: remove unused code
120f7406 ci/gha: add latest criu-dev test run
60e02b4b runc exec: fail with exit code of 255
18f434e1 script/release.sh: make builds reproducible
61e201ab makefile: update ldflags and add strip for static builds
5110bd2f nsenter: remove cgroupns sync mechanism
7a0302f0 runc init: simplify
a91ce306 libct/*_test.go: use t.TempDir
3bc606e9 libct/int: adapt to Go 1.15
1eeaf113 libct/intelrdt/*_test.go: use t.TempDir
f6a56f60 libct/cg/fs/*_test.go: use t.TempDir
2d1645d2 libct/cg/fscommon: drop go 1.13 compatibility
6215b2f3 ci/gha: drop Go 1.13
a952b5aa README, go.mod: require go 1.15+
12a1dccb Revert "libcontainer: avoid using t.Cleanup"
015fa29a Revert "Revert "Makefile: rm go 1.13 workaround""
5dd92fd9 libct/seccomp: skip redundant rules
e44bee10 libct/seccomp: warn about unknown syscalls
073e085c libct/seccomp: ConvertStringToAction: fix doc
9f656dbb Do not use Vagrant for CentOS 7/8
d4480164 tests/rootless.sh: fixup for "update rt" test
86af5248 tests/int: fix "update rt period and runtime" for rootless
cc0b1644 README.md: remove abandoned versioning policy
87bfd20f Evaluate Cirrus CI for Vagrant tests
a7110262 libct/cg/sd: add TestPodSkipDevicesUpdate
52dd96db libct/cg/sd: TestFreezePodCgroup: rm explicit freeze
f2db8798 libct/cg/sd/v1: Set: avoid unnecessary freeze/thaw
5dc32604 libct/int/TestFreeze: test freeze/thaw via Set
af1688a5 libct/int: allow subtests
67cfd3d4 libct/cg/sd/v1: Set: don't overwrite r.Freezer
d02b0061 ci/gha: run on release-* branches after a push
57e3c541 cgroupv2: ebpf: ignore inaccessible existing programs
fe518a06 vendor: update github.com/cilium/ebpf
3e5c1997 libct/cg/sd: Add freezer tests
294c4866 libct/cg/fs/freezer.GetState: report current cgroup state
f33be7cc libct/cg/sd: Don't freeze cgroup on cgroup v2 Set
d41a273d Update device update tests
be1d5f83 ci: enable unconvert linter, fix its warnings
6be088d6 tests/int/dev: add CAP_SYSLOG to /dev/kmsg tests
9f2a1f4d deps: update to github.com/cyphar/filepath-securejoin@v0.2.3
24d5daf5 libct/user: fix parsing long /etc/group lines
226dfab0 libct/user: ParseGroupFilter: use TrimSpace
120e3a77 libct/user: use []byte more, avoid allocations
83776dd8 libcontainer: Bail on close(2) failures
7d479e6b libcontainer: Don't close fds already closed
e39ad650 retry unix.EINTR for container init process
c508a7bc libct/rootfs: consolidate utils imports
1bbeadae tests/int/no_pivot: fix for new kernels
0229a77a libcontainer/intelrdt: privatize some ids
8f8dfc49 libcontainer/intelrdt: move NewLastCmdError down
00d15629 libct/intelrdt: simplify NewLastCmdError
e0ce428b libct/intelrdt: remove NotFoundError type
feff2c45 libct/intelrdt: fix potential nil dereference
82498e3d libct/specconf: remove unneeded checks
bc96a59d build(deps): bump google.golang.org/protobuf from 1.26.0 to 1.27.1
70fdc057 Revert "checkpoint: resolve symlink for external bind mount"
e618c02d libct/stacktrace: remove
e918d021 libcontainer: rm own error system
60c647a7 libct/error: rm ConsoleExists
a7cfb23b *: stop using pkg/errors
b60e2edf libct/cg: stop using pkg/errors
a6cc36a8 libct/cg/ebpf: stop using pkg/errors
f137aaa2 libct/cg/devices: stop using pkg/errors
ebb08128 .golangci.yml: enable errorlint
56e47804 *: ignore errorlint warnings about unix.* errors
f6a0899b *: use errors.As and errors.Is
5d2a11ad tty.go: don't use pkg/errors, use errors.Is
c6fed264 libct/keys: stop using pkg/errors
adbac31d libct: fix errorlint warning about strconv.NumError
7be93a66 *: fmt.Errorf: use %w when appropriate
d8ba4128 libct/rootfs: improve some errors
36aefad4 libct: wrap unix.Mount/Unmount errors
825335b2 libct/cg/fs2: fix/unify parsing errors
5a186d39 libct/cg/fs: fix/unify parsing errors
f813174d libct/cg/fscommon: introduce and use ParseError
adcd3b44 libct/cg/fs[2]: simplify getting pid stats
4e330942 libct/cg/fs/stats_util_test: fix errors
563225d5 libct/StartInitialization: fix errors
3fee59f9 libct/cg/fs/*_test: simplify errors
fdf4e90e libct/cg/fscommon.ParseKeyValue: no need to wrap err
627a06ad Replace fmt.Errorf w/o %-style to errors.New
242b3283 libct/cg/fscommon: rm unused var
92e8d9b9 libct/intelrdt: error message nits
041caf10 VERSION: back to development
dfc0f069 man/*: revamp
85aabe23 C/R: let criu use its default if --work-path is not set
e8bd33ae runc --help: improve log options description
cf4ecaed runc update: hide --kernel* options
4065c394 exec: rm --no-subreaper flag
da22625f checkpoint: resolve symlink for external bind mount
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
||
|
Bruce Ashfield
|
db7647c53e |
kubernetes: update to v1.23.2
Bumping kubernetes to version v1.23.2-rc.0-26-gfa546d8cc76, which comprises the following commits:
cce0b96068c fix nil pointer in create secret commands
27a66989d0f Fix order of commands in the snapshot tests for persistent volumes
cc6c36f286d client-go: Clear the ResourceVersionMatch on paged list calls
271a9f0e58d Improving performance of EndpointSlice controller metrics cache
98cc4f9e96a fix the error when cleaning up jobs for cronjob
6ca361089db Update CHANGELOG to add missing release notes.
40d718778d4 apf: ensure exempt request notes the classification
77b0a633575 Update CHANGELOG/CHANGELOG-1.23.md for v1.23.1
aef116487af Release commit for Kubernetes v1.23.2-rc.0
86ec240af8c Release commit for Kubernetes v1.23.1
1292aee8707 add gce loadbalancer no-op finalizer and existingFwdRule tests
40c6f562eb3 disable gce service handling if has rbs forwarding rule
41b00595137 add ELBRbsFinalizer
036fd24b91c add gce elb rbs opt-in annotation
78e8cb0743c cherry pick of knp 0.0.27
0072226ca87 Re-introduce removed kubectl --dry-run values.
c237c5c78fc Point flowcontrol users at v1beta2
c836ebae52f [go1.17] Update to go1.17.5
d065f7ffe77 dependencies: Update golang.org/x/net to v0.0.0-20211209124913-491a49abca63
ea103cb23a9 mount-utils: Detect potential stale file handle
1346242fd57 Skip creating HNS loadbalancer with empty endpoints
38a678fccfb Add regression test for CPUManager distribute NUMA algorithm
6d437c7e827 Add unit test for CPUManager distribute NUMA algorithm verifying fixes
53fd9db1629 Fix accounting bug in CPUManager distribute NUMA policy
9cb973ac5ee Fix error handling in CPUManager distribute NUMA tests
462f3c90b05 Add a sum() helper to the CPUManager cpuassignment logic
03666ecf4fc Allow the map.Values() function in the CPUManager to take a set of keys
22b6be8c2cb Fix CPUManager algo to calculate min NUMA nodes needed for distribution
471dd78f5ea Fix unit tests following bug fix in CPUManager for map functions (2/2)
1db0c5136e7 Fix unit tests following bug fix in CPUManager for map functions (1/2)
18392c0c4ca Fix bug in CPUManager map.Keys() and map.Values() implementations
4c7bcbddd62 Ensure we balance across *all* NUMA nodes in NUMA distribution algo
d1248480b20 Short-circuit CPUManager distribute NUMA algo for unusable cpuGroupSize
3a9b3072612 Round the CPUManager mean and stddev calculations to the nearest 1000th
5fc309181ab updated deprecation messages from 1.23 to 1.24
f94a022c1bb kubelet: set failed phase during graceful shutdown
b63d5a805b3 kubeadm: avoid requiring a CA key during kubeconfig expiration checks
a18dbc12a46 kubeadm: print the CA of kubeconfig files in "check expiration"
880e0ac50f7 kubeadm: validate local etcd certficates during expiration checks
f9c8af54ccb publishing-bot/doc: add component-helpers to the readme
3245fe216f2 publishing-bot/rules: remove non existing component-helpers branch 1.19 from the rules
57f88ec404e Changelog: mention kube-scheduler bits deprication
f42cbbbff43 rbd: initialize ceph monitors slice with an empty value.
0a1d2914614 Direct v2betaX users to migrate to HPA v2
064a272ee03 DelegateFSGroupToCSIDriver e2e: skip tests with chgrp
dd1b0a12471 Update CHANGELOG/CHANGELOG-1.23.md for v1.23.0
8aef834386e [go1.17] Update to go1.17.4
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
||
|
Bruce Ashfield
|
14025b2ee5 |
kubernetes: add sysctl.d configuration
The startup of kubernetes relies on some kernel/runtime configuration. We create a sysctl.d snippet to ensure that critical ones are set when installing our packages. Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> |
||
|
Bruce Ashfield
|
308d31d026 |
kubernetes: add README
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> |
||
|
Bruce Ashfield
|
4d0f0a5ca2 |
k8s: introduce host/controller initialization script
Adding a simple helper to setup a host to the NodeReady state. Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> |
||
|
Bruce Ashfield
|
9c1f90d46b |
runc-docker: update to 1.0.3
Bumping runc to version v1.0.3-2-ge0124d56, which comprises the following commits:
31f7b334 VERSION: back to development
f46b6ba2 VERSION: release v1.0.3
b8dbe466 runc init: avoid netlink message length overflows
e73ff667 [1.0] ci: add Go 1.17, drop Go 1.15
2c30069c libct/cg/sd/v2: Destroy: remove cgroups recursively
42bfc63b script/release.sh: fix for opensuse
8e96a96f libct/cg/fs2: fix GetStats for unsupported hugetlb
e84e7f93 [1.0] Fix failure with rw bind mount of a ro fuse
cbb23675 runc run: fix ro /dev
e802cfae test/int/mount.bats: refer to github issue
3640499a libct/rootfs: consolidate utils imports
aa1d1ca5 tests/int/dev: add CAP_SYSLOG to /dev/kmsg tests
fdee8658 libct/int/checkpoint_test: fix ParentImage
cbb5ef5c improve error message when dbus-user-session is not installed
86d83333 VERSION: back to development
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
||
|
Bruce Ashfield
|
df3cc49550 |
runc: update to 1.0.3
Bumping runc to version v1.0.3-2-ge0124d56, which comprises the following commits:
31f7b334 VERSION: back to development
f46b6ba2 VERSION: release v1.0.3
b8dbe466 runc init: avoid netlink message length overflows
e73ff667 [1.0] ci: add Go 1.17, drop Go 1.15
2c30069c libct/cg/sd/v2: Destroy: remove cgroups recursively
42bfc63b script/release.sh: fix for opensuse
8e96a96f libct/cg/fs2: fix GetStats for unsupported hugetlb
e84e7f93 [1.0] Fix failure with rw bind mount of a ro fuse
cbb23675 runc run: fix ro /dev
e802cfae test/int/mount.bats: refer to github issue
3640499a libct/rootfs: consolidate utils imports
aa1d1ca5 tests/int/dev: add CAP_SYSLOG to /dev/kmsg tests
fdee8658 libct/int/checkpoint_test: fix ParentImage
cbb5ef5c improve error message when dbus-user-session is not installed
86d83333 VERSION: back to development
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
||
|
Bruce Ashfield
|
ee1e169f0b |
kubernetes: update to 1.23.x series
Bumbing kubernetes to the latest release branch (now that our go compiler meets the minium standards). We also add a networking configuration similar to the k3s one, but named appropriately so that CNI will read and do basic configuration. We also add some missing rdepends that were preventing the controller node from fully initializing. Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> |
||
|
Bruce Ashfield
|
0846bddaef |
skopeo: update to v1.5.2
Bumping skopeo to version v1.5.2-3-g1d24e657, which comprises the following commits:
4dcd28df Use a dynamic temp dir for test
789ee8be Bump to 1.5.3-dev
8a88191c Release 1.5.2
69728fdf Update to c/image v5.17.0
47066f2d Cirrus: Bump Fedora to release 35 & Ubuntu to 21.10
adfa1d4e Bump github.com/docker/docker
05a2ed49 proxy: Uncapitalize all errors
e9535f86 tests: Add new "procutils" that exposes PDEATHSIG
fa86297c proxy_test: Test `GetConfig`
2bb6f27d proxy_test: Add helper to read all from a reply
f90725d8 proxy_test: Add a helper method to call without fd
644074cb proxy: Add support for manifest lists
83416068 tests/integration/proxy_test: New test that exercises `proxy.go`
a3adf36d proxy: Use float → int helper for pipeid
6510f101 proxy: Add a helper to return a byte array
e7b7be57 proxy: Add an API to fetch the config upconverted to OCI
942cd6ec Fix bug that prevented useful diagnostics on registry fail
41de7f2f use fedora:latest in contrib/skopeoimage/*/Dockerfile
c264cec3 Move to v1.5.2-dev
2b357d82 Bump to v1.5.1
4acc9f0d main: Error out if an unrecognized subcommand is provided
7885162a move optional-flag code to c/common/pkg/flag
36d860eb Add --dest-precompute-digests option for docker
c8777f3b bump containers/image to 2541165
985d4c09 Add instructions to generate static binaries
11b59898 Add new `experimental-image-proxy` hidden command
2144a37c issue#785 inspect command - introduce a way to skip querying available tags for an image
60c98cac Document container images as an alternative to installing packages
89ecd5a4 Introduce --username and --password to pass credentials
119eeb83 Move to v1.5.1-dev
209a9931 Bump to v1.5.0
3e4d4a48 Bump github.com/containers/image/v5 from 5.16.0 to 5.16.1
3a97a0c0 Bump github.com/docker/docker
ff88d3fc Remove leftover Nix packaging files
e19b57c3 Update github.com/containerd/containerd to v1.5.7
b950f83c issue#1466 - Introduce a --keep-going option to allow "sync" command to continue syncing even after a particular image sync fails
12d01037 Bump github.com/containers/storage from 1.36.0 to 1.37.0
e0c53dfd Update installation doc with latest steps
aba57a88 Makefile: drop nix support
93c42bcd Bump github.com/containers/common from 0.45.0 to 0.46.0
c0f07d3d Bump github.com/containers/common from 0.44.1 to 0.45.0
0ce7081e Bump github.com/containers/common from 0.44.0 to 0.44.1
52dafe8f Update to github.com/vbauerster/mpb v7.1.5
ee8b8e77 Explain the usage of DISABLE_DOCS in the installation doc
1d204fb1 Update VM Images + Drop prior-ubuntu references
61310777 issue#1411 Introduce DISABLE_DOCS to skip doc generation while building from source
ed96bf04 Bump github.com/containers/common from 0.43.2 to 0.44.0
a837fbe2 Bump github.com/containers/storage from 1.35.0 to 1.36.0
9edeb69f Remove the extra (defaults to true) help msg
a2d083ca Bump github.com/containers/image/v5 from 5.15.2 to 5.16.0
0e87d4d1 Run (gofmt -s -w)
c399909f Update non-module dependencies
102e2143 Bump github.com/containers/image/v5 from 5.15.1 to 5.15.2
7d5ef9d9 Bump github.com/containers/common from 0.43.1 to 0.43.2
70eaf171 Add OWNERS file
61969472 Bump github.com/containers/image/v5 from 5.15.0 to 5.15.1
ec1ac5d0 Bump github.com/containers/storage from 1.34.0 to 1.34.1
082db20f Bump github.com/containers/common from 0.43.0 to 0.43.1
8dce403b Add codespell fixes
f6ae7865 systemtests: if registry times out, show container logs
9acb8b6a Bump github.com/containers/common from 0.42.1 to 0.43.0
a23b9f53 Bump github.com/containers/storage from 1.33.2 to 1.34.0
be821b4f Bump github.com/containers/storage from 1.33.1 to 1.33.2
ab87b15f Cirrus: Run checks directly on the host
1aa98bab Github: Add workflow to monitor Cirrus-Cron builds
fbf96998 Bump github.com/docker/docker
a3bb1cc5 Bump github.com/containers/common from 0.42.0 to 0.42.1
0667a1e0 Bump to 1.4.1-dev
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
||
|
Martin Jansa
|
62338f445a |
singularity: fix build with automake-1.16.5
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> |
||
|
Bruce Ashfield
|
9148b795f3 |
podman-compose: update to 0.1.8
Bumping podman-compose to version 0.1.8-2-g1555417, which comprises the following commits:
1555417 FIXES #361: key error _service
1f989ed FIXES #356: respect pull_policy
66ce2a3 release 0.1.8
d8e11d5 FIXES #312: run starts dependencies
72c3572 #289: exit code and test for that
c187e88 up and down specific containers
31b8bb4 simpler passing of env
f177712 Fix `up` arguments parsing
ae3deb1 #355: fix dry run
117b7fb command list of strings
5acb997 command list of strings
02b2f65 Update issue templates
a36b6f1 Update issue templates
e3be6dd Update issue templates
4b75678 Update issue templates
dcb038e remove tabs
a2fef56 FIXES #353: down in reverse order
c753b8e FIXES #167: support ContainerFile
c9486c9 #115: handle string entrypoint
f2aeaba #348: conditional --infra-name
2d80e43 remove print
d1a77de external name
c49f070 volumes with names
6d69b7c Add support external volumes
ab13503 add support for long port publishing format
069018c #342: set infra container name
b33c42b Readability fix for missing commands
785f7ad Get version info with setup.cfg
b6a9f8e #335: report version with -v
4a5fd23 #275 make pipx happy
dc0ac0d docs: added the transform_policy default and description
502d7cc #327: accept ports as string
e85d79d added cpu_shares flag for v2
bfb57b9 added cpu_shares flag for v2
2d0aad6 Also pull images with a build section
ff5b9f1 Support for logging
62aa337 feat(secrets): ✨ Add support for secrets
3836094 Update podman_compose.py
d97a20d #308: fix environment
f417c9a #120: extend not add
5ed5528 FIXES #120: parse mem and cpu limits
3d6ca3c FIXES #120: parse mem and cpu limits
6e3383d Convert numeric command arguments to string (fixes #77)
8ef7587 Fix some typos (found by codespell)
039fe30 Make sure port entries are converted to strings
62d2024 Add stop_signal service attribute
9317f98 #278: args
045cef2 #289: report exit code when --exit-code-from
a7f97b6 implement -e in run
0ea18b4 Force adding an .env file for the tests
00840d0 resolve conflict
2ad7daa Test variable interpolation in the YAML
080b8a3 Prefer 'compose.yaml' as per compose spec
226ac4f fix missing --label flag in volume creation
030a196 Fix README typo
901213e Update podman_compose.py
b337060 Add support for sysctls in compose file
b3090c3 Mode Python installation and test deps to requirement files
5fabfee Support annotations
75a63df fix: check `.env` in current dir with `isfile` instead of `exists`
08dd36f Add docker-compose labels for interoperability
669953b Rework argument generation to adhere directly to what podman accepts.
d3df688 Remove test code
bda7b5e Add exec support
6289d25 fixes #236: compatible with docker-compose
abc0813 Only pull each image once
9cd837f Fixes #236: Ensure project name works with podman
a4b8b5e Fix 'podman-compose version' with no compose file in the working directory
5971f57 FIXES #249: update dotenv with some envs
ab96f12 FIXES #249: update dotenv with some envs
f6a3cb0 Allow environment variables to be unset
497355f Re-order environment/env_files to match compose
20a86ea add --no-cache arg to build
4e2e960 build specific service
efba3a1 support str style configuration for env_file
9063976 BUG: 'podman stop -t 360.0' called for float, expects int on cli
3712b54 ENH: add timeout option to podman-compose down, as in https://docs.docker.com/compose/reference/down/
294f8ee Hashlib to generate SHA256 instead of MD5 for FIPS
105b129 Fix infinite loop
d3f3711 FIXES #181: accept init and init-path
7eacf14 MAINT: resolve https://github.com/containers/podman-compose/pull/180#issuecomment-632722974
8cd98ab MAINT: extend instead of append
047820d ENH: Added restart policy forwarding to podmann run, compose build args added to up args
e7b1382 Add --build-arg to 'up' (Fixes #161)
64ed554 Allow empty default/error value in substitution
93bf39e Add Security Policy
5915ba3 Catch error when compose file is empty
1ca6a88 target once
7b40079 Pass "target" parameter when building an image.
f9915c4 Check for target property when building images
1973340 Add support for --build-arg option
e8147e3 Add support for cap_add/cap_drop
7f210ff fixing "Error: unknown flag: --shm_size"
cbed801 start detached
6a42d68 add ports test
07a2430 Fixes #152: validate that podman is useable
5215782 Fixes #152: validate that podman is useable
03cbd29 pass volumes using -v
796e6a4 Avoid crash when no services are defined
efcbc75 Pass ulimit parameters when building container
dacc753 Add Code of Conduct
8c3b7e6 Added mount option delegated and cached
147f0ae Update README with dnf install instructions.
27d3caf Add support for privileged option
e7a9bd3 Show stopped containers in ps
ddd582c Add support for logs subcommand
169eaee Fix override of the run command
c5f8973 Mixed-case directory names break 'podman create'
12036aa FIXES #76: a service extends a service with same name
7222fdb exit if not files
bb7120f Fix stop command runs start instead
7ebbe2e Fix KeyErrors encountered with extended services
29d4cdc Remove unused funtion in setup.py
a9216c3 podman volume inspect mountPoint/Mountpoint
e538852 #57: better ps via label
b1c2b02 podman_compose.py
9e0dd2d extends with external file
72c1992 Remove never-shared options.
3e2381f Support extends
dee813a #47: version command
9684429 #52: fix how we split commands
87e7211 #54: fix ulimits
7269701 Fixed get of ulimit tag, according to docker-compose specification
b369073 Fix podman-compose run command parsing
62f0cc4 Changed -l flag to --label in order to be compatible with Podman 1.0.2.dev
c152d28 Support for generic container-compose format
8e43e69 FIX #41: compare original volume name
751aaa8 Add support for devices in a service
243bdb6 Add support for setting container ulimit
2202e7f Add support for setting container ulimit
f505e49 a test showing yaml anchor magic
2e4378f add string check for cmd line args
2a8d430 FIXES #35: now support multiple composer files
a512c0c #35: test for multiple -f
f008986 release 0.1.5
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
||
|
Bruce Ashfield
|
b8e53d99f9 |
podman: update to 3.4.2
Bumping libpod to version v3.4.2-4-g72031783c, which comprises the following commits:
25f35ac9e Use CGO_ENABLED=1 when building natively on darwin
7c98d542b Bump to v3.4.3-dev
2ad1fd355 Bump to v3.4.2
1d6397e5c Add release notes for v3.4.2
6d9b1e4b8 Fix partial log line handling with journald log driver
8b368b5e1 Fix Zsh completion command documentation
c2fb170b8 Fix flake in upgrade tests
6770fede7 VOLUME must be declared after RUN chown command
cedf1a3d4 podman-generate-kube - remove empty structs from YAML
e456873c0 Exclude already built sources for static build
e9f6e5194 Match .c files in Makefile
de852ebd0 shm_lock: Handle ENOSPC better in AllocateSemaphore
fc1707dfe Minor test tweaks
c8b7ca2ba pod/container create: resolve conflicts of generated names
2dc8db773 Add some information about disabling SELinux when using system volumes
93a3e720d Log Apache access_log-like entries at Info level [NO NEW TESTS NEEDED]
b1ac02dcb tweak a couple of flag descriptions in help output
718de67f3 Fix bindings container log test
dd6551055 test: run --cgroups=split in new cgroup
df9e0fdcb Fix tests of podman image trust --raw and --json
df736396e Tighten the expected output of the "podman image trust show" test
18c322d1c Use INTEGRATION_ROOT instead of current directory
3bd80ac9a Handle HTTP 409 error messages properly for Pod actions
a8332f694 Fix swagger definitions
5889c2c24 Cirrus: Authorize rootless user self-ssh
2a0aad6be Add information on how podman machine is updated
0ded340e6 Fix help message case for `podman version`
fa29ca710 Fix pause usage example
6bf6d7237 Set Checkpointed state to false after restore
2d6252b98 runtime: change PID existence check
a208bc24d Set DOCKER_HOST in the VM
246782133 runtime: check for pause pid existence
0519e7ef8 utils: do not overwrite the err variable
2b85684ad Fix systemd PID1 test
0e1f67b72 cgroups: use SessionBusPrivateNoAutoStartup
9707ff5d4 vendor: update godbus to v5.0.6
a67bf0f92 Slirp4netns with ipv6 set net.ipv6.conf.default.accept_dad=0
47afa6d96 Fix a few problems in 'podman logs --tail' with journald driver
729310a85 If Dockerfile exists in same directory as service, we should not use it.
7275d389b Document to not set K8S envars for CNI
955d01f5a [NO NEW TESTS NEEDED] Fix off-by-one index comparision (reported by LGTM)
2ff511798 Fix some typos in documentation and comments (found by codespell)
eead06b9d [CI:DOCS] Fix typo keep_id -> keep-id
8887cc7e4 podman run --memory=0 ... should not set memory limit
6f779b230 systemd: compatible with rootless mode
465e27cf1 Use exponential backoff when waiting for a journal entry
3b67336b6 Pod Rm Infra Improvements
f8ede7c5e System tests: confirm that -a and -l clash
c3f3e6d3b Remove infra ID from DB before removing containers
b3eaa08c5 Generate Kube should not print default structs
d489abf26 fuse-overlay probably means fuse-overlayfs.
34739f441 Replace 'an user' => 'a user'
9c94530bb network reload without ports should not reload ports
eca1b6c0b pod create: read network mode from config
9e78185e3 volumes: be more tolerant and fix infinite loop
5c2d17e1c [backport] tag: Support tagging manifest list instead of resolving to images
46f7d2af1 Bump to v3.4.2-dev
a6493ae69 Bump to v3.4.1
56a4372c2 Update release notes for v3.4.1
f05e206bd Fix test failures from backports
437ec951d system tests: socket activation: clean up
5aa89c88f Checkpoint/Restore test fixes
d39e41283 Set targetPort to the port value in the kube yaml
7923bfcb0 Test-hang fix: Wait for ready + timeout on connect.
c135ff76d Don't include ctr.log if not using file logging
9168db8bc Do not add TCP to protocol in generated kube yaml
b5dd62f31 Don't use docker/pkg/archive, use containers/storage/pkg/archive
a213661ae Fix panic in container create compat api
92ed439d2 Don't add image entrypoint to the generate kube yaml
16fb4161a Kube Gen run as user/group issues
3082ba8b7 No space in kube annotations for bind mounts
b470de05b cgroups: use cgroup.controllers to read controllers
8b87793d4 Use SplitN(2) when copying env variables
d458bc304 [CI:DOCS] Include manifest example usage
fbe94088f podman stats: move cgroup validation to server
338e01f04 [CI:DOCS] oci-hooks.5.md: fixup section in header
de6a4af5a Change podman.1 man page to show corret log-level default
326eae3b7 Add podman-plugins to upstream image
ca33df146 Ensure `podman ps --sync` functions
7bbf774e8 Allow `podman stop` to be run on Stopping containers
2cd206d0f libpod: fix race when closing STDIN
37347c321 It really should be no **NEW** tests needed
62d12a2ad Add guard for BuildOptions.CommonBuildOpts
c6be71486 machine: silently cleanup dangling sockets before rm if possible
835d74ac6 sdnotify test: accept MAINPID anywhere
14509a92b Allow a value of -1 to set unlimited pids limit
deb7517cc Gating tests: fix permissions error
cd4e10fdf [v3.4] bump c/common to v0.44.3
91f9682c7 Bump to v3.4.1-dev
6e8de00bb Bump to v3.4.0
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
||
|
Bruce Ashfield
|
9ab81946f6 |
docker-distribution: update to 2.7.1-latest
Bumping docker-distribution to version v2.7.1-38-gf7365390, which comprises the following commits:
97f6dace [release/2.7] vendor: github.com/opencontainers/image-spec v1.0.2
9a3ff113 fix go check issues
19b573a6 Change should to must in v2 spec
d836b23f [release/2.7] update to go1.16
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
||
|
Bruce Ashfield
|
b7efc7bce2 |
cri-tools: update to v1.22.0
Bumping cri-tools to version v1.22.0-64-ga9898388, which comprises the following commits:
794d57a4 Bump github.com/onsi/gomega from 1.16.0 to 1.17.0
0f2d4138 Refactor fish completion
c52d97b1 Rename bash and zsh completion functions
cad0736a Add zsh compinit tag
569d1769 Bump google.golang.org/grpc from 1.41.0 to 1.42.0
082da7c6 Bump github.com/docker/docker
0aade2a4 Bump github.com/onsi/ginkgo from 1.16.4 to 1.16.5
4e03be78 Add release publishing workflow
5c0c14e2 Bump github.com/opencontainers/selinux from 1.8.5 to 1.9.1
b4e1615c Add SHA512 sum for release files
22bdc0b9 Bump github.com/docker/docker
06422104 Bump google.golang.org/grpc from 1.40.0 to 1.41.0
b153327c Bump sigs.k8s.io/yaml from 1.2.0 to 1.3.0
c5fac65f Bump k8s.io/api from 0.22.1 to 0.22.2
36c9ae70 Bump k8s.io/cri-api from 0.22.1 to 0.22.2
c104c3a7 Bump k8s.io/apimachinery from 0.22.1 to 0.22.2
65509de9 Bump k8s.io/client-go from 0.22.1 to 0.22.2
59cf0fb9 Bump k8s.io/kubectl from 0.22.1 to 0.22.2
8d019343 Updates E2E test images registry
6824a581 Bump github.com/opencontainers/selinux from 1.8.4 to 1.8.5
057a0a48 Switch to go1.17 for CI
d9fe19b8 Bump github.com/opencontainers/runc from 1.0.1 to 1.0.2
56a2c456 Added dropping/adding `ALL` capabilities case to critest
1817da64 Bump github.com/onsi/gomega from 1.15.0 to 1.16.0
9c01f4d5 Bump k8s.io/cri-api from 0.22.0 to 0.22.1
e3ca48ad Bump k8s.io/client-go from 0.22.0 to 0.22.1
1e108dfb Bump k8s.io/api from 0.22.0 to 0.22.1
79ff09e9 Bump k8s.io/apimachinery from 0.22.0 to 0.22.1
f3863189 Bump k8s.io/kubectl from 0.22.0 to 0.22.1
32d96cbe Bump google.golang.org/grpc from 1.39.1 to 1.40.0
de44545a Bump github.com/onsi/gomega from 1.14.0 to 1.15.0
44385679 Bump github.com/opencontainers/selinux from 1.8.3 to 1.8.4
dd011a46 Bump google.golang.org/grpc from 1.39.0 to 1.39.1
3db8a88c Bump Kubernetes to v1.22.0
231cf44f Bump k8s.io/api from 0.21.3 to 0.22.0
032832ec Bump k8s.io/cri-api from 0.21.3 to 0.22.0
64e1ad02 Bump k8s.io/kubectl from 0.21.3 to 0.22.0
918e5c77 Bump k8s.io/apimachinery from 0.21.3 to 0.22.0
6ccbb79b Bump github.com/docker/docker
a2e29a4c Bump github.com/opencontainers/selinux from 1.8.2 to 1.8.3
0cfc8b32 crictl: Adds support for updating resource limits for Windows Containers
d6c95411 Bump k8s.io/api from 0.21.2 to 0.21.3
a9dc7558 Bump k8s.io/kubectl from 0.21.2 to 0.21.3
88e4d31b Bump k8s.io/apimachinery from 0.21.2 to 0.21.3
d7f79299 Bump k8s.io/cri-api from 0.21.2 to 0.21.3
5a43f6cd Bump github.com/onsi/gomega from 1.13.0 to 1.14.0
e89ffa50 Update GitHub actions to go 1.16 and remove .travis.yml
e5045b08 Bump google.golang.org/grpc from 1.38.0 to 1.39.0
31e70ff9 Update critest Windows tests.
03fa217f chore: switch containerd branch to main
aef70e40 Bump k8s.io/cri-api from 0.21.1 to 0.21.2
f6f6a393 Bump k8s.io/api from 0.21.1 to 0.21.2
b90eefd5 Bump k8s.io/kubectl from 0.21.1 to 0.21.2
85fa1307 Bump k8s.io/apimachinery from 0.21.1 to 0.21.2
bb845cfd rm_force_while_container_running_fix
e866f8ff Bump github.com/opencontainers/selinux from 1.8.1 to 1.8.2
a8e055d2 Bump github.com/onsi/ginkgo from 1.16.3 to 1.16.4
9de2a5e4 Bump github.com/docker/docker
c83bed06 Bump github.com/onsi/ginkgo from 1.16.2 to 1.16.3
c9cb3790 Bump github.com/onsi/gomega from 1.12.0 to 1.13.0
1d34ea0c Add global handler for Interrupt signal
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
||
|
Bruce Ashfield
|
1589b430e3 |
cri-o: update to 1.22.1
Bumping cri-o to version v1.22.1-5-ge3dfe61ca, which comprises the following commits:
d89a55e91 gh-actions: add sed for kube e2e
b1ac0896f release-notes: update to main
a90fcad56 test: add label for openshift e2e in dockerfile
1495b80e8 bump to 1.22.1
4ce3396b9 Skip volume relabel for super privileged containers
66e3210e0 test: skip certificate check for downloading parallel
91acfb2e7 test: fix shmft
325ec64d5 vendor: update to selinux 1.9.1
8bacf3132 test: fix selinux test failures
116eff337 server: FilterDisallowedAnnotations of containers earlier
e595eeb06 server: conditionally relabel volumes given annotation
69dfc4bc4 test: refactor allowed_annotation tests
92810c137 server: reduce args in addOCIBindMounts
54f343719 server: mount cgroup if hostNetwork
b40d9220b server: use container level host network setting
53755727a server: don't recalculate hostnet
a220ddf71 server: set spec when dropping infra
85043dab6 server: don't wait forever on conmon cgroup move fail
764e83f44 Do not log if Intel RDT is not supported
4542e5166 call cmd.Wait() in all cases we call Start()
2bd8e315b oci: call wait on conmon if cgroup move fails
d45f1f112 Fix missing quantile in `latency_microseconds_total` metrics
6a8cb41cd oci: use conmon for exec again
ddef4d063 install dependency in test step
f74d274fa blockio: apply annotations and blockio classes to Linux.Resources
7b3f68fa8 blockio: handle class configuration file if set
d7444c86d blockio: enable setting blockio class configuration file
5aacbedb2 fix checking in openpgp_tag.sh
2bfcfb6fb config: set internal_wipe to true by default, and deprecate the option
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
||
|
Bruce Ashfield
|
17e0be0dc3 |
cri-o: switch from master -> main
cri-o has joined the projects switching their default branch to main (and removing the old one). We update our recipe to avoid fetcher errors. Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> |
||
|
Bruce Ashfield
|
81e445d1bc |
containerd: update to 1.5.8
Bumping containerd to version v1.5.8, which comprises the following commits:
ef071b07b mailmap: Add Kevin Parsons
2385fd14d Prepare release notes for v1.5.8
15d8c03e3 schema1: reject ambiguous documents
833407fbf images: validate document type before unmarshal
01428ec40 Fix containerd fails to pull OCI image with non-`http(s)://` urls
2bd3f18d9 [release/1.5] go.mod: Bump hcsshim to v0.8.23
047ea15d2 [release/1.5] go.mod: Bump ttrpc to 1.1.0
7b20299bc [release/1.5] update Go to 1.16.10
641976bea [release/1.5] update Go to 1.16.9
b988fc918 Output a warning for label image labels instead of erroring
3109820f5 Update test timeout based on recent cancellations
16762f3e5 Fix spelling mistake in Windows snapshotter
6094bc770 Use DeactivateLayer to recover layers that we cannot rename
bf02a8330 task delete: Closes task IO before waiting
aa7c9d9da Fix pull fails on unexpected EOF
bc2f973ff Prepare release notes for v1.5.7
f95fca079 btrfs: reduce permissions on plugin directories
68119b417 v1 runtime: reduce permissions for bundle dir
97db45e83 v2 runtime: reduce permissions for bundle dir
bc8fdf832 Update release notes and mailmap
77dafa20c Prepare release notes for v1.5.6
a4b51d119 Fix panic in metadata content writer on copy error
147705920 Use github images for integration tests
514137aa0 cri: add devices for privileged container
6bfd09f7c Enable image config labels in ctr and CRI container creation
923088852 seccomp: support "clone3" (return ENOSYS unless SYS_ADMIN is granted)
4133c775c go.mod: update runc to v1.0.2
011fb4c0b update runc binary to v1.0.2
210d3bc15 Fix content copy to not ignore unexpected EOF
a863339c5 [release/1.5] update Go to 1.16.8
f3d46f828 CI: Switch to available latest images
c7ed09d55 Adding testing of two devices in a directory
0ca2e2751 Fix dir support for devices V3 (#4847)
0fd19511e go.mod: Update hcsshim to v0.8.21
c0534c168 [release/1.5 backport] cri: filter selinux xattr for image volumes
27e164648 Allow expanded DNS configuration
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
||
|
Bruce Ashfield
|
433417791e |
conmon: update to v2.0.30
Bumping conmon to version v2.0.1-288-ge67bb4d, which comprises the following commits:
a854c52 conmon: fix error message
5d5b853 logging: set SYSLOG_IDENTIFIER= with --log-tag
ed0b60c conmon: free userdata files before exec cleanup
42cecdf Cirrus: Remove disused scripts
1c7b233 test: drop seccomp tests
eb808d2 fix gh action yaml
e7a5e0c ctr_logs: use container name or ID as SYSLOG_IDENTIFIER for journald
f263cf4 logging: new mode -l passthrough
f231c7f ctrl: delete the fifo if it exists
7cfb1ac conmon_test: fix race condition on os.RemoveAll
c657db7 integration: use the built binary
fa1fa36 bump to v2.0.31-dev
2792c16 bump to v2.0.30
fec62f1 bump go version for podman tests
89072ea Update VM Images + Drop prior-ubuntu references
53c9f75 Remove unreachable code path
9e54dda exit: report if the exit command was killed
4d3dba9 exit: fix race zombie reaper
c834521 conn_sock: allow watchdog messages through the notify socket proxy
423c391 Add seccomp to build dependency
9c23760 Update nixpkgs
3a8c913 make: only define use_seccomp if we're using it
1d67d9e Makefile: correctly check seccomp notify support
e796a80 Makefile: make conditional-compilation variable setting uniform
e83c392 Makefile: unify condition checking
7381063 Cirrus: Remove outdated/wrong documentation
4a8762d Cirrus: Fix references to 'master' branch
1ef2468 Fix docs links due to branch rename
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
||
|
Bruce Ashfield
|
98f88eed32 |
docker-moby: update to v20.10.10
Bumping moby to version v20.10.10-9-g7bd682c48c, which comprises the following commits:
7677aeafd7 TestBuildUserNamespaceValidateCapabilitiesAreV2: cleanup daemon storage
34eb6fbe60 testutil: daemon.Cleanup(): cleanup more directories
c7edd308ad [20.10] Update Go to 1.16.10
6611c72b65 cmd/dockerd: create panic.log file without readonly flag
4b9a3dac46 Fix race in TestCreateServiceSecretFileMode, TestCreateServiceConfigFileMode
acb4f263b3 Fix racey TestHealthKillContainer
59d2a2c397 dockerd-rootless.sh: Fix variable not double quotes cause unexpected behavior
2c6aa5aad9 Remove needless check
3285c27503 Fix log statement 'failed to exit' timeout accuracy
a4bcd4c64f docker daemon container stop refactor
bed624fdc9 docker kill: fix bug where failed kills didnt fallback to unix kill
80b7e8b5d7 buildkit: normalize build target and local platform
c2b9a32875 vendor: Update go-winio to v0.4.20
c580a02873 [20.10] Update Go to 1.16.9
129a2000cf [20.10] update containerd binary to v1.4.11
6835d15f55 [20.10] update containerd binary to v1.4.10
5730c139f7 Bump swarmkit to get fix for rollback
59f10e3435 quota: adjust build-tags to allow build without CGO
fa78afebcf Update Go to 1.16.8
567c01f6d1 seccomp: add support for "clone3" syscall in default policy
07728cd2bd update runc binary to v1.0.2
964768f200 cmd/dockerd: add the link of "the documentation"
80f1169eca chrootarchive: don't create parent dirs outside of chroot
93ac040bf0 Lock down docker root dir perms.
b0c0b73798 bump up rootlesskit to v0.14.4
decb56ac89 Update Go to 1.16.7
Bumping docker-cli to version v20.10.10, which comprises the following commits:
9989fdbc4 Update most links in docs to use https by default
0e20c1fd2 Update Go to 1.16.9
1c0927a04 Dockerfile: update tonistiigi/xx to 1.0.0-rc.2, add XX_VERSION arg
82f9d5921 info: skip client-side warning about seccomp profile on API >= 1.42
adb01ca79 docs: some minor touch-ups in checkpoint reference
8260476a0 docs: remove trailing space to fix generated YAML format
bce2e1f95 docs: create.md: typo fix
44064f51c Fix typo in documentation - build.md
292779add Add doc for BUILDKIT_PROGRESS env var
f2e79b826 docs: use "console" code-hint for shell examples
fa46b9236 docs: rewrite reference docs for --stop-signal and --stop-timeout
400f81089 experimental: fix broken link to "checkpoint and restore" page
c72057c8d docs: move checkpoint/restore doc from experimental into reference
77db97d59 Use private network address for default-address-pools setting in daemon.json example
cbf0d2b7b docs: fix some broken anchors
d0014a86b docs: fix description of restart-delay to mention max (1 minute)
6c1c8b55a docs: fix search results by filterd is-official
44fdac11f Update Go to 1.16.8
061051c24 docs: add missing redirect, and remove /go/experimental redirect
2012fbf11 Update Go to 1.16.7
42d1c0275 registry: ensure default auth config has address
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
||
|
Bruce Ashfield
|
c5d89fea4a |
kubernetes: update to v1.22.4
Bumping kubernetes to version v1.22.4-rc.0-26-ga82c1e72259, which comprises the following commits:
a1bc265ce68 Fixed unit test SELinux support
9286d722d5e Add shortcut for SELinux detection
8ddc2963808 Don't guess SELinux support on error
24b725f29f1 Use separate pathSpec for local and remote to properly handle cleaning paths
3bf2248bda7 [go1.16] Update to go1.16.10
bd146ab0e1b Automated cherry pick of #105122: added keys for structured logging (#105137)
98ad7ac4ef4 Update debian, debian-iptables, setcap images to pick up CVE-2021-33910 fixes
b9236d7cd4a Fixing how EndpointSlice Mirroring handles Service selector transitions
9e778cb6ede Fix race condition in logging when request times out
dee25f4db12 Remove nodes with Cluster Autoscaler taint from LB backends.
e565102bce7 Support cgroupv2 in node problem detector test
33b5f0f1eaf Update CHANGELOG/CHANGELOG-1.22.md for v1.22.3
39f5a506c81 Release commit for Kubernetes v1.22.4-rc.0
c9203682049 Release commit for Kubernetes v1.22.3
6765a52acd9 Free APF seats for watches handled by an aggregated apiserver.
dd8563b0184 Run storage hostpath e2e test client pod as privileged
fc580a41252 support more than 100 disk mounts on Windows
176ba1d5236 [go1.16] Update to go1.16.9
cdfd8141855 Clear initial UDP conntrack entries for loadBalancerIPs
b30f24e2579 Verifying the auth headers are set for upgraded aggregated API requests
0dfe8e33143 apiserver aggregator upgrade unit test
36a9689ce81 Aggregator uses the regular transport even if the request requires upgrades
5fb05afd9f8 Fix PreferNominatedNode test
410c0413757 Remove Error Message Check Dynamic PV Tests
fcb66167905 go fmt
82cd11e646e Add e2e test to verify kubelet restart behaviour
8fa5ff3712c kubelet: set terminated podWorker status for terminated pods
bc392586f01 Fix quota controller hotloop in integration tests
af46778d58d remove StartedPodsErrorsTotal metrice message
13d852c73dc Copy VolumeSnapshotContent annotations in snapshottable.go test
ae10967d23f Fix bugs in e2e pod test
60e425c9009 Ensure terminal pods maintain terminal status
c44db53f2c2 Do not sync Waiting statuses for Terminated pods
4ca2cee155c Adds CancelRequest function to CommandHeadersRoundTripper
cd94fec74c9 Fixes kubectl command headers which hangs on kubectl run
60ee69c79bb Revert "Build non-static binaries with PIE buildmode"
e989925e232 Ignore VMs in vmss delete backend pools
407cc91f95a Fix CSR test to accept certs shorter than the requested duration
6bf5db2e3f7 fix: skip not found nodes when reconciling LB backend address pools
3ceb7b87649 fix: consolidate logs for instance not found error
e15dcbe404c Remove a duplicate StorageClass creation call
6763300949a Update Containerd version - GCE Windows
a135518af00 e2e scheduling priorities: do not reference control loop variable
cc1eb760389 storege e2etest: Delete restored PVC/Pod in snapshottable
614988c6626 pkg/kubelet/cm/memorymanager: Fix ErrorS key/value pair
2f850d636e8 v1.22: Fix test flake in old svc registry
20fa03d60ea 'New' Event namespace validate failed
2ff2780dcc5 kubelet: Handle UID reuse in pod worker
a6539a662cd Add test for recreating a static pod
2d9957274a4 Update CHANGELOG/CHANGELOG-1.22.md for v1.22.2
9f314ed137d Release commit for Kubernetes v1.22.3-rc.0
8b5a1914753 Release commit for Kubernetes v1.22.2
4fa7cdfa93c Refine locking in API Priority and Fairness config controller
b23fffb83ed kube-controller-manager: properly check generic ephemeral volume feature
38c7182897c Fix null JSON round tripping
aeff924339a Propagate conversion errors
a69920a9588 integration test
b7854d5f1c9 fix 104329: check for headless before trying to release the ClusterIPs
d8ead0e1c7b fix detach disk issue on deleting node
c948d8cc53b kubelet: fix sandbox creation error suppression when pods are quickly deleted
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
||
|
Bruce Ashfield
|
7223f80a2b |
k3s: update to 1.22.3
Bumping k3s to version v1.22.3+k3s1, which comprises the following commits:
61a2aab25e Upgrade containerd
e1883d0537 Bump klipper-lb image for arm fix
5eb13b6ba6 Fix log/reap reexec
259ceb452c Fix other uses of NewForConfigOrDie in contexts where we could return err
cc23fce0a7 Watch the local Node object instead of get/sleep looping
6349aed8e8 Block scheduler startup on untainted node when using embedded CCM
db8f54e6af Update to v1.22.3 (#4348)
46eea2f10a Revert "Add ability to reconcile bootstrap data between datastore and disk (#3398)"
9a4ca5978b reset buffer after use (#4279) (#4329)
c9f6fa0be0 remove integration test
07f844cf95 Copy old bootstrap buffer data for use during migration (#4215)
48355dce10 Add ability to reconcile bootstrap data between datastore and disk (#3398)
84e9b829e0 Update peer address when running cluster-reset
06b8639068 Bump klipper-helm version
f98934980d Added configuration input to etcd-snapshot (#4280) (#4281)
7ede7d2e7c Update to the newest flannel
971854c15b Refactor log and reaper exec to omit MAINPID
3988edef25 Add containerd ready channel to delay etcd node join
b65bcdf963 Bump klog fork version
7c78e1c802 [Release-1.22] - Add etcd s3 timeout (#4207) (#4230)
c10a0a2163 Fix race condition in cloud provider
6193b1af97 Display cluster tls error only in debug mode (#4200)
737f722315 set transport to skip verify if se skip flag passed (#4102) (#4103)
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
||
|
Richard Neill
|
152e254b0f |
k3s: Add additional required kernel modules
Adds the following kernel modules for k3s: * xt-physdev * xt-nflog * xt-limit * nfnetlink-log Without them, the k3s network-policy-controller reports failures in the log related to iptables-restore. Signed-off-by: Richard Neill <richard.neill@arm.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> |
||
|
Bruce Ashfield
|
3fea81e4c5 |
crun/oci-image-spec: specify https in github src_uri
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> |
||
|
Bruce Ashfield
|
7fec18f265 |
criu: remove :append and += combination
bitbake is going to start warning about the combination of += and :append, which is rarely correct. We can use use :append and add the space. Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> |
||
|
Martin Jansa
|
baf9e1a06f |
global: convert github SRC_URIs to use https protocol
* apply the same also for recipes using PKG_NAME starting with github.com which the conversion script doesn't update automatically Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> |
||
|
Bruce Ashfield
|
e13ea7df92 |
oci-runtime-spec: update branch specification to main
master has become main in the runtime spec, so we update our recipe to match. Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> |
||
|
Bruce Ashfield
|
a9b1fb1787 |
crun: update runtime-spec branch to main
runtime-spec has moved to main instead of master, so we tweak our branch name to match. Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> |
||
|
Bruce Ashfield
|
0a7ae8bc50 |
global: convert github SRC_URIs to use https protocol
github is removing git:// access, and fetches will start experiencing interruptions in service, and eventually will fail completely. bitbake will also begin to warn on github src_uri's that don't use https. So we convert the meta-virt instances to use protocol=https (done using the oe-core contrib conversion script) Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> |
||
|
Bruce Ashfield
|
ac399ad091 |
global: add explicit branch to all SRC_URIs
As introduced in the oe-core post: https://lists.openembedded.org/g/openembedded-core/message/157623 SRC_URIs without an explicit branch will generate warnings, and eventually be an error. We run the provided conversion script to make sure that meta-virt is ready for the change. Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> |
||
|
Xu, Yanfei
|
3bff112a44 |
lxc: update to 4.0.11
update to 4.0.11 1.drop two patches that have been integrated to upstream repo. 2.drop tests-add-no-validate-when-using-download-template.patch because it is no longer appropriate as the "download" has been replaced with "busybox" 3.fix the apply failure of templates-use-curl-instead-of-wget.patch 4.update lxc from 4.0.10 to 4.0.11 Signed-off-by: Yanfei Xu <yanfei.xu@windriver.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> |
||
|
Kamil Dziezyk
|
e94f6cb9ab |
k3s: Add xt-statistic kernel module to rrecommends
Include the xt-statistic kernel module required by K3S for iptables configuration. Signed-off-by: Kamil Dziezyk <kamil.dziezyk@arm.com> Change-Id: I7592261c65c7c0831ce553ee907fba9e3e458b6f Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> |
||
|
Kamil Dziezyk
|
7304d7e245 |
k3s: Update k3s service configuration
Update k3s.service with the latest changes from install.sh script. Add k3s-killall.sh script to stop all of the K3s containers and reset the containerd state. The killall script cleans up containers, K3s directories, and networking components while also removing the iptables chain with all the associated rules. The cluster data will not be deleted. Signed-off-by: Kamil Dziezyk <kamil.dziezyk@arm.com> Change-Id: If1794367cabfc18fc8e3ecaf26badd4d0bc25114 Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> |
||
|
Bruce Ashfield
|
0429ecbcd8 |
podman: add rdepend on nsenter
Podman requires nsenter (for obvious reasons) .. and while this dependency is normally satisfied on images (via busybox), it is possible to build a minimal container image that excludes busybox .. and hence will not have nsenter present. Rather than making this a hard rdepends on util-linux-nsenter, we use a variable: VIRTUAL-RUNTIME_base-utils-nsenter, which can either be set to busybox or util-linux-nsenter (the current default). The VIRTUAL-RUNTIME_base-utils- format follows similarly named OEcore providers and variables .. which the exception that there is no entry in the preferred providers file there, and there's no package created called busybox-nsenter (but perhaps there could be in the future). Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> |
||
|
Bruce Ashfield
|
abf248bd38 |
umoci: switch branch to main
Like many other projects, umoci has switch to main instead of master. (and then deleted master) We change our branch specification to main, so the fetcher can once again find our desired SRCREV. Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> |
||
|
Bruce Ashfield
|
80065eb29f |
skopeo: refresh storage.conf
Our storage.conf is a bit stale and is throwing warnings during load (due to thin provisioning changing). We refreshin it from the skopeo repository. Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> |
||
|
Bruce Ashfield
|
9e5daf4885 |
kubernetes: add SRCREV_FORMAT
recipes that use multiple SCMs in the SRC_URI, must supply SRCREV_FORMAT or SRCPV triggers an expansion error. While this isn't fatal during the build, it can cause issues with setscene (and possibly) other tasks failing, which then leads to no sstate re-use, etc. Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> |
||
|
Bruce Ashfield
|
cbecee2492 |
docker-moby: add SRCREV_FORMAT
recipes that use multiple SCMs in the SRC_URI, must supply SRCREV_FORMAT or SRCPV triggers an expansion error. While this isn't fatal during the build, it can cause issues with setscene (and possibly) other tasks failing, which then leads to no sstate re-use, etc. Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> |
||
|
Bruce Ashfield
|
da57fa2aa4 |
docker-ce: add SRCREV_FORMAT
recipes that use multiple SCMs in the SRC_URI, must supply SRCREV_FORMAT or SRCPV triggers an expansion error. While this isn't fatal during the build, it can cause issues with setscene (and possibly) other tasks failing, which then leads to no sstate re-use, etc. Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> |
||
|
Bruce Ashfield
|
cf55d44e94 |
oci-image-spec: update to 1.0.1-latest
Bumping image-spec to version v1.0.1-97-g54a822e, which comprises the following commits:
fc4df0a Fix very minor oversight in config example
08dd547 media-types.md: clarify differences from Docker media types
170393e Embedded other platform fields in image spec
ebb32fd Use registry.example.com as example default registry
0e20f8a Add CPU variant to image config
a2b7b2f expected type/subtype test for descriptors should have comment that references failure, not success
875b7e5 pullapprove: remove defunct config
3b938ac Drop link to OCI scope table
ee4bfe1 Add background to png images
eaa222c image.base.ref.name -> image.base.name based on stevvooe's feedback
4221034 CODEOWNERS: switching from pullapprove to github builtin
4feeaac Describe how index manifests should work with base image annotations
a25f547 Removing Link Introduction
54bc9b7 Fix typo
b619890 Makefile: switch to the new OCI container image
9ed9683 adding github workflow to render docs and lint
87bb9f8 Create EMERITUS.md to recognize old maintainers
71ccc68 Add standard base image annotations
c435dd5 Remove Keyang Xie as a maintainer
a4ddb1f MAINTAINERS: update jonboulle email address
37e228a Update vbatts email address in MAINTAINERS
5f0d52c Replace Jason B with Jon J in image-spec maintainers
4366201 pandoc: point to a joint OCI org image
8211213 fixed typo in image-layout
78c42f4 Remove go4.org dependency
43022b9 MAINTAINERS: remove Brandon Philips @philips
8c25739 mediatype of layers should be application/vnd.oci.image.layer.v1.tar+gzip
c3a73dc zstd: add constants to specs-go/v1
d420390 README.md: return to one-sentence-per-line format
ea8062d Reference "org" repo for meeting info
1a29e86 media-types: Define layer media types suffix '+zstd'
042b4d7 Run tests with go 1.12
3d3783d Fix linting error
bd4f8fc annotations.md: Fix a small typo
c5f603f Fix table header grammar in annotations
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
||
|
Bruce Ashfield
|
cf81b3dec5 |
oci-runtime-spec: update to 1.0.2
Bumping runtime-spec to version v1.0.2-71-gab23082, which comprises the following commits:
411082c add youki to implementations.md
6641127 alphabetize the implementation list.
15f418e fix the lifecycle reference in the states listing
f0ac327 defs-zos: [Fix] prevent schema parsers from hitting recursion-loop while resolving types.
cc7f6ec config-linux: Add Intel RDT CMT and MBM Linux support
c83b45e Introduce zos as platform.
0c021c1 config-linux: clarify the handling of ClosID RDT parameter
9e65944 config-linux: fix indentation on IntelRdt
0f84938 schema/defs-linux: Fix inconsistencies with seccomp notify
7c549cb seccomp: Add missing const for seccomp notify action
58798e7 Add Seccomp Notify support
8c363e8 Proposal: runtime should ignore capabilities that cannot be granted
f02cd4a config-linux: mark memory.kernel[TCP] as NOT RECOMMENDED
76f7818 README: Fix broken link for charter
f7ef278 seccomp: allow to override default errno return code
ec964df seccomp: expect error with invalid errnoRet
2978430 config-linux: fix personality link
e9429bb Makefile: Fix golint URL used in go get
8f65443 travis: fix go_import_path
3866eec MAINTAINERS: update vbatts email
2fe0475 Add support for SCMP_ACT_KILL_THREAD
fd895fb Change all references from whitelist to allowed
11bfea2 Fix int64 and uint64 type value ranges
57a316b docs: Added enclave OCI runtime rune to implementations
938cf9f Update seccomp architectures to support RISCV64
d3f079a config.go: make umask a pointer
a02a293 Update State structure to use the new ContainerState type
7571d3d cgroup: add cgroup v2 support
66ad83f Use dedicated type for Container State
89419f0 Add State status constants to spec-go
09fc3b4 Remove superfluous 'an'
0e72101 Add Giuseppe Scrivano as runtime spec maintainer
6042999 Define State for container and runtime namespace
a9f1170 Add seccomp kill process
d759f35 MAINTAINERS: Add @cyphar as maintainer
f9df045 seccomp: fix go-specs for errnoRet
3bfcde2 seccomp: allow to override errno return code
1ac6f8d specs-go: bump master back to -dev
c4ee7d1 specs-go: update version to 1.0.2
ce773cb ChangeLog: changes v1.0.1...v1.0.2
5ef5c78 Makefile: avoid SELinux for making docs
d22e8e0 *: release process is duplicated in RELEASES.md
41c3e47 Review (tianon)
9be9595 Clarify case with pre-configured Intel RDT closID
76c0da2 config-linux: describe more about rootfs mount propagation
353ddcb config-linux: add SHOULD to linux.namespaces.type
37fab77 Fix typo in RELEASES.md
baa7978 remove unneeded indent
a87fe24 Makefile: no DCO with git-validation on travis
bacc285 MAINTAINERS: remove philips
d5bfb2b MAINTAINERS: remove Vishnu
dda13dc PullApprove: No need for 3 DCO checks
12fd09a RELEASE: document how to do the release
c166268 Add create-container, create-runtime and start-container hooks
e6e17ad schema: drop id from umask
fac34e2 schema: fix indentation
03c526b schema: add missing definition for personality
2b844a0 Add support for SCMP_ACT_LOG
66f4ffa Add new seccomp action.
d1ef109 config-linux: support seccomp flags
ff32f02 implementations.md: fix repository for crun
23c4be2 Update meeting info section to point to "org" repo
78ab98c Fix markdown escape in config-linux
5cc25d0 Add Linux personality support
234aa0b config-linux: Add Memory cgroup's use_hierarchy
6b04c63 config: add "umask" field to POSIX "user" section
dba5778 config: Collapse extensibility to a single MUST
574182a schema/defs-linux: change weight type to uint16
ec0fc3d runtime: Clarify ociVersion as based on the state schema
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
||
|
Bruce Ashfield
|
0b5fba47b7 |
criu: update to 3.16.1
The criu-dev branch is not constant/consistent, so we switch to main
for our SRCREV specification.
At the same time, we bump to 3.16.1, which comprises the following
commits:
4a1731891 criu: Version 3.16.1
62b377957 Makefile: add shellcheck test/others/libcriu/*.sh
59d0dfba9 test/libcriu: print logs on fail
53bf82bcf test/libcriu: add test case for join-ns
a8c5efe4c libcriu: define log level constants
5ec2a6aaa libcriu: add join_ns API
f2cdb062a Makefile: install criu-ns only with python3
a15a63fce criu-ns: change python shebang to python3
000ea8266 criu: Version 3.16
8567a0952 ci: Update openj9 container images
0b2a7223b mount: fix double-dump file system bug
bea9580e3 gitignore: add build directory
4db8ef15c podman-test: use crun from git repository
6a15dbdef lib: install images/rpc.pb-c.h
c6b5e7d92 sk-unix: fix prep_unix_sk_cwd root and cwd restoring
f0e968ffe binfmt_misc: restore current work directory after restoring mnt ns
776f3cff7 autofs: restore current work directory after restoring mnt ns
45409c35d mount: use swich_mnt_ns/restore_mnt_ns helpers to simplify code
f79d15c44 binfmt_misc: restore current work directory after restoring mnt ns
eea63587e namespaces: add helpers to switch/restore mnt ns
41f448968 remove tls parameter description if without GnuTLS support
d87922099 kerndat: create separate netns for has_nftables_concat check
aa772bf28 zdtm: fix network lock tests when run with --norst
9838d34de criu: use unique table names for nftables based locking
ca3e3c50b inventory: save network lock method to reuse in restore
cd1570b15 zdtm: add ipv6 variants of net_lock_socket_* tests
212db1d9a zdtm: add nftables per-socket locking test
826d3d740 criu: add nftables connection locking/unlocking
6e59b2bd7 zdtm: add iptables per-socket locking test
c15327656 zdtm: add nftables network namespace locking test
19cc0bfa6 criu: add nftables netns-wide locking/unlocking
f246ca56c criu: rename iptables network locking/unlocking functions
e9d24a2ba cr-check: add check for nftables based network locking
b85fad797 cr-service: add network_lock option to RPC and libcriu
2e30db5c3 criu: add --network-lock option to allow nftables alternative
ef7af1dd1 Run 'make indent' on criu/include/plugin.h
cf2b67375 workflows/lint: show changes
03cdbc4c0 criu/config: fix use-after-free in parse_join_ns
546a6dfd0 configs: fix used after free cases
399a53a43 lsm: do not print a warning if no LSM has been detected
960f26f90 files-reg: do not print a warning if a file has no build_id
90e175d52 zdtm/pthread_timers: make sure glibc allocated SIGEV_THREAD's stack
dd0e66149 ci: fix 'crit.sh: 3: source: not found'
e936a0f8a docker-test: refactor test scenario
78eb0dabf dump: suspend/resume lsm on pre-dump
5dc373385 util: add run_command()
9422383b6 zdtm/apparmor_stacking: don't include optional AppArmor namespace separator
dc4c3cd48 apparmor: actually enable suspend for AppArmor
ea1c89147 lsm: handle SELinux LSM correctly
06b5d2fa8 tests: add a test for apparmor_stacking
8723e3f99 check: add a feature test for apparmor_stacking
8d992a680 lsm: support checkpoint/restore of stacked apparmor profiles
0db135ac4 util: add rm -rf function
6085c37ba lsm: change when LSM profiles are collected
e2a45d786 ci: extend lint run to run 'make indent'
70833bcf2 Run 'make indent' on header files
93dd984ca Run 'make indent' on all C files
1e26f170c criu: introduce clang-format to format source code
cc2317ea4 zdtm: fix indentation in Makefile wait_stop target
d62e747e9 ci: fix Fedora Rawhide
b32c8c6fe posix-timers: fix getoverrun error handling
01fa34f1e ci: use pre-installed Podman
918901439 zdtm/pthread_timers: require ns_pid feature and add non-ns test
e1b1547c8 posix-timers: fallback notify thread id encoding for non-pidns and non-nspid
91d7203b8 proc_parse: make nspid field optional
a692a0d0a kerndat: Check that "/proc/[pid]/status" file has NS{pid, ..} lines
64f0012e4 zdtm: add a test for SIGEV_THREAD timers
7eab5a7dc timers: save tid from a task pid namespace
61e1334ab proc_parse: get a thread ID in a thread pidns from /proc/pid/status
80079fbb0 criu: dump and restore notify_thread_id of posix timer
6be9345fb criu-ns: add support for 'check' action
868bffba4 criu-ns: add top-level conditional execution
f70605ef1 criu-ns: update script name in help message
f472e2590 Documentation: Add man page for criu-ns
8891e51cd make: install criu-ns
4a9bcd884 zdtm: prioritize /lib/* dependencies in some tests
00ca2b519 scripts/build: add a docker file for archlinux
694eafa1f protobuf: remove leading underscores from protobuf structs
efb9fccd4 cgroup: cgroup_contains has to update the mask for cgroupv2
ac27562f0 ci: add msgque test case to crit-recode
7e86519fe lib: fix crit-recode msgque errors in Jenkins
503488597 ci/openj9: run mrproper before make
7ff785e1d zdtm: make --sbs also stop on each pre-dump/snap iteration
07316d15a restore: cleanup cgroup properly in error path
8f2b8c7be scripts: run lint also on criu-ns
bd648cc8d ci: also test tcp stream crit recoding
fa9acb9dc lib: fix broken crit-recode test
0ca36c95e ci: combine cross compile container definitions
2ebb1c741 crit: fix error on memfd files parsing
f57e45df5 cr-service: move pidfd_store initialization to cr-service
f7cd25400 pidfd_store: tidy up interface and hide unneeded details
083f0822e pidfd_store: move pidfd_store to a separate file
d55f34ed7 test/ci: sync netns_lock test and its --post-start hook
b290df9a6 test/jenkins: fix netns_lock test multiple iterations failure
75feb9635 ci: fix mips64el-cross test
f3cb15660 Keep inherit-fd strings alive until task restore
d3ce492cc pycrit: fix the broken of cli the `crit show xxx.img`
093fb0c87 Add test for new --lsm-mount-context option
64dd64e50 Enable changing of mount context on restore
5be71273f Remove unnecessary whitespace
fc7705a13 zdtm: add network namespace locking test
0cf79a360 test: remove exec test
1a197d4d8 criu: add unit testing for config file parser
45bde968a test: add tests for configuration file parsing
f695e6e10 config: make configuration file parser more robust
381d2e88f criu: add cleanup_free attribute
031a8d790 bfd: loop through read()/write() when the action is incomplete
24bc08365 ci: disable some tests on CentOS 7
63ca464bc ci: remove old workarounds
6ef01d3e6 ci: switch CentOS 7 test to Cirrus CI
1fbe87624 ci: disable -x during print_env()
b4c7267b0 zdtm: allow ignore taint via environment variable
a92833818 scripts/vagrant: Use vagrant 2.2.16
eda3ac2ff scripts/vagrant: Use Fedora 34
87ea13f6b add PKG_CONFIG default in a few more places
6db0f95db crtools: improve error handling on signal setting
2967bed64 build: respect $PKG_CONFIG settings
81a68ad3b docker-test: use latest containerd release
638e53c95 zdtm/tun_ns: add per-test dependencies
9d9ec73dd test: skip time namespaced tests on <= 5
e42083aa8 ci: update docker test matrix
ebc74668f cr_options: handle the case where __dest == __src in SET_CHAR_OPTS
d0511319e github: Add templates for new issues and pull requests
3c10d3335 criu(8): document --join-ns option
80ee4f8ae kdat: make uffd_open return errno from syscall separately
a8525c07d ci: no longer avoid overlayfs
2aa4185a6 test/others: refactor loop process
2b78d95e6 test/others: drop '_exit' function
34410b9e7 test: add a test to check that sigtrap handlers are restored
b310fbd31 ksigset: fix a typo in ksigdelset
c1b2d194e mem/pidfd: fix poll retry error checking
1c08709cd zdtm: add pidfd store based pid reuse test
ea0dc7807 zdtm: add --pidfd-store option in RPC mode
e79131e8c criu: add pidfd based pid reuse detection for RPC clients
ba882893c cr-check: add ability to check if pidfd_store feature is supported
e3c9c3429 cr-service: add pidfd_store_sk option to rpc.proto
a9508c986 criu: check if pidfd_getfd syscall is supported
30e8d8cad criu: check if pidfd_open syscall is supported
5d08f975a kerndat: Handle non-root mode when checking uffd
8c303d1a6 test/others/crit: add test for 'x'
e39300109 lib/cli.py: Open explore file as a binary
c8973d426 test/zdtm: check that a penging SIGTRAP handled properly
61c7cc5a9 parasite: don't block SIGTRAP
ed58fb221 test: create new tls certificates
6beeabcd4 zdtm: add sk-unix-dgram-ghost test case
2609e98ee sk-unix: ghost: fix deadlock between peer_fle->stage and fds wake up
655610e09 ci: remove hack for netns-nft zdtm test
ddefbbff1 zdtm: add combined nftables/iptables netns-nft-ipt test
4696e61ed zdtm: skip static/netns-nft test if nftables feature isn't supported
d8821d9a8 net: skip iptables dump if it has nft backend and nft dump is supported
e26949cfe lsm: handle half initialized SELinux setups
e2c352e4f tools.mk: Use Python 3 by default
177e4b4ba mips: remove empty gitignore
22142eedf mips: coding style fixes
99a6a17c2 Allow systemcfg proc file to be dumped
731cafa85 logging: pr_perror() -> pr_msg() when execvp fails in action scripts and others
24bdfa72d net: add a #define for increased compatiblity with old distributions
29c34386b restore: fix error message when fork fails
f10425e05 criu: end pr_(err|warn|msg|info|debug) with \n
96b7178ba Whitespace at EOL cleanup and check
7ea20e8f5 criu: make sure to use pr_perror to show errno
10c619adb test/zdtm: pr_err / pr_perror fixes
dca0eb5b4 test/others/bers: use pr_perror
e326889c0 criu/mount.c: fix \n in pr_debug
2166d4748 scripts: fix shellcheck warnings
5f3631916 Makefile: amend lint with pr_perror/fail checks
4cd23083b test/zdtm: don't pass errno to fail()
12a2bd0ed test/zdtm: don't use %m with fail
b20694835 test/zdtm: don't use \n with fail()
9cbcaaed3 test/zdtm: don't use errno for pr_perror
865a5e951 test/zdtm: don't use pr_perror where errno is unset
d55a65e93 criu: don't use errno for pr_error
f3be776cc Drop \n from pr_perror
5e3b07b95 test/zdtm: check that restore can handle precreated veth devices
f60f24bfb kerndat: check whether IFLA_NEW_IFINDEX is supported
3ca09f5c9 ci: exclude lazy-thp for remote pages over tls
6c77d7226 Makefile: docker-test don't use interactive tty
27b9ed53e Makefile: update excluded tests for docker-test
5d8ecee0a docker-test: use host cgroup & network ns
e3c0fa701 Dockerfile: add missing test dependencies
3074b6d5a Dockerfile: re-build criu after clean
f432186e7 Dockerfile: use 'git clean' before build
264b4a8d2 tiny fix on function dump_empty_fs
cdb0d4270 net: allow restoring of precreated veth devices
e3b694392 scripts/build: drop obsolete ENV1 variable
eb5726c44 images: re-license as Expat license (so-called MIT)
9c18c63d2 ci: enable crit tests in CI
b78c4e071 test: fix crit test and extend it
13e6e6899 lib: also handle extra pipe data correctly
bf9e502c6 lib: print nice error if crit gets wrong input
bf80fee4f lib: correctly handle stdin/stdout (Python 3)
9635d6496 criu: Replace faccessat with fstatat when using AT_SYMLINK_NOFOLLOW flag
96c1351d8 criu: Throw error when parent path is provided but invalid
8dc7ce3e7 cr-service: fix CRIU_REQ_TYPE__FEATURE_CHECK RPC request
b82f222d6 lib: fix crit-recode fix for Python 2
228e510d2 ci: move CentOS 8 based test to Cirrus
069d92e51 Use a real VM instead of a privileged container
90e03b1a1 pstree: don't change sid/gid-s if current sid/gid is the same
248b77367 lib: correctly handle padding of dump images
abe3405b2 lib: fromstring() and tostring() are deprecated
c10aae8f6 criu-ns: Merge comparisons with 'in'
5f59a7cc3 criu-ns: Add unsupported msg for restore-sibling
797422986 criu-ns: Handle restore-detached option
6b375ed75 criu-ns: Pass arguments to run_criu()
55a0557db criu-ns: Close namespace fd before raise
0e024bfce criu-ns: Extract set namespace functions
a80f08c2e criu-ns: Remove unused _umount
6fd59abc8 criu-ns: Use documentation strings
f8556f947 criu-ns: Extract wait for process into a function
a08aa4406 criu-ns: Extract mount new /proc into a function
a0a02c73e criu-ns: Remove space before/after bracket
8f69a58e0 criu-ns: Convert indentation to spaces
f3d071461 ci: run zdtm/transition/pid_reuse with pre-dumps in ci tests
288adfc59 ci: remove ccache setup
2e0107ead ci: run recode tests on more input files
71013465b lib: fix recode errors seen in Jenkins
c84dddf2f ci: remove '-Wl,-z,now' workaround
ed0f4608f lib/cli.py: Open out file as a binary
a433943a7 docker-test: set log file path
046cad8bf docker-test: use containerd v1.5.0-beta.0
25f378083 ci: move Travis CI Docker tests to GitHub Actions
7e6a1a701 pstree: check for pid collision before switching to new sid/gid
bb5bad532 test: move vt test to minor 65 on s390x
c66ca3aa2 zdtm/fpu03: Add .desc file to omit running on !x86
a87c61fe8 Revert "compel: add -ffreestanding to force gcc not to use builtin memcpy, memset"
1bac3a64b s390: Purge stale comment
39b7252c6 fault-injection: Run fpu corruption tests
21e3c5307 compel: Provide compel_set_task_ext_regs()
3613b6f15 compel: Store extended registers set in the thread context
7af06af10 zdtm/fpu03: Add a test to check fpu C/R in a thread
6c879c3c8 zdtm/fpu00: Simplify ifdeffery
e2e8be37f x86/compel/fault-inject: Add a fault-injection for corrupting extended regset
327e14933 namespaces: properly handle errors of snprintf
ffb848e6d x86: Use PTRACE_GET_THREAD_AREA instead of sys_get_thread_area()
72dc32850 ci/compat: Check if tests are 32-bit ELFs
10fe08c37 github/stale: separate labels with commas without following spaces
ff38944b9 ci: fix Fedora rawhide CI failures
79b3893ec plugin: check for plugin path truncation
878223560 sk-unix: check whether a socket name is NULL before printing it
9582a44ce bug: add __builtin_unreachable in BUG_ON_HANDLER
4eb43dc4d test: fix test compilation on rawhide
6f8e67135 zdtm: Add javaTests output to .gitignore
7b3eb03ab test: Reduce verbosity of mvn output
ae143161b javaTests: Add --file-locks option
56d7dbd7c file-lock: Add space in error message
950805bf1 ci: use runc instead of crun for podman tests
719e42fe1 seccomp: initialize seccomp_mode in all cases
2dc65a636 zdtm: add second fifo_upon_unix test
1f2e10771 zdtm: add fifo upon unix socket test case
7c5c81366 sk-unix: rework unix_resolve_name
d0308e5ec sk-unix: make criu respect existing files while restoring ghost unix socket fd
49889baa2 files-reg: rework strip_deleted
129cc7fbc files: Don't forget on stripping deleted postfix on linked files
3a4bffc14 ci: move coverage run to github
6be56e92c test/zdtm: check that locks are not dumped if --file-locks isn't set
7b5e7166e dump: dump has to fail if there is locks and --file-locks isn't set
37c09f890 ci: move compat tests to Github Actions
246c37ad3 README.md: remove unused badges; add a few new badges
fad9f805c README.md: remove trailing whitespaces
67ce4e46c ci: move asan and image streamer test to github
f983a55e6 vdso: fix segmentation fault caused by char pointer array
909ce55d8 Tell podman to use vfs as storage-driver
f4c5937ca ci: move Fedora Rawhide based tests away from Travis
ed7cefe21 ci: factor out Fedora Rawhide CI setup
95c4a8b40 ci: skip bpf tests on vagrant
bb2078f36 ci: upgrade vagrant and Fedora version
da2c83d87 ci: fix syntax error in stale.yml
fc5ba7de7 zdtm: handle a case when a test vma is merged with another one
d74353d77 util: zero the events pointer to avoid its double free
540141c7c namespaces: handle errors of snprintf
b83a1dd95 ci: also use clang for compel-host-bin
baad84efb ci: run aarch64 compile tests on Drone
95df2524c zdtm: cleanup thread-bomb test error handling and printing
50a96e9fa ci: move vagrant test to cirrus ci
f04e8517c workflows/stale: Don't close issue that has labels 'new feature' or 'enhancement'
2721d865f fsnotify: rework redundant code
c4f176b1e mount: adjust log level for mnt_is_dir
3fd3a376f mount: adjust log level for get_clean_mnt
8c53627dd dump: at exit do not call timing_stop if stats are not initialized
c405a0116 coverity: get_service_fd() is passed to a parameter that cannot be negative
6ff51fd8d restore: warning: Value stored to 'ret' is never read
0bb3d8586 memfd: use PROC_SELF instead of getpid in __open_proc
34024dfdc util: move open_proc_self_fd to service_fd
068672f39 servicefd: don't move service fds in case they remain in the same place
5364ca3da compel/test: Fix warn_unused_result
8aba7ae9f compel: Fix missing loff_t in Alpine
cffbeffed ci: Enable compel testing
fbb21b404 compel/test: Add main makefile
ae686848b compel/test: Resolve missing includes
c7544894f dump/ppc64,arm,mips: sanitize the ERESTART_RESTARTBLOCK -> EINTR transition
0cbfba778 github: auto-close stale issues and pull requests
fabd5be38 zdtm: look up iptables in /sbin and /usr/sbin
797f41e8a test/zdtm_ct: Run zdtm.py in the host time namespace
f736b8750 ci: Alpine's busybox based free does not understand -h
d2ed60b60 namespaces: don't set rst on error in switch_ns_by_fd
94fb7c36a ci: move alpine based tests to github actions
a28947bb8 ci: give an overview of the current CI environment
70088b66c ci: add Circle CI definition
a719a2f49 CONTRIBUTING.md: add component prefix to the subject example
adfec67c0 .gitignore: Remove qemu-user-static
82bddc4b2 scripts/Docerfile.centos8: Use 'powertools' repo name
898329b30 x86/asm: fix compile error in bitops.h
371d9c83d others/ns_ext: restore a process out of PID namespaces into the host PID namespace
eb9ed1aaf cr-restore: setup external pidns only for root task
c5064eda1 namespaces: make root_ns_mask more consistent
c629525ca cr-restore: make CLONE_NEWPID flag in clone_flags more consistent
98fbb766d compel/handle-elf: override unexpected precalculated addresses
6a7bb0b9f docs: fix simple typo, clietn -> client
b023f0ab5 vim: remove wrong 8-space tabs indent from python files
2c89954cc zdtm: on fail with no error also print the tail of the log
9bdae79d0 uffd: check for exited task when reading uffd_msg
3b2202151 uffd: cleanup read error handling in handle_uffd_event
8ca4d6e5b cr-restore: Properly inspect status in sigchld_process()
00bd72f32 ci: remove special handling for mips
2d68627dc CI: remove centos7 from Travis
5bb4406e9 ci: use graviton2 for arm64 tests on Travis
fb21643b2 tls: Add logging within send/recv callbacks
b28eb7b2d compel/log: Provide %u specifier parsing
c39ed518f compel/log: Stop parsing at unknown format specifier
b93fe2b2d vdso: Let zero-terminator in vdso_symbol_length
528ce2598 uffd: handle xrealloc() failure
56a70ff99 uffd: fix 'double free detected in tcache 2'
7db0c7c02 ci: add CentOS 8 based CI run
b0676302f ci: switch centos7 to github actions
247523c0c travis: rename centos test to centos7
b6e4dae22 criu-ns: Remove unreachable statement
ebea8f560 ci: fix lazy-pages test selection
20a83e77c ci: 'fix' lazy tests
1ecaee67a namespaces: fix 'Declaring variable "path" without initializer'
097c931ed coverity: img_raw_fd() returns a negative number
04d7b7157 sk-unix: ignore coverity chroot() warning
cfeb9c10f cr-dump: get_service_fd() is passed to a parameter that cannot be negative
ed905a002 util: fix double_close false positive
b47cb0539 dump: Potential leak of memory pointed to by 'si'
def84b8ef coverity: fix parameter_hidden: declaration hides parameter
c98eb0384 restore: Value stored to 'ret' is never read
8e5acdd2d cr-dump: Potential leak of memory pointed to by 'si'
cf4fe1fa1 vdso-compat: let coverity know that the function does not return
cfcc0b14a coverity: ignore CHECKED_RETURN
d0db53297 autofs: Potential leak of memory pointed to by 'token'
9b1921fb7 sk-unix: do not overwrite function parameter
1d403eb18 Use 'is None' instead of '== None'
820525fe8 bfd: remove unused line
a02986804 coredump: remove two unused variables
1543527bf lib/py: remove unused variable
7db0bb69e infect: initialize struct to avoid CLANG_WARNING
ee048e148 lock: disable clang_analyzer for the LOCK_BUG_ON() macro
70c8c12c6 compel: don't mmap parasite as RWX
6edcef740 cr-restore: Wait child & reap zombies if PID=1
4381043a7 criu-ns: Use PID 1 on restore
b2232f7f7 criu-ns: Convert c_char_p strings to bytes object
d16033658 criu-ns: Print usage info when no args provided
26371e56f criu-ns: Convert to python3 style print() syntax
72ca9673d python: Replace xrange with range
2598f64fa crns.py: New attempt to have --unshare option
0d691acba CI: distribute CI jobs between CI systems
e7cbeddff CI: rename 'travis' to 'ci'
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
||
|
Bruce Ashfield
|
77111bf4f9 |
crun: bump to version 1.2
Bumping crun to version 1.2-16-g718b94e, which comprises the following commits:
979f6f0 criu: save the new descriptors after restore
cab3d52 crun: chown std streams
c68c4ce crun.1.md: fix formatting
62e9ba0 test: bump base and ubuntu to 1.16 for containerd tests
07303d8 exec: support --cgroup
9c96ca4 libcrun: allow to specify sub-cgroup for exec
e32af6c cgroup: allow to create missing dirs
baa786c exec: use new function
6d70af2 exec: new function libcrun_container_exec_with_options
97c2eac tests: add userns to sd_notify_proxy test
4f6c8e0 NEWS: tag 1.2
aee580f exec: fix containers being wrongly reported as paused
762269c test/criu: enable external ipc,uts,time namespaces
e334260 criu: Add support for shared ipc,uts,time ns
1353be8 configure: convert indentation to tabs
44bb0b2 artifacts: add libprotobuf-c-dev for protobuf headers
5b341a1 NEWS: tag 1.1
55d293c .github: add libprotobuf-c-dev
2162435 criu: store external descriptors as JSON string
9c7d928 .github: check tests leave the working dir clean
d99bb51 .github: report make check failures
0d64e1d linux: fix fix-test-mount-symlink-not-existing test
7260dc8 tests: fix number of tests
b0d64b6 tests: skip caps tests if rootless
a538e4e tests: disable exec_additional_gids when rootless
b055575 criu: fix save of external descriptors
c0f5460 criu: use has_prefix instead of strncmp
0fa5a11 criu: use write_file instead of open+write
1604c54 criu: drop \n from error messages
a967d78 criu: fix fd leak
f624c93 tests: disable unrelated failing Podman tests
ee35311 utils: add new function safe_readlinkat
ef24f0c README.md: ./configure.sh → ./configure
3e82d10 tests: add test for c/r with ext namespace
2257680 tests_utils: drop unused variable
f41c979 tests: drop unused imports
be18607 criu: Add support for external PID namespace
4810ac6 exec: refuse paused container/cgroup
7d35659 cgroup: drop cgroup_mode arg from libcrun_cgroup_is_container_paused
44377aa container: Set primary process to 1 via LISTEN_PID by default if user configuration is missing
bc0b3d1 utils: retry openat2 on EAGAIN
8a70bcd cgroup: use cgroup.kill if available
c819e9c tests: update Podman to 3.3.0
74543d3 linux: silence two false positives reported by lgtm
c1798ad status: check for owner before using it
5399935 utils: NUL terminate readlinkat buffer
2557c81 NEWS: tag 1.0
dad6ef2 crun.1: regenerate
2199d10 tests: update containerd version
We also bump the oci/image/runtime spec SRCREVs to ensure that we have
all the source dependencies up to date.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
||
|
Bruce Ashfield
|
21fc48f10e |
crun: fix offline builds
The 'autogen.sh' script of crun was fetching dependencies that we already have in our SRC_URI. We want the OE git fetcher to manage the source, not scripts in the source of a package. We grab the two lines out of autogen.sh that we need, and use them directly in the configure_prepend. We also add yajl to the source code dependencies as the package DEPENDS is not enough as crun is explicitly building source that looks for the yajl code. Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> |
||
|
Bruce Ashfield
|
b2299d3900 |
podman: check for ipv6 in DISTRO_FEATURES
When setting up networking, podman is looking for the ipv6tables executable. We have iptables in our rdepnds, but the ipv6 variant won't be available unless ipv6 is in DISTRO_FEATURES. We can use our distro feature check to detect the issue and alert the developer. Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> |
||
|
Bruce Ashfield
|
83cf286391 |
k3s: update to v1.22.x
Bumping k3s to version v1.22.2+k3s2-4-g737f722315, which comprises the following commits:
737f722315 set transport to skip verify if se skip flag passed (#4102) (#4103)
dd4b36e034 Add "etcd-" prefix to etcd-snapshot commands as aliases (#4161) (#4170)
cedcece9cc Dual-stack support LB controller
3f5774b41e Bump containerd to v1.5.7+k3s1
bdd597fb9e Don't evacuate the root cgroup when rootless
6d282b26c2 Skip tests that violate version skew policy
a09bcba540 Properly handle operation as init process
44013ae899 Enable the inheritance of settings for ipv6
10bca343e8 Update build images to python3 for compat with recent gsutil change
28be0de4e8 Revert "Use the newer klipper-lb image"
64b502e92c Disable automounting service account token in servicelb pods
7826407a2e Make sure there are no duplicates in etcd member list (#4025)
1d21491094 Use the newer klipper-lb image
753e11ee3c Enable JobTrackingWithFinalizers FeatureGate
dccee4e87b Fix regression from commit 137e80cd865efe51aa3ef0323fd6b0a014b7b9de
7a36c3f7f2 Bump golang version
77dfdda909 Update Kubernetes to v1.22.2-k3s1
eda65b19d9 Remove expiremental from cluster commands (#4024)
debb508643 Nvidia container runtime discovery in containerd config template (#3890)
086ca8ba6a Fix premature etcd shutdown when joining an existing cluster
85e11c47d1 Add StargzSupported stub for Windows
e732517712 Retrieve "CONTAINERD_" environment variables
acf9036b63 No-op when etcd member was already removed and use existing name for etcd controller (#4014)
9fcd79baae Add tests to the dual-stack PR and enable dual-stack with flannel backend
681058bb40 Add dual-stack support
5e0fae914f Bump helm-controller and klipper-helm image version
b72306ce3d Return the error since it just gets logged and retried anyways
5986898419 Use SubjectAccessReview to validate CCM RBAC
dc556cbb72 Set controller authn/authz kubeconfigs
199424b608 Pass context into all Executor functions
137e80cd86 Handle cgroup v1/2/hybrid in check-config.sh more explicitly/accurately
928b8531c3 [master] Add `etcd-member-management` controller to K3s (#4001)
699ea16523 go mod tidy
57377d2cd4 Minor cleanup on cribbed function
3449d5b9f9 Wait for apiserver readyz instead of healthz
3d27804c77 Anything not EL7 is EL8
b4d8c641c6 Add exposed metrics listener instead of replacing loopback listener
29c8b238e5 Replace klog with non-exiting fork
90960ebf4e SupportPodPidsLimit is locked to true of 1.20, making pids cgroup support mandatory
741ba95b04 Migrate sqlite data to etcd when initializing the cluster
a1ec43e0b7 feat: add option to disable s3 over https
8b857eef9c Ship Stargz Snapshotter (#2936)
cf12a13175 Add missing node name entry to apiserver SAN list
74196acaea added raspberry installation hint (#2379)
fdaa0c4210 Update maintainers to reflect team changes
b8add39b07 Bump kine for metrics/tls changes
ad1a40a96c Small updates to CONTRIBUTING (#3734)
933052a02c Fix condition for adding kubernetes endpoints (#3941)
4d6ddfea51 Bump stable to v1.21.4+k3s1
60297a1bbe Creation of K3s integration test Sonobuoy plugin (#3931)
84155ee313 Make consistent use of os-release vars
2a68c7c8a4 Fix issue where addon checksum was never stored
736c262612 Move cniplugins version to 0.9.1
96dcef478a Add functions to separate ipv4 from ipv6 functions
a9fce84ab6 github actions: enable workflow_dispatch (#3923)
114b30277f Redux: Enable K3s integration test to run on existing cluster (#3905)
f94d8d76a8 Check /etc/os-release exists before sourcing it
51b7451709 install.sh: Inform user of current k3s+SELinux support status for SUSE/openSUSE systems
331c6fed71 Remove runtime V1 (`containerd-shim`)
c23e63aeea Update RootlessKit to v0.14.5 (#3902)
176451f4ea Fix rootless regression in 1.22 (Set KubeletInUserNamespace gate) (#3901)
66dacc6ee0 Revert "Enable K3s integration test to run on existing cluster (#3892)" (#3899)
703b5af950 Enable K3s integration test to run on existing cluster (#3892)
58315fe135 Set osImage for docker image
156bae2940 Fix PREVIOUS_CHANNEL lookup when current minor release is not stable
e95b75409a Fix lint failures
a5355f0827 Replace dropped v1beta1 APIs with v1
dc14f370c4 Update wrangler to v0.8.5
c434db7cc6 Wrap errors in runControllers for additional context
422d266da2 Disable deprecated insecure port
641ab26fde Update containerd to 1.5
16616c6b90 Update grpc
54a7c860c7 Update kine for etcd v3.5 compat
92b651e548 update golangci config to sync with RKE2
4ebd6009ea Bump gopls and golangci-lint
872855015c Update etcd to v3.5.0
e204d863a5 Update Kubernetes to v1.22.1
ed5991f13b K3s Flock Integration Test (#3887)
e322924781 Reset load balancer state during restoraion (#3877)
a55921b33d Add missing labels to stalebot config
8e90c56f5c Update Kubernetes to v1.21.4-k3s1
544cf406aa Bump containerd to v1.4.9-k3s1
a1097984c0 Bump helm-controller to work around tiller crashes
b23955e835 Fix URL pruning when joining an etcd member (#3832)
e87204c064 Added new testing documentation (#3823)
a1e36153f9 Added locking system for integration tests (#3820)
ae909c73e5 Updated the code to use GetNetworkByName and tweaked logic.
4cc781b5e3 Moved testing utils into tests directory. Improved gotests template. (#3805)
dcf0657b20 account for an s3 folder when listing objects (#3807)
b4eca61aeb Prevent snapshot commands from creating empty snapshot directory (#3783)
3b01157a3a Use New Image Names (#3749)
bc96ffb5f3 Fix Node stuck at deletion (#3771)
338f9cae3f Bump helm-controller to v0.10.2
80a15bebc0 install.sh: Use built-in shell functionality instead of awk
dfd4e42e57 Wrap context with lease before importing images
2069cdf4ee Fix initial start of etcd only nodes (#3748)
429af17e4d update rancher/local-path-provisioner to v0.0.20
56109f96b3 Update MAINTAINERS (#3744)
5ab3590d9b Improve config retrieval messages
869b98bc4c Sync DisableKubeProxy into control struct
4f03532f47 Add nightly automation tests
09457a57d5 Add in stalebot config, starting with 6mo old stale issues. (#3739)
b1b5f72dc3 Notify systemd for etcd only node (#3732)
7704fb6ee5 Exporting the AddFeatureGate function and adding a unit test for it. (#3661)
fc19b805d5 Added logic to strip any existing hyphens before processing the args. (#3662)
a1d7a62493 Fix to allow non-root users access to storage volumes. (#3714)
90445bd581 Wait until server is ready before configuring kube-proxy (#3716)
21c8a33647 Introduction of Integration Tests (#3695)
f99b1c8798 add gotests templates (#3709)
71e1f1df8c Ignore markdown files for github actions (#3676)
1f6806d940 Update 1.21 stable version
20a48734c2 more fixes
7ebcc4b134 more fixes
b4401296ec replace error with warn in delete
2f82bfcf67 fix warning msg
b377839148 migrate old token key format
997ed7b9b4 simplifying the code
ad17292fa8 migrate empty string key properly
a65e5b6466 Fix multiple bootstrap keys found
37fcb61f5e move go routines for api server ready beneath wait group
c5832c1128 Bump Kubernetes to v1.21.3
b352d73511 Bump containerd to v1.4.8-k3s1
18bc98f60c adding startup hooks args to access to Disables and Skips (#3674)
dcabe14edd Update .github/ISSUE_TEMPLATE/feature_request.md
8840c937e6 Update .github/ISSUE_TEMPLATE/bug_report.md
bba49ea447 Fix to allow prune to correctly cleanup custom named snapshots (#3649)
f6be76b4f7 Add checkbox to denote backporting required on issue templates
aef8a6aafd Adding support for waitgroup to the Startuphooks (#3654)
ad28d18b19 Bump helm-controller to v0.10.1 (#3644)
d96fa8f727 Add issue template for creating release checklist issues (#3604)
a939decf01 fix a runtime core panic (#3627)
55fe4ff5b0 Convert existing unit tests to standard layout (#3621)
fbc41ed753 Upgrade k3s-root version
238dc2086e prevent snapshot save when snapshots are disabled (#3475)
a4c992ce52 🐳 burp to inetaf/tcpproxy
dd8398dc76 Bump the packaged runc binary version
ada145641c Update etcd snapshot error message to be more informative when etcd database is not found (#3568)
a62d143936 Fixing various bugs related to windows.
e1cd9438ad Update ROADMAP.md
81b006c938 Dispatch to rancher/system-agent-installer-k3s when tagged (#3589)
73df2d806b Update embedded kube-router (#3557)
77fcf2dfc5 missing build tag for windows
18367e12d0 Set ulimits in docker-compose.yml
8faa70dced Update to v1.21.2
6b3285b7e3 Fix coverage reporting to include all packages, not just those with tests
c833183517 Add unit tests for pkg/etcd (#3549)
cbfe673c43 Fix spelling to satisfy codespell check
cbacd7107e Allow passing targeted environment variables to containerd
4a6e87e5a2 Add user-facing change section to PR template
a5cff7e143 (docs) Update README.md
f5fbb9a9a8 Export cli server flags and etcd restoration functions (#3527)
246b378a27 Bump kine to resolve race condition and unrevisioned delete
3e1693bc97 Changes local storage pods to have 700 permissions (#3537)
7242ce9316 Redux: Add Unit Test Coverage to CI (#3524)
04398a2582 Move cloud-controller-manager into an embedded executor (#3525)
f3d0a857d2 Bump stable version to v1.21.2+k3s1 (#3526)
a84c75af62 Adds a command-line flag '--disable-helm-controller' that will disable the server's built-in helm controller.
cf55712767 Revert "Add Unit Test Coverage to CI (#3494)" (#3499)
216b3beaef Add Unit Test Coverage to CI (#3494)
82394d7d36 Basic windows agent that will join a cluster without CNI.
136dddca11 Fix storing bootstrap data with empty token string (#3422)
a629db023c Fail to start k3s if nm-cloud-setup is enabled
4b2ab8b515 Renamed client-cloud-controller crt and key (#3470)
ef23c6c548 Redux: Change containerd image leases from context lifespan to permanent (#3464)
b74c499709 Revert "Change containerd image leases from 24h to permanent (#3452)" (#3461)
86b3ba8dba Change containerd image leases from 24h to permanent (#3452)
88f95ec409 Send systemd notifications for both server and agent (#3430)
a7d1159ba6 Emit events for AddOn lifecycle
ea2cd6d727 Add comments, clean up imports and function names
6e48ca9b53 Tidy up function calls with many args
6ef000091a Add nodename to UA string for deploy controller
2afa3dbe1c Changed iptables version check for fail if version is between 1.8.0 and 1.8.3 and using nf_tables mode (#3425)
f6cec4e75d Add kubernetes.default.svc to serving certs
243fd14cf1 Change Replace with ReplaceAll function
afd506a595 fix possible race where bootstrap data might not save
2682183773 add log message indicating etcd snapshots are disabled
664a98919b Fix RBAC cloud-controller-manager name 3308 (#3388)
5e0527f304 cgroup2 CI: add rootless
daf527ccaf k3s-rootless.service: use fuse-overlayfs snapshotter
1576030d6b Add a path for wireguard's privatekey
7345ac35ae Initial windows support for agent (#3375)
3abe7c7cef Bump stable version to v1.21.1+k3s1 and add v1.21 channel
d415e41337 Update flannel version
cb25835d84 containerd: v1.4.4-k3s2
79cf4a7c83 Bump channel stable version to v1.20.7+k3s1
25c2888d28 Fix shell expansion and file permission issues install.sh
f11cbc5a8e runc: v1.0.0-rc95 (#3348)
ecbf17e2ed move object channel defer close to goroutine
254b52077e add retention default and wire in s3 prune
7e175e8ad4 Handle conntrack-related sysctls in supervisor agent setup
c824c3bcc1 Add support for multiple env files for systemd unit
e8ecc00fc8 add etcd snapshot save subcommand
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
||
|
Bruce Ashfield
|
4ab1f0527b |
k3s: update to v1.21.5
Bumping k3s to version v1.21.5+k3s2-2-gaa5a0a8c78, which comprises the following commits:
aa5a0a8c78 set transport to skip verify if se skip flag passed (#4102) (#4104)
3ee5098225 Add "etcd-" prefix to etcd-snapshot commands as aliases (#4161) (#4171)
724ef700ba Bump containerd to v1.4.11+k3s1
69a9f46bce Don't evacuate the root cgroup when rootless
0af55a830a Skip tests that violate version skew policy
9e66f975d5 Fix PREVIOUS_CHANNEL lookup when current minor release is not stable
38ddda587a Properly handle operation as init process
15f3a2ebfb Enable the inheritance of settings for ipv6
273827d4ba Update build images to python3 for compat with recent gsutil change
8c2f7ac41c Remove experimental from cluster commands
acad8ef840 [release-1.21] Update Kubernetes to v1.21.5 (#4032)
6acee2e2f5 No-op when etcd member was already removed and use existing name for etcd controller (#4015)
863512e055 Initial leader elected etcd member management controller (#4010)
37caf87d6d Add exposed metrics listener instead of replacing loopback listener
a8a6edfb0d Add missing node name entry to apiserver SAN list
659307d327 Fix condition for adding kubernetes endpoints (#3941) (#3946)
7cf85c235a Fix issue where addon checksum was never stored
656c190629 Reset load balancer state during restoraion (#3878)
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
||
|
Bruce Ashfield
|
45e5f2e821 |
kubernetes: introduce devupstream variant
Introduce a devupstream variant of k8s, so we can track development while also packaging the latest released versions. We set the SRECREV to 1.23.x as it was previously, and before the go version dependency bumps to above where OE core is currently providing. We move the patches to a :append, so they can apply to both the released and devupstream versions. Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> |