meta-virtualization

mirror of git://git.yoctoproject.org/meta-virtualization.git synced 2025-12-13 21:55:23 +01:00

Author	SHA1	Message	Date
Bruce Ashfield	34e36ce8b6	containerd: update to v2.2.0-beta.1 Bumping containerd to version v2.2.0-beta.1-12-ga7e49900a, which comprises the following commits: a4ddfd7eb build(deps): bump the golang-x group with 2 updates c740c57b4 build(deps): bump github/codeql-action from 3.30.6 to 4.30.8 6316ab81d build(deps): bump softprops/action-gh-release from 2.3.4 to 2.4.1 ed2e81a78 bugfix:sync parent dir to ensure blob entry is reliably stored bfd6c52b4 Defer removal of deprecated registry config fields to 2.3 71f5d16aa bugfix:fix container logs lost because io close too quickly c039f5349 ci: bump Go 1.24.8 773bfa0ea Use tartest to simplify generating a tar 6a3b10fe7 Add a test for the erofs differ using tar index mode 42f2784ca Update go.mod to use api/v1.10.0-beta.1 8922d84e5 build(deps): bump google.golang.org/grpc from 1.75.1 to 1.76.0 36c22f45c Update referrers fallback logic to always have a fallback 0f3c5484f Fix gha api release file path f6b3b8cbe build(deps): bump ossf/scorecard-action from 2.4.2 to 2.4.3 7a7d7a996 build(deps): bump github/codeql-action from 3.30.5 to 3.30.6 669c3047a build(deps): bump softprops/action-gh-release from 2.3.3 to 2.3.4 ba606fe14 build(deps): bump actions/stale from 10.0.0 to 10.1.0 15d5fa725 build(deps): bump google.golang.org/protobuf from 1.36.9 to 1.36.10 60fb4adb0 1.6 is EOL aa571f63c Prepare release notes for api/v1.10.0-beta.0 83a946dca Add missing implicit dependency to podsandbox controller c69f443ba Update sandbox controllers service implicit dependency 637429a25 Update logging for sandbox controller service f0aeb9037 Add sandbox controller create call to client a338d8b2f Fix sandbox client shutdown to ignore not found errors 54ba402a2 Add default sandboxer to client c7b3114eb Update mount manager code documentation f3af360f6 Update runtime to read allowed custom mounts from runtime 2189d3d6c build(deps): bump docker/login-action from 3.5.0 to 3.6.0 cfb1b653d build(deps): bump actions/cache from 4.2.4 to 4.3.0 94e6bcea5 Add support for allowing custom types through mount manager efc995011 Add runtimes option to task manager dd9c43150 Add option to allow formatted mounts 9c21e867e Handle flaky case for loop autoclear f7b77e649 Update mount manager cleanup logic 069cbfe8f Use mount manager for temp mounts 93070961b Update snapshotter tests to use mount manager fa327566b Fix mount manager deactivate errors 9c0cc4a42 Add mount manager format test 61b8426ae Add mount manager documentation 67f0970a5 Add mount activation integration test 39f128b99 fix invalid deactivate error 76a877bb5 Add mount activation support to task service 5b4de2c34 Add implementation of list and get mount activation 184fae60f Add backreference support to mount manager 9794addce Add mount formatting test d8e5cdd76 Fix gc cleanup and add unit tests for gc 49634889f Update ctr image mounts to use mount manager 62062902f Add support for mount manager to ctr snapshots mount 563b28154 Add mount manager to client c8e7674cc Add temporary mount support to manager aba772012 Add debug logs to mount service calls d23e635a5 Fix mount manager plugin when no handlers provided 75ed5e003 Fix mount manager gc 8db301086 Add mounts api service 67fbf9db9 Generate and vendor proto changes c5097ac63 Add mount manager to protobuf services and types 4d34b01ce Add loopback and overlay mount manager tests 0e88cde87 build(deps): bump github/codeql-action from 3.30.3 to 3.30.5 5a00693e7 Fix integ-test: looking for sleep inf as longCommand 739821fc5 pkg/display: use platforms.Format for platform display 748cd9f03 Prevent goroutine hangs during ProgressTracker shutdown 54325eedc Fix typos introduced on PR 12323 a7537cb8a Add referrers to default registries b668614b5 Add referrers to host config c1b1297c6 Update capabilities for referrers 09b4ac136 Add referrers fetcher to remotes 9ca659a53 Add conf.d include in the default config de20021f5 Make E2E workflow a required check cbfb535ad Add a comment to explain why apt-get install erofs-utils can't be used 3df2b5d98 TestErofs/Rename fails with EROFS snapshotter c1bf79e7a Build and install erofs-utils from source and modprobe erofs 35f94ef70 vendor: opencontainers/runtime-tools v0.9.1-0.20250523060157-0ea5ed0382a2 33e6b79fc Fix device mapper suspend/resume flakyness 5be6c0309 build(deps): bump azure/CLI from 2.1.0 to 2.2.0 7e74801b7 Move wintls as internal pkg d2adfd820 Add support to retrieve certificate and key from windows cert store 6243cf562 Add mount manager tests f4b7b9344 Improve formatting and support for deactivate 55ff11737 Add loopback mount handler ed03f3a71 Add mount manager plugin and types 78ca11c1c Add mount garbage collection resource c71598622 Add mount manager interface to mount package 1809f3ef1 Update metadata gc to run context finishes in parallel 37cec6800 Move transaction context to boltutil 09644bd13 [github-action] release - Empty allowedSignersFile 635907e63 Ensure errContentRangeIgnored error when range-get request is ignored by registry 010ad4c06 build(deps): bump google.golang.org/protobuf from 1.36.8 to 1.36.9 8112ca64f cri: remove copying of message structs 9d351805b go.mod: Bump up k8s.io to 0.34.1 517ca7566 build(deps): bump google.golang.org/grpc from 1.75.0 to 1.75.1 e009b98ce build(deps): bump github/codeql-action from 3.30.1 to 3.30.3 84aa20676 docs: Update 1.7 LTS support timeline cfe20b588 add k8s 1.34 support matrix 479cf42ca Add extraction progress to transfer service 09e531b88 Add progress to apply options a85610d52 Prepare release notes for v2.2.0-beta.0 dba7f8fbe Update releases doc to show v2.2 has started beta da2a8b34e build(deps): bump softprops/action-gh-release from 2.3.2 to 2.3.3 6f92111a9 build(deps): bump actions/stale from 9.1.0 to 10.0.0 52c310c98 build(deps): bump actions/github-script from 7.0.1 to 8.0.0 39a38dd60 build(deps): bump google-github-actions/upload-cloud-storage 284716350 build(deps): bump github/codeql-action from 3.30.0 to 3.30.1 d4fd22ce7 build(deps): bump github.com/prometheus/client_golang b2866150a build(deps): bump the golang-x group with 3 updates 65badbef4 Resolve `staticcheck` complaints on FreeBSD f45716efe Clean up issues cited by `usetesting` package with golangci 53d78b68d runc:Update runc binary to v1.3.1 c77b70852 pkg/cio: Close(): use errors.Join to return all errors bfbb18ca8 build(deps): bump github.com/containernetworking/plugins 1fac82f0e build(deps): bump github.com/checkpoint-restore/checkpointctl 6374ac511 build(deps): bump actions/attest-build-provenance from 2.4.0 to 3.0.0 23c51c25b build(deps): bump github/codeql-action from 3.29.11 to 3.30.0 b56804da7 build(deps): bump google-github-actions/auth from 2.1.12 to 3.0.0 683cd7d60 gc:make sure lastCollection is not nil bcecb979a build(deps): bump lycheeverse/lychee-action from 2.5.0 to 2.6.1 fb28794f4 Update Go requirements in BUILDING 591a769a6 build(deps): bump google.golang.org/protobuf from 1.36.7 to 1.36.8 f4238238f build(deps): bump github.com/stretchr/testify from 1.10.0 to 1.11.0 fd1a7a102 build(deps): bump google.golang.org/grpc from 1.74.2 to 1.75.0 8ebe57e2e build(deps): bump github.com/coreos/go-systemd/v22 from 22.5.0 to 22.6.0 cc2a52ca8 Update pkg/oci to use FS interface 6fa776811 docs: remove shutdown adopter D2iQ Konvoy 56cde7d2c add SystemdCgroup to default runtime options 363e02310 install-runhcs-shim: fetch target commit instead of tags 77905cf6f build(deps): bump go.etcd.io/bbolt from 1.4.2 to 1.4.3 fe4ec31bc build(deps): bump github/codeql-action from 3.29.10 to 3.29.11 f0ee598ff integration: Add test for directives with userns 41953f7ac cri: Fix userns with Dockerfile VOLUME mounts that need copy 48f5d4255 script/test: clean up generated NRI test configuration. ad207c1ce docs: update docs for NRI v0.10.0. 37b12bf5e Add documentation for cgroup_writable field b7a401f1d cri: warn about deprecated v0.1.0-style NRI plugins. cb9fda2e7 nri: add configuration for the default validator. fa820a5d0 go.{mod,sum}: update NRI to v0.10.0. 3dbb9695a build(deps): bump github/codeql-action from 3.29.7 to 3.29.10 da3dc1ef6 core/mount: Retry unmounting idmapped directories 27ba690a1 core/mount: Test cleanup of DoPrepareIDMappedOverlay() dd7fe0b76 core/mount: Properly cleanup on doPrepareIDMappedOverlay errors cb56df4fb build(deps): bump the k8s group with 3 updates d449d94d2 build(deps): bump github.com/emicklei/go-restful/v3 b595e0173 Update hcsshim to v0.14.0-rc.1 in preparation for containerd/2.2 7a19c94d6 core/mount: Don't call nil function on errors dc38aaf6c ci:fix TestSandboxRemoveWithoutIPLeakage failed 6dcbdcfb3 ci: add Go 1.25.0 93c034c80 build(deps): bump actions/cache from 4.2.3 to 4.2.4 f77717f50 build(deps): bump lycheeverse/lychee-action from 2.4.1 to 2.5.0 a2d30ba30 build(deps): bump google.golang.org/protobuf from 1.36.6 to 1.36.7 6e9b6eada core/mount: Only idmap once per overlayfs, not per layer 6ce7f6d87 pkg/sys: check SupportsPidFD first c7f19d104 build(deps): bump the golang-x group with 2 updates 8d275704a build(deps): bump actions/checkout from 4.2.2 to 5.0.0 e3b2bcead build(deps): bump actions/download-artifact from 4.3.0 to 5.0.0 5bd22a3e9 build(deps): bump github.com/containerd/go-cni from 1.1.12 to 1.1.13 bd9e577c2 Fix ctr snapshot mount produce invalid mount command for empty option db31fbc5a ci: bump Go 1.24.6 45e02e1dc sys: fix pidfd leak in UnshareAfterEnterUserns 7340a7a28 fix: create bootstrap.json with 0644 permission 2b48e3cb9 build(deps): bump docker/login-action from 3.4.0 to 3.5.0 398d42313 build(deps): bump github.com/prometheus/client_golang aeace7daa build(deps): bump google-github-actions/auth from 2.1.11 to 2.1.12 009625290 Block CIM snapshotter & differ 63c9cfcc1 fix typo: collecter -> collector 3653c911b Update mailmap for austinvazquez 55fd29789 build(deps): bump github/codeql-action from 3.29.2 to 3.29.4 6e0579453 build(deps): bump google-github-actions/upload-cloud-storage 22a88c1ac build(deps): bump the k8s group with 3 updates 83deebdd5 build(deps): bump google-github-actions/auth from 2.1.10 to 2.1.11 a38708cc9 build(deps): bump google.golang.org/grpc from 1.73.0 to 1.74.2 68a55252f refactor: use the built-in max/min to simplify the code b70b43f6b time to upgrade to 1.33 cri-tools 4f95737e1 Remove Alpha gate from k8s e2e runs 46325f114 Update 1.6 timeline to add an extended period ed174c914 cmd/ctr: rename vars that shadowed builtin 4420b5a49 Ensure fetcher always closes body and properly calls release 1b821ca04 fix(dockerFetcher): resolve deadlock issue in dockerFetcher open 118a84147 ci: update crun to 1.22 c5ad254a3 ci: bump Go 1.24.5 0eaa09e35 Make signal notifications work on Windows 636d29832 build(deps): bump the golang-x group with 3 updates dbb44287f Plumb windows CPU affinity values to runtime spec 12daca5f6 Fix intermittent test failures on Windows CIs 117179ae1 Remove WS2025 from CIs due to regression 222b2d3e7 update pause image to pause:3.10.1 e96ebc008 erofs-snapshotter: make IMMUTABLE_FL optional f75323f89 nri: enable otel traces in NRI. b641933cf erofs snapshotter: Add tar index mode 62bbdce7f update go-md2man binary to v2.0.7 fd464031d build(deps): bump github.com/tchap/go-patricia/v2 from 2.3.2 to 2.3.3 e0d733c87 blockfile: Ensure required options are always set aed961a6f Remove additional fuzzers from CI 24ea5f23f build(deps): bump golangci/golangci-lint-action from 6.5.2 to 8.0.0 a0ed14fd4 erofs-differ: fix filesystem UUID for tar-converted layers b92e8b544 Add GitHub Action for k8s node e2e tests eb63b5b4d Amend runtime handler test for stable order c6ae08193 CRI: Stable sort for RuntimeHandlers f51a2fbfd Test showing RuntimeHandlers in Status() are unordered cc913cac6 build(deps): bump github/codeql-action from 3.29.0 to 3.29.2 40f3b74af build(deps): bump go.etcd.io/bbolt from 1.4.1 to 1.4.2 587c0757b build(deps): bump github.com/intel/goresctrl from 0.8.0 to 0.9.0 35cbd7349 Fix port forward error logger to not cause concurrent write 7a46fe7e6 Correct Commit Memory Aggregation for Windows Containers a4aebea4b build(deps): bump github.com/containerd/console from 1.0.4 to 1.0.5 100b78711 build(deps): bump google.golang.org/grpc from 1.72.2 to 1.73.0 621d661be Add coverage support for CRI integration tests bf1c47f5e core/runtime/v2: shimManager.cleanupWorkDirs ignore non-existing path d553c4014 Update GHA runners to use latest image for most jobs 610f29914 Update garbage collection docs 6537a61d0 Add back reference test for collectible resources df87a8f71 Add support for backreferences in gc 8ecd6b6fa Update gc tests to make digests easier to identify cf7f4f5cc restore: skip pull for existing base image b671a9721 ctr:add sandbox info command to print sandbox info b95265124 build(deps): bump docker/setup-buildx-action from 3.11.0 to 3.11.1 9f9ce00aa build(deps): bump the k8s group across 1 directory with 3 updates a79e79141 ci:fix ci TestContainerExecLargeOutputWithTTY panic 97bbc1f73 Remove unused Windows 2019 powershell scripts cb53f381e fix when multipart fetching and the server does not return content length d3516916a Fix fetch always adding range to requests aea4e685e build(deps): bump github.com/urfave/cli/v2 from 2.27.6 to 2.27.7 ed7746656 ci: bump golangci from 6.5.2 to 7.0.0 37147b13a Disable ST1003: struct field Uid should be UID (staticcheck) 19a713061 Disable QF1003: could use tagged switch on base (staticcheck) 03a44a2d7 fix: Used nolint to ignore the static checks 4ba81d429 fix: ST1001: should not use dot imports (staticcheck) b52997372 fix: ST1019: removed the duplicate imports 403f86ecc fix: QF1012: Use of fmt.Fprintln(...) d93d18c85 fix: QF1001: could apply De Morgan's law (staticcheck) b3eec6d8e fix: ST1005: error strings should not end with punctuation or newlines 1ff590004 fix: QF1004: strings.ReplaceAll instead (staticcheck) 56516173d fix: QF1002: could use tagged switch on host (staticcheck) 0df6d1e6b build(deps): bump docker/setup-buildx-action from 3.10.0 to 3.11.0 4593023f1 build(deps): bump github.com/grpc-ecosystem/go-grpc-middleware/providers/prometheus 1f288492c build(deps): bump actions/attest-build-provenance from 2.3.0 to 2.4.0 0779c0a6d build(deps): bump softprops/action-gh-release from 2.2.2 to 2.3.2 9b7f24610 build(deps): bump github/codeql-action from 3.28.18 to 3.29.0 b7bda5d6e build(deps): bump go.etcd.io/bbolt from 1.4.0 to 1.4.1 7c97cd331 build(deps): bump the golang-x group with 2 updates e6708bddf bugfix:close container io when runtime create failed 4bf1705a8 Implement io.ReaderAt on docker fetch reader 734d52c39 chore: remove specific go version code 04ce9f884 feat: preserve nsPath on mount failure to ensure cleanup af068ff86 Update fetcher errors to include full registry error 6e1f0203e Register remote errors for clients to access registry errors 697d77676 Decode grpc errors in the transfer client proxy 9de26f315 [e2e] add case for shim wait interface 49664dab5 Add context in Process Wait interface 415df3892 ci: bump Go 1.24.4 in CI 2f1948a50 Enable CIs to run on WS2022 and WS2025 8de612020 pkg/oci: don't use var for WithPrivileged cf667aa7e pkg/oci: add basic test for WithParentCgroupDevices d72c21450 pkg/oci: don't use vars for WithAllKnownCapabilities, WithAllCurrentCapabilities ac3c3ad5d pkg/oci: cleanup some tests 4de598d94 pkg/oci: remove compatibility code for go1.16 and older 17c632e78 pkg/oci: fix minor linting issues cff8184ff support image volume sub path a8658a708 erofs-snapshotter: fix to work with wrapped errors 4f7c69ae6 Update differ selection in transfer service to prefer default 21f0595b9 Add debug log when transfer returns not implemented d9bb00578 Add more error details when unpack fails to extract 4dd2cd92c build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 48cec3659 Update transfer supported platforms logic 1ac97c2c1 *: properly shutdown non-groupable shims to prevent resource leaks 128229975 Enable DuplicationSuppressor in transfer service 00edba6aa Remove internal interface from unpacker interface 77562a8e4 fix import for local transfer service a93c8d3cd build(deps): bump google.golang.org/grpc from 1.72.0 to 1.72.2 4a2c40223 build(deps): bump lycheeverse/lychee-action from 2.4.0 to 2.4.1 ee85517b1 docs: fix v2.1.0 release link e57b9f751 dep: bump up k8s.io/cri-api to 0.33.0 a4dd2b8f2 go.mod: bump up go to 1.24.3 b9a29bdb9 ci: bump up go to 1.24.3 811d04422 shim-v2:improve shim error message 6e17198f0 Add descriptor to transfer pull image events 213337ce4 Fetch image with default platform only in TestExportAndImportMultiLayer aa9c17c69 Add symlink breakout test for overriden path 78e838c34 build(deps): bump github/codeql-action from 3.28.17 to 3.28.18 b98b99836 build(deps): bump github.com/emicklei/go-restful/v3 fb6dd2cf1 client:improve mount error message 8be437ee8 docs(ansible): fix the folder d498e690e clones k8s util exec used by streaming code removing k8s util dependencies 6c0d36b24 follow-up changes discussed at end of review creating these packages b0052d94a pkg/oci: prevent panic for some platform-specific options ee5ad982f docs/snapshotters/erofs.md: a tip for improved performance 5f2200b2c erofs-differ: fix EROFS native image support af24e463b update runhcs to v0.13.0 7063ee659 clones vendor of k8s.io/kubelet/pkg/cri/streaming 11efadd36 build(deps): bump github.com/vishvananda/netlink e29c0fe58 build(deps): bump github.com/Microsoft/hcsshim 21215b216 build(deps): bump dario.cat/mergo from 1.0.1 to 1.0.2 38c9bb93a Revert "perf(applyNaive): avoid walking the tree for each file in the same directory" 1a4c32105 seccomp: kernel v6.13 6180d6243 seccomp: kernel v6.12 fea77e15b ci: bump golang [1.23.9, 1.24.3] in build and release a2f1f4a67 cri:use debug level when receive exec process exited events 8d3eb6567 Update removal version for deprecated registry config fields 2be7a7310 ci:fix ci timeout on almalinux 98698617c Update internal/cri/server/container_create.go af05355e4 internal/container_create: if sandboxConfig's metadata is nil will panic bcfba26ca internal/cleanup: remove Background(), add tests for Do() ada7bdf19 replace "cleanup.Background" for "context.WithoutCancel" c4435bb48 internal/cleanup: fix package godoc e58bc944f core/runtime/v2: cleanup shim-cleanup logs 9ae54175d ctr:make sure containerd socket exist before create client 6ebe15dd4 cri:fix containerd panic when can't find sandbox extension 8bc62da9c client/New: Don't unlazy the gRPC connection implicitly Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>	2025-10-16 11:28:40 -04:00
Bruce Ashfield	13ad3d54b6	containerd: update to v2.1.4 Bumping containerd to version v2.1.4-6-g30bd62aac, which comprises the following commits: 74b0505eb ci: bump Go 1.23.12, 1.24.6 3c174cf64 fix: create bootstrap.json with 0644 permission 5ef6ea747 sys: fix pidfd leak in UnshareAfterEnterUserns 112e41363 Add release notes for v2.1.4 add2dcf86 Ensure fetcher always closes body and properly calls release 34a1cb1dd fix(dockerFetcher): resolve deadlock issue in dockerFetcher open 82c4d6875 ci: bump Go 1.23.11, 1.24.5 6cc2a8d77 Fix intermittent test failures on Windows CIs 6adc69312 Remove WS2025 from CIs due to regression 8d194c19f erofs-snapshotter: make IMMUTABLE_FL optional 2df7175d7 client/New: Don't unlazy the gRPC connection implicitly 02298e1a0 cri:fix containerd panic when can't find sandbox extension 4902adb92 update go-md2man binary to v2.0.7 583133e71 erofs-differ: fix filesystem UUID for tar-converted layers 57db13d50 Amend runtime handler test for stable order d822c9048 CRI: Stable sort for RuntimeHandlers a2fd70639 Test showing RuntimeHandlers in Status() are unordered b74268f86 bugfix:close container io when runtime create failed Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>	2025-08-21 12:52:09 -04:00
Chen Qi	135bf45c74	containerd: drop CVE_VERSION It's easy to forget to update this CVE_VERSION setting. So remove it. The default value of CVE_VERSION is PV. Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>	2025-07-31 13:42:38 -04:00
Bruce Ashfield	b875cfa269	containerd: update to v2.1.3 Bumping containerd to version v2.1.3-2-g41bb88c7e, which comprises the following commits: b74268f86 bugfix:close container io when runtime create failed 7636bd5eb fix when multipart fetching and the server does not return content length 627729341 Prepare release notes for v2.1.3 3c5ede878 Update transfer supported platforms logic babacebad Fix fetch always adding range to requests fb752bc8e fix import for local transfer service f30be44ad Update fetcher errors to include full registry error f6d926314 Register remote errors for clients to access registry errors 7c1813345 Decode grpc errors in the transfer client proxy 63b9eae62 Prepare release notes for v2.1.2 cff1feb28 : properly shutdown non-groupable shims to prevent resource leaks 2ce169aae ci: bump golang [1.23.10,1.24.4] in build and release 70bcb9b55 Enable CIs to run on WS2022 and WS2025 c71f77170 build(deps): bump google.golang.org/grpc from 1.72.0 to 1.72.2 9b6c1949a Fetch image with default platform only in TestExportAndImportMultiLayer 4bcea74de Update differ selection in transfer service to prefer default 0c3cd8a99 Add debug log when transfer returns not implemented 820e56765 Add more error details when unpack fails to extract 480126f50 erofs-snapshotter: fix to work with wrapped errors d82921ff5 Enable DuplicationSuppressor in transfer service 0bb25c3d6 ci: bump golang [1.23.9, 1.24.3] in build and release dd2ce49d0 Add symlink breakout test for overriden path ac8e84efc client:improve mount error message 216667ba0 Prepare release notes for 2.1.1 e1817a401 docs/snapshotters/erofs.md: a tip for improved performance 2168cb92c erofs-differ: fix EROFS native image support 444ca17cd update runhcs version to v0.13.0 40575a15f cri:use debug level when receive exec process exited events 0684f1c44 build(deps): bump github.com/Microsoft/hcsshim ac00b8e61 Revert "perf(applyNaive): avoid walking the tree for each file in the same directory" 37d6c4236 Update removal version for deprecated registry config fields 7fcbc3c46 core/runtime/v2: cleanup shim-cleanup logs e7be076d4 ctr:make sure containerd socket exist before create client c90524d5f .github: mark 2.1 releases as latest 897f65cff Prepare release notes for v2.1.0 ca36be282 Update api to v1.9.0 e51f9c177 Update release for 2.1 release and next to releases a6db1c440 Update mailmap 145175bf4 Prepare release notes for api/v1.9.0 5dc29f0e7 core/runtime: should invoke shim binary e5ef65017 Revert "not set sandbox id when use podsandbox type" 1c70f237c integration: add testcase to recover ungroupable shim 51664ad32 build(deps): bump github/codeql-action from 3.28.16 to 3.28.17 0d085bc53 build(deps): bump the golang-x group with 2 updates 7360c739f Fix image inspect skip over missing content ddbd748a5 clones k8s apimachinery resource quantity for cri annotation parsing e2d6a7160 cri: put limiter out of config 33ee060a3 Use Go 1.19 atomic wrappers everywhere 9e67469fa clones k8s utils clock for cri server events to remove dependency 5f3f84f56 removes use of klog from containerd repo 4dfe4e8be Update runc binary to v1.3.0 42937de92 cloning k8s apimachinery set utils no longer vendoring apimachinery bfd85405d clones k8s component-base logreduction for integration test 8a08aebe1 removing/cloning vendor of kubelet pod label definitions 3851bd540 fix unbound SKIP_TEST variable error 9058ab4ae Revert "disable portmap test in ubuntu-22 to make CI happy" ee7189d1d Add retries for flaky Windows test d70d6245f Retry registry operations once on 50x on last host ca356e46e cri: add a ConcurrentDownloadLimiter a914597c0 fix: client pull: pass fetch performances options 413702b7e fix comment 89780188f dockerFetcher.open: show all parameters when pulling a layer e499939a4 build(deps): bump actions/attest-build-provenance from 2.2.3 to 2.3.0 7fe090e9a build(deps): bump actions/download-artifact from 4.2.1 to 4.3.0 105602db0 build(deps): bump google-github-actions/auth from 2.1.8 to 2.1.10 b559084fb build(deps): bump github/codeql-action from 3.28.15 to 3.28.16 b89733812 core/transfer/local: should not mark complete if it's not found 0dcdc1ffa bump:update cni to v1.7.1 7c03dd036 nri: add type conversion functions removed from NRI. f71c2c2d5 Prepare 2.1.0-rc.0 release 61cbbaaba Update api to v1.9.0-rc.0 f42ee3431 Update mailmap entries 83ad3b55f code review fixes a196ee66a better race mgt ce73e1b3e docs: Run userns example in /tmp 882b1903c docs: Fix typo in userns example b62339f39 docs: Fix typos to run userns with ctr 72c8c7708 only keep one setting: concurrent_layer_fetch_buffer 024775dab set dl options on resolver 88116b191 remove max_dl_operations setting 755a4ac6f update f9af08820 perf(pull): multipart layer fetch cdd7ec40d Support configuring custom media types for unpack 17b6e1ef8 Allow streaming to client 40eb2fdbb Fix protos bd8e6c727 Enable http debug and tracing for non local puller 1d436803d Add http debug fields to OCI registry protos 27e6c117d Move HTTP debug code to pkg c0ce618a1 Add release notes for api v1.9.0-rc.0 d16ad8f5c fix: update containerd config dump to reflect plugin config migrations. f57727c42 Revert criserver metrics subsystem back to cri b694be29a Update CRI image service to pull using transfer service 2f9734fa5 erofs-differ: support EROFS native image layers d52386ab9 Add check for rootfs type and only unmarshal relevant parts 5dcdd5484 golangci-lint: add forbidigo rules to prevent regex.MustCompile 147787449 use lazyregexp to compile regexes on first use fa0e50ccf implement lazyregexp package f512e3174 ctr shim: allow override to computed shim address 21a6db1b3 Update CRI documentation to add information about Image Pull with Transfer Service 4b4e6f7c6 not set sandbox id when use podsandbox type e511a384e Add warning message when using async mode 89a8cd2fb Introduce no_sync option 57c1cfa5f Update godoc for Bolt options 2db2db3a8 Customzie BoltDB options in MetaStore c94a92f42 Expose boltdb configuration for metadata plugin 98eded24b Move erofsutils to internal 5d3a4d082 build(deps): bump softprops/action-gh-release from 2.2.1 to 2.2.2 f815d0291 build(deps): bump google.golang.org/grpc from 1.71.1 to 1.72.0 47afd3d1c Fix vagrant setup eb09e8d75 Add loong64 seccomp support 568880ec3 erofsutils: MountsToLayer slight optimizations 09f34d18b erofs-differ: implement fast differ with DiffDirChanges() b8649bd38 client: fix returned error in the defer function 5cb77bc22 build(deps): bump golang.org/x/net from 0.37.0 to 0.38.0 01ff3b364 chore: fix broken links to https://docs.docker.com/registry 40b0083c4 fix(docker pusher): if authorizing a cross-repo mount fails, fall back 6f93c65f5 use go1.23.8 as the default go version 5629e9fff update to go 1.24.2, 1.23.8 d73880a9f build(deps): bump github.com/prometheus/client_golang fc23c4d61 build(deps): bump google.golang.org/grpc from 1.71.0 to 1.71.1 76470adf7 build(deps): bump github.com/moby/sys/user in the moby-sys group 97eb1cd46 change criService.runtimeHandlers slice to a map 764dcf77a config: postpone planned v2.1 deprecations to v2.2 499238a52 Remove deprecated dynamic library plugins 9ca6a7ee0 Disable arm64 criu testing in GH Actions 70db1bd00 disable portmap test in ubuntu-22 to make CI happy 8e6c93b6b add option to skip tests in critest c1026d5bf Fixing install instructions for Windows 752914b5b Add content create event to api 81acabd95 release: use Ubuntu 22.04 (glibc 2.35) d9c889568 Remove the support for Schema 1 images 74af78b34 cri,nri: allow plugins to inject devices using CDI. 3251e2cc8 Prevent panic in Docker pusher. 4857de853 Add cri.config.headers to auth requests 10b4eb4a9 Add hosts.toml headers to auth requests 5ae698235 Only add containerd as User-Agent when it's empty f87b2c1cd avoid import to testing pkg outside of tests be9ca11a1 fix call fmt.Errorf with wrong error eae1a6adc build(deps): bump github/codeql-action from 3.28.13 to 3.28.15 8db39a964 build(deps): bump github.com/fsnotify/fsnotify from 1.8.0 to 1.9.0 2a52260c7 build(deps): bump azure/login from 2.2.0 to 2.3.0 2d3ff252d build(deps): bump github.com/containernetworking/cni from 1.2.3 to 1.3.0 be602ea5c build(deps): bump the golang-x group with 2 updates 3a5f04fdd build(deps): bump github.com/pelletier/go-toml/v2 from 2.2.3 to 2.2.4 a083b669c Set default differ for the default unpack config of transfer service 1dbb7f2ae pkg/sys: improve GetLocalListener/CreateUnixSocket error message bca39a6f4 Add documentation for test for issue 10467 713f753e5 Update release upgrade tests to test 1.7 and 2.0 9d05ae03b Revert "Remove test for issue 10467" 33dae72b9 build(deps): bump lycheeverse/lychee-action from 2.3.0 to 2.4.0 c9b9f4a9a build(deps): bump crazy-max/ghaction-github-runtime from 3.0.0 to 3.1.0 ead5c1ee6 cri:fix lost container exit events if they arrive before info is cached 860260434 store extension when create sandbox in store cffb6d425 downgrade cni version in CI test 07a23b6f4 use type textarea 3ef9084d0 Create cri_kep.yaml 450038a28 integration/client: add tests for TaskOptions is not empty 7e5c5038a prefer task options for PluginInfo request ec3567d6b update taskOptions based on runtimeOptions when creating a task fe4703cde integration: check image volume snapshot after deleting pod d141d6c3d integration: run image volumes for linux platform only de833ebbb cri: enhance error handling for image volume be0ab6e93 cri: add volatile option to image volume mount if applicable d080d441d build(deps): bump google.golang.org/protobuf from 1.36.5 to 1.36.6 7e7c3b0a8 build(deps): bump github.com/opencontainers/selinux 3689dec42 build(deps): bump actions/download-artifact from 4.1.9 to 4.2.1 cb6a82a92 build(deps): bump actions/upload-artifact from 4.6.1 to 4.6.2 5b194505e build(deps): bump github/codeql-action from 3.28.11 to 3.28.13 ce690b0a9 build(deps): bump actions/cache from 4.2.2 to 4.2.3 aff7e4797 build(deps): bump github.com/containernetworking/plugins a3a66d1f2 Fix the panic caused by the failure of RunPodSandbox 10fae41ad go.mod: tags.cncf.io/container-device-interface v1.0.1 e7b4165ab : CRIImageService should delete image synchronously 42effa3b9 Mark `NetworkPluginBinDir` as DEPRECATED 7f9ca1dcb update max container log line size json field 71f593d4a Support multiple CNI plugin bin dirs 7fe5c4123 go.mod: golang.org/x/net v0.37.0 3e96f1a51 Update runc binary to v1.2.6 6670d4153 build(deps): bump tags.cncf.io/container-device-interface 14e94bcbf build(deps): bump github.com/containerd/imgcrypt/v2 from 2.0.0 to 2.0.1 80e3fc4ce build(deps): bump golangci/golangci-lint-action from 6.5.0 to 6.5.2 ec5d686b1 build(deps): bump the k8s group with 5 updates 234a4411f build(deps): bump docker/login-action from 3.3.0 to 3.4.0 c8effff1a Fix CI lint error 7c522819d support to set defer cleanup timeout to decrease ctx timeout 53eec6c78 move host tlsconfig update to a separate function f702bf9fe [hosts] wrong explicitTLS value when dialTimeout is set 8028a1d08 Bump github.com/go-jose/go-jose/v4 from v4.0.4 to v4.0.5 ce055b530 Bump golang.org/x/text from 0.22.0 to 0.23.0 e0aaed012 Bump golang.org/x/term from 0.29.0 to 0.30.0 c4982bffc Add dial timeout field to hosts toml configuration 94dd70f4f build(deps): bump the otel group with 8 updates 85c04ab0e build(deps): bump the golang-x group with 3 updates 12762891d Remove test for issue 10467 5bbd3ed1b add k8s 1.32 and as tested containerd supported branches at the time of release 93cc1e6eb Fix upgrade test runtime config 531adbf06 config:fix config migrate lost timeout config de1341c20 validate uid/gid 9e6beafd5 Support container restore through CRI/Kubernetes 88faaac97 build(deps): bump containerd/project-checks from 1.2.1 to 1.2.2 9f885ea4f build(deps): bump github/codeql-action from 3.28.10 to 3.28.11 d7de182dd build(deps): bump actions/attest-build-provenance from 2.2.2 to 2.2.3 75252f975 build(deps): bump github.com/prometheus/client_golang c37e48b07 build(deps): bump google.golang.org/grpc from 1.70.0 to 1.71.0 700b98415 build(deps): bump github.com/urfave/cli/v2 from 2.27.5 to 2.27.6 833d6bc8e Update release status for 2.1 to beta 71cfe00ee Prepare release notes for v2.1.0-beta.n be8fe50f4 Update the upgrade test to handle 2.1 06daffb4d integration: update TestUpgrade for 2.1 405a952c6 add name in package version 4f090fe77 update to go1.23.7 / go1.24.1 b947e0566 fix: repeat args from sub-func call ee574e76e client: Respect `client.WithTimeout` option 4357a7600 use shimCtx for fifo copy edd1cc50d docs: include note about unprivileged sysctls 393ad5b11 e2e: use the shim bundled with containerd artifact f8f205382 Update runtime-spec to v1.2.1 af5ff5a1f CVE-2025-22869: upgrade golang.org/x/crypto to v0.35.0 3a5de731c erofs-snapshotter: clear IMMUTABLE_FL only for committed snapshots 10f2b7fde CVE-2025-22868: upgrade golang.org/x/oauth2 to v0.27.0 705518e58 ci: update GitHub Actions release runner to ubuntu-24.04 971915797 erofs-snapshotter: force the use of loop devices for single-layer images 69c0d7f60 build(deps): bump containerd/project-checks from 1.1.0 to 1.2.1 37fe1e8b4 build(deps): bump golang.org/x/net from 0.23.0 to 0.33.0 in /api 0eea93d68 build(deps): bump actions/cache from 4.2.1 to 4.2.2 20fa1ca46 build(deps): bump actions/attest-build-provenance from 2.2.0 to 2.2.2 9b0b67951 build(deps): bump docker/setup-buildx-action from 3.9.0 to 3.10.0 86734729f build(deps): bump actions/download-artifact from 4.1.8 to 4.1.9 001dfeb19 build(deps): bump github.com/klauspost/compress from 1.17.11 to 1.18.0 72ac5cad4 build(deps): bump github.com/google/go-cmp from 0.6.0 to 0.7.0 d37ea6977 Bump to newer opencontainers/image-spec @ v1.1.1 b477cf8e9 erofs-snapshotter: protect layer blobs with FS_IMMUTABLE_FL d8063c30d perf(applyNaive): avoid walking the tree for each file in the same directory e84e5a215 build(deps): bump go.etcd.io/bbolt from 1.3.11 to 1.4.0 00cb73503 Swap to go.etcd.io/bbolt/errors for bbolt errors 22d568fb5 Update CDI dependency to v0.8.1. f25f36c33 proxy: break up writes from the remote writer to avoid grpc limits 51f063f07 Prefer runtime options for PluginInfo request d2b5653c1 build(deps): bump the k8s group across 1 directory with 6 updates 76858ac8e Ignore defunct verifier procs in test 268880bf5 [improve] prevent oom watcher depend on shim pkg. 4e7484d3f CI: arm64-8core-32gb -> ubuntu-24.04-arm f3b6078f9 erofs-snapshotter: add fsverity support 86cde823a build(deps): bump actions/cache from 4.2.0 to 4.2.1 49257264f build(deps): bump actions/upload-artifact from 4.6.0 to 4.6.1 125525d6c build(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.1 0500dacf6 build(deps): bump github/codeql-action from 3.28.9 to 3.28.10 71958731e move security profile to cri/sputil pkg b8a759f1f build(deps): bump golangci/golangci-lint-action from 6.3.2 to 6.5.0 f23981281 build(deps): bump google.golang.org/grpc from 1.69.4 to 1.70.0 a1e7457bc docs: add CRI Plugin Config runtime_path 1ec10d9ae Add OCI/Image Volume Source support 480e1039f move exclude-dirs to issues.exclude-dirs a502b7931 Clarify port handling in hosts toml 44baada6a device mapper:fix sometimes blkdiscard doesn't have --version flags 938775864 Update runc binary to v1.2.5 326fbf074 build(deps): bump google.golang.org/protobuf from 1.36.3 to 1.36.5 6a01ad3e1 cri,nri: block NRI plugin sync. during event processing. df99aa321 update to go 1.24.0 / go1.23.6 41eaa41c4 update golangci-lint to v1.64.2 17acb356f build(deps): bump github.com/vishvananda/netns from 0.0.4 to 0.0.5 84e07f6b5 build(deps): bump the golang-x group with 3 updates 6a08d70e6 build(deps): bump github/codeql-action from 3.28.8 to 3.28.9 2f971ee2d build(deps): bump docker/setup-buildx-action from 3.8.0 to 3.9.0 2b8a7f253 build(deps): bump lycheeverse/lychee-action from 2.2.0 to 2.3.0 bdb8cb5a8 build(deps): bump golangci/golangci-lint-action from 6.2.0 to 6.3.2 a1c540085 Support for importing layers in the block CIM format. b98378638 move the device after the options when using mkfs.ext4 1fc497218 Fix privileged container sysfs can't be rw because pod is ro by default c51f5d26f perf(zstd): deactivate the low mem decoder b65f3875b build(deps): bump google-github-actions/upload-cloud-storage 841ab361c build(deps): bump github/codeql-action from 3.28.6 to 3.28.8 565b50dbb build(deps): bump google-github-actions/auth from 2.1.7 to 2.1.8 2eb0aa6b9 nri: make OCI spec available on StopPodSandbox 168c49e4d Fix state/root bug in shim sandbox controller 3cdfc1003 core/remotes: Handle attestations in MakeRefKey e751b6bb1 core/images: Ignore attestations when traversing children 83b65e52f Revert "Add timestamp to PodSandboxStatusResponse for kubernetes Evented PLEG" 0c986c332 build(deps): bump actions/attest-build-provenance from 2.1.0 to 2.2.0 575239789 build(deps): bump actions/stale from 9.0.0 to 9.1.0 48d09104d build(deps): bump github/codeql-action from 3.28.1 to 3.28.6 6d1f6e75d Update upgrade section 5f238fa82 Update to time based releases 886d971f8 Update LTS definition and support horizon a6dc9905c client: add WithExtraDialOpts option 69e82f9cd build(deps): bump the otel group across 1 directory with 8 updates 53d6f3482 build(deps): bump golangci/golangci-lint-action from 6.1.1 to 6.2.0 4b77d4e41 build(deps): bump softprops/action-gh-release from 2.2.0 to 2.2.1 22e77720b build(deps): bump github/codeql-action from 3.27.9 to 3.28.1 f572a6db9 build(deps): bump lycheeverse/lychee-action from 2.1.0 to 2.2.0 36d3888cf build(deps): bump actions/upload-artifact from 4.4.3 to 4.6.0 19c546c97 build(deps): bump github.com/tchap/go-patricia/v2 from 2.3.1 to 2.3.2 460e5a2e2 build(deps): bump google.golang.org/protobuf from 1.36.1 to 1.36.3 157faf65c update to go1.23.5 / go1.22.11 222308416 Remove noinline in apparmor SpecOpts 2a4164ac8 Remove noinline in seccomp SpecOpts 00fee4adb Transfer Service: enable remote snapshotters 04f9e30db log: avoid using unsupported field by logrus bdc847f1e Remove deprecated WithCDIDevices in oci spec opts e20f7f4a2 Move CDI device spec out of the OCI package 740c5d428 docs: fix some function names in comment b49df6af1 move FuzzCRIServer to go native fuzz 6148dbdd7 Update platforms to latest rc 2f15d6586 Add tests for EROFS snapshotter fd4caef78 Add EROFS snapshotter documentation 2486d542a Introduce EROFS Snapshotter c73c8e5d5 Introduce EROFS differ fb44e37ff Remove confusing warning in cri runtime config migration 6019bcdfb move FuzzContainerdImport to go native fuzz b7a117b46 Fix fuzz integration tests ffbe1b573 Use a order-only-prerequisite for mandir creation b81ace872 Update cimfs snapshotter & differ for new hcsshim interface 58bd48ecf add some doc for shim reap orphan process 09bf281ec fix go-cni race condition 15d3bf9b2 Bump up otelttrpc to 0.1.0 e1aeb37cd ci: fix the issue of config_file unset e65283321 make TestContainerCgroupWritable not parallel 54ed595e1 update runc binary to v1.2.4 79a42eedc ctr: `ctr images import --all-platforms`: fix unpack 63f604728 Add snapshotter exports to unpack platform ef7fa43c9 build(deps): bump golang.org/x/sys in the golang-x group d156d3df9 Benchamrk chainID calculation in unpack 00a11e91d downgrade go-difflib and go-spew to tagged releases 95f45541e Avoid duplicated chain ID calculation in unpack e70977180 change metadata fuzz operations as const and slice instead of map a4e3218e8 change tmp dir creation in fuzz to t.TempDir ee6338188 bump up ttrpc to use its MD.Clone 4f2f12be6 Bump seccomp version to be the same as one in runc repo a8c643cc5 change copyright from ADA Logics to containerd a55083007 Remove github.com/AdamKorcz/go-118-fuzz-build in go.mod 2de103029 Move fuzz tests to go native fuzz [part1] bee64b2b9 Remove loop variable copies 4a4a027f7 build(deps): bump google.golang.org/protobuf from 1.36.0 to 1.36.1 9fc711a8a Clarify Go client API guidance 9bb31b706 build(deps): bump google.golang.org/grpc from 1.69.0 to 1.69.2 f98d5fdb6 build(deps): bump github.com/containerd/cgroups/v3 from 3.0.4 to 3.0.5 1e3d10dc2 Make ovl idmap mounts read-only 652e4d0b1 Add integ test to check tty leak 26a156f4f Update golangci to 1.60.3 aedb079bf fix master tty leak due to leaking init container object 1363849b0 Add integration test 7f3599f09 build(deps): bump golang.org/x/net from 0.30.0 to 0.33.0 fa531f808 Update golangci-lint version in dev tools script 2f37b9da3 build(deps): bump google.golang.org/protobuf from 1.35.2 to 1.36.0 dda702042 Enable Writable cgroups for unprivileged containers 4e4537a87 build(deps): bump google.golang.org/grpc from 1.68.1 to 1.69.0 f6e956c22 build(deps): bump github.com/containerd/imgcrypt/v2 31e129856 build(deps): bump docker/setup-buildx-action from 3.7.1 to 3.8.0 d29751424 build(deps): bump github/codeql-action from 3.27.6 to 3.27.9 a172d2c11 build(deps): bump softprops/action-gh-release from 2.1.0 to 2.2.0 47c4dba40 Unify default transport in docker resolver ef0e70922 Fix runtime platform loading in cri image plugin init aeb414021 build(deps): bump google.golang.org/grpc from 1.67.1 to 1.68.1 23e014140 vendor: golang.org/x/crypto v0.31.0 9b3d999bd vendor: golang.org/x/term v0.27.0 1032fad27 vendor: golang.org/x/text v0.21.0 6764e62cf vendor: golang.org/x/sync v0.10.0 160676647 vendor: golang.org/x/sys v0.28.0 981414521 update runc binary to v1.2.3 ff0d99e02 Add multiple uid/gid mapping test cases to integration tests ec231cdcf Update ctr to support remapper labels with multiple uid/gid mapping entries 8bbfb6528 Update snapshotter opts to support multiple uid/gid mapping entries 8a030d653 Update overlay snapshotter to support multiple uid/gid mappings 168ec21db Update idmapped mount to support multiple uid/gid mappings a11405975 Add RootPair() and serialization routines to userns idmap 1f220b23e feat: update go-cni version for CNI STATUS d76f92f24 update xx to v1.6.1 for compatibility with alpine 3.21 and file 5.46+ 927012243 build(deps): bump actions/cache from 4.1.2 to 4.2.0 73864c520 build(deps): bump github/codeql-action from 3.27.5 to 3.27.6 afee762fb build(deps): bump actions/attest-build-provenance from 1.4.4 to 2.1.0 11b78255d cmd: add syncfs option to ctr command e0459262b Remove After=local-fs.target from containerd.service 6c7b1afe5 Log "container event discarded" as Info 81780a5dd update to go1.23.4 / go1.22.10 2c4c04032 internal/cri: should not apply IoOwner options 4a664772e The task_dir successfully cleans when the file is absent. 4c11d753c ctr pull unpack for default platform using transfer service 6fdc35243 CI: update Fedora to 41 0903f203f fix panic due to nil dereference cgroups v2 b78c5c6ed docs: fix snapshots api import ed39dfa5d Add integration test for custom configuration 8540fed77 complete cri grpc config migration 59a2c3523 Add containerd community call to readme. 17f7858b4 Update differ to handle zstd media types e9d560f1e Unsorted platform conditionals cleanup 485020ca8 fix: loop variable capture issue ea9397793 build(deps): bump github/codeql-action from 3.27.4 to 3.27.5 6c16f3490 build(deps): bump github.com/containerd/cgroups/v3 from 3.0.3 to 3.0.4 5c905fb6c build(deps): bump github.com/stretchr/testify from 1.9.0 to 1.10.0 662d64080 build(deps): bump the k8s group with 5 updates 3961dc9c8 Publish attestation as release artifact 288001f68 move rocky 9.4 to almalinux/9 in CI e24864e48 Clarify release for deprecated registry field removals 34284c507 Add tests for CNI v2 loopback options a21b178f1 *: should align pipe's owner with init process f5b2c3a07 build(deps): bump github/codeql-action from 3.27.1 to 3.27.4 be2c4504e build(deps): bump github.com/containerd/continuity from 0.4.4 to 0.4.5 dd2d89167 build(deps): bump google.golang.org/protobuf from 1.35.1 to 1.35.2 9a7bc5423 update runc binary to 1.2.2 f8819df7c Update install-imgcrypt to allow change install repo f6e30e962 [defaults] Reorganize per-platform defaults 9c7a403a2 [containerd-stress] Use platform-specific default address 9e3ab2332 Move content events to metadata 1b01f396d Revert "Disable vagrant strict dependency checking" 6c1b699bf docs: update schema 1 deprecation information 01c489141 build(deps): bump github.com/containerd/typeurl/v2 from 2.2.2 to 2.2.3 cebca6f87 build(deps): bump the golang-x group with 3 updates 73ae1c66f build(deps): bump lycheeverse/lychee-action from 2.0.2 to 2.1.0 4bd33276c build(deps): bump github/codeql-action from 3.27.0 to 3.27.1 d32ed4a56 build(deps): bump actions/attest-build-provenance from 1.4.3 to 1.4.4 d810c5759 build(deps): bump softprops/action-gh-release from 2.0.9 to 2.1.0 91e4e0967 fsverity_linux.go: Fix fsverity.IsEnabled() for big endian systems f9537ae12 fsverity_test.go: fix major/minor device number resolving 8a8e50e6d fsverity_test.go: fix nil pointer dereference, fix test fail bcc3cc968 update to go1.23.3 / go1.22.9 784116b7d Avoid arch info in the sed/replace when building cri-cni-containerd.tar.gz c130d93c1 make ListContainerStats handle container that is removed before its sandbox a17001b42 build(deps): bump github.com/fsnotify/fsnotify from 1.7.0 to 1.8.0 bc056a5c6 nri: report pod ips to the nri plugins a256f326c bump nri version to get PodIPs 11b1353c1 fix: set the credentials even if not provided 1617fd72e test: prevent segfault in imageverifier test 2447936fc Fix runtimeoptions location in v2 migration 0c2805a6e Report an error when cni confDir removed Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>	2025-07-07 11:42:27 -04:00
Bruce Ashfield	bc2a750d5c	containers: adapt to UNPACKDIR changes This commit updates the container recipes to the OE core UNPACKDIR changes. - We drop references to WORKDIR - We adjust destsuffix fetches to use BB_GIT_DEFAULT_DESTSUFFIX instead of 'git' - Update our GOPATH references to use UNPACKDIR - Drop S = assignemnts where possible Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>	2025-06-25 22:40:08 -04:00
Bruce Ashfield	578c27a645	containerd: update to v2.0.3 Bumping containerd to version v2.0.3, which comprises the following commits: eaa7ca80d proxy: break up writes from the remote writer to avoid grpc limits c7f64196f Fix privileged container sysfs can't be rw because pod is ro by default 569af34cb Prefer runtime options for PluginInfo request b8dde9189 Prepare release notes for v2.0.3 0ce93e16a prevent oom watcher depend on shim pkg. f3284aa68 CI: arm64-8core-32gb -> ubuntu-24.04-arm 92ae2951f Update CDI dependency to v0.8.1. f95a426b8 move the device after the options when using mkfs.ext4 4d19a6adf update build to go1.23.6, test go1.24.0 c738c3aab build(deps): bump actions/cache from 4.1.2 to 4.2.0 b5313993c Revert "Add timestamp to PodSandboxStatusResponse for kubernetes Evented PLEG" 697c59c63 Update runc binary to v1.2.5 fcf64305c Update vendor files to fix build failure d3437eb29 Upgrade x/net to 0.33.0 0785bd8cc Update install-imgcrypt to allow change install repo 06891f899 fix go-cni race condition 79cdbf61b cri,nri: block NRI plugin sync. during event processing. 9d5cfce83 Update github.com/containerd/imgcrypt to v2.0.0 1f4e5688e update to go1.23.5 / go1.22.11 f58939c33 Remove deprecated WithCDIDevices in oci spec opts 3d53430fe Move CDI device spec out of the OCI package 3a6ab80d0 build(deps): bump google.golang.org/protobuf from 1.35.1 to 1.35.2 cdaf4dfb4 Prepare release notes for v2.0.2 eb125e1dd Update platforms to latest rc 468079c5c Remove confusing warning in cri runtime config migration a2d9d4fd5 Fix runtime platform loading in cri image plugin init 184ffad01 Add integ test to check tty leak 17181ed33 fix master tty leak due to leaking init container object 8666e7422 Bump up otelttrpc to 0.1.0 7373ddd70 update runc binary to v1.2.4 c4270430d ctr: `ctr images import --all-platforms`: fix unpack f34147772 downgrade go-difflib and go-spew to tagged releases Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>	2025-03-06 17:17:59 +00:00
Bruce Ashfield	f8b943afd4	containerd: update to v2.0.1 Bumping containerd to version v2.0.1-6-gce560bb24, which comprises the following commits: f34147772 downgrade go-difflib and go-spew to tagged releases dca769485 chore: add a build tag to disable containerd plugin import 5942b3fcb Update golangci to 1.60.3 b0ece5dc5 Prepare release notes for v2.0.1 fe6957084 build(deps): bump actions/attest-build-provenance from 1.4.4 to 2.1.0 eb2ce6882 update xx to v1.6.1 for compatibility with alpine 3.21 and file 5.46+ 018d83650 internal/cri: should not apply IoOwner options 5eb7995a9 feat: update go-cni version for CNI STATUS a53eff53d update runc binary to v1.2.3 a2302ea89 Add integration test for custom configuration be5eda069 complete cri grpc config migration 44cdca68b ctr pull unpack for default platform using transfer service 62b790bfa CI: update Fedora to 41 290e8bc70 update to go1.23.4 / go1.22.10 3ba2df924 fix panic due to nil dereference cgroups v2 73f57acb0 Update differ to handle zstd media types 34a45cab2 Publish attestation as release artifact Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>	2025-01-17 19:17:09 +00:00
Bruce Ashfield	99b730a7cc	containerd: update to v2.0.0 Bumping containerd to version v2.0.0-25-g961cac9aa, which comprises the following commits: 34a45cab2 Publish attestation as release artifact 7dec6b460 move rocky 9.4 to almalinux/9 in CI cf07f28ee : should align pipe's owner with init process 986088866 fix: set the credentials even if not provided 9081e979f update runc binary to 1.2.2 6399c936f Revert "Disable vagrant strict dependency checking" a7f2b562f fsverity_linux.go: Fix fsverity.IsEnabled() for big endian systems 389e781ea build(deps): bump github.com/containerd/typeurl/v2 from 2.2.2 to 2.2.3 30b929ece fsverity_test.go: fix major/minor device number resolving 10996a334 fsverity_test.go: fix nil pointer dereference, fix test fail 5b879f30c update to go1.23.3 / go1.22.9 e99c2b55c Avoid arch info in the sed/replace when building cri-cni-containerd.tar.gz 458215f6c ci: enable marking 2.0 releases as latest 03ba4ce1f Update release notes for v2.0.0 f2da3fd68 Update release docs for v2.0.0 ff09b428e Update typeurl to v2.2.2 a43e7c1e2 build(deps): bump softprops/action-gh-release from 2.0.8 to 2.0.9 edf367cab build(deps): bump github.com/containerd/nri from 0.7.0 to 0.8.0 21f636751 build(deps): bump github.com/containerd/typeurl/v2 from 2.2.0 to 2.2.1 1edc2147f build(deps): bump google-github-actions/auth from 2.1.6 to 2.1.7 2d8fec45a go.mod: k8s.io/ v0.31.2 bef201fe6 build(deps): bump google-github-actions/upload-cloud-storage bd10a6096 Update platforms to v1.0.0-rc.0 ae73e3013 Disable vagrant strict dependency checking 33677d56d Update containerd API to v1.8.0 release d38911808 Prepare release notes for api/v1.8.0 93f9db2ad Update errdefs tag to v1.0.0 bddeba825 Make TestContainerPids more resilient edb980ac0 update runc binary to 1.2.1 bf47b6ebc docs/containerd-2.0.md: add more highlights f5ce859ee docs/containerd-2.0.md: fix the deprecation release of AUFS bedd85a36 RELEASES.md: k8s: fix CRI v1alpha2 removal release, remove old releases 4594f5cac services/snapshots: include name of snapshotter in debug logs 77d783e2c Update hcsshim to v0.12.9 79089232b build(deps): bump actions/checkout from 4.2.1 to 4.2.2 2789ba30e build(deps): bump actions/cache from 4.1.1 to 4.1.2 6b655d093 build(deps): bump github/codeql-action from 3.26.13 to 3.27.0 9ed6e05b2 config: v1Migrate: support DisabledPlugins and RequiredPlugins 4b2bca00b config: migrate version before merging 700b90618 resolver/docker: fix confusing "trying next host" log 3cc2343de local: avoid writing to content root on readonly store Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>	2024-12-10 03:47:54 +00:00
Bruce Ashfield	87b0a869c6	containerd: update to v2.0.0-rc.6 Bumping containerd to version v2.0.0-rc.6-23-g1e6fdb531, which comprises the following commits: 0208cb58c go.mod: github.com/containerd/imgcrypt v2.0.0-rc-1 588b7a100 testutil: avoid conflict with continuity/testutil 181491032 build(deps): bump github.com/containerd/continuity from 0.4.3 to 0.4.4 497dc7bf3 build(deps): bump github.com/checkpoint-restore/checkpointctl fddeb6f3c pkg/protobuf: fix typo in godoc 96a1e498f Update containerd plugin to v1.0.0 3b45a44cc Update to ttrpc v1.2.6 tag 3cc2343de local: avoid writing to content root on readonly store 778defa31 Add back ZFS snapshotter d3ff3e2ff CI: move crun from Ubuntu to Fedora 5c65a3d7b Update version to v2.0.0-rc.6 9aa637b22 Update api vendor to latest 4b9d6c014 deps: bump github.com/containerd/nri 2535b187a Scope writer locks to each writer. bc819bc97 docs: add command for finding schema 1 images c86b2772c docs: update min version for deprecation warnings a1ce18816 CI: bump up crun to 1.17 021895985 Update hcsshim version to v0.12.8 373311a84 build(deps): bump github.com/opencontainers/selinux cf9cf8b5a build(deps): bump github.com/prometheus/client_golang 03860c208 build(deps): bump azure/CLI from 1.0.9 to 2.1.0 cf7218fb0 build(deps): bump actions/checkout from 4.1.1 to 4.2.1 78ec6ef02 build(deps): bump actions/upload-artifact from 4.1.0 to 4.4.3 bfe8fa330 build(deps): bump github/codeql-action from 3.24.0 to 3.26.13 38ba7f2f7 dedup BuildLabels a5cd0d0a5 dedup GetPassthroughAnnotations 269997ac5 dedup GetRepoDigestAndTag f61dbc2d0 dedup ParseImageReferences 530db2e8d Introduce two additional unit tests for two runtimes and pod annotations. a21e379b6 Allow sections of Plugins to be merged, and not overwritten as entire sections. 2f24aa00a Update errdefs to 0.3.0 92d327af1 Update tracing docs for containerd 2.0 943b196ad Update NRI documentation for containerd 2.0 a6ceb4be0 containerd 2.0 guide: add image verifier plugins 347423a11 Request 'allow' setgroups when spawning new userns 249dd7474 Format link text in containerd 2.0 doc for readability 18e4ea9a6 Add After=dbus.service to containerd.service 3eea3536f docs/containerd-2.0.md: mention the removal of `cri-containerd-*.tar.gz` f8d50f6e8 README.md: put a link to docs/containerd-2.0.md b724b9f23 Add containerd 2.0 doc fc5086a74 cri: remove sandbox controller from client e4df672ab sandbox: add sandbox controller v2 4f2bc1580 build(deps): bump lycheeverse/lychee-action from 1.10.0 to 2.0.2 4bd3a71dd go.{mod,sum}: update NRI deps and re-vendor. bff82e196 [StepSecurity] ci: Harden GitHub Actions 5eb0be994 build(deps): bump github.com/urfave/cli/v2 from 2.27.4 to 2.27.5 0742238cd Handle teardown failure to avoid blocking cleanup c3d84a87f build(deps): bump the otel group with 8 updates bfe59daae build(deps): bump github.com/klauspost/compress from 1.17.10 to 1.17.11 b7c333ce2 Revert "update runc binary to 1.1.15" c6d089090 metrics: Use UnmarshalTo instead of UnmarshalAny 1db0064c6 CI: install OVMF for Vagrant 4d02217b5 CI: fix "Unable to find a source package for vagrant" error 38beeb359 Revert "use vagrant from jammy in noble" e2daa20ed Revert "use older version of OVMF package" ee921689f Switch from actuated.dev to GH Action runners for arm64 f89ed3c62 build(deps): bump golang.org/x/sys in the golang-x group 428df99db build(deps): bump google.golang.org/grpc from 1.67.0 to 1.67.1 72126a984 update sample go test commands 9c42dd959 build(deps): bump google.golang.org/protobuf from 1.34.2 to 1.35.1 f0f1bfca0 update runc binary to 1.1.15 46f5a0d93 update to go1.23.2,go1.22.8 7b1809851 Update runner images to macOS13 e479431e0 core/runtime: Fix a typo in error message b85909cd4 shim: Move pprof server to plugin b2681dfbd shim: Move ttrpc interceptors to plugins d7f83034c Fix the race condition during GC of snapshots when client retries 24fe444eb script/setup/install-runc: Add trap statement to clean up tmp files 6ffdabf72 Makefile: fix shim tags overwritten 095131abf add use systemd cgroup e2e 2123855ee Add build tag to omit grpc 64d29ebe5 snapshots: core: Remove dependency on api types 11ffba3dc shim: Do not depend on pkg/oci 0d4e606bb Update hcsshim to v0.12.7 78e39f7c5 build(deps): bump github.com/intel/goresctrl from 0.7.0 to 0.8.0 17d4a1357 Propagate trace contexts to shims bc4646067 Prepare release notes for v2.0.0-rc.5 ccb2a8d74 [cri] use 'UserSpecifiedImage' to set the image-name annotation b7b6b324b Add check for CNI plugins before tearing down pod network b5290726d Add timestamp to PodSandboxStatusResponse for kubernetes Evented PLEG 146a977f9 Move features section to a separate file 30f289335 core/mount: Only remove dirs if unmount succeeded f8d84ecf9 core/mount: Prevent accidental removal of rootfs files 004f3951d core/mount: Use MNT_DETACH for umount of tmp layers f7ca91fa3 build(deps): bump github.com/prometheus/client_golang c75178d93 build(deps): bump google.golang.org/grpc from 1.66.2 to 1.67.0 519cbda1d build(deps): bump github.com/klauspost/compress from 1.17.9 to 1.17.10 d72051036 Enable the selinux on cri test b03a3c5a2 build(deps): bump the k8s group with 4 updates 017efe05a build(deps): bump the otel group with 8 updates 7c89148a1 build(deps): bump google.golang.org/grpc from 1.65.0 to 1.66.2 6e2c4d00d build(deps): bump golang.org/x/mod ee0ed75d6 internal/cri: simplify netns setup with pinned userns fd3f3d5a1 pkg/sys: add GetUsernsForNamespace interface 490e45a08 pkg/sys: Add UnshareAfterEnterUserns function 83aaa89b6 update ctr run to support multiple uid/gid mappings 1dedcb784 build(deps): bump github.com/checkpoint-restore/go-criu/v7 7599d4df2 build(deps): bump github.com/prometheus/client_golang 9037069da update to go1.23.1, go1.22.7 6f43197c2 Remove cri SandboxInfo RuntimeHandler Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>	2024-11-15 19:50:00 +00:00
Bruce Ashfield	718da5ae40	containerd: make network configuration a conflist parsing errors occur if this fragment ends with .conf, so we renamed it to make sure it is processed as a conflist. Tested with containerd + nerdctl Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>	2024-11-15 19:50:00 +00:00
Bruce Ashfield	e2c3d012f9	containerd: add cni-networking configuration When running a containerd-only stack, we need a CNI configuration to be available. When running containerd as part of something like K3S, we expect the orchestration package will provide that configuration. This commit makes a containerd-cni package available that contains a starting point configuration. Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>	2024-11-15 19:50:00 +00:00
Bruce Ashfield	abbe4686b0	containerd: update to v2.0.0-rc.4 Bumping containerd to version v2.0.0-rc.4-40-g19430264c, which comprises the following commits: 9037069da update to go1.23.1, go1.22.7 18725f010 integration: regression test for issue 10589 5f37a2c20 fifosync: cross-process synchronization 421a4b568 runc-shim: handle pending execs as running 299a9717f update runc binary to 1.1.14 f4529ace1 build(deps): bump the otel group with 8 updates e7357916b runc-shim: refuse to start execs after init exits def477b07 Bump crun to 1.16 3d7955bf7 remove duplicated descriptor from/to proto 93d6f0f92 remove duplicated sandbox to proto func bfc1465a2 Reorganize mount/unmount code so it is easier to add Darwin-specific implementation 9c3400572 reduce ptypes.Empty creation by defining it in as a var 7f3bf993d runc-shim: remove misleading comment f6677a4ec Cumulative stats can't decrease 94c163209 TestNewBinaryIOCleanup: fix a comment, minor rewrite d83184ced avoid repeated calls in Tricolor gc 6b97a08ee add benchmark 1b03ca57c build(deps): bump github.com/prometheus/client_golang 9906fac59 build(deps): bump github.com/vishvananda/netlink cdbfcc257 Prepare release notes for v2.0.0-rc.4 4ba502a03 Update api vendor to latest tag a36d38fb4 Add mailmap entry for Michael Zappa bf5fc240b build(deps): bump google-github-actions/upload-cloud-storage faaafd6de build(deps): bump github.com/pelletier/go-toml/v2 from 2.2.2 to 2.2.3 47350982b build(deps): bump go.etcd.io/bbolt from 1.3.10 to 1.3.11 3cd8f9734 core/mount: use ptrace instead of go:linkname 35b029257 remove sha256-simd 1195b68eb build(deps): bump github.com/prometheus/client_golang 50b06182f Register local content plugin from separate package 021063c4a build(deps): bump the k8s group with 5 updates 1bff3bfed build(deps): bump dario.cat/mergo from 1.0.0 to 1.0.1 429085c84 build(deps): bump google-github-actions/upload-cloud-storage 93abc2fdd Update hcsshim to v0.12.6 bcdf50736 core/mount: add benchmark test for GetUsernsFD 6f3833f25 CRI: remove `disable_cgroup` fc1637d16 Attest artifacts in release workflow 337d8c52c Update release job to generate artifacts attestation Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>	2024-10-03 01:28:52 +00:00
Bruce Ashfield	16c9845d70	containerd: update to v2.0.0-rc.3 Bumping containerd to version v2.0.0-rc.3-209-ge8104a485, which comprises the following commits: 93abc2fdd Update hcsshim to v0.12.6 66817fccc script/setup/install-dev-tools: include patch version in versions cd4e24ef7 script/setup/install-dev-tools: update protoc-gen-go-ttrpc to v1.2.5 9e2357f33 docs: add k8s 1.31 to support matrix to RELEASES a3d84a172 docs: update for containerd v2 43568373f docs: Update BUILDING.md ebc47359e use format string when using printf like commands 1027b314a ignore the static check when using anonymous struct in testing f8e075336 remove windows check in linux_test file 20ee6de0b update golangci-lint to v1.60.1 fb8cd045b add go1.23.0 3f53e7a6e build(deps): bump github.com/urfave/cli/v2 from 2.27.3 to 2.27.4 1127908ae build(deps): bump k8s.io/cri-api in the k8s group 6ed54e966 build(deps): bump golang.org/x/sys in the golang-x group 1de84c29f build(deps): bump google-github-actions/upload-cloud-storage a100b055c update to go1.22.6 977604724 migrate to github.com/moby/sys/userns 8ef73c5dd Fix TestNewBinaryIOCleanup on Go 1.23 and Linux 5.4 7d4da0cb2 ctr: shim state query for old shims d59e8a840 ctr: shim state for secondary tasks 32c2d1493 use ctx object from cliContext instead of a creating a new one 349d2b5c1 script/setup/install-runc: fix runc using incorrect version 267fac568 build(deps): bump the golang-x group with 3 updates 6814cc354 build(deps): bump google-github-actions/upload-cloud-storage d036988ee docs/content-flow: fix code fence delimiter 83c26962c Remove extra span created in the instrumented service layer c0cdcb34f Add spans to CRI runtime service and related client methods 0e4f2108b support to syncfs after pull by using diff plugin 551ac0600 Ensure /run/containerd is created with correct perms 4cfeb7b19 core/metadata: migrate sandboxes bucket into v1 a97b11898 Make `StopContainer` RPC idempotent c6cea95d9 Make `StopPodSandbox` RPC idempotent ad24ca960 build(deps): bump github.com/urfave/cli/v2 from 2.27.2 to 2.27.3 71b5b34de build(deps): bump ossf/scorecard-action from 2.3.3 to 2.4.0 eddd90d7c remove deprecated pkg/userns 8437c567d pkg/userns: deprecate and migrate to github.com/moby/sys/user/userns 40a315b95 vendor: github.com/moby/sys/user v0.2.0 f9146c051 deprecation: update warnings for CRI config fields 0dcc51aed introspection: regenerate UUID if state is empty abdb4fd77 build(deps): bump the k8s group across 1 directory with 4 updates bc51d4b20 build(deps): bump the otel group across 1 directory with 8 updates 025d1161e build(deps): bump github.com/containernetworking/cni from 1.2.2 to 1.2.3 81ef46584 KEP-3619: update cri-api version ee2c0d9e7 KEP-3619: implement features.supplemental_groups_policy in RuntimeStatus 2d97134e5 build(deps): bump github.com/containerd/imgcrypt f0aecaa2e Fix TestNewBinaryIOCleanup failing with gotip b41bb6df7 Avoid potential reallocs by pre-sizing some slices a779449c4 vendor: github.com/moby/sys/sequential v0.6.0 1bfa7c8fe vendor: github.com/moby/sys/symlink v0.3.0 95b429c01 vendor: github.com/moby/sys/signal v0.7.1 08d6c9323 vendor: github.com/moby/sys/mountinfo v0.7.2 fb674f8b4 Add resolver workaround for error: name resolver error: produced zero addresses 63b468817 Use grpc.NewClient instead of deprecated ones a5be62993 Vendor GRPC 1.64 1a5c711c3 update documentation for content-flow c8254dfae Include filename in error 9eda0b73a build(deps): bump github.com/Microsoft/hcsshim from 0.12.4 to 0.12.5 9315d59bf build(deps): bump tags.cncf.io/container-device-interface 7480de28a Remove static link to images outside of the repository edd84f4a6 Add read permission limit on link workflow 274de35fe updated the domain in the link 807f32573 cri: optimize ListPodSandboxStats with parallelism 7c4de2821 Update cri-tools to v1.30.1 0772d0a37 Fix for `[cri] ttrpc: closed` during ListPodSandboxStats 300fd770a use typeurl funcs for marshalling anypb.Any e1adfaeb9 script/setup/config-containerd: Use slow_chown 89a2cac37 scripts/critest.sh: Prepare for userns tests in runc 63b55e6df build(deps): bump the golang-x group with 2 updates 203cb303e script: bump up imgcrypt version to v1.2.0-rc1 efd441506 client: fix tasks with PID 0 cannot be forced to delete eaa1afe63 Set stderr to empty string when using terminal on Windows. fe5f85c7d Fix incorrect comment about ordering of parent layers 0f76e35fd added the openssf scorecard badge 98544a358 Add file name to device type check failure message Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>	2024-08-20 13:36:12 +00:00
Bruce Ashfield	e28407eda5	containerd: update to 2.0.0-rc-latest Bumping containerd to version v2.0.0-rc.3-82-g1b24e53d0, which comprises the following commits: 63b55e6df build(deps): bump the golang-x group with 2 updates 51f34ff49 CI: update Fedora to 40 56495b404 update go version to 1.22.5 23170e20d Move fsverity package to internal f6e731c80 cri: get pid count from container metrics 96352ad22 update runhcs binary to v0.12.4 10aec359a cri: ensure NRI API never has nil CRI a723c0c6e pkg/reference: remove deprecated SplitObject ef98c7198 Implement fsverity functionality fec33aa73 pkg/reference: deprecate SplitObject a5fce38f3 pkg/reference: Spec.Digest(): inline SplitObject code 42145950b pkg/reference: SplitObject: add proper GoDoc 74a6156ac pkg/reference: SplitObject: zero allocations 799bca97f pkg/reference: Spec.String(): use string-concatenation instead of sprintf c097022a5 build(deps): bump github.com/containernetworking/cni from 1.2.1 to 1.2.2 14b053fb4 build(deps): bump github.com/containerd/go-cni from 1.1.9 to 1.1.10 8f9607eed Use the transactor interface in metadata 2cf8237a1 build(deps): bump k8s.io/klog/v2 in the k8s group a2f9101aa build(deps): bump github.com/containernetworking/plugins 2304cd9d5 build(deps): bump google.golang.org/protobuf from 1.34.1 to 1.34.2 469f95026 build(deps): bump github.com/containernetworking/cni from 1.2.0 to 1.2.1 243b803a1 Add pprof to runc-shim b323e9eec vendor: github.com/containerd/ttrpc v1.2.5 cb38b1e2b api: update github.com/containerd/ttrpc v1.2.5 2f1bf791b Cleanup metadata godoc 907796811 update release runners to ubuntu 24.04 dd0542f7c cmd: don't alias context package, and use cliContext for cli.Context c25183ff1 use older version of OVMF package 1bfdccee0 use vagrant from jammy in noble 769e0c8c1 add debian sources for ubuntu-24 624aa49d4 increase xfs base image size to 300Mb 027414ee5 enable ubuntu 24 runners 9edde8106 build(deps): bump github.com/klauspost/compress from 1.17.8 to 1.17.9 becb2b2d3 build(deps): bump github.com/checkpoint-restore/checkpointctl f6f655ccf build(deps): bump k8s.io/klog/v2 in the k8s group 531da9960 Reduce scope of permissions in stale workflow 15887d7ef sandbox: add update api for controller Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>	2024-07-11 14:07:17 +00:00
Bruce Ashfield	ea2a7de432	containerd: update to 2.0.0-rc.3 Bumping containerd to version v2.0.0-rc.3-19-g741c4bde5, which comprises the following commits: 531da9960 Reduce scope of permissions in stale workflow ed64e6503 core/mount: remove logrus import ea8265fb1 core/transfer/local: remove logrus import 75fd7a5a7 pkg/shim: remove logrus imports 38e2f0038 Adds a mutex to protect fallback host 587ee80f6 pkg/tracing: LogrusHook.Fire: micro-optimisation ccf793812 pkg/tracing: remove direct use of github.com/sirupsen/logrus 4203e2de8 pkg/tracing/plugin: rename var that collided with import e2e09b384 pkg/tracing: rename func that shadowed builtin, rm makeSpanName e69ad9442 build(deps): bump the k8s group across 1 directory with 4 updates 5b8dfbd11 Allow proxy plugins to have capabilities cc2cedae0 Revert "install-runc: pin Go to 1.21" 3c097352a update runc binary to v1.1.13 8c13ed1b8 Prepare v2.0.0-rc.3 release 86b8a8824 Remove pkg/seed 09d3e20d3 Allow running test in usernamespace 8bcffa944 KEP-3619: Fine grained SupplementalGroups control 87dd4309d vendor: github.com/containerd/platforms v0.2.1 939135ae3 CI: golangci-lint v1.59.1 df7f6ba5b ctr: return explicit errors for flags unsupported by transfer service 686a610ee build(deps): bump github.com/checkpoint-restore/checkpointctl 156458e54 build(deps): bump the golang-x group with 2 updates 08c1e12e9 CI: add back EL 8 149ca6880 Update hcsshim tag to 0.12.4 b1a23c495 Fail integration test early when a plugin load fails d23c4b8b5 Use unix and windows specific connection error checks 02b6c6939 Allow fallback across default ports 80ce8bd61 build(deps): bump github.com/containerd/containerd/api cde2527fc ctr: pull: Do not ignore labels when transfer service is used 1c123efb4 Update Go version to 1.22.4 e1e793e4a Update rockylinux vagrant build 5611fdd4a Transfer: Push: Enable to specify platforms 0e8cc9146 Transfer: Push: fix failure on pushing duplicated blobs 4123170a3 *: export RemoveVolatileOption for CRI image volumes 3e71ccafc Add type alias for event Envelope da1d9672f Enable imgcrypt in cri pull 9857afda4 Add vendor for github.com/containerd/imgcrypt 359d84351 Update api minimum go version to 1.21 2d73340c2 Explicitly set release latest to false ca59fb0b4 Cleanup shim manager configuration 9831a62d7 auth: add span to FetchToken helpers 58be88189 sandbox: do retry for wait to remote sandbox controller Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>	2024-07-10 15:59:26 +00:00
Bruce Ashfield	3373478346	containerd: update to v2.0.0-rc.2 Bumping containerd to version v2.0.0-rc.2-12-g5d2c988a5, which comprises the following commits: 446e63579 remove uses of platforms.Platform alias 22f2af40c update pause image to 3.10 65024e6fd core/image: fix usage of "unknown" platform 8b3060717 Provide runtime options in plugin info 332caf1a1 Provide ability to set lo up without CNI 288f0592e Prepare release notes for v2.0.0-rc.2 f24a95185 build(deps): bump github.com/prometheus/client_golang 8b2a69c19 build(deps): bump golangci/golangci-lint-action from 5 to 6 96ff18d37 build(deps): bump ossf/scorecard-action from 2.3.1 to 2.3.3 1cae3dc9b update ttrpc to 1.2.4 e2251f948 Update instrumentation fuzzer with new flag ef76a90e9 Update platforms package to v0.2.0 0b113d78d doc: add the description of sandboxer and io_type 7cead8800 cri: restart created container with correct io type 42f778fc1 modify streaming io url form 25c2f690a Update toolchain to Go 1.22.3 681a083fa Update unpacker to always fetch all 2788604e4 Update ctr image pull all platforms 58be88189 sandbox: do retry for wait to remote sandbox controller 059731775 Preserve CL_UNPRIVILEGED locked flags during remount of bind mounts 9a9a8c46a Don't require vagrant tests in merge queues d9dc2811a fix: delete sockets on shim exit 41dc94ee1 CI: bump up golangci-lint to v1.58.0 9ecfac7f6 Integration: Change to grpc.NewClient 8c6183d74 Add lease test for metadata snapshotter c7fb8a925 Update metadata snapshotter to lease on exists b8dfb4d8f cri: support io by streaming api 3b065cddd CI: skip test in arm64 CI 6c3c5376f critools-version: v1.30.0 b488e76db build(deps): bump google.golang.org/protobuf from 1.33.0 to 1.34.1 a6e417dc6 build(deps): bump go.etcd.io/bbolt from 1.3.9 to 1.3.10 4401c3cb7 build(deps): bump github.com/pelletier/go-toml/v2 from 2.2.1 to 2.2.2 42e02c6c0 build(deps): bump golang.org/x/sys in the golang-x group 88b52119c Update api version to v1.8.0-rc.0 1c9c64f31 Update release procedure to mention api replace e69efd56d Add go mod replace when proto changes happen 678137199 sandbox: remove PID() in sandbox client 13f2fa1de remove go1.21.9 from CI matrix f0363a7f6 Chore: Simplify some syscall error checks 99ad11a00 core/metadata: failfast on content.Commit 3fb84403b CI: bump up crun to 1.15 55fcebffc Prepare release notes for api/v1.8.0 b811a8879 Add API release action b8060d641 Update ctr shim subcommand to task v3 f1e265b13 core/runtime: Check shim PluginInfo to enforce idmap support 05a3171bb Update transfer proxy to support ttrpc ec04e4f63 Add streaming proxy fe01cad20 Cleanup local transfer interface 171fc1434 Update release doc to mention API versioning 2ac2b9c90 Make api a Go sub-module e1b94c0e7 Move protobuf package under pkg 3e9cace72 Move runtimeoptions to api directory 4a4550777 Move runc options to api directory 25a288662 Fix v2 migrate for testutil package fb1f15d30 docs: correct the typo in the documentation 2df04b403 build(deps): bump the otel group with 8 updates 950db7eb7 build(deps): bump the k8s group across 1 directory with 4 updates 93690baf4 build(deps): bump github.com/grpc-ecosystem/go-grpc-middleware/providers/prometheus 4c753d124 go.mod: k8s.io/cri-api v0.30.0 de38490ed sandbox: merge address and protocol to one url c3b306240 add task api endpoint in task create options 72fe47b2a add task api endpoint in oci proto b1fefccc7 sandbox: store endpoint in cri sandboxStore f6e0cf189 sandbox: add address info in Start and Status response 15782881e go.mod: go 1.22 2d5689434 CI: use Go 1.22 by default fef78c102 install-runc: pin Go to 1.21 11d8beff8 optimize error logs by providing absolute file paths 81a9df625 build(deps): bump github.com/urfave/cli/v2 from 2.27.1 to 2.27.2 c001a7056 build(deps): bump lycheeverse/lychee-action from 1.9.3 to 1.10.0 6df759e24 build(deps): bump golangci/golangci-lint-action from 4 to 5 b7c977414 container.Checkpoint(), WithRestoreImage(): use ocispec.AnnotationRefName 8a8c3e221 pkg/cri/server/base: log CRI config as embedded JSON f62edda5a pkg/cri/server/base: use structured log for CRI plugin startup e07b63d84 document usage and design of blockfile snapshotter b6bd12f13 Add Syself Autopilot to adopters 7bc476001 ADOPTERS.md: Fix Actuated italics 416741675 Perform file sync outside of lock on Commit c27bcdc56 cri: introspectRuntimeFeatures: fix nil panic dfdfa206f Update for latest updates to release tool 53c9e6f86 Update release process after 1.7 a12acedfa sandbox: make a independent shim plugin 9ee3bfaba images: tests: Fix typos in the tests c51463010 docs: update registry config guide 7bd4d348e add info of exited event 218e2cf7c Return correct error if CRIU binary is missing bb9d923aa content: add a BlobReadSeeker func to allow multipart blob streaming Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>	2024-05-29 13:23:51 +00:00
Bruce Ashfield	a03ff1cd0a	containerd: update to v2.0.0-rc.1 Bumping containerd to version v2.0.0-rc.1-8-g0426e3c2e, which comprises the following commits: c27bcdc56 cri: introspectRuntimeFeatures: fix nil panic c5ba71d11 Makefile: update default PACKAGE to v2 094bafe2a apparmor: Allow confined runc to kill containers e461a59ae fix migrateConfig for io.containerd.cri.v1.images eb5a0c04b apparmor: add `signal (receive) peer=/usr/local/bin/rootlesskit,` 5e470e1ca Update HTTPFallback to handle tls handshake timeout a37b451cd build(deps): bump tags.cncf.io/container-device-interface 888fd315f Update CNI to v1.2.0 13e6b2b68 update to go1.21.9, go1.22.2 42e4de9c5 Prepare release notes for v2.0.0-rc.1 4a31bd606 chore: use errors.New to replace fmt.Errorf with no parameters will much better a6a82c102 Update hcsshim to v0.12.3 7e60d5a07 Account for ipv4 vs ipv6 localhost in windows port forwarding a153b2cd3 mod: bump github.com/containerd/nri@v0.6.1 77512e2d7 build(deps): bump the golang-x group with 3 updates c8d9eba7c build(deps): bump github.com/klauspost/compress from 1.17.7 to 1.17.8 1c0f73aa0 build(deps): bump github.com/pelletier/go-toml/v2 from 2.2.0 to 2.2.1 32caaee48 Snapshotters: Export the root path b82ced57f fix: close profile c7ea06a69 fix default working directory `hostProcess` 1040c7b98 build(deps): bump the otel group with 8 updates b50e9eae4 Refactor spots to make use of sys.IgnoringEintr 3ea69db8e Add helper to ignore eintr 1b6222418 Bump tags.cncf.io/container-device-interface to v0.7.1 ad584ebec Replace direct waitid syscall with unix.Waitid 7c5078459 Remove empty default tls configuration in ctr b6e361694 cri: add pause image name to annotations 0ec14fdf8 core/diff/apply: use unix.Syncfs 739659a4b build(deps): bump google.golang.org/grpc from 1.62.1 to 1.63.2 433279438 Transfer: Registry: Enable plain HTTP 88b4cc659 address review comments f20c49311 Update tracing documentation to add details about manual instrumentation 63d5573a3 remote: Fix HTTPFallback fails when pushing manifest 2474a99c3 Add IsNotFound case to ListPodSandboxStats 3830f8167 fix(cri): fix unexpected order of mounts since go 1.19 cbb644182 build(deps): bump github.com/Microsoft/hcsshim from 0.12.0 to 0.12.2 362fcf2d2 build(deps): bump github.com/distribution/reference from 0.5.0 to 0.6.0 5b6ae0f79 Use different containerd sock address in tests ab2c569fb ctr: fix parsing mount options b97ef91fb Change port forwarding on windows ea681afba docs: fix typo 6d00c3ada runc-shim: only defer init process exits da4ca4949 build(deps): bump github.com/pelletier/go-toml/v2 from 2.1.1 to 2.2.0 dd72fb3b2 build(deps): bump github.com/intel/goresctrl from 0.6.0 to 0.7.0 e41e9e11b transfer: Platform matcher should match multiple platforms d0d35f0d0 core/images/archive: normalizeReference: remove outdated TODO 26158609b pkg/seutil: move to internal/cri 33732bc13 pkg/systemd: move to internal/cri 0d0850af1 Prepare v2.0.0-rc.0 f5abb63c0 Update mailmap 30813f646 build(deps): bump github.com/containernetworking/plugins 0fafc0c50 build(deps): bump github.com/checkpoint-restore/go-criu/v7 7c1fca096 Update migration script based on usage 45e425ccc vendor: github.com/golang/protobuf v1.5.4 4aa6fedd5 CRI: postpone removal of deprecated config properties 34c545824 Automatically decompress archives for transfer service import df26c189a Clean cri options and useless parms 88421068f Fix invalid event filter in podsandbox 357c59b79 Update github actions ci to run on forks 4b719cc4b build(deps): bump google.golang.org/grpc from 1.62.0 to 1.62.1 10c7f03b3 build(deps): bump google.golang.org/protobuf from 1.32.0 to 1.33.0 21d3fedf4 build(deps): bump softprops/action-gh-release from 1 to 2 228aa42a6 build(deps): bump the otel group with 8 updates 47d13767f Clean typos in plugins. 7ac9d6909 Use the Go toolchain in CI matrix to build binaries 6a96e4501 Move shim package to pkg f25770e48 Wire through CRI ContainerCheckpoint RPC 7ecdebff9 update to go 1.21.8, 1.22.1 723306d0e Disable OOM set score unpriv test temporarily 994fdd74e Don't create new scratch VHD per image for CimFS 016b588a9 build(deps): bump github.com/stretchr/testify from 1.8.4 to 1.9.0 d9409c461 Update hcsshim to v0.12.0 00d714e90 build(deps): bump the golang-x group with 2 updates ab4de3e4c build(deps): bump azure/login from 1 to 2 713dd8f8d go.mod: k8s.io/cri-api v0.30.0-alpha.3 d9b9160ae mv internal/testutil pkg/testutil 752917c0f build(deps): bump github.com/prometheus/client_golang 7a3b7fba5 Transfer: Registry: Enable to use registry configuration diretory 1bf781d8e Cleanup introspection interface 5bd204109 Remove grpc from Client connection interface 347346e3c Add ttrpc support to content proxy 9104e6a24 Add events proxy interface 892dc54bd runc-shim: process exec exits before init 9128ee0a9 Move nri packages to plugin and internal d0da3d1ca sandbox: make event monitor in CRI independent 17ea3959b adds mediatype to oci index record c5ef8a2c2 fix(docs): fix duplicate instructions for windows installation 87e8e9c7f Add Go client stability in releases for 2.0. 72f21833b Move events to plugins and core caa9e2075 add k8s 1.29 and 1.30preview to support table 154ed26a7 vendor: go.etcd.io/bbolt v1.3.9 6d1dfe55f cri: ensure the pause image loaded in older versions is pinned 2884b318f build(deps): bump github.com/klauspost/compress from 1.17.6 to 1.17.7 bd44df8a1 refactor code - clean switch and if statements a60e52f58 sandbox: add struct tags for PinnedImages a0b73ae11 sandbox: optimize the lock in PodSandbox 0f1d27412 sandbox: add methods to sandboxService a2768f19d plugins/sandbox: move local plugin into services d651cb743 mediatypes: support zstd compression Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>	2024-05-13 22:32:38 -04:00
Bruce Ashfield	e7a13cbbc3	containerd: consolidate to "containerd" We no longer need the split between container-docker and containerd-opencontainers and dependent layers have been given over a year to adapt. We do keep the provides and rprovides around for a bit longer, but those will also be removed in the future. Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>	2024-05-13 22:32:38 -04:00
Bruce Ashfield	7d6284a079	runc/containerd: create virtual/runc and virtual/containerd Since there are two implementations of runc and containerd that may not always be in sync, the docker variant, and the opencontainers variable, we create a virtual/* namespace for these components. Anything requiring runc or containerd should set a preferred provider to get the desired/tested variant. We set the default provider to the docker variants, since they are the primary use case for these components. Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>	2017-02-20 02:06:22 -05:00
Mark Asselstine	debdd70e98	containerd: uprev to version required by docker 1.13.0 Docker defines required dependency versions in its vendor.conf file. These can also be validated by running 'docker info' on the running system. In order to avoid issues, such as the current one where docker can't run containers, we need to ensure we match these versions. Uprev containerd to the version defined in docker's vendor.conf file. Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>	2017-02-15 14:58:37 -05:00
Jan Kiszka	88a28bbbeb	containerd: Fix build on 386 Go only understands "386" as target arch, not "i586". Adjust this. Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>	2017-02-10 16:16:55 -05:00
Mark Asselstine	2ef58c264b	go-cross: add ${TARGET_ARCH} to PN Since we are building a cross tool which produces something which is ARCH specific we should stick to the <toolname>-cross-<arch> naming convention. A variant of this patch has been floating around for a while but with the changes around per recipe sysroots, distributed builds, shared builds... we are best served to adopt this convention now. Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>	2017-02-09 09:14:27 -05:00
Amarnath Valluri	a2e5525909	containerd: Replace /lib/systemd/system with ${systemd_system_unitdir} Make use of bitbake variable where appropriate, this makes the recipe portable. Signed-off-by: Amarnath Valluri <amarnath.valluri@intel.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>	2017-02-09 09:13:56 -05:00
Lans Zhang	ab373099f5	containered\|runc: override GOROOT at build time Similar to commit `01aa8f1`, runc and containered also need to set GOROOT explicitly. Signed-off-by: Lans Zhang <jia.zhang@windriver.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>	2017-01-21 23:17:34 -05:00
Mark Asselstine	d866c439cb	containerd: use the target toolchain to build cgo components We need to ensure we are using the target toolchain and sysroot to avoid possible host contamination, and in the case of non x86-64 target builds, allow the build to complete successfully. Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>	2016-10-12 19:10:44 -04:00
Bruce Ashfield	1fd5a596ed	containers: uprev docker (1.12.0), runc (1.0.0-rc) and containerd (0.2.2) Bumping the version of docker and dependencies. This gets us closer to runc 1.0, which is the foundation for future OCI efforts. Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>	2016-07-27 00:16:53 -04:00
Bruce Ashfield	16a31ef4a8	containerd: replace deprecated base_contains Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>	2016-05-25 09:36:49 -04:00
Bruce Ashfield	e919b641bb	containerd: initial recipe With the update to docker 1.11.x+, we need the OCI containerd to control runc: containerd is a daemon to control runC, built for performance and density. containerd leverages runC's advanced features such as seccomp and user namespace support as well as checkpoint and restore for cloning and live migration of containers. Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>	2016-05-02 14:02:41 -04:00

28 Commits