1.6.19 is the latest release for 1.6 branch.
This upgrade fixes CVEs such as CVE-2023-25173 and CVE-2023-25153.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Add support of redirect option -L for curl, the
linuxcontainers.org sometimes redirect to other
mirror site such like us.lxd.images.canonical.com,
this would cause the lxc-download script report
download failed.
The version of curl in kirkstone also need to add an
option -f to use an error code to tell the caller
when http/https has errors.
Reproduce and verified on following command:
lxc-create -t download -n test -- --dist archlinux --release current --arch arm64
Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
backport the changes of templates-use-curl-instead-of-wget.patch
from master in following commits:
05f316f70a : lxc: update to 5.x and meson
2119189361 : treewide: bulk update patches with status field
Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
skopeo rdepends on it, and skopeo has been extended to native and
nativesdk, so container-host-config needs also be extended.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
The /etc/containers/policy.json[1] file is used to specify verification
policy. For now, we can see it's used by both cri-o and skopeo. To avoid
conflict, we use container-host-config to provide this file and make both
skopeo and cri-o depend on it.
[1] https://github.com/containers/image/blob/main/docs/containers-policy.json.5.md
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
ostree is in meta-oe, libseccomp is in oe-core. So remove these two.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Instead of providing storage and registries configuration files
in this package, we inherit container-host which will provide a
common definition of these configs.
This allows multiple packages to ensure that the configuration
files are present, and not conflict in their installation.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
This is a configuration only recipe that produces a package which
installs some common configuration files.
In this introduction we have both registries.conf and storage.conf.
Packages that require these files should RDEPEND on this package
(or inherit container-host.bbclass) and the files will be installed.
If conflicting requirements for these global configuration files
arise, they can be resolved through additions to this recipe, or by
providing a higher priority version of the .conf files.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Introducing a small (at the moment) class that represents configuration
and processing required to prepare a target image to be a container
host.
A recipe that requires container configuration should inherit this
class, and the container-host-config package will be added as a
RDEPENDS, and install common configuration files.
In the future, additional functionality or dependencies will be added
here to synchronize the configuration of multiple container host
packages.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
The old crio.conf file can cause cri-o start failure. The error
message is as below.
validating runtime config: runtime validation: failed to \
translate monitor fields for runtime runc: cgroupfs manager \
conmon cgroup should be 'pod' or empty
Use new crio.conf file to solve this issue. The file is generated
by 'crio --config="" config --default' command, as indicated in
the old crio.conf file.
With this config file update, the crio.service can now start correctly.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
crio.service now reports the following error messages:
level=error msg="Writing clean shutdown supported file: \
open /var/lib/crio/clean.shutdown.supported: no such file or directory"
level=error msg="Failed to sync parent directory of clean \
shutdown file: open /var/lib/crio: no such file or directory"
Create /var/lib/crio to avoid such error message.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
For cri-o, libselinux is optional, this can be seen from
its Makefile. So let's make selinux optional by using PACKAGECONFIG,
whose default value is determined by the DISTRO_FEATURES. In this
way, meta-selinux dependency is not necessary.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
libseccomp is not in oe-core. There's no need to check
meta-security any more.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Bumping containerd to version v1.6.12-2-gccfc27e30, which comprises the following commits:
3595dd04b fix: check for tmpfs when evaluating if userxattr should be used
1899ebcd8 Prepare release notes for v1.6.12
ec5acd4c1 CRI stream server: Fix goroutine leak in Exec
9743dbae8 [release/1.6] update to go1.18.9
3d24d97ba Prepare release notes for v1.6.11
bb96b21e5 fix: support simultaneous create diff for same parent snapshot
15b541238 Fix order of operations when setting lease labels
9fdf713e5 Added nullptr checks to pkg/cri/server and sbserver
56593cca5 cri: add pod uid annotation
8ec051a6b [release/1.6] go.mod: use golang_protobuf_extensions v1.0.4
e639ecd7c Prepare release notes for v1.6.10
5af8d89ce overlayutils: Add fastpath for userxattr check
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
The local irqbalanced.service was written long before when there wasn't one in
upstream. Then upstream created temporary runtime directory /run/irqbalance in
its irqbalanced.service, but no one did this for this recipe. Which renders the
following error.
/usr/sbin/irqbalance[314]: Daemon couldn't be bound to the file-based socket.
This patch starts to use upstream irqbalance.service instead and remove the
local one.
root@qemux86-64:~# systemctl status irqbalanced
* irqbalanced.service - irqbalance daemon
Loaded: loaded (/lib/systemd/system/irqbalanced.service; enabled; preset: enabled)
Active: active (running) since Mon 2022-08-22 10:10:22 UTC; 3s ago
Docs: man:irqbalance(1)
https://github.com/Irqbalance/irqbalance
Main PID: 208 (irqbalance)
Tasks: 2 (limit: 263)
Memory: 1.4M
CGroup: /system.slice/irqbalanced.service
`-208 /usr/sbin/irqbalance --foreground
Aug 22 10:10:22 qemux86-64 systemd[1]: Started irqbalance daemon.
root@qemux86-64:~# ls -l /run/irqbalance/irqbalance208.sock
srwxr-xr-x 1 root root 0 Aug 22 10:10 /run/irqbalance/irqbalance208.sock
Signed-off-by: He Zhe <zhe.he@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Bumping moby to version v20.10.21, which comprises the following commits:
f99cb8297b integration: download busybox-w32 from GitHub Release
3f9dc25f5c update containerd binary to v1.6.9
87ccd38cea vendor: moby/term, Azure/go-ansiterm for golang.org/x/sys/windows compatibility
e83e465ae2 [20.10] vendor: github.com/moby/buildkit eeb7b65ab7d651770a5ec52a06ea7c96eb97a249 (v0.8 branch)
9c84417c1b skip TestImagePullStoredfDigestForOtherRepo() on Windows and rootless
5b5b5c6f13 builder: add missing doc comment
05e25f7892 builder: fix running git commands on Windows
2f3bf18014 [20.10] vendor moby/buildkit v0.8.3-31-gc0149372
6699afa549 registry: allow "allow-nondistributable-artifacts" for Docker Hub
4b9902bad4 Validate digest in repo for pull by digest
c0d1188c14 builder: make git config isolation opt-in
9f5f3abcee builder: isolate git from local system
10db4c2db7 builder: explicitly set CWD for all git commands
8816c3c2aa builder: modernize TestCheckoutGit
11bdbf40b9 [20.10] Update to go 1.18.7 to address CVE-2022-2879, CVE-2022-2880, CVE-2022-41715
66ddb7f91c Fix live-restore w/ restart policies + volume refs
c003392582 contrib: make dockerd-rootless-setuptool.sh more robust
53313be0f3 docker-rootless-setuptools.sh: use context after install
9c486bd267 swagger: update links to logo
fa17fab895 vendor: github.com/containerd/console v1.0.2
481bee51b5 vendor: github.com/armon/go-metrics v0.4.1
39ba2873e8 vendor: github.com/google/btree v1.1.2
c2755f40cd vendor: github.com/hasicorp/memberlist v0.4.0
5ba3208ec7 Dockerfile: Update Dockerfile syntax, switch to bullseye, add missing libseccomp-dev, remove build pack
6d6a236286 [20.10] Update uses of Image platform fields in OCI image-spec
2570784169 [20.10] vendor: github.com/moby/buildkit 3a1eeca59a9263613d996ead67d53a4b7d45723d (v0.8 branch)
fcd4df906b Update some tests for supplementary group permissions
6a0186b357 Wrap local calls to the content and lease service
3d4616f943 Update to go 1.18.6 to address CVE-2022-27664, CVE-2022-32190
23c7d84b84 docs: api: adjust ContainerWaitResponse error as optional
3e9e79d134 docs: api: document ImageSummary fields (api v1.39-v1.41)
fdd438ae03 api: docs: improve documentation of ContainerConfig type (API v1.30-v1.41)
97014a8db5 namesgenerator: remove Valentina Tereshkova
e44d7f735e AdditionalGids must include effective group ID
9e7662e4a7 [20.10] vendor: update containerd to latest of docker-20.10 branch
7dac25a3a9 vendor: update tar-split to v0.11.2
8bd86a0699 update containerd binary to v1.6.8
6c8dd6a6f2 update runc to v1.1.4
418c141e64 [20.10 backport] daemon: kill exec process on ctx cancel
d127287d92 Allow different syscalls from kernels 5.12 -> 5.16
57db169641 seccomp: add support for Landlock syscalls in default policy
reverted by patch: 7ba8ca042c Update golang to 1.18.5
reverted by patch: f2a3c3bcef update golang to 1.18.4
reverted by patch: a99c9cd852 update golang to 1.18.3
reverted by patch: 82939f536b update golang to 1.18.2
reverted by patch: ecd1aa081f update golang to 1.18.1
reverted by patch: 7ba67d05a8 [20.10] vendor: update archive/tar for go 1.18
reverted by patch: 0bc432241e update golang to 1.18.0
bb95d09f9a staticcheck: ignore "SA1019: strings.Title is deprecated"
a7299ae72c Dockerfile: update golangci-lint v1.44.0
d97fd533cf integration-cli: SA5011: possible nil pointer dereference (staticcheck)
e6aee04a88 client.NewClientWithOpts(): remove redundant type assertion (gosimple)
0523323c28 daemon/logger/awslogs: suppress false positive on hardcoded creds (gosec)
adeb29c64c client/request.go:157:8: SA1019: err.Temporary is deprecated (staticcheck)
50361d91a6 registry: trimV1Address(): simplify trimming trailing slash
ae3a9337dd golangci.yml: do not limit max reported issues
9820255a1c golangci.yml: skip some tests
d223f37300 golangci.yml: update regex for ignoring SA1019
ec3bfba89d graphdriver: temporarily ignore unsafeptr: possible misuse of reflect.SliceHeader
f2f387b131 daemon: var-declaration: should omit type bool (revive)
2fb7c9fea7 daemon/config: error strings should not be capitalized
fa6954cb98 reformat "nolint" comments
45fa675a35 if-return: redundant if ...; err != nil check (revive)
9e88f8435a daemon/splunk: ignore G402: TLS MinVersion too low for now
2de90ebbe4 pkg/archive: RebaseArchiveEntries(): ignore G110
14b475d091 daemon/stats: fix notRunningErr / notFoundErr detected as unused (false positive)
db7b3f4737 unused: ignore false positives
b6de0ca7c5 G601: Implicit memory aliasing in for loop
e8b838e99f gosec: G601: Implicit memory aliasing in for loop
2ddf6e598a gosimple: S1039: unnecessary use of fmt.Sprintf
fadf8bbdff staticcheck: SA4001: &*x will be simplified to x. It will not copy x
7573e32577 client: S1031: unnecessary nil check around range (gosimple)
e738a57a6d daemon/logger/journald: fix linting errors
34f6b94255 gosec: G404: Use of weak random number generator
a6d7b61c8b update containerd binary to v1.6.7
b4ba1ee22f update runc binary to v1.1.3
da8828c4b3 api: swagger: fix invalid example value (API v1.39-v1.41)
9501d91e19 api: swagger: document BuildCache fields (API v1.39-v1.41)
61fdea902b api: swagger: document BuildCache fields.
c77432c889 [20.10] Update golang to 1.17.13
2833aa1e4b docs: api: add missing "platform" query-arg on create (v1.41)
a8c28260ad api: swagger: add missing "platform" query-arg on create
cfdc075b1c Fix file capabilities droping in Dockerfile
2daa6bb6b3 Windows: Re-create custom NAT networks after restart if missing from HNS
903cd53ce4 vendor: libnetwork 0dde5c895075df6e3630e76f750a447cf63f4789
eccaf6d368 [20.10] update golang to 1.17.12
ff7feeac37 vendor: github.com/containerd/continuity v0.3.0
Bumping libnetwork to version v0.7.0-dev.3-1841-gdcdf8f17, which comprises the following commits:
5e08bdb1 Revert: Added API to set ephemeral port allocator range
563fe8e2 README.md: repo was moved to https://github.com/moby/moby/tree/master/libnetwork
bea0bcf5 libnetwork: skip firewalld management for rootless
af0c46d8 Apply peformance tuning to new sandboxes also
Bumping docker-cli to version v20.10.21, which comprises the following commits:
3e3677e47d docs: fix links to BuildKit backend
20e3951aeb Remove "experimental" gates around "--platform" in bash completion
75d7ce92a2 fixed the plugin command docker-runc
a12c535f6e [20.10] vendor docker 03df974ae9e6c219862907efdd76ec2e77ec930b (v20.10.20)
d18a3e9004 [20.10] vendor moby/buildkit v0.8.3-31-gc0149372
932ca73874 [20.10] vendor: github.com/docker/docker v20.10.19
7d51e65e72 [20.10] vendor: github.com/moby/buildkit 3a1eeca59a9263613d996ead67d53a4b7d45723d (v0.8 branch)
1ea8d69d6f feat(docker): add context argument completion
e82aa85741 [20.10] vendor: github.com/docker/docker v20.10.18
e9176b36cc [20.10] vendor: github.com/containerd/continuity v0.3.0
bc6ff39e42 docs/reference: run.md update confusing example name
3fa7a8654f docs: update deprecation status for "overlay2.override_kernel_check"
3e06ce8bfa [20.10] Update go 1.18.7 to address CVE-2022-2879, CVE-2022-2880, CVE-2022-41715
93eead45ee Update to go 1.18.6 to address CVE-2022-27664, CVE-2022-32190
45075ea08c [20.10] vendor: github.com/docker/docker v20.10.17
c2dcaecf19 make compose plugin detection in bash completion work on Mac OS
613b9362d0 Detect compose plugin
b30d250320 Add completion for docker-compose plugin
6b25bc3003 fix race condition in TestRemoveForce
bdac0b38d9 Update golang to 1.18.5
c70b01ec1f update golang to 1.18.4
0389090aeb update golang to 1.18.3
c904936d69 update golang to 1.18.2
386d50c2e9 update golang to 1.18.1
990186f2f6 update go to 1.18.0
86bf1966e2 staticcheck: ignore SA1019: strings.Title is deprecated
b3022b91d1 [20.10] Dockerfile.lint: use go install
f14ba9f5d7 [20.10] Dockerfile: use syntax=docker/dockerfile:1
c189c4dbea [20.10] vendor: github.com/json-iterator/go v1.1.12 for Go 1.18 compatibility
0c46ffc1f9 [20.10] vendor: github.com/modern-go/reflect2 v1.0.2 for Go 1.18 compatibility
6be9ce798e [20.10] vendor: github.com/google/gofuzz v1.0.0
779ed309a8 lint: update golangci-lint to v1.45.2
2f7e84be65 linting: fix incorrectly formatted errors (revive)
e628209d9b linting: ignore some "G101: Potential hardcoded credentials" warnings
80a3add604 cli/command/container: unnecessary use of fmt.Sprintf (gosimple)
80fb0d575e [20.10] Update golang to 1.17.13
d72bef2088 [20.10] update golang to 1.17.12
7502d7e560 Fix dead external link
308624c3b1 fix: remove asterisk from docker command suggestions
de7d866b6a [20.10] update golang to 1.17.11
240e4b5501 [20.10] vendor: golang.org/x/sys v0.0.0-20220412211240-33da011f77ad
5d4776bd90 [20.10] update golang to 1.17.10
49e9c2ae3d vendor: golang.org/x/sys 63515b42dcdf9544f4e6a02fd7632793fde2f72d (for Go 1.17)
87a3ce2699 vendor: golang.org/x/sys d19ff857e887eacb631721f188c7d365c2331456
1d8abed17d vendor: update x/sys to 134d130e
31dad66f9a [20.10] update golang to 1.17.9
80f673bf9e gofmt with go1.17
3d4cc8e699 [20.10] update remaining files to go1.17.8
30277a8f80 update go to 1.17.8
cfef3a7dc1 docs: deprecated: add entry for "fluent-async-connect" log-opt
53426025c3 [20.10] docs: reformat table for compatibility
573a664639 Describe privileged mode in terms of capabilities
cf0ab7ac4c [20.10] vendor: github.com/docker/distribution v2.8.1
d05fd4ffc8 [20.10] vendor: github.com/opencontainers/image-spec v1.0.2
870f138250 [20.10] vendor: github.com/docker/docker v20.10.14
198d6b8724 [20.10] circleci: update buildx to v0.8.2
55a14ec851 [20.10] update remaining Dockerfiles to go 1.16.15
1f9a0df05a e2e: update docker-compose to 1.29.2
4ae338b33a docs: reference: remove trailing space to fix yaml formatting
6380142dd4 docs: fix (table) formatting, fix some broken links
82f422fcf3 docs: build: fix minor markdown and syntax issues
80fd77903b Update the list of log drivers
c3d4d623c8 Fix CMD --ignored-param1 example
2e82d11def docs: dockerd: fix broken link in blockquote area
738a6ee1cc improve cp documentation with some illustration examples
246d96bb6c docs: unify "docker create" and "docker run" reference
2fd0f17057 docs: add missing documentation for --pull flag
5fa500000a Fix incorrect pointer inputs to `json.Unmarshal`
1e6a8ce2b7 Dockerfile: update xx to 1.1
6f7a931a2d [20.10] use GO_LDFLAGS instead of LDFLAGS to prevent inheriting unrelated options
91bab605f7 [20.10] vendor.conf: don't use git:// protocol
a282e0c5d2 [20.10] update to go 1.16.15 to address CVE-2022-24921
700364e304 Fix mistake with env var example in docker run docs
62d27c32ff Update WORKDIR command information
c0e952cf04 Fix the (dead) link for docs for Dockerfile syntax reference
04104a04d3 Update dockerd.md
b721998b7b Fixing typo (his --> its)
4065e1246e format create.md table
f1002eb9fb Fix typo
e97c7b240e added missing closing parenthese
aa78937634 Update stats.md add example json output
40fe0573aa Update Ubuntu version number references in push.md
c9737e1c37 docs/daemon: replace deprecated '-g' option for '--data-root'
5c6723d080 Correct device syntax to --gpus
fd5fc61ecd [20.10] Update Go to 1.16.14
3624019d83 [20.10] update Go to 1.16.13
f3ff8e6ad6 [20.10] vendor: compose-on-kubernetes v0.5.0 to remove github.com/golang/glog
ee1ac1b319 fix innocuous data-race when config.Load called in parallel
38dd744a11 [20.10] Update Go to 1.16.12
4de40a825e Update Go to 1.16.11
03fa8f92c8 Update Go to 1.16.10
9989fdbc40 Update most links in docs to use https by default
0e20c1fd21 Update Go to 1.16.9
1c0927a041 Dockerfile: update tonistiigi/xx to 1.0.0-rc.2, add XX_VERSION arg
82f9d5921b info: skip client-side warning about seccomp profile on API >= 1.42
adb01ca79d docs: some minor touch-ups in checkpoint reference
8260476a06 docs: remove trailing space to fix generated YAML format
bce2e1f953 docs: create.md: typo fix
44064f51c8 Fix typo in documentation - build.md
292779add5 Add doc for BUILDKIT_PROGRESS env var
f2e79b826c docs: use "console" code-hint for shell examples
fa46b92361 docs: rewrite reference docs for --stop-signal and --stop-timeout
400f81089a experimental: fix broken link to "checkpoint and restore" page
c72057c8db docs: move checkpoint/restore doc from experimental into reference
77db97d595 Use private network address for default-address-pools setting in daemon.json example
cbf0d2b7b7 docs: fix some broken anchors
d0014a86bc docs: fix description of restart-delay to mention max (1 minute)
6c1c8b55aa docs: fix search results by filterd is-official
44fdac11f5 Update Go to 1.16.8
061051c24d docs: add missing redirect, and remove /go/experimental redirect
2012fbf111 Update Go to 1.16.7
42d1c02750 registry: ensure default auth config has address
0b924e51fc Update to go1.16.6
6288e8b1ac change TestNewAPIClientFromFlagsWithHttpProxyEnv to an e2e test
1e9575e81a cli/config/configfile: various test cleanups
c98e9c47ca Use designated test domains (RFC2606) in tests
8437cfefae context: deprecate support for encrypted TLS private keys
68a5ca859f cli/context: ignore linting warnings about RFC 1423 encryption
8a64739631 Update Dockerfiles to latest syntax, remove "experimental"
1d37fb3027 Deprecate Kubernetes context support
0793f96394 Deprecate Kubernetes stack support
b639ea8b89 Deprecate Kubernetes stack support
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
do_compile() is shared and shouldn't have been using SRCREV_moby
as that is obviously only set in the moby recipe.
Switch to using a generic DOCKER_COMMIT variable and set it in
both docker_moby and docker-ce.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Much of meta-virt requires seccomp to function properly, so we
update docker to match that common default.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Add mobyproject:moby to CVE_PRODUCT to reflect where the source
is coming from for both docker recipes.
We keep the old 'docker' designation for compatibility.
It is unclear whether or not we should also be adding the cli
and libnetwork to the CVE_PRODUCT. But since they are on
different SRCREVs and not vendored, we keep them out for now.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Bumping containerd to version v1.6.9-12-g6c41694da, which comprises the following commits:
5af8d89ce overlayutils: Add fastpath for userxattr check
303f608dd [release/1.6] update to Go 1.18.8 to address CVE-2022-41716
3f9f9508d ctr export strictly match default platform
df73acad5 [release/1.6] go.mod: Bump hcsshim to v0.9.5
658490b78 ctr import: strictly match platform
4907b4d72 Migrate away from GitHub actions set-output
f1493f665 Prepare release notes for v1.6.9
346412f5a adding support of CAP_BPF and CAP_PERFMON
99578d1fc Update mailmap
a956d8415 Add logging volume metrics to Containerd CRI plugin
29e2dea50 fix pusher concurrent close channel
8a9d69385 [release/1.6] Stats() shouldn't assume s.container is non-nil
a9adc7938 cri: PodSandboxStatus should tolerate missing task
b66eb726a migrate from k8s.gcr.io to registry.k8s.io
5b40993a5 [release/1.6] upgrade containerd/continuity from v0.2.2 to v0.3.0
f2376e659 Update container with sandbox metadata after NetNS is created
06f82efef archive: validate digests before use
28324c529 [release/1.6] Update go 1.18.7, addresses CVE-2022-2879, CVE-2022-2880, CVE-2022-41715
0aeeb62cb [release/1.6] update golangci-lint to v1.19.0
7db9d1f76 Fix linter warnings
4dc932e62 [release/1.6] gofmt with go1.19
7b8d679ad [release/1.6] integration: remove use of deprecated io/ioutil
926b9c72f retry request on writer reset
b9a35c6af Add integration tests with failpoint
1f29fac48 Persist container and sandbox if resource cleanup fails, like teardownPodNetwork
a85709c6c integration: simplify CNI-fp and add README.md
d89a8d223 pkg/failpoint: add FreeBSD link and update pkg doc
b0ce2965a integration: Add injected failpoint testing for RunPodSandbox
a7f956d86 integration: CNI bridge wrapper with failpoint
07c479471 pkg/failpoint: add DelegatedEval API
4a5bc05aa runtime/v2/shim: return if error in load plugin
71ee7de24 bin/ctr,integration: new runc-shim with failpoint
3e2e77849 runtime/v2: manager supports server interceptor
cb935bf49 pkg/failpoint: init failpoint package
2fdfd564c make xattr EPERM non-fatal in createTarFile
89e49609d remotes/docker/config: Skipping TLS verification for localhost
b720be2ce remove stray .zuul.yaml
6b30bc4b4 .zuul: remove the zuul because it is offline
0f7e258ee Set grpc code for unimplemented cri-api methods
fb753e5cd update intergration
6ee5bb7ea bump cri-api
ae8598615 ContainerStatus to return container resources
d3c7e31c8 Update CRI-API
5b44c5271 vendor: golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd
3507d600b update runc binary to v1.1.4
1efd8b947 ci: remove GOPROXY environment variable due to https://github.com/go-yaml/yaml/issues/887
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Bumping runc to version v1.1.4-8-g974efd2d, which comprises the following commits:
3b958289 Fixes inability to use /dev/null when inside a container
335ec376 cirrus-ci: install EPEL on CentOS 7 conditionally
fb145a2f cirrus-ci: enable EPEL for CentOS 7
276297b6 VERSION: back to development
5fd4c4d1 Release 1.1.4
204c673c [1.1] fix failed exec after systemctl daemon-reload
ec2efc2c ci: fix for codespell 2.2
c778598c [1.1] ci/gha: fix cross-386 job vs go 1.19
d83a861d Fix error from runc run on noexec fs
d614445d [1.1] libct/nsenter: switch to sane_kill()
3ca5673f CI: workaround CentOS Stream 9 criu issue
c3986e53 tests/int: don't use --criu
f46c0dad [1.1] ci: fix delete.bats for GHA
6b94849d tests/int: runc delete: fix flake, enable for rootless
fa3354dc libct: fix mounting via wrong proc fd
eb1552a0 VERSION: back to development
6724737f VERSION: release 1.1.3
91fa032d ci: add basic checks for CHANGELOG.md
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Bumping runc to version v1.1.4-8-g974efd2d, which comprises the following commits:
3b958289 Fixes inability to use /dev/null when inside a container
335ec376 cirrus-ci: install EPEL on CentOS 7 conditionally
fb145a2f cirrus-ci: enable EPEL for CentOS 7
276297b6 VERSION: back to development
5fd4c4d1 Release 1.1.4
204c673c [1.1] fix failed exec after systemctl daemon-reload
ec2efc2c ci: fix for codespell 2.2
c778598c [1.1] ci/gha: fix cross-386 job vs go 1.19
d83a861d Fix error from runc run on noexec fs
d614445d [1.1] libct/nsenter: switch to sane_kill()
3ca5673f CI: workaround CentOS Stream 9 criu issue
c3986e53 tests/int: don't use --criu
f46c0dad [1.1] ci: fix delete.bats for GHA
6b94849d tests/int: runc delete: fix flake, enable for rootless
fa3354dc libct: fix mounting via wrong proc fd
eb1552a0 VERSION: back to development
6724737f VERSION: release 1.1.3
91fa032d ci: add basic checks for CHANGELOG.md
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
The linkshared is not supported in some machines like riscv64 and
when supported we can use the GO_LINKSHARED instaed.
So export GO_LINKSHARED on the recipe to be available for Makefile.
This is currently only used in libnetwork for the proxy build, but
could be used in additional locations in the future.
Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
restructure the containerd source layout to avoid symlinking vendor
dependencies. This avoid go recording paths in the final binaries.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
We get the following QA warning on build:
WARNING: containerd-opencontainers-v1.6.8+gitAUTOINC+579a6380ec-r0 do_package_qa: QA Issue: File /usr/bin/containerd-shim-runc-v2 in package containerd-opencontainers contains reference to TMPDIR
File /usr/bin/containerd-ctr in package containerd-opencontainers contains reference to TMPDIR
File /usr/bin/containerd-shim-runc-v1 in package containerd-opencontainers contains reference to TMPDIR
File /usr/bin/containerd in package containerd-opencontainers contains reference to TMPDIR
File /usr/bin/containerd-shim in package containerd-opencontainers contains reference to TMPDIR [buildpaths]
This is the first step in fixing the QA warning, by dropping our
debug patch, passing -trimpath and not defining GO_DEBUG.
This leaves a final reference similar to:
path _/opt/poky/build/tmp/work/core2-64-poky-linux/containerd-opencontainers/v1.6.8+gitAUTOINC+579a6380ec-r0/git/src/import/cmd/ctr
That is being stored in the .rodata of the binaries.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Bumping containerd to version v1.6.8-8-g579a6380e, which comprises the following commits:
1efd8b947 ci: remove GOPROXY environment variable due to https://github.com/go-yaml/yaml/issues/887
0448673af Do not append []string{""} to command to preserve Docker compatibility
5c230ece0 Fix cleanup in critest
ed9d3dc37 oci: WithDefaultUnixDevices(): remove tun/tap from the default devices
3364f411e Prepare release notes for v1.6.8
390920429 release workflow: remove Go setup action
cf48ba6e8 release workflow: increase timeout to 30 minutes
57873e652 release: rollback Ubuntu to 18.04 (except for riscv64)
eccb82f6d Update release build timeout to 20 minutes
6a854d4b5 Update mailmap
61612e1a2 Prepare release notes for 1.6.7
d199ee462 Update golang to 1.17.13
0578d20c5 Change os.Stderr reassign for Windows service
12cae4961 Update Vagrant CI to macos-12
bc4091aae chore: bump macos runner version
cb73bd050 Windows HostProcess container CRI stats test
ac388525a Add validations for Windows HostProcess CRI configs
0007f40fe [release/1.6] go.mod: Bump hcsshim to v0.9.4
c9607e78c Update Fedora version to 36
2952b66c0 CI: add riscv64 builds
6b2dc9a37 release/Dockerfile: update Ubuntu to 22.04 for supporting riscv64
745dc07c4 seccomp: support riscv64
c2f841f21 Create ppc64le release
86b55bd8d seccomp: allow clock_settime64 when CAP_SYS_TIME is added
f3da3e51f allow ptrace(2) by default for kernel >= 4.8
aa1101068 [release/1.6] update golang to 1.17.12
37dfc5c9d [release/1.6] Fix WWW-Authenticate parsing
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
The sysvinit functionality conflicts with the docker daemon
settings required for the systemd docker.socket.
Ensure that the sysvinit capabilities are only enabled if
systemd is not present.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Bumping moby to version v20.10.17-2-g3949ff121e, which comprises the following commits:
ff7feeac37 vendor: github.com/containerd/continuity v0.3.0
6f3f2b6d08 update containerd binary to v1.6.6
b3bcb15da8 update containerd binary to v1.6.5
f55b030fa0 system: unbreak build for darwin
63ab12cd3a Port pkg/system/mknod.go to FreeBSD
081e538fbd vendor: libnetwork f6ccccb1c082a432c2a5814aaedaca56af33d9ea
8e9d647c01 [20.10] update golang to 1.17.11
87ead7fd2a vendor: hcsshim a11a2c44e8a4aa9d66314b1d759ef582df5ab5e8
27f8322324 vendor: libnetwork 2dab5620d4462865c6151e573b3e7fa5d3b8458b
829951ec19 docs: api: /containers/{id}/attach/ws: remove unsupported query-args < v1.42
6cbe73bfc0 Rename Reservation to Reservations in the open API
d9ed3d7e28 update runc binary to v1.1.2
a15acb4bd6 [20.10] vendor: golang.org/x/sys v0.0.0-20220412211240-33da011f77ad
5f2e0b79ad [20.10] update golang to 1.17.10
Bumping libnetwork to version v0.7.0-dev.3-1835-gf6ccccb1, which comprises the following commits:
af0c46d8 Apply peformance tuning to new sandboxes also
23ffb31f Set ExternalPortReserved for dummy proxy
9b82e422 Bump hcsshim
9db86fb7 Only check if route overlaps routes with scope: LINK
Bumping docker-cli to version v20.10.17, which comprises the following commits:
7502d7e56 Fix dead external link
308624c3b fix: remove asterisk from docker command suggestions
de7d866b6 [20.10] update golang to 1.17.11
240e4b550 [20.10] vendor: golang.org/x/sys v0.0.0-20220412211240-33da011f77ad
5d4776bd9 [20.10] update golang to 1.17.10
49e9c2ae3 vendor: golang.org/x/sys 63515b42dcdf9544f4e6a02fd7632793fde2f72d (for Go 1.17)
87a3ce269 vendor: golang.org/x/sys d19ff857e887eacb631721f188c7d365c2331456
1d8abed17 vendor: update x/sys to 134d130e
31dad66f9 [20.10] update golang to 1.17.9
80f673bf9 gofmt with go1.17
3d4cc8e69 [20.10] update remaining files to go1.17.8
30277a8f8 update go to 1.17.8
cfef3a7dc docs: deprecated: add entry for "fluent-async-connect" log-opt
53426025c [20.10] docs: reformat table for compatibility
573a66463 Describe privileged mode in terms of capabilities
cf0ab7ac4 [20.10] vendor: github.com/docker/distribution v2.8.1
d05fd4ffc [20.10] vendor: github.com/opencontainers/image-spec v1.0.2
870f13825 [20.10] vendor: github.com/docker/docker v20.10.14
198d6b872 [20.10] circleci: update buildx to v0.8.2
55a14ec85 [20.10] update remaining Dockerfiles to go 1.16.15
1f9a0df05 e2e: update docker-compose to 1.29.2
4ae338b33 docs: reference: remove trailing space to fix yaml formatting
6380142dd docs: fix (table) formatting, fix some broken links
82f422fcf docs: build: fix minor markdown and syntax issues
80fd77903 Update the list of log drivers
c3d4d623c Fix CMD --ignored-param1 example
2e82d11de docs: dockerd: fix broken link in blockquote area
738a6ee1c improve cp documentation with some illustration examples
246d96bb6 docs: unify "docker create" and "docker run" reference
2fd0f1705 docs: add missing documentation for --pull flag
5fa500000 Fix incorrect pointer inputs to `json.Unmarshal`
1e6a8ce2b Dockerfile: update xx to 1.1
6f7a931a2 [20.10] use GO_LDFLAGS instead of LDFLAGS to prevent inheriting unrelated options
91bab605f [20.10] vendor.conf: don't use git:// protocol
a282e0c5d [20.10] update to go 1.16.15 to address CVE-2022-24921
700364e30 Fix mistake with env var example in docker run docs
62d27c32f Update WORKDIR command information
c0e952cf0 Fix the (dead) link for docs for Dockerfile syntax reference
04104a04d Update dockerd.md
b721998b7 Fixing typo (his --> its)
4065e1246 format create.md table
f1002eb9f Fix typo
e97c7b240 added missing closing parenthese
aa7893763 Update stats.md add example json output
40fe0573a Update Ubuntu version number references in push.md
c9737e1c3 docs/daemon: replace deprecated '-g' option for '--data-root'
5c6723d08 Correct device syntax to --gpus
fd5fc61ec [20.10] Update Go to 1.16.14
3624019d8 [20.10] update Go to 1.16.13
f3ff8e6ad [20.10] vendor: compose-on-kubernetes v0.5.0 to remove github.com/golang/glog
ee1ac1b31 fix innocuous data-race when config.Load called in parallel
38dd744a1 [20.10] Update Go to 1.16.12
4de40a825 Update Go to 1.16.11
03fa8f92c Update Go to 1.16.10
9989fdbc4 Update most links in docs to use https by default
0e20c1fd2 Update Go to 1.16.9
1c0927a04 Dockerfile: update tonistiigi/xx to 1.0.0-rc.2, add XX_VERSION arg
82f9d5921 info: skip client-side warning about seccomp profile on API >= 1.42
adb01ca79 docs: some minor touch-ups in checkpoint reference
8260476a0 docs: remove trailing space to fix generated YAML format
bce2e1f95 docs: create.md: typo fix
44064f51c Fix typo in documentation - build.md
292779add Add doc for BUILDKIT_PROGRESS env var
f2e79b826 docs: use "console" code-hint for shell examples
fa46b9236 docs: rewrite reference docs for --stop-signal and --stop-timeout
400f81089 experimental: fix broken link to "checkpoint and restore" page
c72057c8d docs: move checkpoint/restore doc from experimental into reference
77db97d59 Use private network address for default-address-pools setting in daemon.json example
cbf0d2b7b docs: fix some broken anchors
d0014a86b docs: fix description of restart-delay to mention max (1 minute)
6c1c8b55a docs: fix search results by filterd is-official
44fdac11f Update Go to 1.16.8
061051c24 docs: add missing redirect, and remove /go/experimental redirect
2012fbf11 Update Go to 1.16.7
42d1c0275 registry: ensure default auth config has address
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Bumping moby to version v20.10.17-2-g3949ff121e, which comprises the following commits:
ff7feeac37 vendor: github.com/containerd/continuity v0.3.0
6f3f2b6d08 update containerd binary to v1.6.6
b3bcb15da8 update containerd binary to v1.6.5
f55b030fa0 system: unbreak build for darwin
63ab12cd3a Port pkg/system/mknod.go to FreeBSD
081e538fbd vendor: libnetwork f6ccccb1c082a432c2a5814aaedaca56af33d9ea
8e9d647c01 [20.10] update golang to 1.17.11
87ead7fd2a vendor: hcsshim a11a2c44e8a4aa9d66314b1d759ef582df5ab5e8
27f8322324 vendor: libnetwork 2dab5620d4462865c6151e573b3e7fa5d3b8458b
829951ec19 docs: api: /containers/{id}/attach/ws: remove unsupported query-args < v1.42
6cbe73bfc0 Rename Reservation to Reservations in the open API
d9ed3d7e28 update runc binary to v1.1.2
a15acb4bd6 [20.10] vendor: golang.org/x/sys v0.0.0-20220412211240-33da011f77ad
5f2e0b79ad [20.10] update golang to 1.17.10
Bumping libnetwork to version v0.7.0-dev.3-1835-gf6ccccb1, which comprises the following commits:
af0c46d8 Apply peformance tuning to new sandboxes also
23ffb31f Set ExternalPortReserved for dummy proxy
9b82e422 Bump hcsshim
9db86fb7 Only check if route overlaps routes with scope: LINK
Bumping docker-cli to version v20.10.17, which comprises the following commits:
7502d7e56 Fix dead external link
308624c3b fix: remove asterisk from docker command suggestions
de7d866b6 [20.10] update golang to 1.17.11
240e4b550 [20.10] vendor: golang.org/x/sys v0.0.0-20220412211240-33da011f77ad
5d4776bd9 [20.10] update golang to 1.17.10
49e9c2ae3 vendor: golang.org/x/sys 63515b42dcdf9544f4e6a02fd7632793fde2f72d (for Go 1.17)
87a3ce269 vendor: golang.org/x/sys d19ff857e887eacb631721f188c7d365c2331456
1d8abed17 vendor: update x/sys to 134d130e
31dad66f9 [20.10] update golang to 1.17.9
80f673bf9 gofmt with go1.17
3d4cc8e69 [20.10] update remaining files to go1.17.8
30277a8f8 update go to 1.17.8
cfef3a7dc docs: deprecated: add entry for "fluent-async-connect" log-opt
53426025c [20.10] docs: reformat table for compatibility
573a66463 Describe privileged mode in terms of capabilities
cf0ab7ac4 [20.10] vendor: github.com/docker/distribution v2.8.1
d05fd4ffc [20.10] vendor: github.com/opencontainers/image-spec v1.0.2
870f13825 [20.10] vendor: github.com/docker/docker v20.10.14
198d6b872 [20.10] circleci: update buildx to v0.8.2
55a14ec85 [20.10] update remaining Dockerfiles to go 1.16.15
1f9a0df05 e2e: update docker-compose to 1.29.2
4ae338b33 docs: reference: remove trailing space to fix yaml formatting
6380142dd docs: fix (table) formatting, fix some broken links
82f422fcf docs: build: fix minor markdown and syntax issues
80fd77903 Update the list of log drivers
c3d4d623c Fix CMD --ignored-param1 example
2e82d11de docs: dockerd: fix broken link in blockquote area
738a6ee1c improve cp documentation with some illustration examples
246d96bb6 docs: unify "docker create" and "docker run" reference
2fd0f1705 docs: add missing documentation for --pull flag
5fa500000 Fix incorrect pointer inputs to `json.Unmarshal`
1e6a8ce2b Dockerfile: update xx to 1.1
6f7a931a2 [20.10] use GO_LDFLAGS instead of LDFLAGS to prevent inheriting unrelated options
91bab605f [20.10] vendor.conf: don't use git:// protocol
a282e0c5d [20.10] update to go 1.16.15 to address CVE-2022-24921
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
commit e4474ef881401b2f3ed3ba806a288bb986dcac49 of runc does a vendor
update which includes the reverted fix again. The commit is after 1.2.0
and before 1.3.0 --> the next cherry-pick updates runc to 1.3.0 and the
fix will be back.
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Bumping moby to version v20.10.16, which comprises the following commits:
a15acb4bd6 [20.10] vendor: golang.org/x/sys v0.0.0-20220412211240-33da011f77ad
5f2e0b79ad [20.10] update golang to 1.17.10
be7855fdbe vendor: update github.com/containerd/cgroups and github.com/cilium/ebpf
414a9e24a7 update containerd binary to v1.6.4
47b6a924b6 update containerd binary to v1.6.3
6d7c2b2d26 update containerd binary to v1.6.2
91708bf704 update containerd binary to v1.6.1
53ae17008e Revert "[20.10] update containerd binary to 1.5.11"
961b9a78d5 update runc binary to v1.1.1
97972dac5f update runc binary to v1.1.0
033a819714 [20.10] update golang to 1.17.9
a80884126b Jenkinsfile: add workaround for CVE-2022-24765
09d6fcdfec update to go 1.17.8 to address CVE-2022-24921
5957684b2c Update Go to 1.17.7
55b72c70ba Update Go to 1.17.6
fdf3020bd5 Update Go to 1.17.5
36e164ba80 Update Go to 1.17.4
ecfba8f588 Update Go to 1.17.3
4e14dcc125 Update Go to 1.17.2
c32b5ece31 Update Go to 1.17.1
7096508811 vendor: update archive/tar to match Go 1.17.0
a1150245cc Update to Go 1.17.0, and gofmt with Go 1.17
95cc7115fb hack/vendor.sh: allow go version to be specified with .0
949c33b1c5 vendor: golang.org/x/sys 63515b42dcdf9544f4e6a02fd7632793fde2f72d (for Go 1.17)
8392285876 vendor: golang.org/x/sys d19ff857e887eacb631721f188c7d365c2331456
4e81bcf380 Makefile: update buildx to v0.8.2
74e699c8d3 Makefile: update buildx version to v0.6.0
bc3cc2e7ac Makefile: install buildx from binary release, instead of building
492fac20af api: docs: fix indentation of HostConfig.SecurityOpt (v1.39-v1.41)
3cba2682d8 api: docs: move ContainerWaitResponse to definitions (v1.39-v1.41)
55e71450ae api: docs: move VolumeCreateOptions to definitions (v1.39-v1.41)
c54362cd64 api: docs: move Volume examples inline (v1.39-v1.41)
c60ff9b296 doc: server API Correct ImagesCreate - platform parameter added in 1.32
7a45f7a8cc docs: cleanup swagger API with multiple examples (v1.25-v1.41)
29bb9204bf api: docs: add IPAMConfig on IPAM (v1.41)
77f6564369 api: docs: document MountPoint fields (v1.25-v1.41)
51ea235ab8 api: docs: remove deprecated RootFS.BaseLayer (API v1.25-v1.41)
3d6b4ae572 Correct type of Mounts in ContainerSummary in docs (v1.25-v1.40)
6e8b9809b7 Correct type of Mounts in ContainerSummary in docs
621a98dac0 api: docs: fix warning about comment indentation (API v1.40-v1.41)
bb9ef98060 api: docs: update docs for /images/{name}/json (API v1.39-v1.41)
88ca5cec4e daemon: fix error-message for minimum allowed kernel-memory limit
3ea996abd7 docs: add missing KernelMemoryTCP to api v1.40 and v1.41
b475bc95cd docs/api: add missing 400 response for POST /containers/{id}/wait
ae07b3cc96 docs/api: update /containers/{id}/wait "condition" parameter (v1.30-v1.41)
19555fa92d [20.10] vendor: github.com/docker/distribution v2.8.1
32fe0bbb91 daemon: use RWMutex for stateCounter
ed8fb00b65 errdefs: move GetHTTPErrorStatusCode to api/server/httpstatus
3bd611d7a5 log error message when receiving an unexpected type error
7dfe7a1752 [20.10] update containerd binary to 1.5.11
af953d2f38 [20.10] vendor: containerd 7cfa023d95d37076d5ab035003d4839f4b6ba791
5f9753ae73 client: remove containerd "platform" dependency
4df345e65d client: remove unused Platform field from configWrapper
dd38613d0c oci: inheritable capability set should be empty
2825bf7123 Only check if route overlaps routes with scope: LINK
f5c56eaca8 [20.10] bump swarmkit for config size increase
ce3b6d1ae9 distribution: retry downloading schema config on retryable error
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Bumping libnetwork to version v0.7.0-dev.3-1830-g339b972b, which comprises the following commits:
9db86fb7 Only check if route overlaps routes with scope: LINK
7b9c2905 fix port forwarding with ipv6.disable=1
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Bumping moby to version v20.10.16, which comprises the following commits:
a15acb4bd6 [20.10] vendor: golang.org/x/sys v0.0.0-20220412211240-33da011f77ad
5f2e0b79ad [20.10] update golang to 1.17.10
be7855fdbe vendor: update github.com/containerd/cgroups and github.com/cilium/ebpf
414a9e24a7 update containerd binary to v1.6.4
47b6a924b6 update containerd binary to v1.6.3
6d7c2b2d26 update containerd binary to v1.6.2
91708bf704 update containerd binary to v1.6.1
53ae17008e Revert "[20.10] update containerd binary to 1.5.11"
961b9a78d5 update runc binary to v1.1.1
97972dac5f update runc binary to v1.1.0
033a819714 [20.10] update golang to 1.17.9
a80884126b Jenkinsfile: add workaround for CVE-2022-24765
09d6fcdfec update to go 1.17.8 to address CVE-2022-24921
5957684b2c Update Go to 1.17.7
55b72c70ba Update Go to 1.17.6
fdf3020bd5 Update Go to 1.17.5
36e164ba80 Update Go to 1.17.4
ecfba8f588 Update Go to 1.17.3
4e14dcc125 Update Go to 1.17.2
c32b5ece31 Update Go to 1.17.1
7096508811 vendor: update archive/tar to match Go 1.17.0
a1150245cc Update to Go 1.17.0, and gofmt with Go 1.17
95cc7115fb hack/vendor.sh: allow go version to be specified with .0
949c33b1c5 vendor: golang.org/x/sys 63515b42dcdf9544f4e6a02fd7632793fde2f72d (for Go 1.17)
8392285876 vendor: golang.org/x/sys d19ff857e887eacb631721f188c7d365c2331456
4e81bcf380 Makefile: update buildx to v0.8.2
74e699c8d3 Makefile: update buildx version to v0.6.0
bc3cc2e7ac Makefile: install buildx from binary release, instead of building
492fac20af api: docs: fix indentation of HostConfig.SecurityOpt (v1.39-v1.41)
3cba2682d8 api: docs: move ContainerWaitResponse to definitions (v1.39-v1.41)
55e71450ae api: docs: move VolumeCreateOptions to definitions (v1.39-v1.41)
c54362cd64 api: docs: move Volume examples inline (v1.39-v1.41)
c60ff9b296 doc: server API Correct ImagesCreate - platform parameter added in 1.32
7a45f7a8cc docs: cleanup swagger API with multiple examples (v1.25-v1.41)
29bb9204bf api: docs: add IPAMConfig on IPAM (v1.41)
77f6564369 api: docs: document MountPoint fields (v1.25-v1.41)
51ea235ab8 api: docs: remove deprecated RootFS.BaseLayer (API v1.25-v1.41)
3d6b4ae572 Correct type of Mounts in ContainerSummary in docs (v1.25-v1.40)
6e8b9809b7 Correct type of Mounts in ContainerSummary in docs
621a98dac0 api: docs: fix warning about comment indentation (API v1.40-v1.41)
bb9ef98060 api: docs: update docs for /images/{name}/json (API v1.39-v1.41)
88ca5cec4e daemon: fix error-message for minimum allowed kernel-memory limit
3ea996abd7 docs: add missing KernelMemoryTCP to api v1.40 and v1.41
b475bc95cd docs/api: add missing 400 response for POST /containers/{id}/wait
ae07b3cc96 docs/api: update /containers/{id}/wait "condition" parameter (v1.30-v1.41)
19555fa92d [20.10] vendor: github.com/docker/distribution v2.8.1
32fe0bbb91 daemon: use RWMutex for stateCounter
ed8fb00b65 errdefs: move GetHTTPErrorStatusCode to api/server/httpstatus
3bd611d7a5 log error message when receiving an unexpected type error
7dfe7a1752 [20.10] update containerd binary to 1.5.11
af953d2f38 [20.10] vendor: containerd 7cfa023d95d37076d5ab035003d4839f4b6ba791
5f9753ae73 client: remove containerd "platform" dependency
4df345e65d client: remove unused Platform field from configWrapper
dd38613d0c oci: inheritable capability set should be empty
2825bf7123 Only check if route overlaps routes with scope: LINK
f5c56eaca8 [20.10] bump swarmkit for config size increase
ce3b6d1ae9 distribution: retry downloading schema config on retryable error
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
The current upx will trigger the Bitbake Fetcher Error added in
Kirkstone 4.0.5 189a6d452e3037c9e94ccdf6af38359fc6058064 commit. This
patch replaces gitsm with git and explicitly adds the git submodules
with the corresponding commits.
Change-Id: I1b1231f06481f7a1e25dc35277d0f1725c7631e0
Signed-off-by: Joakim Roubert <joakimr@axis.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
The upx development branch history has been rebaseed, so we update
our SRCREV to match.
As part of this update, we can drop our patch as it has now been
merged into the project.
The cmake structure has changed slightly, so we inherit cmake-native
to make it available as part of the Makefile driven build.
And finally, the name and location of the binary has changed, so
we adapt our install rule to match.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
The yq build was broken:
- some repositories have moved from master -> main
- missing dependencies, that were being fetched in the compile task
Correcting these issues fixes yq' build
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Move the xilinx specific bbappend to a wildcard append.
Signed-off-by: Mark Hatle <mark.hatle@kernel.crashing.org>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
After upgrading from honister to kirkstone the build always failed
during the package_write_ipk step, because the package name has
been overwritten because of the typo in FILES.
While investigating, I discovered another typo in class-devupstream.
Signed-off-by: Guenther Meyer <g.meyer@signum-media.de>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
buildah is a command line tool, to be installed and run on target,
that can be used to:
- create a working container, either from scratch or using an image
as a starting point
- create an image, either from a working container or via the
instructions in a Dockerfile
- images can be built in either the OCI image format or the
traditional upstream docker image format
- mount a working container's root filesystem for manipulation
- unmount a working container's root filesystem
- use the updated contents of a container's root filesystem as a
filesystem layer to create a new image
- delete a working container or an image
- rename a local container
Testing:
Setup the build directory:
$ . oe-init-build-env <build_dir>
Add to local.conf:
IMAGE_INSTALL:append = " buildah kernel-modules"
KERNEL_FEATURES += "features/overlayfs/overlayfs.cfgi \
features/netfilter/netfilter.scc \
features/lxc/lxc-enable.scc"
IMAGE_ROOTFS_EXTRA_SPACE = "5242880"
Build image:
$ bitbake core-image-minimal
Run the image:
$ runqemu nographic kvm qemuparams="-m 4096"
On target:
Pull an image:
> cnt=$(buildah from fedora)
Or build from Dockerfile
> buildah bud -t <image_name>:<tag> .
Mount the image:
> mnt=$(buildah mount ${cnt})
Install packages on the container rootfs:
> dnf install --installroot $mnt <packages_to_install> -y
Copy local files to the container:
> buildah copy $cnt <local_file> <dest_on_container>
Save the changes to an image
> buildah commit --format docker $cnt <name>:<tag>
Run the image using buildah:
> buildah run $cnt /bin/sh
Or using docker:
> docker run -it <name>:<tag>
Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
This is useful for podman system tests.
Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
2b28d64667 brought a typo when resolving
merge/rebase conflict. This fixes it.
Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
This CVE was fixed[1] in the container image go library skopeo is using
(vendoring). The current version of the image go module is v5.20.0 while
the fix landed since v3.0.0[2].
See RedHat's resolution[3] for more details.
[1] https://github.com/containers/image/issues/654
[2] a3d69a4a89
[3] https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10214
Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Files are sorted in lexicographic order. Moving podman-rootless.conf to
something greater then '00' would help with systems providing default
values in other configuration files that can be overridden by
podman-rootless.conf.
Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Upgrade ceph to latest v15.x.
Minor upgrade containing fix for CVE-2022-0670.
Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
