The kubernetes recipes can inherit cni_networking and provide their
own PN-cni packages, so we no longer need to provide this by default.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Overriding hostname in a .conf file, via base-files:
HOST_NAME="k3s-host"
hostname_pn-base-files = "${HOST_NAME}"
Is always a valid option, but if it is not configured, we can easily
have two hosts with the same name on the network, confusing adddress
assignement, etc.
This commit introduces a way to generate a unique hostname based
on the uuid of the build host, and the machine being built.
If virt-unique-hostname is added to IMAGE_FEATURES, like the following:
IMAGE_FEATURES += "virt-unique-hostname"
IMAGE_FEATURES[validitems] += "virt-unique-hostname"
Then a rootfs postprocessing hook will override hostnae to something
unique.
Note: this means your image will be reproducible on a single builder,
but not between them.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
To enable demonstrations of application container builds, and deployment
to k*s clusters, we introduce a simple recipes-demo/ structure with a
sample flask application and deployment yaml.
i.e. ensure that "helloworld-flask-deploy" is installed on your image,
and then:
% kubectl apply -f /etc/flask-app.yaml
% kubectl label pods zeddii-pod new-label=yoctorule
% kubectl expose pod zeddii-pod --port=9000 --target-port=9000 --type=LoadBalancer --name=my-service
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Bumping runc to version v1.0.3-2-ge0124d56, which comprises the following commits:
31f7b334 VERSION: back to development
f46b6ba2 VERSION: release v1.0.3
b8dbe466 runc init: avoid netlink message length overflows
e73ff667 [1.0] ci: add Go 1.17, drop Go 1.15
2c30069c libct/cg/sd/v2: Destroy: remove cgroups recursively
42bfc63b script/release.sh: fix for opensuse
8e96a96f libct/cg/fs2: fix GetStats for unsupported hugetlb
e84e7f93 [1.0] Fix failure with rw bind mount of a ro fuse
cbb23675 runc run: fix ro /dev
e802cfae test/int/mount.bats: refer to github issue
3640499a libct/rootfs: consolidate utils imports
aa1d1ca5 tests/int/dev: add CAP_SYSLOG to /dev/kmsg tests
fdee8658 libct/int/checkpoint_test: fix ParentImage
cbb5ef5c improve error message when dbus-user-session is not installed
86d83333 VERSION: back to development
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Bumping runc to version v1.0.3-2-ge0124d56, which comprises the following commits:
31f7b334 VERSION: back to development
f46b6ba2 VERSION: release v1.0.3
b8dbe466 runc init: avoid netlink message length overflows
e73ff667 [1.0] ci: add Go 1.17, drop Go 1.15
2c30069c libct/cg/sd/v2: Destroy: remove cgroups recursively
42bfc63b script/release.sh: fix for opensuse
8e96a96f libct/cg/fs2: fix GetStats for unsupported hugetlb
e84e7f93 [1.0] Fix failure with rw bind mount of a ro fuse
cbb23675 runc run: fix ro /dev
e802cfae test/int/mount.bats: refer to github issue
3640499a libct/rootfs: consolidate utils imports
aa1d1ca5 tests/int/dev: add CAP_SYSLOG to /dev/kmsg tests
fdee8658 libct/int/checkpoint_test: fix ParentImage
cbb5ef5c improve error message when dbus-user-session is not installed
86d83333 VERSION: back to development
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Bumbing kubernetes to the latest release branch (now that our go
compiler meets the minium standards).
We also add a networking configuration similar to the k3s one, but
named appropriately so that CNI will read and do basic configuration.
We also add some missing rdepends that were preventing the controller
node from fully initializing.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Bumping skopeo to version v1.5.2-3-g1d24e657, which comprises the following commits:
4dcd28df Use a dynamic temp dir for test
789ee8be Bump to 1.5.3-dev
8a88191c Release 1.5.2
69728fdf Update to c/image v5.17.0
47066f2d Cirrus: Bump Fedora to release 35 & Ubuntu to 21.10
adfa1d4e Bump github.com/docker/docker
05a2ed49 proxy: Uncapitalize all errors
e9535f86 tests: Add new "procutils" that exposes PDEATHSIG
fa86297c proxy_test: Test `GetConfig`
2bb6f27d proxy_test: Add helper to read all from a reply
f90725d8 proxy_test: Add a helper method to call without fd
644074cb proxy: Add support for manifest lists
83416068 tests/integration/proxy_test: New test that exercises `proxy.go`
a3adf36d proxy: Use float → int helper for pipeid
6510f101 proxy: Add a helper to return a byte array
e7b7be57 proxy: Add an API to fetch the config upconverted to OCI
942cd6ec Fix bug that prevented useful diagnostics on registry fail
41de7f2f use fedora:latest in contrib/skopeoimage/*/Dockerfile
c264cec3 Move to v1.5.2-dev
2b357d82 Bump to v1.5.1
4acc9f0d main: Error out if an unrecognized subcommand is provided
7885162a move optional-flag code to c/common/pkg/flag
36d860eb Add --dest-precompute-digests option for docker
c8777f3b bump containers/image to 2541165
985d4c09 Add instructions to generate static binaries
11b59898 Add new `experimental-image-proxy` hidden command
2144a37c issue#785 inspect command - introduce a way to skip querying available tags for an image
60c98cac Document container images as an alternative to installing packages
89ecd5a4 Introduce --username and --password to pass credentials
119eeb83 Move to v1.5.1-dev
209a9931 Bump to v1.5.0
3e4d4a48 Bump github.com/containers/image/v5 from 5.16.0 to 5.16.1
3a97a0c0 Bump github.com/docker/docker
ff88d3fc Remove leftover Nix packaging files
e19b57c3 Update github.com/containerd/containerd to v1.5.7
b950f83c issue#1466 - Introduce a --keep-going option to allow "sync" command to continue syncing even after a particular image sync fails
12d01037 Bump github.com/containers/storage from 1.36.0 to 1.37.0
e0c53dfd Update installation doc with latest steps
aba57a88 Makefile: drop nix support
93c42bcd Bump github.com/containers/common from 0.45.0 to 0.46.0
c0f07d3d Bump github.com/containers/common from 0.44.1 to 0.45.0
0ce7081e Bump github.com/containers/common from 0.44.0 to 0.44.1
52dafe8f Update to github.com/vbauerster/mpb v7.1.5
ee8b8e77 Explain the usage of DISABLE_DOCS in the installation doc
1d204fb1 Update VM Images + Drop prior-ubuntu references
61310777 issue#1411 Introduce DISABLE_DOCS to skip doc generation while building from source
ed96bf04 Bump github.com/containers/common from 0.43.2 to 0.44.0
a837fbe2 Bump github.com/containers/storage from 1.35.0 to 1.36.0
9edeb69f Remove the extra (defaults to true) help msg
a2d083ca Bump github.com/containers/image/v5 from 5.15.2 to 5.16.0
0e87d4d1 Run (gofmt -s -w)
c399909f Update non-module dependencies
102e2143 Bump github.com/containers/image/v5 from 5.15.1 to 5.15.2
7d5ef9d9 Bump github.com/containers/common from 0.43.1 to 0.43.2
70eaf171 Add OWNERS file
61969472 Bump github.com/containers/image/v5 from 5.15.0 to 5.15.1
ec1ac5d0 Bump github.com/containers/storage from 1.34.0 to 1.34.1
082db20f Bump github.com/containers/common from 0.43.0 to 0.43.1
8dce403b Add codespell fixes
f6ae7865 systemtests: if registry times out, show container logs
9acb8b6a Bump github.com/containers/common from 0.42.1 to 0.43.0
a23b9f53 Bump github.com/containers/storage from 1.33.2 to 1.34.0
be821b4f Bump github.com/containers/storage from 1.33.1 to 1.33.2
ab87b15f Cirrus: Run checks directly on the host
1aa98bab Github: Add workflow to monitor Cirrus-Cron builds
fbf96998 Bump github.com/docker/docker
a3bb1cc5 Bump github.com/containers/common from 0.42.0 to 0.42.1
0667a1e0 Bump to 1.4.1-dev
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
* undo the unnecessary and incomplete changes from 0001-vm-support-fix-build-for-kernel-s-5.4.patch
because with 5.15 it was still failing with:
ERROR: modpost: missing MODULE_LICENSE() in uxen-guest-tools/4.1.8-r0/uxen-4.1.8-72a4af9/vm-support/linux/uxenhc/uxenhc.o
fix it properly in 0004-uxenhc-fix-DMODULE-not-working-on-module-build-comma.patch
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
This is a compile only fix to update the uxen kernel modules to
work against newer kernels.
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
* use something more reasonable than default 'git' from filename
* there wasn't a new tag for a long time, so this is quite far
from 0.3.0 as git describe shows:
v0.3.0-231-g6b23764a
but 0.3.0 is still the closest release I've found
and matches PROJECT_VERSION in Makefile:
6b23764a14/Makefile (L29)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Bumping to the latest xvisor tip.
We drop one patch that is now part of the upstream, and we
add another to remove /usr/bin/python from scripts called
during build, since it breaks the build on hosts without
/usr/bin/python.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Backport a fix for CVE-2021-3667.
The CVE discription: An improper locking issue was found in the
virStoragePoolLookupByTargetPath API of libvirt. It occurs in the
storagePoolLookupByTargetPath function where a locked virStoragePoolObj
object is not properly released on ACL permission failure. Clients
connecting to the read-write socket with limited ACL permissions could
use this flaw to acquire the lock and prevent other users from accessing
storage pool/volume APIs, resulting in a denial of service condition.
The highest threat from this vulnerability is to system availability.
Refer to: https://bugzilla.redhat.com/show_bug.cgi?id=1986094
Signed-off-by: Yanfei Xu <yanfei.xu@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Bumping podman-compose to version 0.1.8-2-g1555417, which comprises the following commits:
1555417 FIXES#361: key error _service
1f989ed FIXES#356: respect pull_policy
66ce2a3 release 0.1.8
d8e11d5 FIXES#312: run starts dependencies
72c3572 #289: exit code and test for that
c187e88 up and down specific containers
31b8bb4 simpler passing of env
f177712 Fix `up` arguments parsing
ae3deb1 #355: fix dry run
117b7fb command list of strings
5acb997 command list of strings
02b2f65 Update issue templates
a36b6f1 Update issue templates
e3be6dd Update issue templates
4b75678 Update issue templates
dcb038e remove tabs
a2fef56 FIXES#353: down in reverse order
c753b8e FIXES#167: support ContainerFile
c9486c9 #115: handle string entrypoint
f2aeaba #348: conditional --infra-name
2d80e43 remove print
d1a77de external name
c49f070 volumes with names
6d69b7c Add support external volumes
ab13503 add support for long port publishing format
069018c #342: set infra container name
b33c42b Readability fix for missing commands
785f7ad Get version info with setup.cfg
b6a9f8e #335: report version with -v
4a5fd23 #275 make pipx happy
dc0ac0d docs: added the transform_policy default and description
502d7cc #327: accept ports as string
e85d79d added cpu_shares flag for v2
bfb57b9 added cpu_shares flag for v2
2d0aad6 Also pull images with a build section
ff5b9f1 Support for logging
62aa337 feat(secrets): ✨ Add support for secrets
3836094 Update podman_compose.py
d97a20d #308: fix environment
f417c9a #120: extend not add
5ed5528 FIXES#120: parse mem and cpu limits
3d6ca3c FIXES#120: parse mem and cpu limits
6e3383d Convert numeric command arguments to string (fixes#77)
8ef7587 Fix some typos (found by codespell)
039fe30 Make sure port entries are converted to strings
62d2024 Add stop_signal service attribute
9317f98 #278: args
045cef2 #289: report exit code when --exit-code-from
a7f97b6 implement -e in run
0ea18b4 Force adding an .env file for the tests
00840d0 resolve conflict
2ad7daa Test variable interpolation in the YAML
080b8a3 Prefer 'compose.yaml' as per compose spec
226ac4f fix missing --label flag in volume creation
030a196 Fix README typo
901213e Update podman_compose.py
b337060 Add support for sysctls in compose file
b3090c3 Mode Python installation and test deps to requirement files
5fabfee Support annotations
75a63df fix: check `.env` in current dir with `isfile` instead of `exists`
08dd36f Add docker-compose labels for interoperability
669953b Rework argument generation to adhere directly to what podman accepts.
d3df688 Remove test code
bda7b5e Add exec support
6289d25 fixes#236: compatible with docker-compose
abc0813 Only pull each image once
9cd837f Fixes#236: Ensure project name works with podman
a4b8b5e Fix 'podman-compose version' with no compose file in the working directory
5971f57 FIXES#249: update dotenv with some envs
ab96f12 FIXES#249: update dotenv with some envs
f6a3cb0 Allow environment variables to be unset
497355f Re-order environment/env_files to match compose
20a86ea add --no-cache arg to build
4e2e960 build specific service
efba3a1 support str style configuration for env_file
9063976 BUG: 'podman stop -t 360.0' called for float, expects int on cli
3712b54 ENH: add timeout option to podman-compose down, as in https://docs.docker.com/compose/reference/down/
294f8ee Hashlib to generate SHA256 instead of MD5 for FIPS
105b129 Fix infinite loop
d3f3711 FIXES#181: accept init and init-path
7eacf14 MAINT: resolve https://github.com/containers/podman-compose/pull/180#issuecomment-632722974
8cd98ab MAINT: extend instead of append
047820d ENH: Added restart policy forwarding to podmann run, compose build args added to up args
e7b1382 Add --build-arg to 'up' (Fixes#161)
64ed554 Allow empty default/error value in substitution
93bf39e Add Security Policy
5915ba3 Catch error when compose file is empty
1ca6a88 target once
7b40079 Pass "target" parameter when building an image.
f9915c4 Check for target property when building images
1973340 Add support for --build-arg option
e8147e3 Add support for cap_add/cap_drop
7f210ff fixing "Error: unknown flag: --shm_size"
cbed801 start detached
6a42d68 add ports test
07a2430 Fixes#152: validate that podman is useable
5215782 Fixes#152: validate that podman is useable
03cbd29 pass volumes using -v
796e6a4 Avoid crash when no services are defined
efcbc75 Pass ulimit parameters when building container
dacc753 Add Code of Conduct
8c3b7e6 Added mount option delegated and cached
147f0ae Update README with dnf install instructions.
27d3caf Add support for privileged option
e7a9bd3 Show stopped containers in ps
ddd582c Add support for logs subcommand
169eaee Fix override of the run command
c5f8973 Mixed-case directory names break 'podman create'
12036aa FIXES#76: a service extends a service with same name
7222fdb exit if not files
bb7120f Fix stop command runs start instead
7ebbe2e Fix KeyErrors encountered with extended services
29d4cdc Remove unused funtion in setup.py
a9216c3 podman volume inspect mountPoint/Mountpoint
e538852 #57: better ps via label
b1c2b02 podman_compose.py
9e0dd2d extends with external file
72c1992 Remove never-shared options.
3e2381f Support extends
dee813a #47: version command
9684429 #52: fix how we split commands
87e7211 #54: fix ulimits
7269701 Fixed get of ulimit tag, according to docker-compose specification
b369073 Fix podman-compose run command parsing
62f0cc4 Changed -l flag to --label in order to be compatible with Podman 1.0.2.dev
c152d28 Support for generic container-compose format
8e43e69 FIX#41: compare original volume name
751aaa8 Add support for devices in a service
243bdb6 Add support for setting container ulimit
2202e7f Add support for setting container ulimit
f505e49 a test showing yaml anchor magic
2e4378f add string check for cmd line args
2a8d430 FIXES#35: now support multiple composer files
a512c0c #35: test for multiple -f
f008986 release 0.1.5
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Bumping libpod to version v3.4.2-4-g72031783c, which comprises the following commits:
25f35ac9e Use CGO_ENABLED=1 when building natively on darwin
7c98d542b Bump to v3.4.3-dev
2ad1fd355 Bump to v3.4.2
1d6397e5c Add release notes for v3.4.2
6d9b1e4b8 Fix partial log line handling with journald log driver
8b368b5e1 Fix Zsh completion command documentation
c2fb170b8 Fix flake in upgrade tests
6770fede7 VOLUME must be declared after RUN chown command
cedf1a3d4 podman-generate-kube - remove empty structs from YAML
e456873c0 Exclude already built sources for static build
e9f6e5194 Match .c files in Makefile
de852ebd0 shm_lock: Handle ENOSPC better in AllocateSemaphore
fc1707dfe Minor test tweaks
c8b7ca2ba pod/container create: resolve conflicts of generated names
2dc8db773 Add some information about disabling SELinux when using system volumes
93a3e720d Log Apache access_log-like entries at Info level [NO NEW TESTS NEEDED]
b1ac02dcb tweak a couple of flag descriptions in help output
718de67f3 Fix bindings container log test
dd6551055 test: run --cgroups=split in new cgroup
df9e0fdcb Fix tests of podman image trust --raw and --json
df736396e Tighten the expected output of the "podman image trust show" test
18c322d1c Use INTEGRATION_ROOT instead of current directory
3bd80ac9a Handle HTTP 409 error messages properly for Pod actions
a8332f694 Fix swagger definitions
5889c2c24 Cirrus: Authorize rootless user self-ssh
2a0aad6be Add information on how podman machine is updated
0ded340e6 Fix help message case for `podman version`
fa29ca710 Fix pause usage example
6bf6d7237 Set Checkpointed state to false after restore
2d6252b98 runtime: change PID existence check
a208bc24d Set DOCKER_HOST in the VM
246782133 runtime: check for pause pid existence
0519e7ef8 utils: do not overwrite the err variable
2b85684ad Fix systemd PID1 test
0e1f67b72 cgroups: use SessionBusPrivateNoAutoStartup
9707ff5d4 vendor: update godbus to v5.0.6
a67bf0f92 Slirp4netns with ipv6 set net.ipv6.conf.default.accept_dad=0
47afa6d96 Fix a few problems in 'podman logs --tail' with journald driver
729310a85 If Dockerfile exists in same directory as service, we should not use it.
7275d389b Document to not set K8S envars for CNI
955d01f5a [NO NEW TESTS NEEDED] Fix off-by-one index comparision (reported by LGTM)
2ff511798 Fix some typos in documentation and comments (found by codespell)
eead06b9d [CI:DOCS] Fix typo keep_id -> keep-id
8887cc7e4 podman run --memory=0 ... should not set memory limit
6f779b230 systemd: compatible with rootless mode
465e27cf1 Use exponential backoff when waiting for a journal entry
3b67336b6 Pod Rm Infra Improvements
f8ede7c5e System tests: confirm that -a and -l clash
c3f3e6d3b Remove infra ID from DB before removing containers
b3eaa08c5 Generate Kube should not print default structs
d489abf26 fuse-overlay probably means fuse-overlayfs.
34739f441 Replace 'an user' => 'a user'
9c94530bb network reload without ports should not reload ports
eca1b6c0b pod create: read network mode from config
9e78185e3 volumes: be more tolerant and fix infinite loop
5c2d17e1c [backport] tag: Support tagging manifest list instead of resolving to images
46f7d2af1 Bump to v3.4.2-dev
a6493ae69 Bump to v3.4.1
56a4372c2 Update release notes for v3.4.1
f05e206bd Fix test failures from backports
437ec951d system tests: socket activation: clean up
5aa89c88f Checkpoint/Restore test fixes
d39e41283 Set targetPort to the port value in the kube yaml
7923bfcb0 Test-hang fix: Wait for ready + timeout on connect.
c135ff76d Don't include ctr.log if not using file logging
9168db8bc Do not add TCP to protocol in generated kube yaml
b5dd62f31 Don't use docker/pkg/archive, use containers/storage/pkg/archive
a213661ae Fix panic in container create compat api
92ed439d2 Don't add image entrypoint to the generate kube yaml
16fb4161a Kube Gen run as user/group issues
3082ba8b7 No space in kube annotations for bind mounts
b470de05b cgroups: use cgroup.controllers to read controllers
8b87793d4 Use SplitN(2) when copying env variables
d458bc304 [CI:DOCS] Include manifest example usage
fbe94088f podman stats: move cgroup validation to server
338e01f04 [CI:DOCS] oci-hooks.5.md: fixup section in header
de6a4af5a Change podman.1 man page to show corret log-level default
326eae3b7 Add podman-plugins to upstream image
ca33df146 Ensure `podman ps --sync` functions
7bbf774e8 Allow `podman stop` to be run on Stopping containers
2cd206d0f libpod: fix race when closing STDIN
37347c321 It really should be no **NEW** tests needed
62d12a2ad Add guard for BuildOptions.CommonBuildOpts
c6be71486 machine: silently cleanup dangling sockets before rm if possible
835d74ac6 sdnotify test: accept MAINPID anywhere
14509a92b Allow a value of -1 to set unlimited pids limit
deb7517cc Gating tests: fix permissions error
cd4e10fdf [v3.4] bump c/common to v0.44.3
91f9682c7 Bump to v3.4.1-dev
6e8de00bb Bump to v3.4.0
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Bumping docker-distribution to version v2.7.1-38-gf7365390, which comprises the following commits:
97f6dace [release/2.7] vendor: github.com/opencontainers/image-spec v1.0.2
9a3ff113 fix go check issues
19b573a6 Change should to must in v2 spec
d836b23f [release/2.7] update to go1.16
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Bumping cri-tools to version v1.22.0-64-ga9898388, which comprises the following commits:
794d57a4 Bump github.com/onsi/gomega from 1.16.0 to 1.17.0
0f2d4138 Refactor fish completion
c52d97b1 Rename bash and zsh completion functions
cad0736a Add zsh compinit tag
569d1769 Bump google.golang.org/grpc from 1.41.0 to 1.42.0
082da7c6 Bump github.com/docker/docker
0aade2a4 Bump github.com/onsi/ginkgo from 1.16.4 to 1.16.5
4e03be78 Add release publishing workflow
5c0c14e2 Bump github.com/opencontainers/selinux from 1.8.5 to 1.9.1
b4e1615c Add SHA512 sum for release files
22bdc0b9 Bump github.com/docker/docker
06422104 Bump google.golang.org/grpc from 1.40.0 to 1.41.0
b153327c Bump sigs.k8s.io/yaml from 1.2.0 to 1.3.0
c5fac65f Bump k8s.io/api from 0.22.1 to 0.22.2
36c9ae70 Bump k8s.io/cri-api from 0.22.1 to 0.22.2
c104c3a7 Bump k8s.io/apimachinery from 0.22.1 to 0.22.2
65509de9 Bump k8s.io/client-go from 0.22.1 to 0.22.2
59cf0fb9 Bump k8s.io/kubectl from 0.22.1 to 0.22.2
8d019343 Updates E2E test images registry
6824a581 Bump github.com/opencontainers/selinux from 1.8.4 to 1.8.5
057a0a48 Switch to go1.17 for CI
d9fe19b8 Bump github.com/opencontainers/runc from 1.0.1 to 1.0.2
56a2c456 Added dropping/adding `ALL` capabilities case to critest
1817da64 Bump github.com/onsi/gomega from 1.15.0 to 1.16.0
9c01f4d5 Bump k8s.io/cri-api from 0.22.0 to 0.22.1
e3ca48ad Bump k8s.io/client-go from 0.22.0 to 0.22.1
1e108dfb Bump k8s.io/api from 0.22.0 to 0.22.1
79ff09e9 Bump k8s.io/apimachinery from 0.22.0 to 0.22.1
f3863189 Bump k8s.io/kubectl from 0.22.0 to 0.22.1
32d96cbe Bump google.golang.org/grpc from 1.39.1 to 1.40.0
de44545a Bump github.com/onsi/gomega from 1.14.0 to 1.15.0
44385679 Bump github.com/opencontainers/selinux from 1.8.3 to 1.8.4
dd011a46 Bump google.golang.org/grpc from 1.39.0 to 1.39.1
3db8a88c Bump Kubernetes to v1.22.0
231cf44f Bump k8s.io/api from 0.21.3 to 0.22.0
032832ec Bump k8s.io/cri-api from 0.21.3 to 0.22.0
64e1ad02 Bump k8s.io/kubectl from 0.21.3 to 0.22.0
918e5c77 Bump k8s.io/apimachinery from 0.21.3 to 0.22.0
6ccbb79b Bump github.com/docker/docker
a2e29a4c Bump github.com/opencontainers/selinux from 1.8.2 to 1.8.3
0cfc8b32 crictl: Adds support for updating resource limits for Windows Containers
d6c95411 Bump k8s.io/api from 0.21.2 to 0.21.3
a9dc7558 Bump k8s.io/kubectl from 0.21.2 to 0.21.3
88e4d31b Bump k8s.io/apimachinery from 0.21.2 to 0.21.3
d7f79299 Bump k8s.io/cri-api from 0.21.2 to 0.21.3
5a43f6cd Bump github.com/onsi/gomega from 1.13.0 to 1.14.0
e89ffa50 Update GitHub actions to go 1.16 and remove .travis.yml
e5045b08 Bump google.golang.org/grpc from 1.38.0 to 1.39.0
31e70ff9 Update critest Windows tests.
03fa217f chore: switch containerd branch to main
aef70e40 Bump k8s.io/cri-api from 0.21.1 to 0.21.2
f6f6a393 Bump k8s.io/api from 0.21.1 to 0.21.2
b90eefd5 Bump k8s.io/kubectl from 0.21.1 to 0.21.2
85fa1307 Bump k8s.io/apimachinery from 0.21.1 to 0.21.2
bb845cfd rm_force_while_container_running_fix
e866f8ff Bump github.com/opencontainers/selinux from 1.8.1 to 1.8.2
a8e055d2 Bump github.com/onsi/ginkgo from 1.16.3 to 1.16.4
9de2a5e4 Bump github.com/docker/docker
c83bed06 Bump github.com/onsi/ginkgo from 1.16.2 to 1.16.3
c9cb3790 Bump github.com/onsi/gomega from 1.12.0 to 1.13.0
1d34ea0c Add global handler for Interrupt signal
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Bumping cri-o to version v1.22.1-5-ge3dfe61ca, which comprises the following commits:
d89a55e91 gh-actions: add sed for kube e2e
b1ac0896f release-notes: update to main
a90fcad56 test: add label for openshift e2e in dockerfile
1495b80e8 bump to 1.22.1
4ce3396b9 Skip volume relabel for super privileged containers
66e3210e0 test: skip certificate check for downloading parallel
91acfb2e7 test: fix shmft
325ec64d5 vendor: update to selinux 1.9.1
8bacf3132 test: fix selinux test failures
116eff337 server: FilterDisallowedAnnotations of containers earlier
e595eeb06 server: conditionally relabel volumes given annotation
69dfc4bc4 test: refactor allowed_annotation tests
92810c137 server: reduce args in addOCIBindMounts
54f343719 server: mount cgroup if hostNetwork
b40d9220b server: use container level host network setting
53755727a server: don't recalculate hostnet
a220ddf71 server: set spec when dropping infra
85043dab6 server: don't wait forever on conmon cgroup move fail
764e83f44 Do not log if Intel RDT is not supported
4542e5166 call cmd.Wait() in all cases we call Start()
2bd8e315b oci: call wait on conmon if cgroup move fails
d45f1f112 Fix missing quantile in `latency_microseconds_total` metrics
6a8cb41cd oci: use conmon for exec again
ddef4d063 install dependency in test step
f74d274fa blockio: apply annotations and blockio classes to Linux.Resources
7b3f68fa8 blockio: handle class configuration file if set
d7444c86d blockio: enable setting blockio class configuration file
5aacbedb2 fix checking in openpgp_tag.sh
2bfcfb6fb config: set internal_wipe to true by default, and deprecate the option
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
cri-o has joined the projects switching their default branch to
main (and removing the old one).
We update our recipe to avoid fetcher errors.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Bumping containerd to version v1.5.8, which comprises the following commits:
ef071b07b mailmap: Add Kevin Parsons
2385fd14d Prepare release notes for v1.5.8
15d8c03e3 schema1: reject ambiguous documents
833407fbf images: validate document type before unmarshal
01428ec40 Fix containerd fails to pull OCI image with non-`http(s)://` urls
2bd3f18d9 [release/1.5] go.mod: Bump hcsshim to v0.8.23
047ea15d2 [release/1.5] go.mod: Bump ttrpc to 1.1.0
7b20299bc [release/1.5] update Go to 1.16.10
641976bea [release/1.5] update Go to 1.16.9
b988fc918 Output a warning for label image labels instead of erroring
3109820f5 Update test timeout based on recent cancellations
16762f3e5 Fix spelling mistake in Windows snapshotter
6094bc770 Use DeactivateLayer to recover layers that we cannot rename
bf02a8330 task delete: Closes task IO before waiting
aa7c9d9da Fix pull fails on unexpected EOF
bc2f973ff Prepare release notes for v1.5.7
f95fca079 btrfs: reduce permissions on plugin directories
68119b417 v1 runtime: reduce permissions for bundle dir
97db45e83 v2 runtime: reduce permissions for bundle dir
bc8fdf832 Update release notes and mailmap
77dafa20c Prepare release notes for v1.5.6
a4b51d119 Fix panic in metadata content writer on copy error
147705920 Use github images for integration tests
514137aa0 cri: add devices for privileged container
6bfd09f7c Enable image config labels in ctr and CRI container creation
923088852 seccomp: support "clone3" (return ENOSYS unless SYS_ADMIN is granted)
4133c775c go.mod: update runc to v1.0.2
011fb4c0b update runc binary to v1.0.2
210d3bc15 Fix content copy to not ignore unexpected EOF
a863339c5 [release/1.5] update Go to 1.16.8
f3d46f828 CI: Switch to available latest images
c7ed09d55 Adding testing of two devices in a directory
0ca2e2751 Fix dir support for devices V3 (#4847)
0fd19511e go.mod: Update hcsshim to v0.8.21
c0534c168 [release/1.5 backport] cri: filter selinux xattr for image volumes
27e164648 Allow expanded DNS configuration
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Bumping conmon to version v2.0.1-288-ge67bb4d, which comprises the following commits:
a854c52 conmon: fix error message
5d5b853 logging: set SYSLOG_IDENTIFIER= with --log-tag
ed0b60c conmon: free userdata files before exec cleanup
42cecdf Cirrus: Remove disused scripts
1c7b233 test: drop seccomp tests
eb808d2 fix gh action yaml
e7a5e0c ctr_logs: use container name or ID as SYSLOG_IDENTIFIER for journald
f263cf4 logging: new mode -l passthrough
f231c7f ctrl: delete the fifo if it exists
7cfb1ac conmon_test: fix race condition on os.RemoveAll
c657db7 integration: use the built binary
fa1fa36 bump to v2.0.31-dev
2792c16 bump to v2.0.30
fec62f1 bump go version for podman tests
89072ea Update VM Images + Drop prior-ubuntu references
53c9f75 Remove unreachable code path
9e54dda exit: report if the exit command was killed
4d3dba9 exit: fix race zombie reaper
c834521 conn_sock: allow watchdog messages through the notify socket proxy
423c391 Add seccomp to build dependency
9c23760 Update nixpkgs
3a8c913 make: only define use_seccomp if we're using it
1d67d9e Makefile: correctly check seccomp notify support
e796a80 Makefile: make conditional-compilation variable setting uniform
e83c392 Makefile: unify condition checking
7381063 Cirrus: Remove outdated/wrong documentation
4a8762d Cirrus: Fix references to 'master' branch
1ef2468 Fix docs links due to branch rename
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
When enabling 'dpdk' PACKAGECONFIG, the following error appears.
| configure: error: Could not find DPDK library in default search path
Fix the error by tweaking the configure option regarding dpdk.
Add pkgconfig to 'inherit' because pkgconfig is required at do_configure
when dpdk is enabled.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Bumping moby to version v20.10.10-9-g7bd682c48c, which comprises the following commits:
7677aeafd7 TestBuildUserNamespaceValidateCapabilitiesAreV2: cleanup daemon storage
34eb6fbe60 testutil: daemon.Cleanup(): cleanup more directories
c7edd308ad [20.10] Update Go to 1.16.10
6611c72b65 cmd/dockerd: create panic.log file without readonly flag
4b9a3dac46 Fix race in TestCreateServiceSecretFileMode, TestCreateServiceConfigFileMode
acb4f263b3 Fix racey TestHealthKillContainer
59d2a2c397 dockerd-rootless.sh: Fix variable not double quotes cause unexpected behavior
2c6aa5aad9 Remove needless check
3285c27503 Fix log statement 'failed to exit' timeout accuracy
a4bcd4c64f docker daemon container stop refactor
bed624fdc9 docker kill: fix bug where failed kills didnt fallback to unix kill
80b7e8b5d7 buildkit: normalize build target and local platform
c2b9a32875 vendor: Update go-winio to v0.4.20
c580a02873 [20.10] Update Go to 1.16.9
129a2000cf [20.10] update containerd binary to v1.4.11
6835d15f55 [20.10] update containerd binary to v1.4.10
5730c139f7 Bump swarmkit to get fix for rollback
59f10e3435 quota: adjust build-tags to allow build without CGO
fa78afebcf Update Go to 1.16.8
567c01f6d1 seccomp: add support for "clone3" syscall in default policy
07728cd2bd update runc binary to v1.0.2
964768f200 cmd/dockerd: add the link of "the documentation"
80f1169eca chrootarchive: don't create parent dirs outside of chroot
93ac040bf0 Lock down docker root dir perms.
b0c0b73798 bump up rootlesskit to v0.14.4
decb56ac89 Update Go to 1.16.7
Bumping docker-cli to version v20.10.10, which comprises the following commits:
9989fdbc4 Update most links in docs to use https by default
0e20c1fd2 Update Go to 1.16.9
1c0927a04 Dockerfile: update tonistiigi/xx to 1.0.0-rc.2, add XX_VERSION arg
82f9d5921 info: skip client-side warning about seccomp profile on API >= 1.42
adb01ca79 docs: some minor touch-ups in checkpoint reference
8260476a0 docs: remove trailing space to fix generated YAML format
bce2e1f95 docs: create.md: typo fix
44064f51c Fix typo in documentation - build.md
292779add Add doc for BUILDKIT_PROGRESS env var
f2e79b826 docs: use "console" code-hint for shell examples
fa46b9236 docs: rewrite reference docs for --stop-signal and --stop-timeout
400f81089 experimental: fix broken link to "checkpoint and restore" page
c72057c8d docs: move checkpoint/restore doc from experimental into reference
77db97d59 Use private network address for default-address-pools setting in daemon.json example
cbf0d2b7b docs: fix some broken anchors
d0014a86b docs: fix description of restart-delay to mention max (1 minute)
6c1c8b55a docs: fix search results by filterd is-official
44fdac11f Update Go to 1.16.8
061051c24 docs: add missing redirect, and remove /go/experimental redirect
2012fbf11 Update Go to 1.16.7
42d1c0275 registry: ensure default auth config has address
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
OEcore has recently added a QA check for directories that should
be empty. libvirt (via meson) creates some localsstate directories
for the various components. These trigger the QA check and break
the build.
We still have some non-volatile localstate (/var) scenarios, and
not seeing a distro feature that controls the QA check, and/or to
coordinate the removal of the populated directories, we inhibit
the QA check. In a boot with a volatile /var, the directories
will be overlayed and no harm will come, in a non-volatile
scenario, they'll be visible and no harm will come.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Bumping kubernetes to version v1.22.4-rc.0-26-ga82c1e72259, which comprises the following commits:
a1bc265ce68 Fixed unit test SELinux support
9286d722d5e Add shortcut for SELinux detection
8ddc2963808 Don't guess SELinux support on error
24b725f29f1 Use separate pathSpec for local and remote to properly handle cleaning paths
3bf2248bda7 [go1.16] Update to go1.16.10
bd146ab0e1b Automated cherry pick of #105122: added keys for structured logging (#105137)
98ad7ac4ef4 Update debian, debian-iptables, setcap images to pick up CVE-2021-33910 fixes
b9236d7cd4a Fixing how EndpointSlice Mirroring handles Service selector transitions
9e778cb6ede Fix race condition in logging when request times out
dee25f4db12 Remove nodes with Cluster Autoscaler taint from LB backends.
e565102bce7 Support cgroupv2 in node problem detector test
33b5f0f1eaf Update CHANGELOG/CHANGELOG-1.22.md for v1.22.3
39f5a506c81 Release commit for Kubernetes v1.22.4-rc.0
c9203682049 Release commit for Kubernetes v1.22.3
6765a52acd9 Free APF seats for watches handled by an aggregated apiserver.
dd8563b0184 Run storage hostpath e2e test client pod as privileged
fc580a41252 support more than 100 disk mounts on Windows
176ba1d5236 [go1.16] Update to go1.16.9
cdfd8141855 Clear initial UDP conntrack entries for loadBalancerIPs
b30f24e2579 Verifying the auth headers are set for upgraded aggregated API requests
0dfe8e33143 apiserver aggregator upgrade unit test
36a9689ce81 Aggregator uses the regular transport even if the request requires upgrades
5fb05afd9f8 Fix PreferNominatedNode test
410c0413757 Remove Error Message Check Dynamic PV Tests
fcb66167905 go fmt
82cd11e646e Add e2e test to verify kubelet restart behaviour
8fa5ff3712c kubelet: set terminated podWorker status for terminated pods
bc392586f01 Fix quota controller hotloop in integration tests
af46778d58d remove StartedPodsErrorsTotal metrice message
13d852c73dc Copy VolumeSnapshotContent annotations in snapshottable.go test
ae10967d23f Fix bugs in e2e pod test
60e425c9009 Ensure terminal pods maintain terminal status
c44db53f2c2 Do not sync Waiting statuses for Terminated pods
4ca2cee155c Adds CancelRequest function to CommandHeadersRoundTripper
cd94fec74c9 Fixes kubectl command headers which hangs on kubectl run
60ee69c79bb Revert "Build non-static binaries with PIE buildmode"
e989925e232 Ignore VMs in vmss delete backend pools
407cc91f95a Fix CSR test to accept certs shorter than the requested duration
6bf5db2e3f7 fix: skip not found nodes when reconciling LB backend address pools
3ceb7b87649 fix: consolidate logs for instance not found error
e15dcbe404c Remove a duplicate StorageClass creation call
6763300949a Update Containerd version - GCE Windows
a135518af00 e2e scheduling priorities: do not reference control loop variable
cc1eb760389 storege e2etest: Delete restored PVC/Pod in snapshottable
614988c6626 pkg/kubelet/cm/memorymanager: Fix ErrorS key/value pair
2f850d636e8 v1.22: Fix test flake in old svc registry
20fa03d60ea 'New' Event namespace validate failed
2ff2780dcc5 kubelet: Handle UID reuse in pod worker
a6539a662cd Add test for recreating a static pod
2d9957274a4 Update CHANGELOG/CHANGELOG-1.22.md for v1.22.2
9f314ed137d Release commit for Kubernetes v1.22.3-rc.0
8b5a1914753 Release commit for Kubernetes v1.22.2
4fa7cdfa93c Refine locking in API Priority and Fairness config controller
b23fffb83ed kube-controller-manager: properly check generic ephemeral volume feature
38c7182897c Fix null JSON round tripping
aeff924339a Propagate conversion errors
a69920a9588 integration test
b7854d5f1c9 fix 104329: check for headless before trying to release the ClusterIPs
d8ead0e1c7b fix detach disk issue on deleting node
c948d8cc53b kubelet: fix sandbox creation error suppression when pods are quickly deleted
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Switching to lopper 1.0 brings us a more standard setuptools
based project for install and packaging.
This update also fixes the experimental update to master-next,
which was incomplete and broken.
The only signficant user visible change with this update is
that lopper.py is now 'lopper' and any calling recipes need
to be updated accordingly.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Bumping k3s to version v1.22.3+k3s1, which comprises the following commits:
61a2aab25e Upgrade containerd
e1883d0537 Bump klipper-lb image for arm fix
5eb13b6ba6 Fix log/reap reexec
259ceb452c Fix other uses of NewForConfigOrDie in contexts where we could return err
cc23fce0a7 Watch the local Node object instead of get/sleep looping
6349aed8e8 Block scheduler startup on untainted node when using embedded CCM
db8f54e6af Update to v1.22.3 (#4348)
46eea2f10a Revert "Add ability to reconcile bootstrap data between datastore and disk (#3398)"
9a4ca5978b reset buffer after use (#4279) (#4329)
c9f6fa0be0 remove integration test
07f844cf95 Copy old bootstrap buffer data for use during migration (#4215)
48355dce10 Add ability to reconcile bootstrap data between datastore and disk (#3398)
84e9b829e0 Update peer address when running cluster-reset
06b8639068 Bump klipper-helm version
f98934980d Added configuration input to etcd-snapshot (#4280) (#4281)
7ede7d2e7c Update to the newest flannel
971854c15b Refactor log and reaper exec to omit MAINPID
3988edef25 Add containerd ready channel to delay etcd node join
b65bcdf963 Bump klog fork version
7c78e1c802 [Release-1.22] - Add etcd s3 timeout (#4207) (#4230)
c10a0a2163 Fix race condition in cloud provider
6193b1af97 Display cluster tls error only in debug mode (#4200)
737f722315 set transport to skip verify if se skip flag passed (#4102) (#4103)
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Adds the following kernel modules for k3s:
* xt-physdev
* xt-nflog
* xt-limit
* nfnetlink-log
Without them, the k3s network-policy-controller reports failures in the log
related to iptables-restore.
Signed-off-by: Richard Neill <richard.neill@arm.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
* remove the incorrect comment about SRCREV being 1.7.0
* and add +git because the old SRCREV wasn't matching
with 1.8.0 tag as well
* add -Wno-error=format-security to work around build failures with newer ncurses-6.3 like:
| ../git/ui/ui.c:45:32: error: format not a string literal and no format arguments [-Werror=format-security]
| 45 | mvprintw(LINES - 1, 0, footer);
| | ^~~~~~
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
* fixes:
KERNEL_FEATURES:append += is not a recommended operator combination, please replace it.
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
bitbake is going to start warning about the combination of +=
and :append, which is rarely correct.
We can use use :append and add the space.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
* apply the same also for recipes using PKG_NAME starting
with github.com which the conversion script doesn't update
automatically
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
github is removing git:// access, and fetches will start experiencing
interruptions in service, and eventually will fail completely.
bitbake will also begin to warn on github src_uri's that don't use
https. So we convert the meta-virt instances to use protocol=https
(done using the oe-core contrib conversion script)
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
As introduced in the oe-core post:
https://lists.openembedded.org/g/openembedded-core/message/157623
SRC_URIs without an explicit branch will generate warnings, and
eventually be an error.
We run the provided conversion script to make sure that meta-virt
is ready for the change.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
