The following changes are part of this version bump:
1.29.1 (2021-04-13)
-------------------
Bugs
Fix for invalid handler warning on Windows builds
Fix config hash to trigger container recreation on IPC mode updates
Fix conversion map for placement.max_replicas_per_node
Remove extra scan suggestion on build
1.29.0 (2021-04-06)
-------------------
Features
Add profile filter to docker-compose config
Add a depends_on condition to wait for successful service completion
Miscellaneous
Add image scan message on build
Update warning message for --no-ansi to mention --ansi never as alternative
Bump docker-py to 5.0.0
Bump PyYAML to 5.4.1
Bump python-dotenv to 0.17.0
1.28.6 (2021-03-23)
-------------------
Bugs
Make --env-file relative to the current working directory and error out
for invalid paths. Environment file paths set with --env-file are
relative to the current working directory while the default .env file is
located in the project directory which by default is the base directory
of the Compose file.
Fix missing service property storage_opt by updating the compose schema
Fix build extra_hosts list format
Remove extra error message on exec
Miscellaneous
Add compose.yml and compose.yaml to default filename list
1.28.5 (2021-02-25)
-------------------
Bugs
Fix OpenSSL version mismatch error when shelling out to the ssh client
(via bump to docker-py 4.4.4 which contains the fix)
Add missing build flags to the native builder: platform, isolation and extra_hosts
Remove info message on native build
Avoid fetching logs when service logging driver is set to 'none'
1.28.4 (2021-02-18)
--------------------
Bugs
Fix SSH port parsing by bumping docker-py to 4.4.3
Miscellaneous
Bump Python to 3.7.10
1.28.3 (2021-02-17)
-------------------
Bugs
Fix SSH hostname parsing when it contains leading s/h, and remove the
quiet option that was hiding the error (via docker-py bump to 4.4.2)
Fix key error for '--no-log-prefix' option
Fix incorrect CLI environment variable name for service profiles:
COMPOSE_PROFILES instead of COMPOSE_PROFILE
Fix fish completion
Miscellaneous
Bump cryptography to 3.3.2
Remove log driver filter
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Upgrade to release 1.5.2:
- Add formal support for Python 3.8
- Remove formal support for Python 3.4
- Switch from Travis to GitHub actions
- Made tests pass flake8 for Python 2.7
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Upgrade to release 3.5.4:
- Restrict docutils to 0.16
- autodoc: Async staticmethods and classmethods are considered as
non async coroutine-functions with Python3.10
- html theme: The style are not applied with docutils-0.17
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Upgrade to release 3.0.10:
- Adds support for PPC64 and ARM64 builds for distribution
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Upgrade to release 1.20.51:
- api-change:lightsail: Documentation updates for Amazon
Lightsail.
- api-change:sts: This release adds the SourceIdentity parameter
that can be set when assuming a role.
- api-change:comprehendmedical: The InferICD10CM API now returns
TIME_EXPRESSION entities that refer to medical conditions.
- api-change:rds: Clarify that enabling or disabling automated
backups causes a brief downtime, not an outage.
- api-change:redshift: Added support to enable AQUA in Amazon
Redshift clusters.
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Upgrade to release 1.17.51:
- api-change:lightsail: [botocore] Documentation updates for
Amazon Lightsail.
- api-change:sts: [botocore] This release adds the SourceIdentity
parameter that can be set when assuming a role.
- api-change:comprehendmedical: [botocore] The InferICD10CM API
now returns TIME_EXPRESSION entities that refer to medical
conditions.
- api-change:rds: [botocore] Clarify that enabling or disabling
automated backups causes a brief downtime, not an outage.
- api-change:redshift: [botocore] Added support to enable AQUA
in Amazon Redshift clusters.
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Upgrade to release 4.0.2:
- Fixed an issue preventing code being fetched from files in the
project root but not in the PWD
- Fix issue where types were not packaged with the library
- Added __all__ lists throughout to indicate the boundaries of the
public interface. This may affect your integration if using
import *.
- Removed Configuration.use_ssl and Configuration.get_endpoint()
in favor of including the protocol in Configuration.endpoint
- Configuration.send_environment is now False by default. Enable
it as a part of your configuration to send the full request
context (if any) as a part of each event.
- Removed bugsnag.utils.ThreadLocals as it has been superseded by
the contextvars API
- Removed bugsnag.utils.merge_dicts, an unused helper function
- Removed bugsnag.send_sessions
- Deprecated bugsnag.notification.Notification in favor of
bugsnag.event.Event to better align with Bugsnag libraries on
other platforms. The Notification class is functionally
equivalent and will be removed in a future release.
- Added a request property to Event.
- Added type signatures throughout the library.
- [WSGI] Use X-Forwarded-For header if present to determine the IP
address used as the default user ID. The remote address remains
available in the request metadata attached to the event.
License-Update: Check only a single line from PKG-INFO
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Upgrade to release 1.17.48:
- api-change:lookoutequipment: [botocore] This release introduces
support for Amazon Lookout for Equipment.
- api-change:kinesis-video-archived-media: [botocore]
Documentation updates for archived.kinesisvideo
- api-change:robomaker: [botocore] This release allows RoboMaker
customers to specify custom tools to run with their simulation
job
- api-change:appstream: [botocore] This release provides support
for image updates
- api-change🐏 [botocore] Documentation updates for AWS RAM
resource sharing
- api-change:customer-profiles: [botocore] Documentation updates
for Put-Integration API
- api-change:autoscaling: [botocore] Amazon EC2 Auto Scaling
announces Warm Pools that help applications to scale out faster
by pre-initializing EC2 instances and save money by requiring
fewer continuously running instances
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Upgrade to release 0.17.0:
- Make dotenv get <key> only show the value, not key=value
- Add --override/--no-override option to dotenv run
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Upgrade to release 6.2.0.156:
- Improved CPU metric sampling
- Improved memory metric sampling
- Increased custom attribute limit from 64 to 128
- Fixed a TypeError with Uvicorn and unix sockets
- Fixed a crash when using a FIPS compliant system with Cross
Agent Tracing enabled
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Upgrade to release 1.8.7:
- Decoding deflate-encoded responses now supports data which is
packed in a zlib container as it is supposed to be. The old,
non-standard behaviour is still supported.
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Upgrade to release 2.7.2:
- Update our CI to catch issues with sdist generation,
installation and testing.
- Add missing test suite fixtures directory to MANIFEST.in,
reinstating the ability to run Paramiko's tests from an sdist
tarball.
- Remove leading whitespace from OpenSSH RSA test suite static
key fixture, to conform better to spec.
- Fix incorrect string formatting causing unhelpful error message
annotation when using Kerberos/GSSAPI.
- Fix incorrectly swapped order of p and q numbers when loading
OpenSSH-format RSA private keys. At minimum this should address
a slowdown when using such keys, and it also means Paramiko
works with Cryptography 3.1 and above (which complains
strenuously when this problem appears).
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
As part of this update to crun, we now much run autogen.sh before
running configure.
Otherwise, these are incremental changes and comprise the following
commits:
9effaeb On exec, honor additional_gids from the process spec, not the container definition
c25a2db tests: add explicit python3-pip dependency
e67a756 NEWS: tag 0.19
18c0274 gitignore: update
471a7b8 libocispec: update from upstream
f642968 tests: fix check for cgroup v2
3e7fa1d linux: always remount bind mounts
78aeac9 linux: ignore unknown capabilities
f11d742 Add linuxdevicecgroup to maintain parity with runc spec
9aa382b cgroup: skip parsing empty file
d9c9fd0 container: initialize tmp_err
00371ae src: initialize statx struct
2e88d19 src: initialize first_arg
5e4efb7 seccomp: always NUL terminate lowercase_arch
7812572 tests: add test for seccomp listener
f80e98d init: add check for seccomp listener
5d9010b init: fix check for nargs
5a627f4 seccomp: support notify listener
c3361c1 status: use function to convert from yajl errors
873b62d container: use new error function for hooks JSON
14083ab error: new function to convert from yajl errors
6e19235 linux: pass own pid to container process
8fd3320 contrib: new tool to test seccomp notifications
8722858 crun: always use absolute path for the bundle
ae9ea92 container: improve OOM error message
919aac9 utils: receive fd detect closed connection
a52e480 cgroup: new function to detect OOM
2e37d2a sync-libocispec
75ad96b Let autogen.sh generate m4
14c260f libcrun_warn if newuidmap/newgidmap invoke fails
5598401 README.md: drop pids limit comparison
9ea6857 github: add fuzzing test
0fd03ba tests: add container image for fuzzing libcrun
bbd5c7d fuzzer: reap child processes
c7350ef tests: add more fuzzing tests
816f95b fuzzer: merge two tests
effa508 linux: cleanup zombie on errors
b32f1eb linux: release only on error
5ca72f5 status: attempt open again on interrupts
9b5d4c1 Added static analysis Adding clang compilation Fixing comparison of integers of different signs
3b199ef Update GNUmakefile
dcd1a34 linux: label the tmpfs for masked directories
edf7f15 seccomp: check if the action supports errnoRet
bc222b6 seccomp: fail if no default action specified
0c5b920 seccomp: honor default errno value
92c0afe yajl: support static link of containers/yajl
f3d920d src: fix unitialized variable
7d89a02 src: add error check
765971c status: fix memory leak on error
31274d8 utils: fix check for fd
62d1c4d tests: add test to feed honggfuzz
ab75091 ebpf: return the program instead of NULL
8b16552 src: check if seccomp is defined
f721efb container: fix error ownership
4472e35 container: allow config from memory
6b369b8 container: fix memory leak
0fede0f container: initialize variable
2b6c0b6 container: fix dereference of def->linux if NULL
1dd9b5b container: check for def->process before deref
1b1a691 fix: cross-compiling for Android
b25cb2d tests: add device access test
86251b0 ebpf: handle access(dev_name, F_OK) call correctly
e2d79dc fix: access violate if ret < -2
4f35406 cgroup: read controllers from /proc/self/cgroup
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
In the time between the k3s work starting and ending, meta-networking
picked up the support we need for ipset.
Now that the recipe is in a layer we already depend on, we don't need
our own copy.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
commit 1b83c21436 [openvswitch: Fix build with musl libc] mistakenly
copies common files and then clobbers the SRC_URI.
While we could drop the SRC_URI components from the .inc now that we
only have one active version in master (_git), we avoid that for now,
since it is possible that a LTS version will be introduced in future
cycles.
So to fix the oddity, we drop the common components from the _git
SRC_URI and append versus clobber.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
* don't use github archives
* upgrade to fix build with security-flags.inc enabled, fixed upstream in:
537e806f8c
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
* git.ipxe.org is gone:
fatal: unable to access 'https://git.ipxe.org/ipxe.git/': Couldn't connect to server
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
* PNBLACKLISTs are IMHO a bit easier to read and easier to override from distro
which e.g. provides own recipe for libseccomp
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
* copy the skip from podman recipe, because this packagegroup
depends on podman
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Currently boto3 can be built into an image but it won't work without
additional dependencies. First: botocore is needed at run-time, second:
there are other packages available in meta-python that need adding.
Signed-off-by: Bartosz Golaszewski <brgl@bgdev.pl>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Notable Changes:
1. progress module can now be turned on/off, using the
commands: ceph progress on and ceph progress off.
2. PG removal has been optimized in this release.
Signed-off-by: Zqiang <qiang.zhang@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Bump version to 0.14.
This upgrade is mainly to fix some BUG.
Signed-off-by: Zqiang <qiang.zhang@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
bumping runX to the 1.0 tag
- drop patches that are part of the release
- bump kernel to v5.4.104 to work with our gcc10
- tweak initrd install to use externally provided busybox
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Moving off the 1.20.x-rc and onto a dot release tag. This pulls in
the following commits:
e87da0bd6e0 Release commit for Kubernetes v1.20.4
5682545c2da Update CHANGELOG/CHANGELOG-1.20.md for v1.20.3
f8f2fa827d3 Release commit for Kubernetes v1.20.4-rc.0
01849e73f3c Release commit for Kubernetes v1.20.3
58c5493f22a kube-cross: update image to use v1.15.8-legacy-1
e000e9722bb [go1.15] build: Update to k/repo-infra@v0.1.4 (supports go1.15.8)
3365196e9d8 Use go-runner:buster-v2.3.1 image (built on go1.15.8)
91f2745f08c staging/publishing: Set default go version to go1.15.8
3c777448311 Update to go1.15.8
b570189cf1f Revert "make hostPort match test linuxonly"
6698a4e7afc Revert "conformance changes"
6a31f8d17ef dockershim hostport respect IPFamily
a456eb4eaf6 dockershim hostport manager use HostIP
5d9910a0172 Cherry pick of #98254:Fix the kube-scheduler binary's description of the --config parameter is inaccurate
ac866d63911 make podTopologyHints protected by lock
b84ee98db74 kubelet: Fix mirrorPodTerminationMap leak
d381d6c52cc kubelet: Delete static pods gracefully
b2576fb35f7 kubelet logs print 'kubelet nodes sync' frequently
7826a1c6b87 WIP: node sync at least once
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
If the required modules aren't in the image, k3s will fail to start.
Set the requirements as RRECOMMENDS for image types that don't install
the kernel-modules meta-package.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
We build and depend on our own containerd, we don't need the ctr
symlink to k3s for proper operation.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
To more closely align with the rancher/upstream build, we add
additional tags to the build. To make them easier to manage, we
also introduce a variable and use it in the go build line.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
k3s requires seccomp, and a runc with seccomp enabled for proper
operation. runc has a distro feature check to enable seccomp, so
if we enforce it as k3s feature, we'll also get a properly built
runc and we'll work out of the box.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
runc can be built with both selinux and seccomp tags. These tags
are a requirement for proper operation with some frameworks (like
k3s).
So we add checks for the appropriate distro features and then
automatically add them to the build tags, allowing us a coordinated
enabling of the functionality.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Fixing up the PV to use SRCPV for tracking future version bumps, if
the tree is dirty or not, git will tell us.
We also add some additional kernel module rrecommends, so that the
tools called by k3s can find the support they need (mainly iptools)
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
To make it easier to build container host or k*s host images (as
well as guests), we start to add some packagegroups that wrap the
required elements.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Many of the CNI plugins require authenticated connections, as such
they are looking for elements of ca-certificates.
CNI isn't small, so we add this as a general rdepends. If we need to
slim things down in the future, we can split the CNI into specific
implementations and add the dependency to those packages.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
The docker split/requirement on their forked version of runc is
not relevant any more. While we keep the docker-runc around, we
should prefer the opencontainers variant, since that is where
development happens.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
containerd is rarely used without runc, so we add the runtime dependency
to make installation and image construction easier.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
We already have docker and some other fragments that are relevant to
k3s/k8s, but the addition of ipset as a depends for k3s highlights
that we should have a reference configuration that sets all the options
for proper opration and runtime dependencies.
When k8s or k3s are distro features, we'll apply the new fragment to
any kernel that supports fragments (and matches the supported
versions).
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
