| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We adjust our install routine to find the binaries in architecture
and OS target specific directories, but otherwise the build is
unchanged.
Bumping cri-tools to version v1.26.0-122-g4daea449, which comprises the following commits:
1dbda3f7 Bump github.com/opencontainers/runc from 1.1.4 to 1.1.5
6f1de233 Bump github.com/docker/docker
d55f85f2 update release support details in the README
3e40ab7e Bump github.com/onsi/gomega from 1.27.4 to 1.27.5
13c94c7a Update Ubuntu 18.04 to 20.04
8de6b6d7 Bump github.com/urfave/cli/v2 from 2.25.0 to 2.25.1
8db31a76 Bump github.com/onsi/ginkgo/v2 from 2.9.1 to 2.9.2
3c0741e5 Bump github.com/golang/glog from 1.1.0 to 1.1.1
4d45340a feat: add riscv64
53e4c3ba Bump github.com/onsi/gomega from 1.27.3 to 1.27.4
e13ad25e Bump github.com/onsi/ginkgo/v2 from 2.9.0 to 2.9.1
21e62dde Bump github.com/onsi/gomega from 1.27.2 to 1.27.3
02317f82 Bump github.com/golang/protobuf from 1.5.2 to 1.5.3
9d847e2c Bump golang.org/x/net from 0.7.0 to 0.8.0
bfdb44b5 Bump github.com/urfave/cli/v2 from 2.24.4 to 2.25.0
060929a6 Bump github.com/golang/glog from 1.0.0 to 1.1.0
c020f31f Bump golang.org/x/term from 0.5.0 to 0.6.0
47b33362 Bump github.com/onsi/ginkgo/v2 from 2.8.4 to 2.9.0
f8cb6925 Bump github.com/onsi/gomega from 1.27.1 to 1.27.2
578b38a1 Bump github.com/onsi/ginkgo/v2 from 2.8.3 to 2.8.4
ce2c55c0 Bump github.com/onsi/gomega from 1.26.0 to 1.27.1
f7333f20 Run GitHub actions by `push` only on `master` and tags
64f3f275 Bump github.com/onsi/ginkgo/v2 from 2.8.1 to 2.8.3
8f27b574 Bump github.com/urfave/cli/v2 from 2.24.3 to 2.24.4
b27232f2 Bump golang.org/x/net from 0.6.0 to 0.7.0
61a85a93 Bump github.com/onsi/ginkgo/v2 from 2.8.0 to 2.8.1
c61a79e9 fix crictl config list display error
595572a6 crictl code and args optimization.
85c6f21d Bump github.com/docker/docker
63a1d5a6 crictl config add list flag
b4ffa89f Bump golang.org/x/net from 0.5.0 to 0.6.0
3c35861c Bump github.com/opencontainers/selinux from 1.10.2 to 1.11.0
753c9a88 Makefile support cross compilation, build_bin_path optimization
fda6d7f8 crictl stats add name row
be5f634b Bump golang.org/x/term from 0.4.0 to 0.5.0
82c3e8ae Bump golang.org/x/sys from 0.4.0 to 0.5.0
6fc9e4af Bump github.com/urfave/cli/v2 from 2.24.2 to 2.24.3
01796ae5 Bump github.com/docker/docker
dd20ea16 Bump github.com/onsi/ginkgo/v2 from 2.7.1 to 2.8.0
ef8a0d68 Bump github.com/urfave/cli/v2 from 2.24.1 to 2.24.2
0b81ff2a Bump github.com/onsi/ginkgo/v2 from 2.7.0 to 2.7.1
a4c976aa Makefile: pass in a custom variable GOARCH
f6ec8fec Bump github.com/onsi/gomega from 1.25.0 to 1.26.0
5923662b Bump github.com/urfave/cli/v2 from 2.23.7 to 2.24.1
a8ddf64a Bump github.com/docker/docker
1e27c2c4 Bump github.com/onsi/gomega from 1.24.2 to 1.25.0
edf14e37 Update docs version to match latest release
850c8469 Bump other OTEL deps
6d46b592 Bump go.opentelemetry.io/otel/trace from 1.10.0 to 1.11.2
5364af0f fix: formatting
6f078ed6 fix(docs): add a note about other supported platforms
c2573905 Pass `nil` as tracer provider
8ac43a45 fix: add tip on latest version
8dee7ff5 Update ginkgo and gomega
92edf29e Switch to `registry.k8s.io`
aa036b5a Increase defualt timeout on Windows
5886c7df Add support for calling Windows pod stats
64e8f6b8 Bump golang.org/x/net from 0.4.0 to 0.5.0
3a981a98 Switch away from Docker Hub to avoid rate limits
b3262be7 Bump github.com/docker/docker
5046b65b Add haircommander to reviewers
4e387743 set LTS v1.6.12 into matrix to replace old v1.5 entry
baefda37 gh actions: remove dockershim tests
24cc748b plumb context through CRI
86befea9 bump to go 1.19
a7154756 vendor: bump kube to 1.26
f9764647 Bump github.com/urfave/cli/v2 from 2.23.5 to 2.23.7
6220423b Bump golang.org/x/net from 0.3.0 to 0.4.0
d6d8005f Bump golang.org/x/net from 0.2.0 to 0.3.0
f4cf7b6e Bump golang.org/x/term from 0.2.0 to 0.3.0
c37655ee Bump golang.org/x/sys from 0.2.0 to 0.3.0
9962fb03 add missing CPU count
7493f666 Add detach key sequence support
ca1571e6 critest: ensure server is running before portforward
b6fb4b1d Bump github.com/urfave/cli/v2 from 2.23.4 to 2.23.5
fa370cc5 Bump golang.org/x/net from 0.1.0 to 0.2.0
f1998865 Bump golang.org/x/term from 0.1.0 to 0.2.0
5c48eb26 Bump github.com/urfave/cli/v2 from 2.23.0 to 2.23.4
6b420011 Bump golang.org/x/sys from 0.1.0 to 0.2.0
6f8965f4 Bump github.com/onsi/gomega from 1.23.0 to 1.24.0
913089a4 Bump github.com/urfave/cli/v2 from 2.20.3 to 2.23.0
622b04f1 Bump github.com/onsi/gomega from 1.22.1 to 1.23.0
5acd3285 Bump github.com/docker/docker
c4b3e806 Bump github.com/urfave/cli/v2 from 2.20.2 to 2.20.3
0b1abed2 Bump github.com/onsi/ginkgo/v2 from 2.3.1 to 2.4.0
91521036 specify one supplementalGroup instead of two to make test code simpler
2649f53e added a validation test case For SupplementalGroups with the predefined groups in the container image
d965134b fix copyright section in image-predefined-group's Dockerfile
59137ff5 images/image-predefined-groups: don't specify group in USER
f1cb7aff Bump github.com/docker/docker
72d1ed12 add test image for testing SupplementalGroups with predefined groups in the container image
0fd7a1b4 Bump github.com/urfave/cli/v2 from 2.19.2 to 2.20.2
ac1c0c5b Bump github.com/docker/docker
44965774 Bump github.com/onsi/gomega from 1.21.1 to 1.22.1
78d5c955 Bump github.com/onsi/ginkgo/v2 from 2.3.0 to 2.3.1
11c282fd Bump github.com/onsi/ginkgo/v2 from 2.2.0 to 2.3.0
6e9a4670 Bump github.com/urfave/cli/v2 from 2.17.1 to 2.19.2
93332157 Bump github.com/onsi/gomega from 1.20.2 to 1.21.1
4b984ddc Implement password input on the command line
4507e46c Add recurring working areas to CONTRIBUTING
fd4bb370 Bump github.com/urfave/cli/v2 from 2.16.3 to 2.17.1
49249cbc Bump github.com/opencontainers/selinux from 1.10.1 to 1.10.2
adac6827 Cleanup owners
eb69454a Bump github.com/onsi/ginkgo/v2 from 2.1.6 to 2.2.0
373e7090 Bump github.com/urfave/cli/v2 from 2.16.2 to 2.16.3
6f5588ba Bump github.com/docker/docker
30d32dab Bump github.com/urfave/cli/v2 from 2.14.1 to 2.16.2
fd1c34d3 Bump github.com/urfave/cli/v2 from 2.14.0 to 2.14.1
46197a85 Bump github.com/urfave/cli/v2 from 2.11.2 to 2.14.0
a07c04ee Print deleted digest when repo tags empty
d3e8a304 Bump github.com/docker/go-units from 0.4.0 to 0.5.0
5bf099af Bump github.com/onsi/gomega from 1.20.1 to 1.20.2
74915650 Bump github.com/onsi/ginkgo/v2 from 2.1.5 to 2.1.6
9bad5cb3 Ensure benchmarks are skipped during validation tests.
fd16071d Bump github.com/onsi/ginkgo/v2 from 2.1.4 to 2.1.5
c148f5b2 Bump github.com/onsi/gomega from 1.20.0 to 1.20.1
778b8ed9 vendor: github.com/moby/term v0.0.0-20220808134915-39b0c02b01ae
5168c419 cmd/crictl: replace deprecated pkg/term
0e31acb9 Update version references in docs and go.mod
3efdd0f4 Bump github.com/opencontainers/runc from 1.1.3 to 1.1.4
7abda56b Bump Kubernetes to v1.25.0
1151eb16 Bump github.com/urfave/cli/v2 from 2.11.1 to 2.11.2
a685ed61 No truncate PodID in ps command if --no-trunc exists
7cf65e12 Migrate to native ginkgo v2
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping cri-o to version v1.26.2-10-gc0557b868, which comprises the following commits:
6ee82e547 Update crun to v1.8.3 and runc to v1.5.1
4bea0d45b create the metrics endpoint with correct shutdown logic
778169257 Update CNI plugins to v1.2.0
8f943a9cc Add spdx signature and cert to release notes
ab5daed67 Fix release notes build for release-1.26 branch
fc032744b version: bump to v1.26.2
141c69ac6 build(deps): bump sigstore/cosign-installer from 2 to 3
46e4d5286 Bump crun to v1.8.1
12cc52830 Pin nix version to fix static builds
2c3c8c7d8 unit-test: call UpdateContainerResources when nri enabled
d3504291c nri: add protection against nil dereference
8438fdf40 docs-validation: try String() for struct field values.
b997d9a61 internal/oci: don't crash when getting unset Spec.
96c12e147 test: update NRI BATS test.
d19c65049 completions, docs: update completions and man pages.
3c1bb518c config,criocli: update NRI deps, configuration.
9831dddef Fix cgroup leak for systemd cgroup driver
0c32aa50d Update to c/image 5.24.2
0015d0477 test/*: add test for checking the /etc folder permission
b1113fa78 server: fix the permission issue for `/etc`
7f60e0419 Update github.com/containers/image to v5.24.0
1f0b14da9 Update opencontainers/runtime-tools to a6a073817ab0.
0841fe69a Add container stats to the ListPodSandboxStats response
3facc028e Make storage unmount less strict
b93180c99 Inject release-notes branch from GitHub actions
5ce93c60e ci-verify: Run get-scripts only on main branch
d8c6707bd version: bump to 1.26.1
741be35fa vendor: bump storage to v1.44.1-0.20230101110555-a747b27fe4ca
f49c3b608 Update critest parameters
1b1b95af8 hostport: use generic Set
1e66eb86e server: update streaming interface to take context
2adc326f6 ci: bump cri-o.spec file to 1.26
ae0a0d5f9 static: bump go version
8f8228b77 bump to cri-tools 1.26.0
fff07d82f server: add support for new CRI calls
cac6a729e server/streaming: add context to methods
ec5beb231 vendor: bump kube to 1.26.0
8ffb14733 mocks: update with new c/storage mocks
48d0bf4ca job get script: fix conflist path
7705f9942 bump to v1.26.0
d06cae7c9 contrib/cni: use cniVersion 0.3.1 for ipv4 only bridge config
5526fae33 bundle: use ipv4 only config because of gh action limitation
1b8b28433 Support evented PLEG in CRI-O
5783c3254 Bump cri-api to support evented pleg
29ce5a7b2 get script: fix conflist path
f317b267d Fix-6080: Update the CNI version to 1.0.0
54b7b5fc0 test, Makefile: hook NRI tests into localintegration.
ab73c1dcd test/nri: add a test client with basic NRI tests.
36305e7bd server: hook NRI into request processing.
773e6e005 nri: add experimental NRI adaptation interface.
907f4edf5 config,cli: add support for NRI configuration.
a6430c8c8 Add test for conmonrs cgroup with no infra container
b6f92b04f Add test for default conmon cgroup type
f323d022c Fix applying cgroup for conmonrs when pinned
6c62954e8 Remove cri wrapper package
093d680dd server/metrics: Update seccomp notifier metrics to reduce cardinality
fe2458341 ci: make golangci-lint happy
da96d6be4 Support checkpointing infra less containers
4a541607e build(deps): bump github.com/onsi/ginkgo/v2 from 2.5.0 to 2.6.1
ebe73f411 build(deps): bump google.golang.org/grpc from 1.50.1 to 1.51.0
7d8f2328f Merge log and metrics interceptor
cb8aa99d7 ResourceStore: delete entries after they're used
1b42a3d4c Use containerd v1.7.0-beta.0
41dca27cb server: fail if HOME variable has a newline
c1d7c54fa systemd: use on-failure as restart policy
88782d59c contrib/test/ci: fix SELinux permission issue on RHEL9
8132ef511 ci: update system-packages.yml to install gpgme-devel on fedora
ac319a568 OWNERS: move vrothberg to emeritus approvers
c095c4781 build(deps): bump github.com/urfave/cli/v2 from 2.23.5 to 2.23.7
7150ba10b contrib/test/ci: fix the when condition for CentOS Stream 9
0ffec79a4 contrib/test/ci: enable crb repo for CentOS Stream 9
905e8485a Update security process
3232ffe2a Downgrade cgroupfs test to Ubuntu 20.04
7d848b3c1 Fix GitHub actions CI
b6b4f8235 Add Reddit to ADOPTERS.md
189e9f7eb Disable typecheck linter
b9d94374b Bump golang dependencies
5e71e4f9c contrib/test: set env variables for integration tests
22249fcf9 build(deps): bump sigs.k8s.io/bom from 0.3.0 to 0.4.1
a67e7776c Port remaining logrus with internal/log
14547d489 Pass ctx so that more tracing spans could be created
19bc7330f internal/log: add a function to start new tracing span
834b60336 Setup logrus hook to attach logs to traces
ef3bed00b Remove CRI v1alpha2 support
c9316ec2a Update golangci-lint and config
3b631242b Add seccomp notifier feature
e3416bda9 build(deps): bump cachix/cachix-action from 11 to 12
71252c17b Disable checkpoint image check as early as possible
658a11552 Correctly extend $PATH before calling conmon during restore
a93201a8e Use correct key for tracing hostname field
923f665ca Add docs that `tracing-sampling-rate-per-million` set to 1000000 refers to always sample
999ba7f59 Fix CI
1e8229d45 build(deps): bump github.com/urfave/cli/v2 from 2.19.2 to 2.20.2
3327991b0 build(deps): bump cachix/cachix-action from 10 to 11
0ce9fb039 build(deps): bump google.golang.org/grpc from 1.50.0 to 1.50.1
1f8221f07 build(deps): bump cachix/install-nix-action from 17 to 18
376f7e9df Update dependencies
316830590 Add logs to OpenTelemetry traces
e56855dc7 docs: updated kubernetes tutorial
53e631663 Update conmon-rs to latest `main`
8bf89f341 Minor Checkpoint/Restore improvements
62d77513b Track type of all bind mounts during checkpointing
331f30bfb build(deps): bump google.golang.org/grpc from 1.49.0 to 1.50.0
997032dec .github/CODEOWNERS: drop runcom
a7a279c84 build(deps): bump sigs.k8s.io/zeitgeist from 0.3.2 to 0.3.5
fb66985f1 config: avoid segfault when workloads.resources is nil
0244fee08 support checkpointing to oci image
ae5d39c74 Fix lint CI on `main`
eabfdb404 [#5240] update supported OS versions
26614cad9 build(deps): bump github.com/urfave/cli/v2 from 2.15.0 to 2.17.1
f7c9c2754 build(deps): bump github.com/Microsoft/go-winio from 0.5.2 to 0.6.0
42bb61393 fix: give loopback a name
9ee3457ff test/README: Update url for kata containers
f1be99faa images/os/Dockerfile: Delete this, it's dead code
570a4c1b9 config: translate monitor fields when printing config
32e6520ff Update config readme
5d20c76fb Allow complete Runtimes config to change
88cc2f9b9 build(deps): bump k8s.io/klog/v2 from 2.70.1 to 2.80.1
28861ed60 build(deps): bump actions/stale from 5 to 6
88c1f772f build(deps): bump github.com/opencontainers/image-spec
b6755fc94 build(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc
c9ba93e08 build(deps): bump github.com/containers/podman/v4 from 4.2.0 to 4.2.1
2a876f1a7 build(deps): bump github.com/containers/buildah from 1.27.0 to 1.28.0
db20b31e1 Do not use deprecated SetNames
4ea5eeddf build(deps): bump github.com/container-orchestrated-devices/container-device-interface
481683497 config: do not remove runc if different default runtime
f24ea6702 workloads: fix whitespace
b3f877a64 template: fix whitespace and comments in runtimes table
b7b56c202 contrib/test: set LOG_DIR to debug kubernetes issues
0b0e16b1c Update conmon-rs
8e1a561e8 Bump conmon-rs code to latest `main`
506e0cbef contrib/test: drop userns integration tests
9db3e8e64 Add basic integration tests for runtime reload
877b5fbdc Add notes on runtime reload support to documentation
a3fb007fb Reload runtime configs on reload
29bff1526 Invert conditional check in ValidateDefaultRuntime
2ba6ee2ed Move default runtime validation to its own function
018657b37 use cri-tools version from dependencies.yaml
406f367cb use AddInheritableCapabilities
9070d982d config: add field AddInheritableCapabilities
9d5fbfd90 resourcestore: add test for stages
40d41e3fb server: update stages according to progress with resource creation
bce2bc388 resource store: return stage when a watcher is requested
a8e2fc166 resource store: introduce stages
1955be644 Add conmon-rs e2e to ansible playbook
24304da5e server: return already created ID for duplicated requests
6b627cbc0 cli: fix some inconsistencies in the help text
0cdd90155 Update vendored files
14926effc go.mod: update goresctrl to v0.3.0
53182dd9b build(deps): bump github.com/urfave/cli/v2 from 2.11.2 to 2.15.0
3b6b98872 Add scripts to run node e2e tests using custom cri-o builds
6d66ea7e6 Fix integration CI runs
7a0b131f5 build(deps): bump sigs.k8s.io/zeitgeist from 0.3.1 to 0.3.2
388032759 metrics: close listener on shutdown
ee5d97254 cgmgr: use NewSystemd from createSandboxCgroup
aede1956a contrib/test/ci: add rhel9 variant-specific changes
8ec499266 removes async
b2a72cbd8 migrates tests to run on GCP
76ec212ea Update build instructions for RHEL 8 distribution
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping containerd to version v1.7.0-11-g6ea9bc57f, which comprises the following commits:
d81fc15af update runc binary to v1.1.5
755efbe64 go.mod: github.com/opencontainers/runc v1.1.5
90591db47 Defer uid lookups on Darwin
b7d87b190 Add `WithReadonlyTempMount` to create readonly temporary mounts
1c1b6bcb2 CRI: Don't always close netConfMonitor channel
cf2e454bf Sandbox: Correct/add some fields to Status()
ce68e8e0d Sandbox: Cleanup shim on Start failure
e13a9165e Prepare release notes for v1.7.0
625217d5f RELEASES.md: describe the deprecated config properties
703e2ba4b docs: link docs/managed-opt.md to client.Install
f2bb9c9b0 Go 1.20.2
56354c7de Update ttrpc to v1.2.1
5144ba9c4 sandbox: create sandbox with network namespace path
dd3eedf3c labels: Add LabelDistributionSource
5c9c630c3 use uppercase letters for flag usage
0efc498d3 Prepare release notes for v1.7.0-rc.3
ff4acdc42 metadata: add comments about Image.CreatedAt
6d46bb410 go.mod: go.opentelemetry.io/otel/* v1.14.0
d26587c72 archive: disable looking up usernames and groupnames on the host
535ef5054 go.mod: github.com/stretchr/testify v1.8.2
2b4f830ed go.mod: github.com/opencontainers/selinux v1.11.0
6bfc82daf go.mod: github.com/opencontainers/runtime-spec v1.1.0-rc.1
7c70185ae go.mod: github.com/klauspost/compress v1.16.0
8e67b2731 go.mod: github.com/imdario/mergo v0.3.13
6afec5558 go.mod: github.com/emicklei/go-restful/v3 v3.10.1
c4f928f88 go.mod: github.com/containerd/ttrpc v1.2.0
5630d6a84 go.mod: github.com/containerd/fifo v1.1.0
6d9513231 go.mod: github.com/containerd/cgroups/v3 v3.0.1
da1ffdd75 go.mod: github.com/Microsoft/hcsshim v0.10.0-rc.7
60738e31d Update imgcrypt to v1.1.7
8a4d409b9 Add release notes for v1.7.0-rc.2
d602c9aec docs: fix typo of shim.RunManager's function comment
f70657650 feat: tag image using Transfer api
f7eb86ef3 Sandbox: Delete shim+shutdown sandbox on create failure
6b4b6956e Sandbox: Fix/enhance error messages for Create
8ce3e4e15 epoch: fix unit test when SOURCE_DATE_EPOCH is set
32ed559c8 Add Windows Sandbox Stats (sbserver)
08aa576a9 Add Windows Sandbox Stats
8137e41c4 Add ArgsEscaped support for CRI
5946c1051 *: fix code style issue
98cb6d7eb cri/sbserver: ignore the NOT_FOUND error in exec cleanup
01671e9fc cri: add config ut for invalid drain io timeout value
55e25f164 integration: add testcase to drain exec IO in time
ffebcb122 cri: disable drain-exec-IO if it is empty timeout
791f137a5 *: update drainExecSyncIO docs and validate the timeout
13bf5565e [transfer] update export to use image store references
e2283edef [transfer] update export API types
f6491b004 feat: export images using Transfer api
b9d7eae1a feat(api): add fields to ImageExportStream
3c18decea *: add DrainExecSyncIOTimeout config and disable as by default
a9cbddd65 *: fix typo and skip exec-io-drain-testcase in win
b91f42a14 ctr/tasks: support remapped UID/GID
2e96ba95e Create config struct to take user input
f25ec98d0 Fix linting error `sets.String is deprecated`
8145b15f0 Bump k8s.io deps
04dfd6275 pkg/cri/sbserver: add timeout to drain exec io
82c0f4ff8 pkg/cri/server: add timeout to drain exec io
43d36a254 Add experimental section to RELEASES.md
cd84f752c Prepare release notes for v1.7.0-rc.1
ae42f836f Update mailmap
4522ad886 Update CRI guide link
57fb2d30f Add max shim version environment variable
5c6e9f83d Fix streaming manager deadlock on collection
acf6e9411 Update README with location of security audits
30883d831 Increase CI workflow timeout on Windows.
af7477e43 docs: fix typos in historical/design/data-flow.md
6b589a89f releases: mark 1.5 as EOL
dba6f9db1 Add version to shim protocol
36ae2f6b9 bump go-cni to v1.1.9
cf46d3c6f Treat sandboxes as root gc resources and scan referenced objects
35d42b47f Add Linux arm64 arch to install-protobuf script
727f8530c Prepare release notes for v1.7.0-rc.0
2e9aaf094 docs: update instructions for enabling NRI.
310be5ce6 pkg/nri: update NRI configuration.
8a47c6910 Add a leading space after the comment sign
f53417921 Add unit test to getSupportedPlatform
a6ad9e04e Rewrite install-protobuf script
3769b4840 Rewrite install-protobuf script
47305392c Add configuration options to local transfer service
bd0a2a927 CRI: remove duplicated snapshotters code
49abbe4f2 fix failing TestCDIInjections
30e4a1409 update CDI version to v0.5.4
4728800ab runtime/v2: Get rid of last logrus.Fields usage
4278fbbc7 runtime/v2: Call onCloseWithShimLog for grpc shims
06e085c8b Add Fields type alias to log package
0ecdd341d docs: add more comment to logging.LoggerFunc
ea83632a8 docs: Show how to select GRPC for shims
369339897 Migrate from k8s.gcr.io to registry.k8s.io
a48dbefc1 Fix concurrent writes for UpdateContainerStats
dc27cc0a2 Add macOS build notes
56274749c sandbox: start sandbox with options
2716fd041 dependency: bump go.etcd.io/bbolt to v1.3.7
979a74412 runtime/v2: Log BootstrapParams
4baa1876b contrib/apparmor: remove code related to apparmor_parser version
0ced6ac64 Prepare release notes for v1.7.0-beta.4
90d004ae8 Go 1.20.1
281f89a9d go.mod: go 1.19
d8b68e3cc Stop using math/rand.Read and rand.Seed (deprecated in Go 1.20)
a9ac5f9cb lint: remove `//nolint:dupword` that are no longer needed
9b510e9a8 lint: silence "SA1019: tar.TypeRegA has been deprecated... (staticheck)"
8bf975b4f lint: silence "type `HostFileConfig` is unused (unused)"
4b9fd6ba5 golangci-lint v1.51.1
ac31c9a53 Clean up repeated package import
39bac0dbe error strings should not be capitalized
9a9cfe85e Go 1.19.6
0166783c7 cni: pass in the cgroupPath capability argument
d14758b60 go.mod: bump to go-cni main
e855a5998 cmd/ctr/commands/images: support usage subcommand
9c82e929f release: xx v1.2.1
844252164 Add fallback for windows platforms without osversion
081601f52 Update imagestore interface to support multiple references
646bc3a94 CRI: Create DefaultCRIAnnotations helper
5aab634e1 CRI: Pass sandbox annotations to _other platforms
2b24af8d1 Use options to pass PodSandboxConfig to shims
ebbcb57a4 pkg/cri/sbserver: experimental NRI integration for CRI.
8a1dca0f4 pkg/cri: split out NRI API from pkg/cri/server.
a8bb1ad2a loadConfig pre-inspection in advance
36e7dbdcb ctr version: add args check, prohibit incoming args
750d18ace Extract CRI instrument package
60d04b0b0 pkg: rename {blockio,rdt}_default.go -> nonlinux.go
b61988670 go.mod: github.com/containerd/typeurl/v2 v2.1.0
74b371b98 CRI: Mirror generic toml runtime config under server
8ef298d86 Add transport credentials GRPC opt
77fc0948c Use switch when creating TTRPC/GRPC client
a82e37a5a Add shim bootstrap params
fc2e761e2 Initial GRPC client support
9e5c207e4 Wire up client bridges
4b1ebef3c Add Sandbox service GRPC bridge
47cb5f64b Add Task Service GRPC bridge
51a8db233 Send container events with nil PodSandboxStatus
27c8f4085 Move PLEG event generation back to sbserver to avoid missing pod sandbox status
7cf556075 test: add hostNetwork tests for both windows and linux
d33a43cc2 pkg/apparmor: clarify Godoc
a3265102d Revert "Don't check for apparmor_parser to be present"
c990e3f2e contrib/apparmor: remove version-dependent rules
fe0116ec2 CI: skip some jobs when `repo != containerd/containerd`
3eda46af1 oci: fix additional GIDs
ef2560d16 oci: fix loop iterator aliasing
52f82acb7 btrfs: depend on kernel UAPI instead of libbtrfs
62df35df6 *: introduce wrapper pkgs for blockio and rdt
6cdc221f5 'go routine' should be 'goroutine'
b0e97c0f9 Use multierror for cleanup error
34314717b Remove sandox store and controller service type
a788f6c79 Move local sandbox controller under plugins package
2717685da Refactor sandbox controller interface
0b33a45fa cri: fix Mirrors deprecation comment
5bc3fea62 update fuzz function names in docs with golang naming convention
904a87d26 docs: fix function names in fuzzing test documentation
9e4acc028 importer: stream oci-layout and manifest.json
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping conmon to version v2.1.3-43-g9a3af8f, which comprises the following commits:
9a3af8f logging: avoid opening /dev/null for each write
813c8d7 oom: restore old OOM score
9d3a955 Update CI VM images
b1d7297 Use default umask `0022`
54a0c9c exit: Free allocated string
dbade0d version: bump to v2.1.7
1841000 Fix leaking symbolic links in the opt_socket_path directory
5cff0ce cgroup: Stumble on if we can't set up oom handling
5f669ba bump to v2.1.6
3dc09f6 packit: build in dedicated projects
fffef27 hack: build ginkgo in GOPATH
ef8a9f2 vendor bump ginkgo to v2
b042229 gh actions: bump to go 1.20
c002534 Use --detach instead of -d
df277e2 Fix OOM watcher for cgroupv2 `oom_kill` events
4cb1e4d Lint/format fixes for golang 1.19
a10fe91 Update CI VM Images to F36/F37
2d03ad0 ctrl: drop fifo perms to 0660
8c72109 Fix tools/Makefile with GNU make 4.4
6b600ac bump to v2.1.5
28b3bc7 don't leak syslog_identifier
f903e20 logging: do not read more that the buf size
f4d3beb logging: fix error handling
21f648b cli: Fix conmon-pidfile/container-pidfile description
1df3e90 Makefile: Fix install for FreeBSD
cb0c68b signal: Track changes to get_signal_descriptor in the FreeBSD version
1fbfa33 Packit: initial enablement
5e82bb4 bump to 2.1.4
1420874 signal: handle SIGUSR1 with signalfd
636e239 Use /usr/bin/env to locate bash
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping runc to version v1.1.5-1-g17a2d451, which comprises the following commits:
17a2d451 VERSION: back to development
f19387a6 VERSION: release v1.1.5
8ec02ea1 nsexec: retry unshare on EINVAL
0abab45c Prohibit /proc and /sys to be symlinks
0e6b818a rootless: fix /sys/fs/cgroup mounts
f6e2cd3b nsexec: Check for errors in write_log()
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping runc to version v1.1.5-1-g17a2d451, which comprises the following commits:
17a2d451 VERSION: back to development
f19387a6 VERSION: release v1.1.5
8ec02ea1 nsexec: retry unshare on EINVAL
0abab45c Prohibit /proc and /sys to be symlinks
0e6b818a rootless: fix /sys/fs/cgroup mounts
f6e2cd3b nsexec: Check for errors in write_log()
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
This reverts commit d2a630ce6cf67a145f218012fbf02e4d0d9648df.
The linkshared is fixed upstream and backported in oe-core.
https://git.yoctoproject.org/poky/commit/?id=d5c79ca6a77af1a04992fff4300333e02d94d84d
Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Change 0001-hack-lib-golang.sh-use-CC-from-environment.patch to also
remove the 'export CC=xxx' for amd64. The original patch is a little
strange, it removes such statements for other archs but leaves amd64
untouched. If we're using CC from our environment, we use it for all
targets.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Bumping kubernetes to the next release candidate (april 2023).
We refresh our $GO patch, drop the need to do release artifacts
preparation and add a new INSANE_SKIP for kubelet.
But otherwise, the build and content the same or similar.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping libpod to version v4.4.3-2-g6172f29f9, which comprises the following commits:
2c01aa7e3 Bump to v4.4.4-dev
d2f93d621 Bump to v4.4.3
2ae3c4fe9 Release notes for v4.4.3
d6ea3983d compat: /auth: parse server address correctly
0a897f03f vendor github.com/containers/common@v0.51.1
f7fccc87c pkginstaller: bump Qemu to version 7.2.0
53212ea0e podman machine: Adjust Chrony makestep config
06925d554 [v4.4] fix --health-on-failure=restart in transient unit
9c0d2dc2f podman logs passthrough driver support --cgroups=split
a0fad9f8c journald logs: simplify entry parsing
54b070ee6 podman logs: read journald with passthrough
c5fa9c50f journald: remove initializeJournal()
6b19e1437 netavark: only use aardvark ip as nameserver
d737a815a compat API: network create return 409 for duplicate
1a3a5594a fix "podman logs --since --follow" flake
bd65bf2ed system service --log-level=trace: support hijack
8ab00424b podman-mac-helper: exit 1 on error
badbd8a34 bump golang.org/x/net to v0.8.0
36ab43f77 Fix package restore
df0fe4fcc Quadlet - use the default runtime
594d488b8 Bump to v4.4.3-dev
74afe2688 Bump to v4.4.2
87a1c2701 Release notes for v4.4.2
3abff420a Revert "CI: Temporarily disable all AWS EC2-based tasks"
8322cab91 kube play: only enforce passthrough in Quadlet
d69512b98 Emergency fix for man pages: check for broken includes
9606d7f99 CI: Temporarily disable all AWS EC2-based tasks
ab7a47840 quadlet system tests: add useful defaults, logging
805e94b03 volume,container: chroot to source before exporting content
321d05aa9 install sigproxy before start/attach
84521f52d Update to c/image 5.24.1
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
| |
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The function is_valid_endpoint_url() in botocore is designed to validate
endpoint URLs, but it fails to detect unsafe characters with Python 3.9.5+
and other versions carrying bpo-43882 fix. The issue is caused by urlsplit()
silently stripping LF, CR, and HT characters while splitting the URL,
which disarms the validator in botocore.
This patch detects unsafe characters in is_valid_endpoint_url() and
is_valid_ipv6_endpoint_url() early, in order to fix rejecting invalid URLs
with unsafe characters.
Signed-off-by: Wentao Zhang <wentao.zhang@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The container stack flexibilty features set defaults (like other
parts of the layer) when 'virtualization' is in the distro features.
That reqirement means that the recipes fail parsing and QA checks
when the distro feature isn't enabled.
The defaults are currently safe for a virtualization enabled and
disabled configuration, so we include them in either case.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add support of redirect option for curl, the
linuxcontainers.org sometimes redirect to
other mirror site such like us.lxd.images.canonical.com,
this would cause the lxc-download script report
download failed.
Reproduce and verified on following command:
lxc-create -t download -n test -- --dist archlinux --release current --arch arm64
Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
We need the kvm distro feature to trigger the proper KERNEL_FEATURES
and hence the proper kvm kernel module packages as listed in this
image.
We can avoid questions and issues by checking for the required distro
feature in the image recipe.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Rather than using virtual-runc (which choses between the old docker and
opencontainer variants), use the newly added
VIRTUAL-RUNTIME_container-runtime variable, which allows switching
betwen runc and crun.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
To make it simpler to vary the container runtime and the
networking infrastructure to be used with podman, we use
the recently introduced VIRTUAL-RUNTIME variables that
control these values.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
From the configuration file itself:
These variables represent groupings of functionality in the CNCF
landscape. In particular, they are areas where there is a choice
between more than one implementation or an area where abstraction
is beneficial.
The contents of the variables are are runtime components that
recipes may use for RDEPENDS.
Build dependencies are not typically flexible, so do not currently
have DEPENDS equivalents for the components (i.e. DEPENDS on runc
versus crun).
Distro features such as kubernetes or other container stacks
can be used to set different defaults for these variables.
Note: these are "global" values, since they represent choices.
If more than of a grouping is required on target, then the variable
can be appended or set to multiple values. That being said, Recipes
should generally agree on the values, hence the global namespace.
Recipe specific choices can still be done, but they risk
conflicting on target or causing runtime issues / errors.
## CNCF "components"
# engines: docker-ce/docker-moby, virtual-containerd, cri-o, podman
VIRTUAL-RUNTIME_container_engine ??= "podman"
# runtime: runc, crun, runv, runx
VIRTUAL-RUNTIME_container_runtime ??= "virtual-runc"
# networking: cni, netavark
VIRTUAL-RUNTIME_container_networking ??= "cni"
# dns: cni, aardvark-dns
VIRTUAL-RUNTIME_container_dns ??= "cni"
# orchestration: k8s, k3s
VIRTUAL-RUNTIME_container_orchestration ??= "k3s"
## Kubernetes terminology "components"
VIRTUAL-RUNTIME_cri ??= "containerd"
VIRTUAL-RUNTIME_cni ??= "cni"
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
| |
The -dev kernel is on 6.2, so we create a .inc file to match.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping docker to version v23.0.1-34-gbfc8e1ae36, which comprises the following commits:
2337258d28 libnet/networkdb: fix nil-dereference panic in test
d6d48dd95d Upgrade to golangci-lint v1.51.2
c4b655830d Migrate away from things deprecated in Go 1.20
c6bf777eae d/l/awslogs: fix ineffective Add in test
da10937926 daemon: handle EISDIR error from runtime
938ed9a1ed distribution/xfer: make off-by-one error a feature
ca712d6947 Fix loop-closure bugs in tests
2c55b264f7 Upgrade containerd/fifo to v1.1.0
8fd038fb71 dependency: bump go.etcd.io/bbolt to v1.3.7
87a1517f8f vendor: golang.org/x/net v0.7.0
d15010643c vendor: golang.org/x/text v0.7.0
0727310950 vendor: golang.org/x/sys v0.5.0
b8c448ef24 Revert "apparmor: Check if apparmor_parser is available"
a3f5319563 vendor: github.com/containerd/containerd v1.6.18
52d667794f [23.0] update containerd binary to v1.6.18
11715a05ca update to go1.19.6
962c238c17 libnet/networkdb: use atomics for stats counters
20d05e235e libnetwork/networkdb: make go test -race ./libnetwork/networkdb pass
c2d69d06b0 api/s/r/swarm: log backend errors at Debug level
7c09feb58c libnetwork: check DNS loopback with user DNS opts
6c2637be11 Do not log connection info before the connection exists
4002fa877b vendor: update buildkit to latest v0.10
Bumping docker-cli to version v23.0.1-2-g1ab7665be, which comprises the following commits:
1810e922a docs: drop dated comments about graphdrivers
27b19a6ac ci: fix branch filter pattern
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping moby to version v23.0.1-34-gbfc8e1ae36, which comprises the following commits:
2337258d28 libnet/networkdb: fix nil-dereference panic in test
d6d48dd95d Upgrade to golangci-lint v1.51.2
c4b655830d Migrate away from things deprecated in Go 1.20
c6bf777eae d/l/awslogs: fix ineffective Add in test
da10937926 daemon: handle EISDIR error from runtime
938ed9a1ed distribution/xfer: make off-by-one error a feature
ca712d6947 Fix loop-closure bugs in tests
2c55b264f7 Upgrade containerd/fifo to v1.1.0
8fd038fb71 dependency: bump go.etcd.io/bbolt to v1.3.7
87a1517f8f vendor: golang.org/x/net v0.7.0
d15010643c vendor: golang.org/x/text v0.7.0
0727310950 vendor: golang.org/x/sys v0.5.0
b8c448ef24 Revert "apparmor: Check if apparmor_parser is available"
a3f5319563 vendor: github.com/containerd/containerd v1.6.18
52d667794f [23.0] update containerd binary to v1.6.18
11715a05ca update to go1.19.6
962c238c17 libnet/networkdb: use atomics for stats counters
20d05e235e libnetwork/networkdb: make go test -race ./libnetwork/networkdb pass
c2d69d06b0 api/s/r/swarm: log backend errors at Debug level
7c09feb58c libnetwork: check DNS loopback with user DNS opts
6c2637be11 Do not log connection info before the connection exists
4002fa877b vendor: update buildkit to latest v0.10
Bumping docker-cli to version v23.0.1-2-g1ab7665be, which comprises the following commits:
1810e922a docs: drop dated comments about graphdrivers
27b19a6ac ci: fix branch filter pattern
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping crun to version 1.8.1-3-ga09ab72, which comprises the following commits:
11d1baf build(deps): bump actions/upload-artifact from 2 to 3
f8a096b NEWS: tag 1.8.1
4748543 utils: drop magic number 4096
b022227 utils: use mempage size buffer to read /proc/mounts
2da0773 linux: always use direct mapping
6cdf51c container: delete cgroup on errors
fba646e cgroup: rmdir the entire systemd scope
3221684 crun.1.md: fix typo
31bcf8f crun.1.md: fix markup
5007784 build: delete .version file on make clean
46fbeee cgroup: reset systemd unit if start fails
7e7a4db cgroup: do not add default dependencies
4bd4c4e test: run codespell on the correct directory
8b46c45 src: run codespell
b841b71 Support passing an attribute to change the mount_context_type
2ca4233 test: fix path for crictl
ce66b2e Revert "Support passing an attribute to change the mount_context_type"
87b69c3 Support passing an attribute to change the mount_context_type
d23a94a krun: create /dev/sev as part of the OCI configuration
84092f6 handlers: add hook for exec
83f3ab2 handlers: rename exec_func to run_func
93a8e2f krun: always allow /dev/kvm
675e87c handlers: update uses modify_oci_configuration
1efd61a update: move json parsing to container
c9b230a handlers: provide cleanup function
bd22751 handlers: move cookie data under the same struct
71bf884 handlers: add new hook to modify the OCI configuration
b3e167d crun: set handler for all commands
f0f7b8c handlers: initialize handler in the parent process
cfec5ce NEWS: tag 1.8
957796e libcrun: remove unused intprops.h
8363deb linux: move PR_SET_DUMPABLE after userns creation
83de960 dist: do not include binary tests
188e0ce nix: add gcrypt dependency
f7c715d nix: remove protobuf dependency
765161c nix: refactor same command line
98898d2 nix: update image to nixos/nix:2.12.0
bcae634 Add support for ppc64le
9b287dd README.md: add CodeQL badge
ed7598d README.md: drop lgtm badges
1a61b4d utils: shrink read buffer if necessary
2a5cc1d nix: update packages
7d9fa03 tests, centos8-build: add safe.directory /crun
822ca4a utils: add utils to access /proc/$PID/fd/$FD paths
0554b0a utils: change initial size for buffer
742e8fc utils: reallocate only if needed
4e379c6 cgroup: support cpuset mounted with noprefix
58166e6 linux: set PR_SET_DUMPABLE
908bfc4 linux: mount cgroup ro on /sys bind mount fallback
cd1cf0b linux: add two new arguments to get_bind_mount
b84bde9 linux: mount the source cgroup if cgroupns=host
03d2969 linux: refactor out helper function
75f5c1a linux: fix error message
234d77c linux: precreate devices on the host
f23cd15 utils: add functions to read overflow IDs
85767be linux: remove duplicate slash
1e29136 linux: generalize fsopen_mount
a186e8a linux: add dirfd argument to get_bind_mount
7e42a18 linux: add infra to send devices mounts
a6c9453 linux: generalize receive_mounts
b0fe2e4 linux: refactor code in a separate function
05f1298 contrib, seccomp-notify-plugin: free args on error to prevent leak
a34dd94 cri-o,test: skip failing test unrelated to crun
78cf10f crun: fix clang format
278b9b4 src/crun.c: fix build without dlfcn.h
0ebf4e7 build(deps): bump uraimo/run-on-arch-action from 2.3.0 to 2.5.0
4832ca4 Don't clone self from read-only mount
9df7442 tests, wasmedge: copy libraries under /usr/lib64
2044720 tests, wasmedge-build: install which
6f0d03c tests, crio: skip checkpoint/restore tests
d406a97 tests, centos9-build: add safe.directory /crun
81b4ba0 tests, cri-o: add criu-libs rpm
ca41c80 cloned_binary: use cleanup_close
e1c3906 tests, cri-o: update go to 1.19
a83001b cgroups v1: fix legacy mode mount.
26fe138 utils: fix applying AppArmor profile
1cfaf54 tests: disable some CRI-O failing tests
5e3ef32 crun: write setgroups=deny when mapping a single uid/gid
da84be0 github: fix cri-o CI on cgroupv2
cdf7864 tests: disable test that requires io.bfq.weight
c54fc6f github: fix running on cgroupv2
0356bf4 NEWS: tag 1.7.2
d389308 criu: hardcode to libcriu version 2
3880f04 cgroup: always enable controller
258c237 crun: fix compile time check for CRIU
6ce11e8 copr: enable wasmedge on all active envs
ada59b2 tests: fix podman tests
d068462 NEWS: tag 1.7.1
9893e99 utils: Improve debug message
db08071 linux: include terminal \0 when copying mapping
67f58c6 utils: fix creating default userns
5689bd1 krun: disable libkrun's collection of env vars
6b8da56 krun: copy the OCI configuration file
92db973 configure.ac: do not link libcriu dynamically
f6a5109 criu: add check at runtime for the version
8c3fc12 criu: load libcriu dynamically
b3189ef src: run make clang-format
be6c22c fix timestamp format, tv_usec is microsecond not nanosecond
ff95309 copr: enable wasmedge on epel9
40f66c0 seccomp: initialize libgcrypt
9bff00a Add setlinebuf() when --debug and --log=file: are used.
cb6ae27 handlers: set selinux/apparmor profile
0efbe56 utils: change AppArmor profile for the current proc
f1f286a utils: change SELinux label for the current proc
a1cd1a6 handlers: use only the handler name if needed
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
| |
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
| |
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
The aardvark-dns is an optional runtime dependency of the netavark.
This recipe introduces the aardvark-dns, so it can be integrated
to netavark.
Signed-off-by: Vasileios Anagnostopoulos <vasileios.anagnostopoulos@siemens.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Vasileios Anagnostopoulos <vasileios.anagnostopoulos@siemens.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
The recipe is generated via cargo-bitbake. Modifications are done
in netavark.inc to allow re-genrating the recipe for future updates.
Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
Signed-off-by: Vasileios Anagnostopoulos <vasileios.anagnostopoulos@siemens.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Redefine do_compile logic to drop {LINKSHARED} to fix the
below build failure.
WARNING: /build/tmp-glibc/work/cortexa53-wrs-linux/yq/4.30.8+gitdd6cf3df146f3e2c0f8c765a6ef9e35780ad8cc1-r0/temp/run.do_compile.923432:185 exit 1 from 'aarch64-wrs-linux-go install -linkshared -p 48 -v -ldflags="-r /usr/lib64/go/pkg/linux_arm64_dynlink -I /lib64/ld-linux-aarch64.so.1 -extldflags ' -mcpu=cortex-a53 -march=armv8-a+crc -fstack-protector-strong -O2 -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security --sysroot=/build/tmp-glibc/work/cortexa53-wrs-linux/yq/4.30.8+gitdd6cf3df146f3e2c0f8c765a6ef9e35780ad8cc1-r0/recipe-sysroot -Wl,-rpath-link=/build/tmp-glibc/work/cortexa53-wrs-linux/yq/4.30.8+gitdd6cf3df146f3e2c0f8c765a6ef9e35780ad8cc1-r0/recipe-sysroot/usr/lib64/go/pkg/linux_arm64_dynlink -Wl,-O1 -Wl,--hash-style=gnu -Wl,--as-needed -fmacro-prefix-map=/build/tmp-glibc/work/cortexa53-wrs-linux/yq/4.30.8+gitdd6cf3df146f3e2c0f8c765a6ef9e35780ad8cc1-r0/yq-4.30.8+gitdd6cf3df146f3e2c0f8c765a6ef9e35780ad8cc1=/usr/src/debug/yq/4.30.8+gitdd6cf3df146f3e2c0f8c765a6ef9e35780ad8cc1-r0 -fdebug-prefix-map=/build/tmp-glibc/work/cortexa53-wrs-linux/yq/4.30.8+gitdd6cf3df146f3e2c0f8c765a6ef9e35780ad8cc1-r0/yq-4.30.8+gitdd6cf3df146f3e2c0f8c765a6ef9e35780ad8cc1=/usr/src/debug/yq/4.30.8+gitdd6cf3df146f3e2c0f8c765a6ef9e35780ad8cc1-r0 -fmacro-prefix-map=/build/tmp-glibc/work/cortexa53-wrs-linux/yq/4.30.8+gitdd6cf3df146f3e2c0f8c765a6ef9e35780ad8cc1-r0/build=/usr/src/debug/yq/4.30.8+gitdd6cf3df146f3e2c0f8c765a6ef9e35780ad8cc1-r0 -fdebug-prefix-map=/build/tmp-glibc/work/cortexa53-wrs-linux/yq/4.30.8+gitdd6cf3df146f3e2c0f8c765a6ef9e35780ad8cc1-r0/build=/usr/src/debug/yq/4.30.8+gitdd6cf3df146f3e2c0f8c765a6ef9e35780ad8cc1-r0 -fdebug-prefix-map=/build/tmp-glibc/work/cortexa53-wrs-linux/yq/4.30.8+gitdd6cf3df146f3e2c0f8c765a6ef9e35780ad8cc1-r0/recipe-sysroot= -fmacro-prefix-map=/build/tmp-glibc/work/cortexa53-wrs-linux/yq/4.30.8+gitdd6cf3df146f3e2c0f8c765a6ef9e35780ad8cc1-r0/recipe-sysroot= -fdebug-prefix-map=/build/tmp-glibc/work/cortexa53-wrs-linux/yq/4.30.8+gitdd6cf3df146f3e2c0f8c765a6ef9e35780ad8cc1-r0/recipe-sysroot-native= -Wl,-z,relro,-z,now'" -trimpath -buildmode=pie `go_list_packages`'
Before the patch:
# rpm -ql yq
/usr
/usr/bin
/usr/bin/yq
# du -sh /usr/bin/yq
5.2M /usr/bin/yq
After the patch:
# rpm -ql yq
/usr
/usr/bin
/usr/bin/yq
# du -sh /usr/bin/yq
9.0M /usr/bin/yq
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
lxc-test-apparmor-mount and lxc-test-get_item related to apparmor,
since the lxc-test-apparmor has been already skipped, so also skip
those two cases.
Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Remove the '.git' suffix of the cobra in SRC_URI to make the cobra
SRC_URI exactly the same among the recipes which define cobra to
make sure two local git repos (Yocto supports fetching locally)
which are the same.
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We drop our backported patch, since it is now part of the upstream
project.
We also drop {LINKSHARED} from the build, as with the updated buildah
and golang version bumps in oe-core, we get the following build error:
| # github.com/containers/buildah/cmd/buildah
| type:*crypto/elliptic.nistCurve[*crypto/internal/nistec.P384Point]: unreachable sym in relocation: crypto/elliptic.(*nistCurve[*crypto/internal/nistec.P384Point]).Add
| type:*crypto/elliptic.nistCurve[*crypto/internal/nistec.P384Point]: unreachable sym in relocation: crypto/elliptic.(*nistCurve[*crypto/internal/nistec.P384Point]).Add
It is unclear what the linked shared flag was providing in our build,
and we are generally ok with statically linked go applications. So we
drop the flag until a compelling reason exists to debug the linking
failure.
Bumping buildah to version v1.29.1-1-g7fa17a842, which comprises the following commits:
faf0d4fcb [release-1.29] Bump to Buildah v1.29.1
7d5ff3012 Update to c/image 5.24.1
94b723cb5 Bump to v1.29.0
c9cbc6d7d tests: improve build-with-network-test
5e3f26de2 Bump c/storagev1.45.3, c/imagev5.24.0, c/commonv0.51.0
b70fb1765 build(deps): bump github.com/onsi/gomega from 1.25.0 to 1.26.0
fe0256d38 Flake 3710 has been closed. Reenable the test.
f9ef51cbb [CI:DOCS] Fix two diversity issues in a tutorial
3ef898e41 build(deps): bump github.com/fsouza/go-dockerclient from 1.9.2 to 1.9.3
0d87e38b6 vendor in latests containers/(storage, common, image)
15bdd2aad fix bud-multiple-platform-with-base-as-default-arg flake
ac7458e70 stage_executor: while mounting stages use freshly built stage
e1cfcb240 build(deps): bump github.com/fsouza/go-dockerclient from 1.9.0 to 1.9.2
d1c82c29a build(deps): bump github.com/onsi/gomega from 1.24.2 to 1.25.0
4dec25346 vendor in latests containers/(storage, common, image, ocicyrpt)
c0f6c6b7a [Itests: change the runtime-flag test for crun
186b30168 [CI:DOCS] README: drop sudo
1950ab687 Fix multi-arch manifest-list build timeouts
d106e425a Cirrus: Update VM Images
67ab55bbb bud: Consolidate multiple synthetic LABEL instructions
9fced965e build, secret: allow realtive mountpoints wrt to work dir
938c03556 fixed squash documentation
59da1a7f7 build(deps): bump github.com/containerd/containerd from 1.6.14 to 1.6.15
4952862a2 Correct minor comment
820fafc88 Vendor in latest containers/(common, image, storage)
a75b263f7 system tests: remove unhelpful assertions
356668389 buildah: add prune command and expose CleanCacheMount API
a5e177586 vendor: bump c/storage to a747b27
60be7f250 Add support for --group-add to buildah from
00d8d94cb build(deps): bump actions/stale from 6 to 7
e33bb8678 Add documentation for buildah build --pull=missing
5828918bc build(deps): bump github.com/containerd/containerd from 1.6.12 to 1.6.14
4aa28f6a7 build(deps): bump github.com/docker/docker
7a4702ae2 parse: default ignorefile must not point to symlink outside context
67c2e4de5 buildah: wrap network setup errors
d9578d32c build, mount: allow realtive mountpoints wrt to work dir
57a77073a Update to F37 CI VM Images, re-enable prior-fedora
798a250d4 Update vendor or containers/(image, storage, common)
ca96c3678 build(deps): bump golang.org/x/crypto from 0.3.0 to 0.4.0
e0054a03d Update contact information
e5cc78c43 build(deps): bump golang.org/x/term from 0.2.0 to 0.3.0
46eea3158 Replace io/ioutil calls with os calls
0183471b9 [skip-ci] GHA/Cirrus-cron: Fix execution order
8428bc87b Vendor in containers/common
e60c4d7e5 build(deps): bump golang.org/x/sys from 0.2.0 to 0.3.0
ffed85036 remote-cache: support multiple sources and destinations
a1698cde6 Update c/storage after https://github.com/containers/storage/pull/1436
025a8df51 util.SortMounts(): make the returned order more stable
5e792e97b version: Bump to 1.29.0-dev
498b45770 [CI:BUILD] Cirrus: Migrate OSX task to M1
94560581d Update vendor of containers/(common, storage, image)
e6eb05f75 mount=type=cache: seperate cache parent on host for each user
20dd347b9 Fix installation instructions for Gentoo Linux
e162302df build(deps): bump github.com/containerd/containerd from 1.6.9 to 1.6.10
1cfb5eafb GHA: Reuse both cirrus rerun and check workflows
5bd5a4f9d Vendor in latest containers/(common,image,storage)
8e4979e81 build(deps): bump github.com/onsi/gomega from 1.24.0 to 1.24.1
3d755b5eb copier.Put(): clear up os/syscall mode bit confusion
1a18ab341 build(deps): bump golang.org/x/sys from 0.1.0 to 0.2.0
646c28290 Use TypeBind consistently to name bind/nullfs mounts
d4c661a77 Add no-new-privileges flag
1f372c08a Update vendor of containers/(common, image, storage)
b2054360a imagebuildah:build with --all-platforms must honor args for base images
a17238891 codespell code
217b2d524 Expand args and env when using --all-platforms
c554e5330 build(deps): bump github.com/onsi/gomega from 1.23.0 to 1.24.0
ed3707765 GHA: Simplify Cirrus-Cron check slightly
1091222b2 Stop using ubi8
cec864147 remove unnecessary (hence misleading) rmi
ffb00243f chroot: fix mounting of ro bind mounts
a237085fe executor: honor default ARG value while eval base name
481b3cc95 userns: add arbitrary steps/stage to --userns=auto test
dc733f1d2 Don't set allow.mount in the vnet jail on Freebsd
e867db39b copier: Preserve file flags when copying archives on FreeBSD
bf4420f25 Remove quiet flag, so that it works in podman-remote
8b1a490bd test: fix preserve rootfs with --mount for podman-remote
b24449990 test: fix prune logic for cache-from after adding content summary
4290ab5af vendor in latest containers/(storage, common, image)
1d0dd78c3 Fix RUN --mount=type=bind,from=<stage> not preserving rootfs of stage
7aa34b86f Define and use a safe, reliable test image
87e379d5b Fix word missing in Container Tools Guide
57f370d9d Makefile: Use $(MAKE) to start sub-makes in install.tools
3223610ff imagebuildah: pull cache from remote repo after adding content summary
f9693d0a5 Makefile: Fix install on FreeBSD
835668715 Ensure the cache volume locks are unlocked on all paths
0d7414703 Vendor in latest containers/(common,storage)
60382209e Simplify the interface of GetCacheMount and getCacheMount
8f955f801 Fix cache locks with multiple mounts
bdd62ef87 Remove calls to Lockfile.Locked()
cfa10d16c Maintain cache mount locks as lock objects instead of paths
ffb2f27a8 test: cleaning cache must not clean lockfiles
6838cbc81 run: honor lockfiles for multiple --mount instruction
f2e0af5c4 mount,cache: lockfiles must not be part of users cache content
6fa774ddc Update vendor containers/(common,image,storage)
bdb549478 [CI:BUILD] copr: buildah rpm should depend on containers-common-extra
eb9f3648b pr-should-include-tests: allow specfile, golangci
da214d6d4 build(deps): bump dawidd6/action-send-mail from 3.7.0 to 3.7.1
5baed90cd build(deps): bump github.com/docker/docker
82431441a build(deps): bump github.com/fsouza/go-dockerclient from 1.8.3 to 1.9.0
9226bd312 Update vendor containers/(common,image,storage)
26a29674a build(deps): bump actions/upload-artifact from 2 to 3
cadd801fc build(deps): bump actions/checkout from 2 to 3
8ec69a9ad build(deps): bump actions/stale from 1 to 6
356ab96d7 build(deps): bump dawidd6/action-send-mail from 2.2.2 to 3.7.0
27032ea0f build(deps): bump tim-actions/get-pr-commits from 1.1.0 to 1.2.0
5038a0dae sshagent: LockOSThread before setting SocketLabel
4f272ee49 Update tests for error message changes
788fddb1d Update c/image after https://github.com/containers/image/pull/1299
f232da006 Fix ident for dependabot gha block
acc230dc3 build(deps): bump github.com/containers/ocicrypt from 1.1.5 to 1.1.6
dc81652ff Fix man pages to match latest cobra settings
7260a4b0d build(deps): bump github.com/spf13/cobra from 1.5.0 to 1.6.0
fba8daf13 build(deps): bump github.com/onsi/gomega from 1.20.2 to 1.22.1
df8f0fa88 test: retrofit 'bud with undefined build arg directory'
9d43eb95e imagebuildah: warnOnUnsetBuildArgs while processing stages from executor
1a2af6864 Update contrib/buildahimage/Containerfile
e1c7a5df1 Cirrus CI add flavor parameter
b5c86a8e0 Correction - `FLAVOR` not `FLAVOUR`
f5fc96e79 Changed build argument from `RELEASE` to `FLAVOUR`
36afa3530 Combine buildahimage Containerfiles
472c46f98 bud.bats refactoring: $TEST_SCRATCH_DIR, part 2 of 2
ca65736da bud.bats refactoring: $TEST_SCRATCH_DIR, part 1 of 2
2adbe2a58 System test cleanup: document, clarify, fix
bf0a6e073 test: removing unneeded/expensive COPY
94ea37767 test: warning behaviour for unset/set TARGETOS,TARGETARCH,TARGETPLATFORM
eae3415b1 Bump to v1.28.1-dev
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
| |
skopeo rdepends on it, and skopeo has been extended to native and
nativesdk, so container-host-config needs also be extended.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The /etc/containers/policy.json[1] file is used to specify verification
policy. For now, we can see it's used by both cri-o and skopeo. To avoid
conflict, we use container-host-config to provide this file and make both
skopeo and cri-o depend on it.
[1] https://github.com/containers/image/blob/main/docs/containers-policy.json.5.md
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* don't export CGO_CFLAGS/CGO_CXXFLAGS like the previous version
didn't before:
https://git.yoctoproject.org/meta-virtualization/commit/?id=aceed7bf95cc8a42c8f470d8edf3c6f03d49da00
* both docker-moby and docker-ce have the same issue as shown with
qemuarm build:
docker-moby: http://errors.yoctoproject.org/Errors/Details/690021/
docker-ce: http://errors.yoctoproject.org/Errors/Details/690020/
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The old crio.conf file can cause cri-o start failure. The error
message is as below.
validating runtime config: runtime validation: failed to \
translate monitor fields for runtime runc: cgroupfs manager \
conmon cgroup should be 'pod' or empty
Use new crio.conf file to solve this issue. The file is generated
by 'crio --config="" config --default' command, as indicated in
the old crio.conf file.
With this config file update, the crio.service can now start correctly.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
crio.service now reports the following error messages:
level=error msg="Writing clean shutdown supported file: \
open /var/lib/crio/clean.shutdown.supported: no such file or directory"
level=error msg="Failed to sync parent directory of clean \
shutdown file: open /var/lib/crio: no such file or directory"
Create /var/lib/crio to avoid such error message.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
For cri-o, libselinux is optional, this can be seen from
its Makefile. So let's make selinux optional by using PACKAGECONFIG,
whose default value is determined by the DISTRO_FEATURES. In this
way, meta-selinux dependency is not necessary.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
| |
libseccomp is not in oe-core. There's no need to check
meta-security any more.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
| |
ostree is in meta-oe, libseccomp is in oe-core. So remove these two.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Instead of providing storage and registries configuration files
in this package, we inherit container-host which will provide a
common definition of these configs.
This allows multiple packages to ensure that the configuration
files are present, and not conflict in their installation.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a configuration only recipe that produces a package which
installs some common configuration files.
In this introduction we have both registries.conf and storage.conf.
Packages that require these files should RDEPEND on this package
(or inherit container-host.bbclass) and the files will be installed.
If conflicting requirements for these global configuration files
arise, they can be resolved through additions to this recipe, or by
providing a higher priority version of the .conf files.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Introducing a small (at the moment) class that represents configuration
and processing required to prepare a target image to be a container
host.
A recipe that requires container configuration should inherit this
class, and the container-host-config package will be added as a
RDEPENDS, and install common configuration files.
In the future, additional functionality or dependencies will be added
here to synchronize the configuration of multiple container host
packages.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping cri-o to version v1.25.2-11-g1a6bb9c9b, which comprises the following commits:
32d1cb665 mocks: update with new c/storage mocks
fb2753ee2 bump c/storage to fix map leak
3a9449924 Make storage unmount less strict
63f413530 Inject release-notes branch from GitHub actions
7037d1568 ResourceStore: delete entries after they're used
dfff7e6b4 ci-verify: Run get-scripts only on main branch
51d3621c2 Fix GitHub actions CI
aba30569c version: bump to 1.25.2
2845bb5f5 Update c/storage to v1.44.0
c431b53ca Use containerd v1.7.0-beta.0
36c4d1bc2 Bump conmon-rs to v0.4.0
dc9a6b1a8 version: bump to 1.25.1
2863b7d6e Fix lint CI on `main`
e7e849359 config: translate monitor fields when printing config
9edf0c5c7 workloads: fix whitespace
bea0f973d template: fix whitespace and comments in runtimes table
aa329a1e3 Update config README
556d85231 Allow complete Runtimes config to change
9dc1a70b4 Add basic integration tests for runtime reload
7fcef1dbd Add notes on runtime reload support to documentation
d51a01ad3 Reload runtime configs on reload
f06c01231 Invert conditional check in ValidateDefaultRuntime
7ef8fac1a Move default runtime validation to its own function
23081649b config: do not remove runc if different default runtime
b6b835512 use AddInheritableCapabilities
4e4749a27 config: add field AddInheritableCapabilities
24feb7778 server: return already created ID for duplicated requests
e2cce29fc resourcestore: add test for stages
7e7a8d923 server: update stages according to progress with resource creation
b15581620 resource store: return stage when a watcher is requested
398964d9e resource store: introduce stages
706f920f9 cli: fix some inconsistencies in the help text
ebc644a68 Update runc to v1.1.4
a05ddfb4a Fix lint CI
f253c4b7c test: add checkpoint/restore tests
b033570b3 test: do not hard code CNI location
15ec8f36c Provide support for checkpoint and restore
f06e5c8d5 vendor: bump conmon-rs to latest main
7076f72ab oci: add --systemd-cgroup to all runtime commands
f09c1d31b oci: refactor runtime command handling
08ce6edce oci: take ExecCmd
4f5ca801b Update golangci-lint, config and timeout
db3b399a8 server: add container GID to additional groups
b3f970d0f build(deps): bump google.golang.org/grpc from 1.48.0 to 1.49.0
f68121a5b build(deps): bump github.com/containers/kubensmnt from 1.1.3 to 1.2.0
cd90ce156 Bump Kubernetes to v1.25.0
3ba908fdd build(deps): bump github.com/containers/kubensmnt from 1.1.2 to 1.1.3
b241c32d8 Adding annotations for image and sandbox name.
9ef68e8e7 Fix bundle e2e tests
45966c89c build(deps): bump github.com/container-orchestrated-devices/container-device-interface
4b6936f8f bump cri-api to k8s 1.25 rc0
e27f28868 build(deps): bump github.com/urfave/cli/v2 from 2.11.1 to 2.11.2
1ecd63643 build(deps): bump github.com/containers/podman/v4
10069a178 build(deps): bump github.com/containerd/containerd from 1.6.6 to 1.6.8
4b10ed79f build(deps): bump github.com/prometheus/client_golang
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We drop a patch that is now part of the release.
Bumping skopeo to version v1.11.0-39-g95680f3c, which comprises the following commits:
643a2359 Update c/image after https://github.com/containers/image/pull/1816
2c6e15b5 Run codespell on codebase
df708d16 [CI:DOCS] Disable dependabot
2acac8a6 Update module golang.org/x/term to v0.5.0
f9e2c676 Update golang.org/x/exp digest to 46f607a
47c7902e Remove unnecessary blank lines
c1a57ca1 Pre-allocate an array
2a7b1327 Simplify a condition
e7ab33e6 Rename a variable to avoid an underscore
e90c381a Add missing comment punctuation
70c06b4a Fix, or remove, comments using lint syntax
9137ac56 Simplify an increment
efc6e837 Reformat import statements
a8b9e4e3 Use %w when wrapping errors
99215e40 Remove a duplicate word
afa031e8 Use net/netip.Addr instead of net.IP
891ba3d4 s/interface{}/any/g
f2b3a9c0 Use golang.org/x/exp
f1a6d427 Use strings.Cut
22955d05 go mod tidy -go=1.18
007f01c6 [CI:BUILD] enable debuginfo for el8 copr builds
036bf598 [CI:BUILD] copr: fix el8 build and enable debuginfo
f9406bb0 Cirrus: Use human-readable CI VM Images
b41b85ab Update module gopkg.in/yaml.v2 to v3
d2fbec35 Add unit tests for tlsVerifyConfig's yaml.Unmarshaler
9e24a195 [CI:DOCS] Fix up language in README
cc958d3e Move to v1.11.1-dev
9d036f30 Bump to v1.11.0
83bcd136 [CI:DOCS] Format manual page documents
afbdaf8e Update module github.com/containers/common to v0.51.0
c9114248 Update module github.com/containers/image/v5 to v5.24.0
0fad1193 Add (skopeo generate-sigstore-key)
48b9d94c Update c/image after https://github.com/containers/image/pull/1810
80e3fd10 Touch up conscious language issues
9f04dfde Partially fix removal of temporary data in (make test-system)
36c480f6 Don't affect $XDG_RUNTIME_DIR of Podman starting the registry
850bc49d Update module github.com/containers/storage to v1.45.3
a98c1372 Fix storage.conf setup in test-system
19815502 Fix (test-integration), in a container without CI
67a8bef6 Cirrus: Fix c/image CI testing
63da8390 Bump github.com/containers/ocicrypt from 1.1.6 to 1.1.7
1fac61ef Cirrus: Add a common intra-test reset function
292962d3 Fix unnecessary use of podman in CI test
e239f32a Cirrus: Update to F37 CI VM Images
ee804858 Cirrus: Remove redundant package install attempt
0698e82b fix(deps): update module github.com/containers/storage to v1.45.1
bb1ac893 Add support for Fulcio and Rekor, and --sign-by-sigstore=param-file
03b5bdec Update c/image after https://github.com/containers/image/pull/1787
1133a2a3 fix(deps): update module github.com/containers/storage to v1.45.0
d0cf39d8 Cirrus: Skip OSX CI on release-branches
f17eafe8 Correctly use the stdout parameter in some places
58bccf38 fix(deps): update module golang.org/x/term to v0.4.0
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping runc to version v1.1.4-20-gc6781d10, which comprises the following commits:
f6e2cd3b nsexec: Check for errors in write_log()
9233b3d0 tests/int: test for /dev/null owner regression
fa722c1d libcontainer: skip chown of /dev/null caused by fd redirection
53ceeeab Explicitly pin busybox and debian downloads
3b6625c6 tests/integration/get-images.sh: fix busybox.tar.xz URL
b8ebeece tests: replace local hello world bundle with busybox bundle
e9f8fd32 [1.1] Vagrantfile.fedora: upgrade Fedora to 37
e6a8287c ci: shellcheck: update to 0.8.0, fix/suppress new warnings
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping runc to version v1.1.4-20-gc6781d10, which comprises the following commits:
f6e2cd3b nsexec: Check for errors in write_log()
9233b3d0 tests/int: test for /dev/null owner regression
fa722c1d libcontainer: skip chown of /dev/null caused by fd redirection
53ceeeab Explicitly pin busybox and debian downloads
3b6625c6 tests/integration/get-images.sh: fix busybox.tar.xz URL
b8ebeece tests: replace local hello world bundle with busybox bundle
e9f8fd32 [1.1] Vagrantfile.fedora: upgrade Fedora to 37
e6a8287c ci: shellcheck: update to 0.8.0, fix/suppress new warnings
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping podman-tui to version v0.7.0-68-g907b4d6, which comprises the following commits:
80431f0 Bump golang.org/x/crypto from 0.5.0 to 0.6.0
dc402ba Bump github.com/docker/docker
1fb79aa Bump github.com/rs/zerolog from 1.28.0 to 1.29.0
b1fe3c4 Bump github.com/containerd/containerd from 1.6.8 to 1.6.12
197f356 Bump github.com/sylabs/sif/v2 from 2.8.0 to 2.8.1
7f43ecc Bump github.com/docker/docker
1fdbb8d Bump golang.org/x/crypto from 0.4.0 to 0.5.0
6941d4b Bump github.com/navidys/tvxwidgets from 0.2.0 to 0.3.0
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We adjust FILES to pickup new systemd utilities, but otherwise the
recipe is unchanged.
Bumping libpod to version v4.4.1-6-g73f52c051, which comprises the following commits:
84521f52d Update to c/image 5.24.1
8e5eb9a79 events + container inspect test: RHEL fixes
65c412383 Bump to v4.4.2-dev
34e8f3933 Bump to v4.4.1
7431f3d00 Update release notes for Podman 4.4.1
68a58c9a1 kube play: do not teardown unconditionally on error
a1cc3733b Resolve symlink path for qemu directory if possible
c3d781de0 events: document journald identifiers
52ae4a2c4 Quadlet: exit 0 when there are no files to process
1ee04fcc7 Cleanup podman-systemd.unit file
f3ea36100 Install podman-systemd.unit man page, make quadlet discoverable
2b7ea6442 Add missing return after errors
1d76a166c oci: bind mount /sys with --userns=(auto|pod:)
20d31a0a6 docs: specify order preference for FROM
590186e0d Cirrus: Fix & remove GraphQL API tests
7407ccdc3 test: adapt test to work on cgroupv1
c2971a66a make hack/markdown-preprocess parallel-safe
322802e40 Fix default handling of pids-limit
6ce1a11b7 system tests: fix volume exec/noexec test
e2a40dfa2 Bump to v4.4.1-dev
3443f453e Bump to v4.4.0
f42972714 Final release notes for v4.4.0
c927ad03b Emergency fix for RHEL8 gating tests
ef4e7b8c7 Do not mount /dev/tty into rootless containers
bbaa54258 Fixes port collision issue on use of --publish-all
c3566cda4 Fix usage of absolute windows paths with --image-path
9eb960707 fix #17244: use /etc/timezone where `timedatectl` is missing on Linux
5c94568e9 podman-events: document verbose create events
45b00b648 Making gvproxy.exe optional for building Windows installer
63f964c08 Add gvproxy to Windows packages
579c5dc80 Match VT device paths to be blocked from mounting exactly
605079dc8 Clean up more language for inclusiveness
f4bf448d8 Set runAsNonRoot=true in gen kube
45b9e17d7 quadlet: Add device support for .volume files
92bae973c fix: running check error when podman is default in wsl
edb7779cd fix: don't output "ago" when container is currently up and running
6870dae23 journald: podman logs only show logs for current user
cd4590908 journald: podman events only show events for current user
097ca6056 Add (podman {image,manifest} push --sign-by-sigstore=param-file.yaml)
916ea3e5d DB: make loading container states optional
de84be54e ps: do not sync container
3a65466ba Allow --device-cgroup-rule to be passed in by docker API
36875c265 [v4.4] Bump to Buildah v1.29.0
8ff381f45 Bump to v4.4.0-dev
dc3dfce94 Bump to v4.4.0-RC3
425da01d4 Create release notes for v4.4.0
300904a84 Cirrus: Update operating branch
9904fbed3 fix APIv2 python attach test flake
9d1c153cf ps: query health check in batch mode
fda62b2d8 make example volume import, not import volume
623ad2a63 Correct output when inspecting containers created with --ipc
2db468204 Vendor containers/(storage, image, common, buildah)
c4aae9b47 Get correct username in pod when using --userns=keep-id
6f519c9bd ps: get network data in batch mode
795708f8b build(deps): bump github.com/onsi/gomega from 1.25.0 to 1.26.0
4ed46c984 add hack/perf for comparing two container engines
b7ab889a7 systems: retrofit dns options test to honor other search domains
5925fe1a5 ps: do not create copy of container config
e2c44c3d4 libpod: set search domain independently of nameservers
06241077c libpod,netavark: correctly populate /etc/resolv.conf with custom dns server
366e1686a podman: relay custom DNS servers to network stack
2b650e37c (fix) mount_program is in storage.options.overlay
b29313811 Change example target to default in doc
86699954b network create: do not allow `default` as name
3ae84fe0a kube-play: add support for HostPID in podSpec
d0794ab9e build(deps): bump github.com/docker/docker
ca91cf416 Let's see if #14653 is fixed or not
8f7886515 Add support for podman build --group-add
f65d79f4c vendor in latests containers/(storage, common, build, image)
7be8ff564 unskip network update test
b5bfc2654 do not install swagger by default
2ad938ec6 pasta: skip "Local forwarder, IPv4" test
3db8ef37d add testbindings Makefile target
5ad72a234 update CI images to include pasta
f07aa2add [CI:DOCS] Add CNI deprecation notices to documentation
07d297ca3 Cirrus: preserve podman-server logs
4faa139b7 waitPidStop: reduce sleep time to 10ms
fd42c1dcb StopContainer: return if cleanup process changed state
e0f671007 StopSignal: add a comment
ac47d0719 StopContainer: small refactor
e8b35a8c2 waitPidStop: simplify code
51836aa47 e2e tests: reenable long-skipped build test
36510f60d Add openssh-clients to podmanimage
0bd51f6c8 Reworks Windows smoke test to tunnel through interactive session.
b5a6f3f91 fix bud-multiple-platform-with-base-as-default-arg flake
ef3f09879 Remove ReservedAnnotations from kube generate specification
6d3858b21 e2e: update test/README.md
17b5bd758 e2e: use isRootless() instead of rootless.IsRootless()
bfc5f07d9 Cleanup documentation on --userns=auto
120d16b61 Bump to v4.4.0-dev
24cc02a64 Bump to v4.4.0-rc2
ddf8e4989 Vendor in latest c/common
dc2bd0857 sig-proxy system test: bump timeout
193b2a836 build(deps): bump github.com/containernetworking/plugins
a581d2a04 rootless: rename auth-scripts to preexec-hooks
bdf100179 Docs: version-check updates
79865c290 commit: use libimage code to parse changes
bdc323cbf [CI:DOCS] Remove experimental mac tutorial
8db2b4b73 man: Document the interaction between --systemd and --privileged
70057c8b4 Make rootless privileged containers share the same tty devices as rootfull ones
067442b57 container kill: handle stopped/exited container
a218960bc Vendor in latest containers/(image,ocicrypt)
6f919af78 add a comment to container removal
5ac5aaa72 Vendor in latest containers/storage
daf747f16 Cirrus: Run machine tests on PR merge
4bb69abd5 fix flake in kube system test
9a206fdc9 kube play: complete container spec
a02a10f3f E2E Tests: Use inspect instead of actual data to avoid UDP flake
c2b36beb4 Use containers/storage/pkg/regexp in place of regexp
c433982d1 Vendor in latest containers/storage
11835d5d0 Cirrus: Support using updated/latest NV/AV in PRs
d9bf3f129 Limit replica count to 1 when deploying from kubernetes YAML
1ab833fb7 Set StoppedByUser earlier in the process of stopping
6ab883448 podman-play system test: refactor
470b68077 Bump to v4.4.0-dev
d8774a93c Bump to v4.4.0-RC1
882cd17f8 network: add support for podman network update and --network-dns-server
d2fb6cf05 service container: less verbose error logs
b10a906b5 Quadlet Kube - add support for PublishPort key
ad12d61c6 e2e: fix systemd_activate_test
758f20e20 Compile regex on demand not in init
3e2b9a28d [docker compat] Don't overwrite the NetworkMode if containers.conf overrides netns.
5b1bdf949 E2E Test: Play Kube set deadline to connection to avoid hangs
f4c81b0aa Only prevent VTs to be mounted inside privileged systemd containers
a5ce3b3cd e2e: fix play_kube_test
81a3f7cb8 Updated error message for supported VolumeSource types
2bf94b764 Introduce pkg retry logic in win installer task
db0323639 logformatter: include base SHA, with history link
37ade6be1 Network tests: ping redhat.com, not podman.io
2d8225cd4 cobra: move engine shutdown to Execute
35d2f61ec Updated options for QEMU on Windows hosts
28f13a74b Update Mac installer to use gvproxy v0.5.0
4cf06fe7e podman: podman rm -f doesn't leave processes
494db3e16 oci: check for valid PID before kill(pid, 0)
cf364703f linux: add /sys/fs/cgroup if /sys is a bind mount
1bd3d32c5 Quadlet: Add support for ConfigMap key in Kube section
4a7a45f97 remove service container _after_ pods
07cc49efd Kube Play - allow setting and overriding published host ports
9fe86ec7f oci: terminate all container processes on cleanup
6dd1d48fd Update win-sshproxy to 0.5.0 gvisor tag
e332b6246 Vendor in latest containers/common
92cdad031 Fix a potential defer logic error around locking
a7f53932a logformatter: nicer formatting for bats failures
ee3380e6b logformatter: refactor verbose line-print
e82045f73 e2e tests: stop using UBI images
6038200fe k8s-file: podman logs --until --follow exit after time
767947ab8 journald: podman logs --until --follow exit after time
c674b3dd8 journald: seek to time when --since is used
5f032256d podman logs: journald fix --since and --follow
7826e1ced Preprocess files in UTF-8 mode
4587e7fdb Bump golang.org/x/tools from 0.4.0 to 0.5.0 in /test/tools
eea78ec7b Vendor in latest containers/(common, image, storage)
54afda22b Switch to C based msi hooks for win installer
710eeb340 hack/bats: improve usage message
d7ac11005 hack/bats: add --remote option
1a2e54ce6 hack/bats: fix root/rootless logic
d0c89e90b Describe copy volume options
bfdffb5b6 Support sig-proxy for podman-remote attach and start
6886e80b4 libpod: fix race condition rm'ing stopping containers
fb73121c4 e2e: fix run_volume_test
86965f758 Add support for Windows ARM64
f9e8e8cfd Add shared --compress to man pages
df02cb51e Add container error message to ContainerState
d92bfd244 Man page checker: require canonical name in SEE ALSO
2a16e0484 system df: improve json output code
03c7f47aa kube play: fix the error logic with --quiet
9f0a37cd4 System tests: quadlet network test
e47964417 Fix: List container with volume filter
cd3492304 adding -dryrun flag
347d5372e Quadlet Container: Add support for EnvironmentFile and EnvironmentHost
68fbebfac Kube Play: use passthrough as the default log-driver if service-container is set
635c00840 System tests: add missing cleanup
8e77f4c99 System tests: fix unquoted question marks
16b595c32 Build and use a newer systemd image
a061d793d Quadlet Network - Fix the name of the required network service
3ebb822e2 System Test Quadlet - Volume dependency test did not test the dependency
a741299ef fix `podman system connection - tcp` flake
1d3fd5383 vendor: bump c/storage to a747b27
598b93722 Fix instructions about setting storage driver on command-line
18b21b89c Test README - point users to hack/bats
2000c4c80 System test: quadlet kube basic test
479052afa Fixed `podman update --pids-limit`
553df8748 podman-remote,bindings: trim context path correctly when its emptydir
9f5f092f1 Quadlet Doc: Add section for .kube files
200f86ede e2e: fix containers_conf_test
0c94f6185 Allow '/' to prefix container names to match Docker
0c6805880 Remove references to qcow2
1635db474 Fix typos in man page regarding transient storage mode.
85ceb7fb5 make: Use PYTHON var for .install.pre-commit
338b28393 Add containers.conf read-only flag support
d27ebf2ee Explain that relabeling/chowning of volumes can take along time
45b180c1f events: support "die" filter
1e84e1a8d infra/abi: refactor ContainerRm
3808067ff When in transient store mode, use rundir for bundlepath
0179aa245 quadlet: Support Type=oneshot container files
236f0cc50 hacks/bats: keep QUADLET env var in test env
97f9d625a New system tests for conflicting options
bfec23c36 Vendor in latest containers/(buildah, image, common)
24b1e81c5 Output Size and Reclaimable in human form for json output
4724fa307 podman service: close duplicated /dev/null fd
8e05caef6 ginkgo tests: apply ginkgolinter fixes
3e48d74c8 Add support for hostPath and configMap subpath usage
3ac5d1009 export: use io.Writer instead of file
1bac16096 rootless: always create userns with euid != 0
90719d38f rootless: inhibit copy mapping for euid != 0
02555d166 pkg/domain/infra/abi: introduce `type containerWrapper`
987c8e3a7 vendor: bump to buildah ca578b290144 and use new cache API
0cf36684c quadlet: Handle booleans that have defaults better
dd428af89 quadlet: Rename parser.LookupBoolean to LookupBooleanWithDefault
ddeb9592c Add podman-clean-transient.service service
80de85081 Stop recording annotations set to false
9187df5b2 Unify --noheading and -n to be consistent on all commands
2bbeba70b pkg/domain/infra/abi: add `getContainers`
ae706e61b Update vendor of containters/(common, image)
24ab178fb specfile: Drop user-add depedency from quadlet subpackage.
e9243f904 quadlet: Default BINDIR to /usr/bin if tag not specified
d974a79e2 Quadlet: add network support
070b69205 Add comment for jsonMarshal command
d1496afb5 Always allow pushing from containers-storage
0bc3d3579 libpod: move NetNS into state db instead of extra bucket
80878f20b Add initial system tests for quadlets
20b10574d quadlet: Add --user option
4fa65ad0d libpod: remove CNI word were no longer applicable
1424f0958 libpod: fix header length in http attach with logs
12d058400 podman-kube@ template: use `podman kube`
3868d2d82 build(deps): bump github.com/docker/docker
f4d0496b5 wait: add --ignore option
461726a3f qudlet: Respect $PODMAN env var for podman binary
a4a647c0b e2e: Add assert-key-is-regex check to quadlet e2e testsuite
84f3ad356 e2e: Add some assert to quadlet test to make sure testcases are sane
97f63da67 remove unmapped ports from inspect port bindings
fa4b34618 update podman-network-create for clarity
3718ac8e9 Vendor in latest containers/common with default capabilities
f0a8c0bd9 pkg/rootless: Change error text ...
290019c48 rootless: add cli validator
71f96c2e6 rootless: define LIBEXECPODMAN
14ee8faff doc: fix documentation for idmapped mounts
dcbf7b448 bump golangci-lint to v1.50.1
b1bb84637 build(deps): bump github.com/onsi/gomega from 1.24.1 to 1.24.2
89939dea9 [CI:DOCS] podman-mount: s/umount/unmount/
46b7d8d1e create/pull --help: list pull policies
bddd3f5b5 Network Create: Add --ignore flag to support idempotent script
866426a93 Make qemu security model none
fdcc2257d libpod: use OCI idmappings for mounts
4a5581ce0 stop reporting errors removing containers that don't exist
80405a2a5 test: added test from wait endpoint with to long label
fd92a6807 quadlet: Default VolatileTmp to off
b4d90b2eb build(deps): bump github.com/ulikunitz/xz from 0.5.10 to 0.5.11
f155a4e78 docs/options/ipc: fix list syntax
b3c7c1872 Docs: Add dedicated DOWNLOAD doc w/ links to bins
f825481a4 Make a consistently-named windows installer
45a40bf58 checkpoint restore: fix --ignore-static-ip/mac
95cc7e052 add support for subpath in play kube for named volumes
364ed81b4 build(deps): bump golang.org/x/net from 0.2.0 to 0.4.0
59118b42b golangci-lint: remove three deprecated linters
08741496d parse-localbenchmarks: separate standard deviation
bf66b6ac7 build(deps): bump golang.org/x/term from 0.2.0 to 0.3.0
7bd1dbb75 podman play kube support container startup probe
43e307b84 Add podman buildx version support
7c6873b23 Cirrus: Collect benchmarks on machine instances
b361a42e6 Cirrus: Remove escape codes from log files
59ce7cf1c [CI:DOCS] Clarify secret target behavior
fe3d3256e Fix typo on network docs
9f6cf50d5 podman-remote build add --volume support
2dde30b93 remote: allow --http-proxy for remote clients
2f29639bd Cleanup kube play workloads if error happens
1ed982753 health check: ignore dependencies of transient systemd units/timers
04ea8eade fix: event read from syslog
db4d01871 Fixes secret (un)marshaling for kube play.
7665bbc12 Remove 'you' from man pages
1bfaf5194 build(deps): bump golang.org/x/tools from 0.3.0 to 0.4.0 in /test/tools
97c56eef6 [CI:DOCS] test/README.md: run tests with podman-remote
8b87665f2 e2e: keeps the http_proxy value
9b702460e Makefile: Add podman-mac-helper to darwin client zip
c7b936a41 test/e2e: enable "podman run with ipam none driver" for nv
45f8b1ca9 [skip-ci] GHA/Cirrus-cron: Fix execution order
4fa307f14 kube sdnotify: run proxies for the lifespan of the service
7d16c2b69 Update containers common package
75f421571 podman manpage: Use man-page links instead of file names
86f4bd4f5 e2e: fix e2e tests in proxy environment
4134a3723 Fix test
28774f18c disable healthchecks automatically on non systemd systems
1ea00ebda Quadlet Kube: Add support for userns flag
07a386835 [CI:DOCS] Add warning about --opts,o with mount's -o
93d2ec148 Add podman system prune --external
f1dbfda80 Add some tests for transient store
e74b3f24e runtime: In transient_store mode, move bolt_state.db to rundir
25d9af8f4 runtime: Handle the transient store options
56115d5e5 libpod: Move the creation of TmpDir to an earlier time
c9961e18c network create: support "-o parent=XXX" for ipvlan
2f5025a2d compat API: allow MacAddress on container config
a55413c80 Quadlet Kube: Add support for relative path for YAML file
8c3af7186 notify k8s system test: move sending message into exec
a651cdfbc runtime: do not chown idmapped volumes
f3c5b0f9d quadlet: Drop ExecStartPre=rm %t/%N.cid
d61618ad4 Quadlet Kube: Set SyslogIdentifier if was not set
eaab4b99a Add a FreeBSD cross build to the cirrus alt build task
39b6ccb38 Add completion for --init-ctr
af86b4f62 Fix handling of readonly containers when defined in kube.yaml
98a1b551f Build cross-compilation fixes
6ed8dc17c libpod: Track healthcheck API changes in healthcheck_unsupported.go
16cf34dc3 quadlet: Use same default capability set as podman run
b34ab8b5f quadlet: Drop --pull=never
098ad52ec quadlet: Change default of ReadOnly to no
1c3fddfaf quadlet: Change RunInit default to no
d19ea6a60 quadlet: Change NoNewPrivileges default to false
a93a390b8 test: podman run with checkpoint image
f4401567c Enable 'podman run' for checkpoint images
3a362462c test: Add tests for checkpoint images
bdd5f8245 CI setup: simplify environment passthrough code
10e020c65 Init containers should not be restarted
c83efd0f0 Update c/storage after https://github.com/containers/storage/pull/1436
486790f61 Set the latest release explicitly
d19e1526d add friendly comment
1d84f0adb fix an overriding logic and load config problem
2b6cf1d07 Update the issue templates
2862ecf28 Update vendor of containers/(image, buildah)
1c1a8d33f [CI:DOCS] Skip windows-smoke when not useful
190bab553 [CI:DOCS] Remove broken gate-container docs
bb10095ec OWNERS: add Jason T. Greene
68d41c68d hack/podmansnoop: print arguments
009f5ec67 Improve atomicity of VM state persistence on Windows
052174891 [CI:BUILD] copr: enable podman-restart.service on rpm installation
54ef7f98d macos: pkg: Use -arm64 suffix instead of -aarch64
fe548dd0b linux: Add -linux suffix to podman-remote-static binaries
d22395007 linux: Build amd64 and arm64 podman-remote-static binaries
71f92d263 container create: add inspect data to event
d2ac99d65 Allow manual override of install location
f17479c71 Run codespell on code
cb96eac45 Add missing parameters for checkpoint/restore endpoint
d16129330 Add support for startup healthchecks
2df0d9da9 Add information on metrics to the `network create` docs
96c208efb Introduce podman machine os commands
32d80378e Document that ignoreRootFS depends on export/import
1d031bf3b Document ignoreVolumes in checkpoint/restore endpoint
279a4ac77 Remove leaveRunning from swagger restore endpoint
07940764c libpod: Add checks to avoid nil pointer dereference if network setup fails
dce7b3a5b Address golangci-lint issues
3eeb50d48 Bump golang version to 1.18
fbbef79c8 Documenting Hyper-V QEMU acceleration settings
9a6b70155 Kube Play: fix the handling of the optional field of SecretVolumeSource
35b46a420 Update Vendor of containers/(common, image, buildah)
75f6a1d59 Fix swapped NetInput/-Output stats
f06869168 libpod: Use O_CLOEXEC for descriptors returned by (*Container).openDirectory
fad50a9f2 chore: Fix MD for Troubleshooting Guide link in GitHub Issue Template
64a450c51 test/tools: rebuild when files are changed
2ddf1c5cb ginkgo tests: apply ginkgolinter fixes
c7827957a ginkgo: restructure install work flow
ce7d4bbc7 Fix manpage emphasis
5d26628df specgen: support CDI devices from containers.conf
7eb11e7bb vendor: update containers/common
6502b1faa pkg/trust: Take the default policy path from c/common/pkg/config
ba522e8f3 Add validate-in-container target
3bb9ed4f0 Adding encryption decryption feature
e2fa94e8a container restart: clean up healthcheck state
a4ba5f449 Add support for podman-remote manifest annotate
3084ed468 Quadlet: Add support for .kube files
fb429dbe3 Update vendor of containers/(buildah, common, storage, image)
a891199b9 specgen: honor user namespace value
a575111ad [CI:DOCS] Migrate OSX Cross to M1
285d6c9ba quadlet: Rework uid/gid remapping
f5a43eea2 GHA: Fix cirrus re-run workflow for other repos.
50d72bc63 ssh system test: skip until it becomes a test
e7eed5aa9 shell completion: fix hard coded network drivers
504fcbbf9 libpod: Report network setup errors properly on FreeBSD
dd4d212b0 E2E Tests: change the registry for the search test to avoid authentication
1498f924b pkginstaller: install podman-mac-helper by default
a1b32866c Fix language. Mostly spelling a -> an
caa2dfe01 podman machine: Propagate SSL_CERT_FILE and SSL_CERT_DIR to systemd environment.
72966a32c [CI:DOCS] Fix spelling and typos
ae8a5a892 Modify man page of "--pids-limit" option to correct a default value.
f950b1511 Update docs/source/markdown/podman-remote.1.md
a9094a78a Update pkg/bindings/connection.go
b6850e772 Add more documentation on UID/GID Mappings with --userns=keep-id
0d270ae38 support podman-remote to connect tcpURL with proxy
607cd39e1 Removing the RawInput from the API output
14ef6a91b fix port issues for CONTAINER_HOST
34020b353 CI: Package versions: run in the 'main' step
db34c913b build(deps): bump github.com/rootless-containers/rootlesskit
4c1294ccb pkg/domain: Make checkExecPreserveFDs platform-specific
58869dcc3 e2e tests: fix restart race
7c1ad8a58 Fix podman --noout to suppress all output
9610d4c7b remove pod if creation has failed
f36b3bc81 pkg/rootless: Implement rootless.IsFdInherited on FreeBSD
21f6902ec Fix more podman-logs flakes
1a839a96d healthcheck system tests: try to fix flake
36f8dfaa0 libpod: treat ESRCH from /proc/PID/cgroup as ENOENT
021a23b34 GHA: Configure workflows for reuse
c7073b5fc compat,build: handle docker's preconfigured cacheTo,cacheFrom
dceaa7603 docs: deprecate pasta network name
a9852aa8f utils: Enable cgroup utils for FreeBSD
e5f7fbcbe pkg/specgen: Disable kube play tests on FreeBSD
978c52850 libpod/lock: Fix build and tests for SHM locks on FreeBSD
3371c9d25 podman cp: fix copying with "." suffix
f0dba82bb pkginstaller: bump Qemu to version 7.1.0
f6da2b060 specgen,wasm: switch to crun-wasm wherever applicable
2b4068a03 vendor: bump c/common to v0.50.2-0.20221111184705-791b83e1cdf1
1c79b01f6 libpod: Make unit test for statToPercent Linux only
95bb6efff Update vendor of containers/storage
69d737ef1 fix connection usage with containers.conf
dd98e3cc6 Add --quiet and --no-info flags to podman machine start
00b2bc9b6 Add hidden podman manifest inspect -v option
05c48402b Bump github.com/onsi/gomega from 1.24.0 to 1.24.1
836ca6c00 Add podman volume create -d short option for driver
5df00c6f7 Vendor in latest containers/(common,image,storage)
bc77c034f Add podman system events alias to podman events
ae9a2d26d Fix search_test to return correct version of alpine
75fdbea63 Bump golang.org/x/tools from 0.1.12 to 0.3.0 in /test/tools
329b053cf GHA: Fix undefined secret env. var.
d60c27c9d Release notes for 4.3.1
a13a59a70 GHA: Fix make_email-body script reference
f049fef85 Add release keys to README
dca407d46 GHA: Fix typo setting output parameter
fcfb7d292 GHA: Fix typo.
db439dd23 New tool, docs/version-check
c0a9c6ebc Formalize our compare-against-docker mechanism
a2c43d434 Add restart-sec for container service files
4513fde80 test/tools: bump module to go 1.17
440807210 contrib/cirrus/check_go_changes.sh: ignore test/tools/vendor
9f9bf6fb4 Bump github.com/coreos/go-systemd/v22 from 22.4.0 to 22.5.0
a1323d31d Bump golang.org/x/term from 0.1.0 to 0.2.0
8b8ce8d53 Bump golang.org/x/sys from 0.1.0 to 0.2.0
fa2b4aeef Bump github.com/container-orchestrated-devices/container-device-interface
69ed903b2 build(deps): bump golang.org/x/tools from 0.1.12 to 0.2.0 in /test/tools
d95684676 libpod: Add FreeBSD support in packageVersion
d9aceadea Allow podman manigest push --purge|-p as alias for --rm
b5ee4de8c [CI:DOCS] Add performance tutorial
cfa651f80 [CI:DOCS] Fix build targets in build_osx.md.
3e08f8535 fix --format {{json .}} output to match docker
f807b6784 remote: fix manifest add --annotation
314cba259 Skip test if `--events-backend` is necessary with podman-remote
1c8196a9a kube play: update the handling of PersistentVolumeClaim
616fca9ff system tests: fix a system test in proxy environment
85ae935af Use single unqualified search registry on Windows
cb8c9af5d test/system: Add, use tcp_port_probe() to check for listeners rather than binds
348c3f283 test/system: Add tests for pasta(1) connectivity
b3cf83684 test/system: Move network-related helpers to helpers.network.bash
ea4f168b3 test/system: Use procfs to find bound ports, with optional address and protocol
7e3d04fbc test/system: Use port_is_free() from wait_for_port()
aa47e05ae libpod: Add pasta networking mode
6dd508b8e More log-flake work
3ebcfdbbc Fix test flakes caused by improper podman-logs
919678d2f fix incorrect systemd booted check
0334d8d61 Cirrus: Add tests for GHA scripts
66d857cdd GHA: Update scripts to pass shellcheck
d17b7d852 Cirrus: Shellcheck github-action scripts
2ee40287e Cirrus: shellcheck support for github-action scripts
462ce32e6 GHA: Fix cirrus-cron scripts
d5031946a Makefile: don't install to tmpfiles.d on FreeBSD
85f4d3717 Make sure we can build and read each line of docker py's api client
cdb00332d Docker compat build api - make sure only one line appears per flush
efbad590d Run codespell on code
571833d56 Update vendor of containers/(image, storage, common)
049a5d82f Allow namespace path network option for pods.
f3195c930 Cirrus: Never skip running Windows Cross task
35523d560 GHA: Auto. re-run failed cirrus-cron builds once
3a85d537b GHA: Migrate inline script to file
980d5b362 GHA: Simplify script reference
417490128 test/e2e: do not use apk in builds
3fee351c3 remove container/pod id file along with container/pod
442df2967 Cirrus: Synchronize windows image
274d0f495 Add --insecure,--tls-verify,--verbose flags to podman manifest inspect
cac4919bf runtime: add check for valid pod systemd cgroup
d7e70c748 CI: set and verify DESIRED_NETWORK (netavark, cni)
6ec2bcb68 [CI:DOCS] troubleshooting: document keep-id options
f95ff4f46 Man pages: refactor common options: --security-opt
853072455 Cirrus: Guarantee CNI testing w/o nv/av present
fd9de876f Cirrus: temp. disable all Ubuntu testing
ecd1927b4 Cirrus: Update to F37beta
56fae7dd0 buildah bud tests: better handling of remote
7ec743fe7 quadlet: Warn in generator if using short names
884350d99 Add Windows Smoke Testing
f6c74324b Add podman kube apply command
d1f3dd9e5 docs: offer advice on installing test dependencies
8e55abafd Fix documentation on read-only-tmpfs
b8acdb34c version bump to 4.4.0-dev
b8e03ab44 deps: bump go-criu to v6
fc65d72c3 Makefile: Add cross build targets for freebsd
e23444fbc pkg/machine: Make this build on FreeBSD/arm64
3279342ff pkg/rctl: Remove unused cgo dependency
d76bf4cb5 man pages: assorted underscore fixes
bb78ba19e Upgrade GitHub actions packages from v2 to v3
0d505f20f vendor github.com/godbus/dbus/v5@4b691ce
b20ef9c34 [CI:DOCS] fix --tmpdir typos
9003cdbf6 Do not report that /usr/share/containers/storage.conf has been edited.
71f0c9f33 Eval symlinks on XDG_RUNTIME_DIR
3ad5827b2 hack/podmansnoop
83313c547 rootless: support keep-id with one mapping
5dad34212 rootless: add argument to GetConfiguredMappings
6fe64591d Update vendor containers/(common,storage,buildah,image)
f355900d3 Fix deadlock between 'podman ps' and 'container inspect' commands
59299b519 Add information about where the libpod/boltdb database lives
320ce8c9f Consolidate the dependencies for the IsTerminal() API
871172e6f Ensure that StartAndAttach locks while sending signals
d50a55233 ginkgo testing: fix podman usernamespace join
f0f12658d Test runners: nuke podman from $PATH before tests
3e6637a3b volumes: Fix idmap not working for volumes
237d41f3f FIXME: Temporary workaround for ubi8 CI breakage
11e4c0403 System tests: teardown: clean up volumes
a141c9ac2 update api versions on docs.podman.io
fdc9ca076 system tests: runlabel: use podman-under-test
05bdc7294 system tests: podman network create: use random port
f0ba2d89e sig-proxy test: bump timeout
0ce234425 play kube: Allow the user to import the contents of a tar file into a volume
bac907abf Clarify the docs on DropCapability
33eb45c47 quadlet tests: Disable kmsg logging while testing
b07ba2441 quadlet: Support multiple Network=
8716de2ac quadlet: Add support for Network=...
721922fa7 Fix manpage for podman run --network option
6042ca7fd quadlet: Add support for AddDevice=
f6f65f49d quadlet: Add support for setting seccomp profile
a9f0957c2 quadlet: Allow multiple elements on each Add/DropCaps line
af67f15bc quadlet: Embed the correct binary name in the generated comment
2b0d9cd94 quadlet: Drop the SocketActivated key
d7e248dcf quadlet: Switch log-driver to passthrough
998f834b0 quadlet: Change ReadOnly to default to enabled
0de98b1b6 quadlet tests: Run the tests even for (exected) failed tests
8d41c7d2e quadlet tests: Fix handling of stderr checks
5c3a22e8c Remove unused script file
c4ebe9e2a notifyproxy: fix container watcher
221cfc687 container/pod id file: truncate instead of throwing an error
b7f05cef0 quadlet: Use the new podman create volume --ignore
734c435e0 Add podman volume create --ignore
4966f509b logcollector: include aardvark-dns
6a9c7a580 build(deps): bump github.com/stretchr/testify from 1.8.0 to 1.8.1
e081d22b0 build(deps): bump github.com/BurntSushi/toml from 1.2.0 to 1.2.1
622638b72 docs: generate systemd: point to kube template
c1de4d3ce docs: kube play: mention restart policy
0572e5972 Fixes: 15858 (podman system reset --force destroy machine)
7a9c14d62 fix search flake
4e29ce2ba use cached containers.conf
6c7ae378c adding regex support to the ancestor ps filter function
e5032a8de Fix `system df` issues with `-f` and `-v`
c9c2f644d markdown-preprocess: cross-reference where opts are used
77f8eaa73 Default qemu flags for Windows amd64
e16800e8b build(deps): bump golang.org/x/text from 0.3.8 to 0.4.0
d70ffdaeb Update main to reflect v4.3.0 release
b8c24bbb4 build(deps): bump github.com/docker/docker
b4374f2bd move quadlet packages into pkg/systemd
34235b272 system df: fix image-size calculations
34ee37b91 Add man page for quadlet
84ed9bd5e Fix small typo
120a77e39 testimage: add iproute2 & socat, for pasta networking
30e66d600 Set up minikube for k8s testing
0a6d8b94c Makefile: don't install systemd generator binaries on FreeBSD
cadb64d32 [CI:BUILD] copr: podman rpm should depend on containers-common-extra
02bb7c2cf Podman image: Set default_sysctls to empty for rootless containers
234b2230e Don't use github.com/docker/distribution
9e6b37ec1 libpod: Add support for 'podman top' on FreeBSD
21081355a libpod: Factor out jail name construction from stats_freebsd.go
b82b27cc4 pkg/util: Add pid information descriptors for FreeBSD
62bb59d3b Initial quadlet version integrated in golang
44bac51fc bump golangci-lint to v1.49.0
01a3245d7 Update vendor containers/(common,image,storage)
75222add5 Allow volume mount dups, iff source and dest dirs
cb2631bf3 rootless: fix return value handling
783b4e914 Change to correct break statements
04c126a3b vendor containers/psgo@v1.8.0
c39b71776 Clarify that MacOSX docs are client specific
51c376c8a libpod: Factor out the call to PidFdOpen from (*Container).WaitForExit
bb2b47dc7 Add swagger install + allow version updates in CI
2a622c8af Cirrus: Fix windows clone race
973710c8b build(deps): bump github.com/docker/docker
b35fab6f1 kill: wait for the container
ba276e117 generate systemd: set --stop-timeout for stopping containers
5113343a5 hack/tree_status.sh: print diff at the end
bab816953 Fix markdown header typo
bd4ee2d57 markdown-preprocess: add generic include mechanism
9cdea7fb3 markdown-preprocess: almost complete OO rewrite
33858c1cf Update tests for changed error messages
05119a917 Update c/image after https://github.com/containers/image/pull/1299
8c7673857 Man pages: refactor common options (misc)
617a2de3a Man pages: Refactor common options: --detach-keys
69815a7f1 vendor containers/storage@main
a584bb4e7 Man pages: refactor common options: --attach
0510dd2f1 build(deps): bump github.com/fsnotify/fsnotify from 1.5.4 to 1.6.0
1d18dc267 KillContainer: improve error message
5da54e183 docs: add missing options
57ddeffd0 Man pages: refactor common options: --annotation (manifest)
b256f5f58 build(deps): bump github.com/spf13/cobra from 1.5.0 to 1.6.0
f16e9acc6 system tests: health-on-failure: fix broken logic
7ff8c8f79 build(deps): bump golang.org/x/text from 0.3.7 to 0.3.8
00adeda80 build(deps): bump github.com/onsi/gomega from 1.20.2 to 1.22.1
d08b4c133 ContainerEngine.SetupRootless(): Avoid calling container.Config()
03c5f9d02 Container filters: Avoid use of ctr.Config()
af38c79e3 Avoid unnecessary calls to Container.Spec()
55191ecc2 Add and use Container.LinuxResource() helper
7b84a3a43 play kube: notifyproxy: listen before starting the pod
2bee2216c play kube: add support for configmap binaryData
1038f063e Add and use libpod/Container.Terminal() helper
b47b48fd0 Revert "Add checkpoint image tests"
f437078d2 Revert "cmd/podman: add support for checkpoint images"
4dd67272e healthcheck: fix --on-failure=stop
d4052c1aa Man pages: Add mention of behavior due to XDG_CONFIG_HOME
b5950a918 build(deps): bump github.com/containers/ocicrypt from 1.1.5 to 1.1.6
c34b5be99 Avoid unnecessary timeout of 250msec when waiting on container shutdown
02040089a health checks: make on-failure action retry aware
5b71070e4 libpod: Remove 100msec delay during shutdown
b4b701139 libpod: Add support for 'podman pod' on FreeBSD
7f8964a78 libpod: Factor out cgroup validation from (*Runtime).NewPod
d71160539 libpod: Move runtime_pod_linux.go to runtime_pod_common.go
c35a70d21 specgen/generate: Avoid a nil dereference in MakePod
e187b9711 libpod: Factor out cgroups handling from (*Pod).refresh
713428df0 Adds a link to OSX docs in CONTRIBUTING.md
f8b659d09 Man pages: refactor common options: --os-version
8b189c0a0 Create full path to a directory when DirectoryOrCreate is used with play kube
d4f622da7 Return error in podman system service if URI scheme is not unix/tcp
51c357841 Man pages: refactor common options: --time
0e4eeb52e man pages: document some --format options: images
e136376d1 Clean up when stopping pods
11e83a095 Update vendor of containers/buildah v1.28.0
1e71d124e Proof of concept: nightly dependency treadmill
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
| |
The upstream repository has switched to a main branch, we update
our recipe to match.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
