| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping runc to version v1.2.0-69-gb7da1673, which comprises the following commits:
b7da1673 build(deps): bump google.golang.org/protobuf from 1.35.1 to 1.35.2
119111a0 libct/cg: add test for remove a non-existent dir in a ro mount point
068d7da7 Revert "Temporary set vagrant to 2.4.1-1"
ac435895 memfd-bind: elaborate kernel requirements for overlayfs protection
ba3d026e libct/cg: RemovePath: improve comments
12e06a7c libct/cg: RemovePath: simplify logic
db59489b runc delete: fix for rootless cgroup + ro cgroupfs
ca4a7a86 build(deps): bump golang.org/x/net from 0.30.0 to 0.31.0
43af111e MAINTAINERS: move dqminh and hqhq to EMERITUS
ec5e7eb7 build(deps): bump golang.org/x/sys from 0.26.0 to 0.27.0
9cb59b46 ci: rm "skip on CentOS 7" kludges
5000f169 Temporary set vagrant to 2.4.1-1
b9dfb22d readme: drop unused memfd-bind reference
aa505bfa memfd-bind: mention that overlayfs obviates the need for it
9bc42d61 dmz: overlay: set xino=off to disable dmesg spam
9ce7392b Vagrantfile.fedora: bump Fedora to 41
609e9a51 Vagrantfile.fedora: stop using dnf shell
80c46d31 build(deps): bump golang.org/x/net from 0.24.0 to 0.30.0
5586d7ca libct: rm obsoleted comment
f9fd70b7 CHANGELOG: add (forward-port) v1.1.15 changes
8cc73754 libct: fix a comment
ee1bced1 script/check-config.sh: add OVERLAY_FS check
c8f5d033 docs: remove prompt symbols from shell snippets
871057d8 drop runc-dmz solution according to overlay solution
34a92855 test join other container userns with selinux enabled
c78f3f2e libct/nsenter: become root after joining userns
1e674098 libct/int: add exec benchmark
cb201487 libct/int: use testing.TB for utils
4df7b1b1 build(deps): bump golang.org/x/sys from 0.22.0 to 0.26.0
cbb9b309 ci: use Go 1.23
732806e2 runc update: fix updating swap for cgroup v2
cb9f3d6d libct/cg: improve ConvertMemorySwapToCgroupV2Value
69b3be76 build(deps): bump github.com/vishvananda/netlink from 1.1.0 to 1.3.0
eb2ff52a libct: rm x/sys/execabs usage
f20f273a build(deps): bump github.com/opencontainers/selinux
139789f1 build(deps): bump google.golang.org/protobuf from 1.33.0 to 1.35.1
93db63ab build(deps): bump github.com/urfave/cli from 1.22.14 to 1.22.16
af024b6c build(deps): bump github.com/moby/sys/mountinfo from 0.7.1 to 0.7.2
42f96305 VERSION: back to development
0b9fa21b VERSION: release v1.2.0
568231cc Revert "increase memory.max in cgroups.bats"
e6699266 fix an error caused by fd reuse race when starting runc init
515f09f7 dmz: use overlayfs to write-protect /proc/self/exe if possible
8cfbccb6 tests: integration: add helper to check if we're in a userns
54ef07d8 tests/int: skip "update memory vs CheckBeforeUpdate" on EL9
ff775363 tests/int: rm centos-7 exclusion
76a821fa tests/int: update info about EL9 kernel
b5bdf592 libct: rm initWaiter
9fa324c4 dmz: cloned binary: set +x permissions when creating regular tmpfile
324fcea4 Terminate execution for criu that does not meet version requirements
eff6f049 libct/cap: no need to load capabilities
9b60a93c libcontainer/userns: migrate to github.com/moby/sys/userns
1623cde1 go: update github.com/cyphar/filepath-securejoin to v0.3.4
4fdd5616 memfd-bind: more specific doc URL
9e554587 memfd-bind: fixup systemd unit file and README
13a6f560 runc run: fix mount leak
b096459a vendor: update github.com/cyphar/filepath-securejoin to v0.3.3
f55957de build(deps): bump bats-core/bats-action from 2.1.1 to 3.0.0
bb2bd38d change go minimum version in README
faffe1b9 replace strings.SplitN with strings.Cut
1be06760 libcontainer/cgroups/fs: remove todo since strings.Fields performs well
7a449109 libct/README: simplify example, rm inheritable caps
0de19533 runc spec, libct/int: do not add ambient capabilities
3e3f9603 runc exec --cap: do not add capabilities to ambient
5b161e04 update bats-action to 2.1.1
35f999dd remove installation of unused bats support libs
10c951e3 add ErrCgroupNotExist
319e133c go.mod: Use toolchain 1.22.4
8671a7db ci: update to setup bats action from bats-core
30f8f51e runc create/run: warn on rootless + shared pidns + no cgroup
21c61165 tests/int: log when teardown starts
b1449fd5 libct: use Namespaces.IsPrivate more
d8844e29 tests: integration: add setgid mkdirall test
066b109e vendor: update to github.com/cyphar/filepath-securejoin@v0.3.2
646efe70 utils: mkdirall: mask silently ignored mode bits to match os.MkdirAll
457e1ffa tests: add regression test for CVE-2019-19921 / CVE-2023-27561
216175a9 Upgrade Cilium's eBPF library version to 0.16
a31efe70 libct/seccomp/patchbpf: use binary.NativeEndian
429e06a5 libct: Signal: honor RootlessCgroups
dd827f7b utils: switch to securejoin.MkdirAllHandle
1d308c7d vendor: update to github.com/cyphar/filepath-securejoin@v0.3.1
5ab5ef3d deps: update to golang.org/x/sys@v0.22
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping containerd to version v2.0.0-25-g961cac9aa, which comprises the following commits:
34a45cab2 Publish attestation as release artifact
7dec6b460 move rocky 9.4 to almalinux/9 in CI
cf07f28ee *: should align pipe's owner with init process
986088866 fix: set the credentials even if not provided
9081e979f update runc binary to 1.2.2
6399c936f Revert "Disable vagrant strict dependency checking"
a7f2b562f fsverity_linux.go: Fix fsverity.IsEnabled() for big endian systems
389e781ea build(deps): bump github.com/containerd/typeurl/v2 from 2.2.2 to 2.2.3
30b929ece fsverity_test.go: fix major/minor device number resolving
10996a334 fsverity_test.go: fix nil pointer dereference, fix test fail
5b879f30c update to go1.23.3 / go1.22.9
e99c2b55c Avoid arch info in the sed/replace when building cri-cni-containerd.tar.gz
458215f6c ci: enable marking 2.0 releases as latest
03ba4ce1f Update release notes for v2.0.0
f2da3fd68 Update release docs for v2.0.0
ff09b428e Update typeurl to v2.2.2
a43e7c1e2 build(deps): bump softprops/action-gh-release from 2.0.8 to 2.0.9
edf367cab build(deps): bump github.com/containerd/nri from 0.7.0 to 0.8.0
21f636751 build(deps): bump github.com/containerd/typeurl/v2 from 2.2.0 to 2.2.1
1edc2147f build(deps): bump google-github-actions/auth from 2.1.6 to 2.1.7
2d8fec45a go.mod: k8s.io/* v0.31.2
bef201fe6 build(deps): bump google-github-actions/upload-cloud-storage
bd10a6096 Update platforms to v1.0.0-rc.0
ae73e3013 Disable vagrant strict dependency checking
33677d56d Update containerd API to v1.8.0 release
d38911808 Prepare release notes for api/v1.8.0
93f9db2ad Update errdefs tag to v1.0.0
bddeba825 Make TestContainerPids more resilient
edb980ac0 update runc binary to 1.2.1
bf47b6ebc docs/containerd-2.0.md: add more highlights
f5ce859ee docs/containerd-2.0.md: fix the deprecation release of AUFS
bedd85a36 RELEASES.md: k8s: fix CRI v1alpha2 removal release, remove old releases
4594f5cac services/snapshots: include name of snapshotter in debug logs
77d783e2c Update hcsshim to v0.12.9
79089232b build(deps): bump actions/checkout from 4.2.1 to 4.2.2
2789ba30e build(deps): bump actions/cache from 4.1.1 to 4.1.2
6b655d093 build(deps): bump github/codeql-action from 3.26.13 to 3.27.0
9ed6e05b2 config: v1Migrate: support DisabledPlugins and RequiredPlugins
4b2bca00b config: migrate version before merging
700b90618 resolver/docker: fix confusing "trying next host" log
3cc2343de local: avoid writing to content root on readonly store
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The ptest build for cri-o was previously disabled due to issues
introduced with Go 1.11, which borken the build process. With the
current Go version, these issues no longer occur, and the ptest build is
now functional.
This commit enables ptest support and resolves the "TMPDIR
[buildpaths]" issue encountered during the ptest build process.
A total of 382 test cases were executed, with the following results:
PASS: 317
FAIL: 33
SKIP: 32
Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Since we are intalling packagemanagement to this reference container,
it makes sense that our install include common utilities that post
install scriptlets will need.
We also add an editor by default.
Finally, we configure a reference rpm package feed to illustrate
how a container can be hooked to a packagefeed.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The existing workaround to populate /var/volatile was broken
since oe-core has a rootfs postprocess command that ensures
that /var/volatile is empty .. which undoes our creation of
the log and tmp directories.
We :remove that routine to get our /var/volatile as we like
it.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Parsing xen.inc with a host distro that provides python 3.12 (such as Ubuntu
24.04) generates the following deprecation warning:
DeprecationWarning: datetime.datetime.utcfromtimestamp() is deprecated and scheduled for removal in a future version.
Use timezone-aware objects to represent datetimes in UTC: datetime.datetime.fromtimestamp(timestamp, datetime.UTC)
This warning comes from the use of datetime.datetime.utcfromtimestamp()
in get_build_time_vars.
datetime.UTC seems to be a getter wrapper for datetime.timezone.utc,
which is already available on older host distro python versions
(I have tested only with python 3.10 provided by Ubuntu 22.04)
so, opt to use that instead to prevent a breaking change.
Signed-off-by: Stanley Stanton <stanley.stanton@taitcommunications.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* fix f53b101d455d7e7447fa83f2faecb5e05d595b3e
* you might want to skip whole packagegroup-netavark without
seccomp, but without this parsing world in DISTRO without
seccomp fails with:
ERROR: Nothing RPROVIDES 'netavark' (but meta-virtualization/recipes-core/packagegroups/packagegroup-container.bb RDEPENDS on or otherwise requires it)
netavark was skipped: missing required distro feature 'seccomp' (not in DISTRO_FEATURES)
NOTE: Runtime target 'netavark' is unbuildable, removing...
Missing or unbuildable dependency chain was: ['netavark']
ERROR: Nothing RPROVIDES 'packagegroup-docker' (but meta-virtualization/recipes-core/packagegroups/packagegroup-container.bb RDEPENDS on or otherwise requires it)
No eligible RPROVIDERs exist for 'packagegroup-docker'
NOTE: Runtime target 'packagegroup-docker' is unbuildable, removing...
Missing or unbuildable dependency chain was: ['packagegroup-docker']
ERROR: Nothing RPROVIDES 'packagegroup-oci' (but meta-virtualization/recipes-core/packagegroups/packagegroup-container.bb RDEPENDS on or otherwise requires it)
No eligible RPROVIDERs exist for 'packagegroup-oci'
NOTE: Runtime target 'packagegroup-oci' is unbuildable, removing...
Missing or unbuildable dependency chain was: ['packagegroup-oci']
ERROR: Nothing RPROVIDES 'packagegroup-container' (but meta-virtualization/recipes-core/packagegroups/packagegroup-container.bb RDEPENDS on or otherwise requires it)
No eligible RPROVIDERs exist for 'packagegroup-container'
NOTE: Runtime target 'packagegroup-container' is unbuildable, removing...
Missing or unbuildable dependency chain was: ['packagegroup-container']
ERROR: Nothing RPROVIDES 'packagegroup-lxc' (but meta-virtualization/recipes-core/packagegroups/packagegroup-container.bb RDEPENDS on or otherwise requires it)
No eligible RPROVIDERs exist for 'packagegroup-lxc'
NOTE: Runtime target 'packagegroup-lxc' is unbuildable, removing...
Missing or unbuildable dependency chain was: ['packagegroup-lxc']
ERROR: Nothing RPROVIDES 'packagegroup-cni' (but meta-virtualization/recipes-core/packagegroups/packagegroup-container.bb RDEPENDS on or otherwise requires it)
No eligible RPROVIDERs exist for 'packagegroup-cni'
NOTE: Runtime target 'packagegroup-cni' is unbuildable, removing...
Missing or unbuildable dependency chain was: ['packagegroup-cni']
ERROR: Nothing RPROVIDES 'aardvark-dns' (but meta-virtualization/recipes-core/packagegroups/packagegroup-container.bb RDEPENDS on or otherwise requires it)
aardvark-dns was skipped: missing required distro feature 'seccomp' (not in DISTRO_FEATURES)
NOTE: Runtime target 'aardvark-dns' is unbuildable, removing...
Missing or unbuildable dependency chain was: ['aardvark-dns']
ERROR: Nothing RPROVIDES 'conmon' (but meta-virtualization/recipes-core/packagegroups/packagegroup-container.bb RDEPENDS on or otherwise requires it)
conmon was skipped: missing required distro feature 'seccomp' (not in DISTRO_FEATURES)
NOTE: Runtime target 'conmon' is unbuildable, removing...
Missing or unbuildable dependency chain was: ['conmon']
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
| |
Only when vmsep is enabled is qemu-firmware separated out from
the main qemu package. So we should make our dependency conditional
on that feature.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
| |
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
| |
Having cnitool available on the path helps usability.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping containerd to version v2.0.0-rc.6-23-g1e6fdb531, which comprises the following commits:
0208cb58c go.mod: github.com/containerd/imgcrypt v2.0.0-rc-1
588b7a100 testutil: avoid conflict with continuity/testutil
181491032 build(deps): bump github.com/containerd/continuity from 0.4.3 to 0.4.4
497dc7bf3 build(deps): bump github.com/checkpoint-restore/checkpointctl
fddeb6f3c pkg/protobuf: fix typo in godoc
96a1e498f Update containerd plugin to v1.0.0
3b45a44cc Update to ttrpc v1.2.6 tag
3cc2343de local: avoid writing to content root on readonly store
778defa31 Add back ZFS snapshotter
d3ff3e2ff CI: move crun from Ubuntu to Fedora
5c65a3d7b Update version to v2.0.0-rc.6
9aa637b22 Update api vendor to latest
4b9d6c014 deps: bump github.com/containerd/nri
2535b187a Scope writer locks to each writer.
bc819bc97 docs: add command for finding schema 1 images
c86b2772c docs: update min version for deprecation warnings
a1ce18816 CI: bump up crun to 1.17
021895985 Update hcsshim version to v0.12.8
373311a84 build(deps): bump github.com/opencontainers/selinux
cf9cf8b5a build(deps): bump github.com/prometheus/client_golang
03860c208 build(deps): bump azure/CLI from 1.0.9 to 2.1.0
cf7218fb0 build(deps): bump actions/checkout from 4.1.1 to 4.2.1
78ec6ef02 build(deps): bump actions/upload-artifact from 4.1.0 to 4.4.3
bfe8fa330 build(deps): bump github/codeql-action from 3.24.0 to 3.26.13
38ba7f2f7 dedup BuildLabels
a5cd0d0a5 dedup GetPassthroughAnnotations
269997ac5 dedup GetRepoDigestAndTag
f61dbc2d0 dedup ParseImageReferences
530db2e8d Introduce two additional unit tests for two runtimes and pod annotations.
a21e379b6 Allow sections of Plugins to be merged, and not overwritten as entire sections.
2f24aa00a Update errdefs to 0.3.0
92d327af1 Update tracing docs for containerd 2.0
943b196ad Update NRI documentation for containerd 2.0
a6ceb4be0 containerd 2.0 guide: add image verifier plugins
347423a11 Request 'allow' setgroups when spawning new userns
249dd7474 Format link text in containerd 2.0 doc for readability
18e4ea9a6 Add After=dbus.service to containerd.service
3eea3536f docs/containerd-2.0.md: mention the removal of `cri-containerd-*.tar.gz`
f8d50f6e8 README.md: put a link to docs/containerd-2.0.md
b724b9f23 Add containerd 2.0 doc
fc5086a74 cri: remove sandbox controller from client
e4df672ab sandbox: add sandbox controller v2
4f2bc1580 build(deps): bump lycheeverse/lychee-action from 1.10.0 to 2.0.2
4bd3a71dd go.{mod,sum}: update NRI deps and re-vendor.
bff82e196 [StepSecurity] ci: Harden GitHub Actions
5eb0be994 build(deps): bump github.com/urfave/cli/v2 from 2.27.4 to 2.27.5
0742238cd Handle teardown failure to avoid blocking cleanup
c3d84a87f build(deps): bump the otel group with 8 updates
bfe59daae build(deps): bump github.com/klauspost/compress from 1.17.10 to 1.17.11
b7c333ce2 Revert "update runc binary to 1.1.15"
c6d089090 metrics: Use UnmarshalTo instead of UnmarshalAny
1db0064c6 CI: install OVMF for Vagrant
4d02217b5 CI: fix "Unable to find a source package for vagrant" error
38beeb359 Revert "use vagrant from jammy in noble"
e2daa20ed Revert "use older version of OVMF package"
ee921689f Switch from actuated.dev to GH Action runners for arm64
f89ed3c62 build(deps): bump golang.org/x/sys in the golang-x group
428df99db build(deps): bump google.golang.org/grpc from 1.67.0 to 1.67.1
72126a984 update sample go test commands
9c42dd959 build(deps): bump google.golang.org/protobuf from 1.34.2 to 1.35.1
f0f1bfca0 update runc binary to 1.1.15
46f5a0d93 update to go1.23.2,go1.22.8
7b1809851 Update runner images to macOS13
e479431e0 core/runtime: Fix a typo in error message
b85909cd4 shim: Move pprof server to plugin
b2681dfbd shim: Move ttrpc interceptors to plugins
d7f83034c Fix the race condition during GC of snapshots when client retries
24fe444eb script/setup/install-runc: Add trap statement to clean up tmp files
6ffdabf72 Makefile: fix shim tags overwritten
095131abf add use systemd cgroup e2e
2123855ee Add build tag to omit grpc
64d29ebe5 snapshots: core: Remove dependency on api types
11ffba3dc shim: Do not depend on pkg/oci
0d4e606bb Update hcsshim to v0.12.7
78e39f7c5 build(deps): bump github.com/intel/goresctrl from 0.7.0 to 0.8.0
17d4a1357 Propagate trace contexts to shims
bc4646067 Prepare release notes for v2.0.0-rc.5
ccb2a8d74 [cri] use 'UserSpecifiedImage' to set the image-name annotation
b7b6b324b Add check for CNI plugins before tearing down pod network
b5290726d Add timestamp to PodSandboxStatusResponse for kubernetes Evented PLEG
146a977f9 Move features section to a separate file
30f289335 core/mount: Only remove dirs if unmount succeeded
f8d84ecf9 core/mount: Prevent accidental removal of rootfs files
004f3951d core/mount: Use MNT_DETACH for umount of tmp layers
f7ca91fa3 build(deps): bump github.com/prometheus/client_golang
c75178d93 build(deps): bump google.golang.org/grpc from 1.66.2 to 1.67.0
519cbda1d build(deps): bump github.com/klauspost/compress from 1.17.9 to 1.17.10
d72051036 Enable the selinux on cri test
b03a3c5a2 build(deps): bump the k8s group with 4 updates
017efe05a build(deps): bump the otel group with 8 updates
7c89148a1 build(deps): bump google.golang.org/grpc from 1.65.0 to 1.66.2
6e2c4d00d build(deps): bump golang.org/x/mod
ee0ed75d6 internal/cri: simplify netns setup with pinned userns
fd3f3d5a1 pkg/sys: add GetUsernsForNamespace interface
490e45a08 pkg/sys: Add UnshareAfterEnterUserns function
83aaa89b6 update ctr run to support multiple uid/gid mappings
1dedcb784 build(deps): bump github.com/checkpoint-restore/go-criu/v7
7599d4df2 build(deps): bump github.com/prometheus/client_golang
9037069da update to go1.23.1, go1.22.7
6f43197c2 Remove cri SandboxInfo RuntimeHandler
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping libpod to version v5.2.3-4-g18e0d84c6c, which comprises the following commits:
daae27b7b0 vendor: update c/common to v0.60.4
f6a31e013d Bump to v5.2.4-dev
c5366a308e Bump to v5.2.3
b5ededbce5 Update release notes for v5.2.3
35d2fc8de6 [v5.2] Bump Buildah to v1.37.3
f0ddea707a pkg/specgen: allow pasta when running inside userns
aaf15f81c4 libpod: convert owner IDs only with :idmap
ec4ac087b4 docs: update read the docs changes
c60961839a allow exposed sctp ports
a995b6db5d libpod: setupNetNS() correctly mount netns
d2c2539ee0 vendor: update c/common to v0.60.3
a17fd8c0aa [skip-ci] Packit: split out ELN jobs and reuse fedora downstream targets
b9691547ca [skip-ci] Packit: Enable sidetags for bodhi updates
02d400e7b7 build: Update gvisor-tap-vsock to 0.7.5
5c856c81b0 CI: podman-machine: do not use cache registry
2f7011ab43 [CI:DOCS] Add v5.2.2 lib updates to RELEASE_NOTES.md
602f71991c Bump to v5.2.3-dev
fcee48106a Bump to v5.2.2
37af07836a Update RELEASE_NOTES for v5.2.2
570fbc49aa [v5.2] Bump Buildah to v1.37.2, c/common v0.60.2, c/image v5.32.2
458d15cf5d [v5.2] golangci-lint: make darwin linting happy
faf3edb5f4 [v5.2] golangci-lint: make windows linting happy
b96312af0f [v5.2] test/e2e: remove kernel version check
462c1c6d8e [v5.2] golangci-lint: remove most skip dirs
35290c9b32 [v5.2] set !remote build tags where needed
3ca3c1d456 [v5.2] update golangci-lint to 1.60.1
d61b5d9409 Packit: update targets for propose-downstream
dbdff97042 Create volume path before state initialization
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
| |
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The xen host image reference needed signifant work to be
functional for launching and testing Xen domu guests.
Here we add additional tools to the host image, and allow
it to automatically bundle guests if the configuration
is enabled.
We also add systemd networking configuration to create
a xenbr0 which offeres connectivity to the entire reference
system.
See the recipes and the README for details on testing
and bundling.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
| |
The previous 40G size was far too large.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
| |
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
| |
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
| |
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
parsing errors occur if this fragment ends with .conf,
so we renamed it to make sure it is processed as a
conflist.
Tested with containerd + nerdctl
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
This aren't needed for all plugins, but are required
for others. So we make them a rrecommends to ensure
they are more often than not installed with the main
package.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
As it turns out CNI needs iptables to configure some plugins,
and without it we get a silent fail. It will also be added
to the recipe as a RRECOMMENDS, but we also put it in the
packagegroup for more visibility.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
| |
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Extends container-base to create a systemd enabled container that is
an appropriate starting point if a systemd applciation is being run
or a mulit-user style environment is required.
The application specified in SYSTEMD_CONTAINER_APP will be installed
and be available to be executed.
The rootfs of this container type is post processed to enable and
disable services as specified by the containeer definition. This allows
service that are not appropriate in a containerized environemnt to
be disabled (i.e. getty login)
The list of services can be found in the recipes themselves.
This container enables ssh by default, so that it can be executed
in the background and then accessed as a full environment.
Note: this is currently a priviledged container if run under docker.
There are multiple ways to add/remove permissions from the container,
and most are configurable during launch:
% root@qemuarm64-54:~# docker run -d --rm --name systemd_test --privileged --cap-add SYS_ADMIN \
--security-opt seccomp=unconfined --cgroup-parent=docker.slice --cgroupns private \
--tmpfs /tmp --tmpfs /run --tmpfs /run/lock zeddii/systemd-container-base
or
% docker run -d --rm --name systemd_test --privileged --cgroup-parent=docker.slice \
--cgroupns private zeddii/c3-systemd-container
% root@qemuarm64-54:~# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
4b07cc907e26 zeddii/c3-systemd-container "/sbin/init" 5 minutes ago Up 5 minutes systemd_test
% podman run -d --name systemd_test --privileged --cgroupns=host --tmpfs /tmp --tmpfs /run --tmpfs /run/lock \
-v /sys/fs/cgroup:/sys/fs/cgroup:ro zeddii/systemd-container-base
% ctr container create --privileged --runtime="io.containerd.runc.v2" \
--mount type=bind,src=/sys/fs/cgroup,dst=/sys/fs/cgroup,options=rbind:rw \
docker.io/zeddii/systemd-container-base:latest my_systemd_container /sbin/init
% ctr task start --detach my_systemd_container
% ctr task ls
TASK PID STATUS
my_systemd_container 690 RUNNING
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Includes container-base.
Provides an application container that installs a package (or packages) to
the container and make the specified command the OCI_IMAGE_ENTRYPOINT.
CONTAINER_APP_CMD : the binary to run via the OCI_IMAGE_ENTRYPOINT
CONATINER_APP: packages to install to the container
The default entry point is the "date" command.
% root@qemuarm64-54:~# docker run zeddii/container-app-base
Mon Oct 28 18:41:23 UTC 2024
% root@qemuarm64-54:~# docker run --entrypoint "du" zeddii/container-app-base -sh
2.6M .
% podman run docker.io/zeddii/container-app-base
Mon Oct 28 18:41:23 UTC 2024
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
includes container-base, and adds image features to make development
tools/headers available.
Anything added to CORE_DEV_IMAGE_EXTRA_INSTALL will be installed into
the image in it's development variant.
The container shell is changed to bash from busybox.
package-management is added to this image type, but by default there
is no package feed configured (since it must be pointed at a build)
% root@qemuarm64-54:~# docker run -it zeddii/container-devtools bash
bash-5.2# du -sh .
399M . bash-5.2# rpm -qa | wc -l
308
bash-5.2# gcc --version
gcc (GCC) 14.2.0
Copyright (C) 2024 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
| |
Add some conditional distro feature checks for kubernetes flavours
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
| |
When debugging or configuration networking for CNI and
containerd we should ensure that support utilties are present.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When integrating into some container stacks (such as containerd),
the detailed configuration toml changes to change the container
runtime from runc to crun is not always trivial.
To avoid (for now) carrying configuration snippets as part of
the recipes, we can symlink runc to crun as crun is fully
compatible with runc.
Note: this means you can't have runc and crun installed on the
same image if the symlinking is done. Hence why this symlinking
is conditional.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
When running a containerd-only stack, we need a CNI configuration
to be available.
When running containerd as part of something like K3S, we expect
the orchestration package will provide that configuration.
This commit makes a containerd-cni package available that contains
a starting point configuration.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
containerd doesn't do native networking confguration, it relies
on CNI.
So ensure that CNI is specified in the containerd profile.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
| |
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
| |
Adapt the demonstration helloworld appliication to fix a warning
about UNPACKDIR not being correct.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
These definitions are selected by setting: CONTAINER_PROFILE
Once selected the VIRTUAL_RUNTIME and other considerations for
the profile are configured and used by the images in meta-virt.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This image is a reference implementation to create a target platform
capable of running containers. This includes kernel configuration,
container runtimes, tools and other support applications.
The packages to install are largely described in the packagegroups
that are part of this layer. packagegroups are preferred as they can
easily be used to create similar images of different composition.
The recipes for the packages have their list of build and runtime
dependencies, as such, those dependencies are not part of the image
install or listed explicitly in the packgroups.
CNCF areas that have choices are described by VIRTUAL-RUNTIME
variables. These variables can be set individually (in a distro,
layer or local configuration file), or can be set by the setting of
a "CONTAINER_PROFILE". It is possible to select incompatible
packages if setting the VIRTUAL-RUNTIME variables individually.
container profiles have been created as valid / tested stacks of the
components in meta-virtualization.
The contents of the image are selected by testing the VIRTUAL-RUNTIME
values and mapping them to packagegroups.
The possible VIRTUAL-RUNTIME variables (and their values) are
currently:
engines: docker/docker-moby, virtual-containerd, cri-o, podman, lxc
VIRTUAL-RUNTIME_container_engine ??= "podman"
runtime: runc, crun, runv, runx
VIRTUAL-RUNTIME_container_runtime ??= "virtual-runc"
networking: cni, netavark
VIRTUAL-RUNTIME_container_networking ??= "cni"
dns: cni, aardvark-dns
VIRTUAL-RUNTIME_container_dns ??= "cni"
orchestration: k8s, k3s
VIRTUAL-RUNTIME_container_orchestration ??= "k3s"
Kubernetes terminology "components"
VIRTUAL-RUNTIME_cri ??= "virtual-containerd"
VIRTUAL-RUNTIME_cni ??= "cni"
To select a CONTAINER_PROFILE, set the variable in your local,
distro or layer configuration:
CONTAINER_PROFILE="<your value>"
The possible values for CONTAINER_PROFILE can be found in
conf/distro/include in the format of: meta-virt-container-<profile>.inc
default (docker)
containerd
podman
docker
k3s-host
k3s-node
This image will eventually be modified more as something that
can easily be inherited and re-used, but for now, it is a capture
of the best practices in a container host image.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
| |
This .inc file is no longer the active one by default, so we
will use it a reference for the possible values. To make that
more obvious, we comment out the current values.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
nmap is not currently buidling for aarch64, so we disable it
as a ptest rdepends when that is our target arch. Some tests
may not work, but having a buildable stack is more important
than all tests working.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
| |
These are used to set configuration for container and virtualization
stacks. We set a default to ensure that sane values are always
present.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
| |
Allow aardvark-dns to be specified as a rdepends for podman
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Adding the following new pacakge groups:
packagegroup-cni
packagegroup-netavark
packagegroup-container-tools
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
cri-tools aims to provide a series of debugging and validation
tools for Kubelet CRI, which includes:
crictl: CLI for kubelet CRI.
critest: validation test suites for kubelet CRI.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Bumping the SRCREV to pick up the following commits:
8650ed99 docker: enable ipvlan and build BRIDGE_VLAN_FILTERING into kernel
38e7c7aa docker: inherit base container and BPF configs
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
| |
We are showing one warning on check-config that isn't valid,
as the option has been changed in kernels 6.1+. We tweak
the check-config script to make that conditional
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
qemu-system-i386 / firmware were added as RDEPENDS to xen.
While this is typically the right choice, we can make those
values defined by a variable in case other layers want to
override the default choice.
While we are at it, we change other references to qemu-system-i386
to allow a complete switch if the variable is changed.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
| |
The current RRRECOMMENDS can work, but isn't strong enough
since we explicitly configure system-i386 into 'xl' and
-system requires the bios files.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
| |
* master was renamed to main long time ago
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Chris Laplante <chris.laplante@agilent.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Chris Laplante <chris.laplante@agilent.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
The settings of CFLAGS:arm overrides the previous CFLAGS settings,
causing buildpaths QA error for arm. Use CFLAGS:append:arm instead
to fix this issue.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The EGREP in ptest/tests/atlocal contains the build paths.
The CFLAGS in ptest/tests/atlocal contains the build paths.
This change set fixs:
- set EGREP to "grep -E" in ptest/tests/atlocal
- set CFLAGS to " " in ptest/tests/atlocal
by updating the patch
openvswitch-add-ptest-71d553b995d0bd527d3ab1e9fbaf5a2ae34de2f3.patch.
Signed-off-by: Bin Lan <bin.lan.cn@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Update registry list by removing 'registry.centos.org' entry.
This registry is no longer available.
Decommissioning of the registry was announced in the thread:
https://lists.centos.org/hyperkitty/list/devel@lists.centos.org/thread/EHGCQUHLDQ6LI474ZAB7MPRZFJD77P3S/
Signed-off-by: Lukasz Czechowski <lukasz.czechowski@thaumatec.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
