summaryrefslogtreecommitdiffstats
path: root/recipes-containers
Commit message (Collapse)AuthorAgeFilesLines
* umoci: update to v0.5.0Bruce Ashfield5 days1-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumping umoci to version v0.5.0-28-g8a7f789, which comprises the following commits: e0662ee internal: move pkg/system to internal 58645a6 internal: move pkg/testutils to internal/testhelpers 973fe4f internal: move pkg/iohelpers to internal 7b16c17 internal: move pkg/funchelpers to internal 141cc9a internal: move pkg/pathtrie to internal 1a2fc2f internal: move pkg/idtools to internal 46ad7b5 gha: cflite: move cronjob timing 7e958cb gha: cflite: remove unneeded matrix 90bdb13 README: update release key description ee36e53 gha: add batch fuzzing for ClusterFuzzLite c4cce9a gha: add ClusterFuzzLite to ci ed840cd fuzz: minor improvements 7a79fc3 oci: dir: ensure ownership of new files matches image dir ownership a652677 gha: use CODECOV_TOKEN to fix main branch uploads 0cc9dac unit: switch to alternative 'go test ./... -test.gocoverdir' workaround 55d9840 tests: switch to modern GOCOVERDIR 9fbccd4 ci: remove vestiges of Travis and manual CodeCov uploads 2f95855 dockerfile: fix 'dubious ownership' git error 3d0704d dockerfile: drop unneeded helper tools 1894c20 meta: properly mark meta.WhiteoutMode as Deprecated 4d65d2f version: use go:embed 6df6dcf VERSION: back to development 0bb7e0b VERSION: release v0.5.0 486a6a5 oci: layer: handle auto-converting to an opaque whiteout with overlayfs a665c67 oci: layer: fix extraction with a non-directory parent component 7d2d5e5 oci: layer: add support for userxattr in OverlayfsRootfs 55fc2f5 oci: layer: clean up ToDisk and ToTar signatures 8375e7a oci: layer: explicitly handle unrelated xattrs for overlayfs xattr filter 0cea894 oci: layer: merge is-overlayfs config and mapping into OnDiskFormat config fbe9b0e tests: make sure we use a new t.TempDir per-t.Run 456443e golangci-lint: enable some more lints 4e65fea lint/usetesting: enable lint 96e507b lint/forcetypeassert: make type assertion requirements more standard a0622e5 lint/revive: fix up revive lints 64c02a5 lint/prealloc: add trivial pre-allocation fixes bcd14d6 cmd: switch flattenCommands to a recursive foreach cf70516 casext: fix typo in t.Run 5a4a7aa *: remove old open-coded funchelpers.VerifyError 36a1d10 lint: add fuzzer code to lints bbd479d fuzz: fix build errors 7f704ea lint/exhaustive: fix non-exhaustive switch statements 63e82cd lint/unconvert: remove unnecessary conversions b68268e lint/unparam: remove unused parameters for internal funcs e156d27 lint/errorlint: use error.Is in spots we missed 95fedd6 lint/godot: fix doc comments c88a83a gha: switch to golanglint-ci 5ee7982 lint/errcheck: improve verification of deferred errors 470498c lint/ineffassign: remove unneeded assignments fbead65 lint/staticcheck: SA1019: permit use of our own deprecated mutate.Compressor 72409e8 lint/staticcheck: SA1019: explicitly allow usage of deprecated archive/tar features 379b24f lint/staticcheck: SA1019: switch away from deprecated io/ioutil 53a7b21 lint/staticcheck: apply minor fixups f80a675 lint/gofumpt: apply gofumpt rules 3a100c5 lint/testifylint: fix all testify lints 7b875f8 meta: drop whiteout_mode from umoci.json b1a69f5 oci: layer: temporarily disallow overlayfs on-disk bundle unpacking 474f50a keyring: add cyphar@cyphar.com as trusted signing key c578970 keyring: add keyring management scripts from runc 18b9ae3 oci: blobcompress: switch to Docker-friendly gzip block size 44b018a mutate: make consistency test use larger layers 54f34c9 oci: layer: refix auto-applied xattr handling d267494 oci: layer: refactor round-trip xattr test caa0306 oci: layer: improve logging of xattr mapping 8d78eb1 pkg: hardening: fix spurrious InvalidDigest test failure 6599ffe build(deps): bump golang.org/x/sys from 0.32.0 to 0.33.0 9a1cefa oci: layer: correctly handle trusted.overlay xattr namespace escaping 6494555 pkg: pathtrie: optimise deletions to prune more garbage c479530 oci: extract: correctly handle mixed overlayfs whiteouts 0dea233 oci: extract: properly handle missing parent dirs for overlayfs b1dd141 oci: generate: support converting trusted.overlay.{whiteout,opaque} xattrs d54275b oci: insert: only use unpriv.Walk when rootless a55c157 oci: insert: don't generate opaque entry for root whiteout 1d0c345 test: tar extract: move pseudoHdr generation to tarDentry 8d5500f test: layer: reorganise overlayfs-related tests 0219792 test: layer generate: properly test GenerateLayer output 9cab21a oci: generate: actually generate layer with TranslateOverlayWhiteouts d065c36 oci: generate: use correct path for converted overlayfs whiteout 9367b0d oci: layer: fix docs for KeepDirlinks 2d252c7 oci: insert: match variable naming for GenerateLayer b438602 oci: layer: pass RepackOptions to tarGenerator ad71792 system: switch lclearxattrs to use skipFn 578f925 pkg: unpriv: simplify lclearxattrs e68606e deps: update github.com/cyphar/filepath-securejoin@v0.4.1 aa67731 deps: update golang.org/x/crypto@v0.37.0 27725c4 deps: update google.golang.org/protobuf@v1.36.6 c8a82c3 deps: update to golang.org/x/sys@v0.32.0 c08adaa ci: more image-tools workarounds b94dfa1 go: bump to 1.23 86e7254 README: remove lxd mention 19cb696 build(deps): bump github.com/moby/sys/user from 0.3.0 to 0.4.0 b485e0e README: mention incus and lxd 1c93e3f tests: modernise and switch to testify assertions 7856970 tests: migrate to t.TempDir() 55189f8 pkg: hardening: remove duplicate test f16094a pkg: mtreefilter: properly test FilterDeltas 03ff2a6 pkg: mtreefilter: fix broken err check in tests eac7bfa *: clean up with goimports -local 3f264cb userns: switch third_party to github.com/moby/sys d2fd96a deps: update github.com/stretchr/testify to v1.10.0 c94c4fb go.mod: bump to 1.21 minimum 9e2c5a9 ci: remove unused .lgtm config de6d399 *: ensure all files have license and SPDX header 41ca97d tests: add --compress= fail tests a79788c test: add mixed-compression unpack tests f8f12bc cmd: add --compress= option to repack-like commands 3373613 repack: don't hardcode layer compression algorithm 6355ec2 unpack: make layer decompression based on mediatype more generic 245726c casext: unify blob compression and decompression fa3077f mutate: make uncompressed annotation hint not use globals 15fa55f mutate: merge add and Add b4ca5a1 repack: remove TODO for non-distributable layers a31a208 gha: switch from CentOS to AlmaLinux for image tests e9fff47 pkg: fmtcompat: remove now that there are no users 63bbda0 errors: drop remaining errors.Wrap-like fmtcompat.Errorf users 73fffb3 errors: drop fmtcompat.Errorf for complicated err != nil checks 00a632e errors: drop fmtcompat.Errorf for explicit err != nil checks 5339feb errors: drop fmtcompat.Errorf for non-%w errors 1c67765 *: migrate to Go stdlib error wrapping cd18171 pkg: fmtcompat: add a compatibility shim for fmt.Errorf aaa6de8 fmt: use %q for quoting 97cbde3 *: fix new golint warnings Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
* skopeo: update to v1.19.0Bruce Ashfield5 days1-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumping skopeo to version v1.19.0-36-gb6c726f8, which comprises the following commits: ac8b6527 Update Neil Smith's GitHub username in MAINTAINERS.md 99c6fb09 Also exit with status 2 for missing tags in oci-archive: 634c0d99 Fix the "missing image" check when reading oci: 40353ad7 Fix some comments bdc6d70f TMT: Install bats from source on RHEL 654c3fcc RPM: make bats a weak dep 3ddcdee0 Add conditional release-checking system test abf7bbba Packit: disable osh-diff-scan 889225db Tweak Governance and Maintainers for alignment f87cd5ec rpm: build rpm with libsqlite3 tag a50b2d91 Makefile: use libsqlite3 build when possible 763606cd Improve documentation of --authfile ea37e10d Add Colin Walters as a reviewer 3618a76e Add --retry[-times] to test operations that tend to fail 08dc3c94 fix(deps): update module github.com/containers/common to v0.63.1 c9d5569a [skip-ci] RPM: fix gating.yaml 3ad4bfcf Don't BuildRequires: ostree-devel 50f414a7 unshare: Add CAP_SYS_ADMIN to needed capabilities a5cbf052 docs: Add a manpage for experimental-image-proxy aaba5370 Bump to v1.20.0-dev 7aa78df9 Bump to v1.19.0 64e5ebe2 fix(deps): update module github.com/containers/common to v0.63.0 ec3516ec fix(deps): update module github.com/containers/image/v5 to v5.35.0 d0d0b709 Disable Packit builds on ELN 9ddfd549 [skip-ci] Packit: set fedora-all after F40 EOL ffad97c2 [CI:DOCS] README.md: Add openssf passing badge 6ecc6c33 proxy: Move defer() higher up 983e77d8 proxy: Add GetRawBlob faa6f8a0 [CI:DOCS] README.md: Add badges c228b1db [CI:DOCS] CONTRIBUTING.md: Update communication channels f8432950 fix(deps): update module golang.org/x/term to v0.32.0 2bd609a0 chore(deps): update dependency golangci/golangci-lint to v2.1.6 159095c1 chore(deps): update dependency golangci/golangci-lint to v2.1.5 eff578f5 chore(deps): update dependency containers/automation_images to v20250422 4c55fce1 chore(deps): update module golang.org/x/net to v0.38.0 [security] 5cf5a11e Stop setting libdm_no_deferred_remove 47bf2b4e Stop setting btrfs_noversion 320a3e07 Don't require BUILDTAGS to be non-empty ed34be71 fix(deps): update module github.com/containers/storage to v1.58.0 3755a3db chore(deps): update dependency golangci/golangci-lint to v2.1.2 f4d30802 Makefile: add linting with --tests=false d66183b1 Remove hack/validate-lint.sh wrapper b74989df integration: add unix tag to non-windows tests 25481e1a integration: add _test suffix to files 53a1b695 chore(deps): update dependency golangci/golangci-lint to v2.1.1 f9e03e6c .github: check_cirrus_cron work around github bug b39bf85a GHA: remove .github/labeler.yaml 4920d7f1 .golangci.yml: simplify 5b135b92 Add MAINTAINERS.md and Governance, update OWNERS f5c34db7 fix(deps): update module golang.org/x/term to v0.31.0 b6b64152 chore: fix some function names in comment f7ab0ed0 fix(deps): update module github.com/containers/common to v0.62.3 0e68f7be chore(deps): update dependency golangci/golangci-lint to v2.0.2 edfeb735 [skip-ci] TMT: keep PR-label independent tests ba2f8b7a chore(deps): update dependency golangci/golangci-lint to v2 11fc49b4 Rely on golangci-lint exit code instead of expecting empty output b78fa41e Satisfy staticcheck da1bf9f7 chore(deps): update dependency containers/automation_images to v20250324 Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
* runc: update to v1.3.0-rc.1Bruce Ashfield5 days1-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumping runc to version v1.3.0-rc.1-171-gb1722d79, which comprises the following commits: da909478 deps: bump cgroups to v0.0.3, fix tests f24aa06e libct: State: ensure Resources is not nil 1b39997e Preventing containers from being unable to be deleted d22a4211 libct/configs: stop using deprecated id b25bcaa8 libct/configs: fix/improve deprecation notices a10d338e libct/configs: add package docstring 8d180e96 Add support for Linux Network Devices 889c7b27 update runtime-spec ed5df5f9 libcontainer/configs package doc 0b01dccf runc update: handle duplicated devs properly 7696402d runc update: support per-device weight and iops 99a4f198 build(deps): bump github.com/urfave/cli from 1.22.16 to 1.22.17 31d141e2 build(deps): bump golang.org/x/net from 0.40.0 to 0.41.0 8b0e7511 build(deps): bump github.com/containerd/console from 1.0.4 to 1.0.5 04be81b6 fix rootfs propagation mode 995a39a4 ci: add scheduled run of GHA CI 74209b73 ci/gha: allow to run jobs manually 62e6ab6d gha/ci: allow validate/all-done to succeed for non-PRs b39bd105 ci/gha: fix exclusion rules b206a015 deps: bump opencontainers/cgroups to v0.0.2 ae00c2bd tests/int: simplify using check_cpu_quota fbf1a320 build(deps): bump github.com/vishvananda/netlink from 1.3.0 to 1.3.1 5cdfeea7 CHANGELOG: forward-port entries from 1.3.0 0623ea10 build(deps): bump golang.org/x/net from 0.39.0 to 0.40.0 c1958d88 build(deps): bump golangci/golangci-lint-action from 7 to 8 9f86496c ci: Check for exclude/replace directives 67b8a685 go.mod: Delete exclude directives b0aa863f ci: bump golangci-lint to v2.1 d920a722 build(deps): bump github.com/seccomp/libseccomp-golang 8e3ee502 ci/cross-i386: retry adding ppa c12c99b7 runc: embed version from VERSION file d54eaaf2 runc --version: use a function 3e3e0482 ci: upgrade to criu-4.1-2 in Fedora 58c3ab77 rootfs: improve error messages for bind-mount vfs flag setting 30302a28 mount: add string representation of mount flags 87ae2f84 Unify and fix rootless key setup b520f750 ci: install newer criu for almalinux-8 d7285e46 Fix "invalid workflow file" github actions error 5f4d3f36 libct/apparmor: don't use vars for public functions 08ebbfc8 tests/cmd/remap-rootfs: fix mips builds 1d78cb21 Completely remove --criu option c8991936 ci: add check for toolchain in go.mod e34c1a04 CHANGELOG: Port 1.2.x changes c5ab4b6e runc pause/unpause/ps: get rid of excessive warning fda034c9 pause: refactor 75a4546b go.mod: rm toolchain 0a9639e3 build(deps): bump golang.org/x/net from 0.38.0 to 0.39.0 c5e0ece4 build(deps): bump golang.org/x/sys from 0.31.0 to 0.32.0 19c65154 tests: Add env var tests 09501d96 libct: Override HOME if its set to the empty string bb5aa116 build(deps): bump github.com/moby/sys/user from 0.3.0 to 0.4.0 bf386464 libct: we should set envs after we are in the jail of the container 4a0e282b test: check whether runc set a correct default home env or not 7fdec327 Use any instead of interface{} 17570625 Use for range over integers f64edc4d ps: use slices.Contains ef5acfab libct/configs: use slices.Delete 0fc2338d libct/specconv: use maps.Clone 7a58d823 .golanci-extra: disable staticcheck QF1008 0b536265 build(deps): bump golang.org/x/net from 0.37.0 to 0.38.0 5cfd1a62 build(deps): bump bats-core/bats-action from 3.0.0 to 3.0.1 131bdac1 tests/int/selinux: test keyring security label c735c073 tests/integration/selinux: collect user_avc as well 491326cd int/linux: add/use Recvfrom e655abc0 int/linux: add/use Dup3, Open, Openat c690b66d int/linux: add/use Exec 431b8bb4 int/linux: add/use Getwd 8cc1eb37 Introduce and use internal/linux b68cbdff criu: Add time namespace to container config after checkpoint/restore 127e8e68 ci: bump to golangci-lint v2.0 9b3ccc19 libct/intelrdt: fix staticcheck ST1020 warnings 30f8acab Fix staticcheck ST1020/ST1021 warnings 9510ffb6 Fix a few staticcheck QF1001 warnings 6405725c libct: fix staticcheck QF1006 warning fdb69163 notify_socket.go: fix staticcheck warning 4622bb87 build(deps): bump google.golang.org/protobuf from 1.36.5 to 1.36.6 a638f133 .golangci.yml: add nolintlint, fix found issues d00c3be9 ci: bump codespell to v2.4.1, fix some typos 65e0f2b7 libct/int: use destroyContainer 1aebfa3e libct/int: don't use _ = runContainerOk f55400dc .github: Improve issue template description bac33825 build(deps): bump github.com/opencontainers/selinux 6a3f8ea3 skip read /proc/filesystems if process_label is null Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
* runc: start removing 'opencontainers' referenceBruce Ashfield5 days1-0/+1
| | | | | | | | We've only had one type of runc for a while, this is another step in the direction of moving to just 'runc' versus the old runc-<foo> variants Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
* podman-tui: update to v1.6.1Bruce Ashfield5 days1-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumping podman-tui to version v0.9.0-508-g5d5c4cc0, which comprises the following commits: 5d5c4cc0 Bump to v1.6.1 02bc24f9 Bump github.com/containers/podman/v5 from 5.5.0 to 5.5.1 0b65653d Bump to v1.6.0 136c5f75 Fix golint issue b02ec603 Added container create health log dest, max count and size options ef10f184 Fix bats test for network connect 3eabf121 Bump github.com/containers/podman/v5 from 5.4.2 to 5.5.0 164ca27d Bump golang.org/x/net from 0.36.0 to 0.38.0 70fd604f packit epel10 build 42293a3a Bump golang.org/x/crypto from 0.36.0 to 0.37.0 f902cdff Bump to v1.6.0-dev cd904893 Bump to v1.5.0 6392f961 Bump to v1.6.0-dev fb76d52a Bump to v1.5.0 ff9a2eeb Bump github.com/containers/podman/v5 from 5.4.1 to 5.4.2 04b7a615 Bump github.com/containers/buildah from 1.39.3 to 1.39.4 0f4d9385 Bump github.com/rs/zerolog from 1.33.0 to 1.34.0 ffda1a0a Bump github.com/BurntSushi/toml from 1.4.0 to 1.5.0 2326d5fc Bump github.com/containers/buildah from 1.39.2 to 1.39.3 cc8608c2 Bump golang.org/x/net from 0.34.0 to 0.36.0 8eb63a6d Bump golang.org/x/crypto from 0.33.0 to 0.36.0 9b2bb838 Go update to v1.23.0 + Golangci-lint update to v1.64.4 4c73f653 Bump github.com/containers/common from 0.62.0 to 0.62.2 0a04e82e Bump github.com/containers/storage from 1.57.1 to 1.57.2 347ab777 Bump github.com/containers/podman/v5 from 5.4.0 to 5.4.1 4049d7ad UI input check trim spaces d62c79f7 New feature - pod create resource settings category 441fe2ed Fix Vagrantbox hostname f06e2ef9 Fix view's dialogs focus issue e15d76a7 Exec and run vterm container ID and name display issue fix 43fbc573 Added bats tests for container run cmd 53a43f86 Vagrantfile box version update to fedora/41-clous-base 9312e8de UI dialog size adjusmentse 0aeb2e55 New feature - container create resource settings category 34a7797d View sub dialog size adjustments 02ada937 New feature - container run eed5fd90 Container exec terminal size change 9e6388aa Container create dialog secret option 56a12860 fix wrong function name 177f06c4 Bump to v1.5.0-dev 204d054c Bump to v1.4.0 Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
* podman-compose: update to v1.4.0Bruce Ashfield5 days1-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumping podman-compose to version v1.4.0-75-g8eb5573, which comprises the following commits: 1c0c63a Fix formatting of description of systemd command 2f8dbdc Remove assignment to variable that gets overriden and never used 0de04b3 CONTRIBUTING: Suggest contributors to split their commits d864e19 CONTRIBUTING: Update instructions on commit message 96ec961 CONTRIBUTING: Update instructions for creating virtualenv 0cbf70a Implement short syntax for env variables in compose.yml "environment:" 8f9f6d0 Remove unnecessary 'or "text"' dd471c8 Fix dockerfile definition if directory name ends with ".git" 4177bae Add docker_compose_compat setting 6635b8b cleanup bool parsing 8f55227 add name_separator_compat 04155d0 Add documentation for env variables 6054952 allow overriding x-podman using env vars 034b86e README: Remove basic usage section bbdb636 README: Update section on tests 93371b0 README: Merge all repositories under single section 27d1fc6 README: Add installation instructions on Debian 82dd0ac Release notes for 1.4.1 0491269 Fix relative host path resolution for volume bind mount source 82d7622 Add relabel option to secrets 7b3276e Expose io.podman.compose.service label 949af2a .github: Run mypy as part of checks 0b8b483 Print full dockerfile path instead of context on error 56238b1 tests/integration: Fix `service_scale` tests d4ebf62 tests/integration: Fix `lifetime` tests 83c7e94 tests/integration: Add missing __init__.py files to actually run tests 248a63e test-requirements: Upgrade ruff efea0ee Address unused argument warnings 3c2978c examples: Add type annotations 5765e53 Use correct logging methods 0be50ff Fix return value from compose_systemd() 1eae76d Add return type annotations to test_utils.py 6c46678 Fix mypy warnings a3f48f8 tests/integration: Add type annotations dedb081 tests/unit: Add type annotations ea22227 Add mypy configuration 58df849 Move tests to directories that can be imported 39e21d8 Remove extraneous await on non-async function 02166f5 Use more standard call to list.append 8aeeafb Rename redefined variables 9162fe6 Remove unused code 08d06df Fix build ssh path to be relative to directory of compose file a983129 tests/unit: Add unit tests for fixing CMD healthcheck 76b3055 Fix CMD healthchecks running with /bin/sh 225999e tests: Rewrite test_normalize_depends_on to unittest 3d47849 Allow specifying custom pod name in `--in-pod` 0c1c4ff Fix reset tag attribute to also reset `depends_on` parameter 6e30673 tests/integration: Fix paths for testing override and reset tags 01214fa Add unregister command to remove systemd service registration bd29caa Release 1.4.0 6c9c091 Release notes for 1.4.0 67616bd Handle exit code when compose up -d 782c44d tests: Style cleanup d7762a5 Fix service_healthy condition enforcing eba2ca2 Skip running compose-down during up when there are no active containers abe5965 tests: Improve reliability of network tests 9e0da82 Change compose-up to create then start container to avoid double exec 8638eb9 tests: Test selected env variables to improve robustness e1d938f Add --abort-on-container-failure 1dab256 tests/integration: Add override tag attribute test 2a33ef5 tests/integration: Add override tag service test 5ab7340 tests/integration: Add reset tag attribute test 35dc395 tests/integration: Add reset tag service test 38a9263 integration/tests: Move 'volumes_merge' tests to 'merge' directory cbe9587 Implement override and reset analog to docker-compose 98f166d Implement pids_limit ff58a0b Add newsfragment 8d899eb Feature: add cpuset option ae41ef0 tests/integration: Improve tests for port command da46ee3 Fix port command for dynamic host ports d80c31f tests/integration: Add tests for up and down command cefa68d Implement rmi argument for down command fbc4c7d Integration tests for container scaling changes 11879d3 Updates handling of scale/replicas through CLI & compose file 27cf8da Addition of relevant newsfragments file a1be62f tests/integration: Automate manual ulimit test e45b5d5 tests/integration: Automate manual `volumes_merge` test e04b8f3 tests/integration: Add integration test for buid git URL as context 815450a tests/unit: Add test for buid git URL as context 92f0a85 Fix using git URL as build context 5f4fc46 Add os.path.normpath to normalize dockerfile pathname f9489af Allow merging of args in both list and dict syntax Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
* netavark: update to v1.15.2Bruce Ashfield5 days3-261/+238
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumping netavark to version v1.15.2-1-g3955c1f, which comprises the following commits: 01b002f release v1.15.2 937edfb release notes for v1.15.2 913bf55 dhcp_proxy: set timeout_sender only if required 763c86b cargo: bump mozim to 0.2.6 868d33d release v1.15.1 29f991c release notes for v1.15.1 ad51a4a Revert "remove search domain from response" aadd9fe release v1.15.0 7395403 release notes for v1.15.0 8dd201b update release notes from v1.14.1 a819174 update nftables to 0.6.2 fa0cce8 run cargo update 18e6472 chore(deps): update rust crate tempfile to 3.20.0 ebbc9d1 chore(deps): update rust crate chrono to 0.4.41 dc8e9f2 fix(deps): update rust crate tokio to 1.45.0 ccde461 fix(deps): update tonic monorepo to 0.13.1 a7a2748 fix(deps): update rust crate zbus to 5.6.0 e2aecba fix(deps): update rust crate sha2 to 0.10.9 da0933e fix(deps): update rust crate clap to ~4.5.37 cfe74dc aardvark: handle names more safely 13cd456 aardvark: use one buffer for commit_entry() efe127c don't clone container_names in AardvarkEntry 7084b2e Makefile: correctly set SOURCES adcddf6 remove some unused deps 0795886 Makefile: use cargo --locked in CI 99ede94 chore(deps): update dependency containers/automation_images to v20250422 86a4826 ci: ensure tree is clean after build 4ed8ac7 fix(deps): update rust crate rand to 0.9.1 ea3479b .github: check_cirrus_cron work around github bug ca2ad7f Cargo.lock: fix desync with Cargo.toml 84ec751 fix(deps): update rust crate netlink-packet-utils to 0.6.0 d629405 firewalld_reload: share connection b675bd2 fix new rust 1.86 lint errors 810ee33 ignore SIGTERM and SIGINT on teardown 36d89b2 fix(deps): update rust crate tokio to 1.44.2 3bfe78e Release GHA: Automatically publish crate d430758 test: use ncat not nc 2c4d5b6 update CI image 2025-03-24 6c6c89b fix new clippy lint errors 7ef70f8 fix(deps): update rust crate env_logger to 0.11.8 5d6a3f0 fix(deps): update rust crate clap to ~4.5.34 8eb7a23 chore(deps): update rust crate once_cell to 1.21.3 ed5f940 fix(deps): update rust crate hyper-util to 0.1.11 3b031a7 GHA: Automate release 9035c67 remove search domain from response 5daf5cb chore(deps): update rust crate once_cell to 1.21.2 b940984 fix(deps): update tonic monorepo to 0.13.0 1be221f Add link to c/common contributor's guide b361626 fix(deps): update rust crate log to 0.4.27 8a34126 chore(deps): update rust crate tempfile to 3.19.1 3880a19 fix(deps): update rust crate nispor to 1.2.23 803309a fix(deps): update rust crate netlink-packet-route to 0.22.0 850d6af Fix detect of Firewalld's StrictForwardPorts property 8605514 chore(deps): update rust crate tempfile to 3.19.0 683d3ad chore(deps): update rust crate once_cell to 1.21.1 0783767 fix(deps): update rust crate tokio to 1.44.1 566febc chore(deps): update rust crate once_cell to 1.21.0 b47c5bc fix(deps): update rust crate env_logger to 0.11.7 67bf793 fix(deps): update rust crate tokio to 1.44.0 3902d99 test/001-basic: Make commit test optional af59e5c .github: remove cirrus rerun action dd46baf chore(deps): update rust crate tempfile to 3.18.0 76dfaaa fix(deps): update rust crate clap to ~4.5.31 fd6ebf0 chore(deps): update rust crate chrono to 0.4.40 9a3dcaf fix(deps): update rust crate zbus to v5 fd440e1 Bump MSRV to v1.77 44e3864 Update Rust crate log to 0.4.26 f990a78 cirrus: do not build debug bins a08bb55 Makefile: do not rebuild if nothing changed 4ac1563 Makefile: uninstall netavark-firewalld-reload.service 8668643 docs/Makefile: several fixes c1518c9 Makefile: build docs by default 9b0209c Makefile: do not build twice fa4c8ce chore(deps): update rust crate tempfile to 3.17.1 6963b06 chore(deps): update rust crate tempfile to 3.17.0 18889e4 fix(deps): update rust crate prost to 0.13.5 dfac98b Bump to v1.15.0-dev Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
* lxc: update to v6.0.4Bruce Ashfield5 days1-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumping lxc to version v6.0.4-7-gb185e523f, which comprises the following commits: b185e523f selinux: fix typo (AppArmor) 4be5e7c65 meson_options.txt: remove space before `:` for consistency 81d00893a meson_options.txt: don't use str when defining bool default values 8a7ea2523 bionic: Remove custom getline, openpty and prlimit 136d5ae08 bionic: Remove bionic detection and support f362f6eed README: Remove mention of old LXC version 2663712e8 start: Re-introduce first SET_DUMPABLE call 0fb6eb66d Release LXC 6.0.4 312976c9b lxc/start: do prctl(PR_SET_DUMPABLE) after last uid/gid switch 77b9cb1dc lxc/caps: fix open /proc/sys/kernel/cap_last_cap dfe473705 lxc/conf: handle rootfs open_at error in lxc_mount_rootfs 782b666dc tools/lxc_attach: fix ENFORCE_MEMFD_REXEC checks bcb6d063d github: Add packaging workflow 3a4003c8c global: Switch to new MAC prefix 5cdef29d8 global: Switch MAC generation to Zabbly prefix 400115de0 sysconfig/lxc: remove false comment 0e99eaa35 Added LXC_IPV6_ENABLE option for lxc-net to enable or disable IPv6 84e02ca8c github: Switch to native arm64 runners f68da1c9f config-bcast: fix incorrect broadcast address calculation 5b31eb51a lxc/attach: Revert "- LXC attach should exit on SIGCHLD" 555276df9 conf: warn when capabilities are disabled or libcap is not found a99f593e3 dbus: replace hardcoded dbus address with environment variable d34b373ca conf: log name of invalid capability in error 56ef15e71 confile-vlanid: undefined is not a zero value b4fda3c60 - LXC attach should exit on SIGCHLD fe31d844e Release LXC 6.0.3 Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
* k8s: update to v1.33.2Bruce Ashfield5 days1-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumping kubernetes to version v1.33.2-1-gf208b6c73d1, which comprises the following commits: f208b6c73d1 Update CHANGELOG/CHANGELOG-1.33.md for v1.33.2 a57b6f7709f Release commit for Kubernetes v1.33.2 05e72aa38dc fix kubeadm e2e tests 612e0555562 Bump images, dependencies and versions to go 1.24.4 and distroless iptables a792b779060 Remove warning about resizing failed for unknown reason ea3aa291814 Add tests that validate the return value of resize operation 060a4985376 Revert shorthand for kubectl explain --output c4f2287f8a3 Bump images, dependencies and versions to go 1.24.9 and distroless iptables 1fde2b884c7 DRA node: reject static pods which reference ResourceClaims 2628e18dabe userns: Wrap more errors 514da8a95a6 userns: Improve error returned if userns is not supported 992924664b5 userns: Use len to handle empty non-nil slices 76747b4eed8 Update CHANGELOG/CHANGELOG-1.33.md for v1.33.1 8adc0f041b8 Release commit for Kubernetes v1.33.1 f240b3abf52 SchedulerPreemption [Serial] validates various priority Pods preempt expectedly with the async preemption: replace finalizers with preStop hook and TerminationGracePeriodSeconds cce99a8c73a Automated cherry pick of #130503: Unhandled panic crash on rollout_history printer.PrintObj (#131496) a257be82995 fix: fixes a possible panic in `NewYAMLToJSONDecoder` b59deb49149 DRA: Fix failure to allocate large number of devices 750d2c02f03 Update hnslib version in Windows KubeProxy. c916dba6073 Disable size check for xfs/ext3/ext4 filesystems before expansion c8f2295d688 Disable disk size checking when calling NeedsResize function 3caaf056f1b Handle unsupported node expansion for RWX volumes c7eb93190c6 Mark NodeExpansion finsihed without featuregate check 74035d7b771 Also change final status by removing featuregate check 1a9d4fc468f Check for newer fields when deciding expansion recovery feature status 950bb3baf51 Fix for HNS local endpoint was being deleted instead of the remote endpoint. 5dc8b8dd268 Update CHANGELOG/CHANGELOG-1.33.md for v1.33.0 60a317eadfc Release commit for Kubernetes v1.33.0 9ba7dcecc39 CHANGELOG: Update directory for v1.30.12 release 191c34eaba2 CHANGELOG: Update directory for v1.31.8 release 7bf818fb88a CHANGELOG: Update directory for v1.32.4 release 95b926c93a4 Feature-gate watchlist e2e e467c9530b8 [Go] Bump dependencies, images and versions used to Go 1.24.2 and distroless-iptables 660df229bf3 Stop exposing list-via-watch from the server a8f6d77c8da ServiceCIDR and IPAddess Conformance 44c230bf5c3 CHANGELOG: Update directory for v1.33.0-rc.1 release 4939c17914f Update CHANGELOG/CHANGELOG-1.33.md for v1.33.0-rc.1 92e86d1b4bf Release commit for Kubernetes v1.33.0-rc.1 0266d3bcb37 Allow single-to-dual-stack reconfiguration for ServiceCIDR 7d7fc2d9892 Fix flaky test: Metrics should grab all metrics from kubelet /metrics/resource endpoint 505836c22cc staging/publishing: add release-1.33 rules e5a5f726dde Tag SELinux tests that require SELinux warning controller cacd595bae4 CHANGELOG: Update directory for v1.33.0-rc.0 release 18249aaaa4f hack/update-conformance-yaml.sh 1eab3036b67 mark tests that use estimateMaxPods as serial b2933c0adac estimate some system daemonset overhead for max pods b1a9cc34731 bug fix: fix version order in emulation forward compatibility. f63cdcbc811 Release commit for Kubernetes v1.33.0-rc.0 2ef4a8426c2 Move to released version of prometheus/client_golang v1.22.0 from rc.0 c8c2844aaf1 Fix race for sending errors in watch d3c5a4ab2f8 CHANGELOG-1.32: fix release note about kubeadm upgrade phases 10a7d6f8fdb Update CSI Proxy to v1.2.1-gke.2 24edc6e90f1 Update etcd to 3.5.21 eca90dab3f5 Parallelize cacher list tests 1a15d582ae5 Don't start etcd for skipped test 75186095c58 Stop cacher in TestWatchStreamSeparation to speed up shutdown 38d5cb368dd Fix flake, non-consistent list doesn't give any guarantees about staleness 9b5c4504ee4 Ensure that cacher is terminated in TestGetListRecursivePrefix 24536987d89 fix narrow spaces of %e for x/net bump f3b80a85822 bump etcd 3.5.21 sdk 0e2e687d3cc cleanup etcd v3.6.0 20d6b51588a Build etcd 3.5.21 image 5c7491bf087 accept rounded container cpu limits in container cgroup tests (#131059) d349ac57e47 wait for containers to have started before doing cgroup check b0b89d3bd25 fix the DeploymentReplicaSetTerminatingReplicas version 8db1426554d rename DeploymentPodReplacementPolicy FG to DeploymentReplicaSetTerminatingReplicas 83bb5d57058 deflake restart count assertions in in-place resize tests (#131055) 1d42ba78ff9 Add e2e tests for resource v1beta2 API e761be47a45 Run make update 39507d911f3 Add resource v1beta2 API 52298cf36a6 DRA kubelet: fix potential flake in unit test 2350e7a9118 deflake pod-resize-resource-quota-test 2073252d5ab Ginkgo skip needs to run inside leaf node otherwise it panics d429c8b17d4 debug cpu_manager_test failure 478a6f9d053 Add a tests for PreferSameNode 0ee6b0dbfa2 Add "multi-node" TrafficDistribution test 7956b37f62d Add test for `trafficDistribution: PreferSameZone` 23aff5dabd5 Split out the pieces of the TrafficDistribution test 10cd54bee46 Streamling the node/zone-picking logic bc81a860b08 Abstract the logic of the TrafficDistribution test b1a0fea4c6f Remove a level of indentation in the TrafficDistribution e2e 8f7bb964de5 TrafficDistribution e2e cleanups 52c3010c8b7 Generated UPDATE_COMPATIBILITY_FIXTURE_DATA d6d9a354d7d Generated files f035e37c4bf Added e2e test and fixed existing pod test 94ddb3a98fd Implementation cc466aa355f CRI API changes 0380f2c41cd Validation 70540c9f43e API changes 2037f39e204 kubeadm: use 'writer' everywhere in util/apiclient/wait.go 310723b21c8 kubeadm: fix WaitForAllControlPlaneComponents with anonymous auth a75cd2e0f47 Adjust metrics ranges to reflect additional CI job environments 2bd0481d2c3 Use established pattern for kubelet metrics url 0486790592d Fix container_spec_memory_swap_limit_bytes in ci-cos-cgroupv1-containerd-node-e2e CI jobs a264b0015ec kube-up.sh: set inotify limits 4db8e8cc1dc Add configurable tolerance e2e test. ac107137ce8 Refresh autogenerated files following the configurable tolerance updates. dc1696d8074 Fix API doc and tolerance field handling when gate is flipped. 2dd9eda47ff Add configurable tolerance logic. 11b6e2a3752 Update test fixture to account for new tolerance field. a41284d9fa3 Add the HorizontalPodAutoscaler tolerance field. 463b15b9b22 Add the HPAConfigurableTolerance feature gate. a237f429fc2 Revert "Separate SeparateDiskTests from eviction" 914a4ba8bfa generated c86ff2339d4 Unit and E2E tests dcc67d08c6d Increase number of pods in PreemptionBasic and PreemptionPVs 33fbce73ae2 benchmark to show inefficient linear search lookup 6bbaf8cb104 Extend CRI stats provider to support PSI 77118d4ca06 Extend CRI API to support PSI 92a42e65ec2 Surface cadvisor PSI metrics to summary API and prometheus metrics c7fc9d5f91a API definition for PSI metrics a18354c60dd DRA API: fix DeviceTaintRule REST storage test 2d7518df6db Revert "Add e2e test for Regular Container image change" a9526f6c7e0 add comment to the CPUManager feature label 0882efaf8e6 Remove general available feature-gate CPUManager 16f5fe6a26b Fix infeasible resize test 8cfb9adbf60 overwrite existing labels during pod Binding storage 17acc4a5eeb Move queue.Done() before Prebind, add tests 6873e819297 Run in-place resize tests in default CI jobs a09cb22e4db disable in-place vertical pod scaling for non-restartable swappable containers a490960c92b fixup! KEP-4742: Node Topology Labels via Downward API 01ae1b1b5a5 remove kubernetes.io/hostname label copying 934e247030b Remove kubernetes.io/hostname label copying, skip overriding, and support direct spec.nodeName changes. 6ddabb6ee64 updating to reflect latest KEP design 5e7e1e7cf16 KEP-4742: Node Topology Labels via Downward API 67bdfa7d6ee Add alpha feature gate KubeletPSI 2670462eb03 Remove TopologyHints and TrafficDistribution feature flags 3b3df8ba728 CI integration scripts: reduce log noise from installing etcd cfb9486417d DRA taint eviction: avoid nil panic 56adcd06f37 DRA device eviction: fix eviction triggered by pod scheduling 7b38bff6ec9 Move pod level hugepage test from e2e to e2e node 98e362c0495 Revert "Pod level hugepage for cgroup when unset in container" fd50d9207f5 End to end tests for pod level hugepage resources b9e0d4ad666 Unit tests for pod level hugepage resources 51db93c3fb4 Use pod level hugepage limits for cgroup when unset in container e3f4c6e62ab Containers with hugepage volume mounts with unset hugepage limits aa17082a160 Default pod level hugepage limits e5020285fa2 Hugepages to pod level supported resources 5856d3ee6fa DRA taint eviction: fix waiting in unit test ac6e47cb142 DRA taint eviction: improve error handling d62e766dad1 Fix function comment c7919f5e22e Pop from the backoffQ when the activeQ is empty a67cc3aac12 Reduce locking duration on cache to fetch data in DaemonSet Controller b726f2cf579 Add an integration test for PreferSameTrafficDistribution 919c2b478ee Refactor TrafficDistribution integration test 64034307c22 Fix comments in TrafficDistribution integration test 323d55e67f9 Rerun update-featuregates.sh c10dc416815 Ensure --enable-logs-handler help appears in kube-apiserver help 3043fbc3daf Added feature gate to unit test c0a1489bc86 Fix unit tests d46050aa5d3 PodLifecycleSleepActionAllowZero to Beta 8fdd6fe4768 Unify should delegate list 8b4aab5451f e2e_node: add a test to verify kubelet fails to create pod if userns isn't supported a6494ec3134 features: bump proc mount to on by default beta 3701f878d65 Fix the logic on TestGetStaticPodToMirrorPodMap 2d05c3849a4 DRA E2E: fix "cluster must manage ResourceSlices" test ca42addbdff chore(scheduler): add filter integration tests for missing part plugins: NodeResources plugin 2a9a3ea827d test: switch gotestsum quiet output format f82c9e56d92 Serve LISTs with exact RV and continuations from cache 657ccc30995 Ensure that the pod has the proper phase upon re-initialization 3c7ed00e224 node: kep-2625: cpu manager policy options GA 1a34095f75b KEP-3094 Promote NodeInclusionPolicyInPodTopologySpread to Stable 1208f25b3f4 Verify oom_score_adj for containers that have been restarted in pod resize e2e c6d6e0414c0 KEP-3619: rename variable in TestPodAdmissionBasedOnSupplementalGroupsPolicy 586af6b568c KEP-3619: move SupplementalGroupsPolicy e2e test from /e2e/node/ to /e2e/common/node/ 4055b1a9b50 KEP-3619: update e2e test to check a pod with SupplementalGroupsPolicy=Strict should be rejected when the node does not support the feature eda274ed7e3 KEP-3619: merge SupplementalGroupsPolicy dedicated validation tests into standard ones 64a4e349893 KEP-3619: fix field path in validating ContainerUsers in PodStatusUpdate 2a0e51825bb KEP-3619: kubelet now rejects Pods with SupplementalGroupsPolicy=Strict on Nodes not supported this feature. 45846f6b4ea KEP-3619: Set Beta for SupplementalGroupsPolicy featuregate in v1.33 16abcd78bd4 [FG:InPlacePodVerticalScaling] surface pod resize actuation errors in pod resize conditions (#130902) bfaa2496b2f Remove SidecarContainer feature-gate check ec1b493a088 Populate status memory requests from actuated resources 1ee7d946d77 WIP add tests for regular container image updates f04cfdf6e76 Update gofmt. 39d6396aea0 Promote the DisableNodeKubeProxyVersion feature gate to be enabled by default. c2927727107 Consider AllocatableResources when computing pod requests aba588cd14e Deprecate IPPVSAllocatedStatus: always set allocatedResources with InPlacePodVerticalScaling 798ce5bde25 e2e framework: add BetaDefaultOff feature gate testcase 507621e0da4 implement WithFeatureGate label proposal 1738c0bc4c9 Add ltsc2025 for windows-servercore-cache test image ea2f8881093 Auto gen 6d7f11689dd Complete feature impl, fix issues, add perDeviceNodeSelection support, add tests, address comments, etc. ecba6cde1de Allocator updates ece1d76e802 API manual changes deaaa124a5b DRA: Feature gate for Partitionable Devices baaa38c0992 Remove mutation of authn options by binding flag setters to a tracking boolean in options 7fe7754e67f Fix unit test, remove wait after resize 0ec6566c68c chore: update emulation version help msg. a2c739f3d50 chore: [e2e/framework] Updates test feature gates to versioned feature gates 7b5cbbb9618 chore: Remove unused unversioned feature gate map by consolidating feature gate files d7ed3f1c9b6 Add image volume subpath e2e tests 7f4b9a52db2 Consider memory requests in determining if resize is in progress, set termination grace period to 0 f73945aae56 Websocket HTTPS proxy support ba09a97341d node: cpu-mgr: Graduation of `distribute-cpus-across-numa` to Beta dab8758a59d chore: avoid resetting config of emulation verison and featuregates when adding flags 7d74a504caa Remove unused VAP for DRA admin access e2e test 1889e0cad65 scheduler sets observedGeneration in pod conditions 951e33fdf94 Fix gofmt issues 10c6a4258f8 feat: graduate MatchLabelKeysInPodAffinity to GA 917c4b310bd Fix lint issues, use kuberuntime's minGracePeriod const, boost container restart wait period 327ebcffc85 node: cpumgr: e2e: Define constants and use them instead of literals c90f0539c88 node: cpumgr: e2e: Tests for `distribute-cpus-across-numa` policy option b6a3ac47de0 node: cpumgr: e2e: tests for NUMA allocation spread metrics 3edeb60c089 Create Snapshotter interface to fake the implementation 7da942ca748 Change precedence order for continue and legacy exact match e367dca6c5b Change backoffQ less function to order pods by priority in windows 88f8e6697dc Implement PreferSameNode traffic distribution in kube-proxy c85083589c8 Clarify hostname vs node name in kube-proxy ff640c3679a Minor updates to kube-proxy topology code 19952a2b7bd Implement the EndpointSlice controller side of PreferSameZone/PreferSameNode 90c8f9aef1a Don't write out dummy zone hints in clusters with no zones 413af836b38 Minor updates to traffic distribution unit tests af3584778e0 update generate docs for PreferSameTrafficDistribution 4435ead24a1 Add PreferSameTrafficDistribution feature gate and associated API. 6ca82f9c164 Update the use of sets in EndpointSlice validation 929a9c0cad9 Extend shouldDelegateList testing incorportating state of cacher 09fdae408fb pkg/kubelet/userns: add idsPerPod tests 1592bfa4a81 kubelet: config: add userNamespaces.idsPerPod 9f161590bee metrics testing: add type aliases to avoid direct prometheus imports 37b47f47244 DRA helper: support dropped fields and TimeAdded defaults 2499663b84e DRA E2E: tests for device taints 5760a4f2820 DRA scheduler: device taints and tolerations a027b439e58 DRA: add device taint eviction controller 07a275437f3 kubectl debug: Display a warning message that the debug container's capabilities may not work with a non-root user (#127696) d5d008a6bd4 Invoke UpdateContainerResources or trigger container restarts (for RestartContainer policy) when memory requests are resized 0301e5a9f88 DRA: AdminAccess validate based on namespace label 2f1f19a992f flake: fix data race for func TestBackoff_Step 75a4d136aba Update kube-openapi and integrate streaming tags validation cd1a5c6d5cf Fix Kubelet unit tests 506e4fed14e In TestListCorruptObject corrupt the object in etcd instead of changing encryption key 413e867f537 [KEP-5100] WinDSR to Beta 8b2cee83c15 Replace StorageVersion API with aggregated discovery to fetch served resources by a peer for MVP c09d87f79c9 Implement watchcache returning error from etcd that caused cache reinitialization 13d04d4a92f DRA device taints: copy taintseviction controller 6478ca58594 ktesting: fix per-test logging in TContext.Run and WithTB 939c9c0c6ba DRA: add ResourceSlice tracker 99dbd85c45f DRA: generated files for device taints API 797475e1137 DRA: add device taints API 7fb028a433f DRA: add DRADeviceTaints feature c766a52356a Implement KEP 4876 Mutable CSINode (#130007) 9be73c0d67f Graduate InPlacePodVerticalScaling to beta 691398c8563 add API approvers to generated applyconfigurations aa32537e9a0 Add workqueue for node updates in DaemonSetController 381ccf0f4c7 Fix empty describedObject in hpa status (#124555) 5625483527c KEP-4540: added e2e tests for strict-cpu-reservation option 269bbac6e8d KEP-4540: moved StrictCPUReservationOption to beta feature gate 4c2be4bdde2 kubelet sets observedGeneration in conditions d95d6ba5264 DRA scheduler: fix potential panic during unit test verification 582b421393d DRA kubeletplugin: add RollingUpdate b471c2c11f6 DRA kubelet: support rolling upgrades 760903c0de6 DRA kubelet: give DRA drivers a 30 second grace period for updates 0524c807864 e2e/node: Remove outdated comment c11077f417b e2e/node: Skip userns tests on windows c348bd10e6c pkg/kubelet/userns: Log userns mapping information 69e270f509c pkg/kubelet: Explain why a user is required to get userns kubelet mappings c984f0f08a1 tests/e2e: Add tests for userns kubelet mappings 1be3f8961bd Fix a race when closing activeQ 0effe155434 Move scheduler_perf topology spreading tests to a separate package b3890d9fa0d bump RemoteRequestHeaderUID featuregate to Beta, on by default decd11414b0 fix typo 091b450057c Replace PodResourceAllocation with PodResourceInfoMap type for extensibility for pod-level resources support 349e079abeb Update release notes in changelog-1.30 to fix example claim validation rule af291a44c3a Add unit test to validate email_verified in claim validation rules 5d0caaa1a66 feat: Add alpha feature verification to feature gates 916c7867f7e fix godoc for email_verified requirement when username contains claims.email a15520fbeaf Move pod resize status to pod conditions 61863035803 Adding Unit tests for windows-dsr and overlay support 984b475e749 Extract delegator.Helper interface to allow making delegate decision based on cache state 4f1912abf2d Fix missing recursive in consistency check, enable panic on failed check and fix typo in logs 5402baf4a2b Fix KUBE_BUILD_IMAGE_CROSS_TAG mismatch when KUBE_CROSS_VERSION is passed 9837a61528f update cri-api comments for Windows HostProcess withdrawal a666451e8a3 withdraw Windows HostNetwork support 2b504a7089f Fix failing git_repo e2e release informing tests. aa187d2d5ac add separate container runtime filesystem tests c30eb9d9e5c feat: graduate the async preemption feature to beta e394d430c48 Promote E2E to conformance tests for JobSuccessPolicy 0490b9f0b72 kubelet: document seamless upgrade support and guidance f1031be019c node: cpumgr: metrics: add metrics for allocation per NUMA 5c4948ff314 controller: factor out pod node name indexer helper function 9e7c080b863 Use ValidateListOptions in watch cache 414bfc707ff Split subfunction to allow adding more subtests 6d21d8f2376 Test continue with negative RV for reading consistent RV 8c9452f4ca9 e2e tests: remove unneeded storage feature label d66330609c3 Remove the not-even alpha feature setting bc74476bdb9 Remove VolumeCapacityPriority feature gate 43382b1b394 Switch control from VolumeCapacityPriority to StorageCapacityScoring f6ddee95f96 Add storage capacity scoring to VolumeBinding plugin 410dc1d6549 Trying to fix kubelet_config_dir_test 8f69d596e81 Fix pkg names != dir in tests b47e839e4ec Comment on origin and JSON schema 46d5438c144 Fix import groupings 1ff4433c87e Fix whitespace in validateFalse test fixture 4c0c2d21ea6 Use origin in validateFalse's own test d1d77cd553c Use test.Helper in helper funcs 1ae091e7187 Add validation for the NodeSwapStatus field 9d38a85c709 Ensure unit tests are guarded by a feature gate 18139b9845f Add unit tests 16871a1faa0 populate the new node.status.nodeInfo.swapInfo field a9b02114099 add auto-generated files: make update ee4ac3d70a3 add auto-generated files: ./hack/update-openapi-spec.sh 4bdaf6cbbde add auto-generated files: ./hack/update-codegen.sh a53a517022c Add the Swap field to NodeSystemInfo 3e48d143fa9 kubectl: Remove duplicate selector calculation logic and add missing test cases for the 'describe DaemonSet' functionality 1f04af7947b Remove general avaliable feature-gate PersistentVolumeLastPhaseTransitionTime a548688ffe1 fix: add feature-gate is disabled unit tests 03934974688 Add protection finalizer to vac when it is created 06482b6bd3b address comment 41e3efdb60a change doPodResizeAction to call updatePodSandBoxResources inside setPodCgroupConfig 95d3d4a22d7 Gate apidiscovery/v2beta1 serving with a feature gate a758e725b86 Non-pointer VariableGen 4e3d114c267 Refactor VariableGen - no interface needed 6a59dcfa1dc Non-pointer FunctionGen 0b295553232 Refactor FunctionGen - no interface needed 282e1490d43 KEP-5040: Disable git_repo volume driver. 9aeeb530952 Remove usage of TopologyAwareHints feature-gate from kube-proxy packages. 25e041470eb Run ./hack/update-featuregates.sh 619957c9762 Graduate TopologyAwareHints feature-gate to GA in 1.33 and LockToDefault a6c94ea605d Enable DeclarativeValidation feature gate by default 146515ac4a8 kubelet: pullmanager: write to pulled record if secret matches during query 788b7abe406 kubelet: pullmanager: move to a separate package b8fc6042ca0 kubelet: GC for image pull managers 3793becbb94 kubelet: integrate the image pull manager 95d411382f2 Fix comment for GetServiceAccountFunc type 01302639f59 Add unit tests for credential provider in service account mode f6a35c55f2d Wait for node to appear in cache in TestUpdateNominatedNodeName integration test ef40e670bf1 Update hostpathplugin image to v1.16.1 cf20c21ef82 Revert "stop overriding max concurrency in CI, let automax procs handle it" 04ac6df8a91 add dra to edit role and add featuregate test 718ed7d0b58 dra: add user rbac 5a98d4dbb4a Limit declarative validation to spec until subresource support is added b8361f9c6ea Revert "pkg/kubelet: Fix userns tests on Windows" 1057407cee3 DRA e2e: more flexible socket listening b3befff631d implement a file-based image pull manager 0ca23338462 make update 47827f4d9a5 kubelet: modify KubeletConfiguration API with image pull policies 311e589534b Emit comments before validation code ad96b3aed58 kubelet: implement image pull policies 1a660d3d0c9 flake: fix data race for TestApfWatchHandlePanic unit test c4d77a07993 Add test cases for negative resource version in TestList 58d9b5c7b64 Test bypass for negative RV d263344a9b4 Simplify bypass test by just testing shouldDelegateList function ec127279571 DRA kubeletplugin: revise socket path handling c6252daccb8 DRA kubeletplugin: turn helper into wrapper 37dee3c2824 [KEP-4817] DRAResourceClaimDeviceStatus to Beta dc8dc314421 fix error treatment and remove annotations from proto 86169a7a1e0 Fix flaky RunTestConsistentList 09817b320f0 move generate podsandbox request to platform specific ce4de97c2e3 make kubelet call updatePodSandboxResources on PodResizeAction b27c303ac24 update cri-api runtime interface and cri-client add new method 8f11574f3d4 update proto files to add new method UpdatePodSandboxResources 64c0164cec0 kubelet: add the ImagePullManager interface 37e0fd50aac imagepullmanager: add v1alpha1 config API cb7468b0774 kubelet imagepuller: PullImage() - accept TrackAuthConfigs directly 09284d926cc credentialprovider: track kube secrets as creds sources in DockerKeyrings e549eeb7964 introduce the KubeletEnsureSecretImages featuregate 9df0f6b6043 Call PreEnqueue plugins before adding pod to backoffQ 8d4eaa024d3 Add SchedulerPopFromBackoffQ feature gate for KEP-5142 5c17e7bd9c6 node: cpumgr: metrics: add uncore cache alignment metrics 9cfe1863ce9 node: e2e: clarify test description cea7d97d8bc node: cpumgr: use String representation in output 52e0f522ba0 node: cpumgr: test: use Equals for comparison a07510fade8 node: cpumgr: test: abort on failure 3e70a1bc9c8 remove unneeded e2e features 6979567c449 Enable proper API in CLE integration test f7296b31f0d Add declarative test cases for RC.Spec.MinReadySeconds 177193ed197 Mark RC.Spec.MinReadySeconds as k8s:optional 1e336160681 Add declarative default for RC.Spec.MinReadySeconds 1059dbdee18 Declaratively validate minimum value of RC.Spec.MinReadySeconds 20b69a54bff Add declarative test cases for RC.Spec.Replicas 0f4786536f7 Declaratively validate RC.Spec.Replicas optionality 21b3da7e5aa Add declarative default for RC.Spec.Replicas e08bbf254c4 Declaratively validate minimum value of RC.Spec.Replicas a9514b05911 Add update-featuregates to update.sh 088daf472b7 feat: Refactors featuregate lifecycle management script 14934b481ef refactor: detach Info from apimachinery util version a3094ccbe6f feat: extend version information with more detailed version fields 8d71f74fcdb pkg/kubelet/userns: Remove skip on windows 691fd360ba2 pkg/kubelet/userns: Wrap error to get mappings 925416bc370 pkg/kubelet/userns: Provide stub implementation for windows 74b069d0fab pkg/kubelet: Fix userns tests on Windows 1ddfc7bdce1 benchmark-dockerized.sh: don't redundantly install gotestsum 8898868fea4 install-ectd.sh: brace PATH and suggest user export d798d86981d cleanup CI integration scripts d9a2dee622c Fix subresource parsing for declarative validation 7848744bf9c remove kubelet fake status manager d6e5d4f20d4 make update 8eb74b96e33 Add validation to StatefulSet's .spec.serviceName 7315d0a6878 Change internal-version RC.Spec.Replicas to a ptr e0011c72367 Support emulation versioning of formats 8f83f2446a5 Fix detecting consistent read when watchcache starts handling continue 6d3bff83213 Test recursive in TestGetListCacheBypass and separate overrides 8b0294daed2 Fix typo and pass the environment variable required to enable watchcache consistency checking in GCE tests 987bdd9e466 Sync pkg/credentialprovider/OWNERS with k8s.io/client-go/tools/auth/OWNERS aab7a079fa4 make each scheduler test independent 27706a0b54c Add quota support for PVC with VolumeAttributesClass 2db729cfa42 Add flatz to kubelet auth. ed08387663e Enable versioned validation fuzz testing for core v1 group b5bc2838089 ReplicationController: Add declarative validation test suite 5a5ed81e1f2 ReplicationController: Enable declarative validation 256a576651c Add featuregate, feature and unit and e2e tests e8547d8a540 Cleanup unused container parameter from allocation state Delete 05a9c062125 Don't update checkpoint file for deletion 30bca329c52 Don't re-write the checkpoint file when the content is unchanged e856356225d Enable validation-gen on core/v1 9e42056a0df stop overriding max concurrency in CI, let automax procs handle it cb7afbccf6e delete hack/test-integration.sh 08745086e2d chore: change Info->Error log level related to declarative validation runtime tests and refactor panic wrapper names 3b88db4f235 Promote CLE to beta a7505f02621 generated 5ba4a90fdad Add LeaseCandidate v1beta1 ef3cb5c5afa skip admission for unsafe delete a0cc02e264e Simplify shouldDelegateList b27735be2ee Define type alias for getServiceAccount function ad22c0d4954 Fix IP/CIDR validation to allow updates to existing invalid objects 78e58b8c49f kubectl: expose context parameter in DefaultRemoteExecutor 37ddc637f55 Revert PR 125102: Add unit tests to client-go/tools/cache/listers.go 692785d25b6 Add legacy versions of IsValidIP/IsValidCIDR ac6790450ac Move TestListOptions setup before we start API server ba189de78ff Slightly improve EndpointSlice address validation fc4bb4fdb90 Add validation.IsValidInterfaceAddress f79bccf4d99 validation unit test cleanups 76f1684117a Rename ValidateNonSpecialIP to ValidateEndpointIP 2090a01e0a4 add e2e test with the gcp-credential-provider test plugin ad8666ce88d Update credential provider plugin to support using service account token 69dd6b3c0e5 CHANGELOG: Update directory for v1.32.3 release dd25c6a6cb4 CHANGELOG: Update directory for v1.31.7 release de904f80992 feat: add declarative validation metrics and associated runtime verification tests 34349e735ca CHANGELOG: Update directory for v1.30.11 release 1d365762a53 Introduce versioned validation test utilitizes and add fuzz tester 3eaa0478509 CHANGELOG: Update directory for v1.29.15 release 6defd8c0bdb node authorizer changes to allow read on svcaccounts d398de294dd Add KubeletServiceAccountTokenForCredentialProviders feature gate dd7b9f6171b Add service account token and annotation to v1 CredentialProviderRequest ba2eecca0d2 Add TokenAttributes field to v1 CredentialProvider 003f2157671 *: reduce tracing events during streaming JSON objects 2d810ddfa9c Apply feedback b9cb44a5933 Add approver permission for jpbetz in component-base/compatibility d6f61438e01 CHANGELOG: Update directory for v1.33.0-beta.0 release 9fe18bf4866 Update core v1 fuzzer and validation tests to use util/ptr instead of util/pointer 775b118a6d2 Remove invalid emulated version and add lexographical order test 9eef88c8446 Add CLE e2e tests f5dd7107f71 Implement streaming proto encoding d6ef05b9a82 Add +k8s:minimum validation tag b7b1e78d629 Fix context usage cfcf7e93a3a chore(validation-gen): rename flag --extra-pkg -> --readonly-pkg in validation-gen ca4f7857576 Update hack/verify-golangci-lint.sh cd9df2f115a chore: change error_matcher.go to use test interface instead of importing testing pkg c36b1c901f8 KCM: CTB publisher: tolerate NotFound during discovery 24e8fa769bc move ClusterTrustBundles featuregates to beta 1f1dbc35a90 kubelet: ctb: use generics to handle alpha/beta APIs for CTB projection 5b3b68a3a14 KCM: CTBPublisher: use generics to handle both alpha/beta APIs d3f44a5bc0f kubelet: lazy enabling the ClusterTrustBundleProjection feature 0cd2976cabe integration: ctb: apiserversigner test to use certbeta api ccd2d4d62ad generate code e0f536bf1fa use the ClusterTrustBundles beta API f598b4860c5 copy ClusterTrustBundle API to v1beta1 efac8fdea24 Delete todo comment to ignore update where 'old' is equivalent to 'cur' (#130322) f9e5dd84ad4 Graduate image volume sources to beta b38bfaa2ac9 fix: shared informer typos cdac61b9025 use generic set in sig-node 63cd30e3f6c use diff port for TestCreateConfigWithoutWebHooks from TestCreateConfig 9e53371ddaa Fix test cases that may potentially cause a panic. e4d73c56cd0 Implement consistency checking 4c6971007be Refine logging levels in Job, IPAM, and ReplicaSet controllers. 92aeb63a5be Handle optional value-types with defaults f1674543718 remove feature gate AdmissionWebhookMatchConditions that was GAed in v1.30 8195f82fe82 remove AggregatedDiscoveryEndpoint that was GAed in v1.30 141e98ed050 Add comments to FunctionGen 989d68d7577 chore: update DeclarativeValidation featuregate 03f0475ebd2 Add Complete reason verification to all e2e conformance tests 8a20e908398 [FG:InPlacePodVerticalScaling] Drop 'Proposed' resize status 3460b2238eb Disallow optional/required on non-pointer structs dcbfe67b1ca Prevent usage patterns we don't want to support 3d2d8db8350 Add option to explicitly enable future gv or gvr in runtime-config. 8eb90fe136d Add CoveredByDeclarative to field error struct 628d107b619 Switch cluster trust bundle e2e tests to generic alpha feature + feature gates 9828ad64da4 e2e framework WithFeatureGate adds [Feature:OffByDefault] (when passed a feature that is not Default) 819cb8fe22f Add emulation forward compatibility into api enablement and RemoveDeletedKinds. 46ac2af06a8 Fix validation test for ReplicationController 6d0b6278cd3 Rename some allocation.Manager methods d4444dd5986 Use actuated resources to determine resize status 660bd6b42d1 Track actuated resources in the allocation manager af9ac325b13 controller sets observedGeneration on pod conditions 42abc2a73b9 Mark StatefulSet's .spec.serviceName optional 4deb4f2b5f0 Trigger rescheduling on delete event also when unscheduled pod is removed 80f4f62ea86 hack: fix shellcheck 77758c185b1 hack: verify to verify-golangci-lint.sh 67f0e95b3ac hack: fix text a9d558de263 hack: verify golangci-lint config, update text 89440b1239b DRA: integration tests for prioritized list ccb607f06b9 Unify ListOptions validation between cache and etcd dbf780a48ae authn-trust: don't react to target CM updates aab083972db fix handle terminating pvc when kubelet rebuild dsw ce163947aa6 fix a flake of TestRoundTripTypes: for FirstAvailable[].AllocationMode 085d23388ad Mark VAC roll-forward test as flaky dc806188177 Use SetFeatureGateEmulationVersionDuringTest() for testing ServiceTrafficDistribution feature-flag disablement in control plane components 4e317265c77 Remove usage of ServiceTrafficDistribution feature-gate from kube-proxy packages. 2492eddd20b Bump ServiceTrafficDistribution feature-gate to GA in 1.33 and set LockToDefault=true ca43bb17190 Run 'make update' 0d0b81b9375 Update trafficDistribution API spec docs for GA graduation 770ce2d874b Better handling of YAML that tastes like JSON f08e640b9e2 Lock down gofuzz in deps 0ce4268b1fe Vendor randfill e54719bb667 Use randfill, do API renames 6798e2d8635 Add time to extra-pkgs for validation-gen 8c98dee1edb Add utiliptables.NewDualStack b0312589692 Improve utiliptables error handling when there's no iptables binary f1d0eb4fe47 Add a unit test for utiliptables.New() 9c98d297953 Remove exec arg from utiliptables.New e5e76d7c7ce chore: Fix incorrect AppArmorProfile.Type marker 3f5d30543d8 Add integration tests for using SAR with node audience restriction b09ca8c2c84 Use SAR to allow dynamic audiences for node audience restriction 97a54dc4b04 update to v1.22.0-rc.0 337f1c211d3 Build etcd v3.6.0-rc.2 image 41469004282 Add normalization support to CEL semver library, enable in base env 7316d831377 Add warnings to all IP/CIDR-valued fields d4c55d06cfa Export endpoints, endpointslice, mirroring controller names 610adebdb75 Add utilvalidation.GetWarningsForIP and .GetWarningsForCIDR 34717000dae Split out IP validation functions into their own file 5e067b6781c Minor IP/CIDR validation cleanups/fixups b62503dd66e Remove a dead error check in winkernel f001b3916d4 Remove a stale comment in metaproxier.go 303593cafe1 Fix some pkg/proxy comments b5e9a8262e4 Remove exec arg from utilipset.New 36f5820ad15 Remove some unused proxy args/fields 13f0449e4ca Fix up kube-proxy import ordering/organization. 834a0d92cfa hack: fix settings for forbidigo linter c510b93d28f Add tolerant parse option to semver fabd449d7fe fix typo e1d3aaf8612 Return correct error upon websocket message read failure 325a54f73dc ./hack/update-codegen.sh d6ea91cf93d client-gen/fake: pass ListOptions to Watch method dfb8ab65210 DRA scheduler: fail in PreFilter when DRAPrioritizedList is disabled and used 0a32e7d6e79 make sure that container is running when execute kubelet exec command d76f40d2f39 fix(scheduler): skip best-effort pods in BalancedAllocation PreScore 032b05114c7 chore(scheduler): add filter integration tests for missing part plugins: TaintToleration plugin 9765fe4abb7 Add all extra_pkgs needed by main API types to validation-gen 0140842add1 update testdata for roundtrip and client tests 701b76f10d7 pod gc controller sets status.observedGeneration upon pod failure 40e7d88f022 Kubelet sets pod.status.observedGeneration behind FG 749f03a49fe Gradeate Job SuccessPolicy to Stable 6f1f7beff3a sort client-gen output 20230f22514 Fixing unit tests in k8s.io/kubernetes/pkg/volume/util/subpath on Windows bb3ba9d073f Preserve old observedGen if incoming attempts to clear it 12d34624ba4 add observedGeneration to pod's dropDisabledStatusFields 6edd9217469 run 'make update' eab9197d1a8 Add observedGeneration and validation to pod status and conditions 6645022d8bc Update status before returning err b345f64c767 Skip test if cri proxy is disabled or undefined abdc760ba54 call dropDisabledPodFields from pod status strategy 46c09d30178 add more uncore test cases 919e8a62e9c uncore: more testcases 5a7697dfe0c Fix unit tests for volume ownership 15cb82b3b3f Separate compactWatchCache from increaseRV 2fc3cd90b15 Store pod backoff expiration time in QueuedPodInfo 5917343e457 Parallelize lease candidate ping 627bfbdfdf1 windows does not support sleep infinity a1cfb13099d we no longer need to track the go version in staging/src/k8s.io/kms/internal/plugins/_mock/Dockerfile ed326fea133 Always report pod status resources consistent with the current pod sync 0e7e025c599 use kube-cross to build kms plugin a3009258dac fix dockerfile warning 4d7f6eadf10 kms-e2e: use setup_env / respect GOTOOLCHAIN 97db9a7843a feat: Add flagz endpoint for kube-controller-manager e2505b0d27c Update OpenAPI c597cc1f309 Allow OpenAPI verification to pass both with and without strict alpha handling 0a9f492eedf Fix up ErrorMatcher from feedback e6cf9dd1663 Pass storage.ListOptions to WaitUntilFreshAndList 796690637d6 Propagate error when creating CustomResourceStorage instead of panic'ing 4001c819f09 fix b88f026053a Implement tests for encoding collections in Proto 7a84e7630f9 Run lists tests in subtests 5ecddb65715 update to latest cadvisor @ v0.52.0 8202b791e96 Job: Use jobSuspended util for suspended detection 32fd0de21c5 tweak 8e4b00e9494 use Cleanup instead of defer 186e6ee2bd5 Debug latencies in request handler 8fac9c68e18 Change allocation manager pod UID to types.UID 3a80473cda2 CHANGELOG: Update directory for v1.33.0-alpha.3 release 4f7ce7513e2 chore: migrate logging featuregates to versioned 04129d1dc82 node: metrics for alignment failures 4fda41c6509 Update base image for addon-manager to fix a build failure. ffc1b32c660 Add declarative validation utility for use from strategies 5ff334a1589 Add declarative validation to scheme c4ea350ef66 Add "endpoints.kubernetes.io/managed-by" label to Endpoints 41577dea1b0 delete opIndex wrapping 33bf509eb06 Use CamelCase for memory manager policy name check in InPlacePodVerticalScalingExclusiveCPUs 6975572a801 Add missing increments of queue_incoming_pods_total metric in scheduling queue 96bae53a375 Promote SELinuxChangePolicy and SELinuxMount to beta afb4e96510f Expose NodeInfo to Score plugins 94471a5c5cf feature(scheduler): add more requeue case for CSI plugin when the VolumeAttachment is deleted cb5c8d159c8 Don't automatically clear in-progress status when resize is not allowed b0621e6955d Update CHANGELOG for addon manager v9.1.8 9598e5a1a57 Mark the feature gate on by default since it's a security fix. 523a19aa44e Extract isInPlacePodVerticalScalingAllowed to shared function 460db5c1372 Always use allocated resources for pods that don't support resize 6df3ea46d92 Never attempt a resize of windows pods ca9734afaa7 Add third party strategy to the coordinate leader election integration test 074d9653b14 Bump addon manager kubectl version to 1.32.2 ea3fa1c5196 Add e2e test for MutatingAdmissionPolicy. 8bb597c0d24 Clean up some confusion around TrafficDistribution metrics fdddd8d18c9 Port k8s.io/endpointslice from utils/pointer to utils/ptr 526960f9885 Change FailedScheduling Event message to be more intuitive a2f47e6586f Add validators: immutable 63050550c35 Add validators: optional/required/forbidden 31f46372170 Add validators: eachkey, eachval, subfield b5f9a00258e Add validation-gen core tests 8c41bdf05b1 Add validation-gen test infrastructure 3210f46b5b0 Add validation-gen to codegen scripts e892dfac7d5 Add validators: opaque c1f9e6b8eed Introduce validation-gen 7f5e1baeeea Bump gengo/v2 to latest 9a843790a30 Adding tests for consistency a94403e9429 add BytesToXConfiguration function 77647cdfc3e rename SplitYAMLDocuments function 2d8d972cb85 Add warning logs for uninteresting kind 6a59c98a9e8 distinguish between YAML and JSON file formats during log output 09427ab5586 Update test/e2e/network/netpol/network_policy_api.go bb79c29dd51 remove feature gate RemainingItemCount that was GAed in v1.29 3842d74d97d restrict trace context propagation to system:master and system:monitoring f8b080a4be7 Update test/e2e/network/netpol/network_policy_api.go 2f6f8d083e0 Update test/e2e/network/netpol/network_policy_api.go 438d496555b Add test for ReconcileConntrackFlowsDeletedEntriesTotal metric e5ad4a18781 e2e network policies test support network policies with finalizers da987eb762d Wrong matcher - use BeNil instead BeEmpty 1e64a890385 Reduce number of (versions of!) images we pull in our e2e tests 29c219dcebe update go.opentelemetry.io dependencies to v1.33.0/v0.58.0 05a90bf642a Revert "Add LeaseCandidate v1beta1" 1a1b566d61f Revert "LeaseCandidate alpha -> beta," 71622aee49d Revert "generated" d5c072117db Clarify host_port field in CRI 2c062117d00 fix lint 2bed3333bc5 fix lint error 75b09b40540 separete runOp df9d5f0bf8b Clarify ordering requirements of client-gen --input e43de183cf1 conntrack reconciler must check the dst port 7fcaaa08ee9 Run make update e2d1fcc1628 Addressed comments 3d318b57e30 revert the old loop to check if the node is rebooted 7555cbca90f DRA: Updates the e2e tests for Prioritized Alternatives in Device Requests 36d8a44b9c3 DRA: Update controller for Prioritized Alternatives in Device Requests 2229a78dfe6 DRA: Update allocator for Prioritized Alternatives in Device Requests cc35f9b8e8d DRA: Update quota calculations for Prioritized Alternatives in Device Requests a716095a8af DRA: Update validation for Prioritized Alternatives in Device Requests 68040a31736 Run make update 8f7b43b6fdc DRA: Update types and defaults for Prioritized Alternatives in Device Requests 0faebe30fdc DRA: Add DRAPrioritizedList feature gate for Prioritized Alternatives in Device Requests 0d7c9aa816e Prevent node-problem-detector from being scheduled on Windows nodes. ac0b30db6da Update dns OWNERS in line with kubernetes/dns f91105a77e5 fix prep and validation for pod subresource updates c8111709e56 Add an error matcher, convert 2 tests 052f1fe8203 Update tests 8a1057a804b test: sched: replace `pointer` use with `ptr` 486d12efc5f call cleanup func position change bee19638f19 tweak e7c743b2ebf Streaming JSON encoder for List a86cca4e185 Improve error reporting of KCM metrics f9051901cee client-go certificate: context-aware APIs and logging 6b7e38f0180 Fix nits from PR 130355 c7cf852086c test: Add Origin field support to ReplicationController spec.Replicas validation test 07477c656e7 test: convert ValidateEndpointsCreate to use error Origin field in test f63359efb03 fix(pod/util): typos in getting pod validation options 5eb37b073c6 Fixing k8s.io/kubernetes/pkg/util/filesystem unit tests for Windows 3010618efee feat: add DeclarativeValidation and DeclarativeValidationMismatchMetric feature gates c3de5b707e2 Do not look for SSH external IP for NFSPersistentVolumes tests 2d10dec3a29 generated ac7a95efb09 LeaseCandidate alpha -> beta, 0fede7b8a2f Bump x/oauth2 and x/crypto dca3f56f64b Add e2e test for topology manager with restartable init containers fad4594fd9f Add LeaseCandidate v1beta1 038b90d475e return error instead of fatalf fb3b163ca0b Ensure we switch to k8s root directory for dockerized builds during e2e-node ci job b7c80f7f159 Fix implementation of ContainsCIDR to allow non-equal addresses f2e8fe93fb5 Fix bad CIDRs in a NetworkPolicy test f73f6fd2ab5 client-go/gentype/fake: sets opts.Watch true cc0faf086d7 [kube-proxy:nftables] Skip EP chain updates on startup. 65c792ca9ba e2e_node: remote: fix getting pod logs e5becd01c84 correct ResyncPeriod comments 28d359beec1 promote HonorPVReclaimPolicy to GA a4885091974 test: Improve error comparison in resource validation tests 02f7dc55d16 feat: Add Origin field to Error and related methods 94f3b552bf3 Fix linter warnings b0dc96e71ec Add unit tests for progress tracking and remove fullpath from reporting 20cecaee97f Add Watch to controller roles (#130405) d44ac38891c Promote e2e to conformance tests for JobBackoffLimitPerIndex a91ed902fed Graduate Backoff Limit Per Index as stable 5942cd81382 Added tests for log file modes and compressing unknown log error conditions. f214d8e27a0 delete unnecessary init 650db7fab97 golangci-lint: temporarily suppress known issues in the code base 45b323d6a5f use Cleanup func e8b9d1d93f8 feature: Added filter integration tests for missing part plugins: NodePorts plugin 2472f4965fe Implement chunking for gzip encoder in deferredResponseWriter 239aad8e4b2 chore(scheduler): use framework.Features in scheduler plugins 168c338f7cb Remove limit support from btree store 43509b63d76 Bump hack/tools to github.com/golangci/golangci-lint 1.64.5 for go 1.24 8090db5dcfd Switch to private instances of rand for seeding for tests 88300c406b9 bump go.mod to set min go1.24 597b54720e1 Bump images, dependencies and versions to go 1.24.0 fea89f25d1b Move GetCurrentResourceVersion to storage.Interface 4205f04ce35 Replace uses of reflect.DeepEqual with cmp.Diff in pkg/scheduler tests bed838955fa Removed parallel execution for test/subtest where AllocsPerRun is used 4c635ecf825 Rename CacheProxy to CacheDelegator 3c9cc93dbcc Bump etcd v3.6.0-rc.1 image eeabc3ac6c4 selinux: Ignore pods with Recursive policy d66928b842a Add Job e2e for tracking failure count per index (#130390) 740db0f01d9 Move watch progress to separate package. 145bc8a2ccf chore(kubelet): Use ptr.To to replace the custom function unit64Ptr. 04f0bd4e83b storage/cacher/ready: dynamically calculate the retryAfterSeconds eb0f003d252 Fix a bug where the `ResourceQuota` admission plugin does not respect ANY scope change when a resource is being updated. i.e. to set/unset an existing pod's `terminationGracePeriodSeconds` field. f7c17992973 Handle returned error as placeholder variables for now fbce6bd6107 Fix typecheck errors b51cbb1d17c Change plugin interfaces to use progress monitoring 32752fe395a Add recommendation for using OnRootMismatch 49dabe56d04 Monitor progress tracking for permission change f484ae5bcbd Fix kernel version check condition in nftables proxier ae991725b79 e2e uses websockets by default for portforward 071b1bd839d e2e test use websockets as default for exec operations a97c6a70451 Added the mergeDefaultEvictionSettings Kubelet Config 4c0b24b06d4 e2e_node: eviction: fix ImageGCNoEviction test d02401dea92 start setting pod metadata.generation 2de2093bcef Add snapshotting of watch cache behind a feature gate 0f24b9ff451 Split backoffQ into backoffQ and errorBackoffQ in scheduler 059dee36f84 Allow ImageVolume for Restricted PSA profiles Stop referring to ImageVolume as an unknown type during pod security admission validation. Avoid restricting ImageVolume for the Restricted profile, as users who can create a pod with a certain image should also be able to use ImageVolume with an image. 2173a0fafd4 Add watch cache capacity upper bound adjusting logic 56bd8d86a58 test/integration: use default API groups in test apiserver cf70b06e376 e2e_node: improve logging for eviction test b56d30e32a5 fix flaky test: Subpath Container restart should verify that container can restart successfully after configmaps modified d92c70b8269 enable go-required check afa266d7ef9 remove genernal available feature-gate AppArmor 2feecd46bdb [e2e/node] update base image from busybox to agnhost c2afe4909d0 fix copyright year de51ce79c01 ./hack/update-vendor.sh 3ae5312c97e Generate register files for all examples fb11415a690 add simpletype pkg in v1 for register-gen test e9c47f86018 Add codegen::register to hack/update-codegen.sh dc4fce61ce6 Add missing imports in register-gen bc4ae15d77b fix wrong assertion on tests a933481f797 use const rather than string in cgroup_v2_manager_linux.go b1f6cfcfae0 change defer order to pass test a20a959b2c0 hack: split up test-dockerized.sh 86f504284c1 feature(scheduler): add queueinghint for volumeattachment deletion f540197768f chore: add more error info for validateResourceSliceSpec ddd4c56893b Fix pod resize E2E tests after forbidding memory limit decrease 1f642c79c31 Drop winsymlink go 1.23 workaround 237aadab89b [hostutil_windows] Remove unix workaround 2a32b213723 [test] handle ModeIrregular in getFilePerm for Go 1.23 b9f6013c12c fix: handle socket file detection on Windows dfc8b271cf1 [kubelet] Make use of os.ModeSocket info 9492a2ca9ba DRA: add dedicated integration tests 9024140468e Cleanup allocation checkpoint failure message fe4671356c0 Call allocationManager directly 2418b54ee2a Revert "Add random interval to nodeStatusReport interval every time after an actual node status change" f904c6f46c0 fix e2e 1289f43f73f Build etcd v3.6.0-rc.0 image 034285dc477 Test continuations and exact revision LISTs 0f40600b316 add e2e test to reproduce unexpected unmount after kubelet is restarted e1b3c8fd9b4 Add e2e test 06fa6158a06 Update namespace deletion process when feature gate `OrderedNamespaceDeletion` enabled. 7098221ae54 Fix TweakContainers comment f1612003ff0 Fix the node reboot validation failure 4e651addd8c Add statusz endpoint for kube-scheduler e986217c217 Update Generated API Code d5c804b14db Remove Flagz feature-gate check before populating serverRunOptions.Flagz a49b336e83e test(statefulset): return errors in framework function GetPodList for upstream handling 92cc680c8ae Fix SelfSubjectReview test to decouple beta and GA types from the same apiserver 2636aa35e3b Require canonicalization of NetworkDeviceData IPs ec66befdcb2 Fix dup word in API doc 8ee35583912 node: topology-mgr: resolve lint errors 9e1d6d5cdc1 node: topology-mgr: Add logs in the happy path 04b048dcec6 flake(scheduler): fix allWaitSchedulingPods data race failed f9e7b15c001 ktesting: add Run c2ad724e9a1 ktesting: add Parallel 9a795c31fa3 remove release-1.28 config due to EOL 98fd7b4deac update publishing rules for rel 1.29/30/31 to use go1.23.6 764e13e27ae Refactor TestList and validate continuations to allow testing pagination and more exact RVs in the future bf63e0046cb selinux: rename allMetrics ee36b817df0 events: ensure the name is valid ff69b5bcf37 generated bdf2e2d0646 Fix non-recursive list should also read RequestWatchProgress feature when consistent list from cache is enabled 9e27ae27258 Remove gate for leasecandidate strategy 4cc32f817a1 Remove cloud-provider arg for kube-apiserver in local-up-cluster.sh c186de00809 Fixing k8s.io/kubernetes/cmd/kubeadm/app/util/staticpod unit tests on Windows 697293906a8 Fixing k8s.io/kubernetes/cmd/kubeadm/app/util/dryrun unit tests on Windows 97cb563cae0 Require auth for all new Kubelet endpoints 2b1b20b3b15 Fixing k8s.io/kubernetes/pkg/proxy/winkernel unit tests 993f3c361f2 Fix DRA flaky test for ResourceClaim device status 21f899596ef Promote AnyVolumeDataSource to GA a0a226d1584 integration: svm: wait for CR to be stored as v2 after CRD v2 switch 80966ce5c44 integration: svm: use consistent path args pattern in etcd fetch functions e1557f80a2a integration: svm: use k8s ktesting package for test ctx init faf5b3ec765 integration:svm: refactor utils 293a6c5c916 fix typo: optimitically -> optimistically 553e9bf84d1 adjusting loopback certificate validity in kube-apiserver 99881453838 Ensure that btree threadedStoreIndexer implements orderedLister 3d007532e0d Introduced additional log formatting to windows kubeproxy. faf6dc13134 Add retries to runner.List() b6f49d0728c Add retries to conntracker.ClearEntries() 90a42e0dc04 Add retries to conntracker.ListEntries() 84ec78ede71 Extract pod allocation manager from status manager 81e54a2a016 Move allocation state out of statusmanager 3100bbab2f7 Update gorilla/websockets library from 1.5.0 to latest 1.5.3 72b404f6aad CHANGELOG: Update directory for v1.33.0-alpha.2 release 3f4ef42e9a5 Move PodResizeStatus cache out of allocated state d3eb639313e selinux: add tests for SELinuxController e15fd43d812 test(network): replace calls to e2erc.RunRC with Deployments in service latency tests cd0df9786ea test(network): replace calls to e2erc.RunRC with Deployments in service proxying tests 7deb49e3a60 Revert "Enforce the Minimum Kernel Version 6.3 for UserNamespacesSupport feature" a2eeec5c5a7 Revert "Switch hard error to a WARNING for kernel version check" 9315ddbb650 kubeadm: fix panic when no UpgradeConfiguration was found in the config file de984ec9b92 Update kubetl subresource to stable 992c8e9479d selinux: explicitly specify NodeMetrics in function names 7d5f3c57230 [kube-proxy:nftables] Read map/set elements on setup. 26fe6bc6e09 Add tests for encoding collections in JSON for KEP-5116 323410664c4 e2e: node: cpumgr: check CPU allocatable for CFS quota test bb49a05fb5a fix: adopt go1.23 behavior change in mount point parsing on Windows 004c5f5a398 chore: remove unnecessary check for node is zero 45e2f3e438e Add a test to validate deferredResponseWriteron multiple write calls a36f64e0743 Add more log information to help debug flake #129779 a70b6b9105b Add lock for csiNode update 2050d6fc696 selinux: add a new SELinux translator to the controller 3b7926824ec e2e_node: Don't use userns in DefaultPocMount tests 5d726e32c4d remove duplicated test on configmap volume c48499d3604 fix ci 2382c0125b3 remove Removed generally available feature-gate DisableCloudProviders and DisableKubeletCloudCredentialProviders 29e5d429797 kube-apiserver: removed the deprecated the `--cloud-provider` and `--cloud-config` CLI parameters. Signed-off-by: carlory <baofa.fan@daocloud.io> 438df173e32 kube-proxy: metric to track entries deleted in conntrack reconciliation fcce8aaad8a workloadExecutor's member use value not pointer e353086e6ad test(network): replace RCs with Deployments in util function StartServeHostnameService bdd83038e83 kube-proxy: metric to track conntrack reconciliation latency 98d600bef94 test(network): replace RCs with Deployments in util function CreateServicePods 6b16f051484 modify SchedulerCacheSize field comment because it will be removed at v1.34 e52274a9e2e Don't allow resize policy mutation 7a1b2aea741 fixing k8s.io/kubernetes/pkg/kubelet/apis/config/validation unit test failures on Windows a1595d9dca7 Don't allow memory limit decrease unless resize policy is RestartContainer f6090185a80 e2e: fix node conformance flake 0ce48b56368 Honor KUBE_HACK_TOOLS_GOTOOLCHAIN 6d58125111b Bump KEP-4427 : AllowRelaxedDNSSearchValidation to Beta dc59c0246fb proxy: should add PingPeriod for websocket translator 844c2ef39d2 e2e: node: cpumgr: cleanup after each test case f5e86dfea65 Deflake the PodReplacementPolicyFeatureToggling Job integration test 5e6611af559 fixing various unit tests on Windows that create abstract sockets by now having them create file-based sockets on windows/darwin 453e22a1667 Remove unused service account creation from node_authn.go 36c6c7778b4 Use `sudo` for dmesg in hack/local-up-cluster.sh 83595f500a4 NFTablesProxyMode to GA ca8a0f5f1be separete sleep func 6d291ddc21b fix lint a9ee6bdf81a use *e.tCtx cc87cb54ab7 delete unneccesary define 3ce36b3b3ce rename doXXX to runXXX d202a683f54 rename workloadExecutor member name c40e69bb4cc remove double comments 3725c6f7650 pkg/kubelet: Make newTestKubeletWithImageList allocate a userns manager 96c2b81670c features: Enable user namespaces by default 447c74ca2cb DRA E2E: fix race between container start and check 4724870b971 test: remove implicit inclusion of "name" label in utils functions d6a6dda2fa7 KEP-3857: Recursive Read-only (RRO) mounts: promote to GA 2642d8222d8 CHANGELOG: Update directory for v1.32.2 release 976eae5ee7c CHANGELOG: Update directory for v1.31.6 release fc219cd3843 CHANGELOG: Update directory for v1.29.14 release 08ea6ca8da2 CHANGELOG: Update directory for v1.30.10 release 93a88f55182 GetRandomReadySchedulableNode nerver return MetricsGrabbingDisabledError ec165ca5601 fixing k8s.io/kubernetes/pkg/kubelet/eviction unit tests on Windows df1e9eeeb8c skipping InPlacePodVerticleScaling unit tests on Windows 569eb41f238 fixing k8s.io/kubernetes/pkg/kubelet/cm/memorymanager unit tests on Windows f8728b62228 Bump konnectivity-client to v0.31.2 dbb34a04cc6 Reduce the number of processes used in e2e to prevent unexpected OOM b9cd017a214 Fix intermittent test failure b346ac0f8e0 Limit ResourceQuota LIST requests to times when informer is not synced def95202175 node: topology-mgr: Add metadata to logs f2f4634bd35 Add LegacySidecarContainers feature gate 54e2416210b update sig cl owners in k/k da2f36be583 remove NodeOSDistroIs from test/e2e/framework/pod 358afb38f59 update publishing rules to use go1.22.12 for some active release branches c83a5e0ad2b HonorPVReclaimPolicy: add more e2e tests e31a3989fcf Make kubelet always canonicalize the PodIPs 6512de76ce3 Make EndpointSlice mirroring controller always canonicalize the IPs it writes out 29be52b3f70 Make EndpointSlice controller always canonicalize the IPs it writes out 7259742e233 Make Endpoints controller always canonicalize the IPs it writes out 26fe80855d1 Update build/pause/Makefile faa23642f51 Bump windows pause image base to mcr.microsoft.com/oss/kubernetes/windows-pause-image-base:v0.4.1 1bd3d34d6f9 Remove some dead code in the Endpoints controller eaab9081955 Mark v1.Endpoints deprecated in the API fc3e649ef4d make update 2a903dd7a3a Mark v1.Endpoints as deprecated in the documentation d3feb5080c1 Update websocket logging levels for better debuggability c7a90b670c4 Introduce kuberc as new flag to customize defaulting and define aliases in kubectl (#125230) f75965e5d9b aim to fix runtime class error 1c5170ff528 disable cfs quota when exclusive cpus allocated per static cpu policy requirements 437cd38e19a add feature gate 953954168c9 Modify how to check the status 0c68aa6a35f test(network): fix jig deployment scaling d728eb47dc5 test(network): replace RCs with Deployments in util function jig.Run ab02cda1683 make error consistent 8a797e42e12 resource metrics e2e tests: expect swap node and container level stats 676116359db Scheduler: update the error log 464fd0765d0 test(network): replace jig.CreateRC with jig.CreateDeployment af3b9e613d3 reduce dependencies in apimachinery net testing utils 938b5f82620 chore(scheduler): add more log info when no preemption candidates is found in preemption 297b35873fe use workloadExecutor 4facb872247 kubeadm: update preflight check 445183a31fa nominate myself as an approver for storage e2e tests 479f9cd898d can pass all testcase 8ee64ba6b54 Bump images, dependencies and versions to go 1.23.6 and distroless iptables 819bf72b0c2 Remove feature disablement ConsistentListFromCache in update openapi script fff99141581 Fix the flaky Job test: TestSuccessPolicy_ReEnabling dc51c81751a kubeadm: update v1beta4 docs 523ed5498e1 Fix comment for FailIndex as JobBackoffLimitPerIndex is beta b30944b0715 chore(dra): move pool validity check to the beginning of pool processing 5d278c138c0 fix labelvalues for scheduler-perf b1d72a5b7c9 test: Add emulated-version flag verification in flagz test c8804bff6d1 fix: flagz endpoint to return parsed flags value 8ab075578a5 feat: promote CRDValidationRatcheting to GA ee25fed97d2 update publishing rules to use go1.22.10 for some active release branches d195ea8756d fake/clientset: improve TestNewSimpleClientset 46ff62d6e49 Run ./hack/update-featuregates.sh 9ebe4422a98 Add support for Debian and Ubuntu 533a1211d30 Add completion in kubectl debug 6971779d0dc pkg/proxy/conntrack: refactor log levels for conntrack cleanup 07c279d06bf bump netlink 7edc7fbd47e kubeadm: add --etcd-upgrade flag to kubeadm upgrade plan dbefbd593ed remove unnecessary unnecessary 03b59d8eef2 propagate context 88410368cd5 test: fix a typo 0907f745a0d Add the feature gate `OrderedNamespaceDeletion` for apiserver. cd9fc8bc71f Enable ServiceAccountNodeAudienceRestriction feature gate by default in v1.33 5738ee4def9 Disable ServiceAccountNodeAudienceRestriction feature gate by default in v1.32 62809dd0de9 node audience restriction: use csi translator to convert intree inline_vol/pv to csi ecd67e25373 node: memory-mgr: Adhere to the message style guidelines d6c50c391d1 node audience restriction: add unit tests to simulate intree inline_vol/pv to csi failure f4496974573 node: device-mgr: Adhere to the message style guidelines 40c86d8e064 node: device-mgr: Ensure consistent use of named arguments 19e406a3574 node: device-mgr: Update klog.Infof(..., err) to klog.ErrorS(err,...) 9cd041156fb node: device-mgr: Add logs in the happy path a585bd74c48 node: device-mgr: Keep log level consistent across all gRPC calls 4b613ae96fe node: device-mgr: Bump log level for expected skips 584e224b431 node: device-mgr: Add metadata to logs a10b3c35559 node: memory-mgr: Add logs when memory allocation is skipped due to QoS 6240febf4c5 node:memory-mgr: Add logs on the happy path ee7f2616c62 node: memory-mgr: Update klog.Infof(..., err) to klog.ErrorS(err,...) 07d83acce56 node: memory-mgr: Update log levels and add logs to capture state update 34fd61a3ef1 node: memory-mgr: Add metadata to logs 7997c93cfdf node: cpu-mgr: Adhere to the message style guidelines ca2c46a2730 node: cpu-mgr: Add logs when CPU allocation is skipped 01a546fe53a node: cpu-mgr: Add logs on the happy path 14c0bc19ac2 kubelet: improve allocated resources checkpointing b05d56e5a54 Fix pod worker and prober log message typos 46a17f60e4d E2E node: fix --timeout default 8fc3a33454b Refactor compatibility version code e54be1e1337 CHANGELOG: Update directory for v1.33.0-alpha.1 release 8bd4e1bab22 Update test/integration/serving/serving_test.go 6c093b1699e kubeadm: fix dry-run for kubelet-wait-bootstrap phase 065bf2004d2 Deprecate WatchFromStorageWithoutResourceVersion 20fbdeac96e kubeadm: fix upgrade to be able to rollback ControlPlaneLocalMode bb36212342e kubeadm: Promote ControlPlaneKubeletLocalMode feature gate to beta b1ad53c5331 Disable StorageNamespaceIndex feature gate when BtreeWatchCache is enabled and deprecate it c5f66bfe70b Add statusz endpoint for kube-proxy 8431aa75390 Use %w to format errors and fix lint error. 3de770d5985 Use uncompressed kubelet log file permissions when compressed. 1a8d8c9b4a3 client-go watch: NewIndexerInformerWatcherWithContext -> WithLogger e1ab6073ab1 Add more tests for optional. 3701e393279 fix: remove the mention that DRA uses Pending 8a3d0d68a20 Update the env option. 7b1c7c639ef Fixed the estimated cost for opt map. c1e0443232f Bump cel-go to v0.23.2. 0ca45bd4f80 Bump images, dependencies and versions to go 1.23.5 and distroless iptables 5281152f077 feature: Added score integration tests for missing part plugins: TaintToleration plugin e2ff03486d1 scheduler_perf: add thresholds to DRA test cases 949385731f5 golangci-lint: remove "strict" checking 8d27bf2108c Leave TODOs in pkg/kubelet/kuberuntime for later removal 0bee0bcaa7d Promote SidecarContainers feature to GA 81f09811cad Fix kubelet_authz_test.go e0f548183c4 Graduate BtreeWatchCache feature gate to GA 4a5bbc4c159 Flip SeparateCacheWatchRPC feature gate to false and deprecate it. f6b527cb54e Additional timeout to receive all watchEvents 4619a89ebaa e2e: expand error conditions when test-ing port-forward 0d5d714c2a6 Fix the remaining flaky integration tests in Job controller da5a76bd396 Fix flaky test for container life cycle f7df3ec07fa move log restored state to better location. 829fa63b5b1 DRA: fix allocation mode `All` e766b04ade9 node: cm: use maps.Clone instead of reinvent it 8cc74e8a266 client-go informers: provide ListWatch *WithContext variants 6688adae142 client-go + apimachinery watch: context support 274ad0391fc Add scheduler_perf test case for default PodTopologySpreading constraints 71b91148409 kubelet: Migrate pkg/kubelet/sysctl to contextual logging ce7d2130ad3 Fix kubelet_authz_test.go f891092b87d Add the check of node rebooting in windows rebootnode test a9aab298b47 switch to using the real FIFO 24b43ea96ec make a real FIFO implementation 424c7ca7e58 Remove unused ClearState function b7fd30c8712 update generated docs 8f11a3b3679 WIP: fix the flaky Job integration tests 7936d64e037 Replace IsExternalSigner boolean with ExtendedSigningDuration throughout apiserver to ensure consistent token signing length between local and external token signing. 1b0ad78718e fix ab80d577321 Try to clarify EndpointSlice semantics some more f310ac03f45 kubeadm: graduate WaitForAllControlPlaneComponents to Beta 82f0303f899 node: e2e: Remove flaky label as device plugin reboot test is deflaked 0c34b706b28 Revert "kubeadm: Promote ControlPlaneKubeletLocalMode feature gate to beta" 9ac25f1d9ed update of CRI API readme file bde75d60200 chore: use NotFound error for missing components 8c80d384b2b feature: add scheduler queuesort plugins integration test ed826dddfec fix(dra plugin): when there is no resourceclaim, return directly 8a0937c0346 feat: add a lint rule to prevent Add unversioned featuregate 509bbed0985 Add a test ensuring all /scale sub-resources return table b04e1b80be8 kubeadm: use the v1beta4 EtcdAPICall timeout for etcd calls 1fa995224aa Update scale sub-resource to return the same error everywhere 9d893aed0c7 Use GitHub release for downloading `crictl` 601c0e359dc cacher: decrease the running time of TestConsistentReadFallback cfd6d9a2b44 cacher/cacher_whitebox_test: newTestCacherWithoutSyncing allow passing a clock 88090c49732 prevent deletionTimestamp from moving into the past cfa0349159b Update validation code c31b1b3332f Resolved some review comments c479f007d84 Update field to use feature gate ab964a776c8 Fix e2e tests failure 5889da1bbc7 Resolved latest review comments 242dec3e341 Updated some unit tests and resolved some review comments 5ed5732fa22 Refactored status manager code of updatePodFromAllocation 8fa8277908a Added some unit tests 2ba61325f69 Fix e2e test error due to ContainersToUpdate map not created 9a5c57817a0 test: pod-resize tests for sidecar containers 6c5cf687229 Resolved latest review comments 6cf5b80c644 Fix some unit test error 1cf45872773 Fix build error 1eb966cb455 Added unit test for sidecar containers in TestValidatePodResize a0d3cb0a2c7 Added proper validation msg when non-sidecar containers are resized 591b0f547ae Fix issue of pod spec mismatch if there is any non-restarble init container present 5d5e903e27b Revert e2e tests added for sidecar 3885d2f8abc Added sidecar support in ValidatePodResize and dropNonResizeUpdates cdddaed8419 Added sidecar support in and 34ddb91f187 Fix some unit tests error 0e392f90170 Disable e2e test for now d1fac494f4d resolve merge conflicts 5742f3deeb9 Cleanup running dmesg process in `local-up-cluster.sh` b3e1d57339b kubeadm: Promote ControlPlaneKubeletLocalMode feature gate to beta 617c0944354 Add an e2e test bd8dee96379 Improve Goroutines metric calls in parallelizer.Until 54500bfe692 cadvisor_provider, unit tests: ensure container-level metrics are collected ceeba21d3d0 cadvisor_provider, unit test: Add swap stats to cadvisor CPU and Memory stats c1112666098 cadvisor_provider, bugfix: Add swap stats to CPU and Memory stats e6c19f315f9 cri_provider, unit tests: ensure container-level metrics are collected 748b52a1308 cri_provider, bugfix: Add cadvisor container stats a85f489b28d client-go/transport: structured, contextual logging 44ca3b36545 Passed context for Wait methods in integration test utils 659804b765c refactor runWorkloads 4e05bc20db9 Linter to ensure go-cmp/cmp is used ONLY in tests 3a780a1c1b5 KEP-2862: Graduate to BETA. 28896d2f90c e2e: bump port-forward timeout 013f65b2576 DRA: fix test-driver examples 7f766762d91 Updated Concurrentmap iter d3e8572d706 cluster ip allocator should check first on the legacy allocators 627e83c841f Passed context for Wait methods in integration test utils 27ec5de8638 chore(scheduler): improve log output for podtopologyspread filter plugin 156b9fbadc1 Bump kubedns and nodelocaldns to 1.25.0 38a21e06f5d fix: Fix the issue of relist caused by client-side timeout e263b878eef Deployment controller should count terminating pods in the status dc1914c61c0 ReplicaSet controller should count terminating pods in the status 28437797b52 update generated files and feature gates 14783b8a9bc add validation, field disablement and tests f7c46df6651 api: add terminatingReplicas field to ReplicaSet and Deployment statuses 067012f5844 `client-go`: transform `watchErrorStream` to wrap the underlying error (#129765) 2b24c518b04 Drop declaration of IP/CDIR type CEL variables 0b38e6cd9e6 e2e network: remove test for funny ips 87139335b0e Switch from using a function to just pure map in create token 3030b1dc6a4 Finish extracting ExplainFlags structure 06077806cab Add dom4ha to SIG Scheduling reviewers 91afef615ad Refactors explain command to split flags from options da999fbc1b5 Update CNI plugins to v1.6.2 and avoid using k8s-artifacts-cni bucket fdebfb44857 e2e log info on nodeport allocation failures f150016fbec feature: Make Unschedulable scheduler performance test parametrized with the number of initial nodes. 1065377f97e Revert "tests: include stdout of failed commands in JUnit" faf30b30679 update github.com/coreos/go-oidc to v2.3.0 84b8f181e4d Concurrentmap Iteration db3ae754b1d e2e network: adapt dual stack tests for endpoint slices only 69964319d14 remove GAed EfficientWatchResumption since v1.24 d889bd15bda DRA CEL: skip estimating the cost in the scheduler a78983906f4 Adding support for providing version for functions in kube_codegen.sh (#129658) b7386467c8d client-go rest: store logger in Result 7821abf2ae2 client-go/rest: finish conversion to contextual logging b15a1943d51 client-go/rest: backoff with context support 48fb886325f client-go/test: warning handler with contextual logging 9998a032b13 kubeadm: fix a wrong log message bda81f1b68e Kubelet server handler cleanup c56426bd9f6 node: device-mgr: Update klog.Infof(..., err) to klog.ErrorS(err,...) f8596d6d289 node: device-mgr: Change ErrorS(nil, ...) to InfoS c68fc01b774 return an error instead of recording a test failure c9e81cd84ca Switch to gopkg.in/go-jose/go-jose.v2 @ v2.6.3 0452ae402a5 Use cached calculateResource result when removing pod from NodeInfo in preemption c5fc4193bbe Fix pod delete issues in podresize tests 7712d34b9ee remove unrunnable tests from NFSPersistentVolumes 969ecabc0f2 Remove all references to v1.Endpoints from non-network e2e tests da5bf27bc57 Remove no-longer-used TestUnderTemporaryNetworkFailure() bae4122f56f deprecate nodefeature for feature labels 7266759b67f Nominate macsko to SIG Scheduling approvers 238c32a1d9b Remove cache.ErrRequeue 8e77ac00013 Remove Queue.AddIfNotPresent aaac13fc6a1 remove gke from e2e 09c82fc58a2 integration etcd storage test 8fcb4b5773a comment we keep storing v1beta1 by default to handle upgrades 3606d52cd6d make update 779b9cf90c7 update integration test b6c3dfdad5c e2e test for service cidrs 7721590b9e5 update controller manager 33ba5855340 update kube-apiserver bea17e14971 update internal API ad511cd249f update registry e340a07ccf4 update kube-proxy ddfc4d3e588 update text fixtures for rbac c26a5796fd9 update networking strategy e3b39758215 describe servicecidr and ipaddress v1 eeae7b3fc8f promote ServiceCIDR and IPAddress to GA 272f33de90a api rule exception for ServiceCIDR 68cae5131a5 server both ga and beta servicecidr and ipaddress apis 3b48b0627bf graduate DisableAllocatorDualWrite to beta disabled by default f97ff113fa0 graduate MultiCIDRServiceAllocator to GA 5cd7325cd7e e2e: expand error conditions when test-ing port-forward 7d02a18a645 add a comment to InTreePluginPortworxUnregister 03a3288ddde tests: include stdout of failed commands in JUnit 5ed3164d322 Update in-tree gcePersistentDisk tests e26fb1c393a remove duplicated test case of `pvc not found` e1fdced21f3 Put the target plugin names in the Qhint integration test cases aecf3238bf6 fix lint errors 8b4eae24ab1 Move some exec helper functions from framework/volume to framework/pod d3974065c8e Remove GetDeviceNameFromMount from HostUtils 612fcdaf737 add a comment for features.Flexvolumes 45529062e76 KEP-3836: 1.33 - remove feature gate ce9e398641b hack/ginkgo-e2e.sh: forward TERM/INT to Ginkgo 1d4acfb8822 Update EnvFromSource.Prefix doc to mention Secret as well as ConfigMap 25a6fa144f4 There is no need to set the worker to nil to avoid potential timing issues. 110868691b2 node: cpu-mgr: Update klog.Infof(..., err) to klog.ErrorS(err,...) b3fed900526 Remove unnecessary feature label Recreate 8d7aed698b7 remove APIListChunking which was GAed since v1.29 e68cc0a6eda remove feature label FSGroup 9898bfdbdae Remove unused test code fca697aca08 Add logic to check for new ephemeral containers on pod update and update secret cache if they exist. 92e35e7618f update credential provider godoc with unique provider name req 9a331bbf59c credential provider config: validate duplicate names early and preserve provider order 1fc514cfe99 Bump sample-apiserver test image to 1.32 2504c6e73ae Update VERSION to 1.32.1 for sample-apiserver 2cc3dbf2250 DRA CEL: add missing size estimator 1714fbfa754 node: memory-mgr: Change ErrorS(nil, ...) to InfoS dac6b34a618 kubeadm: improve message in 'reset' 4aeedcde3b8 Fix CSI migration UTs 14936a7f582 Promote Portworx CSI migration to GA 40b9a297389 Fix Portworx plugin's CSI translation to copy secret name & namespace 479ff5a02b0 remove duplicate getAttrsFunc calls to reduce temporary memory allocations e578dcab3ad CHANGELOG: Update directory for v1.29.13 release 7f1abe993cb CHANGELOG: Update directory for v1.30.9 release 8ad8ad4681e CHANGELOG: Update directory for v1.31.5 release cba6300414c Document nftables kube-proxy's "public API" e5b326c0505 CHANGELOG: Update directory for v1.32.1 release c78ee00e963 add missing KEP link for AuthorizeNodeWithSelectors feature gate 271b8cf1c1e kube-proxy healthz handler ip family aware 226b43b8ee7 Prevent alpha feature gates from being enabled by default 94d90fafeed fix name 3986472b3c7 Revert to go-difflib and go-spew releases fef67f64c7b Update compatibility matrix and maintenance status upto release-1.32 c911ddd8a48 Fix: touch /dev/null permission denied on macos 936f249fa05 Add introduced and removed version information in etcd fixtures 43d86c2a3ef Drop github.com/asaskevich/govalidator 0d8a8fe3065 Update to latest kustomize/v5.6.0 bfce77d1c0f We still can't rely on first condition being fs-expansion pending condition aa6a72f76ff Bump CSI sidecars to fix CI issues and such 59850b58230 Promote ServiceAccountTokenNodeBinding to GA d66ced5730f client-go/tools/cache: fix TestAddWhileActive 8221e28e4d9 Add ffromani as approver for kubelet resource managers and their tests bc488020870 remove WatchBookmark feature-gate comment from types.go c0b49120e53 lint: removed empty line a7937f53915 Remove WatchBookmark feature gate 561c1d235a0 full sync per one hour with BFR 0ddab169457 shrink the cache.Queue interface to what is actually used 12345a14c34 kubelet: use env vars in node log query PS command e179f0e364d Add test for compatible version 2f4bd13fe57 kubeadm: remove misplaced error during image pull a92297f1a76 kubeadm: remove the GA EtcdLearnerMode FG aa1d79c3701 Use DeepCopyJSON to copy testcase input a2b12ba4061 Simplify schema sentinel subresource logic f886f3b7f10 e2e: expand error conditions when test-ing port-forward 17030f19b6c e2e services: avoid panic on service creation retry 2c58e274760 storage e2e tests: add more tests for pv relaim policy fd35f652d41 fix state mem constructor and adjust restoreState 018ee41e6f5 kubeadm: fix a wrong comment 3274dc40edc pkg/proxy/healthcheck: consolidate IsHealthy and isHealthy 1c1fc736162 pkg/proxy/healthcheck: enhance testing 729deef4542 bump kube-network-policies to v0.7.0 0e55e47cff1 Remove unnecessary logging in FilterActivePods 64aac665fd9 pkg/proxy/healthcheck: bug fix for last updated time 4a4fc9da801 Extract and unify cache bypass logic by creating a CacheProxy struct 2d826871146 Improve topologyToMatchedTermCount map in InterPodAffinity PreFilter 1b7ddfe6bbb e2e: deflake subpath tests 1b2bacda5bd Only test requests that pass validation 7226a3084e8 DRA e2e: adapt to increased ReservedFor limit 0899cf892d4 add documentation that 0s duration will be overwritten for 5m ba816967a0c Simplify status subresource ratcheting testing 8d79998058b remove workaround for vsg testing c6f19d3c2a1 update snapshot CRDs to v1 in cluster addons e5a3bdb3a71 Refactor shouldDelegateList bdd0f5dd238 test: add Junction file type test on Windows 1cee3682da9 DRA API: bump maximum size of ReservedFor to 256 fe895563d92 Test all possible combinations of input for shouldDelegateList 13a21d58548 Add benchmarking of namespace index 8eb31f8aa16 Fix service's nodePort already allocated a2a0a752102 Cleanupï: only initiate http2 server options when http2 is not disabled 2653caa248d fix dra test lint 5b2c1dde79d Add namespace to DRA adminAccess ValidatingAdmissionPolicy message 41f805b4761 Added check for multipath device mapper a6c7d22f44f update publishing rules to use go1.22.10 for some active release branches 0645f0e50ec pkg/proxy/healthcheck: file rename d6c575532ab pkg/proxy/healthcheck: rename 'proxier' to 'proxy' 4a0578e3dee Improve benchmark to handle multiple dimensions 091fa293908 Fix status subresource ratcheting f1834f06f4f client-go event: add WithContext expansion methods e681a790584 apimachinery wait: support contextual logging 77eae7c34f9 feature(scheduler): remove dra plugin resourceslice QueueingHintFn fb47caa689f Update coredns to 1.12.0 cad12e5a415 Lower verbosity for topologycache messages efdd6bea2e9 kubelet checkpoint: refactor state memory 42a5e5f4255 Pass context down to wait.PollUntilContextTimeout 8e872978e84 kubelet: improve allocated resources checkpointing 75131475fdf Remove general available feature-gate PDBUnhealthyPodEvictionPolicy a7be958884d Remove general available feature-gate JobPodFailurePolicy a811427020a Remove general available feature-gate AppArmorFields 7c887412c88 Add validation for revisionHistoryLimit in sts to prevent negative value (#129017) 4114a9b4e45 [kubectl] Enhance describe output for projected volume sources to indicate optional Secret/ConfigMap (#129457) 02fbcb4e69b kubeadm: should not warn on non-detect sandbox image b1cb471982b Use generic btree in watchcache a97ed3c98bc Update github.com/google/btree 977c4e9138d remove nsenter package 00a7849ef90 kubeadm: add preflight check for losetup on Linux nodes kubeadm: remove preflight check for nsenter on Linux nodes c9bfc3b4556 use ginkgo.DeferCleanup to do cleanup tasks 129418b9a98 e2e: ctb: make it possible to run the tests in parallel df503e54c85 Update etcd from v3.5.16 to v3.5.17 4c6deed07ec kubeadm: fix a bug where the node.skipPhases in UpgradeNodeConfiguration is not respected by 'kubeadm upgrade node' 61681433869 Remove use of deprecated functions 5aa4dd4a6ea Make it possible to pass a scheduler profile to RuntTestCoreResourceEnqueue 78a64027559 Extract list response struct to manage all the response fields 9d55fba36a0 fix featuregates_linter deb234c9d5c refactor: simplify boolean expressions in CRD handler 2fd16abbe8d kubeadm: bump supported etcd version cff0f4009f1 webhook: alter regex to account for x509sha1 GODEBUG removal a9b641464eb chore: adding support for staticPortRange 2c305d71f05 kubeadm: add system verification check(including kernel version check) for upgrade c3a54926a44 Fix PodTopologySpread matching pods counts for constraints with the same topologyKey 2cb1cc9e3a0 Bump images, dependencies and versions to go 1.23.4 and distroless iptables 215d0b094b6 Add tests for kubectl qos (#129388) 5f4d646ea33 Add Device status const comments 8e1403563a6 client-go cache: fix TestHammerController b649c113661 chore(printers): add miss unit test for resourcequota b406ba5cc36 kubeadm: skip disabled addons in clusterconfig on upgrade f47e6d04283 fix: enable len rule from testifylint in module component-base 35f584187a6 accept GINKGO_FLAGS for test-e2e-node.sh (#129215) 976aefca1b2 fix: adopt go1.23 behavior change in mount point parsing on Windows e99fea7e3f1 deflake volume tests 63ddf4bf33f test: Add integration test for apiserver statusz endpoint 2ddbfd19670 Fix Borg pub link in README 176730b0f08 test: fix pv deletion timeout 7c515cd1cb6 remove kubeadm.alpha.kubernetes.io/cri-socket annotation when kubeadm upgrade ca4529574e9 remove node special feature typos 0b6e3718340 Bump x/net to v0.33.0 59fcd7b770d fix metrics test 6c94adcc630 expand etcd storage tests to test for 1.31..1.33 dc476e968d9 remove emulated version test for un-emulatable 1.30 cf28c0405c0 Expand emulated version range to n-3 with 1.31 floor 4e8477bd3bd Bump binary version to 1.33 f20eb2e7c16 client-go workqueue: add optional logger 446252b0c35 Add crd from external snapshotter c71d27cb020 remove v1.30.0 api testdata cf1e2e6c2da Add v1.32.0 API testdata db6bf022173 feat: Add flagz endpoint for kube-scheduler 4396511e43a kubeadm: removed preflight check for `touch` on Linux nodes. e3b12d89d0d fix(dra): support multiple resources to publish in PublishResources 769e7990d61 remove container-runtime-endpoint flag when upgrade efdb7357506 kubeadm: fix idempotency retain, address deprecation 78f9f214c02 apiserver/admission/cel: add unit tests for JSONPatch expressions a88e08c3971 Do not attempt to truncate revision history if revisionHistoryLimit is negative db4c509e716 kubeadm: generalise CreateOrUpdate etc. 4411a3f3be8 lint bc46e3d9b3f apiextensions: replace panic with error handling in DiscoveryController 4638ba97166 client-go/tools/cache: add APIs with context parameter 00dab9dffa6 Add Validation to versioned feature specs. f3ff7d0518f chore: update comment for NamedFlagSetsReader 8495df64b22 deprecate nodefeature for feature labels 68ab918df76 Bump filepath-securejoin to 0.3.5 13b84453df5 Coerce null label and annotation values to empty string 4a2b7ee5699 Configure watch cache history window based on request timeout 04426633c0b Use OS-agnostic path separator in pod warnings check b963e1514e9 fix check errRaw != nil but return a nil value error err fd8a61ae1b3 kubeadm: update owners for v1.33 19aef482fae fix incorrect variable reference in handleUpdateEndpointSlice 75e5bd6a4f0 Fix unit test. 3ec97a445f0 kubectl: add test coverage for cordon command (#129202) b9fc5678d96 Not using fine-grained auth. a87dd67a3c8 feature(kubectl): use autoscalingv2 in kubectl autoscale a7340ff36c0 [windows] Don't chown existing directory in MkdirAll e1ef9e40f57 chore: Update apidiff.sh script description 0c1b1e04501 Address comments 6a608c3cdb1 drop NodeSpecialFeature and NodeAlphaFeature from e2e-node e67c24bdbb4 Bump kubedns and nodelocaldns to 1.24.0 (fixed) 67a13f5355d Revert "Bump kubedns and nodelocaldns to 1.24.0" c3a3a54822a Add `github.com/golang/protobuf` to unwanted dependencies 2c24a12804c Update generated clients after removing always-nil setConfigDefaults error return value c3eba35aa2c Remove always-nil setConfigDefaults error return value in generated clients 1d13ff2a05e make update 11d68ecc4eb ResourceClaim.Status.Devices.Data as pointer f5969adb14a Clean up NewServiceChangeTracker/NewEndpointsChangeTracker args 79d1c078bb1 Make change trackers just ignore the "wrong" IP family 2c348bf1863 Use a constructor properly in change tracker unit tests 7e578bdb6d9 lint ed7f7ce92b0 fix race conditions in polling functions 532607ecbbb Revert "Change default filestore permissions to 0700" d84ab830ad8 Remove shouldServeBeta parameter in apiservice storage b2c84061c9b Change default filestore permissions to 0700 3269f4bb94c bump kube-openapi 8f782fea930 Add client-go README 3cd1c8dd2d2 Drop v1alpha1 VAP in CEL tests 68631d8f7c1 Remove v1alpha1 serving for VAP 1b15876e266 test: reduce container resources in in-place pod resize tests 90e64a57c6c kube-proxy,nftables: add debug logging for failed transaction. b7d6e787268 make update ca5f1deed44 Fix ResourceClaim status API inconsistency 161a817812e Clean up v1alpha1 serving for authorization API c1d0e870f4f Replace `github.com/golang/protobuf` with `google.golang.org/protobuf` 3571992ffcf Add watch permission to namespace-controller for WatchListClient feature 39e7db9cc92 kubeadm: remove iptables/ip/tc/ethtool binary preflight check 80735180ab2 Update x/crypto/ssh dependency a69efaeb765 Shut down webhook after apiserver 9e46be86470 CHANGELOG: Reflect correct approvers/reviewers 137ccd2a73b OWNERS(sig-release): Add `release-team-subproject-leads` alias 0c1ccd133b0 OWNERS(sig-release): Reflect Marko's position as RelEng subprj lead 5c283cbb453 flowcontrol: remove testing dependencies 8fce9b0db68 apidiff: default from prowjob env if available, default before doing anything else c9066d75f6d Fix data race in CBOR serializer's custom marshaler type cache. e8087b3f6ac Remove the limitation on exposing port 10250 externally f9d9649f567 Bump kubedns and nodelocaldns to 1.24.0 f93e6f3d3ae kube-proxy implement dual stack metrics b95c7880005 remove release-notes of reverted PRs 0ba43734b4c client-go/tools/cache: goroutine leak checking e3c584030c3 k8s.io/apimachinery: add HandleCrashWithLogger and HandleErrorWithLogger ae11c7deb1b DisallowInvalidLabelValueInNodeSelector 0cc92622006 kubectl: fix wait --for=create to work correctly with label selectors (#128662) 5b06498cb24 fix: fix miss makezero bug (#125132) 2f9fb220ba6 CHANGELOG: Update directory for v1.32.0 release ebb02bb6cc0 feat: Adds flagz page for kube-proxy 88365488062 test: Add integration test for apiserver flagz endpoint 7caff55fd9c Add statusz to kubelet auth. 353118c0475 e2e: don't panic asserting inside wait.Poll 63992e1790d dra e2e tests: add feature-gate label when these tests depend feature-gate 5d3c07e89db kubelet: only emit one reboot event f367122f302 scheduler plugins changes are API changes, not upgrade action required 9bd5dc86d31 Fix grammar mistake in kubeadm config v1beta4 e35c9b2cd22 add comment for features.BootstrapTokens 3698050dc79 network e2e tests: add feature-gate label when these tests depend feature-gate 902dedbb522 fix: Move statusz to debugging handlers. 816cd402806 Unify ComponentKubelet and add unit tests. a04df83f86b add statusz for kubelet 804f8c75843 kubelet: fix DRA registration test bfed2323105 Update cri-tools to v1.32.0 74090f8eb4a updated bootstrap-discovery link 247555c2b79 test: deployment patch status test should check the modified fields d1cc270f139 local-up-cluster: only wait for coredns if enabled bb2db379c79 test/e2e/apimachinery/watchlist: select only wellknown secrets 8f48a82e6ed docs: `-l/--selector` example for set-based requirements 060c653b53a scheduling e2e tests: add feature-gate label when these tests depend feature-gate 04669c5d644 add warning for duplicate port name definition 5a8d77a2ae2 Add statusz endpoint for kube-controller-manager c5f0e63c624 Add Podresize endpoints to pending_eligible_endpoints.yaml 22c41caca9f Add integrate test to OOS node dce863e5e61 fetch cni plugins from GitHub releases f0c5de00600 Fix volume expansion offline 29d26297a1f e2e: node: fix misleading device plugin test a0b74011b2b add kubelet validation for containerLogMaxFiles cb74323e070 refactor: Simplify the code logic. 617e5c79bb4 storage e2e tests: apply feature-gate label when these tests depend feature-gate 1fd76884b96 Isolate mock signer for externaljwt tests b71763ef386 Remove unnecessary log msg. 0a02c74ca63 update-vanity-imports.sh: remove script 8a908e0c0bd remove import doc comments 326c84a1515 [e2e, service] Add total timeout for affinity check curl command. b330eeac2ff prune-junit-xml: preserve system out + err text during test pruning e0e4af8a58b prune-junit-xml: smarter concatenation when pruning tests 53e9f29d29f Fix kubelet e2e tests incorrect message 8f4e425daf2 chore: ignore dat files generated by scheduler-perf 0d18ae303bb apiextensions: add pkg/test with CEL unit test helpers 9e99be7c2b4 Fix: typos for volume package e5ebbdc3c7f Ignore internal packages messages ebe5bab2cb4 Move common code to an httputil package 27608fa25db refactor(scheduler): Rename UpdatePodTolerations for code style consistency. f92bde1894f parallalize the apidiff dump affafd906da improve report on failures summarizing the modules with incompatible changes 7de94d43cab handle the case when modules are added or removed 52386915a83 use relative paths and modules that are not visible to golagn workspaces 48ea6fc4651 oom_watcher: fix testifylint failures f622be03338 kubelet: Migrate pkg/kubelet/oom to contextual logging e6fccc36d8e apidiff support internal go modules 79d62d8bb3b change current and desired 6f06cd6e057 Do not reload kubeconfig from disk a43b00b429c make test-cmd: use kube::util::find-binary to get kubeadm binary 65b243fcd60 chore: remove repeated scheduler prefix metrics for CacheSizeMetrics bf1280014bb pkg/volume: remove unused function 31958838318 UnitTest: kube-proxy EndpointSliceCache cleared correctly 78b440a74af Fixed: kube-proxy EndpointSliceCache memory is leaked 05ebf451146 e2e: wrap DRA ResourceQuota Forbidden claim check in gomega.Eventually eb6bb5f84d8 Record dataTimestamp as float 67b74696f8c Adjust performance test threshold limits 8312c3ec242 Use generic Contains rather than deprecated ContainsString 7c3a9d65fca Don't set default resize policy in E2E tests da4dc0aec78 Stop defaulting container ResizePolicy 3baa6f08c0a Add modern-go libraries to unwanted dependencies b63593715ff Test EndpointSlice in dual-stack e2e tests 9dbdfe7ecb1 Remove provider specific operations from the autoscaling tests and reintroduce the tests. c3f15fd707a Use generic sets rather than deprecated sets.String bfea4890c59 cleanup: remove pod_scheduling_duration_seconds 36245509e86 fix flaky behavior due to the test ordering between DynamicProvisioner and Retroactive StorageClass Assignment 4a876e21bce fix: params typo 7e977d824cf update the github.com/golang-jwt/jwt/v4 dependency dd1300df986 📝 output log when server shutdown is failed 7280d58f856 Don't allow to tolerate flakes b577972a551 set user.DefaultInfo.UID from x509 cert 4e21f535475 Add test case for service with same named port for regular and sidecar containers e637659d893 Fix named ports of restartable init containers don't propagate to EndpointSlice a6e995379af Add test cases for Service with restartable init containers f87bcd9b3a8 fix: remove duplicated unit tests in JSONPatch and ApplyConfiguration 90922f5c946 Fix linting issue in test a9c311b96a3 static pod upgrade test with hostNetwork 2581d2fadd2 Add self to sig-instrumentation leads 588408df1cd Bump konnectivity-client to v0.31.1 0ba8af9006f DRA: enable performance tracking with scheduler_perf 36f9ee958e2 proxy/util: remove unused function 179fa16f467 Remove user privilege checks from preflight tests 30a7664c3f5 Change way to create a pod in test c725e18e079 feature(scheduler): more fine-grained QHints for interpodaffinity plugin cd6f4153e05 Fix a bug in framework.IgnoreNotFound where it will panic when a function type's final input parameter is a "..." parameter. 22c3db6f7f9 Added unit test for validation check of sidecar containers de8e8c5404c Add integration tests for event handling cases in scheduler_perf 7e067396c2a Build etcd image v3.5.17 36144e07085 test: add a check that a specific error has occurred. 49080bf02a1 Document the existence of nftables as a kube-proxy mode. 80ed375e373 Fixed time 8b90c9e885c lint 991651353d6 lint fe46e47bd13 chore: update deprecated polling methods in apiextensions-apiserver dc258e65ac1 memmanager:cleanup: drop `Experimental` prefix 3d069b2a8a6 Add myself to client-go reviewers b1830bd1de2 Improve validation for missing storedVersion 5db88777c4f change the CapExec value to false by default 636419cdd7f Fix nil pointer dereference in selectable fields check When checking specVersion.SelectableFields, if specVersion is nil, a nil pointer dereference could occur. This change updates the conditional to use || instead of &&, ensuring that the check for specVersion being nil happens first, avoiding potential runtime panics. 50ed36229ce cleanup todo comment in node restriction integration tests c478e4bd382 Add e2e tests 11594fabe64 csi: update snapshot controller to the v8.1.0 de6a43c43c5 generate 93d66a216fa Update API docs that are shared between VAP and MAP a67cf0ba4da Add volume modificatoin recovery e2e test b01b016668a Use Go 1.21 min/max builtins 6f97d063775 add device-plugin-test e2e log e5fd9cfb189 Job: Remove JobTrackingFinalizer annotation specific testings 94f6422562e test:Fix typo 734c36851fb test:Add podgcCtrl to attachdetachClients 6910e766991 test:Add podgcCtrl to attachdetachClients bf1b9c45ea9 add test for inmemory response writer 50f71e948c6 prevent unnecessary resolving of iscsi/fc devices to dm e5ffba17bec Report event for the cases when probe returned Unknown result 4dcddabb7e1 update vendor e2f62322586 preserve options after remount for bind mounting 49b479116f4 [e2e][webhook] Retry update webhook configurations f97abdbee07 allow ContainerResource calculations to continue with missing metrics like Resource calculations 1b371d0d469 Add test for CEL reserved symbols without double underscore b53ea554f88 Adds more flexible version of test ccm server 568255ac7d8 e2e_node: add test about container metrics from cadvisor d9e278711cb Fix GetVolumeName for image volumeplugin and add unit tests for CanSupport 8e877096161 testes written for cache/listers.go 6e82d974510 fix: Ensure testForceDetachMetric works on the delta of ForceDetachMetricCounter ee3e9a7bd44 apiserver: decrease timeout for TestKMSHealthzEndpoint Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
* podman: update to v5.5.2Bruce Ashfield5 days1-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumping podman.git to version v5.5.2-3-g87c980c6e2, which comprises the following commits: 4be1744dd6 Bump Podman to v5.5.3-dev e7d8226745 Bump to v5.5.2 9664445ba6 Add release notes for v5.5.2 1a04ca36d2 Make podman.io update action reusable 1569c20982 machine init: fix tls check 881d48eae2 fix panic on state refresh 31639e85c6 RPM: Limit Epoch 102 to podman-next copr 149bec7392 Bump Podman to v5.5.2-dev 850db76dd7 Bump to v5.5.1 41dae619e8 Update release notes for v5.5.1 279c592378 Build the `dumpspec` test helper for the `buildah bud` tests 4ef6a8715c [v5.5] Bump buildah from v1.40.0 to v1.40.1 efa20372b4 Fix overlay volumes on Windows 61403afeaf Fix SQLite volume lookup queries matching too liberally ee2370bc26 Handle "Entrypoint":[] in compat containers/create API. d71fbe7ba8 Fix handling of "r_limits" in Podman REST API /libpod/containers/create 8e120c93bd specgen/generate: Fix log tag priority c5ac361844 system df --verbose don't crash d995e3eeaa docs: quadlet can translate names now 88890d3eb8 play kube: never add empty alias 45f62c0dcb podman system check: Fix error check logic 8542247538 libpod: don't force only network search domains 04447cc322 test/system: check --dns-option behavior 90c9c2271e vendor: update c/common to v0.63.1 10349a46c4 Trigger podman.io version bump from release action bbed5a8e2e Update RELEASE_PROCESS.md 25e59c7dd2 Recreate the Rootfs in mountStorage for infra-container. bcada3ec09 libpod: fix mount order for "/" volume c2a8447e1f GHA Release: Fix windows installer uploads 5a647f154e fix macos compile issue with go 1.24.3 5141374193 Bump Podman to v5.5.1-dev 0dbcb51477 Bump to v5.5.0 712291aee8 Update release notes for v5.5.0 final 37f621579b Bump bundled krunkit to 0.2.1 5ad243a7da [skip-ci] Tighten version match 66283624bd Update win-installer github job for arm64 eecb4122f7 Build windows arm64 artifacts 04ee90dab3 Fix windows arm64 installer build 0dd745c86b Update winmake.ps1 to build arm64 artifacts df4aed78a2 Remove providers checks from the Windows Installer 366538d98f Update "check.c" to be C23 compliant 5f59c8853a Update to gvisor-tap-sock-0.8.6 d358e91817 Fix running machines with volumes containing spaces 4cb4d121a6 Fix logging podman machine server9 output 82a1a22711 update podman socket output to include also exposed ports 45c9223be9 Automatically bump to -dev after tag 27beb100dc ci: Load null_blk for I/O limit tests b85c312bc6 test/e2e: Use nullb0 for IO limit tests 1c82abd17b test/system: Use correct device for I/O limit tests 6bc2393df0 inspect: Ignore character devices for IO limits ca382b1c8e Bump to v5.5.0-dev 3c4cf52142 Bump to v5.5.0-rc2 c7ad64cedc Update release notes for v5.5.0-rc2 3f43df2bdb Handle signal preventing Start from completing 1ea17b6fdd Fix mach os pr release action b4047fced9 Makefile: move some Go-related variable definitions up fdcbc0d479 pkg/bindings: wrap image push decode error 4767cff3ed pkg/bindings: fix infinite loop/memory leak in image pull 58a934313f Added tests for inheritlabel fix b2a99aab3f Fix: inheritlabels=true if query param absent 325a79c724 libpod: fix a confusing error message from 'podman system reset' on FreeBSD bd3ee58527 podman start: remove container if needed 7a9acf2d51 remote: don't print bogus error when starting container attached 2e01a0ac76 Bump to v5.5.0-dev 6a597e0e89 Bump to v5.5.0-rc1 2c1646b130 Update release notes for v5.5.0-rc1 c6a16e6f17 Packit: do not merge PR in CI 739577b57b Packit: re-enable fedora-41 targets 80993f2c3b fix(deps): update module github.com/docker/docker to v28.1.1+incompatible 10d768baaf Add inherit-labels option to Build API 76b07dd48d Bump to Buildah v1.40.0 75aec675d2 chore: use another script to get the version of gvproxy ce0617eac4 Use gvisor-tap-vsock version from go.mod file 453a7a820d fix(deps): update module github.com/mattn/go-sqlite3 to v1.14.28 9a0f013f0a Revert "cirrus: test only on f41/rawhide" b0df21edef New images 2025-04-16 590e019240 fix(deps): update module github.com/docker/docker to v28.1.1+incompatible 71504eedfb Output headers for volume ls when empty 5494ac882a [CI DOCS] Touchup buildah-bud README.md 49b6faea09 chore(deps): update dependency setuptools to v79 4ba8cde41d Add HostName to quadlet pod a7a7304c6f test: Fix expected output for runc on namespaces 1514e5cbcc feat: update vfkit binary to v0.6.1 in macOS installer 05e7eeaff4 fix(deps): update module github.com/docker/docker to v28.1.0+incompatible 6ac0a28564 Quadlet - support additional systemd unit relationship keys fdfed9979f Add ability to set layer media type for artifacts be937a4e20 Bump c/storage v1.58.0, c/image v5.35.0, c/common v0.63.0 3cbb718049 Fix compat API in rootless mode ignores ulimits 224e791161 Replace podman pause image with rootfs. bc9110c69f Update podman-systemd.unit.5.md e498c6526b Quadlet - translate dependencies on other quadlet units 69c2e68836 Fix directive `//nolint:revive` is unused for linter "revive" on ARM 8690b20732 .golangci.yml: rm legacy and common-false-positives 543a7ea062 pkg/bindings/containers: rm unused break 5f997a70bd cmd/podman/pods/create: fix break statement b615011b44 docs: Expand description of no-new-privileges 7b30f19535 chore(deps): update dependency golangci/golangci-lint to v2.1.2 d9914ff27d Fix the fd leaking to aardvark-dns. 857b536507 test/system: add prefetch users to use cache image 1a6431674f [CI:DOCS] Add link to MAINTAINERS.md file in GOVERNANCE.md f26765ceb0 update golangci-lint to v2.1.1 ae1e24f115 Two small updates to the Governance model 081629cf01 Update pre-commit-hooks and Codespell hook d3e2ca57e4 libpod: stats catch ErrStatCgroup 86d7da8b08 vendor: update to latest c/common a4856a6224 test/system: add debug for /etc/hosts restore flake 0849cbcf83 test/e2e: skip flaky restore into pod test 0fb78905c1 Revert "Instrument cleanup tracer to log weird volume removal flake" 0be44ccb20 test/system: add debug for healthcheck flake 0d4a148ee6 Quadlet - allow deleting the network when stopping the service 72fdc6476d test/system: remove pasta conditional 6c7179c652 rpm: require slirp4netns for podman-tests package fe107ff0ce Quadlet - Add support for adding ExecReload command 521b2451c7 Correct units in init error message 7cbad232fe chore: make function comment match function name 9a723ff9f5 Fix windows path handling in podman cp 76a4fdc358 cmd: Fix help text. --config specifies a dir not a regular file b2e45129b8 .github/labeler: add governance label automatically 1934c3a407 OWNERS: add nalind 4242951662 MAINTAINERS.md: sort by role a96b29b58c docs: update DefaultDependencies description 85caf3fbb5 test: update README for system test 9cc7c2b4ab Make Go not panic on a partial container update 4e65ed5b72 hack/bats: remove OCI_RUNTIME reference 146f70d9fe Bump bundled krunkit to 0.2.0 7633a9a143 fix(deps): update module golang.org/x/net to v0.39.0 7e1ea74813 Maintainers.md: fix two github nicks 85024a9ba7 libpod: --user works with --hostuser entries 254ab3b90f test/system: do not check dns.podman 6bb1d0837f fix(deps): update module golang.org/x/crypto to v0.37.0 acbfc3c259 fix(deps): update module github.com/onsi/ginkgo/v2 to v2.23.4 27b3781201 fix(deps): update module golang.org/x/term to v0.31.0 8d1c373475 quadlet kube: consider empty pod as running f87ab2b7a6 fix network DB desync after failed connect/disconnect c0845ed55b fix(deps): update module github.com/moby/sys/user to v0.4.0 5148cf3c14 [skip-ci] Update actions/create-github-app-token action to v2 72acbc804a Add documentation describing how to triage issues 9d4e820264 Use golangci-lint fmt for pkg/bindings 055fc82bd2 Makefile: exclude seccomp build tag for !linux a8dd9bc1ed Makefile: use GOOS/NATIVE_GOOS instead of uname -s b959ca3577 .cirrus.yml: add golangci-lint cache for freebsd task c958d5b3ba .cirrus.yml: upsize the freebsd instance f18c917ef8 ci: run golangci-lint on freebsd b5a1b512c9 Fix overwriting the Healthcheck configuration from the image 1f90cc1126 docs: update pasta options description 64f822f857 docs: delete the duplicated phrase in introduction page 9277643ead Set the IDMappings also when RootfsOverlay is used. fbb118ed7e cirrus: save/restore golangci-lint cache for linux 403d126ac8 hack/install_golang.sh: revamp 7882de95ff libpod: fix whitespace linter issue on freebsd 421ee18e18 libpod: add a nolint:wastedassign annotation 5f582e9f11 pkg/emulation: add linux build tag for elf 8c0c1c8906 libpod: fix wastedassign warning on freebsd 30fd68cb23 libpod: rm some unused freebsd code 8754687b55 libpod: move linux-specific code to _linux.go c1c963affe libpod: fix unconvert linter warning 6bf1923f3e pkg/specgen: fix ST1019 on freebsd 118670b31f pkg/specgen/generate: fix S1002 on freebsd 0eea1cb297 libpod: don't capitalize error string 66c7efdb6b libpod: use context.TODO to fix SA1012 on freebsd 4165877c58 libpod: gix a govet warning on freebsd 851bd141af Fix errcheck warnings on freebsd 8fd7143e36 cmd/podman-testing: fix freebsd compilation c6189c5b51 test/checkseccomp: add linux build tag f589811073 pkg/rootless: fix ST1005 warning for freebsd 783f0c8076 fix(deps): update module github.com/onsi/gomega to v1.37.0 f1f84320a2 Add initial draft of Podman project Governance 83cf9ee8a9 Update roadmap for 2Q 2025 84203fa6ce Update links and markup in man pages 040385ef9b chore: fix function name in comment 8db52f8984 Add autocomment for `needs-info` label 6c950bdb40 Remove unused code and data structures 684126e426 Suppress failing bud tests in remote 275e77d1fa test/tools/vendor: drop ginkgo 3d12f1e2ed Update vendored c/buildah to 32d78c69be17 74356e1b5a config: use ErrInvalidName c27195ea65 fix(deps): update module github.com/shirou/gopsutil/v4 to v4.25.3 51bb71d1b3 vendor: bump c/common to 9b0d134f392 66b2bf83d9 fix(deps): update github.com/openshift/imagebuilder digest to e87e4e1 6703564339 fix(deps): update github.com/opencontainers/runtime-tools digest to 260e151 4eb75f68cf test/e2e: fix unused linter warning dac3fa2f97 pkg/specgen/generate: fix unused warning on freebsd 18fdbaee80 pkg/machine/qemu: fix ST1016 linter warning on freebsd c860e67884 cmd/rootlessport: add missing linux build tags 061e1a17a9 pkg/rctl: fix fprintf statement 1739b7170e pkg/systemd/quadlet: rm splitPorts c9b108d5b3 Bump golangci-lint to v2.0.2 8bd73b7d2c pkg/machine/wsl: rm unused structures 2861bc3702 pkg/machine/qemu: rm unused code 9f0032d3fd pkg/machine/shim: fix unused warnings on windows d9090645c3 pkg/machine: fix various linter warnings 4638d434bc pkg/machine/wsl/wutil: fix imports formatting c1f9c0b127 pkg/machine/e2e: fix unparam warnings 7c175064da libpod: rm nolint annotation 032250a478 pkg/binding/images: rm dead code 486327e2b9 pkg/bindings/images: fix linter warning on Darwin 6b1033eaa0 libpod/events: refactor to eliminate unused code 91113c46ef test/utils: suppress ST1001 warnings 0f975f8526 ci: rm allow-unused from nolintlint settings bed6ee6bb7 pkg/machine/e2e: move windows-specific function to windows file cc4d904dd2 Fix QF1012 staticcheck warnings f4f2580b0d ci: remove stylecheck linter 5aa035c69c libpod: fix a few minor staticcheck warnings 0105131b5c Fix QF1003: could use tagged switch" staticcheck warning 0dddc5e3c0 Apply De Morgan's law b1010808ed .golangci.yml: remove exclude-dirs 1a9cf6b9db .golangci.yml: rm exclude-files f3e7b26fdd .golangci.yml: remove some linters c72526cd9c .golangci.yml: switch to list of enabled linters 4a7785d4df docs: Update `podman build` security options af19eeaeb4 add additional external container fiters 8ef234aedd remove github.com/buger/goterm dependency 0b1d3a963d chore(deps): update dependency setuptools to v78 590316beb6 update markdown documents with command filter 0a0c8ad6f4 Improve the file format documentation of podman-import. 3872293893 Revert "podman-import only supports gz and tar" 571e0d52b3 Update c/image after https://github.com/containers/image/pull/2795 ba88febf33 Don't block builds on podman-testing growing in size 4264bf6876 remove github.com/google/gofuzz dependency 19b4c3c1b7 fix(deps): update module golang.org/x/net to v0.38.0 8cef2f4d10 Enhance issue reporting template f07a95da0e test/compose: use 4 spaces indentation 9f422e1a77 test/compose: use cdi option over mount 926ad1172e test/compose: remove cni reference ea1eeb523f remove github.com/crc-org/crc/v2 dependency 49c42d06dc pkg/machine/apple: simplify restNewEndpointToCmdLine() 5ad70c9c56 Don't depend on github.com/crc-org/vfkit/pkg/rest 60692ca350 Remove exclude_graphdriver_devicemapper build tag 12ccbea1aa remove unused method references a776c1d82a pkg/machine/vmconfigs: simplify IsFirstBoot 392a8f4ac5 test: Fix runc error message dce36131ae Add cdi-spec-dir option to top level options. 4bea200b26 podman logs: allow options after argument a0cae65c13 quadlet: add support for the UpheldBy option in the Install section 2ba7a87df1 [skip-ci] Packit: Ignore ELN and CS jobs 44cbefff5d fix remove unnecessary err check ea5ed2a875 fix: mounting issue with single character volume on windows e61f1a44d6 pkg/machine/e2e: add missing withImage() 9b9c60d814 CI: use z1d instance for windows machine testing 1f3347ff3c test: re-enable idmapped mounts test on vfs 7f592742b8 vendor: update c/{common,storage} f94d613556 Fix container clone with configured Healthcheck f15b0887c7 Add support for pids-limit annotation for podman kube play. 08a1c6d91e Add support for Retry= and RetryDelay= to Podman Quadlet. 6e28bdcf25 GHA: Open PR to podman-machine-os on releases 321634d599 Add volume SubPath in generate kube 7ca96702ee buildah-bud: skip bud-with-mount-cache-like-buildkit bf0a5ee3cf docs: Use accurate max size of secret content 10290d462b docs: Improve spelling and formatting fa0e5af542 fix(deps): update module github.com/containers/gvisor-tap-vsock to v0.8.5 68e0a6c89a Clarify behavior of --health-timeout in man page f5fbb4215d vendor: update c/{common,buildah} to main 999a11c8b1 replace deprecated selinux/label calls a0acdb837b New images 2025-03-24 6df50bec87 fix(deps): update module github.com/onsi/gomega to v1.36.3 f91aca8ebc vendor: bump c/common to dbeb17e40c80 f1527283d6 Make exec support --cidfile. 042c1ffa0b pkg/machine/e2e: use testimage 260035d069 vendor: update common and buildah 701aade262 Add --env and --unsetenv to podman update. 5e66d38c9d Do not set arch for windows to amd64 0ca539c3ab chore(deps): update dependency setuptools to v77 88b62d2c27 vendor: update c/common 67165d8fc2 Fix some code blocks in documentation 51ca839c14 libpod: fix handling of additional gids in exec c0627de21d container: replace code with securejoin.OpenInRoot() a23511e341 vendor: update github.com/burntsushi/toml to v1.5.0 ac787b6691 Fix flake on machine cp e2e test 829cc591df chore(deps): update dependency setuptools to ~=76.1.0 16918614b5 fix(deps): update module github.com/opencontainers/runc to v1.2.6 1e4acff971 Update roadmap for Q1 b3fe3906bb test/e2e: skip idmapped mounts test with vfs 69dc0720b9 docs: add note about systemd df RECLAIMABLE bug 97cab8c9c0 test/system: add systemd df regression test 38d6d1c560 vendor: update c/common to latest 39e3df6b55 fix(deps): update module golang.org/x/net to v0.37.0 2b813eef9d [skip-ci] RPM: Add riscv64 to ExclusiveArch-es af29bb5b6e Update CI to run Windows unit tests dd4f67fd72 chore(deps): update dependency setuptools to v76 f166f1503c Honor rootfulness when SSH-ing into named Machine 687fe08f42 Fix a potential deadlock during `podman cp` bcc2063e9e test/e2e: use go net.Dial() ov nc f8787bb219 test: use ncat over nc 1945506905 New images 2025-03-12 a2953dad10 libpod: improve createRootlessContainer a1008a1294 libpod: add missing return in WaitForConditionWithInterval() 5207feebd4 pkg/domain/infra/abi/play.go: fix one comment 94cacea064 docs: fix some minor issues 76fe869dc5 fix(deps): update module golang.org/x/net to v0.36.0 [security] 87421d9508 Fix WSL installation check on Windows fff42ac232 Fix HealthCheck log destination, count, and size defaults 18abb18c9a chore(deps): update dependency setuptools to ~=75.9.1 c05908a7f6 libartifact: NewArtifactStore() reject relative paths 9e94dc53b2 add new artifact mount type f6e2d94409 test/e2e: improve createArtifactFile() fe82fa85d2 pkg/specgenutil: rework volume/mount parsing 590bf8b79d pkg/specgenutil: unexport Mounts() 51cfcc65d5 correctly preallocate artifactDigests in ArtifactRm() b232ea3d18 create artifact store in the libpod runtime 7c200a5f4c libartifact: add BlobMountPaths() 86a6539b76 libartifact: extract common code into helper 4cd19b7f7a libartifact: fix comment on Extract() 618e37794e libartifact: create FilterBlobOptions 91072dc940 Win installer test: hardcode latest GH release ID 82426caf8a packit: fix missing fedora arches 6ea7b192fa [skip-ci] Packit: Fix action script for fetching upstream commit 9eb4d27c5c packit: only build F41+ 56e62948f7 go1.23: use std maps package b23249635d vendor: bump to golang.org/x/crypto@v0.36.0 05fc9d2d6b cirrus: test only on f41/rawhide f2606c4230 fix deprecated docker v28 types 91a08235d1 vendor: update docker v28 and c/{common,image} 2ffb3a19b3 vendor: update c/storage c9c44d400c libpod: do not cover idmapped mountpoint 48662fa32b update gvproxy version to 0.8.4 41924f870f Prevents removal of `podman.sock` file using `podman system reset` command 02658bc4cc Quadlet - Propagate warnings and print errors and warnings as they occur 73799672cf docs: update how the machine os is upgraded b762c15e1c Fix a few typos. c6fe768176 Don't try to resolve host path if copying to container from stdin. 130bb21612 .github: remove cirrus rerun action 5283f956a5 Disallow mounting to certain destination /dir paths 5cd58742a2 Use svg for pkginstaller banner 1d304334dd pkg/util: remove redundant min/max helper functions eed5f9ee4a libpod: race in WaitForConditionWithInterval() d0efd0e278 libpod: race in WaitForExit() with autoremove 41dd3f2474 Automate release 945aade38b quadlet kube: correctly mark unit as failed 518773a616 pkg/domain/infra/abi/play.go: fix two nilness issues 04e8cd1eb1 kube play: don't print start errors twice 727542fc6c Replace old nginx image with podman hello 47079cd030 [CI:DOCS] Packit: clarify secondary status in CI 73cfef57b9 fix(deps): update module github.com/containers/buildah to v1.39.2 9e397d8e4d podman-import only supports gz and tar 7f4282a7e8 Update documentation for podman-machine-os-apply 47a743bba2 report healthcheck start errors 84c56243a2 [skip-ci] Packit/RPM: Display upstream commit SHA in all rpm builds 30d8fcbc03 fix(deps): update module github.com/opencontainers/image-spec to v1.1.1 1e9bfeb1f8 docs,kube: add configMap as supported volume option 511d912685 Add stopped status for HealthCheck d5acda2a37 fix(deps): update module github.com/shirou/gopsutil/v4 to v4.25.2 7bcd9c066e chore(deps): update dependency pytest to v8.3.5 b18dcccb28 add filter for container command 67c876112b fix(deps): update github.com/vishvananda/netlink digest to 0af3215 baf176058c fix(deps): update github.com/digitalocean/go-qemu digest to ee9b066 b2d08f5b8f Use UnparsedInstance.Manifest instead of ImageSource.GetManifest f8c702bd35 Rename copyImageBlobToFile to copyTrustedImageBlobToFile 20523152f8 Add "create" and "remove" events for secrets. 42fb942a6f Introduce `podman machine cp` command f71067d710 Create quota before _data dir for volumes 716eb000fa Bump to latest c/storage main 316a5dc643 fix(deps): update module github.com/opencontainers/runtime-spec to v1.2.1 92c5b08ebd vendor: update github.com/go-jose/go-jose/v3 to v3.0.4 24af533082 fix(deps): update module github.com/containers/libhvee to v0.10.0 e8fc1e679a fix(deps): update module github.com/containers/buildah to v1.39.1 328c7260fc podman run: fix --pids-limit -1 wrt runc bbc7f577aa chore(deps): update module github.com/go-jose/go-jose/v4 to v4.0.5 [security] 6796562b50 fix(deps): update module github.com/vbatts/git-validation to v1.2.2 ee3fc74baa fix(deps): update module github.com/vbauerster/mpb/v8 to v8.9.3 4dbbf264c7 Fix reporting summed image size for compat endpoint e10df3dac7 fix(deps): update module tags.cncf.io/container-device-interface to v0.8.1 cbc73457ab Add --all to artifact rm 7030b559fb Define artifact error types 6ad2dc0590 wire up --retry-delay for artifact pull 7536620791 [skip-ci] Packit/Copr: Fix `podman version` in rpm 4695564730 oci: report empty exec path as ENOENT b43863ae2a docs: warn about adding capabilities a8caebb5a3 Add documentation describing issues and support c65bb903b6 test: adapt tests new crun error messages 35d2a65e3a test: remove duplicate test 0f443f22ca Add syncmap package and use it for graph stop/remove 1c13a71641 Update CONTRIBUTING for main branch bbb94249ed fix: reduce logs noise when attach input on `ExecStartAndAttach` 543be25ef3 quadlet: support `Memory=` in `[Container]` sections 22da944e4a Parallelize buildah bud tests c278db873f cirrus: use fastvm for buildah_bud 3de18b537e test/buildah-bud: run bats in parallel 88073c56d5 update github.com/spf13/cobra to v1.9.1 a5de5959cb fix(deps): update github.com/containers/storage digest to b6f6fb2 f290149b70 fix(deps): update module github.com/opencontainers/runc to v1.2.5 77737132a5 Revert "silence false positve from golangci-lint" 035fff5fd2 update golangci-lint to v1.64.4 5c17f7a650 chore(deps): update docker.io/library/golang docker tag to v1.24 731ef3ff9c cirrus: bump timeout for macos/win machine tests 07e53673f6 cirrus: figure out DEST_BRANCH automatically 6167d286eb fix(deps): update github.com/hugelgupf/p9 digest to 6f4f11e 3b5d7d1e64 artifact extract: support reflink copy 525b11e4c7 vendor latest c/storage 986fc9f465 update golangci-lint to v1.64.2 8b6f14f95b silence false positve from golangci-lint 34de0feda5 cmd/podman: refactor Context handling 78717e6ae9 fix new usetesting lint issue fdd442cbdf Create `--append` flag to add file to existing artifact a17175eb3a Cleanup test ce8813dc8d Remove persist directory when cleaning up Conmon files 3925a30fa7 add podman artifact extract 79be095795 docs: add v5.4 to API reference ad9839ac55 Run HealthCheck without creating and removing the ExecSession in the database a6d6d6409e Bump FreeBSD version to 13.4 a2380bca1e fix(deps): update module golang.org/x/tools to v0.30.0 f906c6df57 Switch to the CNCF Code of Conduct 74a100f542 fix(deps): update module golang.org/x/net to v0.35.0 7e612f6ebb test/system: remove tar version check d13915f87a new images 2025-02-10 cb53abca28 In SQLite state, use defaults for empty-string checks ab0410948a libpod: make hasCapSysResource platform-specific 3c3baefa8c Update rpm/podman.spec 5bada90190 test/apiv2: fix registry push flake f73c976bca fix(deps): update module golang.org/x/crypto to v0.33.0 b06c7d78d3 [skip-ci] RPM: set buildOrigin in LDFLAG 91e4f6918a Remove the option to install WSL/HyperV dce52b3e77 Improve winmake.ps1 clean target b4fc9cd14d Makefile: escape BUILD_ORIGIN properly 1d4c67751c fix(deps): update module github.com/vbauerster/mpb/v8 to v8.9.2 30ed3293c4 fix(deps): update module google.golang.org/protobuf to v1.36.5 1d220b99da [skip-ci] RPM: cleanup macro defs 46d874aa52 Refactor graph traversal & use for pod stop 2f710723df images: fix segfault when mounting without cap_sys_admin c06dba4845 rootless: fix hang on s390x e5bcd6542e Add tests for chunked pulls 27ccfef3a1 Don't use all of tempdir as podman's --tmpdir 165d5c3062 fix(deps): update module golang.org/x/sync to v0.11.0 03b9f87c7d fix(deps): update module golang.org/x/term to v0.29.0 e7a0032ec3 fix(deps): update module golang.org/x/sys to v0.30.0 52febf6a0a Fix flake test: podman pause/unpause with HealthCheck interval ad0c092616 Bump version to 5.5.0-dev 6f9fb4392c fix(deps): update module github.com/shirou/gopsutil/v4 to v4.25.1 6c06577455 artifact: only allow single manifest 297e8a3476 Add `machine init --playbook` dcdf82e943 test/e2e: improve write/removeConf() bc2763eac8 Add --noheading to artifact ls 35c72bb18e Bump to Buildah v1.39.0 26b5864648 rpm: add attr as dependency for podman-tests 06fa617f61 Lock pod while starting and stopping containers 89283c6fcc update gvproxy version dae1541529 Force use of iptables on Windows WSL 509c80d5bd fix(deps): update golang.org/x/exp digest to e0ece0d 400645bf10 fix(deps): update github.com/vishvananda/netlink digest to 7c2350b 211d3ea3cf Bump c/storage to v1.57.1, c/image v5.34.0, c/common v0.62.0 d575ae12f8 Add --no-trunc to artifact ls bd061aa2d5 Add type and annotations to artifact add 4a0006db33 cirrus: ensure HOME is set in postbuild.sh 18e29076f7 pkg/api: honor cdi devices from the hostconfig 1c0f5b0475 new images 2025-01-31 f0ef791808 podman exec: correctly support detaching 3eb0e1e8ac libpod: remove unused ExecStartAndAttach() be6fa68296 [skip-ci] RPM: include empty check to silence rpmlint e2eb8e4a86 [skip-ci] RPM: adjust qemu dependencies d3706bcad1 Add BuildOrigin field to podman info 51fd6e906c fix(pkg/rootless): avoid memleak during init() contructor. 1f3182009a util: replace Walk with WalkDir 398377fd97 Move detection of libkrun and intel 4eeaedfe13 Prevent two podman machines running on darwin 27386be189 fix(deps): update module github.com/spf13/pflag to v1.0.6 e893747cf3 Remove unnecessary error handling c0aab0a85a Remove usused Kind() function 511c8b249d Remove timer for HealthCheck when container is paused. 513b4aaceb Safer use of `filepath.EvalSymlinks()` on Windows 357f76daae error with libkrun on intel-based machines 0eefdbe30e fix(deps): update module google.golang.org/protobuf to v1.36.4 Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
* docker-distribution: fix build for 386Chen Qi5 days2-0/+46
| | | | | | | | | | | | The build error could be reproduced by using qemux86 as the MACHINE or using qemux86-64 as the MACHINE and then running 'bitbake lib32-docker-distribution'. The root cause is the wrong file (s3_64bit.go) is imported. Fix the tag matching to ensure s3_32bit.go is imported in case of 386. Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
* docker-distribution: get rid of unknown in version outputChen Qi5 days1-0/+2
| | | | | | | | | | | | | | | | | | | | The '+unknown' is a deliberate design which is expected to be overridden at build time by VERSION environment variable. However, after the following commit, things cannot be overridden. a74cacf (version: export getter functions) This is because variable beginning with small letter is a private one and cannot be exported or overridden. An issue has been filed for upstream: https://github.com/distribution/distribution/issues/4627 Before that issue is resolved, we need to sed the file manually. Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
* docker-distribution: update to v3.0.0Bruce Ashfield5 days1-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumping distribution to version v3.0.0-20-gda404778, which comprises the following commits: b09be3d6 build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 dde1e49f Changes: Append a UUID to ensure uniqueness Join delete error c460aa63 fix: Annotate code block from validation.indexes docs a5a6f1ba To address the issue where empty files are created when the write process is interrupted, the solution involves writing to a temporary file first and then atomically renaming it to the target file. This ensures that the target file is only updated if the write completes successfully, preventing empty or partially written files. 4aab88fe fix: implement JWK thumbprint for Ed25519 public keys 5a71303e build(deps): bump golang.org/x/net 78456caf Fix: resolve issue #4478 by using a temporary file for non-append writes a6ce1a79 chore: make function comment match function name fcb2deac feat: extract redis config to separate struct ea6ab365 fix newClient in azure storage provider ceafb041 Update releases/v3.0.0.toml 6266adaa Prep for v3 release fd14cf19 Vrify the linter config first before running it 3a33ba12 Fix golangci-lint config 52f0f6c4 Bump Azure deps 05b308bc build(deps): bump github.com/golang-jwt/jwt/v5 be2025a8 Prep for v3-rc.4 release 19934b8f fix: leak 6be526be build(deps): bump actions/upload-artifact from 4.6.1 to 4.6.2 896fec50 build(deps): bump golang.org/x/net d7b8fb6a Bump Go version in prep for the next release 26b983c7 More renames 31c02216 Rename cloud make targets to s3 2ffa1171 Azure driver fix b30274f2 use cached blob statter in ManifestService if available b2cc4fe1 fix: define types for inline structs 6599be4f Update com.docker.registry.plist bb0253d1 Update osx-setup-guide.md 7884c712 Add code comment e20645c0 Enable MD5 check on GCS driver fc3dd55d build(deps): bump github.com/go-jose/go-jose/v4 in the go_modules group 64f780f6 Explicitly return zero value instead of partially filled struct da2bbf04 build(deps): bump actions/upload-artifact from 4.6.0 to 4.6.1 484fa043 build(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.1 0762a1bb Fix error message for unsupported signing algorithm by not overriding var 70d99154 Fix signing algorithm configuration for token authentication 198db9cb Prep for v3-rc.3 release 7098b3f4 Bump Go version 6ed60b0f Apply suggestions from code review 53c38264 Remove named returns and fix linting woes 2a491b35 docs/garbage-collection: document --delete-untagged and --quiet options a032989b registry/storage: add option to quiet GC output. f4a500ca Fix registry token authentication bug 4c5e3945 ci: fix bake build 808f0b89 ci: update bake-action to v6 825eeb03 build(deps): bump actions/upload-artifact from 4.5.0 to 4.6.0 f1e33060 Fix conformance upload issue: 38fd91a4 (security): Bump golang.org/x/net module c4a60446 Prepare for rc2 release d85819c0 build(deps): bump actions/upload-artifact from 4.3.6 to 4.5.0 41a906f0 fix(configuration): replace string literals with constants in tests 96c9a85b fix(configuration): replace string literals with constants in error 328f802b fix(configuration): replace string literals with constants 916bdeae feat(configuration): support mtls auth mod 96a3daaf Move a direct dependency to direct deps required modules fb3ba302 chore: Bump alpine and Go versions 6eba54be build(deps): bump golang.org/x/crypto from 0.28.0 to 0.31.0 183919ce Update squizzi maintainer email 179e902f update xx to v1.6.1 for compatibility with alpine 3.21 and file 5.46+ 1d104a93 [docs] Explain how to configure a list through env variables 4dfab838 build(deps): bump codecov/codecov-action from 4 to 5 abbe03ef Upgrade go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp 4118c80a Prep for v3-rc.1 release 3ac22856 Bump otel dependencies bd52394e Update lint.Dockerfile da2f24e2 docs: update hugo and theme versions 5ee5aaa0 fix(registry/storage/driver/s3-aws): use a consistent multipart chunk size 3996413f Bump google storage module 1c26d98f Bump dependencies 7b3e6d50 docs: Update to refer to new image tag v3 b9b96d9d Bump Go version in Dockerfiles 6df0fd94 Bump go version in go.mod 88579792 Fix a typo in GHA build workflow comment be0051c4 Run vendor on 1.21 997c29db ci: fix GHA CI build matrix 2e7482cb avoid appending directory as file path in s3 driver Walk e44d9317 test s3 driver walk of empty dir 3f4ec64f Add validate action to validate api docs Signed-off-by: Pratik <pratikgparikh@gmail.com> 5e59a648 fix existing doc first Signed-off-by: Pratik <pratikgparikh@gmail.com> 0ab7f326 replace uses of Descriptor alias 92b483ef Make Descriptor an alias for oci.Descriptor fdb5abb9 docs: removed description of ELB as an example of an not sophisticated Load Balancer b53946de fix: Add the token's rootcert public key to the list of known keys 63cfb187 Add a note regarding redirects to pre-signed URLs 4a0e027e TestProxyManifestsMetrics: use actual size of manifest 38553eaa chang docker-compose to docker compose 49fad517 chang docker-compose to docker compose e41848cc chang docker-compose to docker compose 4615d302 Remove deprecated version field a940e616 Fix silly testing format mistakes 170ac07a chore: bump golangci-lint and fix govert issues 44ddae31 build(deps): bump github/codeql-action from 3.26.3 to 3.26.5 b2626e06 Build artifacts and images for linux/riscv64 aabceeb9 build(deps): bump github/codeql-action from 3.26.2 to 3.26.3 eed9400d feat: support custom exec-based credential helper in proxy mode d8199f45 chore: fix typo in rewrite storage middleware init 2f86b475 build(deps): bump github/codeql-action from 3.26.0 to 3.26.2 64b036e0 build(deps): bump github/codeql-action from 3.25.15 to 3.26.0 786c5836 build(deps): bump actions/upload-artifact from 4.3.5 to 4.3.6 b3f4f327 build(deps): bump actions/upload-artifact from 4.3.0 to 4.3.5 32e5b044 build(deps): bump github/codeql-action from 2.22.12 to 3.25.15 db5c303e fix: skip removing layer's link file when '--dry-run' option spcified 70e0d885 auth: fix token verification chain ba8e539b Use `x.y.0` format for the go module version b6016d78 build(deps): bump ossf/scorecard-action from 2.3.3 to 2.4.0 f072af95 build(deps): bump ossf/scorecard-action from 2.3.1 to 2.3.3 91eda593 chore: fix typos returned in some errors 8619a11f fix nil pointer in s3 list api d4f611df build(deps): bump docker/bake-action from 4 to 5 a8d423dc build(deps): bump actions/configure-pages from 4 to 5 3fe99ca2 build(deps): bump softprops/action-gh-release from 1 to 2 1e89cf78 deprecate Versioned in favor of oci.Versioned a18cc8a6 S3 driver: Attempt HeadObject on Stat first, fail over to List 3d0239ac manifest: slight cleanup of init / registration f1c8c414 Descriptor: do not implement Describable interface 671184e9 Remove ManifestBuilder interface c345425f ci:bump Go version 9ba73406 vendor: github.com/opencontainers/image-spec v1.1.0 eb6123f5 fix logic for handling regionEndpoint Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
* docker: update to v28.3.0Bruce Ashfield5 days4-21/+18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumping moby to version v28.3.0-2-ge0183475e0, which comprises the following commits: a2af8bdebd gha/bin-image: add major and minor version image tags b2a9318a1e docs: cut api docs for v1.51 8c713c1af4 gha: lower timeouts on "build" and "merge" steps 8e7ea470cf vendor: update buildkit to v0.23.1 222baf4ccb vendor: github.com/moby/buildkit v0.23.0 0e0ca09ddc daemon: containerStop: fix ordering of "stop" and "die" events e62b0e2234 vendor: github.com/opencontainers/cgroups v0.0.3 06ab9cd1ed daemon/config: Validate: add missing validation for registry mirrors 97aa4e8550 registry: ValidateMirror: improve validation for missing schemes e18a9c95b8 Update containerd to v2.1.3 09fef2b26e api/types/container: deprecate ExecOptions.Detach 44c8cd2e8f vendor: update buildkit to v0.13.0-rc2 78b6204f9e vendor: github.com/moby/swarmkit/v2 v2.0.0 cf98237186 vendor: github.com/moby/swarmkit/v2 v2.0.0-20250613170222-a45be3cac15c fd96b01b0e pkg/idtools: deprecate IdentityMapping, Identity.Chown 987b8a88a6 c8d/push: Extract shared push logic d9e7b86de4 c8d/push: Fix fallback single-manifest push not creating a tag 53d12c96f8 vendor: github.com/containerd/containerd/v2 v2.1.2 aac0260d21 Fix flaky test TestDaemonRestartRestoreBridgeNetwork cfcbfabb0f api/image/list: Return `Containers` count 6d737371b8 fix comparison rule from errorlint 941d09e265 Handle error message from token server with containerd backend e4e7fcf668 vendor: github.com/moby/buildkit v0.23.0-rc1 d3d20b9195 integration-cli: TestCopyFromContainerPathIsNotDir: adjust for win 2025 cf86f3a082 vendor: github.com/containerd/nydus-snapshotter v0.15.2 9a85f50aaa vendor: github.com/pelletier/go-toml/v2 v2.2.4 1764909076 vendor: github.com/fsnotify/fsnotify v1.9.0 102adcab57 vendor: github.com/containerd/console v1.0.5 5230692cad vendor: cloud.google.com/go/longrunning v0.5.5 5fb6604642 vendor: google.golang.org/api v0.160.0 d2954c4e05 vendor: otel v1.35.0, otel/contrib v0.60.0, grpc v1.72.2 05f892190c vendor: github.com/prometheus/client_golang v1.22.0 952cddd05b vendor: google.golang.org/protobuf v1.36.6 ccf5f8036c vendor: golang.org/x/sys v0.33.0 c81e03bc0b vendor: golang.org/x/sync v0.14.0 05e8b1701c daemon/containerd remove leftover schema1 compatibility code 2ff281e33a daemon/containerd: update link to containerd code d54f713d95 daemon/containerd: rename var that shadowed type 8e6cd44ce4 daemon: ensuring state of stopped container is visible to other queries when container is stopped and before API response is sent (fix for https://github.com/moby/moby/issues/50133). 7acb079403 Revert "libn/networkdb: don't exceed broadcast size limit" 0df31cf585 Revert "libn/networkdb: fix data race in GetTableByNetwork" 83b2fc245d Revert "Fix possible overlapping IPs when ingressNA == nil" e079583ab4 Revert "libnetwork/networkdb: use correct index in GetTableByNetwork" cfd5e5e4d4 Revert "libn/networkdb: b'cast watch events from local POV" 576cf73add Revert "libn/networkdb: record tombstones for all deletes" 2297ae3e64 Revert "libn/networkdb: Watch() without race conditions" cc60ec8d3c Revert "libn/networkdb: stop table events from racing network leaves" b5b349dbd6 Revert "libn/osl: drop unused AddNeighbor force parameter" 35916f0869 Revert "libn/osl: refactor func (*Namespace) AddNeighbor" 3eb59ba5a2 Revert "libnetwork/osl: remove superfluous locks in Namespace" 5d6ae34753 Revert "libnetwork/osl: stop tracking neighbor entries" ea818a7f6f Revert "libnetwork/internal/setmatrix: make keys generic" 78ccc20545 Revert "libn/d/overlay: use netip types more" 23c56099ee daemon/logger/loggerutils: use defer to fix gocritic "badlock" linter 0069360e3b volume/mounts: windowsDetectMountType: rewrite using switch 027355d7b3 container/stream: TestRaceUnbuffered: put unused testing.T to use 2bbf5f5a39 daemon/containerd: ImageService.resolveImage: cleanup resolve by name:tag 2e25775c83 libnetwork: Replace deprecated usages 3dd8f03f25 vendor: go.etcd.io/bbolt v1.4.0 55f47f9e34 Windows: don't try to load "mirrored" network plugin 20b6075380 fix badCall from go-critic 10c4715a62 openrc: allow customizing containerd service name c466ae0f71 fix badLock from go-critic 19f5ac3c81 fix initClause from go-critic aa632664b6 fix mapKey from go-critic 5ad4e4edf7 fix deprecatedComment from go-critic b8a4f6534f fix stringsCompare and stringConcatSimplify from go-critic a62de57aa1 fix sprintfQuotedString from go-critic bc9ec5fc02 fix emptyStringTest from go-critic 469afa5f8f fix httpNoBody from go-critic 8f7faa01d1 fix boolExprSimplify from go-critic e5be7b54b1 fix yodaStyleExpr from go-critic 64075850fc fix go-critic linter 793dd8385a Only "prune" Windows networks created by Docker 071d27cd3d Add contributor guidelines for where to put source code in packages 1603ad636e update to go1.24.4 9b5d8cd186 fix thelper linter ea581c96b9 Validate BIND_DIR variable in Makefile e32715ec03 Added support for AMD GPUs in "docker run --gpus". 6bac5ca833 Set EnableIPv4=true in overlay network inspect response 27f2e0ecc5 api: bump to 1.51 bd20bfdc41 all: remove redundant import-aliases for "go-winio" f85394dd5d api: image inspect: add back fields that did not omitempty 284904119a Dockerfile: update cli to v28.2.2 8ba832cc8f docs/api: swagger: quote maxUint64 example value affe1d6335 api/swagger: quote maxUint64 example value b6fa565cba libnetwork/resolvconf: Build: decorate error for invalid nameservers 35e062dde1 libnetwork/resolvconf: rewrite TestBuild tests to a table-test 16ed51d864 libnetwork/networkdb: always shut down memberlist c1a27ea5af pkg/stack: remove // import comments dd382769bd pkg/rootless: remove // import comments ce191648c7 pkg/useragent: remove // import comments ad1a388895 pkg/tailfile: remove // import comments b6f99f6d7f pkg/stringid: remove // import comments ca2cca1286 pkg/stdcopy: remove // import comments 225b7ca6b7 pkg/progress: remove // import comments 0f9818ad03 pkg/pools: remove // import comments f0f4fa0038 pkg/plugingetter: remove // import comments 5f4da92972 pkg/platform: remove // import comments 7a703f3772 pkg/pidfile: remove // import comments 511cf09e75 pkg/namesgenerator: remove // import comments 864e3f9348 pkg/longpath: remove // import comments cc329af619 pkg/jsonmessage: remove // import comments 0c70c762b2 pkg/streamformatter: remove // import comments fd8b6a24ab pkg/tarsum: remove // import comments 17845556f2 pkg/system: remove // import comments 18a1b61b49 pkg/sysinfo: remove // import comments 126246ae39 pkg/plugins: remove // import comments 0380c952a6 pkg/parsers: remove // import comments 4800a9b50d pkg/ioutils: remove // import comments ca3982adea pkg/homedir: remove // import comments c93f18e0b8 pkg/fileutils: remove // import comments 6a9f7c543c pkg/authorization: remove // import comments a4411f497f errdefs: remove // import comments 0ea03c4add opts: remove // import comments 7ce4e9685a oci: remove // import comments 23009a700a testutil: remove // import comments fe1bc3e7fd runconfig: remove // import comments 4656712b82 restartmanager: remove // import comments 134f20c828 reference: remove // import comments 97b20f6b79 registry: remove // import comments 2548254317 quota: remove // import comments 66055ea07c plugin: remove // import comments 3bbb38f1d2 volume: remove // import comments 021dd75bc4 libcontainerd: remove // import comments fe34e89992 layer: remove // import comments 9abf9f2d0d internal: remove // import comments 4970333621 integration: remove // import comments a4b0d32fa6 integration-cli: remove // import comments 7eecd04c7b image: remove // import comments c1a3c51d9e dockerversion: remove // import comments c7cb2d9783 distribution: remove // import comments 5318877858 daemon: remove // import comments 076e98e8f3 daemon/links, daemon/network: remove // import comments 2b42088bd5 daemon/listeners: remove // import comments 241e0bca8b daemon/events: remove // import comments 27956106d5 daemon/config: remove // import comments 69c34390c0 daemon/logger: remove // import comments 7d4caf4ba8 daemon/images: remove // import comments 9876c9fbcf daemon/graphdriver: remove // import comments 986ec3f877 daemon/cluster: remove // import comments 89aa33001e container: remove // import comments d469079338 cmd: remove // import comments c6bbc3bb6e builder: remove // import comments 4856e8ffad client: remove // import comments bf9d739561 api: remove // import comments fca97dae9d libnet/d/overlay/overlayutils: prevent uint32 overflow 3d8195a20f daemon/logger/fluentd: cap max-retries to MaxInt32 404f29c42d gha/bin-image: Don't push sha tags 7994426e61 Revert "containerd: images overridden by a build are kept dangling" a2652d4b81 Don't set up iptables chain DOCKER-USER when using nftables d3289dda4b Add nftables NAT rules for internal DNS resolver c299ba3b38 Update worker.Platforms() in builder-next worker. 6889039d76 Fix silent stop on error due to using output redirection together with `set -eu`. d6620915db portallocator: always check for ports allocated for 0.0.0.0/:: 027588eba0 builder: Pass cdi cache instead of CDISpecDirs bc6bc7aafa daemon/cdi: Log not found dirs as INFO 9856bf52a2 daemon: Configure default CDI cache ae2fc2ddd1 PortAllocator: Use netip.Addr instead of string as map key 19dc38f79b Listen on mapped host ports before mapping more ports dc519a0f18 iptables: Drop explicit RETURN rule from DOCKER-USER 148a19b6d6 seccomp: Require CAP_SYS_ADMIN for lsm_* syscalls 0ab8108b57 seccomp: Fix typo in lsm_set_self_attr 21a165de23 Use env-var DOCKER_FIREWALL_BACKEND=nftables to enable nftables 637e8142ce clean up golangci-lint config for deprectated errdefs.* 37caf3881a volume: replace uses of errdefs package 08768e4d9d testutil: replace uses of errdefs package 416dc8c1bf runconfig: replace uses of errdefs package 8803b58259 refernce: replace uses of errdefs package dcf253ffe2 plugin: replace uses of errdefs package 8561016335 libnetwork: replace uses of errdefs package f06c450a8e libcontainerd: replace uses of errdefs package 528f2284ee integration-cli: replace uses of errdefs package 14852fcd82 integration: replace uses of errdefs package a1a789dbd0 image: replace uses of errdefs package 6ee53a6831 errdefs: replace uses of errdefs package 083ccfa486 distribution: replace uses of errdefs package 55da8ea276 daemon: replace uses of errdefs package 364d8d8b31 container: replace uses of errdefs package 415fc7b41e builder: replace uses of errdefs package f0eaf228c1 api: replace uses of errdefs package f98b7005d2 remove fallback for non-OCI-compliant docker.pkg.github.com registry 048199f191 Dockerfile: update cli to v28.2.0-rc.2 d188df0039 libn/d/overlay: use netip types more 0317f773a6 libnetwork/internal/setmatrix: make keys generic e48ea1c6e0 Make integration tests ready for nftables f9f0db0789 Add nftables support to testutil SetFilterForwardPolicies 7ea0e60dde Skip test TestBridgeINCRouted in rootless mode 0d6e7cd983 libnetwork/osl: stop tracking neighbor entries 9866738736 libnetwork/osl: remove superfluous locks in Namespace b6d76eb572 libn/osl: refactor func (*Namespace) AddNeighbor 3bdf99d127 libn/osl: drop unused AddNeighbor force parameter f834a0bd82 vendor: github.com/miekg/dns v1.1.66 4da3b4bf2d run/pull: Warn/reject AI model images 339be4e2ae Dockerfile: install nano as alternative to vim 588a05a1ce docs/api: Cut docs for API v1.50 94daa36f03 libnetwork: don't reinvent mutexes cd2702e04e Dockerfile: update compose to v2.36.2 01fec904e4 Dockerfile: update buildx to v0.24.0 072483f9d7 c8d/delete: Require --force when deleting platforms 30da69d694 c8d/delete: Support deleting specific platforms acf6b6542e daemon/images: Make ImageDelete take opts struct 871675be9b c8d/delete: Extract untagReferences 153b16ad27 c8d: Extract memoryLabelStore d7cca3f997 docs/api: update deprecation version for erroneous fields 4dc961d0e9 image-inspect: remove Config fields that are not part of the image 0ec3278d48 profiles/seccomp: kernel v6.13 6aa8288cfb profiles/seccomp: kernel v6.12 e03ac1fad9 daemon: createCDICache: fix error-capitalization 7263ae74cd contrib: systemd: update deprecated StartLimit options 888cbfddf2 vendor: github.com/opencontainers/cgroups v0.0.2 42970fc461 registry: replace uses of errdefs package 979f18691a daemon: restore: fix fluentd-async-connect migration for downgrades c6b9bb00f9 api/server/router/build: BuilderVersion: allow buildkit on Windows 560299a16f validation: re-enable check for changes in integration-cli" e354e42e14 vendor: update buildkit to v0.22.0 a2ada6b258 daemon/create: Simplify GetImage args 2c57455339 vendor: github.com/containerd/containerd/api v1.9.0 a3ce441ae0 client: Use containerd errdefs to convert http errors 86187b2606 vendor: github.com/vishvananda/netlink v1.3.1 e8c269843c builder-next: remove support for deprecated schema1 images a9ec07a005 builder-next: add buildkit executor for wcow e655763837 client/volume: use containerd errdefs checks 6bde39b729 client/utils: use containerd errdefs checks 144363fea2 client/task_list_test: use containerd errdefs checks 6cd9eaf5ab client/task_inspect_test: use containerd errdefs checks 68a8a8f3c8 client/swarm: use containerd errdefs checks 0b4495463f client/service: use containerd errdefs checks ad4a3d32c6 client/secret: use containerd errdefs checks df96159df0 client/request: use containerd errdefs checks 7e8b26ecb9 client/plugin: use containerd errdefs checks 2356f435a6 client/node: use containerd errdefs checks 4a830df491 client/network: use containerd errdefs checks 8f2bf4aef5 client/info_test: use containerd errdefs checks a1035ec59b client/image: use containerd errdefs checks 370b7e65fc client/events_test: use containerd errdefs checks 27e64d3bdb client/distribution_inspect_test: use containerd errdefs checks f030c7bf10 client/disk_usage_test: use containerd errdefs checks c75ca8ef10 client/container: use containerd errdefs checks eafa2266f6 client/config: use containerd errdefs checks 685fa0bb91 client/checkpoint: use containerd errdefs checks bb41e5a32e Replace platforms.Format with platforms.FormatAll in functional code. 9319fefe35 vendor: github.com/moby/buildkit v0.22.0-rc2 cf11cd1aac Replace platforms.Format with platforms.FormatAll in user-visible messages and logs. 0b1c7a8306 api/types: move ServiceUpdateOptions to api/types/swarm 31d62930f7 api/types: move ServiceCreateOptions to api/types/swarm 5ad0867236 api/types: move TaskListOptions to api/types/swarm 7e8f630bec api/types: move SwarmUnlockKeyResponse to api/types/swarm f008d85edc api/types: move NodeListOptions, NodeRemoveOptions to types/swarm b13528522a api/types: move ServiceListOptions, ServiceInspectOptions to types/swarm 5e8fd897e1 client/volume: use gotest.tools-style asserts 9432eff6bc client/utils_test: use gotest.tools-style asserts adf7ecc366 client/task_list_test: use gotest.tools-style asserts b781699ee2 client/task_inspect_test: use gotest.tools-style asserts d8ee5caf9a client/swarm: use gotest.tools-style asserts a6cd40de6b client/service: use gotest.tools-style asserts 3658dae265 client/secret: use gotest.tools-style asserts 2e65796c86 client/request_test: use gotest.tools-style asserts 44f30261da client/plugin: use gotest.tools-style asserts 832efcd672 client/options_test: use gotest.tools-style asserts 88453254af client/node: use gotest.tools-style asserts 047343d070 client/network: use gotest.tools-style asserts 6402a106e7 client/image: use gotest.tools-style asserts 043c7fa539 client/hijack_test: use gotest.tools-style asserts a8ed3bd734 client/events_test: use gotest.tools-style asserts c88f921331 client/disk_usage_test: use gotest.tools-style asserts 051dae4fdc client/container: use gotest.tools-style asserts cae3ccd34b client/config_create: use gotest.tools-style asserts bfc684d3f7 client/client_test: use gotest.tools-style asserts 19f3259093 client/checkpoint: use gotest.tools-style asserts a411a39be0 api/types: move ConfigCreateResponse, ConfigListOptions to types/swarm 23117afca8 api/types: move SecretCreateResponse, SecretListOptions to types/swarm 3d1e4d9002 api/types: move build-related types to api/types/build bb7dbaafcd api/types: move BuildResult to api/types/build.Result 6505d3877c API: /info: remove BridgeNfIptables, BridgeNfIp6tables fields 114b8a4fa9 Remove unused image/v1 code 7130cd4f16 Remove DockerSchema1RegistrySuite schema 2 version 1 tests 7c09fa25fd distribution: remove v2 schema1 push a891e4e3e1 validation: temporarily allows changes in integration-cli 2a96d2eb8d align //go:build versions c1b2be0399 client/info_test: Use gotest.tools asserts 9095698a5c daemon: Discover devices and include in system info f95a7c47e8 api: bump API version to 1.50 b70b496505 testutil/daemon: Don't use devcontainers daemon.json 23bbfea718 daemon: Fix error log when CDI cache creation failed 6d7a370fe5 Refactor CPU usage stats test to use go:embed eefe68a37c api/types: move build cache types to api/types/build 7aa7369f1f client: deprecate IsErrNotFound a022e916c8 update authors and mailmap 4cecce03f6 daemon: Enable CDI by default 07466d2e9b daemon: Daemon.ContainerExecStart: rename err-return, and minor refactor d5c370dee6 libnetwork/networkdb: use correct index in GetTableByNetwork 270a4d41dc libn/networkdb: stop table events from racing network leaves 205ba05feb fix usestdlibvars 23fa0ae74a Cleanup http status error checks fadb571106 Update api status checks to use containerd/errdefs 5c16f2d091 Use standard library interface to unwrap errors a90a9d899b Ignore deprecations for internal errdefs package f1bb44aeee Use containerd errdefs for error checks ba2ddd75e4 Dockerfile: update crun to 1.21 f07242f6d7 containerd: include present content size in disk usage calculations 3ded7b97d0 vendor: github.com/containerd/accelerated-container-image v1.3.0 68e025a11b daemon: startIngressWorker: fix S1000: should use for range (staticcheck) 7bc6fd09da Dockerfile: update compose to v2.36.0 76b24759f0 container: Snapshot.Health: change type to container.HealthStatus 7a7d72e874 api/types/container: Summary.State change type to ContainerState 8e57a019dc fix: load the CDI driver before the dockerd daemon starts b3ed54db81 integration/networking: mark TestPortMappedHairpinWindows as flaky 7b5d2b4ec3 chore: bump golangci-lint to v2 3d1cfb4de0 vendor: update buildkit to v0.22.0-rc1 c9b01e0c4c libn/networkdb: SetPrimaryKey() under a write lock 61646c8bfc containerd: remove unleaseSnapshotsFromDeletedConfigs 350bb5197a nftables: attempt a table-reload after an Apply error 06afbe9618 Check nftables is enabled before applying updates 976f855f68 Add OTEL span for nftables updates eeba428939 Make WSL2Mirrored a Firewaller param 1028b123e8 integration, libnetwork: fix some godoc comments (ST1020) a3aea15257 libn/networkdb: Watch() without race conditions ada8bc3695 libn/networkdb: record tombstones for all deletes c68671d908 libn/networkdb: b'cast watch events from local POV ba0ad9e80f Unit test the bridge driver in terms of its firewaller a7ef4a208d Fix multiarch image push tag for containerd snapshotter 854f3f62db container: don't persist State.RemovalInProgress on disk 44b653ef99 container: deprecate IsValidStateString e477df3b31 daemon/cluster/executor: use container.ContainerState consts 3bbdda696d use container.ContainerState consts in tests b811829595 api/types/container: add ContainerState and const for container state 8b6d6b9ad5 d/cluster/convert: expose Addr() on plugins 37259540e9 Remove/replace integration-cli tests that use iptables directly daeb080ff1 Test Iptabler params ea2e147c4c TestPruneDontDeleteUsedDangling: rename var that shadowed import 02e800dcbb plugin: use t.TempDir 57b27f2e9e image: use t.TempDir and rename vars that shadowed 08c5ebe040 layer: use t.TempDir and minor cleanups f84694ebdc container: use defer for locks 24f305b666 Makefile: set BIND_DIR to "." by default 4b6a9d23af cmd/dockerd/trap: use t.TempDir ea37a1f040 integration/build: use t.TempDir 900bd88848 internal/directory: use t.TempDir 46baf7deb0 distribution: use t.TempDir 1b4ba20708 distribution/metadata: use t.TempDir, rename var that shadowed 735ccfbc6f pkg/stack: use t.TempDir 72a11b84d4 testutil/fakestorage: use t.TempDir b38f73afe3 daemon: cleanupContainer: leave decorating container-id/name to caller d44b2e4bd7 daemon: cleanupContainer: use state-fields instead of string form 4a00ce10fa daemon: rmLink, cleanupContainer: rename args that shadowed import 1cf7d7ea4b hack/make/.binary: update link to go source for "pie" support e991c7185d update to go1.24.3 89ee292709 container: update GoDoc for State 7dae7c54dd fluentd: add write timeout log option 56ad941564 Fix possible overlapping IPs when ingressNA == nil dc1d23c646 Revert "rootless: skip tests that need br-netfilter loaded" 4b9092aa27 Load br-netfilter for rootless test-integration 7957a28859 container: remove GoDoc for deprecated aliases. fe403362b4 container: State.Wait(): don't use deprecated type 0bd82bfac2 chore: add systemd-sysusers configuration df662ebc59 container: deprecate IsValidHealthString f9c4601760 volume/mounts: MountPoint.Setup: rename output-var, and simplify err-handling 6ac3afe483 volume: remove/rename err-returns 986988a394 testutil/daemon: Daemon.StopWithError: rename output-var to prevent shadowing 3606712e2d testutil: remove named returns fe2d323c82 registry: remove/rename err-returns, and minor refactor 79b1b561a3 registry/resumable: remove named err-return, fix minor linting issue e67b6bfc69 plugin: remove/rename err-returns 943dfa985d oci: remove named err-return 0b169d34e4 libnetwork: remove named (err)-returns 154230cdd7 libnetwork/portallocator: getDynamicPortRange: fix err-handling on freeBSD 962fd8bc41 libnetwork/ipams/remote: inline decodeToMap cfdfbfab9b libnetwork/drivers/remote: inline decodeToMap 152db74d96 libcontainerd: remove/rename err-returns f87dcbe350 layer: remove/rename err-returns and remove naked returns 6981aad790 internal/testutils: remove named returns d1c58bdbbe integration-cli: remove/rename err-returns and remove naked returns 1b317b0323 distribution: remove named err-returns and minor refactor 1244685329 Optimization methods in internal\metrics\metrics.go 84ef7e4899 Allow TestIsolated/ipv6 to unexpectedly pass 4c4810e5d2 rootless: skip tests that need br-netfilter loaded dacf445614 libn/networkdb: don't exceed broadcast size limit 697c17ca95 libn/networkdb: take most tests off flaky list 90ec2c209b libn/networkdb: listen only on loopback in tests e3f9edd348 libn/networkdb: advertise the configured bind port ec65f2d21b libn/networkdb: fix data race in GetTableByNetwork d0af7c3c08 Move Cory from Reviewers to Committers b0777be89e Use firewaller.IPVersion instead of iptables.IPVersion for gwmode 3cbb1ae736 Move filter-FORWARD DROP setting to the firewaller 44843d9917 Pass context to more places a9bf151260 Put Iptabler behind a Firewaller interface. 92e497b9dc Create api interface to define build usage backend aef409dfb2 Remove unused reference store in image api 9eec936eb0 project: update status of branches for Moby 28.x 9315b15dc6 fix(ST1006): Poorly chosen receiver name 70139978d3 fix(ST1016): Use consistent method receiver names 9e9b6cc42e fix(ST1019): Importing the same package multiple times 27bf320a72 fix(ST1017): Don’t use Yoda conditions 98fa4bcfeb fix(exhaustive): missing cases in switch of type snapshots.Kind 95af77d038 fix(ST1015): A switch’s default case should be the first or last case f770f6c5ec fix(QF1012): Use fmt.Fprintf(x, ...) instead of x.Write(fmt.Sprintf(...)) a88c49f38e fix(QF1011): Omit redundant type from variable declaration 4f9214c156 fix(QF1007): Merge conditional assignment into variable declaration be54c79d9c fix(QF1006): Lift if+break into loop condition 2cce9a51ca fix(QF1004): Use strings.ReplaceAll instead of strings.Replace with n == -1 e2e7f9964f fix(QF1003): Convert if/else-if chain to tagged switch b0711d5fe9 fix(QF1001): Apply De Morgan’s law 7d8df25d16 fix misused error fef139ccc1 fix import 44a3453d73 Add daemon option --allow-direct-routing c16caabe36 Add TestNetworkConfigurationMarshalling a94643a1b3 bridge: add option com.docker.network.bridge.trusted_host_interfaces 33f5b9e963 Don't add stub Endpoint/Network object to cache on Sandbox restore c129c0fa9f Improve logging and readability of Controller.sandboxRestore 5d8192fcce Report endpoint id as well as name in ActiveEndpointsError 9aa66be7ec vendor: github.com/moby/buildkit v0.21.1 a79d081aa5 config: set buildkit gc enabled to default to true 19ccb75c62 daemon: remove/rename err-returns and remove naked returns 9ed975a247 daemon: NewDaemon: rename err-return 3e586094fc daemon: parseXXVersion: rewrite to be slightly more iodiomatic 2145cf6309 daemon: Daemon.ContainerStatPath, ContainerArchivePath: minor refactor 6da1ff6bf9 builder/builder-next: fix vars that shadowed (govet) 692610414a pkg/plugins: fix vars that shadowed (govet) 0fcd23ec13 daemon/logger/loggertest: fix vars that shadowed (govet) 4c57ffaca7 api/server/router/build: fix vars that shadowed (govet) eef5c75276 api/server/router/network: fix vars that shadowed (govet) 7edd83a1b3 libnetwork: fix vars that shadowed, and slight refactor (govet) 7dbe2f1fb6 libnetwork/portallocator: fix vars that shadowed (govet) 357b136ee9 libnetwork/drivers: fix vars that shadowed (govet) f831618e5b libnetwork/networkdb: fix vars that shadowed (govet) f633e8f03f libnetwork/cmd/diagnostic: fix vars that shadowed (govet) 190ad0610d daemon/logger: remove/rename err-returns and linting warnings ba15bbc422 daemon/images: rename err-returns to prevent shadowing 48220008d8 daemon/graphdriver: remove/rename err-returns and remove naked returns 088c180a9e daemon/containerd: remove named err-returns dc79403f7b daemon/cluster: remove/rename err-returns and remove naked returns 9b62592bfe Dockerfile.windows: update github.com/tc-hib/go-winres to v0.3.3 d6b2aec809 pkg/progress: remove named err-return 029f267d9b pkg/pidfile: remove named err-returns fdbf246889 pkg/parsers: remove named err-returns b0f93d5283 pkg/fileutils: remove named err-returns ab8e3da82c pkg/stdcopy: remove/rename err-returns d17a62592f pkg/ioutils: remove named err-returns f193ff1317 pkg/broadcaster: remove named err-returns 91f6e00ffa hack: Update broken links from README 7868d3ee3e vendor: github.com/opencontainers/runtime-spec v1.2.1 100102108b Use container status values from api 878de14c8d man: vendor github.com/cpuguy83/go-md2man/v2 v2.0.7 11f65b566d vendor: github.com/spf13/cobra v1.9.1 ea7152e493 volume/local: use t.TempDir 4b41198e3c volume/mounts: use t.TempDir 2b869baea3 volume/service: use t.TempDir 88f6dd72e5 volume/service: rename interface that collided with vars 3b4e21081f container: remove unused named-returns 35167dc616 client: Client: PluginInstall, PluginUpgrade: remove/rename err-returns bb57656932 builder/remotecontext: remove unused named and "naked" returns 5416f2d57c builder/dockerfile: remove unused named and "naked" returns f38b1fa30d builder/builder-next: SanitizeRepoAndTags: remove named err return c025dd74f0 builder/builder-next: wrapRC.Read: remove intermediate err-var 49d5b2cc8e builder/builder-next: puller.resolve: rename err-return 3f2296cfc1 api/server/router: remove named (err) returns 1e4bb14bcd api/types/container: define HealthStatus "pseudo" type c690e0076a use consts for health-status in tests 91473ce253 api/server/backend/build: sanitizeRepoAndTags: remove named err return c5031c8632 api/types/time: remove named err return 50a856157c containerd: images overridden by a build are kept dangling eee14cff72 builder/remotecontext: use t.TempDir 5749bc242a builder/dockerfile: use t.TempDir, rename vars that shadowed b54a038bec docker exec: fail early on exec create if specified user doesn't exist 37725b5eae Drop "-o com.docker.network.enable_ipv[46]" if overridden 8d0c272e4a Add TestLegacyLink dfd59c0a95 Dockerfile: Fetch vpnkit from moby org af0232d52b integration/build: Unskip TestBuildEmitsImageCreateEvent for c8d a0ff0a361e iptables: Direct routing DROP rules per-container, not per-port dea236e0ce Split iptabler into multiple files 282b3f7b97 Move bridge driver iptables code into its own package 8c36a22e79 Rename function insertMirroredWSL2Rule aa4abaf820 Use firewaller (iptabler) structs in iptables unit tests 75c60598b7 Move clearConntrackEntries to bridge_linux.go 42d149e45d fix duplicate import, and force consistent alias for bolt eede75c9d4 testing: remove some defer cleanup in favor of test.Cleanup() e3a0f2e690 vendor: github.com/vbatts/tar-split v0.12.1 bcc720abde builder/remotecontext: MakeGitContext: use "WithFields" for logs 54a556a5ef builder/remotecontext: Deprecate Rel() 2808e59f4c Dockerfile: update compose to v2.35.1 a75be33ba0 Dockerfile: update buildx to v0.23.0 dd36139b1a Dockerfile: update cli to v28.1.1 f1e3ed0c48 Dockerfile: don't pin syntax to 1.7 fc8361c078 vendor: github.com/containerd/containerd v2.0.5 62f51e4367 vendor: golang.org/x/oauth2 v0.29.0 bbbb0036df cleanup ignore files ead379a464 contrib/rootless-setuptool: Fix iptables detection 7c52c4d92e update go:build tags to go1.23 to align with vendor.mod 619f1ddd05 Warn when no external DNS nameservers are found 6083fad7df Reset default bridge addresses after integration tests c2b7abacf8 Use setupTest instead of testutil.StartSpan in tests d4e0d6f2a1 Integration tests: use different docker0 addresses fd550344b1 vendor: github.com/moby/go-archive v0.1.0 fd5e772aec CI: deduplicate execution of unit tests b8067d159f docs/api: update image tarball format a38ca9a548 daemon/initlayer: Setup: remove uses of idtools.Identity 380ded6309 Store an endpoint count for networks, for downgrade ae0331d8f5 vendor: update buildkit to v0.21.0 57bf7a8c70 bridge: Add a missing error check for firewaller setup c49ce64514 integration/TestStopContainerWithTimeout: Attempt to fix flakiness 7eda35fd05 profiles/apparmor: IsLoaded: optimize 0462b5e318 profiles/apparmor: add BenchmarkIsLoaded b23d267cb5 profiles/apparmor: add basic unit-test for IsLoaded 0dd5959eeb profiles/apparmor: InstallDefault: slight cleanup and optimization 0bb761698c profiles/apparmor: loadprofile: fix double command in error message 8e1c366773 profiles/apparmor: remove "// import" comments 1fa6a46c5d profiles/seccomp: remove "// import" comments 89604f1df1 profiles/seccomp: use stdlib for asserting 14623770e1 vendor: github.com/moby/buildkit v0.21.0-rc2 eacbbdeec6 Revert "API: /info: remove BridgeNfIptables, BridgeNfIp6tables fields" ece7e02b86 Update AUTHORS adb9e9135a docs/api: add documentation for API v1.49 099d3ee008 daemon: containerStart: add filtered labels to OTel span 0c5e816638 daemon: trace containerCreate f96dc9d1a5 Dockerfile: update registry to v3.0.0 4d35864c3d Fix removal of legacy links 5d2006256f API: /info: remove BridgeNfIptables, BridgeNfIp6tables fields 499e15d4ab api/server/middleware: fix debug-logs missing form-data 97688e8d06 container: Container.SetupWorkingDirectory: remove use of pkg/idtools 5f9d99b4cc integration-cli/swarm: Update to use gotest.tools ea6c76ee03 integration-cli/TestSwarmInit: Skip failing part on CLI after 18.06 fab94808f5 integration-cli: Update default CLI version to v18.06.3-ce 6c73266a71 Add registry error handling for push and pull ae3a1ac602 vendor: github.com/moby/buildkit v0.21.0-rc1 cd89a35ea0 Run CLI tests with cgroups v2 7435e4a1be registry: remove deprecated ServiceConfig.AllowNondistributableArtifacts ba03cd7a63 daemon/config: add test for deprecated daemon.json fields d72e434d30 vendor: golang.org/x/mod v0.24.0 224b393eb3 vendor: golang.org/x/net v0.39.0 b1ac2a53ed vendor: golang.org/x/crypto v0.37.0 a8af27bbae vendor: golang.org/x/text v0.24.0 7d49b014b6 vendor: golang.org/x/sync v0.13.0 9d04c28def vendor: golang.org/x/time v0.11.0 cdb3590e1a vendor: golang.org/x/sys v0.32.0 970fc1b6f7 Basic compose file for testing OTEL bits d8a5e8928b replace uses of idtools.MkdirAllAndChown, MkdirAllAndChownNew d96d20d45f update golangci-lint exceptions 29e0db25e7 Factor out top-level iptables setup into its own object 241d685574 libnet: add ep name in 'has active endpoints' error 489cd7edfc api, daemon, libnet: add a 'trigger' baggage member 31ac5cb6d9 libnet: New: plumb context 667c7d70b3 libnet/d/bridge: trace network setup steps eaae4b5fb6 libnet/d/bridge: put span prefix in var 78be7ebad7 libnet/d/bridge: trace createNetwork f8806f2b80 libnet/osl: independent OTel trace for advertiseAddrs d0154d3e59 Update to use github.com/moby/go-archive 45f9d679f8 Update remaining Ubuntu 20.04 uses to 22.04 and 24.04 57a042b77c deprecate pkg/(chroot)archive for github.com/moby/go-archive 564abf9157 api: info: omit deprecated "Commit.Expected" fields on API >= 1.49 f410dbda88 dockerfile: dind target to build docker image for testing c3fa7c1779 Test that firewalld reload doesn't re-create deleted iptables rules dbea045e0d Report firewalld reload time in Info.FirewallBackend a527e5a546 Restore iptables for current networks on firewalld reload 7d9c50db2b api: /info: omit non-distributable-artifacts fields for API >= 1.49 a0a86d0982 Add Info.FirewallBackend 25a80bd48e vendor: github.com/moby/sys/atomicwriter v0.1.0 4eebd2c920 libnet: TestNetworkStore: replace assert.Equal with Check e22d04e8a9 Improve CPU usage parsing and error reporting 40650c6982 libnet: de-flake TestNetworkStore 1c79c893b1 libnet: de-flake TestEndpointStore 8a5f141b0e registry: Service.lookupV2Endpoints: wire-up context 9d8c8382d3 registry: authorizeClient: wire-up context 8b920b2812 registry: loginV2: wire-up context 4642704ed7 registry: newTransport: remove intermediate var 7acef8101e c8d/pull: Show progress for non-layer blobs b3791dea92 pkg/archive: fix linting issues a427477220 pkg/idtools: MkdirAllAndChownNew: improve deprecation message a91bcc677b vendor: github.com/klauspost/compress v1.18.0 2c54f6f316 vendor: github.com/google/go-cmp v0.7.0 6422ff2804 deprecate pkg/atomicwriter, migrate to github.com/moby/sys/atomicwriter f1ec5bf14f pkg/idtools: remove tests already covered in moby/sys/user 3fc36bcac4 Update daemon to use moby sys/user identity mapping b5c99c0e95 Update moby/sys/user to version which includes mapping 0a83a476d8 registry: v1Endpoint.ping: pass through context 2a272a0c5d registry: newV1Endpoint: pass through context f158d2e809 registry: ReadCertsDirectory: internalize, and pass context 51d7f95c4b libnet: remove struct endpointCnt d377cd3810 libnet: Controller: cache networks in-memory cc8bd2016e libnet: Controller: cache endpoints in-memory c6cdfbf495 pkg/atomicwriter: return early if parent directory is invalid 00c988caa4 pkg/atomicwriter: add test for parent dir not being a directory ad386f64e5 pkg/atomicwriter: error on unknown file-modes ec82bc35c3 pkg/atomicwriter: disallow symlinked files for now f3aebbf9d8 pkg/atomicwriter: add basic godoc for package f80feba181 Rootlesskit: check for module nf_tables 7d742ebf75 Add utils for manipulating nftables rules 59169d0f97 image/inspect: Add platform selection d4e70f6325 vendor: tags.cncf.io/container-device-interface v1.0.1 74b71c41ac update to go1.23.8 (fix CVE-2025-22871) fc58c829e8 registry: ParseRepositoryInfo: remove some intermediate vars 44b7a42fc6 registry: ReadCertsDirectory: return early on error 4f65e35f02 registry: NewService: return nil on error a7daab5df4 registry: authTransport: un-export AuthConfig, RoundTripper 795461eceb docs: api v1.48: Move ImageGet api docs under Image tag e1e58409a1 docs: API v1.48 Add missing platform parameter to ImageGetAll api docs db275ddbc1 libnet: fix duplicated port mappings in overlay networks a9e22ee5e7 Don't run unit tests with mode rootless 749e35cf5e Move ImageGet api docs under Image tag 094df015b1 Add missing platform parameter to ImageGetAll api docs 7243860557 Include per-port rules in iptablesNetwork 4390ab275a api: bump API version to 1.49 0b5e1f904a Use netip.Addr instead of net.IP for legacy links 725e699741 Simplify iptables setup for legacy links 31f9ae0d19 registry: TestValidateMirror: improve coverage cb0a9d713c registry: ValidateMirror: touch-up GoDoc 6b258ce567 registry: session.searchRepositories: pass through context 83aaa3428f distribution: pusher.push(): don't use APIEndpoint.Mirror field 6439824449 distribution: pushDescriptor: remove unused endpoint field 09ee47de39 distribution: cleanup some tests and add missing error-checks adfed82ab8 Install and run firewalld for CI's firewalld tests 409707b633 bridge: factor out creation of network-level iptables rules ec7fe73690 distribution: pushDescriptor: rename repoInfo to repoName b1c526b4a9 daemon/containerd: remove registryResolver interface 0d95e1680a registry: ResolveAuthConfig: inline newIndexInfo code 6c643bc366 lookup auth-config without depending on RepositoryInfo a18dae049f daemon/containerd: registryResolver: remove IsInsecureRegistry abcc70b9ef distribution: GetRepositories skip using Service.ResolveRepository 071d8b21e9 distribution: Push: skip using Service.ResolveRepository 8b6a045aa4 distribution; newPusher: don't require RepositoryInfo 8653af5854 distribution: pullEndpoints: skip using Service.ResolveRepository 20a2807caa distribution: pullEndpoints: don't return RepositoryInfo f1ecce6877 distribution: pullEndpoints: don't require RepositoryInfo d6afe88b3c distribution: newPuller: don't require RepositoryInfo 03918c5b07 distribution: layerDescriptor: don't require RepositoryInfo c91318e6c0 distribution: newRepository: don't require RepositoryInfo 2e8bf8b0ab distribution: remove vars that shadowed imports or types d8fa2f8071 registry: deprecate APIEndpoint.Official field 0ab6f07c31 Fix TestPassthrough 2d643b6835 Firewalld: skip unit tests that run in their own netns 4fbfb618c3 Skip flaky part of TestAccessPublishedPortFromHost b8323abe0a TestIsolated for IPv6 is broken under firewalld 86eff82789 Firewalld: Skip tests that run dockerd in an L3Segment dc963a00c1 Firewalld should use its nftables backend b8cacdf324 Add test util "FirewalldRunning" 8f506a51e5 containerd: ensure overwritten images from load are left dangling 7b2e47846c Run systemd/rootless when systemd/rootless unit testing 8d9e3502ab hack: Fix TestOverlay* test failure in pkg/archive f5d84a45cc Start containers, even when connected to a disabled bridge port 072ea62fcc vendor: github.com/opencontainers/image-spec v1.1.1 a60603bfa3 hack/validate: Add gocompat 2be7f48561 implement module compatibility check cc90726fb8 Add missing go1.22 build constraints 19a0f886da testutil: Update to `any` from `interface{}` f14c23a90f libnetwork: Update to `any` from `interface{}` 82ec984d10 daemon: Update to `any` from `interface{}` 003bf197d7 container: Update to `any` from `interface{}` 444a1597ff c8d/builder: Fix missing `image tag` event with BuildKit 2fce935df2 vendor: github.com/moby/buildkit v0.20.2 7c09e4e607 TestBuildEmitsEvents: Skip Windows only for buildkit 99356b6e17 integration-cli/TestBuildEmitsEvents: Verify event count 3e957c6240 remove some redundant import-aliases 4db84b197d switch to github.com/opencontainers/cgroups 697956a8c7 vendor: github.com/opencontainers/selinux v1.12.0 34bc972519 vendor: github.com/golang-jwt/jwt/v5 v5.2.2 d01ee23c15 Dockerfile: update registry to v3.0.0-rc.4 081987b647 Dockerfile: disable saving Golang telemetry in dev-container af14f3e7d3 Dockerfile: upgrade Delve to v1.24.1 d0b4bdbd25 api/router: postContainersAttach, wsContainersAttach: minor cleanups 73aa7e933c daemon: daemon.containerAttach: use structured logs d494520aa0 daemon: daemon.ContainerAttach: use Println instead of Printf 183ca46099 daemon: daemon.ContainerLogs: move vars closer to where used c164eec7e9 daemon: daemon.ContainerAttach: move vars closer to where used f7853799fc daemon: daemon.containerAttach: remove redundant defers 80bf93c9d7 daemon: daemon.containerAttach: rename vars for clarity and prevent shadow daeb6fb0b7 vendor: github.com/cilium/ebpf v0.17.3 eeee17eaad Dockerfile: update runc binary to v1.2.6 c1c5f16b8b vendor: github.com/opencontainers/runc v1.2.6 be6e92a57b pkg/atomicwriter: use sequential file access on Windows 452ff75159 Dockerfile.simple: avoid `Could not find installer for "proxy"` fa21996da5 containerd: prioritize non-dangling images with image list 126d4cf672 client: remove version-gate for JSON response errors 230f178f8b api: return plain-text errors for deprecated API versions c7fbe1c2ba integration-cli: fix duplicate close of body 1c00755826 integration-cli: fix some unhandled errors 8be5696c37 daemon/logger/journald: rename func that shadowed builtin f2a183a991 daemon: return port-mappings from all endpoints 6b3b479192 daemon: getEndpointPortMapInfo: err is never used 35766af7d2 Dockerfile: update containerd binary to v1.7.27 c9a763ecc9 daemon: remove redundant call to getEndpointPortMapInfo fb3cce1988 vendor: github.com/containerd/containerd/v2 v2.0.4 4276f330fc cmd/docker-proxy: do not eagerly GC one-sided UDP conns 0356854327 cmd/docker-proxy: make the conntrack timeout a property of UDPProxy d70fd32a18 cmd/docker-proxy: UDP: thread-safe Write and Close 485cb90b77 Remove duplicate iptables-enabled checks fce915897c Combine firewalld reload callbacks for IPv4/IPv6 ac34bd9bda integration/container: Remove Parallel from TestWait* dd7f9f08d8 integration/container: Increase stop timeout for TestWaitRestartedContainer a8f14e06d6 Improve performance of daemon.Containers(). c0ca783edb Allow macvlan endpoint to start with parent down 26fea35942 daemon: Fix panic on Windows when restoring pre v28 container 90a83063ee runconfig/errors: split `ErrConflictHostNetwork` a3fef5debc Mask Linux thermal interrupt info in /proc and /sys. cf3e42abaf Add an opt-out for iptables 'raw' rules 0f11ee1ae2 registry: ReadCertsDirectory: don't process same file multiple times dd7ab0e82b registry: deprecate HostCertsDir 3cc9881ab7 registry: always set a non-empty CertDir b633c4cc33 registry: deprecate SetCertsDir d0dd035278 builder-next: fix min-free-space prune with graphdriver backend 1daeaec333 pkg/atomicwriter: validate destination path 4d8cff7bd4 Don't skip DNAT for a routed network without userland-proxy 084b7cec1a pkg/atomicwriter: add additional test-cases ff061e28c1 pkg/atomicwriter: don't overwrite destination on close without write 88a5bca43c pkg/atomicwriter: add separate tests for New() 09e804f570 pkg/atomicwriter: refactor tests 2124706447 integration: Increase timeouts in TestStopContainerWithTimeout 946bf70f89 integration: Deduplicate TestStopContainerWithTimeout fee063f01e daemon/c8d: Refactor singlePlatformSize into separate functions f7d7fd9c52 contrib/check-config: add IPv6 modules 2a109e6c32 contrib/check-config: add ip_nf_raw 0e54920e01 Dockerfile: update RootlessKit to v2.3.4 7ae9e41ff6 vendor: github.com/rootless-containers/rootlesskit/v2 v2.3.4 55ff0062ca vendor: github.com/containernetworking/plugins v1.6.2 125aa3a682 vendor: golang.org/x/sys v0.31.0 5d6b56699d client: add API-version dependent validation for mount options aa33bdaa71 registry: move emptyServiceConfig to test-file 0823d76ec5 client: keep image refs in canonical format where possible 907773160b registry: rewrite ParseSearchIndexInfo to not depend on IndexInfo b22431ee9c pkg/atomicwriter: New(): use absolute path for temp-file 58bd93a625 pkg/atomicwriter: New(): prevent creating temp-file on errors 49c89b0177 docs/api: improve doc for Secret and Config data fields (API v1.31-v1.48) df0cefcc95 api/swagger: improve doc for Secret and Config data fields f2d53142b0 api/types/swarm: document Secret and Config data fields c2c3d593cf registry: rewrite ParseRepositoryInfo to not depend on IndexInfo 42f1e38e20 integration/image: TestRemoveImageGarbageCollector: don't set zero-values 42ca9154e9 layer: remove StoreOptions.ExperimentalEnabled df519e9e1a daemon: Fix giving up too early while connecting to containerd socket ace8c9c94f vendor: golang.org/x/net v0.36.0 bc0ca67b1c vendor: golang.org/x/net v0.35.0 9278110260 Dockerfile: update containerd binary to v1.7.26 0a58c73e0d integration/net: Retry TestAccessPublishedPortFromAnotherNetwork d34e1ff826 layer: remove StoreOptions.MetadataStorePathTemplate 556633ca47 cmd/dockerd: daemonCLI.start: scope local errors 8b59e1a398 cmd/dockerd: daemonCLI.start: return error instead of log.Fatal 8a8cdaaa11 cmd/dockerd: daemonCLI.start: don't log warnings before failing 6e30a4cc0c cmd/dockerd: explicitly access Config fields dfecaaf908 cmd/dockerd: rewrite getContainerdDaemonOpts to a func b95fdcd084 cmd/dockerd: createAndStartCluster: change to accept Config 29aa7e15bd cmd/dockerd: rewrite getSwarmRunRoot to a regular func 29c296e1dd cmd/dockerd: rename vars that shadowed imports f87ae7c914 gha: test-prepare: update to Ubuntu 24.04 c41ed7c98c gha: build, cross: update to Ubuntu 24.04 d29038d1cb gha: integration-cli-prepare: update to Ubuntu 24.04 a23058e0d7 gha: integration-cli-report: update to Ubuntu 24.04 de69b552ff gha: integration-report: update to Ubuntu 24.04 b61f409972 gha: test: update Ubuntu 22.04 -> 24.04 60276fafca gha: integration-prepare: update to ubuntu 24.04 651fb91c4d gha: arm64: update Ubuntu 22.04 -> 24.04 f6a9ed5f0a gha: arm64: test-integration-report: update to Ubuntu 24.04 13e1ef6277 gha: arm64: test-unit-report: update to ubuntu 24.04 27404044a6 gha: validate, build-dev: update to Ubuntu 24.04 3571982458 gha: smoke: update to Ubuntu 24.04 ee73f2e5da gha: docker-py: update to ubuntu 24.04 b9ca3d198e gha: unit: update to ubuntu 24.04 1a0afb0f9e gha: bin-image: update to ubuntu 24.04 4919bf9f41 gha: buildkit: update to ubuntu 24.04 7b1fd61864 gha: validate-pr: update to ubuntu 24.04 eeffc099ef gha: dco: update to ubuntu 24.04 06b87d80ee gha: docker-py: set TEST_SKIP_INTEGRATION_CLI=1 c9f53d506a Merge ps_test.go into list_test.go. 95bf53fb6c container/stream: Don't log error when streams are properly closed 6e55f83747 Remove unused toml validation bf8a27a55a Remove inactive maintainers with no activity in last two years 9e814fc0d7 Remove inactive former curators b868fad5e3 Update governance to replace TSC and add maintainer roles 690f758505 vendor: golang.org/x/oauth2 v0.27.0 55599fd9b3 vendor: golang.org/x/oauth2 v0.26.0 a47d9c5f58 vendor: golang.org/x/crypto v0.35.0 3a28163007 vendor: golang.org/x/crypto v0.34.0 ffc91fd76a vendor: golang.org/x/crypto v0.33.0 7cba8aef1c vendor: golang.org/x/text v0.22.0 995d71a033 vendor: golang.org/x/sync v0.11.0 e325564f38 vendor: golang.org/x/sys v0.30.0 65b460b9ef vendor: update buildkit to v0.20.1 6e8eb8a90f vendor.mod: update minimum go version to go1.23 26edf2d0a7 Flush iptables chains DOCKER-CT, DOCKER-BRIDGE on startup 5f912e4cf5 update to go1.23.7 a8178613af golangci-lint: enable nakedret linter c359cc6829 api/types/registry: fix naked returns b1c008c007 api/server/router/build: fix naked returns 4aecdd5744 image/tarexport: fix naked returns and slight refactor 99b6012a02 daemon/logger/awslogs: remove unused named return 4fa9ec3192 daemon/logger: fix naked returns and slight refactor eeb5651de5 daemon/graohdriver/fuse-overlayfs/: fix naked returns and slight refactor 02b4610246 daemon/graohdriver: fix naked returns 964413c3a1 daemon/cluster: fix naked returns 387ec71630 daemon: fix naked returns 85c8fb7fda daemon: getSystemCPUUsage(): fix naked returns, output vars 5c85847a55 registry: fix naked returns, output vars 17448ef1c8 plugin: fix naked returns, output vars faa9cb125b pkg/tarsum: fix naked returns b5b514ab04 pkg/stdcopy: fix naked returns d3d84bde4b pkg/pools: fix naked returns 52b8298975 pkg/chrootarchive: remove unused named return b38f0dd804 pkg/archive: fix naked returns, output variables in tests d59a9d9b10 pkg/archive: fix naked returns, output variables c62f5aff42 libnetwork: fix naked returns 8978b30b1a libnetwork/types: fix naked returns 619e8f8148 libnetwork/osl: fix naked returns 02b4c7cc52 libnetwork/drivers/overlay: fix naked returns, output variables 94afddb18d libnetwork/cmd/networkdb-test: fix naked return 379b82862f layer: fix naked returns b1c617681f internal/unix_noeintr: fix naked returns 51f574ea0e internal/mod: fix naked returns e1538336c7 integration-cli: fix naked returns, output vars 220b3c591f container/stream/bytespipe: fix naked returns, output vars 0cd39d7b23 builder/remotecontext: fix naked returns 0c1b37c50a builder/dockerfile: fix minor linting issues 8302cd2d29 builder/dockerfile: downloadSource: fix naked returns, output vars 00bd916203 libnetwork/resolvconf: Build: re-implement using new implementation 2f19577877 libnetwork/resolvconf: Build: align order with new implementation 03aeedcca9 libnetwork/resolvconf: update tests to use more correct values c34f8bbba3 integration/volume: setupTestVolume: minor cleanups and fixes 28bf578a40 integration/volume: TestRunMountImage: use test-util for container cleanup e41eaf2c8d integration/volume: TestRunMountVolumeSubdir: remove some logs f1bec97dfe registry: use literal for empty slice 7b4e21e5d0 registry: fix typo in godoc be9c4dd3c5 registry: TestNewIndexInfo: add more test-cases 949afd933b registry: TestNewIndexInfo: assert all fields 310d6d2fa5 registry: TestNewIndexInfo: use sub-tests 50d17676e4 registry: TestParseRepositoryInfo: add test-cases for IPv6 refs 328b808765 registry: TestParseRepositoryInfo: assert all index-info fields d9634c3b28 registry: TestParseRepositoryInfo: use sub-tests e2a5220ec3 registry: remove makeServiceConfig test-utility 52419cf933 golangci-lint: enforce "is" alias for gotest.tools/v3/assert/cmp 1c63f3983b volume/service: adjust "gotest.tools/v3/assert/cmp" import alias 9766a446ae integration/network: adjust "gotest.tools/v3/assert/cmp" import alias c16fcdfc4b integration/image: adjust "gotest.tools/v3/assert/cmp" import alias 6abe6a910a integration/container: adjust "gotest.tools/v3/assert/cmp" import alias 22069f2431 integration-cli: adjust "gotest.tools/v3/assert/cmp" import alias 605f02a59b distribution: adjust "gotest.tools/v3/assert/cmp" import alias 75b86c47d9 daemon/logger/loggerutils: adjust "gotest.tools/v3/assert/cmp" import alias 59e6d1d214 registry: TestLoadInsecureRegistries: don't mutate emptyServiceConfig 849f344ecc registry: split normalizing index name from validating fee40a9333 registry: create emptyServiceConfig without parsing a3583b4b58 registry: newRepositoryInfo only check for official images for Docker Hub 08654b0b30 registry: deprecate RepositoryInfo.Official field dbc9d56820 vendor: github.com/containerd/containerd v2.0.3 15895d8ead daemon/graphdriver: rename vars that shadowed aa9817b0c5 testutil: remove isErrNotFoundSwarmClassic 0ab7d41f9e testutil/environment: Execution.Clean: remove redundant condition b301c34b92 libcontainerd/local: remove arg-names for stubs 12f89cc19b libcontainerd/local: NewClient: remove unused cli, stateDir, ns args 620f26e1e3 libcontainerd/local: client.createWindows: remove unused runtimeOptions 9c4e10126e libcontainerd/local: client.NewContainer: use early return 7c1a2301f0 libcontainerd/local: client.extractResourcesFromSpec: use early return fc462d699a Dockerfile: update compose to v2.33.1 855563fc43 Dockerfile: update docker CLI to v28.0.1 ab7305c85a Check swarm's jump to DOCKER-INGRESS be14d9148c Make integration/service/network_test.go Linux-only cfc562c358 daemon/cluster: create "state" and "runtime-dir" closer to where used ef4f4d845d daemon/cluster: rename Cluster.root to Cluster.stateDir 4d3d4bbeeb daemon/cluster: remove Config.WatchStream and move to constructor cdbb62394c builder/dockerfile: remove intermediate var that shadowed 558da63444 Jump to DOCKER-INGRESS from DOCKER-FORWARD fdd534d2ca libcontainerd: windows: return errdefs type for pausing 60782e6d39 container: fix some errors on Windows c37690b98e libnet/portallocator: un-export errors that were not used as sentinel errors cfc049c938 Use iptables-nft in the dev container / CI 47ca352b0d vendor: github.com/opencontainers/runc v1.2.5, cyphar/filepath-securejoin v0.4.1 Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
* crun: update to 1.21Bruce Ashfield5 days1-5/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumping crun to version 1.21-216-ge922e422, which comprises the following commits: aa082854 tests: install catatonit package 405d2a2c libcrun: setup /dev/console as a symlink to pty instead of bind mount 1203dadc Fix regression on Windows WSL 4db005a5 Fix incorrectly set cpu.max when quota is -1. f231b79a krun: check `kconf->handle{_sev}` exists before unloading 910eb16b utils: normalize S_ISDIR() result to 0 or 1 91732ac0 libcrun: add crun_error_get_errno 7d618b7a status: simplify libcrun_status_check_directories b34f613e status: add cleanup_free 7407bbc9 Revert "chroot_realpath: do not return non-existing paths" 1412f0a8 test: bump containerd version 82b75fa4 cfg.mk: prohibit usage of sprintf af163aa5 container: use snprintf instead of sprintf 07eef8ac container: use xasprintf instead of sprintf c3c19280 error: replace sprintf with snprintf 4666e880 cgroup: replace sprintf with snprintf c212049d seccomp: replace sprintf with snprintf 9bb4e901 linux, utils: use snprintf instead of sprintf 4353d55a status: use snprintf instead of sprintf 271f7f50 intelrdt: use snprintf instead of sprintf fd118c15 cgroup-setup: drop unused variable 4dbe7549 configure.ac: fix variable name a95034a4 linux: ensure fstype is not NULL d462c1cf tests: improve error messages in start tests f2ae65db tests: improve error messages in seccomp tests 6b3485f3 tests: improve error messages in rlimits tests dffbeadd tests: improve error messages in resources tests 8f518ee2 tests: improve error messages in oci_features tests 2bfc81bd tests: improve error messages in limits tests 9b164379 tests: improve error messages in hostname tests 39b374d5 tests: improve error messages in exec tests dbd25dcc tests: improve error messages in domainname tests 57769eee tests: improve error messages in devices tests 77fc894f tests: improve error messages in exec tests be391abb tests: improve error messages in mounts tests d212647d tests: improve error messages in capabilities tests c3bac03c tests: improve error reporting f62dcc21 tests: fix mount of tmpfs d318fa1a tests: recreate tests root for each test 21e860c7 fix rootless option parsing 7b825680 container: create missing errors 64fbacab python: reset pointer after asprintf failure cfcb839a run, create: deduplicate code 957a6518 linux: add `src-nofollow` & `dest-nofollow` options 044c89d2 run, create: align implementations 0479ae73 libcrun: prefer waitpid_ignore_stopped NULL argument 88f45286 criu: reject unsupported 'src-nofollow' option 602d0e14 linux: add argument nofollow to is_bind_mount ae0ecdd7 mountflags: add `dest-nofollow` and `src-nofollow` options af39d913 linux: refactor mount fd handling in do_mounts c77a1807 linux: add `nofollow` option to `get_bind_mount` c8d042b3 linux: remove duplicate close of rootfsfd 91d202a2 linux: drop unuseful variable c1671bd0 github: show the diff for the check job 6c24739d src: improve dlopen error message 33602a51 Packit/TMT: disable centos-stream-10-x86_64 tests b1133e95 TMT: include podman checkpoint system tests fddb3042 Revert "criu: rename a variable" 97fd76bf Fixup "criu: support mounts where dest is a symlink" 379524f0 krun: Determine flavor from VM config tree 7d1d15d7 krun: Configure VM with pre-parsed config tree 13fcca9e krun: Add function to parse krun VM config fbd8ea8f tests: add new tests to test_pid 3241e2c7 tests: add new test_uid_gid.py tests 4f173407 tests: add new test_devices.py tests 0b8455ea tests: add ischar, isblock, isfifo commands to init 9056ec3b tests: add openwronly command to init 42e5bc61 tests: report the correct exit status for ls 07374bb6 crun: expose net devices feature 006c7aa1 libcrun: advertise net devices support ba0ec5a7 linux: add support for network devices fe8f3277 tests: add ip command to init 64a2e0e1 linux: Update rootfsfd when rootfs is replaced 7de03e62 linux: safe_openat reopens root 2e210bdc linux: use rootfsfd directly from container data e9d159f7 linux: store rootfsfd under private data only 953a8c49 utils: crun_safe_ensure_at opens empty paths 372446d7 tests: fix unused variable 9ddddfb0 test: fix mount to test 040cb2e7 linux: include errno check in UNLIKELY macro b337c9d3 libocispec: update from upstream 37dacae3 linux: do_mount: simplify 0f74f03f linux: use ALL_PROPAGATIONS_NO_REC 7f686825 intelrdt: add support for generic schemata update ca40dac7 ci: show git status 2ad0b600 libocispec: sync from upstream 558419b2 utils: do not use stack for lens array 174963dc criu: avoid malloc in prepare_restore_mounts e0b01580 criu: support mounts where dest is a symlink 55498c1f criu: rename a variable 880b7ee3 criu: allow mount type to be NULL a9c1f024 criu: reuse is_bind_mount b4b29088 Fix python call to `libcrun_get_verbosity` c1e72c10 tests/test_checkpoint_restore.py: fixup e5d2489d criu restore: create --work-path 157a673d criu checkpoint: error message fixup 91aa3683 criu: validate --parent-path 0dceab0c tests: add --work-path to criu test 90ef9732 criu: create --work-path directory 1fa86492 nix: update nixpkgs b9796420 linux: improve cgroup2 mount error message b679e7f7 linux: move unified_cgroup_path to private_data ffbfb6f3 Fix getcwd error handling 8c0075b5 linux: use syscall getcwd return value to set error 99c7b959 crun: Fix the binary name in the Usage info 19b4c254 Revert "Packit: Disable osh_diff_scan" dd8e1af5 Packit: Disable osh_diff_scan 5ec1f2ab Revert "Disable criu support on riscv64" bdd62e17 krun.1: regenerate 739a2bff build-aux/release.sh: fix shellcheck warnings 5c14c0dc make shellcheck: add more files f1cf3b35 tests/run_all_tests.sh: fix shellcheck issues d084c9b5 ci: bump shellcheck to v0.10.0 10e312d5 ci: improve shellcheck job 1e518be6 crun.1: fix "CPU controller" table rendering e7f8dc33 github: use ubuntu-latest for shellcheck 10db1f7a utils: Mark base64 table as non-string data 245d2edf ci: Add awk dependency to test containers 51958b39 ci: Add awk dependency 9adca806 Packit/TMT: run shellcheck tests on fedora envs 6e1ef464 ShellCheck: resolve warnings in TMT test script 7b910ea2 TMT: Simplify plans 9b395e9a build(deps): bump uraimo/run-on-arch-action from 3.0.0 to 3.0.1 9f2604ac linux: remove unused preprocessor directives 21e0179b linux: fix definition of CLONE_NEWCGROUP 684b2540 linux: fix definition of CLONE_NEWTIME 3e9b1c4a linux: fix definition of CLONE_NEWTIME on Centos 9 fc3ae8e2 krun: stop using set_workdir dfb649b3 linux: fix error leak from sync fd 8cb44cd6 container: don't leak error 0d760a96 linux: fix error leak 3649947b linux: make error messages more uniform 75e74bf7 container: make error messages more uniform 9774d59a utils: make error messages more uniform b656f67f cgroup: fix quoting for file names in error messages 6d4f5387 tests: configure additional IDs for the containers user 3b2e2a13 tests, podman: fix ginkgo installation c359fbd8 krun: return dlerror string when library is not found 285574fe tests: add tests for "crun mounts" b5a566bf crun: expose mounts command 196ad5e4 container: add/rm mounts API for a running container 4a27212a linux: move prepare_mount to its only caller c1c5232d linux: split code to new function c7337717 linux: refactor code in a new function 9acf13d6 tests: fix function signature 05277835 status: report better error on ENOENT c6197431 libcrun, krun: use existing error e229c129 seccomp plugins and seccomp receivers cannot be declared at the same time 18af4515 src: remove unused variables 10269840 NEWS: tag 1.21 84828c65 krun: bump vcpu limit to 16 079f95d0 krun: implement support for external kernels a7a178a1 krun: consolidate configuration file definitions 059445af utils: getsubidrange returns negative value on errors ff054fe7 maybe_chown_std_streams: ignore EBADF 3adcc2c7 utils: set_home_env returns negative value on errors f4973d7a tests: move cwd tests to the correct file 53f1c0bc if the container main process and console socket do not need a terminal, the terminal fd is not created 2f7c9b88 console socket client is initialized only when the user declares terminal. 132c793a krun: fix error message 8675bafa krun: create context after loading the library a5cb511d cpuset: fix handling of absent subcgroup d2b824ca krun: stop using krun_set_exec b09aa67d krun: make krun config file world readable 459595b6 container: ignore SIGWINCH without tty c954b1b6 criu: use a process to initialize the cgroup 959cc6c4 cgroup: extend function e3866cc5 cgroup: fix ownership of dfd in read_pids_cgroup Bumping libocispec to latest, which comprises the following commits: 9d1955f sources.py: fix unconditional return in map value clone 9937df4 ocispec: rename judge_complex to is_compound_type 61b922d ocispec: add support for string->object maps abae290 ocispec: remove explicit inheritance from object d67f492 helpers: rename CombinateName to HierarchicalName 55a0a9c helpers: rename Unite class to SchemaNode 809b047 runtime-spec: update to latest upstream revision d455ad0 image-spec: update to latest upstream revision 30a27d7 github: update action ed23e6a runtime-spec: sync from upstream 412ce10 image-spec: sync from upstream Bumping runtime-spec to version v1.2.1-11-g82cca47, which comprises the following commits: afd830f principles: fix typo d2f4f90 config-linux: add schemata field to IntelRdt (#1230) 27cb002 docs: fix typo (#1285) 0ed7cf6 docs: add missing backticks for code formatting e935f99 Define Linux Network Devices (#1271) df100de add systemd-nspawn to implementations.md 95a651f Add back +dev 524fc0e Release v1.2.1 221c198 Fix description of errnoRet in Seccomp 9de64c0 config-linux: update for libseccomp v2.6.0 1df9fa9 zos updates - add zos namespaces, remove zos devices This PR proposes updates to the OCI runtime spec with z/OS platform-specific details, including adding namespaces, adding noNewPrivileges flag, and removing devices. These changes are currently in use by the IBM z/OS Container Platform (zOSCP) product - details can be found here: https://www.ibm.com/products/zos-container-platform. 131ae4c Correct `prestart` hook description in summary (#1275) b9e8fdb Add support for windows CPU affinity b37b687 ci: Add a github actions workflow for lint 8cfc407 specs-go: sync SCMP_ARCH_* constants with libseccomp main (#1229) 9ceba9f update http links to https Bumping image-spec to version v1.1.1-6-g64294bd, which comprises the following commits: aca17c0 Clarify that canonical JSON is not a requirement 1809845 Bump back to +dev 147f9c1 Release v1.1.1 4fecf47 Add blake3 as a registered/supported hash algorithm 81e457e Fix grammar nit 60acaac Document extensibility of the image layout 4dcf962 Document Go version policy 6a277dd Add `cache-dependency-path` to avoid setup-go warning 00584ff Reduce maintenance burden by letting setup-go track our Go versions 85abb94 Manifests may contain multiple digest algorithms aa533a0 Delete project documentation 03306ac Hard link limitations in union filesystems cee95e9 Ignore uname/gname where uid/gid are supported Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
* cri-tools: update to v1.33.0Bruce Ashfield5 days1-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumping cri-tools to version v1.26.0-1253-g0cf370b1, which comprises the following commits: 9dee32cb Bump sigs.k8s.io/yaml from 1.4.0 to 1.5.0 in the kubernetes group db5e1a5d Bump github.com/docker/docker in the gomod group 3965e51f Bump the gomod group across 1 directory with 15 updates 51931829 Bump creyD/prettier_action from 4.5 to 4.6 d2ab00b5 Revert "Disable containerd hostport test" bb23a30f Fix regression in reading crictl config file 805ec939 Bump crate-ci/typos from 1.32.0 to 1.33.1 49f9848f Add --all flag to crictl stop command. 5a2b848d rename the google group for sig node e1aa696f Bump the kubernetes group with 7 updates cebc14c7 Fix containerd CI tests 10446494 Bump google.golang.org/grpc from 1.72.0 to 1.72.1 in the gomod group 19933a15 Bump actions/setup-go from 5.4.0 to 5.5.0 70cc7ecf Bump creyD/prettier_action from 4.3 to 4.5 3391150d Fix CRI-O CI 0c5878f3 Bump the gomod group with 3 updates 9835fac0 Bump crate-ci/typos from 1.31.2 to 1.32.0 2df538ee reuse urfave/cli.Context instead of creating a new instance c78b0da4 add local imports to goimports formatting settings 4e4c0105 Bump crate-ci/typos from 1.31.1 to 1.31.2 dc35d07f Update release notes tool to v0.18.0 0368aedc Switch to k8s final fe2470b9 Bump the kubernetes group with 7 updates bd70f72b fix the issue of regexp matching 550b0325 pass down the context object wrapped within the urfave/cli.Context struct ef51018b Update cri-tools to v1.33.0 in README.md 4cc79024 chore: add and migrate to sigs.k8s.io/yaml b00094da Add metricdescs cmd for ListMetricDescriptors API e2938014 Update go.mod e85c4754 Bump the gomod group across 1 directory with 9 updates 197c6bfd Disable containerd hostport test a17bf9a2 Bump the gomod group across 1 directory with 5 updates e1282733 Bump google.golang.org/grpc from 1.71.0 to 1.71.1 in the gomod group 7beefa0d Bump crate-ci/typos from 1.31.0 to 1.31.1 7841bc21 Bump crate-ci/typos from 1.30.3 to 1.31.0 fa0199ca bump cri-api to include API change efa5adc9 Bump github.com/docker/docker in the gomod group 136f62ab Switch to golangci-lint v2 a007f2c3 Bump the gomod group across 1 directory with 4 updates aadf9bd7 Bump crate-ci/typos from 1.30.2 to 1.30.3 de5928b7 Bump github.com/onsi/ginkgo/v2 from 2.23.1 to 2.23.2 in the gomod group 72541a1d Bump the gomod group with 2 updates 76706f3a Bump actions/upload-artifact from 4.6.1 to 4.6.2 5994f626 Bump actions/cache from 4.2.2 to 4.2.3 3f997020 Bump actions/setup-go from 5.3.0 to 5.4.0 409843c6 Use go version requirements from go.mod 1f362107 Update cri-api to latest commit 360839ff Bump the kubernetes group with 7 updates b221115c Bump crate-ci/typos from 1.30.1 to 1.30.2 4d527fc0 Fix e2e tests f1d0e5d1 Bump the gomod group with 9 updates 9fe2377f Update go.mod 0da7f3bb Bump the kubernetes group with 7 updates ebe1e024 Bump google.golang.org/grpc from 1.70.0 to 1.71.0 in the gomod group 31c1208c Bump crate-ci/typos from 1.30.0 to 1.30.1 44ad24ec Bump crate-ci/typos from 1.29.10 to 1.30.0 16a8b093 Bump actions/cache from 4.2.1 to 4.2.2 e79aebf0 Bump github.com/docker/docker in the gomod group bfe4489b Bump crate-ci/typos from 1.29.9 to 1.29.10 4cc11c6b Switch to go 1.24 1a12fc5a Add `crictl update --oom-score-adj` flag 6716e360 Bump ncipollo/release-action from 1.15.0 to 1.16.0 35d68a3d Bump actions/upload-artifact from 4.6.0 to 4.6.1 67b9d1e7 Bump crate-ci/typos from 1.29.8 to 1.29.9 0e881df7 Bump crate-ci/typos from 1.29.7 to 1.29.8 c473651c Bump actions/cache from 4.2.0 to 4.2.1 85a079de Bump github.com/docker/docker in the gomod group 16f7de61 Bump the kubernetes group with 7 updates 9927d368 KEP-3619: Display "RuntimeFeatures" object(in ".features" field) in "crictl info" command 6bbb88b4 Fix typo 1e872922 Bump crate-ci/typos from 1.29.5 to 1.29.7 8cd277b4 Use go-md2man v2 a276468f Rework the Makefile help 3266feb4 Bump google.golang.org/protobuf from 1.36.4 to 1.36.5 in the gomod group c833e615 Bump the kubernetes group with 7 updates 7114b6db Bump the gomod group with 3 updates 41fe74d7 Deflake e2e test `should not show help running rmi -a` 1e122b8c Bump crate-ci/typos from 1.29.4 to 1.29.5 9bdf43d5 fix the release status of critest f23688f3 Enable `wsl` and `nlreturn` linters da609495 Bump google.golang.org/protobuf from 1.36.3 to 1.36.4 in the gomod group fc363a7c Bump google.golang.org/grpc from 1.69.4 to 1.70.0 in the gomod group 91ee76d4 Update golangci-lint and config bb895a38 Fix `should not show help running rmi -a` e2e test 8154c69e Bump github.com/docker/docker in the gomod group e2263179 Bump actions/setup-go from 5.2.0 to 5.3.0 a6bea790 Fix `--image` filter for crictl `inspect` and `exec` eb27ba79 Bump the gomod group with 4 updates 089acbb5 Bump the gomod group across 1 directory with 3 updates 49b08d0f Bump ncipollo/release-action from 1.14.0 to 1.15.0 eb137156 Bump actions/upload-artifact from 4.5.0 to 4.6.0 80a8cdc7 Fix UpdateContainerResources call for windows 3a537124 Bump google.golang.org/protobuf from 1.36.1 to 1.36.2 in the gomod group 83ea9944 Bump the gomod group with 3 updates 7dd8ad17 Bump crate-ci/typos from 1.28.4 to 1.29.4 dec4650f chore: fix typos lint error e5f6211d Bump the gomod group across 1 directory with 2 updates 7d818981 feat: retrieve specific log stream of a container b3b41941 Bump the gomod group across 1 directory with 3 updates a4b0f900 Bump actions/upload-artifact from 4.4.3 to 4.5.0 b31e4c27 Bump the gomod group with 2 updates c8dfcaa3 Enable and fix `thelper` linter 962675d3 Bump google.golang.org/protobuf from 1.35.2 to 1.36.0 in the gomod group f194b879 Bump crate-ci/typos from 1.28.3 to 1.28.4 088df13e Bump crate-ci/typos from 1.28.2 to 1.28.3 ef9ff838 Bump the gomod group with 5 updates 3eadb52d Bump actions/setup-go from 5.1.0 to 5.2.0 9e4736e1 Bump the kubernetes group with 7 updates e497cde0 Bump github.com/onsi/gomega from 1.36.0 to 1.36.1 in the gomod group 0e391f24 Bump github.com/docker/docker in the gomod group 706635ae Update golangci-lint to v1.62.2 aadfea46 Update latest version to v1.32.0 525da746 Switch back to rc2 aa74f030 Bump actions/cache from 4.1.2 to 4.2.0 4b276570 Bump the kubernetes group with 7 updates ce4f734d Bump the gomod group with 4 updates e57f45d4 Switch CI to use macos-13 runner 88c14290 Switch back to rc2 e23679fc Bump the kubernetes group with 7 updates 619024b1 dependabot: group kubernetes updates 76539c20 Bump crate-ci/typos from 1.28.1 to 1.28.2 06c94e8a Update vendored Kubernetes to v1.32.0-rc.0 bd33d80c Bump crate-ci/typos from 1.28.0 to 1.28.1 9f0998f0 Exclude go.sum 3ae2eeff Bump crate-ci/typos from 1.27.3 to 1.28.0 8da10ef4 Bump github.com/onsi/gomega from 1.35.1 to 1.36.0 d779396d Bump k8s.io/cri-client from 0.31.2 to 0.31.3 d78e359f Bump k8s.io/kubectl from 0.31.2 to 0.31.3 ef453138 Bump k8s.io/kubelet from 0.31.2 to 0.31.3 0df49937 Bump github.com/onsi/ginkgo/v2 from 2.21.0 to 2.22.0 dfad0119 bug fix: Fix panic if c.Image is nil 1ca3d682 Run prettier on supported files 67d7a653 Add `--profile-{cpu,mem}` flags 5449a734 Bump google.golang.org/protobuf from 1.35.1 to 1.35.2 48e7ac9b Use `slices.Compact` instead of own logic 0a326575 Make `--tls-ca` optional 265de9a0 Bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc a305a817 Bump go.opentelemetry.io/otel/sdk from 1.31.0 to 1.32.0 5955076e Bump crate-ci/typos from 1.27.2 to 1.27.3 d8cde244 Bump go.opentelemetry.io/otel from 1.31.0 to 1.32.0 7528c026 add swap column to crictl stats 7037a106 Bump golang.org/x/term from 0.25.0 to 0.26.0 a5b538ad Bump google.golang.org/grpc from 1.67.1 to 1.68.0 d43ab38b Bump golang.org/x/text from 0.19.0 to 0.20.0 22def9aa Bump golang.org/x/sys from 0.26.0 to 0.27.0 dbc42be4 Bump crate-ci/typos from 1.27.0 to 1.27.2 2cf15800 Add TLS support for `crictl` `exec`, `portforward` and `attach` faf67899 Check and fix typos in CI 240a123f Bump github.com/onsi/gomega from 1.35.0 to 1.35.1 b91c463a No need for overly strict criteria for judgment 1ee80a10 Bump github.com/onsi/ginkgo/v2 from 2.20.2 to 2.21.0 f6394f2a Bump github.com/onsi/gomega from 1.34.2 to 1.35.0 baca737e Clarify that `crictl config` without args refers to `set` b6b10ebf Fix `crictl config --set` if the YAML defines entries multiple times 38381e1b Use const defines for config options cce4fcc1 Add `crictl config` e2e tests 74e72db0 Bump actions/setup-go from 5.0.2 to 5.1.0 12f155d0 Add warning log message about which config files to try 6646f80b Bump k8s.io/cri-client from 0.31.1 to 0.31.2 9aca89aa Bump k8s.io/kubectl from 0.31.1 to 0.31.2 82030f72 Bump actions/checkout from 4.2.1 to 4.2.2 a3642af9 Bump k8s.io/kubelet from 0.31.1 to 0.31.2 cbe9d34c Add more file based test cases d941fdf8 Bump actions/cache from 4.1.1 to 4.1.2 60d6117a Add config file unit tests ddd1b0a8 fix: fix validation error for go templates that use a crictl defined builtin function db472c80 Use golang context instead of `golang.org/x/net/context` 34d1b37d Fix panic if container metadata is `nil` 94a6e23a Fix panic if Metadata is nil c0e41746 Allow parallel image removal ce419956 Use errorUtils for exec goroutine aggregation d552fb5f Allow prallel container removal bc6941bc Bump github.com/opencontainers/selinux from 1.11.0 to 1.11.1 7e505de1 Log the used connection timeout on debug output a74ab697 crictl ps: output container namespace e60d59b2 crictl ps, inspect: allow pod namespace filtering c787cf4f Bump github.com/urfave/cli/v2 from 2.27.4 to 2.27.5 cd649cce Bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc 68db8fdd Bump go.opentelemetry.io/otel/sdk from 1.30.0 to 1.31.0 a9f1a398 Bump go.opentelemetry.io/otel from 1.30.0 to 1.31.0 e3869aa8 crictl exec: add `--quiet/-q`, `--ignore-error/-e` and `--parallel` flags e7fbe3f1 Bump actions/upload-artifact from 4.4.2 to 4.4.3 f3f366e9 Pin `k8s.io/{api,apimachinery,client-go}` to v0.31.1 cf8861c7 Bump actions/upload-artifact from 4.4.1 to 4.4.2 f4035bef Bump actions/cache from 4.1.0 to 4.1.1 3d8c9c02 Bump google.golang.org/protobuf from 1.34.2 to 1.35.1 524fbb8b Bump actions/upload-artifact from 4.4.0 to 4.4.1 b3a4d58b Bump actions/checkout from 4.2.0 to 4.2.1 997dc57c Pin Kubernetes to v1.31.1 5b7ee6bc Bump google.golang.org/grpc from 1.66.2 to 1.67.1 c08ed4da Bump actions/cache from 4.0.2 to 4.1.0 d3a8d46b Bump golang.org/x/net from 0.29.0 to 0.30.0 791c4011 Bump k8s.io/client-go from 0.31.0-rc.1 to 0.32.0-alpha.1 44b28fe1 Bump actions/checkout from 4.1.7 to 4.2.0 ff409a52 Bump github.com/docker/docker 8e24af7c crictl exec: allow running single command in multiple containers 05b15a8c Bump github.com/docker/docker 8f49365b Update the release-notes tool to v0.17.8 cd721b7c Update golangci-lint to v1.61.0 2c83b263 Bump google.golang.org/grpc from 1.66.1 to 1.66.2 1b3b8c0f Remove container namespace mode for AppArmor tests 5709f7b0 Bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc 254c75f1 Bump go.opentelemetry.io/otel/sdk from 1.29.0 to 1.30.0 0bc617e4 Bump github.com/docker/docker 4574fbe0 Bump google.golang.org/grpc from 1.66.0 to 1.66.1 fc105b46 Bump golang.org/x/net from 0.28.0 to 0.29.0 fd9300b1 Bump golang.org/x/term from 0.23.0 to 0.24.0 c799ef77 Bump golang.org/x/text from 0.17.0 to 0.18.0 a1fb7b46 Bump golang.org/x/sys from 0.24.0 to 0.25.0 8d8aa5c7 Bump actions/upload-artifact from 4.3.6 to 4.4.0 6f5d2f4b Bump github.com/onsi/ginkgo/v2 from 2.20.1 to 2.20.2 3c9afec4 Bump google.golang.org/grpc from 1.65.0 to 1.66.0 86c6cc06 Bump github.com/onsi/gomega from 1.34.1 to 1.34.2 0e3460f2 Bump github.com/docker/docker 6ba1c61a Bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc 11ae7eaa Bump go.opentelemetry.io/otel/sdk from 1.28.0 to 1.29.0 7c48df2c Bump go.opentelemetry.io/otel from 1.28.0 to 1.29.0 d2914019 Bump github.com/onsi/ginkgo/v2 from 2.20.0 to 2.20.1 efd1844d Pin GitHub actions commits e9b6633c Add `zeitgeist` based dependency check 19fd9b1b Cleanup `build` GitHub actions ee88eaf7 Switch to go 1.23 7e575da7 Disable crun related test skips 6bab2761 Bump github.com/docker/docker 793c3e08 Fix `crictl` info for containerd c78bd82b Bump github.com/urfave/cli/v2 from 2.27.3 to 2.27.4 a5ffc229 Bump golang.org/x/sys from 0.23.0 to 0.24.0 17298e18 Dedup pod name const 42f500e1 Fix release job working directory 6bc7dbf3 Update README.md version to v1.31.0 102b63cf Fix crun critest 3c75c94d Bump github.com/onsi/ginkgo/v2 from 2.19.1 to 2.20.0 7c06bc4a Improve `crictl inspect[pi]` commands to allow filtering eb5acb03 Bump golang.org/x/net from 0.27.0 to 0.28.0 1ffab888 Bump golang.org/x/text from 0.16.0 to 0.17.0 f628d2d3 Update Kubernetes to v1.31.0-rc.1 0ce86f00 Remove CLI default values d6343996 Remove unneeded `nil` checks 2777dd8b Bump golang.org/x/sys from 0.22.0 to 0.23.0 22d7ff92 Fix OOMKilled test 3b1e9337 Improve CRI-O test log collection c11f0dbf Add more CRI-O matrix tests 2bb37326 Add idempotence tests a24838ce Vendor Kubernetes v1.31.0-rc.0 b6c89f9d Enable and fix `goconst` linter b9e5fb62 Enable and fix `errcheck` linter e86d6525 Bump github.com/onsi/gomega from 1.34.0 to 1.34.1 30be8b94 Bump github.com/onsi/ginkgo/v2 from 2.19.0 to 2.19.1 43e60e8e Fix `ginkgolinter` linter 88e06f98 Bump github.com/onsi/gomega from 1.33.1 to 1.34.0 e715d05d Enable more linters and update config e851e50f Bump github.com/urfave/cli/v2 from 2.27.2 to 2.27.3 b55fc387 Print portforward stdio only on error ea031194 Fix `errchkjson` and `errorlint` linters 63cdd299 Fix `hugeParam` linter ea2beb91 Fix `bodyclose` linter 55588a6f Fix `unnamedResult` linter 87600110 Fix `contextcheck` linter 38cab019 Fix `paramTypeCombine` linter e12c790e Bump github.com/docker/docker ab9029e0 Fix `importshadow` linter c9e3de68 KEP-3619: use sleep infinity instead of while loop 695b6751 KEP-3619: sort SupplementalGroups field to make the assertion stable c45cf828 KEP-3619: delete comments 64a7db2c KEP-3619: Fine-grained SupplementalGroups control (SupplementalGroupsPolicy). 29b04c4a KEP-3619: update cri-api dependency 363801a8 Fix `emptyStringTest` linter d40d56b3 Fix `goprintffuncname` linter ec3a47e4 Fix `nolintlint` linter 38f96ca1 Fix `whitespace` linter 53b0b533 Fix `gofumpt` linter cfa33464 Fix `gci` linter a57a3c13 Bump github.com/docker/docker 615f7180 Enable linters which do not report anything 56750091 Fix `godot` linter 825e8f1d Remove log message for AppArmor profiles 0a90b9b5 Fix lint timeout 011a460f Revert "Enable more linters and update config" 026503be Revert "Enable and fix all gocritic linters" 706bd2ac Enable and fix all gocritic linters 6678c597 Bump k8s.io/kubelet from 0.30.2 to 0.30.3 be479935 Bump k8s.io/kubectl from 0.30.2 to 0.30.3 f2fb00db Enable more linters and update config b6d5dfbe Check AppArmor availability without vendored runc bd276bf1 Add OCI Volume Source support e970686d Make `crictl events` interruptable 0e42158f Fix build e6fd881e Bump k8s.io/cri-client from 0.31.0-alpha.3 to 0.31.0-beta.0 93675326 Bump k8s.io/client-go from 0.31.0-alpha.3 to 0.31.0-beta.0 61627982 Bump k8s.io/api from 0.31.0-alpha.3 to 0.31.0-beta.0 e5f8b454 Bump k8s.io/apimachinery from 0.31.0-alpha.3 to 0.31.0-beta.0 fa6f5ce0 Remove use of deprecated proto packages 9990a760 Add stats label filter test d3d80c74 Fix invalid JSON for multiple images/containers/pods e04357aa Fix parent dir retrieval lint c81525da userns: Fix running tests inside a userns 316d6d3c userns: Call runtime only once 934f1ccb userns: Skip tests if the host doesn't support idmap mounts 0d18e2d6 Fixes invalid JSON in crictl info eee3e506 Update golangci-lint to v1.59.1 and fix lints c5e3fd2f Add crictl `update-runtime-config` command Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
* cri-o: update to v1.33.0Bruce Ashfield5 days2-45/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumping cri-o to version v1.33.0-63-g87ce1c120, which comprises the following commits: b9bc2a2cd Upgrade netlink 8d0965635 Downgrade otelgrpc bc9516250 build(deps): bump the gomod group across 1 directory with 20 updates e90924e83 Revert "temporarily enable debug symbols" 6870ad334 test/ctr.bats: fix wrt new CPU units to weight conversion 2491f8124 Mark v1.30 as EOL ba6a88448 fix prettier 7cf556a6f update nixpkgs 4450e698d Bump go version to 1.24.3 f8084ff63 build(deps): bump github.com/go-chi/chi/v5 from 5.2.1 to 5.2.2 ab7d879dc temporarily enable debug symbols 1e751b490 fix deadlock when the container is in uninterruptible sleep cb2965f42 [revert] internal/oci: fix terminal resize race condition 0d449e00e internal/oci: fix terminal resize race condition 662474e9b fix verify command ebabdc929 unit tests fixup 85665a6fe code fixup 5944f40fc HighPerformanceHooks: Remove dead code ShouldCPUQuotaBeDisabled a22b5dad9 FreeBSD fixup ebee282d3 HighPerformanceHooks: Unit tests for Fix IRQ SMP affinity race c50e4e0de HighPerformanceHooks: Fix IRQ SMP affinity race conditions 239f9ee61 install: drop outdated flatcar installation instructions bfe3b83cf increase timeout of critests 5912f0483 change conmon install 25b3dfb58 UpdateContainerStatus: fix error logging 6062ff148 internal/hostport: fix linter warning b3f139431 Redo metaHostportManager construction, fix bug 801383af3 Improve iptables error handling when there's no iptables binary 0a0b33208 deps: bump to runc 1.3 3f4b82fa6 Finish switching to opencontainers/cgroups dc3d6b6ec pass down apparmor errors 608b8a0e9 Retry failed tests 290edee86 sandbox: use created/stopped instead of infra container for readiness 4996d1050 Extend checkpoint/restore test for container logs f52c04277 Add coverage report from integration tests 6b20443c5 Fix `OS_RPM_NAME="$(rpmspec -q --qf '%{name}\n' "${OS_RPM_SPECFILE}" | head -1)"` exited with status 141. error eea79c782 Switch to v1.34.0 as development version of `main` a51c99a2c Decrease actual version aa52c9329 Add option to allow seccomp profiles for privileged containers 4fc529bf8 Support multi architecture artifacts d94a8f37c Add signature verification for image volumes 15bbcca97 build(deps): bump github.com/opencontainers/cgroups in the gomod group d063f8293 Add v1.33 to supported versions 9b0142eb0 Update CNI plugins to v1.7.1 aecad95c3 Improve timeout integration tests f499c0a96 Make metaHostportManager handle iptables vs nftables 982c191d9 Add an nftables HostPortManager dda8739ea Move iptables HostPortManager code into its own file. beb362521 Move hostport conntrack cleanup to metaHostportManager dec4bda08 Move hostport IP family filtering to metaHostportManager b7731057a Remove hostport.PodPortMapping 5db94b36b Revert "Squash MetaHostPortManager into HostPortManager" 6fd9131eb New UpdatePodSandboxResources CRI API handler 1a9acebff Fix build 30d575118 build(deps): bump the gomod group across 1 directory with 25 updates 479a8070c Fix GitHub actions CI test setup 766a81efb Fix container_create_freebsd.go 9660da25e remove runDir b5f51739e remove storageRoot e042f84b2 Remove mountLabel 52b81926b Remove absentMountSourcesToReject 5c9803b19 Remove bindMountPrefix 569e8d3db Update nixpkgs 2ac913d18 Support artifact mount sub paths 6df6cfc6f Update linter and fix reports 87ee7a4af Support `artifactType` OCI artifacts 4ae753afe Fix lint CI dd38a1805 emit crio runtime config as part of CRI API's StatusResponse fd5db98e6 Add the option to disable/enable OCI Artifact mount 68fe1936b Remove unused imports bb9223fc0 Add container_spec_memory_limit_bytes metric 087e2ce46 build(deps): bump golang.org/x/net from 0.37.0 to 0.38.0 44d9073dd Disable pull-progress-timeout per default ab9acb6f9 Add support for CNAI models 9cc9b0763 Add README for CI playbooks and remove cri-tools task fe4378b38 .golangci.yml: remove gofmt 560bf28a1 .golangci.yml: remove some unused linters 7ddf15274 .golangci.yml: remove legacy preset from exclusions 8250128de internal/ociartifact: rename MarshalJSON -> ToJSON a904a4e0e test/mocks: regenerate 8c3ce800f Run make mockgen 310a66356 .golangci.yml: rm some unused exclusions c02c3a54d Run mockgen b5b96dfdf Refactor metrics descriptors 012b6cde5 Increase pull-progress-timeout to `30s` d3f7cb491 Update nixpkgs 6a4a3ee9b test 7c4fbadc4 Add container stop signal feature (KEP-4960) a1f07bc4b Fix build 3feb9ad31 build(deps): bump the gomod group across 1 directory with 6 updates a9a660579 Fix image status so that it can get artifact with canonical name and short name 6b244a90a Switch to golangci-lint v2 2fa08cfa2 Use `strings.SplitSeq` instead of `strings.Split` 704932bc3 fix schema v1 images not resolve to image ID error f554c58ea Address linter complaint 62aeb65ce Remove Krzysztof Wilczyński as maintainer 19adbe020 Set default masked paths f5d0ff28e crio wipe should remove storage only once per reboot e429f75ee OCPNODE-3016: support mount OCI artifact 64567e976 Fix comment location about error message f4cff283d build(deps): bump the gomod group with 2 updates fca4ea622 Add image volume subpath support db553b0be Use go version requirements from go.mod 2dc6d0831 Add lint-fix target 7f7d77ace build(deps): bump github.com/containerd/containerd from 1.7.26 to 1.7.27 109872da3 Cleanup: ensure image volume path 24452a56c build(deps): bump github.com/containers/common in the gomod group 29c662a5b build(deps): bump the kubernetes group with 6 updates ab6bc86b8 Fix release notes download location c2f55509f Update debug flag a0ffef29a build(deps): bump github.com/containers/image/v5 in the gomod group 25775fdb3 build(deps): bump the gomod group across 1 directory with 2 updates 662f8cab6 Require go 1.24 for build 512d33bc5 build(deps): bump the gomod group with 7 updates 00a7117dc Improve artifact error logs 9824edb9d build(deps): bump the gomod group with 5 updates 3f1398477 build(deps): bump the gomod group with 3 updates 3507a2a5b Update the release-notes tool to v0.18.0 9e69a709f Update conmon to v2.1.13 663066d99 build(deps): bump the gomod group across 1 directory with 2 updates 754a1ed24 Add OCI artifact support e69571c34 Drop image status log message b638954fe Switch to go 1.24 f46b83d3f build(deps): bump github.com/containerd/containerd in the gomod group 826ef8052 build(deps): bump the gomod group across 1 directory with 5 updates c3363e0c3 add --extra-experimental-features nix-command flag to build-static target dfc2778ee build(deps): bump github.com/go-jose/go-jose/v4 from 4.0.4 to 4.0.5 92fd877a0 Update golangci-lint config and fix reports 8c9fa54ba Add validate method for sandbox 32854c9d1 server: fix races in GetContainerEvents 6fdd6b3bc Updating install docs 0a81f1ef7 build(deps): bump the kubernetes group with 6 updates 8287e4159 server: don't dereference Config.Linux if it is nil 3c7337fb9 server: move createSandboxContainer and related functions to container_create.go 7cdfc7938 server: factor out adding /dev/shm mount e533ab281 server: factor out adding sysfs mounts 20b17df06 server: add no-op stub for makeOCIConfigurationRootless 5035c19a0 server: factor out creating the security context 286e7e24f internal/factory/container: add no-op stub for SpecAddDevices on FreeBSD 7f104e5da internal/factory/container: make SpecAddNamespaces platform-specific 68091febb internal/factory/container: make (*container).SelinuxLabel platform-specific 29a85ace4 internal/linklogs: add stub for freebsd 2f4bc00c2 internal/config/device: add stub for DevicesFromAnnotation 2efa5b35f Fix context cancellation when image pull progress timeout is `0` 10070a556 Fix build d9d5def74 build(deps): bump sigs.k8s.io/release-sdk in the kubernetes group 29e76f138 Remove `exclude_graphdriver_devicemapper` build tag a4c67cc6c Fix: If cgroup manager is cgroupfs then allow conmon_cgroup to be empty dcfb01965 build(deps): bump google.golang.org/protobuf in the gomod group 2193e6280 Update mocks 864e43306 build(deps): bump the gomod group across 1 directory with 8 updates a961ed207 Mark v1.29 as EOL 60c3697ac Fix typo in version_update_mask regex 77f2041ea Change nixpkgs update to monthly 4ceeaddaa Switch to golang native error joining and errgroup 0b6a04bea test: add test coverage for LinkLogs malicious paths 910f6e5d6 internal/linklogs: sanitize the directory path before using it d5ab7c46c build(deps): bump sigs.k8s.io/release-utils in the kubernetes group 6dbfcec98 Downgrade github.com/cyphar/filepath-securejoin b27a733c8 Remove `LimitNOFILE` from systemd service file ecd3b6dce build(deps): bump the gomod group across 1 directory with 8 updates 6b4fd0741 Add warning log for a process having an uninterruptible child. d19a9d641 Enable `wsl` and `nlreturn` linters 0979d3497 Integrate native GitHub arm64 runners a371ae1c3 Log error when failing to update container status from exit file 03472dd92 Enable linters and auto-fix 630b608f0 Add documentation hint how to handle the versions 6691836a5 Revert 'Add 1.33 to supported minor version' f67859446 watchdog: decouple CNI plugin initialization from CRI-O health checks e87f86c1b Switch to our log module for logging in iptables module 1b06fc09d Add `release-1.33` to active prerelease version 1f60a95cc internal/config/ociartifact/ociartifact: Do not hard-code 'sha256' in error message 6dc287d45 vendor: downgrade github.com/cyphar/filepath-securejoin to v0.3.6 db4ca1752 * : fix lint/vendor issues to update dependabot updates 16289cad3 Update nixpkgs 271146940 Fix klog-shim to close the bracket properly 1005e0e32 build(deps): bump the gomod group across 1 directory with 17 updates 05296551a Avoid using UpdateContainerStatus for ReopenContainerLog and add logs tests 1a6765b73 Makefile: introduce GO_TEST for more flexible configuration a9e7d29b3 Improve `sync.Map` iterators with an implicit call 807943105 Remove Fedora 39 content ddaed68a3 Makefile: fixes wrt crio.conf f5e6d6f7f Update nixpkgs to the latest HEAD commit 78c45f865 Update nix release to v2.24.11 458137a7a Update release-notes release to v0.17.11 3b94f59b1 Update gosec release to v2.21.4 a9aa6072f Update shfmt release to v3.10.0 fbc3ce557 Update golangci-lint release to v1.63.4 0fe4097af Update buildah release to v1.38.0 72f95429a Update bats release to v1.11.1 6da7ef28b Update containernetworking/plugins Go package release to v1.6.2 3f0f86965 Update multiple dependencies to newer releases 997e4fbd3 server: fix panic when default annotations are specified b473c6c04 Fetch latest containernetworking/plugins tag instead of v1.1.1 6e0df0924 Update CRI-O version and add checks Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
* containerd: update to v2.1.3Bruce Ashfield5 days1-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumping containerd to version v2.1.3-2-g41bb88c7e, which comprises the following commits: b74268f86 bugfix:close container io when runtime create failed 7636bd5eb fix when multipart fetching and the server does not return content length 627729341 Prepare release notes for v2.1.3 3c5ede878 Update transfer supported platforms logic babacebad Fix fetch always adding range to requests fb752bc8e fix import for local transfer service f30be44ad Update fetcher errors to include full registry error f6d926314 Register remote errors for clients to access registry errors 7c1813345 Decode grpc errors in the transfer client proxy 63b9eae62 Prepare release notes for v2.1.2 cff1feb28 *: properly shutdown non-groupable shims to prevent resource leaks 2ce169aae ci: bump golang [1.23.10,1.24.4] in build and release 70bcb9b55 Enable CIs to run on WS2022 and WS2025 c71f77170 build(deps): bump google.golang.org/grpc from 1.72.0 to 1.72.2 9b6c1949a Fetch image with default platform only in TestExportAndImportMultiLayer 4bcea74de Update differ selection in transfer service to prefer default 0c3cd8a99 Add debug log when transfer returns not implemented 820e56765 Add more error details when unpack fails to extract 480126f50 erofs-snapshotter: fix to work with wrapped errors d82921ff5 Enable DuplicationSuppressor in transfer service 0bb25c3d6 ci: bump golang [1.23.9, 1.24.3] in build and release dd2ce49d0 Add symlink breakout test for overriden path ac8e84efc client:improve mount error message 216667ba0 Prepare release notes for 2.1.1 e1817a401 docs/snapshotters/erofs.md: a tip for improved performance 2168cb92c erofs-differ: fix EROFS native image support 444ca17cd update runhcs version to v0.13.0 40575a15f cri:use debug level when receive exec process exited events 0684f1c44 build(deps): bump github.com/Microsoft/hcsshim ac00b8e61 Revert "perf(applyNaive): avoid walking the tree for each file in the same directory" 37d6c4236 Update removal version for deprecated registry config fields 7fcbc3c46 core/runtime/v2: cleanup shim-cleanup logs e7be076d4 ctr:make sure containerd socket exist before create client c90524d5f .github: mark 2.1 releases as latest 897f65cff Prepare release notes for v2.1.0 ca36be282 Update api to v1.9.0 e51f9c177 Update release for 2.1 release and next to releases a6db1c440 Update mailmap 145175bf4 Prepare release notes for api/v1.9.0 5dc29f0e7 core/runtime: should invoke shim binary e5ef65017 Revert "not set sandbox id when use podsandbox type" 1c70f237c integration: add testcase to recover ungroupable shim 51664ad32 build(deps): bump github/codeql-action from 3.28.16 to 3.28.17 0d085bc53 build(deps): bump the golang-x group with 2 updates 7360c739f Fix image inspect skip over missing content ddbd748a5 clones k8s apimachinery resource quantity for cri annotation parsing e2d6a7160 cri: put limiter out of config 33ee060a3 Use Go 1.19 atomic wrappers everywhere 9e67469fa clones k8s utils clock for cri server events to remove dependency 5f3f84f56 removes use of klog from containerd repo 4dfe4e8be Update runc binary to v1.3.0 42937de92 cloning k8s apimachinery set utils no longer vendoring apimachinery bfd85405d clones k8s component-base logreduction for integration test 8a08aebe1 removing/cloning vendor of kubelet pod label definitions 3851bd540 fix unbound SKIP_TEST variable error 9058ab4ae Revert "disable portmap test in ubuntu-22 to make CI happy" ee7189d1d Add retries for flaky Windows test d70d6245f Retry registry operations once on 50x on last host ca356e46e cri: add a ConcurrentDownloadLimiter a914597c0 fix: client pull: pass fetch performances options 413702b7e fix comment 89780188f dockerFetcher.open: show all parameters when pulling a layer e499939a4 build(deps): bump actions/attest-build-provenance from 2.2.3 to 2.3.0 7fe090e9a build(deps): bump actions/download-artifact from 4.2.1 to 4.3.0 105602db0 build(deps): bump google-github-actions/auth from 2.1.8 to 2.1.10 b559084fb build(deps): bump github/codeql-action from 3.28.15 to 3.28.16 b89733812 core/transfer/local: should not mark complete if it's not found 0dcdc1ffa bump:update cni to v1.7.1 7c03dd036 nri: add type conversion functions removed from NRI. f71c2c2d5 Prepare 2.1.0-rc.0 release 61cbbaaba Update api to v1.9.0-rc.0 f42ee3431 Update mailmap entries 83ad3b55f code review fixes a196ee66a better race mgt ce73e1b3e docs: Run userns example in /tmp 882b1903c docs: Fix typo in userns example b62339f39 docs: Fix typos to run userns with ctr 72c8c7708 only keep one setting: concurrent_layer_fetch_buffer 024775dab set dl options on resolver 88116b191 remove max_dl_operations setting 755a4ac6f update f9af08820 perf(pull): multipart layer fetch cdd7ec40d Support configuring custom media types for unpack 17b6e1ef8 Allow streaming to client 40eb2fdbb Fix protos bd8e6c727 Enable http debug and tracing for non local puller 1d436803d Add http debug fields to OCI registry protos 27e6c117d Move HTTP debug code to pkg c0ce618a1 Add release notes for api v1.9.0-rc.0 d16ad8f5c fix: update containerd config dump to reflect plugin config migrations. f57727c42 Revert criserver metrics subsystem back to cri b694be29a Update CRI image service to pull using transfer service 2f9734fa5 erofs-differ: support EROFS native image layers d52386ab9 Add check for rootfs type and only unmarshal relevant parts 5dcdd5484 golangci-lint: add forbidigo rules to prevent regex.MustCompile 147787449 use lazyregexp to compile regexes on first use fa0e50ccf implement lazyregexp package f512e3174 ctr shim: allow override to computed shim address 21a6db1b3 Update CRI documentation to add information about Image Pull with Transfer Service 4b4e6f7c6 not set sandbox id when use podsandbox type e511a384e Add warning message when using async mode 89a8cd2fb Introduce no_sync option 57c1cfa5f Update godoc for Bolt options 2db2db3a8 Customzie BoltDB options in MetaStore c94a92f42 Expose boltdb configuration for metadata plugin 98eded24b Move erofsutils to internal 5d3a4d082 build(deps): bump softprops/action-gh-release from 2.2.1 to 2.2.2 f815d0291 build(deps): bump google.golang.org/grpc from 1.71.1 to 1.72.0 47afd3d1c Fix vagrant setup eb09e8d75 Add loong64 seccomp support 568880ec3 erofsutils: MountsToLayer slight optimizations 09f34d18b erofs-differ: implement fast differ with DiffDirChanges() b8649bd38 client: fix returned error in the defer function 5cb77bc22 build(deps): bump golang.org/x/net from 0.37.0 to 0.38.0 01ff3b364 chore: fix broken links to https://docs.docker.com/registry 40b0083c4 fix(docker pusher): if authorizing a cross-repo mount fails, fall back 6f93c65f5 use go1.23.8 as the default go version 5629e9fff update to go 1.24.2, 1.23.8 d73880a9f build(deps): bump github.com/prometheus/client_golang fc23c4d61 build(deps): bump google.golang.org/grpc from 1.71.0 to 1.71.1 76470adf7 build(deps): bump github.com/moby/sys/user in the moby-sys group 97eb1cd46 change criService.runtimeHandlers slice to a map 764dcf77a config: postpone planned v2.1 deprecations to v2.2 499238a52 Remove deprecated dynamic library plugins 9ca6a7ee0 Disable arm64 criu testing in GH Actions 70db1bd00 disable portmap test in ubuntu-22 to make CI happy 8e6c93b6b add option to skip tests in critest c1026d5bf Fixing install instructions for Windows 752914b5b Add content create event to api 81acabd95 release: use Ubuntu 22.04 (glibc 2.35) d9c889568 Remove the support for Schema 1 images 74af78b34 cri,nri: allow plugins to inject devices using CDI. 3251e2cc8 Prevent panic in Docker pusher. 4857de853 Add cri.config.headers to auth requests 10b4eb4a9 Add hosts.toml headers to auth requests 5ae698235 Only add containerd as User-Agent when it's empty f87b2c1cd avoid import to testing pkg outside of tests be9ca11a1 fix call fmt.Errorf with wrong error eae1a6adc build(deps): bump github/codeql-action from 3.28.13 to 3.28.15 8db39a964 build(deps): bump github.com/fsnotify/fsnotify from 1.8.0 to 1.9.0 2a52260c7 build(deps): bump azure/login from 2.2.0 to 2.3.0 2d3ff252d build(deps): bump github.com/containernetworking/cni from 1.2.3 to 1.3.0 be602ea5c build(deps): bump the golang-x group with 2 updates 3a5f04fdd build(deps): bump github.com/pelletier/go-toml/v2 from 2.2.3 to 2.2.4 a083b669c Set default differ for the default unpack config of transfer service 1dbb7f2ae pkg/sys: improve GetLocalListener/CreateUnixSocket error message bca39a6f4 Add documentation for test for issue 10467 713f753e5 Update release upgrade tests to test 1.7 and 2.0 9d05ae03b Revert "Remove test for issue 10467" 33dae72b9 build(deps): bump lycheeverse/lychee-action from 2.3.0 to 2.4.0 c9b9f4a9a build(deps): bump crazy-max/ghaction-github-runtime from 3.0.0 to 3.1.0 ead5c1ee6 cri:fix lost container exit events if they arrive before info is cached 860260434 store extension when create sandbox in store cffb6d425 downgrade cni version in CI test 07a23b6f4 use type textarea 3ef9084d0 Create cri_kep.yaml 450038a28 integration/client: add tests for TaskOptions is not empty 7e5c5038a prefer task options for PluginInfo request ec3567d6b update taskOptions based on runtimeOptions when creating a task fe4703cde integration: check image volume snapshot after deleting pod d141d6c3d integration: run image volumes for linux platform only de833ebbb cri: enhance error handling for image volume be0ab6e93 cri: add volatile option to image volume mount if applicable d080d441d build(deps): bump google.golang.org/protobuf from 1.36.5 to 1.36.6 7e7c3b0a8 build(deps): bump github.com/opencontainers/selinux 3689dec42 build(deps): bump actions/download-artifact from 4.1.9 to 4.2.1 cb6a82a92 build(deps): bump actions/upload-artifact from 4.6.1 to 4.6.2 5b194505e build(deps): bump github/codeql-action from 3.28.11 to 3.28.13 ce690b0a9 build(deps): bump actions/cache from 4.2.2 to 4.2.3 aff7e4797 build(deps): bump github.com/containernetworking/plugins a3a66d1f2 Fix the panic caused by the failure of RunPodSandbox 10fae41ad go.mod: tags.cncf.io/container-device-interface v1.0.1 e7b4165ab *: CRIImageService should delete image synchronously 42effa3b9 Mark `NetworkPluginBinDir` as DEPRECATED 7f9ca1dcb update max container log line size json field 71f593d4a Support multiple CNI plugin bin dirs 7fe5c4123 go.mod: golang.org/x/net v0.37.0 3e96f1a51 Update runc binary to v1.2.6 6670d4153 build(deps): bump tags.cncf.io/container-device-interface 14e94bcbf build(deps): bump github.com/containerd/imgcrypt/v2 from 2.0.0 to 2.0.1 80e3fc4ce build(deps): bump golangci/golangci-lint-action from 6.5.0 to 6.5.2 ec5d686b1 build(deps): bump the k8s group with 5 updates 234a4411f build(deps): bump docker/login-action from 3.3.0 to 3.4.0 c8effff1a Fix CI lint error 7c522819d support to set defer cleanup timeout to decrease ctx timeout 53eec6c78 move host tlsconfig update to a separate function f702bf9fe [hosts] wrong explicitTLS value when dialTimeout is set 8028a1d08 Bump github.com/go-jose/go-jose/v4 from v4.0.4 to v4.0.5 ce055b530 Bump golang.org/x/text from 0.22.0 to 0.23.0 e0aaed012 Bump golang.org/x/term from 0.29.0 to 0.30.0 c4982bffc Add dial timeout field to hosts toml configuration 94dd70f4f build(deps): bump the otel group with 8 updates 85c04ab0e build(deps): bump the golang-x group with 3 updates 12762891d Remove test for issue 10467 5bbd3ed1b add k8s 1.32 and as tested containerd supported branches at the time of release 93cc1e6eb Fix upgrade test runtime config 531adbf06 config:fix config migrate lost timeout config de1341c20 validate uid/gid 9e6beafd5 Support container restore through CRI/Kubernetes 88faaac97 build(deps): bump containerd/project-checks from 1.2.1 to 1.2.2 9f885ea4f build(deps): bump github/codeql-action from 3.28.10 to 3.28.11 d7de182dd build(deps): bump actions/attest-build-provenance from 2.2.2 to 2.2.3 75252f975 build(deps): bump github.com/prometheus/client_golang c37e48b07 build(deps): bump google.golang.org/grpc from 1.70.0 to 1.71.0 700b98415 build(deps): bump github.com/urfave/cli/v2 from 2.27.5 to 2.27.6 833d6bc8e Update release status for 2.1 to beta 71cfe00ee Prepare release notes for v2.1.0-beta.n be8fe50f4 Update the upgrade test to handle 2.1 06daffb4d integration: update TestUpgrade for 2.1 405a952c6 add name in package version 4f090fe77 update to go1.23.7 / go1.24.1 b947e0566 fix: repeat args from sub-func call ee574e76e client: Respect `client.WithTimeout` option 4357a7600 use shimCtx for fifo copy edd1cc50d docs: include note about unprivileged sysctls 393ad5b11 e2e: use the shim bundled with containerd artifact f8f205382 Update runtime-spec to v1.2.1 af5ff5a1f CVE-2025-22869: upgrade golang.org/x/crypto to v0.35.0 3a5de731c erofs-snapshotter: clear IMMUTABLE_FL only for committed snapshots 10f2b7fde CVE-2025-22868: upgrade golang.org/x/oauth2 to v0.27.0 705518e58 ci: update GitHub Actions release runner to ubuntu-24.04 971915797 erofs-snapshotter: force the use of loop devices for single-layer images 69c0d7f60 build(deps): bump containerd/project-checks from 1.1.0 to 1.2.1 37fe1e8b4 build(deps): bump golang.org/x/net from 0.23.0 to 0.33.0 in /api 0eea93d68 build(deps): bump actions/cache from 4.2.1 to 4.2.2 20fa1ca46 build(deps): bump actions/attest-build-provenance from 2.2.0 to 2.2.2 9b0b67951 build(deps): bump docker/setup-buildx-action from 3.9.0 to 3.10.0 86734729f build(deps): bump actions/download-artifact from 4.1.8 to 4.1.9 001dfeb19 build(deps): bump github.com/klauspost/compress from 1.17.11 to 1.18.0 72ac5cad4 build(deps): bump github.com/google/go-cmp from 0.6.0 to 0.7.0 d37ea6977 Bump to newer opencontainers/image-spec @ v1.1.1 b477cf8e9 erofs-snapshotter: protect layer blobs with FS_IMMUTABLE_FL d8063c30d perf(applyNaive): avoid walking the tree for each file in the same directory e84e5a215 build(deps): bump go.etcd.io/bbolt from 1.3.11 to 1.4.0 00cb73503 Swap to go.etcd.io/bbolt/errors for bbolt errors 22d568fb5 Update CDI dependency to v0.8.1. f25f36c33 proxy: break up writes from the remote writer to avoid grpc limits 51f063f07 Prefer runtime options for PluginInfo request d2b5653c1 build(deps): bump the k8s group across 1 directory with 6 updates 76858ac8e Ignore defunct verifier procs in test 268880bf5 [improve] prevent oom watcher depend on shim pkg. 4e7484d3f CI: arm64-8core-32gb -> ubuntu-24.04-arm f3b6078f9 erofs-snapshotter: add fsverity support 86cde823a build(deps): bump actions/cache from 4.2.0 to 4.2.1 49257264f build(deps): bump actions/upload-artifact from 4.6.0 to 4.6.1 125525d6c build(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.1 0500dacf6 build(deps): bump github/codeql-action from 3.28.9 to 3.28.10 71958731e move security profile to cri/sputil pkg b8a759f1f build(deps): bump golangci/golangci-lint-action from 6.3.2 to 6.5.0 f23981281 build(deps): bump google.golang.org/grpc from 1.69.4 to 1.70.0 a1e7457bc docs: add CRI Plugin Config runtime_path 1ec10d9ae Add OCI/Image Volume Source support 480e1039f move exclude-dirs to issues.exclude-dirs a502b7931 Clarify port handling in hosts toml 44baada6a device mapper:fix sometimes blkdiscard doesn't have --version flags 938775864 Update runc binary to v1.2.5 326fbf074 build(deps): bump google.golang.org/protobuf from 1.36.3 to 1.36.5 6a01ad3e1 cri,nri: block NRI plugin sync. during event processing. df99aa321 update to go 1.24.0 / go1.23.6 41eaa41c4 update golangci-lint to v1.64.2 17acb356f build(deps): bump github.com/vishvananda/netns from 0.0.4 to 0.0.5 84e07f6b5 build(deps): bump the golang-x group with 3 updates 6a08d70e6 build(deps): bump github/codeql-action from 3.28.8 to 3.28.9 2f971ee2d build(deps): bump docker/setup-buildx-action from 3.8.0 to 3.9.0 2b8a7f253 build(deps): bump lycheeverse/lychee-action from 2.2.0 to 2.3.0 bdb8cb5a8 build(deps): bump golangci/golangci-lint-action from 6.2.0 to 6.3.2 a1c540085 Support for importing layers in the block CIM format. b98378638 move the device after the options when using mkfs.ext4 1fc497218 Fix privileged container sysfs can't be rw because pod is ro by default c51f5d26f perf(zstd): deactivate the low mem decoder b65f3875b build(deps): bump google-github-actions/upload-cloud-storage 841ab361c build(deps): bump github/codeql-action from 3.28.6 to 3.28.8 565b50dbb build(deps): bump google-github-actions/auth from 2.1.7 to 2.1.8 2eb0aa6b9 nri: make OCI spec available on StopPodSandbox 168c49e4d Fix state/root bug in shim sandbox controller 3cdfc1003 core/remotes: Handle attestations in MakeRefKey e751b6bb1 core/images: Ignore attestations when traversing children 83b65e52f Revert "Add timestamp to PodSandboxStatusResponse for kubernetes Evented PLEG" 0c986c332 build(deps): bump actions/attest-build-provenance from 2.1.0 to 2.2.0 575239789 build(deps): bump actions/stale from 9.0.0 to 9.1.0 48d09104d build(deps): bump github/codeql-action from 3.28.1 to 3.28.6 6d1f6e75d Update upgrade section 5f238fa82 Update to time based releases 886d971f8 Update LTS definition and support horizon a6dc9905c client: add WithExtraDialOpts option 69e82f9cd build(deps): bump the otel group across 1 directory with 8 updates 53d6f3482 build(deps): bump golangci/golangci-lint-action from 6.1.1 to 6.2.0 4b77d4e41 build(deps): bump softprops/action-gh-release from 2.2.0 to 2.2.1 22e77720b build(deps): bump github/codeql-action from 3.27.9 to 3.28.1 f572a6db9 build(deps): bump lycheeverse/lychee-action from 2.1.0 to 2.2.0 36d3888cf build(deps): bump actions/upload-artifact from 4.4.3 to 4.6.0 19c546c97 build(deps): bump github.com/tchap/go-patricia/v2 from 2.3.1 to 2.3.2 460e5a2e2 build(deps): bump google.golang.org/protobuf from 1.36.1 to 1.36.3 157faf65c update to go1.23.5 / go1.22.11 222308416 Remove noinline in apparmor SpecOpts 2a4164ac8 Remove noinline in seccomp SpecOpts 00fee4adb Transfer Service: enable remote snapshotters 04f9e30db log: avoid using unsupported field by logrus bdc847f1e Remove deprecated WithCDIDevices in oci spec opts e20f7f4a2 Move CDI device spec out of the OCI package 740c5d428 docs: fix some function names in comment b49df6af1 move FuzzCRIServer to go native fuzz 6148dbdd7 Update platforms to latest rc 2f15d6586 Add tests for EROFS snapshotter fd4caef78 Add EROFS snapshotter documentation 2486d542a Introduce EROFS Snapshotter c73c8e5d5 Introduce EROFS differ fb44e37ff Remove confusing warning in cri runtime config migration 6019bcdfb move FuzzContainerdImport to go native fuzz b7a117b46 Fix fuzz integration tests ffbe1b573 Use a order-only-prerequisite for mandir creation b81ace872 Update cimfs snapshotter & differ for new hcsshim interface 58bd48ecf add some doc for shim reap orphan process 09bf281ec fix go-cni race condition 15d3bf9b2 Bump up otelttrpc to 0.1.0 e1aeb37cd ci: fix the issue of config_file unset e65283321 make TestContainerCgroupWritable not parallel 54ed595e1 update runc binary to v1.2.4 79a42eedc ctr: `ctr images import --all-platforms`: fix unpack 63f604728 Add snapshotter exports to unpack platform ef7fa43c9 build(deps): bump golang.org/x/sys in the golang-x group d156d3df9 Benchamrk chainID calculation in unpack 00a11e91d downgrade go-difflib and go-spew to tagged releases 95f45541e Avoid duplicated chain ID calculation in unpack e70977180 change metadata fuzz operations as const and slice instead of map a4e3218e8 change tmp dir creation in fuzz to t.TempDir ee6338188 bump up ttrpc to use its MD.Clone 4f2f12be6 Bump seccomp version to be the same as one in runc repo a8c643cc5 change copyright from ADA Logics to containerd a55083007 Remove github.com/AdamKorcz/go-118-fuzz-build in go.mod 2de103029 Move fuzz tests to go native fuzz [part1] bee64b2b9 Remove loop variable copies 4a4a027f7 build(deps): bump google.golang.org/protobuf from 1.36.0 to 1.36.1 9fc711a8a Clarify Go client API guidance 9bb31b706 build(deps): bump google.golang.org/grpc from 1.69.0 to 1.69.2 f98d5fdb6 build(deps): bump github.com/containerd/cgroups/v3 from 3.0.4 to 3.0.5 1e3d10dc2 Make ovl idmap mounts read-only 652e4d0b1 Add integ test to check tty leak 26a156f4f Update golangci to 1.60.3 aedb079bf fix master tty leak due to leaking init container object 1363849b0 Add integration test 7f3599f09 build(deps): bump golang.org/x/net from 0.30.0 to 0.33.0 fa531f808 Update golangci-lint version in dev tools script 2f37b9da3 build(deps): bump google.golang.org/protobuf from 1.35.2 to 1.36.0 dda702042 Enable Writable cgroups for unprivileged containers 4e4537a87 build(deps): bump google.golang.org/grpc from 1.68.1 to 1.69.0 f6e956c22 build(deps): bump github.com/containerd/imgcrypt/v2 31e129856 build(deps): bump docker/setup-buildx-action from 3.7.1 to 3.8.0 d29751424 build(deps): bump github/codeql-action from 3.27.6 to 3.27.9 a172d2c11 build(deps): bump softprops/action-gh-release from 2.1.0 to 2.2.0 47c4dba40 Unify default transport in docker resolver ef0e70922 Fix runtime platform loading in cri image plugin init aeb414021 build(deps): bump google.golang.org/grpc from 1.67.1 to 1.68.1 23e014140 vendor: golang.org/x/crypto v0.31.0 9b3d999bd vendor: golang.org/x/term v0.27.0 1032fad27 vendor: golang.org/x/text v0.21.0 6764e62cf vendor: golang.org/x/sync v0.10.0 160676647 vendor: golang.org/x/sys v0.28.0 981414521 update runc binary to v1.2.3 ff0d99e02 Add multiple uid/gid mapping test cases to integration tests ec231cdcf Update ctr to support remapper labels with multiple uid/gid mapping entries 8bbfb6528 Update snapshotter opts to support multiple uid/gid mapping entries 8a030d653 Update overlay snapshotter to support multiple uid/gid mappings 168ec21db Update idmapped mount to support multiple uid/gid mappings a11405975 Add RootPair() and serialization routines to userns idmap 1f220b23e feat: update go-cni version for CNI STATUS d76f92f24 update xx to v1.6.1 for compatibility with alpine 3.21 and file 5.46+ 927012243 build(deps): bump actions/cache from 4.1.2 to 4.2.0 73864c520 build(deps): bump github/codeql-action from 3.27.5 to 3.27.6 afee762fb build(deps): bump actions/attest-build-provenance from 1.4.4 to 2.1.0 11b78255d cmd: add syncfs option to ctr command e0459262b Remove After=local-fs.target from containerd.service 6c7b1afe5 Log "container event discarded" as Info 81780a5dd update to go1.23.4 / go1.22.10 2c4c04032 internal/cri: should not apply IoOwner options 4a664772e The task_dir successfully cleans when the file is absent. 4c11d753c ctr pull unpack for default platform using transfer service 6fdc35243 CI: update Fedora to 41 0903f203f fix panic due to nil dereference cgroups v2 b78c5c6ed docs: fix snapshots api import ed39dfa5d Add integration test for custom configuration 8540fed77 complete cri grpc config migration 59a2c3523 Add containerd community call to readme. 17f7858b4 Update differ to handle zstd media types e9d560f1e Unsorted platform conditionals cleanup 485020ca8 fix: loop variable capture issue ea9397793 build(deps): bump github/codeql-action from 3.27.4 to 3.27.5 6c16f3490 build(deps): bump github.com/containerd/cgroups/v3 from 3.0.3 to 3.0.4 5c905fb6c build(deps): bump github.com/stretchr/testify from 1.9.0 to 1.10.0 662d64080 build(deps): bump the k8s group with 5 updates 3961dc9c8 Publish attestation as release artifact 288001f68 move rocky 9.4 to almalinux/9 in CI e24864e48 Clarify release for deprecated registry field removals 34284c507 Add tests for CNI v2 loopback options a21b178f1 *: should align pipe's owner with init process f5b2c3a07 build(deps): bump github/codeql-action from 3.27.1 to 3.27.4 be2c4504e build(deps): bump github.com/containerd/continuity from 0.4.4 to 0.4.5 dd2d89167 build(deps): bump google.golang.org/protobuf from 1.35.1 to 1.35.2 9a7bc5423 update runc binary to 1.2.2 f8819df7c Update install-imgcrypt to allow change install repo f6e30e962 [defaults] Reorganize per-platform defaults 9c7a403a2 [containerd-stress] Use platform-specific default address 9e3ab2332 Move content events to metadata 1b01f396d Revert "Disable vagrant strict dependency checking" 6c1b699bf docs: update schema 1 deprecation information 01c489141 build(deps): bump github.com/containerd/typeurl/v2 from 2.2.2 to 2.2.3 cebca6f87 build(deps): bump the golang-x group with 3 updates 73ae1c66f build(deps): bump lycheeverse/lychee-action from 2.0.2 to 2.1.0 4bd33276c build(deps): bump github/codeql-action from 3.27.0 to 3.27.1 d32ed4a56 build(deps): bump actions/attest-build-provenance from 1.4.3 to 1.4.4 d810c5759 build(deps): bump softprops/action-gh-release from 2.0.9 to 2.1.0 91e4e0967 fsverity_linux.go: Fix fsverity.IsEnabled() for big endian systems f9537ae12 fsverity_test.go: fix major/minor device number resolving 8a8e50e6d fsverity_test.go: fix nil pointer dereference, fix test fail bcc3cc968 update to go1.23.3 / go1.22.9 784116b7d Avoid arch info in the sed/replace when building cri-cni-containerd.tar.gz c130d93c1 make ListContainerStats handle container that is removed before its sandbox a17001b42 build(deps): bump github.com/fsnotify/fsnotify from 1.7.0 to 1.8.0 bc056a5c6 nri: report pod ips to the nri plugins a256f326c bump nri version to get PodIPs 11b1353c1 fix: set the credentials even if not provided 1617fd72e test: prevent segfault in imageverifier test 2447936fc Fix runtimeoptions location in v2 migration 0c2805a6e Report an error when cni confDir removed Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
* conmon: update to v2.1.13Bruce Ashfield2025-06-261-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumping conmon to version v2.1.3-208-gb2f13b0, which comprises the following commits: 2a1dda8 src: Fix terminal resize event processing 4d374fd fix integration github action ede56b9 fix wrong conditions of k8s-file logging f37e9e7 logging: Add container labels to log entries on journald 93dcd63 Makefile: simplify fmt c85e7bb Remove hack/tree_status.sh 0a5e93d Remove hack/kubernetes-e2e 0b024b2 ci: add go.mod/go.sum validation 7c7b0c5 ci/gha: add all-done job 12c3a59 ci/gha: fix branch name 5b51069 Remove old vendored go-md2man 58e4cf4 ci/gha: remove actions/cache 9389c61 Use gofumpt 8cb0c76 runner/conmon_test: rm unused skopeoPath adb68be runner/conmon: rm unused writeConmonPipeData c56cab5 Replace ioutil.TempDir with t.TempDir 4d836a4 Use os.ReadFile/os.WriteFile instead of ioutil c490967 runner: stop using pkg/errors 869f9d2 Use %m instead of strerror(errno) 38ff637 cmsg: error logging nits f464b59 seccomp_accept_cb: fix memory leak 8c35fb5 Remove pwarn macro 775ef67 write_journald: fix logging a warning 0e7fd17 write_oom_adjust: remove extra newlines from ndebugf 238f24a Introduce pwarnf() for better diagnosis of socket/fd write issues. 5412374 Handle descriptor in non-blocking mode properly. Resolves: #490 82de887 Bump conmon version to 2.1.13 24498b5 Install some packages to fix CI 41e2c0d Make timestamp generation never fail. 119db20 Change permissions of logs from 0600 to 0640 02c6ea6 Avoid bogus journal filling errors eec8fa1 Switch go version to 1.19 Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
* catatonit: update to v0.2.1Bruce Ashfield2025-06-261-1/+1
| | | | | | | | | | | | | | | | | Bumping catatonit to version v0.2.1-3-g56579ad, which comprises the following commits: 56579ad main: don't use secure_getenv ead41eb VERSION: back to development bb3b96b VERSION: release v0.2.1 2e85478 CHANGELOG: add changelog file f80876f init: switch to / after spawning subprocess bef5d5f README: explain how docker run --init is supposed to work 064bc9f Add a usage example for Dockerfile in README 65e1b96 fix build with kernel < 5.9 880defa version: back to development 7f0c9bb version: release catatonit 0.2.0 Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
* buildah: update to v1.40.1Bruce Ashfield2025-06-261-3/+3
| | | | | | | | Bumping buildah to version v1.40.0-14-ged56ef16d, which comprises the following commits: 08026ceb3 Builder.sbomScan(): don't break non-root scanners Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
* aardvark-dns: update to v1.15.0Bruce Ashfield2025-06-262-35/+55
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumping aardvark-dns to version v1.15.0-14-g513be8b, which comprises the following commits: d71294c release v1.15.0 06fbfe4 release notes for v1.15.0 ce41695 github: add automatic release action ca22339 deps: update nix to 0.30.1 75ace53 fix(deps): update rust crate tokio to 1.45.0 d00ef95 fix(deps): update hickory-dns monorepo to 0.25.2 b234db7 Makefile: use cargo --locked in CI eab2ed1 ci: ensure tree is clean after build 7b9f20a fix(deps): update rust crate clap to ~4.5.37 ce81a00 chore(deps): update rust crate chrono to 0.4.41 407b816 chore(deps): update dependency containers/automation_images to v20250422 767eae2 fix(deps): update rust crate libc to 0.2.172 fef43b7 .github: check_cirrus_cron work around github bug e451092 fix(deps): update rust crate tokio to 1.44.2 0d6c386 update hickory to 0.25.1 03526d6 fix(deps): update rust crate clap to ~4.5.34 70df6f2 Add link to c/common contributor's guide f79abf4 chore(deps): update dependency containers/automation_images to v20250324 a0473ec update log to 0.4.27 ce420ef fix(deps): update rust crate tokio to 1.44.1 a70c535 test: use ncat not nc 9ae36da fix(deps): update rust crate libc to 0.2.171 aa2b388 fix(deps): update rust crate tokio to 1.44.0 d7e7464 .github: remove cirrus rerun action Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
* containers: adapt to UNPACKDIR changesBruce Ashfield2025-06-2533-79/+32
| | | | | | | | | | | | | This commit updates the container recipes to the OE core UNPACKDIR changes. - We drop references to WORKDIR - We adjust destsuffix fetches to use BB_GIT_DEFAULT_DESTSUFFIX instead of 'git' - Update our GOPATH references to use UNPACKDIR - Drop S = assignemnts where possible Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
* kubernetes: rename CNI_NETWORKING_FILESChangqing Li2025-06-122-2/+2
| | | | | | | | | | | | | | | | | | | | | | | Rename CNI_NETWORKING_FILES to 00_cni-containerd-net.conflist. According to the following k8s doc, k8s networking file will be used when both containerd-cni and kubernetes-cni both installed. "If there are multiple CNI configuration files in the directory, the kubelet uses the configuration file that comes first by name in lexicographic order." This commit can fix following issue: PACKAGE_CLASSES = "package_deb" do_rootfs failed with error: dpkg: error processing archive /path/to/oe-rootfs-repo/corei7-64/./kubernetes-cni_v1.32.0+git0+5fe148234f_release-r0.deb (--unpack): trying to overwrite '/etc/cni/net.d/cni-containerd-net.conflist', which is also in package containerd-cni v2.0.5-r0 Refer [1], "--no-force-overwrite" is set for dpkg, so above error occurred. [1] https://git.openembedded.org/openembedded-core/commit/?id=cb95ba079960411775c57ab864d266e15a6292d1 Signed-off-by: Changqing Li <changqing.li@windriver.com>
* podman: remove ptestChen Qi2025-06-122-39/+1
| | | | | | | | | | | | | The ptest was added almost three years ago and since then nobody ever fixed anything. It's almost impossible that the ptest never failed. As an evidence, for the current version, the test cases cannot even run. Remove this ptest. People who care about podman ptest should be maintaining it. Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
* docker-compose: limit the amount of data copiedBruce Ashfield2025-04-182-2/+32
| | | | | | | | | | | | | | | The AWS dependency includes a VERY large set of directories, which are over 9G in size. To avoid some of this data movement, we suggest shallow clones and update our vendor rsync to exclude directories over 500M. This drastically speeds up the copy and overall build time. More investigation needs to be done, and perhaps a switch away from git clones for this recipe as the data over the network during fetch is still an issue. Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
* podman: fix PACKAGECONFIG QA errorsBruce Ashfield2025-04-091-5/+7
| | | | | | | | | | | | | | | bitbake now errors if PACKAGECONFIG is used, but doesn't have entries for the possible values in the variable. podman was using PACKAGECONFIG as a local feature variable in one case (docker) and in the other, was later adding a RDEPEND that could have been done via the packageconfig directly (rootless). The docker issue is fixed by creating a PODMAN_FEATURES variable and testing on it, and the rootless one is fixed by using PACKAGECONFIG to add the rdepends Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
* docker-distribution: fix assignment operation whitespaceBruce Ashfield2025-04-041-1/+1
| | | | | | | The scripted assignement operator cleanup incorrectly caught BUILDTAGS, which breaks our build. Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
* cri-tools: fix assignment operation whitespaceBruce Ashfield2025-04-031-1/+1
| | | | | | | The scripted assignement operator cleanup incorrectly caught BUILDTAGS, which breaks our build. Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
* criu: update to v4.1Bruce Ashfield2025-04-036-66/+110
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Along with the new commits we adjust the following: - refreshed patches - pytoml fixes for crit plugin - debug prefix map for cuda Bumping criu to version v4.1, which comprises the following commits: b6059ff19 criu: Version 4.1 (CRISC-V) bc1415317 criu: fix log_keep_err signal deadlock 0f6470944 namespace: skip cleaning up the uid/gid map in error cases 6826ac58c ci: run tests on a nftables only system 700a8c4b5 ci: do not run tests requiring iptables if it is missing f22330ff0 test: print out logs if tests fail 29ccb5b62 test: others/rpc do not use nftables locking backend 95729ec32 docs: mark make commands with same format as elsewhere 2cd9d5ded docs: update INSTALL.md with a section about building CRIU 867c77303 make: allow setting the default network locking backend 720bf67e0 zdtm/vdso02: unmap vvar_vclock mappings 62a4a5874 vdso: correct data types for ELF hash table sizes b8553d19e test/zdtm: check that PAC keys are C/R-ed 8ae5db37b arm64: C/R PAC keys c5d46d86a restorer: Add a lock around cgroupd communication. 7748b3fe7 pstree: print clone flags in error message d85550157 vdso: Fixes in DT_GNU_HASH handling ed6374b48 lsm: use the user provided lsm label d35808f5e ci: update to latest actions for codeql CI job c298b51a6 scripts/uninstall_module: import signal module 38b9807cd coredump: enable coredump generation on arm da90b33a4 coredump: enable coredump generation on aarch64 030fa4aff criu: fix internal representation of cgroups hierarchical structure b7fa7d304 kerndat: run iptables with -n to not resolve service names 528c94c48 ci: install gawk for Fedora based tests d66bc3499 Makefile: move codespell options to .codespellrc 8a06ca27c vdso: switch from DT_HASH to DT_GNU_HASH (aarch64) 6710cfce1 zdtm/netns_sub_sysctl: add ipv4/ping_group_range sysctl check 4ca74b9af net/sysctl: c/r ipv4/ping_group_range value 9c40781c2 net/sysctl: put common multiplier outside the brackets d226bd4f6 ci: handle results from latest codespell e2dffcbc8 lib: do not set protobuf has_* field too early 82b03429b cuda: disable CUDA plugin for pre-dump 7f0d107fe seize: use separate checkpoint_devices function 02056bf41 cuda: prevent task lockup on timeout error f83931542 net: remember the name of the lock chain (nftables) 54795f174 criu: use libuuid for criu_run_id generation 815ef6884 ci: two check-commits.yml changes 061f4266e test/zdtm: add a new test to check non-periodic timers 09dc2e958 timer: Refine itimer_armed logic and improve timer value handling aad66a4f7 test: fix cmdlinenv00 on aarch64 2b7492480 files-reg: fix buffer overflow on aarch64 6fdac5081 seize: Adjust the position of the log message 97398068b net: redirect nftables stdout and stderr to CRIU's log file 6dce80c53 util: added cleanup_file attribute. 260c08418 zdtm: Check CapAmb is restored correctly after C/R 6f8efad30 cr: Task CapAmb support 94b9b3c5d freeze_processes: implement kludges for cgroup v1 82f4ecda6 freeze_processes: fix logic 99e1fbd8a criu/seize.c: clang-format it a8754905c test: run scm06 in the ns and uns flavors 15c81c126 test/java: increate the ghost file limit dc6cef0b4 cuda: Fix return value from CHECKPOINT_DEVICES hook so that dump's fail properly 8ee2eba47 vdso: handle vvar_vclock vma-s ed560a349 pidfd: add missing include 40b7f04b7 compel/arch/riscv64: properly implement compel_task_size() 399d7bdcb compel: fix gitignore and remove autogenerated code 21e5f4cfd test: add get-state to mocked cuda-checkpoint tool 28c2cb3fd cuda: enable checkpoint support for paused tasks 498bcf280 zdtm: Check many processes with common dead pidfd 7125bfc69 pidfd: one process creates a helper and opens all fds to it b1cac7a8e cuda: fix check for GPU device availability 36a53fe23 ci: test interrupt-only mode with frozen cgroup 4196268ee seize: enable support for frozen containers ff9dbef90 seize: fix error handling for check_freezer_cgroup 622b43392 criu: Initialize util before service worker starts 9052ef93c uffd: Disable image deduplication after fork 2be958d22 include: don't use GCC's __builtin_ffs on riscv64 da6b1807e ci: add workflow for riscv64 bb29067de zdtm: add riscv64 support 6d970ed04 criu: add riscv64 support to parasite and restorer 1d028ef44 images: add riscv64 core image 95359a62a compel: add riscv64 support d8f93e7ba include: add common header files for riscv64 c49eb18f9 pidfd: block SIGCHLD during tmp process creation 5ca440069 zdtm: add inventory test plugins 5335b35f7 images/inventory: add field for enabled plugins b524dab32 pycriu: fix lint errors 88aa7e2c1 make/lint: use 'ruff check <path>' f29e655df zdtm: Check pidfd for thread is valid after C/R 7a64004dc zdtm: Check fd from pidfd_getfd is C/Red correctly 2e6f34845 zdtm: Check dead pidfd is restored correctly 3f30ec0ed zdtm: Check pidfd can kill descendant processes 2899d4600 zdtm: Check pidfd can send signal after C/R 3096df9ea zdtm: Check pidfd fdinfo entry is consistent 1ce408ffa criu: Support C/R of pidfds 3322d1e94 images: Add protobuf definition for pidfd 4f8f6f288 Makefile.config: set CR_PLUGIN_DEFAULT variable f1d465448 amdgpu: remove exec permissions on source files c2b48ff42 criu: Version 4.0 (CRIUDA) a8cbe76d4 util: dump fsfd log messages 096c1f7a4 plugins/amdgpu - Increase maximum parameter length 60ee5ebd9 plugins/amdgpu: Zero ib_info on initialization 691899889 plugin/cuda: disable CUDA plugin if /dev/nvidiactl isn't present e1331a4b6 fault: allow to check dont_use_freeze_cgroup 651df375b criu: Allow disabling freeze cgroups 59f49c627 codespell: fix typos edb6fbb82 scripts/uninstall_module: fix package discovery b1b3c14b1 cuda: unlock on timeout error dbfa45024 ci: run aarch64 tests native via actuated 8beac656f coredump: fail on unsupported architectures early d44fc0de5 test: only run macvlan tests if macvlan devices can be created 01c65732b test: better test for SELinux tools 615ccf98c crit: do not crash on aarch64 doing 'crit x ./ rss' 21ea718f9 plugins/amdgpu: fix printf format specifiers 3e2ed1879 plugins/amdgpu: use C99-standard types d68205e91 ci: enable cross compile testing for amdgpu-plugin 2ee584441 plugins/amdgpu: fix cross-compilation 9a19cf34d scripts/ci: run tests with the mocked cuda-checkpoint tool de31abb97 criu/plugin: don't call plugin device hooks for non-alive tasks dea630591 test/zdtm: allow to run tests with the mocked cuda-checkpoint tool 67fe44e98 support user set remote mmap vma address 551cd9244 timer: fix printf specifiers for __suseconds64_t a045c874c ci: run tests with amdgpu and cuda plugins 2453ed69a zdtm: add option to run tests with criu plugins ad66c27a1 cuda: fix launch cuda-checkpoint fde0b7ac6 cuda: don't leak fds to cuda-checkpoint 4dde52a30 ci/podman: show mounts 9a85fb638 ci/podman: show criu logs in case of error 8437663cc delete redundant include header files c42b58f4f plugin: enable multiple plugins for the same hook 85050be66 seize: fix pause-devices plugin hook 21108b40d test/zdtm: mount a new tmpfs to the zdtm root /dev fcbadfbdb plugins: set executable bit on .so files 5783706d5 docs: update amdgpu-plugin man page 089345f77 Adjust to glibc __rseq_size semantic change b9081ca56 zdtm: make cgroup testcases run non-parallel 4f45572fd util: use close_range when it's supported 42b177da6 scripts/build: drop centos 7 targets 181583819 vdso: proxify the __vdso_clock_gettime64 function ac22aaf57 apparmor: get_suspend_policy must return NULL in error cases 71999d888 cgroupd: unblock SIGTERM to make stop_cgroupd actually work daed6c353 irmap: duplicate string in irmap_scan_path_add b169e3b63 plugins/cuda: fix crosscompilation ca971b7f8 compel: fix build on Amazon Linux 2 due to missing PTRACE_ARCH_PRCTL bf417dd05 criu/plugin: Add NVIDIA CUDA plugin 5f486d5ae criu/plugin: Introduce new plugin hooks PAUSE_DEVICES and CHECKPOINT_DEVICES to be used during pstree collection 1012e542e criu: Restore rseq_cs state slightly earlier in the restore sequence and run the plugin finalizer later in the dump sequence 7ac453706 readme: update link to FAQ page 4f15fe8c5 make: improve check for externally managed Python fdf546dbd ci: upgrade to Fedora 40 Vagrant images (38 is EOL) f17164926 test/dump-crash: check code path when dump crashes a252a240c zdtm: Distinguish between fail and crash of dump 6feb57a84 ci: remove CentOS Stream 8 test (EOL) 1da29f27f zdtm: add support for LD_PRELOAD tests e7276cf63 pagemap-cache: handle short reads cc88b1e1f net: Fix TOCTOU race condition in unix_conf_op 457bc6a8f criu: use proper format-specified to accommodate time_t 64-bit change 95f66d13d criu: move sigact dump/restore code into sigact.c 9c8a6927a ci: update check for SELinux b3c3422cd test/make: remove unused target 30aa8dbe4 mount: fix unbounded write 708f872a6 sk-tcp: Add test cases for TCP_CORK and TCP_NODELAY socket options 9ba9aff77 sk-tcp: Move TCP socket options from SkOptsEntry to TcpOptsEntry 1cb75c0b1 sk-tcp: Move TCP socket options from TcpStreamEntry to TcpOptsEntry 13854a988 criu: fix a fatal failure if nft doesn't work df178c7e5 sk-tcp: cleanup dump_tcp_conn_state error handling 4607b5356 mem: optimize debug logging of enqueued pages f4290868b ci/vdso01: fix typo e68a06cfd ci: update actions/checkout to v4 5aaf45021 ci: update base OS to ubuntu 22.04 1c2a3d7fa check: verify ino and dev of overlayfs files in /proc/pid/maps e07ffa04b Makefile.config: fix/improve feature warnings. af4058871 timer: fix wrapping allignment in function declaration 0fc83a79b ci: silence CircleCI warning about deprecated image 52623cca1 criu: move timers dump/restore code into separate file 231ba0cd2 zdtm/sched_policy00: use reset-on-fork flag 75fed59ef Add support for reset-on-fork scheduling flag 8f0e200e6 mem: fix some VMAs being incorrectly mapped wtih PROT_WRITE a2b018a18 ci: try to fix broken docker test a48aa33ea restorer: shstk: implement shadow stack restore 7dd583002 restore: add infrastructure to enable shadow stack f47899c9e criu: kerndat: add kdat_has_shstk() 2ebd1a4f0 criu: shstk: prepare shadow stack parameters for restorer blob 4b6dda7ec criu: shstk: premap and prepopulate shadow stack VMAs 17eda3ce5 criu: shstk: add VMA_AREA_SHSTK flag 0aba3dcfa compel: shstk: prepare shadow stack signal frame 63a45e1c8 compel: infect: prepare parasite_service() for addition of CET support 6e491a19a compel: shstk: save CET state when CPU supports it 17f4dd095 compel: always pass user_fpregs_struct_t to compel_get_task_regs() 0b8c51eaa compiler: add ALIGN_DOWN macro f590c2b63 zdtm/static: check that cgroup layout of threads is preserved a0a6ec3dc cgroup: Add support for restoring a thread in a correct v1 cgroup 835afb1b8 criu-ns: fix lint error e0b74f558 make: replace flake8 with ruff 7fd4a15e6 pb2dict: fix flake8 error e0f91e66e kerndat: check support for PAGE_IS_SOFT_DIRTY a808f09be amdgpu_plugin: fix lint errors bd17bd43e sk-inet: fix codding style in restore_ip_opts 895a16c13 zdtm: Added tests for IP_TTL restore 71102e7f7 sk-inet: Added IP_TTL socket option 0d5923c95 amdgpu_plugin: Refactor code used to implement Checkpoint 733ef9631 amdgpu_plugin: Refactor code in preparation to support C&R for DRM devices b689a6710 plugin/amdgpu: Also don't print 'plugin failed' in criu 59599dacd plugin/amdgpu: Don't print error for "No such process" during resume 92e8f9293 net: return bool with iptable_has_criu_jump_target a62f82730 criu-log: remove unused declaration d2511707f zdtm: socket-tcp-nft-nfconntrack: add a hook to the chain in nft case afc0efcf7 pagemap-cache: add an ability to run tests without PAGEMAP_SCAN cb64d73ad page-cache: use the PAGEMAP_SCAN ioctl when it is available 20628bc8a kerndat: check the PAGEMAP_SCAN ioctl 842289c7e net: add error messages for restore of nftables d94251df7 test/nfconntrack: use nft or iptables-legacy 0ab2f9e97 net: fix network unlock with iptables-nft d9c427d70 irmap: hardcode some more interesting paths b419f3dfd make: fix compilation on alpine 7b689b7a4 gitignore: remove historical left-over files 2d1f4ec71 ci: disable non-root in user namespace test in container fe8f5130c ci: fix centos-stream 9 ci errors 6679d60ff ci: do not use 'tail' for skip-file-rwx-check test f86f1b849 tty: skip ioctl(TIOCSLCKTRMIOS) if possible 8a51639e3 Makefile: Use common warnings settings for loongarch64 37d62fa47 docker-test: downgrade docker to v24.0.7 1004625fa docker-test: fix condition for max tries 088390ea8 ci: switch to permissive selinux mode during test 900909d95 test: check for btrfs in the current directory fc94b2d15 ci: fix rawhide netlink error 9f9737c80 comple: correct the syscall number of bind on ARM64 f8b14286b criu: Version 3.19 (Bronze Peacock) Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
* metadata: relocation.inc: add whitespace around assignmentsMartin Jansa2025-04-033-3/+3
| | | | | | | | | With: https://lists.openembedded.org/g/bitbake-devel/message/17508 there are many WARNINGs from this layer Signed-off-by: Martin Jansa <martin.jansa@gmail.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
* metadata: src_uri.inc: add whitespace around assignmentsMartin Jansa2025-04-033-730/+730
| | | | | | | | | With: https://lists.openembedded.org/g/bitbake-devel/message/17508 there are many WARNINGs from this layer Signed-off-by: Martin Jansa <martin.jansa@gmail.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
* metadata: add whitespace around assignmentsMartin Jansa2025-04-0314-18/+18
| | | | | | | | | | With: https://lists.openembedded.org/g/bitbake-devel/message/17508 there are many WARNINGs from this layer will cover src_uri.inc files in next commit. Signed-off-by: Martin Jansa <martin.jansa@gmail.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
* netavark: add whitespace around assignmentsMartin Jansa2025-04-031-1/+1
| | | | | | | | | | | With: https://lists.openembedded.org/g/bitbake-devel/message/17508 there are WARNINGs like: WARNING: meta-virtualization/recipes-containers/netavark/netavark_1.14.1.bb: meta-virtualization/recipes-containers/netavark/netavark_1.14.1.bb:25 has a lack of whitespace around the assignment: 'PACKAGECONFIG[aardvark-dns]= ",,, aardvark-dns"' Signed-off-by: Martin Jansa <martin.jansa@gmail.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
* nerdctl: update to v2.0.3Bruce Ashfield2025-03-245-316/+862
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumping nerdctl to version v2.0.3-249-g497c7cf7, which comprises the following commits: bd7cbb38 Stop sharding cache per containerd version 99d03ee8 Dockerfile: update buildkit to 0.20.1 cc81c720 Remove golanci-lint action 430c57c5 Update Canary and EL8 titles 1d372563 update RootlessKit (2.3.4) 27b91ecf ensure logger completion after container exit e33a85f9 Dockerfile: remove "goversion" stage 98a531a2 Move GHA to zstd compression bc4642a4 build(deps): bump the golang-x group across 1 directory with 6 updates f19eb5a3 CI: simplify setting up Lima 7505c3f5 Replace hack/verify-no-patent.sh with depguard e52580ee Adding document analyzing CI/dockerfile f7901228 Disable buildx output for dependency stage 3daef1cb Implement updated test matrix 699c8509 Fix broken lint-license task 9182ea4e Increase wait for ensurecontainerstarted a81136c2 Fix kubectl download url bd5bcca4 Fix referenceutil.FamiliarMatch SIGSEGV ce10c922 Update containerd/project-checks (1.2.2) d80c2cf4 Fix alma ci target 34e44e7b Migrate TestRunDevice test d9a0e87b Quiet out apt-get calls 0296acd3 Use makefile task to install golangci 0b606c7f build(deps): bump github.com/opencontainers/image-spec 121c656f build(deps): bump actions/cache from 4.2.1 to 4.2.2 678822a9 --quiet image pulls in tests 4d76aa96 CI: drop Ubuntu 20.04, add AlmaLinux 8 147ebca4 [ci] rollback setup vagrant comment 6d3c49a7 Fix test TestNoneNetworkHostName 62c1565b Add golangci and yamllint to tigron 077558c8 Lint fixes 7f049905 Move to creack pty 0020c912 Makefile fixes ea685aed Add qemu/rosetta notes 8af2e4c2 Update containerd v2.0.3 e58ceaa6 build(deps): bump github.com/containernetworking/plugins d432a4a1 build(deps): bump github.com/containerd/containerd/v2 ca1fd3cb build(deps): bump github.com/opencontainers/runtime-spec 37e5e59d build(deps): bump docker/setup-qemu-action from 3.5.0 to 3.6.0 898e3e46 Harden test pty error handling e21e4b2c Cleaning variables and function names in cmd 0e883056 Fix apparmor host check to include aa-parser a5a7f181 build(deps): bump actions/cache from 4.2.1 to 4.2.2 5220350d add hostsPath to inspect response 88e9c5d9 Rename NO_COLORS 715cb0c2 Enforce pkg isolation as part of golangci f99a5635 build(deps): bump the docker group with 2 updates d52eaf3e build(deps): bump docker/metadata-action from 5.6.1 to 5.7.0 166ace96 build(deps): bump docker/build-push-action from 6.14.0 to 6.15.0 18e52416 build(deps): bump docker/setup-qemu-action from 3.4.0 to 3.5.0 14b3ace1 build(deps): bump docker/setup-buildx-action from 3.9.0 to 3.10.0 44b8b584 Fix kube-hide-dupe docs typo ef92eec5 build(deps): bump golang.org/x/crypto in the golang-x group 4b765cd8 Reorg test package 9210685b Makefile cleanup b41e8c98 Normalize all command variables to cmd 701e5563 goimports-reviser: remove hack 7fcde18b Disable golangci preflight config validation 11f6fe2c go.mod: set minimum Go version to 1.23 7341e841 CI: set GOTOOLCHAIN=local 18df1402 update Go (1.24) cd151127 CI: arm64-8core-32gb -> ubuntu-24.04-arm 01d3cafb Increase CI run timeout 0d62b98e Restrict EnsureContent to the requested platform 745aaf7f CI: set fail-fast to false 10ddc598 build(deps): bump github.com/go-jose/go-jose/v4 from 4.0.4 to 4.0.5 37d99587 feat: add hostConfig to nerdctl inspect response c2c1d4a0 Rewrite signal tests d90729c8 Add test tooling for signals 16e22577 Make subpackage test a separate module 655171c7 Remove unbuffer from container tests c7919f93 Prevent acquire from blanking hosts file 3b59119e Cleanup XDGRuntime logic 0128d4a8 Remove forked sysinfo package 11e6d04b Tests to error on timeout a687e2c9 Rewrite detach tests without unbuffer 8664311c feat: add signal option to containerRestart 8bef3618 docs: add --log-driver=none to run command reference c1694998 Support bind propagation options in Compose volume long syntax 4e0688b7 build(deps): bump github.com/containerd/accelerated-container-image a0f12369 build(deps): bump github.com/klauspost/compress from 1.17.11 to 1.18.0 59b48e63 build(deps): bump docker/build-push-action from 6.13.0 to 6.14.0 3eb9a963 build(deps): bump actions/cache from 4.2.0 to 4.2.1 d3f5d105 add tests b45d96db build(deps): bump github.com/spf13/cobra from 1.8.1 to 1.9.1 31a7ab84 build(deps): bump golangci/golangci-lint-action from 6.4.1 to 6.5.0 99210b69 add signal option to container stop command 893a3937 feat: add support for 'domainname' option in container create 5ffcba6e Fix FATA error when inspecting images in native mode 3f496b8c Cleanup old/unused helpers 105e5eba Remove require daemon version for >=1.6 8675cc6c build(deps): bump golangci/golangci-lint-action from 6.3.2 to 6.4.1 cb416319 Add pty support for testing 94c271e8 update runc (1.2.5) 974bc843 fix: network cleanup called twice 4e111d32 docs(nerdctl-compose): add missing details in command-reference.md 4722dd6f build(deps): bump github.com/compose-spec/compose-go/v2 3680b00a build(deps): bump gotest.tools/v3 from 3.5.1 to 3.5.2 3f7b70fa build(deps): bump golang.org/x/net in the golang-x group a6086d1e build(deps): bump golangci/golangci-lint-action from 6.3.0 to 6.3.2 d64ab5a9 enable host name and default resolv.conf and hosts file in none network 402bd2a2 build(deps): bump docker/setup-qemu-action from 3.3.0 to 3.4.0 0f17259a build(deps): bump golang.org/x/crypto in the golang-x group c6666e3f fix nerdctl-full SHA256SUMS fails cf95ae0e Reduce file permissions c4a795fa build(deps): bump docker/setup-buildx-action from 3.8.0 to 3.9.0 5e36bef0 build(deps): bump golangci/golangci-lint-action from 6.2.0 to 6.3.0 fd0bcbe5 build(deps): bump the golang-x group with 4 updates 2ecc3944 Fix apparmor test not running 38636145 Prevent reference filter from failing on dangling images 2b07c188 build(deps): bump github.com/spf13/pflag from 1.0.5 to 1.0.6 8a80469c Harden journald test 7565cebb build(deps): bump github.com/cyphar/filepath-securejoin 653c6de0 test: Add a test for container access with 127.0.0.2 specified in -p in rootless mode 82791bf6 fix journald logger exit and wait behavior 2a750939 Consistently use WithError when logging errors instead of %s 17bbdffd Consistently use %w instead of %s or %v when wrapping errors 6e5e943b fix: prevent panic in nydus snapshotter inspect 7f433aaa Fix socket address not being updated properly 10e4cda3 Test portability fix: ensure tini-custom is here 7c9d25ad Disable systemd test on arm64 fe59974d build(deps): bump docker/build-push-action from 6.12.0 to 6.13.0 99bd7728 Fix test time to use UTC 73520336 Skip TestRunBindMountPropagation a6fe6c15 Fix wrong error comparison ec6a6abd Relax error on annotations read failure 26c03224 build(deps): bump github.com/ipfs/go-cid from 0.4.1 to 0.5.0 8a0c16c0 build(deps): bump the docker group with 2 updates af3bb999 build(deps): bump github.com/rootless-containers/bypass4netns 84caccfc build(deps): bump actions/setup-go from 5.2.0 to 5.3.0 a4fa4faa integration test: specify IPFS_PATH for IPFS service cb7fc0d4 update BuildKit (0.19.0) e7e27f62 update containerd-fuse-overlayfs (2.1.1) 00e21f75 update bypass4netns (0.4.2) d786133a update RootlessKit (2.3.2) f17df13e update Kubo (0.32.1) 8af25af6 update containerd (2.0.2) 08206c8e build(deps): bump github.com/rootless-containers/rootlesskit/v2 128e6a7c [doc] AppArmor profile setup for rootlesskit ab027adf Correct `compose logs` command reference 9a6426d8 fix: save multiple images for the same image id to a tar archive ae9894e3 build(deps): bump golangci/golangci-lint-action from 6.1.1 to 6.2.0 ef26ad8f reset spec if update returned error 7a4c2528 build(deps): bump docker/build-push-action from 6.11.0 to 6.12.0 fcb900e9 test: Add an test for added logic to TestRunWithInvalidPortThenCleanUp 7bfbd31f fix: Add the logic to clean up an orphaned etchosts directory e3d27107 test: refactor TestRunWithInvalidPortThenCleanUp 70bed8df build(deps): bump github.com/containerd/containerd/v2 Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
* tini: Support posix basename from musl libcKyungjik Min2025-03-242-0/+77
| | | | | | | This fixes building with musl libc. Signed-off-by: Kyungjik Min <dpmin7@gmail.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
* cri-o: Add CONTAINER_DEFAULT_RUNTIME to run-ptestZhang Peng2025-03-241-0/+10
| | | | | | | | | | | | | | | | | | CRI-O version 1.31 and later defaults to crun instead of runc. This change cause ptests to fail if crun is not installed on the target system, as the test runner verifies the runtime's availability using 'command -v "$CONTAINER_DEFAULT_RUNTIME"'. Additionally, CRI-O specifies the runtime via the VIRTUAL-RUNTIME_container_runtime variable as a dependency. This commit explicitly sets the CONTAINER_DEFAULT_RUNTIME environment variable within the run-ptest script, based on the value of VIRTUAL-RUNTIME_container_runtime. This ensures ptests execute with the expected container runtime. Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
* skopeo: update to v1.18.0Bruce Ashfield2025-03-241-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumping skopeo to version v1.18.0-67-ge8d9f916, which comprises the following commits: da1bf9f7 chore(deps): update dependency containers/automation_images to v20250324 7983f20a Remove obsolete build tag syntax 8d000f45 Use the new maps.Keys and slices.Sorted 1f49b2c0 Use slices.Backward a31470d7 proxy: Add GetLayerInfoPiped ec219604 Update github.com/hashicorp/go-multierror 1a38d976 Update github.com/dsnet/compress 49569bcf Complete paths for some transports e7e09255 Don't complete a space after '<transport>:' 9c0f31dc In (skopeo inspect), validate the manifest against a digest reference 9fda7e73 In (skopeo layers), validate the blob against the expected digest a0799484 Always close the blob we are reading from a registry a5182876 fix(deps): update module golang.org/x/term to v0.30.0 b8637922 chore(deps): update dependency golangci/golangci-lint to v1.64.8 56ccf09c ROADMAP: new file 03fa889d chore(deps): update module golang.org/x/net to v0.36.0 [security] 15132e6c Update to Go 1.23 4080a631 fix(deps): update module github.com/containers/common to v0.62.2 cc743c3c chore(deps): update dependency golangci/golangci-lint to v1.64.7 91c6aa61 fix(deps): update module github.com/containers/image/v5 to v5.34.2 d00ea33d fix(deps): update module github.com/containers/storage to v1.57.2 7bd0dc21 .github: remove cirrus rerun action 547141ce fix(deps): update module github.com/opencontainers/image-spec to v1.1.1 a185498c chore(deps): update dependency golangci/golangci-lint to v1.64.6 fad5a31a chore(deps): update module github.com/go-jose/go-jose/v4 to v4.0.5 [security] 5744b9b4 chore(deps): update module github.com/go-jose/go-jose/v3 to v3.0.4 [security] 934ea727 fix(deps): update module github.com/containers/common to v0.62.1 8a44fe6c fix(deps): update module github.com/containers/image/v5 to v5.34.1 c7aaed73 Update for cobra API change 9d73060a fix(deps): update module github.com/spf13/cobra to v1.9.1 5c968d67 chore(deps): update dependency golangci/golangci-lint to v1.64.5 841a1b61 chore(deps): update dependency golangci/golangci-lint to v1.64.4 8c2eff1d chore(deps): update dependency golangci/golangci-lint to v1.64.3 f88186e6 [skip-ci] Packit/TMT: Run system tests ff462b3d PR Labels: apply release label to release- branch PRs 8c20592d chore(deps): update dependency golangci/golangci-lint to v1.64.2 20746ae2 Bump Skopeo to v1.19.0-dev 64361bde Bump Skopeo to v1.18.0 bd1ac466 Switch to the CNCF Code of Conduct 59ec5547 fix(deps): update module golang.org/x/term to v0.29.0 04d65888 fix(deps): update module github.com/containers/common to v0.62.0 137a912c chore(deps): update dependency containers/automation_images to v20250131 52895bc6 fix(deps): update module github.com/spf13/pflag to v1.0.6 b78a4159 fix(deps): update module github.com/containers/image/v5 to v5.34.0 5eba0614 RPM: include check section to silence rpmlint 9764c99d RPM: cleanup gobuild macro for CentOS Stream a81cb65f fix(deps): update module github.com/containers/storage to v1.57.1 85fa4dff fix(deps): update module github.com/containers/storage to v1.57.0 ed0efc69 feat: Add `--retry-delay` Option ab53f644 fix(deps): update module github.com/containers/common to v0.61.1 653db366 fix(deps): update module github.com/containers/image/v5 to v5.33.1 6483de48 fix(deps): update module github.com/containers/storage to v1.56.1 Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
* runc-opencontainers: update to v1.3.0-rc.1Bruce Ashfield2025-03-241-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumping runc to version v1.3.0-rc.1-40-g25d47644, which comprises the following commits: bac33825 build(deps): bump github.com/opencontainers/selinux bc96bc85 libct/seccomp: use maps and slices pkgs 370733b7 libct/cap: rm mapKeys, use maps.Keys, slices.Sorted 3a33b6a3 Make state.json 25% smaller 9c5e687b libct: Use chown(uid, -1) to not change the gid d31e6b87 ci: bump bats to v0.11.0 8e653e40 script/setup_host_fedora.sh: use bash arrays a76a1361 script/setup_host_fedora.sh: remove -p from mkdir af386d1d tests/int: rm some "shellcheck disable" annotations b48dd651 ci: bump shellcheck to v0.10.0 6e5ffb7c Makefile: bump shfmt to v3.11.0 53931553 libct: log a warning on join session keyring failure 9aeb7905 tests/int/selinux: fix skip message 5ac77ed6 libct/int: add/use needUserNS helper 1d9bea53 .cirrus.yml: install less dependencies 1afa1b86 signals: replace unix.Kill with process.Signal 346c80d7 libct: replace unix.Kill with os.Process.Signal 135552e5 CI: migrate Vagrant + Cirrus to Lima + GHA d5fe5303 build(deps): bump golang.org/x/net from 0.36.0 to 0.37.0 000cdef7 build(deps): bump golang.org/x/sys from 0.30.0 to 0.31.0 79e9cf53 doc: update spec-conformance.md 12c2e21f build(deps): bump golang.org/x/net from 0.35.0 to 0.36.0 05e83fc6 deps: bump go-criu to v7 5d6e7e12 VERSION: back to development a00ce11e VERSION: release v1.3.0-rc.1 10ca66bf runc exec: implement CPU affinity d92dd226 performance improvement: setup signal notify in a new go routine a75076b4 Switch to opencontainers/cgroups 6e01e850 CHANGELOG: fwd port 1.2.1 to 1.2.5 changes 537a2276 build(deps): bump github.com/opencontainers/runtime-spec c43ea7d6 exeseal: do not use F_SEAL_FUTURE_WRITE 1d047e44 expose criu options for link remap and skip in flight 559bd4eb libcontainer: rename dmz -> exeseal ad09197e libct: don't send config to nsexec when joining an existing timens 74619689 test: exec into a container with private time ns 28475f12 Retry direct unix package calls if observing EINTR 4e0f7a20 libct/cg/dev: remove specconv dependency 69792827 libct/cg: don't use utils.CleanPath 5e1dcdf5 libct/cg: add internal/path.Inner 271aa88e libct/cg/fs2: rm _defaultDirPath 7bebe68c libct/cg: stop using utils.ProcThreadSelf 42449786 CI: gha: rm ubuntu-20.04 79a4ac05 deps: bump cilium/ebpf to v0.17.3 8db6ffbe libc/utils: simplify CleanPath 26cfe142 release: explicitly set --keyserver in release signing scripts 0e3b5d5b build: bump libseccomp to v2.5.6 d237bc46 .cirrus.yml: use Go 1.24 16d73367 Require Go 1.23.x, drop Go 1.22 support 87420749 CI: add Go 1.24, drop go1.22 99f9ed94 runc exec: fix setting process.Scheduler b9114d91 runc exec: fix setting process.ioPriority 73849e79 libct: simplify Caps inheritance 049a5f76 libct/cap: allow New(nil) f26ec922 libct: rm Rootless* properties from initConfig 2a86c357 libct: document initConfig and friends 13277b20 build(deps): bump golang.org/x/net from 0.34.0 to 0.35.0 4b87c7d4 Fixups for newProcess 8fbdb7e7 setupIO: optimize c4eb0c61 libct: createExecFifo: optimize 5d2e2445 execProcess: move some code to newProcess c283ed10 tests/int: add hooks argv[0] test 8529591c build(deps): bump google.golang.org/protobuf from 1.36.4 to 1.36.5 746a5c23 libcontainer/configs/validate: improve rootlessEUIDMount 055041e8 libct: use strings.CutPrefix where possible 259b71c0 libct/utils: stripRoot: rm useless HasPrefix ecf74300 libct/cg/fscommon: GetCgroupParam*: unify ef983f51 libct/cg/fscommon: ParseKeyValue: stricter check d83d533b libct/cg/fscommon: GetValueByKey: use strings.CutPrefix f1348712 libct/cg/fscommon: ParseKeyValue: use strings.Cut e9855bda libct/cg/fscommon: use strings.Cut in RDMA parser 930cd494 libct/cg/fs2: use strings.Cut in parsePSIData 40ce69cc libct/cg/fs2: use strings.Cut in setUnified 037668e5 libct/cg/fs2: simplify parseCgroupFromReader 075cea3a libcontainer/cgroups/fs: some refactoring 4271ecf7 libct/cg/fs: refactor getCpusetStat bfcd479c libct/cg/fs: getPercpuUsage: rm TODO 871d9186 exec: improve getSubCgroupPaths 7149781f exec: use strings.Cut to parse --cgroup ec9b0b5f runc list: use standard os/user 52f702af libct: earlier Rootless vs AdditionalGroups check 7dc24868 libct: switch to numeric UID/GID/groups b55167e0 tests/int/exec --user: check default HOME ccb589bd libc/int/userns: add build tag to C file d84388ae libct/cg/sd: set the DeviceAllow property before DevicePolicy a274d275 build(deps): bump golang.org/x/sys from 0.29.0 to 0.30.0 54fa0c55 capabilities: be more graceful in resetting ambient f414b534 CI: fix criu-dev compile 8e5bb0d8 deps: roll back to cilium/ebpf v0.16.0 6c9ddcc6 libct: switch from libct/devices to libct/cgroups/devices/config 200f5631 libct/devices: move config to libct/cg/devices/config 70e500e7 deps: update to github.com/cyphar/filepath-securejoin@v0.4.1 24ec764a build(deps): bump google.golang.org/protobuf from 1.36.3 to 1.36.4 33315a05 libcontainer: if close_range fails, fall back to the old way 111e8dcc libcontainer: Use MaxInt32 as the last FD to match kernel size semantics 7b26da9e libcontainer: Prevent startup hang when CloseExecFrom errors 9af79522 build(deps): bump google.golang.org/protobuf from 1.36.2 to 1.36.3 a50e6872 tests/int: simplify assignments a22ea827 tests/int/hooks_so: don't hardcode soname 1890af6d support cgroup v1 mounted with noprefix af929228 RELEASES: add formal release policy for runc Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
* podman-tui: update to v1.4.0Bruce Ashfield2025-03-241-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | Bumping podman-tui to version v0.9.0-438-g204d054c, which comprises the following commits: 204d054c Bump to v1.4.0 59a9904e README.md fix demo link 8460ac45 Bump golang.org/x/crypto to v0.33.0 db872518 Bump github.com/containers/buildah from 1.38.1 to 1.39.1 87d8ab15 bugfix panic in system events 610cf9fc Bump github.com/go-jose/go-jose/v4 from 4.0.4 to 4.0.5 aa8a4771 Bump github.com/spf13/cobra from 1.8.1 to 1.9.1 7c30fa9d Bump podman to v5.4.0 9a57aeb7 enhance: merge READMEs a07daf87 docs: enhance directory structure 53146731 Bump github.com/containers/podman/v5 from 5.3.1 to 5.3.2 958a2a44 packit update epel + centos stream af4b22fa Bump golang.org/x/net from 0.30.0 to 0.33.0 d8f0ffb3 Bump github.com/gdamore/tcell/v2 from 2.7.4 to 2.8.1 086842a2 Bump golang.org/x/crypto from 0.31.0 to 0.32.0 f1f1ff11 Bump golang.org/x/crypto from 0.29.0 to 0.31.0 0e8ff20e Bump to v1.4.0-dev 37019c2f Bump to v1.3.0 Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
* podman-compose: update to v1.3.0 -tipBruce Ashfield2025-03-241-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumping podman-compose to version v1.3.0-107-g4d899ed, which comprises the following commits: f9489af Allow merging of args in both list and dict syntax 65b455f Fix project name evaluation order 1aa750b integration/tests: Test project name override with COMPOSE_PROJECT_NAME env variable 98b9bb9 Fix interpolation for COMPOSE_PROJECT_NAME 170411d test/integration: Test COMPOSE_PROJECT_NAME interpolation f5a6df6 added changes to release notes f106ea0 modifications to pass pylint test b748c26 add try-except block to handle error in case of shutdown error 3973c47 catch SIGINT signal properly in 'up' function and call compose 'down' function for a graceful shutdown 2e7d83f Properly surface errors from build commands 8ef537e test/integration: Automate manual `selinux` test d476071 Don't raise exception on inexistent services in 'down' command 202c377 test/integration: Automate manual `uidmaps` test b9f2779 Add hook to check for signoff in commit messages 4cd1642 Add quiet flag to podman-compose config fd40133 added release note to newsfragment directory 37b27fa Refactor event loop handling to simplify logic for Windows platforms c6b3d49 Adds lint exclusions already ignored by the code 10ad739 Replaces black with ruff on pre-commit-config 784d798 Fix event loop handling for Windows platform in compose_up function 81a0a59 Add more logging tests c289a3b Fix logging test coding style baccce4 Fix comments related to logging cbc5a8c Add newsfragment for interface_name option aeaceed integration test for x-podman.interface_name option b1eb558 Document existence of x-podman.interface_name 1cdc9e6 interface_name can be specified in net_config_ 838957b test/integration: Automate manual 'secrets' test d4e5859 Do not close file descriptors when executing podman bfba7ba tests/integration: Automate manual `seccomp` test 43a2f1d Implement x-podman.pod_args to override --pod-args default eaec193 tests/integration: Describe `pid` test bfea139 tests/integration: Automate manual `no_services` test e626f15 tests/integration: Automate manual `nets_test_ip` test 29404af tests/integration: Automate manual 'nets_test3' test e03d675 Remove incorrect os.chdir call to fix folder error bdb3e4e Throw a readable error on too old Python 105e390 Add support for dockerfile_inline d9ef3d2 tests/integration: Add missing __init__.py for network_scoped_aliases d23ef4f tests/integration: Add missing __init__.py for build_labels test b685bce tests/integration: Move test utils to one test_utils file 7d5bf64 tests/integration: Move test "vol" to corresponding directory 9f7ae38 tests/integration: Move test "ports" to corresponding directory 3cee4e0 tests/integration: Move test "config" to corresponding directory 498a199 tests/integration: Move test "env" to corresponding directory 488908f tests/integration: Move test "env_file" to corresponding directory f7bcc42 tests/integration: Move test "up_down" to corresponding directory a73df71 tests/integration: Move test "build_ulimits" to corresponding directory 50dc19f tests/integration: Move test "network" to corresponding directory 9029dce tests/integration: Move test "nets_test2" to corresponding directory a8282c7 tests/integration: Move test "nets_test1" to corresponding directory f4b775c tests/integration: Move test "nethost" to corresponding directory adf30e0 tests/integration: Move test "multicompose" to corresponding directory 41675c3 tests/integration: Move test "ipam_default" to corresponding directory 6caf2ea tests/integration: Move test "interpolation" to corresponding directory 3093b00 tests/integration: Move test "include" to corresponding directory 1c21d65 tests/integration: Move test "in_pod" to corresponding directory 18e5fd6 tests/integration: Move test "filesystem" to corresponding dir 24bdfd1 tests/integration: Move test "extends_w_file_subdir" to corresp. dir c2d3e15 tests/integration: Move test "extends_w_file" to corresponding directory ba95100 tests/integration: Move test "extends_w_empty_service" to corresp. dir 6022669 tests/integration: Move test "extends" to corresponding directory e29df71 tests/integration: Move test "exit_from" to corresponding directory 21b9d38 tests/integration: Move test "deps" to corresponding directory 4c17ce2 tests/integration: Move test "default_net_behavior" to corresponding dir 09d54e9 tests/integration: Move test "build_secrets" to corresponding directory f1dd9b3 tests/integration: Move test "build_fail" to corresponding directory 87af67f tests/integration: Move test "network_scoped_aliases" to corresp. dir f1d6638 tests/integration: Move test "build" to corresponding directory 69ffff3 tests/integration: Move test "additional_contexts" to corresp. dir 9be3ec9 Add network "dns" support 6e642dc Add network "disable-dns" support 2aa042b expand service environment_variables before adding to subs_dict bc4177f Exclude dependent containers on up if --no-deps. 8206cc3 Run should not add --requires if --no-deps. 48c6c38 build(deps): bump virtualenv from 20.25.1 to 20.26.6 Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
* podman: update to v5.4.1Bruce Ashfield2025-03-241-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumping libpod to version v5.4.1-10-g227df90eb7, which comprises the following commits: 33b4b301fc RPM: Add riscv64 to ExclusiveArch-es 64e2b91ab4 Fix HealthCheck log destination, count, and size defaults bef77d74d7 Win installer test: hardcode latest GH release ID 88a3bfbde2 Packit: Fix action script for fetching upstream commit 405c55b4a4 Bump to v5.4.2-dev b79bc8afe7 Bump to v5.4.1 01a55d9d5c update gvproxy version to 0.8.4 0f20d21240 Update Buildah to v1.39.2 bdcede792f Update release notes for v5.4.1 3e6e003173 Fix reporting summed image size for compat endpoint 090dbc4cee podman-import only supports gz and tar 5327df1921 quadlet kube: correctly mark unit as failed bc37e935ba pkg/domain/infra/abi/play.go: fix two nilness issues 02e8a59774 kube play: don't print start errors twice cd8582d4f0 libpod: race in WaitForConditionWithInterval() ab7c54b4cf libpod: race in WaitForExit() with autoremove 180d55165d Don't try to resolve host path if copying to container from stdin. b716aa17e2 Use svg for pkginstaller banner bff9da4e3a Create quota before _data dir for volumes a15623d12f Packit: clarify secondary status in CI 118aa9ef94 Packit/RPM: Display upstream commit SHA in all rpm builds fea21e9bc0 podman run: fix --pids-limit -1 wrt runc 07d7101429 vendor: update github.com/go-jose/go-jose/v3 to v3.0.4 599a0b71a6 chore(deps): update module github.com/go-jose/go-jose/v4 to v4.0.5 [security] b8b0639e7c wire up --retry-delay for artifact pull 5671cfe3ab Revert "silence false positve from golangci-lint" 2d18a7cc47 update golangci-lint to v1.64.4 0b31c710ce update golangci-lint to v1.64.2 fc63a340f3 silence false positve from golangci-lint e50898e1f7 cmd/podman: refactor Context handling 11ef179de2 fix new usetesting lint issue f5d96a5959 Packit/Copr: Fix `podman version` in rpm fd5eb1fdf3 Remove persist directory when cleaning up Conmon files 223f827213 Bump to v5.4.1-dev f9f7d48b24 Bump to v5.4.0 246011458c Update release notes for v5.4.0 final 3d344ffd26 In SQLite state, use defaults for empty-string checks 2612e3c233 Bump FreeBSD version to 13.4 3d917a395c docs: add v5.4 to API reference 13ebc5860c Update rpm/podman.spec f34d6c76db RPM: set buildOrigin in LDFLAG 6218d42ed6 RPM: cleanup macro defs 18249e10c1 Makefile: escape BUILD_ORIGIN properly d280feb96c rootless: fix hang on s390x fa263d2cc9 Set Cirrus DEST_BRANCH appropriately to fix CI 0f01f00f03 Bump to v5.4.0-dev ad54787bf0 Bump to v5.4.0-rc3 6c78bad0dd Update release notes for v5.4.0-rc3 02eac2979c Add BuildOrigin field to podman info 141eae99b8 artifact: only allow single manifest d5989990d5 test/e2e: improve write/removeConf() 522f9de9e3 Add --noheading to artifact ls 9e83191c8f Add --no-trunc to artifact ls 4cd76ef27b Add type and annotations to artifact add bc8124fd62 pkg/api: honor cdi devices from the hostconfig 57b9709b69 util: replace Walk with WalkDir bc5de3dfc7 fix(pkg/rootless): avoid memleak during init() contructor. 8ee7b117b6 Add `machine init --playbook` 5feb81d9ff RPM: include empty check to silence rpmlint 48459db076 RPM: adjust qemu dependencies 9b67d4c285 Force use of iptables on Windows WSL cadf081554 rpm: add attr as dependency for podman-tests d4f5817862 update gvproxy version fe02e390af [v5.4] Bump Buildah to v1.39.0 9e2e7f2a77 podman exec: correctly support detaching e24ccdd27b libpod: remove unused ExecStartAndAttach() 25674e05cd [v5.4] Bump c/storage to v1.57.1, c/image v5.34.0, c/common v0.62.0 5f6adf4d80 Move detection of libkrun and intel 599da8c50b Prevent two podman machines running on darwin 03b100563e Remove unnecessary error handling bba28688f7 Remove usused Kind() function d475b48766 Bump to v5.4.0-dev 14f6a69dd3 Bump to v5.4.0-rc2 d52277db75 Update release notes for v5.4.0-rc2 fa0e8f0582 Safer use of `filepath.EvalSymlinks()` on Windows 1c111eead7 error with libkrun on intel-based machines 14cd6ff1d2 chore(deps): update dependency pytest to v8.3.4 97323a691a test/buildah-bud: skip two new problematic tests on remote 527a51dcc4 Fix podman-restart.service when there are no containers 3aa09dd521 Avoid upgrading from v5.3.1 on Windows 81eb84fdaa Clean up after unexpectedly terminated build 06c103469d system-tests: switch ls with getfattr for selinux tests 141bd613b8 vendor latest c/{buildah,common,image,storage} bbf00ec6bf Makefile: Add validatepr description for 'make help' output 0d2431dca2 docs: Enhance podman build --secret documentation and add examples 016f41ab49 docs: mount.md - idmapped mounts only work for root user 4bdb947d72 Define, and use, PodmanExitCleanlyWithOptions df9e8c3ce6 Eliminate PodmanSystemdScope 7c40e85968 Fix image ID query 11ee6c4f90 Revert "Use the config digest to compare images loaded/pulled using different methods" 6639c20278 Update c/image after https://github.com/containers/image/pull/2613 f20d9bd637 Update expected errors when pulling encrypted images 9363c8c362 Eliminate PodmanExtraFiles 44c5767460 Introduce PodmanTestIntegration.PodmanWithOptions ce1b4f72a7 Restructure use of options d509bb0823 Inline PodmanBase into callers f17590b2bd Pass all of PodmanExecOptions to various [mM]akeOptions functions f2d552f5db Turn PodmanAsUserBase into PodmanExecBaseWithOptions 51d599bce3 Avoid indirect links through quadlet(5) 5522def65a do not set the CreateCommand for API users 5181becfde Add podman manifest rm --ignore f911d39457 Bump to v5.4.0-dev 1b3528df8d Bump to v5.4.0-rc1 6c81dc4f42 fix(deps): update module github.com/containers/gvisor-tap-vsock to v0.8.2 d7553fabc7 podman artifact b6f1364319 vendor latest c/{common,image,storage} cfac38a0f2 fix(deps): update module github.com/rootless-containers/rootlesskit/v2 to v2.3.2 6ee51c5e4f cirrus: bump macos machine test timeout bdc195d641 pkg/machine/e2e: improve podman.exe match dc3a7e56be pkg/machine/e2e: improve "list machine from all providers" cfeefb3219 Remove JSON tag from UseImageHosts in ContainerConfig 805e78c2aa Set network ID if available during container inspect 969057bacc Stop creating a patch for v5.3.1 upgrades on windows 34d42514f1 compose docs: fix typo d4f4cf0988 Document kube-play CDI support e93f0acbee docs: Add quadlet debug method systemd-analyze 6ad44fe179 Replace instances of PodmanExitCleanly in play_kube_test.go 6ad4742ba8 docs: add 'initialized' state to status filters ded5a2db82 fix(deps): update module google.golang.org/protobuf to v1.36.3 3fb37c588d Switch all calls of assert.Nil to assert.NoError 6565bde6e8 Add --no-hostname option 68f29df602 Fix unescaping octal escape sequence in values of Quadlet unit files a91aa36367 Remove `.exe` suffix if any 0d0a78cc6b Add kube play support for CDI resource allocation 75b4a1b2aa add support to `;` for comments in unit files as per systemd documentation de1aa44cc9 Use PodmanExitCleanly in attach_test.go 0c18beaea7 Introduce PodmanTestIntegration.PodmanExitCleanly ba24512959 chore(deps): update dependency setuptools to ~=75.8.0 121caa04ca Add newer c/i to support artifacts fca64e5429 fix(deps): update module golang.org/x/tools to v0.29.0 3be6c501c0 fix(deps): update module golang.org/x/net to v0.34.0 806722b3d6 specgenutil: Fix parsing of mount option ptmxmode b0b1d19723 namespaces: allow configuring keep-id userns size 6dba0d9586 Update description for completion 0b3ad66a78 Quadlet - make sure the /etc/containers/systemd/users is traversed in rootless 418ea52e06 Document .build for Image .container option c75e1c41d0 fix(deps): update module github.com/vbauerster/mpb/v8 to v8.9.1 62c81298fd New VM Images e9fb805522 update golangci/golangci-lint to v1.63.4 4288c81da0 fix(deps): update module google.golang.org/protobuf to v1.36.2 b23349d3bd chore(deps): update dependency setuptools to ~=75.7.0 dd76034660 Fixing ~/.ssh/identity handling 1dbd68f061 vendor latest c/common from main 17a9408c0d fix(deps): update module github.com/shirou/gopsutil/v4 to v4.24.12 481c608fd4 fix(deps): update module github.com/opencontainers/runc to v1.2.4 1e0f03b046 specgen: fix comment 7a51916e3b Add hint to restart Podman machine to really accept new certificates a445ebde9d fix(deps): update module github.com/onsi/gomega to v1.36.2 2aff249156 fix(deps): update module github.com/moby/term to v0.5.2 6fa234a5de Pass container hostname to netavark 53e5e402aa Fix slirp4netns typo in podman-network.1.md d1a3f96cbf Add support to ShmSize in Pods with Quadlet de829251fc fix(deps): update module github.com/onsi/ginkgo/v2 to v2.22.1 29c29e215f chore(deps): update module golang.org/x/crypto to v0.31.0 [security] 1b1e0446a5 fix(deps): update module golang.org/x/net to v0.33.0 [security] ecd882f9f7 Kube volumes can not container _ cbd650212a fix(deps): update module github.com/docker/docker to v27.4.1+incompatible f2f6eb88e9 test/system: fix "podman play --build private registry" error 23d4908c8b test/system: CopyDirectory() do not chown files 8729725684 test/system: remove system dial-stdio test 153a975888 shell completion: respect CONTAINERS_REGISTRIES_CONF 10d65f30b6 fix(deps): update module github.com/cpuguy83/go-md2man/v2 to v2.0.6 8b23e6d408 When generating host volumes for k8s, force to lowercase ff9d4e72b0 test: enable newly added test 8b90e3f9c0 vfkit: Use 0.6.0 binary 3021dbec7a gvproxy: Use 0.8.1 binary 64e94efb95 systemd: simplify parser and fix infinite loop 5f79cd3aef Revert "win-installer test: revert to v5.3.0" e3d2463a48 Avoid rebooting twice when installing WSL 2bca5052f1 Avoid rebooting on Windows when upgrading and WSL isn't installed af607d0de4 Add win installer patch d582c39dc8 Bump WiX toolset version to 5.0.2 e6d8603136 test/e2e: SkipOnOSVersion() add reason field e74df8c35a test/e2e: remove outdated SkipOnOSVersion() calls ae9120a71d Update VM images f1e77cf172 fix(deps): update module golang.org/x/crypto to v0.31.0 [security] c11fd6562d fix(deps): update module github.com/crc-org/crc/v2 to v2.45.0 851ef2529f fix(deps): update module github.com/opencontainers/runc to v1.2.3 cf505fe788 quadlet: fix inter-dependency of containers in `Network=` e4a135a6ac Add man pages to Mac installer 5848dbee68 fix(deps): update module github.com/onsi/gomega to v1.36.1 a70c418b7d fix(deps): update module github.com/docker/docker to v27.4.0+incompatible 2f31a61cce Fix device limitations in podman-remote update on remote systems 2c58af0e6b Use latest version of VS BuildTools 9c14d15f4c bin/docker: fix broken escaping and variable substitution 0a4885610d manifest annotate: connect IndexAnnotations 8f45474809 Fix panic in `manifest annotate --index` 9dbc9b5055 fix(deps): update module github.com/cyphar/filepath-securejoin to v0.3.5 45c979d6b3 fix(deps): update module golang.org/x/net to v0.32.0 2c17ffa54d fix(deps): update module golang.org/x/tools to v0.28.0 a9b52fdedf fix(deps): update module golang.org/x/crypto to v0.30.0 66f9e81c17 fix(deps): update module golang.org/x/sys to v0.28.0 8f1266c717 Fix overwriting of LinuxResources structure in the database c76932f4c6 api: replace inspectID with name 18a93ec68b fix(deps): update github.com/opencontainers/runtime-tools digest to f7e3563 e7bbcbfbf7 Replace ExclusiveArch with ifarch c4c3fb23ce fix(deps): update module github.com/containers/gvisor-tap-vsock to v0.8.1 ededb4c3c4 Improve platform specific URL handling in `podman compose` for machines 0d3a653c30 Fix `podman info` with multiple imagestores 43825122d4 Switch to fixed common 49b52227b4 refact: use uptime.minutes instead of uptime.seconds dec8f3dca6 fix(deps): update module github.com/shirou/gopsutil/v4 to v4.24.11 db6c2c7cdf fix(deps): update golang.org/x/exp digest to 2d47ceb f3d250cf27 fix(deps): update github.com/godbus/dbus/v5 digest to c266b19 5bbfed2dc1 Cover Unix socket in inpect test on Windows platform 48ae52c08b Add a test for forcing compression and v2s2 format 9de7e07e56 fix(deps): update module github.com/crc-org/vfkit to v0.6.0 9475ea8fb9 Package podman-machine on supported architectures only. 156fc084a9 Fixes missing binary in systemd. 6673f5c202 stats: ignore errors from containers without cgroups 1fa27ffb62 api: Error checking before NULL dereference 4ef773d69e [skip-ci] Packit/copr: switch to fedora-all 2f1a1fb6f3 make remotesystem: fail early if serial tests fail 4b38294e92 spec: clamp rlimits without CAP_SYS_RESOURCE 6f85808707 Clarify the reason for skip_if_remote 39e08c3ffa Sanity-check that the test is really using partial pulls 5ff496ea2b Fix apparent typos in zstd:chunked tests 7f6a203558 Fix compilation issues in QEMU machine files (Windows platform) e66b788a51 Mount volumes before copying into a container 44b0c24ca5 Revert "libpod: remove shutdown.Unregister()" e608874004 docs: improve documentation for internal networks 697c4181d2 docs: document bridge mode option 415d762475 [skip-ci] Packit: remove epel and re-enable c9s e5ed7847c1 chore(deps): update dependency golangci/golangci-lint to v1.62.2 e16f14a44d vendor: update containers/common ef565b76f2 OWNERS: remove edsantiago c2dcfca4ca fix(deps): update module github.com/onsi/gomega to v1.36.0 506fec1fa9 fix(deps): update github.com/containers/common digest to ceceb40 e4e7bc41f3 refact: EventerType and improve consistency 4f7395f93a Add --hosts-file flag to container and pod commands dc564257a2 Add nohosts option to /build and /libpod/build 936461e3c2 fix(deps): update module github.com/stretchr/testify to v1.10.0 13affe96d6 Quadlet - Use = sign when setting the pull arg for build 916b805f97 win-installer test: revert to v5.3.0 5f907e4850 fix(deps): update module github.com/crc-org/crc/v2 to v2.44.0 34d63459ba fix(deps): update module github.com/onsi/ginkgo/v2 to v2.22.0 3096681ce3 chore(deps): update dependency setuptools to ~=75.6.0 07aaa7832a Update windows installer tests 7162c58ba2 Windows: don't install WSL/HyperV on update c6549fc25b Switch to non-installing WSL by default 28305685f6 fix(deps): update github.com/containers/buildah digest to 52437ef a1249425bd Configure HealthCheck with `podman update` 97ed067d1a CI: --image-volume test: robustify e6e9d2c21c docs: add 5.3 as Reference version 926b31e053 Bump CI VMs e60e11167e libpod: pass down NoPivotRoot to Buildah d59794992f vendor: bump containers/buildah cf2ef12664 fix(deps): update module github.com/opencontainers/runc to v1.2.2 61b57b7d7d Overlay mounts supersede image volumes & volumes-from d513973237 libpod: addHosts() prevent nil deref 71f1f52894 only read ssh_config for non machine connections cbb2820a7e ssh_config: allow IdentityFile file with tilde a7120b50b1 ssh_config: do not overwrite values from config file 8a5ec2c505 connection: ignore errors when parsing ssh_config 7b41e28b95 Bump bundled krunkit to 0.1.4 2e22ab3bcd fix(deps): update module google.golang.org/protobuf to v1.35.2 315e7412e8 add support for driver-specific options during container creation 6809bf1d90 doc: fix words repetitions d2d2e4a605 Update release notes on main for v5.3.0 590fcafc2b chore(deps): update dependency setuptools to ~=75.5.0 1c77ee6fc5 CI: system tests: parallelize 010 34a15ae300 fix podman machine init --ignition-path 3e47e0bc8c vendor: update containers/common 0a69aefa41 spec: clamp rlimits in a userns 8a192c8403 Add subpath support to volumes in `--mount` option da6404ba16 refactor: simplify LinuxNS type definition and String method 0a1363d8eb test/e2e: remove FIPS test 42e8322532 vendor containers projects to tagged versions fa335f99e0 fix(deps): update module github.com/moby/sys/capability to v0.4.0 ca7703643b chore(deps): update dependency setuptools to ~=75.4.0 969417711d system tests: safer install_kube_template() 33398ebc1e Buildah treadmill tweaks 9eca92d625 update golangci-lint to v1.62.0 8d8b98b64d fix(deps): update module golang.org/x/net to v0.31.0 e1a6c53909 fix(deps): update module golang.org/x/tools to v0.27.0 e39ddde709 Revert "Reapply "CI: test nftables driver on fedora"" b5c9fe948c Yet another bump, f41 with fixed kernel 30a82cad7a test: add zstd:chunked system tests 40534d352e pkg/machine/e2e: remove dead code e1fe4b4b95 fix(deps): update module golang.org/x/crypto to v0.29.0 fbbfd07463 kube SIGINT system test: fix race in timeout handling b20960b860 New `system connection add` tests 62c9627d7a Update codespell to v2.3.0 cbf1d7fcae Avoid printing PR text to stdout in system test d49497ce6c Exclude symlink from pre-commit end-of-file-fixer 9f5bbecb95 api: Add error check 1b74ab5a85 [CI:ALL] Bump main to v5.4.0-dev 22152a2f9c test/buildah-bud: build new inet helper fb3a0e93a8 test/system: add regression test for TZDIR local issue f6af35c695 vendor latest c/{buildah,common,image,storage} 0e66a793bc Reapply "CI: test nftables driver on fedora" d770069062 Revert "cirrus: test only on f40/rawhide" ba5ce49c10 test f41 VMs 6346a11b09 AdditionalSupport for SubPath volume mounts 4e8d2dd726 wsl-e2e: Add a test to ensure port 2222 is free with usermode networking 6cf3cb1bfc winmake.ps1: Fix the syntax of the function call Win-SSHProxy 9a0c0b2eef volume ls: fix race that caused it to fail 9cb80d1856 gvproxy: Disable port-forwarding on WSL 52caa0fbb9 build: update gvisor-tap-vsock to 0.8.0 c23d9c6f23 Log network creation and removal events in Podman c05987ddd3 api: Replace close function in condition body Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
* netavark: update to v1.14.1Bruce Ashfield2025-03-242-194/+262
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Creates updated with: bitbake -c update_crates netavark Bumping netavark to version v1.14.1-1-g0d623ce, which comprises the following commits: 8711e83 Release v1.14.1 0b7cbc5 Release notes for v1.14.0 389d8d9 Fix detect of Firewalld's StrictForwardPorts property 6267803 test/001-basic: Make commit test optional 99bd7d7 cirrus: do not build debug bins ce947ad Makefile: do not rebuild if nothing changed 1e5dc1c Makefile: uninstall netavark-firewalld-reload.service 3b5bf92 docs/Makefile: several fixes c4c37ca Makefile: build docs by default 26baf2c Makefile: do not build twice 2af9044 Release v1.14.0 c38577b release notes for v1.14.0 b086c4e update release notes from v1.13.1 35a0efb run cargo update 4fea4c0 Finalize firewalld port forwarding support 6b4ecbd chore(deps): update rust crate once_cell to 1.20.3 6f0bc1d fix(deps): update rust crate rand to 0.9.0 6e5de55 Add handling for firewalld's StrictForwardPorts setting fd8e99b fix lint issues wirh rust 1.84 bb17a6d chore(deps): update dependency containers/automation_images to v20250131 3cd3d9e chore(deps): update rust crate tempfile to 3.16.0 f57ae66 rename macvlan_dhcp.rs to dhcp.rs 58bb08d bridge: only allow dhcp with unmanaged mode a75c979 bridge: support DHCP ipam driver a47b5df fix(deps): update rust crate ipnet to 2.11.0 a03cdd9 fix(deps): update rust crate serde_json to 1.0.136 b4ccb6c fix(deps): update rust crate log to 0.4.24 7562017 bridge: add vlan support cb250d4 fix(deps): update rust crate tokio to 1.43.0 7d9edf9 fix(deps): update rust crate serde_json to 1.0.135 5789f67 New VM Images eb49d9a fix(deps): update rust crate clap to ~4.5.23 d67e98a chore(deps): update rust crate tempfile to 3.15.0 854b8bf fix(deps): update rust crate nispor to 1.2.22 2c759c5 fix(deps): update rust crate serde_json to 1.0.134 732cc05 fix(deps): update rust crate env_logger to 0.11.6 2bf9cfd Add container hostname to DHCP requests and use container id as client id bbc5f95 fix(deps): update rust crate mozim to 0.2.5 6217c49 generate protobuf in OUT_DIR d0d999b fix(deps): update rust crate tower to 0.5.2 795a36b Cargo.lock: bump some versions a2ec8cc run cargo update cbfe8fe cargo: set rust-version 6453c23 fix new rust 1.83 lint errors 62f4570 OWNERS: remove edsantiago 73e9911 setup: on av errors cleanup again 5861afa nftables: add daddr match to port forward jump rule 2900e92 network: bridge: don't change forwarding sysctl for internal bridges 4dae6d0 network: bridge: add support for unmanaged mode 71d8a5a test-dhcp: remove deprecated ifconfig/brctl commands 55a0f25 fix new rust 1.82 lint errors 8892b7f update ci images ceb113f fix(deps): update rust crate serde_json to 1.0.133 dc99b01 network: bridge: add support for host_interface_name option 818a19f network: add support for network-specific options a9dcf42 fix(deps): update rust crate ipnet to 2.10.1 b41f6f5 chore(deps): update rust crate tempfile to 3.14.0 31c32a9 fix(deps): update rust crate tokio to 1.41.1 e2cb0bd fix(deps): update rust crate anyhow to 1.0.93 1fca9f9 fix(deps): update rust crate url to 2.5.3 7dea7fb [skip-ci] RPM: cleanup changelog conditionals 8425b8e fix(deps): update rust crate anyhow to 1.0.92 1d75d62 Bump to 1.14.0-dev Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
* Reapply "k8s: WIP [needs newer go]: not for merge: update to -tip"Bruce Ashfield2025-03-131-5/+5
| | | | | | | | We now have a new enough go in OEcore to enable this update. This reverts commit 3ec3b0605053ca2cb922ed426c9db3b25535604b. Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
* docker: enable docker.service by defaultBruce Ashfield2025-03-131-1/+1
| | | | | | | | | | | | Some platforms are seeing long (2+ minute) start times to get the docker daemon initialized. This doesn't happen when the daemon is started on boot. To avoid this usability issue, we enable both the socket and service automatically. Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
* k3s: fixup SRCREV and modules.txtBruce Ashfield2025-03-132-486/+4164
| | | | | | | | | The revert of the pending upgrade (that was waiting for a newer go) did not build as the upgrade was incomplete. Bumping the SCREV and modules.txt to complete the process. Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
* Reapply "k3s: WIP: [needs newer go]: not for merge: upgrade"Bruce Ashfield2025-03-134-539/+517
| | | | This reverts commit fd1d4c65e4103141921ab66cf44d20f759be9b80.
* aardvark-dns: update to v1.14.0Bruce Ashfield2025-03-112-223/+245
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumping aardvark-dns to version v1.14.0-21-g7fa18ef, which comprises the following commits: 423ee20 Release v1.14.0 a09156c release notes for v1.14.0 6902a23 update release notes from v1.13.1 e59135d run cargo update b053576 fix lint issues with rust 1.84 9c94509 chore(deps): update dependency containers/automation_images to v20250131 b2405f6 fix(deps): update rust crate clap to ~4.5.28 25dee01 fix(deps): update rust crate log to 0.4.25 4cdab7c fix(deps): update rust crate tokio to 1.43.0 d49caa6 chore(deps): update dependency containers/automation_images to v20250107 8dc485e fix(deps): update rust crate clap to ~4.5.23 e66de45 fix(deps): update rust crate libc to 0.2.169 1fdd24c fix(deps): update hickory-dns monorepo to 0.24.2 d5e7a2f Cargo.lock: bump some versions eb938db run cargo update 7e7b7db cargo: set rust-version 24a0302 fix(deps): update rust crate clap to ~4.5.21 234a634 fix(deps): update rust crate libc to 0.2.167 2714706 OWNERS: remove edsantiago ba26b80 fix(deps): update rust crate libc to 0.2.165 3a87b98 fix(deps): update rust crate libc to 0.2.164 99938cd chore(deps): update dependency containers/automation_images to v20241107 11fcad7 fix(deps): update rust crate tokio to 1.41.1 d11cd29 fix(deps): update rust crate libc to 0.2.162 9842cb4 test: make jq query work on centos stream 9 db71833 [skip-ci] Packit: disable osh-diff-scan de9890d support ipv6 link local addresses in resolv.conf 1f26559 [skip-ci] Packit: enable c9s downstream updates 82c1697 [skip-ci] TMT: install builddeps downstream 2d5462c [skip-ci] RPM: cleanup changelog conditionals 59d5622 [skip-ci] Packit/TMT: idiomatic repo addition 02c7213 [skip-ci] Packit: Remove epel jobs 15c8e62 tmt: install dnsmasq dependency 319d871 Bump to 1.14.0-dev 8bb4806 Release v1.13.0 685b132 Update release notes for 1.13.0 e6ce710 test: use dnsmasq over slirp4netns 5db65bd coredns: forward names with no ndots as well 7e77a8d run cargo update e002654 fix(deps): update rust crate tokio to 1.41.0 8e6a556 fix(deps): update rust crate flume to 0.11.1 9955080 fix(deps): update rust crate libc to 0.2.161 894e5b0 fix(deps): update rust crate libc to 0.2.160 9440643 fix(deps): update rust crate clap to ~4.5.20 ce0d57d cirrus: check for msrv build b57674c define a MSRV policy 1da4b9a chore(deps): update dependency containers/automation_images to v20241010 7dbedb8 [skip-ci] Packit: constrain koji job to the fedora package 246657a dns: limit to 3 resolvers and use better timeout for them 94a210d OWNERS file audit and update fb501cf fix new lint error with rust 1.81 2900aea test: make them pass on RHEL/Centos Stream 9 6b7741f Packit: disable F39 and separate out ELN 22293ef serve: parse resolv.conf ourselves e9120c7 fix(deps): update rust crate libc to 0.2.159 5a21a4e coredns: allow host lookup of names fc08648 backend: return simple Vector in lookup() edbe4e9 coredns: use a TTL of 0 for our names 6ec9581 coredns: do not clonse the Record 5b79e12 netavark_cache_groom.sh: fix wrong branch 4f3d45c Packit: add sidetag to release with netavark 39d0043 coredns: work on tcp requests concurrently 6d76c50 tcp: add timeout to connection 16c85e4 fix(deps): update rust crate tokio to 1.40.0 6503cae fix(deps): update rust crate libc to 0.2.158 8e6021a chore(deps): update dependency containers/automation_images to v20240821 65e069c fix(deps): update rust crate tokio to 1.39.3 bd49d09 fix(deps): update rust crate libc to 0.2.156 bc93f61 Bump main version back to v1.13.0-dev 95aeb56 Release v1.12.1 e6847a3 Updated release notes for 1.12.1 9e4562b Change av cargo categories a74d9ea Bump to 1.13.0-dev 8cfe0a6 Release 1.12.0 a7ceaf5 Release notes for 1.12 6bb82d6 config: ignore enoent errors while reading configs 6989e0f run cargo update cc25b2f update upsteam resolvers on each refresh c24de46 fix(deps): update rust crate syslog to v7 8326739 fix(deps): update rust crate tokio to 1.39.2 7a5e6e7 add tcp support for forwarding a3ffae3 add tcp listening support aa4ee01 test: add new test to check for startup error 8575b7e return bind error to caller on first start 6416ca4 add our own error type and use it over anyhow 0e239cd server: use anyhow to wrap parse_configs error 1bb0a28 server: split out main loop into new function 5e635c8 main: remove aardvark-dns error prefix 7049573 coredns: remove unnecessary try_join! call 667e5db coredns: drop pointless name var 0691689 serve: read nameservers once 48fcdee replace signal-hook with tokio::signal 48754fa serve: fix broken error logging 6f6e5a6 server: improve parent <-> child error handling ef2dcc2 add some basic perf check script 1c08966 fix(deps): update rust crate tokio to 1.39.0 67fccab coredns: create reply_ip() function 922db0f coredns: match dns type explicitly 224756d server: use only one tokio runtime 867570e coredns: improve indentation for process_message() 7b5301a coredns: move upstream resolvers detection later 96784c3 coredns: do not clone sender 6039c8f read AARDVARK_NO_PROXY once 78e0c0e coredns: move main code out of select! 80e48df coredns: fix "name" naming bcc5195 coredns: remove unused forward_addr/port 7d1677f coredns: fix handling of dns search domain b6773a9 coredns: rework PTR lookup flow 2a062e0 fix(deps): update rust crate tokio to 1.38.1 b731153 [skip-ci] TMT: Reorg upstream tests for downstream reusability 003123d [skip-ci] Packit: use `packages: [aardvark-dns-fedora]` for podman-next builds Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
* buildah: drop SRCREV_FORMATChen Qi2025-03-111-3/+1
| | | | | | | | The source comes from one repo, there's no need to use SRCREV_FORMAT any more. So drop it. Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
* cri-o: update to v1.32.2Bruce Ashfield2025-03-111-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumping cri-o to version v1.32.2, which comprises the following commits: e37e198e8 version: bump to 1.32.2 e681a34c8 go.{mod,sum}: bump CDI deps to v0.8.1. 85214c31b vendor: bump go-jose to 4.0.5 47566d01d Fix context cancellation when image pull progress timeout is `0` 1b98ce087 test: add test coverage for LinkLogs malicious paths d4a9f6bae internal/linklogs: sanitize the directory path before using it f168b6b39 version: bump to 1.32.1 5c8f66f8f Bump containers/storage 99ca98117 Avoid using UpdateContainerStatus for ReopenContainerLog and add logs tests 612f43a6d watchdog: decouple CNI plugin initialization from CRI-O health checks fffe6270d Cherry-pick changes from containers/image project 890c75c93 Cherry-pick changes from containers/storage project b57566b9c Update containernetworking/plugins Go package release to v1.6.2 6e44ed6d7 server: fix panic when default annotations are specified 0daeb208f Refactor man page variables in Makefile. a103688e7 config: add default_annotations 533b7d5e2 build(deps): bump actions/upload-artifact in the actions group d80af0f80 build(deps): bump crate-ci/typos in the actions group 986b386fc maintainers: promote Sohan and Krzysztof to approvers 10621f089 Update NRI to v0.9.0 34003b146 build(deps): bump the actions group across 1 directory with 2 updates 4409a15f6 Refactoring factory/container to remove references of snadbox 3576d0822 Update mocks b7d4c78d0 build(deps): bump the gomod group across 1 directory with 37 updates ea7cdad90 Require go 1.23 for build c5bdce024 Update golangci-lint to v1.62.2 and config 31b86eb6b Remove old golang build tags a5320071d Update nixpkgs c1a7989d9 build(deps): bump the actions group with 2 updates 08b9acb9a Don't pass seccomp section when it's disabled a89b991bd Don't start seccomp notifier watcher when seccomp is disabled d4a0b860e Update cni-plugins to v1.6.1 33dbcc12b Add systemd watchdog support 698025097 Update sandbox_run_linux.go 2329bd698 Update container_create.go 197f98bb8 Always clear env even when `monitor_env` is unset 634c733df Update sandbox_run_linux.go f448fea40 Update container_create.go a64119adf build(deps): bump crate-ci/typos in the actions group 80aa12b19 Use `monitor_env` for calling the OCI runtime 7de043007 Update sandbox_run_linux.go cad07030e Update container_create.go 7e48c71d6 build(deps): bump crate-ci/typos in the actions group 7c3290dea Allow to remove pod sandbox on netns removal 608c89e9c Fix container restore lint report 84ac370c9 build(deps): bump crate-ci/typos in the actions group 29a0b9429 Fix NRI CLI flags e5bddc646 Call network plugin GC on startup 7a29433e7 build(deps): bump codecov/codecov-action in the actions group 44429579c build(deps): bump codecov/codecov-action in the actions group 6ca411a93 RuntimeHandler inheritance bug-fix 72fa20e93 build(deps): bump codecov/codecov-action in the actions group 02e5817d2 Add `--pull-progress-timeout` / `pull_progress_timeout` option 8b8be22a7 Use `slices.Equal` instead of custom implementation 19ac18b4e Update golangci-lint to v1.62.0 4d79d6b75 build(deps): bump the actions group with 2 updates 76049febe RuntimeHandler inheritance e4bd1caee refactor cert 19efac249 vendor cni 0.4.3 426244c73 Make dual-stack hostport test reuse same test data as single-stack tests f812c5aae Update and fix nix packages 8462bc745 remove validation for TLSCA. 50fbdcc01 Further hostport unit test cleanup 7ea8faf1a Fix ids/IPs in hostport manager test cases 74598c4cd Improve HostPortManager unit tests checking 0ff4e7cc3 Split hostport test case data out of the actual test functions f62645f93 build(deps): bump crate-ci/typos in the actions group ee6d71d09 Use google.golang.org/protobuf instead of gogo 680efef80 build(deps): bump crate-ci/typos in the actions group 0470ab6ed Validate stream server TLS config on startup 429ef7c36 Only restore container if all bind mounts are defined f552e82b0 Convert `interface{}` to `any` 87d6b6076 Fix `typos` in CI 2c015a3ac Remove dead code in HostportManager 9c008e890 expose Pod assigned IPs to NRI plugins bf1c47b50 bump nri version to get PodIPs 595557cb8 build(deps): bump crate-ci/typos in the actions group f7116fbe5 build(deps): bump the actions group with 2 updates 30f48c5ba Disable actuated runners 30a262354 Move interceptors and metrics collector packages f50d181a1 Use context for logging in server d4c613d39 Switch to golang native context 20bc86cde Remove unused server metrics interceptor 09ac8a590 Centralize handling of CreateContainerRequest.PodSandboxId cdd37ebe4 Remove the option to load a sandbox ID from the snapshot image 431f66a9a Fail in CRImportCheckpoint earlier if we should be enforcing signatures 8031b6270 Consistently use someNameOf{The,This}Image for that kind of value 4302e0a63 go.{mod,sum}: update NRI deps and re-vendor. 28069c8f2 build(deps): bump crate-ci/typos in the actions group 48d45ccf5 build(deps): bump the actions group with 3 updates b6e9d6d68 Add `crio status heap` and `/debug/heap` endpoint a2e62f24d nix: don't build gpgme with `--enable-fixed-path` b13e45f4b pass cliContext instead of creating a new one 0d68102f8 Remove the first return value of PullImage 06993f4ba After pulling the pause image, use the canonical reference to look it up 4c164f5e3 Add a warning about assuming per-namespace policies are stricter b56ddca32 Add a comment warning against repeated lookups 3f9b09e44 Consistently use the UserRequestedImage for the lookup input fffc734c8 Simplify BROKEN pullImageOutputItem 0b184e47e Return a RegistryImageReference instead of reference.Canonical from PullImage a2e29ba09 Better document, and sometimes rename, parameters and return values c91de5884 Add a comment about possible future handling of complex situations. 899266bb2 Inline prepareReference into its only caller ca1b55010 Remove no longer used code 14f4c6482 Fix build on macOS d0a64e27b build(deps): bump crate-ci/typos in the actions group b280cb565 vendor: bump runc to v.1.2.0 722f70ca3 utils: use moby/sys/user 1b7a8dfd2 internal/dbusmgr: use moby/sys/userns 2665ada11 crio status: add `goroutines` subcommand dcc2a7587 build(deps): bump actions/cache from 4.1.1 to 4.1.2 in the actions group fbbc7bfd5 Refactor memory stores to use generics 3ef549868 Simplify container stop in sandbox 9e01a99ed Remove `skip_pod_runtime` build tag 83ba7fe9b Update zeitgeist to v0.5.4 509de1aba ci: bump cri-o spec version to be higher than any cri-o version running 82fe372c1 Update gomock to v0.5.0 a271b4a79 seccomp_unsupported.go: Fix lint issues 7849e3efc Re-allow building without seccomp installed 2a42045ad Use context timeout/deadline for container stop d1e817f14 Refactor sandbox label usage 937d24316 Refactoring factory/container to remove references of snadbox ba13b2bac upgrade runc to v.1.1.15 9254b36d5 Re-enable exit code matching in restore test d93ce4cc7 build(deps): bump actions/upload-artifact in the actions group a5ee1950a build(deps): bump the actions group with 2 updates 589720f14 contrib/test: avoid running setup tasks twice a7c46dd67 build(deps): bump the actions group across 1 directory with 8 updates 098ae5d66 Use `SignatureValidationFailed` CRI error for invalid signatures 69b4635b0 Mark `release-1.28` as EOL 5a1d62f8f Update nixpkgs d688986db build(deps): bump github.com/containers/common from 0.60.2 to 0.60.4 6a6f57011 config: fix validation of allowed annotations 236d336fb config: pass down PullOptions from the storage configuration eda8023ff test: fix empty pinned_images test c02f9bb21 tests: improve wait_for_log to allow multiple calls for the same message ddb79873d build(deps): bump peter-evans/create-pull-request in the actions group adf2ca5f4 Don't rely on vendored tools 44def2c87 build(deps): bump the actions group across 1 directory with 2 updates dea93eeb8 Bump release-notes to v0.17.8 4a2d29e65 image: serialize RegistryImageReferences when checking signatures c7a819d3e Update golangci-lint to v1.61.0 dc087b219 Update nixpkgs f030d3596 Update release and branching versions a73311497 build(deps): bump the actions group across 1 directory with 3 updates 333530298 Use go 1.23 for nix (static) builds 915393f96 Switch to `RFC3339Nano` log format d85ae5293 Make unit tests independent from third party binaries 8b2872139 Use nanosecond timestamp for evented pleg pod status 9910c39e1 Pin govulncheck to specific version to match Go version requirements 44e0241f8 Enable more crun integration tests 66c010968 refactoring: get some spec generation code out of createSandboxContainer() 0418b5d5c cleanup: refactoring createSandboxContainers() b0b584ac8 refactoring: create a container.SpecSetLinuxContainerResources() function 8ec1805e6 refactoring: create a container.SpecSetPrivileges() function Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>