linux/meta-virtualization.git, branch mickledore

cni: clean dir ${B}/plugins before do_compile

2023-10-27T03:21:17+00:00

Clean dir ${B}/plugins before do_compile to avoid cni generated binaries like /usr/libexec/cni/bridge has wrong dynamic linker path and reports error like: /usr/libexec/cni/bridge: no such file or directory". Reproduce steps: 1. bitbake cni 2. enable usrmerge feature in local.conf 3. bitbake cni After step 2, GOBUILDFLAGS changed, "-I /lib64/ld-linux-aarch64.so.1" -> "/usr/lib/ld-linux-aarch64.so.1" But "go build" seems only check if the cached packagefile changed, since all not changed, the dynamic linker still use the old one, maybe go build should improve this. Clean dir ${B}/plugins to trigger rebuild of the binaries here. Signed-off-by: Changqing Li Signed-off-by: Bruce Ashfield

kubernetes: Upgrade v1.27.1 -> v1.27.5

2023-10-27T03:20:38+00:00

Addresses CVE-2023-2431, CVE-2023-2727, CVE-2023-2728, CVE-2023-3676, CVE-2023-3955 and few other bugs. Bumping kubernetes to version v1.27.5, which comprises the following commits: 38c97fa67ed Merge pull request #120135 from ritazh/cherry-pick-cve-2023-3955-1.27 89048339422 Merge pull request #120130 from ritazh/cherry-pick-cve-2023-3676-1.27 acc29048e6d Use environment varaibles for parameters in Powershell 172644fb55d Use env varaibles for passing path 00dfa0634be Merge pull request #119868 from liggitt/automated-cherry-pick-of-#119835-upstream-release-1.27 3b6bcaa0b96 Avoid returning nil responseKind in v1beta1 aggregated discovery bd722aa3ff5 Merge pull request #119828 from jeremyrickard/go1207-1.27 94b3e00eef0 [release-1.27] releng/go: Bump images, versions and deps to use Go 1.20.7 de56018f04a Merge pull request #117269 from tnqn/automated-cherry-pick-of-#117245-#117249-upstream-release-1.27 521580378aa Merge pull request #119363 from jsafrane/automated-cherry-pick-of-#117804-upstream-release-1.27 d35a1c8a7a7 Merge pull request #119620 from liggitt/automated-cherry-pick-of-#117710-upstream-release-1.27 579208d9616 Merge pull request #117486 from TommyStarK/automated-cherry-pick-of-#117449-upstream-release-1.27 2ac615ccde3 Merge pull request #117235 from cvvz/automated-cherry-pick-of-#116134-origin-release-1.27 559f43d49c6 Merge pull request #119466 from mimowo/automated-cherry-pick-of-#119434-upstream-release-1.27 382c283f339 Merge pull request #119113 from champtar/automated-cherry-pick-of-#118922-upstream-release-1.27 05b64c6b5e1 Merge pull request #119604 from a7i/automated-cherry-pick-of-#118549-upstream-release-1.27 ecd45047e45 Merge pull request #119572 from andrewsykim/automated-cherry-pick-of-#118601-origin-release-1.27 927dba2589a e2e_node: move getSampleDevicePluginPod to device_plugin_test.go db832fdfa67 fix 'pod' in kubelet prober metrics 4c67c5d5e76 priority & fairness: support dynamically configuring work estimator max seats 6d31f4b31ba Merge pull request #119519 from jingxu97/automated-cherry-pick-of-#118451-upstream-release-1.27 17c98720e84 Add mininumKubelet tag into ReadWriteOncePod test ed0cdc9e0b2 Include ignored pods when computing backoff delay for Job pod failures ae24a5cf74b Remarks 9e1050b4d90 Adjust the algorithm for computing the pod finish time fa950050cc9 Update CHANGELOG/CHANGELOG-1.27.md for v1.27.4 fa3d7990104 Release commit for Kubernetes v1.27.4 d794e0e5cf8 Merge pull request #119366 from xmudrii/go1206-1.27 a1b127ca7a1 [release-1.27] releng/go: Bump images, versions and deps to use Go 1.20.6 aefc4d0392a Rename updateReconstructedFromAPIServer eeba02fc625 Rename volumesNeedDevicePath 5eb3b748e8e Update volumesInUse after attachability is confirmed f8bb161ab55 Add uncertain state of volume attach-ability 08b7937d256 Refactor FindAttachablePluginBySpec out of CSI code path 16fc1c954ce Merge pull request #119262 from HirazawaUi/automated-cherry-pick-of-#119229-upstream-release-1.27 3ca3e0ad484 Merge pull request #118947 from Evan-Reilly/automated-cherry-pick-of-#118237-upstream-release-1.27 5ee5d7346e1 Merge pull request #119096 from aleksandra-malinowska/automated-cherry-pick-of-#117865-upstream-release-1.27 1484a5c32f0 Fix the converts an empty string to nil. b5c876a05b7 Merge pull request #117226 from princepereira/automated-cherry-pick-of-#116749-upstream-release-1.27 d98c5b8a026 Merge pull request #119160 from alculquicondor/automated-cherry-pick-of-#119159-upstream-release-1.27 28c79be6747 Add unit tests for parallel StatefulSet create & delete 66f980be120 Parallel StatefulSet pod create & delete 288504fbf8d Refactor StatefulSet controller update logic 92a0f58e2bf Only declare job as finished after removing all finalizers c655001fa48 Automated cherry pick of #118716 upstream release 1.27 (#118911) 052ac3eb1bf Merge pull request #119065 from xmudrii/automated-cherry-pick-of-#118899-upstream-release-1.27 b667da8e08a Merge pull request #118683 from serathius/automated-cherry-pick-of-#118460-origin-release-1.27 f8c1cc33cb6 Merge pull request #119139 from kmala/1.27 5bbacb11989 Merge pull request #118290 from HirazawaUi/automated-cherry-pick-of-#118177-upstream-release-1.27 b383755e462 Hide numberOfMissedSchedules as an algorithm internal number 26db84e04c7 Update schedule logic to properly calculate missed schedules fe4e288bcdd Merge pull request #118855 from aojea/automated-cherry-pick-of-#118686-upstream-release-1.27 a54590f218d Merge pull request #117936 from jsafrane/automated-cherry-pick-of-#117243-upstream-release-1.27 ad569aec159 kubeadm: backdate generated CAs by 5 minutes 0fc5c972129 client-go: allow to set NotBefore in NewSelfSignedCACert() 0ed276fb568 Merge pull request #118199 from aleskandro/automated-cherry-pick-of-#118053-origin-release-1.27 04e86095d38 Merge pull request #118930 from atiratree/automated-cherry-pick-of-#118876-upstream-release-1.27 3c115eec0b9 Automated cherry pick of #118805: test comment should match the code in podgc (#118913) db247e1df34 Merge pull request #118969 from champtar/automated-cherry-pick-of-#117791-upstream-release-1.27 55872a8eb12 Merge pull request #119086 from neolit123/automated-cherry-pick-of-#118150-origin-release-1.27 39a4cd1a083 call ./hack/update-vendor.sh 33af2a45f53 kubeadm: remove function pointer comparison in phase test 3f4643682e3 CHANGELOG-1.27: Add note for AWS in-tree provider removal 703edddae4e Updating the nodeAffinity of gated pods having nil affinity should be allowed 3b874af3878 Merge pull request #118662 from mkowalski/automated-cherry-pick-of-#118329-upstream-release-1.27 d936e6669bb Merge pull request #118841 from bobbypage/automated-cherry-pick-of-#118497-upstream-release-1.27 3aa21cec0ec fix the existing problem (0 SerialNumber in all certificate) as part of this PR in a separate commit cd08820ba9a update serial number to a valid non-zero number in ca certificate 5253d8e02c7 Merge pull request #118664 from pohly/automated-cherry-pick-of-#118524-origin-release-1.27 76b9400cea3 Merge pull request #118283 from pohly/automated-cherry-pick-of-#118257-origin-release-1.27 1260b845752 Delete CRDs created during field validation tests. f689046fb6b kubectl explain should work for both cluster and namespace resources and without a GET method f7d82bfdffe Merge pull request #118797 from harche/1.27_cadvisor_bump 59cd1d0b3bb always execute condition for wait.PollUntilContextTimeout with immediate=true 5423fffca9d Review remarks to improve HandlePodCleanups in kubelet 24c67c15240 Fix the deletion of rejected pods 0539a6a194a Merge pull request #118821 from helayoty/automated-cherry-pick-of-#118049-upstream-release-1.27 62cf5ee1cdb Unset gated pod info timestamp in addToActiveQ 027b4632bbb deps: Bump to cAdvisor v0.47.2 ea2af58b5bd Make etcd component status consistent with health probes f2548642c4e e2e storage: terminate worker quietly on test completion 9a001cea215 Fix flaky persistent volumes e2e test eb5825b3a3c Set the node-ips annotation correctly with CloudDualStackNodeIPs a2ba2626e85 Update CHANGELOG/CHANGELOG-1.27.md for v1.27.3 25b4e43193b Release commit for Kubernetes v1.27.3 aae883e5fa7 Merge pull request #118553 from puerco/bump-1.27-go1.20.5 e13e5915a78 Merge pull request #118307 from SataQiu/automated-cherry-pick-of-#117169-upstream-release-1.27 e0a2a6efdd1 update-vendor: update vendored go.sums 82b2c5aefa3 releng/go: Update images, dependencies and version to Go 1.20.5 e2cc1a3b21b Merge pull request #118515 from aojea/automated-cherry-pick-of-#118499-upstream-release-1.27 3a77d5a59f0 Merge pull request #118471 from ritazh/automated-cherry-pick-of-#118356-upstream-release-1.27 b30e94b1253 kube-proxy avoid race condition using LocalModeNodeCIDR 5e00018fccf Merge pull request #117948 from dlipovetsky/automated-cherry-pick-of-#117792-#117724-upstream-release-1.27 76f14499624 Merge pull request #118281 from aojea/automated-cherry-pick-of-#118256-upstream-release-1.27 d59b91d97b4 Add ephemeralcontainer to imagepolicy securityaccount admission plugin d71d96a5d24 Merge pull request #118219 from mimowo/automated-cherry-pick-of-#117586-upstream-release-1.27 c48bdec2ced Merge pull request #118279 from aojea/automated-cherry-pick-of-#118200-upstream-release-1.27 c345ce91a03 supported version of etcd 3.5.7-0 for Kubernetes v1.27.0-rc.0 22e8a99ec6e Fix the git-repo test error caused by the correct use of loop variables 009a7a6fb9f dra scheduler plugin test: fix loopvar bug and "reserve" expected data 7888798873e e2e framework retry on Service unavailable errors f41a169a354 e2e: apply timeout for CSI Storage Capacity test only to node 916bc55a7bf Merge pull request #118178 from HirazawaUi/automated-cherry-pick-of-#118156-upstream-release-1.27 e407c2b4b02 Add DisruptionTarget condition when preempting for critical pod d2bd738e274 update webhook test to go 1.21 4025005877a Merge pull request #118105 from SataQiu/automated-cherry-pick-of-#118069-upstream-release-1.27 af024b2a086 Merge pull request #118111 from liggitt/automated-cherry-pick-of-#118104-upstream-release-1.27 9107eee6583 Test APIService safe handling at startup 0bff4e35669 Fix waiting for CRD sync at server start 1ae728f4344 kubeadm: fix a bug where the static pod changes detection logic is inconsistent with kubelet f404d1c4d3c Update CHANGELOG/CHANGELOG-1.27.md for v1.27.2 7f6f68fdabc Release commit for Kubernetes v1.27.2 Signed-off-by: Soumya Sambu Signed-off-by: Bruce Ashfield

moby: update to v24.0.5

2023-10-02T16:14:29+00:00

Bumping moby to version v24.0.5-20-g00e46f85f6, which comprises the following commits: b7c5385b81 update to go1.20.7 6be708aa7d vendor: gotest.tools/v3 v3.5.0 b6568d2dd5 api/types/filters: fix errors not being matched by errors.Is() 02241b05fc update containerd binary to v1.7.3 3a6899c6fd update containerd binary to v1.7.2 7927cae910 c8d/container: Follow snapshot parents for size calculation 45ba926c6d daemon/list: Drop unused arg from containerReducer 6c4121a943 daemon/list: Refactor refreshImage fcb68e55fa daemon/list: Replace ErrImageDoesNotExist check 3029f554cc c8d/readConfig: Translate c8d NotFound to errdefs 35a8b00b18 hack/integration: Add TEST_INTEGRATION_FAIL_FAST fed26d5b3c vendor: github.com/moby/buildkit v0.11.7-dev eede7f09c7 Remove Upstart scripts 907f838603 Remove Upstart and cgroups bits from Debian sysvinit script f022632503 Dockerfile: update runc binary to v1.1.8 98a6422cbc c8d/inspect: Include platform Variant aab94fb340 Dockerfile: update buildx to v0.11.2 1be48ec553 c8d: Make sure the content isn't removed while we export ff0144de3b ci(buildkit): remove early-return from buildkit-ref a936ae7e98 ci(buildkit): remove misleading code from buildkit-ref 4c29864b02 hack/with-go-mod.sh: warn on stderr 3c5c192baf c8d/resolveImage: Fix Digested and Named reference 572de8764e c8d/inspect: Don't duplicate digested ref 5dded3340c ci: extract buildkit version correctly with replace-d modules bd1ae65aab quota: remove gotest.tools from testhelpers 544032f7a4 hack/d/cli.sh: properly handle errors in curl 0df2e1bdd8 Dockerfile: improve CLI/rootlesskit caching 05f82fdd00 Dockerfile(.simple): align APT_MIRROR support 151686a5c8 Makefile: pass through APT_MIRROR 31567e0973 Dockerfile: use default apt mirrors d94f2dcab2 client: Client.postHijacked: use Client.buildRequest bff68bf2cc client: Client.setupHijackConn: explicitly ignore errors 8bdf6d1baf ci(bin-image): add SHA-based tags 26a457e7a3 ci(bin-image): fix meta step b9904ba319 ci(bin-image): fix typo e7c333cb6e ci(bin-image): don't set tags when pushing by digest fcb87e8ae1 ci: push bin image to Docker Hub 68c0cec772 Disable tls when launching dockerd through hack/make.sh 738d8417e0 libnet: Return a 403 when overlay network isn't allowed a5c0fda157 libnet: Return proper error when overlay network can't be created deea880581 pkg/jsonmessage: use string-literals for easier grep'ing 962a4f434f pkg/ioutils: use string-literals for easier grep'ing cea5829402 pkg/idtools: use string-literals for easier grep'ing 69d77bc150 opts: use string-literals for easier grep'ing ff667ed932 integration: use string-literals for easier grep'ing efe9e90ef5 libnetwork: use string-literals for easier grep'ing 2d2df4376b daemon/cluster: use string-literals for easier grep'ing ae8e3294dd client: use string-literals for easier grep'ing 892857179a cli/debug: use string-literals for easier grep'ing 147b87a03e daemon: use string-literals for easier grep'ing a3f1f4eeb0 integration-cli: use string-literals for easier grep'ing 5bba60b1bb builder/builder-next: use string-literals for easier grep'ing 632fc235d6 builder/dockerfile: use string-literals for easier grep'ing 75a90f85ad gha: add note about buildkit using older go version fa909dfaf4 update go to go1.20.6 bdaadec788 testutil: use dummyhost for non-tcp connections 547ea18fbb pkg/plugins: use a dummy hostname for local connections 597a5f9794 client: define a "dummy" hostname to use for local connections fee4db80a0 client: TestSetHostHeader: don't use un-keyed literals 959889efd9 integration: Don't env cleanup before parallel subtests 6c5144d3e5 Add t.Helper() to the cli test helper functions 9ff2c3918c ci(buildkit): match moby go version for buildkit tests a4b1a5aef4 vendor: github.com/moby/buildkit@v0.11 0a0807e 6c7f6c2d47 daemon/containerd: fix assignment to entry in nil map during commit 0e88c57c47 integration: disable iptables in parallel tests a3049653c1 pkg/plugins: make unit test less time sensitive d3893b58ff daemon: daemon.prepareMountPoints(): fix panic if mount is not a volume 5892aae60f docs: api v1.28 - v1.40: add missing "force" query arg on plugin disable 7adb590e16 docs: api v1.41: add missing "force" query arg on plugin disable b5aacf8161 docs: api v1.42: add missing "force" query arg on plugin disable b732cfd392 docs: api v1.43: add missing "force" query arg on plugin disable 50fb65f0f5 docs: api: amend changelog for API 1.28 for "force" option 32bcbdfe65 api: swagger: add missing "force" query arg on plugin disable f66ef31605 docs: api v1.41: remove outdated information from ServerVersion acb95e4544 docs: api v1.42: remove outdated information from ServerVersion 335ed29345 docs: api v1.43: remove outdated information from ServerVersion 0ef846ce2e api: remove outdated information from ServerVersion af25852baa docs: api v1.42: remove "ClusterStore" and "ClusterAdvertise" fields 7a9c831e6a docs: api v1.43: remove "ClusterStore" and "ClusterAdvertise" fields 649bb2b9b8 api: remove "ClusterStore" and "ClusterAdvertise" fields 457399013b vendor: github.com/containerd/cgroups/v3 v3.0.2 016ad9b3e8 c8d/prune: Handle containers started from image id 87778af711 c8d/prune: Exclude dangling tag of the images used by containers 8bf037b246 c8d/softDelete: Deep copy Labels 8afe75ffa9 c8d/softDelete: Extract ensureDanglingImage e2bade43e7 testutil/environment: Add GetTestDanglingImageId e0091d6616 c8d: ImageService.softImageDelete: rename var that collided with import 42f3f7ed86 c8d: ImageService.softImageDelete: use OCI and containerd constants aace62f6d3 pkg/fileutils: GetTotalUsedFds(): use fast-path for Kernel 6.2 and up bb50485dfd pkg/fileutils: GetTotalUsedFds: reduce allocations 5dcea89ce1 pkg/fileutils: add BenchmarkGetTotalUsedFds 01eb4835c9 pkg/fileutils: GetTotalUsedFds(): don't pretend to support FreeBSD cd44aba8db [24.0] pkg/fileutils: switch to use containerd log pkg ee29fd944b gha: don't fail if no daemon.json is present b8ee9a7829 c8d/images: handle images without manifests for default platform d9e097e328 vendor: github.com/opencontainers/image-spec v1.1.0-rc3 806849eb62 seccomp: add name_to_handle_at to allowlist c24c37bd8a Restore active mount counts on live-restore c306276ab1 remove name_to_handle_at(2) from filtered syscalls d5e31e03b6 gha: Setup Runner: add missing sudo 85ad299668 Dockerfile: make cli stages more resilient against unclean termination e84365f967 Skip cache lookup for "FROM scratch" in containerd 96534f015d integration-cli: don't use pkg/homedir in test 6424ae830b Dockerfile: update buildx to v0.11.0 6055b07292 Fix missing Topology in NodeCSIInfo 2f379ecfd6 daemon: fix restoring container with missing task 136893e33b daemon: fix double-unlock in health check probe 290fc0440c daemon: fix panic on failed exec start 0556ba23a4 daemon: handleContainerExit(): use logrus.WithFields 35a29c7328 builder: pass host-gateway IP as worker label 210c4d6f4b daemon: ensure OCI options play nicely together f50cb0c7bd daemon: stop setting container resources to zero 0a6a5a9140 daemon: modernize oci_linux_test.go c92fd5220a c8d: mark stargz as requiring reference-counted mounts 5e48bbd14c contrib/busybox: Update to FRP-5007-g82accfc19 6776279896 daemon: registerName(): don't reserve name twice 7db3243e34 don't cancel container stop when cancelling context aec7a80c6f c8d: Use reference counting while mounting a snapshot 5652c59647 testing: temporarily pin docker-py tests to use "bullseye" aa47b29dbc vendor: github.com/moby/swarmkit/v2 v2.0.0-20230531205928-01bb7a41396b Bumping libnetwork to version v0.7.0-dev.3-1874-g67e0588f, which comprises the following commits: 11eaf1f0 sync MAINTAINERS file with new moby maintainers dbbf124d Clean up inDelete network atomically Bumping docker-cli to version v24.0.5-6-gb74562d91, which comprises the following commits: c0e376854 update to go1.20.7 1481c8ce9 vendor: gotest.tools/v3 v3.5.0 e97c76557 vendor: github.com/docker/docker v24.0.5 1ee40e2c7 configfile: Initialize nil AuthConfigs 3bd6d6902 Dockerfile: update buildx to v0.11.2 05bf7fbcc vendor: github.com/docker/docker v24.0.5-0.20230718221249-d4a26c153000 8b5023dd2 vendor: github.com/docker/docker v24.0.5-0.20230717072055-8443a06149b5 2a6348d1b Dockerfile: update buildx to v0.11.1 f4782b325 update go to go1.20.6 7d06f6b2f vendor: github.com/docker/docker v24.0.5-0.20230714235725-36e9e796c6fc 1447974b8 docs: rephrase section on credential stores for docker login 46293e97f Dockerfile: update to xx 1.2.1 bfe2ff820 cli/container: Don't ignore error when parsing volume spec b40742962 vendor: github.com/docker/docker v24.0.4 79c42c0b9 vendor: golang.org/x/net v0.10.0 a96d0a526 vendor: golang.org/x/text v0.9.0 5c5c50d71 vendor: golang.org/x/term v0.8.0 4bf11b756 vendor: golang.org/x/sys v0.8.0 224c7dbec vendor: github.com/sirupsen/logrus v1.9.3 e25d5c64c vendor: github.com/opencontainers/image-spec v1.1.0-rc3 419e94df4 vendor: github.com/moby/swarmkit/v2 v2.0.0-20230531205928-01bb7a41396b 2d5f041bd commandconn: return original error while closing 520e3600e commandconn: don't return error if command closed successfully cd68c8f00 docker info: fix condition for printing debug information a78fd6ca6 docs: update link location for the overlay driver 9cd335d44 docs: fix static ip example, network needs a subnet d61e4fe87 docs: fix broken link 8e3a2942a cli/command/context: don't use pkg/homedir in test c3ef1cead docs: update the runtime configuration section 44eebb8bc Dockerfile: update buildx to v0.11.0 7ecfa2e7f Dockerfile: update gotestsum to v1.10.0 f11f30909 update go to go1.20.5 3a6c11773 Dockerfile: update ALPINE_VERSION to 3.17 11af1189d docs: add "--detach-keys" example to docker run reference f118c05e8 docs: move "--detach-keys" example to examples section Signed-off-by: Bruce Ashfield

moby: update to v24.0.2

2023-10-02T16:14:29+00:00

Bumping moby to version v24.0.2-56-gd7aa1e14e5, which comprises the following commits: 5652c59647 testing: temporarily pin docker-py tests to use "bullseye" 789a8755b8 run `getent` with a noop stdin f7298b326e vendor: github.com/sirupsen/logrus v1.9.3 1c18ad6ca6 vendor: github.com/rootless-containers/rootlesskit v1.1.1 ae4a10df67 update RootlessKit to v1.1.1 24c882c3e0 update go to go1.20.5 b3133d7471 contrib/check-config: move xt_bpf check to overlay section 8c552012ae contrib/check-config: check for xt_bpf 61d547fd06 Dockerfile: Move dockercli to base-dev e5fbc3f75a hack/cli.sh: Quiet origin cleanup 1a078977e1 Dockerfile/shell: Install buildx cli plugin c4198e6053 Dockerfile: Use separate cli for shell and integration-cli 647ba03224 builder-next: Set moby exporter as default 961fe27408 c8d/handlers: Handle error in walkPresentChildren 087cf6f238 c8d/load: Don't unpack pseudo images 0b9d68f59d c8d/load: Use walkImageManifests cbf0779bfc c8d/list: Use walkImageManifests 0139309fef c8d: Add walkImageManifests and ImageManifest wrapper e1c7956764 Dockerfile: use COPY --link for source code as well 75afe3201b containerd: add c8d version and storage-driver to User-Agent 8018ee4689 dockerversion: DockerUserAgent(): allow custom versions to be passed ed376a603f dockerversion: remove insertUpstreamUserAgent() 1d45ea52f4 dockerversion: simplify escapeStr() a27b0381a6 dockerversion: add a basic unit-test 1fc19772e0 Make sure the image is unpacked for the current snapshotter 4217d9ea0a Dockerfile: use COPY --link to copy artifacts from build-stages 4c6b8e737f added alias validation e370f224ae fixing consistent aliases for OCI spec imports ac1a867282 vendor: github.com/mistifyio/go-zfs/v3 v3.0.1 2949fee1d3 containerd: set user-agent when pushing/pulling images f9c68e5fbc libn: fix resolver restore w/ chatty 'iptables -C' 3452a76589 libnetwork: fix sandbox restore fec801a103 libnetwork: log why osl sandbox restore failed d9e39914a7 Fix npe in exec resize when exec errored 042f0799db libn/d/overlay: support encryption on any port ec8ec9056c builder/remotecontext: deprecate CachableSource, NewCachableSource 7a4ea19803 libcontainerd: work around exec start bug in c8d ae6e9333c0 vendor: github.com/moby/buildkit v0.11.7-0.20230525183624-798ad6b0ce9f 0d9acd24fe c8d/inspect: Fill `Created` time if available 04eccf8165 vendor: github.com/containerd/go-runc v1.1.0 d64bab35ee daemon: lock in snapshotter setting at daemon init 329d671aef Dockerfile: temporarily skip CRIU stage 4cc2081119 integration: Add TestImageInspectEmptyTagsAndDigests 27df42255c hack: Rename .ensure-emptyfs to .build-empty-images 9ee7d30aef hack/ensure-emptyfs: Create dangling image 8a4b7c5af8 Add testenv.UsingSnapshotter utility a753ca64e2 hack/make/.binary: don't use "netgo" when building Windows binaries 5276c2b6e0 c8d/pull: Use same progress action as distribution baf1fd1c3f libnetwork: check for netns leaks from prior tests 992dc33fc5 libnetwork/osl: restore the right thread's netns ef1545ed4a libnetwork: leave global logger alone in tests 876f5eda51 libnetwork: make resolver tests less confusing 47a3dad256 c8d/list: Show layerless images 0869b089e4 libnetwork: just forward the external DNS response 3467ba6451 reorder load funcs to match newServiceConfig()'s order f9b886c01b add mirror to daemon reload test for insecure registries 07140c0eca build: use daemon id as worker id for the graph driver controller d5ad186d49 ci(bin-image): distribute build across runners 4d924c35f7 api/server: allow empty body for POST /commit again 68b7ba0d03 api/inspect: Fix nil RepoTags and RepoDigests 5ea7b8d091 fix: `docker pull` with platform checks wrong image tag Bumping docker-cli to version v24.0.2-9-g0823df7da, which comprises the following commits: 11af1189d docs: add "--detach-keys" example to docker run reference f118c05e8 docs: move "--detach-keys" example to examples section f66f7ed7f cli/command: fix GoDoc referencing wrong const 2814c01b0 Dockerfile.vendor: update GOPROXY to use default with fallback 32f66cbe5 vendor: github.com/docker/docker v24.0.2 dc4707edb [24.0] vendor: github.com/docker/docker v24.0.1 298e67926 docs: fix example for proxies in daemon.json 9175ffa9b man: remove devicemapper from examples beb0330a7 Correct "ps --no-trunc" example output 405be9063 docs: remove AuFS from glossary 7a269817b docs: remove Docker Toolbox from glossary 41ef7c45c docs: remove boot2docker and docker-machine from glossary c184a61da docs/deprecated: remove "disabled by default" for AuFS, overlay e7a60449f docs: remove aufs and legacy overlay 77541afea contrib/completion: remove aufs, legacy overlay e67a7acd0 docs/deprecated: remove .patch release from deprecation status fb6ae356c vendor: github.com/docker/docker v24.0.0-rc.3 Signed-off-by: Bruce Ashfield

oci-image-tools: don't build for riscv64

2023-09-15T17:28:42+00:00

Currently oci-image-tools has a do_compile error for riscv64. The problem could be reproduced by: MACHINE=qemuriscv64 bitbake oci-image-tools So explicitly set COMPATIBLE_HOST here to avoid it building for riscv64. When someone interested in using this recipe for riscv64 fixes the compile issue, this setting could be removed. Also don't build packagegroup-container/packagegroup-kubernetes since they depends on oci-image-tools Signed-off-by: Changqing Li Signed-off-by: Bruce Ashfield

docker-compose: switch branch to main

2023-08-14T14:17:38+00:00

The upstream repoistory transitioned from master to main, and also deleted the v2 branch this recipe was using. Switch everything to main until (if?) new versioned branches appear. Signed-off-by: Bruce Ashfield

libvirt: fix CVE-2023-3750/CVE-2023-2700

2023-08-12T03:28:14+00:00

Signed-off-by: Changqing Li Signed-off-by: Bruce Ashfield

ovs: fix some installed packages in openvswitch cannot be executed

2023-07-25T18:57:18+00:00

The variable "PYTHON3" in Makefile.am set as python3, this cause the following scripts error: /usr/sbin/ovs-bugtool Not found the interpreter python3 /usr/bin/ovs-pcap Not found the interpreter python3 /usr/bin/ovs-test Not found the interpreter python3 /usr/bin/ovs-tcpdump Not found the interpreter python3 /usr/bin/ovs-tcpundump Not found the interpreter python3 /usr/bin/ovs-vlan-test Not found the interpreter python3 /usr/bin/ovs-l3ping Not found the interpreter python3 /usr/bin/ovs-parse-backtrace Not found the interpreter python3 /usr/bin/ovs-dpctl-top Not found the interpreter python3 /usr/share/openvswitch/scripts/ovs-check-dead-ifs Not found the interpreter python3 /usr/share/openvswitch/scripts/ovs-check-dead-ifs Not found the interpreter python3 /usr/share/openvswitch/scripts/ovs-monitor-ipsec Not found the interpreter python3 /usr/share/openvswitch/scripts/ovs-vtep Not found the interpreter python3 Signed-off-by: Xiangyu Chen Signed-off-by: Bruce Ashfield

docker-distribution: fix for CVE-2023-2253

2023-07-25T18:53:03+00:00

A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory. References: https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw https://github.com/distribution/distribution/commit/521ea3d973cb0c7089ebbcdd4ccadc34be941f54 Signed-off-by: Narpat Mali Signed-off-by: Bruce Ashfield

cni: fix textrel QA issue

2023-07-11T19:06:28+00:00

When building cni, we get textrel QA issue like below: cni: ELF binary /usr/libexec/cni/macvlan has relocations in .text The problem could be solved by adding '-buildmode=pie' to ${GO}. In go.bbclass, this flag is added to GOBUILDFLAGS conditionally, that is, if the arch is not mips nor riscv32, this '-buildmode=pie' is added to GOBUILDFLAGS. So make use of that. Signed-off-by: Chen Qi Signed-off-by: Bruce Ashfield