linux/meta-virtualization.git/recipes-containers/containerd, branch master-next

containerd: Add CVE_PRODUCT to align with NVD CPE

2026-03-30T19:38:55+00:00

`CVE_PRODUCT` has been set to `linuxfoundation:containerd` to align with the product naming defined in the NVD CPE database for `containerd`. Only a single CPE entry exists in the NVD for this product: `cpe:2.3:a:linuxfoundation:containerd` The NVD references for this CPE confirm that it corresponds to the source code used in our recipe. Signed-off-by: Himanshu Jadon Signed-off-by: Bruce Ashfield

containerd: update to v2.2.2

2026-03-18T03:32:54+00:00

Bumping containerd to version v2.2.2-11-g5957d3334, which comprises the following commits: a83510103 cri: UpdatePodSandbox should return Unimplemented ee4179e52 fix(oci): apply absolute symlink resolution to /etc/group fd061b848 test(oci): use fstest and mock fs for better symlink coverage 5d44d2c22 fix(oci): handle absolute symlinks in rootfs user lookup 00c776f07 update to go1.25.8, test go1.26.1 7e6ecf434 Prepare release notes for v2.2.2 a20dead7c set default config_path in plugin init fbed68b8f Fix TOCTOU race bug in tar extraction 68855cb0b ci: modprobe xt_comment on almalinux ef7a8beb3 core/mount: add test for getUnprivilegedMountFlags 07b2cc07e core/mount: fix getUnprivilegedMountFlags iterating over indices instead of values a5f83d8c2 cri: unpack images with per-layer labels for runtime-specific snapshotters 54101116f add integration test for cni result nil d44c4384e address comment f1835270b fix issue where cni del is never executed 5dbf1b915 update golangci-lint to v2.9.0 with go1.26 support 8ec695ebe remove windows/arm from cross build b9c22a6e3 ci: build/test go1.26.0 6c05047b4 apparmor: explicitly set abi/3.0 09b876a81 integration: Fix TestImageLoad() failure on CI 172ba65b6 cri: Fix image volumes with user namespaces b4240ef87 update to go1.24.13, go1.25.7 94dbfaea7 ci: bump go 1.24.12, 1.25.6 e46a7a286 set fetch-depth for containerd to 0 for version parsing 1d7908273 core/mount/manager: fix bind mount missing rbind option 3d509bcd3 core/mount/manager: add tests for WithTemporary option cb3ae2119 fix: sanitize error before gRPC return to prevent credential leak in pod events 533a2552e build(deps): bump google.golang.org/grpc from 1.77.0 to 1.78.0 b120237fb build(deps): bump google.golang.org/grpc from 1.76.0 to 1.77.0 a76eb698a cri: emit warning for concurrent CreateContainer 4be4e5156 Fix nil pointer dereference in container spec memory metrics 3d2e188b1 cri: Use the runtimeHandler parameter in PullImage 633057382 cri: move noisy CDI logs to debug level 8a7409e2e Reinstate image decryption f6bae1f88 Prepare release notes for v2.2.1 c22cf5d49 cri,nri: pass any linux security profile to plugins. d7532de75 cri,nri: pass any linux RDT constraints to plugins. ef36e6181 cri,nri: pass any linux net devices to plugins. d56faf426 cri,nri: pass any linux scheduler attributes to plugins. e1824d261 cri,nri: pass any linux I/O priority to plugins. 01d5490ae go.{mod,sum}: bump NRI deps to v0.11.0, re-vendor. 58d23ab63 pkg/tracing: HTTPStatusCodeAttributes: remove use of deprecated SemConv const 05ccbb3a7 cri/nri: short-circuit nil adjustment. c166a577d go.{mod,sum} bump CDI deps to v1.1.0. 8a5fc8641 go.mod: github.com/containernetworking/plugins v1.9.0 73a08aa00 go.mod: remove exclude rules cee08c8af build(deps): bump github.com/containerd/zfs/v2 from 2.0.0-rc.0 to 2.0.0 55c93d6fb go.mod: golang.org/x/crypto v0.45.0 aedd29bb4 ci: bump Go 1.24.11, 1.25.5 26628f139 ci: bump Go 1.24.10, 1.25.4 8bb0e9be6 ci(release): set GO_VERSION in Dockerfile ed19c5420 core/runtime/v2: remove uses of otelgrpc.UnaryClientInterceptor 952237d9b ci: update CIFuzz actions to support Ubuntu 24.04 51582ed27 bump containerd/cgroups to v3.1.2 50d0e4fd4 build(deps): bump github.com/containerd/cgroups/v3 from 3.1.0 to 3.1.1 fb5b818a9 runc: Update runc binary to v1.3.4 e3bf2b80b build(deps): bump github.com/opencontainers/selinux 41a69eb0d core/mount: should not call removeLoop when set autoclear da8e846f9 .github: skip 5 critest cases in window CI pipeline c707f771a fix: redact all query parameters in CRI error logs d154e234b Update the ctr pull defaults when using the transfer service 09364216d Fix transfer unpack defaults on darwin 2055d3c62 Update default differs on darwin 9da97686d Use default writable size in erofs snapshotter for non-Linux hosts eeb0f889a Update default erofs block size on macOS during erofs diff 678f944dd Revert "Implement io.ReaderAt on docker fetch reader" 8b73c2de3 remotes: fix possible panic from WithMediaTypeKeyPrefix 8eaa0b5cb Prepare release notes for v2.2.0 8885b1b7a Make v2.2.0 the latest release d77d3bc34 Update releases file 491f77350 Update api version to v1.10.0 1ea370e9e Update platforms version to latest 77644a1b0 Update EROFS snapshotter documentation 8c98030c4 runc: Update runc binary to v1.3.3 715d6f8e4 Update Darwin defaults to useable values 69c855bb5 Prepare release notes for api/v1.10.0 f72025d05 Update GHA runners to use latest images for basic binaries build acbaa8a99 ci: bump Go 1.24.9, 1.25.3 910171e90 Fix directory permissions a0d0f0ef6 fix goroutine leak of container Attach 0928a980c build(deps): bump lycheeverse/lychee-action from 2.6.1 to 2.7.0 31132cc91 build(deps): bump github/codeql-action from 4.31.0 to 4.31.2 9ae5468e0 build(deps): bump github.com/intel/goresctrl from 0.9.0 to 0.10.0 565151652 Add size check to referrers response bda01054f fix: ci TestContainerListStatsWithIdSandboxIdFilter failed because multiple id found 7bf5b92e6 Add Readonly setup to EROFS mount loop handler ebb52e3fb add missing container process metrics. 18be704f7 add container_threads to metric descriptors 7429a7b75 add container_start_time_seconds 6eef0737b add container_ulimits_soft 4b5f23e8a add oom metrics a68690c8c add container spec metrics e65874cfb add miscellaneous metrics ba524db34 snapshot: check parent's kind before commit e817edf89 CI: update Fedora to 43 2e0e47c47 Deprecate cgroup v1 189de942c Prepare release notes for v2.2.0-rc.0 db3c5b7b7 Update api version to v1.10.0-rc.0 d9d3c8223 Cleanup load shim info 42336c7de Update referrers interface to support more options 9840ad93e docker: fix addQuery with multiple calls 2d40b7fba build(deps): bump golang.org/x/time in the golang-x group 8ef2cfb7e Improve documentation for mount manager 4c7b94fce api/go.mod: golang.org/x/net v0.38.0 f508730d5 cgroups: bump to v3.1.0 842cb99a5 containerd-shim-runc-v2: monitor OOM event after creation 867728517 build(deps): bump github/codeql-action from 4.30.9 to 4.31.0 a741a44cf build(deps): bump actions/download-artifact from 5.0.0 to 6.0.0 94c2d3853 build(deps): bump actions/upload-artifact from 4.6.2 to 5.0.0 c59cc44c0 CI: skip ubuntu-24.04-arm on private repos 04d8ae1d6 Postpone v2.2 deprecation items to v2.3 d939b6af5 Remove rebase validation logic from overlay snapshotter fbc7848f2 Prepare release notes for api/v1.10.0-rc.0 7b7c5c171 Add rebase capability to erofs 0198b87fc Implement parallel unpack c9afcc2bc cri: retry stop container if there is connection closed 2042e805b cri/server/podsandbox: disable event subscriber 5b9d871fe Add EROFS mount handler plugin a418e280a add process metrics 7da6a9c21 add disk and diskIO metrics 2e58d4ccf add network metrics 68beb8191 add memory metrics 63eca8fe9 implement CRI ListMetricDescriptors 1bd3b45ad add cpu metrics 942d7afc6 Implement CRI ListPodSandboxMetrics 24e8734a5 .github: dump kernel message in Vagrant box 8a6e6263f Support arbitary mkfs size (not only in MiB) 3cc411c8b Fix backreference support for mount manager 4f130dbe7 cri: retry stopSandboxContainer if shim connection is closed 679a6d0a7 build(deps): bump github.com/klauspost/compress from 1.18.0 to 1.18.1 0da68e8b4 build(deps): bump github/codeql-action from 4.30.8 to 4.30.9 62845f4a9 Simplify oom event handling for cgroups v2 in shim 0d62c7188 Update loopback test to make initialization more robust 9ae0168c7 Add focus test option to critest a7d26b35e client: add referrers support to client 9e9620dd6 chore: fix some function names in comment 5386802f8 Default config_path if legacy registry options are not set. 25c3871ba Switch mount manager tests to ext4 55d5d5b50 Add Close method to mount manager 2a8d30117 Set default run platform in ctr 92bc4fadc Update task manager to use mount transformers 2f75989e2 Update erofs to use mount transformers be9f183f4 Add mount transformers to mount manager 1adaf27c1 Update erofs to compile on Darwin ee8ae9d56 Update erofs snapshotter to use mount manager fe02fcc5f docs: update default values for unprivileged port and ICMP settings ed2e81a78 bugfix:sync parent dir to ensure blob entry is reliably stored 932b65a49 restart:use goroutine to speedup loadShims 5243cdd2d Check expected digest when committing as a sanity check f2b9ff67f Make dockerPusher more compliant with distribution spec Signed-off-by: Bruce Ashfield

recipes/golang: improve reproducibility

2026-02-09T20:22:07+00:00

Refer [1], cgo will embeded cgo_ldflags in the intermediary output, which make content ID will be incfluenced by cgo_ldflags. '--sysroot=xxx' includes build path, which will make the binary not reproducible, these recipes can build successfully without --sysroot, so remove it [1] https://git.openembedded.org/openembedded-core/commit/?id=1797741aad02b8bf429fac4b81e30cdda64b5448 Signed-off-by: Changqing Li Signed-off-by: Bruce Ashfield

containerd: update to v2.2.0-beta.1

2025-10-16T15:28:40+00:00

Bumping containerd to version v2.2.0-beta.1-12-ga7e49900a, which comprises the following commits: a4ddfd7eb build(deps): bump the golang-x group with 2 updates c740c57b4 build(deps): bump github/codeql-action from 3.30.6 to 4.30.8 6316ab81d build(deps): bump softprops/action-gh-release from 2.3.4 to 2.4.1 ed2e81a78 bugfix:sync parent dir to ensure blob entry is reliably stored bfd6c52b4 Defer removal of deprecated registry config fields to 2.3 71f5d16aa bugfix:fix container logs lost because io close too quickly c039f5349 ci: bump Go 1.24.8 773bfa0ea Use tartest to simplify generating a tar 6a3b10fe7 Add a test for the erofs differ using tar index mode 42f2784ca Update go.mod to use api/v1.10.0-beta.1 8922d84e5 build(deps): bump google.golang.org/grpc from 1.75.1 to 1.76.0 36c22f45c Update referrers fallback logic to always have a fallback 0f3c5484f Fix gha api release file path f6b3b8cbe build(deps): bump ossf/scorecard-action from 2.4.2 to 2.4.3 7a7d7a996 build(deps): bump github/codeql-action from 3.30.5 to 3.30.6 669c3047a build(deps): bump softprops/action-gh-release from 2.3.3 to 2.3.4 ba606fe14 build(deps): bump actions/stale from 10.0.0 to 10.1.0 15d5fa725 build(deps): bump google.golang.org/protobuf from 1.36.9 to 1.36.10 60fb4adb0 1.6 is EOL aa571f63c Prepare release notes for api/v1.10.0-beta.0 83a946dca Add missing implicit dependency to podsandbox controller c69f443ba Update sandbox controllers service implicit dependency 637429a25 Update logging for sandbox controller service f0aeb9037 Add sandbox controller create call to client a338d8b2f Fix sandbox client shutdown to ignore not found errors 54ba402a2 Add default sandboxer to client c7b3114eb Update mount manager code documentation f3af360f6 Update runtime to read allowed custom mounts from runtime 2189d3d6c build(deps): bump docker/login-action from 3.5.0 to 3.6.0 cfb1b653d build(deps): bump actions/cache from 4.2.4 to 4.3.0 94e6bcea5 Add support for allowing custom types through mount manager efc995011 Add runtimes option to task manager dd9c43150 Add option to allow formatted mounts 9c21e867e Handle flaky case for loop autoclear f7b77e649 Update mount manager cleanup logic 069cbfe8f Use mount manager for temp mounts 93070961b Update snapshotter tests to use mount manager fa327566b Fix mount manager deactivate errors 9c0cc4a42 Add mount manager format test 61b8426ae Add mount manager documentation 67f0970a5 Add mount activation integration test 39f128b99 fix invalid deactivate error 76a877bb5 Add mount activation support to task service 5b4de2c34 Add implementation of list and get mount activation 184fae60f Add backreference support to mount manager 9794addce Add mount formatting test d8e5cdd76 Fix gc cleanup and add unit tests for gc 49634889f Update ctr image mounts to use mount manager 62062902f Add support for mount manager to ctr snapshots mount 563b28154 Add mount manager to client c8e7674cc Add temporary mount support to manager aba772012 Add debug logs to mount service calls d23e635a5 Fix mount manager plugin when no handlers provided 75ed5e003 Fix mount manager gc 8db301086 Add mounts api service 67fbf9db9 Generate and vendor proto changes c5097ac63 Add mount manager to protobuf services and types 4d34b01ce Add loopback and overlay mount manager tests 0e88cde87 build(deps): bump github/codeql-action from 3.30.3 to 3.30.5 5a00693e7 Fix integ-test: looking for sleep inf as longCommand 739821fc5 pkg/display: use platforms.Format for platform display 748cd9f03 Prevent goroutine hangs during ProgressTracker shutdown 54325eedc Fix typos introduced on PR 12323 a7537cb8a Add referrers to default registries b668614b5 Add referrers to host config c1b1297c6 Update capabilities for referrers 09b4ac136 Add referrers fetcher to remotes 9ca659a53 Add conf.d include in the default config de20021f5 Make E2E workflow a required check cbfb535ad Add a comment to explain why apt-get install erofs-utils can't be used 3df2b5d98 TestErofs/Rename fails with EROFS snapshotter c1bf79e7a Build and install erofs-utils from source and modprobe erofs 35f94ef70 vendor: opencontainers/runtime-tools v0.9.1-0.20250523060157-0ea5ed0382a2 33e6b79fc Fix device mapper suspend/resume flakyness 5be6c0309 build(deps): bump azure/CLI from 2.1.0 to 2.2.0 7e74801b7 Move wintls as internal pkg d2adfd820 Add support to retrieve certificate and key from windows cert store 6243cf562 Add mount manager tests f4b7b9344 Improve formatting and support for deactivate 55ff11737 Add loopback mount handler ed03f3a71 Add mount manager plugin and types 78ca11c1c Add mount garbage collection resource c71598622 Add mount manager interface to mount package 1809f3ef1 Update metadata gc to run context finishes in parallel 37cec6800 Move transaction context to boltutil 09644bd13 [github-action] release - Empty allowedSignersFile 635907e63 Ensure errContentRangeIgnored error when range-get request is ignored by registry 010ad4c06 build(deps): bump google.golang.org/protobuf from 1.36.8 to 1.36.9 8112ca64f cri: remove copying of message structs 9d351805b go.mod: Bump up k8s.io to 0.34.1 517ca7566 build(deps): bump google.golang.org/grpc from 1.75.0 to 1.75.1 e009b98ce build(deps): bump github/codeql-action from 3.30.1 to 3.30.3 84aa20676 docs: Update 1.7 LTS support timeline cfe20b588 add k8s 1.34 support matrix 479cf42ca Add extraction progress to transfer service 09e531b88 Add progress to apply options a85610d52 Prepare release notes for v2.2.0-beta.0 dba7f8fbe Update releases doc to show v2.2 has started beta da2a8b34e build(deps): bump softprops/action-gh-release from 2.3.2 to 2.3.3 6f92111a9 build(deps): bump actions/stale from 9.1.0 to 10.0.0 52c310c98 build(deps): bump actions/github-script from 7.0.1 to 8.0.0 39a38dd60 build(deps): bump google-github-actions/upload-cloud-storage 284716350 build(deps): bump github/codeql-action from 3.30.0 to 3.30.1 d4fd22ce7 build(deps): bump github.com/prometheus/client_golang b2866150a build(deps): bump the golang-x group with 3 updates 65badbef4 Resolve `staticcheck` complaints on FreeBSD f45716efe Clean up issues cited by `usetesting` package with golangci 53d78b68d runc:Update runc binary to v1.3.1 c77b70852 pkg/cio: Close(): use errors.Join to return all errors bfbb18ca8 build(deps): bump github.com/containernetworking/plugins 1fac82f0e build(deps): bump github.com/checkpoint-restore/checkpointctl 6374ac511 build(deps): bump actions/attest-build-provenance from 2.4.0 to 3.0.0 23c51c25b build(deps): bump github/codeql-action from 3.29.11 to 3.30.0 b56804da7 build(deps): bump google-github-actions/auth from 2.1.12 to 3.0.0 683cd7d60 gc:make sure lastCollection is not nil bcecb979a build(deps): bump lycheeverse/lychee-action from 2.5.0 to 2.6.1 fb28794f4 Update Go requirements in BUILDING 591a769a6 build(deps): bump google.golang.org/protobuf from 1.36.7 to 1.36.8 f4238238f build(deps): bump github.com/stretchr/testify from 1.10.0 to 1.11.0 fd1a7a102 build(deps): bump google.golang.org/grpc from 1.74.2 to 1.75.0 8ebe57e2e build(deps): bump github.com/coreos/go-systemd/v22 from 22.5.0 to 22.6.0 cc2a52ca8 Update pkg/oci to use FS interface 6fa776811 docs: remove shutdown adopter D2iQ Konvoy 56cde7d2c add SystemdCgroup to default runtime options 363e02310 install-runhcs-shim: fetch target commit instead of tags 77905cf6f build(deps): bump go.etcd.io/bbolt from 1.4.2 to 1.4.3 fe4ec31bc build(deps): bump github/codeql-action from 3.29.10 to 3.29.11 f0ee598ff integration: Add test for directives with userns 41953f7ac cri: Fix userns with Dockerfile VOLUME mounts that need copy 48f5d4255 script/test: clean up generated NRI test configuration. ad207c1ce docs: update docs for NRI v0.10.0. 37b12bf5e Add documentation for cgroup_writable field b7a401f1d cri: warn about deprecated v0.1.0-style NRI plugins. cb9fda2e7 nri: add configuration for the default validator. fa820a5d0 go.{mod,sum}: update NRI to v0.10.0. 3dbb9695a build(deps): bump github/codeql-action from 3.29.7 to 3.29.10 da3dc1ef6 core/mount: Retry unmounting idmapped directories 27ba690a1 core/mount: Test cleanup of DoPrepareIDMappedOverlay() dd7fe0b76 core/mount: Properly cleanup on doPrepareIDMappedOverlay errors cb56df4fb build(deps): bump the k8s group with 3 updates d449d94d2 build(deps): bump github.com/emicklei/go-restful/v3 b595e0173 Update hcsshim to v0.14.0-rc.1 in preparation for containerd/2.2 7a19c94d6 core/mount: Don't call nil function on errors dc38aaf6c ci:fix TestSandboxRemoveWithoutIPLeakage failed 6dcbdcfb3 ci: add Go 1.25.0 93c034c80 build(deps): bump actions/cache from 4.2.3 to 4.2.4 f77717f50 build(deps): bump lycheeverse/lychee-action from 2.4.1 to 2.5.0 a2d30ba30 build(deps): bump google.golang.org/protobuf from 1.36.6 to 1.36.7 6e9b6eada core/mount: Only idmap once per overlayfs, not per layer 6ce7f6d87 pkg/sys: check SupportsPidFD first c7f19d104 build(deps): bump the golang-x group with 2 updates 8d275704a build(deps): bump actions/checkout from 4.2.2 to 5.0.0 e3b2bcead build(deps): bump actions/download-artifact from 4.3.0 to 5.0.0 5bd22a3e9 build(deps): bump github.com/containerd/go-cni from 1.1.12 to 1.1.13 bd9e577c2 Fix ctr snapshot mount produce invalid mount command for empty option db31fbc5a ci: bump Go 1.24.6 45e02e1dc sys: fix pidfd leak in UnshareAfterEnterUserns 7340a7a28 fix: create bootstrap.json with 0644 permission 2b48e3cb9 build(deps): bump docker/login-action from 3.4.0 to 3.5.0 398d42313 build(deps): bump github.com/prometheus/client_golang aeace7daa build(deps): bump google-github-actions/auth from 2.1.11 to 2.1.12 009625290 Block CIM snapshotter & differ 63c9cfcc1 fix typo: collecter -> collector 3653c911b Update mailmap for austinvazquez 55fd29789 build(deps): bump github/codeql-action from 3.29.2 to 3.29.4 6e0579453 build(deps): bump google-github-actions/upload-cloud-storage 22a88c1ac build(deps): bump the k8s group with 3 updates 83deebdd5 build(deps): bump google-github-actions/auth from 2.1.10 to 2.1.11 a38708cc9 build(deps): bump google.golang.org/grpc from 1.73.0 to 1.74.2 68a55252f refactor: use the built-in max/min to simplify the code b70b43f6b time to upgrade to 1.33 cri-tools 4f95737e1 Remove Alpha gate from k8s e2e runs 46325f114 Update 1.6 timeline to add an extended period ed174c914 cmd/ctr: rename vars that shadowed builtin 4420b5a49 Ensure fetcher always closes body and properly calls release 1b821ca04 fix(dockerFetcher): resolve deadlock issue in dockerFetcher open 118a84147 ci: update crun to 1.22 c5ad254a3 ci: bump Go 1.24.5 0eaa09e35 Make signal notifications work on Windows 636d29832 build(deps): bump the golang-x group with 3 updates dbb44287f Plumb windows CPU affinity values to runtime spec 12daca5f6 Fix intermittent test failures on Windows CIs 117179ae1 Remove WS2025 from CIs due to regression 222b2d3e7 update pause image to pause:3.10.1 e96ebc008 erofs-snapshotter: make IMMUTABLE_FL optional f75323f89 nri: enable otel traces in NRI. b641933cf erofs snapshotter: Add tar index mode 62bbdce7f update go-md2man binary to v2.0.7 fd464031d build(deps): bump github.com/tchap/go-patricia/v2 from 2.3.2 to 2.3.3 e0d733c87 blockfile: Ensure required options are always set aed961a6f Remove additional fuzzers from CI 24ea5f23f build(deps): bump golangci/golangci-lint-action from 6.5.2 to 8.0.0 a0ed14fd4 erofs-differ: fix filesystem UUID for tar-converted layers b92e8b544 Add GitHub Action for k8s node e2e tests eb63b5b4d Amend runtime handler test for stable order c6ae08193 CRI: Stable sort for RuntimeHandlers f51a2fbfd Test showing RuntimeHandlers in Status() are unordered cc913cac6 build(deps): bump github/codeql-action from 3.29.0 to 3.29.2 40f3b74af build(deps): bump go.etcd.io/bbolt from 1.4.1 to 1.4.2 587c0757b build(deps): bump github.com/intel/goresctrl from 0.8.0 to 0.9.0 35cbd7349 Fix port forward error logger to not cause concurrent write 7a46fe7e6 Correct Commit Memory Aggregation for Windows Containers a4aebea4b build(deps): bump github.com/containerd/console from 1.0.4 to 1.0.5 100b78711 build(deps): bump google.golang.org/grpc from 1.72.2 to 1.73.0 621d661be Add coverage support for CRI integration tests bf1c47f5e core/runtime/v2: shimManager.cleanupWorkDirs ignore non-existing path d553c4014 Update GHA runners to use latest image for most jobs 610f29914 Update garbage collection docs 6537a61d0 Add back reference test for collectible resources df87a8f71 Add support for backreferences in gc 8ecd6b6fa Update gc tests to make digests easier to identify cf7f4f5cc restore: skip pull for existing base image b671a9721 ctr:add sandbox info command to print sandbox info b95265124 build(deps): bump docker/setup-buildx-action from 3.11.0 to 3.11.1 9f9ce00aa build(deps): bump the k8s group across 1 directory with 3 updates a79e79141 ci:fix ci TestContainerExecLargeOutputWithTTY panic 97bbc1f73 Remove unused Windows 2019 powershell scripts cb53f381e fix when multipart fetching and the server does not return content length d3516916a Fix fetch always adding range to requests aea4e685e build(deps): bump github.com/urfave/cli/v2 from 2.27.6 to 2.27.7 ed7746656 ci: bump golangci from 6.5.2 to 7.0.0 37147b13a Disable ST1003: struct field Uid should be UID (staticcheck) 19a713061 Disable QF1003: could use tagged switch on base (staticcheck) 03a44a2d7 fix: Used nolint to ignore the static checks 4ba81d429 fix: ST1001: should not use dot imports (staticcheck) b52997372 fix: ST1019: removed the duplicate imports 403f86ecc fix: QF1012: Use of fmt.Fprintln(...) d93d18c85 fix: QF1001: could apply De Morgan's law (staticcheck) b3eec6d8e fix: ST1005: error strings should not end with punctuation or newlines 1ff590004 fix: QF1004: strings.ReplaceAll instead (staticcheck) 56516173d fix: QF1002: could use tagged switch on host (staticcheck) 0df6d1e6b build(deps): bump docker/setup-buildx-action from 3.10.0 to 3.11.0 4593023f1 build(deps): bump github.com/grpc-ecosystem/go-grpc-middleware/providers/prometheus 1f288492c build(deps): bump actions/attest-build-provenance from 2.3.0 to 2.4.0 0779c0a6d build(deps): bump softprops/action-gh-release from 2.2.2 to 2.3.2 9b7f24610 build(deps): bump github/codeql-action from 3.28.18 to 3.29.0 b7bda5d6e build(deps): bump go.etcd.io/bbolt from 1.4.0 to 1.4.1 7c97cd331 build(deps): bump the golang-x group with 2 updates e6708bddf bugfix:close container io when runtime create failed 4bf1705a8 Implement io.ReaderAt on docker fetch reader 734d52c39 chore: remove specific go version code 04ce9f884 feat: preserve nsPath on mount failure to ensure cleanup af068ff86 Update fetcher errors to include full registry error 6e1f0203e Register remote errors for clients to access registry errors 697d77676 Decode grpc errors in the transfer client proxy 9de26f315 [e2e] add case for shim wait interface 49664dab5 Add context in Process Wait interface 415df3892 ci: bump Go 1.24.4 in CI 2f1948a50 Enable CIs to run on WS2022 and WS2025 8de612020 pkg/oci: don't use var for WithPrivileged cf667aa7e pkg/oci: add basic test for WithParentCgroupDevices d72c21450 pkg/oci: don't use vars for WithAllKnownCapabilities, WithAllCurrentCapabilities ac3c3ad5d pkg/oci: cleanup some tests 4de598d94 pkg/oci: remove compatibility code for go1.16 and older 17c632e78 pkg/oci: fix minor linting issues cff8184ff support image volume sub path a8658a708 erofs-snapshotter: fix to work with wrapped errors 4f7c69ae6 Update differ selection in transfer service to prefer default 21f0595b9 Add debug log when transfer returns not implemented d9bb00578 Add more error details when unpack fails to extract 4dd2cd92c build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 48cec3659 Update transfer supported platforms logic 1ac97c2c1 *: properly shutdown non-groupable shims to prevent resource leaks 128229975 Enable DuplicationSuppressor in transfer service 00edba6aa Remove internal interface from unpacker interface 77562a8e4 fix import for local transfer service a93c8d3cd build(deps): bump google.golang.org/grpc from 1.72.0 to 1.72.2 4a2c40223 build(deps): bump lycheeverse/lychee-action from 2.4.0 to 2.4.1 ee85517b1 docs: fix v2.1.0 release link e57b9f751 dep: bump up k8s.io/cri-api to 0.33.0 a4dd2b8f2 go.mod: bump up go to 1.24.3 b9a29bdb9 ci: bump up go to 1.24.3 811d04422 shim-v2:improve shim error message 6e17198f0 Add descriptor to transfer pull image events 213337ce4 Fetch image with default platform only in TestExportAndImportMultiLayer aa9c17c69 Add symlink breakout test for overriden path 78e838c34 build(deps): bump github/codeql-action from 3.28.17 to 3.28.18 b98b99836 build(deps): bump github.com/emicklei/go-restful/v3 fb6dd2cf1 client:improve mount error message 8be437ee8 docs(ansible): fix the folder d498e690e clones k8s util exec used by streaming code removing k8s util dependencies 6c0d36b24 follow-up changes discussed at end of review creating these packages b0052d94a pkg/oci: prevent panic for some platform-specific options ee5ad982f docs/snapshotters/erofs.md: a tip for improved performance 5f2200b2c erofs-differ: fix EROFS native image support af24e463b update runhcs to v0.13.0 7063ee659 clones vendor of k8s.io/kubelet/pkg/cri/streaming 11efadd36 build(deps): bump github.com/vishvananda/netlink e29c0fe58 build(deps): bump github.com/Microsoft/hcsshim 21215b216 build(deps): bump dario.cat/mergo from 1.0.1 to 1.0.2 38c9bb93a Revert "perf(applyNaive): avoid walking the tree for each file in the same directory" 1a4c32105 seccomp: kernel v6.13 6180d6243 seccomp: kernel v6.12 fea77e15b ci: bump golang [1.23.9, 1.24.3] in build and release a2f1f4a67 cri:use debug level when receive exec process exited events 8d3eb6567 Update removal version for deprecated registry config fields 2be7a7310 ci:fix ci timeout on almalinux 98698617c Update internal/cri/server/container_create.go af05355e4 internal/container_create: if sandboxConfig's metadata is nil will panic bcfba26ca internal/cleanup: remove Background(), add tests for Do() ada7bdf19 replace "cleanup.Background" for "context.WithoutCancel" c4435bb48 internal/cleanup: fix package godoc e58bc944f core/runtime/v2: cleanup shim-cleanup logs 9ae54175d ctr:make sure containerd socket exist before create client 6ebe15dd4 cri:fix containerd panic when can't find sandbox extension 8bc62da9c client/New: Don't unlazy the gRPC connection implicitly Signed-off-by: Bruce Ashfield

containerd: update to v2.1.4

2025-08-21T16:52:09+00:00

Bumping containerd to version v2.1.4-6-g30bd62aac, which comprises the following commits: 74b0505eb ci: bump Go 1.23.12, 1.24.6 3c174cf64 fix: create bootstrap.json with 0644 permission 5ef6ea747 sys: fix pidfd leak in UnshareAfterEnterUserns 112e41363 Add release notes for v2.1.4 add2dcf86 Ensure fetcher always closes body and properly calls release 34a1cb1dd fix(dockerFetcher): resolve deadlock issue in dockerFetcher open 82c4d6875 ci: bump Go 1.23.11, 1.24.5 6cc2a8d77 Fix intermittent test failures on Windows CIs 6adc69312 Remove WS2025 from CIs due to regression 8d194c19f erofs-snapshotter: make IMMUTABLE_FL optional 2df7175d7 client/New: Don't unlazy the gRPC connection implicitly 02298e1a0 cri:fix containerd panic when can't find sandbox extension 4902adb92 update go-md2man binary to v2.0.7 583133e71 erofs-differ: fix filesystem UUID for tar-converted layers 57db13d50 Amend runtime handler test for stable order d822c9048 CRI: Stable sort for RuntimeHandlers a2fd70639 Test showing RuntimeHandlers in Status() are unordered b74268f86 bugfix:close container io when runtime create failed Signed-off-by: Bruce Ashfield

containerd: drop CVE_VERSION

2025-07-31T17:42:38+00:00

It's easy to forget to update this CVE_VERSION setting. So remove it. The default value of CVE_VERSION is PV. Signed-off-by: Chen Qi Signed-off-by: Bruce Ashfield

containerd: update to v2.1.3

2025-07-07T15:42:27+00:00

Bumping containerd to version v2.1.3-2-g41bb88c7e, which comprises the following commits: b74268f86 bugfix:close container io when runtime create failed 7636bd5eb fix when multipart fetching and the server does not return content length 627729341 Prepare release notes for v2.1.3 3c5ede878 Update transfer supported platforms logic babacebad Fix fetch always adding range to requests fb752bc8e fix import for local transfer service f30be44ad Update fetcher errors to include full registry error f6d926314 Register remote errors for clients to access registry errors 7c1813345 Decode grpc errors in the transfer client proxy 63b9eae62 Prepare release notes for v2.1.2 cff1feb28 *: properly shutdown non-groupable shims to prevent resource leaks 2ce169aae ci: bump golang [1.23.10,1.24.4] in build and release 70bcb9b55 Enable CIs to run on WS2022 and WS2025 c71f77170 build(deps): bump google.golang.org/grpc from 1.72.0 to 1.72.2 9b6c1949a Fetch image with default platform only in TestExportAndImportMultiLayer 4bcea74de Update differ selection in transfer service to prefer default 0c3cd8a99 Add debug log when transfer returns not implemented 820e56765 Add more error details when unpack fails to extract 480126f50 erofs-snapshotter: fix to work with wrapped errors d82921ff5 Enable DuplicationSuppressor in transfer service 0bb25c3d6 ci: bump golang [1.23.9, 1.24.3] in build and release dd2ce49d0 Add symlink breakout test for overriden path ac8e84efc client:improve mount error message 216667ba0 Prepare release notes for 2.1.1 e1817a401 docs/snapshotters/erofs.md: a tip for improved performance 2168cb92c erofs-differ: fix EROFS native image support 444ca17cd update runhcs version to v0.13.0 40575a15f cri:use debug level when receive exec process exited events 0684f1c44 build(deps): bump github.com/Microsoft/hcsshim ac00b8e61 Revert "perf(applyNaive): avoid walking the tree for each file in the same directory" 37d6c4236 Update removal version for deprecated registry config fields 7fcbc3c46 core/runtime/v2: cleanup shim-cleanup logs e7be076d4 ctr:make sure containerd socket exist before create client c90524d5f .github: mark 2.1 releases as latest 897f65cff Prepare release notes for v2.1.0 ca36be282 Update api to v1.9.0 e51f9c177 Update release for 2.1 release and next to releases a6db1c440 Update mailmap 145175bf4 Prepare release notes for api/v1.9.0 5dc29f0e7 core/runtime: should invoke shim binary e5ef65017 Revert "not set sandbox id when use podsandbox type" 1c70f237c integration: add testcase to recover ungroupable shim 51664ad32 build(deps): bump github/codeql-action from 3.28.16 to 3.28.17 0d085bc53 build(deps): bump the golang-x group with 2 updates 7360c739f Fix image inspect skip over missing content ddbd748a5 clones k8s apimachinery resource quantity for cri annotation parsing e2d6a7160 cri: put limiter out of config 33ee060a3 Use Go 1.19 atomic wrappers everywhere 9e67469fa clones k8s utils clock for cri server events to remove dependency 5f3f84f56 removes use of klog from containerd repo 4dfe4e8be Update runc binary to v1.3.0 42937de92 cloning k8s apimachinery set utils no longer vendoring apimachinery bfd85405d clones k8s component-base logreduction for integration test 8a08aebe1 removing/cloning vendor of kubelet pod label definitions 3851bd540 fix unbound SKIP_TEST variable error 9058ab4ae Revert "disable portmap test in ubuntu-22 to make CI happy" ee7189d1d Add retries for flaky Windows test d70d6245f Retry registry operations once on 50x on last host ca356e46e cri: add a ConcurrentDownloadLimiter a914597c0 fix: client pull: pass fetch performances options 413702b7e fix comment 89780188f dockerFetcher.open: show all parameters when pulling a layer e499939a4 build(deps): bump actions/attest-build-provenance from 2.2.3 to 2.3.0 7fe090e9a build(deps): bump actions/download-artifact from 4.2.1 to 4.3.0 105602db0 build(deps): bump google-github-actions/auth from 2.1.8 to 2.1.10 b559084fb build(deps): bump github/codeql-action from 3.28.15 to 3.28.16 b89733812 core/transfer/local: should not mark complete if it's not found 0dcdc1ffa bump:update cni to v1.7.1 7c03dd036 nri: add type conversion functions removed from NRI. f71c2c2d5 Prepare 2.1.0-rc.0 release 61cbbaaba Update api to v1.9.0-rc.0 f42ee3431 Update mailmap entries 83ad3b55f code review fixes a196ee66a better race mgt ce73e1b3e docs: Run userns example in /tmp 882b1903c docs: Fix typo in userns example b62339f39 docs: Fix typos to run userns with ctr 72c8c7708 only keep one setting: concurrent_layer_fetch_buffer 024775dab set dl options on resolver 88116b191 remove max_dl_operations setting 755a4ac6f update f9af08820 perf(pull): multipart layer fetch cdd7ec40d Support configuring custom media types for unpack 17b6e1ef8 Allow streaming to client 40eb2fdbb Fix protos bd8e6c727 Enable http debug and tracing for non local puller 1d436803d Add http debug fields to OCI registry protos 27e6c117d Move HTTP debug code to pkg c0ce618a1 Add release notes for api v1.9.0-rc.0 d16ad8f5c fix: update containerd config dump to reflect plugin config migrations. f57727c42 Revert criserver metrics subsystem back to cri b694be29a Update CRI image service to pull using transfer service 2f9734fa5 erofs-differ: support EROFS native image layers d52386ab9 Add check for rootfs type and only unmarshal relevant parts 5dcdd5484 golangci-lint: add forbidigo rules to prevent regex.MustCompile 147787449 use lazyregexp to compile regexes on first use fa0e50ccf implement lazyregexp package f512e3174 ctr shim: allow override to computed shim address 21a6db1b3 Update CRI documentation to add information about Image Pull with Transfer Service 4b4e6f7c6 not set sandbox id when use podsandbox type e511a384e Add warning message when using async mode 89a8cd2fb Introduce no_sync option 57c1cfa5f Update godoc for Bolt options 2db2db3a8 Customzie BoltDB options in MetaStore c94a92f42 Expose boltdb configuration for metadata plugin 98eded24b Move erofsutils to internal 5d3a4d082 build(deps): bump softprops/action-gh-release from 2.2.1 to 2.2.2 f815d0291 build(deps): bump google.golang.org/grpc from 1.71.1 to 1.72.0 47afd3d1c Fix vagrant setup eb09e8d75 Add loong64 seccomp support 568880ec3 erofsutils: MountsToLayer slight optimizations 09f34d18b erofs-differ: implement fast differ with DiffDirChanges() b8649bd38 client: fix returned error in the defer function 5cb77bc22 build(deps): bump golang.org/x/net from 0.37.0 to 0.38.0 01ff3b364 chore: fix broken links to https://docs.docker.com/registry 40b0083c4 fix(docker pusher): if authorizing a cross-repo mount fails, fall back 6f93c65f5 use go1.23.8 as the default go version 5629e9fff update to go 1.24.2, 1.23.8 d73880a9f build(deps): bump github.com/prometheus/client_golang fc23c4d61 build(deps): bump google.golang.org/grpc from 1.71.0 to 1.71.1 76470adf7 build(deps): bump github.com/moby/sys/user in the moby-sys group 97eb1cd46 change criService.runtimeHandlers slice to a map 764dcf77a config: postpone planned v2.1 deprecations to v2.2 499238a52 Remove deprecated dynamic library plugins 9ca6a7ee0 Disable arm64 criu testing in GH Actions 70db1bd00 disable portmap test in ubuntu-22 to make CI happy 8e6c93b6b add option to skip tests in critest c1026d5bf Fixing install instructions for Windows 752914b5b Add content create event to api 81acabd95 release: use Ubuntu 22.04 (glibc 2.35) d9c889568 Remove the support for Schema 1 images 74af78b34 cri,nri: allow plugins to inject devices using CDI. 3251e2cc8 Prevent panic in Docker pusher. 4857de853 Add cri.config.headers to auth requests 10b4eb4a9 Add hosts.toml headers to auth requests 5ae698235 Only add containerd as User-Agent when it's empty f87b2c1cd avoid import to testing pkg outside of tests be9ca11a1 fix call fmt.Errorf with wrong error eae1a6adc build(deps): bump github/codeql-action from 3.28.13 to 3.28.15 8db39a964 build(deps): bump github.com/fsnotify/fsnotify from 1.8.0 to 1.9.0 2a52260c7 build(deps): bump azure/login from 2.2.0 to 2.3.0 2d3ff252d build(deps): bump github.com/containernetworking/cni from 1.2.3 to 1.3.0 be602ea5c build(deps): bump the golang-x group with 2 updates 3a5f04fdd build(deps): bump github.com/pelletier/go-toml/v2 from 2.2.3 to 2.2.4 a083b669c Set default differ for the default unpack config of transfer service 1dbb7f2ae pkg/sys: improve GetLocalListener/CreateUnixSocket error message bca39a6f4 Add documentation for test for issue 10467 713f753e5 Update release upgrade tests to test 1.7 and 2.0 9d05ae03b Revert "Remove test for issue 10467" 33dae72b9 build(deps): bump lycheeverse/lychee-action from 2.3.0 to 2.4.0 c9b9f4a9a build(deps): bump crazy-max/ghaction-github-runtime from 3.0.0 to 3.1.0 ead5c1ee6 cri:fix lost container exit events if they arrive before info is cached 860260434 store extension when create sandbox in store cffb6d425 downgrade cni version in CI test 07a23b6f4 use type textarea 3ef9084d0 Create cri_kep.yaml 450038a28 integration/client: add tests for TaskOptions is not empty 7e5c5038a prefer task options for PluginInfo request ec3567d6b update taskOptions based on runtimeOptions when creating a task fe4703cde integration: check image volume snapshot after deleting pod d141d6c3d integration: run image volumes for linux platform only de833ebbb cri: enhance error handling for image volume be0ab6e93 cri: add volatile option to image volume mount if applicable d080d441d build(deps): bump google.golang.org/protobuf from 1.36.5 to 1.36.6 7e7c3b0a8 build(deps): bump github.com/opencontainers/selinux 3689dec42 build(deps): bump actions/download-artifact from 4.1.9 to 4.2.1 cb6a82a92 build(deps): bump actions/upload-artifact from 4.6.1 to 4.6.2 5b194505e build(deps): bump github/codeql-action from 3.28.11 to 3.28.13 ce690b0a9 build(deps): bump actions/cache from 4.2.2 to 4.2.3 aff7e4797 build(deps): bump github.com/containernetworking/plugins a3a66d1f2 Fix the panic caused by the failure of RunPodSandbox 10fae41ad go.mod: tags.cncf.io/container-device-interface v1.0.1 e7b4165ab *: CRIImageService should delete image synchronously 42effa3b9 Mark `NetworkPluginBinDir` as DEPRECATED 7f9ca1dcb update max container log line size json field 71f593d4a Support multiple CNI plugin bin dirs 7fe5c4123 go.mod: golang.org/x/net v0.37.0 3e96f1a51 Update runc binary to v1.2.6 6670d4153 build(deps): bump tags.cncf.io/container-device-interface 14e94bcbf build(deps): bump github.com/containerd/imgcrypt/v2 from 2.0.0 to 2.0.1 80e3fc4ce build(deps): bump golangci/golangci-lint-action from 6.5.0 to 6.5.2 ec5d686b1 build(deps): bump the k8s group with 5 updates 234a4411f build(deps): bump docker/login-action from 3.3.0 to 3.4.0 c8effff1a Fix CI lint error 7c522819d support to set defer cleanup timeout to decrease ctx timeout 53eec6c78 move host tlsconfig update to a separate function f702bf9fe [hosts] wrong explicitTLS value when dialTimeout is set 8028a1d08 Bump github.com/go-jose/go-jose/v4 from v4.0.4 to v4.0.5 ce055b530 Bump golang.org/x/text from 0.22.0 to 0.23.0 e0aaed012 Bump golang.org/x/term from 0.29.0 to 0.30.0 c4982bffc Add dial timeout field to hosts toml configuration 94dd70f4f build(deps): bump the otel group with 8 updates 85c04ab0e build(deps): bump the golang-x group with 3 updates 12762891d Remove test for issue 10467 5bbd3ed1b add k8s 1.32 and as tested containerd supported branches at the time of release 93cc1e6eb Fix upgrade test runtime config 531adbf06 config:fix config migrate lost timeout config de1341c20 validate uid/gid 9e6beafd5 Support container restore through CRI/Kubernetes 88faaac97 build(deps): bump containerd/project-checks from 1.2.1 to 1.2.2 9f885ea4f build(deps): bump github/codeql-action from 3.28.10 to 3.28.11 d7de182dd build(deps): bump actions/attest-build-provenance from 2.2.2 to 2.2.3 75252f975 build(deps): bump github.com/prometheus/client_golang c37e48b07 build(deps): bump google.golang.org/grpc from 1.70.0 to 1.71.0 700b98415 build(deps): bump github.com/urfave/cli/v2 from 2.27.5 to 2.27.6 833d6bc8e Update release status for 2.1 to beta 71cfe00ee Prepare release notes for v2.1.0-beta.n be8fe50f4 Update the upgrade test to handle 2.1 06daffb4d integration: update TestUpgrade for 2.1 405a952c6 add name in package version 4f090fe77 update to go1.23.7 / go1.24.1 b947e0566 fix: repeat args from sub-func call ee574e76e client: Respect `client.WithTimeout` option 4357a7600 use shimCtx for fifo copy edd1cc50d docs: include note about unprivileged sysctls 393ad5b11 e2e: use the shim bundled with containerd artifact f8f205382 Update runtime-spec to v1.2.1 af5ff5a1f CVE-2025-22869: upgrade golang.org/x/crypto to v0.35.0 3a5de731c erofs-snapshotter: clear IMMUTABLE_FL only for committed snapshots 10f2b7fde CVE-2025-22868: upgrade golang.org/x/oauth2 to v0.27.0 705518e58 ci: update GitHub Actions release runner to ubuntu-24.04 971915797 erofs-snapshotter: force the use of loop devices for single-layer images 69c0d7f60 build(deps): bump containerd/project-checks from 1.1.0 to 1.2.1 37fe1e8b4 build(deps): bump golang.org/x/net from 0.23.0 to 0.33.0 in /api 0eea93d68 build(deps): bump actions/cache from 4.2.1 to 4.2.2 20fa1ca46 build(deps): bump actions/attest-build-provenance from 2.2.0 to 2.2.2 9b0b67951 build(deps): bump docker/setup-buildx-action from 3.9.0 to 3.10.0 86734729f build(deps): bump actions/download-artifact from 4.1.8 to 4.1.9 001dfeb19 build(deps): bump github.com/klauspost/compress from 1.17.11 to 1.18.0 72ac5cad4 build(deps): bump github.com/google/go-cmp from 0.6.0 to 0.7.0 d37ea6977 Bump to newer opencontainers/image-spec @ v1.1.1 b477cf8e9 erofs-snapshotter: protect layer blobs with FS_IMMUTABLE_FL d8063c30d perf(applyNaive): avoid walking the tree for each file in the same directory e84e5a215 build(deps): bump go.etcd.io/bbolt from 1.3.11 to 1.4.0 00cb73503 Swap to go.etcd.io/bbolt/errors for bbolt errors 22d568fb5 Update CDI dependency to v0.8.1. f25f36c33 proxy: break up writes from the remote writer to avoid grpc limits 51f063f07 Prefer runtime options for PluginInfo request d2b5653c1 build(deps): bump the k8s group across 1 directory with 6 updates 76858ac8e Ignore defunct verifier procs in test 268880bf5 [improve] prevent oom watcher depend on shim pkg. 4e7484d3f CI: arm64-8core-32gb -> ubuntu-24.04-arm f3b6078f9 erofs-snapshotter: add fsverity support 86cde823a build(deps): bump actions/cache from 4.2.0 to 4.2.1 49257264f build(deps): bump actions/upload-artifact from 4.6.0 to 4.6.1 125525d6c build(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.1 0500dacf6 build(deps): bump github/codeql-action from 3.28.9 to 3.28.10 71958731e move security profile to cri/sputil pkg b8a759f1f build(deps): bump golangci/golangci-lint-action from 6.3.2 to 6.5.0 f23981281 build(deps): bump google.golang.org/grpc from 1.69.4 to 1.70.0 a1e7457bc docs: add CRI Plugin Config runtime_path 1ec10d9ae Add OCI/Image Volume Source support 480e1039f move exclude-dirs to issues.exclude-dirs a502b7931 Clarify port handling in hosts toml 44baada6a device mapper:fix sometimes blkdiscard doesn't have --version flags 938775864 Update runc binary to v1.2.5 326fbf074 build(deps): bump google.golang.org/protobuf from 1.36.3 to 1.36.5 6a01ad3e1 cri,nri: block NRI plugin sync. during event processing. df99aa321 update to go 1.24.0 / go1.23.6 41eaa41c4 update golangci-lint to v1.64.2 17acb356f build(deps): bump github.com/vishvananda/netns from 0.0.4 to 0.0.5 84e07f6b5 build(deps): bump the golang-x group with 3 updates 6a08d70e6 build(deps): bump github/codeql-action from 3.28.8 to 3.28.9 2f971ee2d build(deps): bump docker/setup-buildx-action from 3.8.0 to 3.9.0 2b8a7f253 build(deps): bump lycheeverse/lychee-action from 2.2.0 to 2.3.0 bdb8cb5a8 build(deps): bump golangci/golangci-lint-action from 6.2.0 to 6.3.2 a1c540085 Support for importing layers in the block CIM format. b98378638 move the device after the options when using mkfs.ext4 1fc497218 Fix privileged container sysfs can't be rw because pod is ro by default c51f5d26f perf(zstd): deactivate the low mem decoder b65f3875b build(deps): bump google-github-actions/upload-cloud-storage 841ab361c build(deps): bump github/codeql-action from 3.28.6 to 3.28.8 565b50dbb build(deps): bump google-github-actions/auth from 2.1.7 to 2.1.8 2eb0aa6b9 nri: make OCI spec available on StopPodSandbox 168c49e4d Fix state/root bug in shim sandbox controller 3cdfc1003 core/remotes: Handle attestations in MakeRefKey e751b6bb1 core/images: Ignore attestations when traversing children 83b65e52f Revert "Add timestamp to PodSandboxStatusResponse for kubernetes Evented PLEG" 0c986c332 build(deps): bump actions/attest-build-provenance from 2.1.0 to 2.2.0 575239789 build(deps): bump actions/stale from 9.0.0 to 9.1.0 48d09104d build(deps): bump github/codeql-action from 3.28.1 to 3.28.6 6d1f6e75d Update upgrade section 5f238fa82 Update to time based releases 886d971f8 Update LTS definition and support horizon a6dc9905c client: add WithExtraDialOpts option 69e82f9cd build(deps): bump the otel group across 1 directory with 8 updates 53d6f3482 build(deps): bump golangci/golangci-lint-action from 6.1.1 to 6.2.0 4b77d4e41 build(deps): bump softprops/action-gh-release from 2.2.0 to 2.2.1 22e77720b build(deps): bump github/codeql-action from 3.27.9 to 3.28.1 f572a6db9 build(deps): bump lycheeverse/lychee-action from 2.1.0 to 2.2.0 36d3888cf build(deps): bump actions/upload-artifact from 4.4.3 to 4.6.0 19c546c97 build(deps): bump github.com/tchap/go-patricia/v2 from 2.3.1 to 2.3.2 460e5a2e2 build(deps): bump google.golang.org/protobuf from 1.36.1 to 1.36.3 157faf65c update to go1.23.5 / go1.22.11 222308416 Remove noinline in apparmor SpecOpts 2a4164ac8 Remove noinline in seccomp SpecOpts 00fee4adb Transfer Service: enable remote snapshotters 04f9e30db log: avoid using unsupported field by logrus bdc847f1e Remove deprecated WithCDIDevices in oci spec opts e20f7f4a2 Move CDI device spec out of the OCI package 740c5d428 docs: fix some function names in comment b49df6af1 move FuzzCRIServer to go native fuzz 6148dbdd7 Update platforms to latest rc 2f15d6586 Add tests for EROFS snapshotter fd4caef78 Add EROFS snapshotter documentation 2486d542a Introduce EROFS Snapshotter c73c8e5d5 Introduce EROFS differ fb44e37ff Remove confusing warning in cri runtime config migration 6019bcdfb move FuzzContainerdImport to go native fuzz b7a117b46 Fix fuzz integration tests ffbe1b573 Use a order-only-prerequisite for mandir creation b81ace872 Update cimfs snapshotter & differ for new hcsshim interface 58bd48ecf add some doc for shim reap orphan process 09bf281ec fix go-cni race condition 15d3bf9b2 Bump up otelttrpc to 0.1.0 e1aeb37cd ci: fix the issue of config_file unset e65283321 make TestContainerCgroupWritable not parallel 54ed595e1 update runc binary to v1.2.4 79a42eedc ctr: `ctr images import --all-platforms`: fix unpack 63f604728 Add snapshotter exports to unpack platform ef7fa43c9 build(deps): bump golang.org/x/sys in the golang-x group d156d3df9 Benchamrk chainID calculation in unpack 00a11e91d downgrade go-difflib and go-spew to tagged releases 95f45541e Avoid duplicated chain ID calculation in unpack e70977180 change metadata fuzz operations as const and slice instead of map a4e3218e8 change tmp dir creation in fuzz to t.TempDir ee6338188 bump up ttrpc to use its MD.Clone 4f2f12be6 Bump seccomp version to be the same as one in runc repo a8c643cc5 change copyright from ADA Logics to containerd a55083007 Remove github.com/AdamKorcz/go-118-fuzz-build in go.mod 2de103029 Move fuzz tests to go native fuzz [part1] bee64b2b9 Remove loop variable copies 4a4a027f7 build(deps): bump google.golang.org/protobuf from 1.36.0 to 1.36.1 9fc711a8a Clarify Go client API guidance 9bb31b706 build(deps): bump google.golang.org/grpc from 1.69.0 to 1.69.2 f98d5fdb6 build(deps): bump github.com/containerd/cgroups/v3 from 3.0.4 to 3.0.5 1e3d10dc2 Make ovl idmap mounts read-only 652e4d0b1 Add integ test to check tty leak 26a156f4f Update golangci to 1.60.3 aedb079bf fix master tty leak due to leaking init container object 1363849b0 Add integration test 7f3599f09 build(deps): bump golang.org/x/net from 0.30.0 to 0.33.0 fa531f808 Update golangci-lint version in dev tools script 2f37b9da3 build(deps): bump google.golang.org/protobuf from 1.35.2 to 1.36.0 dda702042 Enable Writable cgroups for unprivileged containers 4e4537a87 build(deps): bump google.golang.org/grpc from 1.68.1 to 1.69.0 f6e956c22 build(deps): bump github.com/containerd/imgcrypt/v2 31e129856 build(deps): bump docker/setup-buildx-action from 3.7.1 to 3.8.0 d29751424 build(deps): bump github/codeql-action from 3.27.6 to 3.27.9 a172d2c11 build(deps): bump softprops/action-gh-release from 2.1.0 to 2.2.0 47c4dba40 Unify default transport in docker resolver ef0e70922 Fix runtime platform loading in cri image plugin init aeb414021 build(deps): bump google.golang.org/grpc from 1.67.1 to 1.68.1 23e014140 vendor: golang.org/x/crypto v0.31.0 9b3d999bd vendor: golang.org/x/term v0.27.0 1032fad27 vendor: golang.org/x/text v0.21.0 6764e62cf vendor: golang.org/x/sync v0.10.0 160676647 vendor: golang.org/x/sys v0.28.0 981414521 update runc binary to v1.2.3 ff0d99e02 Add multiple uid/gid mapping test cases to integration tests ec231cdcf Update ctr to support remapper labels with multiple uid/gid mapping entries 8bbfb6528 Update snapshotter opts to support multiple uid/gid mapping entries 8a030d653 Update overlay snapshotter to support multiple uid/gid mappings 168ec21db Update idmapped mount to support multiple uid/gid mappings a11405975 Add RootPair() and serialization routines to userns idmap 1f220b23e feat: update go-cni version for CNI STATUS d76f92f24 update xx to v1.6.1 for compatibility with alpine 3.21 and file 5.46+ 927012243 build(deps): bump actions/cache from 4.1.2 to 4.2.0 73864c520 build(deps): bump github/codeql-action from 3.27.5 to 3.27.6 afee762fb build(deps): bump actions/attest-build-provenance from 1.4.4 to 2.1.0 11b78255d cmd: add syncfs option to ctr command e0459262b Remove After=local-fs.target from containerd.service 6c7b1afe5 Log "container event discarded" as Info 81780a5dd update to go1.23.4 / go1.22.10 2c4c04032 internal/cri: should not apply IoOwner options 4a664772e The task_dir successfully cleans when the file is absent. 4c11d753c ctr pull unpack for default platform using transfer service 6fdc35243 CI: update Fedora to 41 0903f203f fix panic due to nil dereference cgroups v2 b78c5c6ed docs: fix snapshots api import ed39dfa5d Add integration test for custom configuration 8540fed77 complete cri grpc config migration 59a2c3523 Add containerd community call to readme. 17f7858b4 Update differ to handle zstd media types e9d560f1e Unsorted platform conditionals cleanup 485020ca8 fix: loop variable capture issue ea9397793 build(deps): bump github/codeql-action from 3.27.4 to 3.27.5 6c16f3490 build(deps): bump github.com/containerd/cgroups/v3 from 3.0.3 to 3.0.4 5c905fb6c build(deps): bump github.com/stretchr/testify from 1.9.0 to 1.10.0 662d64080 build(deps): bump the k8s group with 5 updates 3961dc9c8 Publish attestation as release artifact 288001f68 move rocky 9.4 to almalinux/9 in CI e24864e48 Clarify release for deprecated registry field removals 34284c507 Add tests for CNI v2 loopback options a21b178f1 *: should align pipe's owner with init process f5b2c3a07 build(deps): bump github/codeql-action from 3.27.1 to 3.27.4 be2c4504e build(deps): bump github.com/containerd/continuity from 0.4.4 to 0.4.5 dd2d89167 build(deps): bump google.golang.org/protobuf from 1.35.1 to 1.35.2 9a7bc5423 update runc binary to 1.2.2 f8819df7c Update install-imgcrypt to allow change install repo f6e30e962 [defaults] Reorganize per-platform defaults 9c7a403a2 [containerd-stress] Use platform-specific default address 9e3ab2332 Move content events to metadata 1b01f396d Revert "Disable vagrant strict dependency checking" 6c1b699bf docs: update schema 1 deprecation information 01c489141 build(deps): bump github.com/containerd/typeurl/v2 from 2.2.2 to 2.2.3 cebca6f87 build(deps): bump the golang-x group with 3 updates 73ae1c66f build(deps): bump lycheeverse/lychee-action from 2.0.2 to 2.1.0 4bd33276c build(deps): bump github/codeql-action from 3.27.0 to 3.27.1 d32ed4a56 build(deps): bump actions/attest-build-provenance from 1.4.3 to 1.4.4 d810c5759 build(deps): bump softprops/action-gh-release from 2.0.9 to 2.1.0 91e4e0967 fsverity_linux.go: Fix fsverity.IsEnabled() for big endian systems f9537ae12 fsverity_test.go: fix major/minor device number resolving 8a8e50e6d fsverity_test.go: fix nil pointer dereference, fix test fail bcc3cc968 update to go1.23.3 / go1.22.9 784116b7d Avoid arch info in the sed/replace when building cri-cni-containerd.tar.gz c130d93c1 make ListContainerStats handle container that is removed before its sandbox a17001b42 build(deps): bump github.com/fsnotify/fsnotify from 1.7.0 to 1.8.0 bc056a5c6 nri: report pod ips to the nri plugins a256f326c bump nri version to get PodIPs 11b1353c1 fix: set the credentials even if not provided 1617fd72e test: prevent segfault in imageverifier test 2447936fc Fix runtimeoptions location in v2 migration 0c2805a6e Report an error when cni confDir removed Signed-off-by: Bruce Ashfield

containers: adapt to UNPACKDIR changes

2025-06-26T02:40:08+00:00

This commit updates the container recipes to the OE core UNPACKDIR changes. - We drop references to WORKDIR - We adjust destsuffix fetches to use BB_GIT_DEFAULT_DESTSUFFIX instead of 'git' - Update our GOPATH references to use UNPACKDIR - Drop S = assignemnts where possible Signed-off-by: Bruce Ashfield

containerd: update to v2.0.3

2025-03-06T17:17:59+00:00

Bumping containerd to version v2.0.3, which comprises the following commits: eaa7ca80d proxy: break up writes from the remote writer to avoid grpc limits c7f64196f Fix privileged container sysfs can't be rw because pod is ro by default 569af34cb Prefer runtime options for PluginInfo request b8dde9189 Prepare release notes for v2.0.3 0ce93e16a prevent oom watcher depend on shim pkg. f3284aa68 CI: arm64-8core-32gb -> ubuntu-24.04-arm 92ae2951f Update CDI dependency to v0.8.1. f95a426b8 move the device after the options when using mkfs.ext4 4d19a6adf update build to go1.23.6, test go1.24.0 c738c3aab build(deps): bump actions/cache from 4.1.2 to 4.2.0 b5313993c Revert "Add timestamp to PodSandboxStatusResponse for kubernetes Evented PLEG" 697c59c63 Update runc binary to v1.2.5 fcf64305c Update vendor files to fix build failure d3437eb29 Upgrade x/net to 0.33.0 0785bd8cc Update install-imgcrypt to allow change install repo 06891f899 fix go-cni race condition 79cdbf61b cri,nri: block NRI plugin sync. during event processing. 9d5cfce83 Update github.com/containerd/imgcrypt to v2.0.0 1f4e5688e update to go1.23.5 / go1.22.11 f58939c33 Remove deprecated WithCDIDevices in oci spec opts 3d53430fe Move CDI device spec out of the OCI package 3a6ab80d0 build(deps): bump google.golang.org/protobuf from 1.35.1 to 1.35.2 cdaf4dfb4 Prepare release notes for v2.0.2 eb125e1dd Update platforms to latest rc 468079c5c Remove confusing warning in cri runtime config migration a2d9d4fd5 Fix runtime platform loading in cri image plugin init 184ffad01 Add integ test to check tty leak 17181ed33 fix master tty leak due to leaking init container object 8666e7422 Bump up otelttrpc to 0.1.0 7373ddd70 update runc binary to v1.2.4 c4270430d ctr: `ctr images import --all-platforms`: fix unpack f34147772 downgrade go-difflib and go-spew to tagged releases Signed-off-by: Bruce Ashfield

containerd: update to v2.0.1

2025-01-17T19:17:09+00:00

Bumping containerd to version v2.0.1-6-gce560bb24, which comprises the following commits: f34147772 downgrade go-difflib and go-spew to tagged releases dca769485 chore: add a build tag to disable containerd plugin import 5942b3fcb Update golangci to 1.60.3 b0ece5dc5 Prepare release notes for v2.0.1 fe6957084 build(deps): bump actions/attest-build-provenance from 1.4.4 to 2.1.0 eb2ce6882 update xx to v1.6.1 for compatibility with alpine 3.21 and file 5.46+ 018d83650 internal/cri: should not apply IoOwner options 5eb7995a9 feat: update go-cni version for CNI STATUS a53eff53d update runc binary to v1.2.3 a2302ea89 Add integration test for custom configuration be5eda069 complete cri grpc config migration 44cdca68b ctr pull unpack for default platform using transfer service 62b790bfa CI: update Fedora to 41 290e8bc70 update to go1.23.4 / go1.22.10 3ba2df924 fix panic due to nil dereference cgroups v2 73f57acb0 Update differ to handle zstd media types 34a45cab2 Publish attestation as release artifact Signed-off-by: Bruce Ashfield