| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bump runc to to v1.1.15-2-g068337925cd4:
068337925cd4 Merge pull request #4422 from rata/release-1.1.15
9f4baaac61d1 VERSION: back to development
bc20cb4497af VERSION: release 1.1.15
2790485e3eca CHANGELOG: Remove empty changed line
ed38aea9dc58 Merge pull request #4425 from kolyshkin/1.1-fix-mount-leak
65aa700fc371 [1.1] runc run: fix mount leak
a4cebd3549ec Merge pull request #4423 from rata/1-1-fix-CI
719e2bc2c376 increase memory.max in cgroups.bats
3216d3b72e15 merge #4391 into opencontainers/runc:release-1.1
bd671b6a1361 Merge pull request #4392 from cyphar/1.1-remove-bindfd
614ce12f0e97 [1.1] nsenter: cloned_binary: remove bindfd logic entirely
618e149e4ae5 [1.1] seccomp: patchbpf: always include native architecture in stub
d85b58388f40 [1.1] seccomp: patchbpf: rename nativeArch -> linuxAuditArch
6223a65d5d6f [1.1] libct/seccomp/patchbpf: rm duplicated code
2655e7c5a859 VERSION: back to development
2c9f5602f0ba VERSION: release 1.1.14
a86c3d88370a Merge commit from fork
f0b652ea61ff [1.1] rootfs: try to scope MkdirAll to stay inside the rootfs
8781993968fd [1.1] rootfs: consolidate mountpoint creation logic
6419fbabfbd6 Merge pull request #4382 from rata/Makefile-override-fixes
0514204d6fcc Makefile: Add EXTRA_VERSION
18cdc3476f91 Revert "allow overriding VERSION value in Makefile"
f3f71a9347f0 Merge pull request #4372 from kolyshkin/1.1-go123
7f75aec407e8 [1.1] Add Go 1.23, drop 1.21
931f46304b3d Merge pull request #4361 from austinvazquez/backport-protobuf-updates-to-1.1
1f587049fd85 build(deps): bump google.golang.org/protobuf from 1.32.0 to 1.33.0
31f29447d3fb build(deps): bump google.golang.org/protobuf from 1.31.0 to 1.32.0
ac5fc48ad18c build(deps): bump google.golang.org/protobuf from 1.30.0 to 1.31.0
3b5bf8f2a9fa build(deps): bump google.golang.org/protobuf from 1.29.1 to 1.30.0
81461edc125b build(deps): bump google.golang.org/protobuf from 1.29.0 to 1.29.1
2a9acb99b4a9 build(deps): bump google.golang.org/protobuf from 1.28.1 to 1.29.0
19c47f652dd1 build(deps): bump google.golang.org/protobuf from 1.28.0 to 1.28.1
88f54b20fc46 build(deps): bump google.golang.org/protobuf from 1.27.1 to 1.28.0
615068f17a31 Merge pull request #4334 from cyphar/1.1-rootfs-mountfd
a0292ca6ffb3 [1.1] rootfs: fix 'can we mount on top of /proc' check
b36a0f453712 Merge pull request #4336 from cyphar/1.1-rm-c7
5b89027afc11 [1.1] ci/cirrus: switch from CentOS to Almalinux
ed406952fc28 Merge pull request #4318 from lifubang/release-1.1.13
ec1bc45d462c VERSION: back to development
58aa9203c123 VERSION: release 1.1.13
2b3a2472d189 Merge pull request #4316 from lifubang/backport-4189
3507adac19ff Merge pull request #4315 from lifubang/backport-4311
0f7150ade8ca script/*: fix gpg usage wrt keyboxd
80186fec5cf4 fix a debug msg for user ns in nsexec
8407d3c6021c Merge pull request #4313 from kolyshkin/1.1-backport-4292
7219e0afffcd Dockerfile: bump Debian to 12, Go to 1.21
c9beabc8d8d5 ci: switch to go 1.22 as main version
4578c6c5dbdb libct/nsenter: stop blacklisting go 1.22+
c488d13a5331 use go mod instead of go get in spec.bats
ae85f058ccff ci/gha: bump golangci-lint to v1.57
327e07e96814 ci/gha: bump golangci-lint to v1.54
65bdf604ddb9 libct/user: gofumpt -w
4d097af534a0 ci/gha: bump golangci-lint-action from 5 to 6
fb236084374b ci/gha: bump golangci/golangci-lint-action to v5
8bfc75a25d2b CI: run apt with -y
e546ddeec869 ci/gha: switch some jobs to ubuntu-22.04
0d19e78b847a build(deps): bump actions/setup-go from 4 to 5
b36844518a36 build(deps): bump actions/checkout from 3 to 4
cb2d85dcde5f build(deps): bump tim-actions/commit-message-checker-with-regex
25e27d7eef28 build(deps): bump actions/upload-artifact from 3 to 4
2ac8b11f48a0 build(deps): bump golangci/golangci-lint-action from 3 to 4
7d86e7d9eceb Merge pull request #4299 from kolyshkin/1.1-4290
096e6f88f0f0 [1.1] libct/system: ClearRlimitNofileCache for go 1.23
14181f438e35 Merge pull request #4308 from kolyshkin/1.1-rm-cs8
fc7af59a6b1f ci/cirrus: rm centos stream 8
a1610b56a4a3 Merge pull request #4305 from lifubang/backport-cs8eol
9629fd9554a2 ci: workaround for centos stream 8 being EOLed
20ef9762dae9 Merge pull request #4300 from lifubang/backport-codespell-2.3.0
3b7fcf76ef7e ci: pin codespell
f8f7defa85f4 Fix codespell warnings
a12f444afbb8 Merge pull request #4284 from kolyshkin/1.1-fix-4094
860f05f307f4 libct/cg/fs: fix setting rt_period vs rt_runtime
9244703011d5 Merge pull request #4277 from lifubang/backport-4265-nofilerlimit
51dc97286443 Merge pull request #4231 from kolyshkin/1.1-3349
c918058bb76c fix comments for ClearRlimitNofileCache
2992049dc31c update/add some tests for rlimit
d7a29a3b3367 libct: clean cached rlimit nofile in go runtime
42c2ab2b7cb9 use go 1.18 in go.mod
83ecd11c29ac runc exec: setupRlimits after syscall.rlimit.init() completed
fbddb715edbb libct: fix a comment
debf52aa5b52 deprecate libct.system.Execv
986edbe60ff9 list: use Info(), fix race with delete
09214f21da8e list: getContainers: less indentation
007abf31f87a Merge pull request #4270 from akhilerm/backport-1.1-4269
6f4d975c402d allow overriding VERSION value in Makefile
e8bb71e147d6 Merge pull request #4257 from sohankunkerkar/release-1.1
6379b58d9701 libcontainer: force apps to think fips is enabled/disabled for testing
5bfff6ae24d0 Merge pull request #4261 from kolyshkin/1.1-4256
265e73718063 Vagrantfile.fedora: bump Fedora to 39
b0691cafe392 Merge pull request #4244 from kycheng/chore/net-cve
59056a0213e7 silence security false positives from golang/net
148fdabd7053 Merge pull request #4241 from kolyshkin/1.1.13-ci-fixes
452bf88ebf5b build: update libseccomp to v2.5.5
3fada6eca4e6 tests/int: fix flaky "runc run with tmpfs perm"
aae41a4b79d3 Fix integration tests failure when calling "ip"
82a8b979ef1a update go version to 1.21 in cirrus ci
03271050eb94 ci/gha/cross-i386: pin Go to 1.21
Signed-off-by: Jonas Gorski <jonas.gorski@bisdn.de>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bump runc to to v1.1.15-2-g068337925cd4:
068337925cd4 Merge pull request #4422 from rata/release-1.1.15
9f4baaac61d1 VERSION: back to development
bc20cb4497af VERSION: release 1.1.15
2790485e3eca CHANGELOG: Remove empty changed line
ed38aea9dc58 Merge pull request #4425 from kolyshkin/1.1-fix-mount-leak
65aa700fc371 [1.1] runc run: fix mount leak
a4cebd3549ec Merge pull request #4423 from rata/1-1-fix-CI
719e2bc2c376 increase memory.max in cgroups.bats
3216d3b72e15 merge #4391 into opencontainers/runc:release-1.1
bd671b6a1361 Merge pull request #4392 from cyphar/1.1-remove-bindfd
614ce12f0e97 [1.1] nsenter: cloned_binary: remove bindfd logic entirely
618e149e4ae5 [1.1] seccomp: patchbpf: always include native architecture in stub
d85b58388f40 [1.1] seccomp: patchbpf: rename nativeArch -> linuxAuditArch
6223a65d5d6f [1.1] libct/seccomp/patchbpf: rm duplicated code
2655e7c5a859 VERSION: back to development
2c9f5602f0ba VERSION: release 1.1.14
a86c3d88370a Merge commit from fork
f0b652ea61ff [1.1] rootfs: try to scope MkdirAll to stay inside the rootfs
8781993968fd [1.1] rootfs: consolidate mountpoint creation logic
6419fbabfbd6 Merge pull request #4382 from rata/Makefile-override-fixes
0514204d6fcc Makefile: Add EXTRA_VERSION
18cdc3476f91 Revert "allow overriding VERSION value in Makefile"
f3f71a9347f0 Merge pull request #4372 from kolyshkin/1.1-go123
7f75aec407e8 [1.1] Add Go 1.23, drop 1.21
931f46304b3d Merge pull request #4361 from austinvazquez/backport-protobuf-updates-to-1.1
1f587049fd85 build(deps): bump google.golang.org/protobuf from 1.32.0 to 1.33.0
31f29447d3fb build(deps): bump google.golang.org/protobuf from 1.31.0 to 1.32.0
ac5fc48ad18c build(deps): bump google.golang.org/protobuf from 1.30.0 to 1.31.0
3b5bf8f2a9fa build(deps): bump google.golang.org/protobuf from 1.29.1 to 1.30.0
81461edc125b build(deps): bump google.golang.org/protobuf from 1.29.0 to 1.29.1
2a9acb99b4a9 build(deps): bump google.golang.org/protobuf from 1.28.1 to 1.29.0
19c47f652dd1 build(deps): bump google.golang.org/protobuf from 1.28.0 to 1.28.1
88f54b20fc46 build(deps): bump google.golang.org/protobuf from 1.27.1 to 1.28.0
615068f17a31 Merge pull request #4334 from cyphar/1.1-rootfs-mountfd
a0292ca6ffb3 [1.1] rootfs: fix 'can we mount on top of /proc' check
b36a0f453712 Merge pull request #4336 from cyphar/1.1-rm-c7
5b89027afc11 [1.1] ci/cirrus: switch from CentOS to Almalinux
ed406952fc28 Merge pull request #4318 from lifubang/release-1.1.13
ec1bc45d462c VERSION: back to development
58aa9203c123 VERSION: release 1.1.13
2b3a2472d189 Merge pull request #4316 from lifubang/backport-4189
3507adac19ff Merge pull request #4315 from lifubang/backport-4311
0f7150ade8ca script/*: fix gpg usage wrt keyboxd
80186fec5cf4 fix a debug msg for user ns in nsexec
8407d3c6021c Merge pull request #4313 from kolyshkin/1.1-backport-4292
7219e0afffcd Dockerfile: bump Debian to 12, Go to 1.21
c9beabc8d8d5 ci: switch to go 1.22 as main version
4578c6c5dbdb libct/nsenter: stop blacklisting go 1.22+
c488d13a5331 use go mod instead of go get in spec.bats
ae85f058ccff ci/gha: bump golangci-lint to v1.57
327e07e96814 ci/gha: bump golangci-lint to v1.54
65bdf604ddb9 libct/user: gofumpt -w
4d097af534a0 ci/gha: bump golangci-lint-action from 5 to 6
fb236084374b ci/gha: bump golangci/golangci-lint-action to v5
8bfc75a25d2b CI: run apt with -y
e546ddeec869 ci/gha: switch some jobs to ubuntu-22.04
0d19e78b847a build(deps): bump actions/setup-go from 4 to 5
b36844518a36 build(deps): bump actions/checkout from 3 to 4
cb2d85dcde5f build(deps): bump tim-actions/commit-message-checker-with-regex
25e27d7eef28 build(deps): bump actions/upload-artifact from 3 to 4
2ac8b11f48a0 build(deps): bump golangci/golangci-lint-action from 3 to 4
7d86e7d9eceb Merge pull request #4299 from kolyshkin/1.1-4290
096e6f88f0f0 [1.1] libct/system: ClearRlimitNofileCache for go 1.23
14181f438e35 Merge pull request #4308 from kolyshkin/1.1-rm-cs8
fc7af59a6b1f ci/cirrus: rm centos stream 8
a1610b56a4a3 Merge pull request #4305 from lifubang/backport-cs8eol
9629fd9554a2 ci: workaround for centos stream 8 being EOLed
20ef9762dae9 Merge pull request #4300 from lifubang/backport-codespell-2.3.0
3b7fcf76ef7e ci: pin codespell
f8f7defa85f4 Fix codespell warnings
a12f444afbb8 Merge pull request #4284 from kolyshkin/1.1-fix-4094
860f05f307f4 libct/cg/fs: fix setting rt_period vs rt_runtime
9244703011d5 Merge pull request #4277 from lifubang/backport-4265-nofilerlimit
51dc97286443 Merge pull request #4231 from kolyshkin/1.1-3349
c918058bb76c fix comments for ClearRlimitNofileCache
2992049dc31c update/add some tests for rlimit
d7a29a3b3367 libct: clean cached rlimit nofile in go runtime
42c2ab2b7cb9 use go 1.18 in go.mod
83ecd11c29ac runc exec: setupRlimits after syscall.rlimit.init() completed
fbddb715edbb libct: fix a comment
debf52aa5b52 deprecate libct.system.Execv
986edbe60ff9 list: use Info(), fix race with delete
09214f21da8e list: getContainers: less indentation
007abf31f87a Merge pull request #4270 from akhilerm/backport-1.1-4269
6f4d975c402d allow overriding VERSION value in Makefile
Signed-off-by: Jonas Gorski <jonas.gorski@bisdn.de>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bump runc to version v1.1.12-2-ga9833ff3 with the following squashed
cherry-picks from master:
da840d8845cb runc-docker: update to 1.1.12
22877e9bd046 runc-docker: update to 1.1.11
22989818f3af runc-docker: update to 1.9.0
dddc423fa370 runc-docker: update to 1.1.8
248be027d611 runc-docker: update to 1.1.7-tip
4aa2aadb01e5 runc-docker: update to 1.1.7
195db7f7c536 runc-docker: update to 1.1.5
13ad8548dea1 runc-docker: update to 1.1.0-tip
c25d16577d12 runc-docker: update to 1.4.0-tip
Signed-off-by: Jonas Gorski <jonas.gorski@bisdn.de>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bump runc to version v1.1.12-14-ge8bb71e1 with the following squashed
cherry-picks from master:
4cea448064d4 runc-opencontainers: update to 1.1.12
9213f05f5591 runc-opencontainers: update to 1.1.12
e4b6616a90e0 runc-opencontainers: update to 1.1.11
62ac94c50dff runc-opencontainers: update to 1.1.10
606fe98a9811 runc-opencontainers: update to 1.9.0
ea3b6a83981a runc-opencontainers: update to 1.1.8
5dda7078ba85 runc-opencontainers: update to 1.1.7-tip
b3fd5097ab34 runc-opencontainers: update to 1.1.7
ae91a8666a73 runc-opencontainers: update to 1.1.5
969daee49f1d runc-opencontainers: update to 1.1.0-tip
f281ad2d9650 runc-opencontainers: update to 1.4.0-tip
Signed-off-by: Jonas Gorski <jonas.gorski@bisdn.de>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Upstream-Status: Backport from https://github.com/kubernetes/kubernetes/commit/6622b002f70a153100d1c286fbcea721160da192
Reference: https://github.com/kubernetes/kubernetes/issues/128885
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
| |
Upstream-Status: Backport from https://github.com/containerd/containerd/commit/c575d1b5f4011f33b32f71ace75367a92b08c750
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
| |
Upstream-Status: Backport from https://github.com/containerd/containerd/commit/0450f046e6942e513d0ebf1ef5c2aff13daa187f
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Upstream-commit: https://github.com/kubernetes/kubernetes/commit/2e6eaa1fbedd776ea9357b4f472c66dec01955b5
Reference: https://github.com/kubernetes/kubernetes/pull/133467
https://github.com/aks-lts/kubernetes/pull/62/commits/152330ef541b23a027c779597496b62c287fb363
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
| |
Upstream-Status: Backport from https://github.com/containerd/containerd/commit/9639b9625554183d0c4d8d072dccb84fedd2320f
Signed-off-by: Theo GAIGE <tgaige.opensource@witekio.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
A flaw was found in CRI-O that involves an experimental annotation leading to a
container being unconfined. This may allow a pod to specify and get any amount
of memory/cpu, circumventing the kubernetes scheduler and potentially resulting
in a denial of service in the node.
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This upgrade fixes:
CVE-2024-11218
Changes in this Upgrade:
=========================
This upgrade from Buildah 1.26.8 to 1.26.9 includes important security and stability fixes:
- Fixes CVE-2024-11218
- Resolves TOCTOU error when bind and cache mounts use "src" values
- Fixes cache locks with multiple mounts
- Enhances volume handling and mount label options
For full details, refer to:
https://github.com/containers/buildah/releases/tag/v1.26.9
Signed-off-by: Praveen Kumar <praveen.kumar@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
On criu version 3.17:
When use "criu restore -d -D checkpoint" to restore, the error is:
1272: Error (criu/cr-restore.c:1498): 1295 killed by signal 11: Segmentation fault
The root casue is that the glibc updated and criu should adjust to glibc __rseq_size semantic change.
Signed-off-by: Guocai He <guocai.he.cn@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
| |
Backport patch to fix CVE-2025-24976.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
| |
This reverts commit 76f2999987fa3ea30a823de3bd79d0cc0e0c287f.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This upgrade fixes a few CVEs:
- CVE-2023-27561
- CVE-2023-25809
- CVE-2023-28642
- CVE-2024-21626 and other bug fixes
Changelog:
==========
https://github.com/opencontainers/runc/blob/v1.1.12/CHANGELOG.md
Adjusted existing patches to align with v1.1.12
Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
| |
Backport patch to fix CVE-2024-9676.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
| |
Backport patch to fix CVE-2024-9676.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
| |
Backport patch to fix CVE-2024-9676.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* because it rdepends on podman with the same restriction
* BTW: .gitignore has:
build*/
which gets triggered for buildah as well:
meta-virtualization $ git add ./recipes-containers/buildah/buildah_git.bb
The following paths are ignored by one of your .gitignore files:
recipes-containers/buildah
I've adjusted it to /build*/ only.
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Upstream-commit:
https://github.com/kubernetes/kubernetes/commit/7da6d72c05dffb3b87e62e2bc8c3228ea12ba1b9
& https://github.com/kubernetes/kubernetes/commit/a53faf5e17ed0b0771a605c6401ba4cbf297b59a
Reference:
https://github.com/kubernetes/kubernetes/issues/119339
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Use dup3 instead for riscv64 as there is no dup2 on riscv64 linux
to fix the below build failure:
vendor/github.com/bugsnag/panicwrap/dup2.go:10:9: undefined: syscall.Dup2
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The upstream project has made the "interesting" decision to
delete the stable branch and move to "main" for recent
releases. So rather than being able to simply switch for our
updates, we have to switch to main on all releases that had
podman-compose recipes using the stable branch.
Luckily, the commit hashes haven't changed, so we only have
to modify the branch in the SRC_URI.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
| |
* introduced in:
https://lists.yoctoproject.org/g/meta-virtualization/message/8715
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
| |
Upstream-Status: Backport [https://github.com/kubernetes/kubernetes/pull/124325/commits/3f0922513d235d8bdebe79f0d07da769c04211b8]
Signed-off-by: Ashish Sharma <asharma@mvista.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Users may be able to launch containers using images that are restricted by
ImagePolicyWebhook when using ephemeral containers, Kubernetes clusters are
only affected if the ImagePolicyWebhook admission plugin is used together
with ephemeral containers.
Users may be able to launch containers that bypass the mountable secrets
policy enforced by the ServiceAccount admission plugin when using ephemeral
containers. The policy ensures pods running with a service account may only
reference secrets specified in the service account's secrets field. Kuberenetes
clusters are only affected if the ServiceAccount admission plugin and the
`kubernetes.io/enforce-mountab'le-secrets` annotation are used teogether with
ephemeralcontainers.
CVE: CVE-2023-2727, CVE-2023-2728
Affected Versions
1.27.0 - v1.27.2
v1.26.0 - v1.26.5
v1.25.0 - v1.25.10
<= v1.24.14
master branch(kubernetes v1.28.2) is not impacted
mickledore branch(kubernetes v1.27.5) is not impacted
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-2727
https://nvd.nist.gov/vuln/detail/CVE-2023-2728
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A security issue was discovered in Kubelet that allows pods to bypass the
seccomp profile enforcement. Pods that use localhost type for seccomp profile
but specify an empty profile field, are affected by this issue. In this
scenario, this vulnerability allows the pod to run in unconfined (seccomp
disabled) mode. This bug affects Kubelet.
CVE: CVE-2023-2431
Affected Versions
v1.27.0 - v1.27.1
v1.26.0 - v1.26.4
v1.25.0 - v1.25.9
<= v1.24.13
master branch(kubernetes v1.28.2) is not impacted
mickledore branch(kubernetes v1.27.5) is not impacted
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-2431
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Adjust patches and .bb to fix below error which occurs with devtool modify command -
ERROR: Applying patch '0001-hack-lib-golang.sh-use-CC-from-environment.patch' on
target directory
CmdError('sh -c \'PATCHFILE="0001-hack-lib-golang.sh-use-CC-from-environment.patch"
git -c user.name="OpenEmbedded" -c user.email="oe.patch@oe" commit -F /tmp/tmp_ptvioq3
--author="Koen Kooi <koen.kooi@linaro.org>"
--date="Mon, 23 Jul 2018 15:28:02 +0200"\'', 0, 'stdout: On branch devtool
Changes not staged for commit:
(use "git add <file>..." to update what will be committed)
(use "git restore <file>..." to discard changes in working directory)
(commit or discard the untracked or modified content in submodules)
\tmodified: src/import (modified content)
no changes added to commit (use "git add" and/or "git commit -a")
stderr: ')
This error is not seen on master branch, fixed with below commit -
[https://git.yoctoproject.org/meta-virtualization/commit/?id=d9af46db9aa9060c1ec10118b2cccabfc8264904]
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* fixes:
ERROR: nerdctl-v1.3.0-r0 do_package: QA Issue: nerdctl: Files/directories were installed but not shipped in any package:
/bin
/bin/nerdctl
Please set FILES such that these items are packaged. Alternatively if they are unneeded, avoid installing them or delete them within do_install.
nerdctl: 2 installed and not shipped files. [installed-vs-shipped]
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
| |
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
* fix my prevous commit where I've missed this update corresponding
to SRCREV_moby change in docker-moby recipe.
* also re-order the patches in SRC_URI to match docker-moby, so
that they are easier to compare
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
currently in kirkstone
* since this backport:
https://lists.openembedded.org/g/openembedded-core/message/185082
landed in kirkstone:
https://git.openembedded.org/openembedded-core/commit/?h=kirkstone&id=5dc74138649ab7a2c0158a43225dc7a8fd732355
docker cannot access network and fails with:
"http: invalid Host header"
update to latest commit in 20.10 branch, because latest tag v20.10.25
have the fix yet:
https://github.com/moby/moby/compare/v20.10.21...v20.10.25
so we need couple more commits from upstream:
https://github.com/moby/moby/compare/v20.10.25...791d8ab87747169b4cbfcdf2fd57c81952bae6d5
Adjust the go version revert which was here since the upgrade to v20.10.21:
https://git.yoctoproject.org/meta-virtualization/commit/?h=kirkstone&id=927537108bcf2b98859512ce3eae59a73439994d
and add another revert for the go upgrades from upstream for this older
patch to apply.
* update cli to latest in 20.10 branch as well:
https://github.com/docker/cli/compare/baeda1f82a10204ec5708d5fbba130ad76cfee49..911449ca245308472a3d34a7f1a98b918e65c8c3
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution,
which accepts a parameter to control the maximum number of records returned
(query string: `n`). This vulnerability allows a malicious user to submit an
unreasonably large value for `n,` causing the allocation of a massive string
array, possibly causing a denial of service through excessive use of memory.
References:
https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw
https://github.com/distribution/distribution/commit/521ea3d973cb0c7089ebbcdd4ccadc34be941f54
Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping kubernetes to version 1.23.17, which comprises of the following commits:
$ git log --no-merges --oneline fbcfa330..953be892
953be892721 (tag: v1.23.17) Release commit for Kubernetes v1.23.17
6e8e51a6e9b releng: Update images, dependencies and version to Go 1.19.6
717b7220f1e Update golang.org/x/net to v0.7.0
7ce32a84313 Pin golang.org/x/net to v0.4.0
39644edd8c5 add scale test for probes
ce58b0469ad use custom dialer for http probes
1045dff13cf use custom dialer for tcp probes
2b17ed30b0e add custom dialer optimized for probes
817b9af22eb Update CHANGELOG/CHANGELOG-1.23.md for v1.23.16
cf0cb75908f (tag: v1.23.17-rc.0) Release commit for Kubernetes v1.23.17-rc.0
60e5135f758 (tag: v1.23.16) Release commit for Kubernetes v1.23.16
dd61fe9127c Fix issue that Audit Server could not correctly encode DeleteOption
da38bf46791 egress_selector: prevent goroutines leak on connect() step.
9f5af83b8fa Always dial using a context
f99efc598c3 tls.Dial() validates hostname, no need to do that manually
c4b42ed0f7d Do not include scheduler name in the preemption event message
9ddf8802962 Do not leak cross namespace pod metadata in preemption events
4dd99967bd7 pkg/controller/job: re-honor exponential backoff
53ae12b797c releng: Update images, dependencies and version to Go 1.19.5
42cc636b84f Bump Konnectivity to v0.0.35
2dae3b969ff Improve vendor verification works for each staging repo
3e3120d5ed3 Licensing: skip modules with fewer subdirs than mods
9963f00a9cc Add .go-version file containing build go version
203d8ac8384 Generate and format files
e55e20ed50a delete hardcode go version in golangci-lint config
ca22f110d65 update golangci-lint for go 1.19
c54219fc231 Update go.mod to go1.19
fd427d821dd Update to go1.19
3be293676bd Adjust for os/exec changes in 1.19
3cab72ac5a7 fix patch_test for gofmt issue
249e05a172b Fix quotes that trip up gofmt
ab0f90f3d27 Update golangci-lint to 1.46.2 and fix errors
7e2e4821dd4 Match go1.17 defaults for SHA-1 and GC
0e2e6b9071a fix e2e coverage package for go 1.18
6179de8dbb0 Regenerate vendor
7c6027a4cd1 Update go.mod files to go1.18, update license vendor script
84fde398c4d Ignore unstructured log warnings
4da1f79f991 enhance and fix log calls
c95a8a17eb4 hack: integrate logcheck into golangci-lint
944176729a8 Fix verify: generated-stable-metrics wrt go 1.18
3aaa70a7c53 Regen mocks using go 1.18
42931a01097 TestWatchRestartsIfTimeoutNotReached: fix
0a782b495fd update golangci-lint to 1.45.0
1eeda2b1c27 Update to golang.org/x/... matching release-1.24
c94870e7a89 Fix SPDY proxy authentication with special chars
a346b14331f Improve error message when proxy connection fails
981b158aaa9 image pull event include duration with waiting
97953921640 kubelet: make the image pull time more accurate in event
bf234d8f0dc Update CHANGELOG/CHANGELOG-1.23.md for v1.23.15
5c4538e0ac3 (tag: v1.23.16-rc.0) Release commit for Kubernetes v1.23.16-rc.0
b84cb8ab293 (tag: v1.23.15) Release commit for Kubernetes v1.23.15
ae80fed2259 change k8s.gcr.io/pause to registry.k8s.io/pause
3ace674c79b Reduce load of Job integration test
1427350c045 Fix endpoint reconciler failing to delete masterlease
974e9492a7e use etcd 3.5.6-0 after promotion
ec2718f11d6 changelog: CVE-2022-3294 and CVE-2022-3162 were fixed in v1.23.14
4eee325a5a7 Limit request retrying to []byte request bodies
16c6800134b Merge pull request #113133 from sxllwx:automated-cherry-pick-of-#113133-upstream-release-1.25
c27b4b9db8c Add CVE-2021-25749 to CHANGELOG-1.23.md
25bc84525e3 Add CVE-2022-3294 to CHANGELOG-1.23.md
64548944d67 e2e: use custom timeouts in GetSnapshotContentFromSnapshot()
c73e13d1309 test/e2e/storage: replace hardcoded value with custom timeout in cleanup routine
65b9cb99755 Update CHANGELOG/CHANGELOG-1.23.md for v1.23.14
92d36466905 (tag: v1.23.15-rc.0) Release commit for Kubernetes v1.23.15-rc.0
3321ffc07d2 (tag: v1.23.14) Release commit for Kubernetes v1.23.14
073dca06ae0 Fix a conflict
65beed7952d StatefulSet: Cleanup the complex defer function updating the status
d737324312e Be sure to update the status of StatefulSet even if the new replica creation fails
bb7c395dd94 fix node address validation
073c05d169d Validate etcd paths
390fc213595 Use CheckAndMarkAsUncertainViaReconstruction for uncertain volumes
23184ed5f68 Remove volume from found during reconstruction if mounted
ac6efc17b96 Add unit test for verifying if processReconstructedVolumes works as expected
386b026d0b1 Address review comments
a44c6b9e317 Fix code to process volumes which were skipped during reconstruction
75b8b1ebfd5 Keep track of each pod that uses a volume during reconstruction
c5a565c69f8 kubelet: fix pod log line corruption when using timestamps and long lines
c33ae96c4b7 hack/scripts: use registry.k8s.io
304eb41e106 kubeadm: mutate ClusterConfiguration.imageRepository to "registry.k8s.io"
f1e3eabb139 add GetAllocatableCPUs test in cpumanager
67309f5422d fix GetAllocatableCPUs in cpumanager
a98d0db2af2 kubeadm: use registry.k8s.io instead of k8s.gcr.io
132565c82e2 do not return err when PodSandbox not exist
589223b64a8 e2e: restore volume lifecycle checks for csi-hostpath driver
4edf6775ef8 kubelet: fix volume reconstruction for CSI ephemeral volumes
6e3601cc720 NodeLifecycleController: Remove race condition
7bc8104ff65 kube-proxy wait for cluster cidr skip delete events
6cca0631918 kube-proxy handle node PodCIDR changs
f9e15b3ac3f etcd: Updated to v3.5.5
c2e5631742f Bump konnectivity network proxy to v0.0.33. Includes a couple bug fixes for better handling of dial failures. [Agent & Server](https://github.com/kubernetes-sigs/apiserver-network-proxy/commits/v0.0.33) include numerous other fixes.
b6e86eb30ab Merge pull request #109241 from ravisantoshgudimetla/sts-ar-optional
700be498954 service update event should be triggered when appProtocol in port is changed.
d053be81df1 Update CHANGELOG/CHANGELOG-1.23.md for v1.23.13
56453b2f0ae (tag: v1.23.14-rc.0) Release commit for Kubernetes v1.23.14-rc.0
592eca05be2 (tag: v1.23.13) Release commit for Kubernetes v1.23.13
bab054e4568 filter out terminated containers in cadvisor_stats_provider
4c6c616069d Make mount ref search more robust
9ed9ccfd275 CHANGELOG-1.23: Add missing changes for 1.23.12
760a96b2dbc Update CHANGELOG/CHANGELOG-1.23.md for v1.23.12
51c6ad6b97b Fix list estimator for lists that are executed as gets
4634d2f91e0 (tag: v1.23.13-rc.0) Release commit for Kubernetes v1.23.13-rc.0
c6939792865 (tag: v1.23.12) Release commit for Kubernetes v1.23.12
95d3fbc36dc kubeadm: allow RSA and ECDSA format keys in preflight check
9bebb528e09 Limit redirect proxy handling to redirected responses
59571b2f136 Make sure auto-mounted subpath mount source is already mounted
ae6a6dc2f8e Call SetupDevice only if Volume is not globally Mounted
860df6bfc18 Fixes kubelet log compression on Windows
ad16e6bb8c0 Update CHANGELOG/CHANGELOG-1.23.md for v1.23.11
222372b27c7 (tag: v1.23.12-rc.0) Release commit for Kubernetes v1.23.12-rc.0
dc2898b20c6 (tag: v1.23.11) Release commit for Kubernetes v1.23.11
301ea5b8cdb Reduce default gzip compression level from 4 to 1 in apiserver
0e4fc8b0e6c Add an option for aggregator
b69bbf36201 exec auth: support TLS config caching
479f049df90 Fix unit test
62e1ea58c44 Fix problem in updating VolumeAttached in node status
94b41ed31af Call queueSet::boundNextDispatchLocked enough
bc157c71601 Add etcd initialization in openapi tests
087362857b9 Marshal MicroTime to json and proto at the same precision
f58d3f3fe58 Windows: ensure runAsNonRoot does case-insensitive comparison on user name
da7c41caa91 Tolerate sub-microsecond eventTime changes on update
446f23cea45 Improve kubectl display of invalid errors
17335199bab fix unmatch reason when updating pod status
240590c3eaa fix nestedPendingOperations mount and umount parallel bug
091f4f00395 client-go: make retry in Request thread safe
7adf53240c7 Skip "instance not found" error for LB backend address pools
5f4953560cb Remove AttachID matching from Detach
93dedd539c4 update structured-merge-diff to 4.2.3
be5dd1bdc79 regression test for exponential recursion bug on CRDs
7ce504b9281 Update CHANGELOG/CHANGELOG-1.23.md for v1.23.10
b445d7947a8 (tag: v1.23.11-rc.0) Release commit for Kubernetes v1.23.11-rc.0
7e54d50d301 (tag: v1.23.10) Release commit for Kubernetes v1.23.10
431ee1484e2 fix a memory leak problem when calling DryRunPreemption
23e9d632ad6 Fix deleting UIDs tracking expectations
24b8252b105 Fix JobTrackingWithFinalizers when a pod succeeds after the job fails
e1ab1debdba hardens integration job tests
fe8b09dde6a Copy etcd client debug level logic from upstream
61432c1fa21 Give etcd client logger a name
c7399df0a5f Share a single etcd3 client logger across all clients
9a60b0c5f4b Disable the etcd3 client logger
c078600b61d Update Go to 1.17.13
a86b61cf3c9 Update Go to 1.17.12
5f436c0fb35 fix a possible panic because of taking the address of nil
e3a4a91c768 Update naming for a const
f00326d1b46 Add rate limiting when calling STS assume role API
f008acd481e Ensure the dir of --audit-log-path exists
4bc41ee70ca Fix kubelet panic when accessing metrics/resource endpoint
b26a7082ad2 Update CHANGELOG/CHANGELOG-1.23.md for v1.23.9
90ecbd8cf26 (tag: v1.23.10-rc.0) Release commit for Kubernetes v1.23.10-rc.0
c1de2d70269 (tag: v1.23.9) Release commit for Kubernetes v1.23.9
579ca64e444 Fixing logic for kubelet permissions check on windows
71a4c69a211 Do not skip job requeue in conflict error
bf4cb96e0f0 kubeadm: fix the bug that configurable KubernetesVersion not respected during kubeadm join
c67e53398b7 Bump cAdvisor to v0.43.1
3cc22b53887 Fix: filter out unsatisfied nodes when calling AddPod in PodTopologySpread
7d0a546b413 Fixing issue in generatePodSandboxWindowsConfig for hostProcess containers by where pod sandbox won't have HostProcess bit set if pod does not have a security context but containers specify HostProcess.
3d5c2341271 Add retry logic for Unix Domain sockets on Windows
602dd1dbcfd kubeadm: fix the bug that configurable KubernetesVersion not respected during kubeadm join
3d1baf7ff2f GIT-110239: fix activeDeadlineSeconds enforcement bug
2eed3eb9177 fix: --chunk-size with selector returns missing result
3964e236193 Fixed winkernel proxy failing to query v1 endpoints created by dockershim CNIs
c535496be2c Winkernel proxier cache HNS data to improve syncProxyRules performance
938a3203c60 Update CHANGELOG/CHANGELOG-1.23.md for v1.23.8
05a1dd747bd (tag: v1.23.9-rc.0) Release commit for Kubernetes v1.23.9-rc.0
a12b886b1da (tag: v1.23.8) Release commit for Kubernetes v1.23.8
a736f42c3ae apiserver: printers should use int64
99c3de2562d Revert "Automated cherry pick of #109124: Winkernel proxier cache HNS data to improve syncProxyRules"
930092e7153 Add test to check for _v2
e6cce430f9c Prune defaults for CRD serving
e38a625e116 add missing error handling steps
c14aa800f45 add missing error handling steps
d5eeb104cf2 fix image pulling failure when IMDS is unavailalbe in kubelet startup
772494dc74e test: update graceful node shutdown e2e with watch
6041228d192 move the ignore logic higher up to the reconciler
0e1588c7584 Ignore EndpointSlices that are already marked for deletion
96ddfd61755 kubelet: Mark ready condition as false explicitly for terminal pods
57c626299a8 agnhost: bump version 2.39
c796630e8de Update Go to 1.17.11
1f58ea0af02 add service e2e tests
6bdb7a15205 kubelet: add e2e test to verify probe readiness
7061d1f4660 kubelet: only shutdown probes for pods that are terminated
5899d561f34 kubelet: Pod probes should be handled by pod worker
bb09c564009 Enable resize feature
a36ff8366b7 Reject proxy requests to 0.0.0.0 as well
082620e9cb9 ipvs: fix prevent concurrent map read and map write for 1.23
3da57319709 cpu manager policy set to none, no one remove container id from container map, lead memory leak
b24dfdee1e0 fix audit union loop variables in closures
67219f30455 Updating e2e test to check EndpointSlices and Endpoints as well
d5a61580c68 e2e: services with evicted pods doesn't have endpoints
5adb67a7eb3 e2e test for evicted pods
e0fdecef811 endpoints controller: don't consider terminal endpoints
4e9638063f5 endpointslices: terminal pods doesn't receive enpoints
51ef8e3917d add pod util to verify pod is terminal
1eef73e88e4 Update CHANGELOG/CHANGELOG-1.23.md for v1.23.7
782029346ae (tag: v1.23.8-rc.0) Release commit for Kubernetes v1.23.8-rc.0
42c05a54746 (tag: v1.23.7) Release commit for Kubernetes v1.23.7
e90d92fa5b2 Add test for checking ephemeral volume expansion
d6260cf1df9 Fix resizing of ephemeral volumes
51f1da831de Fix requests scope classification
87e74167efe Update Go to 1.17.10
830186c95e8 authn: fix cache mutation by AuthenticatedGroupAdder
131a5090f34 GCE: skip updating and deleting external loadbalancers if service is managed outside of service controller
424dde318ce untangle fix with healthCheck feature
6bf9857f1f0 Winkernel proxier cache HNS data to improve syncProxyRules performance
9b4dee89278 Wait for cache to sync in job's TestWatchOrphanPods
8f4ff396eb3 fix: exclude non-ready nodes and deleted nodes from azure load balancers
fb70875f1a9 Fix OpenAPI loading error caused by empty APIService
88bde765611 Test Foreground deletion in job integration
11e6ec43964 Fix removing finalizer from finished jobs
b6804313363 Don't mark job as failed until expectations are satisfied
d0b5adb539d Integration test for backoff limit and finalizers
43ec5bfa40c tests: Updates the should delete a collection of pods test
fe0da319ad4 component-base: replace url in rest client metrics
21b9e9902e7 fix broken find command
70882c44773 Allow KUBE_TEST_REPO_LIST to be a remote url as well
6d010706ea4 Disable JobTrackingWithFinalizers due to unresolved bug
fa7ac2ece9a Update CHANGELOG/CHANGELOG-1.23.md for v1.23.6
bb18301a5c8 (tag: v1.23.7-rc.0) Release commit for Kubernetes v1.23.7-rc.0
ad3338546da (tag: v1.23.6) Release commit for Kubernetes v1.23.6
3df0ce04724 Update Go to 1.17.9
4d38e6e99c9 Correct event registration for multiple scheduler plugins.
8e1fb52b49b kubelet: rename closeAllConns to onHeartbeatFailure
359ad38d11d kubelet apiserver: be gentle closing connections on heartbeat failures
327e99d3393 Avoid updating Services with stale specs Fix the bug that service specs in servicesToUpdate may have been updated by clients.
727aa48b989 Fix: abort nominating a pod that was already scheduled to a node
f0753a49862 fix: race detected in TestErrConnKilled
51c860863f7 Replace hardcoded kubectl with kubectl.Name()
04d413b92ab kubectl: fix hard-coded value in zsh completion
90539b64efd Fix the overestimated cost of deletaged API requests in P&F
813751ef7a2 omit enums from static openapi snapshots used to generate clients
4d3efbab01d Drop enum tag from certificate request condition
814ae980477 Addresses the issue which caused #109115
6ba5a0bc383 Add test for indexer with multiple values
9342552112d Reduce number of pods in Job+GC tests
e637f54d914 kubeadm: add etcd flag for member data consistency
897eb36396d Adjust validation checks to pass for both client-side and
server-side validation
f75e1b071d4 Remove finalizer when orphaned
56d9c45895c Fix: Clean job tracking finalizer from orphan pods
3b84efd15de Add test for Background delete propagation
8077e58bff1 Add integration test for orphan pods when there is GC
2faf6317075 Fix a bug that out-of-tree plugin is misplaced when using scheduler v1beta3 config
cf4ede44fe7 ipvs: remove port opener
70166f26b89 iptables: remove port opener
8e44552a6f9 kubelet: If the container status is created, we are waiting
02f2986b850 Skip updating Endpoints and EndpointSlice if no relevant fields change
f628706339c client-go: update generated
3de44bd759a default kubernetes agent for generated clients
8d9001df847 generated: make update
f4cd617b74f polish comments of non-enum values.
2538b2ef438 unmark non-validated types as enums.
33a72b11fe8 azure_file: try to get secret namespace from ClaimRef
451afa701bf azure_file: add namespace tests for InTree to CSI conversion
Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
| |
1.6.19 is the latest release for 1.6 branch.
This upgrade fixes CVEs such as CVE-2023-25173 and CVE-2023-25153.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add support of redirect option -L for curl, the
linuxcontainers.org sometimes redirect to other
mirror site such like us.lxd.images.canonical.com,
this would cause the lxc-download script report
download failed.
The version of curl in kirkstone also need to add an
option -f to use an error code to tell the caller
when http/https has errors.
Reproduce and verified on following command:
lxc-create -t download -n test -- --dist archlinux --release current --arch arm64
Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
backport the changes of templates-use-curl-instead-of-wget.patch
from master in following commits:
05f316f70a4d : lxc: update to 5.x and meson
211918936180 : treewide: bulk update patches with status field
Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
| |
skopeo rdepends on it, and skopeo has been extended to native and
nativesdk, so container-host-config needs also be extended.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The /etc/containers/policy.json[1] file is used to specify verification
policy. For now, we can see it's used by both cri-o and skopeo. To avoid
conflict, we use container-host-config to provide this file and make both
skopeo and cri-o depend on it.
[1] https://github.com/containers/image/blob/main/docs/containers-policy.json.5.md
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Instead of providing storage and registries configuration files
in this package, we inherit container-host which will provide a
common definition of these configs.
This allows multiple packages to ensure that the configuration
files are present, and not conflict in their installation.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a configuration only recipe that produces a package which
installs some common configuration files.
In this introduction we have both registries.conf and storage.conf.
Packages that require these files should RDEPEND on this package
(or inherit container-host.bbclass) and the files will be installed.
If conflicting requirements for these global configuration files
arise, they can be resolved through additions to this recipe, or by
providing a higher priority version of the .conf files.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The old crio.conf file can cause cri-o start failure. The error
message is as below.
validating runtime config: runtime validation: failed to \
translate monitor fields for runtime runc: cgroupfs manager \
conmon cgroup should be 'pod' or empty
Use new crio.conf file to solve this issue. The file is generated
by 'crio --config="" config --default' command, as indicated in
the old crio.conf file.
With this config file update, the crio.service can now start correctly.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
crio.service now reports the following error messages:
level=error msg="Writing clean shutdown supported file: \
open /var/lib/crio/clean.shutdown.supported: no such file or directory"
level=error msg="Failed to sync parent directory of clean \
shutdown file: open /var/lib/crio: no such file or directory"
Create /var/lib/crio to avoid such error message.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
For cri-o, libselinux is optional, this can be seen from
its Makefile. So let's make selinux optional by using PACKAGECONFIG,
whose default value is determined by the DISTRO_FEATURES. In this
way, meta-selinux dependency is not necessary.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
| |
libseccomp is not in oe-core. There's no need to check
meta-security any more.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping containerd to version v1.6.12-2-gccfc27e30, which comprises the following commits:
3595dd04b fix: check for tmpfs when evaluating if userxattr should be used
1899ebcd8 Prepare release notes for v1.6.12
ec5acd4c1 CRI stream server: Fix goroutine leak in Exec
9743dbae8 [release/1.6] update to go1.18.9
3d24d97ba Prepare release notes for v1.6.11
bb96b21e5 fix: support simultaneous create diff for same parent snapshot
15b541238 Fix order of operations when setting lease labels
9fdf713e5 Added nullptr checks to pkg/cri/server and sbserver
56593cca5 cri: add pod uid annotation
8ec051a6b [release/1.6] go.mod: use golang_protobuf_extensions v1.0.4
e639ecd7c Prepare release notes for v1.6.10
5af8d89ce overlayutils: Add fastpath for userxattr check
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping moby to version v20.10.21, which comprises the following commits:
f99cb8297b integration: download busybox-w32 from GitHub Release
3f9dc25f5c update containerd binary to v1.6.9
87ccd38cea vendor: moby/term, Azure/go-ansiterm for golang.org/x/sys/windows compatibility
e83e465ae2 [20.10] vendor: github.com/moby/buildkit eeb7b65ab7d651770a5ec52a06ea7c96eb97a249 (v0.8 branch)
9c84417c1b skip TestImagePullStoredfDigestForOtherRepo() on Windows and rootless
5b5b5c6f13 builder: add missing doc comment
05e25f7892 builder: fix running git commands on Windows
2f3bf18014 [20.10] vendor moby/buildkit v0.8.3-31-gc0149372
6699afa549 registry: allow "allow-nondistributable-artifacts" for Docker Hub
4b9902bad4 Validate digest in repo for pull by digest
c0d1188c14 builder: make git config isolation opt-in
9f5f3abcee builder: isolate git from local system
10db4c2db7 builder: explicitly set CWD for all git commands
8816c3c2aa builder: modernize TestCheckoutGit
11bdbf40b9 [20.10] Update to go 1.18.7 to address CVE-2022-2879, CVE-2022-2880, CVE-2022-41715
66ddb7f91c Fix live-restore w/ restart policies + volume refs
c003392582 contrib: make dockerd-rootless-setuptool.sh more robust
53313be0f3 docker-rootless-setuptools.sh: use context after install
9c486bd267 swagger: update links to logo
fa17fab895 vendor: github.com/containerd/console v1.0.2
481bee51b5 vendor: github.com/armon/go-metrics v0.4.1
39ba2873e8 vendor: github.com/google/btree v1.1.2
c2755f40cd vendor: github.com/hasicorp/memberlist v0.4.0
5ba3208ec7 Dockerfile: Update Dockerfile syntax, switch to bullseye, add missing libseccomp-dev, remove build pack
6d6a236286 [20.10] Update uses of Image platform fields in OCI image-spec
2570784169 [20.10] vendor: github.com/moby/buildkit 3a1eeca59a9263613d996ead67d53a4b7d45723d (v0.8 branch)
fcd4df906b Update some tests for supplementary group permissions
6a0186b357 Wrap local calls to the content and lease service
3d4616f943 Update to go 1.18.6 to address CVE-2022-27664, CVE-2022-32190
23c7d84b84 docs: api: adjust ContainerWaitResponse error as optional
3e9e79d134 docs: api: document ImageSummary fields (api v1.39-v1.41)
fdd438ae03 api: docs: improve documentation of ContainerConfig type (API v1.30-v1.41)
97014a8db5 namesgenerator: remove Valentina Tereshkova
e44d7f735e AdditionalGids must include effective group ID
9e7662e4a7 [20.10] vendor: update containerd to latest of docker-20.10 branch
7dac25a3a9 vendor: update tar-split to v0.11.2
8bd86a0699 update containerd binary to v1.6.8
6c8dd6a6f2 update runc to v1.1.4
418c141e64 [20.10 backport] daemon: kill exec process on ctx cancel
d127287d92 Allow different syscalls from kernels 5.12 -> 5.16
57db169641 seccomp: add support for Landlock syscalls in default policy
reverted by patch: 7ba8ca042c Update golang to 1.18.5
reverted by patch: f2a3c3bcef update golang to 1.18.4
reverted by patch: a99c9cd852 update golang to 1.18.3
reverted by patch: 82939f536b update golang to 1.18.2
reverted by patch: ecd1aa081f update golang to 1.18.1
reverted by patch: 7ba67d05a8 [20.10] vendor: update archive/tar for go 1.18
reverted by patch: 0bc432241e update golang to 1.18.0
bb95d09f9a staticcheck: ignore "SA1019: strings.Title is deprecated"
a7299ae72c Dockerfile: update golangci-lint v1.44.0
d97fd533cf integration-cli: SA5011: possible nil pointer dereference (staticcheck)
e6aee04a88 client.NewClientWithOpts(): remove redundant type assertion (gosimple)
0523323c28 daemon/logger/awslogs: suppress false positive on hardcoded creds (gosec)
adeb29c64c client/request.go:157:8: SA1019: err.Temporary is deprecated (staticcheck)
50361d91a6 registry: trimV1Address(): simplify trimming trailing slash
ae3a9337dd golangci.yml: do not limit max reported issues
9820255a1c golangci.yml: skip some tests
d223f37300 golangci.yml: update regex for ignoring SA1019
ec3bfba89d graphdriver: temporarily ignore unsafeptr: possible misuse of reflect.SliceHeader
f2f387b131 daemon: var-declaration: should omit type bool (revive)
2fb7c9fea7 daemon/config: error strings should not be capitalized
fa6954cb98 reformat "nolint" comments
45fa675a35 if-return: redundant if ...; err != nil check (revive)
9e88f8435a daemon/splunk: ignore G402: TLS MinVersion too low for now
2de90ebbe4 pkg/archive: RebaseArchiveEntries(): ignore G110
14b475d091 daemon/stats: fix notRunningErr / notFoundErr detected as unused (false positive)
db7b3f4737 unused: ignore false positives
b6de0ca7c5 G601: Implicit memory aliasing in for loop
e8b838e99f gosec: G601: Implicit memory aliasing in for loop
2ddf6e598a gosimple: S1039: unnecessary use of fmt.Sprintf
fadf8bbdff staticcheck: SA4001: &*x will be simplified to x. It will not copy x
7573e32577 client: S1031: unnecessary nil check around range (gosimple)
e738a57a6d daemon/logger/journald: fix linting errors
34f6b94255 gosec: G404: Use of weak random number generator
a6d7b61c8b update containerd binary to v1.6.7
b4ba1ee22f update runc binary to v1.1.3
da8828c4b3 api: swagger: fix invalid example value (API v1.39-v1.41)
9501d91e19 api: swagger: document BuildCache fields (API v1.39-v1.41)
61fdea902b api: swagger: document BuildCache fields.
c77432c889 [20.10] Update golang to 1.17.13
2833aa1e4b docs: api: add missing "platform" query-arg on create (v1.41)
a8c28260ad api: swagger: add missing "platform" query-arg on create
cfdc075b1c Fix file capabilities droping in Dockerfile
2daa6bb6b3 Windows: Re-create custom NAT networks after restart if missing from HNS
903cd53ce4 vendor: libnetwork 0dde5c895075df6e3630e76f750a447cf63f4789
eccaf6d368 [20.10] update golang to 1.17.12
ff7feeac37 vendor: github.com/containerd/continuity v0.3.0
Bumping libnetwork to version v0.7.0-dev.3-1841-gdcdf8f17, which comprises the following commits:
5e08bdb1 Revert: Added API to set ephemeral port allocator range
563fe8e2 README.md: repo was moved to https://github.com/moby/moby/tree/master/libnetwork
bea0bcf5 libnetwork: skip firewalld management for rootless
af0c46d8 Apply peformance tuning to new sandboxes also
Bumping docker-cli to version v20.10.21, which comprises the following commits:
3e3677e47d docs: fix links to BuildKit backend
20e3951aeb Remove "experimental" gates around "--platform" in bash completion
75d7ce92a2 fixed the plugin command docker-runc
a12c535f6e [20.10] vendor docker 03df974ae9e6c219862907efdd76ec2e77ec930b (v20.10.20)
d18a3e9004 [20.10] vendor moby/buildkit v0.8.3-31-gc0149372
932ca73874 [20.10] vendor: github.com/docker/docker v20.10.19
7d51e65e72 [20.10] vendor: github.com/moby/buildkit 3a1eeca59a9263613d996ead67d53a4b7d45723d (v0.8 branch)
1ea8d69d6f feat(docker): add context argument completion
e82aa85741 [20.10] vendor: github.com/docker/docker v20.10.18
e9176b36cc [20.10] vendor: github.com/containerd/continuity v0.3.0
bc6ff39e42 docs/reference: run.md update confusing example name
3fa7a8654f docs: update deprecation status for "overlay2.override_kernel_check"
3e06ce8bfa [20.10] Update go 1.18.7 to address CVE-2022-2879, CVE-2022-2880, CVE-2022-41715
93eead45ee Update to go 1.18.6 to address CVE-2022-27664, CVE-2022-32190
45075ea08c [20.10] vendor: github.com/docker/docker v20.10.17
c2dcaecf19 make compose plugin detection in bash completion work on Mac OS
613b9362d0 Detect compose plugin
b30d250320 Add completion for docker-compose plugin
6b25bc3003 fix race condition in TestRemoveForce
bdac0b38d9 Update golang to 1.18.5
c70b01ec1f update golang to 1.18.4
0389090aeb update golang to 1.18.3
c904936d69 update golang to 1.18.2
386d50c2e9 update golang to 1.18.1
990186f2f6 update go to 1.18.0
86bf1966e2 staticcheck: ignore SA1019: strings.Title is deprecated
b3022b91d1 [20.10] Dockerfile.lint: use go install
f14ba9f5d7 [20.10] Dockerfile: use syntax=docker/dockerfile:1
c189c4dbea [20.10] vendor: github.com/json-iterator/go v1.1.12 for Go 1.18 compatibility
0c46ffc1f9 [20.10] vendor: github.com/modern-go/reflect2 v1.0.2 for Go 1.18 compatibility
6be9ce798e [20.10] vendor: github.com/google/gofuzz v1.0.0
779ed309a8 lint: update golangci-lint to v1.45.2
2f7e84be65 linting: fix incorrectly formatted errors (revive)
e628209d9b linting: ignore some "G101: Potential hardcoded credentials" warnings
80a3add604 cli/command/container: unnecessary use of fmt.Sprintf (gosimple)
80fb0d575e [20.10] Update golang to 1.17.13
d72bef2088 [20.10] update golang to 1.17.12
7502d7e560 Fix dead external link
308624c3b1 fix: remove asterisk from docker command suggestions
de7d866b6a [20.10] update golang to 1.17.11
240e4b5501 [20.10] vendor: golang.org/x/sys v0.0.0-20220412211240-33da011f77ad
5d4776bd90 [20.10] update golang to 1.17.10
49e9c2ae3d vendor: golang.org/x/sys 63515b42dcdf9544f4e6a02fd7632793fde2f72d (for Go 1.17)
87a3ce2699 vendor: golang.org/x/sys d19ff857e887eacb631721f188c7d365c2331456
1d8abed17d vendor: update x/sys to 134d130e
31dad66f9a [20.10] update golang to 1.17.9
80f673bf9e gofmt with go1.17
3d4cc8e699 [20.10] update remaining files to go1.17.8
30277a8f80 update go to 1.17.8
cfef3a7dc1 docs: deprecated: add entry for "fluent-async-connect" log-opt
53426025c3 [20.10] docs: reformat table for compatibility
573a664639 Describe privileged mode in terms of capabilities
cf0ab7ac4c [20.10] vendor: github.com/docker/distribution v2.8.1
d05fd4ffc8 [20.10] vendor: github.com/opencontainers/image-spec v1.0.2
870f138250 [20.10] vendor: github.com/docker/docker v20.10.14
198d6b8724 [20.10] circleci: update buildx to v0.8.2
55a14ec851 [20.10] update remaining Dockerfiles to go 1.16.15
1f9a0df05a e2e: update docker-compose to 1.29.2
4ae338b33a docs: reference: remove trailing space to fix yaml formatting
6380142dd4 docs: fix (table) formatting, fix some broken links
82f422fcf3 docs: build: fix minor markdown and syntax issues
80fd77903b Update the list of log drivers
c3d4d623c8 Fix CMD --ignored-param1 example
2e82d11def docs: dockerd: fix broken link in blockquote area
738a6ee1cc improve cp documentation with some illustration examples
246d96bb6c docs: unify "docker create" and "docker run" reference
2fd0f17057 docs: add missing documentation for --pull flag
5fa500000a Fix incorrect pointer inputs to `json.Unmarshal`
1e6a8ce2b7 Dockerfile: update xx to 1.1
6f7a931a2d [20.10] use GO_LDFLAGS instead of LDFLAGS to prevent inheriting unrelated options
91bab605f7 [20.10] vendor.conf: don't use git:// protocol
a282e0c5d2 [20.10] update to go 1.16.15 to address CVE-2022-24921
700364e304 Fix mistake with env var example in docker run docs
62d27c32ff Update WORKDIR command information
c0e952cf04 Fix the (dead) link for docs for Dockerfile syntax reference
04104a04d3 Update dockerd.md
b721998b7b Fixing typo (his --> its)
4065e1246e format create.md table
f1002eb9fb Fix typo
e97c7b240e added missing closing parenthese
aa78937634 Update stats.md add example json output
40fe0573aa Update Ubuntu version number references in push.md
c9737e1c37 docs/daemon: replace deprecated '-g' option for '--data-root'
5c6723d080 Correct device syntax to --gpus
fd5fc61ecd [20.10] Update Go to 1.16.14
3624019d83 [20.10] update Go to 1.16.13
f3ff8e6ad6 [20.10] vendor: compose-on-kubernetes v0.5.0 to remove github.com/golang/glog
ee1ac1b319 fix innocuous data-race when config.Load called in parallel
38dd744a11 [20.10] Update Go to 1.16.12
4de40a825e Update Go to 1.16.11
03fa8f92c8 Update Go to 1.16.10
9989fdbc40 Update most links in docs to use https by default
0e20c1fd21 Update Go to 1.16.9
1c0927a041 Dockerfile: update tonistiigi/xx to 1.0.0-rc.2, add XX_VERSION arg
82f9d5921b info: skip client-side warning about seccomp profile on API >= 1.42
adb01ca79d docs: some minor touch-ups in checkpoint reference
8260476a06 docs: remove trailing space to fix generated YAML format
bce2e1f953 docs: create.md: typo fix
44064f51c8 Fix typo in documentation - build.md
292779add5 Add doc for BUILDKIT_PROGRESS env var
f2e79b826c docs: use "console" code-hint for shell examples
fa46b92361 docs: rewrite reference docs for --stop-signal and --stop-timeout
400f81089a experimental: fix broken link to "checkpoint and restore" page
c72057c8db docs: move checkpoint/restore doc from experimental into reference
77db97d595 Use private network address for default-address-pools setting in daemon.json example
cbf0d2b7b7 docs: fix some broken anchors
d0014a86bc docs: fix description of restart-delay to mention max (1 minute)
6c1c8b55aa docs: fix search results by filterd is-official
44fdac11f5 Update Go to 1.16.8
061051c24d docs: add missing redirect, and remove /go/experimental redirect
2012fbf111 Update Go to 1.16.7
42d1c02750 registry: ensure default auth config has address
0b924e51fc Update to go1.16.6
6288e8b1ac change TestNewAPIClientFromFlagsWithHttpProxyEnv to an e2e test
1e9575e81a cli/config/configfile: various test cleanups
c98e9c47ca Use designated test domains (RFC2606) in tests
8437cfefae context: deprecate support for encrypted TLS private keys
68a5ca859f cli/context: ignore linting warnings about RFC 1423 encryption
8a64739631 Update Dockerfiles to latest syntax, remove "experimental"
1d37fb3027 Deprecate Kubernetes context support
0793f96394 Deprecate Kubernetes stack support
b639ea8b89 Deprecate Kubernetes stack support
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
do_compile() is shared and shouldn't have been using SRCREV_moby
as that is obviously only set in the moby recipe.
Switch to using a generic DOCKER_COMMIT variable and set it in
both docker_moby and docker-ce.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
| |
Much of meta-virt requires seccomp to function properly, so we
update docker to match that common default.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
