summaryrefslogtreecommitdiffstats
path: root/recipes-containers
Commit message (Collapse)AuthorAgeFilesLines
* crun/oci-image-spec: specify https in github src_uriBruce Ashfield2021-11-051-1/+1
| | | | Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
* criu: remove :append and += combinationBruce Ashfield2021-11-041-2/+2
| | | | | | | | | bitbake is going to start warning about the combination of += and :append, which is rarely correct. We can use use :append and add the space. Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
* global: convert github SRC_URIs to use https protocolMartin Jansa2021-11-035-5/+5
| | | | | | | | | * apply the same also for recipes using PKG_NAME starting with github.com which the conversion script doesn't update automatically Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
* oci-runtime-spec: update branch specification to mainBruce Ashfield2021-11-031-1/+1
| | | | | | | master has become main in the runtime spec, so we update our recipe to match. Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
* crun: update runtime-spec branch to mainBruce Ashfield2021-11-031-1/+1
| | | | | | | runtime-spec has moved to main instead of master, so we tweak our branch name to match. Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
* global: convert github SRC_URIs to use https protocolBruce Ashfield2021-11-0224-36/+36
| | | | | | | | | | | github is removing git:// access, and fetches will start experiencing interruptions in service, and eventually will fail completely. bitbake will also begin to warn on github src_uri's that don't use https. So we convert the meta-virt instances to use protocol=https (done using the oe-core contrib conversion script) Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
* global: add explicit branch to all SRC_URIsBruce Ashfield2021-11-0212-12/+12
| | | | | | | | | | | | | | As introduced in the oe-core post: https://lists.openembedded.org/g/openembedded-core/message/157623 SRC_URIs without an explicit branch will generate warnings, and eventually be an error. We run the provided conversion script to make sure that meta-virt is ready for the change. Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
* lxc: update to 4.0.11Xu, Yanfei2021-11-025-182/+15
| | | | | | | | | | | | | | update to 4.0.11 1.drop two patches that have been integrated to upstream repo. 2.drop tests-add-no-validate-when-using-download-template.patch because it is no longer appropriate as the "download" has been replaced with "busybox" 3.fix the apply failure of templates-use-curl-instead-of-wget.patch 4.update lxc from 4.0.10 to 4.0.11 Signed-off-by: Yanfei Xu <yanfei.xu@windriver.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
* k3s: Add xt-statistic kernel module to rrecommendsKamil Dziezyk2021-10-211-0/+1
| | | | | | | | | Include the xt-statistic kernel module required by K3S for iptables configuration. Signed-off-by: Kamil Dziezyk <kamil.dziezyk@arm.com> Change-Id: I7592261c65c7c0831ce553ee907fba9e3e458b6f Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
* k3s: Update k3s service configurationKamil Dziezyk2021-10-213-1/+95
| | | | | | | | | | | | | | Update k3s.service with the latest changes from install.sh script. Add k3s-killall.sh script to stop all of the K3s containers and reset the containerd state. The killall script cleans up containers, K3s directories, and networking components while also removing the iptables chain with all the associated rules. The cluster data will not be deleted. Signed-off-by: Kamil Dziezyk <kamil.dziezyk@arm.com> Change-Id: If1794367cabfc18fc8e3ecaf26badd4d0bc25114 Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
* podman: add rdepend on nsenterBruce Ashfield2021-10-211-1/+5
| | | | | | | | | | | | | | | | | | | | Podman requires nsenter (for obvious reasons) .. and while this dependency is normally satisfied on images (via busybox), it is possible to build a minimal container image that excludes busybox .. and hence will not have nsenter present. Rather than making this a hard rdepends on util-linux-nsenter, we use a variable: VIRTUAL-RUNTIME_base-utils-nsenter, which can either be set to busybox or util-linux-nsenter (the current default). The VIRTUAL-RUNTIME_base-utils- format follows similarly named OEcore providers and variables .. which the exception that there is no entry in the preferred providers file there, and there's no package created called busybox-nsenter (but perhaps there could be in the future). Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
* umoci: switch branch to mainBruce Ashfield2021-10-211-1/+1
| | | | | | | | | | Like many other projects, umoci has switch to main instead of master. (and then deleted master) We change our branch specification to main, so the fetcher can once again find our desired SRCREV. Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
* skopeo: refresh storage.confBruce Ashfield2021-10-201-33/+95
| | | | | | | | Our storage.conf is a bit stale and is throwing warnings during load (due to thin provisioning changing). We refreshin it from the skopeo repository. Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
* kubernetes: add SRCREV_FORMATBruce Ashfield2021-10-191-1/+1
| | | | | | | | | | recipes that use multiple SCMs in the SRC_URI, must supply SRCREV_FORMAT or SRCPV triggers an expansion error. While this isn't fatal during the build, it can cause issues with setscene (and possibly) other tasks failing, which then leads to no sstate re-use, etc. Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
* docker-moby: add SRCREV_FORMATBruce Ashfield2021-10-191-0/+1
| | | | | | | | | | recipes that use multiple SCMs in the SRC_URI, must supply SRCREV_FORMAT or SRCPV triggers an expansion error. While this isn't fatal during the build, it can cause issues with setscene (and possibly) other tasks failing, which then leads to no sstate re-use, etc. Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
* docker-ce: add SRCREV_FORMATBruce Ashfield2021-10-191-0/+1
| | | | | | | | | | recipes that use multiple SCMs in the SRC_URI, must supply SRCREV_FORMAT or SRCPV triggers an expansion error. While this isn't fatal during the build, it can cause issues with setscene (and possibly) other tasks failing, which then leads to no sstate re-use, etc. Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
* oci-image-spec: update to 1.0.1-latestBruce Ashfield2021-10-181-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumping image-spec to version v1.0.1-97-g54a822e, which comprises the following commits: fc4df0a Fix very minor oversight in config example 08dd547 media-types.md: clarify differences from Docker media types 170393e Embedded other platform fields in image spec ebb32fd Use registry.example.com as example default registry 0e20f8a Add CPU variant to image config a2b7b2f expected type/subtype test for descriptors should have comment that references failure, not success 875b7e5 pullapprove: remove defunct config 3b938ac Drop link to OCI scope table ee4bfe1 Add background to png images eaa222c image.base.ref.name -> image.base.name based on stevvooe's feedback 4221034 CODEOWNERS: switching from pullapprove to github builtin 4feeaac Describe how index manifests should work with base image annotations a25f547 Removing Link Introduction 54bc9b7 Fix typo b619890 Makefile: switch to the new OCI container image 9ed9683 adding github workflow to render docs and lint 87bb9f8 Create EMERITUS.md to recognize old maintainers 71ccc68 Add standard base image annotations c435dd5 Remove Keyang Xie as a maintainer a4ddb1f MAINTAINERS: update jonboulle email address 37e228a Update vbatts email address in MAINTAINERS 5f0d52c Replace Jason B with Jon J in image-spec maintainers 4366201 pandoc: point to a joint OCI org image 8211213 fixed typo in image-layout 78c42f4 Remove go4.org dependency 43022b9 MAINTAINERS: remove Brandon Philips @philips 8c25739 mediatype of layers should be application/vnd.oci.image.layer.v1.tar+gzip c3a73dc zstd: add constants to specs-go/v1 d420390 README.md: return to one-sentence-per-line format ea8062d Reference "org" repo for meeting info 1a29e86 media-types: Define layer media types suffix '+zstd' 042b4d7 Run tests with go 1.12 3d3783d Fix linting error bd4f8fc annotations.md: Fix a small typo c5f603f Fix table header grammar in annotations Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
* oci-runtime-spec: update to 1.0.2Bruce Ashfield2021-10-181-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumping runtime-spec to version v1.0.2-71-gab23082, which comprises the following commits: 411082c add youki to implementations.md 6641127 alphabetize the implementation list. 15f418e fix the lifecycle reference in the states listing f0ac327 defs-zos: [Fix] prevent schema parsers from hitting recursion-loop while resolving types. cc7f6ec config-linux: Add Intel RDT CMT and MBM Linux support c83b45e Introduce zos as platform. 0c021c1 config-linux: clarify the handling of ClosID RDT parameter 9e65944 config-linux: fix indentation on IntelRdt 0f84938 schema/defs-linux: Fix inconsistencies with seccomp notify 7c549cb seccomp: Add missing const for seccomp notify action 58798e7 Add Seccomp Notify support 8c363e8 Proposal: runtime should ignore capabilities that cannot be granted f02cd4a config-linux: mark memory.kernel[TCP] as NOT RECOMMENDED 76f7818 README: Fix broken link for charter f7ef278 seccomp: allow to override default errno return code ec964df seccomp: expect error with invalid errnoRet 2978430 config-linux: fix personality link e9429bb Makefile: Fix golint URL used in go get 8f65443 travis: fix go_import_path 3866eec MAINTAINERS: update vbatts email 2fe0475 Add support for SCMP_ACT_KILL_THREAD fd895fb Change all references from whitelist to allowed 11bfea2 Fix int64 and uint64 type value ranges 57a316b docs: Added enclave OCI runtime rune to implementations 938cf9f Update seccomp architectures to support RISCV64 d3f079a config.go: make umask a pointer a02a293 Update State structure to use the new ContainerState type 7571d3d cgroup: add cgroup v2 support 66ad83f Use dedicated type for Container State 89419f0 Add State status constants to spec-go 09fc3b4 Remove superfluous 'an' 0e72101 Add Giuseppe Scrivano as runtime spec maintainer 6042999 Define State for container and runtime namespace a9f1170 Add seccomp kill process d759f35 MAINTAINERS: Add @cyphar as maintainer f9df045 seccomp: fix go-specs for errnoRet 3bfcde2 seccomp: allow to override errno return code 1ac6f8d specs-go: bump master back to -dev c4ee7d1 specs-go: update version to 1.0.2 ce773cb ChangeLog: changes v1.0.1...v1.0.2 5ef5c78 Makefile: avoid SELinux for making docs d22e8e0 *: release process is duplicated in RELEASES.md 41c3e47 Review (tianon) 9be9595 Clarify case with pre-configured Intel RDT closID 76c0da2 config-linux: describe more about rootfs mount propagation 353ddcb config-linux: add SHOULD to linux.namespaces.type 37fab77 Fix typo in RELEASES.md baa7978 remove unneeded indent a87fe24 Makefile: no DCO with git-validation on travis bacc285 MAINTAINERS: remove philips d5bfb2b MAINTAINERS: remove Vishnu dda13dc PullApprove: No need for 3 DCO checks 12fd09a RELEASE: document how to do the release c166268 Add create-container, create-runtime and start-container hooks e6e17ad schema: drop id from umask fac34e2 schema: fix indentation 03c526b schema: add missing definition for personality 2b844a0 Add support for SCMP_ACT_LOG 66f4ffa Add new seccomp action. d1ef109 config-linux: support seccomp flags ff32f02 implementations.md: fix repository for crun 23c4be2 Update meeting info section to point to "org" repo 78ab98c Fix markdown escape in config-linux 5cc25d0 Add Linux personality support 234aa0b config-linux: Add Memory cgroup's use_hierarchy 6b04c63 config: add "umask" field to POSIX "user" section dba5778 config: Collapse extensibility to a single MUST 574182a schema/defs-linux: change weight type to uint16 ec0fc3d runtime: Clarify ociVersion as based on the state schema Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
* criu: update to 3.16.1Bruce Ashfield2021-10-181-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The criu-dev branch is not constant/consistent, so we switch to main for our SRCREV specification. At the same time, we bump to 3.16.1, which comprises the following commits: 4a1731891 criu: Version 3.16.1 62b377957 Makefile: add shellcheck test/others/libcriu/*.sh 59d0dfba9 test/libcriu: print logs on fail 53bf82bcf test/libcriu: add test case for join-ns a8c5efe4c libcriu: define log level constants 5ec2a6aaa libcriu: add join_ns API f2cdb062a Makefile: install criu-ns only with python3 a15a63fce criu-ns: change python shebang to python3 000ea8266 criu: Version 3.16 8567a0952 ci: Update openj9 container images 0b2a7223b mount: fix double-dump file system bug bea9580e3 gitignore: add build directory 4db8ef15c podman-test: use crun from git repository 6a15dbdef lib: install images/rpc.pb-c.h c6b5e7d92 sk-unix: fix prep_unix_sk_cwd root and cwd restoring f0e968ffe binfmt_misc: restore current work directory after restoring mnt ns 776f3cff7 autofs: restore current work directory after restoring mnt ns 45409c35d mount: use swich_mnt_ns/restore_mnt_ns helpers to simplify code f79d15c44 binfmt_misc: restore current work directory after restoring mnt ns eea63587e namespaces: add helpers to switch/restore mnt ns 41f448968 remove tls parameter description if without GnuTLS support d87922099 kerndat: create separate netns for has_nftables_concat check aa772bf28 zdtm: fix network lock tests when run with --norst 9838d34de criu: use unique table names for nftables based locking ca3e3c50b inventory: save network lock method to reuse in restore cd1570b15 zdtm: add ipv6 variants of net_lock_socket_* tests 212db1d9a zdtm: add nftables per-socket locking test 826d3d740 criu: add nftables connection locking/unlocking 6e59b2bd7 zdtm: add iptables per-socket locking test c15327656 zdtm: add nftables network namespace locking test 19cc0bfa6 criu: add nftables netns-wide locking/unlocking f246ca56c criu: rename iptables network locking/unlocking functions e9d24a2ba cr-check: add check for nftables based network locking b85fad797 cr-service: add network_lock option to RPC and libcriu 2e30db5c3 criu: add --network-lock option to allow nftables alternative ef7af1dd1 Run 'make indent' on criu/include/plugin.h cf2b67375 workflows/lint: show changes 03cdbc4c0 criu/config: fix use-after-free in parse_join_ns 546a6dfd0 configs: fix used after free cases 399a53a43 lsm: do not print a warning if no LSM has been detected 960f26f90 files-reg: do not print a warning if a file has no build_id 90e175d52 zdtm/pthread_timers: make sure glibc allocated SIGEV_THREAD's stack dd0e66149 ci: fix 'crit.sh: 3: source: not found' e936a0f8a docker-test: refactor test scenario 78eb0dabf dump: suspend/resume lsm on pre-dump 5dc373385 util: add run_command() 9422383b6 zdtm/apparmor_stacking: don't include optional AppArmor namespace separator dc4c3cd48 apparmor: actually enable suspend for AppArmor ea1c89147 lsm: handle SELinux LSM correctly 06b5d2fa8 tests: add a test for apparmor_stacking 8723e3f99 check: add a feature test for apparmor_stacking 8d992a680 lsm: support checkpoint/restore of stacked apparmor profiles 0db135ac4 util: add rm -rf function 6085c37ba lsm: change when LSM profiles are collected e2a45d786 ci: extend lint run to run 'make indent' 70833bcf2 Run 'make indent' on header files 93dd984ca Run 'make indent' on all C files 1e26f170c criu: introduce clang-format to format source code cc2317ea4 zdtm: fix indentation in Makefile wait_stop target d62e747e9 ci: fix Fedora Rawhide b32c8c6fe posix-timers: fix getoverrun error handling 01fa34f1e ci: use pre-installed Podman 918901439 zdtm/pthread_timers: require ns_pid feature and add non-ns test e1b1547c8 posix-timers: fallback notify thread id encoding for non-pidns and non-nspid 91d7203b8 proc_parse: make nspid field optional a692a0d0a kerndat: Check that "/proc/[pid]/status" file has NS{pid, ..} lines 64f0012e4 zdtm: add a test for SIGEV_THREAD timers 7eab5a7dc timers: save tid from a task pid namespace 61e1334ab proc_parse: get a thread ID in a thread pidns from /proc/pid/status 80079fbb0 criu: dump and restore notify_thread_id of posix timer 6be9345fb criu-ns: add support for 'check' action 868bffba4 criu-ns: add top-level conditional execution f70605ef1 criu-ns: update script name in help message f472e2590 Documentation: Add man page for criu-ns 8891e51cd make: install criu-ns 4a9bcd884 zdtm: prioritize /lib/* dependencies in some tests 00ca2b519 scripts/build: add a docker file for archlinux 694eafa1f protobuf: remove leading underscores from protobuf structs efb9fccd4 cgroup: cgroup_contains has to update the mask for cgroupv2 ac27562f0 ci: add msgque test case to crit-recode 7e86519fe lib: fix crit-recode msgque errors in Jenkins 503488597 ci/openj9: run mrproper before make 7ff785e1d zdtm: make --sbs also stop on each pre-dump/snap iteration 07316d15a restore: cleanup cgroup properly in error path 8f2b8c7be scripts: run lint also on criu-ns bd648cc8d ci: also test tcp stream crit recoding fa9acb9dc lib: fix broken crit-recode test 0ca36c95e ci: combine cross compile container definitions 2ebb1c741 crit: fix error on memfd files parsing f57e45df5 cr-service: move pidfd_store initialization to cr-service f7cd25400 pidfd_store: tidy up interface and hide unneeded details 083f0822e pidfd_store: move pidfd_store to a separate file d55f34ed7 test/ci: sync netns_lock test and its --post-start hook b290df9a6 test/jenkins: fix netns_lock test multiple iterations failure 75feb9635 ci: fix mips64el-cross test f3cb15660 Keep inherit-fd strings alive until task restore d3ce492cc pycrit: fix the broken of cli the `crit show xxx.img` 093fb0c87 Add test for new --lsm-mount-context option 64dd64e50 Enable changing of mount context on restore 5be71273f Remove unnecessary whitespace fc7705a13 zdtm: add network namespace locking test 0cf79a360 test: remove exec test 1a197d4d8 criu: add unit testing for config file parser 45bde968a test: add tests for configuration file parsing f695e6e10 config: make configuration file parser more robust 381d2e88f criu: add cleanup_free attribute 031a8d790 bfd: loop through read()/write() when the action is incomplete 24bc08365 ci: disable some tests on CentOS 7 63ca464bc ci: remove old workarounds 6ef01d3e6 ci: switch CentOS 7 test to Cirrus CI 1fbe87624 ci: disable -x during print_env() b4c7267b0 zdtm: allow ignore taint via environment variable a92833818 scripts/vagrant: Use vagrant 2.2.16 eda3ac2ff scripts/vagrant: Use Fedora 34 87ea13f6b add PKG_CONFIG default in a few more places 6db0f95db crtools: improve error handling on signal setting 2967bed64 build: respect $PKG_CONFIG settings 81a68ad3b docker-test: use latest containerd release 638e53c95 zdtm/tun_ns: add per-test dependencies 9d9ec73dd test: skip time namespaced tests on <= 5 e42083aa8 ci: update docker test matrix ebc74668f cr_options: handle the case where __dest == __src in SET_CHAR_OPTS d0511319e github: Add templates for new issues and pull requests 3c10d3335 criu(8): document --join-ns option 80ee4f8ae kdat: make uffd_open return errno from syscall separately a8525c07d ci: no longer avoid overlayfs 2aa4185a6 test/others: refactor loop process 2b78d95e6 test/others: drop '_exit' function 34410b9e7 test: add a test to check that sigtrap handlers are restored b310fbd31 ksigset: fix a typo in ksigdelset c1b2d194e mem/pidfd: fix poll retry error checking 1c08709cd zdtm: add pidfd store based pid reuse test ea0dc7807 zdtm: add --pidfd-store option in RPC mode e79131e8c criu: add pidfd based pid reuse detection for RPC clients ba882893c cr-check: add ability to check if pidfd_store feature is supported e3c9c3429 cr-service: add pidfd_store_sk option to rpc.proto a9508c986 criu: check if pidfd_getfd syscall is supported 30e8d8cad criu: check if pidfd_open syscall is supported 5d08f975a kerndat: Handle non-root mode when checking uffd 8c303d1a6 test/others/crit: add test for 'x' e39300109 lib/cli.py: Open explore file as a binary c8973d426 test/zdtm: check that a penging SIGTRAP handled properly 61c7cc5a9 parasite: don't block SIGTRAP ed58fb221 test: create new tls certificates 6beeabcd4 zdtm: add sk-unix-dgram-ghost test case 2609e98ee sk-unix: ghost: fix deadlock between peer_fle->stage and fds wake up 655610e09 ci: remove hack for netns-nft zdtm test ddefbbff1 zdtm: add combined nftables/iptables netns-nft-ipt test 4696e61ed zdtm: skip static/netns-nft test if nftables feature isn't supported d8821d9a8 net: skip iptables dump if it has nft backend and nft dump is supported e26949cfe lsm: handle half initialized SELinux setups e2c352e4f tools.mk: Use Python 3 by default 177e4b4ba mips: remove empty gitignore 22142eedf mips: coding style fixes 99a6a17c2 Allow systemcfg proc file to be dumped 731cafa85 logging: pr_perror() -> pr_msg() when execvp fails in action scripts and others 24bdfa72d net: add a #define for increased compatiblity with old distributions 29c34386b restore: fix error message when fork fails f10425e05 criu: end pr_(err|warn|msg|info|debug) with \n 96b7178ba Whitespace at EOL cleanup and check 7ea20e8f5 criu: make sure to use pr_perror to show errno 10c619adb test/zdtm: pr_err / pr_perror fixes dca0eb5b4 test/others/bers: use pr_perror e326889c0 criu/mount.c: fix \n in pr_debug 2166d4748 scripts: fix shellcheck warnings 5f3631916 Makefile: amend lint with pr_perror/fail checks 4cd23083b test/zdtm: don't pass errno to fail() 12a2bd0ed test/zdtm: don't use %m with fail b20694835 test/zdtm: don't use \n with fail() 9cbcaaed3 test/zdtm: don't use errno for pr_perror 865a5e951 test/zdtm: don't use pr_perror where errno is unset d55a65e93 criu: don't use errno for pr_error f3be776cc Drop \n from pr_perror 5e3b07b95 test/zdtm: check that restore can handle precreated veth devices f60f24bfb kerndat: check whether IFLA_NEW_IFINDEX is supported 3ca09f5c9 ci: exclude lazy-thp for remote pages over tls 6c77d7226 Makefile: docker-test don't use interactive tty 27b9ed53e Makefile: update excluded tests for docker-test 5d8ecee0a docker-test: use host cgroup & network ns e3c0fa701 Dockerfile: add missing test dependencies 3074b6d5a Dockerfile: re-build criu after clean f432186e7 Dockerfile: use 'git clean' before build 264b4a8d2 tiny fix on function dump_empty_fs cdb0d4270 net: allow restoring of precreated veth devices e3b694392 scripts/build: drop obsolete ENV1 variable eb5726c44 images: re-license as Expat license (so-called MIT) 9c18c63d2 ci: enable crit tests in CI b78c4e071 test: fix crit test and extend it 13e6e6899 lib: also handle extra pipe data correctly bf9e502c6 lib: print nice error if crit gets wrong input bf80fee4f lib: correctly handle stdin/stdout (Python 3) 9635d6496 criu: Replace faccessat with fstatat when using AT_SYMLINK_NOFOLLOW flag 96c1351d8 criu: Throw error when parent path is provided but invalid 8dc7ce3e7 cr-service: fix CRIU_REQ_TYPE__FEATURE_CHECK RPC request b82f222d6 lib: fix crit-recode fix for Python 2 228e510d2 ci: move CentOS 8 based test to Cirrus 069d92e51 Use a real VM instead of a privileged container 90e03b1a1 pstree: don't change sid/gid-s if current sid/gid is the same 248b77367 lib: correctly handle padding of dump images abe3405b2 lib: fromstring() and tostring() are deprecated c10aae8f6 criu-ns: Merge comparisons with 'in' 5f59a7cc3 criu-ns: Add unsupported msg for restore-sibling 797422986 criu-ns: Handle restore-detached option 6b375ed75 criu-ns: Pass arguments to run_criu() 55a0557db criu-ns: Close namespace fd before raise 0e024bfce criu-ns: Extract set namespace functions a80f08c2e criu-ns: Remove unused _umount 6fd59abc8 criu-ns: Use documentation strings f8556f947 criu-ns: Extract wait for process into a function a08aa4406 criu-ns: Extract mount new /proc into a function a0a02c73e criu-ns: Remove space before/after bracket 8f69a58e0 criu-ns: Convert indentation to spaces f3d071461 ci: run zdtm/transition/pid_reuse with pre-dumps in ci tests 288adfc59 ci: remove ccache setup 2e0107ead ci: run recode tests on more input files 71013465b lib: fix recode errors seen in Jenkins c84dddf2f ci: remove '-Wl,-z,now' workaround ed0f4608f lib/cli.py: Open out file as a binary a433943a7 docker-test: set log file path 046cad8bf docker-test: use containerd v1.5.0-beta.0 25f378083 ci: move Travis CI Docker tests to GitHub Actions 7e6a1a701 pstree: check for pid collision before switching to new sid/gid bb5bad532 test: move vt test to minor 65 on s390x c66ca3aa2 zdtm/fpu03: Add .desc file to omit running on !x86 a87c61fe8 Revert "compel: add -ffreestanding to force gcc not to use builtin memcpy, memset" 1bac3a64b s390: Purge stale comment 39b7252c6 fault-injection: Run fpu corruption tests 21e3c5307 compel: Provide compel_set_task_ext_regs() 3613b6f15 compel: Store extended registers set in the thread context 7af06af10 zdtm/fpu03: Add a test to check fpu C/R in a thread 6c879c3c8 zdtm/fpu00: Simplify ifdeffery e2e8be37f x86/compel/fault-inject: Add a fault-injection for corrupting extended regset 327e14933 namespaces: properly handle errors of snprintf ffb848e6d x86: Use PTRACE_GET_THREAD_AREA instead of sys_get_thread_area() 72dc32850 ci/compat: Check if tests are 32-bit ELFs 10fe08c37 github/stale: separate labels with commas without following spaces ff38944b9 ci: fix Fedora rawhide CI failures 79b3893ec plugin: check for plugin path truncation 878223560 sk-unix: check whether a socket name is NULL before printing it 9582a44ce bug: add __builtin_unreachable in BUG_ON_HANDLER 4eb43dc4d test: fix test compilation on rawhide 6f8e67135 zdtm: Add javaTests output to .gitignore 7b3eb03ab test: Reduce verbosity of mvn output ae143161b javaTests: Add --file-locks option 56d7dbd7c file-lock: Add space in error message 950805bf1 ci: use runc instead of crun for podman tests 719e42fe1 seccomp: initialize seccomp_mode in all cases 2dc65a636 zdtm: add second fifo_upon_unix test 1f2e10771 zdtm: add fifo upon unix socket test case 7c5c81366 sk-unix: rework unix_resolve_name d0308e5ec sk-unix: make criu respect existing files while restoring ghost unix socket fd 49889baa2 files-reg: rework strip_deleted 129cc7fbc files: Don't forget on stripping deleted postfix on linked files 3a4bffc14 ci: move coverage run to github 6be56e92c test/zdtm: check that locks are not dumped if --file-locks isn't set 7b5e7166e dump: dump has to fail if there is locks and --file-locks isn't set 37c09f890 ci: move compat tests to Github Actions 246c37ad3 README.md: remove unused badges; add a few new badges fad9f805c README.md: remove trailing whitespaces 67ce4e46c ci: move asan and image streamer test to github f983a55e6 vdso: fix segmentation fault caused by char pointer array 909ce55d8 Tell podman to use vfs as storage-driver f4c5937ca ci: move Fedora Rawhide based tests away from Travis ed7cefe21 ci: factor out Fedora Rawhide CI setup 95c4a8b40 ci: skip bpf tests on vagrant bb2078f36 ci: upgrade vagrant and Fedora version da2c83d87 ci: fix syntax error in stale.yml fc5ba7de7 zdtm: handle a case when a test vma is merged with another one d74353d77 util: zero the events pointer to avoid its double free 540141c7c namespaces: handle errors of snprintf b83a1dd95 ci: also use clang for compel-host-bin baad84efb ci: run aarch64 compile tests on Drone 95df2524c zdtm: cleanup thread-bomb test error handling and printing 50a96e9fa ci: move vagrant test to cirrus ci f04e8517c workflows/stale: Don't close issue that has labels 'new feature' or 'enhancement' 2721d865f fsnotify: rework redundant code c4f176b1e mount: adjust log level for mnt_is_dir 3fd3a376f mount: adjust log level for get_clean_mnt 8c53627dd dump: at exit do not call timing_stop if stats are not initialized c405a0116 coverity: get_service_fd() is passed to a parameter that cannot be negative 6ff51fd8d restore: warning: Value stored to 'ret' is never read 0bb3d8586 memfd: use PROC_SELF instead of getpid in __open_proc 34024dfdc util: move open_proc_self_fd to service_fd 068672f39 servicefd: don't move service fds in case they remain in the same place 5364ca3da compel/test: Fix warn_unused_result 8aba7ae9f compel: Fix missing loff_t in Alpine cffbeffed ci: Enable compel testing fbb21b404 compel/test: Add main makefile ae686848b compel/test: Resolve missing includes c7544894f dump/ppc64,arm,mips: sanitize the ERESTART_RESTARTBLOCK -> EINTR transition 0cbfba778 github: auto-close stale issues and pull requests fabd5be38 zdtm: look up iptables in /sbin and /usr/sbin 797f41e8a test/zdtm_ct: Run zdtm.py in the host time namespace f736b8750 ci: Alpine's busybox based free does not understand -h d2ed60b60 namespaces: don't set rst on error in switch_ns_by_fd 94fb7c36a ci: move alpine based tests to github actions a28947bb8 ci: give an overview of the current CI environment 70088b66c ci: add Circle CI definition a719a2f49 CONTRIBUTING.md: add component prefix to the subject example adfec67c0 .gitignore: Remove qemu-user-static 82bddc4b2 scripts/Docerfile.centos8: Use 'powertools' repo name 898329b30 x86/asm: fix compile error in bitops.h 371d9c83d others/ns_ext: restore a process out of PID namespaces into the host PID namespace eb9ed1aaf cr-restore: setup external pidns only for root task c5064eda1 namespaces: make root_ns_mask more consistent c629525ca cr-restore: make CLONE_NEWPID flag in clone_flags more consistent 98fbb766d compel/handle-elf: override unexpected precalculated addresses 6a7bb0b9f docs: fix simple typo, clietn -> client b023f0ab5 vim: remove wrong 8-space tabs indent from python files 2c89954cc zdtm: on fail with no error also print the tail of the log 9bdae79d0 uffd: check for exited task when reading uffd_msg 3b2202151 uffd: cleanup read error handling in handle_uffd_event 8ca4d6e5b cr-restore: Properly inspect status in sigchld_process() 00bd72f32 ci: remove special handling for mips 2d68627dc CI: remove centos7 from Travis 5bb4406e9 ci: use graviton2 for arm64 tests on Travis fb21643b2 tls: Add logging within send/recv callbacks b28eb7b2d compel/log: Provide %u specifier parsing c39ed518f compel/log: Stop parsing at unknown format specifier b93fe2b2d vdso: Let zero-terminator in vdso_symbol_length 528ce2598 uffd: handle xrealloc() failure 56a70ff99 uffd: fix 'double free detected in tcache 2' 7db0c7c02 ci: add CentOS 8 based CI run b0676302f ci: switch centos7 to github actions 247523c0c travis: rename centos test to centos7 b6e4dae22 criu-ns: Remove unreachable statement ebea8f560 ci: fix lazy-pages test selection 20a83e77c ci: 'fix' lazy tests 1ecaee67a namespaces: fix 'Declaring variable "path" without initializer' 097c931ed coverity: img_raw_fd() returns a negative number 04d7b7157 sk-unix: ignore coverity chroot() warning cfeb9c10f cr-dump: get_service_fd() is passed to a parameter that cannot be negative ed905a002 util: fix double_close false positive b47cb0539 dump: Potential leak of memory pointed to by 'si' def84b8ef coverity: fix parameter_hidden: declaration hides parameter c98eb0384 restore: Value stored to 'ret' is never read 8e5acdd2d cr-dump: Potential leak of memory pointed to by 'si' cf4fe1fa1 vdso-compat: let coverity know that the function does not return cfcc0b14a coverity: ignore CHECKED_RETURN d0db53297 autofs: Potential leak of memory pointed to by 'token' 9b1921fb7 sk-unix: do not overwrite function parameter 1d403eb18 Use 'is None' instead of '== None' 820525fe8 bfd: remove unused line a02986804 coredump: remove two unused variables 1543527bf lib/py: remove unused variable 7db0bb69e infect: initialize struct to avoid CLANG_WARNING ee048e148 lock: disable clang_analyzer for the LOCK_BUG_ON() macro 70c8c12c6 compel: don't mmap parasite as RWX 6edcef740 cr-restore: Wait child & reap zombies if PID=1 4381043a7 criu-ns: Use PID 1 on restore b2232f7f7 criu-ns: Convert c_char_p strings to bytes object d16033658 criu-ns: Print usage info when no args provided 26371e56f criu-ns: Convert to python3 style print() syntax 72ca9673d python: Replace xrange with range 2598f64fa crns.py: New attempt to have --unshare option 0d691acba CI: distribute CI jobs between CI systems e7cbeddff CI: rename 'travis' to 'ci' Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
* crun: bump to version 1.2Bruce Ashfield2021-10-181-5/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumping crun to version 1.2-16-g718b94e, which comprises the following commits: 979f6f0 criu: save the new descriptors after restore cab3d52 crun: chown std streams c68c4ce crun.1.md: fix formatting 62e9ba0 test: bump base and ubuntu to 1.16 for containerd tests 07303d8 exec: support --cgroup 9c96ca4 libcrun: allow to specify sub-cgroup for exec e32af6c cgroup: allow to create missing dirs baa786c exec: use new function 6d70af2 exec: new function libcrun_container_exec_with_options 97c2eac tests: add userns to sd_notify_proxy test 4f6c8e0 NEWS: tag 1.2 aee580f exec: fix containers being wrongly reported as paused 762269c test/criu: enable external ipc,uts,time namespaces e334260 criu: Add support for shared ipc,uts,time ns 1353be8 configure: convert indentation to tabs 44bb0b2 artifacts: add libprotobuf-c-dev for protobuf headers 5b341a1 NEWS: tag 1.1 55d293c .github: add libprotobuf-c-dev 2162435 criu: store external descriptors as JSON string 9c7d928 .github: check tests leave the working dir clean d99bb51 .github: report make check failures 0d64e1d linux: fix fix-test-mount-symlink-not-existing test 7260dc8 tests: fix number of tests b0d64b6 tests: skip caps tests if rootless a538e4e tests: disable exec_additional_gids when rootless b055575 criu: fix save of external descriptors c0f5460 criu: use has_prefix instead of strncmp 0fa5a11 criu: use write_file instead of open+write 1604c54 criu: drop \n from error messages a967d78 criu: fix fd leak f624c93 tests: disable unrelated failing Podman tests ee35311 utils: add new function safe_readlinkat ef24f0c README.md: ./configure.sh → ./configure 3e82d10 tests: add test for c/r with ext namespace 2257680 tests_utils: drop unused variable f41c979 tests: drop unused imports be18607 criu: Add support for external PID namespace 4810ac6 exec: refuse paused container/cgroup 7d35659 cgroup: drop cgroup_mode arg from libcrun_cgroup_is_container_paused 44377aa container: Set primary process to 1 via LISTEN_PID by default if user configuration is missing bc0b3d1 utils: retry openat2 on EAGAIN 8a70bcd cgroup: use cgroup.kill if available c819e9c tests: update Podman to 3.3.0 74543d3 linux: silence two false positives reported by lgtm c1798ad status: check for owner before using it 5399935 utils: NUL terminate readlinkat buffer 2557c81 NEWS: tag 1.0 dad6ef2 crun.1: regenerate 2199d10 tests: update containerd version We also bump the oci/image/runtime spec SRCREVs to ensure that we have all the source dependencies up to date. Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
* crun: fix offline buildsBruce Ashfield2021-10-181-1/+6
| | | | | | | | | | | | | | | The 'autogen.sh' script of crun was fetching dependencies that we already have in our SRC_URI. We want the OE git fetcher to manage the source, not scripts in the source of a package. We grab the two lines out of autogen.sh that we need, and use them directly in the configure_prepend. We also add yajl to the source code dependencies as the package DEPENDS is not enough as crun is explicitly building source that looks for the yajl code. Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
* podman: check for ipv6 in DISTRO_FEATURESBruce Ashfield2021-10-151-1/+1
| | | | | | | | | | | When setting up networking, podman is looking for the ipv6tables executable. We have iptables in our rdepnds, but the ipv6 variant won't be available unless ipv6 is in DISTRO_FEATURES. We can use our distro feature check to detect the issue and alert the developer. Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
* k3s: update to v1.22.xBruce Ashfield2021-10-121-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumping k3s to version v1.22.2+k3s2-4-g737f722315, which comprises the following commits: 737f722315 set transport to skip verify if se skip flag passed (#4102) (#4103) dd4b36e034 Add "etcd-" prefix to etcd-snapshot commands as aliases (#4161) (#4170) cedcece9cc Dual-stack support LB controller 3f5774b41e Bump containerd to v1.5.7+k3s1 bdd597fb9e Don't evacuate the root cgroup when rootless 6d282b26c2 Skip tests that violate version skew policy a09bcba540 Properly handle operation as init process 44013ae899 Enable the inheritance of settings for ipv6 10bca343e8 Update build images to python3 for compat with recent gsutil change 28be0de4e8 Revert "Use the newer klipper-lb image" 64b502e92c Disable automounting service account token in servicelb pods 7826407a2e Make sure there are no duplicates in etcd member list (#4025) 1d21491094 Use the newer klipper-lb image 753e11ee3c Enable JobTrackingWithFinalizers FeatureGate dccee4e87b Fix regression from commit 137e80cd865efe51aa3ef0323fd6b0a014b7b9de 7a36c3f7f2 Bump golang version 77dfdda909 Update Kubernetes to v1.22.2-k3s1 eda65b19d9 Remove expiremental from cluster commands (#4024) debb508643 Nvidia container runtime discovery in containerd config template (#3890) 086ca8ba6a Fix premature etcd shutdown when joining an existing cluster 85e11c47d1 Add StargzSupported stub for Windows e732517712 Retrieve "CONTAINERD_" environment variables acf9036b63 No-op when etcd member was already removed and use existing name for etcd controller (#4014) 9fcd79baae Add tests to the dual-stack PR and enable dual-stack with flannel backend 681058bb40 Add dual-stack support 5e0fae914f Bump helm-controller and klipper-helm image version b72306ce3d Return the error since it just gets logged and retried anyways 5986898419 Use SubjectAccessReview to validate CCM RBAC dc556cbb72 Set controller authn/authz kubeconfigs 199424b608 Pass context into all Executor functions 137e80cd86 Handle cgroup v1/2/hybrid in check-config.sh more explicitly/accurately 928b8531c3 [master] Add `etcd-member-management` controller to K3s (#4001) 699ea16523 go mod tidy 57377d2cd4 Minor cleanup on cribbed function 3449d5b9f9 Wait for apiserver readyz instead of healthz 3d27804c77 Anything not EL7 is EL8 b4d8c641c6 Add exposed metrics listener instead of replacing loopback listener 29c8b238e5 Replace klog with non-exiting fork 90960ebf4e SupportPodPidsLimit is locked to true of 1.20, making pids cgroup support mandatory 741ba95b04 Migrate sqlite data to etcd when initializing the cluster a1ec43e0b7 feat: add option to disable s3 over https 8b857eef9c Ship Stargz Snapshotter (#2936) cf12a13175 Add missing node name entry to apiserver SAN list 74196acaea added raspberry installation hint (#2379) fdaa0c4210 Update maintainers to reflect team changes b8add39b07 Bump kine for metrics/tls changes ad1a40a96c Small updates to CONTRIBUTING (#3734) 933052a02c Fix condition for adding kubernetes endpoints (#3941) 4d6ddfea51 Bump stable to v1.21.4+k3s1 60297a1bbe Creation of K3s integration test Sonobuoy plugin (#3931) 84155ee313 Make consistent use of os-release vars 2a68c7c8a4 Fix issue where addon checksum was never stored 736c262612 Move cniplugins version to 0.9.1 96dcef478a Add functions to separate ipv4 from ipv6 functions a9fce84ab6 github actions: enable workflow_dispatch (#3923) 114b30277f Redux: Enable K3s integration test to run on existing cluster (#3905) f94d8d76a8 Check /etc/os-release exists before sourcing it 51b7451709 install.sh: Inform user of current k3s+SELinux support status for SUSE/openSUSE systems 331c6fed71 Remove runtime V1 (`containerd-shim`) c23e63aeea Update RootlessKit to v0.14.5 (#3902) 176451f4ea Fix rootless regression in 1.22 (Set KubeletInUserNamespace gate) (#3901) 66dacc6ee0 Revert "Enable K3s integration test to run on existing cluster (#3892)" (#3899) 703b5af950 Enable K3s integration test to run on existing cluster (#3892) 58315fe135 Set osImage for docker image 156bae2940 Fix PREVIOUS_CHANNEL lookup when current minor release is not stable e95b75409a Fix lint failures a5355f0827 Replace dropped v1beta1 APIs with v1 dc14f370c4 Update wrangler to v0.8.5 c434db7cc6 Wrap errors in runControllers for additional context 422d266da2 Disable deprecated insecure port 641ab26fde Update containerd to 1.5 16616c6b90 Update grpc 54a7c860c7 Update kine for etcd v3.5 compat 92b651e548 update golangci config to sync with RKE2 4ebd6009ea Bump gopls and golangci-lint 872855015c Update etcd to v3.5.0 e204d863a5 Update Kubernetes to v1.22.1 ed5991f13b K3s Flock Integration Test (#3887) e322924781 Reset load balancer state during restoraion (#3877) a55921b33d Add missing labels to stalebot config 8e90c56f5c Update Kubernetes to v1.21.4-k3s1 544cf406aa Bump containerd to v1.4.9-k3s1 a1097984c0 Bump helm-controller to work around tiller crashes b23955e835 Fix URL pruning when joining an etcd member (#3832) e87204c064 Added new testing documentation (#3823) a1e36153f9 Added locking system for integration tests (#3820) ae909c73e5 Updated the code to use GetNetworkByName and tweaked logic. 4cc781b5e3 Moved testing utils into tests directory. Improved gotests template. (#3805) dcf0657b20 account for an s3 folder when listing objects (#3807) b4eca61aeb Prevent snapshot commands from creating empty snapshot directory (#3783) 3b01157a3a Use New Image Names (#3749) bc96ffb5f3 Fix Node stuck at deletion (#3771) 338f9cae3f Bump helm-controller to v0.10.2 80a15bebc0 install.sh: Use built-in shell functionality instead of awk dfd4e42e57 Wrap context with lease before importing images 2069cdf4ee Fix initial start of etcd only nodes (#3748) 429af17e4d update rancher/local-path-provisioner to v0.0.20 56109f96b3 Update MAINTAINERS (#3744) 5ab3590d9b Improve config retrieval messages 869b98bc4c Sync DisableKubeProxy into control struct 4f03532f47 Add nightly automation tests 09457a57d5 Add in stalebot config, starting with 6mo old stale issues. (#3739) b1b5f72dc3 Notify systemd for etcd only node (#3732) 7704fb6ee5 Exporting the AddFeatureGate function and adding a unit test for it. (#3661) fc19b805d5 Added logic to strip any existing hyphens before processing the args. (#3662) a1d7a62493 Fix to allow non-root users access to storage volumes. (#3714) 90445bd581 Wait until server is ready before configuring kube-proxy (#3716) 21c8a33647 Introduction of Integration Tests (#3695) f99b1c8798 add gotests templates (#3709) 71e1f1df8c Ignore markdown files for github actions (#3676) 1f6806d940 Update 1.21 stable version 20a48734c2 more fixes 7ebcc4b134 more fixes b4401296ec replace error with warn in delete 2f82bfcf67 fix warning msg b377839148 migrate old token key format 997ed7b9b4 simplifying the code ad17292fa8 migrate empty string key properly a65e5b6466 Fix multiple bootstrap keys found 37fcb61f5e move go routines for api server ready beneath wait group c5832c1128 Bump Kubernetes to v1.21.3 b352d73511 Bump containerd to v1.4.8-k3s1 18bc98f60c adding startup hooks args to access to Disables and Skips (#3674) dcabe14edd Update .github/ISSUE_TEMPLATE/feature_request.md 8840c937e6 Update .github/ISSUE_TEMPLATE/bug_report.md bba49ea447 Fix to allow prune to correctly cleanup custom named snapshots (#3649) f6be76b4f7 Add checkbox to denote backporting required on issue templates aef8a6aafd Adding support for waitgroup to the Startuphooks (#3654) ad28d18b19 Bump helm-controller to v0.10.1 (#3644) d96fa8f727 Add issue template for creating release checklist issues (#3604) a939decf01 fix a runtime core panic (#3627) 55fe4ff5b0 Convert existing unit tests to standard layout (#3621) fbc41ed753 Upgrade k3s-root version 238dc2086e prevent snapshot save when snapshots are disabled (#3475) a4c992ce52 🐳 burp to inetaf/tcpproxy dd8398dc76 Bump the packaged runc binary version ada145641c Update etcd snapshot error message to be more informative when etcd database is not found (#3568) a62d143936 Fixing various bugs related to windows. e1cd9438ad Update ROADMAP.md 81b006c938 Dispatch to rancher/system-agent-installer-k3s when tagged (#3589) 73df2d806b Update embedded kube-router (#3557) 77fcf2dfc5 missing build tag for windows 18367e12d0 Set ulimits in docker-compose.yml 8faa70dced Update to v1.21.2 6b3285b7e3 Fix coverage reporting to include all packages, not just those with tests c833183517 Add unit tests for pkg/etcd (#3549) cbfe673c43 Fix spelling to satisfy codespell check cbacd7107e Allow passing targeted environment variables to containerd 4a6e87e5a2 Add user-facing change section to PR template a5cff7e143 (docs) Update README.md f5fbb9a9a8 Export cli server flags and etcd restoration functions (#3527) 246b378a27 Bump kine to resolve race condition and unrevisioned delete 3e1693bc97 Changes local storage pods to have 700 permissions (#3537) 7242ce9316 Redux: Add Unit Test Coverage to CI (#3524) 04398a2582 Move cloud-controller-manager into an embedded executor (#3525) f3d0a857d2 Bump stable version to v1.21.2+k3s1 (#3526) a84c75af62 Adds a command-line flag '--disable-helm-controller' that will disable the server's built-in helm controller. cf55712767 Revert "Add Unit Test Coverage to CI (#3494)" (#3499) 216b3beaef Add Unit Test Coverage to CI (#3494) 82394d7d36 Basic windows agent that will join a cluster without CNI. 136dddca11 Fix storing bootstrap data with empty token string (#3422) a629db023c Fail to start k3s if nm-cloud-setup is enabled 4b2ab8b515 Renamed client-cloud-controller crt and key (#3470) ef23c6c548 Redux: Change containerd image leases from context lifespan to permanent (#3464) b74c499709 Revert "Change containerd image leases from 24h to permanent (#3452)" (#3461) 86b3ba8dba Change containerd image leases from 24h to permanent (#3452) 88f95ec409 Send systemd notifications for both server and agent (#3430) a7d1159ba6 Emit events for AddOn lifecycle ea2cd6d727 Add comments, clean up imports and function names 6e48ca9b53 Tidy up function calls with many args 6ef000091a Add nodename to UA string for deploy controller 2afa3dbe1c Changed iptables version check for fail if version is between 1.8.0 and 1.8.3 and using nf_tables mode (#3425) f6cec4e75d Add kubernetes.default.svc to serving certs 243fd14cf1 Change Replace with ReplaceAll function afd506a595 fix possible race where bootstrap data might not save 2682183773 add log message indicating etcd snapshots are disabled 664a98919b Fix RBAC cloud-controller-manager name 3308 (#3388) 5e0527f304 cgroup2 CI: add rootless daf527ccaf k3s-rootless.service: use fuse-overlayfs snapshotter 1576030d6b Add a path for wireguard's privatekey 7345ac35ae Initial windows support for agent (#3375) 3abe7c7cef Bump stable version to v1.21.1+k3s1 and add v1.21 channel d415e41337 Update flannel version cb25835d84 containerd: v1.4.4-k3s2 79cf4a7c83 Bump channel stable version to v1.20.7+k3s1 25c2888d28 Fix shell expansion and file permission issues install.sh f11cbc5a8e runc: v1.0.0-rc95 (#3348) ecbf17e2ed move object channel defer close to goroutine 254b52077e add retention default and wire in s3 prune 7e175e8ad4 Handle conntrack-related sysctls in supervisor agent setup c824c3bcc1 Add support for multiple env files for systemd unit e8ecc00fc8 add etcd snapshot save subcommand Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
* k3s: update to v1.21.5Bruce Ashfield2021-10-121-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | Bumping k3s to version v1.21.5+k3s2-2-gaa5a0a8c78, which comprises the following commits: aa5a0a8c78 set transport to skip verify if se skip flag passed (#4102) (#4104) 3ee5098225 Add "etcd-" prefix to etcd-snapshot commands as aliases (#4161) (#4171) 724ef700ba Bump containerd to v1.4.11+k3s1 69a9f46bce Don't evacuate the root cgroup when rootless 0af55a830a Skip tests that violate version skew policy 9e66f975d5 Fix PREVIOUS_CHANNEL lookup when current minor release is not stable 38ddda587a Properly handle operation as init process 15f3a2ebfb Enable the inheritance of settings for ipv6 273827d4ba Update build images to python3 for compat with recent gsutil change 8c2f7ac41c Remove experimental from cluster commands acad8ef840 [release-1.21] Update Kubernetes to v1.21.5 (#4032) 6acee2e2f5 No-op when etcd member was already removed and use existing name for etcd controller (#4015) 863512e055 Initial leader elected etcd member management controller (#4010) 37caf87d6d Add exposed metrics listener instead of replacing loopback listener a8a6edfb0d Add missing node name entry to apiserver SAN list 659307d327 Fix condition for adding kubernetes endpoints (#3941) (#3946) 7cf85c235a Fix issue where addon checksum was never stored 656c190629 Reset load balancer state during restoraion (#3878) Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
* kubernetes: introduce devupstream variantBruce Ashfield2021-10-121-1/+15
| | | | | | | | | | | | | | Introduce a devupstream variant of k8s, so we can track development while also packaging the latest released versions. We set the SRECREV to 1.23.x as it was previously, and before the go version dependency bumps to above where OE core is currently providing. We move the patches to a :append, so they can apply to both the released and devupstream versions. Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
* k8s: set to 1.22.3 releaseBruce Ashfield2021-10-121-3/+4
| | | | | | | | | | | | As it turns out 1.23.x won't release in time for the next meta-virt release, so we back off to the 1.22.x release branch. To avoid PV issues when the number goes backwards, we add PE = "1" to the versioning. 1.23.x will return in a devupstream format in another commit. Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
* podman: upate to v3.4.oBruce Ashfield2021-10-041-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We adjust the LICENSE checksum due to: commit 84694170402ff699065382ba2d2fb172c3b6c88f Author: Daniel J Walsh <dwalsh@redhat.com> Date: Thu Aug 26 13:15:23 2021 -0400 Globally replace http:// with https:// [NO TESTS NEEDED] Hopefully existing tests will find issues. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> and import the following changes: 6e8de00bb Bump to v3.4.0 3c93afbf4 Final release notes update for v3.4.0 128e168be Support selinux options with bind mounts play/gen 855746cc9 Fix release notes 09b353081 Release notes for v3.4.0 final release 2247d5f1b Disable docker and alias to podman in FCOS ignition 7d72e8324 [NO TESTS NEEDED] Add port configuration to first regular container 4fc40c82f Remind user to check connection or use podman machine 5064fd519 Ensure pod ID bucket is properly updated on rename ba74d6e6e libpod: do not call (*container).Config() a1199dbaf [CI:DOCS] cmd/podman: no dot for short descriptions ddc2b9bbe System tests: speed up. They've gotten too slow. b3af5a92c stop: Do nothing if container was never created in runtime 7bfc5250d remote build: EvalSymlinks() the context directory 7395459c7 podman machine: do not join userns 5e9aa13dc added healthcheck to ps command 6638a91e8 Fix english on prune prompt 31df5b78f rootful: do not set XDG_RUNTIME_DIR for cni plugins 8c944274f Revert "rootful: unset XDG_RUNTIME_DIR" 6ef2d3bd8 shell completion: do not show images without tag 063ba47d7 Update docs for --platform in podman-build.1 0f87cfd28 podman generate kube should not include images command da67c7199 Also show the (initial) disk size 2c5382ba9 Show cpus and memory in machine list 57c055f61 Ignore mount errors except ErrContainerUnknown when cleaningup container 8084c5ef2 Allow machine options to be set from containers.conf c0efa0dba Vendor in containers/buildah v1.23.1 6c7445d2b Vendor in containers/common v0.44.2 d6f6767a5 Set context dir for play kube build f2c676e99 [3.4] podman save: enforce signature removal 8ee18bde1 Use a new markdown converter for sphinx 9dd75d311 Bump to v3.4.0-dev e343b5368 Bump to v3.4.0-rc2 5bc648762 Release notes for v3.4.0-RC2 72e19cf51 Generate kube should'd add podman default environment vars 909cbfe21 sync container state before reading the healthcheck 897150946 Eighty-six eighty-eighty e06abee1d vendor c/psgo@v1.7.1 d45cbbda3 Add a backoff and retries to retrieving exited event 70da2e858 [CI:DOCS] Add network alias note in man pages a98e0371e Remove references to kube being development 70a428662 Support --format tables in ps output 45f8b01f6 Add podman image/container inspect man pages 863ea75c4 compat API: /images/json prefix image id with sha256 c66db2b70 [CI:DOCS] Add link to skopeo delete in podman rmi 7bfe9ca3d remote untag: support digests 7e6921170 System tests: cleanup, and remove obsolete skips 8784c1dd6 Remove unused code from libpod 79966def8 [CI:DOCS] markdown cleanup be15a01c5 Only add 127.0.0.1 entry to /etc/hosts with --net=none d27fcbdc2 container runlabel remove image tag from name 1a25a90a4 Fix /auth compat endpoint c8fd65ea6 fix inverted condition 3bd3c6213 Fix machine image 331ce0f7e utils: return error message from StartTransientUnit 046fa2740 utils: raise warning only on cgroupv2 6001cd02a test/apiv2: set main version back to 3 4406ebb46 [3.4] vendor c/common@v0.44.1 40eeb7d3b runtime: move pause process to scope e6fe5d631 system: move MovePauseProcessToScope to utils ae5a5b51b system: always move pause process when running on systemd 34c9ce2ec system: avoid reading pause pid file 41cd360dc Bump to v3.4.0-dev bd47b9eff Bump to v3.4.0-rc1 29edeaa89 Fix buildah-bud tests by using main's diff file 66eb69224 Fix podman-build manpages by using version from main a647e1d18 Fix release notes 0d43151c2 Remove Pod CPU tests fd56c8386 Set DEST_BRANCH in cirrus to fix CI 4841ec5c6 Final release notes for v3.4.0 RC1 5532cd488 libpod: honor --cgroups=split also with pods e07dccc3a build: take advantage of --platform lists c7c4cb886 build.bats: fix copy tests after containers/buildah#3486 c407813d6 build: mirror --authfile to filesystem if pointing to FD instead of file 69e327378 Bump to Buildah v1.23.0 331d4c5c7 Further release notes updates 901cf71a6 Show variant and codename of the distribution 507000a30 api: handle nil pointer dereference in rest endpoints 702e524ff Fix example in podman machine init man page c8cbd87fd Document `all` query parameter for /libpod/images/prune 939db105c tests: enable --cgroups=disabled test for rootless e0881fd5e tests: simplify --cgroups=disabled test 74bc365eb Enhance bindings for IDE hints e37883f13 Cirrus: NM/CNI workaround + Remove prior-Ubuntu 0ca62196a libpod: rootful close binded ports b6789c3d5 fix restart always with rootlessport ffc8e57d3 remove rootlessport socket to prevent EADDRINUSE fd8d332a4 test: enable --cgroup-parent test 33591c3ef Search gvproxy with config.FindHelperBinary() 1af0f8934 Add deprecated fields for 1.22+ clients that still expect them c6e4453f6 If container exits with 125 podman should exit with 125 5829d62ea Use default username for podman machine ssh c487389fa bump c/common to v0.44.0 069d90124 Initial release notes for v3.4.0 RC1 3c24d1fda Remove pod create options `--cpus` and `--cpuset-cpus` fceec6972 Use new aarch64 fcos repos 31604b43d Revert "logs: adjust handling around partial log messages" c23f81fab Fix #11444: remote breaks with stdout redirection a8875faca [CI:DOCS] Remove short 'a' option from all-tags eec59cea2 Bump github.com/containers/storage from 1.35.0 to 1.36.0 deaf96924 Refacter API server emphasis on logging 4fbc5b8fe Stop outputting 'healthy' on healthcheck 81751bebc Bump github.com/opencontainers/selinux from 1.8.4 to 1.8.5 f5e4ffb5e Add init containers to generate and play kube d2e10a71d podman unshare keep exit code 309d98971 Bump github.com/containers/psgo from 1.5.2 to 1.6.0 f87f27ddc Add /containers/stats response to API docs 8d638d502 try to create the runroot before we warn that it is not writable 5bf220144 machine: set filemodes in octal 6f36a47ac podman machine: enforce a single search registry 50688da29 stats: detect containers restart 2b85382ca api: correctly set the container stats 53dc99fa6 stats: allow to read stats for paused containers a4cc32c2c Fix missing args in name in example 5fdd0431b Cirrus: Run unit-tests rootless 4ccb4f81f Add a system test to modify and import an exported container. c65b43a0f Bump github.com/godbus/dbus/v5 from 5.0.4 to 5.0.5 7cf22279d Fix conmon attach socket buffer size e5468d404 test/e2e/search_test.go - relax tests 78c5a47fc vendor mpb@v7.1.4 6888b061d inspect: printTmpl must Flush writer 4d9dcab0c podman upgrade tests for networking bbdaf837b Normalize auth key before calling `SetAuthentication` 2f967b81c Add logDriver to podman info ab272d1e9 Add 'Machine %q started' message when podman machine start successful cee689af1 Fix spacing on --userns options in docs 1ff797e36 system tests: new random_free_port helper a1cab358c fix play kube can't use infra_image in config file 6aa666a27 container inspect: improve error handling aa412ccc4 test/testvol/main.go: Fix missing arguments to Errorf() f18ccbcc0 fix play kube --network options 748c2700b pkg/bindings/images.nTar(): set ownership of build context to 0:0 bfcd83ecd Add Checkpointed bool to Inspect 0d1ba0a58 Remove changelog.txt from the repository 8b4f99ac2 QEMU Apple Silicon: Find BIOS FD wherever 1150d1b0b Document default timeout for libpod API Container Restart d1573b95e generate systemd: handle --restart 1eaa44959 logs -f: file: fix dead lock 3d02cfb5e network create: add warning for deprecated macvlan flag bd6403927 cgroup-info: check if user.slice is valid before accessing value 57133bb33 Fix warning of unsupported feature on MacOS c01f7725a TCG Accel fallback for Apple Silicon. Iss #10577 ebd37ede9 Example says there is not IP then in the next command suggests to use it 11fc0e554 kube: Add support for podman pod logs ce5baa125 feat: add localhost into hosts if the networking mode is not host e151f4c9f Fix #11418 - Default TMPDIR to /tmp on OS X 5d31c4250 Bump release to 3.3.1 274a3bc80 Remove unused stubs intended to start a machine with libvirt 8d9e19b03 Spell "build linux darwin" as "build !windows". d346e6e73 Add filtering functionality to http api secrets list 90998176d machine: always check error of net.Dial, even after last try 02a0d4b7f auto-update systemd test: skip on RHEL b3bb7da72 [#11408] podman help machine init cba114dd3 manifest: rm should not remove referenced images. a077335ce make podman run --systemd case insensitive ddeaaa47c Drop dependency on iproute e3c7e02a0 System tests: add cleanup & debugging output abdedc31a rootlessport: allow socket paths with more than 108 chars a55f595fe podman stop always cleanup f9a689f3e generate systemd: clarify limitations of `--new` 1ed0a7209 Cirrus: Reduce APIv2 task timeout 1fb07c422 Make secret env var available to exec session d674eb41e [CI:DOCS] podman cp: highlight globbing and multi-file copy 10144b707 pass LISTEN_* environment into container 9f7bad7da Use UNMERGED vbauerster/mpb PR to fix a pull deadlock b3aee22bd Cirrus: Skip APIv2 tests for [CI:DOCS] 375c3a7b3 docs: fix indentation for userns modes 1122c66ce upgrade test: add new baseline a2a166345 clean up socket and pid files from podman machine 06f94dd09 rootless cni: resolve absolute symlinks correctly ec1f350ee container: resolve workdir after all the mounts happen. de3920c0e auto-update: fix authfile label 9b7ef3dad runtime: Warn if XDG_RUNTIME_DIR is set but is not writable. a5adc3d80 Add support for mount options to API db60a1e65 Add support for libsubid 846941704 Globally replace http:// with https:// ab6c43f3e Shell completion for --format with anonymous fields d28e85741 InfraContainer Rework 1e6d1e5c6 Add filter params description to volume list/prune docs f5ce02b22 Bump github.com/containers/image/v5 from 5.15.2 to 5.16.0 d5507704e volumes: Add volume import to allow importing contents on tar into volume e88b62b34 Fix swagger issue c6e12a2e4 Bump github.com/fsnotify/fsnotify from 1.4.9 to 1.5.1 1dc6d1473 Fix file descriptor leaks and add test 1e176923b teardown play kube 3f22e5296 Allow setting of machine stream and image path from containers.conf 274d6fa19 generate systemd: use --cidfile again 4b2dc48d0 podman inspect show exposed ports 74ab2aaf9 Revert "generate systemd: custom stop signal" c0b1edd6a Network interface 70801b3d7 generate systemd: custom stop signal 3007bd4a9 130-kill.bats: increase timeouts from 10s to 60s 21f396de6 logs: adjust handling around partial log messages b20a54705 330-corrupt-images: don't try to tag with a canonical name fc6a02033 bump github.com/containers/common 1411fa5f2 libpod/Container.readFromJournal(): don't skip the first entry 6b06e9b77 Switch eventlogger to journald by default 02e59c668 utils.RunUnderSystemdScope(): always close Conn d06d285e6 logFile until flag issue edddfe8c4 volumes: Add support for exporting volumes to external tar d24a5d9fd Bump github.com/opencontainers/runc from 1.0.1 to 1.0.2 7b54a5fbe profiling: higher memory sampling rate fe4dc452e Bump github.com/containers/buildah from 1.22.0 to 1.22.3 1493b86c7 Bump github.com/onsi/gomega from 1.15.0 to 1.16.0 feff0d3c4 Use pod netns with --pod-id-file 57a0ed182 Bump k8s.io/api from 0.22.0 to 0.22.1 319c85e89 Support for --tls-verify flag in podman run & podman create e5d8defc4 Update README for 3.3.0 release 33fee83de add flag to record memory profiles db7eaa98b Bump k8s.io/apimachinery from 0.22.0 to 0.22.1 c22f3e8b4 Implement SD-NOTIFY proxy in conmon 7f3f792e2 Fix network aliases with network id fd32c73e3 Update /version endpoint to add components 745f6d949 e2e tests: fix overlay: Unknown option vfs.imagestore 16dfce486 Podman info output plugin information 0897946f6 [NO TESTS NEEDED] Clean up swagger b19812b5a machine: compute sha256 as we read the image file 043457192 machine: check for file exists instead of listing directory 82bb999e3 Bump github.com/containers/image/v5 from 5.15.1 to 5.15.2 2d0a0c0d2 fix rootlessport flake 592fae422 Volumes: Only remove from DB if plugin removal succeeds 9dd088e55 Cirrus: Confirm CGv1 / CGv2 VM expectations 5c837fe5b Skip stats test in CGv1 container environments dc7038288 Fix AVC denials in tests of volume mounts 77f665200 Restore buildah-bud test requiring new images 14f3658da Revert ".cirrus.yml: use fresh images for all VMs" aeffdb05d pkg/bindings/images.nTar(): slashify hdr.Name values cd40c875a Add ability to build images in play kube f0247df89 Bump github.com/rootless-containers/rootlesskit from 0.14.4 to 0.14.5 970529b6a Documented ways to fix firewall rules that are lost when firewalld reloads c1b7787a2 Bump github.com/containers/image/v5 from 5.15.0 to 5.15.1 bfc936261 Cirrus: Resolve two upgrade-test FIXMEs 1f632f357 fix: unifiedOverlays should be assigned if no conflicts found. e9f4d8179 Bump github.com/containers/storage from 1.34.0 to 1.34.1 e7ee15f8c cgroup-manager-systemd:Fail early if user:rootless and relevent session is not present. 3cee85531 libpod/option.go remove error stutter from wrap/wraf fe2be7f88 make sure that signal buffers are sufficiently big f98569946 volume: move validating volume dest from client to server. 91e21bed4 rootful: unset XDG_RUNTIME_DIR 2a8c41448 Fix rootless cni dns without systemd stub resolver 257d5e8a7 Fixed healthcheck default values when container created via compat API d99756434 Add space trimming check in ValidateSysctls bef26f258 rename oneshot initcontainers to once 9fc946563 Set gvproxy path to /usr/libexec/podman/gvproxy 5a32946d6 For compatibility, ignore Content-Type 404488a08 Run codespell to fix spelling 643178c1e Revert "Use static path for gvproxy" 73a755eec Fix device tests using ls test files d0e3b3c3a Enhance priv. dev. check cfbbc38a5 Workaround host availability of /dev/kvm 2e3ba9cd9 Change connection error to be helpful for machine users ed30ae4a8 Add until filter to podman pod ps 800a65fb2 [CI:DOCS] Fix multi-arch image docs 4e4c4b62f Bump github.com/opencontainers/selinux from 1.8.3 to 1.8.4 af46a64a8 Document source ip for the rootlesskit port handler f7de8bc80 Bump github.com/containers/storage from 1.33.1 to 1.34.0 8b9b925e7 skip flaking auto-update test 27443660c Enable docker-py compat. testing w/ ignored result 221b1add7 Add support for pod inside of user namespace. 12ac4198c Libpod images pull changes e7b7c90ba Reproducible Builds: trim embedded cgo paths 170fb2572 Alias build to buildx, so it won't fail bb96da9f1 Skip cgroup-parent test due to frequent flakes a4bdc67c4 Added autocompletion for images and system connections 1adeb2b70 podman info show correct slirp4netns path 79e4baf4c Bump github.com/onsi/gomega from 1.14.0 to 1.15.0 541e83ffe personality: Add support for setting execution domain. 88b9cbd5e Bump k8s.io/api from 0.21.3 to 0.22.0 e52187e7f show podman machine ssh command line 30df551bd auto-update: simple rollback adee0ca59 Bump github.com/BurntSushi/toml from 0.3.1 to 0.4.1 eb2e99101 Bump k8s.io/apimachinery from 0.21.3 to 0.22.0 c9e2f2f60 [CI:DOCS] tests-expect-exit: include source line numbers 8cbbbe6ef Fix TS parsing for fractional values 3c3fa6fac implement init containers in podman f4dd22b31 Cirrus: Fix not uploading logformatter html ddc360fe1 Bump Buildah to v1.22.0 [NO TESTS NEEDED] 41f94a4dc Fix podman unpause,pause,kill --all to work like podman stop --all cfcd1e186 Do not add an entry to /etc/hosts with `--net=host` f40a0e7c8 Handle timezone on server containers.conf e78f3e8c4 Bump github.com/docker/docker bd29ec4c3 Bump github.com/rootless-containers/rootlesskit from 0.14.3 to 0.14.4 9cc974c96 Only support containers stats using cgroups v2 ecf103302 podman info: try qfile before equery cc43b5133 image scp: fix typo in output e88d8dbea fix rootless port forwarding with network dis-/connect 4acc1d685 Use static path for gvproxy a210a2292 Compat API: Fix healthcheck status and healthcheck config 0762c7e97 Bump github.com/opencontainers/selinux from 1.8.2 to 1.8.3 985c71708 Fix handling of user specified container labels 03ffba29a podman-registry: minor usability updates 0ab9d19ad Bump to v4.0.0-dev 34b28d959 e2e tests: re-enable and fix podman stats tests c0952c733 Support size and inode options on builtin volumes 1d10ca739 Created scp.go image_scp_test.go and podman-image-scp.1.md 8ccf2539e test: move container process to a sub-cgroup cdbbd7915 stats: add a interval parameter to cli and api stream mode Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
* kubernetes: update sed expressionKai Kang2021-09-301-1/+1
| | | | | | | | | | It misses a backslash in sed expression and causes warning when run do_compile: | sed: -e expression #1, char 35: Unmatched ) or \) Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
* lxc: Fix -c command for lxc-attachsana kazi2021-09-162-0/+37
| | | | | | | | | | Added fix_c_command.patch the -c command seems to be broken because the passed context is ignored and always overwritten by the context specified in the config file. Signed-off-by: Sana Kazi <Sana.Kazi@kpit.com> Signed-off-by: Sana Kazi <sanakazisk19@gmail.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
* lxc: update to 4.0.10 and switch to gitBruce Ashfield2021-09-161-6/+4
| | | | | | | | To more easily pull in fixes / backports from newer versions, switching to git. This also allows bisecting and easier support when we run into upgrade issues. Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
* singularity: update generic "BSD" license specificationBruce Ashfield2021-09-161-1/+1
| | | | | | | | Although singularity is somewhat broken, the LICENSE was not precisely set, so we update the field to indicate that it is BSD clause 3 or Apache 2 licensed. Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
* spf13-pflag: update license to specific BSD clauseBruce Ashfield2021-09-161-1/+1
| | | | | | | "BSD" is generic, we update our license to the specific clause of the package. Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
* spf13-pflag: update to 1.0.4Bruce Ashfield2021-09-161-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumping pflag to version v1.0.5-4-gd5e0c06, which comprises the following commits: d5e0c06 allow for blank ip addresses (#316) 85dd5c8 Add IPNetSlice and unit tests (#170) 6971c29 remove dead code for checking error nil (#282) 81378bb Add exported functions to preserve `pkg/flag` compatibility (#220) 14457a6 Remove require pflag v1.0.3 e8f2996 Fix typo in go.mod 8e39cc4 gofmt 68f4136 Add SliceValue Comments b22fc70 Expand SliceValue support to all slice and array types. c6c0f0f Add first SliceValue implementations 9722382 Added String-To-Int64 option parsing (#211) 4890c25 Fix package doc b3e76d4 Fix descriptions for StringSlice functions 24fa697 fix misspell (#197) 916c5bf Fix typo in count.go (#196) aea12ed add int32 & int64 slice support (#194) 454a7fb add float32 & float64 slice support (#192) 082b515 Travis: test on 1.9 as well (#191) 252d3ee travis: update to 1.10 and 1.11 in travis tests (#190) 0873577 Fix golint import path (#189) b5e1a80 Sentence restructure and grammar fix (#188) 298182f Fix panic when parsing unknown flag followed by empty argument (#173) d929dcb Handle single string=>string flags without quotes (#179) 947b89b Add map valued (string->string, string->int) flags. (#133) 9a97c10 bytes: add support for base64 encoded flags (#177) 3ebe029 Allow bubbling up of -test.* flags (#169) 583c0c0 Typo correction in flag.go (#164) 329ebf1 Allow Users To Show Deprecated Flags (#163) 1ce0cc6 make x.Parsed() return true after AddGoFlagSet(x) and pflag.Parse() (#162) 1cd4a0c add ability to ignore unknown flags (#160) ad68c28 Add multiline wrapping support (#155) 45e82a3 Implement BytesHex type of argument (#115) ee5fd03 doc: clarify difference between string slice vs. array (#158) 6a877eb DurationSlice: implementation and tests (#122) 4c012f6 Add uintSlice and boolSlice to name prettifier (#150) 97afa5e Prevent printing when using ContinueOnError (#144) 1f33b80 add int16 flag (#143) a9789e8 Remove redundant break 2c300e7 Fixing Count flag usage string (#141) be7121d Fix SetNormalizeFunc (#137) 5c2d607 Generate flag error output for errors returned from the parseFunc (#138) 7aff26d New: renamed intSlice to ints in usage 230e229 Fixed: updated unittest adc6ccc New: added a default name to avoid stringSlice in the usage message. e57e3ee Delete example, what isn't even shown in docs 80fe0fb Testing for Shorthand Lookup 75859d1 Add example to FlagSet.ShorthandLookup 86425cb Add example to ShorthandLookup 10b28b3 Add note about panic in ShorthandLookup a84f757 Allow lookup by shorthand (#106) c990990 Add Go 1.8.1 to .travis.yml af3f947 Update .travis.yml f1d95a3 Unify error message for panic and f.out 314c91c Use comparison a string with "" instead of comparison of len 1cd6182 Prevent parsing if there are no arguments 9c8891d Add more verbosity to panic of shorthand redefinition 1d9fab4 Use f.out in output flag deprecation 4995a3e Make more detailed error in Set 9421342 Add comments for better understanding of parsing short flags 159e1d7 Document Count function e466d44 Delete setFlag 686edd7 Fix alreadythere variable name af10531 Note about SortFlags in README e453343 flag_test: fix go vet (#123) 0328f15 Cache sorted flags 9a906f1 Prevent changing order of flags after SetNormalizeFunc() (#121) d16db1e Modified to display a string default value as double quoted and escaped (#118) d90f37a Add SortFlags option (#113) b205ad1 Change `ogier` to `spf13` in docs and README 9ff6c69 Add FlagSet.FlagUsagesWrapped(cols) which wraps to the given column (#105) 3f939ad Removed unused field "exitOnError". Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
* go-errors: update license to precise BSD variantBruce Ashfield2021-09-161-1/+1
| | | | | | BSD as a license is not precise, updating to the specific variant. Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
* go-errors: update to 0.8.1Bruce Ashfield2021-09-161-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumping go-errors to version v0.8.1-32-g5dd12d0, which comprises the following commits: 5dd12d0 AddingPowerSupport_CI/Testing (#234) 614d223 Revert "Support Go 1.13 error chains in `Cause` (#215)" (#220) 49f8f61 Support Go 1.13 error chains in `Cause` (#215) 004deef remove unnecessary use of fmt.Sprintf (#217) 6d954f5 feat: support std errors functions (#213) 7f95ac1 Add support for Go 1.13 error chains (#206) 91f1693 travis.yml: add Go 1.13 ca0248e fix travis, 1.10 doesnt support by unconvert anymore 27936f6 travis.yml: add Go 1.12 (#200) 856c240 Add json.Marshaler support to the Frame type. (#197) ffb6e22 Reduce allocations in StackTrace.Format (#194) e9933c1 Restore performance improvements from #150 ee1923e Return errors.Frame to a uintptr 72fa05e errors: detect unknown frames correctly (#192) c38ea53 Remove errors.Frame to runtime.Frame conversions (#189) c9e70be Makefile: switch to staticcheck (#187) ee4766c Fix error during merge 584cbac Remove checks for old style anon funcs (#186) 42ce1b6 Remove Frame methods (#185) 937e8c5 gofmt -w e19cb69 Remove last reference to runtime.FuncForPC (#184) 4f47277 Switch to runtime.CallersFrames (#183) 537896a travis: remove Go 1.8 and earlier (#182) 31aac83 travis: use Makefile (#181) 5ac96ae Update README.md ba968bf gofmt -w errors.go (#179) 059132a Update .travis.yml (#168) d58f942 Bump Travis versions (#172) 6ed0a2e Fix StackTrace print example 2233dee Copyedit the package documentation (#135) e981d1a Add WithMessagef function (#118) c059e47 fixed spelling (#156) 816c908 travis.yml: add Go 1.10 (#154) e1ac100 reduce allocations when printing stack traces (#149) 30136e2 Remove deadcode (#146) e881fd5 Fix minor typo in README.md (#142) 8842a6e Add badge for number of dependent libraries (#109) e4f5060 Fix doc comment for exported Format func (#137) f15c970 Remove an unused argument of utility test func (#139) 2b3a18b travis: add 1.9.x to go versions (#133) c605e28 Add doc comment for exported Format func (#115) ff09b13 Bump Go versions, use latest patch releases (#110) bfd5150 Move benchmark assigned err to global exported variable (#106) 248dadf Bump Go versions (#91) Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
* lxc: Enable seccomp support for lxcsana kazi2021-09-092-0/+48
| | | | | | | | | | | Enabled seccomp support for lxc. Also added a patch to enable seccomp.profile only when compiled with libseccomp. Currently, seccomp.profile is silently ignored. This could lead to the false impression that the seccomp filter is applied while it actually isn't. Signed-off-by: Sana Kazi <Sana.Kazi@kpit.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
* podman: update to 3.3.1Bruce Ashfield2021-09-061-2/+2
| | | | | | | | | | | | | | | | | | | | | | Bumping libpod to version v3.3.1-2-g364efce39, which comprises the following commits: 1b33f7675 Bump to v3.3.2-dev 4c5283fab Bump to v3.3.1 bea109608 clean up socket and pid files from podman machine 68a059d89 Update release notes for v3.3.1 0103a0459 rootless cni: resolve absolute symlinks correctly 77948c8b4 Add filter params description to volume list/prune docs aa754c7e2 logFile until flag issue f363b805c Fix file descriptor leaks and add test d1ea54549 utils.RunUnderSystemdScope(): always close Conn 17afae4eb Use pod netns with --pod-id-file c16daa07e e2e tests: fix overlay: Unknown option vfs.imagestore 85846b633 change error comparison for exec.ErrNotFound 822818287 generate systemd: use --cidfile again 8aeaf681d Bump to v3.3.1-dev 98f252a3a Bump to v3.3.0 Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
* virtual/containerd: don't rprovide virtual/Bruce Ashfield2021-09-064-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | Similar to the oe-core commit: commit 93ac180d8c389f16964bce8bd5538d9389e970e6 Author: Michael Opdenacker <michael.opdenacker@bootlin.com> Date: Wed Sep 1 11:20:20 2021 +0200 meta: stop using "virtual/" in RPROVIDES and RDEPENDS Fixes [YOCTO #14538] Recipes shouldn't use the "virtual/" string in RPROVIDES and RDEPENDS. That's confusing because "virtual/" has no special meaning in RPROVIDES and RDEPENDS (unlike in PROVIDES and DEPENDS). Instead, using "virtual-" instead of "virtual/" as already done in the glibc recipe. We stop rproviding virtual/containerd to keep the namespace clean. There aren't many users of this virtual provides, but we keep it around (for now) to maintain compatibility. At the same time we convert the RPROVIDES to virtual-containerd, to keep it available and consistent with oe-core use virtual-libc, etc. Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
* virtual/runc: don't rprovide virtual/Bruce Ashfield2021-09-065-5/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | Similar to the oe-core commit: commit 93ac180d8c389f16964bce8bd5538d9389e970e6 Author: Michael Opdenacker <michael.opdenacker@bootlin.com> Date: Wed Sep 1 11:20:20 2021 +0200 meta: stop using "virtual/" in RPROVIDES and RDEPENDS Fixes [YOCTO #14538] Recipes shouldn't use the "virtual/" string in RPROVIDES and RDEPENDS. That's confusing because "virtual/" has no special meaning in RPROVIDES and RDEPENDS (unlike in PROVIDES and DEPENDS). Instead, using "virtual-" instead of "virtual/" as already done in the glibc recipe. We stop rproviding virtual/runc to keep the namespace clean. There aren't many users of this virtual provides, but we keep it around (for now) to maintain compatibility. At the same time we convert the RPROVIDES to virtual-runc, to keep it available and consistent with oe-core use virtual-libc, etc. Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
* cri-o: update to 1.22-devBruce Ashfield2021-08-271-2/+2
| | | | | | | Updating to the latest cri-o development branches to align with k*s testing and dev. Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
* containerd: update to v1.5.5Bruce Ashfield2021-08-271-2/+2
| | | | | | | | | | | | | | | Bumping containerd to version v1.5.5-11-g69e5db821, which comprises the following commits: 27e164648 Allow expanded DNS configuration 8cfab161f CI: Switch to available latest images b9d5cff5d Update Go to 1.16.7 fe195c343 mergo: Upgrade to 0.3.12 to fix panic 677fade0f Prepare release notes for v1.5.5 166a81f88 snapshot/devmapper: log exported methods correctly eb4ba99fe Install apparmor parser for arm64 environment 0bc1e1d8a update seccomp version Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
* docker-distrubution: update to 2.7-latestBruce Ashfield2021-08-271-1/+1
| | | | | | | | | | | | Not much of an update, but we pickup the latest compatibility restrictions: Bumping docker-distribution to version v2.7.1-32-g61e7e208, which comprises the following commits: d836b23f [release/2.7] update to go1.16 cc341b01 Added flag for user configurable cipher suites Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
* runc-docker: update to 1.0.2Bruce Ashfield2021-08-271-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumping runc to version v1.0.2-2-g04bcb7c7, which comprises the following commits: 86d83333 VERSION: back to development 52b36a2d VERSION: release 1.0.2 8ec57628 libct/cg/sd/v1: add SkipFreezeOnSet knob 1850dc16 libct/cg/sd/v1: add freezeBeforeSet unit test 4ce440f2 libct/cg/sd/v1: Fix unnecessary freeze/thaw 13b45cb4 libct/nsenter: fix unused-result warning 7cf1952f libct/nsenter: fix logging race in nsexec e2e5267c [1.0] script/release.sh: make builds reproducible 960182fd libct/seccomp: skip redundant rules 4c70105b libct/cg/v1: workaround CPU quota period set failure 1d454045 Do not use Vagrant for CentOS 7/8 c8d8fd5b tests/rootless.sh: fixup for "update rt" test 257018e7 tests/int: fix "update rt period and runtime" for rootless 76c047f1 Evaluate Cirrus CI for Vagrant tests 466d1a1a VERSION: back to development 4144b638 VERSION: release 1.0.1 4efb7a69 libct/cg/sd: add TestPodSkipDevicesUpdate 82d3eb69 libct/cg/sd: TestFreezePodCgroup: rm explicit freeze 2fc2e3d6 libct/cg/sd/v1: Set: avoid unnecessary freeze/thaw ef0aa849 libct/int/TestFreeze: test freeze/thaw via Set 01cd4b5f libct/int: allow subtests 22b2ff0f libct/cg/sd/v1: Set: don't overwrite r.Freezer 04edd79d libct/cg/sd: Don't freeze cgroup on cgroup v2 Set 298a3100 Update device update tests 257723b3 ci/gha: run on release-* branches after a push 4dc207a6 cgroupv2: ebpf: ignore inaccessible existing programs 90d01a04 vendor: update github.com/cilium/ebpf 3f40fbff libct/cg/sd: Add freezer tests c1a5b3e1 libct/cg/fs/freezer.GetState: report current cgroup state 0a5d8ba4 libct/user: fix parsing long /etc/group lines 5fd7b3b7 libct/user: ParseGroupFilter: use TrimSpace 0025bf68 libct/user: use []byte more, avoid allocations 3745b2be [1.0] retry unix.EINTR for container init process e99c0f5e tests/int/no_pivot: fix for new kernels 84113eef VERSION: release runc 1.0.0 29168172 tests/int/cgroups: add test for bfq per-device weight 1036f3f9 libct/cg/fs2: set per-device io weight if available 30d83d4d libct/cg/fs/blkio: do not set weight == 0 d7fc3028 libct/cg/fs*: mark {Open,Read,Write}File as deprecated 8f1b4d4a libct/cg: mv fscommon.{Open,Read,Write}File to cgroups 322c8fd3 Returns clearer error message for setenv 46940ed8 update cilium/ebpf to fix haveBpfProgReplace() check 6339d8a0 libcontainer/cgroups/fs/blkio: support BFQ weight[_device] 01f5dcae build(deps): bump tim-actions/get-pr-commits from 1.0.0 to 1.1.0 bd8e0701 libct/cg/sd: fix "SkipDevices" handling 1b2abc89 github: workflows: fix tiny typo b31a9340 libcontainer: relax validation for absolute paths dbb35411 configs/validator: move cgroup validation to the list of checks 9573e4b6 libct/cg/fs: don't forget to close a file 9ebc573a cgroupv2: ebpf: debug info when detaching programs in fallback mode a3ca7b47 cgroupv2: ebpf: check for BPF_F_REPLACE support and degrade gracefully d06bda60 libct/cg/sd/dbus: fix NewDbusConnManager 535f25c4 Allow restoring with a different LSM profile 508f5bf6 libct/int: add device update test 8fe3dfbb libcontainer/system: remove alias for deprecated RunningInUserNS 3f23a736 libcontainer/configs: remove stubs for deprecated Devices funcs b2d28c5d libct/cg/sd: fix dbus error handling bf7492ee runc update: skip devices c3831d64 libct/cg/fs/stats_util_test: use t.Helper 9eb0371b libct/cg/fs/memory_test: fix formatting e969d421 libct/int/testPids: logging nits a5bd78ef vendor: willf/bitset@v1.1.11 -> bits-and-blooms/bitset@v1.2.0 65cf0e61 Bump selinux to v1.8.2 f99d252d docs/terminals.md: add troubleshooting 49ea4b37 update crosbymichael email 3e1bcb1f libcontainer/keys: var should be sessKeyID/ringID (golint) 1fb56f9f libcontainer/cgroups/devices: if block ends with a return statement c2416fb4 libcontainer/system: fix godoc (golint) 9be156cb libcontainer/devices: fix godoc (golint) 340fdd93 libcontainer/nsenter: fix captalization (golint) 81fc5c87 libcontainer/user: fix capitalization (golint) e204d6a9 libcontainer/configs: add / fix godoc (golint) c0643046 libcontainer/apparmor: split api (exported) from implementation 02fb18ed libcontainer/user: remove unused ErrUnsupported 9e964dfc build(deps): bump github.com/opencontainers/selinux from 1.8.0 to 1.8.1 470610d0 build(deps): bump github.com/cilium/ebpf from 0.5.0 to 0.6.0 31f58829 build(deps): bump github.com/coreos/go-systemd/v22 from 22.3.1 to 22.3.2 c836265b build(deps): bump github.com/sirupsen/logrus from 1.7.0 to 1.8.1 074aa044 build(deps): bump google.golang.org/protobuf from 1.25.0 to 1.26.0 7ca54562 Enable dependabot e6048715 Use gofumpt to format code 1eea9253 cgroup2: io: add io.stats parsing test 0fef122f cgroup2: io: handle 64-bit values correctly on 32-bit architectures efca32c7 cgroup2: io: map io.stats to v1 blkio.stats correctly 49d293a5 cgroup2: capitalize io stats read and write Op values 0e16e7c2 libct/cg/sd: add SkipDevices unit test f5a2c9cc tests/int/dev: only call lsblk once aa934af0 runc -v: set default for, always show main.version 37767c05 ci: lint: show all errors in PRs 07ca0be0 *: clean up remaining golangci-lint failures 752e7a82 libct/cg/sd: fix SkipDevices for systemd fdc28957 Makefile: use git describe for $COMMIT 33c9f8b9 libct/cg/sd: return error from stopUnit Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
* runc-opencontainers: update to v1.0.2Bruce Ashfield2021-08-272-13/+18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We refresh our patch context and pickup the following commits: Bumping runc to version v1.0.2-2-g04bcb7c7, which comprises the following commits: 86d83333 VERSION: back to development 52b36a2d VERSION: release 1.0.2 8ec57628 libct/cg/sd/v1: add SkipFreezeOnSet knob 1850dc16 libct/cg/sd/v1: add freezeBeforeSet unit test 4ce440f2 libct/cg/sd/v1: Fix unnecessary freeze/thaw 13b45cb4 libct/nsenter: fix unused-result warning 7cf1952f libct/nsenter: fix logging race in nsexec e2e5267c [1.0] script/release.sh: make builds reproducible 960182fd libct/seccomp: skip redundant rules 4c70105b libct/cg/v1: workaround CPU quota period set failure 1d454045 Do not use Vagrant for CentOS 7/8 c8d8fd5b tests/rootless.sh: fixup for "update rt" test 257018e7 tests/int: fix "update rt period and runtime" for rootless 76c047f1 Evaluate Cirrus CI for Vagrant tests 466d1a1a VERSION: back to development 4144b638 VERSION: release 1.0.1 4efb7a69 libct/cg/sd: add TestPodSkipDevicesUpdate 82d3eb69 libct/cg/sd: TestFreezePodCgroup: rm explicit freeze 2fc2e3d6 libct/cg/sd/v1: Set: avoid unnecessary freeze/thaw ef0aa849 libct/int/TestFreeze: test freeze/thaw via Set 01cd4b5f libct/int: allow subtests 22b2ff0f libct/cg/sd/v1: Set: don't overwrite r.Freezer 04edd79d libct/cg/sd: Don't freeze cgroup on cgroup v2 Set 298a3100 Update device update tests 257723b3 ci/gha: run on release-* branches after a push 4dc207a6 cgroupv2: ebpf: ignore inaccessible existing programs 90d01a04 vendor: update github.com/cilium/ebpf 3f40fbff libct/cg/sd: Add freezer tests c1a5b3e1 libct/cg/fs/freezer.GetState: report current cgroup state 0a5d8ba4 libct/user: fix parsing long /etc/group lines 5fd7b3b7 libct/user: ParseGroupFilter: use TrimSpace 0025bf68 libct/user: use []byte more, avoid allocations 3745b2be [1.0] retry unix.EINTR for container init process e99c0f5e tests/int/no_pivot: fix for new kernels 84113eef VERSION: release runc 1.0.0 29168172 tests/int/cgroups: add test for bfq per-device weight 1036f3f9 libct/cg/fs2: set per-device io weight if available 30d83d4d libct/cg/fs/blkio: do not set weight == 0 d7fc3028 libct/cg/fs*: mark {Open,Read,Write}File as deprecated 8f1b4d4a libct/cg: mv fscommon.{Open,Read,Write}File to cgroups 322c8fd3 Returns clearer error message for setenv 46940ed8 update cilium/ebpf to fix haveBpfProgReplace() check 6339d8a0 libcontainer/cgroups/fs/blkio: support BFQ weight[_device] 01f5dcae build(deps): bump tim-actions/get-pr-commits from 1.0.0 to 1.1.0 bd8e0701 libct/cg/sd: fix "SkipDevices" handling 1b2abc89 github: workflows: fix tiny typo b31a9340 libcontainer: relax validation for absolute paths dbb35411 configs/validator: move cgroup validation to the list of checks 9573e4b6 libct/cg/fs: don't forget to close a file 9ebc573a cgroupv2: ebpf: debug info when detaching programs in fallback mode a3ca7b47 cgroupv2: ebpf: check for BPF_F_REPLACE support and degrade gracefully d06bda60 libct/cg/sd/dbus: fix NewDbusConnManager 535f25c4 Allow restoring with a different LSM profile 508f5bf6 libct/int: add device update test 8fe3dfbb libcontainer/system: remove alias for deprecated RunningInUserNS 3f23a736 libcontainer/configs: remove stubs for deprecated Devices funcs b2d28c5d libct/cg/sd: fix dbus error handling bf7492ee runc update: skip devices c3831d64 libct/cg/fs/stats_util_test: use t.Helper 9eb0371b libct/cg/fs/memory_test: fix formatting e969d421 libct/int/testPids: logging nits a5bd78ef vendor: willf/bitset@v1.1.11 -> bits-and-blooms/bitset@v1.2.0 65cf0e61 Bump selinux to v1.8.2 f99d252d docs/terminals.md: add troubleshooting 49ea4b37 update crosbymichael email 3e1bcb1f libcontainer/keys: var should be sessKeyID/ringID (golint) 1fb56f9f libcontainer/cgroups/devices: if block ends with a return statement c2416fb4 libcontainer/system: fix godoc (golint) 9be156cb libcontainer/devices: fix godoc (golint) 340fdd93 libcontainer/nsenter: fix captalization (golint) 81fc5c87 libcontainer/user: fix capitalization (golint) e204d6a9 libcontainer/configs: add / fix godoc (golint) c0643046 libcontainer/apparmor: split api (exported) from implementation 02fb18ed libcontainer/user: remove unused ErrUnsupported 9e964dfc build(deps): bump github.com/opencontainers/selinux from 1.8.0 to 1.8.1 470610d0 build(deps): bump github.com/cilium/ebpf from 0.5.0 to 0.6.0 31f58829 build(deps): bump github.com/coreos/go-systemd/v22 from 22.3.1 to 22.3.2 c836265b build(deps): bump github.com/sirupsen/logrus from 1.7.0 to 1.8.1 074aa044 build(deps): bump google.golang.org/protobuf from 1.25.0 to 1.26.0 7ca54562 Enable dependabot e6048715 Use gofumpt to format code 1eea9253 cgroup2: io: add io.stats parsing test 0fef122f cgroup2: io: handle 64-bit values correctly on 32-bit architectures efca32c7 cgroup2: io: map io.stats to v1 blkio.stats correctly 49d293a5 cgroup2: capitalize io stats read and write Op values 0e16e7c2 libct/cg/sd: add SkipDevices unit test f5a2c9cc tests/int/dev: only call lsblk once aa934af0 runc -v: set default for, always show main.version 37767c05 ci: lint: show all errors in PRs 07ca0be0 *: clean up remaining golangci-lint failures 752e7a82 libct/cg/sd: fix SkipDevices for systemd fdc28957 Makefile: use git describe for $COMMIT 33c9f8b9 libct/cg/sd: return error from stopUnit Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
* skoeo: update to 1.4.x release seriesBruce Ashfield2021-08-272-7/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | updating to the 1.4.x release series, we refresh our Makefile patch and pick up the following commits: 6b2aa5da [release-1.4] Bump to v1.4.2-dev 130f32f0 [release-1.4] Bump to v1.4.1 6f99811c [release-1.4] Bump c/image 5.15.2 c/storage 1.34.1 c/common 0.42.1 a9f5f10c [release-1.4] Bump c/storage 1.34.0, c/image 5.15.1 and c/common 0.43.0 a44da449 Release 1.4.0 3d9340c8 vendor-in-container: update to golang:1.16 961d5da7 Accept repositories on login/logout fb03e033 update c/common, c/image, c/storage d70ea890 Update on Building on Ubuntu ce6035b7 Add timeouts when waiting on OpenShift or the registry to start 3a8d3cb5 Add docs and bash completions aeb61f65 Add support for decompressing while copying to dir:// 76eb9bc9 Update to enabled containers/image version a1f9318e Fix two instances of unused err found by go-staticcheck d82c6621 Bump github.com/containers/storage from 1.32.6 to 1.33.0 f0c49b5c Multi-arch image build: Daily version-tag push 5e550664 CONTRIBUTING: small fixes to commands 726d982c Fix --tls-verify bb447f2f Test both imageOptions and imageDestOptions in TestTLSVerifyFlags 2a98df6b Split testing of --tls-verify into separate TestTLSVerifyFlags a6cf2f42 Add the --tls-verify option to (skopeo logout) 285a5cb6 Fix using images from rate-limited docker hub 02bacf57 Use Fedora container for doccheck ae0595c5 Man page validation: part 2 of 2 ec73ff3d docs: Adding info re container signatures e460b9aa [CI:DOCS] Multi-arch image workflow: Make steps generic ee054863 Update nix pin with `make nixpkgs` 2476e99c Cirrus: Freshen CI images 76103a6c Bump github.com/containers/common from 0.40.1 to 0.41.0 990908bf Bump github.com/containers/storage from 1.32.5 to 1.32.6 ede29c91 Remove an unnecessary break 75f0183e Remove an unnecessary Sprintf 7ace4265 Fix TestDockerRepositoryReferenceParser 3d4fb09f Remove unused code 4efeb71e Set cobra.Command.CompletionOption already in createApp a0ce5421 Bump version to v1.4.0-dev f80bf8a3 Revert "integration tests: disable `ls` for logs" c39b3dc2 CONTRIBUTING: update vendoring instructions 8eaf0329 disable `completion` command aeb75f38 Bump github.com/spf13/cobra from 1.2.0 to 1.2.1 83603a79 Bump github.com/spf13/cobra from 1.1.3 to 1.2.0 6d6c8b56 Update tests for removal of error and Error from error messages 09282bcf Fix some comments in man-page-checker 09ca3ba4 Improve the description of (skopeo list-tags) 22908fb3 Include the mandatory --output option in synopsis of (skopeo standalone-sign) a3725128 Support **non-replaceable strings** in synopsis e4d13920 Use (make validate-local) in the validate target e716b2fa man page checker - part 1 of 2 97eaace7 Cirrus: Rename cross -> osx task, add cross task. 30c0eb03 Bump github.com/containers/ocicrypt from 1.1.1 to 1.1.2 5918513e Cirrus: Add vendor + tree status check b20c2d45 Run unit tests as well, not integration tests twice d0f7339b Bump github.com/containers/storage from 1.32.4 to 1.32.5 012ed661 Reintroduce the GNU semantics of DESTDIR c30b904c Add --retry-times to markdown docs 9fbb9abc Workaround quay.io image build failure 4417dc44 Update brew to avoid 403 on accessing https://homebrew.bintray.com 93b819a7 Fix automation re: master->main rename e7c5e9f7 Bump github.com/containers/storage from 1.32.3 to 1.32.4 1eac38e3 Bump github.com/containers/common from 0.40.0 to 0.40.1 b1e78efa Bump github.com/containers/storage from 1.32.2 to 1.32.3 298f7476 Bump github.com/containers/image/v5 from 5.13.1 to 5.13.2 5778d9bd Fix documentation of the --format option of skopeo copy and skopeo sync df170047 Bump github.com/containers/common from 0.39.0 to 0.40.0 ad4ec8b4 Cirrus: New VM Images w/ podman 3.2.1 abdc4a7e Bump github.com/containers/image/v5 from 5.12.0 to 5.13.1 bcc18ebf Update nix pin with `make nixpkgs` 9b9ef675 Fix multi-arch build version check 9a5f009e [CI:DOCS] Fix docs links due to branch rename 865407ca Bump github.com/containers/storage from 1.32.1 to 1.32.2 10c4c877 Update nix pin with `make nixpkgs` e32f3f17 Bump github.com/docker/docker 76110014 Fix wrong directory name a0b6ea28 Support [CI:DOCS] mode e5cb7ce1 install.md Building Docs needs MacOS section c8060838 Bump github.com/containers/storage from 1.32.0 to 1.32.1 cac3f2b1 Bump github.com/containers/common from 0.38.4 to 0.39.0 6452a9b6 Multi-arch github-action workflow unification 184f0eee Bump github.com/containers/storage from 1.31.1 to 1.31.2 65ed9920 Move to v1.3.1-dev Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
* crun: update to 0.21-latestBruce Ashfield2021-08-271-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | Bumping crun to version 0.21-15-g360f5d0, which comprises the following commits: 2199d10 tests: update containerd version 1798d5a cgroup: chown cgroup to root b5cdeb5 cgroupv1: add support for setting memory.use_hierarchy 7cfdf09 Makefile.am: link libcrun to $(FOUND_LIBS) d4d1825 linux: treat pidfd_open EINVAL as ESRCH 62149b3 Update nixpkgs ac00581 Dockerfile: delete file c4c3cdf NEWS: release 0.21 69bd7dc Doc: cgroups v2 and RT processes unsupported 6397998 krun/kvm: crun should silently/gracefully switch to krun when needed. 92499bd container: wrap execv in retry-on-eintr b04a335 cgroup: lookup pids controller as well 448494e README.md: drop travis badge 1bbf562 Reflect #696 in crun's manpage e836219 rpm: fix license 2b88faa status: add fields for owner and created timestamp b07c389 criu: fix error check 09401bb linux: fix unitialized variable b222968 cgroup: fix a memory leak Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
* docker-ce: update to 20.10.8Bruce Ashfield2021-08-271-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | Bumping docker-cli to version v20.10.8-2-g62eae52c2, which comprises the following commits: 2012fbf11 Update Go to 1.16.7 0b924e51f Update to go1.16.6 6288e8b1a change TestNewAPIClientFromFlagsWithHttpProxyEnv to an e2e test 1e9575e81 cli/config/configfile: various test cleanups c98e9c47c Use designated test domains (RFC2606) in tests 8437cfefa context: deprecate support for encrypted TLS private keys 68a5ca859 cli/context: ignore linting warnings about RFC 1423 encryption 8a6473963 Update Dockerfiles to latest syntax, remove "experimental" 1d37fb302 Deprecate Kubernetes context support 0793f9639 Deprecate Kubernetes stack support b639ea8b8 Deprecate Kubernetes stack support Bumping docker to version v20.10.8-2-gd24c6dc5cf, which comprises the following commits: decb56ac89 Update Go to 1.16.7 e8fb8f7acd [20.10] update containerd binary to v1.4.9 4cfeb27f78 update runc binary to v1.0.1 067918a8c3 [20.10] update containerd binary v1.4.8 Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
* docker/moby: update to 20.10.8Bruce Ashfield2021-08-271-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | Bumping docker-cli to version v20.10.8-2-g62eae52c2, which comprises the following commits: 2012fbf11 Update Go to 1.16.7 0b924e51f Update to go1.16.6 6288e8b1a change TestNewAPIClientFromFlagsWithHttpProxyEnv to an e2e test 1e9575e81 cli/config/configfile: various test cleanups c98e9c47c Use designated test domains (RFC2606) in tests 8437cfefa context: deprecate support for encrypted TLS private keys 68a5ca859 cli/context: ignore linting warnings about RFC 1423 encryption 8a6473963 Update Dockerfiles to latest syntax, remove "experimental" 1d37fb302 Deprecate Kubernetes context support 0793f9639 Deprecate Kubernetes stack support b639ea8b8 Deprecate Kubernetes stack support Bumping moby to version v20.10.8-2-gd24c6dc5cf, which comprises the following commits: decb56ac89 Update Go to 1.16.7 e8fb8f7acd [20.10] update containerd binary to v1.4.9 4cfeb27f78 update runc binary to v1.0.1 067918a8c3 [20.10] update containerd binary v1.4.8 Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
* k3s: update to 1.21.4Bruce Ashfield2021-08-271-2/+2
| | | | | | | | | | | | | | | | | | Bumping k3s to version v1.21.4+k3s1-1-g656c190629, which comprises the following commits: 656c190629 Reset load balancer state during restoraion (#3878) 3e250fdbab Update Kubernetes to v1.21.4-k3s1 5802b429f8 Bump containerd to v1.4.9-k3s1 abb6581a94 Bump helm-controller to work around tiller crashes e45726f610 Fix URL pruning when joining an etcd member 18bc38d838 account for an s3 folder when listing objects (#3807) (#3812) 12ec437605 fix Node stuck at deletion (#3775) 69047a35c0 Bump helm-controller to v0.10.2 cc694b1f09 Notify systemd for etcd only node (#3733) e6247d583c [Backport 1.21] Cannot write data to local PVC (#3721) 786f91b997 Fix multiple bootstrap keys found Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
* podman: update to 3.3.0Bruce Ashfield2021-08-271-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumping libpod to version v3.3.0-2-g8809aed56, which comprises the following commits: 8aeaf681d Bump to v3.3.1-dev 98f252a3a Bump to v3.3.0 2408247f4 Final release notes for v3.3.0 dd3a49703 Fix network aliases with network id b5e04ae11 machine: compute sha256 as we read the image file a52b6bf23 machine: check for file exists instead of listing directory b71ef443a pkg/bindings/images.nTar(): slashify hdr.Name values f0d0c48d2 Volumes: Only remove from DB if plugin removal succeeds 89818f72b For compatibility, ignore Content-Type 7fb7f15af [v3.3] Bump c/image 5.15.2, buildah v1.22.3 5fc7c880a Implement SD-NOTIFY proxy in conmon 15fff7d91 Fix rootless cni dns without systemd stub resolver 63e06acfe fix rootlessport flake a92441e1b Skip stats test in CGv1 container environments 37b22af33 Fix AVC denials in tests of volume mounts daa311db3 Restore buildah-bud test requiring new images 2757d868c Revert ".cirrus.yml: use fresh images for all VMs" cd0677d89 Fix device tests using ls test files ce7ed3359 Enhance priv. dev. check 1d54315b6 Workaround host availability of /dev/kvm c0d0d31c4 Skip cgroup-parent test due to frequent flakes 0c7f08805 Cirrus: Fix not uploading logformatter html a098eafce Bump to v3.3.0-dev 7aa18e0a6 Bump to v3.3.0-RC3 e200b07f5 Release notes for v3.3.0-RC3 204ac5d46 [v3.3] Bump c/storage to v1.34.1 and c/image to v5.15.1 440188f3b fix gvproxy path search for macos de67e990e Bump to v3.3.0-dev 88559c197 Bump to v3.3.0-rc2 1acbdf940 Set gvproxy path to /usr/libexec/podman/gvproxy 7442f0b85 Revert "Podman Pod Create --cpus and --cpuset-cpus flags" 61a5e9812 Address review comments e63753afd Final release notes for v3.3.0-RC2 f9f315c75 Document source ip for the rootlesskit port handler 66c0024a0 podman info show correct slirp4netns path d746a7e09 show podman machine ssh command line 4b42265b5 Fix TS parsing for fractional values 85d5c24ed Handle timezone on server containers.conf 67bf11e8c Fix podman unpause,pause,kill --all to work like podman stop --all a1afb2300 Do not add an entry to /etc/hosts with `--net=host` a82006160 Only support containers stats using cgroups v2 c836ffe5b Compat API: Fix healthcheck status and healthcheck config 04e59f11d podman info: try qfile before equery 870576b39 test: move container process to a sub-cgroup cb7f0a302 Fix handling of user specified container labels d749770fe Release notes for v3.3.0-RC2: Initial 0c82c6fa8 Bump github.com/rootless-containers/rootlesskit from 0.14.3 to 0.14.4 0eec16ce9 fix rootless port forwarding with network dis-/connect 50c6cc229 [v3.3] Bump to Buildah v1.22.0 [NO TESTS NEEDED] b1c9c5b5f Disable aarch64 support 489e0f075 Cirrus: CI Support for v3.3 Branch b347a3583 Bump to v3.3.0-dev ce0dee984 Bump to v3.3.0-rc1 c1156d48b Bump github.com/containers/storage from 1.33.0 to 1.33.1 58672847e Bump github.com/containers/image/v5 from 5.14.0 to 5.15.0 9d33abac6 Fix auto-update system test for older systemd 2a484e782 ps: support the container notation for ps --filter network=... 732ece6ae Add `--accept-repositories` integration tests d59391c04 system tests: fix race in stop test 2b5d9cd7d Fix: healthcheck tests use .Should() instead of .To() 872c442e6 Remove ReadHeaderTimeout 724d04823 rootless: avoid zombie process on first launch 1d34a2c4c Update transfer.md ec9dad7e4 buildah bud tests under podman-remote a9f6592af Fixed Healthcheck formatting, string to []string 4df6e31cc remote build: fix streaming and error handling e3b0ba928 [CI:DOCS] Update podman-cp manpage 013267006 cp: consolidate and simplify 67d439197 rootless: check that / is mounted as shared 32b589216 Multi-arch image build: Daily version-tag push 60b9e8c0d Added tests for out of and into pod checkpoint and restore support eb9446778 Support checkpoint/restore with pods 3375cbb19 Vendor in go-criu v5.1.0 for Pod checkpoint/restore support 92dce3e2f Prepare CRIU version check to work with multiple versions b09073832 Bump github.com/containers/storage from 1.32.6 to 1.33.0 0aec93edc cp system tests: reduce number of exec's 6fe03b25a support container to container copy 63ef5576e command: migrate doesn't move process to cgroup a0313ef92 rootless: do not overwrite err variable 7689783ae exec: fix cleanup fd1f57b3a Fixed Healthcheck formatting, string to []string 7fa4d2cb1 Add prune until filter test for podman volume cli 8d5d5face dual-stack network: fix duplicated subnet assignment 5473490c6 fix: podman manifest push respect --tls-verify flag c197d19fe play kube: support capitalized pull policy 1b6423e9f refine dangling checks 23a938fa2 Bump github.com/containers/image/v5 from 5.13.2 to 5.14.0 1a188f622 Add tests to verify CORS is enabled 2c9f18100 Fix handling of shadow-utils dcb5c92c0 import: write stdin to tmp file 8f9d33b7f Networking test: fix silent breakage 0f708efd8 Implemented --until flag for libpod's container logs 9c659b3bc docs: fix broken remote client link 2d8e837a9 Add until filter to volume ls filters list 12f4b14a1 Add notes to flags not supported on cgroups V2 3e79296a8 Support DeviceCgroupRules to actually get added. 4376f14c3 Ensure journald events tests only run where supported ac588c751 [CI:DOCS] Fix GitHub URL to Podman logo db2f47428 Drop podman create --storage-opt container flag 595227095 e2e tests: prevent 'Expect(ExitCode())' pattern 064bd9d19 Copy the content from the underlying image into the newly created volume. Fixes: #10262 313c7118e system tests: cleaner, safer use of systemd e64545004 [CI:DOCS] Multi-arch image workflow: Make steps generic 2b98a226b system test: auto-update: multiarch fixes caf03fd7a system test: auto-update: allow running as rootless 117850e6e Fix handling of selinux labels in podman play kube 6430c1316 [CI:DOCS] refine the runlabel man page eaaca4999 compat: image create: handle platform correctly 80e807a19 Flake Fix: Wait before connecting container port c622c7f2a (minor) typo fix: timeout variable 0784a5d04 Bump github.com/opencontainers/runc from 1.0.0 to 1.0.1 b92bbfd76 Just restore protections of shadow-utils 81e32b180 Kube: Add liveness probe for containers. b8accad0e Update Release Notes and README for 3.2.3 50fcb06e7 Bump k8s.io/api from 0.21.2 to 0.21.3 2e02942d4 vendor containers/common@main 6f1c7a0b6 systemd: require network*-online*.target e1ac0c303 vendor containers/common@main e3a09c51e Bump k8s.io/apimachinery from 0.21.2 to 0.21.3 be51173ed APIv2 (python) tests: fix flake 9924c57d4 podman start: remove containers configured for auto removal af40dfc2b --infra-name command line argument 7996e2b82 Randomize the auto-update of podman containers e4dcb1004 System tests: fix a multiarch problem ec6150751 Correct a typo in documentation f7321681d podman pod create --pid flag 0007c98dd Fix race conditions in rootless cni setup 547fff270 e2e tests: use Should(Exit()) and ExitWithError() 59f31d86a auto-update: add --dry-run e73d48299 CNI-in-slirp4netns: fix bind-mount for /run/systemd/resolve/stub-resolv.conf c9970647b podman-remote build use .containerignore over .dockerignore 100c23dc5 Fix up documentation of the userns audit flag 48e6a8eed Return macvlan object in /network REST API response Fixes: #10266 6ced24d0b Fix broken volume and container tests 01cfb51fe auto-update: make output more user friendly 92c9def93 Update nix pin with `make nixpkgs` cbbb1a80f Perform a one-sided close of HTTP attach conn on EOF 7d6f3c4dc Bump github.com/google/uuid from 1.2.0 to 1.3.0 6fcf0b2f3 auto update: minor style nits a90a4ec7c auto update: pass through a context a8847c01f auto-update: use libimage for image checks eda8d1f58 auto update: fix authfile detection db26e1ef9 auto-update: make restarted unit more obvious 6ca574dc3 Update USE in order to fix tests fe044d51e Fix cirrus-cron failure notification GH workflow 6cac65c84 fix: uid/gid for volume mounted to existing dir 084dbeb56 Bump github.com/containers/storage from 1.32.5 to 1.32.6 00db5c6ea Manifest create subcommand should accept more than 2 arguments 48ff2ef5a Don't exclude Dockerfile, Containerfiles from tar content 6bdb990c9 Restore headers of optional information in 'podman pod ps' 4624142c2 Implemented Until Query Parameter for Containers/logs a2d15d981 Mention new hostname for loopback IP daebdf385 Add container config to compat image inspect 00ed696ed fix: logo not loading after barnch renaming 95c463785 Update docs/tutorials/rootless_tutorial.md: e5fcffc55 Remove GetStore function from Libpod 563532aef Bump github.com/onsi/gomega from 1.13.0 to 1.14.0 38863e764 Replace old RESTful tutorial with updated README 38bef70b3 manifest push --rm: use libimage for removal 2c7c67958 Make rootless-cni setup more robust 518457b35 Bump github.com/cyphar/filepath-securejoin from 0.2.2 to 0.2.3 59abb77fc multiple image pull support 4ea4a92c0 Fixed notation for macOS 0c9dc86de Create podman temp dir on machine start ed51e3f54 podman service reaper 84da70a0f update shell completion scripts 924cd37a3 Bump github.com/spf13/cobra to v1.2.1 8f6a0243f podman diff accept two images or containers 735be1248 force github.com/spf13/cobra@v1.1.3 7eb9ed975 vendor containers/common@main 8606ead91 [CI:DOCS] podman search: clarify that results depend on implementation 493786fba podman: ignore ESRCH from kill 86c601414 Implement --archive flag for podman cp 092902b45 Handle advanced --network options in podman play kube 40ef17ac2 Cirrus: Fixes due to master->main rename 8b52204ba vendor containers/common@7482cf851dcc 2243b6020 reset: remove external containers on podman system reset 2ce78aace Enhance system connection add URL input 6d37e0348 Add CNI rootless networking troubleshooting for v2.2.1 05f39af5b Bump github.com/containers/storage from 1.32.3 to 1.32.5 3e8c0e00d Make system connection ls deterministic fb5f70296 Bump github.com/containers/ocicrypt from 1.1.1 to 1.1.2 1edada477 Makefile: remove install.cni 3d0e08f04 prefix `ETCDIR` with `${PREFIX}/` f95b0995e remove `pkg/registries` e7507fe7c make DriverOpts name consistent. a7a701196 fix: swapped volume relabel option values 364e8a26d pkg/systemd: don't require LISTEN_FDNAMES for socket activation b39aacf32 add @mtrmac to OWNERS b1082696e cp: do not allow dir->file copying ee7a9d736 [NO TESTS NEEDED] suggestions for incorrect cmds b56b4b537 read secret config from config file if no user data. 15fbf950e [CI:DOCS] podman save: clarify formats and transports 9db534e53 [NO TESTS NEEDED] Create /etc/mtab with the correct ownership 7d83f9b6c [CI:DOCS] Follow-up to PR 10676 bbd085ad1 Podman Pod Create --cpus and --cpuset-cpus flags 6ecdf4c38 Health Check is not handled in the compat LibpodToContainerJSON f2dff41db Support log_tag defaults from containers.conf 525cb54e1 [CI:DOCS] push/pull docs: clarify supported transports 5fc622f94 create: support images with invalid platform f26fa5392 Podman Stats additional features 1aa9dcfad markdown/*: typos 'a image' d12027e0d disable tty-size exec checks in system tests a0b24de32 Add support for volume prune until filter to http api 1f388ede6 Add --format to connection list a84fa194b getContainerNetworkInfo: lock netNsCtr before sync e01460853 Do not use inotify for OCICNI 7f98d2ddb docs: podman-rmi removes dangling parent images ee4cab0e0 logs: k8s-file: restore poll sleep f4ba433b1 logs: k8s-file: fix spurious error logs 0fb165ed0 Fix systemd-resolved detection. 9cc3473b5 Bump k8s.io/api from 0.21.1 to 0.21.2 1e36be439 Add support for podman login --verbose 7864108ff fix systemcontext to use correct TMPDIR 9a02b5055 Add an entry for `/run/user-$UID/libpod` to tmpfiles b56d6c646 Bump github.com/containers/storage from 1.32.2 to 1.32.3 d39823085 Bump k8s.io/apimachinery from 0.21.1 to 0.21.2 2bd382c8c Fix documentation of the --format option of podman push b6662eed3 Vendor in containers/common v0.40.0 bd9987239 Scrub podman commands to use report package 6b230bc92 Fix multi-arch image build clone:failure 705b799af Cirrus: Prevent BZ1965743 workaround pruning e344a5899 [CI:DOCS] UPDATE manpages with MANPAGE_SYNTAX 666f555aa Fix resize race with podman exec -it 404d5edb1 .cirrus.yml: use c5521575421149184 for Ubuntu 769df3207 test: drop invalid test 969cc3237 utils: move message from warning to debug 517479731 utils: improve error message eb927dc84 Docs Switch from Query Param to Header 9c81b8cf7 add correct slirp ip to /etc/hosts fc9868e22 Fix panic condition in cgroups.getAvailableControllers 2a974e8b9 Create user storage dir with correct permissions 5f2c0f63a Fix building static podman-remote 81eb71fe3 Fix permissions on initially created named volumes 3ddadc532 Image import fromSrc now supports OS/Arch 302b3084e Restart all containers with restart-policy=always on boot e8006c797 Fix handling of podman-remote build --device 4bca1984a UPDATE manpages with MANPAGE_SYNTAX 8d860cfcd podman-run.1.md:detach-keys: spell the default value just once ded2f004f Fall back to string for dockerfile parameter 44d9c453d Fix network connect race with docker-compose ad3b56c62 Fix volumes with uid and gid options 3a65ba2fa Add support for podman remote build -f - . 991647c77 Add documentation on ignore_chown_errors 40d70334e System tests: the continuing multiarch saga 62f4b0a19 Add ExecDied event and use it to retrieve exit codes 341e6a162 Always spawn a cleanup process with exec 4a4fe48cc Fix docs links due to branch rename 240bbc3bf Fix pre-checkpointing 3b6cb8fab container: ignore named hierarchies d9a1c34e4 Fix restoring of privileged containers c3a14103f Fix build tags for pkg/machine... b5890fc86 Bump github.com/containers/storage from 1.32.1 to 1.32.2 e7e09bf2f Update nix pin with `make nixpkgs` d5527c330 System tests: deal with crun 0.20.1 11badab04 rootless: fix fast join userns path 8e89d7071 [CI:DOCS] Update swagger for inspect network a9cb82498 podman-remote build should handle -f option properly 5117deda0 fixed docs and schemas 18fa124df Improve systemd-resolved detection 84b55eec2 logs: k8s-file: fix race a5ad36c65 Fix image prune --filter cmd behavior 346c7fda6 Bump github.com/containers/buildah from 1.21.0 to 1.21.1 c60548279 remote pull: cancel pull when connection is closed 8378a9c4d Fix network prune api docs 5e7876089 auto-update tests: various fixes f6d9dbb62 [CI:DOCS]instructions for podman machine on macs 260192670 Fix compat create with NetworkMode=default 17193e468 System test: Add podman auto-update related test cases a2b842df4 Version bump: 3.3.0-dev 949374e58 Added tests for different checkpoint archive compressions 68070f1b2 Add --compress to podman-container-checkpoint.1.md 8aa5340ad Add parameter to specify checkpoint archive compression 10875a67e Order checkpoint options in man page alphabetically ab7e7f651 UPDATE MANPAGE_SYNTAX (commit,attach,auto-update) 13a807b86 fix go-bindings examples with v3 new parameters 8f89bc4e0 [CI:DOCS] Document which CNI fields are encoded 1f73374ac remote: always send resize before the container starts 9c5048544 remote events: support labels ce01b4f09 made requested changes, fixed api tests 2810c478a Add CORS support df7c3a703 [CI:DOCS] fix incorrect network remove api doc e23c5b25f Add restore --publish to the man page 837ba7ec3 Add test for restore --publish 1ac9198d7 Allow changing of port forward rules on restore 86610c785 remote events: fix --stream=false 9ac526759 systemd/generate: change type to notify 346c08225 Update main branch to reflect 3.2.0 release b928278e6 extend docs to include help for when pub/priv key is signed with an unsupported algo 735470ff2 Bump go.etcd.io/bbolt from 1.3.5 to 1.3.6 48ea142ca Bump github.com/docker/docker b36278c3e Bump github.com/opencontainers/selinux from 1.8.1 to 1.8.2 df2e7e00f add ipv6 nameservers only when the container has ipv6 enabled 366016fa8 Bump github.com/onsi/ginkgo from 1.16.3 to 1.16.4 433a5a8c7 Fix spacing in buildthedocs 37f39eefe events: support disjunctive filters b6167cedb System tests: add :Z to volume mounts ff79b2e5a Fix link error 433674918 Use secrets and machine rst file properly 2cc4535e1 added tests in python rest api 7ef3981ab Enable port forwarding on host ad182976b Use request context instead of background 1daaf34d7 [NO TESTS NEEDED] API list networks should return [] when used with no networks 249da1b93 [CI:DOCS] rm containers-mounts.conf.5.md ef8ba99ff Use request context instead of background context 3330f9876 Better error handing for images/create compat api d657a070d Bump github.com/uber/jaeger-client-go 761466dca Bump github.com/onsi/ginkgo from 1.16.2 to 1.16.3 fb4a0c572 support tag@digest notation 530721841 generate systemd: make mounts portable 699272ed2 add missing space 51a8e01f8 [CI:DOCS] point IRC to libera.chat 2addc0f90 rootless: fix SIGSEGV ,make LISTEN_FDNAMES optional [Closes #10435]. [NO TESTS NEEDED] 5bd1b7dfd Update a way out of date transfer document 6deb1bc2a Manpage syntax proposal 33944cefe [Techinal Debt] Cleanup ABI vs. Tunnel CLI commands c9609d820 Vendor in containers/storage v1.32.1 9822c3309 create libimage-events channel in main routine 8e5388e41 Add options to podman machine ssh 61167834f Bump github.com/onsi/gomega from 1.12.0 to 1.13.0 de293c980 Handle image user and exposed ports in podman play kube fad6e1d3e Ensure that container still exists when removing 533d88b65 Add the option of Rootless CNI networking by default 10569c988 journald logger: fix race condition d1c9e034f libimage-events channel: fix data race 568e911b8 Bump github.com/containers/common from 0.38.4 to 0.39.0 738a8fe63 Add podman run --gpus flag for compatibility e6a3d6aac Fix race on podman start --all 9ab3fd876 Fix race condition in running ls container in a pod 586af5c74 docs: --cert-dir: point to containers-certs.d(5) afe33573d Handle hard links in different directories 2f5552c32 Podman info add support for status of cgroup controllers f22791aec Handle hard links in remote builds 4c095aa7e Improve OCI Runtime error 3c82059c3 Sync. workflow across skopeo, buildah, and podman 8bf852d5f Match swagger to "as built" output 0766777d6 Document all transports for podman manifest add 6ca721ccc Drop container does not exist on removal to debugf 94665bdf0 Bump github.com/containers/storage from 1.31.1 to 1.31.2 7bcfae44b Downgrade API service routing table logging c553181fd Vendor in containers/buildah v1.21.0 5a0257d46 Fix network create macvlan with subnet option 8352e5bc3 add libimage events 26652111b Bump github.com/opencontainers/runc from 1.0.0-rc94 to 1.0.0-rc95 12aa71ab8 Use correct extension for example network config 898a8ad28 update c/common 2b89b2414 Add support for podman manifest rm command 55f00bac0 Clear the storage-options from the graphdriver if users specifies --root 44c493717 Bump k8s.io/api from 0.21.0 to 0.21.1 bc0e12a04 Fix problem copying files when container is in host pid namespace 379df7f2c docs: generate systemd: XDG_RUNTIME_DIR af748b94e Bump k8s.io/apimachinery from 0.21.0 to 0.21.1 6b187e445 Bump github.com/vbauerster/mpb/v6 from 6.0.3 to 6.0.4 92e858914 fix: response body of containers wait endpoint 98955bedb Break up python APIv2 tests 8f3605e7d Add script for identifying commits in release branches bab7caafe Fix formatting and indentation in network http api docs cf30f160a Support uid,gid,mode options for secrets 0d811b233 Several shell completion fixes 6efca0bba Ensure that :Z/:z/:U can be used with named volumes 4cc19f9e0 Support automatic labeling of kube volumes b75bb4665 Create the /etc/mtab file if does not exists Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>