| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
| |
The sysvinit functionality conflicts with the docker daemon
settings required for the systemd docker.socket.
Ensure that the sysvinit capabilities are only enabled if
systemd is not present.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping moby to version v20.10.17-2-g3949ff121e, which comprises the following commits:
ff7feeac37 vendor: github.com/containerd/continuity v0.3.0
6f3f2b6d08 update containerd binary to v1.6.6
b3bcb15da8 update containerd binary to v1.6.5
f55b030fa0 system: unbreak build for darwin
63ab12cd3a Port pkg/system/mknod.go to FreeBSD
081e538fbd vendor: libnetwork f6ccccb1c082a432c2a5814aaedaca56af33d9ea
8e9d647c01 [20.10] update golang to 1.17.11
87ead7fd2a vendor: hcsshim a11a2c44e8a4aa9d66314b1d759ef582df5ab5e8
27f8322324 vendor: libnetwork 2dab5620d4462865c6151e573b3e7fa5d3b8458b
829951ec19 docs: api: /containers/{id}/attach/ws: remove unsupported query-args < v1.42
6cbe73bfc0 Rename Reservation to Reservations in the open API
d9ed3d7e28 update runc binary to v1.1.2
a15acb4bd6 [20.10] vendor: golang.org/x/sys v0.0.0-20220412211240-33da011f77ad
5f2e0b79ad [20.10] update golang to 1.17.10
Bumping libnetwork to version v0.7.0-dev.3-1835-gf6ccccb1, which comprises the following commits:
af0c46d8 Apply peformance tuning to new sandboxes also
23ffb31f Set ExternalPortReserved for dummy proxy
9b82e422 Bump hcsshim
9db86fb7 Only check if route overlaps routes with scope: LINK
Bumping docker-cli to version v20.10.17, which comprises the following commits:
7502d7e56 Fix dead external link
308624c3b fix: remove asterisk from docker command suggestions
de7d866b6 [20.10] update golang to 1.17.11
240e4b550 [20.10] vendor: golang.org/x/sys v0.0.0-20220412211240-33da011f77ad
5d4776bd9 [20.10] update golang to 1.17.10
49e9c2ae3 vendor: golang.org/x/sys 63515b42dcdf9544f4e6a02fd7632793fde2f72d (for Go 1.17)
87a3ce269 vendor: golang.org/x/sys d19ff857e887eacb631721f188c7d365c2331456
1d8abed17 vendor: update x/sys to 134d130e
31dad66f9 [20.10] update golang to 1.17.9
80f673bf9 gofmt with go1.17
3d4cc8e69 [20.10] update remaining files to go1.17.8
30277a8f8 update go to 1.17.8
cfef3a7dc docs: deprecated: add entry for "fluent-async-connect" log-opt
53426025c [20.10] docs: reformat table for compatibility
573a66463 Describe privileged mode in terms of capabilities
cf0ab7ac4 [20.10] vendor: github.com/docker/distribution v2.8.1
d05fd4ffc [20.10] vendor: github.com/opencontainers/image-spec v1.0.2
870f13825 [20.10] vendor: github.com/docker/docker v20.10.14
198d6b872 [20.10] circleci: update buildx to v0.8.2
55a14ec85 [20.10] update remaining Dockerfiles to go 1.16.15
1f9a0df05 e2e: update docker-compose to 1.29.2
4ae338b33 docs: reference: remove trailing space to fix yaml formatting
6380142dd docs: fix (table) formatting, fix some broken links
82f422fcf docs: build: fix minor markdown and syntax issues
80fd77903 Update the list of log drivers
c3d4d623c Fix CMD --ignored-param1 example
2e82d11de docs: dockerd: fix broken link in blockquote area
738a6ee1c improve cp documentation with some illustration examples
246d96bb6 docs: unify "docker create" and "docker run" reference
2fd0f1705 docs: add missing documentation for --pull flag
5fa500000 Fix incorrect pointer inputs to `json.Unmarshal`
1e6a8ce2b Dockerfile: update xx to 1.1
6f7a931a2 [20.10] use GO_LDFLAGS instead of LDFLAGS to prevent inheriting unrelated options
91bab605f [20.10] vendor.conf: don't use git:// protocol
a282e0c5d [20.10] update to go 1.16.15 to address CVE-2022-24921
700364e30 Fix mistake with env var example in docker run docs
62d27c32f Update WORKDIR command information
c0e952cf0 Fix the (dead) link for docs for Dockerfile syntax reference
04104a04d Update dockerd.md
b721998b7 Fixing typo (his --> its)
4065e1246 format create.md table
f1002eb9f Fix typo
e97c7b240 added missing closing parenthese
aa7893763 Update stats.md add example json output
40fe0573a Update Ubuntu version number references in push.md
c9737e1c3 docs/daemon: replace deprecated '-g' option for '--data-root'
5c6723d08 Correct device syntax to --gpus
fd5fc61ec [20.10] Update Go to 1.16.14
3624019d8 [20.10] update Go to 1.16.13
f3ff8e6ad [20.10] vendor: compose-on-kubernetes v0.5.0 to remove github.com/golang/glog
ee1ac1b31 fix innocuous data-race when config.Load called in parallel
38dd744a1 [20.10] Update Go to 1.16.12
4de40a825 Update Go to 1.16.11
03fa8f92c Update Go to 1.16.10
9989fdbc4 Update most links in docs to use https by default
0e20c1fd2 Update Go to 1.16.9
1c0927a04 Dockerfile: update tonistiigi/xx to 1.0.0-rc.2, add XX_VERSION arg
82f9d5921 info: skip client-side warning about seccomp profile on API >= 1.42
adb01ca79 docs: some minor touch-ups in checkpoint reference
8260476a0 docs: remove trailing space to fix generated YAML format
bce2e1f95 docs: create.md: typo fix
44064f51c Fix typo in documentation - build.md
292779add Add doc for BUILDKIT_PROGRESS env var
f2e79b826 docs: use "console" code-hint for shell examples
fa46b9236 docs: rewrite reference docs for --stop-signal and --stop-timeout
400f81089 experimental: fix broken link to "checkpoint and restore" page
c72057c8d docs: move checkpoint/restore doc from experimental into reference
77db97d59 Use private network address for default-address-pools setting in daemon.json example
cbf0d2b7b docs: fix some broken anchors
d0014a86b docs: fix description of restart-delay to mention max (1 minute)
6c1c8b55a docs: fix search results by filterd is-official
44fdac11f Update Go to 1.16.8
061051c24 docs: add missing redirect, and remove /go/experimental redirect
2012fbf11 Update Go to 1.16.7
42d1c0275 registry: ensure default auth config has address
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping moby to version v20.10.17-2-g3949ff121e, which comprises the following commits:
ff7feeac37 vendor: github.com/containerd/continuity v0.3.0
6f3f2b6d08 update containerd binary to v1.6.6
b3bcb15da8 update containerd binary to v1.6.5
f55b030fa0 system: unbreak build for darwin
63ab12cd3a Port pkg/system/mknod.go to FreeBSD
081e538fbd vendor: libnetwork f6ccccb1c082a432c2a5814aaedaca56af33d9ea
8e9d647c01 [20.10] update golang to 1.17.11
87ead7fd2a vendor: hcsshim a11a2c44e8a4aa9d66314b1d759ef582df5ab5e8
27f8322324 vendor: libnetwork 2dab5620d4462865c6151e573b3e7fa5d3b8458b
829951ec19 docs: api: /containers/{id}/attach/ws: remove unsupported query-args < v1.42
6cbe73bfc0 Rename Reservation to Reservations in the open API
d9ed3d7e28 update runc binary to v1.1.2
a15acb4bd6 [20.10] vendor: golang.org/x/sys v0.0.0-20220412211240-33da011f77ad
5f2e0b79ad [20.10] update golang to 1.17.10
Bumping libnetwork to version v0.7.0-dev.3-1835-gf6ccccb1, which comprises the following commits:
af0c46d8 Apply peformance tuning to new sandboxes also
23ffb31f Set ExternalPortReserved for dummy proxy
9b82e422 Bump hcsshim
9db86fb7 Only check if route overlaps routes with scope: LINK
Bumping docker-cli to version v20.10.17, which comprises the following commits:
7502d7e56 Fix dead external link
308624c3b fix: remove asterisk from docker command suggestions
de7d866b6 [20.10] update golang to 1.17.11
240e4b550 [20.10] vendor: golang.org/x/sys v0.0.0-20220412211240-33da011f77ad
5d4776bd9 [20.10] update golang to 1.17.10
49e9c2ae3 vendor: golang.org/x/sys 63515b42dcdf9544f4e6a02fd7632793fde2f72d (for Go 1.17)
87a3ce269 vendor: golang.org/x/sys d19ff857e887eacb631721f188c7d365c2331456
1d8abed17 vendor: update x/sys to 134d130e
31dad66f9 [20.10] update golang to 1.17.9
80f673bf9 gofmt with go1.17
3d4cc8e69 [20.10] update remaining files to go1.17.8
30277a8f8 update go to 1.17.8
cfef3a7dc docs: deprecated: add entry for "fluent-async-connect" log-opt
53426025c [20.10] docs: reformat table for compatibility
573a66463 Describe privileged mode in terms of capabilities
cf0ab7ac4 [20.10] vendor: github.com/docker/distribution v2.8.1
d05fd4ffc [20.10] vendor: github.com/opencontainers/image-spec v1.0.2
870f13825 [20.10] vendor: github.com/docker/docker v20.10.14
198d6b872 [20.10] circleci: update buildx to v0.8.2
55a14ec85 [20.10] update remaining Dockerfiles to go 1.16.15
1f9a0df05 e2e: update docker-compose to 1.29.2
4ae338b33 docs: reference: remove trailing space to fix yaml formatting
6380142dd docs: fix (table) formatting, fix some broken links
82f422fcf docs: build: fix minor markdown and syntax issues
80fd77903 Update the list of log drivers
c3d4d623c Fix CMD --ignored-param1 example
2e82d11de docs: dockerd: fix broken link in blockquote area
738a6ee1c improve cp documentation with some illustration examples
246d96bb6 docs: unify "docker create" and "docker run" reference
2fd0f1705 docs: add missing documentation for --pull flag
5fa500000 Fix incorrect pointer inputs to `json.Unmarshal`
1e6a8ce2b Dockerfile: update xx to 1.1
6f7a931a2 [20.10] use GO_LDFLAGS instead of LDFLAGS to prevent inheriting unrelated options
91bab605f [20.10] vendor.conf: don't use git:// protocol
a282e0c5d [20.10] update to go 1.16.15 to address CVE-2022-24921
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping runc to version v1.1.3-2-g1e7bb5b7, which comprises the following commits:
eb1552a0 VERSION: back to development
6724737f VERSION: release 1.1.3
91fa032d ci: add basic checks for CHANGELOG.md
7219387e cgroups: systemd: skip adding device paths that don't exist
93d1807b libcontainer: relax getenv_int sanity check
8242c05d script/seccomp.sh: check tarball sha256
017cb29b Dockerfile,scripts/release: bump libseccomp to v2.5.4
51649a7d Allow mounting of /proc/sys/kernel/ns_last_pid
3a09da6b ci: drop docker layer caching from release job
8b93f9fb seccomp: enosys: always return -ENOSYS for setup(2) on s390(x)
fc2a8fe1 libct/cg/sd: check dbus.ErrClosed instead of isDbusError
d105e052 libct/seccomp/config: add missing KillThread, KillProcess
e4474ef8 [1.1] vendor: bump seccomp/libseccomp-golang to f33da4d
dc083b2b fix deprecated ActKill
bf1cd884 ci: use golangci-lint-action v3, GO_VERSION
1feafc31 ci: bump golangci-lint to v1.44
89f79ff0 libct: StartInitialization: fix %w related warning
3b7f2605 Format sources using gofumpt 0.2.1
eeac4e77 build(deps): bump actions/checkout from 2 to 3
cd7fa00d Vagrantfile.fedora: fix build wrt new git
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping runc to version v1.1.3-2-g1e7bb5b7, which comprises the following commits:
eb1552a0 VERSION: back to development
6724737f VERSION: release 1.1.3
91fa032d ci: add basic checks for CHANGELOG.md
7219387e cgroups: systemd: skip adding device paths that don't exist
93d1807b libcontainer: relax getenv_int sanity check
8242c05d script/seccomp.sh: check tarball sha256
017cb29b Dockerfile,scripts/release: bump libseccomp to v2.5.4
51649a7d Allow mounting of /proc/sys/kernel/ns_last_pid
3a09da6b ci: drop docker layer caching from release job
8b93f9fb seccomp: enosys: always return -ENOSYS for setup(2) on s390(x)
fc2a8fe1 libct/cg/sd: check dbus.ErrClosed instead of isDbusError
d105e052 libct/seccomp/config: add missing KillThread, KillProcess
e4474ef8 [1.1] vendor: bump seccomp/libseccomp-golang to f33da4d
dc083b2b fix deprecated ActKill
bf1cd884 ci: use golangci-lint-action v3, GO_VERSION
1feafc31 ci: bump golangci-lint to v1.44
89f79ff0 libct: StartInitialization: fix %w related warning
3b7f2605 Format sources using gofumpt 0.2.1
eeac4e77 build(deps): bump actions/checkout from 2 to 3
cd7fa00d Vagrantfile.fedora: fix build wrt new git
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
commit e4474ef881401b2f3ed3ba806a288bb986dcac49 of runc does a vendor
update which includes the reverted fix again. The commit is after 1.2.0
and before 1.3.0 --> the next cherry-pick updates runc to 1.3.0 and the
fix will be back.
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping moby to version v20.10.16, which comprises the following commits:
a15acb4bd6 [20.10] vendor: golang.org/x/sys v0.0.0-20220412211240-33da011f77ad
5f2e0b79ad [20.10] update golang to 1.17.10
be7855fdbe vendor: update github.com/containerd/cgroups and github.com/cilium/ebpf
414a9e24a7 update containerd binary to v1.6.4
47b6a924b6 update containerd binary to v1.6.3
6d7c2b2d26 update containerd binary to v1.6.2
91708bf704 update containerd binary to v1.6.1
53ae17008e Revert "[20.10] update containerd binary to 1.5.11"
961b9a78d5 update runc binary to v1.1.1
97972dac5f update runc binary to v1.1.0
033a819714 [20.10] update golang to 1.17.9
a80884126b Jenkinsfile: add workaround for CVE-2022-24765
09d6fcdfec update to go 1.17.8 to address CVE-2022-24921
5957684b2c Update Go to 1.17.7
55b72c70ba Update Go to 1.17.6
fdf3020bd5 Update Go to 1.17.5
36e164ba80 Update Go to 1.17.4
ecfba8f588 Update Go to 1.17.3
4e14dcc125 Update Go to 1.17.2
c32b5ece31 Update Go to 1.17.1
7096508811 vendor: update archive/tar to match Go 1.17.0
a1150245cc Update to Go 1.17.0, and gofmt with Go 1.17
95cc7115fb hack/vendor.sh: allow go version to be specified with .0
949c33b1c5 vendor: golang.org/x/sys 63515b42dcdf9544f4e6a02fd7632793fde2f72d (for Go 1.17)
8392285876 vendor: golang.org/x/sys d19ff857e887eacb631721f188c7d365c2331456
4e81bcf380 Makefile: update buildx to v0.8.2
74e699c8d3 Makefile: update buildx version to v0.6.0
bc3cc2e7ac Makefile: install buildx from binary release, instead of building
492fac20af api: docs: fix indentation of HostConfig.SecurityOpt (v1.39-v1.41)
3cba2682d8 api: docs: move ContainerWaitResponse to definitions (v1.39-v1.41)
55e71450ae api: docs: move VolumeCreateOptions to definitions (v1.39-v1.41)
c54362cd64 api: docs: move Volume examples inline (v1.39-v1.41)
c60ff9b296 doc: server API Correct ImagesCreate - platform parameter added in 1.32
7a45f7a8cc docs: cleanup swagger API with multiple examples (v1.25-v1.41)
29bb9204bf api: docs: add IPAMConfig on IPAM (v1.41)
77f6564369 api: docs: document MountPoint fields (v1.25-v1.41)
51ea235ab8 api: docs: remove deprecated RootFS.BaseLayer (API v1.25-v1.41)
3d6b4ae572 Correct type of Mounts in ContainerSummary in docs (v1.25-v1.40)
6e8b9809b7 Correct type of Mounts in ContainerSummary in docs
621a98dac0 api: docs: fix warning about comment indentation (API v1.40-v1.41)
bb9ef98060 api: docs: update docs for /images/{name}/json (API v1.39-v1.41)
88ca5cec4e daemon: fix error-message for minimum allowed kernel-memory limit
3ea996abd7 docs: add missing KernelMemoryTCP to api v1.40 and v1.41
b475bc95cd docs/api: add missing 400 response for POST /containers/{id}/wait
ae07b3cc96 docs/api: update /containers/{id}/wait "condition" parameter (v1.30-v1.41)
19555fa92d [20.10] vendor: github.com/docker/distribution v2.8.1
32fe0bbb91 daemon: use RWMutex for stateCounter
ed8fb00b65 errdefs: move GetHTTPErrorStatusCode to api/server/httpstatus
3bd611d7a5 log error message when receiving an unexpected type error
7dfe7a1752 [20.10] update containerd binary to 1.5.11
af953d2f38 [20.10] vendor: containerd 7cfa023d95d37076d5ab035003d4839f4b6ba791
5f9753ae73 client: remove containerd "platform" dependency
4df345e65d client: remove unused Platform field from configWrapper
dd38613d0c oci: inheritable capability set should be empty
2825bf7123 Only check if route overlaps routes with scope: LINK
f5c56eaca8 [20.10] bump swarmkit for config size increase
ce3b6d1ae9 distribution: retry downloading schema config on retryable error
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Bumping libnetwork to version v0.7.0-dev.3-1830-g339b972b, which comprises the following commits:
9db86fb7 Only check if route overlaps routes with scope: LINK
7b9c2905 fix port forwarding with ipv6.disable=1
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping moby to version v20.10.16, which comprises the following commits:
a15acb4bd6 [20.10] vendor: golang.org/x/sys v0.0.0-20220412211240-33da011f77ad
5f2e0b79ad [20.10] update golang to 1.17.10
be7855fdbe vendor: update github.com/containerd/cgroups and github.com/cilium/ebpf
414a9e24a7 update containerd binary to v1.6.4
47b6a924b6 update containerd binary to v1.6.3
6d7c2b2d26 update containerd binary to v1.6.2
91708bf704 update containerd binary to v1.6.1
53ae17008e Revert "[20.10] update containerd binary to 1.5.11"
961b9a78d5 update runc binary to v1.1.1
97972dac5f update runc binary to v1.1.0
033a819714 [20.10] update golang to 1.17.9
a80884126b Jenkinsfile: add workaround for CVE-2022-24765
09d6fcdfec update to go 1.17.8 to address CVE-2022-24921
5957684b2c Update Go to 1.17.7
55b72c70ba Update Go to 1.17.6
fdf3020bd5 Update Go to 1.17.5
36e164ba80 Update Go to 1.17.4
ecfba8f588 Update Go to 1.17.3
4e14dcc125 Update Go to 1.17.2
c32b5ece31 Update Go to 1.17.1
7096508811 vendor: update archive/tar to match Go 1.17.0
a1150245cc Update to Go 1.17.0, and gofmt with Go 1.17
95cc7115fb hack/vendor.sh: allow go version to be specified with .0
949c33b1c5 vendor: golang.org/x/sys 63515b42dcdf9544f4e6a02fd7632793fde2f72d (for Go 1.17)
8392285876 vendor: golang.org/x/sys d19ff857e887eacb631721f188c7d365c2331456
4e81bcf380 Makefile: update buildx to v0.8.2
74e699c8d3 Makefile: update buildx version to v0.6.0
bc3cc2e7ac Makefile: install buildx from binary release, instead of building
492fac20af api: docs: fix indentation of HostConfig.SecurityOpt (v1.39-v1.41)
3cba2682d8 api: docs: move ContainerWaitResponse to definitions (v1.39-v1.41)
55e71450ae api: docs: move VolumeCreateOptions to definitions (v1.39-v1.41)
c54362cd64 api: docs: move Volume examples inline (v1.39-v1.41)
c60ff9b296 doc: server API Correct ImagesCreate - platform parameter added in 1.32
7a45f7a8cc docs: cleanup swagger API with multiple examples (v1.25-v1.41)
29bb9204bf api: docs: add IPAMConfig on IPAM (v1.41)
77f6564369 api: docs: document MountPoint fields (v1.25-v1.41)
51ea235ab8 api: docs: remove deprecated RootFS.BaseLayer (API v1.25-v1.41)
3d6b4ae572 Correct type of Mounts in ContainerSummary in docs (v1.25-v1.40)
6e8b9809b7 Correct type of Mounts in ContainerSummary in docs
621a98dac0 api: docs: fix warning about comment indentation (API v1.40-v1.41)
bb9ef98060 api: docs: update docs for /images/{name}/json (API v1.39-v1.41)
88ca5cec4e daemon: fix error-message for minimum allowed kernel-memory limit
3ea996abd7 docs: add missing KernelMemoryTCP to api v1.40 and v1.41
b475bc95cd docs/api: add missing 400 response for POST /containers/{id}/wait
ae07b3cc96 docs/api: update /containers/{id}/wait "condition" parameter (v1.30-v1.41)
19555fa92d [20.10] vendor: github.com/docker/distribution v2.8.1
32fe0bbb91 daemon: use RWMutex for stateCounter
ed8fb00b65 errdefs: move GetHTTPErrorStatusCode to api/server/httpstatus
3bd611d7a5 log error message when receiving an unexpected type error
7dfe7a1752 [20.10] update containerd binary to 1.5.11
af953d2f38 [20.10] vendor: containerd 7cfa023d95d37076d5ab035003d4839f4b6ba791
5f9753ae73 client: remove containerd "platform" dependency
4df345e65d client: remove unused Platform field from configWrapper
dd38613d0c oci: inheritable capability set should be empty
2825bf7123 Only check if route overlaps routes with scope: LINK
f5c56eaca8 [20.10] bump swarmkit for config size increase
ce3b6d1ae9 distribution: retry downloading schema config on retryable error
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
After upgrading from honister to kirkstone the build always failed
during the package_write_ipk step, because the package name has
been overwritten because of the typo in FILES.
While investigating, I discovered another typo in class-devupstream.
Signed-off-by: Guenther Meyer <g.meyer@signum-media.de>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
buildah is a command line tool, to be installed and run on target,
that can be used to:
- create a working container, either from scratch or using an image
as a starting point
- create an image, either from a working container or via the
instructions in a Dockerfile
- images can be built in either the OCI image format or the
traditional upstream docker image format
- mount a working container's root filesystem for manipulation
- unmount a working container's root filesystem
- use the updated contents of a container's root filesystem as a
filesystem layer to create a new image
- delete a working container or an image
- rename a local container
Testing:
Setup the build directory:
$ . oe-init-build-env <build_dir>
Add to local.conf:
IMAGE_INSTALL:append = " buildah kernel-modules"
KERNEL_FEATURES += "features/overlayfs/overlayfs.cfgi \
features/netfilter/netfilter.scc \
features/lxc/lxc-enable.scc"
IMAGE_ROOTFS_EXTRA_SPACE = "5242880"
Build image:
$ bitbake core-image-minimal
Run the image:
$ runqemu nographic kvm qemuparams="-m 4096"
On target:
Pull an image:
> cnt=$(buildah from fedora)
Or build from Dockerfile
> buildah bud -t <image_name>:<tag> .
Mount the image:
> mnt=$(buildah mount ${cnt})
Install packages on the container rootfs:
> dnf install --installroot $mnt <packages_to_install> -y
Copy local files to the container:
> buildah copy $cnt <local_file> <dest_on_container>
Save the changes to an image
> buildah commit --format docker $cnt <name>:<tag>
Run the image using buildah:
> buildah run $cnt /bin/sh
Or using docker:
> docker run -it <name>:<tag>
Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
| |
This is useful for podman system tests.
Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
| |
2b28d64667e4c22434b9db0a87a1265a0caedb66 brought a typo when resolving
merge/rebase conflict. This fixes it.
Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This CVE was fixed[1] in the container image go library skopeo is using
(vendoring). The current version of the image go module is v5.20.0 while
the fix landed since v3.0.0[2].
See RedHat's resolution[3] for more details.
[1] https://github.com/containers/image/issues/654
[2] https://github.com/containers/image/pull/669/commits/a3d69a4a89244803d2f5350aca6dd0fcbe444551
[3] https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10214
Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Files are sorted in lexicographic order. Moving podman-rootless.conf to
something greater then '00' would help with systems providing default
values in other configuration files that can be overridden by
podman-rootless.conf.
Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
| |
There is no need we can see for this dependency to be provided as such -
especially forcing this to using glibc.
Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
| |
clang-based builds are still broken due to:
https://github.com/llvm/llvm-project/issues/53999
Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
| |
This will fix clang-based builds.
Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
| |
This will fix clang-based builds.
Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping containerd to version v1.6.6-10-g4e92d8e7e, which comprises the following commits:
37dfc5c9d [release/1.6] Fix WWW-Authenticate parsing
fa2016d58 [release/1.6] Downgrade MinGW to version 10.2.0
99c56d217 ctr: fix label args used in NewContainer
51de785f8 [release/1.6] Make building static binaries simpler
2ea4e6348 update runc binary to v1.1.3
61213742a Prepare release notes for v1.6.6
f92068350 Implicitly discard the input to drain the reader
2eb67213b [release/1.6] Limit the response size of ExecSync
185e87275 Prepare release notes for v1.6.5
5c9c83d3e [release/1.6] update golang to 1.17.11
fdcdc27bc update go-cni/for cni update fixing plugins that don't respond with version
e33b9e709 archive: add human-readable hint to Lchown error
3bb5a9d19 config: improve config v1 deprecation message
6eff5b6c0 [release/1.6] go.mod: Bump hcsshim to 0.9.3
f1d2d9260 [release/1.6] vendor: golang.org/x/sys v0.0.0-20220412211240-33da011f77ad
9f99be51b [release/1.6] update golang to 1.17.10
246a1b42e vendor: github.com/opencontainers/runc v1.1.2
43717e03a update runc binary to v1.1.2
82a77be2d reverts removal of parallel run from critest
06bdfeb67 Allow git commands in Vagrantfile
70839a344 Bug fix for mount path handling
1520bae0f update critools to v1.24
0d1d2953b Prepare release notes for 1.6.4
42d691fe6 Bump opencontainers/selinux from 1.10.0 to 1.10.1
e9f22e008 Update go-cni to v1.1.5
be4909e95 cri: close fifos when container is deleted
baa386dc0 Prepare release notes for v1.6.3
e8da82adc tracing: fix panic on startup when configured
1764ea9a2 CRI: improve image pulling performance
9cd76d465 [release/1.6] update golang to 1.17.9
c09cc1242 check for duplicate nspath possibilities
fe6ba62ce metrics/cgroups: fix deadlock issue in Add during Collect
8b81a7843 [release/1.6] go.mod: update image-spec to merge-commit of v1 into main
f2ba2041b update runc binary to v1.1.1
b736b4dab go.mod: github.com/opencontainers/runc v1.1.1
72f1e58c7 CI: add Rocky Linux 8
7ede40c5c [release/1.6] vendor: github.com/containerd/imgcrypt v1.1.4
5538be6cf cgroup2: monitor OOMKill instead of OOM to prevent missing container OOM events
da35c19da Test turning off golang CI lint cache
a0213573b Add nolint:staticcheck to platform-specific calls
ad0036ed6 Update prometheus client vendor
c7bbf316f Mount devmapper xfs file system with "nouuid" option.
a1de89c3e Make the temp mount as ready only in container WithVolumes
82a12edf2 moving up to go-cni v1.1.4
28b44826b native: fix deadlock from leaving transactions open
8461dd6e5 Prepare release notes for v1.6.2
91800c4e9 Add static checks to shim for Windows
ca51d7f85 Update go.mod go version
765df6609 [release/1.6] remove empty go mod to allow building for go 1.18
e9af80859 Fix the Inheritable capability defaults.
7c929318a Update TestNormalize to only test Windows
06985e7d0 Upgrade golangci-lint and its GitHub Action
b13d3e05c cri: relax test for system without hugetlb
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
| |
This support is disabled by default and exposed via PACKAGECONFIG.
Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Podman can run in via a docker symlink emulating docker commands. By
default this generates a runtime warning. This change silences it via
the provided interface.
Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping runc to version v1.1.2-9-gb507e2da, which comprises the following commits:
bf1cd884 ci: use golangci-lint-action v3, GO_VERSION
1feafc31 ci: bump golangci-lint to v1.44
89f79ff0 libct: StartInitialization: fix %w related warning
3b7f2605 Format sources using gofumpt 0.2.1
eeac4e77 build(deps): bump actions/checkout from 2 to 3
cd7fa00d Vagrantfile.fedora: fix build wrt new git
cdfdbe55 VERSION: back to development
a916309f VERSION: release 1.1.2
364ec0f1 runc: do not set inheritable capabilities
8959e372 VERSION: back to development
52de29d7 VERSION: release 1.1.1
2636e1cb CHANGELOG.md: add 1.1.1 release notes
036cc348 CI/cirrus: add centos-stream-9
db953158 README.md: add cirrus-ci badge
ea19181e README,libct/README: fix pkg.go.dev badges
8290c4cf libct/cg: IsCgroup2HybridMode: don't panic
ee7ba6cb configs/validate: looser validation for RDT
96193422 libct/cg/sd/v2: fix ENOENT on cgroup delegation
35784a3e ensure the path is a sub-cgroup path
986e7c53 libct: fixStdioPermissions: ignore EROFS
5053a065 libct: fixStdioPermissions: skip chown if not needed
d2939b6b libct: fixStdioPermissions: minor refactoring
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping runc to version v1.1.2-9-gb507e2da, which comprises the following commits:
bf1cd884 ci: use golangci-lint-action v3, GO_VERSION
1feafc31 ci: bump golangci-lint to v1.44
89f79ff0 libct: StartInitialization: fix %w related warning
3b7f2605 Format sources using gofumpt 0.2.1
eeac4e77 build(deps): bump actions/checkout from 2 to 3
cd7fa00d Vagrantfile.fedora: fix build wrt new git
cdfdbe55 VERSION: back to development
a916309f VERSION: release 1.1.2
364ec0f1 runc: do not set inheritable capabilities
8959e372 VERSION: back to development
52de29d7 VERSION: release 1.1.1
2636e1cb CHANGELOG.md: add 1.1.1 release notes
036cc348 CI/cirrus: add centos-stream-9
db953158 README.md: add cirrus-ci badge
ea19181e README,libct/README: fix pkg.go.dev badges
8290c4cf libct/cg: IsCgroup2HybridMode: don't panic
ee7ba6cb configs/validate: looser validation for RDT
96193422 libct/cg/sd/v2: fix ENOENT on cgroup delegation
35784a3e ensure the path is a sub-cgroup path
986e7c53 libct: fixStdioPermissions: ignore EROFS
5053a065 libct: fixStdioPermissions: skip chown if not needed
d2939b6b libct: fixStdioPermissions: minor refactoring
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The project's internal Makefile uses BUILDFLAGS variable to pass
arguments to `go build` while Yocto/OE defines it as GOBUILDFLAGS. Add a
patch to align this and avoid using host headers in which case, a musl
build will fail similarly to:
| [...]ld: /tmp/go-link-3172010154/000015.o: in function `vfprintf':
| /usr/include/x86_64-linux-gnu/bits/stdio2.h:130: undefined reference to `__vfprintf_chk'
| [...]ld: /tmp/go-link-3172010154/000016.o: in function `fprintf':
| /usr/include/x86_64-linux-gnu/bits/stdio2.h:100: undefined reference to `__fprintf_chk'
| collect2: error: ld returned 1 exit status
Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Adjust the GOROOT setting as directory specified by the original
one does not exist.
The CGO_CFLAGS and CGO_LDFLAGS should use target flags instead
of the nativesdk ones.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Adjust the GOROOT setting as directory specified by the original
one does not exist.
The CGO_CFLAGS and CGO_LDFLAGS should use target flags instead
of the nativesdk ones.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Adjust the GOROOT setting as directory specified by the original
one does not exist.
The CGO_CFLAGS and CGO_LDFLAGS should use target flags instead
of the nativesdk ones.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
| |
The CGO_CFLAGS and CGO_LDFLAGS should use target flags instead
of the nativesdk ones.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
According to https://github.com/containers/skopeo/blob/main/install.md#building-from-source,
the ostree dependency is not needed.
Also, adjust the CGO_CFLAGS and CGO_LDFALGS to use target
flags instead of the SDK ones.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
| |
v2.8.1 is the latest stable version.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix settings for GOROOT, CGO_CFLAGS and CGO_LDFLAGS.
The previous setting for GOROOT is no longer valid as the directory
does not exist for now. So adjust the GOROOT setting.
Currently CGO_CFLAGS is set to use BUILDSDK_CFLAGS, and this is
incorrect. We need target flags instead of SDK related flags. Such
setting happens to work for some hosts. However, when building on
newer hosts, we get QA error like below:
ERROR: docker-distribution-v2.7.1-r0 do_package_qa:
QA Issue: /usr/sbin/registry contained in package docker-registry requires
libc.so.6(GLIBC_2.34)(64bit), but no providers found in RDEPENDS_docker-registry? [file-rdeps]
The above error was found on hardknott on host Fedora 35.
Tracking down the error and I found it's using host stuff which is likely
to be caused by using incorrect CGO_CFLAGS. As the master branch is
using the same settings, it has the same issue.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
In order for systemd variables such as SYSTEMD_AUTO_ENABLE to have
effect, we need to inherit the systemd class. We also need to specify
the package which contains the service.
As go.bbclass already inherits goarch.bbclass, we only need to inehrit
go.bbclass.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Reformat the k3s depedencies and src_uri into a more readible and
maintainable format.
We also map googlesoruce to github for better fetching, as suggested
by Diego Sueiro <diego.sueiro@arm.com>.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
There's a QA issue about criu complaining the shebang
of crit script is too long. We should replace it with
'#!/usr/bin/env python3'.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
It looks like 'devel' in podman compose gets rewritten, so our
1.0.3 commit is no longer on that branch, breaking fetches.
Moving to stable and changing the commit to avoid the issue.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- To fix restore Segmentation fault
criu restore -d -D checkpoint
8306: Error (criu/cr-restore.c:1480): 8331 killed by signal 11: Segmentation fault
Error (criu/cr-restore.c:2447): Restoring FAILED.
- Inherit pkgconfig to fix build warning
pkg-config not found
- Define PLUGINDIR when doing instll to fix build failure
mkdir: cannot create directory '/var/lib/criu': Permission denied
New commits since 3.16.1:
4f8f295e5 criu: Version 3.17
991f27c84 ci: skip new hugetlb maps09/maps10 tests for pre-dump
0c1f0256f kerndat: handle the case when hugetlb isn't supported
17a19676c zdtm: handle the case when hugetlb isn't supported
c1380c077 ci: workaround race between sit module loading and bridge test
550eafc5d ci: print kernel modules list
f635b61f4 test: install criu in /usr
2f0f12839 readme: Add badge links to workflows
d14dbb8c7 sk-unix: rework bind_on_deleted() return codes
5b872c718 proc_parse: Fix parsing bpf map_extra
d40b332ce bpf: update deprecated API
f641e0c4b ci: print mountinfo instead of mount cmd output
5c0b4fbcd ci: criu-fault: skip inotify_irmap fault-injection on btrfs
7ac85cab8 scripts/ci: fix ZDTM_OPTS variable passing
ead227994 zdtm: temporary disable rseq02 test
db9ec1361 zdtm: add rseq02 transition test with NO_RESTART CS flag
1e0bed3d6 rseq: handle rseq/rseq_cs flags properly
13338dee5 Revert "test: disable rseq also on Archlinux"
064e9925a zdtm: add transition/rseq01 test for amd64
2d3354e7b cr-dump: fixup thread IP when inside rseq cs
4c7ece0bb compel: add helpers to get/set instruction pointer
441310c26 zdtm/static/rseq00: fix rseq test when linking with a fresh Glibc
f70ddab24 pie/restorer: unregister (g)libc rseq before memory restoration
e1799e530 include: add thread_pointer.h from Glibc
267c1fdad ci: add Fedora Rawhide based test on Cirrus
03aff7e82 Revert "ci: disable glibc rseq support"
51e0d3e29 zdtm: add basic static/rseq00 test for rseq C/R
c5162cef5 rseq: fail dump if rseq is used but host doesn't support get_rseq_conf feature
f81e3062c rseq: initial support
bd9ee3255 cr-check: Add ptrace rseq conf dump feature
ca54dfcac util: move fork_and_ptrace_attach helper from cr-check
8b3a76b64 kerndat: check for rseq syscall support
de03eb435 compel: add rseq syscall into compel std plugin syscall tables
4adec8e8e cgroup: test for --manage-cgroups=ignore
2b6901707 cgroup: fix --manage-cgroups=ignore
c71d4a54a cgroup: fix "unified" path
8ddd7f483 ci: add codespell to lint target
e7b1c8579 Fix remaining codespell warnings
0194ed392 Fix some codespell warnings
3f1800477 Add .codespellrc
f16976c03 test/zdtm.py: rename a var
fab46c310 test/exhaustive/unix.py: rename a var
2a60b4974 Rename useable to usable
c4bdde213 criu/mount.c: separate \t
51837a65e criu/files.c: some renames
bd3a21e0b test/javaTests: rename ser to s
777ad1966 Nit: rename sie to se
716e56f37 Typo: mmaped -> mmapped
d9411c948 test/zdtm/static: s/NODEL/NO_DEL/
58d76cb16 test/zdtm/static/inotify_system.c: s/inot/infd/
0cb8b9c04 test/zdtm/static: use param not parm
58b120b06 criu/pie/restorer.c: use param not parm
747ec75d9 criu/arch/s390/include/asm/restorer.h: fix comments
8bb05e3bf ci: Switch to non overlaysfs tests
45e048d77 criu: generate unique socket names
75064b742 mount: fix -Wunused-but-set-variable for Clang 15
46e4773c3 style: delete some redundant code
5109fccf8 apparmor: Fix -Wfortify-source for Clang
791651f1b criu-ns: add a helper to hold a pid namespace
805559c1d scripts/ci: mount test cgroups once
ab6191ccd zdtm: use unique holder for cgroups
73a783ac1 mount: make error messages differ in different places
165d5a2cd mount-v2: make mount engine fallback messages loglevel debug
8867840c8 zdtm/mount-v2: disable pty-console test
c8121ed74 test/jenkins: test for old mount engine
3c0e99ccf ci: make others/mnt_ext_dev also run for old mount engine
642abd133 zdtm/mount-v2: disable mnt_tracefs test
f736d88c9 zdtm: add propagation group with mount flags to mount_complex_sharing
ef53df471 zdtm: add mount_complex_sharing test
486e1fd85 zdtm: add new mnt_ext_sharing test for mount-v2
3db949d82 ci: run tests for old mount engine
8d6e2d044 zdtm: enable mounts compat mode on restore with --mntns-compat-mode option
b35c842d0 mount: add new mounts-v2 engine
c29675c9a mount: export global variables for mount-v2
972a59862 mount: export several functions for mount-v2
3229e7f58 mount: export common defines for mount-v2
0723d0cd9 mount: remove double ns_id declaration
1f4a9a531 files-reg: export parent dirs helpers for mount-v2
f032741cd mount: add plain mountpoints
f2d1c7fab config/rpc: add new option --mntns-compat-mode for old mount engine
f6b52c711 crtools: move check_options after kerndat_init and log_init
6a25420d3 util: add resolve_mountpoint helper
cef8366f5 kerndat: check whether the openat2 syscall is supported
387f4652b compel: add open_tree syscall
a946b946e kerndat: Check for MOVE_MOUNT_SET_GROUP availability
0ca89b99b files-reg: teach clean_one_remap to work with mount-v2
9a0918497 files-reg: teach create_ghost to work with mount-v2
169f95c39 files-reg: split create_ghost_dentry out of create_ghost
9fb3984a7 mount: add service_mountpoint getter for ->mountpoint
65967a84b mount: use ns_mountpoint instead of mountpoint where possible
eedbc6f47 mount: use ns_mountpoint in mnt_depth
ae0b218c3 mount: use ns_mountpoint in aufs_parse
7b968ceea mount: use ns_mountpoint in collect_mntinfo
f2bf6597c path: simplify mnt_get_sibling_path via get_relative_path
abbc70adc mount: use ns_mountpoint for children-overmount check
c17695cb1 mount: use ns_mountpoint in root_path_from_parent
010295b8f mount: use ns_mountpoint in validate_children_collision
07eb01593 mount: skip root yard children from mnt_needs_remap check
e8de10a4f mount: use ns_mountpoint in mnt_is_overmounted
b954e5136 autofs: use ns_mountpoint in autofs_create_dentries
7a67949e5 mount: make general place for shared variables on mount-info on restore
0c41c1187 mount: fix broken remounted_rw check
718247045 mount: move root yard tree merge as early as possible
770cdbfb9 mount: prepare is_overmounted as early as possible
83bbf1b05 mount: add helper mnt_get_external_bind_nodev
0fd0e03a2 mount: do not override master_id to -1 for root binds
4f156f32b mount: put external slavery mounts to separate mnt_ext_slave list
ef79912c1 mount: add can_receive_master_from_root helper
b52fcb284 mount: replace CRTIME_MNT_ID with HELPER_MNT_ID
4736a7240 mount/restore: leave ns_mountpoint NULL for aux binfmt_misc mount
16085b5e6 mount/restore: create auxiliary binfmt_misc mount in the root yard
a379d4d94 zdtm: add mntns_pivot_root_ro test
2a3d2bc28 mount: apply superblock flags to nested ns roots
77f67973f zdtm: add mntns_pivot_root test
2fdb4993a mount: allow nested mount namespaces with different roots
cf6fe2d48 mount: add mnt_is_root_bind helper
e50abbd3b zdtm: add mnt_ext_collision test
a963ceb77 mount: restrict mp-external mount map to init container mntns only
007501f98 zdtm: add new mnt_ext_root test
4f9414934 mount: mount external mount before mounting it's binds
d5cb7764e mount: show more info about why we can't mount
685a53eec mount: rework skipping external mounts in dump_one_mountpoint
3b2b80812 mount: split mnt_is_external(_bind) and can_receive_master_from_external
c09bd8941 mount: add mnt_bind_pick helper to pick the desired bind
9d1f39f28 unittest: add some tests for get_relative_path helper
97bd9511c util: add get_relative_path helper
261b7a8fd mount: setup mnt_bind list before using it in mnt_is_external
30261a751 mount: skip fstype and source checks for external mounts in mounts_sb_equal
8d5300aa9 mount: mark mounts of external devices external
e17c1cc12 mount: do not detect non-fsroot mounts as device-external
eda1e5fdb mount: add mntinfo_add_list_before helper for adding to mntinfo list
9649356e3 zdtm: fix mnt_ext_master test to correspond to it's name
5a8fd343f uffd: fix __u64 print format specifier
9e7473516 sk-unix: fix e_str leak in unix_sk_id_add
87d373514 criu/plugin: Add support for criu image streamer
55370b720 criu/plugin: Store BO contents directly to file
ecdf740fa criu/plugin: Add whitepaper document
99a2380fc criu/plugin: Dockerfile for amdgpu_plugin
2095de9f0 criu/plugin: Fix for FDs not allowed to mmap
bd8333009 criu/plugin: Implement sDMA based buffer access
6d7926622 criu/plugin: Restore libhsakmt shared memory files
a218fe0ba criu/plugin: Read and write BO contents in parallel
ba9c62df2 criu/plugin: Add unit tests for GPU remapping
4856e0d4d criu/plugin: Add parameters to override mapping
72905c9c9 criu/plugin: Remap GPUs on checkpoint restore
6e99fea2f criu/plugin: Implement system topology parsing
c4e3ac7fe criu/plugin: Adding check for kernel IOCTL version
55a5993bc criu/plugin: Support AMD ROCm Checkpoint Restore with KFD
71ff9cc04 criu/plugin: Initialize AMD KFD header
91157315b criu/plugin: Skip plugin vmas during premap
63e127fc8 criu/plugin: Add dedicated flag for plugins
e04db0241 criu/files: Add function to return unused FD by pid
653eefea0 criu/plugin: Do not reopen vma fd for plugins
5b0a639a5 files: fix inh leak in inherit_fd_add
060567042 net: fix e_str leak in veth_pair_add
2856d06e3 config: fix ns leak in parse_join_ns
a8dd7d290 ci: run criu-config tests
1c54c45fc zdtm: drop redundant config_inotify_irmap test
d2073cd4d zdtm: add --criu-config option
fc38a01e5 zdtm: use long form cli options
0734fc807 zdtm: sort import lines
0b7965397 zdtm: refactor main
1b4a9df9c sk-unix: fix uint32_t id variable printf format specifier
09fa32a75 tun: fix tun_link leak in dump_tun_link
7e9a9dc34 cr-dump: fix cr_imgset leak in dump_one_task
2747bb2a7 mount: fix e_str leak in ext_mount_add
be78b853d proc_smaps: remove useless nonlinear check
97a998567 compel: set mxcsr during error injection to zero
ef98a71b1 zdtm: fix missplacement of err=True
6b842635b test: disable rseq also on Archlinux
51099d2bb test: remove test for LOCK_MAND flock
247cdc90d bpfmap: handle new field in fdinfo
56df8aeeb ci: skip MAP_HUGETLB tests in stream test
2dc6d146b zdtm: Add MAP_HUGETLB mappings test for parent-child relationship processes
87a5694b4 zdtm: Add shm hugetlb test
d22e472cf zdtm: Add memfd hugetlb test
ffa268896 zdtm: Add MAP_HUGETLB memory mapping test
a26b692c4 uffd: Skip lazy-mode restore on hugetlb mappings
456e50b59 mem: Skip premapping hugetlb mapping
8941b63a4 proc_parse, files: Add support for hugetlb memory mapping
e4fb1dd5f memfd, shmem: Add support for checkpoint/restore memfd and anon shared memory
4d77b19eb ipc: Add support for checkpoint/restore hugetlb System V shared memory
f69c36591 kerndat: Collect hugetlb device numbers
9c7bbfa69 check: Add a check for using memfd with hugetlb
e8087fcff files: generate unique transport socket names
408a7d82d util: add an unique ID of the current criu run
b13b95e52 compel: fix how PTRACE_GET_THREAD_AREA errors are handled
b2ba14a15 restorer: Fix sys_mmap's returned value check
7177938e6 criu-ns: use os.waitstatus_to_exitcode()
bb1b1681a criu-ns: fix exit code o for criu dump
fdf4fda20 pstree: when updating sid for shell job also update matching pgid
89267dbcc ci: install libbsd dependency
48d53b699 Fix formatting in criu documentation
73d6a2c0e test/autofs: fix use-after-free
4d31105c7 ci: set continue-on-error for cross-compile
0568889ee compel: fix parasite with GCC 12
db352ca48 criu: fix configuration file scanner with GCC 12
bf6975c3e compel: fix GCC 12 failure (out of bounds)
6be10a232 zdtm: fix zdtm/static/maps00 case in arm64
6cfad77f0 pagemap: tiny fix on truncating memory image
908e5dd95 lib: added tests for feature check in libcriu
b00b61f0e lib: introduce feature check in libcriu
4c4b2159d ci: added .lgtm.yml file
7f4265dc0 ci: update to latest Vagrant and Fedora images
7400d91f8 contributing: remove old badges and logo
29e221bb7 readme: add docker test badge
6f9d62eb3 ci: test criu-image-streamer with all tests
8ec214d3c mount/btrfs: make check_mountpoint_fd fallback to get_sdev_from_fd
bbf5f642d proc_parse: add helper to resolve sdev from fd
15c42696c mount: remove mnt_fd argument of __open_mountpoint
1e7c62047 mount: split check_mountpoint_fd from __open_mountpoint
1b912802d zdtm/static/uffd-events: add more log messages
ebd03383f zdtm: print tails of all logs if a test has failed
f65098746 test: log testname.out.inprogress if a test has failed
8775cf3a5 ci: reenable the lazy-thp test in the lazy-remote mode
c59abfa81 page-xfer: stop waiting for a new command after a close command
13b726ebc tls: allow to terminate connections synchronously
73d1d0769 uffd: call disconnect_from_page_server to shutdown a page-server connection
4fdf3db31 tls: add more comments
5a2250b1a tls: use ssize_t for return value
89e8e8e69 tls: fix typo
0da88b6da zdtm: Add SOCK_SEQPACKET variants to unix socket tests
530ad9c89 sk-unix: Add support for SOCK_SEQPACKET unix sockets
3d618d0f4 crtools: check that cpuinfo command has sub-command
233f1f1d0 crtools: use new opts.mode in image_dir_mode
3fa85bcdc crtools/rpc: export current criu mode to opts.mode
1b015df9b crtools: remove excess always true condition
be092e25a zdtm: remove mntns-deleted-dst test leftover from git
f92c7f1af zdtm: zdtm_ct fix compilation error with strict-prototypes on
e62e05c2d zdtm.py: clean up MAKEFLAGS env variable before running make instance
af4b26519 tests: added test for single pre-dump support
51a1adbc0 libcriu: add single pre-dump support
119a79885 ci: disable glibc rseq support
9fd000c58 ci: use unstable release for cross-compile
0e04a3c6a libcriu: add setting lsm-mount-context to libcriu
af298353d usernsd: UNS_FDOUT should not require an input descriptor
efe5d9a12 Add documentation for --timeout option
583e8ca05 ci: enable x86 xsave fault injection tests back
1ba443982 x86/compel/fault-inject: print the initial seed
fc1eb01ff x86/compel/fault-inject: bound xsave features set
6186bfa0c test: another try to correctly fix the kernel version
d79d73e3a ci: install procps in Alpine
3eba68089 ci: Enable disabled unix socket related tests
94111596f sk-unix: Fix TCP_ESTABLISHED checks in unix sockets
6930d6a32 util: make page-server IPv6 safe
d57f27bc9 files-reg: try dump_ghost_remap if link-remap failed with error ENOENT
14075baf7 test: do not use --keep-going for single zdtm tests
a52185ffe ci: disable broken tests until fixed
4ab2facb2 make: Explicitly enable FPU on ARMv7 builds
d514bacb4 ci: Run cross compile with debian testing
4c1330bb0 ci: Run cross compile on debian stable
718eb06be clang-format: disable wrong struct pointer declaration format
858002483 zdtm: add ro-mount check after c/r to mntns_ghost01
17357d67f files-reg: temporary remount writable the mount we do unlink on
bd219b69a ghost/mount: allocate remounted_rw in shmem to get info from other processes
cfed6f35e files-reg: fix error handling of rm_parent_dirs
5a0943c90 files-reg: fix error handling in open_path
64b58b514 check: cleanup child processes
156cce78c ci: switch to centos-stream-8
c2fd81903 crtools: ignore SIGPIPE in swrk mode
a491706cc ci: Use latest Fedora for lint ci runs again
eb0dee408 seize: restore cgroup freezer to right state
781676f10 clang-format/zdtm: fix clang complains about strange elseifs
d2b6faf8f tests: improve the deterministic behavior of the test suite
94092ce00 zdtm.py: make tests with --link_remap exclusive
1f9e2c420 ci: disable socket-raw test on centos8
a9d9fb8aa clang-format: make x86_ins_capability_mask human-readable
4ff252656 cr-dump: fail dumping when zombie process with sid 0
26db7adbb clang-format: do automatic comment fixups
206479322 clang-format: do several manual comment fixups
bbfd9031a clang-format: enable AlignTrailingComments
718f4cae2 zdtm: make sock_opts02 also check lock change by SO_*BUF*
3a875cc4c zdtm: add test for socket buffer size locks
e69be16db sockets: c/r bufer size locks
ce5ce285a kerndat: check for set/getsockopt SO_BUF_LOCK availability
2bd709664 sockets: don't call sk_setbufs asyncronously
37a8090d8 tests: improve the image streamer process control
dae0704b6 ci: use Fedora 34 for lint CI runs
f7bc3bdc9 ci: fix userfaultfd test failures
d17eb325c ci: replace deprecated codecov bash uploader
c1659c386 net: optimize restore_rule() to not open the CR_FD_RULE image file twice
e3a853ab9 criu-ns: make pidns init first do setsid
c750e62ca util: use nftw in rmrf helper
485a83c11 tty: fix the null pointer of get_tty_driver
7ba4d3bf1 pie/restorer: remove excess hash printf specifier
bffaa7d07 ci: enable coredump tests
bf8382a80 make: enable lint for coredump
8aa769455 test/coredump: fix shellcheck errors
0b3cf5c9e coredump: lint fix visually indented line
3a689ed9a coredump: fix comparison to true
c1eab7d06 coredump: fix too many blank lines
baad88d5e coredump: fix missing whitespace around operator
579066633 coredump: lint fix for block comments
06306c8b1 coredump: drop exec permission
1b368238b coredump: drop unused variable
a92a7887a python: replace equality with identity test
c71a81a6b coredump: convert indentation to spaces
bf8a3c9f6 coredump: sort imports
a0b738cb8 coredump: remove unused import
1c866dbb5 Add new files for running criu-coredump via python 2 or 3
3180d35fa Add support for python3 in criu-coredump
f24360658 criu(8): Add more detailed description about --tcp-close dump option
abf6b15c1 zdtm: Dumping/restoring with --tcp-close on TCP_CLOSE socket
795973055 tcp: Skip restoring TCP state when dumping with --tcp-close
74d1233b5 criu/files: Don't cache fd ids for device files
7b6239b6d criu/plugin: Implement dummy amdgpu plugin hooks
17e2a8c70 criu: Introduce new device file plugin hooks
dd46e7919 criu(8): add --external net option
be239109a github: update the stale version
Signed-off-by: He Zhe <zhe.he@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The NVD database uses version without a prefixing 'v'
for containerd.
e.g.
https://nvd.nist.gov/vuln/detail/CVE-2022-23648
So we need to explictly set CVE_VERSION.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
| |
This makes the main recipe more readable, and allows us to
clearly see changes to the SRC_URI and the main recipe
separately.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping nerdctl to version v0.18.0-61-g48f189a, which comprises the following commits:
8385be4 add test case for nerdctl inspect to check mounts field
a766555 show mounts info for nerdctl inspect
1547f73 Add flag ipfs-address to push to remote IPFS node
2db1039 update stargz-snapshotter (0.11.4), IPFS (0.12.2)
7b1c33d Import NOTICE from Docker/Moby
bc66bfa CI: upload go-mod-vendor.tar.gz as a backup
43f7b6b Dockerfile: update Ubuntu to 22.04
6c22944 Follow-up to `Support --init argument in nerdctl run command`
a8c3de4 Bump github.com/moby/sys/mount from 0.3.1 to 0.3.2
c4cf6a0 Bump actions/checkout from 3.0.0 to 3.0.1
90a91d2 Bump github.com/compose-spec/compose-go from 1.2.2 to 1.2.4
839faf5 Added volume remove fixes(issue #971)
f8272ed Support --init argument in nerdctl run command
175923e Export OS Platform and Arch information in `nerdctl version` command
b3504ce feat: container image build ci for push image to github registry
8dc5fc5 seccomp: relax restrictions depending on --cap-add
65170cb Bump actions/setup-go from 2 to 3
fe6a7e8 inspect: add type flag to inspect command
ac58d8c CI: relax timeout
96b5e49 nerdctl wait: fix flakeness and error handling
ba0624d Deflake TestComposeKill
401b541 update BuildKit (0.10.1)
1a3dfe9 Bump github.com/containerd/continuity from 0.2.2 to 0.3.0
800d9ee Bump github.com/ipfs/go-ipfs-http-client from 0.2.0 to 0.3.0
72a2923 Bump github.com/ipfs/interface-go-ipfs-core from 0.6.1 to 0.6.2
7c78e79 Bump github.com/compose-spec/compose-go from 1.2.1 to 1.2.2
8941220 update runc (1.1.1)
6fdf4d1 go.mod: vishvananda/netlink v1.2.0-beta
457317a build: fix `content digest ... not found` for built multi-platform image
500f039 Bump github.com/compose-spec/compose-go from 1.1.0 to 1.2.1
929298c Format created to be compatible with docker inspect
0564fc1 Remove orphan containers before the service has be started
b66451e update RootlessKit (1.0.0), imgcrypt (1.1.4)
50cbdfc Add check of snapshotter when sharing images
9c3cca2 docs: clarify availability of optional features
e45c8ea Bump github.com/docker/docker
589fc27 Bump github.com/docker/cli
6f5d0d2 Bump github.com/ipfs/interface-go-ipfs-core from 0.6.0 to 0.6.1
4372842 Fix nerdctl ignores BUILDKIT_HOST
0c334bd Support assign static IP address in `compose up` command by using ipv4_address field
facc229 CI: set fail-fast to false
fcdaa2e Add a document about setting up `nerdctl build` with BuildKit
ae1399a CNI: switch away from `isolation` plugin to `firewall` plugin with `ingressPolicy`
0cb1fe6 update containerd (1.6.2)
7f13c20 Fix `nerdctl build` logs error even when succeeds
8e3923c Bump github.com/containerd/go-cni from 1.1.3 to 1.1.4
d948091 avoid nil authconfig && display warning msg for unencrypted passwd
d8167e0 docs: clarify that P2P image distribution (IPFS) is completely optional
ba88f62 update CNI plugins (1.1.1), stargz-snapshotter (0.11.3), IPFS (0.12.1)
19bf1d3 enhance namespace management
1231875 push: skip foreign layers
87aa769 Support --ip argument when run the container
8ec0672 rootless: Support BuildKit containerd worker
21d0350 Bump github.com/ipfs/interface-go-ipfs-core from 0.5.2 to 0.6.0
debe171 CI: remove integration test with contianerd v1.4.5
fb0339e build with go 1.18
c0e0edf fix login on defaultRegistry
7e68a87 Support fallback to plain http in nerdctl login
7cb387d Follow-up to `Add GitHub issue templates`
701a55c Add GitHub issue templates
a9e5022 Windows CI: install git
2bcbdcb refactor netutil
b75b86c Bump github.com/docker/cli
94d9169 Bump github.com/spf13/cobra from 1.3.0 to 1.4.0
04199ec Bump github.com/docker/docker
12ca1b0 fix make failed when use go1.16
3e073bc build(deps): bump github.com/containernetworking/plugins
802db60 Update the README.md to remind people to upgrade the Go version
f20ef09 add macvlan/ipvlan doc for cni
d56bdd6 pkg/portutil: improve rootless error message
b154105 update stargz-snapshotter (0.11.2)
3f1ffe2 Support allocate host port when try to run container
9c14a02 CI: temporarily remove FreeBSD integration tests
0e7ddc9 Attempt to deflake TestPushInsecureWithLogin
1b1f1df build test-integration image in arm64
1dcc70c update containerd, CNI plugins, IPFS, Stargz Snapshotter
e8f7b6a Bump github.com/compose-spec/compose-go from 1.0.9 to 1.1.0
63ba16a Bump github.com/containerd/containerd from 1.6.0 to 1.6.1
b6850ff Bump golangci/golangci-lint-action from 2 to 3.1.0
f4d689d Bump actions/checkout from 2 to 3
f15e589 add ipam-driver and ipam-opt flags for create network
47190c4 Separate network code
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
K3s (and Kubernetes) supports load balancing via IPVS, and by default reports
errors when IPVS kernel modules cannot be loaded.
This patch adds the missing reported kernel modules to the k3s recipe:
* ip-vs
* ip-vs-rr
* ip-vs-wrr
* ip-vs-sh
The modules are configured by including the ip_vs kernel feature.
Signed-off-by: Richard Neill <richard.neill@arm.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
On some build hosts, one of our downloaded depedencies matches
patch.bbclass' regex, and is then thought to be a patch. That leads
to errors as follows:
Compiling k3s failed with:
do_patch: Importing patch 'github.com.andreyvit.diff' with striplevel '1'
We add a noapply to the SRC_URI to ensure that it is not considered
a patch.
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The shortlog of the previous uprev incorrectly stated that
1.23.x was the target. There are issues remaining with that
version, so the uprev was contained to 1.22.x
We also typically do NOT use the exact release tag, since
fixes are continually arriving post release, and with the
extensive go mod vendor process, it doesn't accurately
represent the version.
As such, we switch to: v1.22.6+k3s1+git${SRCREV_k3s}, for
finer grained version tracking.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
| |
Add the curses/terminal control application for podman.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping kubernetes to version v1.23.6-rc.0-16-gfbcfa330181, which comprises the following commits:
1e8f6d51484 Copy request in timeout handler
edd7a386c61 kube-up: use registry.k8s.io for containerd-related jobs
3194c87ba25 e2e: Wait only for the service account
a62ee8e5c3b e2e: Wait for kube-root-ca.crt to be created
651b1fa1cce Include pod UID in secret/configmap cache key
33d089b173c Move kubelet secret and configmap manager calls to sync_Pod functions
7f02733e4d8 test: Verify that nodes do not transition to Failed while ready
77865d3db93 test: Add E2E for job completions with cpu reservation
b51d11be7a4 test: Add E2E for init container pod deletion
290cdbf8792 kubelet: Delay writing a terminal phase until the pod is terminated
914475e2e9f Update CHANGELOG/CHANGELOG-1.23.md for v1.23.5
b3b64745789 Release commit for Kubernetes v1.23.6-rc.0
c285e781331 Release commit for Kubernetes v1.23.5
01c2f1c6420 Remove apf_fd from httplog
c52cd9c5920 Update Go to 1.17.8
1a897af197a cluster/gce: update konnectivity image tags to v0.0.30
d741174d7e1 bump sigs.k8s.io/apiserver-network-proxy/konnectivity-client@v0.0.30
0b8199041d1 fix dryrun when ca file exists
903f164b679 fix regression introduced by PR 100320
56bfc202e45 Add unit tests
a5faf0b5ce2 Fix nodes volumesAttached status not updated
4c85abf90bb Fix default config flags
1570a75766b test/e2e/framework: include the new control plane taint
60cd43c44e0 kubelet: Clean up a static pod that has been terminated before starting
33863be9478 Add an e2e test for updating a static pod while it restarts
621894de9d6 cronjob_controllerv2: do not filter jobs to be reconciled by labels
c9f904304d9 kube-proxy: fix duplicate port opening
f783e573f11 increase Azure ACR credential provider timeout
ba2cd0ca3db Updating EndpointSlice strategy to retain node name in topology until field is set
4e69dd88613 fix: do not return early in the node informer when there is no change of the topology label.
68ea240512a /test/e2e_kubeadm: adjust label checks for 1.23
2efffd62367 Ignore container notfound error while getPodstatuses
9f5e25033b6 Update CHANGELOG/CHANGELOG-1.23.md for v1.23.4
d4b2d8cf961 Release commit for Kubernetes v1.23.5-rc.0
e6c093d87ea Release commit for Kubernetes v1.23.4
949798fe712 Add PDB selector patch integration test
47fc5aea4a2 Revert v1beta1 PodDisruptionBudget select patchStrategy
ef293a9ee95 test/e2e_kubeadm: fix matching UnversionedKubeletConfigMap defaults
799ffd58065 kubeadm: fix the bug that 'kubeadm init --dry-run --upload-certs' command failed with 'secret not found' error
c465ceccb32 Update Go to 1.17.7
f0eac451011 Use serializable struct for x-kubernetes-validations in openapi
02d1a291c8b Make JSON schema round tripping test more strict
30eff360132 ignore CRI PodSandboxNetworkStatus for host network pods
34a8474e600 set secondary address on host-network pods
14c399ec5e3 Deeply copy JSONSchemaProps.XValidations.
9fe0c40c8e5 wrap error from RunCordonOrUncordon
0d487176d3a Ensure the execHostnameTest() compares hostnames
733c0ebc7c3 Revert "Fix comparison between FQDN and hostname"
ebfa08cd39b service REST: Call Decorator(old) on update path
92d09f90c01 add namespace in azurefile volumeid
5830d1474ff fix: azurefile volumeid conflict in csi migration
bce4e5ba5b1 Mark device as uncertain if unmount device succeeds
4b868d09c98 Update CHANGELOG/CHANGELOG-1.23.md for v1.23.3
72506a8439c Release commit for Kubernetes v1.23.4-rc.0
816c97ab8cf Release commit for Kubernetes v1.23.3
f2c6108f462 kubelet: fix podstatus not containing pod full name
398effdfe0d Fix bug with node restriction blocking pvc.status.resizestatus change
6d08a56228a Fix regression pruning array fields with x-kubernetes-preserve-unknown-fields: true
996d8fca977 Set max results if its not set
9c31df589b7 Update CHANGELOG/CHANGELOG-1.23.md for v1.23.2
918dd8343f0 Release commit for Kubernetes v1.23.3-rc.0
9d142434e3a Release commit for Kubernetes v1.23.2
4935e0a527e Update k/utils to v0.0.0-20211116205334-6203023598ed
38e9dce15f4 [go] update to Go 1.17.6
28ad5463fda fix: remove outdated ipv4 route when the corresponding node is deleted
dfea07a3b04 fix: delete non existing disk issue
65b309c76d8 Revert "Automated cherry pick of #107554: Correct the feature gate string for RBD migration."
677eae51666 fix containers order after applying
89d8be52ef4 generated: ./hack/update-vendor.sh
04f3c5793c1 upgrade sigs.k8s.io/structured-merge-diff/v4 to v4.2.1
8c8fe66f7aa Execute sync before taking the snapshot
4b1d9d80da7 Correct the feature gate string for RBD migration.
50e813278cd fix: azuredisk parameter lowercase translation issue
879947434c0 removed unnecessary log line
88249a973a8 kubectl: add integration test for result reporting
16a4de9268a cli: let kubectl handle error printing
c5365784330 cli: avoid logging command line errors in more cases
26dae30f913 Fix header mutation race in timeout filter
81c8d0aad93 clear pod's .status.nominatedNodeName when necessary
f61c4b18c42 use node informer to check volumes attachment status before backoff
f4ba875cdfd When volume is not marked in-use, do not backoff
e36b9382ecd kubeadm: remove the restriction that the ca.crt can only contain one certificate
f4835a2cd3e flake fix: remove the error handler for cronjob integration test
962ab763c5e Fix the leak of vSphere client sessions
cc6c36f286d client-go: Clear the ResourceVersionMatch on paged list calls
d42a44fcb2f Enabling kube-proxy metrics on windows kernel mode
e6a8826e992 Remove JSON logging performance regression
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The significant commit in this series is:
0e72260df4 delete vendor dir
Which means that we completely have to revamp the recipe to build
without go accessing the network to pull in dependencies. This is
an initial effort, and it is acknowledged that it isn't efficient
or fast, due to the number of fetches and I/O required to complete
the population of the vendor/ directory.
The recipe can be iterated and made more efficient over time.
Bumping k3s to version v1.23.1+k3s1-11-ge7464a17f7, which comprises the following commits:
e7464a17f7 Fix use of agent creds for secrets-encrypt and config validate
8d8c8b0c6b Don't skip the dev image when skipping airgap
31f1a00b6f Fix a typo: advertise-up -> advertise-ip (#4827)
2ac8df3602 Integration tests utilities improvements (#4832)
612a9412fd Enable make generate to use dapper and standardize go and gzip versions (#4861)
66eeabbdfc linter doesn't actually run on windows, found these while getting it running on a windows machine
142b1d96f4 Update channel.yaml for 1.23
ff49dcf71e Export default parser
d0f7e23328 Require integration test to be run as sudo/root (#4824)
a02db0f2fa Fix cgroup smoke test (#4823)
08d538fb3a Update golang
87395e32d6 Update modules for Kubernetes v1.23
6656d48415 Add tests to use vagrantfile (#4722)
70902209b9 Bump stable to v1.22.5+k3s1 (#4821)
3ee3ecb3ac package rename wasnt approved yet, backing out cruft that snuck into last pr
a5c6e6a68a Fix panic checking name of uninitialized etcd member
52e450f033 Add etcd sonobuoy tests
9919f229b6 Add variable to enforce max test concurrency
247298a20d Fix previous channel detection
6872e7da25 More codespell ignores
3ae550ae51 Update bootstrap logic to output all changed files on disk (#4800)
0e72260df4 delete vendor dir
e6cf8f5982 code changes to drop the vendor dir
4eb282edac Move flannel logs to logrus
2e91913f54 Close agentReady channel only in k3s (#4792)
8ad7d141e8 Close etcd clients to avoid leaking GRPC connections
588d15db8f Remove Disables, Skips and DisableKubeProxy from the comparing configs
555dfc54db Add initial skeleton ADOPTERS.md to better track large use cases (#4764)
baf865b836 Add ADR
6f4217a340 Build standalone containerd
8737e2e13f Build script cleanups
89e63972e9 Bump k3s-root to v0.10.1
17eebe0563 Fix cold boot and reconcilation on secondary servers (#4747)
73725a0882 docs: adrs: Dual-stack in network policy agent
d71b335871 Fix snapshot restoration on fresh nodes (#4737)
bf4e037fcf Resolve Bootstrap Migration Edge Case (#4730)
2f3bfc27c0 Add in docs/adr to ensure we capture decisions properly during design calls (#4707)
a6fe2c0bc5 Resolve restore bootstrap (#4704)
a70487d5ae Update wharfie usage in windows code path
3985fd0e26 [master] Add validation to certificate rotation (#4692)
e8a30a87c8 Bump runc to v1.0.3
eb068da7f3 Add `SKIP_AIRGAP` enviroment variable for make (#4688)
8f389ab030 Include node-external-ip in serving-kubelet.crt SANs (#4620)
bcb662926d Secrets-encryption rotation (#4372)
1b3187ea07 Check HA network parameters
7d3447ceff Bump wharfie to v0.5.1 and use shared decompression code
05d43278e2 bump kine to v0.8.1
3b6a3fe905 Update dynamiclistener
a8f7e9f7e8 Nighlty automation vagrant rework (#4574)
a0208058ae Bump stable to v1.21.7+k3s1 (#4636)
77fd3e99ec Add cert rotation command (#4495)
1e6e4db2bc Update maintainers list (#4622)
d05c334a78 Improved cleanup for etcd unit test (#4537)
ae4a1a144a etcd snapshot functionality enhancements (#4453)
0c1f816f24 go generate
a7ba3e14ff Add package version to traefik helm chart
7685da3e24 Improve flannel logging
d93c82f958 [master] Bump golang and containerd (#4538)
65110a4eec [master] Bump Kubernetes to v1.22.4-k3s1 (#4536)
03485632ea Fix regression with cluster reset (#4521)
ef263bd2b0 Improved regex for double equals arguments (#4505)
535a919635 Removed value from warning about skipping flags (#4491)
c77efe64e1 tests/vagrant: refactor vagrant smoke tests (#4484)
f18b3252c0 [master] Add etcd extra args support for K3s (#4463)
41ff19de71 Feature: Add CoreDNS Customization Options
4b57951fb0 Fix to allow etcd-snapshot to use config file with flags that are only used with k3s server. (#4464)
5ab6d21a7d Increase agent's apiserver ready timeout (#4454)
bc7cdc78ca go generate
2e9358934d Add dashboard annotations to Traefik helm chart
5d168a1d59 Allow svclb pod to enable ipv6 forwarding
adaeae351c update bootstrap logic (#4438)
d85b2468ea Corrected skip check for dualstack on CI (#4427)
559c8ad94b install: /usr/sbin/transactional-update (#4403)
7bd65047c3 Match to last After keyword for parser (#4383)
8915e4c7f7 Replace gzip with pigz for faster builds (#4411)
0a5c6b1088 Remove unit tests from drone CI (#4424)
36c6634cce [master] updating to new signals package in wrangler (#4399)
f1d6e9bc4b install.sh: fix path detection for sle-micro (#4398)
86c6924119 containerd: v1.5.7-k3s2 (#4387)
f7dcc139ff Bump klipper-lb image for arm fix
aa3332085f Update k3s CI to run all integration tests (#4358)
94c1b988ca Enable Epics Action to automatically check off child issues in an epic (#4353)
f1622129e4 refactor: Use plain channel send or receive
f9f1cabe9c Fix log/reap reexec
702fe24afe containerd/cri: enable the btrfs snapshotter (#4316)
3da1bb3af2 Fix other uses of NewForConfigOrDie in contexts where we could return err
5acd0b9008 Watch the local Node object instead of get/sleep looping
3fe460d080 Block scheduler startup on untainted node when using embedded CCM
52eb6cac1c install.sh: initial support for sle-micro (#4331)
91cf835ec3 Update to v1.22.3 (#4354)
7c3f21e581 K3s Integration test fixes (#4341)
ab3d25a2c5 Update peer address when running cluster-reset
0a0b915921 reset buffer after use (#4279)
02a314c69a Bump klipper-helm version
918945da45 Added configuration input to etcd-snapshot (#4280)
72a1925a34 install.sh: capture quoted environment variables (#4275)
6e410fad49 Update to the newest flannel
b5b7033afd Bump klog fork version
e11a4bf8bb set duration to second (#4231)
0452f017c1 Add etcd s3 timeout (#4207)
34080b23b1 Copy old bootstrap buffer data for use during migration (#4215)
dbc14b8990 Fix race condition in cloud provider
5a923ab8dc Add containerd ready channel to delay etcd node join
6b4d75d245 maintainers: add Manuel and Michal (#4193)
b282528ee2 Display cluster tls error only in debug mode (#4124)
dc18ef2e51 Refactor log and reaper exec to omit MAINPID
d6b6a3ee9f vagrant: Add Ubuntu 21.04 support
5e01201195 vagrant: Update package list for Ubuntu
e420583684 vagrant: Add support for vagrant-libvirt
f830d09d6e vagrant: Change OS environment variable to DISTRO
feec44572d Improve error message when using a "K10" prefixed token (#4180)
ac7a8d89c6 Add ability to reconcile bootstrap data between datastore and disk (#3398)
9e787bfacb moving fossa to being inline step with a sles image
b6919adf62 Add "etcd-" prefix to etcd-snapshot commands as aliases (#4161)
00cf4578ec Dual-stack support LB controller
1f7151ed2f Update stable to v1.21.5+k3s2
9b35734e1a Add topologySpreadConstraints to support scaling of coredns
e24e1332fd Bump containerd to v1.5.7+k3s1
12e675e2cc Don't evacuate the root cgroup when rootless
cd5002ea37 Skip tests that violate version skew policy
5d1a37ee32 Send MAINPID to systemd when reexecing for logfile output
a16105b348 Properly handle operation as init process
f4cea90cb9 set transport to skip verify if se skip flag passed (#4102)
fd495a6a5f Bump stable to v1.21.5+k3s1 (#4068)
87524a7ac7 Enable the inheritance of settings for ipv6
4ec71b360c Adding fossa anaylze/test drone step
73e21e739f Drop broken SupportNoneCgroupDriver support
8005885bad Add 1.22 channel
539e224159 Update build images to python3 for compat with recent gsutil change
b99b943c17 Use the new klipper-lb image that has newer go and Alpine versions
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Along with the commit summary below, we have the following changes:
- refresh the GO cross compiler patch context
- add new go dependency package symlinks
- only build the 'tool', since that is all we need
- fix the build error of:
cannot find package runtime/cgo (using -importcfg)
...
recipe-sysroot-native/usr/lib/aarch64-poky-linux/go/pkg/tool/linux_amd64/link:
cannot open file : open : no such file or directory
by setting the GO_BUILD_FLAGS appropriately for our static and -pie
configuration
Bumping runtime-tools to version v0.9.0-75-g0105384, which comprises the following commits:
8927281 Add syscall "statx" in seccomp to fix Operation not permitted
a202491 spec generator support setting unified
30cecc1 validation/linux_rootfs_propagation: fix
10d2584 runtimetest: validateRootfsPropagation: fixes
8b26e24 validate: rm Clean() arguments
3fb1264 validation: fix Cleanup
14cd51e Makefile: replace TAP with TAPTOOL
adcb290 Fix hanging on runc create.
5ce2cac cmd/runtimetest: fix NewPid deprecation warning
8e1a3b5 deps: bump github.com/syndtr/gocapability to latest
543268b deps: github.com/hashicorp/go-multierror to v1.1.1
4b164a1 deps: bump github.com/opencontainers/selinux to v1.9.1
ee9c051 deps: bump github.com/mrunalp/fileutils to v0.5.0
01a6f47 deps: bump sirupsen/logrus to v1.8.1
abcb94d deps: switch to google/uuid
2253869 validation/.gitignore: fix
953e752 MAINTAINERS: add @kolyshkin
221e5ea deps: bump github.com/xeipuuv/gojsonschema to v1.2.0
67884fc validate: prepare for new xeipuuv/gojsonschema
09d837b Change /dev to be mounted by default with /noexec
10c865d ci: re-add commit subject length validation
a22a894 ci: add golangci-lint run
a7cecde Add*Hook: do not return errors
c0037c9 runtimetest: silence errlint on unix.Unmount
9505f16 Explicitly ignore errors from YAML
fec9c3c validation: fix Clean
0ab61ae validation: fix/rename ReadStandardStreams
6f4b5ba validate: fix staticcheck linter warning
6a9ad7c runtimtest: fix validatePosixMounts
44e9496 Fix "addr cannot be nil" staticcheck linter warnings
d38bd63 Fix deprecation warnings from staticcheck linter
1826c32 Fix gosimple linter warnings
e36f98f Fix deadcode linter warnings
112c88c Makefile: use fancy git commit ids
16dfbbd Makefile: add/use BUILD_FLAGS
5432bc4 ci: replace travis with gha ci
fab664e Makefile: rm gofmt and golint, simplify gotest
98b2d35 Run make .gofmt
0e5956d Switch from Godeps to go modules
71a5e7c generate: add --linux-intelRdt-closid option
4f51ef9 validation: read pid in PostCreate
6502e57 Fix build of hugetlb tests on 32-bit platforms
10f8f55 generate: fix type for Umask
8f1e958 Remove spurious WARNING message
43243fe Add missing interface to set init processes Umask
120c67a AddDevice(): better diagnostic when creating dup
2affd45 Add missing clone rule for s390x.
be9f6f1 Update hugetlb tests to be more portable
5a98426 Fix cgroup hugetlb size prefix for kB
cd1349b Improve performance of AddProcessEnv
73e9a99 update Mashimiao email in MAINTAINERS
ee63cfa release v0.9.0
0d022f7 Makefile: add rule to print validation-tests
6212483 delete: reduce check waiting time
3abdc1f kill: cleanup container on error
4db38e4 oci: kill process before delete
1c40e59 seccomp: add TAP plan to the output
dd39124 validate: check mount label only for bind mounts
6fd7866 misc: use different objects for the different tests
e83ba34 capabilities: correctly add not existing capability
9585ecb adding security and CoC links
6dae2f0 Simplified code
2e8216d validation: add apparmorProfile validation
b113b38 runtimetest: add apparmorProfile validation
743b0b3 validation: add mountLabel validation
3bc60a4 Windows: Typos and incorrect defaults
20302da add selinux deps
555c03d validate: add mountlabel validation
a2df8d9 runtimetest: add mountlabel validation
b90e5bc generate: add oci-version option
00f6e86 Modify the corresponding test according to hashicorp/go-multierror v1.0.0.
b005481 Godeps: update hashicorp/go-multierror
1f0579c hack: drop -dev from runtime-spec version
b1c11da fix up vm parameters
9f6de4d generate: add process-cap-drop option
192a8eb generate: add process-cap-add option
575c8a0 man: Add some instructions and examples to some commands.
9f55c07 generate: fix capabilities add/drop option
3fc5fcb generate: Verify the input values
146c5ee generate: add vm-image-format option
f5e59a3 generate: add vm-image-path option
0cd6663 generate: add vm-kernel-initrd option
3e43643 generate: add vm-kernel-parameters option
fc0fc84 generate: add vm-kernel-path option
73f6711 generate: add vm-hypervisor-parameters option
9b1de8c generate: add vm-hypervisor-path option
e980d2f generate: add windows-devices option
f5556a8 update to golang 1.11
58f2a15 Initialize Config Windows Network
a4a33d4 release v0.8.0
c291c2a Add generate.New support for Windows.
2974f2e readme: fix wrong filepath
fb101d5 Expose Windows namespace
4615fa4 /proc should be mounted with nosuid, noexec, nodev to match the host
30a03ab Fix test
c48ee5c Vendor in windows runtime-spec changes
d5be152 validation: mounts: fix condition of source & type check
069db1a validation tests: use new RuntimeInsideValidate
270145a RuntimeInsideValidate: can now be called several times
4b49cba devel guidelines: update TAP documentation
caa32a1 validation: Implement DeleteOnlyCreatedRes
e86b898 MAINTAINERS: remove philips
dcadcca Makefile: add generate to gotest
ae94592 release v0.7.0
6c943e8 validation: Implement DeleteResImplement
fab1de6 validation: use t.Fail when checking for main test errors
06591d3 travis: add go 1.10
68b7caa mountinfo: parse empty strings in source
a6e6aff validation: check for masked block, char devices, fifo
99c5e91 validation: check for invalid symlink inside container
234933b validation: check for a masked relative path
303ae30 validation: check for read-only block, char devices, fifo
e60cd06 validation: check for invalid symlink inside container
5dd461f validation: check for a read-only relative path
d9febe1 validation: more test cases for masked paths tests
91f2983 validation: more test cases for readonly paths tests
e2d34c1 validation: add more test cases for private & slave propagations
94f1f84 validation: squash rootfs propagation tests into a single file
708de67 runtimetest: improve logic for checking for file modes
2c9b929 runtimetest: correctly check for a readable directory
0a7749a validation: test with different test cases for hugetlb cgroups
ef113d1 validation: add different test cases for blkio cgroup tests
cf9decf validation: add more test cases for linux_cgroups_network
acaa992 validation: test linux_cgroups_cpus with different values
871f0eb validation: test linux_cgroups_memory with different values
279a194 validation: allow RuntimeOutsideValidate to take a tap parameter
58ea84a fix some misspells
c887efb fix generate test in calling generate.New
cf7b786 README: fix broken links to documentation
cd3faf9 validation: fix nil dereference when handling multierror in hooks_stdin
1fb00d9 validation: use helper util.GetRuntimeToolsNamespaces()
0f52f9a validation: add a new test for NSPathMatchTypeError
ad0e97e validation: exclude user namespaces and cgroup namespaces
f64bed2 validation: add more signals to killsig test
613c5de runtimetest: check if /dev/ptmx is a symlink to /dev/pts/ptmx
582a909 validation: test validation test with an empty hostname
1ceca9e validation: use rfcError instead of specerror
a90cd2b validation: print out correct diagnostics based on specError
23c9a51 validation: sync with unshare by using select & time ticker
e132d37 validation: kill child processes by setting process groups
73358a3 validation: fix a bug when passing in namespace strings
c5c1422 validation: add test for NSProcInPath
1794938 validation: add cgroup devices validation
7c6996f check the status of the state passed to hooks over stdin
6cc92d0 validation: fix nil deferences in cpu & blkio cgroups tests
1c243a8 release v0.6.0
ef75900 validation/kill_no_effect: fix bug
3e3094d Add cgroupsPath validation
f7dd673 cgroups_v1: Correction parameters
2640f5c travis: fix fetch issue of golint
e830fa3 validation: split out pringDiag from testNamespaceInheritType
1ac1c02 validation: split out pringDiag from testNamespaceNoPath
7992f01 specerror: Add NewRFCError and NewRFCErrorOrPanic
d165658 validation: add more values for rlimits test
9152ff4 validation: create: don't skip errors on state
cc8ab2e doc: add developer guidelines
d7985e3 validation: add a new test for NSInheritWithoutType
5ce0ff8 validation: add a new test for NSNewNSWithoutPath
14e621c bash: add os
5d2dc61 validation: Implement ConfigUpdatesWithoutAffect
84a62c6 generate: Move Generator.spec to Generator.Config
2e6f6ab generate: Respect runtime.GOOS when generating default template
1917b8c validate: With --host-specific, compare config platform vs. runtime
e1ad3f0 README: Update to reflect granular TAP output
4b888f2 runtimetest: Use ModeType as the mask in the symlink check
732d438 validation: Use non-empty files in masked/readonly tests
20a71e4 runtimetest: Make TAP output more granular
b4014f8 validation/test-yaml: Drop this local experiment
7f50875 docs/command-line-interface: Require complete runtime coverage
fc1bcf5 fix process_user validation
7c5f941 generate: add process-username option
83d367b validation: add process_user validation
0ddb5cd kill stopped container generate error
73964f2 add hooks stdin test
a79a1cb add test case for KillNonCreateRunHaveNoEffect
ff399f1 contrib/rootfs-builder: Use $(cat rootfs-files)
0f3cf9d validation: LinuxUIDMapping: fix tests
984dbc8 Fix error messages in validation cgroup tests
d5630f7 validation: Implement ProcArgsApplyUntilStart
82836c8 validate: mv deviceValid to validate_linux
e99b47e Implement DevicesErrorOnDup
9e919c6 runtimetest: fix root readonly check
c9b4d66 runtimetest: count correctly TAP tests
a7f94a2 rootfs-386.tar.gz: Add with BusyBox v1.28.0
be8811c contrib/rootfs-builder: Support xz (and other) compression formats
eea2bc9 contrib/rootfs-builder: Support timestamps in stage3 dates
141f9ea contrib/rootfs-builder: Don't hit latest-stage3 when STAGE3 is supplied
4dfca7a contrib/rootfs-builder: add /proc, /dev, /sys in rootfs
b5e5322 contrib/rootfs-builder: fix busybox link list
79ae4aa validation: run CLI with correct argument order
e43d1ff return ErrorOrNil in bundle validate
4e999f2 runtimetest: fix uid_map parsing
d412a17 Fix condition in BlockIO test
8e42ca5 Add system validation
4e8dc67 add annotation and prop tests
ac12f97 Implement PosixProcRlimitsTypeGenError and LinuxProcCapError
0ec9fe6 validation: Add system validation
3401d41 validate: CheckLinux is platform dependent
0451545 validate: allow non-linux compatibility
536b713 Implement PosixProcRlimitsSoftMatchCur and PosixProcRlimitsHardMatchMax
198b3ff add 'delete' testcases
b456bda validation: Add error judgment to SetConfig
1cbf66a check RootOnWindowsRequired
e2fbc1b generate/seccomp: platform independent values
55d7e14 implement kill tests
899a400 generate: fix handling of permitted caps drop
4902e9c implement start operation tests
86869d1 validation: Increase err judgment
4947839 validation: implement PosixHooksCalledInOrder test
f48ae22 validate_test: add weightDevice test
27acd46 implement DefaultStateJSONPattern test
b25ef0d validate: implement DevicesErrorOnDup
87c5e52 release v0.5.0
e211fb5 validate: add logrus.Debugf to CheckJSONSchema
fb9511d validate: Add a non-nil test to CheckMandatoryFields
9177741 add tests when prestart/poststart/poststop hooks fail
5cbd8c7 don't overwrite hook which has a same path
9dca840 validate: add weightDevice validation
78fdf66 validate_test: Complement test
4fdf325 nil config support in lifecycle validate
09ddc02 add lifecycle validation
be390c4 change two LGTMs requirement to one
696b805 waiting until the container stopped in inside validation
ed2a4b3 add 'state' test
c76062f validation: Remove runc 'create' exit timing crutches
d8d2396 validation/util/container: Use ExitError for stderr
5e8b51e Add lifecycle testing function; Add pidfile test. Fixes #556
17486b4 Relax LGTM acquirement for PullApprove
0909a7f release v0.4.0
b5a43d1 validation/util/container: Use --bundle (and stop requiring BundleDir)
8769602 validate_test: add TestCheckMandatoryFields
7815111 cmd/runtimetest/main: Run validateDefaultDevices even with process unset
6ae0867 README: Link to the runtime API docs
fb19ae1 cmd/runtimetest/main: Loop for DRYer validateCapabilities
e85081a Makefile: Clearer warning on missing validation executable(s)
0c2e37e validation/util/container: Use a local UUID for stdout/stderr
a12de42 validation/create: Label the state ID comparison test
b880d57 *: Transition from tap Diagnostic(...) to YAML(...)
0c66fe9 vendor/github.com/mndrix/tap-go: Bump to 629fa407
7a4cb36 docs/command-line-interface: Add Runtime CLI Spec (#321)
c2f774c validation: add mount validation
625e232 Hooks should be passed in as rspec.Hook, not as a string.
48b7f56 Modify the legal value of the rootfs-propagation
5bb8754 runtimetest: add validateSeccomp
9144f82 generate: add windows-servicing option
ef277d6 generate: add windows-resources-storage option
4068d38 generate: add windows-resources-memory-limit option
93b5f72 generate: add windows-resources-cpu option
b285305 generate: add windows-network option
6a71d30 generate: add windows-layer-folders option
e9507da generate: add windows-ignore-flushes-during-boot option
df629e3 generate: add windows-hyperv-utilityVMPath option
8397b70 Add interface to remove mounts.
e266af5 generate: modify the function return value
e996b69 generate: add solaris-milestone option
fc48567 generate: add solaris-max-shm-memory option
3bca692 generate: add solaris-limitpriv option
4a9f3fa generate: add solaris-capped-memory-swap option
c9ef766 generate: add solaris-capped-memory-physical option
61884ee generate: add solaris-capped-cpu-ncpus option
01cf5e7 generate: add solaris-anet option
6f10352 AddMounts should be AddMount you are only adding a single Mount
9bcbe83 Recursive propagation flags should be legal to use
3bd8d43 validation/linux_cgroups_*: Generate TAP output
c94875e validation/util/test: Fix 'start' -> 'create' typo in error message
1094856 validation/util: Generic RuntimeOutsideValidate API
612c315 validate_test: perfect TestJSONSchema
8fb3e83 Add validation when host-specific is set
9db5ddf validate: change platform default value
8a09ee1 generate: Use non-null validation instead of initialization
10ede2c validate: Add a double guards to the call of the verification function
2f21180 filepath/clean: Add Windows support
17ce13a filepath/abs_test: Compare IsAbs with the standard library
60df768 filepath/clean_test: Compare with the standard library
f2e8be2 filepath/clean: Avoid a panic on abs-path with trailing ..
eb2ffab filepath/clean: Handle 'a/..' -> '.' case
4b20ce2 validate: fix CheckHooks
4d0a011 validate: fix CheckCapabilities
45068ce validate_test: add TestCheckHooks
34f773a validate_test: add TestCheckPlatform
7c09b4c add relative cgroupath test
1aebc09 update to support relative cgrouppath test
6351044 add cgroup network test for runtime
72e67e5 add cgroup pids test for runtime
b712995 add cgroup cpus test for runtime
f1e02ff add cgroup blkio test for runtime
432615a add cgroup hugetlb test for runtime
4a57b0f add cgroup memory test for runtime
07118a8 add runtimeOutsideValidate
9a56096 add cgroups package
0d75257 validate: remove duplicate verification
229722a validate_test: add TestCheckLinux
e7ee761 remove kernel limit for id mappings
f7b8c7e fix idmappings test
53da048 generate: add linux-intelRdt-l3CacheSchema option
ad47e7d Makefile: Change from prove to node-tap
0a919c0 validation/util/container: Remove bundle even if delete fails
e11b77f validation: Use prove(1) as a TAP harness
721fbce solve conflicting option problem
e409855 man: small fixs
58374ae remove --mount-cgroups option
74d6245 man: add manpage for option --mounts-add
6e78ff2 support json value for hooks
1c2dca0 generate: Move generate_test.go from validation
9422eec cmd/runtimetest/main: Use TAP diagnostics for errors
ca332ae runtimetest: fix nil dereference
cdf38ca validate: fix nil deference
3e82a0a add all left behind container inside tests
9a69e14 add preFunc
39f3f74 runtimetest: add host platform validation
7026311 runtimetest: add rootfs propagation test
adf1844 generate: fix error return
d327e0b generate: fix DropProcessCapability*
b5c45de generate: remove redundant code
5557d36 add more test cases for default runtime validation
9f47cbe remove debug info
68e7720 generate: change process-tty to process-terminal
045bc5f generate: fixed seccompSet
8765570 runtimetest: add posixValidations
45b2686 runtimetest: add validateUser
cc5bf05 runtimetest: fix process validation
6c98b46 runtimetest: Raise ConfigInRootBundleDir for missing config.json
95e0d95 runtimetest: Make validateRlimits silent on Windows
2746c06 move validateRlimits to defaultValidations
3c9cdc5 runtimetest: fix error return
630f06a validate_test: add cwd check to TestCheckProcess
3a46197 add version file
e08f842 release v0.3.0
90ace62 translate RFC errors
a171213 redefine error code as int64
3a97b98 translate more RFC errors based on specerror
87d3df2 complete RFC codes of runtime.md
ccef443 generate: add mounts related option
64c5ef8 complete specerror of config-linux.md config-windows.md
6df06d9 validation: add a generate smoke-test
a6f475f config: correct rootfs default
de08605 validate: allow unset "type" fields in resource devices whitelist
7553161 validate: Soften unrecognized rlimit types to SHOULD violations
b446e38 add specerror framework; complete rfc errors of bundle.md and config.md
19b061c generate: fix nil deference
6d2dbbc runtimetest: fix nil deference
0b49b01 man: fix typo
6089f63 specerror: Add SplitLevel helper
a9dbd7e cmd/oci-runtime-tool: Implement --compliance-level
286d437 fix compile issue
310bac8 bash: fix commands
6dabb9b generate: fix rootfs-propagation
93ba5a2 bash: fix rootfs-propagation
4beb2a6 validate: fix cap validation
ed4adc3 travis: update go versions
19ae238 CHANGELOG: Document changes since v0.1.0
f172006 release: v0.2.0
c3c8c02 rootfs-386.tar.gz: Add with BusyBox 1.25.1
894cae7 validate/validate: Linux rlimits extend the POSIX rlimits
6367e88 validation: Support per-architecture tarballs
ff5e578 contrib/rootfs-builder: Support multiple architectures
a94f1f6 contrib/rootfs-builder/Makefile: Ignore previous symlinks
8635532 contrib/rootfs-builder/Makefile: Raise errors from echo recipe
4f756fd Specific cap-drop command
ea55f9d Specific cap-add command
5cb6c48 rootfs.tar.gz: Bump to BusyBox 1.25.1
1a9532e generate: remove redundant content
567f1aa validate: add root.path validation when platform is windows
2cbb341 validate/validate_test: Add linux.rootfsPropagation checks
6e7da81 validate/validate_test: Better error messages for unexpected JSON Schema errors
4a705c6 validate/validate_test: Handle JSON Schema test not raising an error
16be985 validate: Delete the extra validation
b3fc8fe validate: add the validation of rlimit.type when platform is solaris
24a2327 validate: modify the condition of the deviceValid
cf64923 filepath: Add a stand-alone package for explicit-OS path logic
fa9842c Add manpages and bash-completion for --device-access-add and --device-access-remove
7f09e1b generate: add --device-access-add and --device-access-remove option
a9c6787 generate: support blkio related options
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping runtime-spec to version v1.0.2-79-g7ceeb8a, which comprises the following commits:
600a8bd cgroup ownership: clarify that some files may not exist
0608c1f Switch to GitHub Actions, CODEOWNERS, etc.
f4ef391 specify cgroup ownership semantics
104385d config-linux: MAY reject an unfit cgroup
411082c add youki to implementations.md
6641127 alphabetize the implementation list.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
