From 3dcd679bb111e5a0c39822943cdc04b63e6e92ad Mon Sep 17 00:00:00 2001 From: Bruce Ashfield Date: Wed, 8 Jan 2025 19:38:44 +0000 Subject: cri-o: update to v1.31.4-tip Bumping cri-o to version v1.31.4, which comprises the following commits: 8aa8c7e42 server: fix panic when default annotations are specified 88939baf2 version: bump to 1.31.4 284eb9327 config: add default_annotations 26bb3c96a Allow to remove pod sandbox on netns removal cf112c696 Disable actuated runners 0b449cebc version: bump to 1.31.3 ee2d73252 Fix container restore lint report 6aa6cbcb4 Only restore container if all bind mounts are defined 165504928 Add `--pull-progress-timeout` / `pull_progress_timeout` option d3f39eaa9 RuntimeHandler inheritance bug-fix c65eb63b1 RuntimeHandler inheritance c918a52d1 nix: don't build gpgme with `--enable-fixed-path` 677d91db3 version: bump to 1.31.2 f334f80c3 config: fix validation of allowed annotations e0fe09609 Cherry-pick changes from containers/storage/pull#2134 cae8a3ab5 Cherry-pick changes from containers/common/pull#2185 e9deb6cde version: bump to 1.31.1 b6226b8a3 config: pass down PullOptions from the storage configuration a673a7ca4 test: fix empty pinned_images test 7d4f035b5 tests: improve wait_for_log to allow multiple calls for the same message 2d27da0f3 image: serialize RegistryImageReferences when checking signatures 4b55a1107 Pin govulncheck to specific version to match Go version requirements abb6a439d Use nanosecond timestamp for evented pleg pod status fbd73b339 test: fix CR test by unsetting SIGNATURE_POLICY a379923f5 server/restore: mark signature validation incompatible with restore 1a9d36494 server: document difference between userRequestedImage/userSpecifiedImage 50075247a server: use imageID instead of a random digest 0dd7eaffe server: only check signatures if namespaced policy is defined ec8545d2d server: use cached restore value instead of recomputing 7a67eb72b store canonical ref differently 1444e69d9 test: fix crun-wasm test to handle requirement of user_specified_image 6edecf30e Image verificaiton for namespaced policies 9d3da707d Revert "contrib: temporarily move to crun 1.15 to fix CI" e54ea3407 Fix invalid syntax in test workflow fc262592f ci: run setup commands for e2e because they weren't done for some reason d24529f7d build(deps): bump the actions group with 2 updates efa1690c0 test: setup runtimes correctly so drop-ins work bfc509cd7 test: comment out ARM image digest as it's unused 45ee51d01 test: update memory limit tests to not be in image.bats 29803ef24 test: fix config test fe5bdeb3b gh actions: set crun instead of runc f174d5a3d oci: allow double delete 624b15b9c gh actions: spoof crun for unit tests on arm64 afe78eb68 config: refactor min memory handling a bit d2cb4e4ae config: update min memory to account for crun 5e21d495c config: default to crun c32f7b02a build(deps): bump crate-ci/typos in the actions group 2b8dfdf48 build(deps): bump github.com/opencontainers/runc in the gomod group 3fe3b4e81 build(deps): bump peter-evans/create-pull-request in the actions group d23951276 refactor seccomp f81fea25f Modify test case to verify blocking of clone 7d0d6ad49 Filter namespace creation args to clone in default seccomp policy cc8b071b1 build(deps): bump the gomod group across 1 directory with 3 updates f7fee64a7 build(deps): bump the actions group with 2 updates dd0cb08d8 Update golangci-lint to v1.60.3 for better go 1.23 compatibility 1f212dc7b Add Makefile help 9ad5c5aed Add additional bind mount to image volumes ff73a7a0b Fix Makefile `$PWD` when running using `sudo` 2c37d262f Make `prettier` target run in a privileged container 33fb00528 Fix lint b1bf40749 build(deps): bump google-github-actions/upload-cloud-storage 1beb59cb8 build(deps): bump the gomod group across 1 directory with 8 updates ba846966f config: add /dev/net/tun to default allowed devices 3ef7f9de4 build(deps): bump crate-ci/typos in the actions group f7e8682ef Add `{verify-}prettier` makefile targets 53d958fa3 Change default tracing endpoint to 127.0.0.1 9d1a5f437 build(deps): bump crate-ci/typos in the actions group 13e701563 build(deps): bump github.com/onsi/ginkgo/v2 in the gomod group e83973d7d Run prettier on supported files 8269859fd Make static build a GitHub action matrix 09bb40438 Change profile endpoint to 127.0.0.1 5f95cb5ce build(deps): bump the gomod group across 1 directory with 3 updates aa1ca0d47 build(deps): bump google-github-actions/auth in the actions group f83861120 build(deps): bump google-github-actions/upload-cloud-storage a8950ce30 Pass around more contexts in hooks and metrics 7472e56e9 Trigger `test` workflow after release branch fast forward 6fb6e8d16 Run the runtime RuntimeType validation first dff5305bb Avoid potential reallocs by pre-sizing some slices Signed-off-by: Bruce Ashfield --- recipes-containers/cri-o/cri-o_git.bb | 4 ++-- .../cri-o/files/0001-Add-trimpath-to-build-nri.test.patch | 15 ++++++--------- 2 files changed, 8 insertions(+), 11 deletions(-) diff --git a/recipes-containers/cri-o/cri-o_git.bb b/recipes-containers/cri-o/cri-o_git.bb index f04c4feb..9dd37da8 100644 --- a/recipes-containers/cri-o/cri-o_git.bb +++ b/recipes-containers/cri-o/cri-o_git.bb @@ -14,7 +14,7 @@ At a high level, we expect the scope of cri-o to be restricted to the following - Resource isolation as required by the CRI \ " -SRCREV_cri-o = "20c06a19cb395445620c31730c0f1a0a1922eaae" +SRCREV_cri-o = "33d75981bee230f791709975125d7386fe2c530a" SRC_URI = "\ git://github.com/kubernetes-sigs/cri-o.git;branch=release-1.31;name=cri-o;protocol=https;destsuffix=${GO_SRCURI_DESTSUFFIX} \ file://0001-Add-trimpath-to-build-nri.test.patch \ @@ -28,7 +28,7 @@ LIC_FILES_CHKSUM = "file://src/import/LICENSE;md5=e3fc50a88d0a364313df4b21ef20c2 GO_IMPORT = "import" -PV = "1.31.0+git${SRCREV_cri-o}" +PV = "1.31.4+git${SRCREV_cri-o}" inherit features_check ptest REQUIRED_DISTRO_FEATURES ?= "seccomp" diff --git a/recipes-containers/cri-o/files/0001-Add-trimpath-to-build-nri.test.patch b/recipes-containers/cri-o/files/0001-Add-trimpath-to-build-nri.test.patch index c6be41f0..c26e58fd 100644 --- a/recipes-containers/cri-o/files/0001-Add-trimpath-to-build-nri.test.patch +++ b/recipes-containers/cri-o/files/0001-Add-trimpath-to-build-nri.test.patch @@ -13,19 +13,16 @@ Signed-off-by: Peng Zhang Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -Index: cri-o-1.31.0+git20c06a19cb395445620c31730c0f1a0a1922eaae/src/import/Makefile +Index: cri-o-1.31.4+git33d75981bee230f791709975125d7386fe2c530a/src/import/Makefile =================================================================== ---- cri-o-1.31.0+git20c06a19cb395445620c31730c0f1a0a1922eaae.orig/src/import/Makefile -+++ cri-o-1.31.0+git20c06a19cb395445620c31730c0f1a0a1922eaae/src/import/Makefile -@@ -169,7 +169,7 @@ test/checkcriu/checkcriu: $(GO_FILES) +--- cri-o-1.31.4+git33d75981bee230f791709975125d7386fe2c530a.orig/src/import/Makefile ++++ cri-o-1.31.4+git33d75981bee230f791709975125d7386fe2c530a/src/import/Makefile +@@ -213,7 +213,7 @@ $(GO_BUILD) $(GCFLAGS) $(GO_LDFLAGS) -tags "$(BUILDTAGS)" -o $@ ./test/checkcriu - test/nri/nri.test: $(wildcard test/nri/*.go) + test/nri/nri.test: $(wildcard test/nri/*.go) ## Build the NRI test binary. - $(GO) test --tags "test $(BUILDTAGS)" -c ./test/nri -o $@ + $(GO) test --tags "test $(BUILDTAGS)" -c ./test/nri -o $@ ${TRIMPATH} - bin/crio: $(GO_FILES) + bin/crio: $(GO_FILES) ## Build the CRI-O main binary. $(GO_BUILD) $(GCFLAGS) $(GO_LDFLAGS) -tags "$(BUILDTAGS)" -o $@ ./cmd/crio --- -2.34.1 - -- cgit v1.2.3-54-g00ecf