Age | Commit message (Collapse) | Author |
|
Upgrade to release 0.17.0:
- Make dotenv get <key> only show the value, not key=value
- Add --override/--no-override option to dotenv run
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Upgrade to release 6.2.0.156:
- Improved CPU metric sampling
- Improved memory metric sampling
- Increased custom attribute limit from 64 to 128
- Fixed a TypeError with Uvicorn and unix sockets
- Fixed a crash when using a FIPS compliant system with Cross
Agent Tracing enabled
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Upgrade to release 1.8.7:
- Decoding deflate-encoded responses now supports data which is
packed in a zlib container as it is supposed to be. The old,
non-standard behaviour is still supported.
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Upgrade to release 2.7.2:
- Update our CI to catch issues with sdist generation,
installation and testing.
- Add missing test suite fixtures directory to MANIFEST.in,
reinstating the ability to run Paramiko's tests from an sdist
tarball.
- Remove leading whitespace from OpenSSH RSA test suite static
key fixture, to conform better to spec.
- Fix incorrect string formatting causing unhelpful error message
annotation when using Kerberos/GSSAPI.
- Fix incorrectly swapped order of p and q numbers when loading
OpenSSH-format RSA private keys. At minimum this should address
a slowdown when using such keys, and it also means Paramiko
works with Cryptography 3.1 and above (which complains
strenuously when this problem appears).
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
As part of this update to crun, we now much run autogen.sh before
running configure.
Otherwise, these are incremental changes and comprise the following
commits:
9effaeb On exec, honor additional_gids from the process spec, not the container definition
c25a2db tests: add explicit python3-pip dependency
e67a756 NEWS: tag 0.19
18c0274 gitignore: update
471a7b8 libocispec: update from upstream
f642968 tests: fix check for cgroup v2
3e7fa1d linux: always remount bind mounts
78aeac9 linux: ignore unknown capabilities
f11d742 Add linuxdevicecgroup to maintain parity with runc spec
9aa382b cgroup: skip parsing empty file
d9c9fd0 container: initialize tmp_err
00371ae src: initialize statx struct
2e88d19 src: initialize first_arg
5e4efb7 seccomp: always NUL terminate lowercase_arch
7812572 tests: add test for seccomp listener
f80e98d init: add check for seccomp listener
5d9010b init: fix check for nargs
5a627f4 seccomp: support notify listener
c3361c1 status: use function to convert from yajl errors
873b62d container: use new error function for hooks JSON
14083ab error: new function to convert from yajl errors
6e19235 linux: pass own pid to container process
8fd3320 contrib: new tool to test seccomp notifications
8722858 crun: always use absolute path for the bundle
ae9ea92 container: improve OOM error message
919aac9 utils: receive fd detect closed connection
a52e480 cgroup: new function to detect OOM
2e37d2a sync-libocispec
75ad96b Let autogen.sh generate m4
14c260f libcrun_warn if newuidmap/newgidmap invoke fails
5598401 README.md: drop pids limit comparison
9ea6857 github: add fuzzing test
0fd03ba tests: add container image for fuzzing libcrun
bbd5c7d fuzzer: reap child processes
c7350ef tests: add more fuzzing tests
816f95b fuzzer: merge two tests
effa508 linux: cleanup zombie on errors
b32f1eb linux: release only on error
5ca72f5 status: attempt open again on interrupts
9b5d4c1 Added static analysis Adding clang compilation Fixing comparison of integers of different signs
3b199ef Update GNUmakefile
dcd1a34 linux: label the tmpfs for masked directories
edf7f15 seccomp: check if the action supports errnoRet
bc222b6 seccomp: fail if no default action specified
0c5b920 seccomp: honor default errno value
92c0afe yajl: support static link of containers/yajl
f3d920d src: fix unitialized variable
7d89a02 src: add error check
765971c status: fix memory leak on error
31274d8 utils: fix check for fd
62d1c4d tests: add test to feed honggfuzz
ab75091 ebpf: return the program instead of NULL
8b16552 src: check if seccomp is defined
f721efb container: fix error ownership
4472e35 container: allow config from memory
6b369b8 container: fix memory leak
0fede0f container: initialize variable
2b6c0b6 container: fix dereference of def->linux if NULL
1dd9b5b container: check for def->process before deref
1b1a691 fix: cross-compiling for Android
b25cb2d tests: add device access test
86251b0 ebpf: handle access(dev_name, F_OK) call correctly
e2d79dc fix: access violate if ret < -2
4f35406 cgroup: read controllers from /proc/self/cgroup
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
In the time between the k3s work starting and ending, meta-networking
picked up the support we need for ipset.
Now that the recipe is in a layer we already depend on, we don't need
our own copy.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
commit 1b83c21436b2 [openvswitch: Fix build with musl libc] mistakenly
copies common files and then clobbers the SRC_URI.
While we could drop the SRC_URI components from the .inc now that we
only have one active version in master (_git), we avoid that for now,
since it is possible that a LTS version will be introduced in future
cycles.
So to fix the oddity, we drop the common components from the _git
SRC_URI and append versus clobber.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
ERROR: dev86-0.16.21-r0 do_package_qa: QA Issue: File /usr/lib/bcc/unproto in package dev86 doesn't have GNU_HASH (didn't pass LDFLAGS?)
File /usr/lib/bcc/bcc-cpp in package dev86 doesn't have GNU_HASH (didn't pass LDFLAGS?)
File /usr/lib/bcc/copt in package dev86 doesn't have GNU_HASH (didn't pass LDFLAGS?)
File /usr/lib/bcc/bcc-cc1 in package dev86 doesn't have GNU_HASH (didn't pass LDFLAGS?)
File /usr/bin/ld86 in package dev86 doesn't have GNU_HASH (didn't pass LDFLAGS?)
File /usr/bin/ar86 in package dev86 doesn't have GNU_HASH (didn't pass LDFLAGS?)
File /usr/bin/size86 in package dev86 doesn't have GNU_HASH (didn't pass LDFLAGS?)
File /usr/bin/nm86 in package dev86 doesn't have GNU_HASH (didn't pass LDFLAGS?)
File /usr/bin/as86 in package dev86 doesn't have GNU_HASH (didn't pass LDFLAGS?)
File /usr/bin/objdump86 in package dev86 doesn't have GNU_HASH (didn't pass LDFLAGS?)
File /usr/bin/bcc in package dev86 doesn't have GNU_HASH (didn't pass LDFLAGS?) [ldflags]
ERROR: dev86-0.16.21-r0 do_package_qa: QA run found fatal errors. Please consider fixing them.
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
* don't use github archives
* upgrade to fix build with security-flags.inc enabled, fixed upstream in:
https://github.com/lkundrak/dev86/commit/537e806f8c62b26c5d5fa912f383f4a7d558574d
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
* git.ipxe.org is gone:
fatal: unable to access 'https://git.ipxe.org/ipxe.git/': Couldn't connect to server
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
calling bb.parse.SkipRecipe with conditional PNBLACKLISTs
* PNBLACKLISTs are IMHO a bit easier to read and easier to override from distro
which e.g. provides own recipe for libseccomp
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
* this depends on syslinux
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
meta-webserver
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
* copy the skip from podman recipe, because this packagegroup
depends on podman
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
* fixes world build:
ERROR: Nothing RPROVIDES 'k3s-server' (but meta-virtualization/recipes-core/packagegroups/packagegroup-kubernetes.bb RDEPENDS on or otherwise requires it)
k3s RPROVIDES k3s-server but was skipped: missing required distro feature 'seccomp' (not in DISTRO_FEATURES)
NOTE: Runtime target 'k3s-server' is unbuildable, removing...
Missing or unbuildable dependency chain was: ['k3s-server']
ERROR: Required build target 'meta-world-pkgdata' has no buildable providers.
Missing or unbuildable dependency chain was: ['meta-world-pkgdata', 'packagegroup-kubernetes', 'k3s-server']
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Currently boto3 can be built into an image but it won't work without
additional dependencies. First: botocore is needed at run-time, second:
there are other packages available in meta-python that need adding.
Signed-off-by: Bartosz Golaszewski <brgl@bgdev.pl>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Notable Changes:
1. progress module can now be turned on/off, using the
commands: ceph progress on and ceph progress off.
2. PG removal has been optimized in this release.
Signed-off-by: Zqiang <qiang.zhang@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Bump version to 0.14.
This upgrade is mainly to fix some BUG.
Signed-off-by: Zqiang <qiang.zhang@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
bumping runX to the 1.0 tag
- drop patches that are part of the release
- bump kernel to v5.4.104 to work with our gcc10
- tweak initrd install to use externally provided busybox
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
We aren't setup for go module builds, so we need to disable it
in the go-build recipe.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Moving off the 1.20.x-rc and onto a dot release tag. This pulls in
the following commits:
e87da0bd6e0 Release commit for Kubernetes v1.20.4
5682545c2da Update CHANGELOG/CHANGELOG-1.20.md for v1.20.3
f8f2fa827d3 Release commit for Kubernetes v1.20.4-rc.0
01849e73f3c Release commit for Kubernetes v1.20.3
58c5493f22a kube-cross: update image to use v1.15.8-legacy-1
e000e9722bb [go1.15] build: Update to k/repo-infra@v0.1.4 (supports go1.15.8)
3365196e9d8 Use go-runner:buster-v2.3.1 image (built on go1.15.8)
91f2745f08c staging/publishing: Set default go version to go1.15.8
3c777448311 Update to go1.15.8
b570189cf1f Revert "make hostPort match test linuxonly"
6698a4e7afc Revert "conformance changes"
6a31f8d17ef dockershim hostport respect IPFamily
a456eb4eaf6 dockershim hostport manager use HostIP
5d9910a0172 Cherry pick of #98254:Fix the kube-scheduler binary's description of the --config parameter is inaccurate
ac866d63911 make podTopologyHints protected by lock
b84ee98db74 kubelet: Fix mirrorPodTerminationMap leak
d381d6c52cc kubelet: Delete static pods gracefully
b2576fb35f7 kubelet logs print 'kubelet nodes sync' frequently
7826a1c6b87 WIP: node sync at least once
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Bumping the runc version to incorporate the following commits:
2ae56653 Move fuzzers upstream
053e15c0 tests/checkpoint: show full log lazy pages cpt
e618a6d5 curl: add --retry 5
4b98e4a7 MAINTAINERS: update Aleksa's email
8a3484b7 libcontainer/factory*: adjust the file mode
71ca6432 fix integration tests README.md
916654ff libcontainer: fix LinuxFactory comments
c3ffd2ef Do not convert blkio weight value using blkio->io conversion scheme
38b2dd39 runc exec: report possible OOM kill
5d0ffbf9 runc start/run: report OOM
7e137b90 libct/cg/fs2/hugetlb: use fscommon.GetValueByKey
9fa65f66 libct/cg/fscommon: add GetValueByKey
c54c3f85 libcontainer/notify_linux_v2: use fscommon.ReadFile
494f900e libct/cg/fscommon: rename/facelift GetCgroupParamKeyValue
1880d2fc libct/cg/fs/memory: handle EBUSY
27fd3fc3 libct/cg/fs: setMemoryAndSwap: refactor
3cced523 libct/cg/fs/memory: optimize Set
65c2d3c2 tests/int/update: add test case for PR #592
53d3b552 Update README.md for libcontainer
6c5ed0db Fix memory stats for cache in fs2
af521ed5 libct/cgroups/systemd: don't set limits in Apply
fa52df94 libcontainer: fix the file mode of the device
d0cbef57 Makefile: rm go 1.13 workaround
4019f08d make validate: rm go vet
f9c21133 make lint: use golangci-lint
671bb978 Makefile: remove ci target
95940855 script/validate-gofmt: rm
91f0ae18 ci/gha: bump go 1.16-rc1 -> 1.16.x
5b14a261 README: add gha badges
f3f563bc apparmor: try attr/apparmor/exec before attr/exec
41670e21 tests/int: rework/simplify setup and teardown
d73b4443 ci: enable -race from matrix
b7744547 libct/int: fix a data race
c34a9b10 tests/int/hooks.bats: don't use DEBIAN_BUNDLE
e40a369e tests/int/list.bats: don't use $BUSYBOX_BUNDLE
985546b4 tests/int: BATS_TMPDIR -> BATS_RUN_TMPDIR
85d5fea4 tests/int: stop reusing HELLO_BUNDLE for alt root
76532fac tests/int/events: rm unneeded eval
49766140 tests/int: use wait_for_container where appropriate
4d6ffa39 tests/int/helpers: reimplement wait_for_container
e7052dcd tests/int/spec.bats: don't use HELLO_BUNDLE
0cfc2e32 tests/int: rm teardown_running_container_inroot
78f0e4b2 tests/int: rm wait_for_container_inroot
64d5702f tests/int: don't depend on BUSYBOX_BUNDLE var
efb8552b tests/int: add device access test
81707abd ebpf: fix device access check
c3428722 libct/config: fix a data race
51ec5db1 ci: add i386 unit test run
b142a70e libct/seccomp/patchpbf/test: fix for 32-bit
2831fb55 cgroup2: devices: handle eBPF skipping more correctly
d1007b08 cgroupv1 freezer: thaw to increase freeze chances
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
If the required modules aren't in the image, k3s will fail to start.
Set the requirements as RRECOMMENDS for image types that don't install
the kernel-modules meta-package.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
We build and depend on our own containerd, we don't need the ctr
symlink to k3s for proper operation.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
To more closely align with the rancher/upstream build, we add
additional tags to the build. To make them easier to manage, we
also introduce a variable and use it in the go build line.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
k3s requires seccomp, and a runc with seccomp enabled for proper
operation. runc has a distro feature check to enable seccomp, so
if we enforce it as k3s feature, we'll also get a properly built
runc and we'll work out of the box.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Bumping the runc version to incorporate the following commits:
2ae56653 Move fuzzers upstream
053e15c0 tests/checkpoint: show full log lazy pages cpt
e618a6d5 curl: add --retry 5
4b98e4a7 MAINTAINERS: update Aleksa's email
8a3484b7 libcontainer/factory*: adjust the file mode
71ca6432 fix integration tests README.md
916654ff libcontainer: fix LinuxFactory comments
c3ffd2ef Do not convert blkio weight value using blkio->io conversion scheme
38b2dd39 runc exec: report possible OOM kill
5d0ffbf9 runc start/run: report OOM
7e137b90 libct/cg/fs2/hugetlb: use fscommon.GetValueByKey
9fa65f66 libct/cg/fscommon: add GetValueByKey
c54c3f85 libcontainer/notify_linux_v2: use fscommon.ReadFile
494f900e libct/cg/fscommon: rename/facelift GetCgroupParamKeyValue
1880d2fc libct/cg/fs/memory: handle EBUSY
27fd3fc3 libct/cg/fs: setMemoryAndSwap: refactor
3cced523 libct/cg/fs/memory: optimize Set
65c2d3c2 tests/int/update: add test case for PR #592
53d3b552 Update README.md for libcontainer
6c5ed0db Fix memory stats for cache in fs2
af521ed5 libct/cgroups/systemd: don't set limits in Apply
fa52df94 libcontainer: fix the file mode of the device
d0cbef57 Makefile: rm go 1.13 workaround
4019f08d make validate: rm go vet
f9c21133 make lint: use golangci-lint
671bb978 Makefile: remove ci target
95940855 script/validate-gofmt: rm
91f0ae18 ci/gha: bump go 1.16-rc1 -> 1.16.x
5b14a261 README: add gha badges
f3f563bc apparmor: try attr/apparmor/exec before attr/exec
41670e21 tests/int: rework/simplify setup and teardown
d73b4443 ci: enable -race from matrix
b7744547 libct/int: fix a data race
c34a9b10 tests/int/hooks.bats: don't use DEBIAN_BUNDLE
e40a369e tests/int/list.bats: don't use $BUSYBOX_BUNDLE
985546b4 tests/int: BATS_TMPDIR -> BATS_RUN_TMPDIR
85d5fea4 tests/int: stop reusing HELLO_BUNDLE for alt root
76532fac tests/int/events: rm unneeded eval
49766140 tests/int: use wait_for_container where appropriate
4d6ffa39 tests/int/helpers: reimplement wait_for_container
e7052dcd tests/int/spec.bats: don't use HELLO_BUNDLE
0cfc2e32 tests/int: rm teardown_running_container_inroot
78f0e4b2 tests/int: rm wait_for_container_inroot
64d5702f tests/int: don't depend on BUSYBOX_BUNDLE var
efb8552b tests/int: add device access test
81707abd ebpf: fix device access check
c3428722 libct/config: fix a data race
51ec5db1 ci: add i386 unit test run
b142a70e libct/seccomp/patchpbf/test: fix for 32-bit
2831fb55 cgroup2: devices: handle eBPF skipping more correctly
d1007b08 cgroupv1 freezer: thaw to increase freeze chances
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
runc can be built with both selinux and seccomp tags. These tags
are a requirement for proper operation with some frameworks (like
k3s).
So we add checks for the appropriate distro features and then
automatically add them to the build tags, allowing us a coordinated
enabling of the functionality.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Fixing up the PV to use SRCPV for tracking future version bumps, if
the tree is dirty or not, git will tell us.
We also add some additional kernel module rrecommends, so that the
tools called by k3s can find the support they need (mainly iptools)
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
To make it easier to build container host or k*s host images (as
well as guests), we start to add some packagegroups that wrap the
required elements.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Clarify some limitations / tweaks to get up and running in a
qemu virtual machine.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Many of the CNI plugins require authenticated connections, as such
they are looking for elements of ca-certificates.
CNI isn't small, so we add this as a general rdepends. If we need to
slim things down in the future, we can split the CNI into specific
implementations and add the dependency to those packages.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
The docker split/requirement on their forked version of runc is
not relevant any more. While we keep the docker-runc around, we
should prefer the opencontainers variant, since that is where
development happens.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
containerd is rarely used without runc, so we add the runtime dependency
to make installation and image construction easier.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
We already have docker and some other fragments that are relevant to
k3s/k8s, but the addition of ipset as a depends for k3s highlights
that we should have a reference configuration that sets all the options
for proper opration and runtime dependencies.
When k8s or k3s are distro features, we'll apply the new fragment to
any kernel that supports fragments (and matches the supported
versions).
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Grab any remaning binaries into the main k3s package. Both k3s-agent
and k3s-server rdepend on it, so we'll be sure to get them intalled
in both scenarios.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
containerd itself provides 'ctr', and it is in our rdepends. So on
target, we have a conflict for the provider of the ctr binary.
Dropping the ctr link from k3s, since having the actual containerd
package provide its binary .. makes sense.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
See recipes-containers/k3s/README.md for basic usage and testing
instructions.
Signed-off-by: Joakim Roubert <joakimr@axis.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|