Hello community, here is the log from the commit of package cri-o for openSUSE:Factory checked in at 2019-07-15 22:43:26 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/cri-o (Old) and /work/SRC/openSUSE:Factory/.cri-o.new.1887 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "cri-o" Mon Jul 15 22:43:26 2019 rev:31 rq:713498 version:1.15.0 Changes: -------- --- /work/SRC/openSUSE:Factory/cri-o/cri-o.changes 2019-06-12 13:04:18.669233704 +0200 +++ /work/SRC/openSUSE:Factory/.cri-o.new.1887/cri-o.changes 2019-07-15 22:43:28.503909997 +0200 @@ -1,0 +2,283 @@ +Wed Jul 3 09:40:18 UTC 2019 - Sascha Grunert <sgrunert@suse.com> + +- Update CRI-O to v1.15.0: + * update readme for currently supported branches + * Update deps for k8s 1.15.0 + * Remove invalid unit test + * Remove unnecessary indirect dependency gopopulate + * go.mod: drop github.com/containerd/cgroups + * cgroups: use libpod/pkg/cgroups + * go.mod: update libpod and godbus/dbus + * Move the creation of sourceCtx in Server.PullImage out of the loop + * Remove the imageAuthFile parameter to RuntimeServer.CreateContainer + * Set SystemContext.AuthFilePath in global Server.systemContext + * Set SystemContext.DockerRegistryUserAgent in global Server.systemContext + * Base copy.Options.{Source,Destination}Ctx both on the input systemContext + * Expect a non-nil copy.Options in ImageServer.PullImage + * Use a types.SystemContext instead of copy.Options in PrepareImage + * Use an explicit DockerInsecureSkipTLSVerify = types.OptionalBoolTrue + * Split imageService.remoteImageReference from prepareReference + * Simplify the handling of PullImageRequest.auth + * Build copy.Options.SourceCtx from Server.systemContext + * Add a buildImageResult helper to avoid duplicating the code + * Call buildImageCacheItem in ImageStatus + * Don't redundantly look up an already available store.Image + * Don't use path.join for docker references + * Remove redundant manifest parsing to get config digest + * Remove redundant calls to types.ImageSource.Size + * When looking up a local image by transport:name reference, use the tag/digest as well + * Use reference.Named.String() instead of open-coding it + * Use reference.ParseNormalizedNamed for parsing storage.Image.Names + * Don't modify the caller-provided SystemContext in server.New + * Remove `seccomp.json` and fallback to internal defaults + * Fix mockGetRef, and deal with all of the fallout + * Return mockSequence from mockListImage and mockLoop, use global inOrder everywhere + * Remove ImageServer.RemoveImage + * Rename mockToCreate to mockCreateContainerOrPodSandboxImageExists + * Add mockStorageImageSourceGetSize and mockNewImage + * Don't split the first gomock expecation into a BeforeEach + * Add mockGetStoreImage and mockResolveImage + * Add a shared mockParseStoreReference + * Add mockStorageReferenceStringWithinTransport and use it instead of open-coded sequences + * Add an inOrder helper + * Create a separate MockController for every test + * Remove duplicate Dockerfile's + * Discover runtimePath from $PATH environment + * Use GlobalAuthFile, incl. for the pause image if PauseImageAuthFile is not set + * Don't discard copy.Options.SourceCtx when credentials are provided + * Don't set non-default copy.Options in imageService.PullImage if it is nil + * Remove the *copy.Options parameter to RuntimeService.Create{PodSandbox,Container} + * Add global_auth_file option to crio.image config + * Remove the types.SystemContext parameter where no longer necessary + * Don't read registries.conf for the defaults of --registry and --insecure-registry + * Add state of infracontainer to disk when stopped + * Use repository logo instead of rawgit + * Exclude 'vendor' for git-validation checks + * Bump up minMemoryLimit to 12Mb + * enable inline exec and attach test + * Mark file_locking deprecated + * Disable file locking by default + * Add release bundle target + * Update dependency containerd/cgroups + * crio-wipe: fix readme nits + * conmon: force unlink attach socket + * Add junit test files to .gitignore + * Use *config.Config within OCI runtime + * Move lib.Config to a dedicated package + * Refactor sandbox and container name reservation + * Update dependencies + * Remove travis in favor of CircleCI + * Vendor Kubernetes v1.15.0 + * Fix e2e_features_* selinux denials + * add vrothberg to OWNERS file + * Add documentation about the HTTP API + * Default to runc is default_runtime is not set + * Set default run root if not specified + * Fix redundant if in lib/rename.go + * Add codecov upload step to CircleCI config + * Add flake attempts to critest integration testing + * Add CircleCI badge + * Add live reload feature to pause configuration + * Update dependencies + * Rebase containers/image to 2.0.0, buildah to 1.8.4, libpod to 1.4.1 + * Fix Vagrantfile vendor inconsistency + * version: if git commit is empty, silently ignore + * Use the official nix package for building static binaries + * Add status related server unit tests + * Create network directory if it doesn't exist + * Small stderr fixes in crio-wipe + * Add crio-wipe + * Add version file functionality + * Enable ppc64le Travis CI + * Fix mentioned distributions in README.md + * crictl.md: Fix a typo + * Vendor Kubernetes 1.15.0-rc.1 + * Update golangci-lint to v1.17.1 + * README.md: Fix a typo + * Fix missing images names on list + * Update dependencies + * Update setup.md + * Refactor sandbox cgroup annotation + * Fix gomega matcher syntax + * Fix mentioned distributions within the setup tutorial + * Go mod tidy + * Add bandwidth limiting support + * Switch to 'stable status' badge + * Cleanup README.md + * Vendor Kubernetes v1.15.0-beta.1 + * Close temporary image in PullImage + * Add live reload integration tests and /config endpoint + * Fix errcheck lint for network namespace creation + * remove PluginDir from config if it existed + * Change plugin_dir to plugin_dirs + * Update dependencies + * Bump github.com/containernetworking/plugins from 0.7.5 to 0.8.0 + * Enable errcheck lint and fixup error paths + * Add critest to integration test suite + * Update Dockerfile CNI plugins to v0.8.0 + * Update contrib systemd unit files to match project name + * Fix runtime panic when having concurrent writes to runtime impl map + * Fix build issues on 32-bit architectures + * tests: added log max test to ctr.bats and command.bats + * Update device cgroup permissions for configured devices. + * Revert old fix + * test: set container runtime to remote for e2e and fixup crio.conf + * server: do not add default /sys if bind mounted + * skip runtimes handler test until we can get a better solution + * Fix possible runtime panic on store shutdown + * Update Makefile to be usable without git + * Ensure the test suite configures config directories. + * Update depedencies + * Add predefined build tags to .golangci.yml + * Add container server unit tests + * README.md: fix a typo + * conmon: support OOM monitor under cgroup v2 + * Fix logging to journal + * refresh apt before installation + * Bump github.com/containers/libpod from 1.2.0 to 1.3.1 + * docs/crio.conf.5: Add "have" to "higher precedence" typo + * Update scripts to find correct bash path + * Fix links in tutorials/setup.md + * Improve CI speed + * Remove redundant source remove + * setup: fix broken link + * readme: Remove timeout from kube documentation + * Remove terminal watch after success + * Vendor Kubernetes v1.15.0-beta.0 + * Cleanup SystemContext usage + * Bump github.com/golang/mock from 1.3.0 to 1.3.1 + * Bump github.com/containers/storage from 1.12.6 to 1.12.7 + * Bump github.com/docker/go-units from 0.3.3 to 0.4.0 + * Remove debug output from integration tests + * sandbox_run: Log a warning if we can't find a slice + * test: Add test for conmon cgroups + * readme: Remove roadmap + * Add config validation for conmon cgroup + * Add CLI flag for --conmon-cgroup + * Add config to run conmon under a custom cgroup slice + * Add gocritic paramTypeCombine linter and fixes + * Add awesome CRI-O list + * Add config live reload feature + * Update unit test target to not run `mockgen` + * Add gocritic builtinShadow linter and fixes + * Fix sandbox tests + * conmon: detect cgroup2 and skip OOM handling + * conmon: properly set conmon logs + * Update test suites + * Add gocritic importShadow linter and fixes + * Add server sandbox unit tests + * Add gocritic wrapperFunc linter and fixes + * Add gocritic unnamedResult linter and fix issues + * Add gocritic sloppyReassign linter and fixes + * Add gocritic appendCombine linter and fixes + * Add gocritic appendAssign linter and fixes + * Add fossa badge + * Add nakedret linter and related fixes + * Bump github.com/go-zoo/bone from 0.0.0 to 1.3.0 + * Improve error handling for crio main.go + * Bump github.com/containernetworking/cni from 0.7.0-rc2 to 0.7.0 + * Bump github.com/kr/pty from 1.1.1 to 1.1.4 + * Bump github.com/opencontainers/runc from 1.0.0-rc7 to 1.0.0-rc8 + * Bump github.com/opencontainers/selinux from 1.2.1 to 1.2.2 + * Bump google.golang.org/grpc from 1.20.0 to 1.20.1 + * Bump github.com/Microsoft/go-winio from 0.4.11 to 0.4.12 + * Bump golang.org/x/text from 0.3.1 to 0.3.2 + * Bump github.com/golang/mock from 1.2.0 to 1.3.0 + * Bump github.com/containers/storage from 1.12.4 to 1.12.6 + * Bump github.com/opencontainers/runtime-spec from 1.0.0 to 1.0.1 + * Add useragent unit tests + * Add username and homedir to generated password + * conmon: fix cross-compilation + * Fix kubernetes import paths for cri-api + * fixes make fmt/spacing issue + * fixes assumption that socklen_t is always an unsigned long + * Fix logic of server.restore() + * Update CNI plugin test dependency to v0.7.5 + * Update runc test dependency to v1.0.0-rc8 + * Add server image unit tests ++++ 86 more lines (skipped) ++++ between /work/SRC/openSUSE:Factory/cri-o/cri-o.changes ++++ and /work/SRC/openSUSE:Factory/.cri-o.new.1887/cri-o.changes Old: ---- cri-o-1.14.1.tar.xz registry-mirror.patch New: ---- cri-o-1.15.0.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ cri-o.spec ++++++ --- /var/tmp/diff_new_pack.o9Dbk5/_old 2019-07-15 22:43:29.235909823 +0200 +++ /var/tmp/diff_new_pack.o9Dbk5/_new 2019-07-15 22:43:29.243909821 +0200 @@ -27,7 +27,7 @@ %define name_source2 sysconfig.crio %define name_source3 crio.conf Name: cri-o -Version: 1.14.1 +Version: 1.15.0 Release: 0 Summary: OCI-based implementation of Kubernetes Container Runtime Interface License: Apache-2.0 @@ -40,13 +40,10 @@ Source3: %{name_source3} Source4: cri-o-rpmlintrc Source5: kubelet.env -Patch0: registry-mirror.patch BuildRequires: device-mapper-devel BuildRequires: fdupes -BuildRequires: git-core BuildRequires: glib2-devel-static BuildRequires: glibc-devel-static -BuildRequires: go-go-md2man BuildRequires: golang-packaging BuildRequires: libapparmor-devel BuildRequires: libassuan-devel @@ -54,7 +51,7 @@ BuildRequires: libgpgme-devel BuildRequires: libseccomp-devel BuildRequires: golang(API) >= 1.12 -Requires: apparmor-parser +Requires: patterns-base-apparmor Requires: conntrack-tools Requires: cni Requires: cni-plugins @@ -90,7 +87,6 @@ %prep %setup -q -%patch0 -p1 %build # We can't use symlinks here because go-list gets confused by symlinks, so we @@ -101,32 +97,8 @@ cp -avr * $HOME/go/src/%{project} cd $HOME/go/src/%{project} -export BUILDTAGS="seccomp apparmor containers_image_ostree_stub" - # Build crio -go build -tags "$BUILDTAGS" \ - -o bin/crio \ - -buildmode=pie \ - %{project}/cmd/crio - -# Build conmon -make bin/conmon - -# Build pause -make bin/pause - -# Build manpages -make %{?_smp_mflags} docs - -%check -cd $HOME/go/src/%{project} -export GOPATH=$HOME/go -export BUILDTAGS="seccomp apparmor containers_image_ostree_stub" - -PKG_LIST=$(go list -tags "${BUILDTAGS}" ./... | \ - grep -v %{project}/vendor} | \ - grep -v %{project}/server) -go test -buildmode=pie -tags "$BUILDTAGS" $PKG_LIST +make %pre %service_add_pre %{name_source1} @@ -161,7 +133,6 @@ install -m 0644 docs/crio.8 %{buildroot}/%{_mandir}/man8 # Configs install -D -m 0644 %{SOURCE3} %{buildroot}/%{_sysconfdir}/crio/%{name_source3} -install -D -m 0644 seccomp.json %{buildroot}/%{_sysconfdir}/crio/seccomp.json install -D -m 0644 crio-umount.conf %{buildroot}/%{_datadir}/oci-umount/oci-umount.d/cri-umount.conf install -D -m 0644 %{SOURCE2} %{buildroot}%{_fillupdir}/%{name_source2} # Systemd @@ -189,7 +160,6 @@ # Configs %dir %{_sysconfdir}/crio %config(noreplace) %{_sysconfdir}/crio/%{name_source3} -%config %{_sysconfdir}/crio/seccomp.json %dir %{_datadir}/oci-umount %dir %{_datadir}/oci-umount/oci-umount.d %{_datadir}/oci-umount/oci-umount.d/cri-umount.conf ++++++ _service ++++++ --- /var/tmp/diff_new_pack.o9Dbk5/_old 2019-07-15 22:43:29.295909808 +0200 +++ /var/tmp/diff_new_pack.o9Dbk5/_new 2019-07-15 22:43:29.295909808 +0200 @@ -2,8 +2,8 @@ <service name="tar_scm" mode="disabled"> <param name="url">https://github.com/cri-o/cri-o</param> <param name="scm">git</param> -<param name="versionformat">1.14.1</param> -<param name="revision">v1.14.1</param> +<param name="versionformat">1.15.0</param> +<param name="revision">v1.15.0</param> </service> <service name="recompress" mode="disabled"> <param name="file">cri-o-*.tar</param> ++++++ cri-o-1.14.1.tar.xz -> cri-o-1.15.0.tar.xz ++++++ /work/SRC/openSUSE:Factory/cri-o/cri-o-1.14.1.tar.xz /work/SRC/openSUSE:Factory/.cri-o.new.1887/cri-o-1.15.0.tar.xz differ: char 25, line 1 ++++++ crio.conf ++++++ --- /var/tmp/diff_new_pack.o9Dbk5/_old 2019-07-15 22:43:29.351909795 +0200 +++ /var/tmp/diff_new_pack.o9Dbk5/_new 2019-07-15 22:43:29.355909794 +0200 @@ -5,6 +5,11 @@ # # Please refer to crio.conf(5) for details of all configuration options. +# CRI-O supports partial configuration reload during runtime, which can be +# done by sending SIGHUP to the running process. Currently supported options +# are explicitly mentioned with: 'This option supports live configuration +# reload'. + # CRI-O reads its storage defaults from the containers-storage.conf(5) file # located at /etc/containers/storage.conf. Modify this storage configuration if # you want to change the system's defaults. If you want to modify storage just @@ -28,9 +33,11 @@ #] # If set to false, in-memory locking will be used instead of file-based locking. -file_locking = true +# **Deprecated** this option will be removed in the future. +file_locking = false # Path to the lock file. +# **Deprecated** this option will be removed in the future. file_locking_path = "/run/crio.lock" @@ -63,6 +70,12 @@ # automatically pick up the changes within 5 minutes. stream_tls_ca = "" +# Maximum grpc send message size in bytes. If not set or <=0, then CRI-O will default to 16 * 1024 * 1024. +grpc_max_send_msg_size = 16777216 + +# Maximum grpc receive message size. If not set or <= 0, then CRI-O will default to 16 * 1024 * 1024. +grpc_max_recv_msg_size = 16777216 + # The crio.runtime table contains settings pertaining to the OCI runtime used # and options for how to set up and manage the OCI runtime. [crio.runtime] @@ -83,6 +96,8 @@ # Path to the conmon binary, used for monitoring the OCI runtime. conmon = "/usr/lib/crio/bin/conmon" +# Cgroup setting for conmon +conmon_cgroup = "pod" # Environment variable list for the conmon process, used for passing necessary # environment variables to conmon or the runtime. @@ -94,12 +109,13 @@ selinux = false # Path to the seccomp.json profile which is used as the default seccomp profile -# for the runtime. -seccomp_profile = "/etc/crio/seccomp.json" +# for the runtime. If not specified, then the internal default seccomp profile +# will be used. +seccomp_profile = "" # Used to change the name of the default AppArmor profile of CRI-O. The default # profile name is "crio-default-" followed by the version string of CRI-O. -# apparmor_profile = "crio-default" +apparmor_profile = "crio-default-1.15.0" # Cgroup management implementation used for the runtime. cgroup_manager = "cgroupfs" @@ -167,6 +183,9 @@ # limit is never exceeded. log_size_max = -1 +# Whether container output should be logged to journald in addition to the kuberentes log file +log_to_journald = false + # Path to directory in which container exit files are written to by conmon. container_exits_dir = "/var/run/crio/exits" @@ -177,9 +196,13 @@ read_only = false # Changes the verbosity of the logs based on the level it is set to. Options -# are fatal, panic, error, warn, info, and debug. +# are fatal, panic, error, warn, info, and debug. This option supports live +# configuration reload. log_level = "error" +# The default log directory where all logs will go unless directly specified by the kubelet +log_dir = "/var/log/crio/pods" + # The UID mappings for the user namespace of each container. A range is # specified in the form containerUID:HostUID:Size. Multiple ranges must be # separated by comma. @@ -194,21 +217,26 @@ # regarding the proper termination of the container. ctr_stop_timeout = 0 +# ManageNetworkNSLifecycle determines whether we pin and remove network namespace +# and manage its lifecycle. +manage_network_ns_lifecycle = false + # The "crio.runtime.runtimes" table defines a list of OCI compatible runtimes. # The runtime to use is picked based on the runtime_handler provided by the CRI. # If no runtime_handler is provided, the runtime will be picked based on the level # of trust of the workload. [crio.runtime.runtimes.runc] -runtime_path = "/usr/sbin/runc" - +runtime_path = "" +runtime_type = "oci" +runtime_root = "/run/runc" # The crio.image table contains settings pertaining to the management of OCI images. # # CRI-O reads its configured registries defaults from the system wide # containers-registries.conf(5) located in /etc/containers/registries.conf. If -# you want to modify just CRI-O, you can change the registies configuration in +# you want to modify just CRI-O, you can change the registries configuration in # this file. Otherwise, leave insecure_registries and registries commented out to # use the system's defaults from /etc/containers/registries.conf. [crio.image] @@ -216,10 +244,21 @@ # Default transport for pulling images from a remote container storage. default_transport = "docker://" +# The path to a file containing credentials necessary for pulling images from +# secure registries. The file is similar to that of /var/lib/kubelet/config.json +global_auth_file = "" + # The image used to instantiate infra containers. +# This option supports live configuration reload. pause_image = "k8s.gcr.io/pause:3.1" +# The path to a file containing credentials specific for pulling the pause_image from +# above. The file is similar to that of /var/lib/kubelet/config.json +# This option supports live configuration reload. +pause_image_auth_file = "" + # The command to run to have a container stay in the paused state. +# This option supports live configuration reload. pause_command = "/pause" # Path to the file which decides what sort of policy we use when deciding @@ -239,8 +278,7 @@ # registries (e.g., "quay.io", "registry.fedoraproject.org", # "registry.opensuse.org", etc.). #registries = [ -# "docker.io", -#] +# ] # The crio.network table containers settings pertaining to the management of @@ -250,5 +288,8 @@ # Path to the directory where CNI configuration files are located. network_dir = "/etc/cni/net.d/" -# Path to directory where CNI plugin binaries are located. -plugin_dir = ["/usr/lib/cni", "/opt/cni/bin"] +# Paths to directories where CNI plugin binaries are located. +plugin_dirs = [ + "/opt/cni/bin/", + "/usr/lib/cni/", +]