commit cri-o for openSUSE:Factory

11 Sep 2019

Hello community,

here is the log from the commit of package cri-o for openSUSE:Factory checked in at 2019-09-11 10:23:19
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/cri-o (Old)
 and      /work/SRC/openSUSE:Factory/.cri-o.new.7948 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "cri-o"

Wed Sep 11 10:23:19 2019 rev:35 rq:728727 version:1.15.1

Changes:
--------

--- /work/SRC/openSUSE:Factory/cri-o/cri-o.changes	2019-09-02 13:22:29.557344697 +0200
+++ /work/SRC/openSUSE:Factory/.cri-o.new.7948/cri-o.changes	2019-09-11 10:23:22.283488591 +0200
@@ -1,0 +2,20 @@
+Thu Sep  5 15:01:52 UTC 2019 - Marco Vedovati 
+
+- Add katacontainers as a recommended package, and include it as an
+  additional OCI runtime in the configuration.
+- Document the format of the [crio.runtime.runtimes] table entries,
+  and remove clutter from the current runc entry.
+
+-------------------------------------------------------------------
+Thu Sep  5 07:35:05 UTC 2019 - Sascha Grunert 
+
+- Update to v1.15.1:
+  * Bump container storage to v1.12.6
+  * Allow building with go1.10
+  * Allow default IP route to not be present
+  * Update libpod to the latest version
+  * Require crio-wipe for crio service file
+  * Disable crio-wipe in systemd by default
+  * Change default apparmor profile to actually contain the version
+
+-------------------------------------------------------------------

Old:
----
  cri-o-1.15.0.tar.xz

New:
----
  cri-o-1.15.1.tar.xz

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ cri-o.spec ++++++
--- /var/tmp/diff_new_pack.oPGD5k/_old	2019-09-11 10:23:23.015488500 +0200
+++ /var/tmp/diff_new_pack.oPGD5k/_new	2019-09-11 10:23:23.015488500 +0200
@@ -27,7 +27,7 @@
 %define	name_source2 sysconfig.crio
 %define	name_source3 crio.conf
 Name:           cri-o
-Version:        1.15.0
+Version:        1.15.1
 Release:        0
 Summary:        OCI-based implementation of Kubernetes Container Runtime Interface
 License:        Apache-2.0
@@ -62,6 +62,7 @@
 Requires:       libcontainers-storage
 Requires:       runc >= 1.0.0~rc6
 Requires:       socat
+Recommends:     katacontainers
 # Provide generic cri-runtime dependency (needed by kubernetes)
 Provides:       cri-runtime
 # disable stripping of binaries

++++++ _service ++++++
--- /var/tmp/diff_new_pack.oPGD5k/_old	2019-09-11 10:23:23.047488496 +0200
+++ /var/tmp/diff_new_pack.oPGD5k/_new	2019-09-11 10:23:23.047488496 +0200
@@ -2,8 +2,8 @@
 <service name="tar_scm" mode="disabled">
 <param name="url">https://github.com/cri-o/cri-o</param>
 <param name="scm">git</param>
-<param name="versionformat">1.15.0</param>
-<param name="revision">v1.15.0</param>
+<param name="versionformat">1.15.1</param>
+<param name="revision">v1.15.1</param>
 </service>
 <service name="recompress" mode="disabled">
 <param name="file">cri-o-*.tar</param>

++++++ cri-o-1.15.0.tar.xz -> cri-o-1.15.1.tar.xz ++++++
/work/SRC/openSUSE:Factory/cri-o/cri-o-1.15.0.tar.xz /work/SRC/openSUSE:Factory/.cri-o.new.7948/cri-o-1.15.1.tar.xz differ: char 26, line 1

++++++ crio.conf ++++++
--- /var/tmp/diff_new_pack.oPGD5k/_old	2019-09-11 10:23:23.095488491 +0200
+++ /var/tmp/diff_new_pack.oPGD5k/_new	2019-09-11 10:23:23.099488491 +0200
@@ -115,7 +115,7 @@
 
 # Used to change the name of the default AppArmor profile of CRI-O. The default
 # profile name is "crio-default-" followed by the version string of CRI-O.
-apparmor_profile = "crio-default-1.15.0"
+apparmor_profile = "crio-default-1.15.1"
 
 # Cgroup management implementation used for the runtime.
 cgroup_manager = "cgroupfs"
@@ -225,12 +225,38 @@
 # The runtime to use is picked based on the runtime_handler provided by the CRI.
 # If no runtime_handler is provided, the runtime will be picked based on the level
 # of trust of the workload.
+# Each entry in the table should follow this format:
+#
+#[crio.runtime.runtimes.runtime-handler]
+#  runtime_path = "/path/to/the/runtime/handler/executable"
+#  runtime_type = "oci"
+#  runtime_root = "/path/to/the/runtime/root"
+# 
+# Where:
+# - runtime-handler: name used to identify the runtime
+# - runtime_path (optional, string): absolute path to the runtime executable in 
+#   the host filesystem. If omitted, the runtime-handler identifier should match
+#   the runtime executable name, and the runtime executable should be placed 
+#   in $PATH.
+# - runtime_type (optional, string): type of runtime, one of: "oci", "vm". If 
+#   omitted, an "oci" runtime is assumed.
+# - runtime_root (optional, string): root directory for storage of containers 
+#   state.
 
 [crio.runtime.runtimes.runc]
-runtime_path = ""
-runtime_type = "oci"
-runtime_root = "/run/runc"
 
+# Kata Containers is an OCI runtime, where containers are run inside lightweight 
+# VMs. Kata provides additional isolation towards the host, minimizing the host attack 
+# surface and mitigating the consequences of containers breakout.
+
+# Kata Containers with the default configured VMM
+#[crio.runtime.runtimes.kata-runtime]
+
+# Kata Containers with the QEMU VMM
+#[crio.runtime.runtimes.kata-qemu]
+
+# Kata Containers with the Firecracker VMM
+#[crio.runtime.runtimes.kata-fc]
 
 # The crio.image table contains settings pertaining to the management of OCI images.
 #

    