Mailinglist Archive: opensuse-kubic (54 mails)

< Previous Next >
[opensuse-kubic] New MicroOS snapshot 20201002 released!
  • From: Richard Brown <rbrown@xxxxxxx>
  • Date: Sat, 03 Oct 2020 22:05:21 +0000
  • Message-id: <160176272124.19432.2621853886396758480@go-agent-stagingbot-5>

Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.

Please check the known defects of this snapshot before upgrading:

Please do not reply to this email to report issues, rather file a bug on
For more information on filing bugs please see
Packages changed:
podman (2.0.6 -> 2.1.1)
systemd (246.4 -> 246.6)
wicked (0.6.63 -> 0.6.64)

=== Details ===

==== busybox-links ====
Subpackages: busybox-coreutils busybox-gawk busybox-grep busybox-gzip
busybox-psmisc busybox-xz

- Don't fail if rpm will not be build

==== ima-evm-utils ====
Subpackages: evmctl libimaevm2

- Fix missing new line in help

==== podman ====
Version update (2.0.6 -> 2.1.1)
Subpackages: podman-cni-config

- Added patch varlink.patch to disable needless varlink code
generation. This would cause compile failures in OBS.
- Cleanup %build section a bit and no longer build in GOPATH.
This shouldn't be needed anymore.
- Path BUILDFLAGS via enviroment variable to allow it being
appended to the corresponding Makefile variable instead of
completely overriding it.
- Install new auto-update system units
- Update to v2.1.1:
* Changes
- The `podman info` command now includes the cgroup manager
Podman is using.
- The REST API now includes a Server header in all responses.
- Fixed a bug where the Libpod and Compat Attach endpoints
could terminate early, before sending all output from the
- Fixed a bug where the Compat Create endpoint for containers
did not properly handle the Interactive parameter.
- Fixed a bug where the Compat Kill endpoint for containers
could continue to run after a fatal error.
- Fixed a bug where the Limit parameter of the Compat List
endpoint for Containers did not properly handle a limit of 0
(returning nothing, instead of all containers) [#7722].
- The Libpod Stats endpoint for containers is being deprecated
and will be replaced by a similar endpoint with additional
features in a future release.
- Changes in v2.1.0
* Features
- A new command, `podman image mount`, has been added. This
allows for an image to be mounted, read-only, to inspect its
contents without creating a container from it [#1433].
- The `podman save` and `podman load` commands can now create
and load archives containing multiple images [#2669].
- Rootless Podman now supports all `podman network` commands,
and rootless containers can now be joined to networks.
- The performance of `podman build` on `ADD` and `COPY`
instructions has been greatly improved, especially when a
`.dockerignore` is present.
- The `podman run` and `podman create` commands now support a
new mode for the `--cgroups` option, `--cgroups=split`.
Podman will create two cgroups under the cgroup it was
launched in, one for the container and one for Conmon. This
mode is useful for running Podman in a systemd unit, as it
ensures that all processes are retained in systemd's cgroup
hierarchy [#6400].
- The `podman run` and `podman create` commands can now specify
options to slirp4netns by using the `--network` option as
follows: `--net slirp4netns:opt1,opt2`. This allows for,
among other things, switching the port forwarder used by
slirp4netns away from rootlessport.
- The `podman ps` command now features a new option,
`--storage`, to show containers from Buildah, CRI-O and other
- The `podman run` and `podman create` commands now feature a
`--sdnotify` option to control the behavior of systemd's
sdnotify with containers, enabling improved support for
Podman in `Type=notify` units.
- The `podman run` command now features a `--preserve-fds`
opton to pass file descriptors from the host into the
container [#6458].
- The `podman run` and `podman create` commands can now create
overlay volume mounts, by adding the `:O` option to a bind
mount (e.g. `-v /test:/test:O`). Overlay volume mounts will
mount a directory into a container from the host and allow
changes to it, but not write those changes back to the
directory on the host.
- The `podman play kube` command now supports the Socket
HostPath type [#7112].
- The `podman play kube` command now supports read-only mounts.
- The `podman play kube` command now supports setting labels on
pods from Kubernetes metadata labels.
- The `podman play kube` command now supports setting container
restart policy [#7656].
- The `podman play kube` command now properly handles
`HostAlias` entries.
- The `podman generate kube` command now adds entries to
`/etc/hosts` from `--host-add` generated YAML as `HostAlias`
- The `podman play kube` and `podman generate kube` commands
now properly support `shareProcessNamespace` to share the PID
namespace in pods.
- The `podman volume ls` command now supports the `dangling`
filter to identify volumes that are dangling (not attached to
any container).
- The `podman run` and `podman create` commands now feature a
`--umask` option to set the umask of the created container.
- The `podman create` and `podman run` commands now feature a
`--tz` option to set the timezone within the container [#5128].
- Environment variables for Podman can now be added in the
`containers.conf` configuration file.
- The `--mount` option of `podman run` and `podman create` now
supports a new mount type, `type=devpts`, to add a `devpts`
mount to the container. This is useful for containers that
want to mount `/dev/` from the host into the container, but
still create a terminal.
- The `--security-opt` flag to `podman run` and `podman create`
now supports a new option, `proc-opts`, to specify options
for the container's `/proc` filesystem.
- Podman with the `crun` OCI runtime now supports a new option
to `podman run` and `podman create`, `--cgroup-conf`, which
allows for advanced configuration of cgroups on cgroups v2
- The `podman create` and `podman run` commands now support a
`--override-variant` option, to override the architecture
variant of the image that will be pulled and ran.
- A new global option has been added to Podman,
`--runtime-flags`, which allows for setting flags to use when
the OCI runtime is called.
- The `podman manifest add` command now supports the
`--cert-dir`, `--auth-file`, `--creds`, and `--tls-verify`
* Security
- This release resolves CVE-2020-14370, in which environment
variables could be leaked between containers created using
the Varlink API.
* Changes
- Podman will now retry pulling an image 3 times if a pull
fails due to network errors.
- The `podman exec` command would previously print error
messages (e.g. `exec session exited with non-zero exit code
- 1`) when the command run exited with a non-0 exit code. It
no longer does this. The `podman exec` command will still
exit with the same exit code as the command run in the
container did.
- Error messages when creating a container or pod with a name
that is already in use have been improved.
- For read-only containers running systemd init, Podman creates
a tmpfs filesystem at `/run`. This was previously limited to
65k in size and mounted `noexec`, but is now unlimited size
and mounted `exec`.
- The `podman system reset` command no longer removes
configuration files for rootless Podman.
- The Libpod API version has been bumped to v2.0.0 due to a
breaking change in the Image List API.
- Docker-compatible Volume Endpoints (Create, Inspect, List,
Remove, Prune) are now available!
- Added an endpoint for generating systemd unit files for
- The `last` parameter to the Libpod container list endpoint
now has an alias, `limit` [#6413].
- The Libpod image list API new returns timestamps in Unix
format, as integer, as opposed to as strings
- The Compat Inspect endpoint for containers now includes port
information in NetworkSettings.
- The Compat List endpoint for images now features limited
support for the (deprecated) `filter` query parameter [#6797].
- Fixed a bug where the Compat Create endpoint for containers
was not correctly handling bind mounts.
- Fixed a bug where the Compat Create endpoint for containers
would not return a 404 when the requested image was not
- Fixed a bug where the Compat Create endpoint for containers
did not properly handle Entrypoint and Command from images.
- Fixed a bug where name history information was not properly
added in the Libpod Image List endpoint.
- Fixed a bug where the Libpod image search endpoint improperly
populated the Description field of responses.
- Added a `noTrunc` option to the Libpod image search endpoint.
- Fixed a bug where the Pod List API would return null, instead
of an empty array, when no pods were present [#7392].
- Fixed a bug where endpoints that hijacked would do perform
the hijack too early, before being ready to send and receive
data [#7195].
- Fixed a bug where Pod endpoints that can operate on multiple
containers at once (e.g. Kill, Pause, Unpause, Stop) would
not forward errors from individual containers that failed.
- The Compat List endpoint for networks now supports filtering
results [#7462].
- Fixed a bug where the Top endpoint for pods would return both
a 500 and 404 when run on a non-existant pod.
- Fixed a bug where Pull endpoints did not stream progress back
to the client.
- The Version endpoints (Libpod and Compat) now provide version
in a format compatible with Docker.
- All non-hijacking responses to API requests should not
include headers with the version of the server.
- Fixed a bug where Libpod and Compat Events endpoints did not
send response headers until the first event occurred [#7263].
- Fixed a bug where the Build endpoints (Compat and Libpod) did
not stream progress to the client.
- Fixed a bug where the Stats endpoints (Compat and Libpod) did
not properly handle clients disconnecting.
- Fixed a bug where the Ignore parameter to the Libpod Stop
endpoint was not performing properly.
- Fixed a bug where the Compat Logs endpoint for containers did
not stream its output in the correct format [#7196].

==== systemd ====
Version update (246.4 -> 246.6)
Subpackages: libsystemd0 libudev1 systemd-logger systemd-sysvinit udev

- Import commit d7b5ac76dc95ddf30e707d26998e36303e9f52a7 (merge of v246.6)
For a complete list of changes, visit:
- Ship {/usr/lib,/etc}/systemd/network directories in the main package
These directories can be used by both udevd and networkd.
- Remove dangling symlink
Otherwise the build system complains.
- Import commit 1cab0d44584687ace92d1df30eadf264231e3b65 (include v246.5)
304ec2c7ab fstab-generator: add 'nofail' when NFS 'bg' option is used
6ae277fb37 test: adapt TEST-21-SYSUSERS for SUSE
acd8bfd2cc test: adapt TEST-13-NSPAWN-SMOKE for SUSE
For a complete list of changes, visit:

==== wicked ====
Version update (0.6.63 -> 0.6.64)
Subpackages: wicked-service

- version 0.6.64
- avoid incomplete ifdown/timeout on route deletion error (bsc#1174099)
- dhcp4: add DHCLIENT_CREATE_CID to ifcfg (jsc#SLE-15770)
- wicked: fixes to ifreload on port changes (bsc#1168155,bsc#1172082)
- team: fix schema to use correct hwaddr_policy property (boo#1171234)
- team: enable ipv6 on ports when nsna_ping linkwatch is used (bsc#959556)

To unsubscribe, e-mail: opensuse-kubic+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-kubic+owner@xxxxxxxxxxxx

< Previous Next >
This Thread
  • No further messages