libcontainers-common/libcontainers-common.changes

470 lines
21 KiB
Plaintext
Raw Normal View History

-------------------------------------------------------------------
Wed Oct 2 08:29:50 UTC 2019 - Sascha Grunert <sgrunert@suse.com>
- Update to image 4.0.0
- Add http response to log
- Add tests for parsing OpenShift kubeconfig files
- Compress: define some consts for the compression algos
- Compression: add support for the zstd
- Compression: allow to specify the compression format
- Copy: add nil checks
- Copy: compression: default to gzip
- Copy: don't lose annotations of BlobInfo
- Copy: fix options.DestinationCtx nil check
- Copy: use a bigger buffer for the compression
- Fix cross-compilation by vendoring latest c/storage
- Internal/testing/explicitfilepath-tmpdir: handle unset TMPDIR
- Keyctl: clean up after tests
- Make container tools work with go+openssl
- Make test-skopeo: replace c/image module instead of copying code
- Media type checks
- Move keyctl to internal & func remove auth from keyring
- Replace vendor.conf by go.mod
- Update dependencies
- Update test certificates
- Update to mergo v0.3.5
- Vendor.conf: update reference for containers/storage
- Update to storage 1.13.4
- Update generated files
- ImageBigData: distinguish between no-such-image and no-such-item
- ImageSize: don't get tripped up by images with no layers
- tarlogger: disable raw accouting
- Update to libpod 1.6.0
- Nothing changed regarding the OCI hooks documentation provided by this
package
-------------------------------------------------------------------
Mon Sep 23 15:28:02 UTC 2019 - Richard Brown <rbrown@suse.com>
- Update to image 1.4.4
- Hard-code the kernel keyring use to be disabled for now
- Update to libpod 1.5.1
- The hostname of pods is now set to the pod's name
- Minor bugfixes
- Update to storage 1.12.16
- Ignore ro mount options in btrfs and windows drivers
-------------------------------------------------------------------
Mon Sep 23 12:01:53 UTC 2019 - Richard Brown <rbrown@suse.com>
- Check /var/lib/containers if possible before setting btrfs backend (bsc#1151028)
-------------------------------------------------------------------
Wed Aug 7 10:35:07 UTC 2019 - Sascha Grunert <sgrunert@suse.com>
- Add missing licenses to spec file
-------------------------------------------------------------------
Tue Aug 6 11:42:17 UTC 2019 - Marco Vedovati <mvedovati@suse.com>
- Add a default registries.d configuration file, used to specify images
signatures storage location.
-------------------------------------------------------------------
Fri Aug 2 09:46:10 UTC 2019 - Sascha Grunert <sgrunert@suse.com>
- Update to image v3.0.0
- Add "Env" to ImageInspectInfo
- Add API function TryUpdatingCache
- Add ability to install man pages
- Add user registry auth to kernel keyring
- Fix policy.json.md -> containers-policy.json.5.md references
- Fix typo in docs/containers-registries.conf.5.md
- Remove pkg/sysregistries
- Touch up transport man page
- Try harder in storageImageDestination.TryReusingBlob
- Use the same HTTP client for contacting the bearer token server and the
registry
- ci: change GOCACHE to a writeable path
- config.go: improve debug message
- config.go: log where credentials come from
- docker client: error if registry is blocked
- docker: allow deleting OCI images
- docker: delete: support all MIME types
- ostree: default is no OStree support
- ostree: improve error message
- progress bar: use spinners for unknown blob sizes
- use 'containers_image_ostree' as build tag
- use keyring when authfile empty
- Update to storage v1.12.16
- Add cirrus vendor check
- Add storage options to IgnoreChownErrors
- Add support for UID as well as UserName in /etc/subuid files.
- Add support for ignoreChownErrors to vfs
- Add support for installing man pages
- Fix cross-compilation
- Keep track of the UIDs and GIDs used in applied layers
- Move lockfiles to their own package
- Remove merged directory when it is unmounted
- Switch to go modules
- Switch to golangci-lint
- Update generated files
- Use same variable name on both commands
- cirrus: ubuntu: try removing cryptsetup-initramfs
- compression: add support for the zstd algorithm
- getLockfile(): use the absolute path
- loadMounts(): reset counts before merging just-loaded data
- lockfile: don't bother releasing a lock when closing a file
- locking test updates
- locking: take read locks on read-only stores
- make local-cross more reliable for CI
- overlay: cache the results of supported/using-metacopy/use-naive-diff
feature tests
- overlay: fix small piece of repeated work
- utils: fix check for missing conf file
- zstd: use github.com/klauspost/compress directly
-------------------------------------------------------------------
Mon Jul 8 13:18:20 UTC 2019 - Sascha Grunert <sgrunert@suse.com>
- Update to libpod v1.4.4
- Fixed a bug where rootless Podman would attempt to use the
entire root configuration if no rootless configuration was
present for the user, breaking rootless Podman for new
installations
- Fixed a bug where rootless Podman's pause process would block
SIGTERM, preventing graceful system shutdown and hanging until
the system's init send SIGKILL
- Fixed a bug where running Podman as root with sudo -E would not
work after running rootless Podman at least once
- Fixed a bug where options for tmpfs volumes added with the
--tmpfs flag were being ignored
- Fixed a bug where images with no layers could not properly be
displayed and removed by Podman
- Fixed a bug where locks were not properly freed on failure to
create a container or pod
- Podman now has greatly improved support for containers using
multiple OCI runtimes. Containers now remember if they were
created with a different runtime using --runtime and will
always use that runtime
- The cached and delegated options for volume mounts are now
allowed for Docker compatability (#3340)
- The podman diff command now supports the --latest flag
- Fixed a bug where podman cp on a single file would create a
directory at the target and place the file in it (#3384)
- Fixed a bug where podman inspect --format '{{.Mounts}}' would
print a hexadecimal address instead of a container's mounts
- Fixed a bug where rootless Podman would not add an entry to
container's /etc/hosts files for their own hostname (#3405)
- Fixed a bug where podman ps --sync would segfault (#3411)
- Fixed a bug where podman generate kube would produce an invalid
ports configuration (#3408)
- Podman now performs much better on systems with heavy I/O load
- The --cgroup-manager flag to podman now shows the correct
default setting in help if the default was overridden by
libpod.conf
- For backwards compatability, setting --log-driver=json-file in
podman run is now supported as an alias for
--log-driver=k8s-file. This is considered deprecated, and
json-file will be moved to a new implementation in the future
([#3363](https://github.com/containers/libpod/issues/3363))
- Podman's default libpod.conf file now allows the crun OCI
runtime to be used if it is installed
- Fixed a bug where Podman could not run containers using an
older version of Systemd as init (#3295)
- Updated vendored Buildah to v1.9.0 to resolve a critical bug
with Dockerfile RUN instructions
- The error message for running podman kill on containers that
are not running has been improved
- The Podman remote client can now log to a file if syslog is not
available
- The MacOS dmg file is experimental, use at your own risk.
- The podman exec command now sets its error code differently
based on whether the container does not exist, and the command
in the container does not exist
- The podman inspect command on containers now outputs Mounts
JSON that matches that of docker inspect, only including
user-specified volumes and differentiating bind mounts and
named volumes
- The podman inspect command now reports the path to a
container's OCI spec with the OCIConfigPath key (only included
when the container is initialized or running)
- The podman run --mount command now supports the
bind-nonrecursive option for bind mounts (#3314)
- Fixed a bug where podman play kube would fail to create
containers due to an unspecified log driver
- Fixed a bug where Podman would fail to build with musl libc
(#3284)
- Fixed a bug where rootless Podman using slirp4netns networking
in an environment with no nameservers on the host other than
localhost would result in nonfunctional networking (#3277)
- Fixed a bug where podman import would not properly set
environment variables, discarding their values and retaining
only keys
- Fixed a bug where Podman would fail to run when built with
Apparmor support but run on systems without the Apparmor kernel
module loaded (#3331)
- Remote Podman will now default the username it uses to log in
to remote systems to the username of the current user
- Podman now uses JSON logging with OCI runtimes that support it,
allowing for better error reporting
- Updated vendored Buildah to v1.8.4
- Updated vendored containers/image to v2.0
- Update to image v2.0.0
- Add registry mirror support
- Include missing man pages (bsc#1139526)
- Update to storage v1.12.10
- Add support for UID as well as UserName in /etc/subuid files.
- utils: fix check for missing conf file
- compression: add support for the zstd algorithm
- overlay: cache the results of
supported/using-metacopy/use-naive-diff feature tests
-------------------------------------------------------------------
Tue Jun 11 07:06:13 UTC 2019 - Sascha Grunert <sgrunert@suse.com>
- Update to libpod v1.4.0
- The podman checkpoint and podman restore commands can now be
used to migrate containers between Podman installations on
different systems
- The podman cp command now supports a pause flag to pause
containers while copying into them
- The remote client now supports a configuration file for
pre-configuring connections to remote Podman installations
- Fixed CVE-2019-10152 - The podman cp command improperly
dereferenced symlinks in host context
- Fixed a bug where podman commit could improperly set
environment variables that contained = characters
- Fixed a bug where rootless Podman would sometimes fail to start
containers with forwarded ports
- Fixed a bug where podman version on the remote client could
segfault
- Fixed a bug where podman container runlabel would use
/proc/self/exe instead of the path of the Podman command when
printing the command being executed
- Fixed a bug where filtering images by label did not work
- Fixed a bug where specifying a bing mount or tmpfs mount over
an image volume would cause a container to be unable to start
- Fixed a bug where podman generate kube did not work with
containers with named volumes
- Fixed a bug where rootless Podman would receive permission
denied errors accessing conmon.pid
- Fixed a bug where podman cp with a folder specified as target
would replace the folder, as opposed to copying into it
- Fixed a bug where rootless Podman commands could double-unlock
a lock, causing a crash
- Fixed a bug where Podman incorrectly set tmpcopyup on /dev/
mounts, causing errors when using the Kata containers runtime
- Fixed a bug where podman exec would fail on older kernels
- The podman commit command is now usable with the Podman remote
client
- The --signature-policy flag (used with several image-related
commands) has been deprecated
- The podman unshare command now defines two environment
variables in the spawned shell: CONTAINERS_RUNROOT and
CONTAINERS_GRAPHROOT, pointing to temporary and permanent
storage for rootless containers
- Updated vendored containers/storage and containers/image
libraries with numerous bugfixes
- Updated vendored Buildah to v1.8.3
- Podman now requires Conmon v0.2.0
- The podman cp command is now aliased as podman container cp
- Rootless Podman will now default init_path using root Podman's
configuration files (/etc/containers/libpod.conf and
/usr/share/containers/libpod.conf) if not overridden in the
rootless configuration
- Update to image v1.5.1
- Vendor in latest containers/storage
- docker/docker_client: Drop redundant Domain(ref.ref) call
- pkg/blobinfocache: Split implementations into subpackages
- copy: progress bar: show messages on completion
- docs: rename manpages to *.5.command
- add container-certs.d.md manpage
- pkg/docker/config: Bring auth tests from
docker/docker_client_test
- Don't allocate a sync.Mutex separately
- Update to storage v1.12.10
- Add function to parse out mount options from graphdriver
- Merge the disparate parts of all of the Unix-like lockfiles
- Fix unix-but-not-Linux compilation
- Return XDG_RUNTIME_DIR as RootlessRuntimeDir if set
- Cherry-pick moby/moby #39292 for CVE-2018-15664 fixes
- lockfile: add RecursiveLock() API
- Update generated files
- Fix crash on tesing of aufs code
- Let consumers know when Layers and Images came from read-only stores
- chown: do not change owner for the mountpoint
- locks: correctly mark updates to the layers list
- CreateContainer: don't worry about mapping layers unless necessary
- docs: fix manpage for containers-storage.conf
- docs: sort configuration options alphabetically
- docs: document OSTree file deduplication
- Add missing options to man page for containers-storage
- overlay: use the layer idmapping if present
- vfs: prefer layer custom idmappings
- layers: propagate down the idmapping settings
- Recreate symlink when not found
- docs: fix manpage for configuration file
- docs: add special handling for manpages in sect 5
- overlay: fix single-lower test
- Recreate symlink when not found
- overlay: propagate errors from mountProgram
- utils: root in a userns uses global conf file
- Fix handling of additional stores
- Correctly check permissions on rootless directory
- Fix possible integer overflow on 32bit builds
- Evaluate device path for lvm
- lockfile test: make concurrent RW test determinisitc
- lockfile test: make concurrent read tests deterministic
- drivers.DirCopy: fix filemode detection
- storage: move the logic to detect rootless into utils.go
- Don't set (struct flock).l_pid
- Improve documentation of getLockfile
- Rename getLockFile to createLockerForPath, and document it
- Add FILES section to containers-storage.5 man page
- add digest locks
- drivers/copy: add a non-cgo fallback
- Add default SLES mounts for container-suseconnect usage
-------------------------------------------------------------------
Tue Jun 4 14:27:15 UTC 2019 - Richard Brown <rbrown@suse.com>
- Add util-linux and grep as Requires(post) to ensure btrfs config gets made correctly
-------------------------------------------------------------------
Mon Apr 1 14:24:17 UTC 2019 - Richard Brown <rbrown@suse.com>
- Update to libpod v1.2.0
* Rootless Podman can now be used with a single UID and GID, without requiring a full 65536 UIDs/GIDs to be allocated in /etc/subuid and /etc/subgid
* Move pkg/util default storage functions from libpod to containers/storage
- Update to image v1.5
* Minor behind the scene bugfixes, no user facing changes
- Update to storage v1.12.1
* Move pkg/util default storage functions from libpod to containers/storage
* containers/storage no longer depends on containers/image
- Version 20190401
-------------------------------------------------------------------
Wed Feb 27 14:51:55 UTC 2019 - Richard Brown <rbrown@suse.com>
- Update to libpod v1.1.0
* Rootless Podman can now forward ports into containers (using the same -p and -P flags as root Podman)
* Rootless Podman will now pull some configuration options (for example, OCI runtime path) from the default root libpod.conf if they are not explicitly set in the user's own libpod.conf
-------------------------------------------------------------------
Tue Feb 19 15:34:54 UTC 2019 - Richard Brown <rbrown@suse.com>
- Upgrade to storage v1.10
* enable parallel blob reads
* Teach images to hold multiple manifests
* Move structs for storage.conf to pkg/config
- Upgrade to libpod v1.0.1
* Do not unmarshal into c.config.Spec
* spec: add nosuid,noexec,nodev to ro bind mount
-------------------------------------------------------------------
Sat Feb 2 11:07:30 UTC 2019 - Richard Brown <rbrown@suse.com>
- Restore non-upstream storage.conf, needed by CRI-O
-------------------------------------------------------------------
Fri Jan 25 14:30:45 UTC 2019 - Richard Brown <rbrown@suse.com>
- Upgrade to storage v1.8
* Check for the OS when setting btrfs/libdm/ostree tags
- Upgrade to image v1.3
* vendor: use github.com/klauspost/pgzip instead of compress/gzip
* vendor latest ostree
- Refactor specfile to use versioned tarballs
- Established package versioning scheme (ISODATE of change)
- Remove non-upstream storage.conf
- Set btrfs as default driver if /var/lib is on btrfs [boo#1123119]
- Version 20190125
-------------------------------------------------------------------
Thu Jan 17 14:20:49 UTC 2019 - Richard Brown <rbrown@suse.com>
- Upgrade to storage v1.6
* Remove private mount from zfs driver
* Update zfs driver to be closer to moby driver
* Use mount options when mounting the chown layer.
-------------------------------------------------------------------
Sun Jan 13 15:39:42 UTC 2019 - Richard Brown <rbrown@suse.com>
- Upgrade to libpod v1.0.0
* Fixed a bug where storage.conf was sometimes ignored for rootless containers
-------------------------------------------------------------------
Tue Jan 8 11:35:41 UTC 2019 - Richard Brown <rbrown@suse.com>
- Upgrade to libpod v0.12.1.2 and storage v1.4
* No significant functional or packaging changes
-------------------------------------------------------------------
Sun Jan 6 22:11:02 UTC 2019 - Richard Brown <rbrown@suse.com>
- storage.conf - restore btrfs as the default driver
-------------------------------------------------------------------
Fri Dec 7 10:54:37 UTC 2018 - Richard Brown <rbrown@suse.com>
- Update to latest libpod and storage to support cri-o 1.13
-------------------------------------------------------------------
Wed Dec 5 14:45:37 UTC 2018 - Richard Brown <rbrown@suse.com>
- Use seccomp.json from github.com/containers/libpod, instead of
installing the tar.xz on users systems (boo#1118444)
-------------------------------------------------------------------
Mon Nov 12 09:21:37 UTC 2018 - Valentin Rothberg <vrothberg@suse.com>
- Add oci-hooks(5) manpage from libpod.
-------------------------------------------------------------------
Mon Nov 12 08:14:08 UTC 2018 - Valentin Rothberg <vrothberg@suse.com>
- Use seccomp.json from github.com/containers/libpod to align with the
upstream defaults.
- Update to the latest image and storage to pull in improvements to the
manpages.
-------------------------------------------------------------------
Mon Aug 27 14:24:51 UTC 2018 - vrothberg@suse.com
- storage.conf: comment out options that are not supported by btrfs.
This simplifies switching the driver as it avoids the whack-a-mole
of commenting out "unsupported" options.
-------------------------------------------------------------------
Mon Aug 27 08:48:16 UTC 2018 - vrothberg@suse.com
- Consolidate libcontainers-{common,image,storage} into one package,
libcontainers-common. That's the way upstream intended all libraries from
github.com/containers to be packaged. It facilitates updating and maintaining
the package, as all configs and manpages come from a central source.
Note that the `storage` binary that previously has been provided by the
libcontainers-storage package is not provided anymore as, despite the claims
in the manpages, it is not intended for production use.
-------------------------------------------------------------------
Mon Aug 13 11:44:31 UTC 2018 - vrothberg@suse.com
- Make libcontainers-common arch independent.
- Add LICENSE.
-------------------------------------------------------------------
Thu Apr 12 09:36:39 UTC 2018 - fcastelli@suse.com
- Added /usr/share/containers/oci/hooks.d and /etc/containers/oci/hooks.d
to the package. These are used by tools like cri-o and podman to store
custom hooks.
-------------------------------------------------------------------
Mon Mar 5 09:30:12 UTC 2018 - vrothberg@suse.com
- Configuration files should generally be tagged as %config(noreplace) in order
to keep the modified config files and to avoid losing data when the package
is being updated.
feature#crio
-------------------------------------------------------------------
Thu Feb 8 13:07:24 UTC 2018 - vrothberg@suse.com
- Add libcontainers-common package.