------------------------------------------------------------------- Mon Sep 23 15:28:02 UTC 2019 - Richard Brown - Update to image 1.4.4 - Hard-code the kernel keyring use to be disabled for now - Update to libpod 1.5.1 - The hostname of pods is now set to the pod's name - Minor bugfixes - Update to storage 1.12.16 - Ignore ro mount options in btrfs and windows drivers ------------------------------------------------------------------- Mon Sep 23 12:01:53 UTC 2019 - Richard Brown - Check /var/lib/containers if possible before setting btrfs backend (bsc#1151028) ------------------------------------------------------------------- Wed Aug 7 10:35:07 UTC 2019 - Sascha Grunert - Add missing licenses to spec file ------------------------------------------------------------------- Tue Aug 6 11:42:17 UTC 2019 - Marco Vedovati - Add a default registries.d configuration file, used to specify images signatures storage location. ------------------------------------------------------------------- Fri Aug 2 09:46:10 UTC 2019 - Sascha Grunert - Update to image v3.0.0 - Add "Env" to ImageInspectInfo - Add API function TryUpdatingCache - Add ability to install man pages - Add user registry auth to kernel keyring - Fix policy.json.md -> containers-policy.json.5.md references - Fix typo in docs/containers-registries.conf.5.md - Remove pkg/sysregistries - Touch up transport man page - Try harder in storageImageDestination.TryReusingBlob - Use the same HTTP client for contacting the bearer token server and the registry - ci: change GOCACHE to a writeable path - config.go: improve debug message - config.go: log where credentials come from - docker client: error if registry is blocked - docker: allow deleting OCI images - docker: delete: support all MIME types - ostree: default is no OStree support - ostree: improve error message - progress bar: use spinners for unknown blob sizes - use 'containers_image_ostree' as build tag - use keyring when authfile empty - Update to storage v1.12.16 - Add cirrus vendor check - Add storage options to IgnoreChownErrors - Add support for UID as well as UserName in /etc/subuid files. - Add support for ignoreChownErrors to vfs - Add support for installing man pages - Fix cross-compilation - Keep track of the UIDs and GIDs used in applied layers - Move lockfiles to their own package - Remove merged directory when it is unmounted - Switch to go modules - Switch to golangci-lint - Update generated files - Use same variable name on both commands - cirrus: ubuntu: try removing cryptsetup-initramfs - compression: add support for the zstd algorithm - getLockfile(): use the absolute path - loadMounts(): reset counts before merging just-loaded data - lockfile: don't bother releasing a lock when closing a file - locking test updates - locking: take read locks on read-only stores - make local-cross more reliable for CI - overlay: cache the results of supported/using-metacopy/use-naive-diff feature tests - overlay: fix small piece of repeated work - utils: fix check for missing conf file - zstd: use github.com/klauspost/compress directly ------------------------------------------------------------------- Mon Jul 8 13:18:20 UTC 2019 - Sascha Grunert - Update to libpod v1.4.4 - Fixed a bug where rootless Podman would attempt to use the entire root configuration if no rootless configuration was present for the user, breaking rootless Podman for new installations - Fixed a bug where rootless Podman's pause process would block SIGTERM, preventing graceful system shutdown and hanging until the system's init send SIGKILL - Fixed a bug where running Podman as root with sudo -E would not work after running rootless Podman at least once - Fixed a bug where options for tmpfs volumes added with the --tmpfs flag were being ignored - Fixed a bug where images with no layers could not properly be displayed and removed by Podman - Fixed a bug where locks were not properly freed on failure to create a container or pod - Podman now has greatly improved support for containers using multiple OCI runtimes. Containers now remember if they were created with a different runtime using --runtime and will always use that runtime - The cached and delegated options for volume mounts are now allowed for Docker compatability (#3340) - The podman diff command now supports the --latest flag - Fixed a bug where podman cp on a single file would create a directory at the target and place the file in it (#3384) - Fixed a bug where podman inspect --format '{{.Mounts}}' would print a hexadecimal address instead of a container's mounts - Fixed a bug where rootless Podman would not add an entry to container's /etc/hosts files for their own hostname (#3405) - Fixed a bug where podman ps --sync would segfault (#3411) - Fixed a bug where podman generate kube would produce an invalid ports configuration (#3408) - Podman now performs much better on systems with heavy I/O load - The --cgroup-manager flag to podman now shows the correct default setting in help if the default was overridden by libpod.conf - For backwards compatability, setting --log-driver=json-file in podman run is now supported as an alias for --log-driver=k8s-file. This is considered deprecated, and json-file will be moved to a new implementation in the future ([#3363](https://github.com/containers/libpod/issues/3363)) - Podman's default libpod.conf file now allows the crun OCI runtime to be used if it is installed - Fixed a bug where Podman could not run containers using an older version of Systemd as init (#3295) - Updated vendored Buildah to v1.9.0 to resolve a critical bug with Dockerfile RUN instructions - The error message for running podman kill on containers that are not running has been improved - The Podman remote client can now log to a file if syslog is not available - The MacOS dmg file is experimental, use at your own risk. - The podman exec command now sets its error code differently based on whether the container does not exist, and the command in the container does not exist - The podman inspect command on containers now outputs Mounts JSON that matches that of docker inspect, only including user-specified volumes and differentiating bind mounts and named volumes - The podman inspect command now reports the path to a container's OCI spec with the OCIConfigPath key (only included when the container is initialized or running) - The podman run --mount command now supports the bind-nonrecursive option for bind mounts (#3314) - Fixed a bug where podman play kube would fail to create containers due to an unspecified log driver - Fixed a bug where Podman would fail to build with musl libc (#3284) - Fixed a bug where rootless Podman using slirp4netns networking in an environment with no nameservers on the host other than localhost would result in nonfunctional networking (#3277) - Fixed a bug where podman import would not properly set environment variables, discarding their values and retaining only keys - Fixed a bug where Podman would fail to run when built with Apparmor support but run on systems without the Apparmor kernel module loaded (#3331) - Remote Podman will now default the username it uses to log in to remote systems to the username of the current user - Podman now uses JSON logging with OCI runtimes that support it, allowing for better error reporting - Updated vendored Buildah to v1.8.4 - Updated vendored containers/image to v2.0 - Update to image v2.0.0 - Add registry mirror support - Include missing man pages (bsc#1139526) - Update to storage v1.12.10 - Add support for UID as well as UserName in /etc/subuid files. - utils: fix check for missing conf file - compression: add support for the zstd algorithm - overlay: cache the results of supported/using-metacopy/use-naive-diff feature tests ------------------------------------------------------------------- Tue Jun 11 07:06:13 UTC 2019 - Sascha Grunert - Update to libpod v1.4.0 - The podman checkpoint and podman restore commands can now be used to migrate containers between Podman installations on different systems - The podman cp command now supports a pause flag to pause containers while copying into them - The remote client now supports a configuration file for pre-configuring connections to remote Podman installations - Fixed CVE-2019-10152 - The podman cp command improperly dereferenced symlinks in host context - Fixed a bug where podman commit could improperly set environment variables that contained = characters - Fixed a bug where rootless Podman would sometimes fail to start containers with forwarded ports - Fixed a bug where podman version on the remote client could segfault - Fixed a bug where podman container runlabel would use /proc/self/exe instead of the path of the Podman command when printing the command being executed - Fixed a bug where filtering images by label did not work - Fixed a bug where specifying a bing mount or tmpfs mount over an image volume would cause a container to be unable to start - Fixed a bug where podman generate kube did not work with containers with named volumes - Fixed a bug where rootless Podman would receive permission denied errors accessing conmon.pid - Fixed a bug where podman cp with a folder specified as target would replace the folder, as opposed to copying into it - Fixed a bug where rootless Podman commands could double-unlock a lock, causing a crash - Fixed a bug where Podman incorrectly set tmpcopyup on /dev/ mounts, causing errors when using the Kata containers runtime - Fixed a bug where podman exec would fail on older kernels - The podman commit command is now usable with the Podman remote client - The --signature-policy flag (used with several image-related commands) has been deprecated - The podman unshare command now defines two environment variables in the spawned shell: CONTAINERS_RUNROOT and CONTAINERS_GRAPHROOT, pointing to temporary and permanent storage for rootless containers - Updated vendored containers/storage and containers/image libraries with numerous bugfixes - Updated vendored Buildah to v1.8.3 - Podman now requires Conmon v0.2.0 - The podman cp command is now aliased as podman container cp - Rootless Podman will now default init_path using root Podman's configuration files (/etc/containers/libpod.conf and /usr/share/containers/libpod.conf) if not overridden in the rootless configuration - Update to image v1.5.1 - Vendor in latest containers/storage - docker/docker_client: Drop redundant Domain(ref.ref) call - pkg/blobinfocache: Split implementations into subpackages - copy: progress bar: show messages on completion - docs: rename manpages to *.5.command - add container-certs.d.md manpage - pkg/docker/config: Bring auth tests from docker/docker_client_test - Don't allocate a sync.Mutex separately - Update to storage v1.12.10 - Add function to parse out mount options from graphdriver - Merge the disparate parts of all of the Unix-like lockfiles - Fix unix-but-not-Linux compilation - Return XDG_RUNTIME_DIR as RootlessRuntimeDir if set - Cherry-pick moby/moby #39292 for CVE-2018-15664 fixes - lockfile: add RecursiveLock() API - Update generated files - Fix crash on tesing of aufs code - Let consumers know when Layers and Images came from read-only stores - chown: do not change owner for the mountpoint - locks: correctly mark updates to the layers list - CreateContainer: don't worry about mapping layers unless necessary - docs: fix manpage for containers-storage.conf - docs: sort configuration options alphabetically - docs: document OSTree file deduplication - Add missing options to man page for containers-storage - overlay: use the layer idmapping if present - vfs: prefer layer custom idmappings - layers: propagate down the idmapping settings - Recreate symlink when not found - docs: fix manpage for configuration file - docs: add special handling for manpages in sect 5 - overlay: fix single-lower test - Recreate symlink when not found - overlay: propagate errors from mountProgram - utils: root in a userns uses global conf file - Fix handling of additional stores - Correctly check permissions on rootless directory - Fix possible integer overflow on 32bit builds - Evaluate device path for lvm - lockfile test: make concurrent RW test determinisitc - lockfile test: make concurrent read tests deterministic - drivers.DirCopy: fix filemode detection - storage: move the logic to detect rootless into utils.go - Don't set (struct flock).l_pid - Improve documentation of getLockfile - Rename getLockFile to createLockerForPath, and document it - Add FILES section to containers-storage.5 man page - add digest locks - drivers/copy: add a non-cgo fallback - Add default SLES mounts for container-suseconnect usage ------------------------------------------------------------------- Tue Jun 4 14:27:15 UTC 2019 - Richard Brown - Add util-linux and grep as Requires(post) to ensure btrfs config gets made correctly ------------------------------------------------------------------- Mon Apr 1 14:24:17 UTC 2019 - Richard Brown - Update to libpod v1.2.0 * Rootless Podman can now be used with a single UID and GID, without requiring a full 65536 UIDs/GIDs to be allocated in /etc/subuid and /etc/subgid * Move pkg/util default storage functions from libpod to containers/storage - Update to image v1.5 * Minor behind the scene bugfixes, no user facing changes - Update to storage v1.12.1 * Move pkg/util default storage functions from libpod to containers/storage * containers/storage no longer depends on containers/image - Version 20190401 ------------------------------------------------------------------- Wed Feb 27 14:51:55 UTC 2019 - Richard Brown - Update to libpod v1.1.0 * Rootless Podman can now forward ports into containers (using the same -p and -P flags as root Podman) * Rootless Podman will now pull some configuration options (for example, OCI runtime path) from the default root libpod.conf if they are not explicitly set in the user's own libpod.conf ------------------------------------------------------------------- Tue Feb 19 15:34:54 UTC 2019 - Richard Brown - Upgrade to storage v1.10 * enable parallel blob reads * Teach images to hold multiple manifests * Move structs for storage.conf to pkg/config - Upgrade to libpod v1.0.1 * Do not unmarshal into c.config.Spec * spec: add nosuid,noexec,nodev to ro bind mount ------------------------------------------------------------------- Sat Feb 2 11:07:30 UTC 2019 - Richard Brown - Restore non-upstream storage.conf, needed by CRI-O ------------------------------------------------------------------- Fri Jan 25 14:30:45 UTC 2019 - Richard Brown - Upgrade to storage v1.8 * Check for the OS when setting btrfs/libdm/ostree tags - Upgrade to image v1.3 * vendor: use github.com/klauspost/pgzip instead of compress/gzip * vendor latest ostree - Refactor specfile to use versioned tarballs - Established package versioning scheme (ISODATE of change) - Remove non-upstream storage.conf - Set btrfs as default driver if /var/lib is on btrfs [boo#1123119] - Version 20190125 ------------------------------------------------------------------- Thu Jan 17 14:20:49 UTC 2019 - Richard Brown - Upgrade to storage v1.6 * Remove private mount from zfs driver * Update zfs driver to be closer to moby driver * Use mount options when mounting the chown layer. ------------------------------------------------------------------- Sun Jan 13 15:39:42 UTC 2019 - Richard Brown - Upgrade to libpod v1.0.0 * Fixed a bug where storage.conf was sometimes ignored for rootless containers ------------------------------------------------------------------- Tue Jan 8 11:35:41 UTC 2019 - Richard Brown - Upgrade to libpod v0.12.1.2 and storage v1.4 * No significant functional or packaging changes ------------------------------------------------------------------- Sun Jan 6 22:11:02 UTC 2019 - Richard Brown - storage.conf - restore btrfs as the default driver ------------------------------------------------------------------- Fri Dec 7 10:54:37 UTC 2018 - Richard Brown - Update to latest libpod and storage to support cri-o 1.13 ------------------------------------------------------------------- Wed Dec 5 14:45:37 UTC 2018 - Richard Brown - Use seccomp.json from github.com/containers/libpod, instead of installing the tar.xz on users systems (boo#1118444) ------------------------------------------------------------------- Mon Nov 12 09:21:37 UTC 2018 - Valentin Rothberg - Add oci-hooks(5) manpage from libpod. ------------------------------------------------------------------- Mon Nov 12 08:14:08 UTC 2018 - Valentin Rothberg - Use seccomp.json from github.com/containers/libpod to align with the upstream defaults. - Update to the latest image and storage to pull in improvements to the manpages. ------------------------------------------------------------------- Mon Aug 27 14:24:51 UTC 2018 - vrothberg@suse.com - storage.conf: comment out options that are not supported by btrfs. This simplifies switching the driver as it avoids the whack-a-mole of commenting out "unsupported" options. ------------------------------------------------------------------- Mon Aug 27 08:48:16 UTC 2018 - vrothberg@suse.com - Consolidate libcontainers-{common,image,storage} into one package, libcontainers-common. That's the way upstream intended all libraries from github.com/containers to be packaged. It facilitates updating and maintaining the package, as all configs and manpages come from a central source. Note that the `storage` binary that previously has been provided by the libcontainers-storage package is not provided anymore as, despite the claims in the manpages, it is not intended for production use. ------------------------------------------------------------------- Mon Aug 13 11:44:31 UTC 2018 - vrothberg@suse.com - Make libcontainers-common arch independent. - Add LICENSE. ------------------------------------------------------------------- Thu Apr 12 09:36:39 UTC 2018 - fcastelli@suse.com - Added /usr/share/containers/oci/hooks.d and /etc/containers/oci/hooks.d to the package. These are used by tools like cri-o and podman to store custom hooks. ------------------------------------------------------------------- Mon Mar 5 09:30:12 UTC 2018 - vrothberg@suse.com - Configuration files should generally be tagged as %config(noreplace) in order to keep the modified config files and to avoid losing data when the package is being updated. feature#crio ------------------------------------------------------------------- Thu Feb 8 13:07:24 UTC 2018 - vrothberg@suse.com - Add libcontainers-common package.