github/containerd
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity
14,536 Commits 3 Branches 4 Tags
e206c07edcb07835e676d21e4a3c3b46fd1bda04
Commit Graph

14536 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Maksym Pavlenko
e206c07edc Merge pull request #11154 from k8s-infra-cherrypick-robot/cherry-pick-11122-to-release/2.0 
[release/2.0] build(deps): bump actions/attest-build-provenance from 1.4.4 to 2.1.0
 2024-12-13 11:41:59 -08:00
dependabot[bot]
fe69570849 build(deps): bump actions/attest-build-provenance from 1.4.4 to 2.1.0 
Bumps [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance) from 1.4.4 to 2.1.0.
- [Release notes](https://github.com/actions/attest-build-provenance/releases)
- [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md)
- [Commits](ef244123eb...7668571508)

Signed-off-by: Derek McGowan <derek@mcg.dev>
 2024-12-13 10:09:20 -08:00
Derek McGowan
eb2d0c4762 Merge pull request #11153 from k8s-infra-cherrypick-robot/cherry-pick-11130-to-release/2.0 
[release/2.0] update xx to v1.6.1 for compatibility with alpine 3.21 and file 5.46+
 2024-12-13 09:58:31 -08:00
Sebastiaan van Stijn
eb2ce68829 update xx to v1.6.1 for compatibility with alpine 3.21 and file 5.46+ 
This fixes compatibility with alpine 3.21 and file 5.46+

- Fix additional possible `xx-cc`/`xx-cargo` compatibility issue with Alpine 3.21
- Support for Alpine 3.21
- Fix `xx-verify` with `file` 5.46+
- Fix possible error taking lock in `xx-apk` in latest Alpine without `coreutils`

full diff: https://github.com/tonistiigi/xx/compare/v1.2.1...v1.6.1

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2024-12-12 19:12:49 +00:00
Derek McGowan
c11f124500 Merge pull request #11139 from k8s-infra-cherrypick-robot/cherry-pick-11086-to-release/2.0 
[release/2.0] ctr pull should unpack for default platform when transfer service is used
 2024-12-12 11:05:34 -08:00
Derek McGowan
8c6dd50d91 Merge pull request #11151 from k8s-infra-cherrypick-robot/cherry-pick-11104-to-release/2.0 
[release/2.0] internal/cri: should not apply IoOwner options if it's not user namespace
 2024-12-12 11:05:10 -08:00
Phil Estes
e9004f0a88 Merge pull request #11146 from k8s-infra-cherrypick-robot/cherry-pick-11135-to-release/2.0 
[release/2.0] Update go-cni for CNI STATUS
 2024-12-12 10:12:54 -05:00
Phil Estes
c403b64231 Merge pull request #11140 from k8s-infra-cherrypick-robot/cherry-pick-11061-to-release/2.0 
[release/2.0] Fix cri grpc plugin config migration
 2024-12-12 10:12:27 -05:00
Phil Estes
d5a99f073f Merge pull request #11142 from thaJeztah/2.0_backport_bump_runc_binary 
[release/2.0 backport] update runc binary to v1.2.3
 2024-12-12 10:11:53 -05:00
Wei Fu
018d83650f internal/cri: should not apply IoOwner options 
When kubelet enables UserNamespaceSupport feature gate, kubelet always
uses non-empty UsernsOptions to setup pods. In this case, the gVisor shim is
unable to parse runc.Option so that it will be unable to start container.

This change is to avoid adding IoOwner options if the UsernsOptions is
for node level. Since gVisor hasn't feature subcommand yet, CRI status
will report that gVisor runtime doesn't support user namespace. So it's
kind of workaround to avoid compatible issue.

REF: #11091

Signed-off-by: Wei Fu <fuweid89@gmail.com>
 2024-12-12 14:49:29 +00:00
Michael Zappa
5eb7995a9a feat: update go-cni version for CNI STATUS 
Signed-off-by: Michael Zappa <michael.zappa@gmail.com>
 2024-12-11 20:50:33 +00:00
Sebastiaan van Stijn
a53eff53d9 update runc binary to v1.2.3 
This is the third patch release of the 1.2.z release branch of runc. It
primarily fixes some minor regressions introduced in 1.2.0.

- Fixed a regression in use of securejoin.MkdirAll, where multiple
  runc processes racing to create the same mountpoint in a shared rootfs
  would result in spurious EEXIST errors. In particular, this regression
  caused issues with BuildKit.
- Fixed a regression in eBPF support for pre-5.6 kernels after upgrading
  Cilium's eBPF library version to 0.16 in runc.

full diff: https://github.com/opencontainers/runc/compare/v1.2.2...v1.2.3
release notes: https://github.com/opencontainers/runc/releases/tag/v1.2.3

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 981414521baf578a313c7b7af034ade6cb92b10d)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2024-12-11 21:31:32 +01:00
Derek McGowan
a2302ea89f Add integration test for custom configuration 
Signed-off-by: Derek McGowan <derek@mcg.dev>
 2024-12-11 16:50:42 +00:00
Jin Dong
be5eda069f complete cri grpc config migration 
Signed-off-by: Jin Dong <djdongjin95@gmail.com>
 2024-12-11 16:50:42 +00:00
Jin Dong
44cdca68b5 ctr pull unpack for default platform using transfer service 
Signed-off-by: Jin Dong <djdongjin95@gmail.com>
 2024-12-11 16:50:34 +00:00
Samuel Karp
d93ae6232a Merge pull request #11068 from k8s-infra-cherrypick-robot/cherry-pick-11062-to-release/2.0 
[release/2.0] Update differ to handle zstd media types
 2024-12-09 15:22:26 -08:00
Derek McGowan
154b692b2b Merge pull request #11109 from k8s-infra-cherrypick-robot/cherry-pick-11102-to-release/2.0 
[release/2.0] update to go1.23.4 / go1.22.10
 2024-12-06 06:07:41 -08:00
Akihiro Suda
ed0b75c52b Merge pull request #11110 from k8s-infra-cherrypick-robot/cherry-pick-10930-to-release/2.0 
[release/2.0] CI: update Fedora to 41
 2024-12-06 23:05:55 +09:00
Akihiro Suda
62b790bfac CI: update Fedora to 41 
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2024-12-06 03:17:32 +00:00
Akhil Mohan
290e8bc704 update to go1.23.4 / go1.22.10 
- go1.23.4 (released 2024-12-03) includes fixes to the compiler, the runtime,
the trace command, and the syscall package. See the Go 1.23.4 milestone on
our issue tracker for details.
https://github.com/golang/go/issues?q=milestone%3AGo1.23.4+label%3ACherryPickApproved

- go1.22.10 (released 2024-12-03) includes fixes to the runtime and the
syscall package. See the Go 1.22.10 milestone on our issue tracker for details.
https://github.com/golang/go/issues?q=milestone%3AGo1.22.10+label%3ACherryPickApproved

Signed-off-by: Akhil Mohan <akhilerm@gmail.com>
 2024-12-06 02:48:11 +00:00
Derek McGowan
1b7befc8dd Merge pull request #11098 from k8s-infra-cherrypick-robot/cherry-pick-11069-to-release/2.0 
[release/2.0] Fix panic due to nil dereference cgroups v2
 2024-12-05 16:24:36 -08:00
Jin Dong
3ba2df924a fix panic due to nil dereference cgroups v2 
Signed-off-by: Jin Dong <djdongjin95@gmail.com>
 2024-12-05 01:53:43 +00:00
Derek McGowan
961cac9aa0 Merge pull request #11067 from austinvazquez/cherry-pick-3961dc9c8cb0e31925e45a2273bbdc06412be262-to-2.0 
[release/2.0] Publish attestation as release artifact
 2024-11-27 08:36:11 -08:00
Derek McGowan
73f57acb0d Update differ to handle zstd media types 
The differ should be able to generate zstd compressed layers when
provided with the zstd media type.

Signed-off-by: Derek McGowan <derek@mcg.dev>
 2024-11-27 16:35:58 +00:00
Austin Vazquez
34a45cab2a Publish attestation as release artifact 
Signed-off-by: Austin Vazquez <macedonv@amazon.com>
(cherry picked from commit 3961dc9c8cb0e31925e45a2273bbdc06412be262)
Signed-off-by: Austin Vazquez <macedonv@amazon.com>
 2024-11-26 19:47:08 -07:00
Derek McGowan
b4cab35e2b Merge pull request #11053 from djdongjin/rocky-ci-fix-2.0 
[release/2.0] Move rockylinux 9.4 to almalinux/9 in CI
 2024-11-25 06:11:04 -08:00
Jin Dong
7dec6b4607 move rocky 9.4 to almalinux/9 in CI 
Signed-off-by: Jin Dong <djdongjin95@gmail.com>
(cherry picked from commit 288001f68c5fd34cfbdc7284f14375a3762b8ff4)
Signed-off-by: Jin Dong <djdongjin95@gmail.com>
 2024-11-25 13:16:08 +00:00
Fu Wei
952ad6b3a6 Merge pull request #11035 from k8s-infra-cherrypick-robot/cherry-pick-10906-to-release/2.0 
[release/2.0] *: should align pipe's owner with init process
 2024-11-20 15:46:56 -08:00
Wei Fu
cf07f28ee2 *: should align pipe's owner with init process 
The containerd-shim creates pipes and passes them to the init container as
stdin, stdout, and stderr for logging purposes. By default, these pipes are
owned by the root user (UID/GID: 0/0). The init container can access them
directly through inheritance.

However, if the init container attempts to open any files pointing to these
pipes (e.g., /proc/1/fd/2, /dev/stderr), it will encounter a permission issue
since it is not the owner. To avoid this, we need to align the ownership of
the pipes with the init process.

Fixes: #10598

Signed-off-by: Wei Fu <fuweid89@gmail.com>
 2024-11-20 18:01:26 +00:00
Derek McGowan
6e51f71621 Merge pull request #11031 from k8s-infra-cherrypick-robot/cherry-pick-10917-to-release/2.0 
[release/2.0] fix: set the credentials even if not provided
 2024-11-19 15:52:59 -08:00
Andrey Smirnov
9860888666 fix: set the credentials even if not provided 
Fixes #10916

Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
 2024-11-19 22:36:50 +00:00
Fu Wei
78795fa068 Merge pull request #10978 from austinvazquez/cherry-pick-pr-10972-to-2.0 
[release/2.0] fsverity_test.go: fix nil pointer derefence, fix test fail, fix minor/major device numbers resolving
 2024-11-19 10:43:47 -08:00
Akihiro Suda
376eb1d154 Merge pull request #11023 from austinvazquez/cherry-pick-runc-1.2.2-to-2.0 
[release/2.0] update runc binary to 1.2.2
 2024-11-19 14:32:26 +09:00
Austin Vazquez
9081e979f7 update runc binary to 1.2.2 
Signed-off-by: Austin Vazquez <macedonv@amazon.com>
(cherry picked from commit 9a7bc5423ef5f477705802e45c0b06869764caca)
Signed-off-by: Austin Vazquez <macedonv@amazon.com>
 2024-11-18 17:59:03 +00:00
Samuel Karp
30cbb03d49 Merge pull request #11009 from k8s-infra-cherrypick-robot/cherry-pick-11004-to-release/2.0 
[release/2.0] Revert "Disable vagrant strict dependency checking"
 2024-11-14 20:34:13 -08:00
Akhil Mohan
6399c936fa Revert "Disable vagrant strict dependency checking" 
This reverts commit ae73e30130.

Signed-off-by: Akhil Mohan <akhilerm@gmail.com>
 2024-11-15 03:41:44 +00:00
Fu Wei
da51d8ffd3 Merge pull request #11005 from k8s-infra-cherrypick-robot/cherry-pick-10981-to-release/2.0 
[release/2.0] fsverity_linux.go: Fix fsverity.IsEnabled() for big endian systems
 2024-11-14 15:48:50 -08:00
Alexey Lunev
a7f2b562f3 fsverity_linux.go: Fix fsverity.IsEnabled() for big endian systems 
Signed-off-by: Alexey Lunev <cheembox573@gmail.com>
 2024-11-14 17:34:00 +00:00
Phil Estes
abd8c4c39f Merge pull request #10997 from dmcgowan/backport-2.0-typeurl 
[release/2.0] bump github.com/containerd/typeurl/v2 from 2.2.2 to 2.2.3
 2024-11-12 15:29:20 -07:00
dependabot[bot]
389e781ea1 build(deps): bump github.com/containerd/typeurl/v2 from 2.2.2 to 2.2.3 
Bumps [github.com/containerd/typeurl/v2](https://github.com/containerd/typeurl) from 2.2.2 to 2.2.3.
- [Release notes](https://github.com/containerd/typeurl/releases)
- [Commits](https://github.com/containerd/typeurl/compare/v2.2.2...v2.2.3)

Signed-off-by: Derek McGowan <derek@mcg.dev>

---
updated-dependencies:
- dependency-name: github.com/containerd/typeurl/v2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
(cherry picked from commit 01c489141c37e27b71370ab26ab28347b17f4284)
Signed-off-by: Derek McGowan <derek@mcg.dev>
 2024-11-12 13:18:55 -08:00
Alexey Lunev
30b929ece7 fsverity_test.go: fix major/minor device number resolving 
Signed-off-by: Alexey Lunev <cheembox573@gmail.com>
(cherry picked from commit f9537ae126fc2be685cc32d5c98b4189a72e02e9)
Signed-off-by: Austin Vazquez <macedonv@amazon.com>
 2024-11-09 10:27:46 -08:00
Alexey Lunev
10996a334b fsverity_test.go: fix nil pointer dereference, fix test fail 
Signed-off-by: Alexey Lunev <cheembox573@gmail.com>
(cherry picked from commit 8a8e50e6d7baf99ebe02e6ca04d9d842addcd36c)
Signed-off-by: Austin Vazquez <macedonv@amazon.com>
 2024-11-09 10:27:26 -08:00
Maksym Pavlenko
e21cb92182 Merge pull request #10973 from k8s-infra-cherrypick-robot/cherry-pick-10970-to-release/2.0 
[release/2.0] update to go1.23.3 / go1.22.9
 2024-11-08 09:50:45 -08:00
Akhil Mohan
5b879f30c0 update to go1.23.3 / go1.22.9 
- go1.23.3 (released 2024-11-06) includes fixes to the linker, the
runtime, and the net/http, os, and syscall packages. See the
Go 1.23.3 milestone on our issue tracker for details.

- go1.22.9 (released 2024-11-06) includes fixes to the linker. See
the Go 1.22.9 milestone on our issue tracker for details

Signed-off-by: Akhil Mohan <akhilerm@gmail.com>
 2024-11-08 09:04:33 +00:00
Maksym Pavlenko
aedb61c92a Merge pull request #10963 from austinvazquez/enable-latest-release-on-2.0 
[release/2.0] ci: enable marking 2.0 releases as latest
 2024-11-07 15:46:34 -08:00
Mike Brown
124b718018 Merge pull request #10968 from dims/Avoid-arch-info-in-the-sed/replace-when-building-cri-cni-containerd.tar.gz-2.0 
[release/2.0] Avoid arch info in the sed/replace when building cri-cni-containerd.tar.gz
 2024-11-07 13:39:43 -06:00
Davanum Srinivas
e99c2b55c3 Avoid arch info in the sed/replace when building cri-cni-containerd.tar.gz 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2024-11-07 11:36:03 -05:00
Austin Vazquez
458215f6cf ci: enable marking 2.0 releases as latest 
Signed-off-by: Austin Vazquez <macedonv@amazon.com>
 2024-11-07 15:09:45 +00:00
Derek McGowan
207ad711ea Merge pull request #10939 from dmcgowan/prepare-v2.0.0 
Prepare release notes for v2.0.0
 2024-11-05 18:34:06 +00:00
Derek McGowan
03ba4ce1f7 Update release notes for v2.0.0 
Signed-off-by: Derek McGowan <derek@mcg.dev>
 2024-11-04 23:56:27 -08:00