Replace all git and svn packages archive names in hash files:
$ sed -r -i -e 's/-br2/-git3/; s/-br3/-svn4/' $(
git grep -l -E -- '-br2|-br3' '*.hash'
)
$ sed -r -i -e 's/(\.tar\.gz)$/-go1\1/' $(
git grep -l -E '\$\(eval \$\((host-)?golang-package\)\)' '*.mk' \
|sed -r -e 's/\.mk$/.hash/' \
|sort -u
)
$ sed -r -i -e 's/(\.tar\.gz)$/-cargo1\1/' $(
git grep -l -E '\$\(eval \$\((host-)?cargo-package\)\)' '*.mk' \
|sed -r -e 's/\.mk$/.hash/' \
|sort -u
)
Then a bit of make source (based on: git diff --name-only), a lot of
sweat, and carefully checking the new archives to verify that only
modes have changed...
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
Updates containerd to v1.7.14.
Highlights
Fix various timing issues with docker pusher
Register imagePullThroughput and count with MiB
Move high volume event logs to Trace level
Container Runtime Interface (CRI)
Handle pod transition states gracefully while listing pod stats
Runtime
Update runc-shim to process exec exits before init
https://github.com/containerd/containerd/releases/tag/1.7.14
Signed-off-by: Christian Stewart <christian@aperture.us>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
btrfs handling doesn't depend on btrfs-progs but on kernel >= 4.12 since
bump to version 1.7.7 in commit 79e01ef950
and
024a748c09
resulting in the following build failure:
In file included from vendor/github.com/containerd/btrfs/v2/btrfs.go:21:0:
./btrfs.h:19:2: error: #error "Headers from kernel >= 4.12 are required on compilation time (not on run time)"
#error "Headers from kernel >= 4.12 are required on compilation time (not on run time)"
^~~~~
In file included from vendor/github.com/containerd/btrfs/v2/btrfs.go:21:0:
./btrfs.h:22:10: fatal error: linux/btrfs_tree.h: No such file or directory
#include <linux/btrfs_tree.h>
^~~~~~~~~~~~~~~~~~~~
Fixes: 79e01ef950
- http://autobuild.buildroot.org/results/d6afeef47daae1783dcce3e2b6a0a16e3e5d5fbd
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 35af2bb801 set
CONTAINERD_CPE_ID_PRODUCT to containerd but this is not needed as
CONTAINERD_CPE_ID_PRODUCT will be set to the package name
(i.e. containerd) by default
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Reviewed-by: Antoine Coutant <antoine.coutant@smile.fr>
The eighth patch release for containerd 1.7 contains various fixes and updates.
https://github.com/containerd/containerd/releases/tag/v1.7.8
Signed-off-by: Christian Stewart <christian@aperture.us>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Disable the AUFS snapshotter by default. AUFS support has been deprecated
since v1.5 and won't be available with containerd v2.0.
Add configuration option for the ZFS snapshotter and add the proper
runtime dependencies.
Add configuration option for Kubernetes CRI support. Note that CRI
support requires a writeable /etc or an appropriate containerd
configuration.
Signed-off-by: Stefan Agner <stefan@agner.ch>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bugfixes and updates.
Containerd v1.7.x comes with new features including container sandboxing.
https://github.com/containerd/containerd/releases/tag/v1.7.6
Signed-off-by: Christian Stewart <christian@aperture.us>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
Bugfixes and improvements.
We now install the containerd.service systemd unit.
https://github.com/containerd/containerd/releases/tag/v1.6.16
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
crun is a drop-in replacement for runc. If crun is enabled, but runc is
not, we already install an impersonation symlink, so we do not need to
force runc if crun is enabled. Still, runc is the default if crun is not
enabled.
Signed-off-by: TIAN Yuanhao <tianyuanhao3@163.com>
Reviewed-by: Christian Stewart <christian@paral.in>
[yann.morin.1998@free.fr: split into its own patch]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Note: this version adds compatibility for Go 1.18.
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
CVE-2021-43816: "Unprivileged pod using `hostPath` can side-step active LSM when
it is SELinux"
Containers launched through containerd’s CRI implementation on Linux systems
which use the SELinux security module and containerd versions since v1.5.0 can
cause arbitrary files and directories on the host to be relabeled to match the
container process label through the use of specially-configured bind mounts in a
hostPath volume. This relabeling elevates permissions for the container,
granting full read/write access over the affected files and directories.
Kubernetes and crictl can both be configured to use containerd’s CRI
implementation.
https://github.com/advisories/GHSA-mvff-h3cj-wj9chttps://github.com/containerd/containerd/releases/tag/v1.5.9
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The eighth patch release for containerd 1.5 contains a mitigation for
CVE-2021-41190 as well as several fixes and updates.
https://github.com/containerd/containerd/releases/tag/v1.5.8
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Christian Stewart <christian@paral.in>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fixes the following security issues:
- CVE-2021-41103: Insufficiently restricted permissions on plugin
directories
https://github.com/advisories/GHSA-c2h3-6mxw-7mvq
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
containerd is now an independent project from Docker.
This commit renames the Buildroot package from docker-containerd to containerd,
adding a entry in Config.in.legacy accordingly.
containerd is an industry-standard container runtime with an emphasis on
simplicity, robustness and portability. It is available as a daemon for Linux
and Windows, which can manage the complete container lifecycle of its host
system: image transfer and storage, container execution and supervision,
low-level storage and network attachments, etc.
https://containerd.io
Signed-off-by: Christian Stewart <christian@paral.in>
Reviewed-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
[Arnout:
- fix alphabetical ordering in package/Config.in
- also do rename in DEVELOPERS
- squash in second patch
]
