Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package runc for openSUSE:Factory checked in at 2021-12-16 21:18:43 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/runc (Old) and /work/SRC/openSUSE:Factory/.runc.new.2520 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "runc" Thu Dec 16 21:18:43 2021 rev:43 rq:940369 version:1.1.0~rc1 Changes: -------- --- /work/SRC/openSUSE:Factory/runc/runc.changes 2021-12-08 22:08:37.570853300 +0100 +++ /work/SRC/openSUSE:Factory/.runc.new.2520/runc.changes 2021-12-16 21:18:50.534510507 +0100 @@ -1,0 +2,59 @@ +Tue Dec 14 05:04:21 UTC 2021 - Aleksa Sarai <[email protected]> + +- Update to runc v1.1.0~rc1. Upstream changelog is available from + https://github.com/opencontainers/runc/releases/tag/v1.1.0-rc.1. + + + Add support for RDMA cgroup added in Linux 4.11. + * runc exec now produces exit code of 255 when the exec failed. + This may help in distinguishing between runc exec failures + (such as invalid options, non-running container or non-existent + binary etc.) and failures of the command being executed. + + runc run: new --keep option to skip removal exited containers artefacts. + This might be useful to check the state (e.g. of cgroup controllers) after + the container has???exited. + + seccomp: add support for SCMP_ACT_KILL_PROCESS and SCMP_ACT_KILL_THREAD + (the latter is just an alias for SCMP_ACT_KILL). + + seccomp: add support for SCMP_ACT_NOTIFY (seccomp actions). This allows + users to create sophisticated seccomp filters where syscalls can be + efficiently emulated by privileged processes on the host. + + checkpoint/restore: add an option (--lsm-mount-context) to set + a different LSM mount context on restore. + + intelrdt: support ClosID parameter. + + runc exec --cgroup: an option to specify a (non-top) in-container cgroup + to use for the process being executed. + + cgroup v1 controllers now support hybrid hierarchy (i.e. when on a cgroup v1 + machine a cgroup2 filesystem is mounted to /sys/fs/cgroup/unified, runc + run/exec now adds the container to the appropriate cgroup under it). + + sysctl: allow slashes in sysctl names, to better match sysctl(8)'s + behaviour. + + mounts: add support for bind-mounts which are inaccessible after switching + the user namespace. Note that this does not permit the container any + additional access to the host filesystem, it simply allows containers to + have bind-mounts configured for paths the user can access but have + restrictive access control settings for other users. + + Add support for recursive mount attributes using mount_setattr(2). These + have the same names as the proposed mount(8) options -- just prepend r + to the option name (such as rro). + + Add runc features subcommand to allow runc users to detect what features + runc has been built with. This includes critical information such as + supported mount flags, hook names, and so on. Note that the output of this + command is subject to change and will not be considered stable until runc + 1.2 at the earliest. The runtime-spec specification for this feature is + being developed in opencontainers/runtime-spec#1130. + * system: improve performance of /proc/$pid/stat parsing. + * cgroup2: when /sys/fs/cgroup is configured as a read-write mount, change + the ownership of certain cgroup control files (as per + /sys/kernel/cgroup/delegate) to allow for proper deferral to the container + process. + * runc checkpoint/restore: fixed for containers with an external bind mount + which destination is a symlink. + * cgroup: improve openat2 handling for cgroup directory handle hardening. + runc delete -f now succeeds (rather than timing out) on a paused + container. + * runc run/start/exec now refuses a frozen cgroup (paused container in case of + exec). Users can disable this using --ignore-paused. +- Update version data embedded in binary to correctly include the git commit of + the release. +- Drop runc-rpmlintrc because we don't have runc-test anymore. + +------------------------------------------------------------------- Old: ---- runc-1.0.3.tar.xz runc-1.0.3.tar.xz.asc runc-rpmlintrc New: ---- runc-1.1.0~rc1.tar.xz runc-1.1.0~rc1.tar.xz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ runc.spec ++++++ --- /var/tmp/diff_new_pack.nry4Ih/_old 2021-12-16 21:18:51.022510692 +0100 +++ /var/tmp/diff_new_pack.nry4Ih/_new 2021-12-16 21:18:51.026510695 +0100 @@ -18,24 +18,24 @@ # MANUAL: Make sure you update this each time you update runc. -%define git_version 4144b63817ebcc5b358fc2c8ef95f7cddd709aa7 +%define git_version 55df1fc4c8b048118cd30a17b50f96a15ab0f3ea +%define git_short 55df1fc4c8b0 # Package-wide golang version -%define go_version 1.16 +%define go_version 1.17 %define project github.com/opencontainers/runc Name: runc -Version: 1.0.3 -%define _version 1.0.3 +Version: 1.1.0~rc1 +%define _version 1.1.0-rc.1 Release: 0 Summary: Tool for spawning and running OCI containers License: Apache-2.0 Group: System/Management URL: https://github.com/opencontainers/runc -Source0: https://github.com/opencontainers/runc/releases/download/v%{_version}/runc.tar.xz#/runc-%{_version}.tar.xz -Source1: https://github.com/opencontainers/runc/releases/download/v%{_version}/runc.tar.xz.asc#/runc-%{_version}.tar.xz.asc +Source0: https://github.com/opencontainers/runc/releases/download/v%{_version}/runc.tar.xz#/runc-%{version}.tar.xz +Source1: https://github.com/opencontainers/runc/releases/download/v%{_version}/runc.tar.xz.asc#/runc-%{version}.tar.xz.asc Source2: runc.keyring -Source3: runc-rpmlintrc BuildRequires: fdupes BuildRequires: go-go-md2man # Due to a limitation in openSUSE's Go packaging we cannot have a BuildRequires @@ -56,6 +56,9 @@ Obsoletes: docker-runc = 0.1.1+gitr2819_50a19c6 Obsoletes: docker-runc_50a19c6 +# Construct "git describe --dirty --long --always". +%define git_describe v%{_version}-0-g%{git_short} + %description runc is a CLI tool for spawning and running containers according to the OCI specification. It is designed to be as minimal as possible, and is the workhorse @@ -67,7 +70,7 @@ %build # build runc -make BUILDTAGS="seccomp" COMMIT_NO="%{git_version}" runc +make BUILDTAGS="seccomp" COMMIT="%{git_describe}" runc # build man pages man/md2man-all.sh
