Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package conmon for openSUSE:Factory checked
in at 2021-04-10 15:25:55
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/conmon (Old)
and /work/SRC/openSUSE:Factory/.conmon.new.2401 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "conmon"
Sat Apr 10 15:25:55 2021 rev:20 rq:882552 version:2.0.27
Changes:
--------
--- /work/SRC/openSUSE:Factory/conmon/conmon.changes 2021-03-02
12:27:51.591446232 +0100
+++ /work/SRC/openSUSE:Factory/.conmon.new.2401/conmon.changes 2021-04-10
15:26:04.442286469 +0200
@@ -1,0 +2,11 @@
+Tue Mar 30 08:47:10 UTC 2021 - alexandre.vice...@suse.com
+
+- Update to version 2.0.27:
+ * bump to v2.0.27
+ * Add CRI-O integration test GitHub action
+ * exec: don't fail on EBADFD
+ * close_fds: fix close of external fds
+ * Add arm64 static build binary
+ * bump to v2.0.27-dev
+
+-------------------------------------------------------------------
Old:
----
conmon-2.0.26.tar.xz
New:
----
conmon-2.0.27.tar.xz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ conmon.spec ++++++
--- /var/tmp/diff_new_pack.eiEOug/_old 2021-04-10 15:26:04.918287030 +0200
+++ /var/tmp/diff_new_pack.eiEOug/_new 2021-04-10 15:26:04.922287034 +0200
@@ -17,7 +17,7 @@
Name: conmon
-Version: 2.0.26
+Version: 2.0.27
Release: 0
Summary: An OCI container runtime monitor
License: Apache-2.0
++++++ _service ++++++
--- /var/tmp/diff_new_pack.eiEOug/_old 2021-04-10 15:26:04.942287058 +0200
+++ /var/tmp/diff_new_pack.eiEOug/_new 2021-04-10 15:26:04.946287062 +0200
@@ -4,7 +4,7 @@
<param name="scm">git</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="versionrewrite-pattern">[v]?([^\+]+)(.*)</param>
-<param name="revision">v2.0.26</param>
+<param name="revision">v2.0.27</param>
<param name="changesgenerate">enable</param>
</service>
<service name="recompress" mode="disabled">
++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.eiEOug/_old 2021-04-10 15:26:04.958287076 +0200
+++ /var/tmp/diff_new_pack.eiEOug/_new 2021-04-10 15:26:04.962287081 +0200
@@ -1,4 +1,4 @@
<servicedata>
<service name="tar_scm">
<param name="url">https://github.com/containers/conmon</param>
- <param
name="changesrevision">0e155c83aa739ef0a0540ec9f9d265f57f68038b</param></service></servicedata>
+ <param
name="changesrevision">65fad4bfcb250df0435ea668017e643e7f462155</param></service></servicedata>
\ No newline at end of file
++++++ conmon-2.0.26.tar.xz -> conmon-2.0.27.tar.xz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/conmon-2.0.26/.cirrus.yml
new/conmon-2.0.27/.cirrus.yml
--- old/conmon-2.0.26/.cirrus.yml 2021-02-03 19:32:15.000000000 +0100
+++ new/conmon-2.0.27/.cirrus.yml 2021-03-08 18:44:27.000000000 +0100
@@ -141,28 +141,44 @@
memory: 12
disk: 200
- init_script: |
- set -ex
- setenforce 0
- growpart /dev/sda 1 || true
- resize2fs /dev/sda1 || true
- yum -y install podman
-
- nix_cache:
- folder: '.cache'
- fingerprint_script: |
- echo "nix-v1-$(sha1sum nix/nixpkgs.json | head -c 40)"
+ # Community-maintained task, may fail on occasion. If so, uncomment
+ # the next line and file an issue with details about the failure.
+ # allow_failures: true
+
+ timeout_in: '20m'
+
+ env:
+ # Do not use 'latest', fixed-version tag for runtime stability.
+ CTR_FQIN: "docker.io/nixos/nix:2.3.6"
+ # Authentication token for pushing the build cache to cachix.
+ # This is critical, it helps to avoid a very lengthy process of
+ # statically building every dependency needed to build conmon.
+ # Assuming the pinned nix dependencies in nix/nixpkgs.json have not
+ # changed, this cache will ensure that only the static conmon binary is
+ # built.
+ CACHIX_AUTH_TOKEN:
ENCRYPTED[4c3b8d82b0333abf048c56a71f2559ddb1c9ed38f0c28916eca13f79affa5904cf90c76a5bd8686680c89f41079ef341]
+
+ alias: static_binary
+
+ matrix:
+ - env:
+ TARGET: default.nix
+ - env:
+ TARGET: default-arm64.nix
build_script: |
set -ex
- mkdir -p .cache
- mv .cache /nix
- if [[ -z $(ls -A /nix) ]]; then podman run --rm --privileged -ti -v
/:/mnt nixos/nix cp -rfT /nix /mnt/nix; fi
- podman run --rm --privileged -ti -v /nix:/nix -v ${PWD}:${PWD} -w
${PWD} nixos/nix nix --print-build-logs --option cores 8 --option max-jobs 8
build --file nix/
+ podman run -i --rm \
+ -e CACHIX_AUTH_TOKEN \
+ -v $PWD:$PWD:Z \
+ -w $PWD \
+ $CTR_FQIN \
+ sh -c \
+ "nix-env -iA cachix -f https://cachix.org/api/v1/install && \
+ cachix use conmon && \
+ nix-build nix/$TARGET && \
+ nix-store -qR --include-outputs \$(nix-instantiate nix/$TARGET) |
grep -v conmon | cachix push conmon && \
+ cp -R result/bin ."
binaries_artifacts:
- path: "result/bin/conmon"
-
- save_cache_script: |
- mv /nix .cache
- chown -Rf $(whoami) .cache
+ path: "bin/conmon"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/conmon-2.0.26/.github/workflows/integration.yml
new/conmon-2.0.27/.github/workflows/integration.yml
--- old/conmon-2.0.26/.github/workflows/integration.yml 1970-01-01
01:00:00.000000000 +0100
+++ new/conmon-2.0.27/.github/workflows/integration.yml 2021-03-08
18:44:27.000000000 +0100
@@ -0,0 +1,33 @@
+name: integration
+on:
+ push:
+ tags:
+ - v*
+ branches:
+ - master
+ - ghactions # TODO: remove when it works
+ pull_request:
+jobs:
+ cri-o:
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions/setup-go@v2
+ with:
+ go-version: '1.16'
+ - uses: actions/checkout@v2
+ - uses: actions/cache@v2
+ with:
+ path: |
+ ~/go/pkg/mod
+ ~/.cache/go-build
+ key: go-build-${{ hashFiles('**/go.sum') }}
+ restore-keys: go-integration-
+ - run: hack/github-actions-setup
+ - run: sudo make install
+ - name: Run CRI-O integration tests
+ run: |
+ cd cri-o
+ make all test-binaries
+ sudo -E test/test_runner.sh
+ env:
+ JOBS: '2'
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/conmon-2.0.26/VERSION new/conmon-2.0.27/VERSION
--- old/conmon-2.0.26/VERSION 2021-02-03 19:32:15.000000000 +0100
+++ new/conmon-2.0.27/VERSION 2021-03-08 18:44:27.000000000 +0100
@@ -1 +1 @@
-2.0.26
+2.0.27
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/conmon-2.0.26/hack/github-actions-setup
new/conmon-2.0.27/hack/github-actions-setup
--- old/conmon-2.0.26/hack/github-actions-setup 1970-01-01 01:00:00.000000000
+0100
+++ new/conmon-2.0.27/hack/github-actions-setup 2021-03-08 18:44:27.000000000
+0100
@@ -0,0 +1,122 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+declare -A VERSIONS=(
+ ["cni-plugins"]=v0.8.7
+ ["runc"]=v1.0.0-rc92
+ ["bats"]=v1.2.1
+)
+
+main() {
+ set -x
+ prepare_system
+
+ install_packages
+ install_bats
+ install_critools
+ install_runc
+ install_cni_plugins
+ install_testdeps
+}
+
+prepare_system() {
+ sudo systemctl stop docker
+ sudo ufw disable
+
+ # enable necessary kernel modules
+ sudo ip6tables --list >/dev/null
+
+ # enable necessary sysctls
+ sudo sysctl -w net.ipv4.conf.all.route_localnet=1
+ sudo sysctl -w net.ipv4.ip_forward=1
+ # needed for crictl test
+ sudo sysctl -w net.bridge.bridge-nf-call-iptables=1
+ sudo iptables -t nat -I POSTROUTING -s 127.0.0.0/8 ! -d 127.0.0.0/8 -j
MASQUERADE
+}
+
+install_packages() {
+ sudo apt update
+ sudo apt install -y \
+ conntrack \
+ libaio-dev \
+ libapparmor-dev \
+ libcap-dev \
+ libdevmapper-dev \
+ libfuse-dev \
+ libgpgme11-dev \
+ libnet1-dev \
+ libnl-3-dev \
+ libprotobuf-c-dev \
+ libprotobuf-dev \
+ libseccomp-dev \
+ libsystemd-dev \
+ libudev-dev \
+ socat \
+ uuid-dev
+}
+
+install_bats() {
+ git clone https://github.com/bats-core/bats-core
+ pushd bats-core
+ git checkout "${VERSIONS["bats"]}"
+ sudo ./install.sh /usr/local
+ popd
+ rm -rf bats-core
+ mkdir -p ~/.parallel
+ touch ~/.parallel/will-cite
+}
+
+install_critools() {
+ URL=https://github.com/kubernetes-sigs/cri-tools
+
+ git clone $URL
+ pushd cri-tools
+ sudo -E PATH="$PATH" make BINDIR=/usr/bin install
+ popd
+ sudo rm -rf cri-tools
+ sudo critest --version
+ sudo crictl --version
+}
+
+install_cni_plugins() {
+ URL=https://github.com/containernetworking/plugins/releases/download
+ TARBALL=cni-plugins-linux-amd64-${VERSIONS["cni-plugins"]}.tgz
+ CNI_DIR=/opt/cni/bin
+ sudo mkdir -p "$CNI_DIR"
+ wget -O "$TARBALL" $URL/"${VERSIONS["cni-plugins"]}"/"$TARBALL"
+ sudo tar xf "$TARBALL" -C "$CNI_DIR"
+ rm "$TARBALL"
+ ls -lah "$CNI_DIR"
+}
+
+install_runc() {
+
URL=https://github.com/opencontainers/runc/releases/download/"${VERSIONS["runc"]}";
+ BINARY=/usr/sbin/runc
+ sudo wget -O "$BINARY" "$URL"/runc.amd64
+ sudo chmod +x "$BINARY"
+
+ # Verify the SHA256
+ SUMFILE=runc.sha256sum
+ wget "$URL"/$SUMFILE
+ grep -qw "$(sha256sum "$BINARY" | awk '{ print $1 }')" $SUMFILE
+ rm $SUMFILE
+
+ runc --version
+}
+
+install_testdeps() {
+ URL=https://github.com/cri-o/cri-o
+ git clone $URL
+ pushd cri-o
+ make "$(pwd)"/build/bin/ginkgo
+ sudo cp build/bin/ginkgo /usr/bin
+ ginkgo version
+
+ sudo mkdir -p /etc/containers/registries.d
+ sudo cp test/policy.json /etc/containers
+ sudo cp test/redhat_sigstore.yaml
/etc/containers/registries.d/registry.access.redhat.com.yaml
+ sudo cp test/registries.conf /etc/containers/registries.conf
+ popd
+}
+
+main "$@"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/conmon-2.0.26/nix/default-arm64.nix
new/conmon-2.0.27/nix/default-arm64.nix
--- old/conmon-2.0.26/nix/default-arm64.nix 1970-01-01 01:00:00.000000000
+0100
+++ new/conmon-2.0.27/nix/default-arm64.nix 2021-03-08 18:44:27.000000000
+0100
@@ -0,0 +1,95 @@
+let
+ pkgs = (import ./nixpkgs.nix {
+ crossSystem = {
+ config = "aarch64-unknown-linux-gnu";
+ };
+ overlays = [
+ (final: pkg: {
+ pcre = (static pkg.pcre).overrideAttrs (x: {
+ configureFlags = x.configureFlags ++ [
+ "--enable-static"
+ ];
+ });
+ })
+ ];
+ config = {
+ packageOverrides = pkg: {
+ autogen = (static pkg.autogen);
+ e2fsprogs = (static pkg.e2fsprogs);
+ libuv = (static pkg.libuv);
+ glib = (static pkg.glib).overrideAttrs (x: {
+ outputs = [ "bin" "out" "dev" ];
+ mesonFlags = [
+ "-Ddefault_library=static"
+ "-Ddevbindir=${placeholder ''dev''}/bin"
+ "-Dgtk_doc=false"
+ "-Dnls=disabled"
+ ];
+ postInstall = ''
+ moveToOutput "share/glib-2.0" "$dev"
+ substituteInPlace "$dev/bin/gdbus-codegen" --replace "$out" "$dev"
+ sed -i "$dev/bin/glib-gettextize" -e
"s|^gettext_dir=.*|gettext_dir=$dev/share/glib-2.0/gettext|"
+ sed '1i#line 1
"${x.pname}-${x.version}/include/glib-2.0/gobject/gobjectnotifyqueue.c"' \
+ -i "$dev"/include/glib-2.0/gobject/gobjectnotifyqueue.c
+ '';
+ });
+ gnutls = (static pkg.gnutls).overrideAttrs (x: {
+ configureFlags = (x.configureFlags or [ ]) ++ [
+ "--disable-non-suiteb-curves"
+ "--disable-openssl-compatibility"
+ "--disable-rpath"
+ "--enable-local-libopts"
+ "--without-p11-kit"
+ ];
+ });
+ systemd = (static pkg.systemd).overrideAttrs (x: {
+ outputs = [ "out" "dev" ];
+ mesonFlags = x.mesonFlags ++ [
+ "-Dstatic-libsystemd=true"
+ ];
+ });
+ };
+ };
+ });
+
+ static = pkg: pkg.overrideAttrs (x: {
+ doCheck = false;
+ configureFlags = (x.configureFlags or [ ]) ++ [
+ "--without-shared"
+ "--disable-shared"
+ ];
+ dontDisableStatic = true;
+ enableSharedExecutables = false;
+ enableStatic = true;
+ });
+
+ self = with pkgs; stdenv.mkDerivation rec {
+ name = "conmon";
+ src = ./..;
+ vendorSha256 = null;
+ doCheck = false;
+ enableParallelBuilding = true;
+ outputs = [ "out" ];
+ nativeBuildInputs = with buildPackages; [
+ bash
+ gitMinimal
+ pcre
+ pkg-config
+ which
+ ];
+ buildInputs = [ glibc glibc.static glib ];
+ prePatch = ''
+ export CFLAGS='-static -pthread'
+ export LDFLAGS='-s -w -static-libgcc -static'
+ export EXTRA_LDFLAGS='-s -w -linkmode external -extldflags "-static -lm"'
+ '';
+ buildPhase = ''
+ patchShebangs .
+ make
+ '';
+ installPhase = ''
+ install -Dm755 bin/conmon $out/bin/conmon
+ '';
+ };
+in
+self
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/conmon-2.0.26/src/close_fds.c
new/conmon-2.0.27/src/close_fds.c
--- old/conmon-2.0.26/src/close_fds.c 2021-02-03 19:32:15.000000000 +0100
+++ new/conmon-2.0.27/src/close_fds.c 2021-03-08 18:44:27.000000000 +0100
@@ -32,7 +32,6 @@
ssize_t size = 0;
DIR *d;
- /* Store how many FDs were open before the Go runtime kicked in. */
d = opendir("/proc/self/fd");
if (!d)
return;
@@ -74,10 +73,10 @@
{
int fd;
- for (fd = 3; fd < open_files_max_fd; fd++) {
- if (open_files_set == NULL || FD_ISSET(fd % FD_SETSIZE,
&(open_files_set[fd / FD_SETSIZE])))
- if (fd == sync_pipe_fd || fd == attach_pipe_fd || fd ==
dev_null_r || fd == dev_null_w || fd == oom_cgroup_fd
- || fd == oom_event_fd)
- close(fd);
+ if (open_files_set == NULL)
+ return;
+ for (fd = 3; fd <= open_files_max_fd; fd++) {
+ if (fd != sync_pipe_fd && FD_ISSET(fd % FD_SETSIZE,
&(open_files_set[fd / FD_SETSIZE])))
+ close(fd);
}
}
