Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package libcontainers-common for
openSUSE:Factory checked in at 2021-04-22 18:03:45
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/libcontainers-common (Old)
and /work/SRC/openSUSE:Factory/.libcontainers-common.new.12324 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libcontainers-common"
Thu Apr 22 18:03:45 2021 rev:35 rq:886688 version:20210112
Changes:
--------
---
/work/SRC/openSUSE:Factory/libcontainers-common/libcontainers-common.changes
2021-04-10 15:25:58.754279778 +0200
+++
/work/SRC/openSUSE:Factory/.libcontainers-common.new.12324/libcontainers-common.changes
2021-04-22 18:04:17.218536324 +0200
@@ -1,0 +2,14 @@
+Mon Apr 19 12:21:56 UTC 2021 - Richard Brown <[email protected]>
+
+- Force overlay as default storage driver if system is not btrfs
+ (gh#containers/buildah#3153)
+
+-------------------------------------------------------------------
+Mon Apr 19 11:03:30 UTC 2021 - Alexandre Vicenzi <[email protected]>
+
+- Update common to 0.36.0
+- Update podman to 3.1.1
+- Update storage to 1.29.0
+- Update image to 5.11.0
+
+-------------------------------------------------------------------
Old:
----
common-0.35.3.tar.xz
image-5.10.5.tar.xz
podman-3.1.0.tar.xz
storage-1.28.1.tar.xz
New:
----
common-0.36.0.tar.xz
image-5.11.0.tar.xz
podman-3.1.1.tar.xz
storage-1.29.0.tar.xz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ libcontainers-common.spec ++++++
--- /var/tmp/diff_new_pack.AFmdfB/_old 2021-04-22 18:04:18.182537795 +0200
+++ /var/tmp/diff_new_pack.AFmdfB/_new 2021-04-22 18:04:18.186537801 +0200
@@ -17,16 +17,16 @@
# commonver - version from containers/common
-%define commonver 0.35.3
+%define commonver 0.36.0
# podman - version from containers/podman
-%define podmanver 3.1.0
+%define podmanver 3.1.1
# storagever - version from containers/storage
-%define storagever 1.28.1
+%define storagever 1.29.0
# imagever - version from containers/image
-%define imagever 5.10.5
+%define imagever 5.11.0
Name: libcontainers-common
Version: 20210112
@@ -138,7 +138,7 @@
if [ $1 -eq 1 ] ; then
fstype=$((findmnt -o FSTYPE -l --target /var/lib/containers || findmnt -o
FSTYPE -l --target /var/lib) | grep -v FSTYPE)
if [ "$fstype" = "btrfs" ]; then
- sed -i 's/driver = ""/driver = "btrfs"/g'
%{_sysconfdir}/containers/storage.conf
+ sed -i 's/driver = "overlay"/driver = "btrfs"/g'
%{_sysconfdir}/containers/storage.conf
fi
fi
++++++ _service ++++++
--- /var/tmp/diff_new_pack.AFmdfB/_old 2021-04-22 18:04:18.226537862 +0200
+++ /var/tmp/diff_new_pack.AFmdfB/_new 2021-04-22 18:04:18.230537868 +0200
@@ -1,40 +1,38 @@
<services>
-
-<service name="tar_scm" mode="disabled">
-<param name="url">https://github.com/containers/storage.git</param>
-<param name="scm">git</param>
-<param name="filename">storage</param>
-<param name="versionformat">1.28.1</param>
-<param name="revision">v1.28.1</param>
-</service>
-
-<service name="tar_scm" mode="disabled">
-<param name="url">https://github.com/containers/image.git</param>
-<param name="scm">git</param>
-<param name="filename">image</param>
-<param name="versionformat">5.10.5</param>
-<param name="revision">v5.10.5</param>
-</service>
-
-<service name="tar_scm" mode="disabled">
-<param name="url">https://github.com/containers/podman.git</param>
-<param name="scm">git</param>
-<param name="filename">podman</param>
-<param name="versionformat">3.1.0</param>
-<param name="revision">v3.1.0</param>
-</service>
-
-<service name="tar_scm" mode="disabled">
-<param name="url">https://github.com/containers/common.git</param>
-<param name="scm">git</param>
-<param name="filename">common</param>
-<param name="versionformat">0.35.3</param>
-<param name="revision">v0.35.3</param>
-</service>
-
-<service name="recompress" mode="disabled">
-<param name="file">*.tar</param>
-<param name="compression">xz</param>
-</service>
-
+ <service name="tar_scm" mode="disabled">
+ <param name="url">https://github.com/containers/storage.git</param>
+ <param name="scm">git</param>
+ <param name="filename">storage</param>
+ <param name="revision">v1.29.0</param>
+ <param name="versionformat">@PARENT_TAG@</param>
+ <param name="versionrewrite-pattern">v(.*)</param>
+ </service>
+ <service name="tar_scm" mode="disabled">
+ <param name="url">https://github.com/containers/image.git</param>
+ <param name="scm">git</param>
+ <param name="filename">image</param>
+ <param name="revision">v5.11.0</param>
+ <param name="versionformat">@PARENT_TAG@</param>
+ <param name="versionrewrite-pattern">v(.*)</param>
+ </service>
+ <service name="tar_scm" mode="disabled">
+ <param name="url">https://github.com/containers/podman.git</param>
+ <param name="scm">git</param>
+ <param name="filename">podman</param>
+ <param name="revision">v3.1.1</param>
+ <param name="versionformat">@PARENT_TAG@</param>
+ <param name="versionrewrite-pattern">v(.*)</param>
+ </service>
+ <service name="tar_scm" mode="disabled">
+ <param name="url">https://github.com/containers/common.git</param>
+ <param name="scm">git</param>
+ <param name="filename">common</param>
+ <param name="revision">v0.36.0</param>
+ <param name="versionformat">@PARENT_TAG@</param>
+ <param name="versionrewrite-pattern">v(.*)</param>
+ </service>
+ <service name="recompress" mode="disabled">
+ <param name="file">*.tar</param>
+ <param name="compression">xz</param>
+ </service>
</services>
++++++ common-0.35.3.tar.xz -> common-0.36.0.tar.xz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/common-0.35.3/pkg/capabilities/capabilities.go
new/common-0.36.0/pkg/capabilities/capabilities.go
--- old/common-0.35.3/pkg/capabilities/capabilities.go 2021-03-19
09:59:30.000000000 +0100
+++ new/common-0.36.0/pkg/capabilities/capabilities.go 2021-04-13
15:11:14.000000000 +0200
@@ -7,6 +7,7 @@
import (
"strings"
+ "sync"
"github.com/pkg/errors"
"github.com/syndtr/gocapability/capability"
@@ -27,7 +28,7 @@
ContainerImageLabels = []string{"io.containers.capabilities"}
)
-// All is a special value used to add/drop all known capababilities.
+// All is a special value used to add/drop all known capabilities.
// Useful on the CLI for `--cap-add=all` etc.
const All = "ALL"
@@ -60,24 +61,36 @@
return false
}
+var (
+ boundingSetOnce sync.Once
+ boundingSetRet []string
+ boundingSetErr error
+)
+
// BoundingSet returns the capabilities in the current bounding set
func BoundingSet() ([]string, error) {
- currentCaps, err := capability.NewPid2(0)
- if err != nil {
- return nil, err
- }
- err = currentCaps.Load()
- if err != nil {
- return nil, err
- }
- var r []string
- for _, c := range capsList {
- if !currentCaps.Get(capability.BOUNDING, c) {
- continue
- }
- r = append(r, getCapName(c))
- }
- return r, nil
+ boundingSetOnce.Do(func() {
+ currentCaps, err := capability.NewPid2(0)
+ if err != nil {
+ boundingSetErr = err
+ return
+ }
+ err = currentCaps.Load()
+ if err != nil {
+ boundingSetErr = err
+ return
+ }
+ var r []string
+ for _, c := range capsList {
+ if !currentCaps.Get(capability.BOUNDING, c) {
+ continue
+ }
+ r = append(r, getCapName(c))
+ }
+ boundingSetRet = r
+ boundingSetErr = err
+ })
+ return boundingSetRet, boundingSetErr
}
// AllCapabilities returns all known capabilities.
@@ -116,7 +129,7 @@
return nil
}
-// MergeCapabilities computes a set of capabilities by adding capapbitilities
+// MergeCapabilities computes a set of capabilities by adding capabilities
// to or dropping them from base.
//
// Note that:
@@ -150,7 +163,7 @@
if stringInSlice(All, capAdd) {
// "Add" all capabilities;
- return capabilityList, nil
+ return BoundingSet()
}
for _, add := range capAdd {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/common-0.35.3/pkg/capabilities/capabilities_test.go
new/common-0.36.0/pkg/capabilities/capabilities_test.go
--- old/common-0.35.3/pkg/capabilities/capabilities_test.go 2021-03-19
09:59:30.000000000 +0100
+++ new/common-0.36.0/pkg/capabilities/capabilities_test.go 2021-04-13
15:11:14.000000000 +0200
@@ -61,7 +61,9 @@
drops := []string{}
caps, err := MergeCapabilities(base, adds, drops)
require.Nil(t, err)
- assert.Equal(t, caps, AllCapabilities())
+ allCaps, err := BoundingSet()
+ require.Nil(t, err)
+ assert.Equal(t, caps, allCaps)
}
func TestNormalizeCapabilities(t *testing.T) {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/common-0.35.3/pkg/config/config_test.go
new/common-0.36.0/pkg/config/config_test.go
--- old/common-0.35.3/pkg/config/config_test.go 2021-03-19 09:59:30.000000000
+0100
+++ new/common-0.36.0/pkg/config/config_test.go 2021-04-13 15:11:14.000000000
+0200
@@ -334,7 +334,9 @@
caps, err = config.Capabilities("root", addcaps,
dropcaps)
gomega.Expect(err).To(gomega.BeNil())
sort.Strings(caps)
-
gomega.Expect(caps).To(gomega.BeEquivalentTo(capabilities.AllCapabilities()))
+ boundingSet, err := capabilities.BoundingSet()
+ gomega.Expect(err).To(gomega.BeNil())
+
gomega.Expect(caps).To(gomega.BeEquivalentTo(boundingSet))
// Drop all caps
dropcaps = []string{"all"}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/common-0.35.3/pkg/config/default.go
new/common-0.36.0/pkg/config/default.go
--- old/common-0.35.3/pkg/config/default.go 2021-03-19 09:59:30.000000000
+0100
+++ new/common-0.36.0/pkg/config/default.go 2021-04-13 15:11:14.000000000
+0200
@@ -45,7 +45,7 @@
// DefaultInitPath is the default path to the container-init binary
DefaultInitPath = "/usr/libexec/podman/catatonit"
// DefaultInfraImage to use for infra container
- DefaultInfraImage = "k8s.gcr.io/pause:3.4.1"
+ DefaultInfraImage = "k8s.gcr.io/pause:3.5"
// DefaultRootlessSHMLockPath is the default path for rootless SHM locks
DefaultRootlessSHMLockPath = "/libpod_rootless_lock"
// DefaultDetachKeys is the default keys sequence for detaching a
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/common-0.35.3/pkg/seccomp/supported.go
new/common-0.36.0/pkg/seccomp/supported.go
--- old/common-0.35.3/pkg/seccomp/supported.go 2021-03-19 09:59:30.000000000
+0100
+++ new/common-0.36.0/pkg/seccomp/supported.go 2021-04-13 15:11:14.000000000
+0200
@@ -3,72 +3,47 @@
package seccomp
import (
- "bufio"
- "errors"
- "os"
- "strings"
+ "sync"
- perrors "github.com/pkg/errors"
"golang.org/x/sys/unix"
)
-const statusFilePath = "/proc/self/status"
+var (
+ supported bool
+ supOnce sync.Once
+)
// IsSupported returns true if the system has been configured to support
-// seccomp.
+// seccomp (including the check for CONFIG_SECCOMP_FILTER kernel option).
func IsSupported() bool {
- // Since Linux 3.8, the Seccomp field of the /proc/[pid]/status file
- // provides a method of obtaining the same information, without the risk
- // that the process is killed; see proc(5).
- status, err := parseStatusFile(statusFilePath)
- if err == nil {
- _, ok := status["Seccomp"]
- return ok
- }
-
- // PR_GET_SECCOMP (since Linux 2.6.23)
- // Return (as the function result) the secure computing mode of the
calling
- // thread. If the caller is not in secure computing mode, this operation
- // returns 0; if the caller is in strict secure computing mode, then the
- // prctl() call will cause a SIGKILL signal to be sent to the process.
If
- // the caller is in filter mode, and this system call is allowed by the
- // seccomp filters, it returns 2; otherwise, the process is killed with
a
- // SIGKILL signal. This operation is available only if the kernel is
- // configured with CONFIG_SECCOMP enabled.
- if err := unix.Prctl(unix.PR_GET_SECCOMP, 0, 0, 0, 0); !errors.Is(err,
unix.EINVAL) {
- // Make sure the kernel has CONFIG_SECCOMP_FILTER.
- if err := unix.Prctl(unix.PR_SET_SECCOMP,
unix.SECCOMP_MODE_FILTER, 0, 0, 0); !errors.Is(err, unix.EINVAL) {
- return true
- }
- }
-
- return false
-}
-
-// parseStatusFile reads the provided `file` into a map of strings.
-func parseStatusFile(file string) (map[string]string, error) {
- f, err := os.Open(file)
- if err != nil {
- return nil, perrors.Wrapf(err, "open status file %s", file)
- }
- defer f.Close()
-
- status := make(map[string]string)
- scanner := bufio.NewScanner(f)
- for scanner.Scan() {
- text := scanner.Text()
- parts := strings.SplitN(text, ":", 2)
-
- if len(parts) <= 1 {
- continue
- }
-
- status[strings.TrimSpace(parts[0])] =
strings.TrimSpace(parts[1])
- }
-
- if err := scanner.Err(); err != nil {
- return nil, perrors.Wrapf(err, "scan status file %s", file)
- }
-
- return status, nil
+ // Excerpts from prctl(2), section ERRORS:
+ //
+ // EACCES
+ // option is PR_SET_SECCOMP and arg2 is SECCOMP_MODE_FILTER, but
+ // the process does not have the CAP_SYS_ADMIN capability or has
+ // not set the no_new_privs attribute <...>.
+ // <...>
+ // EFAULT
+ // option is PR_SET_SECCOMP, arg2 is SECCOMP_MODE_FILTER, the
+ // system was built with CONFIG_SECCOMP_FILTER, and arg3 is an
+ // invalid address.
+ // <...>
+ // EINVAL
+ // option is PR_SET_SECCOMP or PR_GET_SECCOMP, and the kernel
+ // was not configured with CONFIG_SECCOMP.
+ //
+ // EINVAL
+ // option is PR_SET_SECCOMP, arg2 is SECCOMP_MODE_FILTER,
+ // and the kernel was not configured with CONFIG_SECCOMP_FILTER.
+ // <end of quote>
+ //
+ // Meaning, in case these kernel options are set (this is what we check
+ // for here), we will get some other error (most probably EACCES or
+ // EFAULT). IOW, EINVAL means "seccomp not supported", any other error
+ // means it is supported.
+
+ supOnce.Do(func() {
+ supported = unix.Prctl(unix.PR_SET_SECCOMP,
unix.SECCOMP_MODE_FILTER, 0, 0, 0) != unix.EINVAL
+ })
+ return supported
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/common-0.35.3/pkg/seccomp/supported_test.go
new/common-0.36.0/pkg/seccomp/supported_test.go
--- old/common-0.35.3/pkg/seccomp/supported_test.go 2021-03-19
09:59:30.000000000 +0100
+++ new/common-0.36.0/pkg/seccomp/supported_test.go 1970-01-01
01:00:00.000000000 +0100
@@ -1,185 +0,0 @@
-// +build seccomp
-
-package seccomp
-
-import (
- "io/ioutil"
- "os"
- "testing"
-
- "github.com/stretchr/testify/require"
-)
-
-var statusFile = `
-Name: bash
-Umask: 0022
-State: S (sleeping)
-Tgid: 17248
-Ngid: 0
-Pid: 17248
-PPid: 17200
-TracerPid: 0
-Uid: 1000 1000 1000 1000
-Gid: 100 100 100 100
-FDSize: 256
-Groups: 16 33 100
-NStgid: 17248
-NSpid: 17248
-NSpgid: 17248
-NSsid: 17200
-VmPeak: 131168 kB
-VmSize: 131168 kB
-VmLck: 0 kB
-VmPin: 0 kB
-VmHWM: 13484 kB
-VmRSS: 13484 kB
-RssAnon: 10264 kB
-RssFile: 3220 kB
-RssShmem: 0 kB
-VmData: 10332 kB
-VmStk: 136 kB
-VmExe: 992 kB
-VmLib: 2104 kB
-VmPTE: 76 kB
-VmPMD: 12 kB
-VmSwap: 0 kB
-HugetlbPages: 0 kB # 4.4
-Threads: 1
-SigQ: 0/3067
-SigPnd: 0000000000000000
-ShdPnd: 0000000000000000
-SigBlk: 0000000000010000
-SigIgn: 0000000000384004
-SigCgt: 000000004b813efb
-CapInh: 0000000000000000
-CapPrm: 0000000000000000
-CapEff: 0000000000000000
-CapBnd: ffffffffffffffff
-CapAmb: 0000000000000000
-NoNewPrivs: 0
-Seccomp: 0
-Cpus_allowed: 00000001
-Cpus_allowed_list: 0
-Mems_allowed: 1
-Mems_allowed_list: 0
-voluntary_ctxt_switches: 150
-nonvoluntary_ctxt_switches: 545
-`
-
-func TestParseStatusFile(t *testing.T) {
- for _, tc := range []struct {
- getFilePath func() (string, func())
- shouldErr bool
- expected map[string]string
- }{
- { // success
- getFilePath: func() (string, func()) {
- tempFile, err := ioutil.TempFile("",
"parse-status-file-")
- require.Nil(t, err)
-
- // Valid entry
- _, err = tempFile.WriteString("Seccomp: 0\n")
- require.Nil(t, err)
-
- // Unparsable entry
- _, err = tempFile.WriteString("wrong")
- require.Nil(t, err)
-
- return tempFile.Name(), func() {
- require.Nil(t,
os.RemoveAll(tempFile.Name()))
- }
- },
- shouldErr: false,
- expected: map[string]string{"Seccomp": "0"},
- },
- { // success whole file
- getFilePath: func() (string, func()) {
- tempFile, err := ioutil.TempFile("",
"parse-status-file-")
- require.Nil(t, err)
-
- _, err = tempFile.WriteString(statusFile)
- require.Nil(t, err)
-
- return tempFile.Name(), func() {
- require.Nil(t,
os.RemoveAll(tempFile.Name()))
- }
- },
- shouldErr: false,
- expected: map[string]string{
- "CapAmb":
"0000000000000000",
- "CapBnd":
"ffffffffffffffff",
- "CapEff":
"0000000000000000",
- "CapInh":
"0000000000000000",
- "CapPrm":
"0000000000000000",
- "Cpus_allowed": "00000001",
- "Cpus_allowed_list": "0",
- "FDSize": "256",
- "Gid": "100 100
100 100",
- "Groups": "16 33 100",
- "HugetlbPages": "0 kB #
4.4",
- "Mems_allowed": "1",
- "Mems_allowed_list": "0",
- "NSpgid": "17248",
- "NSpid": "17248",
- "NSsid": "17200",
- "NStgid": "17248",
- "Name": "bash",
- "Ngid": "0",
- "NoNewPrivs": "0",
- "PPid": "17200",
- "Pid": "17248",
- "RssAnon": "10264 kB",
- "RssFile": "3220 kB",
- "RssShmem": "0 kB",
- "Seccomp": "0",
- "ShdPnd":
"0000000000000000",
- "SigBlk":
"0000000000010000",
- "SigCgt":
"000000004b813efb",
- "SigIgn":
"0000000000384004",
- "SigPnd":
"0000000000000000",
- "SigQ": "0/3067",
- "State": "S (sleeping)",
- "Tgid": "17248",
- "Threads": "1",
- "TracerPid": "0",
- "Uid": "1000 1000
1000 1000",
- "Umask": "0022",
- "VmData": "10332 kB",
- "VmExe": "992 kB",
- "VmHWM": "13484 kB",
- "VmLck": "0 kB",
- "VmLib": "2104 kB",
- "VmPMD": "12 kB",
- "VmPTE": "76 kB",
- "VmPeak": "131168 kB",
- "VmPin": "0 kB",
- "VmRSS": "13484 kB",
- "VmSize": "131168 kB",
- "VmStk": "136 kB",
- "VmSwap": "0 kB",
- "nonvoluntary_ctxt_switches": "545",
- "voluntary_ctxt_switches": "150",
- },
- },
- { // error opening file
- getFilePath: func() (string, func()) {
- tempFile, err := ioutil.TempFile("",
"parse-status-file-")
- require.Nil(t, err)
-
- require.Nil(t, os.RemoveAll(tempFile.Name()))
-
- return tempFile.Name(), func() {}
- },
- shouldErr: true,
- },
- } {
- filePath, cleanup := tc.getFilePath()
- defer cleanup()
- res, err := parseStatusFile(filePath)
- if tc.shouldErr {
- require.NotNil(t, err)
- } else {
- require.Equal(t, tc.expected, res)
- }
- }
-}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/common-0.35.3/version/version.go
new/common-0.36.0/version/version.go
--- old/common-0.35.3/version/version.go 2021-03-19 09:59:30.000000000
+0100
+++ new/common-0.36.0/version/version.go 2021-04-13 15:11:14.000000000
+0200
@@ -1,4 +1,4 @@
package version
// Version is the version of the build.
-const Version = "0.35.3"
+const Version = "0.36.0"
++++++ image-5.10.5.tar.xz -> image-5.11.0.tar.xz ++++++
++++ 5099 lines of diff (skipped)
++++++ podman-3.1.0.tar.xz -> podman-3.1.1.tar.xz ++++++
++++ 25482 lines of diff (skipped)
++++++ storage-1.28.1.tar.xz -> storage-1.29.0.tar.xz ++++++
++++ 26997 lines of diff (skipped)
++++++ storage.conf ++++++
--- /var/tmp/diff_new_pack.AFmdfB/_old 2021-04-22 18:04:22.526544422 +0200
+++ /var/tmp/diff_new_pack.AFmdfB/_new 2021-04-22 18:04:22.530544428 +0200
@@ -5,7 +5,7 @@
[storage]
# Default Storage Driver
-driver = ""
+driver = "overlay"
# Temporary storage location
runroot = "/var/run/containers/storage"
