Hello community, here is the log from the commit of package cri-o for openSUSE:Factory checked in at 2020-02-15 22:24:48 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/cri-o (Old) and /work/SRC/openSUSE:Factory/.cri-o.new.26092 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "cri-o" Sat Feb 15 22:24:48 2020 rev:44 rq:773627 version:1.17.0 Changes: -------- --- /work/SRC/openSUSE:Factory/cri-o/cri-o.changes 2020-01-23 16:10:23.127617046 +0100 +++ /work/SRC/openSUSE:Factory/.cri-o.new.26092/cri-o.changes 2020-02-15 22:25:00.439296327 +0100 @@ -1,0 +2,38 @@ +Mon Feb 10 14:59:52 UTC 2020 - Sascha Grunert <sgrun...@suse.com> + +- Put default configuration in /etc/crio/crio.conf.d/00-default.conf + in replacement for /etc/crio/crio.conf + +------------------------------------------------------------------- +Mon Feb 10 14:05:47 UTC 2020 - Sascha Grunert <sgrun...@suse.com> + +- Uncomment default apparmor profile to always fallback to the + default one + +------------------------------------------------------------------- +Mon Feb 10 08:18:28 UTC 2020 - Sascha Grunert <sgrun...@suse.com> + +- Remove prevent-local-loopback-teardown-rh1754154.patch which is + now included in upstream +- Update to v1.17.0: + * Major Changes + - Allow CRI-O to manage IPC and UTS namespaces, in addition to + Network + - Add support for drop-in configuration files + - Added image pull and network setup metrics + - Image decryption support + - Remove unneeded host_ip configuration value + * Minor Changes + - Setup container environment variables before user + - Move default version file location to a tmpfs + - Failures to stop the network will now cause a stop sandbox + request to fail + - Persist container exit codes across reboot + - Add conmonmon: a conmon monitoring loop to protect against + conmon being OOM'd + - Add namespaces{-_}dir CLI and config option + - Add disk usage for ListContainerStats + - Introduce new runtime field to restrict devices in privileged + mode + +------------------------------------------------------------------- Old: ---- cri-o-1.16.1.tar.xz prevent-local-loopback-teardown-rh1754154.patch New: ---- cri-o-1.17.0.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ cri-o.spec ++++++ --- /var/tmp/diff_new_pack.M9jgWw/_old 2020-02-15 22:25:01.563296935 +0100 +++ /var/tmp/diff_new_pack.M9jgWw/_new 2020-02-15 22:25:01.571296939 +0100 @@ -24,7 +24,7 @@ %define project github.com/cri-o/cri-o # Define macros for further referenced sources Name: cri-o -Version: 1.16.1 +Version: 1.17.0 Release: 0 Summary: OCI-based implementation of Kubernetes Container Runtime Interface License: Apache-2.0 @@ -38,7 +38,6 @@ Source5: kubelet.env Source6: crio-wipe.service Source7: crio-shutdown.service -Patch1: prevent-local-loopback-teardown-rh1754154.patch BuildRequires: device-mapper-devel BuildRequires: fdupes BuildRequires: glib2-devel-static @@ -86,7 +85,6 @@ %prep %setup -q -%patch1 -p1 %build # Keep cgroupfs as the default cgroup manager for SLE15 builds @@ -130,8 +128,8 @@ # Binaries install -D -m 0755 bin/crio %{buildroot}/%{_bindir}/crio install -D -m 0755 bin/crio-status %{buildroot}/%{_bindir}/crio-status +install -D -m 0755 bin/pinns %{buildroot}/%{_bindir}/pinns install -d %{buildroot}/%{_libexecdir}/crio/bin -install -D -m 0755 bin/pause %{buildroot}/%{_libexecdir}/crio/bin/pause # Completions install -D -m 0644 completions/bash/crio %{buildroot}/%{_datadir}/bash-completion/completions/crio install -D -m 0644 completions/zsh/_crio %{buildroot}%{_sysconfdir}/zsh_completion.d/_crio @@ -145,7 +143,7 @@ install -m 0644 docs/crio.conf.5 %{buildroot}/%{_mandir}/man5 install -m 0644 docs/crio.8 %{buildroot}/%{_mandir}/man8 # Configs -install -D -m 0644 %{SOURCE3} %{buildroot}/%{_sysconfdir}/crio/crio.conf +install -D -m 0644 %{SOURCE3} %{buildroot}/%{_sysconfdir}/crio/crio.conf.d/00-default.conf install -D -m 0644 crio-umount.conf %{buildroot}/%{_datadir}/oci-umount/oci-umount.d/cri-umount.conf install -D -m 0644 %{SOURCE2} %{buildroot}%{_fillupdir}/sysconfig.crio # Systemd @@ -164,9 +162,9 @@ # Binaries %{_bindir}/crio %{_bindir}/crio-status +%{_bindir}/pinns %dir %{_libexecdir}/crio %dir %{_libexecdir}/crio/bin -%{_libexecdir}/crio/bin/pause # Completions %{_datadir}/bash-completion/completions/crio %{_datadir}/bash-completion/completions/crio-status @@ -184,7 +182,8 @@ %license LICENSE # Configs %dir %{_sysconfdir}/crio -%config(noreplace) %{_sysconfdir}/crio/crio.conf +%dir %{_sysconfdir}/crio/crio.conf.d +%config %{_sysconfdir}/crio/crio.conf.d/00-default.conf %dir %{_datadir}/oci-umount %dir %{_datadir}/oci-umount/oci-umount.d %{_datadir}/oci-umount/oci-umount.d/cri-umount.conf ++++++ _service ++++++ --- /var/tmp/diff_new_pack.M9jgWw/_old 2020-02-15 22:25:01.603296957 +0100 +++ /var/tmp/diff_new_pack.M9jgWw/_new 2020-02-15 22:25:01.603296957 +0100 @@ -2,8 +2,8 @@ <service name="tar_scm" mode="disabled"> <param name="url">https://github.com/cri-o/cri-o</param> <param name="scm">git</param> -<param name="versionformat">1.16.1</param> -<param name="revision">v1.16.1</param> +<param name="versionformat">1.17.0</param> +<param name="revision">v1.17.0</param> </service> <service name="recompress" mode="disabled"> <param name="file">cri-o-*.tar</param> ++++++ cri-o-1.16.1.tar.xz -> cri-o-1.17.0.tar.xz ++++++ /work/SRC/openSUSE:Factory/cri-o/cri-o-1.16.1.tar.xz /work/SRC/openSUSE:Factory/.cri-o.new.26092/cri-o-1.17.0.tar.xz differ: char 26, line 1 ++++++ crio.conf ++++++ --- /var/tmp/diff_new_pack.M9jgWw/_old 2020-02-15 22:25:01.675296996 +0100 +++ /var/tmp/diff_new_pack.M9jgWw/_new 2020-02-15 22:25:01.675296996 +0100 @@ -1,4 +1,3 @@ - # The CRI-O configuration file specifies all of the available configuration # options and command-line flags for the crio(8) OCI Kubernetes Container Runtime # daemon, but in a TOML format that can be more easily modified and versioned. @@ -37,7 +36,7 @@ log_dir = "/var/log/crio/pods" # Location for CRI-O to lay down the version file -version_file = "/var/lib/crio/version" +version_file = "/var/run/crio/version" # The crio.api table contains settings for the kubelet/gRPC interface. [crio.api] @@ -45,9 +44,6 @@ # Path to AF_LOCAL socket on which CRI-O will listen. listen = "/var/run/crio/crio.sock" -# Host IP considered as the primary IP to use by CRI-O for things such as host network IP. -host_ip = "" - # IP address on which the stream server will listen. stream_address = "127.0.0.1" @@ -95,6 +91,10 @@ # If true, the runtime will not use pivot_root, but instead use MS_MOVE. no_pivot = false +# decryption_keys_path is the path where the keys required for +# image decryption are stored. +decryption_keys_path = "/etc/crio/keys/" + # Path to the conmon binary, used for monitoring the OCI runtime. # Will be searched for using $PATH if empty. conmon = "" @@ -118,7 +118,7 @@ # Used to change the name of the default AppArmor profile of CRI-O. The default # profile name is "crio-default-" followed by the version string of CRI-O. -apparmor_profile = "crio-default-1.16.1" +# apparmor_profile = "crio-default-1.17.0" # Cgroup management implementation used for the runtime. cgroup_manager = "systemd" @@ -202,10 +202,14 @@ read_only = false # Changes the verbosity of the logs based on the level it is set to. Options -# are fatal, panic, error, warn, info, and debug. This option supports live -# configuration reload. +# are fatal, panic, error, warn, info, debug and trace. This option supports +# live configuration reload. log_level = "error" +# Filter the log messages by the provided regular expression. +# This option supports live configuration reload. +log_filter = "" + # The UID mappings for the user namespace of each container. A range is # specified in the form containerUID:HostUID:Size. Multiple ranges must be # separated by comma. @@ -220,9 +224,19 @@ # regarding the proper termination of the container. ctr_stop_timeout = 0 -# ManageNetworkNSLifecycle determines whether we pin and remove network namespace -# and manage its lifecycle. -manage_network_ns_lifecycle = true +# **DEPRECATED** this option is being replaced by manage_ns_lifecycle, which is described below. +# manage_network_ns_lifecycle = false + +# manage_ns_lifecycle determines whether we pin and remove namespaces +# and manage their lifecycle +manage_ns_lifecycle = true + +# The directory where the state of the managed namespaces gets tracked. +# Only used when manage_ns_lifecycle is true. +namespaces_dir = "/var/run/crio/ns" + +# pinns_path is the path to find the pinns binary, which is needed to manage namespace lifecycle +pinns_path = "" # The "crio.runtime.runtimes" table defines a list of OCI compatible runtimes. # The runtime to use is picked based on the runtime_handler provided by the CRI.