Hello community,
here is the log from the commit of package cri-o for openSUSE:Factory checked
in at 2020-02-15 22:24:48
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/cri-o (Old)
and /work/SRC/openSUSE:Factory/.cri-o.new.26092 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "cri-o"
Sat Feb 15 22:24:48 2020 rev:44 rq:773627 version:1.17.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/cri-o/cri-o.changes 2020-01-23
16:10:23.127617046 +0100
+++ /work/SRC/openSUSE:Factory/.cri-o.new.26092/cri-o.changes 2020-02-15
22:25:00.439296327 +0100
@@ -1,0 +2,38 @@
+Mon Feb 10 14:59:52 UTC 2020 - Sascha Grunert <sgrun...@suse.com>
+
+- Put default configuration in /etc/crio/crio.conf.d/00-default.conf
+ in replacement for /etc/crio/crio.conf
+
+-------------------------------------------------------------------
+Mon Feb 10 14:05:47 UTC 2020 - Sascha Grunert <sgrun...@suse.com>
+
+- Uncomment default apparmor profile to always fallback to the
+ default one
+
+-------------------------------------------------------------------
+Mon Feb 10 08:18:28 UTC 2020 - Sascha Grunert <sgrun...@suse.com>
+
+- Remove prevent-local-loopback-teardown-rh1754154.patch which is
+ now included in upstream
+- Update to v1.17.0:
+ * Major Changes
+ - Allow CRI-O to manage IPC and UTS namespaces, in addition to
+ Network
+ - Add support for drop-in configuration files
+ - Added image pull and network setup metrics
+ - Image decryption support
+ - Remove unneeded host_ip configuration value
+ * Minor Changes
+ - Setup container environment variables before user
+ - Move default version file location to a tmpfs
+ - Failures to stop the network will now cause a stop sandbox
+ request to fail
+ - Persist container exit codes across reboot
+ - Add conmonmon: a conmon monitoring loop to protect against
+ conmon being OOM'd
+ - Add namespaces{-_}dir CLI and config option
+ - Add disk usage for ListContainerStats
+ - Introduce new runtime field to restrict devices in privileged
+ mode
+
+-------------------------------------------------------------------
Old:
----
cri-o-1.16.1.tar.xz
prevent-local-loopback-teardown-rh1754154.patch
New:
----
cri-o-1.17.0.tar.xz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ cri-o.spec ++++++
--- /var/tmp/diff_new_pack.M9jgWw/_old 2020-02-15 22:25:01.563296935 +0100
+++ /var/tmp/diff_new_pack.M9jgWw/_new 2020-02-15 22:25:01.571296939 +0100
@@ -24,7 +24,7 @@
%define project github.com/cri-o/cri-o
# Define macros for further referenced sources
Name: cri-o
-Version: 1.16.1
+Version: 1.17.0
Release: 0
Summary: OCI-based implementation of Kubernetes Container Runtime
Interface
License: Apache-2.0
@@ -38,7 +38,6 @@
Source5: kubelet.env
Source6: crio-wipe.service
Source7: crio-shutdown.service
-Patch1: prevent-local-loopback-teardown-rh1754154.patch
BuildRequires: device-mapper-devel
BuildRequires: fdupes
BuildRequires: glib2-devel-static
@@ -86,7 +85,6 @@
%prep
%setup -q
-%patch1 -p1
%build
# Keep cgroupfs as the default cgroup manager for SLE15 builds
@@ -130,8 +128,8 @@
# Binaries
install -D -m 0755 bin/crio %{buildroot}/%{_bindir}/crio
install -D -m 0755 bin/crio-status %{buildroot}/%{_bindir}/crio-status
+install -D -m 0755 bin/pinns %{buildroot}/%{_bindir}/pinns
install -d %{buildroot}/%{_libexecdir}/crio/bin
-install -D -m 0755 bin/pause %{buildroot}/%{_libexecdir}/crio/bin/pause
# Completions
install -D -m 0644 completions/bash/crio
%{buildroot}/%{_datadir}/bash-completion/completions/crio
install -D -m 0644 completions/zsh/_crio
%{buildroot}%{_sysconfdir}/zsh_completion.d/_crio
@@ -145,7 +143,7 @@
install -m 0644 docs/crio.conf.5 %{buildroot}/%{_mandir}/man5
install -m 0644 docs/crio.8 %{buildroot}/%{_mandir}/man8
# Configs
-install -D -m 0644 %{SOURCE3} %{buildroot}/%{_sysconfdir}/crio/crio.conf
+install -D -m 0644 %{SOURCE3}
%{buildroot}/%{_sysconfdir}/crio/crio.conf.d/00-default.conf
install -D -m 0644 crio-umount.conf
%{buildroot}/%{_datadir}/oci-umount/oci-umount.d/cri-umount.conf
install -D -m 0644 %{SOURCE2} %{buildroot}%{_fillupdir}/sysconfig.crio
# Systemd
@@ -164,9 +162,9 @@
# Binaries
%{_bindir}/crio
%{_bindir}/crio-status
+%{_bindir}/pinns
%dir %{_libexecdir}/crio
%dir %{_libexecdir}/crio/bin
-%{_libexecdir}/crio/bin/pause
# Completions
%{_datadir}/bash-completion/completions/crio
%{_datadir}/bash-completion/completions/crio-status
@@ -184,7 +182,8 @@
%license LICENSE
# Configs
%dir %{_sysconfdir}/crio
-%config(noreplace) %{_sysconfdir}/crio/crio.conf
+%dir %{_sysconfdir}/crio/crio.conf.d
+%config %{_sysconfdir}/crio/crio.conf.d/00-default.conf
%dir %{_datadir}/oci-umount
%dir %{_datadir}/oci-umount/oci-umount.d
%{_datadir}/oci-umount/oci-umount.d/cri-umount.conf
++++++ _service ++++++
--- /var/tmp/diff_new_pack.M9jgWw/_old 2020-02-15 22:25:01.603296957 +0100
+++ /var/tmp/diff_new_pack.M9jgWw/_new 2020-02-15 22:25:01.603296957 +0100
@@ -2,8 +2,8 @@
<service name="tar_scm" mode="disabled">
<param name="url">https://github.com/cri-o/cri-o</param>
<param name="scm">git</param>
-<param name="versionformat">1.16.1</param>
-<param name="revision">v1.16.1</param>
+<param name="versionformat">1.17.0</param>
+<param name="revision">v1.17.0</param>
</service>
<service name="recompress" mode="disabled">
<param name="file">cri-o-*.tar</param>
++++++ cri-o-1.16.1.tar.xz -> cri-o-1.17.0.tar.xz ++++++
/work/SRC/openSUSE:Factory/cri-o/cri-o-1.16.1.tar.xz
/work/SRC/openSUSE:Factory/.cri-o.new.26092/cri-o-1.17.0.tar.xz differ: char
26, line 1
++++++ crio.conf ++++++
--- /var/tmp/diff_new_pack.M9jgWw/_old 2020-02-15 22:25:01.675296996 +0100
+++ /var/tmp/diff_new_pack.M9jgWw/_new 2020-02-15 22:25:01.675296996 +0100
@@ -1,4 +1,3 @@
-
# The CRI-O configuration file specifies all of the available configuration
# options and command-line flags for the crio(8) OCI Kubernetes Container
Runtime
# daemon, but in a TOML format that can be more easily modified and versioned.
@@ -37,7 +36,7 @@
log_dir = "/var/log/crio/pods"
# Location for CRI-O to lay down the version file
-version_file = "/var/lib/crio/version"
+version_file = "/var/run/crio/version"
# The crio.api table contains settings for the kubelet/gRPC interface.
[crio.api]
@@ -45,9 +44,6 @@
# Path to AF_LOCAL socket on which CRI-O will listen.
listen = "/var/run/crio/crio.sock"
-# Host IP considered as the primary IP to use by CRI-O for things such as host
network IP.
-host_ip = ""
-
# IP address on which the stream server will listen.
stream_address = "127.0.0.1"
@@ -95,6 +91,10 @@
# If true, the runtime will not use pivot_root, but instead use MS_MOVE.
no_pivot = false
+# decryption_keys_path is the path where the keys required for
+# image decryption are stored.
+decryption_keys_path = "/etc/crio/keys/"
+
# Path to the conmon binary, used for monitoring the OCI runtime.
# Will be searched for using $PATH if empty.
conmon = ""
@@ -118,7 +118,7 @@
# Used to change the name of the default AppArmor profile of CRI-O. The default
# profile name is "crio-default-" followed by the version string of CRI-O.
-apparmor_profile = "crio-default-1.16.1"
+# apparmor_profile = "crio-default-1.17.0"
# Cgroup management implementation used for the runtime.
cgroup_manager = "systemd"
@@ -202,10 +202,14 @@
read_only = false
# Changes the verbosity of the logs based on the level it is set to. Options
-# are fatal, panic, error, warn, info, and debug. This option supports live
-# configuration reload.
+# are fatal, panic, error, warn, info, debug and trace. This option supports
+# live configuration reload.
log_level = "error"
+# Filter the log messages by the provided regular expression.
+# This option supports live configuration reload.
+log_filter = ""
+
# The UID mappings for the user namespace of each container. A range is
# specified in the form containerUID:HostUID:Size. Multiple ranges must be
# separated by comma.
@@ -220,9 +224,19 @@
# regarding the proper termination of the container.
ctr_stop_timeout = 0
-# ManageNetworkNSLifecycle determines whether we pin and remove network
namespace
-# and manage its lifecycle.
-manage_network_ns_lifecycle = true
+# **DEPRECATED** this option is being replaced by manage_ns_lifecycle, which
is described below.
+# manage_network_ns_lifecycle = false
+
+# manage_ns_lifecycle determines whether we pin and remove namespaces
+# and manage their lifecycle
+manage_ns_lifecycle = true
+
+# The directory where the state of the managed namespaces gets tracked.
+# Only used when manage_ns_lifecycle is true.
+namespaces_dir = "/var/run/crio/ns"
+
+# pinns_path is the path to find the pinns binary, which is needed to manage
namespace lifecycle
+pinns_path = ""
# The "crio.runtime.runtimes" table defines a list of OCI compatible runtimes.
# The runtime to use is picked based on the runtime_handler provided by the
CRI.
