Hello community, here is the log from the commit of package podman for openSUSE:Leap:15.2 checked in at 2020-03-19 08:35:35 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:15.2/podman (Old) and /work/SRC/openSUSE:Leap:15.2/.podman.new.3160 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "podman" Thu Mar 19 08:35:35 2020 rev:8 rq:785914 version:1.8.0 Changes: -------- --- /work/SRC/openSUSE:Leap:15.2/podman/podman.changes 2020-01-15 15:44:32.931292840 +0100 +++ /work/SRC/openSUSE:Leap:15.2/.podman.new.3160/podman.changes 2020-03-19 08:35:38.861823748 +0100 @@ -1,0 +2,533 @@ +Thu Feb 20 15:57:54 UTC 2020 - Ralf Haferkamp <[email protected]> + +- The name of the cni-bridge in the default config changed from + "cni0" to "podman-cni0" with podman-1.6.0. Add a %trigger to + rename the bridge in the system to the new default if it exists. + The trigger is only excuted when updating podman-cni-config + from something older than 1.6.0. This is mainly needed for SLE + where we're updating from 1.4.4 to 1.8.0 (bsc#1160460). + +------------------------------------------------------------------- +Fri Feb 7 14:18:16 UTC 2020 - Sascha Grunert <[email protected]> + +- Remove: 0001-clarify-container-prune-force.patch because it's now + included in the release +- Update podman to v1.8.0 (bsc#1160460): + * Features + - The podman system service command has been added, providing a + preview of Podman's new Docker-compatible API. This API is + still very new, and not yet ready for production use, but is + available for early testing + - Rootless Podman now uses Rootlesskit for port forwarding, + which should greatly improve performance and capabilities + - The podman untag command has been added to remove tags from + images without deleting them + - The podman inspect command on images now displays previous + names they used + - The podman generate systemd command now supports a --new + option to generate service files that create and run new + containers instead of managing existing containers + - Support for --log-opt tag= to set logging tags has been added + to the journald log driver + - Added support for using Seccomp profiles embedded in images + for podman run and podman create via the new --seccomp-policy + CLI flag + - The podman play kube command now honors pull policy + * Bugfixes + - Fixed a bug where the podman cp command would not copy the + contents of directories when paths ending in /. were given + - Fixed a bug where the podman play kube command did not + properly locate Seccomp profiles specified relative to + localhost + - Fixed a bug where the podman info command for remote Podman + did not show registry information + - Fixed a bug where the podman exec command did not support + having input piped into it + - Fixed a bug where the podman cp command with rootless Podman + on CGroups v2 systems did not properly determine if the + container could be paused while copying + - Fixed a bug where the podman container prune --force command + could possible remove running containers if they were started + while the command was running + - Fixed a bug where Podman, when run as root, would not + properly configure slirp4netns networking when requested + - Fixed a bug where podman run --userns=keep-id did not work + when the user had a UID over 65535 + - Fixed a bug where rootless podman run and podman create with + the --userns=keep-id option could change permissions on + /run/user/$UID and break KDE + - Fixed a bug where rootless Podman could not be run in a + systemd service on systems using CGroups v2 + - Fixed a bug where podman inspect would show CPUShares as 0, + instead of the default (1024), when it was not explicitly set + - Fixed a bug where podman-remote push would segfault + - Fixed a bug where image healthchecks were not shown in the + output of podman inspect + - Fixed a bug where named volumes created with containers from + pre-1.6.3 releases of Podman would be autoremoved with their + containers if the --rm flag was given, even if they were + given names + - Fixed a bug where podman history was not computing image + sizes correctly + - Fixed a bug where Podman would not error on invalid values to + the --sort flag to podman images + - Fixed a bug where providing a name for the image made by + podman commit was mandatory, not optional as it should be + - Fixed a bug where the remote Podman client would append an + extra " to %PATH + - Fixed a bug where the podman build command would sometimes + ignore the -f option and build the wrong Containerfile + - Fixed a bug where the podman ps --filter command would only + filter running containers, instead of all containers, if + --all was not passed + - Fixed a bug where the podman load command on compressed + images would leave an extra copy on disk + - Fixed a bug where the podman restart command would not + properly clean up the network, causing it to function + differently from podman stop; podman start + - Fixed a bug where setting the --memory-swap flag to podman + create and podman run to -1 (to indicate unlimited) was not + supported + * Misc + - Initial work on version 2 of the Podman remote API has been + merged, but is still in an alpha state and not ready for use. + Read more here + - Many formatting corrections have been made to the manpages + - The changes to address (#5009) may cause anonymous volumes + created by Podman versions 1.6.3 to 1.7.0 to not be removed + when their container is removed + - Updated vendored Buildah to v1.13.1 + - Updated vendored containers/storage to v1.15.8 + - Updated vendored containers/image to v5.2.0 + +------------------------------------------------------------------- +Fri Jan 24 14:04:36 UTC 2020 - Sascha Grunert <[email protected]> + +- Add apparmor-abstractions as required runtime dependency to + have `tunables/global` available. + +------------------------------------------------------------------- +Mon Jan 13 11:13:59 UTC 2020 - Ralf Haferkamp <[email protected]> + +- Add: 0001-clarify-container-prune-force.patch to fix the --force + flag for the "container prune" command. + (https://github.com/containers/libpod/issues/4844) + +------------------------------------------------------------------- +Wed Jan 8 09:23:01 UTC 2020 - Ralf Haferkamp <[email protected]> + +- Update podman to v1.7.0 + * Features + - Added support for setting a static MAC address for containers + - Added support for creating macvlan networks with podman + network create, allowing Podman containers to be attached + directly to networks the host is connected to + - The podman image prune and podman container prune commands + now support the --filter flag to filter what will be pruned, + and now prompts for confirmation when run without --force + (#4410 and #4411) + - Podman now creates CGroup namespaces by default on systems + using CGroups v2 (#4363) + - Added the podman system reset command to remove all Podman + files and perform a factory reset of the Podman installation + - Added the --history flag to podman images to display previous + names used by images (#4566) + - Added the --ignore flag to podman rm and podman stop to not + error when requested containers no longer exist + - Added the --cidfile flag to podman rm and podman stop to read + the IDs of containers to be removed or stopped from a file + - The podman play kube command now honors Seccomp annotations + (#3111) + - The podman play kube command now honors RunAsUser, + RunAsGroup, and selinuxOptions + - The output format of the podman version command has been + changed to better match docker version when using the + --format flag + - Rootless Podman will no longer initialize containers/storage + twice, removing a potential deadlock preventing Podman + commands from running while an image was being pulled (#4591) + - Added tmpcopyup and notmpcopyup options to the --tmpfs and + --mount type=tmpfs flags to podman create and podman run to + control whether the content of directories are copied into + tmpfs filesystems mounted over them + - Added support for disabling detaching from containers by + setting empty detach keys via --detach-keys="" + - The podman build command now supports the --pull and + --pull-never flags to control when images are pulled during a + build + - The podman ps -p command now shows the name of the pod as + well as its ID (#4703) + - The podman inspect command on containers will now display the + command used to create the container + - The podman info command now displays information on registry + mirrors (#4553) + * Bugfixes + - Fixed a bug where Podman would use an incorrect runtime + directory as root, causing state to be deleted after root + logged out and making Podman in systemd services not function + properly + - Fixed a bug where the --change flag to podman import and + podman commit was not being parsed properly in many cases + - Fixed a bug where detach keys specified in libpod.conf were + not used by the podman attach and podman exec commands, which + always used the global default ctrl-p,ctrl-q key combination + (#4556) + - Fixed a bug where rootless Podman was not able to run podman + pod stats even on CGroups v2 enabled systems (#4634) + - Fixed a bug where rootless Podman would fail on kernels + without the renameat2 syscall (#4570) + - Fixed a bug where containers with chained network namespace + dependencies (IE, container A using --net container=B and + container B using --net container=C) would not properly mount + /etc/hosts and /etc/resolv.conf into the container (#4626) + - Fixed a bug where podman run with the --rm flag and without + -d could, when run in the background, throw a 'container does + not exist' error when attempting to remove the container + after it exited + - Fixed a bug where named volume locks were not properly + reacquired after a reboot, potentially leading to deadlocks + when trying to start containers using the volume (#4605 and + #4621) + - Fixed a bug where Podman could not completely remove + containers if sent SIGKILL during removal, leaving the + container name unusable without the podman rm --storage + command to complete removal (#3906) + - Fixed a bug where checkpointing containers started with --rm + was allowed when --export was not specified (the container, + and checkpoint, would be removed after checkpointing was ++++ 508 more lines (skipped) ++++ between /work/SRC/openSUSE:Leap:15.2/podman/podman.changes ++++ and /work/SRC/openSUSE:Leap:15.2/.podman.new.3160/podman.changes Old: ---- CVE-2019-10214.patch conmon-0.3.0.tar.xz podman-1.4.4.tar.xz New: ---- podman-1.8.0.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ podman.spec ++++++ --- /var/tmp/diff_new_pack.roqbXo/_old 2020-03-19 08:35:40.533824771 +0100 +++ /var/tmp/diff_new_pack.roqbXo/_new 2020-03-19 08:35:40.577824798 +0100 @@ -17,24 +17,20 @@ %define project github.com/containers/libpod -%define conmon_project conmon -%define conmonver 0.3.0 # Build with libostree-devel in Tumbleweed, Leap 15 and SLES 15 %if 0%{?suse_version} >= 1500 %define with_libostree 1 %endif Name: podman -Version: 1.4.4 +Version: 1.8.0 Release: 0 Summary: Daemon-less container engine for managing containers, pods and images License: Apache-2.0 Group: System/Management Url: https://github.com/containers/libpod Source0: %{name}-%{version}.tar.xz -Source1: %{conmon_project}-%{conmonver}.tar.xz Source2: libpod.conf Source3: %{name}-rpmlintrc -Patch0: CVE-2019-10214.patch BuildRequires: bash-completion BuildRequires: cni BuildRequires: device-mapper-devel @@ -56,20 +52,21 @@ %ifarch ppc64le #!BuildIgnore: gcc-PIE %endif -# i586 not supported, containers/conmon does not build -ExcludeArch: i586 Requires: apparmor-parser +Requires: apparmor-abstractions Requires: cni Requires: cni-plugins +Requires: conmon Requires: iptables Requires: libcontainers-common Requires: libcontainers-image Requires: libcontainers-storage Requires: runc >= 1.0.0~rc4 Requires: slirp4netns >= 0.3.0 -Requires: fuse-overlayfs Requires: catatonit +Requires: fuse-overlayfs Recommends: %{name}-cni-config = %{version} +Recommends: katacontainers %{go_nostrip} %if 0%{?with_libostree} BuildRequires: libostree-devel @@ -85,18 +82,13 @@ %prep %setup -q -%patch0 -p0 -# unpack conmon into the unpacked podman source -%setup -q -T -D -a 1 -rm -rf $HOME/%{conmon_project} -mkdir -pv $HOME/%{conmon_project} -mv %{conmon_project}-%{conmonver}/* $HOME/%{conmon_project} -rm -r %{conmon_project}-%{conmonver} %package cni-config Summary: Basic CNI configuration for podman Group: System/Management Requires: %{name} = %{version} +# iproute2 is needed by the %triggerun scriplet +Requires: iproute2 BuildArch: noarch %description cni-config @@ -140,10 +132,6 @@ # Build manpages make %{?_smp_mflags} docs -# Build conmon -cd $HOME/%{conmon_project} -make - %check # Too many tests fail due to the restricted permissions in the build enviroment. # Updates must be tested manually. @@ -155,32 +143,26 @@ install -D -m 0755 bin/podman %{buildroot}/%{_bindir}/podman install -D -m 0755 bin/podman-remote %{buildroot}/%{_bindir}/podman-remote install -d %{buildroot}/%{_mandir}/man1 -install -m 0644 docs/podman*.1 %{buildroot}/%{_mandir}/man1 +install -m 0644 docs/build/man/podman*.1 %{buildroot}/%{_mandir}/man1 install -d %{buildroot}/%{_mandir}/man5 -install -m 0644 docs/libpod*.5 %{buildroot}/%{_mandir}/man5 +install -m 0644 docs/build/man/libpod*.5 %{buildroot}/%{_mandir}/man5 install -D -m 0644 cni/87-podman-bridge.conflist %{buildroot}/%{_sysconfdir}/cni/net.d/87-podman-bridge.conflist install -D -m 0644 %{SOURCE2} %{buildroot}/%{_sysconfdir}/containers/libpod.conf install -D -m 0644 %{SOURCE2} %{buildroot}/%{_datadir}/containers/libpod.conf install -D -m 0644 completions/bash/podman %{buildroot}/%{_datadir}/bash-completion/completions/podman +install -D -m 0644 completions/zsh/_podman %{buildroot}%{_sysconfdir}/zsh_completion.d/_podman # podman varlink install -D -m 0644 contrib/varlink/podman.conf %{buildroot}/%{_tmpfilesdir}/podman.conf install -D -m 0644 contrib/varlink/io.podman.service %{buildroot}%{_unitdir}/io.podman.service install -D -m 0644 contrib/varlink/io.podman.socket %{buildroot}%{_unitdir}/io.podman.socket -# conmon -cd $HOME/%{conmon_project} -install -D -m 0755 bin/conmon %{buildroot}/%{_libexecdir}/podman/bin/conmon - %fdupes %{buildroot}/%{_prefix} %files # Binaries %{_bindir}/podman %{_bindir}/podman-remote -%dir %{_libexecdir}/podman -%dir %{_libexecdir}/podman/bin -%{_libexecdir}/podman/bin/conmon # Manpages %{_mandir}/man1/podman*.1* %{_mandir}/man5/libpod*.5* @@ -190,6 +172,7 @@ %{_datadir}/containers/libpod.conf # Completion %{_datadir}/bash-completion/completions/podman +%{_sysconfdir}/zsh_completion.d/_podman # Varlink %{_tmpfilesdir}/podman.conf %{_unitdir}/io.podman.service @@ -214,4 +197,14 @@ %postun %service_del_postun io.podman.service io.podman.socket +%triggerun cni-config -- %{name}-cni-config < 1.6.0 +# The name of the network bridge changed from cni0 to podman-cni0 with +# podman 1.6. We need to rename the existing bridge to the new name to +# to avoid network issues after upgrade +if ip link show dev cni0 > /dev/null 2>&1; then + ip link set dev cni0 down + ip link set dev cni0 name cni-podman0 + ip link set dev cni-podman0 up +fi + %changelog ++++++ _service ++++++ --- /var/tmp/diff_new_pack.roqbXo/_old 2020-03-19 08:35:40.985825047 +0100 +++ /var/tmp/diff_new_pack.roqbXo/_new 2020-03-19 08:35:41.005825060 +0100 @@ -4,22 +4,14 @@ <param name="url">https://github.com/containers/libpod.git</param> <param name="scm">git</param> <param name="filename">podman</param> -<param name="versionformat">1.4.4</param> -<param name="revision">v1.4.4</param> +<param name="versionformat">1.8.0</param> +<param name="revision">v1.8.0</param> </service> <service name="set_version" mode="disabled"> <param name="basename">podman</param> </service> -<service name="tar_scm" mode="disabled"> -<param name="url">https://github.com/containers/conmon.git</param> -<param name="scm">git</param> -<param name="filename">conmon</param> -<param name="versionformat">0.3.0</param> -<param name="revision">v0.3.0</param> -</service> - <service name="recompress" mode="disabled"> <param name="file">*.tar</param> <param name="compression">xz</param> ++++++ libpod.conf ++++++ --- /var/tmp/diff_new_pack.roqbXo/_old 2020-03-19 08:35:41.213825186 +0100 +++ /var/tmp/diff_new_pack.roqbXo/_new 2020-03-19 08:35:41.233825199 +0100 @@ -4,9 +4,10 @@ # Default transport method for pulling and pushing for images image_default_transport = "docker://" -# Paths to look for the Conmon container manager binary +# Paths to look for the conmon container manager binary. +# If the paths are empty or no valid path was found, then the `$PATH` +# environment variable will be used as the fallback. conmon_path = [ - "/usr/lib/podman/bin/conmon", ] # Environment variables to pass into conmon @@ -111,11 +112,32 @@ # libpod will use it for reporting nicer errors. runtime_supports_json = ["runc"] +# List of all the OCI runtimes that support --cgroup-manager=disable to disable +# creation of CGroups for containers. +runtime_supports_nocgroups = [] + # Paths to look for a valid OCI runtime (runc, runv, etc) +# If the paths are empty or no valid path was found, then the `$PATH` +# environment variable will be used as the fallback. [runtimes] runc = [ - "/usr/bin/runc", - "/usr/sbin/runc" +] + + +# Kata Containers is an OCI runtime, where containers are run inside lightweight +# VMs. Kata provides additional isolation towards the host, minimizing the host attack +# surface and mitigating the consequences of containers breakout. + +# Kata Containers with the default configured VMM +kata-runtime = [ +] + +# Kata Containers with the QEMU VMM +kata-qemu = [ +] + +# Kata Containers with the Firecracker VMM +kata-fc = [ ] # The [runtimes] table MUST be the last thing in this file. ++++++ podman-1.4.4.tar.xz -> podman-1.8.0.tar.xz ++++++ ++++ 563764 lines of diff (skipped) ++++++ podman-rpmlintrc ++++++ --- /var/tmp/diff_new_pack.roqbXo/_old 2020-03-19 08:35:44.089826946 +0100 +++ /var/tmp/diff_new_pack.roqbXo/_new 2020-03-19 08:35:44.089826946 +0100 @@ -2,3 +2,4 @@ addFilter (".* W: explicit-lib-dependency libcontainers-image") addFilter (".* W: explicit-lib-dependency libcontainers-storage") addFilter (".* W: missing-call-to-setgroups-before-setuid") +addFilter (".* W: non-conffile-in-etc .*zsh_completion.d.*")
