Override component to main
runc 1.0.0~rc10-0ubuntu1 in focal: universe/misc -> main
golang-github-opencontainers-runc-dev 1.0.0~rc10-0ubuntu1 in focal amd64:
universe/devel/extra/100% -> main
golang-github-opencontainers-runc-dev 1.0.0~rc10-0ubuntu1 in focal arm64:
universe/devel/extra/100% ->
Seed change approved and done, since this only is going to the supported
seed but not getting a direct package/task dependency please help to let
us later double check it actually shows up in component mismatches.
** Changed in: runc (Ubuntu)
Status: In Progress => Fix Committed
--
You
Seeed change MP opened: https://code.launchpad.net/~paelzer/ubuntu-
seeds/+git/platform/+merge/380071
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1817336
Title:
[MIR] runc
To manage
** Merge proposal linked:
https://code.launchpad.net/~paelzer/ubuntu-seeds/+git/platform/+merge/380071
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1817336
Title:
[MIR] runc
To manage
containerd (bug 1819761) is now ready for promotion as well.
We need to make a seed change to pull them in.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1817336
Title:
[MIR] runc
To manage
This is ready to go on, just FYI this is a few more days on hold as we
want to move this at once together with containerd (bug 1819761).
** Changed in: runc (Ubuntu)
Status: New => In Progress
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is
I reviewed runc 1.0.0~rc8+git20190923.3e425f80-0ubuntu1 as checked into focal.
This shouldn't be considered a full audit but rather a quick gauge of
maintainability.
runc, a lightweight universal container runtime, is a CLI tool for spawning and
running containers according to the Open Container
Yes, if all vendorized deps that are packaged are not in main either
there is no gain by de-vendorizing them right now for this case.
To be clear, they usually would be good to be de-vendored - but as
discussed before runc (and containerd) are special in that you already
plan to regularly update
According to the report from comment #6, of the 17 vendorized packages
runc uses, 16 exist as debs in universe, and 1 (go-criu) isn't packaged
at all.
We can de-vendorize the 16 packages, assuming the versions we have in
universe are ok (some are ahead of the vendored code, some are behind).
** Description changed:
[Availability]
runc is in universe (https://launchpad.net/ubuntu/+source/runc) and builds on
amd64, arm64, armhf, i386, ppc64el and s390x.
[Rationale]
This package is a requirement for the containerd MIR bug #1819761. Both
packages
are necessary for OCF
I've been investigating the vendorized dependencies in runc and below
you can find my notes so far:
# RunC - vendorized dependencies
## Summary:
- Total of 17 vendorized deps
+ None of them has a correspondent package in main
- 1 vendorized deps without correspondent package in the archive
Last open CVE fixed as of 1.0.0~rc6+git20181203.96ec2177-0~ubuntu2 backports
are in all releases.
So past CVEs are no more part of the discussion.
Subscription already done for the server Team - thanks Josh.
This is in the security Teams review queue (which is the proper next
step).
I wanted
ubuntu-server is now subscribed to bugs
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1817336
Title:
[MIR] runc
To manage notifications about this bug go to:
In general vendored depends are "okay" in that they are a known issue
that we generally need to deal with, even if it should be avoided
whenever possible.
Blockers:
- There is still no team subscriber for the package; ubuntu-server isn't
subscribed.
- Three open CVE that need fixing in disco;
** Changed in: runc (Ubuntu)
Assignee: (unassigned) => Mathieu Trudel-Lapierre (cyphermox)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1817336
Title:
[MIR] runc
To manage notifications
** Description changed:
[Availability]
runc is in universe (https://launchpad.net/ubuntu/+source/runc) and builds on
amd64, arm64, armhf, i386, ppc64el and s390x.
[Rationale]
- This package is a requirement for the containerd MIR (bug-to-be-filed). Both
packages
+ This package is a
You mean this?
ubuntu@disco-mir:~/deb/runc-1.0.0~rc6+git20181203.96ec2177$ cat vendor.conf
# OCI runtime-spec. When updating this, make sure you use a version tag rather
# than a commit ID so it's much more obvious what version of the spec we are
# using.
github.com/opencontainers/runtime-spec
A correction: the package in disco vendors its dependencies, in the way
that docker.io and snapd do, and for much the same reason: to enable
backports to LTS. So there are no build-depends in universe but there is
bundled source code from other projects.
This means that (again in disco for now,
18 matches
Mail list logo
