cri-o-kubeadm-criconfig-1.17.3-lp153.3.1 >  A `~/=„+D]L kvC!GXγԪx|L+^faScSnH= ->VQ͑6ۉP;Iqah4Ij2YˌhV c,4X'_'aƾ +.~ygM2ΕqAN ς蒉,Efo@{1k)[wElݷ@{ v / =Jhϴ826872f4ef98d5a373b194a88c511f42d8bfa01cff7f9556e92d65cba7643ccded3e9bfbd19f5fa1f7e15a5ce8420639ba9a4c78`~/=„wR. $2}ːd ,&Psnjl:Kaj~w hsNuEk0l7dJN|no$bdY*+r&dn2h.P]{̟3tVXV+,S8)Q5ݑ3Qʚ@ )ˏI*-آ޶0:Yu2',/OpwxFeݐdK5^E7V j=`^ *,"l:-wq{e>pC?d! + ]  (.4     \  + PTs(t8|[9[:[>YFaGtHxI|XY\]^bcdefluvz$(.04:|Ccri-o-kubeadm-criconfig1.17.3lp153.3.1CRI-O container runtime configuration for kubeadmThis package provides the CRI-O container runtime configuration for kubeadm`~Ks390p22openSUSE Leap 15.3openSUSEApache-2.0https://bugs.opensuse.orgUnspecifiedhttps://github.com/cri-o/cri-olinuxs390x PNAME=kubelet SUBPNAME= SYSC_TEMPLATE=/usr/share/fillup-templates/sysconfig.$PNAME$SUBPNAME # If template not in new /usr/share/fillup-templates, fallback to old TEMPLATE_DIR if [ ! -f $SYSC_TEMPLATE ] ; then TEMPLATE_DIR=/var/adm/fillup-templates SYSC_TEMPLATE=$TEMPLATE_DIR/sysconfig.$PNAME$SUBPNAME fi SD_NAME="" if [ -x /bin/fillup ] ; then if [ -f $SYSC_TEMPLATE ] ; then echo "Updating /etc/sysconfig/$SD_NAME$PNAME ..." mkdir -p /etc/sysconfig/$SD_NAME touch /etc/sysconfig/$SD_NAME$PNAME /bin/fillup -q /etc/sysconfig/$SD_NAME$PNAME $SYSC_TEMPLATE fi else echo "ERROR: fillup not found. This should not happen. Please compare" echo "/etc/sysconfig/$PNAME and $TEMPLATE_DIR/sysconfig.$PNAME and" echo "update by hand." fi`~J1569e237d627aa54c2bd391fb879956886ac335ce72211db9dff2e25799d0bf0rootrootcri-o-1.17.3-lp153.3.1.src.rpmcri-o-kubeadm-criconfigcri-o-kubeadm-criconfig(s390-64)kubernetes-kubeadm-criconfig    /bin/shcoreutilsdiffutilsfillupgrepkubernetes-kubeadm-providerrpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)3.0.4-14.6.0-14.0-15.2-1docker-kubic-kubeadm-criconfig4.14.1^H^H^_^}^oj@^AE^AE^AE^"@^ P@^ P@^g@]@]e@]]@]Γ@]A]M@]@]W](]w@]p]p]p]g@]Ik]9]0_@]/ ]\\P\@\f\}\@\\@\@\u*@\@\ `[[[@[F[{[{[z@[v[ug@[r@[r@[b@[D[D[:[3|@['[#@[d@[@[{@[)ZK@ZJ@ZZ`@Z`@ZkZ%Z1@Z1@Z1@Z@ZMichal Jura Michal Jura Richard Brown Sascha Grunert Sascha Grunert Sascha Grunert Sascha Grunert Sascha Grunert Sascha Grunert Sascha Grunert Richard Brown jmassaguerpla@suse.comSascha Grunert Dirk Mueller David Cassany Sascha Grunert Sascha Grunert Richard Brown Sascha Grunert Richard Brown Sascha Grunert Sascha Grunert Marco Vedovati David Cassany Sascha Grunert Sascha Grunert Sascha Grunert Richard Brown Richard Brown Richard Brown Sascha Grunert Sascha Grunert Guillaume GARDET Sascha Grunert Michal Rostecki Sascha Grunert Flavio Castelli Flavio Castelli Daniel Orf Sascha Grunert Richard Brown Sascha Grunert Richard Brown Valentin Rothberg Valentin Rothberg Valentin Rothberg Jeff Kowalczyk rbrown@suse.comrbrown@suse.comvrothberg@suse.comvrothberg@suse.comrbrown@suse.comrbrown@suse.comrbrown@suse.comvrothberg@suse.comDavid Cassany vrothberg@suse.comvrothberg@suse.comvrothberg@suse.comvrothberg@suse.comvrothberg@suse.comvrothberg@suse.comvrothberg@suse.comdcassany@suse.comdcassany@suse.comndas@suse.defcastelli@suse.comvrothberg@suse.comvrothberg@suse.comvrothberg@suse.comvrothberg@suse.comvrothberg@suse.comvrothberg@suse.comvrothberg@suse.comvrothberg@suse.comvrothberg@suse.comfcastelli@suse.comfcastelli@suse.comvrothberg@suse.comvrothberg@suse.comjengelh@inai.devrothberg@suse.comvrothberg@suse.comvrothberg@suse.comvrothberg@suse.comvrothberg@suse.comvrothberg@suse.comvrothberg@suse.comvrothberg@suse.comvrothberg@suse.com- criconfig: Require kubernetes-kubeadm-provider to be compatable with multi-version kubernetes packaging- Update apparmor_profile with current cri-o version, bsc#1161056- Update to version 1.17.3: * Bump version to 1.17.3 * Update c/image to v5.3.1 * sandbox: Make sure the label annotation is proper JSON * container_server: Wrap a few more errors in LoadSandbox * restore tests: verify some namespace lifecycle cases work * fail on failed pinns * pinns: pin to /var/run/*ns instead of /var/run/crio/ns/* * Add the -d flag when installing runc for circle ci * Add the mounts that are required by systemd * bump to 1.17.2- Use new pause:3.2 image- Update to v1.17.1: * Drop conmonmon * Update docs and completions for crio wipe --force * wipe: Add a force flag for skipping version check * Restore sandbox selinux labels directly from config.json * klog: don't write to /tmp * Pass down the integer value of the stop signal * exec: Close pipe fds to prevent hangs * Unwrap errors from label.Relabel() before checking for ENOTSUP * oci: Handle timeouts correctly for probes- Put default configuration in /etc/crio/crio.conf.d/00-default.conf in replacement for /etc/crio/crio.conf- Uncomment default apparmor profile to always fallback to the default one- Remove prevent-local-loopback-teardown-rh1754154.patch which is now included in upstream - Update to v1.17.0: * Major Changes - Allow CRI-O to manage IPC and UTS namespaces, in addition to Network - Add support for drop-in configuration files - Added image pull and network setup metrics - Image decryption support - Remove unneeded host_ip configuration value * Minor Changes - Setup container environment variables before user - Move default version file location to a tmpfs - Failures to stop the network will now cause a stop sandbox request to fail - Persist container exit codes across reboot - Add conmonmon: a conmon monitoring loop to protect against conmon being OOM'd - Add namespaces{-_}dir CLI and config option - Add disk usage for ListContainerStats - Introduce new runtime field to restrict devices in privileged mode- Fix invalid apparmor profile (bsc#1161179)- Include system proxy settings in service if present (bsc#1155323)- Removed the usage of `name_` variables to reduce the error proneness - Fixed systemd unit install locations for crio-wipe.service and crio-shutdown.service (bsc#1161056)- Add prevent-local-loopback-teardown-rh1754154.patch to stop local loopback interfaces being torndown before cluster is bootstrapped- Make cgroup-driver for kubelet be cgroupfs for SLE to be consistent with the cri-o configuration- Update to v1.16.1: * Add manifest list support * Default to system.slice for conmon cgroup * Don't set PodIPs on host network pods- switch to libcontainers-common requires, as the other two are provided by it already (avant-garde#1056)- Revert cgroup_manager from systemd to cgroupsfs for SLE15 k8s default is cgroupfs and in can be modified at runtime by the `--kubelet-cgroups` flag. However this flag is deprecated and avoinding it is currently preferred over introducing it. In order to switch to systemd as the cgroups manager in SLE15 further analysis is required to find a suitable configuration strategy.- Use single service macro invocation - Add shell completions directories to files- Add crio and crio-status shell completions - Add crio-wipe and crio-shutdown services - Update kubelet verbosity to `-v=2` - Update conmon cgroup to `system.slice` - Update crio.conf to match latest version - Update to v1.16.0: * Major Changes * Add support for manifest lists * Dual stack IPv6 support * HUP reload of SystemRegistries * file_locking is no longer a supported option in the configuration file * Hooks are no longer found implicitally. * conmon now lives in a separate repository and must be downloaded separately. * Minor * All OCI mounts are mounted as rw when a pod is privileged * CRI-O can now run on a cgroupv2 system (only with the runtime crun) * Add environment variables to CLI flags * Add crio-status client to conveniently query status of crio or a container * Conmon is now found in $PATH if a path isn't specified or is empty * Add metrics to configuration file * Bandwidth burst can only be 4GB * If another container manager shares CRI-O's storage (like podman), CRI-O no longer attempts to restore them * Increase validation for log_dir and runtime_type in configuration * Allow usage of short container ID in ContainerStats * Make image volumes writeable by the container user * Various man page fixes * The crio-wipe script is now included in the crio binary (as crio wipe), and only removes CRI-O containers and images. * Set some previously public packages as internal (client, lib, oci, pkg, tools, version) * infra container now spawned as not privileged- Switch to `systemd` cgroup driver in kubelet config also- Switch to `systemd` cgroup manager in replacement for `cgroupfs`- Remove obsolete Groups tag (fate#326485)- Fix default apparmor profile to match the latest version- Update to v1.15.2: * Use HTTP2MatchHeaderFieldSendSettings for incoming gRPC connections * Fix 32 bit builds * crio-wipe: Fix int compare in lib.bash- Add katacontainers as a recommended package, and include it as an additional OCI runtime in the configuration. - Document the format of the [crio.runtime.runtimes] table entries, and remove clutter from the current runc entry.- Updating to v1.15.1 included de fix for CVE-2019-10214 (bsc#1144065)- Update to v1.15.1: * Bump container storage to v1.12.6 * Allow building with go1.10 * Allow default IP route to not be present * Update libpod to the latest version * Require crio-wipe for crio service file * Disable crio-wipe in systemd by default * Change default apparmor profile to actually contain the version- Update crio.conf to: * set manage_network_ns_lifecycle per default to true- Update crio.conf to: * use `127.0.0.1` as streaming address * use any ephemeral port for streaming server- Update crio.conf to use correct pause_command- Update crio.conf to use better versioned pause container- Update crio.conf to use official kubic pause container- Update CRI-O to v1.15.0: * update readme for currently supported branches * Update deps for k8s 1.15.0 * Remove invalid unit test * Remove unnecessary indirect dependency gopopulate * go.mod: drop github.com/containerd/cgroups * cgroups: use libpod/pkg/cgroups * go.mod: update libpod and godbus/dbus * Move the creation of sourceCtx in Server.PullImage out of the loop * Remove the imageAuthFile parameter to RuntimeServer.CreateContainer * Set SystemContext.AuthFilePath in global Server.systemContext * Set SystemContext.DockerRegistryUserAgent in global Server.systemContext * Base copy.Options.{Source,Destination}Ctx both on the input systemContext * Expect a non-nil copy.Options in ImageServer.PullImage * Use a types.SystemContext instead of copy.Options in PrepareImage * Use an explicit DockerInsecureSkipTLSVerify = types.OptionalBoolTrue * Split imageService.remoteImageReference from prepareReference * Simplify the handling of PullImageRequest.auth * Build copy.Options.SourceCtx from Server.systemContext * Add a buildImageResult helper to avoid duplicating the code * Call buildImageCacheItem in ImageStatus * Don't redundantly look up an already available store.Image * Don't use path.join for docker references * Remove redundant manifest parsing to get config digest * Remove redundant calls to types.ImageSource.Size * When looking up a local image by transport:name reference, use the tag/digest as well * Use reference.Named.String() instead of open-coding it * Use reference.ParseNormalizedNamed for parsing storage.Image.Names * Don't modify the caller-provided SystemContext in server.New * Remove `seccomp.json` and fallback to internal defaults * Fix mockGetRef, and deal with all of the fallout * Return mockSequence from mockListImage and mockLoop, use global inOrder everywhere * Remove ImageServer.RemoveImage * Rename mockToCreate to mockCreateContainerOrPodSandboxImageExists * Add mockStorageImageSourceGetSize and mockNewImage * Don't split the first gomock expecation into a BeforeEach * Add mockGetStoreImage and mockResolveImage * Add a shared mockParseStoreReference * Add mockStorageReferenceStringWithinTransport and use it instead of open-coded sequences * Add an inOrder helper * Create a separate MockController for every test * Remove duplicate Dockerfile's * Discover runtimePath from $PATH environment * Use GlobalAuthFile, incl. for the pause image if PauseImageAuthFile is not set * Don't discard copy.Options.SourceCtx when credentials are provided * Don't set non-default copy.Options in imageService.PullImage if it is nil * Remove the *copy.Options parameter to RuntimeService.Create{PodSandbox,Container} * Add global_auth_file option to crio.image config * Remove the types.SystemContext parameter where no longer necessary * Don't read registries.conf for the defaults of --registry and --insecure-registry * Add state of infracontainer to disk when stopped * Use repository logo instead of rawgit * Exclude 'vendor' for git-validation checks * Bump up minMemoryLimit to 12Mb * enable inline exec and attach test * Mark file_locking deprecated * Disable file locking by default * Add release bundle target * Update dependency containerd/cgroups * crio-wipe: fix readme nits * conmon: force unlink attach socket * Add junit test files to .gitignore * Use *config.Config within OCI runtime * Move lib.Config to a dedicated package * Refactor sandbox and container name reservation * Update dependencies * Remove travis in favor of CircleCI * Vendor Kubernetes v1.15.0 * Fix e2e_features_* selinux denials * add vrothberg to OWNERS file * Add documentation about the HTTP API * Default to runc is default_runtime is not set * Set default run root if not specified * Fix redundant if in lib/rename.go * Add codecov upload step to CircleCI config * Add flake attempts to critest integration testing * Add CircleCI badge * Add live reload feature to pause configuration * Update dependencies * Rebase containers/image to 2.0.0, buildah to 1.8.4, libpod to 1.4.1 * Fix Vagrantfile vendor inconsistency * version: if git commit is empty, silently ignore * Use the official nix package for building static binaries * Add status related server unit tests * Create network directory if it doesn't exist * Small stderr fixes in crio-wipe * Add crio-wipe * Add version file functionality * Enable ppc64le Travis CI * Fix mentioned distributions in README.md * crictl.md: Fix a typo * Vendor Kubernetes 1.15.0-rc.1 * Update golangci-lint to v1.17.1 * README.md: Fix a typo * Fix missing images names on list * Update dependencies * Update setup.md * Refactor sandbox cgroup annotation * Fix gomega matcher syntax * Fix mentioned distributions within the setup tutorial * Go mod tidy * Add bandwidth limiting support * Switch to 'stable status' badge * Cleanup README.md * Vendor Kubernetes v1.15.0-beta.1 * Close temporary image in PullImage * Add live reload integration tests and /config endpoint * Fix errcheck lint for network namespace creation * remove PluginDir from config if it existed * Change plugin_dir to plugin_dirs * Update dependencies * Bump github.com/containernetworking/plugins from 0.7.5 to 0.8.0 * Enable errcheck lint and fixup error paths * Add critest to integration test suite * Update Dockerfile CNI plugins to v0.8.0 * Update contrib systemd unit files to match project name * Fix runtime panic when having concurrent writes to runtime impl map * Fix build issues on 32-bit architectures * tests: added log max test to ctr.bats and command.bats * Update device cgroup permissions for configured devices. * Revert old fix * test: set container runtime to remote for e2e and fixup crio.conf * server: do not add default /sys if bind mounted * skip runtimes handler test until we can get a better solution * Fix possible runtime panic on store shutdown * Update Makefile to be usable without git * Ensure the test suite configures config directories. * Update depedencies * Add predefined build tags to .golangci.yml * Add container server unit tests * README.md: fix a typo * conmon: support OOM monitor under cgroup v2 * Fix logging to journal * refresh apt before installation * Bump github.com/containers/libpod from 1.2.0 to 1.3.1 * docs/crio.conf.5: Add "have" to "higher precedence" typo * Update scripts to find correct bash path * Fix links in tutorials/setup.md * Improve CI speed * Remove redundant source remove * setup: fix broken link * readme: Remove timeout from kube documentation * Remove terminal watch after success * Vendor Kubernetes v1.15.0-beta.0 * Cleanup SystemContext usage * Bump github.com/golang/mock from 1.3.0 to 1.3.1 * Bump github.com/containers/storage from 1.12.6 to 1.12.7 * Bump github.com/docker/go-units from 0.3.3 to 0.4.0 * Remove debug output from integration tests * sandbox_run: Log a warning if we can't find a slice * test: Add test for conmon cgroups * readme: Remove roadmap * Add config validation for conmon cgroup * Add CLI flag for --conmon-cgroup * Add config to run conmon under a custom cgroup slice * Add gocritic paramTypeCombine linter and fixes * Add awesome CRI-O list * Add config live reload feature * Update unit test target to not run `mockgen` * Add gocritic builtinShadow linter and fixes * Fix sandbox tests * conmon: detect cgroup2 and skip OOM handling * conmon: properly set conmon logs * Update test suites * Add gocritic importShadow linter and fixes * Add server sandbox unit tests * Add gocritic wrapperFunc linter and fixes * Add gocritic unnamedResult linter and fix issues * Add gocritic sloppyReassign linter and fixes * Add gocritic appendCombine linter and fixes * Add gocritic appendAssign linter and fixes * Add fossa badge * Add nakedret linter and related fixes * Bump github.com/go-zoo/bone from 0.0.0 to 1.3.0 * Improve error handling for crio main.go * Bump github.com/containernetworking/cni from 0.7.0-rc2 to 0.7.0 * Bump github.com/kr/pty from 1.1.1 to 1.1.4 * Bump github.com/opencontainers/runc from 1.0.0-rc7 to 1.0.0-rc8 * Bump github.com/opencontainers/selinux from 1.2.1 to 1.2.2 * Bump google.golang.org/grpc from 1.20.0 to 1.20.1 * Bump github.com/Microsoft/go-winio from 0.4.11 to 0.4.12 * Bump golang.org/x/text from 0.3.1 to 0.3.2 * Bump github.com/golang/mock from 1.2.0 to 1.3.0 * Bump github.com/containers/storage from 1.12.4 to 1.12.6 * Bump github.com/opencontainers/runtime-spec from 1.0.0 to 1.0.1 * Add useragent unit tests * Add username and homedir to generated password * conmon: fix cross-compilation * Fix kubernetes import paths for cri-api * fixes make fmt/spacing issue * fixes assumption that socklen_t is always an unsigned long * Fix logic of server.restore() * Update CNI plugin test dependency to v0.7.5 * Update runc test dependency to v1.0.0-rc8 * Add server image unit tests * Vendor Kubernetes v1.15.0-alpha.2 * Remove references to kubernetes/pause image * Migrate server config test to ginkgo * Add CircleCI support * Fix hack/openpgp_tag.sh on older distributions * Add server test suite and initial cases * Update `LogDir` to be configurable * Add documentation about static builds * Vendor containers/storage v1.12.4 * Add server config interface * Add unit test inject files * Add additional build tags to setup guide * Remove ostree dependency from tutorial * Update PluginDir to be created if not existing * Add static crio binary build for x86_64 (glibc/musl) * Add openpgp_tag.sh as fallback if no gpgme available * Remove go build -i flag * Update test to use empty CNI hooks dir per default * Fix testunit-bin makefile target * Remove gofmt Makefile target * Remove ostree dependency * Vendor updated opencontainers/runtime-tools & runtime-spec * Fix coverity scan problem * run make vendor * Add min memory limit check to sandbox_run_linux.go * Add nil check for image status size * Add infra container check for pod sandbox * Revert back some changes from master * Use format strings instead of `Value` attribute * Remove default str in `Usage` when `Value` is used * Add default text to flags * Remove unnecessary golints * Update bats tests to run in parallel * Began documentation update. * conmon, exec: specify runtime root * test: use crictl inspect instead of RUNTIME state * Fix travis badge URL * fix broken link to policy.json(5) in readme * tests: added negative metrics testing to command.bats * tests: added metrics test to ctr.bats * Fix Makefile targets for sudo * Fix travis build * Switch to go modules * conmon: use sd_journal_sendv * Add stylecheck, unused and gosimple linters * Add config interface nil check * Update cri-tools versions * Allow containers/storage to manage SELinux labels * Move ContainerAttachSocketDir/containerExitsDir to lib * Use libpod registrar instead of pkg/registrar * travis: Switch to go 1.12.x * test: Switch to go 1.12.2 * Add RuntimeHandler.RuntimeRoot * utils: add license headers for pulled files * userns: drop intermediate mount namespace * Refactor: use idtools.ParseIDMap instead of bundling own version * Fix parallel make build failure * rootless: propagate XDG_RUNTIME_DIR * oci: fix segfault when cgroup cannot be configured * Update error handling paths for sandbox add and removal * Add go-md2man to repo * netns can be nil which can cause a segfault * test: Fix oom test * test: ami fixups * conmon: do not leak fd when creating oom file * Fixup for moving to github.com/cri-o/cri-o * update github.com/containers/* dependencies * Do not crash when netns is not set up * readme: Update support matrix for 1.14 * test: Increase number of inotify user watches * Remove timeout flag from kubernetes.yml * Log oom_handling_score failure to debug * tests: allow to switch manage_network_ns_lifecycle * Update linter to use hugeParam * config: export manage_network_ns_lifecycle * Fix possible out of bounds access during log parsing - Update crio.conf to match the latest version - Remove registry-mirror.patch since it is now included in upstream - Remove unnecessary dependencies git-core and go-go-md2man - Remove custom build and use native build target `make` - Remove unit-test execution during package build since it requires (local) networking - Remove seccomp.json since it is now included in the binary - Fix apparmor dependencies- Add apparmor-parser as dependency (bsc#1136403)- Add _constraints to avoid OOM- Update cri-o to v1.14.1 * Add min memory limit check to sandbox_run_linux.go * Fix crash when network namespace is not setup * Log oom_handling_score failure to debug * Fix possible out of bounds access during log parsing * Fix sandbox segfault with manage_network_ns_lifecycle - Add registry-mirror.patch - Update repository paths from `kubernetes-sigs` to `cri-o` - Remove unnecessary ostree dependency- Use /opt/cni/bin as the additional directory where cri-o is going to look up for CNI plugins installed by DaemonSets running on Kubernetes (i.e. Cilium).- Update the configuration to fallback to the storage driver specified in libcontainers-common (`/etc/containers/storage.conf`) - Update go version to >= 1.12 to be in sync with upstream- Introduce new runtime dependency conntrack-tools: the conntrack package is required to avoid failures in network connection cleanup.- Update cri-o to v1.14.0 * Fix possible out of bounds access during log parsing - Update default configuration file: crio.network.plugin_dir is now a list instead of being a string- Update go requirements to >= go1.11.3 to fix * bsc#1118897 CVE-2018-16873 go#29230 cmd/go: remote command execution during "go get -u" * bsc#1118898 CVE-2018-16874- Update cri-o to v1.13.3 * Always set gid if returned from container user files * server: delete the container if it cannot be restored * Bump github.com/containers/storage to v1.11 * Add support for host ip configuration * Pause credentials 1.13 * Allow device mounting to work in privileged mode * Fix detach non tty- Update cri-o to v1.13.1 * container: fix potential segfault on setup failure * container_create: fix race with sandbox being stopped * oci: read conmon process status * oci: Extend container stop timeout- Update cri-o deprecated configuration and documentation to match upstream- Update cri-o to v1.13.0: * Support kubernetes 1.13- Update cri-o to v1.12.1: * Remove nodev from mounts * vendor: update storage for a panic fix * container_create: fix dev mounts and remove nodev from /dev mounts * Use CurrentContainerStatus in list CRI calls * oci: Add CurrentContainerStatus API * conmon: fsync the log file- Set NOFILE and NPROC limit to 1048576 to align with Docker/containerd and the upstream unit file. Fix bsc#1112980- Update cri-o to v1.12.0: * docs: tweak crio and crio.conf man pages * config: provide a default runtime and deprecate the runtime option * cri: Implement runtime handler support * *: implement default ulimits for containers * Fix manpage to correctly state default storage driver * crio.conf(5): update manpage to the latest state * Remove sysctl parsing code from cri-o * Add default_systcls option to crio.conf * Image Volumes should be bind mounted as private * Create LICENSE * conmon: fix segfault when --log-level is not specified * Add log-level option to conmon and crio.conf * Remove "--log-level debug" from service file * conmon: close extra files before exit * Block use of /proc/acpi from inside containers * conmon: do not use an empty env when running the exit command- Add go-1.11-compat-backport.patch for go1.11 compatibility. * Tested with golang(API) == 1.10 and golang(API) == 1.11, OK * Upstream git master commit https://github.com/kubernetes-sigs/cri-o/commit/0bd30872028b5ed2d0eb7febb39f034b5f2da72a contains 1 hunk adding missing argument in format string of calls to: [#] github.com/kubernetes-incubator/cri-o/lib lib/container_server.go:309: Debugf call needs 1 arg but has 2 args lib/container_server.go:317: Debugf call needs 1 arg but has 2 args ... FAIL github.com/kubernetes-incubator/cri-o/lib [build failed] Calls in question: logrus.Debugf("loaded new pod sandbox %s", sandboxID, err) logrus.Debugf("loaded new pod container %s", containerID, err) require another argument to the string format (": %v" per upstream): logrus.Debugf("loaded new pod sandbox %s: %v", sandboxID, err) logrus.Debugf("loaded new pod container %s: %v", containerID, err) Patch contents not available in upstream cri-o released versions: cri-o-1.11.3 cri-o-1.11.4 cri-o-1.11.5 cri-o-1.11.6 Filed upstream issue requesting patch contents in released version: https://github.com/kubernetes-sigs/cri-o/issues/1827- cri-o-kubeadm-criconfig: correct conflicts with docker-kubic- cri-o-kubeadm-criconfig: Remove /etc/kubernetes/runtime.conf, replace with /etc/sysconfig/kublet- Update crio.conf to be as close to the default one as possible: * Extend crio.conf with all previously missing options; crio.conf(5) isn't mentioning all of them which soon will be fixed. * Uncomment options to use /etc/containers/{registries,storage}.conf where appropriate. - Remove Fix-AppArmor-build.patch as the build issue is fixed with v1.11.2. - Update cri-o to v1.11.2: * Fix AppArmor build * Image Volumes should be bind mounted as private * container_create: Set a minimum memory limit * Add log-level option to conmon and crio.conf * server/container_create: error out if capability is unknown- Add "docker.io" to the registries list in the crio.conf to enable pulling of unqualified images by default.- ExcludeArch i586 (does not build, nor makes sense for that arch)- Make crio default, docker as alternative runtime (boo#1104821) - Configure kubernetes CRI runtime with $runtime-kubeadm-criconfig packages- Use btrfs storage driver to be consistant with other supported runtimes- Do not provide `/etc/crictl.yaml` anymore. Although being shipped by upstream this package belongs into the `cri-tools` package. bsc#1104598 - add Fix-AppArmor-build.patch to temporarily fix apparmor builds - Update cri-o to v1.11.1: * server: Don't make additional copy of config.json * cri-tools: Use release-1.11 branch- Update to v1.10.6 included: * bsc#1100838 fix race between container create and cadvisor asking for info- Update cri-o to v1.10.6: * mask /proc/{acpi,keys}- Update cri-o to v1.10.5: * Reduce amount of logs being printed by default * Update to latest ocicni- Update cri-o to v1.10.4: * network: Fix manage NetworkNS lifecycle * sandbox_run: fix selinux relabel sharing * container_create: more selinux relabel fixes * container_create: correctly relabel mounts when asked- Update cri-o to v1.10.3: * container_portforward: add support for short pod IDs * container_create: no privileged container if not privileged sandbox * container_create: always mount sysfs as rw for privileged containers * container_create: set rw for privileged containers * conmon: on a flush error discard the iov buffer- Update cri-o to v1.10.2: * various improvements to conmon * oci: avoid race on container stop * image: Let size be calculated dynamically * Add support for short IDs for exec and attach * Make network namespace lifecycle management optional * container_exec: Fix terminal setting for exec * oci: Force kill the container process only if nothing else worked * Add extra info to verbose requests to PodSandboxStatus * Make conmon and crio share the same constants * conmon: catch SIGTERM, SIGINT and SIQUIT * Invalidate cache by building fresh one and replacing previous all at once * Enable per pod PID namespace setting * Make the /opt/cni mount rw * conmon: add new option --version * oci: Copy-edits for waitContainerStop chControl comment * system container: add /var/tmp as RW * container_status: expose LogPath as requested by the CRI * container_create: only bind mount /etc/hosts if not provided by k8s * kubernetes: Simplify and freshen the required-files table * Report an warning when no stages are defined for a hook- Use actual tag for v1.9.13. Upstream missed to set a tag and the last revision mistakenly set it to v1.9.14-dev instead of v1.9.13.- Update cri-o to v1.9.13: * runtime_status: report correct network status * container_status: expose LogPath as requested by the CRI bsc#1095154- Refactor %license usage to a simpler form- Make use of %license macro- use correct path for runc- Put cri-o deamon under the podruntime slice. This the recommended deployment to allow fine resource control on Kubernetes. bsc#1086185- Update cri-o to v1.9.11: * oci: avoid race on container stop * server/sandbox_stop: Pass context through StopAllPodSandboxes * conmon: Add container ID to syslog * Add logging support for base condition in debug * Simplify filter block * Specifying a filter with no filtering expressions is now idempotent * Add methods for listing and fetching container stats * Implement the stats for the image_fs_info command * Return error for container exec- Require cni and cni-plugins to enable container networking. feature#crio- Update cri-o to v1.9.10: * conmon: Avoid strlen in logging path * conmon: Remove info logs * container_exec: Fix terminal setting for exec- Update cri-o to v1.9.9: * sandbox_stop: Call CNI stop before stopping pod infra container- Remove the crio-shutdown.service. It does not have any effect when shutting down crio and also isn't shipped on Fedora. - crio-shutdown.service- crio.conf: update default socket to /var/run/crio/crio.sock as suggested by upstream.- Update cri-o to v1.9.8: * system_containers: Update mounts * execsync: Set terminal to true when we pass -t to conmon * Make network namespace pinning optional * Add context to net ns symlink removal errors * Make the /opt/cni mount rw * sandbox_stop: close/remove the netns _after_ stopping the containers * sandbox net: set netns closed after actaully closing it- Configuration files should generally be tagged as %config(noreplace) in order to keep the modified config files and to avoid losing data when the package is being updated.- Remove empty filter rule from cri-o-rpmlintrc, which was mistakenly masking a few warnings, some of which have been fixed, others need to be filtered. conmon and pause are not compiled with -fpie anymore to align with what upstream does; linking fails when done properly.- Update minimum version of the Go compiler required- Add missing runtime dependencies: socat, iptables, iproute- Change the installation path of conmon and pause from /usr/lib/crio to /usr/lib/crio/bin in order to align with upstream requirements. - Update crio.conf to the reflect the new path of conmon and set the correct path of CNI plugins (i.e., /usr/lib/cni).- Update cri-o to v1.9.6: * vendor: update c/image to handle text/plain from registries Fixes cases where text/plain s1 schemes are mistakenly converted to MIME.- Let description say what the package really does.- Update cri-o to v1.9.5: * system container: add /var/tmp as RW * container_create: correctly set user * imageService: cache information about images * image: Add lock around image cache access- Cleanup version-update related changelogs to only keep log entries of changes that are visible and important to the user, and the project.- Add requirements to libcontainers-{common,image,storage}. - Run spec-cleaner on cri-o.spec.- Update cri-o to v1.9.3: * Be more diligent about cleaning up failed-to-create containers * Use crictl instead of crioctl in image integration tests * Handle truncated IDs in imageService.ResolveNames() * Switch to ImageServer.UntagImage in RemoveImage handler * Return image references from the storage package * storage: API fixups- Use golang-packaging macro for binary stripping. - Use -buildmode=pie for compilation. - The update to 1.9.0+ removes the crioctl binary. The crictl binary from cri-tools should be used instead. - Update cri-o to v1.9.2: * sandbox: fix sandbox logPath when crio restarts * Adapt to recent containers/image API updates * container_create: only bind mount /etc/hosts if not provided by k8s * container_attach: Ensure ctl file is closed * lib,oci: drop stateLock when possible * container_exec: fix terminal true process json * container_create: fix apparmor from container config * container_create: correctly set image and kube envs * oci: do not append conmon env to container process * container_exec: use process file with runc exec * drop crioctl source code * conmon: Add support for partial/newline log tags * image_pull: fix image resolver * Add /proc/scsi to masked paths * replace crioctl with crictl * replace crioctl in e2e with crictl * Move crio default sock to /var/run/crio/crio.sock * container_create: set the seccomp profile in the container object- Fix libostree-devel %if condition for TW, Leap 15+ and SLES 15+.- Use `%fdupes %buildroot/%_prefix` since `fdupes %buildroot` is not allowedv because you cannot make hardlinks between certain partitions.- Source the cri-o-rpmlintrc the spec file.- Add cri-o package: CRI-O is meant to provide an integration path between OCI conformant runtimes and the kubelet. Specifically, it implements the Kubelet Container Runtime Interface (CRI) using OCI conformant runtimes. The scope of CRI-O is tied to the scope of the CRI./bin/shs390p22 16189056751.17.3-lp153.3.11.17.3-lp153.3.1sysconfig.kubelet/usr/share/fillup-templates/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.opensuse.org/openSUSE:Leap:15.3/standard/a747e57cea24d716ce7c001deeaaf052-cri-ocpioxz5s390x-suse-linuxASCII text^^ԭcri-outf-8dc668e65eac7a005e2f7336c54d17dff24016d3f638e5af5c58a71b872b5a1d7?7zXZ !t/] crv(vX0EleIQ~o&-/~)6).9AQrZ7KАƀ{/V-#< GEgx ]x'*,9HKmaJJ ŸlI줰cBUfQ̈́9S~פV8is\ൿo,Wh`c=h&ml\.M*SGe9}5>< Ķ YZ