From 128e53aa7c52ccd535e53c4d839dd22a3617a874 Mon Sep 17 00:00:00 2001 From: Bradley G Smith Date: Mon, 22 Apr 2024 16:16:06 -0700 Subject: [PATCH 1/4] Update to v1.29.3 Update to cri-o v1.29.3. This update brings cri-o version in line with Kubernetes for F40. Autogenerate bundled provides. The go-rpm-macros library includes a feature to autogenerate the list of bundled golang provides from libraries in ./vendor. This is enabled by changing '%license LICENSE' to '%license LICENSE vendor/modules.txt'. --- .gitignore | 1 + cri-o.spec | 13 +++-- otelttrpc.patch | 140 ------------------------------------------------ sources | 2 +- 4 files changed, 10 insertions(+), 146 deletions(-) delete mode 100644 otelttrpc.patch diff --git a/.gitignore b/.gitignore index 2fcd1e3..a2cfffa 100644 --- a/.gitignore +++ b/.gitignore @@ -43,3 +43,4 @@ /cri-o-1.28.0.tar.gz /cri-o-1.28.2.tar.gz /cri-o-1.29.2.tar.gz +/cri-o-1.29.3.tar.gz diff --git a/cri-o.spec b/cri-o.spec index 1b1a11e..1af4133 100644 --- a/cri-o.spec +++ b/cri-o.spec @@ -7,7 +7,7 @@ %global git_tree_state clean %global criocli_path "" -Version: 1.29.2 +Version: 1.29.3 %if 0%{?rhel} && 0%{?rhel} <= 9 %define gobuild(o:) %{expand: @@ -26,7 +26,7 @@ Version: 1.29.2 %endif # Commit for the builds -%global commit0 d317b5dc918bbfbc78481072a0d93e572aa8d0e8 +%global commit0 12c618780c42414d92d6a8dc8d09c16337668eb2 Name: cri-o Epoch: 0 @@ -37,7 +37,6 @@ Summary: Open Container Initiative-based implementation of Kubernetes Con License: ASL 2.0 URL: https://github.com/cri-o/cri-o Source0: %url/archive/v%{version}/%{name}-%{version}.tar.gz -Patch0: otelttrpc.patch %if 0%{?rhel} BuildRequires: golang >= 1.19 @@ -192,7 +191,7 @@ sed -i -e 's/,metacopy=on//g' /etc/containers/storage.conf %systemd_postun_with_restart %{service_name} %files -%license LICENSE +%license LICENSE vendor/modules.txt %doc docs code-of-conduct.md tutorial.md ADOPTERS.md CONTRIBUTING.md README.md %doc awesome.md transfer.md %{_bindir}/%{service_name} @@ -222,6 +221,10 @@ sed -i -e 's/,metacopy=on//g' /etc/containers/storage.conf %endif %changelog +* Sat Apr 27 2024 Bradley G Smith - 0:1.29.3-1 +- Bump to v1.29.3 +- Add support for autogenerated bundled provides + * Thu Mar 21 2024 Peter Hunt - 0:1.29.2-1 - bump to v1.29.2 @@ -628,7 +631,7 @@ sed -i -e 's/,metacopy=on//g' /etc/containers/storage.conf - Configurable image volume support - Bugs and Stability fixes - OCI 1.0 runtime support -- Dropped internal runc, and now use systems runc +- Dropped internal runc, and now use systems runc * Fri Jun 30 2017 Lokesh Mandvekar - 1.0.0.alpha.0-1.git91977d3 - built commit 91977d3 diff --git a/otelttrpc.patch b/otelttrpc.patch deleted file mode 100644 index f9d44c9..0000000 --- a/otelttrpc.patch +++ /dev/null @@ -1,140 +0,0 @@ -From 9bf89bf190f7462371640aa16ddfd4a11c73595b Mon Sep 17 00:00:00 2001 -From: Krisztian Litkey -Date: Tue, 5 Mar 2024 10:49:30 +0200 -Subject: [PATCH] deps: update otelttrpc to @latest and re-vendor. - -Update otelttrpc to latest HEAD to get rid of custom import -path checks which reportedly break RPM package builds. - -Signed-off-by: Krisztian Litkey ---- - go.mod | 2 +- - go.sum | 4 ++-- - vendor/github.com/containerd/otelttrpc/config.go | 2 +- - vendor/github.com/containerd/otelttrpc/interceptor.go | 2 +- - vendor/github.com/containerd/otelttrpc/internal/parse.go | 2 +- - vendor/github.com/containerd/otelttrpc/metadata_supplier.go | 2 +- - vendor/github.com/containerd/otelttrpc/semconv.go | 2 +- - vendor/github.com/containerd/otelttrpc/version.go | 2 +- - vendor/modules.txt | 2 +- - 9 files changed, 10 insertions(+), 10 deletions(-) - -diff --git a/go.mod b/go.mod -index fa9f1986d6a..ef48b581ba0 100644 ---- a/go.mod -+++ b/go.mod -@@ -13,7 +13,7 @@ require ( - github.com/containerd/cri-containerd v1.19.0 - github.com/containerd/fifo v1.1.0 - github.com/containerd/nri v0.6.0 -- github.com/containerd/otelttrpc v0.0.0-20240115065405-5909713624e1 -+ github.com/containerd/otelttrpc v0.0.0-20240305015340-ea5083fda723 - github.com/containerd/ttrpc v1.2.3 - github.com/containerd/typeurl v1.0.3-0.20220422153119-7f6e6d160d67 - github.com/containernetworking/cni v1.1.2 -diff --git a/go.sum b/go.sum -index d6ec62bcb12..8cc4d36e87c 100644 ---- a/go.sum -+++ b/go.sum -@@ -846,8 +846,8 @@ github.com/containerd/nri v0.0.0-20210316161719-dbaa18c31c14/go.mod h1:lmxnXF6oM - github.com/containerd/nri v0.1.0/go.mod h1:lmxnXF6oMkbqs39FiCt1s0R2HSMhcLel9vNL3m4AaeY= - github.com/containerd/nri v0.6.0 h1:hdztxwL0gCS1CrCa9bvD1SoJiFN4jBuRQhplCvCPMj8= - github.com/containerd/nri v0.6.0/go.mod h1:F7OZfO4QTPqw5r87aq+syZJwiVvRYLIlHZiZDBV1W3A= --github.com/containerd/otelttrpc v0.0.0-20240115065405-5909713624e1 h1:DzBGiha+Gvc0INnf4Z2WztM2VSATX7PAJpSdsFEVd6o= --github.com/containerd/otelttrpc v0.0.0-20240115065405-5909713624e1/go.mod h1:ZKzztepTSz/LKtbUSzfBNVwgqBEPABVZV9PQF/l53+Q= -+github.com/containerd/otelttrpc v0.0.0-20240305015340-ea5083fda723 h1:swk9KxrmARZjSMrHc1Lzb39XhcDwAhYpqkBhinCFLCQ= -+github.com/containerd/otelttrpc v0.0.0-20240305015340-ea5083fda723/go.mod h1:ZKzztepTSz/LKtbUSzfBNVwgqBEPABVZV9PQF/l53+Q= - github.com/containerd/stargz-snapshotter/estargz v0.4.1/go.mod h1:x7Q9dg9QYb4+ELgxmo4gBUeJB0tl5dqH1Sdz0nJU1QM= - github.com/containerd/stargz-snapshotter/estargz v0.12.0/go.mod h1:AIQ59TewBFJ4GOPEQXujcrJ/EKxh5xXZegW1rkR1P/M= - github.com/containerd/stargz-snapshotter/estargz v0.15.1 h1:eXJjw9RbkLFgioVaTG+G/ZW/0kEe2oEKCdS/ZxIyoCU= -diff --git a/vendor/github.com/containerd/otelttrpc/config.go b/vendor/github.com/containerd/otelttrpc/config.go -index a7768c3731d..186308a1eed 100644 ---- a/vendor/github.com/containerd/otelttrpc/config.go -+++ b/vendor/github.com/containerd/otelttrpc/config.go -@@ -30,7 +30,7 @@ - limitations under the License. - */ - --package otelttrpc // import "github.com/containerd/otelttrpc" -+package otelttrpc - - import ( - "go.opentelemetry.io/otel" -diff --git a/vendor/github.com/containerd/otelttrpc/interceptor.go b/vendor/github.com/containerd/otelttrpc/interceptor.go -index 8ce9fd9af81..e0c05c07c5d 100644 ---- a/vendor/github.com/containerd/otelttrpc/interceptor.go -+++ b/vendor/github.com/containerd/otelttrpc/interceptor.go -@@ -30,7 +30,7 @@ - limitations under the License. - */ - --package otelttrpc // import "github.com/containerd/otelttrpc" -+package otelttrpc - - import ( - "context" -diff --git a/vendor/github.com/containerd/otelttrpc/internal/parse.go b/vendor/github.com/containerd/otelttrpc/internal/parse.go -index 2520a129129..694aeba8015 100644 ---- a/vendor/github.com/containerd/otelttrpc/internal/parse.go -+++ b/vendor/github.com/containerd/otelttrpc/internal/parse.go -@@ -30,7 +30,7 @@ - limitations under the License. - */ - --package internal // import "github.com/containerd/ttrpc/otelttrpc" -+package internal - - import ( - "strings" -diff --git a/vendor/github.com/containerd/otelttrpc/metadata_supplier.go b/vendor/github.com/containerd/otelttrpc/metadata_supplier.go -index 4bda57a1805..b2c3cab182e 100644 ---- a/vendor/github.com/containerd/otelttrpc/metadata_supplier.go -+++ b/vendor/github.com/containerd/otelttrpc/metadata_supplier.go -@@ -30,7 +30,7 @@ - limitations under the License. - */ - --package otelttrpc // import "github.com/containerd/otelttrpc" -+package otelttrpc - - import ( - "context" -diff --git a/vendor/github.com/containerd/otelttrpc/semconv.go b/vendor/github.com/containerd/otelttrpc/semconv.go -index c0d5669cdfc..64f0fe8f30e 100644 ---- a/vendor/github.com/containerd/otelttrpc/semconv.go -+++ b/vendor/github.com/containerd/otelttrpc/semconv.go -@@ -30,7 +30,7 @@ - limitations under the License. - */ - --package otelttrpc // import "github.com/containerd/otelttrpc" -+package otelttrpc - - import ( - "go.opentelemetry.io/otel/attribute" -diff --git a/vendor/github.com/containerd/otelttrpc/version.go b/vendor/github.com/containerd/otelttrpc/version.go -index c2e09a34f90..bbf2bbcc5e0 100644 ---- a/vendor/github.com/containerd/otelttrpc/version.go -+++ b/vendor/github.com/containerd/otelttrpc/version.go -@@ -30,7 +30,7 @@ - limitations under the License. - */ - --package otelttrpc // import "github.com/containerd/otelttrpc" -+package otelttrpc - - // Version is the current release version of the ttRPC instrumentation. - func Version() string { -diff --git a/vendor/modules.txt b/vendor/modules.txt -index eb710af7602..4ee9f9753b3 100644 ---- a/vendor/modules.txt -+++ b/vendor/modules.txt -@@ -212,7 +212,7 @@ github.com/containerd/nri/pkg/net - github.com/containerd/nri/pkg/net/multiplex - github.com/containerd/nri/pkg/runtime-tools/generate - github.com/containerd/nri/pkg/stub --# github.com/containerd/otelttrpc v0.0.0-20240115065405-5909713624e1 -+# github.com/containerd/otelttrpc v0.0.0-20240305015340-ea5083fda723 - ## explicit; go 1.13 - github.com/containerd/otelttrpc - github.com/containerd/otelttrpc/internal diff --git a/sources b/sources index 126fa47..4bbfbce 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (cri-o-1.29.2.tar.gz) = dd4105e0097a098b9009b00b59a8e8aeaad85b07177305e2e4b2c68a583a0c342e7a615f47a8cbcb7f179035f2c279573069f15aa1e91e491fe770eec1df326c +SHA512 (cri-o-1.29.3.tar.gz) = ed2e3d0342b0533cde26a5854447331503afb368fe4e56f87f33574c5b639bae780d58d0726d1f932fceae229f2c84500f5919aeedc3cb010fb6f271a97e3e55 From 6d36a1f82e6d0723711bcd4a3a8d3fe538e5f969 Mon Sep 17 00:00:00 2001 From: Bradley G Smith Date: Tue, 30 Apr 2024 12:59:33 -0700 Subject: [PATCH 2/4] Update to v1.29.4 Resolves BZ2234350 in part. Fix CVE-2024-3154 , a security flaw where CRI-O allowed users to specify annotations that changed specific fields in the runtime. --- cri-o.spec | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/cri-o.spec b/cri-o.spec index 1af4133..57687bc 100644 --- a/cri-o.spec +++ b/cri-o.spec @@ -7,7 +7,7 @@ %global git_tree_state clean %global criocli_path "" -Version: 1.29.3 +Version: 1.29.4 %if 0%{?rhel} && 0%{?rhel} <= 9 %define gobuild(o:) %{expand: @@ -26,7 +26,7 @@ Version: 1.29.3 %endif # Commit for the builds -%global commit0 12c618780c42414d92d6a8dc8d09c16337668eb2 +%global commit0 51ea93e0b9af5ad2cfa7f8071ec48d99bf39a3ec Name: cri-o Epoch: 0 @@ -221,6 +221,10 @@ sed -i -e 's/,metacopy=on//g' /etc/containers/storage.conf %endif %changelog +* Tue Apr 30 2024 Bradley G Smith - 0:1.29.4-1 +- Bump to v1.29.4 +- Resolves CVE-2024-3154, a security flaw where CRI-O allowed users to specify annotations that changed specific fields in the runtime. + * Sat Apr 27 2024 Bradley G Smith - 0:1.29.3-1 - Bump to v1.29.3 - Add support for autogenerated bundled provides From 13f1e06501dfb176097b7f7cb23ff15733375b81 Mon Sep 17 00:00:00 2001 From: Bradley G Smith Date: Tue, 30 Apr 2024 13:56:16 -0700 Subject: [PATCH 3/4] Update sources --- .gitignore | 1 + sources | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index a2cfffa..bb9f63e 100644 --- a/.gitignore +++ b/.gitignore @@ -44,3 +44,4 @@ /cri-o-1.28.2.tar.gz /cri-o-1.29.2.tar.gz /cri-o-1.29.3.tar.gz +/cri-o-1.29.4.tar.gz diff --git a/sources b/sources index 4bbfbce..2fbbe6e 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (cri-o-1.29.3.tar.gz) = ed2e3d0342b0533cde26a5854447331503afb368fe4e56f87f33574c5b639bae780d58d0726d1f932fceae229f2c84500f5919aeedc3cb010fb6f271a97e3e55 +SHA512 (cri-o-1.29.4.tar.gz) = 84c132662a726c829f1ddb7ef6722b4b201a74a4b7bcde23d56db9bfde550dd95c125b4f7f4c14e3024a5477087261c90bcbe0ea8492dba84c68cc40cb1a6314 From 831604e7dba9327a1a4f2901c09e15966e2a722d Mon Sep 17 00:00:00 2001 From: Bradley G Smith Date: Sun, 5 Jan 2025 14:10:52 -0800 Subject: [PATCH 4/4] Update F40 to v1.29.11 Aligns CRI-O major:minor version with Kubernetes and CRI-Tools --- .gitignore | 1 + cri-o.spec | 10 +++++++--- sources | 2 +- 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index bb9f63e..b3cab74 100644 --- a/.gitignore +++ b/.gitignore @@ -45,3 +45,4 @@ /cri-o-1.29.2.tar.gz /cri-o-1.29.3.tar.gz /cri-o-1.29.4.tar.gz +/cri-o-1.29.11.tar.gz diff --git a/cri-o.spec b/cri-o.spec index 57687bc..90a9330 100644 --- a/cri-o.spec +++ b/cri-o.spec @@ -7,7 +7,7 @@ %global git_tree_state clean %global criocli_path "" -Version: 1.29.4 +Version: 1.29.11 %if 0%{?rhel} && 0%{?rhel} <= 9 %define gobuild(o:) %{expand: @@ -26,7 +26,7 @@ Version: 1.29.4 %endif # Commit for the builds -%global commit0 51ea93e0b9af5ad2cfa7f8071ec48d99bf39a3ec +%global commit0 16d9bd6ab866a5157fe2f33e7d7d8a1c86cebae9 Name: cri-o Epoch: 0 @@ -39,7 +39,7 @@ URL: https://github.com/cri-o/cri-o Source0: %url/archive/v%{version}/%{name}-%{version}.tar.gz %if 0%{?rhel} -BuildRequires: golang >= 1.19 +BuildRequires: golang >= 1.21 %endif %if 0%{?rhel} && 0%{?rhel} <= 8 # e.g. el6 has ppc64 arch without gcc-go, so EA tag is required @@ -221,6 +221,10 @@ sed -i -e 's/,metacopy=on//g' /etc/containers/storage.conf %endif %changelog +* Sun Jan 5 2025 Bradley G. Smith - 0:1.29.11-1 +- Bump tp v1.29.11 +- Aligns F40 version with Kubernetes + * Tue Apr 30 2024 Bradley G Smith - 0:1.29.4-1 - Bump to v1.29.4 - Resolves CVE-2024-3154, a security flaw where CRI-O allowed users to specify annotations that changed specific fields in the runtime. diff --git a/sources b/sources index 2fbbe6e..1dce03c 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (cri-o-1.29.4.tar.gz) = 84c132662a726c829f1ddb7ef6722b4b201a74a4b7bcde23d56db9bfde550dd95c125b4f7f4c14e3024a5477087261c90bcbe0ea8492dba84c68cc40cb1a6314 +SHA512 (cri-o-1.29.11.tar.gz) = 0f21a29d401bb9e9b758ca6ee59d145d668b7012c898a4963b3237dba35c6cb276ec9b3295ac68bf74f8c18edc5f6b98a45c06211fc52d420a297f630d6d5002