Packages changed: cilium cri-o (1.17.3 -> 1.18.0) patterns-base patterns-microos timezone (2019c -> 2020a) vim === Details === ==== cilium ==== - Adds a couple of patches that fixes bpf load error (bsc#1151876) * 0005-rename-PolicyMapMaxEntries-to-PolicyMapEntries-and-define-policy-map-size-limits-as-consts.patch(combined) * 0006-allow-to-configure-bpf-nat-global-max-using-helm.patch * 0007-reduce-default-number-for-TCP-CT-and-NAT-table-max-entries.patch * 0008-add-option-to-dynamically-size-BPF-maps-based-on-system-memory.patch ==== cri-o ==== Version update (1.17.3 -> 1.18.0) Subpackages: cri-o-kubeadm-criconfig - Restore calls to %service_* macros that were accidently removed with the last change - Remove crio-wipe.service and crio-shutdown.service - Update to version 1.18.0: - Deprecation - Drop support for golang < v1.13 - API Change - Removed version from default AppArmor profile name in config - CRI-O now runs containers without NET_RAW and SYS_CHROOT capabilities by default. This can result in permission denied errors when the container tries to do something that would require either of these capabilities. For instance, using `ping` requires NET_RAW, unless the container is given the sysctl `net.ipv4.ip_forward`. Further, if you have a container that runs buildah or configures RPMs, they may fail without SYS_CHROOT. Ultimately, the dropped capabilities are worth it, as the majority of containers don't need them. The fewer capabilities CRI-O gives out by default, the more secure it is by default. - When pinning namespaces, CRI-O now pins to /var/run/$NS_NAMEns/$RAND_ID instead of /var/run/crio/ns/$RAND_ID/$NS_NAME for better compatibility with third party networking plugins - Feature - Add `crio config -m/--migrate` option which supports migrating a v1.17.0 configuration file to the latest version. - Add available image labels to image status info - Add cgroup namespace unsharing to pinns - Add live configuration reload to AppArmor profile option - Add live configuration reload to seccomp profile option - Add log context to container stats to improve logging - Added `--cni-default-network`/`cni_default_network` option to specify the CNI network to select. The default value is `crio`, but this option can be explicitly set to `""` to pickup the first network found in `--cni-config-dir`/`network_dir`. - Added `conmon`, `runc` and `cni-plugins` to the static release bundle - Added `linkmode` (dynamic or static) output to `crio version` subcommand - Added gRPC method names to log entries to increase trace-ablity - Added live reload to `decryption_keys_path` - Added pinns binary to static bundle - Improve `crio --version` / `version` output to show more details - Provide the possibility to set the default config path via `make DEFAULTS_PATH=` - Take local images into account when pulling images prefixed with `localhost/` - Added support for drop-in registries.conf configuration files. Please refer to the registries.conf.d documentation (https://github.com/containers/image/blob/master/docs/containers-registries.conf.d.5.md) for further details. - If a specified or the default hooks directory is not available, then we warn the user but do not fail any more. - Documentation - Update documentation that the lowest possible value for the ctr_stop_timeout is 30seconds. We also move the validation of this fact into the config validation part of the library. - Added man page for crio.conf.d(5) - Other (Bug, Cleanup or Flake) - Empty sandbox labels are now serialized into proper JSON (`null`) - Fixed CRI-O to fail to start when `runc` is no configured runtime and the `runc` binary is not in `$PATH` - Fixed SIGHUP reload for drop-in configuration files - Provide the latest release bundle via a Google Cloud Storage Bucket at: https://console.cloud.google.com/storage/browser/k8s-conform-cri-o/artifacts - Removed annoying logs coming directly from lower level runtimes like runc - Removed the musl libc build target from the static binary bundle in favor of the existing glibc variant - Removed warning about non-absolute container log paths when creating a container - CRI-O's version can be overriden at buildtime with `VERSION=my.version.number make bin/crio` - ContainerStatus no longer waits for a container operation (such as start or stop) to finish. - Fix bug resulting in false reports of OOM - Fixed SIGHUP reload behavior for unqualified search registries - Return grpc code NotFound when we can't find a container or pod - Systemd unit file: drop crio-wipe.service as a requirement ==== patterns-base ==== Subpackages: patterns-base-apparmor patterns-base-minimal_base - Recommend bash-completion in enhanced_base as it got lost in the base pattern cleanup ==== patterns-microos ==== Subpackages: patterns-microos-alt_onlyDVD patterns-microos-apparmor patterns-microos-base patterns-microos-basesystem patterns-microos-cloud patterns-microos-defaults patterns-microos-hardware patterns-microos-ima_evm patterns-microos-onlyDVD patterns-microos-selinux patterns-microos-sssd_ldap - base pattern: * remove pciutils, pulls in pciutils-ids which pulls in perl. In Factory pciutils-ids has been replaced by hwdata. * use bootloader pattern - Drop Firefox package in favor of org.mozilla.firefox on FlatHub ==== timezone ==== Version update (2019c -> 2020a) - timezone update 2020a (bsc#1169582) * Morocco springs forward on 2020-05-31, not 2020-05-24. * Canada's Yukon advanced to -07 year-round on 2020-03-08. * America/Nuuk renamed from America/Godthab. * zic now supports expiration dates for leap second lists. ==== vim ==== Subpackages: vim-data-common - update spec.skeleton to current header generated by spec-cleaner