Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Updates third-party software in packages/ #595

Merged
merged 1 commit into from
Dec 19, 2019
Merged

Updates third-party software in packages/ #595

merged 1 commit into from
Dec 19, 2019

Conversation

tjkirch
Copy link
Contributor

@tjkirch tjkirch commented Dec 18, 2019

This gets a number of security and bug-fix updates. No major updates; still on Kubernetes 0.14, Docker 18.09.

Notes:

  • Added missing Cargo.toml dependency on libseccomp from chrony.
  • iptables patch 0002 was upstreamed.
  • systemd patches 0001-0003 were upstreamed.
  • libnetfilter_queue moved internal.h to "noinst" so we no longer have to remove it.
  • Had to include a couple upstream patches from libseccomp to fix builds after 2.4.2.
  • I didn't update cri-tools - we don't use it directly (maybe it's shelled out to?) and the release notes aren't clear about compatibility.
  • The docker-proxy (libnetwork) commit is the latest from the branch we're on, the bump_18.09 backports branch.
  • wicked is still blocked on wicked: update to 0.6.57+ #288.
  • ncurses has date-level updates available, but seemingly nothing critical or for security; our patches don't apply, the files they apply to have changed quite a bit, and I don't understand the purpose of the patches, so I left it alone.

Testing done:

Scanned through all package build logs, even unchanged packages, and didn't see anything that scared me off; just the normal gcc warnings, particularly in bash and readline.

Built an aws-k8s AMI, it connected to my cluster and ran a pod OK, systemctl status running, and I was able to explore using the admin container and find nothing weird. kubelet logs look the same as before.

Built an aws-dev AMI, it ran a Docker container OK, systemctl status running, and I was able to explore using the admin container and find nothing weird.

@tjkirch
Copy link
Contributor Author

tjkirch commented Dec 18, 2019

Looks like CI is failing because it's more strict about setting capabilities, and libcap added its first test, which segfaults in the strict CI environment. The test is run during make install, which shouldn't happen, so I'm going to patch that out.

@iliana
Copy link
Contributor

iliana commented Dec 18, 2019

Changes look OK to me pending the libcap patch.

@tjkirch
Updates third-party software in packages/
d772412 
This gets a number of security and bug-fix updates.  No major updates; still on Kubernetes 0.14, Docker 18.09.

Notes:
* Add missing Cargo.toml dependecy on libseccomp from chrony.
* iptables patch 0002 was upstreamed.
* systemd patches 0001-0003 were upstreamed.
* libnetfilter_queue moved internal.h to "noinst" so we don't have to remove it.
* Have to include a couple upstream patches from libseccomp to fix builds after 2.4.2.
* libcap added a test, and made tests run during install; patch that out.
@tjkirch
Copy link
Contributor Author

tjkirch commented Dec 18, 2019

Added libcap patch; libcap still builds OK, no longer tests during install.

@tjkirch tjkirch merged commit 4d7b1a6 into develop Dec 19, 2019
@tjkirch tjkirch deleted the update-packages branch December 19, 2019 18:40
@bcressey
Copy link
Contributor

In the future let's do one commit per package update, so that it's easier to revert one (if needed) and to follow the update history of a specific package.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bcressey bcressey bcressey approved these changes

@iliana iliana iliana approved these changes

@jamieand jamieand Awaiting requested review from jamieand

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@tjkirch @iliana @bcressey