Skip to content

containerd 1.6.32
Compare
Choose a tag to compare
@github-actions github-actions released this 22 May 18:51
· 3788 commits to main since this release
v1.6.32
This tag was signed with the committer’s verified signature.
dmcgowan Derek McGowan
GPG key ID: F58C5D0A4405ACDB
Learn about vigilant mode.
8b3b7ca
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.

Welcome to the v1.6.32 release of containerd!

The thirty-second patch release for containerd 1.6 contains various fixes and updates.

Highlights

  • Handle unsupported config versions (#10234)
  • Preserve CL_UNPRIVILEGED locked flags during remount of bind mounts (#10212)
  • Update metadata snapshotter to lease on already exists (#10199)
  • Update apparmor template to allow confined runc to kill containers (#10130)
  • Prevent GC from schedule itself with 0 period. (#10103)
  • Configure otel from env instead of config.toml (#9993)

Container Runtime Interface (CRI)

  • Fix snapshotter root path when not under containerd root (#10127)
  • Fix CreatedAt time set to 269 years ago if create network failed (#10119)
  • Fix unexpected order of mounts (#10045)

Image Distribution

  • Update HTTP fallback to better account for TLS timeout and previous attempts (#10113)
  • Fix use of invalid token on retry fetching layer (#10064)

Deprecations

  • Configure otel from env instead of config.toml (#9993)

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

  • Stefan Berger
  • Derek McGowan
  • Austin Vazquez
  • Kazuyoshi Kato
  • Phil Estes
  • Brian Goff
  • Akihiro Suda
  • Maksym Pavlenko
  • Danny Canter
  • Samuel Karp
  • Alexandru Matei
  • Bin Tang
  • Brandon Lum
  • Bryant Biggs
  • Jimmy Hsiao
  • Kirill A. Korinsky
  • Paweł Gronowski
  • Sebastiaan van Stijn
  • Swagat Bora
  • Tomáš Virtus
  • Tony Fang
  • 张钰
  • 沈陵

Changes

53 commits

  • Prepare release notes for v1.6.32 (#10255)
    • 085dc4c0d Prepare release notes for v1.6.32
  • Bump hcsshim and go-winio for go1.22 compat (#10245)
    • 06724baad Bump go-winio to fix struct alignment on go1.22
    • b2fdf63b7 Update hcsshim for go1.22 fixes
  • Handle unsupported config versions (#10234)
    • 38607b59c Add check for unsupported config versions
  • Preserve CL_UNPRIVILEGED locked flags during remount of bind mounts (#10212)
    • c65da6997 Preserve CL_UNPRIVILEGED locked flags during remount of bind mounts
  • vendor: github.com/containerd/imgcrypt@v1.1.8 (#10216)
    • 6951203b1 vendor: github.com/containerd/imgcrypt@v1.1.8
  • vendor: golang.org/x/net@v0.23.0 (#10214)
  • Update tooling to Go 1.21.10, 1.22.3 for net/http bug fixes (#10208)
    • 5b4facbd6 Update toolchain to Go 1.21.10 and 1.22.3
  • Update metadata snapshotter to lease on already exists (#10199)
    • 57860c1b6 Add lease test for metadata snapshotter
    • b095401df Update metadata snapshotter to lease on exists
  • Update image-spec (#10185)
    • fd8d35752 Update image-spec to v1.1.0
    • 89b975d81 go.mod: github.com/opencontainers/image-spec v1.1.0-rc3
  • Fix snapshotter root path when not under containerd root (#10127)
    • f3e8b2ca1 CRI: "Fix" imageFSPath behavior
    • 68db74d19 Snapshotters: Export the root path
    • cd9b74640 Add exports to proxy plugin config
    • 83cf026b2 Add platform config to proxy plugins
  • Update apparmor template to allow confined runc to kill containers (#10130)
    • 63c41d003 apparmor: Allow confined runc to kill containers
  • Update HTTP fallback to better account for TLS timeout and previous attempts (#10113)
    • b12c3b0c8 Add deprecated HTTPFallback for package compatibility
    • 239955890 Update HTTPFallback to handle tls handshake timeout
    • b2a0ac0b4 Remove empty default tls configuration in ctr
  • update to go1.21.9, go1.22.2 (#10117)
  • Fix CreatedAt time set to 269 years ago if create network failed (#10119)
    • c809fa268 pod: CreatedAt time will be 269 years ago while creating cri network failed.
  • Prevent GC from schedule itself with 0 period. (#10103)
    • 6ddec44bd Prevent GC from schedule itself with 0 period.
  • Configure otel from env instead of config.toml (#9993)
  • Fix use of invalid token on retry fetching layer (#10064)
    • f1a14a12a fix bug that using invalid token to retry fetching layer
  • Fix unexpected order of mounts (#10045)
    • 9701cf998 fix(cri): fix unexpected order of mounts since go 1.19

Changes from containerd/imgcrypt

89 commits

  • CHANGES: Updated CHANGES document for 1.1.8 release (containerd/imgcrypt#122)
    • 956b4d3 CHANGES: Updated CHANGES document for 1.1.8 release
  • Synchronize enc-ctr with upstream ctr from containerd v1.6.23 and use containerd v1.6.23 in dependency (containerd/imgcrypt#120)
    • 9e8e1c1 ctr: Sync code with containerd v1.6.23 ctr
    • 7d2cca5 build(deps): bump containerd from 1.6.20 to 1.6.23
  • Synchronize enc-ctr with upstream ctr from containerd v1.6.20 (containerd/imgcrypt#119)
    • 0f2559e ctr: Sync code with containerd v1.6.20 ctr
    • c48dd78 cmd: Copy IntToInt32Array into img package and use it
  • Update to ocicrypt 1.1.8 and minimum go 1.20 (containerd/imgcrypt#118)
    • 6d48a4e build(deps): bump ocicrypt from 1.1.7 to 1.1.8
    • 1bc94a2 github: Use golangci-lint v1.54.1 and adjust config file
    • 9065f1d github: Test with go 1.21 and go 1.20
    • 74986f3 go.mod: Require go 1.20
  • build(deps): bump google.golang.org/grpc from 1.47.0 to 1.53.0 (containerd/imgcrypt#117)
    • a2a8273 build(deps): bump google.golang.org/grpc from 1.47.0 to 1.53.0
  • test: Test creating and running of container with key file missing (containerd/imgcrypt#116)
    • 286470a test: Test creating and running of container with key file missing
  • Fix some issues in the test script (containerd/imgcrypt#115)
    • aa517cc test: Fix order of parameters and remove unnecessary key parameter
    • ec72311 test: Add comments to test case
    • 2959ec0 test: To be able to run testLocalKeys alone add missing env variable
  • build(deps): upgrade github.com/containerd/containerd from 1.6.18 to … (containerd/imgcrypt#112)
    • a7f2760 build(deps): upgrade github.com/containerd/containerd from 1.6.18 to 1.6.20
  • ci: Update golangci-lint to v1.52.2 (containerd/imgcrypt#113)
    • 002abac images: Change 'any' to 'anything' to avoid clash with built-in type 'any'
    • 5780ecc images: Replace unused function parameters with '_'
    • 7dc8592 ci: Update golangci-lint to v1.52.2
  • build(deps): bump github.com/opencontainers/runc from 1.1.2 to 1.1.5 (containerd/imgcrypt#109)
    • 90e4f77 build(deps): bump github.com/opencontainers/runc from 1.1.2 to 1.1.5
  • Abandon go 1.18 (end-of-life) and use 1.19 and 1.20 in tests (containerd/imgcrypt#110)
    • 8fc037f tests: Upgrade toml written by test case to version 2
    • 0b31beb ci: Run tests with go 1.19 and 1.20 (abandon 1.18)
    • 523674c build(deps): Update to minimum required go v1.19
  • Update to golang.org/x/net@v0.7.0 and github.com/containers/ocicrypt@v1.1.7 (containerd/imgcrypt#107)
    • 96a2314 build(deps): Upgrade to github.com/containers/ocicrypt@v1.1.7
    • 1c50555 bulid(deps): Update to golang.org/x/net@v0.7.0
    • 9645d39 build(deps): Update to minimum required go v1.18
  • build(deps): bump github.com/containerd/containerd from 1.6.12 to 1.6.18 (containerd/imgcrypt#106)
    • 8daaa45 build(deps): bump github.com/containerd/containerd from 1.6.12 to 1.6.18
  • README: Fix a typo (containerd/imgcrypt#105)
  • build(deps): bump github.com/containerd/containerd from 1.6.8 to 1.6.12 (containerd/imgcrypt#103)
    • 4e5a73e build(deps): bump github.com/containerd/containerd from 1.6.8 to 1.6.12
  • Update golangci-lint to v1.50.1 (containerd/imgcrypt#101)
    • 16a071b Update golangci-lint to v1.50.1
  • Remove references to package io/ioutil (containerd/imgcrypt#100)
    • 981a3fd Remove references to package io/ioutil
  • Update GitHub actions CI workflow (containerd/imgcrypt#99)
    • 06827a1 Update containerd project checks package in CI
    • f6a39e1 Update GitHub actions packages in CI workflow
    • 6383351 Update GitHub actions CI workflow OS runner images
  • CI/CD: Run CodeQL on PRs and once a month (containerd/imgcrypt#98)
    • b6e16db CI/CD: Run CodeQL on PRs and once a month
  • CHANGES: Updated CHANGES document for 1.1.7 release (containerd/imgcrypt#97)
    • 17e5e7f CHANGES: Updated CHANGES document for 1.1.7 release
  • Update to ocicrypt 1.1.6 and add support for zstd type of compressed layers (containerd/imgcrypt#96)
    • 06da359 Add support for zstd type of compressed layers
    • 4a51045 build(deps): Update to ocicrypt 1.1.6
    • 2c93cef ctr: Document that import of encrypted image requires decryption key
    • 44f4e18 ctr: Add support for --all-platforms to encrypt command
    • d9fccdc ctr: Sync with upstream ctr and add --skip-digest-for-named opt to import
    • b8f807f ctr: Sync with upstream ctr and add --platform option to import
  • build(deps): Update to containerd 1.6.8 (containerd/imgcrypt#92)
    • 07dd48d build(deps): Update to containerd 1.6.8
  • tests: Add -traditional to OpenSSL command line when OSSL v3 is used (containerd/imgcrypt#90)
    • 67b7b5d tests: Add -traditional to OpenSSL command line when OSSL v3 is used
  • chore: fix readme typo (containerd/imgcrypt#87)
  • Update to min golang 1.18 (containerd/imgcrypt#88)
    • 554ec9b Update to min golang 1.18
  • CHANGES: Updated CHANGES document for 1.1.6 release (containerd/imgcrypt#85)
    • ec7aae5 CHANGES: Updated CHANGES document for 1.1.6 release
  • build(deps): bump github.com/containerd/containerd from 1.6.1 to 1.6.6 (containerd/imgcrypt#83)
    • 5959e8c build(deps): bump github.com/containerd/containerd from 1.6.1 to 1.6.6
  • CI: Upgrade to golangci-lint v1.46.2 (containerd/imgcrypt#84)
    • ef8596e CI: Upgrade to golangci-lint v1.46.2
    • 715ba8c Update to ocicrypt 1.1.5 to get yaml.v3
    • 4f79bd6 CHANGES: Updated CHANGES document for 1.1.5 release
    • 4c38f10 Bump ocicrypt to 1.1.4
  • CICD: Rename master branch to main (containerd/imgcrypt#79)
    • 8abd19d CICD: Rename master branch to main
  • Rename any to pbAny (containerd/imgcrypt#78)
  • Use reflect to support diff.ApplyConfig with/without gogo's types.Any (containerd/imgcrypt#75)
    • 9f08722 Use reflect to support diff.ApplyConfig with/without gogo's types.Any
  • Upgrade golangci-lint-action and golangci-lint (containerd/imgcrypt#76)
    • 6eaeb4a Add build tags to make gofmt happy
    • 9cba55f Upgrade golangci-lint-action and golangci-lint

Dependency Changes

  • github.com/Microsoft/go-winio v0.5.2 -> v0.5.3
  • github.com/Microsoft/hcsshim v0.9.10 -> v0.9.11
  • github.com/containerd/imgcrypt v1.1.4 -> v1.1.8
  • github.com/containers/ocicrypt v1.1.3 -> v1.1.10
  • github.com/go-jose/go-jose/v3 v3.0.3 new
  • github.com/opencontainers/image-spec 3a7f492d3f1b -> v1.1.0
  • github.com/stefanberger/go-pkcs11uri 78d3cae3a980 -> 78284954bff6
  • golang.org/x/crypto v0.18.0 -> v0.21.0
  • golang.org/x/net v0.18.0 -> v0.23.0
  • golang.org/x/sys v0.16.0 -> v0.18.0
  • golang.org/x/term v0.16.0 -> v0.18.0

Previous release can be found at v1.6.31

Assets 32