-
Notifications
You must be signed in to change notification settings - Fork 2.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Revert runc bump to rc91 #6882
Revert runc bump to rc91 #6882
Conversation
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: goochjj The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Hi @goochjj. Thanks for your PR. I'm waiting for a containers member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
I don't see other vendor changes. Did you run |
I specifically undid the runc bump to rc91. It's breaking the build. It's my assumption (since runc has experimental cgroups v2 now, and breaks the build, specifically in buildah), that the best path forward would be to merge the common 0.15.2 update, but NOT merge the runc bump to rc91. Then runc compliance can be done in a separate PR, and only involves setting this back to rc91. IMHO #6842 needs to be merged pronto because rootless is broken for cgroups v1. Hence I'm trying to get #6842 out the door. Now, I've done a branch of @rhatdan's fix with this backreved, so right now if #6842 were merged (plus my fix) this would be the end result anyway. I'm just unclear, direction-wise, if the plan is to
Regardless, the title of this PR is "Bump github.com/containers/common from 0.15.1 to 0.15.2 #6850" but it ACTUALLY ALSO updates runc to rc91... Which looks like an unintended consequence. Please advise on procedure! |
It's possible I'm doing this completely wrong. It looks like containers/common was bumped to require runc 1.0.0rc91, and so no matter what I do it's going to keep importing that, unless I manually override it and check out rc90 in the vendor directory, which is probably less than ideal. The real problem IMHO is that runc libcontainer had breaking changes in a minor release. Advice on how this can be expedited welcome! |
Use "replace" in go.mod to explicitly make sure runc stays at rc90 - because it breaks buildah. Signed-off-by: Joseph Gooch <[email protected]>
This will do it. |
@vrothberg what do you think, should I just supercede #6850 with my own PR to bump containers/common to 0.15.2, squash this with the one dependabot did? Then the tests can run here. I can then open an issue for the build breakage w/ runc rc91 - which is in buildah, so should I do that issue in the buildah repo? Or here? |
@goochjj Definitely file an issue against the Buildah repo. As for the runc thing - it looks like it's just being dragged in by c/common, so I think we need to undo the vendor there, then revendor c/common? |
@mheon True, but adding the replace line supercedes what common says - so it's a nice stop-gap to prevent needing common 0.15.3 This is the thing |
Root cause is runc rc91 changed the way devicerules work because of the differences between cgroups v1 and v2. Which causes:
(It might break other things for all I know) So Possible solutions
I think...? Basically that means buildah is going to end up with code that EITHER works on rc90 or rc91 - (unless a conditional can be used) so I'm not sure what the best plan is to version these things properly. |
Let's skip runc rc91 as there is a regression that breaks cgroup v1 on systemd |
That's fine, but skip where - c/common and reversion or use this PR - which blocks it in libpod? |
Device permissions are now a custom type This commit shows what needs to change in various libpod-things to support that. |
Requiring a fresh version of c/common is probably OK. We're not likely to cut a fresh release off master in the next few weeks (we're cutting a 2.0.2 on the v2.0 branch, which has an old-enough c/common that it should avoid this) so we have time to fix this in master (or potentially even fix this in Buildah and then vendor that) before we're in danger of releasing a broken build. I am sort of interested as to how this snuck in without being detected by CI, though. |
I saw it in the CI for Dan's pids-limit patch. |
I imagine that:
So libpod as the intersection of all those points is the one that exposed it... |
conversation moved to issue |
Lets separate out the dependbot update - common here, runc elsewhere.
Signed-off-by: Joseph Gooch [email protected]