Security fix for CVE-2021-3602
bump podman to v3.2.3
include podman-machine-cni in podman-plugins subpackage
bump crun to 0.20.1
Fix secrets
definition in /usr/share/containers/containers.conf
Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:
sudo dnf upgrade --refresh --advisory=FEDORA-2021-0c53d8738d
Please login to add feedback.
This update has been submitted for testing by lsm5.
This update's test gating status has been changed to 'failed'.
This update's test gating status has been changed to 'waiting'.
This update has obsoleted podman-3.2.0-1.fc33, and has inherited its bugs and notes.
lsm5 edited this update.
New build(s):
Karma has been reset.
This update's test gating status has been changed to 'failed'.
lsm5 edited this update.
lsm5 edited this update.
New build(s):
Removed build(s):
Karma has been reset.
This update has been pushed to testing.
This update's test gating status has been changed to 'passed'.
This update's test gating status has been changed to 'passed'.
lsm5 edited this update.
New build(s):
Removed build(s):
Karma has been reset.
This update has been submitted for testing by lsm5.
This update's test gating status has been changed to 'failed'.
This update has obsoleted crun-0.20-1.fc33, and has inherited its bugs and notes.
lsm5 edited this update.
This update has been pushed to testing.
This update doesn't install.
Agreed. @lsm5 perhaps you meant to use
>=
for the crun requires?whoops .. fixing now, thanks for the comments Carl and Ed.
lsm5 edited this update.
New build(s):
Removed build(s):
Karma has been reset.
This update has been submitted for testing by lsm5.
Fixed now, please check it out.
Rootless is broken. Needs container-selinux 2.162 which is not building in koji.
lsm5 edited this update.
New build(s):
Karma has been reset.
Whew! With new container-selinux, LGTM. Passes podman and podman-remote tests, root and rootless.
Passes podman baseline tests as root user.
grumble...grumble...grumble...@lsm5 I'm still only seeing podman-3.2.0-4. I tried
dnf clean all
but no love. Downloading the files manually and will try that way......so on a freshly installed F33 VM (never run any containers before) the SELinux label update on upgrade fails:
I'm guessing it's failing due to not finding any
$HOME/.local/share/containers
. Maybe a simple fix?Okay, I tried building a custom
nginx
container and running it (rootless) while curling from it, and erasing/re-installing packages (container-selinux especially). It seems to behave and I do not see that scriptlet failure anymore, so it's most definitely happening for users w/o any container storage. This is something that should be fixed but isn't worth holding up the release. I'll file a separate BZ for it.I also tried but failed to reproduce the issue described in BZ#1962008
Filed https://bugzilla.redhat.com/show_bug.cgi?id=1970644
This update has been pushed to testing.
lsm5 edited this update.
New build(s):
Removed build(s):
Karma has been reset.
This update has been submitted for testing by lsm5.
This update has obsoleted podman-3.2.1-1.fc33, and has inherited its bugs and notes.
lsm5 edited this update.
lsm5 edited this update.
lsm5 edited this update.
This update has been pushed to testing.
This update's test gating status has been changed to 'passed'.
This update's test gating status has been changed to 'passed'.
lsm5 edited this update.
lsm5 edited this update.
lsm5 edited this update.
New build(s):
Karma has been reset.
This update has been submitted for testing by lsm5.
This update's test gating status has been changed to 'failed'.
lsm5 edited this update.
lsm5 edited this update.
lsm5 edited this update.
New build(s):
Karma has been reset.
Podman LGTM. Buildah, though, is failing a lot of its system tests; and I can't figure out why, and I'm about to give up for the day.
This update has been pushed to testing.
lsm5 edited this update.
Removed build(s):
Karma has been reset.
This update has been submitted for testing by lsm5.
This update's test gating status has been changed to 'passed'.
removing buildah as gating tests for it will need some work
lsm5 edited this update.
To get buildah working, see https://github.com/containers/buildah/issues/3297
This update has been pushed to testing.
This update's test gating status has been changed to 'failed'.
@santiago looks like gating tests that were passing earlier are failing now, do you think re-running would help?
I was just looking at those. No, these aren't flakes. I'm pretty sure this is a kernel issue: between the last (successful) run and now, the kernel bumped, and something broke.
Or maybe it's selinux instead. Sure, can you try rerunning? I'm running tests on my end itm.
OpenQA tests are also failing on this update, see "automated tests" tab. A
podman pull registry.fedoraproject.org...
command gives anError initializing source...manifest unknown
error. Runs of the same test on other F33 updates are passing, so the problem is definitely specific to the packages in this update.Bodhi is disabling automatic push to stable due to negative karma. The maintainer may push manually if they determine that the issue is not severe.
Specifically, the "update podman" test, eventually drilling down to this log file, which does indeed include a failure regarding
registry.fedoraproject.org
, although I don't find the stringmanifest
anywhere. @adamwill can you link to the exact log file you're looking at? I have no idea what these tests are, or who wrote them, or how to look at logs, or even how to read those unreadable logs.FWIW tests pass for me on a 1minutetip f33 VM.
@adamwill is there a way to restart/rerun this test? I can't reproduce the failure, and I know that registry.fedoraproject.org has been a source of flakes for some years. When we do 'pull' in our tests, it's often with
|| (sleep 6;pull again)
.@santiago it would already have been auto-retried once (we auto-retry all failed update tests one time). It also failed exactly the same way on prod and stg. So that's likely four identical failures (I'll double check the initial fails were the same).
And as I said, it is passing on other f33 updates. If it was flaky we'd have problems with it failing on other updates, but it isn't.
@santiago the failure is visible in the screenshot with the red border (red border means that is where the test failed). One of the downloadable assets on the assets tab should be a tarball of the whole /var/log directory from the test system, which should provide all the logs you need. The test execution logs aren't usually relevant to real test failures (they're more for debugging issues in the tests).
https://openqa.fedoraproject.org/tests/922123/file/podman-var_log.tar.gz is the /var/log tarball. I checked, and the test did indeed fail twice on both prod and stg in the same way, so four identical failures. It has not failed on any other F33 update since we started running it, as you can see from https://openqa.fedoraproject.org/tests/922123#next_previous , including three passes for other updates after the failure on this update.
works for me
lsm5 edited this update.
Looks like openQA tests passed this time, thanks.
lsm5 edited this update.
New build(s):
Removed build(s):
Karma has been reset.
This update has been submitted for testing by lsm5.
lsm5 edited this update.
lsm5 edited this update.
lsm5 edited this update.
New build(s):
Removed build(s):
Karma has been reset.
This update has obsoleted containers-common-1-19.fc33, and has inherited its bugs and notes.
This update has been pushed to testing.
works fine
LGTM - all tests passing, including podman. Current failures in this bodhi are the RELRO flake
This update has been submitted for stable by bodhi.
FEDORA-2021-0c53d8738d ejected from the push because 'Required tests did not pass on this update'
This update's test gating status has been changed to 'waiting'.
This update's test gating status has been changed to 'passed'.
This update's test gating status has been changed to 'passed'.
This update has been submitted for stable by lsm5.
This update has been pushed to stable.