Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package rke2 for openSUSE:Factory checked in at 2023-09-20 13:29:00 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/rke2 (Old) and /work/SRC/openSUSE:Factory/.rke2.new.16627 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "rke2" Wed Sep 20 13:29:00 2023 rev:10 rq:1112118 version:1.28.2+rke2r1 Changes: -------- --- /work/SRC/openSUSE:Factory/rke2/rke2.changes 2023-09-14 16:28:44.773185083 +0200 +++ /work/SRC/openSUSE:Factory/.rke2.new.16627/rke2.changes 2023-09-20 13:31:34.275764867 +0200 @@ -1,0 +2,9 @@ +Tue Sep 19 05:01:26 UTC 2023 - Johannes Kastl <ka...@b1-systems.de> + +- Update to version 1.28.2+rke2r1: + * This release updates Kubernetes to v1.28.2, and fixes a number + of issues. + * Details see + https://github.com/rancher/rke2/releases/tag/v1.28.2+rke2r1 + +------------------------------------------------------------------- Old: ---- rke2-1.28.1+rke2r1.obscpio New: ---- rke2-1.28.2+rke2r1.obscpio ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ rke2.spec ++++++ --- /var/tmp/diff_new_pack.JdRqPH/_old 2023-09-20 13:31:37.671886535 +0200 +++ /var/tmp/diff_new_pack.JdRqPH/_new 2023-09-20 13:31:37.671886535 +0200 @@ -19,7 +19,7 @@ %define __arch_install_post export NO_BRP_STRIP_DEBUG=true Name: rke2 -Version: 1.28.1+rke2r1 +Version: 1.28.2+rke2r1 Release: 0 Summary: Rancher Kubernetes Engine License: Apache-2.0 ++++++ _service ++++++ --- /var/tmp/diff_new_pack.JdRqPH/_old 2023-09-20 13:31:37.703887682 +0200 +++ /var/tmp/diff_new_pack.JdRqPH/_new 2023-09-20 13:31:37.707887824 +0200 @@ -3,7 +3,7 @@ <param name="url">https://github.com/rancher/rke2</param> <param name="scm">git</param> <param name="exclude">.git</param> - <param name="revision">v1.28.1+rke2r1</param> + <param name="revision">v1.28.2+rke2r1</param> <param name="versionformat">@PARENT_TAG@</param> <param name="changesgenerate">disable</param> <param name="versionrewrite-pattern">v(.*)</param> ++++++ rke2-1.28.1+rke2r1.obscpio -> rke2-1.28.2+rke2r1.obscpio ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/rke2-1.28.1+rke2r1/.drone.yml new/rke2-1.28.2+rke2r1/.drone.yml --- old/rke2-1.28.1+rke2r1/.drone.yml 2023-09-01 19:33:20.000000000 +0200 +++ new/rke2-1.28.2+rke2r1/.drone.yml 2023-09-13 23:45:10.000000000 +0200 @@ -32,7 +32,7 @@ - name: validate-release image: rancher/dapper:v0.5.5 commands: - - docker pull --quiet rancher/hardened-build-base:v1.20.4b11 + - docker pull --quiet rancher/hardened-build-base:v1.20.8b2 - dapper -f Dockerfile --target dapper make validate-release volumes: - name: docker @@ -52,7 +52,7 @@ AWS_SECRET_ACCESS_KEY: from_secret: AWS_SECRET_ACCESS_KEY-rke2-ci-uploader commands: - - docker pull --quiet rancher/hardened-build-base:v1.20.4b11 + - docker pull --quiet rancher/hardened-build-base:v1.20.8b2 - docker pull --quiet alpine:3.17 - dapper -f Dockerfile --target dapper make dapper-ci volumes: @@ -88,7 +88,7 @@ - name: package-images image: rancher/dapper:v0.5.5 commands: - - docker pull --quiet rancher/hardened-build-base:v1.20.4b11 + - docker pull --quiet rancher/hardened-build-base:v1.20.8b2 - dapper -f Dockerfile --target dapper make package-images volumes: - name: docker @@ -139,7 +139,7 @@ - refs/tags/* - name: publish-image-runtime - image: rancher/hardened-build-base:v1.20.4b11 + image: rancher/hardened-build-base:v1.20.8b2 commands: - docker login -u $DOCKER_USERNAME -p $DOCKER_PASSWORD - DRONE_TAG=${DRONE_TAG} make publish-image-runtime @@ -163,7 +163,7 @@ - name: package-windows-images image: rancher/dapper:v0.5.5 commands: - - docker pull --quiet rancher/hardened-build-base:v1.20.4b11 + - docker pull --quiet rancher/hardened-build-base:v1.20.8b2 - dapper -f Dockerfile --target dapper make package-windows-images when: event: @@ -234,7 +234,7 @@ - name: validate-release image: rancher/dapper:v0.5.5 commands: - - docker pull --quiet rancher/hardened-build-base:v1.20.4b11 + - docker pull --quiet rancher/hardened-build-base:v1.20.8b2 - dapper -f Dockerfile --target dapper make validate-release volumes: - name: docker @@ -254,7 +254,7 @@ AWS_SECRET_ACCESS_KEY: from_secret: AWS_SECRET_ACCESS_KEY-rke2-ci-uploader commands: - - docker pull --quiet rancher/hardened-build-base:v1.20.4b11 + - docker pull --quiet rancher/hardened-build-base:v1.20.8b2 - docker pull --quiet alpine:3.17 - dapper -f Dockerfile --target dapper make dapper-ci volumes: @@ -290,7 +290,7 @@ - name: package-images image: rancher/dapper:v0.5.5 commands: - - docker pull --quiet rancher/hardened-build-base:v1.20.4b11 + - docker pull --quiet rancher/hardened-build-base:v1.20.8b2 - dapper -f Dockerfile --target dapper make package-images volumes: - name: docker @@ -319,7 +319,7 @@ - refs/tags/* - name: publish-image-runtime - image: rancher/hardened-build-base:v1.20.4b11 + image: rancher/hardened-build-base:v1.20.8b2 commands: - docker login -u $DOCKER_USERNAME -p $DOCKER_PASSWORD - DRONE_TAG=${DRONE_TAG} make publish-image-runtime @@ -428,7 +428,7 @@ - drone-publish.rancher.io - name: publish-image-runtime - image: rancher/hardened-build-base:v1.20.4b11 + image: rancher/hardened-build-base:v1.20.8b2 commands: - docker login -u $DOCKER_USERNAME -p $DOCKER_PASSWORD - DRONE_TAG=${DRONE_TAG} make publish-image-runtime diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/rke2-1.28.1+rke2r1/Dockerfile new/rke2-1.28.2+rke2r1/Dockerfile --- old/rke2-1.28.1+rke2r1/Dockerfile 2023-09-01 19:33:20.000000000 +0200 +++ new/rke2-1.28.2+rke2r1/Dockerfile 2023-09-13 23:45:10.000000000 +0200 @@ -1,7 +1,7 @@ ARG KUBERNETES_VERSION=dev # Build environment -FROM rancher/hardened-build-base:v1.20.7b3 AS build +FROM rancher/hardened-build-base:v1.20.8b2 AS build ARG DAPPER_HOST_ARCH ENV ARCH $DAPPER_HOST_ARCH RUN set -x && \ @@ -105,7 +105,7 @@ ARG CACHEBUST="cachebust" COPY charts/ /charts/ RUN echo ${CACHEBUST}>/dev/null -RUN CHART_VERSION="1.14.000" CHART_FILE=/charts/rke2-cilium.yaml CHART_BOOTSTRAP=true /charts/build-chart.sh +RUN CHART_VERSION="1.14.100" CHART_FILE=/charts/rke2-cilium.yaml CHART_BOOTSTRAP=true /charts/build-chart.sh RUN CHART_VERSION="v3.26.1-build2023080200" CHART_FILE=/charts/rke2-canal.yaml CHART_BOOTSTRAP=true /charts/build-chart.sh RUN CHART_VERSION="v3.26.100" CHART_FILE=/charts/rke2-calico.yaml CHART_BOOTSTRAP=true /charts/build-chart.sh RUN CHART_VERSION="v3.26.100" CHART_FILE=/charts/rke2-calico-crd.yaml CHART_BOOTSTRAP=true /charts/build-chart.sh @@ -126,7 +126,7 @@ # This image includes any host level programs that we might need. All binaries # must be placed in bin/ of the file image and subdirectories of bin/ will be flattened during installation. # This means bin/foo/bar will become bin/bar when rke2 installs this to the host -FROM rancher/hardened-kubernetes:v1.28.1-rke2r1-build20230825 AS kubernetes +FROM rancher/hardened-kubernetes:v1.28.2-rke2r1-build20230913 AS kubernetes FROM rancher/hardened-containerd:v1.7.3-k3s1-build20230802 AS containerd FROM rancher/hardened-crictl:v1.26.1-build20230606 AS crictl FROM rancher/hardened-runc:v1.1.8-build20230802 AS runc diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/rke2-1.28.1+rke2r1/channels.yaml new/rke2-1.28.2+rke2r1/channels.yaml --- old/rke2-1.28.1+rke2r1/channels.yaml 2023-09-01 19:33:20.000000000 +0200 +++ new/rke2-1.28.2+rke2r1/channels.yaml 2023-09-13 23:45:10.000000000 +0200 @@ -1,6 +1,6 @@ channels: - name: stable - latest: v1.25.12+rke2r1 + latest: v1.25.13+rke2r1 - name: latest latestRegexp: .* excludeRegexp: (^[^+]+-|v1\.25\.5\+rke2r1|v1\.26\.0\+rke2r1) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/rke2-1.28.1+rke2r1/pkg/cli/cmds/profile_linux.go new/rke2-1.28.2+rke2r1/pkg/cli/cmds/profile_linux.go --- old/rke2-1.28.1+rke2r1/pkg/cli/cmds/profile_linux.go 2023-09-01 19:33:20.000000000 +0200 +++ new/rke2-1.28.2+rke2r1/pkg/cli/cmds/profile_linux.go 2023-09-13 23:45:10.000000000 +0200 @@ -105,7 +105,7 @@ func validateProfile(clx *cli.Context, role CLIRole) { switch clx.String("profile") { - case rke2.CISProfile123: + case rke2.CISProfile123, rke2.CISProfile: if err := validateCISReqs(role); err != nil { logrus.Fatal(err) } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/rke2-1.28.1+rke2r1/pkg/cli/cmds/root.go new/rke2-1.28.2+rke2r1/pkg/cli/cmds/root.go --- old/rke2-1.28.1+rke2r1/pkg/cli/cmds/root.go 2023-09-01 19:33:20.000000000 +0200 +++ new/rke2-1.28.2+rke2r1/pkg/cli/cmds/root.go 2023-09-13 23:45:10.000000000 +0200 @@ -83,8 +83,8 @@ Destination: &config.CloudProviderConfig, }, &cli.StringFlag{ - Name: "profile", - Usage: "(security) Validate system configuration against the selected benchmark (valid items: " + rke2.CISProfile123 + " )", + Name: "profile", + Usage: "(security) Validate system configuration against the selected benchmark (valid items: cis, cis-1.23 (deprecated))", EnvVar: "RKE2_CIS_PROFILE", }, &cli.StringFlag{ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/rke2-1.28.1+rke2r1/pkg/rke2/rke2.go new/rke2-1.28.2+rke2r1/pkg/rke2/rke2.go --- old/rke2-1.28.1+rke2r1/pkg/rke2/rke2.go 2023-09-01 19:33:20.000000000 +0200 +++ new/rke2-1.28.2+rke2r1/pkg/rke2/rke2.go 2023-09-13 23:45:10.000000000 +0200 @@ -64,6 +64,7 @@ // Valid CIS Profile versions const ( CISProfile123 = "cis-1.23" + CISProfile = "cis" defaultAuditPolicyFile = "/etc/rancher/rke2/audit-policy.yaml" containerdSock = "/run/k3s/containerd/containerd.sock" KubeAPIServer = "kube-apiserver" @@ -269,7 +270,10 @@ func isCISMode(clx *cli.Context) bool { profile := clx.String("profile") - return profile == CISProfile123 + if profile == CISProfile123 { + logrus.Warn("cis-1.23 profile is deprecated and will be removed in v1.29. Please use cis instead.") + } + return profile == CISProfile123 || profile == CISProfile } // TODO: move this into the podexecutor package, this logic is specific to that executor and should be there instead of here. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/rke2-1.28.1+rke2r1/scripts/build-images new/rke2-1.28.2+rke2r1/scripts/build-images --- old/rke2-1.28.1+rke2r1/scripts/build-images 2023-09-01 19:33:20.000000000 +0200 +++ new/rke2-1.28.2+rke2r1/scripts/build-images 2023-09-13 23:45:10.000000000 +0200 @@ -36,17 +36,17 @@ if [ "${GOARCH}" != "s390x" ] && [ "${GOARCH}" != "arm64" ]; then xargs -n1 -t docker image pull --quiet << EOF > build/images-cilium.txt ${REGISTRY}/rancher/mirrored-cilium-certgen:v0.1.8 - ${REGISTRY}/rancher/mirrored-cilium-cilium:v1.14.0 + ${REGISTRY}/rancher/mirrored-cilium-cilium:v1.14.1 ${REGISTRY}/rancher/mirrored-cilium-cilium-envoy:v1.25.9-f039e2bd380b7eef2f2feea5750676bb36133699 ${REGISTRY}/rancher/mirrored-cilium-cilium-etcd-operator:v2.0.7 - ${REGISTRY}/rancher/mirrored-cilium-clustermesh-apiserver:v1.14.0 - ${REGISTRY}/rancher/mirrored-cilium-hubble-relay:v1.14.0 + ${REGISTRY}/rancher/mirrored-cilium-clustermesh-apiserver:v1.14.1 + ${REGISTRY}/rancher/mirrored-cilium-hubble-relay:v1.14.1 ${REGISTRY}/rancher/mirrored-cilium-hubble-ui:v0.12.0 ${REGISTRY}/rancher/mirrored-cilium-hubble-ui-backend:v0.12.0 - ${REGISTRY}/rancher/mirrored-cilium-kvstoremesh:v1.14.0 - ${REGISTRY}/rancher/mirrored-cilium-operator-aws:v1.14.0 - ${REGISTRY}/rancher/mirrored-cilium-operator-azure:v1.14.0 - ${REGISTRY}/rancher/mirrored-cilium-operator-generic:v1.14.0 + ${REGISTRY}/rancher/mirrored-cilium-kvstoremesh:v1.14.1 + ${REGISTRY}/rancher/mirrored-cilium-operator-aws:v1.14.1 + ${REGISTRY}/rancher/mirrored-cilium-operator-azure:v1.14.1 + ${REGISTRY}/rancher/mirrored-cilium-operator-generic:v1.14.1 ${REGISTRY}/rancher/hardened-cni-plugins:v1.2.0-build20230523 EOF diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/rke2-1.28.1+rke2r1/scripts/version.sh new/rke2-1.28.2+rke2r1/scripts/version.sh --- old/rke2-1.28.1+rke2r1/scripts/version.sh 2023-09-01 19:33:20.000000000 +0200 +++ new/rke2-1.28.2+rke2r1/scripts/version.sh 2023-09-13 23:45:10.000000000 +0200 @@ -31,8 +31,8 @@ PLATFORM=${GOOS}-${GOARCH} RELEASE=${PROG}.${PLATFORM} # hardcode versions unless set specifically -KUBERNETES_VERSION=${KUBERNETES_VERSION:-v1.28.1} -KUBERNETES_IMAGE_TAG=${KUBERNETES_IMAGE_TAG:-v1.28.1-rke2r1-build20230825} +KUBERNETES_VERSION=${KUBERNETES_VERSION:-v1.28.2} +KUBERNETES_IMAGE_TAG=${KUBERNETES_IMAGE_TAG:-v1.28.2-rke2r1-build20230913} ETCD_VERSION=${ETCD_VERSION:-v3.5.9-k3s1} PAUSE_VERSION=${PAUSE_VERSION:-3.6} CCM_VERSION=${CCM_VERSION:-v1.26.3-build20230608} ++++++ rke2.obsinfo ++++++ --- /var/tmp/diff_new_pack.JdRqPH/_old 2023-09-20 13:31:37.923895563 +0200 +++ /var/tmp/diff_new_pack.JdRqPH/_new 2023-09-20 13:31:37.923895563 +0200 @@ -1,5 +1,5 @@ name: rke2 -version: 1.28.1+rke2r1 -mtime: 1693589600 -commit: 4cc154f0e632a399094bb9843175f66670242ad6 +version: 1.28.2+rke2r1 +mtime: 1694641510 +commit: 7466261e4792e68baa2cc0c2afd3dcc929d72061 ++++++ vendor.tar.gz ++++++ /work/SRC/openSUSE:Factory/rke2/vendor.tar.gz /work/SRC/openSUSE:Factory/.rke2.new.16627/vendor.tar.gz differ: char 5, line 1
