runc icon indicating copy to clipboard operation
runc copied to clipboard

Published 20 hours ago verified publisher icon opencontainers

Blockers for v1.2.0

Open AkihiroSuda opened this issue 1 year ago • 29 comments

Blockers for rc.1 (https://github.com/opencontainers/runc/pull/3963):

  • [x] https://github.com/opencontainers/runc/pull/4101
  • [x] https://github.com/opencontainers/runc/pull/3985
  • [x] https://github.com/opencontainers/runc/pull/3990
  • [x] https://github.com/opencontainers/runc/issues/4125
  • [x] https://github.com/opencontainers/runc/issues/4172
  • [x] https://github.com/opencontainers/runc/issues/4173

Blockers for GA:

  • [x] https://github.com/opencontainers/runc/issues/4093
  • [x] Release runtime-spec ~v1.1.1~ v1.2.0 https://github.com/opencontainers/runtime-spec/pull/1242
  • [x] https://github.com/opencontainers/runc/issues/4233
  • [x] https://github.com/opencontainers/runc/pull/4283#issuecomment-2156033671
  • [ ] Verify compatibility with well-known downstreams
    • [ ] https://github.com/moby/moby/pull/47666
      • [ ] Fix failing moby tests in CI https://github.com/opencontainers/runc/issues/4384
    • [ ] https://github.com/containerd/nerdctl/pull/3153
      • [x] https://github.com/opencontainers/runc/issues/4328
    • [x] containerd works fine, CI scripts need fixes
      • [x] PR to fix containerd's CI scripts: https://github.com/containerd/containerd/pull/10449
      • [x] cri-tools PR backported for v1.30.1: https://github.com/kubernetes-sigs/cri-tools/pull/1492

Needs discussion (probably deferrable to v1.2.1 or v1.3.0):

  • [ ] https://github.com/opencontainers/runc/issues/3922

@opencontainers/runc-maintainers Feel free to edit this issue

AkihiroSuda avatar Nov 06 '23 16:11 AkihiroSuda

We don't have timeline for v1.2.0, but we should try to release v1.2.0 by the end of the year.

AkihiroSuda avatar Nov 06 '23 16:11 AkihiroSuda

Well, we have the 1.2.0 milestone (which I am trying comb through regularly), and everything that's in there is kind of a blocker for 1.2.0.

Feel free to modify milestones for any issues/PRs, but at the very least we have one more blocker:

  • https://github.com/opencontainers/runc/issues/4047 (which I'm actively working one, hope to come to a closure this week) (and I guess @cyphar can add more)

kolyshkin avatar Nov 06 '23 20:11 kolyshkin

Well, we have the 1.2.0 milestone (which I am trying comb through regularly), and everything that's in there is kind of a blocker for 1.2.0.

Not everything. At least this one can be postponed to v1.3 or later

  • https://github.com/opencontainers/runc/pull/2523

AkihiroSuda avatar Nov 06 '23 20:11 AkihiroSuda

Not everything.

Well, strictly speaking, everything that is under that milestone needs to either be included into 1.2.0, or be reassigned to a different milestone. Whis is why I said

Feel free to modify milestones for any issues/PRs

kolyshkin avatar Nov 07 '23 01:11 kolyshkin

I still think #3985 is needed for 1.2.0. There are several issues with mount propagation (not to mention the serious restriction of idmapped mounts) that are fixed with #3985. We also need #3990 if we want to make sure people scream at us during the -rc1 if it breaks something.

Other than those, I don't have any strong opinions on any remaining PRs.

cyphar avatar Nov 07 '23 01:11 cyphar

Blockers for GA: Release runtime-spec v1.1.1

Given that it took well over 3 years to get 1.1.0 finished (incl. half a year from rc1 to GA), is it really necessary (resp. judicious) to block runc 1.2 on a spec-release?

h-vetinari avatar Dec 03 '23 00:12 h-vetinari

Blockers for GA: Release runtime-spec v1.1.1

Given that it took well over 3 years to get 1.1.0 finished (incl. half a year from rc1 to GA), is it really necessary (resp. judicious) to block runc 1.2 on a spec-release?

Necessary, because we have been depending on its main branch:

  • https://github.com/opencontainers/runc/pull/3993

AkihiroSuda avatar Dec 03 '23 01:12 AkihiroSuda

This task has been done 👍

Release runtime-spec v1.1.1 v1.2.0 https://github.com/opencontainers/runtime-spec/pull/1242

utam0k avatar Feb 17 '24 06:02 utam0k

Hi guys,

Eagerly waiting for that 1.2 release with fixes on mount options. What do you think is a realistic release date?

Thanks

testinfected avatar May 23 '24 12:05 testinfected

Ping

testinfected avatar Jun 05 '24 13:06 testinfected

I think we are ready to release rc.2, and release GA after verifying compatibility with Docker, containerd, BuildKit, etc.

cc @opencontainers/runc-maintainers

AkihiroSuda avatar Jun 08 '24 09:06 AkihiroSuda

Turned out that we need to make a decision on this one too

  • https://github.com/opencontainers/runc/pull/4283#issuecomment-2156033671

AkihiroSuda avatar Jun 08 '24 13:06 AkihiroSuda

Any ETA when 1.2.0 will be released?

MaxXor avatar Jun 25 '24 15:06 MaxXor

Any ETA when 1.2.0 will be released?

As soon as the compatibility issues get resolved

  • https://github.com/moby/moby/pull/47666
  • https://github.com/containerd/nerdctl/pull/3153

AkihiroSuda avatar Jun 27 '24 13:06 AkihiroSuda

#3922 is noted as a blocker here, and a recent comment notes

@kolyshkin: This is going to be implemented via https://github.com/opencontainers/runtime-spec/pull/1253

Since https://github.com/opencontainers/runtime-spec/commit/701738418b9555d5213337a0991fd0ffd6c37808 is not yet in a runtime-spec release, does that mean you'll need another spec release to unblock runc 1.2?

From the peanut gallery: Given that #3922 is a year old already (and the issue apparently exists back until runc 1.0.2 at least), I'm skeptical that this really has to block runc 1.2? After being 28 months behind the originally intended release date, perhaps it would be reasonable to stop the scope-creep and just focus on fixing any remaining hard regressions and then release?

h-vetinari avatar Jul 08 '24 04:07 h-vetinari

Let me move #3922 to the "probably deferrable to v1.2.1 or v1.3.0" list

AkihiroSuda avatar Jul 09 '24 06:07 AkihiroSuda

I've tested runc 1.2.0-rc.2 with containerd and opened a PR to fix the issues (some fixes belonged to the cri-tools repo, that are already merged and included in a patch release). All the fixes belong to the containerd/cri-tools repos, nothing to do here in runc: https://github.com/containerd/containerd/pull/10449.

Can someone please take a look at the moby issue? https://github.com/moby/moby/pull/47666

rata avatar Jul 11 '24 13:07 rata

Looking into https://github.com/moby/moby/pull/47666, as well as other dmz issues, I'm thinking maybe we should remove it entirely from runc-1.2?

kolyshkin avatar Jul 11 '24 20:07 kolyshkin

@kolyshkin are you sure that is dmz related? That moby PR is compiling with nodmz, there might be something on the say we disable it, but it felt like another issue given that it fails in the same way with and without the nodmz buildtag

rata avatar Jul 11 '24 21:07 rata

@kolyshkin are you sure that is dmz related? That moby PR is compiling with nodmz, there might be something on the say we disable it, but it felt like another issue given that it fails in the same way with and without the nodmz buildtag

Yeah, probably not. I will take a look.

kolyshkin avatar Jul 11 '24 23:07 kolyshkin

It was indeed something on the way runc_nodmz is disabled, work-around here: https://github.com/opencontainers/runc/pull/4345 (still need to fix cc_platform.mk).

I didn't manage to debug the failing tests now that docker compiles and need to leave now. Please someone else take a look :)

To use a patched runc, I used this moby PR to just compile my fork: https://github.com/moby/moby/pull/48161. Compilation works fine here, but the test fail. You can use something like that to try fixing the tests on the CI.

rata avatar Jul 12 '24 15:07 rata

I figured out the runc compile issue in moby; see https://github.com/moby/moby/pull/48160

kolyshkin avatar Jul 16 '24 20:07 kolyshkin

Hey folks.

Would it be possible to cut an RC3? Ideally that would allow closing https://github.com/containerd/nerdctl/pull/3153

Thanks!

apostasie avatar Aug 08 '24 17:08 apostasie