Release v1.2.5 #4626
Merged
Release v1.2.5 #4626
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
AkihiroSuda
approved these changes
Feb 12, 2025
|
Hmmm, the release signing script doesn't work on my machine anymore without #4629. No idea what changed recently... I'll push a cherry-pick into this PR so we don't have to review a separate PR for a simple packaging-script-only change. EDIT: Hmm, I can't seem to push to your branch directly even though the PR is marked as allowing edit access... |
|
How about including this one(#4632) according to a security reason. |
kolyshkin
force-pushed
the
1.2.5
branch
3 times, most recently
from
bcf0898 to
66b6954
Compare
On my machine, the --recv-keys steps to get upstream keys started
producing errors recently, and even setting a default keyserver in the
global gpg configuration doesn't seem to help:
+ gpg --homedir=/tmp/runc-sign-tmpkeyring.qm0IP6
--no-default-keyring --keyring=seccomp.keyring
--recv-keys 0x47A68FCE37C7D7024FD65E11356CE62C2B524099
gpg: keybox '/tmp/runc-sign-tmpkeyring.qm0IP6/seccomp.keyring' created
gpg: keyserver receive failed: No keyserver available
So just explicitly specify a reputable keyserver. Ideally we would use
an .onion-address keyserver to avoid potential targeted attacks but not
everybody runs a Tor proxy on their machine.
Signed-off-by: Aleksa Sarai <[email protected]>
(cherry picked from commit 26cfe14)
Signed-off-by: Kir Kolyshkin <[email protected]>
Signed-off-by: Kir Kolyshkin <[email protected]>
Signed-off-by: Kir Kolyshkin <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Copy-paste of release notes is below.
This also includes a cherry-pick of #4629.
1.2.5 - 2025-02-13
Fixed
rule restrictions require a systemctl daemon-reload for our transient
units. This caused issues for workloads using NVIDIA GPUs. Workaround the
upstream regression by re-arranging how the unit properties are defined.
(Every unit created by runc need daemon reload since systemd v230. #4568, libct/cg/sd: set the DeviceAllow property before DevicePolicy #4612, [1.2] libct/cg/sd: set the DeviceAllow property before DevicePolicy #4615)
allowing projects that vendor runc to bump it as well. ([1.2] deps: update to github.com/cyphar/[email protected] #4608)
Changed