From b551f32ce550f2bc3c679a9857f28d604a297bbf Mon Sep 17 00:00:00 2001 From: Andrey Smirnov Date: Thu, 22 May 2025 12:59:28 +0400 Subject: [PATCH] feat: update containerd to v2.1.1 https://redirect.github.com/containerd/containerd/releases/tag/v2.1.1 Fixes https://github.com/advisories/GHSA-cm76-qm8v-3j95 Signed-off-by: Andrey Smirnov --- Makefile | 2 +- go.mod | 4 ++-- go.sum | 8 ++++---- hack/containerd.toml | 1 + hack/cri-containerd.toml | 1 + hack/release.toml | 2 +- pkg/machinery/constants/constants.go | 2 +- pkg/machinery/gendata/data/pkgs | 2 +- 8 files changed, 12 insertions(+), 10 deletions(-) diff --git a/Makefile b/Makefile index 3df28a1e9..6dbb248c9 100644 --- a/Makefile +++ b/Makefile @@ -27,7 +27,7 @@ EMBED_TARGET ?= embed TOOLS_PREFIX ?= ghcr.io/siderolabs/tools TOOLS ?= v1.11.0-alpha.0-1-ge35234b PKGS_PREFIX ?= ghcr.io/siderolabs -PKGS ?= v1.11.0-alpha.0-17-g2563e47 +PKGS ?= v1.11.0-alpha.0-20-g0f74b9b KRES_IMAGE ?= ghcr.io/siderolabs/kres:latest CONFORMANCE_IMAGE ?= ghcr.io/siderolabs/conform:latest diff --git a/go.mod b/go.mod index da4506a71..c8845a553 100644 --- a/go.mod +++ b/go.mod @@ -64,7 +64,7 @@ require ( github.com/cenkalti/backoff/v4 v4.3.0 github.com/containerd/cgroups/v3 v3.0.5 github.com/containerd/containerd/api v1.9.0 - github.com/containerd/containerd/v2 v2.1.0 + github.com/containerd/containerd/v2 v2.1.1 github.com/containerd/errdefs v1.0.0 github.com/containerd/log v0.1.0 github.com/containerd/platforms v1.0.0-rc.1 @@ -209,7 +209,7 @@ require ( github.com/AzureAD/microsoft-authentication-library-for-go v1.4.2 // indirect github.com/MakeNowJust/heredoc v1.0.0 // indirect github.com/Microsoft/go-winio v0.6.2 // indirect - github.com/Microsoft/hcsshim v0.13.0-rc.3 // indirect + github.com/Microsoft/hcsshim v0.13.0 // indirect github.com/ProtonMail/go-crypto v1.2.0 // indirect github.com/ProtonMail/go-mime v0.0.0-20230322103455-7d82a3887f2f // indirect github.com/ProtonMail/gopenpgp/v2 v2.8.3 // indirect diff --git a/go.sum b/go.sum index add0662e5..b52c7480c 100644 --- a/go.sum +++ b/go.sum @@ -37,8 +37,8 @@ github.com/MakeNowJust/heredoc v1.0.0 h1:cXCdzVdstXyiTqTvfqk9SDHpKNjxuom+DOlyEeQ github.com/MakeNowJust/heredoc v1.0.0/go.mod h1:mG5amYoWBHf8vpLOuehzbGGw0EHxpZZ6lCpQ4fNJ8LE= github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY= github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU= -github.com/Microsoft/hcsshim v0.13.0-rc.3 h1:c2Glm+kfftlSccp+rNIJ6mp1UppJYTq7q9SObIu3GZs= -github.com/Microsoft/hcsshim v0.13.0-rc.3/go.mod h1:rc/I5c+x7rZHik6V5qj31JTATiLKh2BV7CsZpbNlt88= +github.com/Microsoft/hcsshim v0.13.0 h1:/BcXOiS6Qi7N9XqUcv27vkIuVOkBEcWstd2pMlWSeaA= +github.com/Microsoft/hcsshim v0.13.0/go.mod h1:9KWJ/8DgU+QzYGupX4tzMhRQE8h6w90lH6HAaclpEok= github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= github.com/ProtonMail/go-crypto v1.2.0 h1:+PhXXn4SPGd+qk76TlEePBfOfivE0zkWFenhGhFLzWs= github.com/ProtonMail/go-crypto v1.2.0/go.mod h1:9whxjD8Rbs29b4XWbB8irEcE8KHMqaR2e7GWU1R+/PE= @@ -126,8 +126,8 @@ github.com/containerd/cgroups/v3 v3.0.5 h1:44na7Ud+VwyE7LIoJ8JTNQOa549a8543BmzaJ github.com/containerd/cgroups/v3 v3.0.5/go.mod h1:SA5DLYnXO8pTGYiAHXz94qvLQTKfVM5GEVisn4jpins= github.com/containerd/containerd/api v1.9.0 h1:HZ/licowTRazus+wt9fM6r/9BQO7S0vD5lMcWspGIg0= github.com/containerd/containerd/api v1.9.0/go.mod h1:GhghKFmTR3hNtyznBoQ0EMWr9ju5AqHjcZPsSpTKutI= -github.com/containerd/containerd/v2 v2.1.0 h1:lS6iJ/CwZrxYxKd6zWBz5LR7xOlMVQC78z68YtizUAM= -github.com/containerd/containerd/v2 v2.1.0/go.mod h1:t2VqM0zSiEdi33qgtsMwUKrYyVg4oq2FPe+cs3LBt7w= +github.com/containerd/containerd/v2 v2.1.1 h1:znnkm7Ajz8lg8BcIPMhc/9yjBRN3B+OkNKqKisKfwwM= +github.com/containerd/containerd/v2 v2.1.1/go.mod h1:zIfkQj4RIodclYQkX7GSSswSwgP8d/XxDOtOAoSDIGU= github.com/containerd/continuity v0.4.5 h1:ZRoN1sXq9u7V6QoHMcVWGhOwDFqZ4B9i5H6un1Wh0x4= github.com/containerd/continuity v0.4.5/go.mod h1:/lNJvtJKUQStBzpVQ1+rasXO1LAWtUQssk28EZvJ3nE= github.com/containerd/errdefs v1.0.0 h1:tg5yIfIlQIrxYtu9ajqY42W3lpS19XqdxRQeEwYG8PI= diff --git a/hack/containerd.toml b/hack/containerd.toml index 02c1e0b8e..496918b62 100644 --- a/hack/containerd.toml +++ b/hack/containerd.toml @@ -3,6 +3,7 @@ version = 3 disabled_plugins = [ "io.containerd.cri.v1.images", "io.containerd.cri.v1.runtime", + "io.containerd.differ.v1.erofs", "io.containerd.grpc.v1.cri", "io.containerd.grpc.v1.sandbox-controllers", "io.containerd.grpc.v1.sandboxes", diff --git a/hack/cri-containerd.toml b/hack/cri-containerd.toml index 6596ee1b6..6a24a8c50 100644 --- a/hack/cri-containerd.toml +++ b/hack/cri-containerd.toml @@ -1,6 +1,7 @@ version = 3 disabled_plugins = [ + "io.containerd.differ.v1.erofs", "io.containerd.internal.v1.tracing", "io.containerd.snapshotter.v1.blockfile", "io.containerd.snapshotter.v1.erofs", diff --git a/hack/release.toml b/hack/release.toml index 599b8a6b2..82c36bd5e 100644 --- a/hack/release.toml +++ b/hack/release.toml @@ -21,7 +21,7 @@ preface = """ Linux: 6.12.28 Kubernetes: 1.33.1 runc: 1.3.0 -containerd: 2.1.0 +containerd: 2.1.1 Talos is built with Go 1.24.3. """ diff --git a/pkg/machinery/constants/constants.go b/pkg/machinery/constants/constants.go index 80cd7ddb9..b48261ab8 100644 --- a/pkg/machinery/constants/constants.go +++ b/pkg/machinery/constants/constants.go @@ -543,7 +543,7 @@ const ( TrustdUserID = 51 // DefaultContainerdVersion is the default container runtime version. - DefaultContainerdVersion = "2.1.0" + DefaultContainerdVersion = "2.1.1" // SystemContainerdNamespace is the Containerd namespace for Talos services. SystemContainerdNamespace = "system" diff --git a/pkg/machinery/gendata/data/pkgs b/pkg/machinery/gendata/data/pkgs index ac34688ab..4f92861f7 100644 --- a/pkg/machinery/gendata/data/pkgs +++ b/pkg/machinery/gendata/data/pkgs @@ -1 +1 @@ -v1.11.0-alpha.0-17-g2563e47 \ No newline at end of file +v1.11.0-alpha.0-20-g0f74b9b \ No newline at end of file