Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Question: runc 1.0.0 release plan #1905

Closed
Ace-Tang opened this issue Oct 10, 2018 · 37 comments
Closed

Question: runc 1.0.0 release plan #1905

Ace-Tang opened this issue Oct 10, 2018 · 37 comments
Milestone

Comments

@Ace-Tang
Copy link
Contributor

Hi, maintainers

I want to ask if runc project has plan to make a new release, since I recognize that runc always make a new release almost every six months, do the next new release come out soon? Thanks.

@cyphar
Copy link
Member

cyphar commented Oct 10, 2018

We were planning to make a 1.0.0 release immediately after 1.0.0-rc5 but that didn't happen. I think that just cutting a release now is as good a choice as any -- though we currently have a pretty bad regression (#1862) that I wouldn't want to include in a release.

@Ace-Tang
Copy link
Contributor Author

Thanks for the reply soon. I also follow the the discussion about #1862 on the mail list. Wait for your conclusion.

@mikebrow
Copy link
Member

#1709

@jameshartig
Copy link

Now that the regression has been merged, can a 1.0.0 release be made?

@Ace-Tang
Copy link
Contributor Author

Ace-Tang commented Nov 13, 2018

The 1.0.0 release plan has been discussed in mail list https://groups.google.com/a/opencontainers.org/forum/#!topic/dev/pWEp_UK6aAk

@cyphar
Copy link
Member

cyphar commented Nov 22, 2018

1.0-rc6 was just released, and we have a plan for 1.0 release. The main blocker is spec-compliance and it's something we're working on.

@AkihiroSuda
Copy link
Member

maintainers: any chance to set labels to the issues & PRs that are blocking v1.0.0 ?

@Ace-Tang Ace-Tang changed the title Question: runc release plan Question: runc 1.0.0 release plan Dec 29, 2018
@cyphar
Copy link
Member

cyphar commented Dec 30, 2018

https://github.com/opencontainers/runc/milestone/7 is the set of blocking issues. There's only two of them, and it's the hooks issues.

@caniszczyk
Copy link
Contributor

Any thoughts on v1.0 planning for runc? cc: @opencontainers/runc-maintainers

@mrueg
Copy link
Contributor

mrueg commented Feb 11, 2019

Can we get a new rc or a proper 1.0 for the recent CVE please?

@cyphar
Copy link
Member

cyphar commented Feb 11, 2019

I will send around a vote for 1.0.0-rc7 tomorrow morning but I need to go to bed first.

@pigmej
Copy link

pigmej commented Feb 13, 2019

Hey @cyphar any progress on this?

@cyphar
Copy link
Member

cyphar commented Feb 13, 2019

It's unclear to me whether #1979 should be handled first. I am working on a patch for it, but I can just send out the vote...

@allencloud
Copy link
Contributor

allencloud commented Feb 14, 2019

It's unclear to me whether #1979 should be handled first

I think that #1979 should be handled first before releasing official runc 1.0.0. @cyphar

@cyphar
Copy link
Member

cyphar commented Feb 22, 2019

I will wait until we merge #1984 before doing a release.

@AkihiroSuda
Copy link
Member

AkihiroSuda commented Mar 19, 2019

Any blocker for rc7?

@mrueg
Copy link
Contributor

mrueg commented Mar 27, 2019

Since runc provides core functionality and is widely used in the container ecosystem, the current situation without an actual release, that fixes the vulnerability, is a bit unsatisfying to me as a downstream (maybe too traditional) packager. I don't feel comfortable picking an (to me arbitrary) commit and provide that snapshot to users of the distribution. Is anyone able to provide some guidance here on well-tested commits?

@cyphar
Copy link
Member

cyphar commented Mar 27, 2019

I don't feel comfortable picking an (to me arbitrary) commit and provide that snapshot to users of the distribution.

While I completely agree in principle (and I will send out a vote for rc7 today), if you package Docker then you are already packaging specific commits -- Docker hasn't used an actual release of runc for at least 3-4 years and if you stayed on the "newest release" then your systems would've been very unstable (and probably insecure). Same goes with containerd. cri-o used to use our releases (back when rc5 and rc6 happened close together) but I think they've also switched to using commits.

I'm hoping that after 1.0 we will have more frequent releases -- but the current process of releasing runc (having a 2-week voting process) is absolutely ludicrous and is one of the major reasons we aren't having more frequent releases. We should have a release manager and require only 2 additional LGTMs to do a release (maybe with a mandatory cooling-off period). The spec style of doing releases doesn't make sense for us and never has IMHO.

I will bring that up on the ML with the release vote.

@MarkusTeufelberger
Copy link

I will send out a vote for rc7 today

I don't see this vote in https://groups.google.com/a/opencontainers.org/forum/#!forum/dev - am I looking in the wrong place? The rc6 vote seems to have happened there: https://groups.google.com/a/opencontainers.org/forum/#!topic/dev/LCDa1rDyiec

@cyphar
Copy link
Member

cyphar commented Mar 28, 2019

That is the right mailing list -- I only just got around to sending it just now. Check the list again and you should see the vote announcement.

@MarkusTeufelberger
Copy link

@cyphar
Copy link
Member

cyphar commented Mar 28, 2019

See #2026. 1.0.0-rc7 has been released.

@AkihiroSuda
Copy link
Member

#2031 seems merged.
Any plan for rc8?

@cyphar
Copy link
Member

cyphar commented Apr 22, 2019

Currently waiting on opencontainers/selinux#51 which fixes the regression we see in rc7 but for SELinux-enabled systems (the other patch only fixes it for non-SELinux systems).

@Ace-Tang
Copy link
Contributor Author

Ace-Tang commented Apr 23, 2019

How long we release a new runc version, 3 months as discussed in mail list before ?

@cyphar
Copy link
Member

cyphar commented Apr 23, 2019

Post 1.0, we will do regular releases (using a release-manager model where you don't need quorum votes on the mailing list to get releases out).

But right now for the 1.0, we still have an issue with post-start hooks and at the moment it looks like we might need a runtime-spec 1.1 in order to fix some of the incompatibility issues (this was discussed in the last OCI call).

@odinuge
Copy link
Contributor

odinuge commented Jun 18, 2019

Hi @cyphar! Is there a plan to release a new rc version any time? The issue fixed in #2065 is ~blocking for most aarch64 users (with hugetlb) running linux 5.0+, together with those pre 5.0 running with custom huge page sizes below 1MiB. It would also be nice to be able to pin a version with the fix, so we can avoid using a shasum when using it as a dependency. 😄

@odinuge
Copy link
Contributor

odinuge commented Jun 25, 2019

Ref. #2074 (comment) cc @thaJeztah

I think it may be about time for a new release 😄

@thaJeztah
Copy link
Member

#2074 (comment)

Looks like the fix for the CVE was already merged in 03a5a74#diff-c1eca12d097b318b217f891966083c8e as part of #1424

The "diff" posted in this PR looks to be between the wrong commits; this is the right link/diff:

seccomp/libseccomp-golang@84e90a9...v0.9.1

@AkihiroSuda
Copy link
Member

ping @cyphar

@AkihiroSuda
Copy link
Member

@cyphar What do we need for v1.0.0 GA?

@cyphar
Copy link
Member

cyphar commented Aug 22, 2020

I think we are basically ready for 1.0 GA. I think one final RC wouldn't be a bad idea, but on the other hand I don't really care if we have to do a 1.0.1 in the near future. I can send out the vote for 1.0 GA now if you like.

@dims
Copy link
Contributor

dims commented Aug 22, 2020

+1 to 1.0.0 GA thanks for all your hard work!

@AkihiroSuda
Copy link
Member

I'd like to see the current open PRs in https://github.com/opencontainers/runc/milestone/7 to be merged before v1.0.0.
The open issues in the milestone can be postponed to post-1.0 .

@cyphar
Copy link
Member

cyphar commented May 19, 2021

There's only two PRs left in the 1.0.0 milestone (one is a cgroupv2 freezer fix, and the other is the cgroupv2 devices bugfix). I'd be happy to send out the vote right afterwards -- now that rc95 has been published with the CVE fix.

@cyphar cyphar added this to the 1.0.0 milestone May 19, 2021
@cyphar
Copy link
Member

cyphar commented Jun 10, 2021

An update -- we planned to do a release last week but a bunch of regressions popped up. I think we've found most of them now so only the PRs currently left in the milestone are needed before I do the release. Hopefully we can do the release next week (it would've been nice to do the release on the 1.0.0-rc1 anniversary, but it seems like these bugs had other plans).

@cyphar
Copy link
Member

cyphar commented Jun 22, 2021

https://github.com/opencontainers/runc/releases/tag/v1.0.0

@cyphar cyphar closed this as completed Jun 22, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests