Third-party package updates

[arnaldo2792]

Issue number:

Closes #2411

Description of changes:
libnvidia-container added support for some experimental features gated behind the WITH_NVCGO flag. For the time being, we are not using those features since that will require a huge fundamental change to how we use the library.

open-vm-tools added support for a plugin to list containers running in either docker or kubernetes. For this update, I skipped the support for the plugin, but we should turn this on as a fast-follow PR.

There are a few packages that added security fixes:

• open-vm-tools
• libexpat
• libdbus
• docker-engine

The following packages were skipped:

• bash
• wicked
• readline

There isn't any security fix for any of them, but we need to spend some time figuring out why they aren't happy with the provided arguments.

The following package requires more testing:

• systemd

And lastly, the following packages will be updated in a different PR:

• kernel-5_10
• kernel-5_15
• microcode

*  packages: update util-linux
*  packages: update strace
*  packages: update open-vm-tools
*  packages: update nvidia-k8s-device-plugin
*  packages: update nvidia-container-toolkit
*  packages: update libtirpc
*  packages: update libnvidia-container
*  packages: update libnl
*  packages: update libnftnl
*  packages: update liblzma
*  packages: update libglib
*  packages: update libffi
*  packages: update libexpat
*  packages: update libdbus
*  packages: update libcap
*  packages: update libaudit
*  packages: update kubernetes 1.21
*  packages: update kexec-tools
*  packages: update iproute
*  packages: update grub
*  packages: update grep
*  packages: update ecs-agent and amazon-vpc-cni-plugins
*  packages: update docker-proxy
*  packages: update docker-engine
*  packages: update docker-cli
*  packages: update containerd
*  packages: update chrony
*  packages: update acpid

Testing done:

• cargo make test for aws-k8s-1.22
• cargo make test for aws-k8s-1.21
• Make sure vmware images booted as expected, and that the UI reports the usage of open-vm-tools
• Run smoke test for aws-k8s-1.22-nvidia
• Validate grub output in aws x86_64/aarch64
• Validate grub output in VMware x86_64
• Validate grub output in Metal x86_64 EFI/BIOS
• Run a few tasks with aws-ecs-1 and aws-ecs-1-nvidia
• Make sure chronyd runs for at least 1hr

bash-5.1# chronyd --version
chronyd (chrony) version 4.3 (+CMDMON +NTP +REFCLOCK +RTC +PRIVDROP +SCFILTER -SIGND +ASYNCDNS -NTS -SECHASH +IPV6 -DEBUG)
bash-5.1# systemctl status chronyd.service
● chronyd.service - A versatile implementation of the Network Time Protocol
     Loaded: loaded (/x86_64-bottlerocket-linux-gnu/sys-root/usr/lib/systemd/system/chronyd.service; enabled; vendor preset: enabled)
     Active: active (running) since Fri 2022-09-30 20:51:02 UTC; 1h 46min ago
       Docs: https://chrony.tuxfamily.org

Terms of contribution:

By submitting this pull request, I agree that this contribution is dual-licensed under the terms of both the Apache License, version 2.0, and the MIT license.

[bcressey]

This switch from PCRE1 to PCRE2 is fantastic!

[arnaldo2792]

Since we moved to pcre2, do we need to change the License field for this package? as we as the comment above:

# pcre is BSD-3-Clause

[bcressey]

🎉

[arnaldo2792]

The last two forced pushes include:

• Mention the new binary excluded in libglib in commit message
• Fix sources urls and use https in:
  • acpid
  • iproute
  • libnftnl

[jpculp]

I built and booted a bottlerocket-vmware-k8s-1.21 ova and VMware Tools is showing Version 12320 (12.1.0).

[arnaldo2792]

Forced push includes:

• Move back amazon-vpc-cni-plugins to the default commit used by the ECS agent

[arnaldo2792]

(Forced push fixes the referenced file in Cargo.toml for libnvidia-container and nvidia-container-toolkit)

[arnaldo2792]

(Forced push fixes the upstream URL for libnvidia-container)

[bcressey]

Can you open issues for what you'd like to see happen with libnvidia-container and open-vm-tools?

[bcressey]

extremely minor nit: I try to avoid trailing slashes for directories like this since, if done habitually, it tends to lead to double slashes (//) in path names in build output, which is harmless but annoying.

Not worth fixing here, it's mostly about asking the question of whether a slash is needed after a given macro when you're writing spec files.

[arnaldo2792]

Can you open issues for what you'd like to see happen with libnvidia-container and open-vm-tools?

Sure @bcressey! I need to spend some time reading in detail how each of the features in the packages work

[arnaldo2792]

(Nothing functional changed in last forced push, I only added missing Signed-off-by markers to a few commits)

[arnaldo2792]

(Forced push removes note about license in libglib)

[jpculp]

🚀