rpms/netavark
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions

Policy review: blocked upstream update: netavark 1.17.1 → 2.0.0 #3

New issue
Open
opened 2026-06-11 03:14:22 +03:00 by sbelikov · 0 comments
sbelikov commented 2026-06-11 03:14:22 +03:00
Owner
Copy link

Policy review: blocked upstream update: netavark 1.17.12.0.0

Package

  • Package: netavark
  • RPM name: netavark
  • Branch: niceos-5.2
  • Current EVR: 1:1.17.1-1
  • Update class: major
  • Compare method: python_rpm
  • Update policy: leaf
  • Risk tags: github-upstream, network-facing

Upstream

Signals

  • Security-relevant keywords detected: False
  • Policy blocked: True
  • Policy reason: package policy/risk requires manual review (leaf, github-upstream,network-facing)
  • Labels: ai-summary, bot, needs-policy-decision, policy/blocked, policy/major-blocked, priority/high, update/major, upstream-update, upstream/github

NiceOS policy decision

This upstream update is blocked by NiceOS policy. Do not update automatically.

Blocked upstream updates require explicit maintainer review. For pinned upstream series, only versions within the allowed series should be used automatically; cross-series updates require ABI/API compatibility review, reverse-dependency impact analysis and controlled rebuild planning.

NiceSOFT AI preliminary stability analysis

1. Краткий вывод

Пакет netavark получил major-обновление с значительными изменениями, включая удаление поддержки iptables, изменение поведения сетевых драйверов и добавление новых функций. Обновление требует ручной проверки из-за рисков связанных с network-facing и github-upstream.

2. Риск для НАЙС.ОС

High
Обновление включает изменение поведения сетевых драйверов (strict isolation mode), что может повлиять на взаимодействие сетей. Риск связан с network-facing и github-upstream, требующим ручной проверки.

3. Security/CVE

Нет признаков security/CVE в входных данных.

4. ABI/API риск

High
Мajor-обновление может вызвать ABI/API-изменения в драйверах и интерфейсах, особенно в сетевых модулях. Нужен ручной анализ для подтверждения совместимости с существующими патчами и buildRequires.

5. Риск для RPM-сборки

  • Spec: Изменения в настройках сетевых драйверов могут требовать обновления %check.
  • Патчи: Новые параметры (outbound_addr4/6) требуют проверки в BuildRequires.
  • %check: Новые функции (network create) могут вызвать ошибки в тестах.

6. Проверки мейнтейнера

  • Проверьте релизный документ (GitHub tag/release notes) для подтверждения изменений.
  • Проверьте совместимость с podman 6.0 и buildah 1.44.
  • Проверьте наличие ABI/API-изменений в драйверах.
  • Проверьте настройки сети в %check и BuildRequires.

7. Рекомендация

blocked manual review
Обновление требует ручной проверки из-за рисков network-facing и github-upstream, а также возможных ABI/API-изменений.

8. Основание рекомендации

Обновление включает значительные изменения в сетевых драйверах и интерфейсах, требующих ручной проверки для подтверждения совместимости и безопасности.

Источники, найденные web_search

  1. GitHub release API: containers/netavark v2.0.0
  2. GitHub tag page: containers/netavark v2.0.0
  3. GitHub releases page: containers/netavark
  4. GitHub compare page: containers/netavark v1.17.1...v2.0.0
  5. Where To Buy Shipping Containers | Over 60+ Depot Locations
  6. Google Cloud release notes | Google Cloud Documentation
  7. Storage Containers & Bins - The Container Store
  8. Docker Desktop release notes
  9. Storage Containers & Bins - The Container Store

Upstream release notes / description

This is major release with breaking changes. It is required for podman 6.0 and buildah 1.44 and only supported to be used with them together. Packagers need to ensure they update the versions in sync.

  • Removed iptables support
  • The bridge network driver now defaults to strict isolation mode, this means different networks can no longer talk to each by default. To restore the previous behavior the network must set the isolate=false option. (podman-container-tools/podman#27349)
  • The macvlan network driver now use a default mtu of 99. (podman-container-tools/podman#23984)
  • Added network create support, podman now calls netavark create to create a network config.
  • The bridge network driver now supports the outbound_addr4 and outbound_addr6 options to specify the outgoing NAT source address.
  • Netavark now supports assigning multiple static ip addresses per subnet.
  • The MSRV has been bumped to v1.88.
  • Dependency updates.

NiceOS maintainer checklist

  • Confirm that the detected version is a stable upstream release.
  • Check upstream changelog for security fixes, ABI/API changes and build-system changes.
  • Check ABI/API compatibility and reverse dependencies.
  • Download source into NiceOS lookaside storage.
  • Update Version and related fields in SPECS/*.spec only if policy allows it.
  • Regenerate SOURCES/sources.lock.json, manifests, metadata and SBOM.
  • Build SRPM/RPM in a clean NiceOS buildroot.
  • Run package smoke tests.
  • Link PR/build logs and close this issue after update or triage.

Bot metadata

  • Tool: niceos_upstream_monitor.py 2.1.3-local-websearch-github-release-pages
  • Generated at: 2026-06-17T00:14:21Z
<!-- niceos-upstream-monitor:fingerprint=upstream-update:netavark:2.0.0 --> <!-- niceos-upstream-monitor:package=netavark --> <!-- niceos-upstream-monitor:current=1.17.1 --> <!-- niceos-upstream-monitor:latest=2.0.0 --> # Policy review: blocked upstream update: `netavark` `1.17.1` → `2.0.0` ## Package - Package: `netavark` - RPM name: `netavark` - Branch: `niceos-5.2` - Current EVR: `1:1.17.1-1` - Update class: `major` - Compare method: `python_rpm` - Update policy: `leaf` - Risk tags: `github-upstream, network-facing` ## Upstream - Upstream type: `github` - Upstream project: `containers/netavark` - Upstream URL: <a href="https://github.com/containers/netavark" target="_blank" rel="noopener noreferrer">github.com — netavark</a> - Detected version: `2.0.0` - Tag/release: `v2.0.0` - Source: `github_release_latest` - Published: `2026-06-10T16:02:21Z` - Release URL: <a href="https://github.com/containers/netavark/releases/tag/v2.0.0" target="_blank" rel="noopener noreferrer">github.com — v2.0.0</a> - Source URL: <a href="https://api.github.com/repos/containers/netavark/tarball/v2.0.0" target="_blank" rel="noopener noreferrer">api.github.com — v2.0.0</a> - Pre-release: `False` ## Signals - Security-relevant keywords detected: `False` - Policy blocked: `True` - Policy reason: `package policy/risk requires manual review (leaf, github-upstream,network-facing)` - Labels: `ai-summary, bot, needs-policy-decision, policy/blocked, policy/major-blocked, priority/high, update/major, upstream-update, upstream/github` ## NiceOS policy decision **This upstream update is blocked by NiceOS policy. Do not update automatically.** Blocked upstream updates require explicit maintainer review. For pinned upstream series, only versions within the allowed series should be used automatically; cross-series updates require ABI/API compatibility review, reverse-dependency impact analysis and controlled rebuild planning. ## NiceSOFT AI preliminary stability analysis ### 1. Краткий вывод Пакет netavark получил major-обновление с значительными изменениями, включая удаление поддержки iptables, изменение поведения сетевых драйверов и добавление новых функций. Обновление требует ручной проверки из-за рисков связанных с network-facing и github-upstream. ### 2. Риск для НАЙС.ОС **High** Обновление включает изменение поведения сетевых драйверов (strict isolation mode), что может повлиять на взаимодействие сетей. Риск связан с network-facing и github-upstream, требующим ручной проверки. ### 3. Security/CVE Нет признаков security/CVE в входных данных. ### 4. ABI/API риск **High** Мajor-обновление может вызвать ABI/API-изменения в драйверах и интерфейсах, особенно в сетевых модулях. Нужен ручной анализ для подтверждения совместимости с существующими патчами и buildRequires. ### 5. Риск для RPM-сборки - **Spec**: Изменения в настройках сетевых драйверов могут требовать обновления %check. - **Патчи**: Новые параметры (outbound_addr4/6) требуют проверки в BuildRequires. - **%check**: Новые функции (network create) могут вызвать ошибки в тестах. ### 6. Проверки мейнтейнера - Проверьте релизный документ (GitHub tag/release notes) для подтверждения изменений. - Проверьте совместимость с podman 6.0 и buildah 1.44. - Проверьте наличие ABI/API-изменений в драйверах. - Проверьте настройки сети в %check и BuildRequires. ### 7. Рекомендация **blocked manual review** Обновление требует ручной проверки из-за рисков network-facing и github-upstream, а также возможных ABI/API-изменений. ### 8. Основание рекомендации Обновление включает значительные изменения в сетевых драйверах и интерфейсах, требующих ручной проверки для подтверждения совместимости и безопасности. ### Источники, найденные web_search 1. <a href="https://github.com/containers/netavark/releases/tag/v2.0.0" target="_blank" rel="noopener noreferrer">GitHub release API: containers/netavark v2.0.0</a> 2. <a href="https://github.com/containers/netavark/tree/v2.0.0" target="_blank" rel="noopener noreferrer">GitHub tag page: containers/netavark v2.0.0</a> 3. <a href="https://github.com/containers/netavark/releases" target="_blank" rel="noopener noreferrer">GitHub releases page: containers/netavark</a> 4. <a href="https://github.com/containers/netavark/compare/v1.17.1...v2.0.0" target="_blank" rel="noopener noreferrer">GitHub compare page: containers/netavark v1.17.1...v2.0.0</a> 5. <a href="https://onsitestorage.com/where-to-buy-shipping-containers/" target="_blank" rel="noopener noreferrer">Where To Buy Shipping Containers | Over 60+ Depot Locations</a> 6. <a href="https://docs.cloud.google.com/release-notes" target="_blank" rel="noopener noreferrer">Google Cloud release notes | Google Cloud Documentation</a> 7. <a href="https://www.containerstore.com/s/storage/1?msockid=1a55a6246e9e604f0117b15f6f076131" target="_blank" rel="noopener noreferrer">Storage Containers &amp; Bins - The Container Store</a> 8. <a href="https://docs.docker.com/desktop/release-notes/" target="_blank" rel="noopener noreferrer">Docker Desktop release notes</a> 9. <a href="https://www.containerstore.com/s/storage/1?msockid=043ed172d3566e5c13e6c609d2cf6fc8" target="_blank" rel="noopener noreferrer">Storage Containers &amp; Bins - The Container Store</a> ## Upstream release notes / description This is major release with breaking changes. It is required for podman 6.0 and buildah 1.44 and only supported to be used with them together. Packagers need to ensure they update the versions in sync. * Removed iptables support * The bridge network driver now defaults to strict isolation mode, this means different networks can no longer talk to each by default. To restore the previous behavior the network must set the `isolate=false` option. (<a href="https://github.com/podman-container-tools/podman/issues/27349" target="_blank" rel="noopener noreferrer">podman-container-tools/podman#27349</a>) * The macvlan network driver now use a default mtu of 99. (<a href="https://github.com/podman-container-tools/podman/issues/23984" target="_blank" rel="noopener noreferrer">podman-container-tools/podman#23984</a>) * Added network create support, podman now calls netavark create to create a network config. * The bridge network driver now supports the `outbound_addr4` and `outbound_addr6` options to specify the outgoing NAT source address. * Netavark now supports assigning multiple static ip addresses per subnet. * The MSRV has been bumped to v1.88. * Dependency updates. ## NiceOS maintainer checklist - [ ] Confirm that the detected version is a stable upstream release. - [ ] Check upstream changelog for security fixes, ABI/API changes and build-system changes. - [ ] Check ABI/API compatibility and reverse dependencies. - [ ] Download source into NiceOS lookaside storage. - [ ] Update `Version` and related fields in `SPECS/*.spec` only if policy allows it. - [ ] Regenerate `SOURCES/sources.lock.json`, manifests, metadata and SBOM. - [ ] Build SRPM/RPM in a clean NiceOS buildroot. - [ ] Run package smoke tests. - [ ] Link PR/build logs and close this issue after update or triage. ## Bot metadata - Tool: `niceos_upstream_monitor.py 2.1.3-local-websearch-github-release-pages` - Generated at: `2026-06-17T00:14:21Z`
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
niceos-5.2
update-netavark-1.17.2
No results found.
Labels
Clear labels   
ai-summary
Issue contains local NiceSOFT AI generated preliminary analysis

  
bot
Created by automation

  
needs-build
Needs build verification

  
needs-policy-decision
Needs explicit maintainer or architecture policy decision

  
needs-triage
Needs maintainer triage

  
policy/blocked
Upstream update is blocked by NiceOS policy

  
policy/major-blocked
Major update is blocked by NiceOS policy

  
priority/high
High priority

  
priority/medium
Medium priority

  
update/major
Major update

  
update/patch
Patch-level update

  
upstream-update
New upstream version is available

  
upstream/github
GitHub upstream

No labels
ai-summary
bot
needs-build
needs-policy-decision
needs-triage
policy/blocked
policy/major-blocked
priority/high
priority/medium
update/major
update/patch
upstream-update
upstream/github
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
rpms/netavark#3
No description provided.