%bcond_with btrfs
%bcond_without seccomp
%bcond_without systemd
%define golang_set_gopath(d:) \
export GOPATH="%{-d:%{-d*}}%{!-d:$(pwd -P)}"; \
export PATH="$PATH:$GOPATH/bin"; \
export GO111MODULE=off
%define golang_init_gopath(d:) \
%{golang_set_gopath} \
rm -rf "${GOPATH}/"{src,pkg,bin} \
install -d "${GOPATH}"/{src,pkg,bin}
%define golang_src_path(p:) ${GOPATH:-.}/src/%{-p*}
%define gobuilddir %{golang_src_path}
%define golang_prep(p:s:S:) \
install -d "$GOPATH/src/%{-p*}" && \
tar -x %{-S:--strip-components=%{-S*}} -C "%{golang_src_path -p %{-p*}}" -f %{-s*}
%define golang_install(p:s:S:) %{golang_prep}\
go install %{-p*}
%define containerd_release 1.7.2
%define containerd_commit 0cae528dd6cb557f7201036e9f43420650207b58
%global containerd_short_sha %(c=%containerd_commit; echo ${c:0:7})
%define containerd_package github.com/containerd/containerd
%define containerd_src %{golang_src_path -p %containerd_package}
## Pre/Post release VCS metadata, for NVR when unmatched with a
## release tag.
# Update date to datestamp when containerd upstream data is bumped.
%global containerd_rpm_snapshot_date 20210617
%global containerd_rpm_snapshot_vcs git%{containerd_short_sha}
# Get the version bits before the dash or plus.
%global containerd_rpm_version %(r=%containerd_release; echo ${r%%%%-*})
# Pre/Post release suffix with VCS info embedded into release.
%global containerd_rpm_release_suffix .%{containerd_rpm_snapshot_date}.%{containerd_rpm_snapshot_vcs}
%global containerd_buildtags %{?containerd_buildtags} selinux
%if %{with btrfs}
%global containerd_buildtags %{?containerd_buildtags} btrfs
%else
%global containerd_buildtags %{?containerd_buildtags} no_btrfs
%endif
%if %{with seccomp}
%global containerd_buildtags %{?containerd_buildtags} seccomp
%endif
Name: containerd
Version: %{containerd_rpm_version}
Release: 1%{?dist}
# Upstream license specification: Apache-2.0
License: ASL 2.0
Summary: An industry-standard container runtime with an emphasis on simplicity, robustness and portability
Source0: https://%{containerd_package}/archive/%{containerd_commit}/containerd-%{containerd_release}-%{containerd_short_sha}.tar.gz
Source1: config.toml
Patch1000: containerd-1.4.0-Update-path-to-use-packaged-daemon-executable-in-ser.patch
# Runtime requirements
Requires: runc
%if %{with seccomp}
# Require the version of seccomp that we were built against.
%global seccomp_version %(pkg-config --modversion libseccomp 2>/dev/null || echo 0)
Requires: libseccomp%{?_isa} >= %{seccomp_version}
%endif
# container-selinux 2.120.0 adds necessary support for containerd-cri
Conflicts: container-selinux < 2.120.0
# Compilation requirements
BuildRequires: golang >= 1.18.3
BuildRequires: kernel-headers
BuildRequires: libselinux-devel
BuildRequires: go-rpm-macros
BuildRequires: systemd-rpm-macros
BuildRequires: go-md2man
%if %{with btrfs}
BuildRequires: btrfs-progs-devel
%endif
%if %{with seccomp}
BuildRequires: libseccomp-devel
%endif
%description
containerd is an industry-standard container runtime with an emphasis
on simplicity, robustness and portability. It is available as a daemon
for Linux and Windows, which can manage the complete container
lifecycle of its host system: image transfer and storage, container
execution and supervision, low-level storage and network attachments,
etc.
%package stress
License: ASL 2.0
Summary: stress test a containerd daemon
Requires: %{name} = %{version}-%{release}
%description stress
%{summary}.
%prep
%setup -c -T -n %{name}-%{version}-%{release}
%golang_init_gopath
%golang_prep -p %{containerd_package} -s %SOURCE0 -S 1
cd "%containerd_src"
%patch1000 -p1
%build
%golang_set_gopath
cd "%containerd_src"
export LDFLAGS="-X %{containerd_package}/version.Version=%{version} -X %{containerd_package}/version.Revision=%{containerd_commit} "
export BUILDTAGS="%{containerd_buildtags}"
for cmd in containerd containerd-shim containerd-shim-runc-v1 containerd-shim-runc-v2 containerd-stress ctr gen-manpages ; do
%gobuild -o %{gobuilddir}/bin/$cmd %{containerd_src}/cmd/$cmd
done
mkdir _man
go-md2man -in docs/man/containerd-config.8.md -out _man/containerd-config.8
go-md2man -in docs/man/containerd-config.toml.5.md -out _man/containerd-config.toml.5
%{gobuilddir}/bin/gen-manpages containerd.8 _man
%{gobuilddir}/bin/gen-manpages ctr.8 _man
rm %{gobuilddir}/bin/gen-manpages
%check
%golang_set_gopath
export BUILDTAGS="%{containerd_buildtags}"
# Run scoped unit tests - skips some if not running as root.
%if %{without btrfs}
# We want to build/run tests the same way we build the binaries
export EXTRA_TESTFLAGS="-tags='%{containerd_buildtags}'"
%endif
make -C %{containerd_src} test
%install
%golang_set_gopath
# Install containerd binaries
install -d %{buildroot}%{_bindir}
install -p %{gobuilddir}/bin/* %{buildroot}%{_bindir}/
install -d %{buildroot}%{_mandir}/man{5,8}
install -p -m 644 %{containerd_src}/_man/*.5 %{buildroot}%{_mandir}/man5/
install -p -m 644 %{containerd_src}/_man/*.8 %{buildroot}%{_mandir}/man8/
install -D -p -m 0644 %{S:1} %{buildroot}%{_sysconfdir}/containerd/config.toml
%if %{with systemd}
install -D -p -m 644 %{containerd_src}/containerd.service %{buildroot}%{_unitdir}/containerd.service
%endif
install -d %{buildroot}%{_localstatedir}/lib/containerd
%if 0%{?amzn} == 2
# On a fresh install of container-selinux, or updating from selinux-policy in
# amzn2-core to one that more closely tracks upstream, we need to relabel critical
# files to pick up changes to file_contexts introduced by those packages.
%define selinux_relabel_paths %{_bindir}/ctr %{_bindir}/containerd %{_bindir}/containerd-shim* %{_sysconfdir}/containerd/config.toml %{_localstatedir}/lib/containerd
%define do_selinux_relabel() /usr/sbin/selinuxenabled && /usr/sbin/restorecon -r %*
%triggerin -- container-selinux
if [ $1 -eq 1 ]; then # new install, not update
%{do_selinux_relabel} %{selinux_relabel_paths} ||:
fi
%triggerun -- selinux-policy < 3.13.1-266
if [ $1 -eq 1 ]; then # update, not uninstall
%{do_selinux_relabel} %{selinux_relabel_paths} ||:
fi
%triggerin stress -- container-selinux
if [ $1 -eq 1 ]; then # new install, not update
%{do_selinux_relabel} %{_bindir}/containerd-stress ||:
fi
%triggerun stress -- selinux-policy < 3.13.1-266
if [ $1 -eq 1 ]; then # update, not uninstall
%{do_selinux_relabel} %{_bindir}/containerd-stress ||:
fi
%endif
%files
%license src/github.com/containerd/containerd/LICENSE
%doc src/github.com/containerd/containerd/README.md
%{_bindir}/ctr
%{_bindir}/containerd
%{_bindir}/containerd-shim
%{_bindir}/containerd-shim-runc-v1
%{_bindir}/containerd-shim-runc-v2
%config(noreplace) %{_sysconfdir}/containerd/config.toml
%dir %{_localstatedir}/lib/containerd
%if %{with systemd}
%{_unitdir}/containerd.service
%endif
%{_mandir}/man5/containerd-config.toml.5*
%{_mandir}/man8/containerd-config.8*
%{_mandir}/man8/containerd.8*
%{_mandir}/man8/ctr.8*
%files stress
%{_bindir}/containerd-stress
%post
%if %{with systemd}
%systemd_post containerd
%endif
%preun
%if %{with systemd}
%systemd_preun containerd
%endif
%postun
%if %{with systemd}
%systemd_postun_with_restart containerd
%endif
%changelog
* Thu Jul 06 2023 Lucas Meneghel <lmr@amazon.com> - 1.7.2-1.amzn2023.0.1
- containerd: Update to upstream 1.7.2
- Dropped patches that are included with the new version
* Fri Mar 17 2023 Sonia Xu <sonix@amazon.com> - 1.6.19-1.amzn2023.0.1
- Update to v1.6.19
- Update patch to apply properly
* Tue Mar 14 2023 Sai Harsha <ssuryad@amazon.com> - 1.6.8-2.amzn2023.0.4
- Fix CVE-2022-1996
* Mon Jan 30 2023 Stewart Smith <trawets@amazon.com> - 1.6.8-2.amzn2023.0.3
- Mass rebuild for AL2023
* Tue Dec 20 2022 Chanchal Mathew <chancham@amazon.com> - 1.6.8-2.amzn2022.0.2
- Rebuild for CVE-2022-2879, CVE-2022-41715, CVE-2022-41716 in golang
* Tue Oct 11 2022 Chanchal Mathew <chancham@amazon.com> - 1.6.8-2
- Fix FTBFS
* Tue Oct 04 2022 Chanchal Mathew <chancham@amazon.com> - 1.6.8-1
- Update to 1.6.8 from upstream
* Mon Oct 03 2022 Stewart Smith <trawets@amazon.com> - 1.6.6-1.amzn2022.0.3
- AL2022 pre-GA mass rebuild
* Wed Sep 28 2022 Mansi Jaitly <mjaitly@amazon.com> - 1.6.6-1.amzn2022.0.2
- Rebuild due to golang-1.19.1-1.amzn2022.0.1 update
* Fri Jul 22 2022 Stewart Smith <trawets@amazon.com> - 1.6.6-1.amzn2022.0.1
- build without btrfs on Amazon Linux
* Mon Jun 20 2022 Sai Harsha <ssuryad@amazon.com> - 1.6.6-1
- Update to 1.6.6 from upstream
- Remove patches included upstream since 1.4.13
* Tue May 31 2022 Sai Harsha <ssuryad@amazon.com> - 1.4.13-3
- Limit the response size of ExecSync
* Tue Mar 29 2022 Malcolm Inglis <miinglis@amazon.com> - 1.4.13-2
- Apply patch for CVE-2022-24769
* Tue Mar 29 2022 Malcolm Inglis <miinglis@amazon.com> - 1.4.13-1
- Update to 1.4.13 from upstream
- Update golang BuildRequires to 1.16.15
- Remove patches included upstream since 1.4.6
* Thu Feb 24 2022 Malcolm Inglis <miinglis@amazon.com> - 1.4.6-9
- Apply patch for CVE-2022-23648
* Wed Dec 08 2021 Paul Ezvan <paulezva@amazon.fr> - 1.4.6-8
- Build for AL2022
* Wed Nov 17 2021 Jamie Anderson <jamieand@amazon.com> - 1.4.6-7
- CVE-2021-41190
* Tue Nov 02 2021 Jamie Anderson <jamieand@amazon.com> - 1.4.6-5
- Fix typo in container-selinux Conflicts:
* Fri Oct 29 2021 Jamie Anderson <jamieand@amazon.com> - 1.4.6-4
- Add selinux to buildtags
- Conflict with container-selinux versions that don't have containerd-cri support
* Fri Sep 24 2021 Jamie Anderson <jamieand@amazon.com> - 1.4.6-3
- Apply patches for CVE-2021-41103
* Mon Jul 12 2021 Jamie Anderson <jamieand@amazon.com> - 1.4.6-2
- Apply patch for CVE-2021-32760
* Thu Jun 17 2021 Jamie Anderson <jamieand@amazon.com> - 1.4.6-1
- Update to 1.4.6 from upstream
* Thu Feb 25 2021 Jamie Anderson <jamieand@amazon.com> - 1.4.4-1
- Update to 1.4.4 from upstream
* Tue Nov 17 2020 Samuel Karp <skarp@amazon.com> - 1.4.1-2
- Apply patch for CVE-2020-15257
* Fri Nov 13 2020 Jamie Anderson <jamieand@amazon.com> - 1.4.1
- Update to 1.4.1 from upstream
* Wed Sep 23 2020 Jamie Anderson <jamieand@amazon.com> - 1.4.0
- Update to 1.4.0 from upstream
- Add triggers to relabel after container-selinux install
* Mon Feb 10 2020 Jamie Anderson <jamieand@amazon.com> - 1.3.2
- Update to 1.3.2 from upstream
* Mon May 13 2019 Jacob Vallejo <jakeev@amazon.com> - 1.2.6-1
- Initial packaging