%bcond_with btrfs %bcond_without seccomp %bcond_without systemd %define golang_set_gopath(d:) \ export GOPATH="%{-d:%{-d*}}%{!-d:$(pwd -P)}"; \ export PATH="$PATH:$GOPATH/bin"; \ export GO111MODULE=off %define golang_init_gopath(d:) \ %{golang_set_gopath} \ rm -rf "${GOPATH}/"{src,pkg,bin} \ install -d "${GOPATH}"/{src,pkg,bin} %define golang_src_path(p:) ${GOPATH:-.}/src/%{-p*} %define gobuilddir %{golang_src_path} %define golang_prep(p:s:S:) \ install -d "$GOPATH/src/%{-p*}" && \ tar -x %{-S:--strip-components=%{-S*}} -C "%{golang_src_path -p %{-p*}}" -f %{-s*} %define golang_install(p:s:S:) %{golang_prep}\ go install %{-p*} %define containerd_release 1.7.2 %define containerd_commit 0cae528dd6cb557f7201036e9f43420650207b58 %global containerd_short_sha %(c=%containerd_commit; echo ${c:0:7}) %define containerd_package github.com/containerd/containerd %define containerd_src %{golang_src_path -p %containerd_package} ## Pre/Post release VCS metadata, for NVR when unmatched with a ## release tag. # Update date to datestamp when containerd upstream data is bumped. %global containerd_rpm_snapshot_date 20210617 %global containerd_rpm_snapshot_vcs git%{containerd_short_sha} # Get the version bits before the dash or plus. %global containerd_rpm_version %(r=%containerd_release; echo ${r%%%%-*}) # Pre/Post release suffix with VCS info embedded into release. %global containerd_rpm_release_suffix .%{containerd_rpm_snapshot_date}.%{containerd_rpm_snapshot_vcs} %global containerd_buildtags %{?containerd_buildtags} selinux %if %{with btrfs} %global containerd_buildtags %{?containerd_buildtags} btrfs %else %global containerd_buildtags %{?containerd_buildtags} no_btrfs %endif %if %{with seccomp} %global containerd_buildtags %{?containerd_buildtags} seccomp %endif Name: containerd Version: %{containerd_rpm_version} Release: 1%{?dist} # Upstream license specification: Apache-2.0 License: ASL 2.0 Summary: An industry-standard container runtime with an emphasis on simplicity, robustness and portability Source0: https://%{containerd_package}/archive/%{containerd_commit}/containerd-%{containerd_release}-%{containerd_short_sha}.tar.gz Source1: config.toml Patch1000: containerd-1.4.0-Update-path-to-use-packaged-daemon-executable-in-ser.patch # Runtime requirements Requires: runc %if %{with seccomp} # Require the version of seccomp that we were built against. %global seccomp_version %(pkg-config --modversion libseccomp 2>/dev/null || echo 0) Requires: libseccomp%{?_isa} >= %{seccomp_version} %endif # container-selinux 2.120.0 adds necessary support for containerd-cri Conflicts: container-selinux < 2.120.0 # Compilation requirements BuildRequires: golang >= 1.18.3 BuildRequires: kernel-headers BuildRequires: libselinux-devel BuildRequires: go-rpm-macros BuildRequires: systemd-rpm-macros BuildRequires: go-md2man %if %{with btrfs} BuildRequires: btrfs-progs-devel %endif %if %{with seccomp} BuildRequires: libseccomp-devel %endif %description containerd is an industry-standard container runtime with an emphasis on simplicity, robustness and portability. It is available as a daemon for Linux and Windows, which can manage the complete container lifecycle of its host system: image transfer and storage, container execution and supervision, low-level storage and network attachments, etc. %package stress License: ASL 2.0 Summary: stress test a containerd daemon Requires: %{name} = %{version}-%{release} %description stress %{summary}. %prep %setup -c -T -n %{name}-%{version}-%{release} %golang_init_gopath %golang_prep -p %{containerd_package} -s %SOURCE0 -S 1 cd "%containerd_src" %patch1000 -p1 %build %golang_set_gopath cd "%containerd_src" export LDFLAGS="-X %{containerd_package}/version.Version=%{version} -X %{containerd_package}/version.Revision=%{containerd_commit} " export BUILDTAGS="%{containerd_buildtags}" for cmd in containerd containerd-shim containerd-shim-runc-v1 containerd-shim-runc-v2 containerd-stress ctr gen-manpages ; do %gobuild -o %{gobuilddir}/bin/$cmd %{containerd_src}/cmd/$cmd done mkdir _man go-md2man -in docs/man/containerd-config.8.md -out _man/containerd-config.8 go-md2man -in docs/man/containerd-config.toml.5.md -out _man/containerd-config.toml.5 %{gobuilddir}/bin/gen-manpages containerd.8 _man %{gobuilddir}/bin/gen-manpages ctr.8 _man rm %{gobuilddir}/bin/gen-manpages %check %golang_set_gopath export BUILDTAGS="%{containerd_buildtags}" # Run scoped unit tests - skips some if not running as root. %if %{without btrfs} # We want to build/run tests the same way we build the binaries export EXTRA_TESTFLAGS="-tags='%{containerd_buildtags}'" %endif make -C %{containerd_src} test %install %golang_set_gopath # Install containerd binaries install -d %{buildroot}%{_bindir} install -p %{gobuilddir}/bin/* %{buildroot}%{_bindir}/ install -d %{buildroot}%{_mandir}/man{5,8} install -p -m 644 %{containerd_src}/_man/*.5 %{buildroot}%{_mandir}/man5/ install -p -m 644 %{containerd_src}/_man/*.8 %{buildroot}%{_mandir}/man8/ install -D -p -m 0644 %{S:1} %{buildroot}%{_sysconfdir}/containerd/config.toml %if %{with systemd} install -D -p -m 644 %{containerd_src}/containerd.service %{buildroot}%{_unitdir}/containerd.service %endif install -d %{buildroot}%{_localstatedir}/lib/containerd %if 0%{?amzn} == 2 # On a fresh install of container-selinux, or updating from selinux-policy in # amzn2-core to one that more closely tracks upstream, we need to relabel critical # files to pick up changes to file_contexts introduced by those packages. %define selinux_relabel_paths %{_bindir}/ctr %{_bindir}/containerd %{_bindir}/containerd-shim* %{_sysconfdir}/containerd/config.toml %{_localstatedir}/lib/containerd %define do_selinux_relabel() /usr/sbin/selinuxenabled && /usr/sbin/restorecon -r %* %triggerin -- container-selinux if [ $1 -eq 1 ]; then # new install, not update %{do_selinux_relabel} %{selinux_relabel_paths} ||: fi %triggerun -- selinux-policy < 3.13.1-266 if [ $1 -eq 1 ]; then # update, not uninstall %{do_selinux_relabel} %{selinux_relabel_paths} ||: fi %triggerin stress -- container-selinux if [ $1 -eq 1 ]; then # new install, not update %{do_selinux_relabel} %{_bindir}/containerd-stress ||: fi %triggerun stress -- selinux-policy < 3.13.1-266 if [ $1 -eq 1 ]; then # update, not uninstall %{do_selinux_relabel} %{_bindir}/containerd-stress ||: fi %endif %files %license src/github.com/containerd/containerd/LICENSE %doc src/github.com/containerd/containerd/README.md %{_bindir}/ctr %{_bindir}/containerd %{_bindir}/containerd-shim %{_bindir}/containerd-shim-runc-v1 %{_bindir}/containerd-shim-runc-v2 %config(noreplace) %{_sysconfdir}/containerd/config.toml %dir %{_localstatedir}/lib/containerd %if %{with systemd} %{_unitdir}/containerd.service %endif %{_mandir}/man5/containerd-config.toml.5* %{_mandir}/man8/containerd-config.8* %{_mandir}/man8/containerd.8* %{_mandir}/man8/ctr.8* %files stress %{_bindir}/containerd-stress %post %if %{with systemd} %systemd_post containerd %endif %preun %if %{with systemd} %systemd_preun containerd %endif %postun %if %{with systemd} %systemd_postun_with_restart containerd %endif %changelog * Thu Jul 06 2023 Lucas Meneghel - 1.7.2-1.amzn2023.0.1 - containerd: Update to upstream 1.7.2 - Dropped patches that are included with the new version * Fri Mar 17 2023 Sonia Xu - 1.6.19-1.amzn2023.0.1 - Update to v1.6.19 - Update patch to apply properly * Tue Mar 14 2023 Sai Harsha - 1.6.8-2.amzn2023.0.4 - Fix CVE-2022-1996 * Mon Jan 30 2023 Stewart Smith - 1.6.8-2.amzn2023.0.3 - Mass rebuild for AL2023 * Tue Dec 20 2022 Chanchal Mathew - 1.6.8-2.amzn2022.0.2 - Rebuild for CVE-2022-2879, CVE-2022-41715, CVE-2022-41716 in golang * Tue Oct 11 2022 Chanchal Mathew - 1.6.8-2 - Fix FTBFS * Tue Oct 04 2022 Chanchal Mathew - 1.6.8-1 - Update to 1.6.8 from upstream * Mon Oct 03 2022 Stewart Smith - 1.6.6-1.amzn2022.0.3 - AL2022 pre-GA mass rebuild * Wed Sep 28 2022 Mansi Jaitly - 1.6.6-1.amzn2022.0.2 - Rebuild due to golang-1.19.1-1.amzn2022.0.1 update * Fri Jul 22 2022 Stewart Smith - 1.6.6-1.amzn2022.0.1 - build without btrfs on Amazon Linux * Mon Jun 20 2022 Sai Harsha - 1.6.6-1 - Update to 1.6.6 from upstream - Remove patches included upstream since 1.4.13 * Tue May 31 2022 Sai Harsha - 1.4.13-3 - Limit the response size of ExecSync * Tue Mar 29 2022 Malcolm Inglis - 1.4.13-2 - Apply patch for CVE-2022-24769 * Tue Mar 29 2022 Malcolm Inglis - 1.4.13-1 - Update to 1.4.13 from upstream - Update golang BuildRequires to 1.16.15 - Remove patches included upstream since 1.4.6 * Thu Feb 24 2022 Malcolm Inglis - 1.4.6-9 - Apply patch for CVE-2022-23648 * Wed Dec 08 2021 Paul Ezvan - 1.4.6-8 - Build for AL2022 * Wed Nov 17 2021 Jamie Anderson - 1.4.6-7 - CVE-2021-41190 * Tue Nov 02 2021 Jamie Anderson - 1.4.6-5 - Fix typo in container-selinux Conflicts: * Fri Oct 29 2021 Jamie Anderson - 1.4.6-4 - Add selinux to buildtags - Conflict with container-selinux versions that don't have containerd-cri support * Fri Sep 24 2021 Jamie Anderson - 1.4.6-3 - Apply patches for CVE-2021-41103 * Mon Jul 12 2021 Jamie Anderson - 1.4.6-2 - Apply patch for CVE-2021-32760 * Thu Jun 17 2021 Jamie Anderson - 1.4.6-1 - Update to 1.4.6 from upstream * Thu Feb 25 2021 Jamie Anderson - 1.4.4-1 - Update to 1.4.4 from upstream * Tue Nov 17 2020 Samuel Karp - 1.4.1-2 - Apply patch for CVE-2020-15257 * Fri Nov 13 2020 Jamie Anderson - 1.4.1 - Update to 1.4.1 from upstream * Wed Sep 23 2020 Jamie Anderson - 1.4.0 - Update to 1.4.0 from upstream - Add triggers to relabel after container-selinux install * Mon Feb 10 2020 Jamie Anderson - 1.3.2 - Update to 1.3.2 from upstream * Mon May 13 2019 Jacob Vallejo - 1.2.6-1 - Initial packaging