raven/base/containerd/containerd.spec

%bcond_with btrfs
%bcond_without seccomp
%bcond_without systemd

%define golang_set_gopath(d:) \
export GOPATH="%{-d:%{-d*}}%{!-d:$(pwd -P)}"; \
export PATH="$PATH:$GOPATH/bin"; \
export GO111MODULE=off

%define golang_init_gopath(d:) \
%{golang_set_gopath} \
rm -rf "${GOPATH}/"{src,pkg,bin} \
install -d "${GOPATH}"/{src,pkg,bin}

%define golang_src_path(p:) ${GOPATH:-.}/src/%{-p*}
%define gobuilddir %{golang_src_path}

%define golang_prep(p:s:S:) \
install -d "$GOPATH/src/%{-p*}" && \
tar -x %{-S:--strip-components=%{-S*}} -C "%{golang_src_path -p %{-p*}}" -f %{-s*}

%define golang_install(p:s:S:) %{golang_prep}\
go install %{-p*}

%define containerd_release 1.7.2
%define containerd_commit  0cae528dd6cb557f7201036e9f43420650207b58
%global containerd_short_sha %(c=%containerd_commit; echo ${c:0:7})
%define containerd_package github.com/containerd/containerd
%define containerd_src %{golang_src_path -p %containerd_package}

## Pre/Post release VCS metadata, for NVR when unmatched with a
## release tag.
# Update date to datestamp when containerd upstream data is bumped.
%global containerd_rpm_snapshot_date 20210617
%global containerd_rpm_snapshot_vcs git%{containerd_short_sha}
# Get the version bits before the dash or plus.
%global containerd_rpm_version %(r=%containerd_release; echo ${r%%%%-*})
# Pre/Post release suffix with VCS info embedded into release.
%global containerd_rpm_release_suffix .%{containerd_rpm_snapshot_date}.%{containerd_rpm_snapshot_vcs}

%global containerd_buildtags %{?containerd_buildtags} selinux
%if %{with btrfs}
%global containerd_buildtags %{?containerd_buildtags} btrfs
%else
%global containerd_buildtags %{?containerd_buildtags} no_btrfs
%endif
%if %{with seccomp}
%global containerd_buildtags %{?containerd_buildtags} seccomp
%endif

Name: containerd
Version: %{containerd_rpm_version}
Release: 1%{?dist}
# Upstream license specification: Apache-2.0
License: ASL 2.0
Summary: An industry-standard container runtime with an emphasis on simplicity, robustness and portability

Source0: https://%{containerd_package}/archive/%{containerd_commit}/containerd-%{containerd_release}-%{containerd_short_sha}.tar.gz
Source1: config.toml

Patch1000: containerd-1.4.0-Update-path-to-use-packaged-daemon-executable-in-ser.patch

# Runtime requirements
Requires: runc
%if %{with seccomp}
# Require the version of seccomp that we were built against.
%global seccomp_version %(pkg-config --modversion libseccomp 2>/dev/null || echo 0)
Requires: libseccomp%{?_isa} >= %{seccomp_version}
%endif
# container-selinux 2.120.0 adds necessary support for containerd-cri
Conflicts: container-selinux < 2.120.0

# Compilation requirements
BuildRequires: golang >= 1.18.3
BuildRequires: kernel-headers
BuildRequires: libselinux-devel
BuildRequires: go-rpm-macros
BuildRequires: systemd-rpm-macros
BuildRequires: go-md2man
%if %{with btrfs}
BuildRequires: btrfs-progs-devel
%endif
%if %{with seccomp}
BuildRequires: libseccomp-devel
%endif

%description
containerd is an industry-standard container runtime with an emphasis
on simplicity, robustness and portability. It is available as a daemon
for Linux and Windows, which can manage the complete container
lifecycle of its host system: image transfer and storage, container
execution and supervision, low-level storage and network attachments,
etc.

%package stress
License: ASL 2.0
Summary: stress test a containerd daemon
Requires: %{name} = %{version}-%{release}

%description stress
%{summary}.

%prep
%setup -c -T -n %{name}-%{version}-%{release}
%golang_init_gopath

%golang_prep -p %{containerd_package} -s %SOURCE0 -S 1

cd "%containerd_src"
%patch1000 -p1

%build
%golang_set_gopath
cd "%containerd_src"
export LDFLAGS="-X %{containerd_package}/version.Version=%{version} -X %{containerd_package}/version.Revision=%{containerd_commit} "
export BUILDTAGS="%{containerd_buildtags}"
for cmd in containerd  containerd-shim  containerd-shim-runc-v1  containerd-shim-runc-v2  containerd-stress  ctr  gen-manpages ; do
  %gobuild -o %{gobuilddir}/bin/$cmd %{containerd_src}/cmd/$cmd
done
mkdir _man
go-md2man -in docs/man/containerd-config.8.md -out _man/containerd-config.8
go-md2man -in docs/man/containerd-config.toml.5.md -out _man/containerd-config.toml.5
%{gobuilddir}/bin/gen-manpages containerd.8 _man
%{gobuilddir}/bin/gen-manpages ctr.8 _man
rm %{gobuilddir}/bin/gen-manpages

%check
%golang_set_gopath
export BUILDTAGS="%{containerd_buildtags}"
# Run scoped unit tests - skips some if not running as root.
%if %{without btrfs}
# We want to build/run tests the same way we build the binaries
export EXTRA_TESTFLAGS="-tags='%{containerd_buildtags}'"
%endif
make -C %{containerd_src} test

%install
%golang_set_gopath

# Install containerd binaries
install -d %{buildroot}%{_bindir}
install -p %{gobuilddir}/bin/* %{buildroot}%{_bindir}/
install -d %{buildroot}%{_mandir}/man{5,8}
install -p -m 644 %{containerd_src}/_man/*.5 %{buildroot}%{_mandir}/man5/
install -p -m 644 %{containerd_src}/_man/*.8 %{buildroot}%{_mandir}/man8/
install -D -p -m 0644 %{S:1} %{buildroot}%{_sysconfdir}/containerd/config.toml

%if %{with systemd}
install -D -p -m 644 %{containerd_src}/containerd.service %{buildroot}%{_unitdir}/containerd.service
%endif
install -d %{buildroot}%{_localstatedir}/lib/containerd

%if 0%{?amzn} == 2
# On a fresh install of container-selinux, or updating from selinux-policy in
# amzn2-core to one that more closely tracks upstream, we need to relabel critical
# files to pick up changes to file_contexts introduced by those packages.
%define selinux_relabel_paths %{_bindir}/ctr %{_bindir}/containerd %{_bindir}/containerd-shim* %{_sysconfdir}/containerd/config.toml %{_localstatedir}/lib/containerd
%define do_selinux_relabel() /usr/sbin/selinuxenabled && /usr/sbin/restorecon -r %*

%triggerin -- container-selinux
if [ $1 -eq 1 ]; then # new install, not update
  %{do_selinux_relabel} %{selinux_relabel_paths} ||:
fi

%triggerun -- selinux-policy < 3.13.1-266
if [ $1 -eq 1 ]; then # update, not uninstall
  %{do_selinux_relabel} %{selinux_relabel_paths} ||:
fi

%triggerin stress -- container-selinux
if [ $1 -eq 1 ]; then # new install, not update
  %{do_selinux_relabel} %{_bindir}/containerd-stress ||:
fi

%triggerun stress -- selinux-policy < 3.13.1-266
if [ $1 -eq 1 ]; then # update, not uninstall
  %{do_selinux_relabel} %{_bindir}/containerd-stress ||:
fi
%endif

%files
%license src/github.com/containerd/containerd/LICENSE
%doc src/github.com/containerd/containerd/README.md
%{_bindir}/ctr
%{_bindir}/containerd
%{_bindir}/containerd-shim
%{_bindir}/containerd-shim-runc-v1
%{_bindir}/containerd-shim-runc-v2
%config(noreplace) %{_sysconfdir}/containerd/config.toml
%dir %{_localstatedir}/lib/containerd
%if %{with systemd}
%{_unitdir}/containerd.service
%endif
%{_mandir}/man5/containerd-config.toml.5*
%{_mandir}/man8/containerd-config.8*
%{_mandir}/man8/containerd.8*
%{_mandir}/man8/ctr.8*

%files stress
%{_bindir}/containerd-stress

%post
%if %{with systemd}
%systemd_post containerd
%endif

%preun
%if %{with systemd}
%systemd_preun containerd
%endif

%postun
%if %{with systemd}
%systemd_postun_with_restart containerd
%endif

%changelog
* Thu Jul 06 2023 Lucas Meneghel <lmr@amazon.com> - 1.7.2-1.amzn2023.0.1
- containerd: Update to upstream 1.7.2
- Dropped patches that are included with the new version

* Fri Mar 17 2023 Sonia Xu <sonix@amazon.com> - 1.6.19-1.amzn2023.0.1
- Update to v1.6.19
- Update patch to apply properly

* Tue Mar 14 2023 Sai Harsha <ssuryad@amazon.com> - 1.6.8-2.amzn2023.0.4
- Fix CVE-2022-1996

* Mon Jan 30 2023 Stewart Smith <trawets@amazon.com> - 1.6.8-2.amzn2023.0.3
- Mass rebuild for AL2023

* Tue Dec 20 2022 Chanchal Mathew <chancham@amazon.com> - 1.6.8-2.amzn2022.0.2
- Rebuild for CVE-2022-2879, CVE-2022-41715, CVE-2022-41716 in golang

* Tue Oct 11 2022 Chanchal Mathew <chancham@amazon.com> - 1.6.8-2
- Fix FTBFS

* Tue Oct 04 2022 Chanchal Mathew <chancham@amazon.com> - 1.6.8-1
- Update to 1.6.8 from upstream

* Mon Oct 03 2022 Stewart Smith <trawets@amazon.com> - 1.6.6-1.amzn2022.0.3
- AL2022 pre-GA mass rebuild

* Wed Sep 28 2022 Mansi Jaitly <mjaitly@amazon.com> - 1.6.6-1.amzn2022.0.2
- Rebuild due to golang-1.19.1-1.amzn2022.0.1 update

* Fri Jul 22 2022 Stewart Smith <trawets@amazon.com> - 1.6.6-1.amzn2022.0.1
- build without btrfs on Amazon Linux

* Mon Jun 20 2022 Sai Harsha <ssuryad@amazon.com> - 1.6.6-1
- Update to 1.6.6 from upstream
- Remove patches included upstream since 1.4.13

* Tue May 31 2022 Sai Harsha <ssuryad@amazon.com> - 1.4.13-3
- Limit the response size of ExecSync

* Tue Mar 29 2022 Malcolm Inglis <miinglis@amazon.com> - 1.4.13-2
- Apply patch for CVE-2022-24769

* Tue Mar 29 2022 Malcolm Inglis <miinglis@amazon.com> - 1.4.13-1
- Update to 1.4.13 from upstream
- Update golang BuildRequires to 1.16.15
- Remove patches included upstream since 1.4.6

* Thu Feb 24 2022 Malcolm Inglis <miinglis@amazon.com> - 1.4.6-9
- Apply patch for CVE-2022-23648

* Wed Dec 08 2021 Paul Ezvan <paulezva@amazon.fr> - 1.4.6-8
- Build for AL2022

* Wed Nov 17 2021 Jamie Anderson <jamieand@amazon.com> - 1.4.6-7
- CVE-2021-41190

* Tue Nov 02 2021 Jamie Anderson <jamieand@amazon.com> - 1.4.6-5
- Fix typo in container-selinux Conflicts:

* Fri Oct 29 2021 Jamie Anderson <jamieand@amazon.com> - 1.4.6-4
- Add selinux to buildtags
- Conflict with container-selinux versions that don't have containerd-cri support

* Fri Sep 24 2021 Jamie Anderson <jamieand@amazon.com> - 1.4.6-3
- Apply patches for CVE-2021-41103

* Mon Jul 12 2021 Jamie Anderson <jamieand@amazon.com> - 1.4.6-2
- Apply patch for CVE-2021-32760

* Thu Jun 17 2021 Jamie Anderson <jamieand@amazon.com> - 1.4.6-1
- Update to 1.4.6 from upstream

* Thu Feb 25 2021 Jamie Anderson <jamieand@amazon.com> - 1.4.4-1
- Update to 1.4.4 from upstream

* Tue Nov 17 2020 Samuel Karp <skarp@amazon.com> - 1.4.1-2
- Apply patch for CVE-2020-15257

* Fri Nov 13 2020 Jamie Anderson <jamieand@amazon.com> - 1.4.1
- Update to 1.4.1 from upstream

* Wed Sep 23 2020 Jamie Anderson <jamieand@amazon.com> - 1.4.0
- Update to 1.4.0 from upstream
- Add triggers to relabel after container-selinux install

* Mon Feb 10 2020 Jamie Anderson <jamieand@amazon.com> - 1.3.2
- Update to 1.3.2 from upstream

* Mon May 13 2019 Jacob Vallejo <jakeev@amazon.com> - 1.2.6-1
- Initial packaging