From ecdae5227400d3cf16c53f2fdd0240a8a395af26 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Tue, 11 Jun 2024 18:46:12 +0200 Subject: [PATCH 1/7] remove GOTOOLCHAIN env-vars Both containerd and runc have been a module for some time now, and all the branches we care about are a module, so there's no need to set the GO111MODULE env-var. Signed-off-by: Sebastiaan van Stijn (cherry picked from commit 9f2a5d259edd959c748fa36665df566ba353dff4) Signed-off-by: Sebastiaan van Stijn --- debian/rules | 6 +++--- dockerfiles/deb.dockerfile | 1 - dockerfiles/rpm.dockerfile | 1 - dockerfiles/win.dockerfile | 4 +--- rpm/containerd.spec | 6 +++--- 5 files changed, 7 insertions(+), 11 deletions(-) diff --git a/debian/rules b/debian/rules index 6569067a..42601f0d 100755 --- a/debian/rules +++ b/debian/rules @@ -32,7 +32,7 @@ endif # TODO remove custom PREFIX variable once containerd release/1.4 and release/1.5 # are obsolete. See https://github.com/containerd/containerd/commit/b5f530a157 binaries: ## Create containerd binaries - @set -x; GO111MODULE=auto make -C $(GO_SRC_PATH) --no-print-directory \ + @set -x; make -C $(GO_SRC_PATH) --no-print-directory \ DESTDIR="$$(pwd)" \ PREFIX="" \ VERSION=$${VERSION} \ @@ -44,12 +44,12 @@ binaries: ## Create containerd binaries rm -f bin/containerd-stress bin/runc: - @set -x; GO111MODULE=auto make -C /go/src/github.com/opencontainers/runc --no-print-directory \ + @set -x; make -C /go/src/github.com/opencontainers/runc --no-print-directory \ BINDIR="$$(pwd)/bin" \ runc install man: ## Create containerd man pages - @set -x; GO111MODULE=auto make -C $(GO_SRC_PATH) --no-print-directory man + @set -x; make -C $(GO_SRC_PATH) --no-print-directory man # copy the generated man pages instead of using "make install-man" to allow # dh_installman doing its magic diff --git a/dockerfiles/deb.dockerfile b/dockerfiles/deb.dockerfile index 533140af..5e3a7da8 100644 --- a/dockerfiles/deb.dockerfile +++ b/dockerfiles/deb.dockerfile @@ -24,7 +24,6 @@ FROM ${GOLANG_IMAGE} AS golang FROM golang AS go-md2man ARG GOPROXY=direct -ARG GO111MODULE=on ENV GOTOOLCHAIN=local ARG MD2MAN_VERSION=v2.0.1 RUN go install github.com/cpuguy83/go-md2man/v2@${MD2MAN_VERSION} diff --git a/dockerfiles/rpm.dockerfile b/dockerfiles/rpm.dockerfile index 46d90fc0..75fd62fb 100644 --- a/dockerfiles/rpm.dockerfile +++ b/dockerfiles/rpm.dockerfile @@ -25,7 +25,6 @@ FROM ${GOLANG_IMAGE} AS golang FROM golang AS go-md2man ARG GOPROXY=direct -ARG GO111MODULE=on ENV GOTOOLCHAIN=local ARG MD2MAN_VERSION=v2.0.1 RUN go install github.com/cpuguy83/go-md2man/v2@${MD2MAN_VERSION} diff --git a/dockerfiles/win.dockerfile b/dockerfiles/win.dockerfile index 54c80742..02690efb 100644 --- a/dockerfiles/win.dockerfile +++ b/dockerfiles/win.dockerfile @@ -14,9 +14,7 @@ ARG GOLANG_IMAGE=golang:latest FROM ${GOLANG_IMAGE} AS golang -ARG GO111MODULE=auto -ENV GO111MODULE=$GO111MODULE \ - GOTOOLCHAIN=local \ +ENV GOTOOLCHAIN=local \ chocolateyUseWindowsCompression=false # Install make and gcc # We install an older version of MinGW to workaround issues in CGO; diff --git a/rpm/containerd.spec b/rpm/containerd.spec index 42b54cf3..8ffdf4b8 100644 --- a/rpm/containerd.spec +++ b/rpm/containerd.spec @@ -113,7 +113,7 @@ cd %{_topdir}/BUILD/ %build cd %{_topdir}/BUILD -GO111MODULE=auto make man +make man BUILDTAGS="" %if %{defined rhel} && 0%{?rhel} >= 8 @@ -128,14 +128,14 @@ BUILDTAGS="${BUILDTAGS} no_btrfs" %endif %endif -GO111MODULE=auto make -C /go/src/%{import_path} VERSION=%{getenv:VERSION} REVISION=%{getenv:REF} PACKAGE=%{getenv:PACKAGE} BUILDTAGS="${BUILDTAGS}" +make -C /go/src/%{import_path} VERSION=%{getenv:VERSION} REVISION=%{getenv:REF} PACKAGE=%{getenv:PACKAGE} BUILDTAGS="${BUILDTAGS}" # Remove containerd-stress, as we're not shipping it as part of the packages rm -f bin/containerd-stress bin/containerd --version bin/ctr --version -GO111MODULE=auto make -C /go/src/github.com/opencontainers/runc BINDIR=%{_topdir}/BUILD/bin runc install +make -C /go/src/github.com/opencontainers/runc BINDIR=%{_topdir}/BUILD/bin runc install %install From 010029b0f4090fe42d23de946923918f707d808b Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Tue, 11 Jun 2024 18:50:51 +0200 Subject: [PATCH 2/7] remove some GOTOOLCHAIN=local env-vars The official docker image now have GOTOOLCHAIN=local set by default, so for stages where we build inside that image, we can remove it; docker image inspect --format='{{ json .Config.Env }}' golang:1.21.11 | jq . [ "PATH=/go/bin:/usr/local/go/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "GOLANG_VERSION=1.21.11", "GOTOOLCHAIN=local", "GOPATH=/go" ] Signed-off-by: Sebastiaan van Stijn (cherry picked from commit b062731d2bf1afa0e803ba91c25c628c70560d5f) Signed-off-by: Sebastiaan van Stijn --- dockerfiles/deb.dockerfile | 1 - dockerfiles/rpm.dockerfile | 1 - dockerfiles/win.dockerfile | 3 +-- 3 files changed, 1 insertion(+), 4 deletions(-) diff --git a/dockerfiles/deb.dockerfile b/dockerfiles/deb.dockerfile index 5e3a7da8..5467f599 100644 --- a/dockerfiles/deb.dockerfile +++ b/dockerfiles/deb.dockerfile @@ -24,7 +24,6 @@ FROM ${GOLANG_IMAGE} AS golang FROM golang AS go-md2man ARG GOPROXY=direct -ENV GOTOOLCHAIN=local ARG MD2MAN_VERSION=v2.0.1 RUN go install github.com/cpuguy83/go-md2man/v2@${MD2MAN_VERSION} diff --git a/dockerfiles/rpm.dockerfile b/dockerfiles/rpm.dockerfile index 75fd62fb..79b35cda 100644 --- a/dockerfiles/rpm.dockerfile +++ b/dockerfiles/rpm.dockerfile @@ -25,7 +25,6 @@ FROM ${GOLANG_IMAGE} AS golang FROM golang AS go-md2man ARG GOPROXY=direct -ENV GOTOOLCHAIN=local ARG MD2MAN_VERSION=v2.0.1 RUN go install github.com/cpuguy83/go-md2man/v2@${MD2MAN_VERSION} diff --git a/dockerfiles/win.dockerfile b/dockerfiles/win.dockerfile index 02690efb..f903459e 100644 --- a/dockerfiles/win.dockerfile +++ b/dockerfiles/win.dockerfile @@ -14,8 +14,7 @@ ARG GOLANG_IMAGE=golang:latest FROM ${GOLANG_IMAGE} AS golang -ENV GOTOOLCHAIN=local \ - chocolateyUseWindowsCompression=false +ENV chocolateyUseWindowsCompression=false # Install make and gcc # We install an older version of MinGW to workaround issues in CGO; # see https://github.com/golang/go/issues/51007 From f4b212932b688f74db13fa334863408026cccd7f Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Tue, 11 Jun 2024 21:21:48 +0200 Subject: [PATCH 3/7] disable btrfs for all CentOS/RHEL versions Now that we no longer have to take 1.5/1.6 into account, we must unconditionally disable brtfs for CentOS and RHEL, as no version provides the Linux kernel headers for btrfs Signed-off-by: Sebastiaan van Stijn (cherry picked from commit 7fcb9f763a3b12ac5a9fbe06d39fe988adbacbee) Signed-off-by: Sebastiaan van Stijn --- debian/control | 6 +----- rpm/containerd.spec | 30 ++++++------------------------ 2 files changed, 7 insertions(+), 29 deletions(-) diff --git a/debian/control b/debian/control index 45de9344..96568ec5 100644 --- a/debian/control +++ b/debian/control @@ -2,11 +2,7 @@ Source: containerd.io Section: devel Priority: optional Maintainer: Containerd team -# btrfs dependencies no longer needed for containerd 1.7 and up, which now -# uses the Linux kernel headers for this. -# TODO(thaJeztah): remove btrfs build-dependencies once containerd 1.6 reaches EOL. -Build-Depends: libbtrfs-dev | btrfs-tools , - debhelper (>= 10~) | dh-systemd, +Build-Depends: debhelper (>= 10~) | dh-systemd, pkg-config, libseccomp-dev Standards-Version: 4.1.4 diff --git a/rpm/containerd.spec b/rpm/containerd.spec index 8ffdf4b8..d71fd7f2 100644 --- a/rpm/containerd.spec +++ b/rpm/containerd.spec @@ -70,21 +70,6 @@ BuildRequires: gcc BuildRequires: systemd BuildRequires: libseccomp-devel -# containerd 1.7.x now use Linux kernel headers for btrfs, so we only -# need this dependency when building older (1.5.x, 1.6.x) releases. -# TODO(thaJeztah): remove btrfs build-dependencies once containerd 1.6 reaches EOL. -%if "%{major_minor}" == "1.6" || "%{major_minor}" == "1.5" -%if %{undefined rhel} || 0%{?rhel} < 8 -%if %{defined suse_version} -# SUSE flavors -BuildRequires: libbtrfs-devel -%else -# Fedora / others, and CentOS/RHEL < 8 -BuildRequires: btrfs-progs-devel -%endif -%endif -%endif - %{?systemd_requires} %description @@ -116,17 +101,14 @@ cd %{_topdir}/BUILD make man BUILDTAGS="" -%if %{defined rhel} && 0%{?rhel} >= 8 -# btrfs support was removed in CentOS/RHEL 8 -BUILDTAGS="${BUILDTAGS} no_btrfs" -%else -# TODO(thaJeztah): remove this block once 1.5.x and 1.6.x reach EOL. -%if %{defined rhel} && 0%{?rhel} >= 7 && "%{major_minor}" != "1.6" && "%{major_minor}" != "1.5" -# containerd 1.7.x now use linux kernel headers for btrfs, which is not -# provided by CentOS/RHEL 7, so don't build with btrfs for 1.7+. + +# TODO(thaJeztah): can we remove the version compare, or would that exclude other RHEL derivatives (Fedora, etc)? +%if %{defined rhel} && 0%{?rhel} >= 7 +# btrfs support was removed in CentOS/RHEL 8, and containerd 1.7+ uses +# linux kernel headers for btrfs, which are not provided by CentOS/RHEL 7 +# so build without btrfs support for any CentOS/RHEL version. BUILDTAGS="${BUILDTAGS} no_btrfs" %endif -%endif make -C /go/src/%{import_path} VERSION=%{getenv:VERSION} REVISION=%{getenv:REF} PACKAGE=%{getenv:PACKAGE} BUILDTAGS="${BUILDTAGS}" From 98bca18701c54be85c4b2efa3b173173662e88c0 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Tue, 11 Jun 2024 21:39:33 +0200 Subject: [PATCH 4/7] rpm: remove version-constraint for container-selinux This condition was added 5 Years ago in c08bd94d32f681404b4392ec9f3f94dd6c98ec09 because older versions had some issues. CentOS 7 currently installs `2:2.119.2-1.911c772.el7_8`, and CentOS 9 stream has `3:2.231.0-1.el9`; both are higher than the minimum version specified, so let's remove the condition. Signed-off-by: Sebastiaan van Stijn (cherry picked from commit 018d28e3d6572389bc1ce719f0a3700b01b0fdb7) Signed-off-by: Sebastiaan van Stijn --- rpm/containerd.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rpm/containerd.spec b/rpm/containerd.spec index d71fd7f2..0eb14be1 100644 --- a/rpm/containerd.spec +++ b/rpm/containerd.spec @@ -57,7 +57,7 @@ Source3: runc %if %{undefined suse_version} # amazonlinux2 doesn't have container-selinux either %if "%{?dist}" != ".amzn2" -Requires: container-selinux >= 2:2.74 +Requires: container-selinux %endif Requires: libseccomp %else From c46cb468ffde31767c1b2f050c14498240e4424e Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Tue, 11 Jun 2024 22:26:27 +0200 Subject: [PATCH 5/7] update examples with more current distros Use more current versions of distros in the examples, because CentOS 7 will reach EOL soon, and there's a new Ubuntu LTS release. Signed-off-by: Sebastiaan van Stijn (cherry picked from commit 0737507e1ed78267c5964a64d8afd7a30b1a55fb) Signed-off-by: Sebastiaan van Stijn --- README.md | 27 +++++++++++++++++++++++++-- debian/README.md | 6 +++--- rpm/README.md | 6 +++--- 3 files changed, 31 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index a6a7cf3d..6d55c9e9 100644 --- a/README.md +++ b/README.md @@ -9,12 +9,31 @@ make clean make docker.io/library/: [docker.io/library/: ...] # for example: -# make docker.io/library/centos:7 -# make docker.io/library/ubuntu:jammy +# make quay.io/centos/centos:stream9 +# make docker.io/library/ubuntu:24.04 ``` After build completes, packages can be found in the `build` directory. +## Specifying the version to build + +By default, packages are built from HEAD of the `release/1.7` branch, as +defines in [common/common.mk]. The version of runc defaults to the version +as specified by the containerd project through the [script/setup/runc-version] +file in the containerd repository. + +Use the `REF` and `RUNC_REF` make variables to specify the versions to build. +The provided values must be a valid Git reference, which can be a commit +(e.g., `ae71819` or `ae71819c4f5e67bb4d5ae76a6b735f29cc25774e`), branch +(e.g. `main` or `release/1.7`), or tag (e.g. `v1.7.18`). + +The following example builds packages for containerd v1.7.18 with +runc v1.1.12 for Ubuntu 24.04: + +```bash +make REF=v1.7.18 RUNC_REF= docker.io/library/ubuntu:24.04 +``` + ## Building a package from a local source directory Specify the path to the local source directory using `CONTAINERD_DIR` and/or @@ -35,3 +54,7 @@ make REF=HEAD CONTAINERD_DIR=/home/me/go/src/github.com/containerd/containerd do * [deb package maintainers guide](debian/README.md) * [rpm package maintainers guide](rpm/README.md) + + +[common/common.mk]: https://github.com/docker/containerd-packaging/blob/main/common/common.mk#L19 +[script/setup/runc-version]: https://github.com/containerd/containerd/blob/v1.7.18/script/setup/runc-version diff --git a/debian/README.md b/debian/README.md index aa11f2fd..42082179 100644 --- a/debian/README.md +++ b/debian/README.md @@ -9,7 +9,7 @@ repository. Afterwards test if you can actually build the release with (for example): ```bash -make REF=${TAG} docker.io/library/ubuntu:jammy +make REF=${TAG} docker.io/library/ubuntu:24.04 ``` If you can actually build the package then start prepping @@ -31,11 +31,11 @@ VERSION is already there. Releases can then be built with: ```bash -make REF=${TAG} docker.io/library/ubuntu:jammy +make REF=${TAG} docker.io/library/ubuntu:24.04 ``` or ```bash -make REF=${TAG} BUILD_IMAGE=docker.io/library/ubuntu:jammy +make REF=${TAG} BUILD_IMAGE=docker.io/library/ubuntu:24.04 ``` diff --git a/rpm/README.md b/rpm/README.md index fc7e2f09..ffb5e9d6 100644 --- a/rpm/README.md +++ b/rpm/README.md @@ -9,7 +9,7 @@ repository. Afterwards test if you can actually build the release with (for example): ```bash -make REF=${TAG} docker.io/library/centos:7 +make REF=${TAG} quay.io/centos/centos:stream9 ``` If you can actually build the package then start prepping @@ -31,11 +31,11 @@ VERSION is already there. Releases can then be built with: ```bash -make REF=${TAG} docker.io/library/centos:7 +make REF=${TAG} quay.io/centos/centos:stream9 ``` or ```bash -make REF=${TAG} BUILD_IMAGE=docker.io/library/centos:7 +make REF=${TAG} BUILD_IMAGE=quay.io/centos/centos:stream9 ``` From 57ad06253a57489ebfb3934185aa29824dc2a342 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Wed, 12 Jun 2024 17:24:24 +0200 Subject: [PATCH 6/7] rpm: update macros used in spec Replace some for their equivalent macros. See the [rpm docs for Fedora][1] - `%{_builddir}` is the equivalent of `%{_topdir}/BUILD` - `%{_sourcedir}` is the equivalent of `%{_topdir}/SOURCES` [1]: https://docs.fedoraproject.org/en-US/packaging-guidelines/RPMMacros/#_macros_set_for_the_rpm_and_srpm_build_process Signed-off-by: Sebastiaan van Stijn (cherry picked from commit 4fd01c25df92d2c1cae5cbd77a173f382c2db923) Signed-off-by: Sebastiaan van Stijn --- rpm/containerd.spec | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/rpm/containerd.spec b/rpm/containerd.spec index 0eb14be1..50dee118 100644 --- a/rpm/containerd.spec +++ b/rpm/containerd.spec @@ -81,23 +81,23 @@ low-level storage and network attachments, etc. %prep -rm -rf %{_topdir}/BUILD/ -if [ ! -d %{_topdir}/SOURCES/containerd ]; then +rm -rf %{_builddir} +if [ ! -d %{_sourcedir}/containerd ]; then # Copy over our source code from our gopath to our source directory - cp -rf /go/src/%{import_path} %{_topdir}/SOURCES/containerd; + cp -rf /go/src/%{import_path} %{_sourcedir}/containerd; fi # symlink the go source path to our build directory -ln -s /go/src/%{import_path} %{_topdir}/BUILD +ln -s /go/src/%{import_path} %{_builddir} -if [ ! -d %{_topdir}/SOURCES/runc ]; then +if [ ! -d %{_sourcedir}/runc ]; then # Copy over our source code from our gopath to our source directory - cp -rf /go/src/github.com/opencontainers/runc %{_topdir}/SOURCES/runc + cp -rf /go/src/github.com/opencontainers/runc %{_sourcedir}/runc fi -cd %{_topdir}/BUILD/ +cd %{_builddir} %build -cd %{_topdir}/BUILD +cd %{_builddir} make man BUILDTAGS="" @@ -117,11 +117,11 @@ rm -f bin/containerd-stress bin/containerd --version bin/ctr --version -make -C /go/src/github.com/opencontainers/runc BINDIR=%{_topdir}/BUILD/bin runc install +make -C /go/src/github.com/opencontainers/runc BINDIR=%{_builddir}/bin runc install %install -cd %{_topdir}/BUILD +cd %{_builddir} mkdir -p %{buildroot}%{_bindir} install -D -m 0755 bin/* %{buildroot}%{_bindir} install -D -m 0644 %{S:1} %{buildroot}%{_unitdir}/containerd.service From 8ef2340e402e25c507208a8fb9e260e6818ec0c2 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Wed, 7 Aug 2024 00:20:00 +0200 Subject: [PATCH 7/7] deb, rpm: fix runc using incorrect version runc v1.1.13 introduced an option to customize the version (as printed by the `--version` flag) through a `VERSION` Make variable / environment variable (see [1]). This variable collided with the `VERSION` environment variable used by containerd for the same purpose, which lead to `runc` binaries built using the version of containerd; runc --version runc version 1.7.20 commit: v1.1.13-0-g58aa9203 ... This patch explicitly sets the `VERSION` variable to the version of runc being built when building the binary. [1]: https://github.com/opencontainers/runc/commit/6f4d975c402d7848f5097f53c18000aa42581def Signed-off-by: Sebastiaan van Stijn (cherry picked from commit 1d9c0d6c27561743a32732b591ac680941746f8e) Signed-off-by: Sebastiaan van Stijn --- debian/rules | 3 ++- rpm/containerd.spec | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/debian/rules b/debian/rules index 42601f0d..c7a14cd0 100755 --- a/debian/rules +++ b/debian/rules @@ -44,7 +44,8 @@ binaries: ## Create containerd binaries rm -f bin/containerd-stress bin/runc: - @set -x; make -C /go/src/github.com/opencontainers/runc --no-print-directory \ + # Unset the VERSION variable as it's meant for containerd's version, not runc. + @set -x; env -u VERSION make -C /go/src/github.com/opencontainers/runc --no-print-directory \ BINDIR="$$(pwd)/bin" \ runc install diff --git a/rpm/containerd.spec b/rpm/containerd.spec index 50dee118..eed0b089 100644 --- a/rpm/containerd.spec +++ b/rpm/containerd.spec @@ -117,7 +117,8 @@ rm -f bin/containerd-stress bin/containerd --version bin/ctr --version -make -C /go/src/github.com/opencontainers/runc BINDIR=%{_builddir}/bin runc install +# Unset the VERSION variable as it's meant for containerd's version, not runc. +env -u VERSION make -C /go/src/github.com/opencontainers/runc BINDIR=%{_builddir}/bin runc install %install