diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index d825166b..bbe9c8d9 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -31,6 +31,7 @@ jobs: name: - docker-engine - docker-cli + - containerd - buildx - compose - credential-helpers diff --git a/common/vars.mk b/common/vars.mk index 008ac4ab..165b3009 100644 --- a/common/vars.mk +++ b/common/vars.mk @@ -22,12 +22,14 @@ export PKG_PACKAGER ?= Docker export DOCKER_ENGINE_REPO ?= https://github.com/docker/docker.git export DOCKER_CLI_REPO ?= https://github.com/docker/cli.git +export CONTAINERD_REPO ?= https://github.com/containerd/containerd.git export BUILDX_REPO ?= https://github.com/docker/buildx.git export COMPOSE_REPO ?= https://github.com/docker/compose.git export CREDENTIAL_HELPERS_REPO ?= https://github.com/docker/docker-credential-helpers.git export DOCKER_ENGINE_VERSION ?= v20.10.17 export DOCKER_CLI_VERSION ?= v20.10.17 +export CONTAINERD_VERSION ?= v1.6.8 export BUILDX_VERSION ?= v0.9.1 export COMPOSE_VERSION ?= v2.10.2 export CREDENTIAL_HELPERS_VERSION ?= v0.7.0-beta.1 diff --git a/pkg/containerd/.dockerignore b/pkg/containerd/.dockerignore new file mode 100644 index 00000000..5e56e040 --- /dev/null +++ b/pkg/containerd/.dockerignore @@ -0,0 +1 @@ +/bin diff --git a/pkg/containerd/.gitignore b/pkg/containerd/.gitignore new file mode 100644 index 00000000..5e56e040 --- /dev/null +++ b/pkg/containerd/.gitignore @@ -0,0 +1 @@ +/bin diff --git a/pkg/containerd/Dockerfile b/pkg/containerd/Dockerfile new file mode 100644 index 00000000..e41be751 --- /dev/null +++ b/pkg/containerd/Dockerfile @@ -0,0 +1,340 @@ +# syntax=docker/dockerfile:1 + +# Copyright 2022 Docker Packaging authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ARG XX_VERSION="1.1.2" +ARG ALPINE_VERSION="3.16" +ARG DEBIAN_FRONTEND="noninteractive" + +ARG MD2MAN_VERSION="v2.0.1" +ARG RUNC_REPO="https://github.com/opencontainers/runc.git" + +# go +ARG GO_IMAGE="golang" +ARG GO_VERSION="1.18.5" +ARG GO_IMAGE_VARIANT="buster" + +# pkg matrix +ARG PKG_RELEASE="debian11" +ARG PKG_TYPE="deb" +ARG PKG_DISTRO="debian" +ARG PKG_SUITE="bullseye" +ARG PKG_BASE_IMAGE="debian:bullseye" + +# deb specific +ARG PKG_DEB_EPOCH="5" +ARG PKG_DEB_REVISION="0" + +# rpm specific +ARG PKG_RPM_RELEASE="1" + +# cross compilation helper +FROM --platform=$BUILDPLATFORM tonistiigi/xx:${XX_VERSION} AS xx + +# go base image to retrieve /usr/local/go +FROM --platform=$BUILDPLATFORM ${GO_IMAGE}:${GO_VERSION}-${GO_IMAGE_VARIANT} AS go + +# md2man +FROM go AS go-md2man +ARG GOPROXY="direct" +ARG GO111MODULE="on" +ARG MD2MAN_VERSION +RUN go install github.com/cpuguy83/go-md2man/v2@${MD2MAN_VERSION} + +# dummy stage for unsupported platforms +FROM --platform=$BUILDPLATFORM busybox AS builder-dummy +RUN mkdir -p /out +FROM scratch AS build-dummy +COPY --from=builder-dummy /out /out + +# base stage for fetching sources and create final release +FROM --platform=$BUILDPLATFORM alpine:${ALPINE_VERSION} AS base +RUN apk add --no-cache bash curl file git zip tar + +FROM base AS src +WORKDIR /src +ARG CONTAINERD_REPO +RUN git init . && git remote add origin "${CONTAINERD_REPO}" +ARG CONTAINERD_VERSION +RUN git fetch origin "${CONTAINERD_VERSION}" +refs/heads/*:refs/remotes/origin/* +refs/tags/*:refs/tags/* && git checkout -q FETCH_HEAD + +FROM base AS src-tgz +RUN --mount=from=src,source=/src,target=/containerd \ + mkdir /out && tar -C / -zcf /out/containerd.tgz --exclude .git containerd + +FROM base AS runc-src +WORKDIR /src +ARG RUNC_REPO +ARG RUNC_VERSION +RUN git init . && git remote add origin "${RUNC_REPO}" +RUN --mount=from=src,source=/src,target=/containerd < /internal/containerd.service + export GO_SRC_PATH=$GOPATH/src/github.com/containerd/containerd + export CONTAINERD_REVISION=$(git --git-dir ./containerd/.git rev-parse HEAD) + xx-go --wrap + set -x + chmod -x debian/compat debian/control debian/copyright debian/manpages + dpkg-buildpackage -us -uc + pkgoutput="/out/${PKG_DISTRO}/${PKG_SUITE}/$(xx-info arch)" + if [ -n "$(xx-info variant)" ]; then + pkgoutput="${pkgoutput}/$(xx-info variant)" + fi + mkdir -p "${pkgoutput}" + cp /root/${PKG_NAME}* ${pkgoutput}/ +EOT + +FROM build-dummy AS builder-deb-darwin +FROM build-deb AS builder-deb-linux +FROM build-dummy AS builder-deb-windows +FROM builder-deb-${TARGETOS} AS builder-deb + +# rpm +FROM --platform=$BUILDPLATFORM ${PKG_BASE_IMAGE} AS build-base-rpm +COPY --from=xx / / +ENV GOPROXY="https://proxy.golang.org|direct" +ENV GOPATH="/go" +ENV PATH="$PATH:/usr/local/go/bin:$GOPATH/bin" +COPY --from=go-md2man /go/bin/go-md2man $GOPATH/bin/go-md2man +ARG PKG_RELEASE +RUN < /root/.rpmmacros + case "$PKG_RELEASE" in + centos7|oraclelinux7) + yum-builddep -y /root/rpmbuild/SPECS/*.spec + ;; + *) + dnf builddep -y /root/rpmbuild/SPECS/*.spec + ;; + esac +EOT +WORKDIR /root/rpmbuild +COPY --from=src-tgz /out/containerd.tgz ./SOURCES/ +COPY --from=runc-src-tgz /out/runc.tgz ./SOURCES/ +ARG CONTAINERD_VERSION +ARG PKG_RELEASE +ARG PKG_DISTRO +ARG PKG_SUITE +ARG PKG_PACKAGER +ARG PKG_RPM_RELEASE +ARG SOURCE_DATE_EPOCH +RUN --mount=source=internal,target=/internal,rw \ + --mount=type=bind,from=src,source=/src,target=/usr/local/src/containerd,rw \ + --mount=type=bind,from=runc-src,source=/src,target=/go/src/github.com/opencontainers/runc,rw \ + --mount=type=bind,from=go,source=/usr/local/go,target=/usr/local/go \ + --mount=type=cache,target=/root/.cache \ + --mount=type=cache,target=/go/pkg/mod < /internal/containerd.service + cp /internal/* ./SOURCES/ + rpmVersion=${CONTAINERD_VERSION#v} + rpmVersion=$(echo $rpmVersion | sed "s/-/~/") + xx-go --wrap + set -x + rpmbuild -ba \ + --define "_version ${rpmVersion}" \ + --define "_origversion ${CONTAINERD_VERSION#v}" \ + --define "_release $PKG_RPM_RELEASE" \ + --define "_commit $(git --git-dir /usr/local/src/containerd/.git rev-parse HEAD)" \ + /root/rpmbuild/SPECS/*.spec + pkgoutput="/out/${PKG_DISTRO}/${PKG_SUITE}/$(xx-info arch)" + if [ -n "$(xx-info variant)" ]; then + pkgoutput="${pkgoutput}/$(xx-info variant)" + fi + mkdir -p "${pkgoutput}" + cp ./RPMS/*/*.* ./SRPMS/* ${pkgoutput}/ +EOT + +FROM build-dummy AS builder-rpm-darwin +FROM build-rpm AS builder-rpm-linux +FROM build-dummy AS builder-rpm-windows +FROM builder-rpm-${TARGETOS} AS builder-rpm + +# static +FROM --platform=$BUILDPLATFORM ${PKG_BASE_IMAGE} AS build-base-static +COPY --from=xx / / +ARG DEBIAN_FRONTEND +RUN apt-get update && apt-get install -y --no-install-recommends clang dpkg-dev file git lld llvm make pkg-config +ENV GOPROXY="https://proxy.golang.org|direct" +ENV GOPATH="/go" +ENV PATH="$PATH:/usr/local/go/bin:$GOPATH/bin" +ENV GO111MODULE="off" +ENV CGO_ENABLED="1" +ARG TARGETPLATFORM +RUN xx-apt-get install -y binutils dpkg-dev g++ gcc libbtrfs-dev libseccomp-dev libsecret-1-dev pkg-config + +FROM build-base-static AS build-static +ARG TARGETPLATFORM +ARG DOCKER_CLI_VERSION +ARG CGO_ENABLED +WORKDIR /go/src/github.com/containerd/containerd +RUN --mount=type=bind,from=src,source=/src,target=.,rw \ + --mount=type=bind,from=go,source=/usr/local/go,target=/usr/local/go,rw \ + --mount=type=cache,target=/root/.cache \ + --mount=type=cache,target=/go/pkg/mod < Thu, 25 Aug 2022 22:38:41 +0000 + +containerd.io (1.6.7-1) release; urgency=medium + + * Update containerd to v1.6.7 + * Update runc to v1.1.3 + * Update Golang runtime to 1.17.13 to address CVE-2022-32189 + + -- Sebastiaan van Stijn Thu, 04 Aug 2022 22:28:30 +0000 + +containerd.io (1.6.6-1) release; urgency=high + + * Update containerd to v1.6.6 to address CVE-2022-31030 + + -- Sebastiaan van Stijn Mon, 06 Jun 2022 20:45:21 +0000 + +containerd.io (1.6.5-1) release; urgency=medium + + * Update containerd to v1.6.5 + * Update runc to v1.1.2 + * Update Golang runtime to 1.17.11 + + -- Sebastiaan van Stijn Sat, 04 Jun 2022 20:56:32 +0000 + +containerd.io (1.6.4-1) release; urgency=medium + + * Update containerd to v1.6.4 + + -- Sebastiaan van Stijn Wed, 04 May 2022 09:04:53 +0000 + +containerd.io (1.6.3-1) release; urgency=medium + + * Update containerd to v1.6.3 + * Update runc to v1.1.1 + * Update Golang runtime to 1.17.9 + + -- Sebastiaan van Stijn Thu, 28 Apr 2022 10:24:07 +0000 + +containerd.io (1.6.2-1) release; urgency=medium + + * Update containerd to v1.6.2 + * Update runc to v1.1.0 + + -- Sebastiaan van Stijn Sun, 27 Mar 2022 22:56:51 +0000 + +containerd.io (1.5.11-1) release; urgency=high + + * Update containerd to v1.5.11 to address CVE-2022-24769 + + -- Sebastiaan van Stijn Wed, 23 Mar 2022 18:05:21 +0000 + +containerd.io (1.5.10-1) release; urgency=medium + + * Update containerd to v1.5.10 + * Update Golang runtime to 1.17.8 + + -- Sebastiaan van Stijn Fri, 04 Mar 2022 17:47:48 +0000 + +containerd.io (1.4.13-1) release; urgency=high + + * Update containerd to v1.4.13 to address CVE-2022-23648 + * Update runc to v1.0.3 + * Update Golang runtime to 1.16.15 + + -- Sebastiaan van Stijn Thu, 03 Mar 2022 21:09:12 +0000 + +containerd.io (1.4.12-1) release; urgency=high + + * Update containerd to v1.4.12 to address CVE-2021-41190 + * Update Golang runtime to 1.16.10 + + -- Sebastiaan van Stijn Wed, 17 Nov 2021 18:48:28 +0000 + +containerd.io (1.4.11-1) release; urgency=high + + * Update to containerd 1.4.11 to address CVE-2021-41103 + + -- Sebastiaan van Stijn Mon, 04 Oct 2021 11:20:49 +0000 + +containerd.io (1.4.10-1) release; urgency=medium + + * Update to containerd 1.4.10 + * Update runc to v1.0.2 + * Update Golang runtime to 1.16.8 + + -- Sebastiaan van Stijn Thu, 30 Sep 2021 15:21:28 +0000 + +containerd.io (1.4.9-1) release; urgency=medium + + * Update to containerd 1.4.9 + * Update runc to v1.0.1 + + -- Sebastiaan van Stijn Thu, 29 Jul 2021 20:43:55 +0000 + +containerd.io (1.4.8-1) release; urgency=high + + * Update to containerd 1.4.8 to address CVE-2021-32760 + + -- Sebastiaan van Stijn Mon, 19 Jul 2021 19:03:08 +0000 + +containerd.io (1.4.7-1) release; urgency=medium + + * Update to containerd 1.4.7 + * Update runc to v1.0.0 + * Update Golang runtime to 1.15.14 + + -- Sebastiaan van Stijn Mon, 19 Jul 2021 09:30:34 +0000 + +containerd.io (1.4.6-1) release; urgency=high + + * Update to containerd 1.4.6 + * Update runc to v1.0.0-rc95 to address CVE-2021-30465. + + -- Sebastiaan van Stijn Fri, 21 May 2021 07:30:42 +0000 + +containerd.io (1.4.5-1) release; urgency=medium + + * Update to containerd 1.4.5 + * Update runc to v1.0.0-rc94 + + -- Sebastiaan van Stijn Wed, 12 May 2021 08:29:50 +0000 + +containerd.io (1.4.4-1) release; urgency=high + + * Update to containerd 1.4.4 to address CVE-2021-21334. + + -- Wei Fu Mon, 08 Mar 2021 14:14:44 +0000 + +containerd.io (1.4.3-2) release; urgency=medium + + * Update runc to v1.0.0-rc93 + + -- Tibor Vass Wed, 03 Mar 2021 01:45:49 +0000 + +containerd.io (1.4.3-1) release; urgency=high + + * Update to containerd 1.4.3 to address CVE-2020-15257. + + -- Sebastiaan van Stijn Wed, 02 Dec 2020 14:33:09 +0000 + +containerd.io (1.4.2-1) release; urgency=medium + + * Update to containerd 1.4.2 + + -- Sebastiaan van Stijn Thu, 26 Nov 2020 13:34:04 +0000 + +containerd.io (1.4.1-1) release; urgency=medium + + * Update to containerd 1.4.1 + * Update Golang runtime to 1.13.15 + + -- Tibor Vass Tue, 06 Oct 2020 21:36:54 +0000 + +containerd.io (1.3.7-1) release; urgency=medium + + * Update to containerd 1.3.7 + * Update Golang runtime to 1.13.12. + + -- Sebastiaan van Stijn Wed, 09 Sep 2020 15:40:28 +0000 + +containerd.io (1.2.13-2) release; urgency=medium + + * Build packages for Ubuntu 20.04 + * Include man pages + * Add libseccomp as required dependency + + -- Sebastiaan van Stijn Fri, 01 May 2020 23:41:28 +0000 + +containerd.io (1.2.13-1) release; urgency=medium + + * Update to containerd 1.2.13, which fixes a regression introduced in v1.2.12 + that caused container/shim to hang on single core machines, and fixes an issue + with blkio. + * Update Golang runtime to 1.12.17. + + -- Sebastiaan van Stijn Mon, 17 Feb 2020 10:46:04 +0000 + +containerd.io (1.2.12-1) release; urgency=medium + + * Update the runc vendor to v1.0.0-rc10 which includes a mitigation for + CVE-2019-19921. + * Update the opencontainers/selinux which includes a mitigation for + CVE-2019-16884. + * Update Golang runtime to 1.12.16, mitigating the CVE-2020-0601 + certificate verification bypass on Windows, and CVE-2020-7919, + which only affects 32-bit architectures. + * A fix to prevent SIGSEGV when starting containerd-shim + * Fix to prevent high system load/CPU utilization with liveness and readiness + probes + * Fix to prevent docker exec hanging if an earlier docker exec left a zombie + process + * CRI: Update the gopkg.in/yaml.v2 vendor to v2.2.8 with a mitigation for + CVE-2019-11253 + + -- Derek McGowan Tue, 04 Feb 2020 9:43:30 +0000 + +containerd.io (1.2.11-2) release; urgency=medium + + * Update Golang runtime to 1.12.15, which includes fixes in the net/http package + and the runtime on ARM64 + + -- Sebastiaan van Stijn Fri, 24 Jan 2020 14:42:35 +0000 + +containerd.io (1.2.11-1) release; urgency=medium + + * Update the runc vendor to v1.0.0-rc9 which includes an additional + mitigation for CVE-2019-16884 + * Add local-fs.target to service file to fix corrupt image after unexpected + host reboot + * Update Golang runtime to 1.12.13, which includes security fixes to the + crypto/dsa package made in Go 1.12.11 (CVE-2019-17596), and fixes to the + go command, runtime, syscall and net packages (Go 1.12.12) + * CRI: Fix shim delete error code to avoid unnecessary retries in the CRI plugin + + -- Evan Hazlett Thu, 9 Jan 2020 20:40:43 +0000 + +containerd.io (1.2.10-3) release; urgency=medium + + * Added explicit --restart-after-upgrade to dh_systemd_start due to + containerd services failing to restart automatically after an + upgrade from 1.2.X -> 1.2.10 + + -- Eli Uriegas Thu, 17 Oct 2019 02:46:43 +0000 + +containerd.io (1.2.10-2) release; urgency=high + + * build with Go 1.12.10 + + -- Eli Uriegas Mon, 07 Oct 2019 23:57:42 +0000 + +containerd.io (1.2.10-1) release; urgency=high + + * containerd 1.2.10 release + * Bump runc to 3e425f80a8c931f88e6d94a8c831b9d5aa481657 (1.0.0-rc8 + CVE-2019-16884) + * Addresses CVE-2019-16884 (AppArmor bypass) + + -- Eli Uriegas Thu, 26 Sep 2019 20:58:57 +0000 + +containerd.io (1.2.9-1) release; urgency=high + + * containerd 1.2.9 release + * Addresses CVE-2019-9512 (Ping Flood), CVE-2019-9514 (Reset Flood), and + CVE-2019-9515 (Settings Flood). + + -- Eli Uriegas Fri, 06 Sep 2019 20:04:44 +0000 + +containerd.io (1.2.8-1) release; urgency=medium + + * containerd 1.2.8 release + * build with Go 1.12.9 + + -- Sebastiaan van Stijn Tue, 27 Aug 2019 22:40:56 +0000 + +containerd.io (1.2.6-4) release; urgency=high + + * build with Go 1.11.13 (CVE-2019-9512, CVE-2019-9514) + + -- Sebastiaan van Stijn Thu, 15 Aug 2019 21:02:17 +0000 + +containerd.io (1.2.6-3) release; urgency=medium + + * move runc from /usr/sbin to /usr/bin + + -- Eli Uriegas Wed, 12 Jun 2019 19:42:39 +0000 + +containerd.io (1.2.6-2) release; urgency=medium + + * update runc to v1.0.0-rc8 + + -- Sebastiaan van Stijn Fri, 26 Apr 2019 00:59:05 +0000 + +containerd.io (1.2.6-1) release; urgency=medium + + * containerd 1.2.6 release + * update runc to 029124da7af7360afa781a0234d1b083550f797c + * build with Go 1.11.8 + + -- Sebastiaan van Stijn Wed, 09 Apr 2019 19:19:23 +0000 + +containerd.io (1.2.5-1) release; urgency=medium + + * containerd 1.2.5 release + * update runc to 2b18fe1d885ee5083ef9f0838fee39b62d653e30 + * build with Go 1.11.5 + + -- Sebastiaan van Stijn Thu, 14 Mar 2019 09:23:34 +0000 + +containerd.io (1.2.4-1) release; urgency=medium + + * containerd 1.2.4 release + * update runc to 6635b4f0c6af3810594d2770f662f34ddc15b40d + + -- Sebastiaan van Stijn Fri, 15 Feb 2019 00:56:08 +0000 + +containerd.io (1.2.2-3) release; urgency=high + + * [runc -> 09c8266] nsenter: clone /proc/self/exe to avoid exposing + host binary to container (CVE-2019-5736) + + -- Eli Uriegas Thu, 31 Jan 2019 22:30:30 +0000 + +containerd.io (1.2.2-2) release; urgency=medium + + * update runc to f7491ef134a6c41f3a99b0b539835d2472d17012 + + -- Eli Uriegas Fri, 18 Jan 2019 00:12:35 +0000 + +containerd.io (1.2.2-1) release; urgency=medium + + * containerd 1.2.2 release + + -- Andrew Hsu Tue, 08 Jan 2019 00:43:52 +0000 + +containerd.io (1.2.1-1) release; urgency=medium + + * containerd 1.2.1 release + * update runc to 96ec2177ae841256168fcf76954f7177af9446eb + + -- Andrew Hsu Thu, 06 Dec 2018 00:50:40 +0000 + +containerd.io (1.2.1~rc.0.1) release; urgency=medium + + * containerd 1.2.1-rc.0 release + * update runc to 10d38b660a77168360df3522881e2dc2be5056bd + + -- Sebastiaan van Stijn Tue, 27 Nov 2018 19:28:52 +0000 + +containerd.io (1.2.0-1) release; urgency=medium + + * containerd 1.2.0 release + + -- Eli Uriegas Mon, 05 Nov 2018 20:04:34 +0000 + +containerd.io (1.2.0~rc.2-1) release; urgency=medium + + * containerd 1.2.0-rc.2 release + + -- Eli Uriegas Tue, 16 Oct 2018 20:56:54 +0000 + +containerd.io (1.2.0~rc.1-1) release; urgency=medium + + * containerd 1.2.0-rc.1 release + * Set Tasks=infinity in the systemd service file + + -- Eli Uriegas Fri, 05 Oct 2018 16:54:33 +0000 + +containerd.io (1.2.0~rc.0-1) release; urgency=medium + + * containerd 1.2.0-rc.0 release + + -- Eli Uriegas Tue, 25 Sep 2018 20:36:38 +0000 + +containerd.io (1.2.0~beta.2-2) release; urgency=medium + + * Removed offline installer for runc, package as a binary instead + + -- Eli Uriegas Fri, 14 Sep 2018 09:22:21 -0700 + +containerd.io (1.2.0~beta.2-1) release; urgency=medium + + * containerd 1.2.0 beta.2 release + + -- Andrew Hsu Tue, 28 Aug 2018 22:21:48 +0000 + +containerd.io (1.2.0~beta.0-1) release; urgency=medium + + * Initial release + + -- Eli Uriegas Thu, 16 Aug 2018 16:54:35 +0000 diff --git a/pkg/containerd/deb/compat b/pkg/containerd/deb/compat new file mode 100644 index 00000000..f599e28b --- /dev/null +++ b/pkg/containerd/deb/compat @@ -0,0 +1 @@ +10 diff --git a/pkg/containerd/deb/control b/pkg/containerd/deb/control new file mode 100644 index 00000000..2a90214b --- /dev/null +++ b/pkg/containerd/deb/control @@ -0,0 +1,21 @@ +Source: containerd.io +Section: devel +Priority: optional +Maintainer: Containerd team +Build-Depends: libbtrfs-dev | btrfs-tools , + debhelper (>= 10~) | dh-systemd, + pkg-config, + libseccomp-dev +Standards-Version: 4.1.4 +Homepage: https://containerd.io +Vcs-Browser: https://github.com/containerd/containerd +XS-Go-Import-Path: github.com/containerd/containerd + +Package: containerd.io +Architecture: any +Depends: ${misc:Depends}, + ${shlibs:Depends} +Provides: containerd, runc +Conflicts: containerd, runc +Replaces: containerd, runc +Description: An open and reliable container runtime diff --git a/pkg/containerd/deb/copyright b/pkg/containerd/deb/copyright new file mode 100644 index 00000000..db2ad6c6 --- /dev/null +++ b/pkg/containerd/deb/copyright @@ -0,0 +1,28 @@ +Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Upstream-Name: containerd +Source: https://github.com/containerd/containerd + +Files: * +Copyright: 2015 containerd +License: Apache-2.0 + +Files: debian/* +Copyright: 2018 Eli Uriegas +License: Apache-2.0 +Comment: Debian packaging is licensed under the same terms as upstream + +License: Apache-2.0 + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + . + http://www.apache.org/licenses/LICENSE-2.0 + . + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + . + On Debian systems, the complete text of the Apache version 2.0 license + can be found in "/usr/share/common-licenses/Apache-2.0". diff --git a/pkg/containerd/deb/manpages b/pkg/containerd/deb/manpages new file mode 100644 index 00000000..85c5e001 --- /dev/null +++ b/pkg/containerd/deb/manpages @@ -0,0 +1 @@ +man/* diff --git a/pkg/containerd/deb/rules b/pkg/containerd/deb/rules new file mode 100755 index 00000000..f902b6cd --- /dev/null +++ b/pkg/containerd/deb/rules @@ -0,0 +1,64 @@ +#!/usr/bin/make -f + +# Copyright 2018-2022 Docker Inc. + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +%: + dh $@ --with systemd + +# GO_SRC_PATH and PKG_NAME are defined in the dockerfile +# VERSION and REF are defined in scripts/build-deb +# TODO remove custom PREFIX variable once containerd release/1.4 and release/1.5 +# are obsolete. See https://github.com/containerd/containerd/commit/b5f530a157 +binaries: ## Create containerd binaries + @set -x; GO111MODULE=auto make -C $(GO_SRC_PATH) --no-print-directory \ + DESTDIR="$$(pwd)" \ + PREFIX="" \ + VERSION=$${CONTAINERD_VERSION} \ + REVISION=$${CONTAINERD_REVISION} \ + PACKAGE=$${PKG_NAME} \ + binaries install + + # Remove containerd-stress, as we're not shipping it as part of the packages + rm -f bin/containerd-stress + +bin/runc: + @set -x; GO111MODULE=auto make -C /go/src/github.com/opencontainers/runc --no-print-directory \ + BINDIR="$$(pwd)/bin" \ + runc install + +man: ## Create containerd man pages + @set -x; GO111MODULE=auto make -C $(GO_SRC_PATH) --no-print-directory man + + # copy the generated man pages instead of using "make install-man" to allow + # dh_installman doing its magic + install -d man + install -D -m 0644 $(GO_SRC_PATH)/man/* man + +# force packages to be built with xz compression, as Ubuntu 21.10 and up use +# zstd compression, which is non-standard, and breaks 'dpkg-sig --verify' +override_dh_builddeb: + dh_builddeb -- -Zxz + +override_dh_auto_build: binaries bin/runc man + +override_dh_systemd_start: + dh_systemd_start --restart-after-upgrade + sed -i 's/_dh_action=try-restart/_dh_action=restart/g' ./debian/containerd.io.postinst.debhelper + +override_dh_auto_install: binaries bin/runc man + mkdir -p debian/containerd.io/usr/bin + install -D -m 0755 bin/* debian/containerd.io/usr/bin + install -D -m 0644 /internal/containerd.service debian/containerd.io/lib/systemd/system/containerd.service + install -D -m 0644 /internal/containerd.toml debian/containerd.io/etc/containerd/config.toml diff --git a/pkg/containerd/deb/source/format b/pkg/containerd/deb/source/format new file mode 100644 index 00000000..d3827e75 --- /dev/null +++ b/pkg/containerd/deb/source/format @@ -0,0 +1 @@ +1.0 diff --git a/pkg/containerd/docker-bake.hcl b/pkg/containerd/docker-bake.hcl new file mode 100644 index 00000000..8ce2d08b --- /dev/null +++ b/pkg/containerd/docker-bake.hcl @@ -0,0 +1,175 @@ +// Copyright 2022 Docker Packaging authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +# Sets the containerd repo. Will be used to clone the repo at +# CONTAINERD_VERSION ref to include the README.md and LICENSE for the +# static packages and also create version string. +variable "CONTAINERD_REPO" { + default = "https://github.com/containerd/containerd.git" +} + +# Sets the containerd version to build from source. +variable "CONTAINERD_VERSION" { + default = "v1.6.8" +} + +# Sets Go image, version and variant to use for building +variable "GO_IMAGE" { + default = "" +} +variable "GO_VERSION" { + default = "" +} +variable "GO_IMAGE_VARIANT" { + default = "" +} + +# Sets the pkg name. +variable "PKG_NAME" { + default = "containerd.io" +} + +# Sets the list of package types to build: apk, deb, rpm or static +variable "PKG_TYPE" { + default = "static" +} + +# Sets release flavor. See packages.hcl and packages.mk for more details. +variable "PKG_RELEASE" { + default = "static" +} +target "_pkg-static" { + args = { + PKG_RELEASE = "" + PKG_TYPE = "static" + } +} + +# Sets the vendor/maintainer name (only for linux packages) +variable "PKG_VENDOR" { + default = "Docker" +} + +# Sets the name of the company that produced the package (only for linux packages) +variable "PKG_PACKAGER" { + default = "Docker " +} + +# Include an extra `.0` in the version, in case we ever would have to re-build +# an already published release with a packaging-only change. +variable "PKG_DEB_REVISION" { + default = "0" +} + +# rpm "Release:" field ($rpmRelease) is used to set the "_release" macro, which +# is an incremental number for builds of the same release (Version: / #rpmVersion) +# - Version: 0 : Package was built, but no matching upstream release (e.g., can be used for "nightly" builds) +# - Version: 1 : Package was built for an upstream (pre)release version +# - Version: > 1 : Only to be used for packaging-only changes (new package built for a version for which a package was already built/released) +variable "PKG_RPM_RELEASE" { + default = "1" +} + +# In case we want to set runc version to a specific version instead of using +# the one used by containerd +variable "RUNC_REPO" { + default = "https://github.com/opencontainers/runc.git" +} +variable "RUNC_VERSION" { + default = "" +} + +# Defines the output folder +variable "DESTDIR" { + default = "" +} +function "bindir" { + params = [defaultdir] + result = DESTDIR != "" ? DESTDIR : "./bin/${defaultdir}" +} + +# Defines cache scope for GitHub Actions cache exporter +variable "BUILD_CACHE_SCOPE" { + default = "" +} + +group "default" { + targets = ["pkg"] +} + +target "_common" { + inherits = ["_pkg-${PKG_RELEASE}"] + args = { + BUILDKIT_MULTI_PLATFORM = 1 + CONTAINERD_REPO = CONTAINERD_REPO + CONTAINERD_VERSION = CONTAINERD_VERSION + GO_IMAGE = GO_IMAGE + GO_VERSION = GO_VERSION + GO_IMAGE_VARIANT = GO_IMAGE_VARIANT + PKG_NAME = PKG_NAME + PKG_VENDOR = PKG_VENDOR + PKG_PACKAGER = PKG_PACKAGER + PKG_DEB_REVISION = PKG_DEB_REVISION + PKG_RPM_RELEASE = PKG_RPM_RELEASE + RUNC_REPO = RUNC_REPO + RUNC_VERSION = RUNC_VERSION + } + cache-from = [BUILD_CACHE_SCOPE != "" ? "type=gha,scope=${BUILD_CACHE_SCOPE}-${PKG_RELEASE}" : ""] + cache-to = [BUILD_CACHE_SCOPE != "" ? "type=gha,scope=${BUILD_CACHE_SCOPE}-${PKG_RELEASE}" : ""] +} + +target "_platforms" { + platforms = [ + "darwin/amd64", + "darwin/arm64", + "linux/amd64", + "linux/arm/v6", + "linux/arm/v7", + "linux/arm64", + "linux/ppc64le", + "linux/s390x", + "windows/amd64" + ] +} + +# $ PKG_RELEASE=debian11 docker buildx bake pkg +# $ docker buildx bake --set *.platform=linux/amd64 --set *.output=./bin pkg +target "pkg" { + inherits = ["_common"] + target = "pkg" + output = [bindir(PKG_RELEASE)] +} + +# Same as pkg but for all supported platforms +target "pkg-cross" { + inherits = ["pkg", "_platforms"] +} + +# Special target: https://github.com/docker/metadata-action#bake-definition +target "meta-helper" { + tags = ["dockereng/packaging:containerd-local"] +} + +# Create release image by using ./bin folder as named context. Therefore +# pkg-cross target must be run before using this target: +# $ PKG_RELEASE=debian11 docker buildx bake pkg-cross +# $ docker buildx bake release --push --set *.tags=docker/packaging:containerd-v1.6.8 +target "release" { + inherits = ["meta-helper", "_platforms"] + dockerfile = "../../common/release.Dockerfile" + target = "release" + contexts = { + bin-folder = "./bin" + } +} diff --git a/pkg/containerd/internal/containerd.toml b/pkg/containerd/internal/containerd.toml new file mode 100644 index 00000000..94003c7e --- /dev/null +++ b/pkg/containerd/internal/containerd.toml @@ -0,0 +1,31 @@ +# Copyright 2018-2022 Docker Inc. + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +disabled_plugins = ["cri"] + +#root = "/var/lib/containerd" +#state = "/run/containerd" +#subreaper = true +#oom_score = 0 + +#[grpc] +# address = "/run/containerd/containerd.sock" +# uid = 0 +# gid = 0 + +#[debug] +# address = "/run/containerd/debug.sock" +# uid = 0 +# gid = 0 +# level = "info" diff --git a/pkg/containerd/rpm/containerd.spec b/pkg/containerd/rpm/containerd.spec new file mode 100644 index 00000000..dde08804 --- /dev/null +++ b/pkg/containerd/rpm/containerd.spec @@ -0,0 +1,380 @@ +BuildRoot: /root/.tmp/rpmrebuild.95/work/root +AutoProv: no +%undefine __find_provides +AutoReq: no +%undefine __find_requires + +%undefine __check_files +%undefine __find_prereq +%undefine __find_conflicts +%undefine __find_obsoletes + +# Build policy set to nothing +%define __spec_install_post %{nil} +# For rmp-4.1 +%define __missing_doc_files_terminate_build 0 + +%bcond_without ctr +%bcond_with debug + +%if %{with debug} +%global _dwz_low_mem_die_limit 0 +%else +%global debug_package %{nil} +%endif + +%define SHA256SUM0 08f057ece7e518b14cce2e9737228a5a899a7b58b78248a03e02f4a6c079eeaf +%global import_path github.com/containerd/containerd +%global gopath %{getenv:GOPATH} + +Name: containerd.io +Provides: containerd +# For some reason on rhel >= 8 if we "provide" runc then it makes this package unsearchable +%if %{undefined rhel} || 0%{?rhel} < 8 +Provides: runc +%endif + +# Obsolete packages +Obsoletes: containerd +Obsoletes: runc + +# Conflicting packages +Conflicts: containerd +Conflicts: runc + +Version: %{_version} +Release: %{_release}%{?dist} +Summary: An industry-standard container runtime +License: ASL 2.0 +URL: https://containerd.io +Source0: containerd.tgz +Source1: containerd.service +Source2: containerd.toml +Source3: runc.tgz +# container-selinux isn't a thing in suse flavors +%if %{undefined suse_version} +# amazonlinux2 doesn't have container-selinux either +%if "%{?dist}" != ".amzn2" +Requires: container-selinux >= 2:2.74 +%endif +Requires: libseccomp +%else +# SUSE flavors do not have container-selinux, +# and libseccomp is named libseccomp2 +Requires: libseccomp2 +%endif +BuildRequires: make +BuildRequires: gcc +BuildRequires: systemd +BuildRequires: libseccomp-devel + +%if %{undefined rhel} || 0%{?rhel} < 8 +%if %{defined suse_version} +# SUSE flavors +BuildRequires: libbtrfs-devel +%else +# Fedora / others, and CentOS/RHEL < 8 +BuildRequires: btrfs-progs-devel +%endif +%endif + +%{?systemd_requires} + +%description +containerd is an industry-standard container runtime with an emphasis on +simplicity, robustness and portability. It is available as a daemon for Linux +and Windows, which can manage the complete container lifecycle of its host +system: image transfer and storage, container execution and supervision, +low-level storage and network attachments, etc. + + +%prep +rm -rf %{_topdir}/BUILD/ +if [ ! -d %{_topdir}/SOURCES/containerd ]; then + # Copy over our source code from our gopath to our source directory + cp -rf /go/src/%{import_path} %{_topdir}/SOURCES/containerd; +fi +# symlink the go source path to our build directory +ln -s /go/src/%{import_path} %{_topdir}/BUILD + +if [ ! -d %{_topdir}/SOURCES/runc ]; then + # Copy over our source code from our gopath to our source directory + cp -rf /go/src/github.com/opencontainers/runc %{_topdir}/SOURCES/runc +fi +cd %{_topdir}/BUILD/ + + +%build +cd %{_topdir}/BUILD +GO111MODULE=auto make man + +BUILDTAGS="" +%if %{defined rhel} && 0%{?rhel} >= 8 +# btrfs support was removed in CentOS/RHEL 8 +BUILDTAGS="${BUILDTAGS} no_btrfs" +%endif + +GO111MODULE=auto make -C /go/src/%{import_path} VERSION=%{_origversion} REVISION=%{_commit} PACKAGE=%{getenv:PKG_NAME} BUILDTAGS="${BUILDTAGS}" + +# Remove containerd-stress, as we're not shipping it as part of the packages +rm -f bin/containerd-stress +bin/containerd --version +bin/ctr --version + +GO111MODULE=auto make -C /go/src/github.com/opencontainers/runc BINDIR=%{_topdir}/BUILD/bin runc install + + +%install +cd %{_topdir}/BUILD +mkdir -p %{buildroot}%{_bindir} +install -D -m 0755 bin/* %{buildroot}%{_bindir} +install -D -m 0644 %{S:1} %{buildroot}%{_unitdir}/containerd.service +install -D -m 0644 %{S:2} %{buildroot}%{_sysconfdir}/containerd/config.toml + +# install manpages, taking into account that not all sections may be present +for i in $(seq 1 8); do + if ls man/*.${i} 1> /dev/null 2>&1; then + install -d %{buildroot}%{_mandir}/man${i}; + install -p -m 644 man/*.${i} %{buildroot}%{_mandir}/man${i}; + fi +done + +%post +%systemd_post containerd.service + + +%preun +%systemd_preun containerd.service + + +%postun +%systemd_postun_with_restart containerd.service + + +%files +%license LICENSE +%doc README.md +%{_bindir}/* +%{_unitdir}/containerd.service +%{_sysconfdir}/containerd +%{_mandir}/man*/* +%config(noreplace) %{_sysconfdir}/containerd/config.toml + + +%changelog +* Thu Aug 25 2022 Sebastiaan van Stijn - 1.6.8-3.1 +- Update containerd to v1.6.8 +- Update runc to v1.1.4 + +* Thu Aug 04 2022 Sebastiaan van Stijn - 1.6.7-3.1 +- Update containerd to v1.6.7 +- Update runc to v1.1.3 +- Update Golang runtime to 1.17.13 to address CVE-2022-32189 + +* Mon Jun 06 2022 Sebastiaan van Stijn - 1.6.6-3.1 +- Update containerd to v1.6.6 to address CVE-2022-31030 + +* Sat Jun 04 2022 Sebastiaan van Stijn - 1.6.5-3.1 +- Update containerd to v1.6.5 +- Update runc to v1.1.2 +- Update Golang runtime to 1.17.11 + +* Wed May 04 2022 Sebastiaan van Stijn - 1.6.4-3.1 +- Update containerd to v1.6.4 + +* Thu Apr 28 2022 Sebastiaan van Stijn - 1.6.3-3.1 +- Update containerd to v1.6.3 +- Update runc to v1.1.1 +- Update Golang runtime to 1.17.9 + +* Sun Mar 27 2022 Sebastiaan van Stijn - 1.6.2-3.1 +- Update containerd to v1.6.2 +- Update runc to v1.1.0 + +* Wed Mar 23 2022 Sebastiaan van Stijn - 1.5.11-3.1 +- Update containerd to v1.5.11 to address CVE-2022-24769 + +* Fri Mar 04 2022 Sebastiaan van Stijn - 1.5.10-3.1 +- Update containerd to v1.5.10 +- Update Golang runtime to 1.17.8 + +* Thu Mar 03 2022 Sebastiaan van Stijn - 1.4.13-3.1 +- Update containerd to v1.4.13 to address CVE-2022-23648 +- Update runc to v1.0.3 +- Update Golang runtime to 1.16.15 + +* Wed Nov 17 2021 Sebastiaan van Stijn - 1.4.12-3.1 +- Update containerd to v1.4.12 to address CVE-2021-41190 +- Update Golang runtime to 1.16.10 + +* Mon Oct 04 2021 Sebastiaan van Stijn - 1.4.11-3.1 +- Update to containerd 1.4.11 to address CVE-2021-41103 + +* Thu Sep 30 2021 Sebastiaan van Stijn - 1.4.10-3.1 +- Update to containerd 1.4.10 +- Update runc to v1.0.2 +- Update Golang runtime to 1.16.8 + +* Thu Jul 29 2021 Sebastiaan van Stijn - 1.4.9-3.1 +- Update to containerd 1.4.9 +- Update runc to v1.0.1 + +* Mon Jul 19 2021 Sebastiaan van Stijn - 1.4.8-3.1 +- Update to containerd 1.4.8 to address CVE-2021-32760 + +* Mon Jul 19 2021 Sebastiaan van Stijn - 1.4.7-3.1 +- Update to containerd 1.4.7 +- Update runc to v1.0.0 +- Update Golang runtime to 1.15.14 + +* Fri May 21 2021 Sebastiaan van Stijn - 1.4.6-3.1 +- Update to containerd 1.4.6 +- Update runc to v1.0.0-rc95 to address CVE-2021-30465. + +* Wed May 12 2021 Sebastiaan van Stijn - 1.4.5-3.1 +- Update to containerd 1.4.5 +- Update runc to v1.0.0-rc94 + +* Mon Mar 08 2021 Wei Fu - 1.4.4-3.1 +- Update to containerd 1.4.4 to address CVE-2021-21334. + +* Wed Mar 03 2021 Tibor Vass - 1.4.3-3.2 +- Update runc to v1.0.0-rc93 + +* Wed Dec 02 2020 Sebastiaan van Stijn - 1.4.3-3.1 +- Update to containerd 1.4.3 to address CVE-2020-15257. + +* Thu Nov 26 2020 Sebastiaan van Stijn - 1.4.2-3.1 +- Update to containerd 1.4.2 + +* Tue Oct 06 2020 Tibor Vass - 1.4.1-3.1 +- Update to containerd 1.4.1 +- Update Golang runtime to 1.13.15 + +* Wed Sep 09 2020 Sebastiaan van Stijn - 1.3.7-3.1 +- Update to containerd 1.3.7 +- Update Golang runtime to 1.13.12. + +* Fri May 01 2020 Sebastiaan van Stijn - 1.2.13-3.2 +- Build packages for RHEL-7 on s390x, CentOS 8, and Fedora 32 +- Add libseccomp as required dependency + +* Mon Feb 17 2020 Sebastiaan van Stijn - 1.2.13-3.1 +- Update to containerd 1.2.13, which fixes a regression introduced in v1.2.12 + that caused container/shim to hang on single core machines, and fixes an issue + with blkio. +- Update Golang runtime to 1.12.17. + +* Tue Feb 04 2020 Derek McGowan - 1.2.12-3.1 +- Update the runc vendor to v1.0.0-rc10 which includes a mitigation for + CVE-2019-19921. +- Update the opencontainers/selinux which includes a mitigation for + CVE-2019-16884. +- Update Golang runtime to 1.12.16, mitigating the CVE-2020-0601 + certificate verification bypass on Windows, and CVE-2020-7919, + which only affects 32-bit architectures. +- A fix to prevent SIGSEGV when starting containerd-shim +- Fix to prevent high system load/CPU utilization with liveness and readiness + probes +- Fix to prevent docker exec hanging if an earlier docker exec left a zombie + process +- CRI: Update the gopkg.in/yaml.v2 vendor to v2.2.8 with a mitigation for + CVE-2019-11253 + +* Fri Jan 24 2020 Sebastiaan van Stijn - 1.2.11-3.2 +- Update Golang runtime to 1.12.15, which includes fixes in the net/http package + and the runtime on ARM64 + +* Thu Jan 09 2020 Evan Hazlett - 1.2.11-3.1 +- Update the runc vendor to v1.0.0-rc9 which includes an additional + mitigation for CVE-2019-16884 +- Add local-fs.target to service file to fix corrupt image after unexpected + host reboot +- Update Golang runtime to 1.12.13, which includes security fixes to the + crypto/dsa package made in Go 1.12.11 (CVE-2019-17596), and fixes to the + go command, runtime, syscall and net packages (Go 1.12.12) +- CRI: Fix shim delete error code to avoid unnecessary retries in the CRI plugin + +* Mon Oct 07 2019 Eli Uriegas - 1.2.10-3.2 +- build with Go 1.12.10 + +* Thu Sep 26 2019 Eli Uriegas - 1.2.10-3.1 +- containerd 1.2.10 release +- Addresses CVE-2019-16884 (AppArmor bypass) +- Bump runc to 3e425f80a8c931f88e6d94a8c831b9d5aa481657 (1.0.0-rc8 + CVE-2019-16884) + +* Fri Sep 06 2019 Eli Uriegas - 1.2.9-3.1 +- containerd 1.2.9 release +- Addresses CVE-2019-9512 (Ping Flood), CVE-2019-9514 (Reset Flood), and CVE-2019-9515 (Settings Flood). + +* Tue Aug 27 2019 Sebastiaan van Stijn - 1.2.8-3.1 +- containerd 1.2.8 release +- build with Go 1.12.9 + +* Thu Aug 15 2019 Sebastiaan van Stijn - 1.2.6-3.5 +- build with Go 1.11.13 (CVE-2019-9512, CVE-2019-9514) + +* Tue Aug 13 2019 Eli Uriegas - 1.2.6-3.4 +- Do not "Provides: runc" for RHEL 8 + +* Tue Jun 11 2019 Kir Kolyshkin - 1.2.6-3.3 +- add requirement for container-selinux +- move runc binary to %_bindir + +* Fri Apr 26 2019 Sebastiaan van Stijn - 1.2.6-3.2 +- update runc to v1.0.0-rc8 + +* Tue Apr 09 2019 Sebastiaan van Stijn - 1.2.6-3.1 +- containerd 1.2.6 release +- update runc to 029124da7af7360afa781a0234d1b083550f797c +- build with Go 1.11.8 + +* Thu Mar 14 2019 Sebastiaan van Stijn - 1.2.5-3.1 +- containerd 1.2.5 release +- update runc to 2b18fe1d885ee5083ef9f0838fee39b62d653e30 +- build with Go 1.11.5 + +* Fri Feb 15 2019 Sebastiaan van Stijn - 1.2.4-3.1 +- containerd 1.2.4 release +- update runc to 6635b4f0c6af3810594d2770f662f34ddc15b40d + +* Thu Jan 31 2019 Eli Uriegas - 1.2.2-3.3 +- [runc -> 09c8266] nsenter: clone /proc/self/exe to avoid exposing + host binary to container (CVE-2019-5736) + +* Fri Jan 18 2019 Eli Uriegas - 1.2.2-3.2 +- update runc to f7491ef134a6c41f3a99b0b539835d2472d17012 + +* Tue Jan 08 2019 Andrew Hsu - 1.2.2-3.1 +- containerd 1.2.2 release + +* Thu Dec 06 2018 Andrew Hsu - 1.2.1-3.1 +- containerd 1.2.1 release +- update runc to 96ec2177ae841256168fcf76954f7177af9446eb + +* Tue Nov 27 2018 Sebastiaan van Stijn - 1.2.1-2.0.rc.0.1 +- containerd 1.2.1-rc.0 release +- update runc to 10d38b660a77168360df3522881e2dc2be5056bd + +* Mon Nov 05 2018 Eli Uriegas - 1.2.0-3.1 +- containerd 1.2.0 release + +* Tue Oct 16 2018 Eli Uriegas - 1.2.0-2.2.rc.2.1 +- containerd 1.2.0-rc.2 release + +* Fri Oct 05 2018 Eli Uriegas - 1.2.0-2.1.rc.1.1 +- containerd 1.2.0-rc.1 release +- Set Tasks=infinity in the systemd service file + +* Tue Sep 25 2018 Eli Uriegas - 1.2.0-2.0.rc.0.1 +- containerd 1.2.0-rc.0 release + +* Wed Sep 05 2018 Eli Uriegas - 1.2.0-1.2.beta.2.2 +- Hardcoded paths for libexec and var lib considering the macros are different on SUSE based distributions +- Removed offline installer for runc, package as a binary instead + +* Tue Aug 28 2018 Andrew Hsu - 1.2.0-1.2.beta.2.1 +- containerd 1.2.0 beta.2 + +* Thu Aug 16 2018 Eli Uriegas - 1.2.0-1.0.beta.0-1 +- Intial release