From 892466949416f71040ff062b36c9cc815ccc7e57 Mon Sep 17 00:00:00 2001 From: Eli Uriegas Date: Mon, 23 Apr 2018 20:45:34 +0000 Subject: [PATCH 001/128] Add initial rpm building materials Signed-off-by: Eli Uriegas --- pkg/containerd/rpm/containerd.spec | 166 +++++++++++++++++++++++++++++ 1 file changed, 166 insertions(+) create mode 100644 pkg/containerd/rpm/containerd.spec diff --git a/pkg/containerd/rpm/containerd.spec b/pkg/containerd/rpm/containerd.spec new file mode 100644 index 00000000..d7400f03 --- /dev/null +++ b/pkg/containerd/rpm/containerd.spec @@ -0,0 +1,166 @@ +%bcond_without ctr +%bcond_with debug + +%if %{with debug} +%global _dwz_low_mem_die_limit 0 +%else +%global debug_package %{nil} +%endif + +%if ! 0%{?gobuild:1} +%define gobuild(o:) go build -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n')" -a -v -x %{?**}; +%endif + +%global import_path github.com/containerd/containerd + +Name: containerd +Version: 1.0.3 +%global commit 773c489c9c1b21a6d78b5c538cd395416ec50f88 +%global tag v%{version} +Release: 1%{?dist} +Summary: An industry-standard container runtime +License: ASL 2.0 +URL: https://containerd.io +Source0: https://%{import_path}/archive/%{tag}/containerd-%{version}.tar.gz +Source1: containerd.service +Source2: containerd.toml +ExclusiveArch: %{go_arches} +BuildRequires: systemd +%{?go_compiler:BuildRequires: compiler(go-compiler)} +BuildRequires: golang >= 1.9 +BuildRequires: protobuf-compiler +BuildRequires: pkgconfig(protobuf) >= 3 +BuildRequires: btrfs-progs-devel +%{?systemd_requires} +# https://github.com/containerd/containerd/issues/1508#issuecomment-335566293 +Requires: runc >= 1.0.0 +# vendored libraries +# awk '{print "Provides: bundled(golang("$1")) = "$2}' containerd-*/vendor.conf | sort +Provides: bundled(golang(github.com/beorn7/perks)) = 4c0e84591b9aa9e6dcfdf3e020114cd81f89d5f9 +Provides: bundled(golang(github.com/boltdb/bolt)) = e9cf4fae01b5a8ff89d0ec6b32f0d9c9f79aefdd +Provides: bundled(golang(github.com/BurntSushi/toml)) = a368813c5e648fee92e5f6c30e3944ff9d5e8895 +Provides: bundled(golang(github.com/containerd/btrfs)) = 2e1aa0ddf94f91fa282b6ed87c23bf0d64911244 +Provides: bundled(golang(github.com/containerd/cgroups)) = fe281dd265766145e943a034aa41086474ea6130 +Provides: bundled(golang(github.com/containerd/console)) = 84eeaae905fa414d03e07bcd6c8d3f19e7cf180e +Provides: bundled(golang(github.com/containerd/continuity)) = cf279e6ac893682272b4479d4c67fd3abf878b4e +Provides: bundled(golang(github.com/containerd/fifo)) = fbfb6a11ec671efbe94ad1c12c2e98773f19e1e6 +Provides: bundled(golang(github.com/containerd/go-runc)) = 4f6e87ae043f859a38255247b49c9abc262d002f +Provides: bundled(golang(github.com/containerd/typeurl)) = f6943554a7e7e88b3c14aad190bf05932da84788 +Provides: bundled(golang(github.com/coreos/go-systemd)) = 48702e0da86bd25e76cfef347e2adeb434a0d0a6 +Provides: bundled(golang(github.com/davecgh/go-spew)) = v1.1.0 +Provides: bundled(golang(github.com/dmcgowan/go-tar)) = go1.10 +Provides: bundled(golang(github.com/docker/go-events)) = 9461782956ad83b30282bf90e31fa6a70c255ba9 +Provides: bundled(golang(github.com/docker/go-metrics)) = 8fd5772bf1584597834c6f7961a530f06cbfbb87 +Provides: bundled(golang(github.com/docker/go-units)) = v0.3.1 +Provides: bundled(golang(github.com/godbus/dbus)) = c7fdd8b5cd55e87b4e1f4e372cdb1db61dd6c66f +Provides: bundled(golang(github.com/gogo/protobuf)) = v0.5 +Provides: bundled(golang(github.com/golang/protobuf)) = 1643683e1b54a9e88ad26d98f81400c8c9d9f4f9 +Provides: bundled(golang(github.com/grpc-ecosystem/go-grpc-prometheus)) = 6b7015e65d366bf3f19b2b2a000a831940f0f7e0 +Provides: bundled(golang(github.com/matttproud/golang_protobuf_extensions)) = v1.0.0 +Provides: bundled(golang(github.com/Microsoft/go-winio)) = v0.4.4 +Provides: bundled(golang(github.com/Microsoft/hcsshim)) = v0.6.7 +Provides: bundled(golang(github.com/Microsoft/opengcs)) = v0.3.2 +Provides: bundled(golang(github.com/opencontainers/go-digest)) = 21dfd564fd89c944783d00d069f33e3e7123c448 +Provides: bundled(golang(github.com/opencontainers/image-spec)) = v1.0.0 +Provides: bundled(golang(github.com/opencontainers/runc)) = 9f9c96235cc97674e935002fc3d78361b696a69e +Provides: bundled(golang(github.com/opencontainers/runtime-spec)) = v1.0.0 +Provides: bundled(golang(github.com/pkg/errors)) = v0.8.0 +Provides: bundled(golang(github.com/pmezard/go-difflib)) = v1.0.0 +Provides: bundled(golang(github.com/prometheus/client_golang)) = v0.8.0 +Provides: bundled(golang(github.com/prometheus/client_model)) = fa8ad6fec33561be4280a8f0514318c79d7f6cb6 +Provides: bundled(golang(github.com/prometheus/common)) = 195bde7883f7c39ea62b0d92ab7359b5327065cb +Provides: bundled(golang(github.com/prometheus/procfs)) = fcdb11ccb4389efb1b210b7ffb623ab71c5fdd60 +Provides: bundled(golang(github.com/sirupsen/logrus)) = v1.0.0 +Provides: bundled(golang(github.com/stevvooe/ttrpc)) = d4528379866b0ce7e9d71f3eb96f0582fc374577 +Provides: bundled(golang(github.com/stretchr/testify)) = v1.1.4 +Provides: bundled(golang(github.com/urfave/cli)) = 7bc6a0acffa589f415f88aca16cc1de5ffd66f9c +Provides: bundled(golang(golang.org/x/net)) = 7dcfb8076726a3fdd9353b6b8a1f1b6be6811bd6 +Provides: bundled(golang(golang.org/x/sync)) = 450f422ab23cf9881c94e2db30cac0eb1b7cf80c +Provides: bundled(golang(golang.org/x/sys)) = 314a259e304ff91bd6985da2a7149bbf91237993 +Provides: bundled(golang(golang.org/x/text)) = 19e51611da83d6be54ddafce4a4af510cb3e9ea4 +Provides: bundled(golang(google.golang.org/genproto)) = d80a6e20e776b0b17a324d0ba1ab50a39c8e8944 +Provides: bundled(golang(google.golang.org/grpc)) = v1.7.2 + + +%description +containerd is an industry-standard container runtime with an emphasis on +simplicity, robustness and portability. It is available as a daemon for Linux +and Windows, which can manage the complete container lifecycle of its host +system: image transfer and storage, container execution and supervision, +low-level storage and network attachments, etc. + + +%prep +%autosetup -n containerd-%{version} + + +%build +mkdir -p src/%(dirname %{import_path}) +ln -s ../../.. src/%{import_path} +export GOPATH=$(pwd):%{gopath} +export LDFLAGS="-X %{import_path}/version.Package=%{import_path} -X %{import_path}/version.Version=%{tag} -X %{import_path}/version.Revision=%{commit}" +%gobuild -o bin/containerd %{import_path}/cmd/containerd +%gobuild -o bin/containerd-shim %{import_path}/cmd/containerd-shim +%{?with_ctr:%gobuild -o bin/ctr %{import_path}/cmd/ctr} + + +%install +install -D -m 0755 bin/containerd %{buildroot}%{_bindir}/containerd +install -D -m 0755 bin/containerd-shim %{buildroot}%{_bindir}/containerd-shim +%{?with_ctr:install -D -m 0755 bin/ctr %{buildroot}%{_bindir}/ctr} +install -D -m 0644 %{S:1} %{buildroot}%{_unitdir}/containerd.service +install -D -m 0644 %{S:2} %{buildroot}%{_sysconfdir}/containerd/config.toml + + +%post +%systemd_post containerd.service + + +%preun +%systemd_preun containerd.service + + +%postun +%systemd_postun_with_restart containerd.service + + +%files +%license LICENSE.code +%doc README.md +%{_bindir}/containerd +%{_bindir}/containerd-shim +%{?with_ctr:%{_bindir}/ctr} +%{_unitdir}/containerd.service +%{_sysconfdir}/containerd +%config(noreplace) %{_sysconfdir}/containerd/config.toml + + +%changelog +* Wed Apr 04 2018 Carl George - 1.0.3-1 +- Latest upstream + +* Wed Feb 07 2018 Fedora Release Engineering - 1.0.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Mon Jan 22 2018 Carl George - 1.0.1-1 +- Latest upstream + +* Wed Dec 06 2017 Carl George - 1.0.0-1 +- Latest upstream + +* Fri Nov 10 2017 Carl George - 1.0.0-0.5.beta.3 +- Latest upstream + +* Thu Oct 19 2017 Carl George - 1.0.0-0.4.beta.2 +- Own /etc/containerd + +* Thu Oct 12 2017 Carl George - 1.0.0-0.3.beta.2 +- Latest upstream +- Require runc 1.0.0 https://github.com/containerd/containerd/issues/1508#issuecomment-335566293 + +* Mon Oct 09 2017 Carl George - 1.0.0-0.2.beta.1 +- Add provides for vendored dependencies +- Add ctr command + +* Wed Oct 04 2017 Carl George - 1.0.0-0.1.beta.1 +- Initial package From ce2462fbb62a6f3bf99b4a18e5f7c08e206499c1 Mon Sep 17 00:00:00 2001 From: Eli Uriegas Date: Tue, 24 Apr 2018 23:50:23 +0000 Subject: [PATCH 002/128] Add debian package building for ubuntu xenial Signed-off-by: Eli Uriegas --- pkg/containerd/deb/changelog | 5 +++++ pkg/containerd/deb/compat | 1 + pkg/containerd/deb/control | 20 ++++++++++++++++++++ pkg/containerd/deb/copyright | 28 ++++++++++++++++++++++++++++ pkg/containerd/deb/rules | 23 +++++++++++++++++++++++ 5 files changed, 77 insertions(+) create mode 100644 pkg/containerd/deb/changelog create mode 100644 pkg/containerd/deb/compat create mode 100644 pkg/containerd/deb/control create mode 100644 pkg/containerd/deb/copyright create mode 100755 pkg/containerd/deb/rules diff --git a/pkg/containerd/deb/changelog b/pkg/containerd/deb/changelog new file mode 100644 index 00000000..3e3c6901 --- /dev/null +++ b/pkg/containerd/deb/changelog @@ -0,0 +1,5 @@ +containerd (1.1.0-1) UNRELEASED; urgency=medium + + * Initial release (Closes: TODO) + + -- Eli Uriegas Mon, 23 Apr 2018 21:08:40 +0000 diff --git a/pkg/containerd/deb/compat b/pkg/containerd/deb/compat new file mode 100644 index 00000000..f599e28b --- /dev/null +++ b/pkg/containerd/deb/compat @@ -0,0 +1 @@ +10 diff --git a/pkg/containerd/deb/control b/pkg/containerd/deb/control new file mode 100644 index 00000000..db6dcd13 --- /dev/null +++ b/pkg/containerd/deb/control @@ -0,0 +1,20 @@ +Source: containerd +Section: devel +Priority: optional +Maintainer: Containerd team +Build-Depends: btrfs-tools, + debhelper, + dh-systemd, + pkg-config, + protobuf-compiler +Standards-Version: 4.1.4 +Homepage: https://containerd.io +Vcs-Browser: https://github.com/containerd/containerd +XS-Go-Import-Path: github.com/containerd/containerd + +Package: containerd +Architecture: any +Depends: ${misc:Depends}, + ${shlibs:Depends}, + runc +Description: An open and reliable container runtime diff --git a/pkg/containerd/deb/copyright b/pkg/containerd/deb/copyright new file mode 100644 index 00000000..db2ad6c6 --- /dev/null +++ b/pkg/containerd/deb/copyright @@ -0,0 +1,28 @@ +Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Upstream-Name: containerd +Source: https://github.com/containerd/containerd + +Files: * +Copyright: 2015 containerd +License: Apache-2.0 + +Files: debian/* +Copyright: 2018 Eli Uriegas +License: Apache-2.0 +Comment: Debian packaging is licensed under the same terms as upstream + +License: Apache-2.0 + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + . + http://www.apache.org/licenses/LICENSE-2.0 + . + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + . + On Debian systems, the complete text of the Apache version 2.0 license + can be found in "/usr/share/common-licenses/Apache-2.0". diff --git a/pkg/containerd/deb/rules b/pkg/containerd/deb/rules new file mode 100755 index 00000000..4a63c9d4 --- /dev/null +++ b/pkg/containerd/deb/rules @@ -0,0 +1,23 @@ +#!/usr/bin/make -f + +IMPORT_PATH?=/go/src/github.com/containerd/containerd +GO_BUILD=go build -ldflags "$${LDFLAGS:-} -B 0x$$(head -c20 /dev/urandom|od -An -tx1 |tr -d ' \n')" -a +INSTALL_DIR=debian/containerd + +%: + dh $@ --with systemd + +bin/%: ## Create containerd binaries + @mkdir -p bin/ + $(GO_BUILD) -o $@ $(IMPORT_PATH)/cmd/$* + +override_dh_auto_build: bin/containerd bin/containerd-shim bin/ctr + +override_dh_auto_install: bin/containerd bin/containerd-shim bin/ctr + # set -x so we can see what's being installed where + for binary in $^; do \ + dest=$$(basename $$binary); \ + (set -x; install -D -m 0755 $$binary $(INSTALL_DIR)/usr/bin/$$dest); \ + done + install -D -m 0644 /root/common/containerd.service $(INSTALL_DIR)/lib/systemd/system/containerd.service + install -D -m 0644 /root/common/containerd.toml $(INSTALL_DIR)/etc/containerd.toml From 5973981f034390fd4bb69302717cf6351ef764e6 Mon Sep 17 00:00:00 2001 From: Eli Uriegas Date: Wed, 25 Apr 2018 23:46:18 +0000 Subject: [PATCH 003/128] Remove protobuf as a build requirement Signed-off-by: Eli Uriegas --- pkg/containerd/deb/control | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/pkg/containerd/deb/control b/pkg/containerd/deb/control index db6dcd13..e172f457 100644 --- a/pkg/containerd/deb/control +++ b/pkg/containerd/deb/control @@ -5,8 +5,7 @@ Maintainer: Containerd team Build-Depends: btrfs-tools, debhelper, dh-systemd, - pkg-config, - protobuf-compiler + pkg-config Standards-Version: 4.1.4 Homepage: https://containerd.io Vcs-Browser: https://github.com/containerd/containerd From dee48fd68c01d5c7cd438bcc57ac2c613b1afeda Mon Sep 17 00:00:00 2001 From: jose-bigio Date: Fri, 27 Apr 2018 16:30:54 -0700 Subject: [PATCH 004/128] Package containered on centos Signed-off-by: jose-bigio --- pkg/containerd/rpm/Makefile | 24 ++++ pkg/containerd/rpm/centos/containerd.spec | 140 ++++++++++++++++++++++ 2 files changed, 164 insertions(+) create mode 100644 pkg/containerd/rpm/Makefile create mode 100644 pkg/containerd/rpm/centos/containerd.spec diff --git a/pkg/containerd/rpm/Makefile b/pkg/containerd/rpm/Makefile new file mode 100644 index 00000000..8743f7b5 --- /dev/null +++ b/pkg/containerd/rpm/Makefile @@ -0,0 +1,24 @@ +CONTAINERD_REF=master +CONTAINERD_URL=https://github.com/containerd/containerd +#GIT_COMMIT:=773c489c9c1b21a6d78b5c538cd395416ec50f88 +GIT_COMMIT:=1 +RPMBUILD=docker run --privileged --rm -i\ + -v $(CURDIR)/rpmbuild/BUILD:/root/rpmbuild/BUILD \ + -v $(CURDIR)/rpmbuild/BUILDROOT:/root/rpmbuild/BUILDROOT \ + -v $(CURDIR)/rpmbuild/RPMS:/root/rpmbuild/RPMS \ + -v $(CURDIR)/rpmbuild/SRPMS:/root/rpmbuild/SRPMS \ + -v $(CURDIR)/systemd:/systemd +CHOWN=docker run --rm -v $(CURDIR):/v -w /v alpine chown +RPMBUILD_FLAGS=-ba\ + --define '_gitcommit $(GIT_COMMIT)' \ + --define '_version $(VERSION)' \ + SPECS/containerd.spec + +.PHONY: centos +centos: + $(RPMBUILD) rpmbuild-$@ $(RPMBUILD_FLAGS) + $(CHOWN) -R $(shell id -u):$(shell id -g) rpmbuild + +.PHONY: VERSION +VERSION: + echo $(VERSION) diff --git a/pkg/containerd/rpm/centos/containerd.spec b/pkg/containerd/rpm/centos/containerd.spec new file mode 100644 index 00000000..f57d273d --- /dev/null +++ b/pkg/containerd/rpm/centos/containerd.spec @@ -0,0 +1,140 @@ +BuildRoot: /root/.tmp/rpmrebuild.95/work/root +AutoProv: no +%undefine __find_provides +AutoReq: no +%undefine __find_requires + +%undefine __check_files +%undefine __find_prereq +%undefine __find_conflicts +%undefine __find_obsoletes + +# Build policy set to nothing +%define __spec_install_post %{nil} +# For rmp-4.1 +%define __missing_doc_files_terminate_build 0 + +%bcond_without ctr +%bcond_with debug + +%if %{with debug} +%global _dwz_low_mem_die_limit 0 +%else +%global debug_package %{nil} +%endif + +%if ! 0%{?gobuild:1} +%define gobuild(o:) go build -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n')" -a -v -x %{?**}; +%endif + +%global import_path github.com/containerd/containerd + +Name: containerd +BuildArch: x86_64 +Version: %{_version} +%global commit %{_gitcommit} +%global tag v%{version} +Release: 1%{?dist} +Summary: An industry-standard container runtime +License: ASL 2.0 +URL: https://containerd.io +Source0: containerd.tar.gz +Source1: containerd.service +Source2: containerd.toml +ExclusiveArch: x86_64 +ExclusiveArch: aarch64 +ExclusiveArch: ppc64le +ExclusiveArch: s390x +#ExclusiveArch: %{go_arches} +BuildRequires: systemd +#%{?go_compiler:BuildRequires: compiler(go-compilers)} +#BuildRequires: golang >= 1.9 +BuildRequires: btrfs-progs-devel +%{?systemd_requires} +# https://github.com/containerd/containerd/issues/1508#issuecomment-335566293 +Requires: runc >= 1.0.0 + +%description +containerd is an industry-standard container runtime with an emphasis on +simplicity, robustness and portability. It is available as a daemon for Linux +and Windows, which can manage the complete container lifecycle of its host +system: image transfer and storage, container execution and supervision, +low-level storage and network attachments, etc. + + +%prep +%autosetup -n containerd-%{version} + + +%build +mkdir -p src/%(dirname %{import_path}) +ln -s ../../.. src/%{import_path} +#rpm -e $(rpm -qa | grep -i golang) +curl -fSL "https://golang.org/dl/go1.9.5.linux-amd64.tar.gz" | tar xzC /usr/local +export GOPATH=$(pwd):/%{gopath} +export LDFLAGS="-X %{import_path}/version.Package=%{import_path} -X %{import_path}/version.Version=%{tag} -X %{import_path}/version.Revision=%{commit}" +%gobuild -o bin/containerd %{import_path}/cmd/containerd +%gobuild -o bin/containerd-shim %{import_path}/cmd/containerd-shim +%{?with_ctr:%gobuild -o bin/ctr %{import_path}/cmd/ctr} + + +%install +install -D -m 0755 bin/containerd %{buildroot}%{_bindir}/containerd +install -D -m 0755 bin/containerd-shim %{buildroot}%{_bindir}/containerd-shim +%{?with_ctr:install -D -m 0755 bin/ctr %{buildroot}%{_bindir}/ctr} +install -D -m 0644 %{S:1} %{buildroot}%{_unitdir}/containerd.service +install -D -m 0644 %{S:2} %{buildroot}%{_sysconfdir}/containerd/config.toml + + +%post +%systemd_post containerd.service + + +%preun +%systemd_preun containerd.service + + +%postun +%systemd_postun_with_restart containerd.service + + +%files +%license LICENSE.code +%doc README.md +%{_bindir}/containerd +%{_bindir}/containerd-shim +%{?with_ctr:%{_bindir}/ctr} +%{_unitdir}/containerd.service +%{_sysconfdir}/containerd +%config(noreplace) %{_sysconfdir}/containerd/config.toml + + +%changelog +* Wed Apr 04 2018 Carl George - 1.0.3-1 +- Latest upstream + +* Wed Feb 07 2018 Fedora Release Engineering - 1.0.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Mon Jan 22 2018 Carl George - 1.0.1-1 +- Latest upstream + +* Wed Dec 06 2017 Carl George - 1.0.0-1 +- Latest upstream + +* Fri Nov 10 2017 Carl George - 1.0.0-0.5.beta.3 +- Latest upstream + +* Thu Oct 19 2017 Carl George - 1.0.0-0.4.beta.2 +- Own /etc/containerd + +* Thu Oct 12 2017 Carl George - 1.0.0-0.3.beta.2 +- Latest upstream +- Require runc 1.0.0 https://github.com/containerd/containerd/issues/1508#issuecomment-335566293 + +* Mon Oct 09 2017 Carl George - 1.0.0-0.2.beta.1 +- Add provides for vendored dependencies +- Add ctr command + +* Wed Oct 04 2017 Carl George - 1.0.0-0.1.beta.1 +- Initial package From e28b2354e21de9f5ff4461a4466e35aee4049ef8 Mon Sep 17 00:00:00 2001 From: Andrew Hsu Date: Tue, 1 May 2018 00:30:04 +0000 Subject: [PATCH 005/128] get containerd 1.1.0 rpm building working Signed-off-by: Andrew Hsu --- pkg/containerd/rpm/centos/containerd.spec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkg/containerd/rpm/centos/containerd.spec b/pkg/containerd/rpm/centos/containerd.spec index f57d273d..3dbc2a1f 100644 --- a/pkg/containerd/rpm/centos/containerd.spec +++ b/pkg/containerd/rpm/centos/containerd.spec @@ -70,7 +70,7 @@ low-level storage and network attachments, etc. mkdir -p src/%(dirname %{import_path}) ln -s ../../.. src/%{import_path} #rpm -e $(rpm -qa | grep -i golang) -curl -fSL "https://golang.org/dl/go1.9.5.linux-amd64.tar.gz" | tar xzC /usr/local +curl -fSL "https://golang.org/dl/go1.10.1.linux-amd64.tar.gz" | tar xzC /usr/local export GOPATH=$(pwd):/%{gopath} export LDFLAGS="-X %{import_path}/version.Package=%{import_path} -X %{import_path}/version.Version=%{tag} -X %{import_path}/version.Revision=%{commit}" %gobuild -o bin/containerd %{import_path}/cmd/containerd @@ -99,7 +99,7 @@ install -D -m 0644 %{S:2} %{buildroot}%{_sysconfdir}/containerd/config.toml %files -%license LICENSE.code +%license LICENSE %doc README.md %{_bindir}/containerd %{_bindir}/containerd-shim From 20bf11bb6b696dc55cf7af9a604dcb43c630ab20 Mon Sep 17 00:00:00 2001 From: jose-bigio Date: Tue, 1 May 2018 10:13:02 -0700 Subject: [PATCH 006/128] Added a clean target for rpm based builds. Removed unecessary libraries from Dockerfile. Updated the chnagelog, and started initial work on installing source from URL from within the spec file Signed-off-by: jose-bigio --- pkg/containerd/rpm/Makefile | 14 ++++---- pkg/containerd/rpm/centos/containerd.spec | 39 ++++------------------- 2 files changed, 14 insertions(+), 39 deletions(-) diff --git a/pkg/containerd/rpm/Makefile b/pkg/containerd/rpm/Makefile index 8743f7b5..12dd9371 100644 --- a/pkg/containerd/rpm/Makefile +++ b/pkg/containerd/rpm/Makefile @@ -1,7 +1,5 @@ -CONTAINERD_REF=master CONTAINERD_URL=https://github.com/containerd/containerd -#GIT_COMMIT:=773c489c9c1b21a6d78b5c538cd395416ec50f88 -GIT_COMMIT:=1 +GIT_COMMIT:=209a7fc3e4a32ef71a8c7b50c68fc8398415badf RPMBUILD=docker run --privileged --rm -i\ -v $(CURDIR)/rpmbuild/BUILD:/root/rpmbuild/BUILD \ -v $(CURDIR)/rpmbuild/BUILDROOT:/root/rpmbuild/BUILDROOT \ @@ -9,6 +7,7 @@ RPMBUILD=docker run --privileged --rm -i\ -v $(CURDIR)/rpmbuild/SRPMS:/root/rpmbuild/SRPMS \ -v $(CURDIR)/systemd:/systemd CHOWN=docker run --rm -v $(CURDIR):/v -w /v alpine chown +CHOWN_TO_USER=$(CHOWN) -R $(shell id -u):$(shell id -g) RPMBUILD_FLAGS=-ba\ --define '_gitcommit $(GIT_COMMIT)' \ --define '_version $(VERSION)' \ @@ -19,6 +18,9 @@ centos: $(RPMBUILD) rpmbuild-$@ $(RPMBUILD_FLAGS) $(CHOWN) -R $(shell id -u):$(shell id -g) rpmbuild -.PHONY: VERSION -VERSION: - echo $(VERSION) +.PHONY: clean +clean: + -$(CHOWN_TO_USER) rpmbuild + -rm -rf rpmbuild + -$(CHOWN_TO_USER) systemd + -rm -rf systemd diff --git a/pkg/containerd/rpm/centos/containerd.spec b/pkg/containerd/rpm/centos/containerd.spec index 3dbc2a1f..bebc5d32 100644 --- a/pkg/containerd/rpm/centos/containerd.spec +++ b/pkg/containerd/rpm/centos/containerd.spec @@ -8,6 +8,7 @@ AutoReq: no %undefine __find_prereq %undefine __find_conflicts %undefine __find_obsoletes +%undefine _disable_source_fetch # Build policy set to nothing %define __spec_install_post %{nil} @@ -27,6 +28,7 @@ AutoReq: no %define gobuild(o:) go build -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n')" -a -v -x %{?**}; %endif +%define SHA256SUM0 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 %global import_path github.com/containerd/containerd Name: containerd @@ -38,17 +40,14 @@ Release: 1%{?dist} Summary: An industry-standard container runtime License: ASL 2.0 URL: https://containerd.io -Source0: containerd.tar.gz +Source0: https://%{import_path}/archive/%{tag}.tar.gz Source1: containerd.service Source2: containerd.toml ExclusiveArch: x86_64 ExclusiveArch: aarch64 ExclusiveArch: ppc64le ExclusiveArch: s390x -#ExclusiveArch: %{go_arches} BuildRequires: systemd -#%{?go_compiler:BuildRequires: compiler(go-compilers)} -#BuildRequires: golang >= 1.9 BuildRequires: btrfs-progs-devel %{?systemd_requires} # https://github.com/containerd/containerd/issues/1508#issuecomment-335566293 @@ -63,13 +62,13 @@ low-level storage and network attachments, etc. %prep +#echo "%SHA256SUM0 %SOURCE0" | sha256sum -c - %autosetup -n containerd-%{version} %build mkdir -p src/%(dirname %{import_path}) ln -s ../../.. src/%{import_path} -#rpm -e $(rpm -qa | grep -i golang) curl -fSL "https://golang.org/dl/go1.10.1.linux-amd64.tar.gz" | tar xzC /usr/local export GOPATH=$(pwd):/%{gopath} export LDFLAGS="-X %{import_path}/version.Package=%{import_path} -X %{import_path}/version.Version=%{tag} -X %{import_path}/version.Revision=%{commit}" @@ -110,31 +109,5 @@ install -D -m 0644 %{S:2} %{buildroot}%{_sysconfdir}/containerd/config.toml %changelog -* Wed Apr 04 2018 Carl George - 1.0.3-1 -- Latest upstream - -* Wed Feb 07 2018 Fedora Release Engineering - 1.0.1-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild - -* Mon Jan 22 2018 Carl George - 1.0.1-1 -- Latest upstream - -* Wed Dec 06 2017 Carl George - 1.0.0-1 -- Latest upstream - -* Fri Nov 10 2017 Carl George - 1.0.0-0.5.beta.3 -- Latest upstream - -* Thu Oct 19 2017 Carl George - 1.0.0-0.4.beta.2 -- Own /etc/containerd - -* Thu Oct 12 2017 Carl George - 1.0.0-0.3.beta.2 -- Latest upstream -- Require runc 1.0.0 https://github.com/containerd/containerd/issues/1508#issuecomment-335566293 - -* Mon Oct 09 2017 Carl George - 1.0.0-0.2.beta.1 -- Add provides for vendored dependencies -- Add ctr command - -* Wed Oct 04 2017 Carl George - 1.0.0-0.1.beta.1 -- Initial package +* Tue May 01 2018 Jose Bigio - 1.1.0 +- Initial Package From 743e37fb5398d28ddbbee7540264359aa6f4cab0 Mon Sep 17 00:00:00 2001 From: jose-bigio Date: Tue, 1 May 2018 11:00:57 -0700 Subject: [PATCH 007/128] Fix sha256 check Signed-off-by: jose-bigio --- pkg/containerd/rpm/centos/containerd.spec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkg/containerd/rpm/centos/containerd.spec b/pkg/containerd/rpm/centos/containerd.spec index bebc5d32..00eb2af8 100644 --- a/pkg/containerd/rpm/centos/containerd.spec +++ b/pkg/containerd/rpm/centos/containerd.spec @@ -28,7 +28,7 @@ AutoReq: no %define gobuild(o:) go build -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n')" -a -v -x %{?**}; %endif -%define SHA256SUM0 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 +%define SHA256SUM0 08f057ece7e518b14cce2e9737228a5a899a7b58b78248a03e02f4a6c079eeaf %global import_path github.com/containerd/containerd Name: containerd @@ -62,7 +62,7 @@ low-level storage and network attachments, etc. %prep -#echo "%SHA256SUM0 %SOURCE0" | sha256sum -c - +echo "%SHA256SUM0 /root/rpmbuild/SOURCES/%{tag}.tar.gz" | sha256sum -c - %autosetup -n containerd-%{version} From 1c1e7a649e341ca063859bb33fa7a45b175855d4 Mon Sep 17 00:00:00 2001 From: jose-bigio Date: Fri, 4 May 2018 11:42:21 -0700 Subject: [PATCH 008/128] added man pages for centos Signed-off-by: jose-bigio --- pkg/containerd/rpm/centos/containerd.spec | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/pkg/containerd/rpm/centos/containerd.spec b/pkg/containerd/rpm/centos/containerd.spec index 00eb2af8..48dd52af 100644 --- a/pkg/containerd/rpm/centos/containerd.spec +++ b/pkg/containerd/rpm/centos/containerd.spec @@ -70,6 +70,10 @@ echo "%SHA256SUM0 /root/rpmbuild/SOURCES/%{tag}.tar.gz" | sha256sum -c - mkdir -p src/%(dirname %{import_path}) ln -s ../../.. src/%{import_path} curl -fSL "https://golang.org/dl/go1.10.1.linux-amd64.tar.gz" | tar xzC /usr/local +# needed for man pages +go get -u github.com/cpuguy83/go-md2man +make man + export GOPATH=$(pwd):/%{gopath} export LDFLAGS="-X %{import_path}/version.Package=%{import_path} -X %{import_path}/version.Version=%{tag} -X %{import_path}/version.Revision=%{commit}" %gobuild -o bin/containerd %{import_path}/cmd/containerd @@ -84,6 +88,11 @@ install -D -m 0755 bin/containerd-shim %{buildroot}%{_bindir}/containerd-shim install -D -m 0644 %{S:1} %{buildroot}%{_unitdir}/containerd.service install -D -m 0644 %{S:2} %{buildroot}%{_sysconfdir}/containerd/config.toml +# install manpages +install -d %{buildroot}%{_mandir}/man1 +install -p -m 644 man/*.1 $RPM_BUILD_ROOT/%{_mandir}/man1 +install -d %{buildroot}%{_mandir}/man5 +install -p -m 644 man/*.5 $RPM_BUILD_ROOT/%{_mandir}/man5 %post %systemd_post containerd.service @@ -105,6 +114,8 @@ install -D -m 0644 %{S:2} %{buildroot}%{_sysconfdir}/containerd/config.toml %{?with_ctr:%{_bindir}/ctr} %{_unitdir}/containerd.service %{_sysconfdir}/containerd +/%{_mandir}/man1/* +/%{_mandir}/man5/* %config(noreplace) %{_sysconfdir}/containerd/config.toml From bee7cbb016f78f487b156a821f933dc16b29d221 Mon Sep 17 00:00:00 2001 From: Eli Uriegas Date: Fri, 22 Jun 2018 20:48:16 +0000 Subject: [PATCH 009/128] Make package building distro agnostic Gets rid of a lot of distro specific building stuff (we may need to add some if statements somewhere in the spec file for dependencies). Simplifies building structure, output will now all be in the `build/` directory. Signed-off-by: Eli Uriegas --- pkg/containerd/rpm/Makefile | 26 ----- pkg/containerd/rpm/centos/containerd.spec | 124 --------------------- pkg/containerd/rpm/containerd.spec | 130 +++++++--------------- 3 files changed, 41 insertions(+), 239 deletions(-) delete mode 100644 pkg/containerd/rpm/Makefile delete mode 100644 pkg/containerd/rpm/centos/containerd.spec diff --git a/pkg/containerd/rpm/Makefile b/pkg/containerd/rpm/Makefile deleted file mode 100644 index 12dd9371..00000000 --- a/pkg/containerd/rpm/Makefile +++ /dev/null @@ -1,26 +0,0 @@ -CONTAINERD_URL=https://github.com/containerd/containerd -GIT_COMMIT:=209a7fc3e4a32ef71a8c7b50c68fc8398415badf -RPMBUILD=docker run --privileged --rm -i\ - -v $(CURDIR)/rpmbuild/BUILD:/root/rpmbuild/BUILD \ - -v $(CURDIR)/rpmbuild/BUILDROOT:/root/rpmbuild/BUILDROOT \ - -v $(CURDIR)/rpmbuild/RPMS:/root/rpmbuild/RPMS \ - -v $(CURDIR)/rpmbuild/SRPMS:/root/rpmbuild/SRPMS \ - -v $(CURDIR)/systemd:/systemd -CHOWN=docker run --rm -v $(CURDIR):/v -w /v alpine chown -CHOWN_TO_USER=$(CHOWN) -R $(shell id -u):$(shell id -g) -RPMBUILD_FLAGS=-ba\ - --define '_gitcommit $(GIT_COMMIT)' \ - --define '_version $(VERSION)' \ - SPECS/containerd.spec - -.PHONY: centos -centos: - $(RPMBUILD) rpmbuild-$@ $(RPMBUILD_FLAGS) - $(CHOWN) -R $(shell id -u):$(shell id -g) rpmbuild - -.PHONY: clean -clean: - -$(CHOWN_TO_USER) rpmbuild - -rm -rf rpmbuild - -$(CHOWN_TO_USER) systemd - -rm -rf systemd diff --git a/pkg/containerd/rpm/centos/containerd.spec b/pkg/containerd/rpm/centos/containerd.spec deleted file mode 100644 index 48dd52af..00000000 --- a/pkg/containerd/rpm/centos/containerd.spec +++ /dev/null @@ -1,124 +0,0 @@ -BuildRoot: /root/.tmp/rpmrebuild.95/work/root -AutoProv: no -%undefine __find_provides -AutoReq: no -%undefine __find_requires - -%undefine __check_files -%undefine __find_prereq -%undefine __find_conflicts -%undefine __find_obsoletes -%undefine _disable_source_fetch - -# Build policy set to nothing -%define __spec_install_post %{nil} -# For rmp-4.1 -%define __missing_doc_files_terminate_build 0 - -%bcond_without ctr -%bcond_with debug - -%if %{with debug} -%global _dwz_low_mem_die_limit 0 -%else -%global debug_package %{nil} -%endif - -%if ! 0%{?gobuild:1} -%define gobuild(o:) go build -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n')" -a -v -x %{?**}; -%endif - -%define SHA256SUM0 08f057ece7e518b14cce2e9737228a5a899a7b58b78248a03e02f4a6c079eeaf -%global import_path github.com/containerd/containerd - -Name: containerd -BuildArch: x86_64 -Version: %{_version} -%global commit %{_gitcommit} -%global tag v%{version} -Release: 1%{?dist} -Summary: An industry-standard container runtime -License: ASL 2.0 -URL: https://containerd.io -Source0: https://%{import_path}/archive/%{tag}.tar.gz -Source1: containerd.service -Source2: containerd.toml -ExclusiveArch: x86_64 -ExclusiveArch: aarch64 -ExclusiveArch: ppc64le -ExclusiveArch: s390x -BuildRequires: systemd -BuildRequires: btrfs-progs-devel -%{?systemd_requires} -# https://github.com/containerd/containerd/issues/1508#issuecomment-335566293 -Requires: runc >= 1.0.0 - -%description -containerd is an industry-standard container runtime with an emphasis on -simplicity, robustness and portability. It is available as a daemon for Linux -and Windows, which can manage the complete container lifecycle of its host -system: image transfer and storage, container execution and supervision, -low-level storage and network attachments, etc. - - -%prep -echo "%SHA256SUM0 /root/rpmbuild/SOURCES/%{tag}.tar.gz" | sha256sum -c - -%autosetup -n containerd-%{version} - - -%build -mkdir -p src/%(dirname %{import_path}) -ln -s ../../.. src/%{import_path} -curl -fSL "https://golang.org/dl/go1.10.1.linux-amd64.tar.gz" | tar xzC /usr/local -# needed for man pages -go get -u github.com/cpuguy83/go-md2man -make man - -export GOPATH=$(pwd):/%{gopath} -export LDFLAGS="-X %{import_path}/version.Package=%{import_path} -X %{import_path}/version.Version=%{tag} -X %{import_path}/version.Revision=%{commit}" -%gobuild -o bin/containerd %{import_path}/cmd/containerd -%gobuild -o bin/containerd-shim %{import_path}/cmd/containerd-shim -%{?with_ctr:%gobuild -o bin/ctr %{import_path}/cmd/ctr} - - -%install -install -D -m 0755 bin/containerd %{buildroot}%{_bindir}/containerd -install -D -m 0755 bin/containerd-shim %{buildroot}%{_bindir}/containerd-shim -%{?with_ctr:install -D -m 0755 bin/ctr %{buildroot}%{_bindir}/ctr} -install -D -m 0644 %{S:1} %{buildroot}%{_unitdir}/containerd.service -install -D -m 0644 %{S:2} %{buildroot}%{_sysconfdir}/containerd/config.toml - -# install manpages -install -d %{buildroot}%{_mandir}/man1 -install -p -m 644 man/*.1 $RPM_BUILD_ROOT/%{_mandir}/man1 -install -d %{buildroot}%{_mandir}/man5 -install -p -m 644 man/*.5 $RPM_BUILD_ROOT/%{_mandir}/man5 - -%post -%systemd_post containerd.service - - -%preun -%systemd_preun containerd.service - - -%postun -%systemd_postun_with_restart containerd.service - - -%files -%license LICENSE -%doc README.md -%{_bindir}/containerd -%{_bindir}/containerd-shim -%{?with_ctr:%{_bindir}/ctr} -%{_unitdir}/containerd.service -%{_sysconfdir}/containerd -/%{_mandir}/man1/* -/%{_mandir}/man5/* -%config(noreplace) %{_sysconfdir}/containerd/config.toml - - -%changelog -* Tue May 01 2018 Jose Bigio - 1.1.0 -- Initial Package diff --git a/pkg/containerd/rpm/containerd.spec b/pkg/containerd/rpm/containerd.spec index d7400f03..95fab2c0 100644 --- a/pkg/containerd/rpm/containerd.spec +++ b/pkg/containerd/rpm/containerd.spec @@ -1,3 +1,20 @@ +BuildRoot: /root/.tmp/rpmrebuild.95/work/root +AutoProv: no +%undefine __find_provides +AutoReq: no +%undefine __find_requires + +%undefine __check_files +%undefine __find_prereq +%undefine __find_conflicts +%undefine __find_obsoletes +%undefine _disable_source_fetch + +# Build policy set to nothing +%define __spec_install_post %{nil} +# For rmp-4.1 +%define __missing_doc_files_terminate_build 0 + %bcond_without ctr %bcond_with debug @@ -8,79 +25,28 @@ %endif %if ! 0%{?gobuild:1} -%define gobuild(o:) go build -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n')" -a -v -x %{?**}; +%define gobuild(o:) go build -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n')" -a -x %{?**}; %endif +%define SHA256SUM0 08f057ece7e518b14cce2e9737228a5a899a7b58b78248a03e02f4a6c079eeaf %global import_path github.com/containerd/containerd Name: containerd -Version: 1.0.3 -%global commit 773c489c9c1b21a6d78b5c538cd395416ec50f88 +Version: %{getenv:VERSION} +%global commit %{getenv:REF} %global tag v%{version} -Release: 1%{?dist} +Release: 1 Summary: An industry-standard container runtime License: ASL 2.0 URL: https://containerd.io -Source0: https://%{import_path}/archive/%{tag}/containerd-%{version}.tar.gz +Source0: https://%{import_path}/archive/%{tag}.tar.gz Source1: containerd.service Source2: containerd.toml -ExclusiveArch: %{go_arches} BuildRequires: systemd -%{?go_compiler:BuildRequires: compiler(go-compiler)} -BuildRequires: golang >= 1.9 -BuildRequires: protobuf-compiler -BuildRequires: pkgconfig(protobuf) >= 3 BuildRequires: btrfs-progs-devel %{?systemd_requires} # https://github.com/containerd/containerd/issues/1508#issuecomment-335566293 Requires: runc >= 1.0.0 -# vendored libraries -# awk '{print "Provides: bundled(golang("$1")) = "$2}' containerd-*/vendor.conf | sort -Provides: bundled(golang(github.com/beorn7/perks)) = 4c0e84591b9aa9e6dcfdf3e020114cd81f89d5f9 -Provides: bundled(golang(github.com/boltdb/bolt)) = e9cf4fae01b5a8ff89d0ec6b32f0d9c9f79aefdd -Provides: bundled(golang(github.com/BurntSushi/toml)) = a368813c5e648fee92e5f6c30e3944ff9d5e8895 -Provides: bundled(golang(github.com/containerd/btrfs)) = 2e1aa0ddf94f91fa282b6ed87c23bf0d64911244 -Provides: bundled(golang(github.com/containerd/cgroups)) = fe281dd265766145e943a034aa41086474ea6130 -Provides: bundled(golang(github.com/containerd/console)) = 84eeaae905fa414d03e07bcd6c8d3f19e7cf180e -Provides: bundled(golang(github.com/containerd/continuity)) = cf279e6ac893682272b4479d4c67fd3abf878b4e -Provides: bundled(golang(github.com/containerd/fifo)) = fbfb6a11ec671efbe94ad1c12c2e98773f19e1e6 -Provides: bundled(golang(github.com/containerd/go-runc)) = 4f6e87ae043f859a38255247b49c9abc262d002f -Provides: bundled(golang(github.com/containerd/typeurl)) = f6943554a7e7e88b3c14aad190bf05932da84788 -Provides: bundled(golang(github.com/coreos/go-systemd)) = 48702e0da86bd25e76cfef347e2adeb434a0d0a6 -Provides: bundled(golang(github.com/davecgh/go-spew)) = v1.1.0 -Provides: bundled(golang(github.com/dmcgowan/go-tar)) = go1.10 -Provides: bundled(golang(github.com/docker/go-events)) = 9461782956ad83b30282bf90e31fa6a70c255ba9 -Provides: bundled(golang(github.com/docker/go-metrics)) = 8fd5772bf1584597834c6f7961a530f06cbfbb87 -Provides: bundled(golang(github.com/docker/go-units)) = v0.3.1 -Provides: bundled(golang(github.com/godbus/dbus)) = c7fdd8b5cd55e87b4e1f4e372cdb1db61dd6c66f -Provides: bundled(golang(github.com/gogo/protobuf)) = v0.5 -Provides: bundled(golang(github.com/golang/protobuf)) = 1643683e1b54a9e88ad26d98f81400c8c9d9f4f9 -Provides: bundled(golang(github.com/grpc-ecosystem/go-grpc-prometheus)) = 6b7015e65d366bf3f19b2b2a000a831940f0f7e0 -Provides: bundled(golang(github.com/matttproud/golang_protobuf_extensions)) = v1.0.0 -Provides: bundled(golang(github.com/Microsoft/go-winio)) = v0.4.4 -Provides: bundled(golang(github.com/Microsoft/hcsshim)) = v0.6.7 -Provides: bundled(golang(github.com/Microsoft/opengcs)) = v0.3.2 -Provides: bundled(golang(github.com/opencontainers/go-digest)) = 21dfd564fd89c944783d00d069f33e3e7123c448 -Provides: bundled(golang(github.com/opencontainers/image-spec)) = v1.0.0 -Provides: bundled(golang(github.com/opencontainers/runc)) = 9f9c96235cc97674e935002fc3d78361b696a69e -Provides: bundled(golang(github.com/opencontainers/runtime-spec)) = v1.0.0 -Provides: bundled(golang(github.com/pkg/errors)) = v0.8.0 -Provides: bundled(golang(github.com/pmezard/go-difflib)) = v1.0.0 -Provides: bundled(golang(github.com/prometheus/client_golang)) = v0.8.0 -Provides: bundled(golang(github.com/prometheus/client_model)) = fa8ad6fec33561be4280a8f0514318c79d7f6cb6 -Provides: bundled(golang(github.com/prometheus/common)) = 195bde7883f7c39ea62b0d92ab7359b5327065cb -Provides: bundled(golang(github.com/prometheus/procfs)) = fcdb11ccb4389efb1b210b7ffb623ab71c5fdd60 -Provides: bundled(golang(github.com/sirupsen/logrus)) = v1.0.0 -Provides: bundled(golang(github.com/stevvooe/ttrpc)) = d4528379866b0ce7e9d71f3eb96f0582fc374577 -Provides: bundled(golang(github.com/stretchr/testify)) = v1.1.4 -Provides: bundled(golang(github.com/urfave/cli)) = 7bc6a0acffa589f415f88aca16cc1de5ffd66f9c -Provides: bundled(golang(golang.org/x/net)) = 7dcfb8076726a3fdd9353b6b8a1f1b6be6811bd6 -Provides: bundled(golang(golang.org/x/sync)) = 450f422ab23cf9881c94e2db30cac0eb1b7cf80c -Provides: bundled(golang(golang.org/x/sys)) = 314a259e304ff91bd6985da2a7149bbf91237993 -Provides: bundled(golang(golang.org/x/text)) = 19e51611da83d6be54ddafce4a4af510cb3e9ea4 -Provides: bundled(golang(google.golang.org/genproto)) = d80a6e20e776b0b17a324d0ba1ab50a39c8e8944 -Provides: bundled(golang(google.golang.org/grpc)) = v1.7.2 - %description containerd is an industry-standard container runtime with an emphasis on @@ -91,26 +57,36 @@ low-level storage and network attachments, etc. %prep +echo "%SHA256SUM0 /root/rpmbuild/SOURCES/%{tag}.tar.gz" | sha256sum -c - %autosetup -n containerd-%{version} %build mkdir -p src/%(dirname %{import_path}) ln -s ../../.. src/%{import_path} -export GOPATH=$(pwd):%{gopath} +# needed for man pages +go get -u github.com/cpuguy83/go-md2man +make man + +export GOPATH=$(pwd):/%{gopath} export LDFLAGS="-X %{import_path}/version.Package=%{import_path} -X %{import_path}/version.Version=%{tag} -X %{import_path}/version.Revision=%{commit}" %gobuild -o bin/containerd %{import_path}/cmd/containerd %gobuild -o bin/containerd-shim %{import_path}/cmd/containerd-shim -%{?with_ctr:%gobuild -o bin/ctr %{import_path}/cmd/ctr} +%gobuild -o bin/ctr %{import_path}/cmd/ctr %install install -D -m 0755 bin/containerd %{buildroot}%{_bindir}/containerd install -D -m 0755 bin/containerd-shim %{buildroot}%{_bindir}/containerd-shim -%{?with_ctr:install -D -m 0755 bin/ctr %{buildroot}%{_bindir}/ctr} +install -D -m 0755 bin/ctr %{buildroot}%{_bindir}/ctr install -D -m 0644 %{S:1} %{buildroot}%{_unitdir}/containerd.service install -D -m 0644 %{S:2} %{buildroot}%{_sysconfdir}/containerd/config.toml +# install manpages +install -d %{buildroot}%{_mandir}/man1 +install -p -m 644 man/*.1 $RPM_BUILD_ROOT/%{_mandir}/man1 +install -d %{buildroot}%{_mandir}/man5 +install -p -m 644 man/*.5 $RPM_BUILD_ROOT/%{_mandir}/man5 %post %systemd_post containerd.service @@ -125,42 +101,18 @@ install -D -m 0644 %{S:2} %{buildroot}%{_sysconfdir}/containerd/config.toml %files -%license LICENSE.code +%license LICENSE %doc README.md %{_bindir}/containerd %{_bindir}/containerd-shim %{?with_ctr:%{_bindir}/ctr} %{_unitdir}/containerd.service %{_sysconfdir}/containerd +/%{_mandir}/man1/* +/%{_mandir}/man5/* %config(noreplace) %{_sysconfdir}/containerd/config.toml %changelog -* Wed Apr 04 2018 Carl George - 1.0.3-1 -- Latest upstream - -* Wed Feb 07 2018 Fedora Release Engineering - 1.0.1-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild - -* Mon Jan 22 2018 Carl George - 1.0.1-1 -- Latest upstream - -* Wed Dec 06 2017 Carl George - 1.0.0-1 -- Latest upstream - -* Fri Nov 10 2017 Carl George - 1.0.0-0.5.beta.3 -- Latest upstream - -* Thu Oct 19 2017 Carl George - 1.0.0-0.4.beta.2 -- Own /etc/containerd - -* Thu Oct 12 2017 Carl George - 1.0.0-0.3.beta.2 -- Latest upstream -- Require runc 1.0.0 https://github.com/containerd/containerd/issues/1508#issuecomment-335566293 - -* Mon Oct 09 2017 Carl George - 1.0.0-0.2.beta.1 -- Add provides for vendored dependencies -- Add ctr command - -* Wed Oct 04 2017 Carl George - 1.0.0-0.1.beta.1 -- Initial package +* Tue May 01 2018 Jose Bigio - 1.1.0 +- Initial Package From 7c9e7aa6e080c775ccdf6c7c0fc6502da88f055f Mon Sep 17 00:00:00 2001 From: Eli Uriegas Date: Mon, 25 Jun 2018 19:38:24 +0000 Subject: [PATCH 010/128] Allow for nightly package building Signed-off-by: Eli Uriegas --- pkg/containerd/deb/rules | 10 +++++++--- pkg/containerd/rpm/containerd.spec | 22 ++++++++++++---------- 2 files changed, 19 insertions(+), 13 deletions(-) diff --git a/pkg/containerd/deb/rules b/pkg/containerd/deb/rules index 4a63c9d4..4a077889 100755 --- a/pkg/containerd/deb/rules +++ b/pkg/containerd/deb/rules @@ -1,7 +1,10 @@ #!/usr/bin/make -f -IMPORT_PATH?=/go/src/github.com/containerd/containerd -GO_BUILD=go build -ldflags "$${LDFLAGS:-} -B 0x$$(head -c20 /dev/urandom|od -An -tx1 |tr -d ' \n')" -a +# IMPORT_PATH and GO_SRC_PATH are defined in the dockerfile +# VERSION is defined in scripts/build-deb +REF=$(shell git -C $${GO_SRC_PATH} rev-parse HEAD) +LDFLAGS=-X $${IMPORT_PATH}/version.Package=$${IMPORT_PATH} -X $${IMPORT_PATH}/version.Version=$${VERSION} -X $${IMPORT_PATH}/version.Revision=$(REF) +GO_BUILD=go build -ldflags "$(LDFLAGS) -B 0x$$(head -c20 /dev/urandom|od -An -tx1 |tr -d ' \n')" -a INSTALL_DIR=debian/containerd %: @@ -9,7 +12,8 @@ INSTALL_DIR=debian/containerd bin/%: ## Create containerd binaries @mkdir -p bin/ - $(GO_BUILD) -o $@ $(IMPORT_PATH)/cmd/$* + @echo "$(GO_BUILD) -o $@ $${IMPORT_PATH}/cmd/$*" + @$(GO_BUILD) -o $@ $${IMPORT_PATH}/cmd/$* override_dh_auto_build: bin/containerd bin/containerd-shim bin/ctr diff --git a/pkg/containerd/rpm/containerd.spec b/pkg/containerd/rpm/containerd.spec index 95fab2c0..a3f3d96f 100644 --- a/pkg/containerd/rpm/containerd.spec +++ b/pkg/containerd/rpm/containerd.spec @@ -30,16 +30,15 @@ AutoReq: no %define SHA256SUM0 08f057ece7e518b14cce2e9737228a5a899a7b58b78248a03e02f4a6c079eeaf %global import_path github.com/containerd/containerd +%global gopath %{getenv:GOPATH} Name: containerd Version: %{getenv:VERSION} -%global commit %{getenv:REF} -%global tag v%{version} -Release: 1 +Release: 1%{dist} Summary: An industry-standard container runtime License: ASL 2.0 URL: https://containerd.io -Source0: https://%{import_path}/archive/%{tag}.tar.gz +Source0: containerd Source1: containerd.service Source2: containerd.toml BuildRequires: systemd @@ -57,25 +56,28 @@ low-level storage and network attachments, etc. %prep -echo "%SHA256SUM0 /root/rpmbuild/SOURCES/%{tag}.tar.gz" | sha256sum -c - -%autosetup -n containerd-%{version} +rm -rf %{_topdir}/BUILD/ +# Copy over our source code from our gopath to our source directory +cp -rf /go/src/%{import_path} %{_topdir}/SOURCES/containerd +# symlink the go source path to our build directory +ln -s /go/src/%{import_path} %{_topdir}/BUILD +cd %{_topdir}/BUILD/ %build -mkdir -p src/%(dirname %{import_path}) -ln -s ../../.. src/%{import_path} +cd %{_topdir}/BUILD # needed for man pages go get -u github.com/cpuguy83/go-md2man make man -export GOPATH=$(pwd):/%{gopath} -export LDFLAGS="-X %{import_path}/version.Package=%{import_path} -X %{import_path}/version.Version=%{tag} -X %{import_path}/version.Revision=%{commit}" +export LDFLAGS="-X %{import_path}/version.Package=%{import_path} -X %{import_path}/version.Version=%{getenv:VERSION} -X %{import_path}/version.Revision=%{getenv:REF}" %gobuild -o bin/containerd %{import_path}/cmd/containerd %gobuild -o bin/containerd-shim %{import_path}/cmd/containerd-shim %gobuild -o bin/ctr %{import_path}/cmd/ctr %install +cd %{_topdir}/BUILD install -D -m 0755 bin/containerd %{buildroot}%{_bindir}/containerd install -D -m 0755 bin/containerd-shim %{buildroot}%{_bindir}/containerd-shim install -D -m 0755 bin/ctr %{buildroot}%{_bindir}/ctr From 7a8a61d5b0c672a74a9e209d1c70313474fe7473 Mon Sep 17 00:00:00 2001 From: Eli Uriegas Date: Thu, 5 Jul 2018 16:46:24 +0000 Subject: [PATCH 011/128] Update to put the config in the correct place Signed-off-by: Eli Uriegas --- pkg/containerd/deb/rules | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/containerd/deb/rules b/pkg/containerd/deb/rules index 4a077889..21475535 100755 --- a/pkg/containerd/deb/rules +++ b/pkg/containerd/deb/rules @@ -24,4 +24,4 @@ override_dh_auto_install: bin/containerd bin/containerd-shim bin/ctr (set -x; install -D -m 0755 $$binary $(INSTALL_DIR)/usr/bin/$$dest); \ done install -D -m 0644 /root/common/containerd.service $(INSTALL_DIR)/lib/systemd/system/containerd.service - install -D -m 0644 /root/common/containerd.toml $(INSTALL_DIR)/etc/containerd.toml + install -D -m 0644 /root/common/containerd.toml $(INSTALL_DIR)/etc/containerd/config.toml From d2d05aaac8c9ee6155ab76f278013996d8d03c6f Mon Sep 17 00:00:00 2001 From: Eli Uriegas Date: Fri, 6 Jul 2018 20:58:38 +0000 Subject: [PATCH 012/128] Do correct version for test versions Makes it so that the version is correct whether or not we're building a test version Signed-off-by: Eli Uriegas --- pkg/containerd/deb/rules | 5 ++--- pkg/containerd/rpm/containerd.spec | 4 ++-- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/pkg/containerd/deb/rules b/pkg/containerd/deb/rules index 21475535..1a21a780 100755 --- a/pkg/containerd/deb/rules +++ b/pkg/containerd/deb/rules @@ -1,9 +1,8 @@ #!/usr/bin/make -f # IMPORT_PATH and GO_SRC_PATH are defined in the dockerfile -# VERSION is defined in scripts/build-deb -REF=$(shell git -C $${GO_SRC_PATH} rev-parse HEAD) -LDFLAGS=-X $${IMPORT_PATH}/version.Package=$${IMPORT_PATH} -X $${IMPORT_PATH}/version.Version=$${VERSION} -X $${IMPORT_PATH}/version.Revision=$(REF) +# VERSION and REF are defined in scripts/build-deb +LDFLAGS=-X $${IMPORT_PATH}/version.Package=$${IMPORT_PATH} -X $${IMPORT_PATH}/version.Version=$${VERSION} -X $${IMPORT_PATH}/version.Revision=$${REF} GO_BUILD=go build -ldflags "$(LDFLAGS) -B 0x$$(head -c20 /dev/urandom|od -An -tx1 |tr -d ' \n')" -a INSTALL_DIR=debian/containerd diff --git a/pkg/containerd/rpm/containerd.spec b/pkg/containerd/rpm/containerd.spec index a3f3d96f..5a2f23bb 100644 --- a/pkg/containerd/rpm/containerd.spec +++ b/pkg/containerd/rpm/containerd.spec @@ -33,8 +33,8 @@ AutoReq: no %global gopath %{getenv:GOPATH} Name: containerd -Version: %{getenv:VERSION} -Release: 1%{dist} +Version: %{getenv:RPM_VERSION} +Release: %{getenv:RPM_RELEASE_VERSION}%{dist} Summary: An industry-standard container runtime License: ASL 2.0 URL: https://containerd.io From 4af1080f06ff6e15f778ee0d8e71d5e7641ec20d Mon Sep 17 00:00:00 2001 From: Eli Uriegas Date: Fri, 6 Jul 2018 21:02:09 +0000 Subject: [PATCH 013/128] Add some documentation Signed-off-by: Eli Uriegas --- pkg/containerd/deb/README.md | 34 ++++++++++++++++++++++++++++++++++ pkg/containerd/rpm/README.md | 35 +++++++++++++++++++++++++++++++++++ 2 files changed, 69 insertions(+) create mode 100644 pkg/containerd/deb/README.md create mode 100644 pkg/containerd/rpm/README.md diff --git a/pkg/containerd/deb/README.md b/pkg/containerd/deb/README.md new file mode 100644 index 00000000..1c4f2b70 --- /dev/null +++ b/pkg/containerd/deb/README.md @@ -0,0 +1,34 @@ +# Debian package maintainers guide + +## Prepping a release + +For releases you should first have a tagged release on the +[containerd](https://github.com/containerd/containerd/releases) +repository. + +Afterwards test if you can actually build the release with: + +``` +make REF=${TAG} deb +``` + +If you can actually build the package then start prepping +your release by adding an entry in the [`debian/changelog`](changelog) with: + +``` +./scripts/new-deb-release +``` + +This will add an entry into the changelog for the specified VERSION +and will also increment the debian packaging version if the specified +VERSION is already there. + +**NOTE**: Make sure to fill out the bullets for the changelog + +## Building the release: + +Releases can then be built with: + +``` +make REF=${TAG} deb +``` diff --git a/pkg/containerd/rpm/README.md b/pkg/containerd/rpm/README.md new file mode 100644 index 00000000..232e3fbb --- /dev/null +++ b/pkg/containerd/rpm/README.md @@ -0,0 +1,35 @@ +# rpm package maintainers guide + +## Prepping a release + +For releases you should first have a tagged release on the +[containerd](https://github.com/containerd/containerd/releases) +repository. + +Afterwards test if you can actually build the release with: + +``` +make REF=${TAG} rpm +``` + +If you can actually build the package then start prepping +your release by adding a changelog entry in the +[`rpm/containerd.spec`](containerd.spec) with the format: + +``` +./scripts/new-rpm-release +``` + +This will add an entry into the changelog for the specified VERSION +and will also increment the rpm packaging version if the specified +VERSION is already there. + +**NOTE**: Make sure to fill out the bullets for the changelog + +## Building the release: + +Releases can then be built with: + +``` +make REF=${TAG} rpm +``` From e7d95ffd86b5f0f90b5b5836243d53a699dca2b2 Mon Sep 17 00:00:00 2001 From: Eli Uriegas Date: Mon, 9 Jul 2018 18:01:09 +0000 Subject: [PATCH 014/128] Remove some unsused comments / declarations Signed-off-by: Eli Uriegas --- pkg/containerd/rpm/containerd.spec | 1 - 1 file changed, 1 deletion(-) diff --git a/pkg/containerd/rpm/containerd.spec b/pkg/containerd/rpm/containerd.spec index 5a2f23bb..ac7ecd22 100644 --- a/pkg/containerd/rpm/containerd.spec +++ b/pkg/containerd/rpm/containerd.spec @@ -8,7 +8,6 @@ AutoReq: no %undefine __find_prereq %undefine __find_conflicts %undefine __find_obsoletes -%undefine _disable_source_fetch # Build policy set to nothing %define __spec_install_post %{nil} From 8bfa4068e4e3eb808c8702de34ed957c1d7d1860 Mon Sep 17 00:00:00 2001 From: corbin-coleman Date: Fri, 8 Jun 2018 12:18:14 -0700 Subject: [PATCH 015/128] Add a Jenkinsfile to build containerd packages Signed-off-by: corbin-coleman --- pkg/containerd/rpm/scripts/verify-rpm-install | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100755 pkg/containerd/rpm/scripts/verify-rpm-install diff --git a/pkg/containerd/rpm/scripts/verify-rpm-install b/pkg/containerd/rpm/scripts/verify-rpm-install new file mode 100755 index 00000000..65b22046 --- /dev/null +++ b/pkg/containerd/rpm/scripts/verify-rpm-install @@ -0,0 +1,7 @@ +#!/bin/bash + +CONTAINERD=$1 + +yum install -y $CONTAINERD + +containerd --version From 12621cb46e522c4e089304da7ffc547c694e28dc Mon Sep 17 00:00:00 2001 From: corbin-coleman Date: Mon, 9 Jul 2018 22:51:27 +0000 Subject: [PATCH 016/128] Remove verification scripts We'll verify the installation later on Signed-off-by: corbin-coleman --- pkg/containerd/rpm/scripts/verify-rpm-install | 7 ------- 1 file changed, 7 deletions(-) delete mode 100755 pkg/containerd/rpm/scripts/verify-rpm-install diff --git a/pkg/containerd/rpm/scripts/verify-rpm-install b/pkg/containerd/rpm/scripts/verify-rpm-install deleted file mode 100755 index 65b22046..00000000 --- a/pkg/containerd/rpm/scripts/verify-rpm-install +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/bash - -CONTAINERD=$1 - -yum install -y $CONTAINERD - -containerd --version From 4979f7ed9d252405015e81814f133caeef6ebb5b Mon Sep 17 00:00:00 2001 From: Eli Uriegas Date: Wed, 11 Jul 2018 23:22:36 +0000 Subject: [PATCH 017/128] Switch to using containerd build rigging Uses the containerd Makefile to actually make the binaries instead of relying on our own hacky `go build` Signed-off-by: Eli Uriegas --- pkg/containerd/deb/control | 3 ++- pkg/containerd/deb/rules | 13 +++++-------- pkg/containerd/rpm/containerd.spec | 13 +++++-------- 3 files changed, 12 insertions(+), 17 deletions(-) diff --git a/pkg/containerd/deb/control b/pkg/containerd/deb/control index e172f457..59f10e64 100644 --- a/pkg/containerd/deb/control +++ b/pkg/containerd/deb/control @@ -5,7 +5,8 @@ Maintainer: Containerd team Build-Depends: btrfs-tools, debhelper, dh-systemd, - pkg-config + pkg-config, + libseccomp-dev Standards-Version: 4.1.4 Homepage: https://containerd.io Vcs-Browser: https://github.com/containerd/containerd diff --git a/pkg/containerd/deb/rules b/pkg/containerd/deb/rules index 1a21a780..3737fb10 100755 --- a/pkg/containerd/deb/rules +++ b/pkg/containerd/deb/rules @@ -1,18 +1,15 @@ #!/usr/bin/make -f -# IMPORT_PATH and GO_SRC_PATH are defined in the dockerfile -# VERSION and REF are defined in scripts/build-deb -LDFLAGS=-X $${IMPORT_PATH}/version.Package=$${IMPORT_PATH} -X $${IMPORT_PATH}/version.Version=$${VERSION} -X $${IMPORT_PATH}/version.Revision=$${REF} -GO_BUILD=go build -ldflags "$(LDFLAGS) -B 0x$$(head -c20 /dev/urandom|od -An -tx1 |tr -d ' \n')" -a INSTALL_DIR=debian/containerd %: dh $@ --with systemd +# GO_SRC_PATH are defined in the dockerfile +# VERSION and REF are defined in scripts/build-deb bin/%: ## Create containerd binaries - @mkdir -p bin/ - @echo "$(GO_BUILD) -o $@ $${IMPORT_PATH}/cmd/$*" - @$(GO_BUILD) -o $@ $${IMPORT_PATH}/cmd/$* + @echo "+ make -C $(GO_SRC_PATH) --no-print-directory VERSION=$${VERSION} REVISION=$${REF} $@" + @make -C $(GO_SRC_PATH) --no-print-directory VERSION=$${VERSION} REVISION=$${REF} $@ override_dh_auto_build: bin/containerd bin/containerd-shim bin/ctr @@ -20,7 +17,7 @@ override_dh_auto_install: bin/containerd bin/containerd-shim bin/ctr # set -x so we can see what's being installed where for binary in $^; do \ dest=$$(basename $$binary); \ - (set -x; install -D -m 0755 $$binary $(INSTALL_DIR)/usr/bin/$$dest); \ + (set -x; install -D -m 0755 $(GO_SRC_PATH)/$$binary $(INSTALL_DIR)/usr/bin/$$dest); \ done install -D -m 0644 /root/common/containerd.service $(INSTALL_DIR)/lib/systemd/system/containerd.service install -D -m 0644 /root/common/containerd.toml $(INSTALL_DIR)/etc/containerd/config.toml diff --git a/pkg/containerd/rpm/containerd.spec b/pkg/containerd/rpm/containerd.spec index ac7ecd22..71d1e6da 100644 --- a/pkg/containerd/rpm/containerd.spec +++ b/pkg/containerd/rpm/containerd.spec @@ -23,10 +23,6 @@ AutoReq: no %global debug_package %{nil} %endif -%if ! 0%{?gobuild:1} -%define gobuild(o:) go build -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n')" -a -x %{?**}; -%endif - %define SHA256SUM0 08f057ece7e518b14cce2e9737228a5a899a7b58b78248a03e02f4a6c079eeaf %global import_path github.com/containerd/containerd %global gopath %{getenv:GOPATH} @@ -42,6 +38,7 @@ Source1: containerd.service Source2: containerd.toml BuildRequires: systemd BuildRequires: btrfs-progs-devel +BuildRequires: libseccomp-devel %{?systemd_requires} # https://github.com/containerd/containerd/issues/1508#issuecomment-335566293 Requires: runc >= 1.0.0 @@ -69,10 +66,10 @@ cd %{_topdir}/BUILD go get -u github.com/cpuguy83/go-md2man make man -export LDFLAGS="-X %{import_path}/version.Package=%{import_path} -X %{import_path}/version.Version=%{getenv:VERSION} -X %{import_path}/version.Revision=%{getenv:REF}" -%gobuild -o bin/containerd %{import_path}/cmd/containerd -%gobuild -o bin/containerd-shim %{import_path}/cmd/containerd-shim -%gobuild -o bin/ctr %{import_path}/cmd/ctr +%define make_containerd(o:) make -C /go/src/%{import_path} VERSION=%{getenv:VERSION} REVISION=%{getenv:REF} %{?**}; +%make_containerd bin/containerd +%make_containerd bin/containerd-shim +%make_containerd bin/ctr %install From 48f26bca6dbd307fa195a8163d39037f35d81e5f Mon Sep 17 00:00:00 2001 From: Eli Uriegas Date: Fri, 20 Jul 2018 20:05:21 +0000 Subject: [PATCH 018/128] Make version report correctly on binaries MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Why does this work? `¯\_(ツ)_/¯` Apparently cd'ing into our GOPATH solves everything so... I guess Signed-off-by: Eli Uriegas --- pkg/containerd/rpm/containerd.spec | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/pkg/containerd/rpm/containerd.spec b/pkg/containerd/rpm/containerd.spec index 71d1e6da..6df664df 100644 --- a/pkg/containerd/rpm/containerd.spec +++ b/pkg/containerd/rpm/containerd.spec @@ -66,10 +66,14 @@ cd %{_topdir}/BUILD go get -u github.com/cpuguy83/go-md2man make man -%define make_containerd(o:) make -C /go/src/%{import_path} VERSION=%{getenv:VERSION} REVISION=%{getenv:REF} %{?**}; +pushd /go/src/%{import_path} +%define make_containerd(o:) make VERSION=%{getenv:VERSION} REVISION=%{getenv:REF} %{?**}; %make_containerd bin/containerd +/go/src/%{import_path}/bin/containerd --version %make_containerd bin/containerd-shim %make_containerd bin/ctr +/go/src/%{import_path}/bin/ctr --version +popd %install From 222adea0979583660c6b036d2517205f825766a1 Mon Sep 17 00:00:00 2001 From: Andrew Hsu Date: Fri, 20 Jul 2018 21:54:23 +0000 Subject: [PATCH 019/128] move all rpm build deps into spec file Signed-off-by: Andrew Hsu --- pkg/containerd/rpm/containerd.spec | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pkg/containerd/rpm/containerd.spec b/pkg/containerd/rpm/containerd.spec index 6df664df..74f55484 100644 --- a/pkg/containerd/rpm/containerd.spec +++ b/pkg/containerd/rpm/containerd.spec @@ -36,6 +36,8 @@ URL: https://containerd.io Source0: containerd Source1: containerd.service Source2: containerd.toml +BuildRequires: make +BuildRequires: gcc BuildRequires: systemd BuildRequires: btrfs-progs-devel BuildRequires: libseccomp-devel From aadd933bed7a17b02f5e1bcd8f1e4740164f88f4 Mon Sep 17 00:00:00 2001 From: Andrew Hsu Date: Fri, 20 Jul 2018 22:20:50 +0000 Subject: [PATCH 020/128] move go-md2man to an rpm build dep Signed-off-by: Andrew Hsu --- pkg/containerd/rpm/containerd.spec | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/pkg/containerd/rpm/containerd.spec b/pkg/containerd/rpm/containerd.spec index 6df664df..09043663 100644 --- a/pkg/containerd/rpm/containerd.spec +++ b/pkg/containerd/rpm/containerd.spec @@ -39,6 +39,7 @@ Source2: containerd.toml BuildRequires: systemd BuildRequires: btrfs-progs-devel BuildRequires: libseccomp-devel +BuildRequires: go-md2man %{?systemd_requires} # https://github.com/containerd/containerd/issues/1508#issuecomment-335566293 Requires: runc >= 1.0.0 @@ -62,8 +63,6 @@ cd %{_topdir}/BUILD/ %build cd %{_topdir}/BUILD -# needed for man pages -go get -u github.com/cpuguy83/go-md2man make man pushd /go/src/%{import_path} From 60aad67e25e367350339b756bc2fdf734f8bf77e Mon Sep 17 00:00:00 2001 From: Eli Uriegas Date: Mon, 16 Jul 2018 18:19:46 +0000 Subject: [PATCH 021/128] Change DEB package name to containerd.io Signed-off-by: Eli Uriegas --- pkg/containerd/deb/changelog | 2 +- pkg/containerd/deb/control | 9 ++++++--- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/pkg/containerd/deb/changelog b/pkg/containerd/deb/changelog index 3e3c6901..81f7ba75 100644 --- a/pkg/containerd/deb/changelog +++ b/pkg/containerd/deb/changelog @@ -1,4 +1,4 @@ -containerd (1.1.0-1) UNRELEASED; urgency=medium +containerd.io (1.1.0-1) UNRELEASED; urgency=medium * Initial release (Closes: TODO) diff --git a/pkg/containerd/deb/control b/pkg/containerd/deb/control index 59f10e64..6b87397f 100644 --- a/pkg/containerd/deb/control +++ b/pkg/containerd/deb/control @@ -1,4 +1,4 @@ -Source: containerd +Source: containerd.io Section: devel Priority: optional Maintainer: Containerd team @@ -7,14 +7,17 @@ Build-Depends: btrfs-tools, dh-systemd, pkg-config, libseccomp-dev +Provides: containerd +Conflicts: containerd +Replaces: containerd Standards-Version: 4.1.4 Homepage: https://containerd.io Vcs-Browser: https://github.com/containerd/containerd XS-Go-Import-Path: github.com/containerd/containerd -Package: containerd +Package: containerd.io Architecture: any Depends: ${misc:Depends}, ${shlibs:Depends}, - runc + runc.io Description: An open and reliable container runtime From ce2cd125d7fd0f040f35dae2cbd4c8bc011a0cd6 Mon Sep 17 00:00:00 2001 From: Eli Uriegas Date: Mon, 16 Jul 2018 18:22:06 +0000 Subject: [PATCH 022/128] Change RPM package name to containerd.io Signed-off-by: Eli Uriegas --- pkg/containerd/rpm/containerd.spec | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/pkg/containerd/rpm/containerd.spec b/pkg/containerd/rpm/containerd.spec index 56be3908..00b378dc 100644 --- a/pkg/containerd/rpm/containerd.spec +++ b/pkg/containerd/rpm/containerd.spec @@ -27,7 +27,10 @@ AutoReq: no %global import_path github.com/containerd/containerd %global gopath %{getenv:GOPATH} -Name: containerd +Name: containerd.io +Provides: containerd +Obsoletes: containerd +Conflicts: containerd Version: %{getenv:RPM_VERSION} Release: %{getenv:RPM_RELEASE_VERSION}%{dist} Summary: An industry-standard container runtime @@ -44,7 +47,7 @@ BuildRequires: libseccomp-devel BuildRequires: go-md2man %{?systemd_requires} # https://github.com/containerd/containerd/issues/1508#issuecomment-335566293 -Requires: runc >= 1.0.0 +Requires: runc.io >= 1.0.0 %description containerd is an industry-standard container runtime with an emphasis on From cc0031af5f40f7ee4f1091f57108e43e45786dcf Mon Sep 17 00:00:00 2001 From: Eli Uriegas Date: Mon, 16 Jul 2018 22:36:43 +0000 Subject: [PATCH 023/128] Change INSTALL_DIR to correct one Signed-off-by: Eli Uriegas --- pkg/containerd/deb/rules | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/containerd/deb/rules b/pkg/containerd/deb/rules index 3737fb10..9788dda6 100755 --- a/pkg/containerd/deb/rules +++ b/pkg/containerd/deb/rules @@ -1,6 +1,6 @@ #!/usr/bin/make -f -INSTALL_DIR=debian/containerd +INSTALL_DIR=debian/containerd.io %: dh $@ --with systemd From 49da6dfaf92b1571b7bdbb425e6e215e25d80287 Mon Sep 17 00:00:00 2001 From: Eli Uriegas Date: Mon, 16 Jul 2018 23:00:09 +0000 Subject: [PATCH 024/128] Move provides/conflicts/replaces to correct section Signed-off-by: Eli Uriegas --- pkg/containerd/deb/control | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkg/containerd/deb/control b/pkg/containerd/deb/control index 6b87397f..aa84de49 100644 --- a/pkg/containerd/deb/control +++ b/pkg/containerd/deb/control @@ -7,9 +7,6 @@ Build-Depends: btrfs-tools, dh-systemd, pkg-config, libseccomp-dev -Provides: containerd -Conflicts: containerd -Replaces: containerd Standards-Version: 4.1.4 Homepage: https://containerd.io Vcs-Browser: https://github.com/containerd/containerd @@ -20,4 +17,7 @@ Architecture: any Depends: ${misc:Depends}, ${shlibs:Depends}, runc.io +Provides: containerd +Conflicts: containerd +Replaces: containerd Description: An open and reliable container runtime From 5dda8126067b9b72d882fb89ed575982de015ded Mon Sep 17 00:00:00 2001 From: Eli Uriegas Date: Tue, 7 Aug 2018 21:29:38 +0000 Subject: [PATCH 025/128] Add installer for runc Signed-off-by: Eli Uriegas --- pkg/containerd/deb/control | 3 +-- pkg/containerd/deb/rules | 13 ++++++++++--- pkg/containerd/rpm/containerd.spec | 11 +++++++++-- 3 files changed, 20 insertions(+), 7 deletions(-) diff --git a/pkg/containerd/deb/control b/pkg/containerd/deb/control index aa84de49..55c03857 100644 --- a/pkg/containerd/deb/control +++ b/pkg/containerd/deb/control @@ -15,8 +15,7 @@ XS-Go-Import-Path: github.com/containerd/containerd Package: containerd.io Architecture: any Depends: ${misc:Depends}, - ${shlibs:Depends}, - runc.io + ${shlibs:Depends} Provides: containerd Conflicts: containerd Replaces: containerd diff --git a/pkg/containerd/deb/rules b/pkg/containerd/deb/rules index 9788dda6..5245b7c6 100755 --- a/pkg/containerd/deb/rules +++ b/pkg/containerd/deb/rules @@ -1,6 +1,7 @@ #!/usr/bin/make -f INSTALL_DIR=debian/containerd.io +CONTAINERD_BINARIES=bin/containerd bin/containerd-shim bin/ctr %: dh $@ --with systemd @@ -11,13 +12,19 @@ bin/%: ## Create containerd binaries @echo "+ make -C $(GO_SRC_PATH) --no-print-directory VERSION=$${VERSION} REVISION=$${REF} $@" @make -C $(GO_SRC_PATH) --no-print-directory VERSION=$${VERSION} REVISION=$${REF} $@ -override_dh_auto_build: bin/containerd bin/containerd-shim bin/ctr +bin/containerd-offline-installer: + @echo "+ go build -o bin/containerd-offline-installer github.com/crosbymichael/offline-install" + @go build -o bin/containerd-offline-installer github.com/crosbymichael/offline-install -override_dh_auto_install: bin/containerd bin/containerd-shim bin/ctr +override_dh_auto_build: $(CONTAINERD_BINARIES) + +override_dh_auto_install: $(CONTAINERD_BINARIES) bin/containerd-offline-installer # set -x so we can see what's being installed where - for binary in $^; do \ + for binary in $(CONTAINERD_BINARIES); do \ dest=$$(basename $$binary); \ (set -x; install -D -m 0755 $(GO_SRC_PATH)/$$binary $(INSTALL_DIR)/usr/bin/$$dest); \ done install -D -m 0644 /root/common/containerd.service $(INSTALL_DIR)/lib/systemd/system/containerd.service install -D -m 0644 /root/common/containerd.toml $(INSTALL_DIR)/etc/containerd/config.toml + install -D -m 0644 /root/runc.tar $(INSTALL_DIR)/var/lib/containerd/runc.tar + install -D -m 0755 bin/containerd-offline-installer $(INSTALL_DIR)/usr/libexec/containerd-offline-installer diff --git a/pkg/containerd/rpm/containerd.spec b/pkg/containerd/rpm/containerd.spec index 00b378dc..9463a515 100644 --- a/pkg/containerd/rpm/containerd.spec +++ b/pkg/containerd/rpm/containerd.spec @@ -39,6 +39,7 @@ URL: https://containerd.io Source0: containerd Source1: containerd.service Source2: containerd.toml +Source3: containerd-offline-installer BuildRequires: make BuildRequires: gcc BuildRequires: systemd @@ -46,8 +47,6 @@ BuildRequires: btrfs-progs-devel BuildRequires: libseccomp-devel BuildRequires: go-md2man %{?systemd_requires} -# https://github.com/containerd/containerd/issues/1508#issuecomment-335566293 -Requires: runc.io >= 1.0.0 %description containerd is an industry-standard container runtime with an emphasis on @@ -61,6 +60,7 @@ low-level storage and network attachments, etc. rm -rf %{_topdir}/BUILD/ # Copy over our source code from our gopath to our source directory cp -rf /go/src/%{import_path} %{_topdir}/SOURCES/containerd +cp -rf /go/src/github.com/crosbymichael/offline-install %{_topdir}/SOURCES/containerd-offline-installer # symlink the go source path to our build directory ln -s /go/src/%{import_path} %{_topdir}/BUILD cd %{_topdir}/BUILD/ @@ -79,12 +79,17 @@ pushd /go/src/%{import_path} /go/src/%{import_path}/bin/ctr --version popd +pushd /go/src/github.com/crosbymichael/offline-install +go build -o %{_topdir}/BUILD/bin/containerd-offline-installer main.go +popd %install cd %{_topdir}/BUILD install -D -m 0755 bin/containerd %{buildroot}%{_bindir}/containerd install -D -m 0755 bin/containerd-shim %{buildroot}%{_bindir}/containerd-shim +install -D -m 0755 bin/containerd-offline-installer %{buildroot}%{_libexecdir}/containerd-offline-installer install -D -m 0755 bin/ctr %{buildroot}%{_bindir}/ctr +install -D -m 0644 %{_topdir}/SOURCES/runc.tar %{buildroot}%{_sharedstatedir}/containerd/runc.tar install -D -m 0644 %{S:1} %{buildroot}%{_unitdir}/containerd.service install -D -m 0644 %{S:2} %{buildroot}%{_sysconfdir}/containerd/config.toml @@ -111,9 +116,11 @@ install -p -m 644 man/*.5 $RPM_BUILD_ROOT/%{_mandir}/man5 %doc README.md %{_bindir}/containerd %{_bindir}/containerd-shim +%{_libexecdir}/containerd-offline-installer %{?with_ctr:%{_bindir}/ctr} %{_unitdir}/containerd.service %{_sysconfdir}/containerd +%{_sharedstatedir}/containerd/runc.tar /%{_mandir}/man1/* /%{_mandir}/man5/* %config(noreplace) %{_sysconfdir}/containerd/config.toml From cc5c78c08193c92122d5ba215b2c64a9a72d402f Mon Sep 17 00:00:00 2001 From: Eli Uriegas Date: Wed, 15 Aug 2018 23:39:48 +0000 Subject: [PATCH 026/128] Change location of runc.tar Signed-off-by: Eli Uriegas --- pkg/containerd/deb/rules | 2 +- pkg/containerd/rpm/containerd.spec | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/pkg/containerd/deb/rules b/pkg/containerd/deb/rules index 5245b7c6..6fdaeb61 100755 --- a/pkg/containerd/deb/rules +++ b/pkg/containerd/deb/rules @@ -26,5 +26,5 @@ override_dh_auto_install: $(CONTAINERD_BINARIES) bin/containerd-offline-installe done install -D -m 0644 /root/common/containerd.service $(INSTALL_DIR)/lib/systemd/system/containerd.service install -D -m 0644 /root/common/containerd.toml $(INSTALL_DIR)/etc/containerd/config.toml - install -D -m 0644 /root/runc.tar $(INSTALL_DIR)/var/lib/containerd/runc.tar + install -D -m 0644 /root/runc.tar $(INSTALL_DIR)/var/lib/containerd-offline-installer/runc.tar install -D -m 0755 bin/containerd-offline-installer $(INSTALL_DIR)/usr/libexec/containerd-offline-installer diff --git a/pkg/containerd/rpm/containerd.spec b/pkg/containerd/rpm/containerd.spec index 9463a515..8cc6b79d 100644 --- a/pkg/containerd/rpm/containerd.spec +++ b/pkg/containerd/rpm/containerd.spec @@ -89,7 +89,7 @@ install -D -m 0755 bin/containerd %{buildroot}%{_bindir}/containerd install -D -m 0755 bin/containerd-shim %{buildroot}%{_bindir}/containerd-shim install -D -m 0755 bin/containerd-offline-installer %{buildroot}%{_libexecdir}/containerd-offline-installer install -D -m 0755 bin/ctr %{buildroot}%{_bindir}/ctr -install -D -m 0644 %{_topdir}/SOURCES/runc.tar %{buildroot}%{_sharedstatedir}/containerd/runc.tar +install -D -m 0644 %{_topdir}/SOURCES/runc.tar %{buildroot}%{_sharedstatedir}/containerd-offline-installer/runc.tar install -D -m 0644 %{S:1} %{buildroot}%{_unitdir}/containerd.service install -D -m 0644 %{S:2} %{buildroot}%{_sysconfdir}/containerd/config.toml @@ -120,7 +120,7 @@ install -p -m 644 man/*.5 $RPM_BUILD_ROOT/%{_mandir}/man5 %{?with_ctr:%{_bindir}/ctr} %{_unitdir}/containerd.service %{_sysconfdir}/containerd -%{_sharedstatedir}/containerd/runc.tar +%{_sharedstatedir}/containerd-offline-installer/runc.tar /%{_mandir}/man1/* /%{_mandir}/man5/* %config(noreplace) %{_sysconfdir}/containerd/config.toml From 624c8418d41358c1308e4c97193187c280106565 Mon Sep 17 00:00:00 2001 From: Eli Uriegas Date: Thu, 16 Aug 2018 16:55:40 +0000 Subject: [PATCH 027/128] Bump to v1.2.0-beta.0 Signed-off-by: Eli Uriegas --- pkg/containerd/deb/changelog | 6 +++--- pkg/containerd/rpm/containerd.spec | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/pkg/containerd/deb/changelog b/pkg/containerd/deb/changelog index 81f7ba75..79fcbb76 100644 --- a/pkg/containerd/deb/changelog +++ b/pkg/containerd/deb/changelog @@ -1,5 +1,5 @@ -containerd.io (1.1.0-1) UNRELEASED; urgency=medium +containerd.io (1.2.0~beta.0-1) release; urgency=medium - * Initial release (Closes: TODO) + * Initial release - -- Eli Uriegas Mon, 23 Apr 2018 21:08:40 +0000 + -- Eli Uriegas Thu, 16 Aug 2018 16:54:35 +0000 diff --git a/pkg/containerd/rpm/containerd.spec b/pkg/containerd/rpm/containerd.spec index 8cc6b79d..cdf49b57 100644 --- a/pkg/containerd/rpm/containerd.spec +++ b/pkg/containerd/rpm/containerd.spec @@ -127,5 +127,5 @@ install -p -m 644 man/*.5 $RPM_BUILD_ROOT/%{_mandir}/man5 %changelog -* Tue May 01 2018 Jose Bigio - 1.1.0 -- Initial Package +* Thu Aug 16 2018 Eli Uriegas - 1.2.0-1.0.beta.0-1 +- Intial release From f128203cc7227097b6cb8857658d34b9e1be0e2e Mon Sep 17 00:00:00 2001 From: Eli Uriegas Date: Fri, 17 Aug 2018 22:39:11 +0000 Subject: [PATCH 028/128] Add stuff to build sles Signed-off-by: Eli Uriegas --- pkg/containerd/rpm/containerd.spec | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/pkg/containerd/rpm/containerd.spec b/pkg/containerd/rpm/containerd.spec index cdf49b57..464b0c6a 100644 --- a/pkg/containerd/rpm/containerd.spec +++ b/pkg/containerd/rpm/containerd.spec @@ -32,7 +32,7 @@ Provides: containerd Obsoletes: containerd Conflicts: containerd Version: %{getenv:RPM_VERSION} -Release: %{getenv:RPM_RELEASE_VERSION}%{dist} +Release: %{getenv:RPM_RELEASE_VERSION}%{?dist} Summary: An industry-standard container runtime License: ASL 2.0 URL: https://containerd.io @@ -43,9 +43,15 @@ Source3: containerd-offline-installer BuildRequires: make BuildRequires: gcc BuildRequires: systemd -BuildRequires: btrfs-progs-devel BuildRequires: libseccomp-devel + +%if 0%{?suse_version} +BuildRequires: libbtrfs-devel +%else +BuildRequires: btrfs-progs-devel BuildRequires: go-md2man +%endif + %{?systemd_requires} %description From d92d5f968129409c9274370550c85cffaee3b4a8 Mon Sep 17 00:00:00 2001 From: Andrew Hsu Date: Tue, 28 Aug 2018 22:25:45 +0000 Subject: [PATCH 029/128] bump ver 1.2.0 beta.2 Signed-off-by: Andrew Hsu --- pkg/containerd/deb/changelog | 6 ++++++ pkg/containerd/rpm/containerd.spec | 3 +++ 2 files changed, 9 insertions(+) diff --git a/pkg/containerd/deb/changelog b/pkg/containerd/deb/changelog index 79fcbb76..750db772 100644 --- a/pkg/containerd/deb/changelog +++ b/pkg/containerd/deb/changelog @@ -1,3 +1,9 @@ +containerd.io (1.2.0~beta.2-1) release; urgency=medium + + * containerd 1.2.0 beta.2 release + + -- Andrew Hsu Tue, 28 Aug 2018 22:21:48 +0000 + containerd.io (1.2.0~beta.0-1) release; urgency=medium * Initial release diff --git a/pkg/containerd/rpm/containerd.spec b/pkg/containerd/rpm/containerd.spec index 464b0c6a..9bc3d74f 100644 --- a/pkg/containerd/rpm/containerd.spec +++ b/pkg/containerd/rpm/containerd.spec @@ -133,5 +133,8 @@ install -p -m 644 man/*.5 $RPM_BUILD_ROOT/%{_mandir}/man5 %changelog +* Tue Aug 28 2018 Andrew Hsu - 1.2.0-1.0.beta.2-1 +- containerd 1.2.0 beta.2 + * Thu Aug 16 2018 Eli Uriegas - 1.2.0-1.0.beta.0-1 - Intial release From 116da7423860c7385b5947f69abc83e27d5f72bf Mon Sep 17 00:00:00 2001 From: Eli Uriegas Date: Wed, 5 Sep 2018 12:58:59 +0000 Subject: [PATCH 030/128] Hardcode libexec paths and var lib paths These macros report differently on sles making these packages essentially DOA for suse based distributions. Signed-off-by: Eli Uriegas --- pkg/containerd/rpm/containerd.spec | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/pkg/containerd/rpm/containerd.spec b/pkg/containerd/rpm/containerd.spec index 9bc3d74f..43591377 100644 --- a/pkg/containerd/rpm/containerd.spec +++ b/pkg/containerd/rpm/containerd.spec @@ -93,9 +93,9 @@ popd cd %{_topdir}/BUILD install -D -m 0755 bin/containerd %{buildroot}%{_bindir}/containerd install -D -m 0755 bin/containerd-shim %{buildroot}%{_bindir}/containerd-shim -install -D -m 0755 bin/containerd-offline-installer %{buildroot}%{_libexecdir}/containerd-offline-installer +install -D -m 0755 bin/containerd-offline-installer %{buildroot}/usr/libexec/containerd-offline-installer install -D -m 0755 bin/ctr %{buildroot}%{_bindir}/ctr -install -D -m 0644 %{_topdir}/SOURCES/runc.tar %{buildroot}%{_sharedstatedir}/containerd-offline-installer/runc.tar +install -D -m 0644 %{_topdir}/SOURCES/runc.tar %{buildroot}/var/lib/containerd-offline-installer/runc.tar install -D -m 0644 %{S:1} %{buildroot}%{_unitdir}/containerd.service install -D -m 0644 %{S:2} %{buildroot}%{_sysconfdir}/containerd/config.toml @@ -122,11 +122,11 @@ install -p -m 644 man/*.5 $RPM_BUILD_ROOT/%{_mandir}/man5 %doc README.md %{_bindir}/containerd %{_bindir}/containerd-shim -%{_libexecdir}/containerd-offline-installer +/usr/libexec/containerd-offline-installer %{?with_ctr:%{_bindir}/ctr} %{_unitdir}/containerd.service %{_sysconfdir}/containerd -%{_sharedstatedir}/containerd-offline-installer/runc.tar +/var/lib/containerd-offline-installer/runc.tar /%{_mandir}/man1/* /%{_mandir}/man5/* %config(noreplace) %{_sysconfdir}/containerd/config.toml From 82b33b9a7d5c3690eb8a5f80d2b0e42fec950937 Mon Sep 17 00:00:00 2001 From: Eli Uriegas Date: Wed, 5 Sep 2018 13:01:04 +0000 Subject: [PATCH 031/128] Bump RPM version to 1.2.0-1.2.beta.2-2 Signed-off-by: Eli Uriegas --- pkg/containerd/rpm/containerd.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/pkg/containerd/rpm/containerd.spec b/pkg/containerd/rpm/containerd.spec index 43591377..b43597c9 100644 --- a/pkg/containerd/rpm/containerd.spec +++ b/pkg/containerd/rpm/containerd.spec @@ -133,7 +133,10 @@ install -p -m 644 man/*.5 $RPM_BUILD_ROOT/%{_mandir}/man5 %changelog -* Tue Aug 28 2018 Andrew Hsu - 1.2.0-1.0.beta.2-1 +* Wed Sep 05 2018 Eli Uriegas - 1.2.0-1.2.beta.2-2 +- Hardcoded paths for libexec and var lib considering the macros are different on SUSE based distributions + +* Tue Aug 28 2018 Andrew Hsu - 1.2.0-1.2.beta.2-1 - containerd 1.2.0 beta.2 * Thu Aug 16 2018 Eli Uriegas - 1.2.0-1.0.beta.0-1 From 445d8b8317eee6ac4c789e0b443c1e518171d86a Mon Sep 17 00:00:00 2001 From: Eli Uriegas Date: Wed, 5 Sep 2018 13:29:06 +0000 Subject: [PATCH 032/128] Update rpm version to include actual rpm release This was a bug that if we wanted to do just a release of an rpm without code changes to the underlying containerd we really couldn't. This adds an extra number at the end of RPM_RELEASE so that it gets numbered correctly upon release. Signed-off-by: Eli Uriegas --- pkg/containerd/rpm/containerd.spec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkg/containerd/rpm/containerd.spec b/pkg/containerd/rpm/containerd.spec index b43597c9..eebc0f5d 100644 --- a/pkg/containerd/rpm/containerd.spec +++ b/pkg/containerd/rpm/containerd.spec @@ -133,10 +133,10 @@ install -p -m 644 man/*.5 $RPM_BUILD_ROOT/%{_mandir}/man5 %changelog -* Wed Sep 05 2018 Eli Uriegas - 1.2.0-1.2.beta.2-2 +* Wed Sep 05 2018 Eli Uriegas - 1.2.0-1.2.beta.2.2 - Hardcoded paths for libexec and var lib considering the macros are different on SUSE based distributions -* Tue Aug 28 2018 Andrew Hsu - 1.2.0-1.2.beta.2-1 +* Tue Aug 28 2018 Andrew Hsu - 1.2.0-1.2.beta.2.1 - containerd 1.2.0 beta.2 * Thu Aug 16 2018 Eli Uriegas - 1.2.0-1.0.beta.0-1 From 184d64ddd9369bc925f2391eee344cee56f74c3c Mon Sep 17 00:00:00 2001 From: Eli Uriegas Date: Fri, 7 Sep 2018 09:23:31 +0000 Subject: [PATCH 033/128] Remove runc image, removes offline installer Signed-off-by: Eli Uriegas --- pkg/containerd/deb/rules | 8 +------- pkg/containerd/rpm/containerd.spec | 9 --------- 2 files changed, 1 insertion(+), 16 deletions(-) diff --git a/pkg/containerd/deb/rules b/pkg/containerd/deb/rules index 6fdaeb61..b8eb4390 100755 --- a/pkg/containerd/deb/rules +++ b/pkg/containerd/deb/rules @@ -12,13 +12,9 @@ bin/%: ## Create containerd binaries @echo "+ make -C $(GO_SRC_PATH) --no-print-directory VERSION=$${VERSION} REVISION=$${REF} $@" @make -C $(GO_SRC_PATH) --no-print-directory VERSION=$${VERSION} REVISION=$${REF} $@ -bin/containerd-offline-installer: - @echo "+ go build -o bin/containerd-offline-installer github.com/crosbymichael/offline-install" - @go build -o bin/containerd-offline-installer github.com/crosbymichael/offline-install - override_dh_auto_build: $(CONTAINERD_BINARIES) -override_dh_auto_install: $(CONTAINERD_BINARIES) bin/containerd-offline-installer +override_dh_auto_install: $(CONTAINERD_BINARIES) # set -x so we can see what's being installed where for binary in $(CONTAINERD_BINARIES); do \ dest=$$(basename $$binary); \ @@ -26,5 +22,3 @@ override_dh_auto_install: $(CONTAINERD_BINARIES) bin/containerd-offline-installe done install -D -m 0644 /root/common/containerd.service $(INSTALL_DIR)/lib/systemd/system/containerd.service install -D -m 0644 /root/common/containerd.toml $(INSTALL_DIR)/etc/containerd/config.toml - install -D -m 0644 /root/runc.tar $(INSTALL_DIR)/var/lib/containerd-offline-installer/runc.tar - install -D -m 0755 bin/containerd-offline-installer $(INSTALL_DIR)/usr/libexec/containerd-offline-installer diff --git a/pkg/containerd/rpm/containerd.spec b/pkg/containerd/rpm/containerd.spec index eebc0f5d..6c5c831a 100644 --- a/pkg/containerd/rpm/containerd.spec +++ b/pkg/containerd/rpm/containerd.spec @@ -39,7 +39,6 @@ URL: https://containerd.io Source0: containerd Source1: containerd.service Source2: containerd.toml -Source3: containerd-offline-installer BuildRequires: make BuildRequires: gcc BuildRequires: systemd @@ -66,7 +65,6 @@ low-level storage and network attachments, etc. rm -rf %{_topdir}/BUILD/ # Copy over our source code from our gopath to our source directory cp -rf /go/src/%{import_path} %{_topdir}/SOURCES/containerd -cp -rf /go/src/github.com/crosbymichael/offline-install %{_topdir}/SOURCES/containerd-offline-installer # symlink the go source path to our build directory ln -s /go/src/%{import_path} %{_topdir}/BUILD cd %{_topdir}/BUILD/ @@ -85,17 +83,12 @@ pushd /go/src/%{import_path} /go/src/%{import_path}/bin/ctr --version popd -pushd /go/src/github.com/crosbymichael/offline-install -go build -o %{_topdir}/BUILD/bin/containerd-offline-installer main.go -popd %install cd %{_topdir}/BUILD install -D -m 0755 bin/containerd %{buildroot}%{_bindir}/containerd install -D -m 0755 bin/containerd-shim %{buildroot}%{_bindir}/containerd-shim -install -D -m 0755 bin/containerd-offline-installer %{buildroot}/usr/libexec/containerd-offline-installer install -D -m 0755 bin/ctr %{buildroot}%{_bindir}/ctr -install -D -m 0644 %{_topdir}/SOURCES/runc.tar %{buildroot}/var/lib/containerd-offline-installer/runc.tar install -D -m 0644 %{S:1} %{buildroot}%{_unitdir}/containerd.service install -D -m 0644 %{S:2} %{buildroot}%{_sysconfdir}/containerd/config.toml @@ -122,11 +115,9 @@ install -p -m 644 man/*.5 $RPM_BUILD_ROOT/%{_mandir}/man5 %doc README.md %{_bindir}/containerd %{_bindir}/containerd-shim -/usr/libexec/containerd-offline-installer %{?with_ctr:%{_bindir}/ctr} %{_unitdir}/containerd.service %{_sysconfdir}/containerd -/var/lib/containerd-offline-installer/runc.tar /%{_mandir}/man1/* /%{_mandir}/man5/* %config(noreplace) %{_sysconfdir}/containerd/config.toml From 408d8f80d29d3caa392cf7362cd1edfa7958e38c Mon Sep 17 00:00:00 2001 From: Eli Uriegas Date: Fri, 7 Sep 2018 14:07:42 +0000 Subject: [PATCH 034/128] Add in runc as something we build and package May be split off into it's own thing in the future, /shrug Signed-off-by: Eli Uriegas --- pkg/containerd/deb/rules | 10 ++++++++-- pkg/containerd/rpm/containerd.spec | 9 +++++++++ 2 files changed, 17 insertions(+), 2 deletions(-) diff --git a/pkg/containerd/deb/rules b/pkg/containerd/deb/rules index b8eb4390..7f69ebd0 100755 --- a/pkg/containerd/deb/rules +++ b/pkg/containerd/deb/rules @@ -11,14 +11,20 @@ CONTAINERD_BINARIES=bin/containerd bin/containerd-shim bin/ctr bin/%: ## Create containerd binaries @echo "+ make -C $(GO_SRC_PATH) --no-print-directory VERSION=$${VERSION} REVISION=$${REF} $@" @make -C $(GO_SRC_PATH) --no-print-directory VERSION=$${VERSION} REVISION=$${REF} $@ + mkdir -p $(@D) + mv -v $(GO_SRC_PATH)/$@ $@ + +bin/runc: + make -C /go/src/github.com/opencontainers/runc runc && mv -v /go/src/github.com/opencontainers/runc/runc $@ override_dh_auto_build: $(CONTAINERD_BINARIES) -override_dh_auto_install: $(CONTAINERD_BINARIES) +override_dh_auto_install: $(CONTAINERD_BINARIES) bin/runc # set -x so we can see what's being installed where for binary in $(CONTAINERD_BINARIES); do \ dest=$$(basename $$binary); \ - (set -x; install -D -m 0755 $(GO_SRC_PATH)/$$binary $(INSTALL_DIR)/usr/bin/$$dest); \ + (set -x; install -D -m 0755 $$binary $(INSTALL_DIR)/usr/bin/$$dest); \ done + install -D -m 0755 bin/runc $(INSTALL_DIR)/usr/sbin/runc install -D -m 0644 /root/common/containerd.service $(INSTALL_DIR)/lib/systemd/system/containerd.service install -D -m 0644 /root/common/containerd.toml $(INSTALL_DIR)/etc/containerd/config.toml diff --git a/pkg/containerd/rpm/containerd.spec b/pkg/containerd/rpm/containerd.spec index 6c5c831a..aec39fba 100644 --- a/pkg/containerd/rpm/containerd.spec +++ b/pkg/containerd/rpm/containerd.spec @@ -39,6 +39,7 @@ URL: https://containerd.io Source0: containerd Source1: containerd.service Source2: containerd.toml +Source3: runc BuildRequires: make BuildRequires: gcc BuildRequires: systemd @@ -67,6 +68,8 @@ rm -rf %{_topdir}/BUILD/ cp -rf /go/src/%{import_path} %{_topdir}/SOURCES/containerd # symlink the go source path to our build directory ln -s /go/src/%{import_path} %{_topdir}/BUILD +# Copy over our source code from our gopath to our source directory +cp -rf /go/src/github.com/opencontainers/runc %{_topdir}/SOURCES/runc cd %{_topdir}/BUILD/ @@ -83,6 +86,10 @@ pushd /go/src/%{import_path} /go/src/%{import_path}/bin/ctr --version popd +pushd /go/src/github.com/opencontainers/runc +make runc +popd + %install cd %{_topdir}/BUILD @@ -91,6 +98,7 @@ install -D -m 0755 bin/containerd-shim %{buildroot}%{_bindir}/containerd-shim install -D -m 0755 bin/ctr %{buildroot}%{_bindir}/ctr install -D -m 0644 %{S:1} %{buildroot}%{_unitdir}/containerd.service install -D -m 0644 %{S:2} %{buildroot}%{_sysconfdir}/containerd/config.toml +install -D -m 0755 /go/src/github.com/opencontainers/runc/runc %{buildroot}%{_sbindir}/runc # install manpages install -d %{buildroot}%{_mandir}/man1 @@ -116,6 +124,7 @@ install -p -m 644 man/*.5 $RPM_BUILD_ROOT/%{_mandir}/man5 %{_bindir}/containerd %{_bindir}/containerd-shim %{?with_ctr:%{_bindir}/ctr} +%{_sbindir}/runc %{_unitdir}/containerd.service %{_sysconfdir}/containerd /%{_mandir}/man1/* From 950d59d5cd6619ae92bc784e7dd900cd1a01f7cc Mon Sep 17 00:00:00 2001 From: Eli Uriegas Date: Fri, 14 Sep 2018 10:23:25 -0700 Subject: [PATCH 035/128] Increment containerd version for deb, add changelog Signed-off-by: Eli Uriegas --- pkg/containerd/deb/changelog | 6 ++++++ pkg/containerd/rpm/containerd.spec | 1 + 2 files changed, 7 insertions(+) diff --git a/pkg/containerd/deb/changelog b/pkg/containerd/deb/changelog index 750db772..5c9e38a8 100644 --- a/pkg/containerd/deb/changelog +++ b/pkg/containerd/deb/changelog @@ -1,3 +1,9 @@ +containerd.io (1.2.0~beta.2-2) release; urgency=medium + + * Removed offline installer for runc, package as a binary instead + + -- Eli Uriegas Fri, 14 Sep 2018 09:22:21 -0700 + containerd.io (1.2.0~beta.2-1) release; urgency=medium * containerd 1.2.0 beta.2 release diff --git a/pkg/containerd/rpm/containerd.spec b/pkg/containerd/rpm/containerd.spec index aec39fba..99c04402 100644 --- a/pkg/containerd/rpm/containerd.spec +++ b/pkg/containerd/rpm/containerd.spec @@ -135,6 +135,7 @@ install -p -m 644 man/*.5 $RPM_BUILD_ROOT/%{_mandir}/man5 %changelog * Wed Sep 05 2018 Eli Uriegas - 1.2.0-1.2.beta.2.2 - Hardcoded paths for libexec and var lib considering the macros are different on SUSE based distributions +- Removed offline installer for runc, package as a binary instead * Tue Aug 28 2018 Andrew Hsu - 1.2.0-1.2.beta.2.1 - containerd 1.2.0 beta.2 From 7a316035d6d935aa6a27fc30f917d4cbdf299af3 Mon Sep 17 00:00:00 2001 From: Eli Uriegas Date: Tue, 25 Sep 2018 21:15:10 +0000 Subject: [PATCH 036/128] bump to 1.2.0-rc.0 Signed-off-by: Eli Uriegas --- pkg/containerd/deb/changelog | 6 ++++++ pkg/containerd/rpm/containerd.spec | 3 +++ 2 files changed, 9 insertions(+) diff --git a/pkg/containerd/deb/changelog b/pkg/containerd/deb/changelog index 5c9e38a8..b22160c2 100644 --- a/pkg/containerd/deb/changelog +++ b/pkg/containerd/deb/changelog @@ -1,3 +1,9 @@ +containerd.io (1.2.0~rc.0-1) release; urgency=medium + + * containerd 1.2.0-rc.0 release + + -- Eli Uriegas Tue, 25 Sep 2018 20:36:38 +0000 + containerd.io (1.2.0~beta.2-2) release; urgency=medium * Removed offline installer for runc, package as a binary instead diff --git a/pkg/containerd/rpm/containerd.spec b/pkg/containerd/rpm/containerd.spec index 99c04402..18761adc 100644 --- a/pkg/containerd/rpm/containerd.spec +++ b/pkg/containerd/rpm/containerd.spec @@ -133,6 +133,9 @@ install -p -m 644 man/*.5 $RPM_BUILD_ROOT/%{_mandir}/man5 %changelog +* Tue Sep 25 2018 Eli Uriegas - 1.2.0-2.0.rc.0.1 +- containerd 1.2.0-rc.0 release + * Wed Sep 05 2018 Eli Uriegas - 1.2.0-1.2.beta.2.2 - Hardcoded paths for libexec and var lib considering the macros are different on SUSE based distributions - Removed offline installer for runc, package as a binary instead From f851a9104e6264d468ba4c14aa2f388d8c7ab761 Mon Sep 17 00:00:00 2001 From: Eli Uriegas Date: Tue, 25 Sep 2018 21:45:51 +0000 Subject: [PATCH 037/128] Compile runc with 'seccomp apparmor selinux' Signed-off-by: Eli Uriegas --- pkg/containerd/deb/rules | 2 +- pkg/containerd/rpm/containerd.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/pkg/containerd/deb/rules b/pkg/containerd/deb/rules index 7f69ebd0..2ec53999 100755 --- a/pkg/containerd/deb/rules +++ b/pkg/containerd/deb/rules @@ -15,7 +15,7 @@ bin/%: ## Create containerd binaries mv -v $(GO_SRC_PATH)/$@ $@ bin/runc: - make -C /go/src/github.com/opencontainers/runc runc && mv -v /go/src/github.com/opencontainers/runc/runc $@ + make -C /go/src/github.com/opencontainers/runc BUILDTAGS='seccomp apparmor selinux' runc && mv -v /go/src/github.com/opencontainers/runc/runc $@ override_dh_auto_build: $(CONTAINERD_BINARIES) diff --git a/pkg/containerd/rpm/containerd.spec b/pkg/containerd/rpm/containerd.spec index 99c04402..0ea459ae 100644 --- a/pkg/containerd/rpm/containerd.spec +++ b/pkg/containerd/rpm/containerd.spec @@ -87,7 +87,7 @@ pushd /go/src/%{import_path} popd pushd /go/src/github.com/opencontainers/runc -make runc +make BUILDTAGS='seccomp apparmor selinux' runc popd From 5329dd4654d5e4f6bfbeee4e6044683d5ab14df1 Mon Sep 17 00:00:00 2001 From: Eli Uriegas Date: Tue, 9 Oct 2018 20:26:55 +0000 Subject: [PATCH 038/128] Add 1.2.0-rc.1 release Signed-off-by: Eli Uriegas --- pkg/containerd/deb/changelog | 6 ++++++ pkg/containerd/rpm/containerd.spec | 3 +++ 2 files changed, 9 insertions(+) diff --git a/pkg/containerd/deb/changelog b/pkg/containerd/deb/changelog index b22160c2..eaddd349 100644 --- a/pkg/containerd/deb/changelog +++ b/pkg/containerd/deb/changelog @@ -1,3 +1,9 @@ +containerd.io (1.2.0~rc.1-1) release; urgency=medium + + * containerd 1.2.0-rc.1 release + + -- Eli Uriegas Fri, 05 Oct 2018 16:54:33 +0000 + containerd.io (1.2.0~rc.0-1) release; urgency=medium * containerd 1.2.0-rc.0 release diff --git a/pkg/containerd/rpm/containerd.spec b/pkg/containerd/rpm/containerd.spec index c5b8cd09..7c247ee1 100644 --- a/pkg/containerd/rpm/containerd.spec +++ b/pkg/containerd/rpm/containerd.spec @@ -133,6 +133,9 @@ install -p -m 644 man/*.5 $RPM_BUILD_ROOT/%{_mandir}/man5 %changelog +* Fri Oct 05 2018 Eli Uriegas - 1.2.0-2.1.rc.1.1 +- containerd 1.2.0-rc.1 release + * Tue Sep 25 2018 Eli Uriegas - 1.2.0-2.0.rc.0.1 - containerd 1.2.0-rc.0 release From 5ca6dab0a14f0d97e8315647ee522f35cfe9146b Mon Sep 17 00:00:00 2001 From: Eli Uriegas Date: Tue, 16 Oct 2018 18:27:51 +0000 Subject: [PATCH 039/128] Add a changelog note about the containerd changes Signed-off-by: Eli Uriegas --- pkg/containerd/deb/changelog | 1 + pkg/containerd/rpm/containerd.spec | 1 + 2 files changed, 2 insertions(+) diff --git a/pkg/containerd/deb/changelog b/pkg/containerd/deb/changelog index eaddd349..b08c0fd0 100644 --- a/pkg/containerd/deb/changelog +++ b/pkg/containerd/deb/changelog @@ -1,6 +1,7 @@ containerd.io (1.2.0~rc.1-1) release; urgency=medium * containerd 1.2.0-rc.1 release + * Set Tasks=infinity in the systemd service file -- Eli Uriegas Fri, 05 Oct 2018 16:54:33 +0000 diff --git a/pkg/containerd/rpm/containerd.spec b/pkg/containerd/rpm/containerd.spec index 7c247ee1..87bdc052 100644 --- a/pkg/containerd/rpm/containerd.spec +++ b/pkg/containerd/rpm/containerd.spec @@ -135,6 +135,7 @@ install -p -m 644 man/*.5 $RPM_BUILD_ROOT/%{_mandir}/man5 %changelog * Fri Oct 05 2018 Eli Uriegas - 1.2.0-2.1.rc.1.1 - containerd 1.2.0-rc.1 release +- Set Tasks=infinity in the systemd service file * Tue Sep 25 2018 Eli Uriegas - 1.2.0-2.0.rc.0.1 - containerd 1.2.0-rc.0 release From 3839e7dcc6598d4068e48e0f267aece134317bfd Mon Sep 17 00:00:00 2001 From: Eli Uriegas Date: Tue, 16 Oct 2018 20:57:39 +0000 Subject: [PATCH 040/128] containerd 1.2.0-rc.2 release Signed-off-by: Eli Uriegas --- pkg/containerd/deb/changelog | 6 ++++++ pkg/containerd/rpm/containerd.spec | 3 +++ 2 files changed, 9 insertions(+) diff --git a/pkg/containerd/deb/changelog b/pkg/containerd/deb/changelog index b08c0fd0..f5e2d984 100644 --- a/pkg/containerd/deb/changelog +++ b/pkg/containerd/deb/changelog @@ -1,3 +1,9 @@ +containerd.io (1.2.0~rc.2-1) release; urgency=medium + + * containerd 1.2.0-rc.2 release + + -- Eli Uriegas Tue, 16 Oct 2018 20:56:54 +0000 + containerd.io (1.2.0~rc.1-1) release; urgency=medium * containerd 1.2.0-rc.1 release diff --git a/pkg/containerd/rpm/containerd.spec b/pkg/containerd/rpm/containerd.spec index 87bdc052..4165c6f4 100644 --- a/pkg/containerd/rpm/containerd.spec +++ b/pkg/containerd/rpm/containerd.spec @@ -133,6 +133,9 @@ install -p -m 644 man/*.5 $RPM_BUILD_ROOT/%{_mandir}/man5 %changelog +* Tue Oct 16 2018 Eli Uriegas - 1.2.0-2.2.rc.2.1 +- containerd 1.2.0-rc.2 release + * Fri Oct 05 2018 Eli Uriegas - 1.2.0-2.1.rc.1.1 - containerd 1.2.0-rc.1 release - Set Tasks=infinity in the systemd service file From 84197395d5e9afe3f19021b8dd88ad23242db978 Mon Sep 17 00:00:00 2001 From: Eli Uriegas Date: Mon, 5 Nov 2018 20:05:35 +0000 Subject: [PATCH 041/128] Bump changelogs for 1.2.0 release Signed-off-by: Eli Uriegas --- pkg/containerd/deb/changelog | 6 ++++++ pkg/containerd/rpm/containerd.spec | 3 +++ 2 files changed, 9 insertions(+) diff --git a/pkg/containerd/deb/changelog b/pkg/containerd/deb/changelog index f5e2d984..927c0926 100644 --- a/pkg/containerd/deb/changelog +++ b/pkg/containerd/deb/changelog @@ -1,3 +1,9 @@ +containerd.io (1.2.0-1) release; urgency=medium + + * containerd 1.2.0 release + + -- Eli Uriegas Mon, 05 Nov 2018 20:04:34 +0000 + containerd.io (1.2.0~rc.2-1) release; urgency=medium * containerd 1.2.0-rc.2 release diff --git a/pkg/containerd/rpm/containerd.spec b/pkg/containerd/rpm/containerd.spec index 4165c6f4..4b4d61ec 100644 --- a/pkg/containerd/rpm/containerd.spec +++ b/pkg/containerd/rpm/containerd.spec @@ -133,6 +133,9 @@ install -p -m 644 man/*.5 $RPM_BUILD_ROOT/%{_mandir}/man5 %changelog +* Mon Nov 05 2018 Eli Uriegas - 1.2.0-3.1 +- containerd 1.2.0 release + * Tue Oct 16 2018 Eli Uriegas - 1.2.0-2.2.rc.2.1 - containerd 1.2.0-rc.2 release From 9ec7832ed0f7160271cf59aae7ef1458cf3d3525 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Mon, 12 Nov 2018 15:04:45 +0100 Subject: [PATCH 042/128] Mark package as "providing", "conflicting" and "obsoletes" runc Some distros ship containerd and runc as separate packages, and because of this, installation of this package fails if the distro-provided runc package is installed: The following additional packages will be installed: containerd.io The following NEW packages will be installed containerd.io 0 to upgrade, 1 to newly install, 0 to remove and 1 not to upgrade. 1 not fully installed or removed. Need to get 0 B/19.9 MB of archives. After this operation, 87.6 MB of additional disk space will be used. Do you want to continue? [Y/n] Y (Reading database ... 523620 files and directories currently installed.) Preparing to unpack .../containerd.io_1.2.0-1_amd64.deb ... Unpacking containerd.io (1.2.0-1) ... dpkg: error processing archive /var/cache/apt/archives/containerd.io_1.2.0-1_amd64.deb (--unpack): trying to overwrite '/usr/sbin/runc', which is also in package runc 1.0.0~rc2+docker1.13.1-0ubuntu1~16.04.1 dpkg-deb: error: subprocess paste was killed by signal (Broken pipe) Errors were encountered while processing: /var/cache/apt/archives/containerd.io_1.2.0-1_amd64.deb E: Sub-process /usr/bin/dpkg returned an error code (1) This patch indicates that this package; - provides runc - conflicts with other runc packages - obsoletes existing runc packages We should verify if this will cause issues in future, once runc becomes stable (reaches 1.0), at which point we may want to allow depending on the distro packages and/or put runc in its own package. Signed-off-by: Sebastiaan van Stijn --- pkg/containerd/deb/control | 6 +++--- pkg/containerd/rpm/containerd.spec | 8 ++++++++ 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/pkg/containerd/deb/control b/pkg/containerd/deb/control index 55c03857..a7788de7 100644 --- a/pkg/containerd/deb/control +++ b/pkg/containerd/deb/control @@ -16,7 +16,7 @@ Package: containerd.io Architecture: any Depends: ${misc:Depends}, ${shlibs:Depends} -Provides: containerd -Conflicts: containerd -Replaces: containerd +Provides: containerd, runc +Conflicts: containerd, runc +Replaces: containerd, runc Description: An open and reliable container runtime diff --git a/pkg/containerd/rpm/containerd.spec b/pkg/containerd/rpm/containerd.spec index 4b4d61ec..6ac7d160 100644 --- a/pkg/containerd/rpm/containerd.spec +++ b/pkg/containerd/rpm/containerd.spec @@ -29,8 +29,16 @@ AutoReq: no Name: containerd.io Provides: containerd +Provides: runc + +# Obsolete packages Obsoletes: containerd +Obsoletes: runc + +# Conflicting packages Conflicts: containerd +Conflicts: runc + Version: %{getenv:RPM_VERSION} Release: %{getenv:RPM_RELEASE_VERSION}%{?dist} Summary: An industry-standard container runtime From 5e1bd7c1cf0647629ab6586284b65d3684aacacf Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Wed, 21 Nov 2018 22:59:07 +0100 Subject: [PATCH 043/128] Release contaienrd 1.2.1-rc.0 Signed-off-by: Sebastiaan van Stijn --- pkg/containerd/deb/changelog | 7 +++++++ pkg/containerd/rpm/containerd.spec | 4 ++++ 2 files changed, 11 insertions(+) diff --git a/pkg/containerd/deb/changelog b/pkg/containerd/deb/changelog index 927c0926..d759696b 100644 --- a/pkg/containerd/deb/changelog +++ b/pkg/containerd/deb/changelog @@ -1,3 +1,10 @@ +containerd.io (1.2.1~rc.0.1) release; urgency=medium + + * containerd 1.2.1-rc.0 release + * update runc to 10d38b660a77168360df3522881e2dc2be5056bd + + -- Sebastiaan van Stijn Tue, 27 Nov 2018 19:28:52 +0000 + containerd.io (1.2.0-1) release; urgency=medium * containerd 1.2.0 release diff --git a/pkg/containerd/rpm/containerd.spec b/pkg/containerd/rpm/containerd.spec index 6ac7d160..1b7b757a 100644 --- a/pkg/containerd/rpm/containerd.spec +++ b/pkg/containerd/rpm/containerd.spec @@ -141,6 +141,10 @@ install -p -m 644 man/*.5 $RPM_BUILD_ROOT/%{_mandir}/man5 %changelog +* Tue Nov 27 2018 Sebastiaan van Stijn - v1.2.1-2.0.rc.0.1 +- containerd 1.2.1-rc.0 release +- update runc to 10d38b660a77168360df3522881e2dc2be5056bd + * Mon Nov 05 2018 Eli Uriegas - 1.2.0-3.1 - containerd 1.2.0 release From 8834b3b37d5a37875429b0ab19153f1d063c94e9 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Thu, 29 Nov 2018 18:23:46 +0100 Subject: [PATCH 044/128] Do not enable kmem on RHEL7 kernels In case we're building for RHEL7 kernel, which has non-working and broken kernel memory controller, add 'nokmem' build tag so that runc never enables kmem accounting. For more info, see the following runc commit: opencontainers/runc@6a2c155 Signed-off-by: Sebastiaan van Stijn --- pkg/containerd/rpm/containerd.spec | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/pkg/containerd/rpm/containerd.spec b/pkg/containerd/rpm/containerd.spec index 1b7b757a..fb18695a 100644 --- a/pkg/containerd/rpm/containerd.spec +++ b/pkg/containerd/rpm/containerd.spec @@ -26,6 +26,7 @@ AutoReq: no %define SHA256SUM0 08f057ece7e518b14cce2e9737228a5a899a7b58b78248a03e02f4a6c079eeaf %global import_path github.com/containerd/containerd %global gopath %{getenv:GOPATH} +%global runc_nokmem %{getenv:RUNC_NOKMEM} Name: containerd.io Provides: containerd @@ -95,7 +96,7 @@ pushd /go/src/%{import_path} popd pushd /go/src/github.com/opencontainers/runc -make BUILDTAGS='seccomp apparmor selinux' runc +make BUILDTAGS='seccomp apparmor selinux %{runc_nokmem}' runc popd From 3feaabe4af09909448332e5a74ac4eaac6139aff Mon Sep 17 00:00:00 2001 From: Eli Uriegas Date: Thu, 6 Dec 2018 17:37:48 +0000 Subject: [PATCH 045/128] Remove go-md2man as a BuildRequires, prefer go get go-md2man mysteriously disappeared from the centos 7 package repositories, let's just install it using go just to be safe. Signed-off-by: Eli Uriegas --- pkg/containerd/rpm/containerd.spec | 1 - 1 file changed, 1 deletion(-) diff --git a/pkg/containerd/rpm/containerd.spec b/pkg/containerd/rpm/containerd.spec index fb18695a..7b4f543e 100644 --- a/pkg/containerd/rpm/containerd.spec +++ b/pkg/containerd/rpm/containerd.spec @@ -58,7 +58,6 @@ BuildRequires: libseccomp-devel BuildRequires: libbtrfs-devel %else BuildRequires: btrfs-progs-devel -BuildRequires: go-md2man %endif %{?systemd_requires} From a955c6e778a5c3af93fae99edd501987d97ea027 Mon Sep 17 00:00:00 2001 From: Andrew Hsu Date: Thu, 6 Dec 2018 00:51:27 +0000 Subject: [PATCH 046/128] bump ver for containerd 1.2.1 release Signed-off-by: Andrew Hsu --- pkg/containerd/deb/changelog | 6 ++++++ pkg/containerd/rpm/containerd.spec | 3 +++ 2 files changed, 9 insertions(+) diff --git a/pkg/containerd/deb/changelog b/pkg/containerd/deb/changelog index d759696b..36c7241c 100644 --- a/pkg/containerd/deb/changelog +++ b/pkg/containerd/deb/changelog @@ -1,3 +1,9 @@ +containerd.io (1.2.1-1) release; urgency=medium + + * containerd 1.2.1 release + + -- Andrew Hsu Thu, 06 Dec 2018 00:50:40 +0000 + containerd.io (1.2.1~rc.0.1) release; urgency=medium * containerd 1.2.1-rc.0 release diff --git a/pkg/containerd/rpm/containerd.spec b/pkg/containerd/rpm/containerd.spec index 7b4f543e..a628fe3d 100644 --- a/pkg/containerd/rpm/containerd.spec +++ b/pkg/containerd/rpm/containerd.spec @@ -141,6 +141,9 @@ install -p -m 644 man/*.5 $RPM_BUILD_ROOT/%{_mandir}/man5 %changelog +* Thu Dec 06 2018 Andrew Hsu - 1.2.1-3.1 +- containerd 1.2.1 release + * Tue Nov 27 2018 Sebastiaan van Stijn - v1.2.1-2.0.rc.0.1 - containerd 1.2.1-rc.0 release - update runc to 10d38b660a77168360df3522881e2dc2be5056bd From dcd74d02a1ee5377ae1b0017bfc7414b197447de Mon Sep 17 00:00:00 2001 From: Andrew Hsu Date: Thu, 6 Dec 2018 04:11:43 +0000 Subject: [PATCH 047/128] update runc to 96ec217 Signed-off-by: Andrew Hsu --- pkg/containerd/deb/changelog | 1 + pkg/containerd/rpm/containerd.spec | 1 + 2 files changed, 2 insertions(+) diff --git a/pkg/containerd/deb/changelog b/pkg/containerd/deb/changelog index 36c7241c..a72f6add 100644 --- a/pkg/containerd/deb/changelog +++ b/pkg/containerd/deb/changelog @@ -1,6 +1,7 @@ containerd.io (1.2.1-1) release; urgency=medium * containerd 1.2.1 release + * update runc to 96ec2177ae841256168fcf76954f7177af9446eb -- Andrew Hsu Thu, 06 Dec 2018 00:50:40 +0000 diff --git a/pkg/containerd/rpm/containerd.spec b/pkg/containerd/rpm/containerd.spec index a628fe3d..691335cb 100644 --- a/pkg/containerd/rpm/containerd.spec +++ b/pkg/containerd/rpm/containerd.spec @@ -143,6 +143,7 @@ install -p -m 644 man/*.5 $RPM_BUILD_ROOT/%{_mandir}/man5 %changelog * Thu Dec 06 2018 Andrew Hsu - 1.2.1-3.1 - containerd 1.2.1 release +- update runc to 96ec2177ae841256168fcf76954f7177af9446eb * Tue Nov 27 2018 Sebastiaan van Stijn - v1.2.1-2.0.rc.0.1 - containerd 1.2.1-rc.0 release From 0199f94141f682df4fee4d77bd8c2d10f069b995 Mon Sep 17 00:00:00 2001 From: Andrew Hsu Date: Tue, 8 Jan 2019 00:45:06 +0000 Subject: [PATCH 048/128] bump ver for containerd 1.2.2 rel Signed-off-by: Andrew Hsu --- pkg/containerd/deb/changelog | 6 ++++++ pkg/containerd/rpm/containerd.spec | 3 +++ 2 files changed, 9 insertions(+) diff --git a/pkg/containerd/deb/changelog b/pkg/containerd/deb/changelog index a72f6add..c1f53135 100644 --- a/pkg/containerd/deb/changelog +++ b/pkg/containerd/deb/changelog @@ -1,3 +1,9 @@ +containerd.io (1.2.2-1) release; urgency=medium + + * containerd 1.2.2 release + + -- Andrew Hsu Tue, 08 Jan 2019 00:43:52 +0000 + containerd.io (1.2.1-1) release; urgency=medium * containerd 1.2.1 release diff --git a/pkg/containerd/rpm/containerd.spec b/pkg/containerd/rpm/containerd.spec index 691335cb..9065f3d1 100644 --- a/pkg/containerd/rpm/containerd.spec +++ b/pkg/containerd/rpm/containerd.spec @@ -141,6 +141,9 @@ install -p -m 644 man/*.5 $RPM_BUILD_ROOT/%{_mandir}/man5 %changelog +* Tue Jan 08 2019 Andrew Hsu - 1.2.2-3.1 +- containerd 1.2.2 release + * Thu Dec 06 2018 Andrew Hsu - 1.2.1-3.1 - containerd 1.2.1 release - update runc to 96ec2177ae841256168fcf76954f7177af9446eb From 02e72ebf0d539fbeeb441615da61684134603eca Mon Sep 17 00:00:00 2001 From: Eli Uriegas Date: Fri, 18 Jan 2019 00:13:45 +0000 Subject: [PATCH 049/128] Bump to package version 1.2.2-2 Signed-off-by: Eli Uriegas --- pkg/containerd/deb/changelog | 6 ++++++ pkg/containerd/rpm/containerd.spec | 3 +++ 2 files changed, 9 insertions(+) diff --git a/pkg/containerd/deb/changelog b/pkg/containerd/deb/changelog index c1f53135..1b1a1c9c 100644 --- a/pkg/containerd/deb/changelog +++ b/pkg/containerd/deb/changelog @@ -1,3 +1,9 @@ +containerd.io (1.2.2-2) release; urgency=medium + + * update runc to f7491ef134a6c41f3a99b0b539835d2472d17012 + + -- Eli Uriegas Fri, 18 Jan 2019 00:12:35 +0000 + containerd.io (1.2.2-1) release; urgency=medium * containerd 1.2.2 release diff --git a/pkg/containerd/rpm/containerd.spec b/pkg/containerd/rpm/containerd.spec index 9065f3d1..eb305a5f 100644 --- a/pkg/containerd/rpm/containerd.spec +++ b/pkg/containerd/rpm/containerd.spec @@ -141,6 +141,9 @@ install -p -m 644 man/*.5 $RPM_BUILD_ROOT/%{_mandir}/man5 %changelog +* Fri Jan 18 2019 Eli Uriegas - 1.2.2-3.2 +- update runc to f7491ef134a6c41f3a99b0b539835d2472d17012 + * Tue Jan 08 2019 Andrew Hsu - 1.2.2-3.1 - containerd 1.2.2 release From 01930df4c3b76dc5ac6f2177155f57eba3167ac5 Mon Sep 17 00:00:00 2001 From: Eli Uriegas Date: Thu, 31 Jan 2019 22:31:07 +0000 Subject: [PATCH 050/128] Bump containerd.io version to 1.2.2-3 Signed-off-by: Eli Uriegas --- pkg/containerd/deb/changelog | 7 +++++++ pkg/containerd/rpm/containerd.spec | 4 ++++ 2 files changed, 11 insertions(+) diff --git a/pkg/containerd/deb/changelog b/pkg/containerd/deb/changelog index 1b1a1c9c..4361473a 100644 --- a/pkg/containerd/deb/changelog +++ b/pkg/containerd/deb/changelog @@ -1,3 +1,10 @@ +containerd.io (1.2.2-3) release; urgency=high + + * [runc -> 09c8266] nsenter: clone /proc/self/exe to avoid exposing + host binary to container (CVE-2019-5736) + + -- Eli Uriegas Thu, 31 Jan 2019 22:30:30 +0000 + containerd.io (1.2.2-2) release; urgency=medium * update runc to f7491ef134a6c41f3a99b0b539835d2472d17012 diff --git a/pkg/containerd/rpm/containerd.spec b/pkg/containerd/rpm/containerd.spec index eb305a5f..b5badd46 100644 --- a/pkg/containerd/rpm/containerd.spec +++ b/pkg/containerd/rpm/containerd.spec @@ -141,6 +141,10 @@ install -p -m 644 man/*.5 $RPM_BUILD_ROOT/%{_mandir}/man5 %changelog +* Thu Jan 31 2019 Eli Uriegas - 1.2.2-3.3 +- [runc -> 09c8266] nsenter: clone /proc/self/exe to avoid exposing + host binary to container (CVE-2019-5736) + * Fri Jan 18 2019 Eli Uriegas - 1.2.2-3.2 - update runc to f7491ef134a6c41f3a99b0b539835d2472d17012 From 1fbd3cb3874f5b2eeef77eac34037a63cadfe790 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Fri, 15 Feb 2019 01:59:21 +0100 Subject: [PATCH 051/128] Release containerd 1.2.4 Signed-off-by: Sebastiaan van Stijn --- pkg/containerd/deb/changelog | 7 +++++++ pkg/containerd/rpm/containerd.spec | 4 ++++ 2 files changed, 11 insertions(+) diff --git a/pkg/containerd/deb/changelog b/pkg/containerd/deb/changelog index 4361473a..09793492 100644 --- a/pkg/containerd/deb/changelog +++ b/pkg/containerd/deb/changelog @@ -1,3 +1,10 @@ +containerd.io (1.2.4-1) release; urgency=medium + + * containerd 1.2.4 release + * update runc to 6635b4f0c6af3810594d2770f662f34ddc15b40d + + -- Sebastiaan van Stijn Fri, 15 Feb 2019 00:56:08 +0000 + containerd.io (1.2.2-3) release; urgency=high * [runc -> 09c8266] nsenter: clone /proc/self/exe to avoid exposing diff --git a/pkg/containerd/rpm/containerd.spec b/pkg/containerd/rpm/containerd.spec index b5badd46..4a7ed456 100644 --- a/pkg/containerd/rpm/containerd.spec +++ b/pkg/containerd/rpm/containerd.spec @@ -141,6 +141,10 @@ install -p -m 644 man/*.5 $RPM_BUILD_ROOT/%{_mandir}/man5 %changelog +* Fri Feb 15 2019 Sebastiaan van Stijn - 1.2.4-3.1 +- containerd 1.2.4 release +- update runc to 6635b4f0c6af3810594d2770f662f34ddc15b40d + * Thu Jan 31 2019 Eli Uriegas - 1.2.2-3.3 - [runc -> 09c8266] nsenter: clone /proc/self/exe to avoid exposing host binary to container (CVE-2019-5736) From b45f6cfe4f5264d950535d4478bbcf079b2711e8 Mon Sep 17 00:00:00 2001 From: Dave Tucker Date: Sun, 3 Mar 2019 18:39:54 +0000 Subject: [PATCH 052/128] RHEL 8 Support This commit adds the necessary Makefile/Dockerfile changes to support packaging on RHEL 8. Notably BTRFS is disabled for containerd builds on this OS as the btrfs-progs package is not available during the beta. It may also not be available at GA. Signed-off-by: Dave Tucker Signed-off-by: Eli Uriegas --- pkg/containerd/rpm/containerd.spec | 3 +++ 1 file changed, 3 insertions(+) diff --git a/pkg/containerd/rpm/containerd.spec b/pkg/containerd/rpm/containerd.spec index 4a7ed456..e91b33b8 100644 --- a/pkg/containerd/rpm/containerd.spec +++ b/pkg/containerd/rpm/containerd.spec @@ -54,11 +54,14 @@ BuildRequires: gcc BuildRequires: systemd BuildRequires: libseccomp-devel +# Should only return true if `el8` (rhel8) is NOT defined +%if 0%{!?el8:1} %if 0%{?suse_version} BuildRequires: libbtrfs-devel %else BuildRequires: btrfs-progs-devel %endif +%endif %{?systemd_requires} From e06920958c425c76e64337c2d69a41f27b15a3ab Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Thu, 14 Mar 2019 10:27:03 +0100 Subject: [PATCH 053/128] Release containerd 1.2.5 - containerd 1.2.5 release - update runc to 2b18fe1d885ee5083ef9f0838fee39b62d653e30 - build with Go 1.11.5 Signed-off-by: Sebastiaan van Stijn --- pkg/containerd/deb/changelog | 8 ++++++++ pkg/containerd/rpm/containerd.spec | 5 +++++ 2 files changed, 13 insertions(+) diff --git a/pkg/containerd/deb/changelog b/pkg/containerd/deb/changelog index 09793492..e8089d5c 100644 --- a/pkg/containerd/deb/changelog +++ b/pkg/containerd/deb/changelog @@ -1,3 +1,11 @@ +containerd.io (1.2.5-1) release; urgency=medium + + * containerd 1.2.5 release + * update runc to 2b18fe1d885ee5083ef9f0838fee39b62d653e30 + * build with Go 1.11.5 + + -- Sebastiaan van Stijn Thu, 14 Mar 2019 09:23:34 +0000 + containerd.io (1.2.4-1) release; urgency=medium * containerd 1.2.4 release diff --git a/pkg/containerd/rpm/containerd.spec b/pkg/containerd/rpm/containerd.spec index e91b33b8..35003e7c 100644 --- a/pkg/containerd/rpm/containerd.spec +++ b/pkg/containerd/rpm/containerd.spec @@ -144,6 +144,11 @@ install -p -m 644 man/*.5 $RPM_BUILD_ROOT/%{_mandir}/man5 %changelog +* Thu Mar 14 2019 Sebastiaan van Stijn - 1.2.5-3.1 +- containerd 1.2.5 release +- update runc to 2b18fe1d885ee5083ef9f0838fee39b62d653e30 +- build with Go 1.11.5 + * Fri Feb 15 2019 Sebastiaan van Stijn - 1.2.4-3.1 - containerd 1.2.4 release - update runc to 6635b4f0c6af3810594d2770f662f34ddc15b40d From c2a12262d391d6a32e4c06cd878b09982e1527f0 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Tue, 9 Apr 2019 21:16:18 +0200 Subject: [PATCH 054/128] Release containerd 1.2.6 - containerd 1.2.6 release - update runc to 029124da7af7360afa781a0234d1b083550f797c - build with Go 1.11.8 containerd changelog: https://github.com/containerd/containerd/releases/tag/v1.2.6 Signed-off-by: Sebastiaan van Stijn --- pkg/containerd/deb/changelog | 8 ++++++++ pkg/containerd/rpm/containerd.spec | 7 ++++++- 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/pkg/containerd/deb/changelog b/pkg/containerd/deb/changelog index e8089d5c..78dd4215 100644 --- a/pkg/containerd/deb/changelog +++ b/pkg/containerd/deb/changelog @@ -1,3 +1,11 @@ +containerd.io (1.2.6-1) release; urgency=medium + + * containerd 1.2.6 release + * update runc to 029124da7af7360afa781a0234d1b083550f797c + * build with Go 1.11.8 + + -- Sebastiaan van Stijn Wed, 9 Apr 2019 19:19:23 +0000 + containerd.io (1.2.5-1) release; urgency=medium * containerd 1.2.5 release diff --git a/pkg/containerd/rpm/containerd.spec b/pkg/containerd/rpm/containerd.spec index 35003e7c..05fbb5f2 100644 --- a/pkg/containerd/rpm/containerd.spec +++ b/pkg/containerd/rpm/containerd.spec @@ -144,6 +144,11 @@ install -p -m 644 man/*.5 $RPM_BUILD_ROOT/%{_mandir}/man5 %changelog +* Tue Apr 09 2019 Sebastiaan van Stijn - 1.2.6-3.1 +- containerd 1.2.6 release +- update runc to 029124da7af7360afa781a0234d1b083550f797c +- build with Go 1.11.8 + * Thu Mar 14 2019 Sebastiaan van Stijn - 1.2.5-3.1 - containerd 1.2.5 release - update runc to 2b18fe1d885ee5083ef9f0838fee39b62d653e30 @@ -167,7 +172,7 @@ install -p -m 644 man/*.5 $RPM_BUILD_ROOT/%{_mandir}/man5 - containerd 1.2.1 release - update runc to 96ec2177ae841256168fcf76954f7177af9446eb -* Tue Nov 27 2018 Sebastiaan van Stijn - v1.2.1-2.0.rc.0.1 +* Tue Nov 27 2018 Sebastiaan van Stijn - 1.2.1-2.0.rc.0.1 - containerd 1.2.1-rc.0 release - update runc to 10d38b660a77168360df3522881e2dc2be5056bd From b312f4fd1dfefa0e5df117de0cbc6ae31b13ed44 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Thu, 14 Mar 2019 12:22:48 +0100 Subject: [PATCH 055/128] Set packagename to containerd.io in version, and make it configurable The default is containerd.io make deb containerd --version containerd containerd.io 20190314.103813~b858cfb4 b858cfb41b4f49d93990380faed2af5dd9269ffe But can be overridden using the PACKAGE variable: make PACKAGE=containerd.dev deb containerd --version containerd containerd.dev 20190314.103813~b858cfb4 b858cfb41b4f49d93990380faed2af5dd9269ffe Signed-off-by: Sebastiaan van Stijn --- pkg/containerd/deb/rules | 6 +++--- pkg/containerd/rpm/containerd.spec | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/pkg/containerd/deb/rules b/pkg/containerd/deb/rules index 2ec53999..86b4d5e6 100755 --- a/pkg/containerd/deb/rules +++ b/pkg/containerd/deb/rules @@ -6,11 +6,11 @@ CONTAINERD_BINARIES=bin/containerd bin/containerd-shim bin/ctr %: dh $@ --with systemd -# GO_SRC_PATH are defined in the dockerfile +# GO_SRC_PATH and PACKAGE are defined in the dockerfile # VERSION and REF are defined in scripts/build-deb bin/%: ## Create containerd binaries - @echo "+ make -C $(GO_SRC_PATH) --no-print-directory VERSION=$${VERSION} REVISION=$${REF} $@" - @make -C $(GO_SRC_PATH) --no-print-directory VERSION=$${VERSION} REVISION=$${REF} $@ + @echo "+ make -C $(GO_SRC_PATH) --no-print-directory VERSION=$${VERSION} REVISION=$${REF} PACKAGE=$${PACKAGE} $@" + @make -C $(GO_SRC_PATH) --no-print-directory VERSION=$${VERSION} REVISION=$${REF} PACKAGE=$${PACKAGE} $@ mkdir -p $(@D) mv -v $(GO_SRC_PATH)/$@ $@ diff --git a/pkg/containerd/rpm/containerd.spec b/pkg/containerd/rpm/containerd.spec index 05fbb5f2..583712d8 100644 --- a/pkg/containerd/rpm/containerd.spec +++ b/pkg/containerd/rpm/containerd.spec @@ -89,7 +89,7 @@ cd %{_topdir}/BUILD make man pushd /go/src/%{import_path} -%define make_containerd(o:) make VERSION=%{getenv:VERSION} REVISION=%{getenv:REF} %{?**}; +%define make_containerd(o:) make VERSION=%{getenv:VERSION} REVISION=%{getenv:REF} PACKAGE=%{getenv:PACKAGE} %{?**}; %make_containerd bin/containerd /go/src/%{import_path}/bin/containerd --version %make_containerd bin/containerd-shim From 9fb701ab267f66832506c51d5495b1a81e290ce9 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Thu, 25 Apr 2019 18:02:54 -0700 Subject: [PATCH 056/128] Release containerd 1.2.6-2 Signed-off-by: Sebastiaan van Stijn --- pkg/containerd/deb/changelog | 6 ++++++ pkg/containerd/rpm/containerd.spec | 3 +++ 2 files changed, 9 insertions(+) diff --git a/pkg/containerd/deb/changelog b/pkg/containerd/deb/changelog index 78dd4215..a2e50fbb 100644 --- a/pkg/containerd/deb/changelog +++ b/pkg/containerd/deb/changelog @@ -1,3 +1,9 @@ +containerd.io (1.2.6-2) release; urgency=medium + + * update runc to v1.0.0-rc8 + + -- Sebastiaan van Stijn Fri, 26 Apr 2019 00:59:05 +0000 + containerd.io (1.2.6-1) release; urgency=medium * containerd 1.2.6 release diff --git a/pkg/containerd/rpm/containerd.spec b/pkg/containerd/rpm/containerd.spec index 583712d8..02d65195 100644 --- a/pkg/containerd/rpm/containerd.spec +++ b/pkg/containerd/rpm/containerd.spec @@ -144,6 +144,9 @@ install -p -m 644 man/*.5 $RPM_BUILD_ROOT/%{_mandir}/man5 %changelog +* Fri Apr 26 2019 Sebastiaan van Stijn - 1.2.6-3.2 +- update runc to v1.0.0-rc8 + * Tue Apr 09 2019 Sebastiaan van Stijn - 1.2.6-3.1 - containerd 1.2.6 release - update runc to 029124da7af7360afa781a0234d1b083550f797c From 4c09fbafa23f909062813e7cb908faebb2316fcd Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 11 Jun 2019 16:08:58 -0700 Subject: [PATCH 057/128] rpm/containerd.spec: move runc to /usr/bin This is so that its location is in line with container-selinux 2.74 which knows about /usr/bin/runc but does not know about /usr/sbin/runc. Currently, Oracle Linux 7 only has container-selinux 2.74, this is the primary reason for this. The secondary reason is Red Hat puts runc in /usr/bin. Signed-off-by: Kir Kolyshkin --- pkg/containerd/rpm/containerd.spec | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/pkg/containerd/rpm/containerd.spec b/pkg/containerd/rpm/containerd.spec index 02d65195..d4b24b8e 100644 --- a/pkg/containerd/rpm/containerd.spec +++ b/pkg/containerd/rpm/containerd.spec @@ -109,7 +109,7 @@ install -D -m 0755 bin/containerd-shim %{buildroot}%{_bindir}/containerd-shim install -D -m 0755 bin/ctr %{buildroot}%{_bindir}/ctr install -D -m 0644 %{S:1} %{buildroot}%{_unitdir}/containerd.service install -D -m 0644 %{S:2} %{buildroot}%{_sysconfdir}/containerd/config.toml -install -D -m 0755 /go/src/github.com/opencontainers/runc/runc %{buildroot}%{_sbindir}/runc +install -D -m 0755 /go/src/github.com/opencontainers/runc/runc %{buildroot}%{_bindir}/runc # install manpages install -d %{buildroot}%{_mandir}/man1 @@ -135,7 +135,7 @@ install -p -m 644 man/*.5 $RPM_BUILD_ROOT/%{_mandir}/man5 %{_bindir}/containerd %{_bindir}/containerd-shim %{?with_ctr:%{_bindir}/ctr} -%{_sbindir}/runc +%{_bindir}/runc %{_unitdir}/containerd.service %{_sysconfdir}/containerd /%{_mandir}/man1/* @@ -144,6 +144,9 @@ install -p -m 644 man/*.5 $RPM_BUILD_ROOT/%{_mandir}/man5 %changelog +* Tue Jul 11 2019 Kir Kolyshkin - 1.2.6-3.3 +- move runc binary to %_bindir + * Fri Apr 26 2019 Sebastiaan van Stijn - 1.2.6-3.2 - update runc to v1.0.0-rc8 From 7a533d90cedd8c2fdcf27f9843b510f84af7566c Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 11 Jun 2019 17:12:35 -0700 Subject: [PATCH 058/128] rpm/containerd.spec: add req for container-selinux This is needed so the files being installed have proper selinux context. Without it, with SELinux enabled, there will be various failures to start a container (as binaries, as well as running processes, lack the required context). Signed-off-by: Kir Kolyshkin --- pkg/containerd/rpm/containerd.spec | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pkg/containerd/rpm/containerd.spec b/pkg/containerd/rpm/containerd.spec index d4b24b8e..f5bcc401 100644 --- a/pkg/containerd/rpm/containerd.spec +++ b/pkg/containerd/rpm/containerd.spec @@ -49,6 +49,7 @@ Source0: containerd Source1: containerd.service Source2: containerd.toml Source3: runc +Requires: container-selinux >= 2.74 BuildRequires: make BuildRequires: gcc BuildRequires: systemd @@ -145,6 +146,7 @@ install -p -m 644 man/*.5 $RPM_BUILD_ROOT/%{_mandir}/man5 %changelog * Tue Jul 11 2019 Kir Kolyshkin - 1.2.6-3.3 +- add requirement for container-selinux - move runc binary to %_bindir * Fri Apr 26 2019 Sebastiaan van Stijn - 1.2.6-3.2 From 282a4c263abe9348a407cecdf1026829ddbfe20e Mon Sep 17 00:00:00 2001 From: Kirill Kolyshkin Date: Tue, 11 Jun 2019 16:27:56 -0700 Subject: [PATCH 059/128] rpm/containerd.spec: workarounds for suse and amazon Co-Authored-By: Eli Uriegas --- pkg/containerd/rpm/containerd.spec | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/pkg/containerd/rpm/containerd.spec b/pkg/containerd/rpm/containerd.spec index f5bcc401..3e74fbf8 100644 --- a/pkg/containerd/rpm/containerd.spec +++ b/pkg/containerd/rpm/containerd.spec @@ -49,7 +49,13 @@ Source0: containerd Source1: containerd.service Source2: containerd.toml Source3: runc -Requires: container-selinux >= 2.74 +# container-selinux isn't a thing in suse flavors +%if %{undefined suse_version} +# amazonlinux2 doesn't have container-selinux either +%if "%{?dist}" != ".amzn2" +Requires: container-selinux >= 2:2.74 +%endif +%endif BuildRequires: make BuildRequires: gcc BuildRequires: systemd From c0c1a7f01d23e7a1cbd5ac00b17ef55085916068 Mon Sep 17 00:00:00 2001 From: Eli Uriegas Date: Wed, 12 Jun 2019 23:05:22 +0000 Subject: [PATCH 060/128] debian: move runc from sbin to bin Signed-off-by: Eli Uriegas --- pkg/containerd/deb/changelog | 6 ++++++ pkg/containerd/deb/rules | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/pkg/containerd/deb/changelog b/pkg/containerd/deb/changelog index a2e50fbb..02e0e378 100644 --- a/pkg/containerd/deb/changelog +++ b/pkg/containerd/deb/changelog @@ -1,3 +1,9 @@ +containerd.io (1.2.6-3) release; urgency=medium + + * move runc from /usr/sbin to /usr/bin + + -- Eli Uriegas Wed, 12 Jun 2019 19:42:39 +0000 + containerd.io (1.2.6-2) release; urgency=medium * update runc to v1.0.0-rc8 diff --git a/pkg/containerd/deb/rules b/pkg/containerd/deb/rules index 86b4d5e6..4d0787ef 100755 --- a/pkg/containerd/deb/rules +++ b/pkg/containerd/deb/rules @@ -25,6 +25,6 @@ override_dh_auto_install: $(CONTAINERD_BINARIES) bin/runc dest=$$(basename $$binary); \ (set -x; install -D -m 0755 $$binary $(INSTALL_DIR)/usr/bin/$$dest); \ done - install -D -m 0755 bin/runc $(INSTALL_DIR)/usr/sbin/runc + install -D -m 0755 bin/runc $(INSTALL_DIR)/usr/bin/runc install -D -m 0644 /root/common/containerd.service $(INSTALL_DIR)/lib/systemd/system/containerd.service install -D -m 0644 /root/common/containerd.toml $(INSTALL_DIR)/etc/containerd/config.toml From 2b91d10ce8684e3c367576bef3d7c24f13440797 Mon Sep 17 00:00:00 2001 From: Eli Uriegas Date: Tue, 8 Jan 2019 19:59:29 +0000 Subject: [PATCH 061/128] Refactor to be image based, see description Changes the build process to be based on images instead of relying on separate dockerfiles, simplifies maintenance to be just image based, still need a good solution for windows though Signed-off-by: Eli Uriegas --- pkg/containerd/deb/control | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/containerd/deb/control b/pkg/containerd/deb/control index a7788de7..0b0a60f7 100644 --- a/pkg/containerd/deb/control +++ b/pkg/containerd/deb/control @@ -2,7 +2,7 @@ Source: containerd.io Section: devel Priority: optional Maintainer: Containerd team -Build-Depends: btrfs-tools, +Build-Depends: libbtrfs-dev | btrfs-tools , debhelper, dh-systemd, pkg-config, From 1b17cc11d5b4513ee1619e65f03f809de7f4742d Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Wed, 10 Jul 2019 13:59:57 +0200 Subject: [PATCH 062/128] rpm/containerd.spec: Fix changelog date being one month off Signed-off-by: Sebastiaan van Stijn --- pkg/containerd/rpm/containerd.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/containerd/rpm/containerd.spec b/pkg/containerd/rpm/containerd.spec index 3e74fbf8..3bdd55fd 100644 --- a/pkg/containerd/rpm/containerd.spec +++ b/pkg/containerd/rpm/containerd.spec @@ -151,7 +151,7 @@ install -p -m 644 man/*.5 $RPM_BUILD_ROOT/%{_mandir}/man5 %changelog -* Tue Jul 11 2019 Kir Kolyshkin - 1.2.6-3.3 +* Tue Jun 11 2019 Kir Kolyshkin - 1.2.6-3.3 - add requirement for container-selinux - move runc binary to %_bindir From 177fb32f53848fb5b9ba6d1aba370c48898bb0b2 Mon Sep 17 00:00:00 2001 From: Eli Uriegas Date: Tue, 13 Aug 2019 20:32:42 +0000 Subject: [PATCH 063/128] rpm: Do not provides runc on rhel 8 Signed-off-by: Eli Uriegas --- pkg/containerd/rpm/containerd.spec | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/pkg/containerd/rpm/containerd.spec b/pkg/containerd/rpm/containerd.spec index 3bdd55fd..2d0e271b 100644 --- a/pkg/containerd/rpm/containerd.spec +++ b/pkg/containerd/rpm/containerd.spec @@ -30,7 +30,10 @@ AutoReq: no Name: containerd.io Provides: containerd +# For some reason on rhel 8 if we "provide" runc then it makes this package unsearchable +%if 0%{!?el8:1} Provides: runc +%endif # Obsolete packages Obsoletes: containerd @@ -151,6 +154,9 @@ install -p -m 644 man/*.5 $RPM_BUILD_ROOT/%{_mandir}/man5 %changelog +* Tue Aug 13 2019 Eli Uriegas - 1.2.6-3.4 +- Do not "Provides: runc" for RHEL 8 + * Tue Jun 11 2019 Kir Kolyshkin - 1.2.6-3.3 - add requirement for container-selinux - move runc binary to %_bindir From 9c2a22a5f874c5c84e8fc2d7b154683b9ed15cad Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Mon, 27 May 2019 23:41:31 +0300 Subject: [PATCH 064/128] Bump golang 1.11.13 (CVE-2019-9512, CVE-2019-9514) go1.11.13 (released 2019/08/13) includes security fixes to the net/http and net/url packages. See the Go 1.11.13 milestone on our issue tracker for details: https://github.com/golang/go/issues?q=milestone%3AGo1.11.13 - net/http: Denial of Service vulnerabilities in the HTTP/2 implementation net/http and golang.org/x/net/http2 servers that accept direct connections from untrusted clients could be remotely made to allocate an unlimited amount of memory, until the program crashes. Servers will now close connections if the send queue accumulates too many control messages. The issues are CVE-2019-9512 and CVE-2019-9514, and Go issue golang.org/issue/33606. Thanks to Jonathan Looney from Netflix for discovering and reporting these issues. This is also fixed in version v0.0.0-20190813141303-74dc4d7220e7 of golang.org/x/net/http2. net/url: parsing validation issue - url.Parse would accept URLs with malformed hosts, such that the Host field could have arbitrary suffixes that would appear in neither Hostname() nor Port(), allowing authorization bypasses in certain applications. Note that URLs with invalid, not numeric ports will now return an error from url.Parse. The issue is CVE-2019-14809 and Go issue golang.org/issue/29098. Thanks to Julian Hector and Nikolai Krein from Cure53, and Adi Cohen (adico.me) for discovering and reporting this issue. Signed-off-by: Sebastiaan van Stijn --- pkg/containerd/deb/changelog | 6 ++++++ pkg/containerd/rpm/containerd.spec | 3 +++ 2 files changed, 9 insertions(+) diff --git a/pkg/containerd/deb/changelog b/pkg/containerd/deb/changelog index 02e0e378..7de58489 100644 --- a/pkg/containerd/deb/changelog +++ b/pkg/containerd/deb/changelog @@ -1,3 +1,9 @@ +containerd.io (1.2.6-4) release; urgency=high + + * build with Go 1.11.13 (CVE-2019-9512, CVE-2019-9514) + + -- Sebastiaan van Stijn Thu, 15 Aug 2019 21:02:17 +0000 + containerd.io (1.2.6-3) release; urgency=medium * move runc from /usr/sbin to /usr/bin diff --git a/pkg/containerd/rpm/containerd.spec b/pkg/containerd/rpm/containerd.spec index 2d0e271b..608b88e5 100644 --- a/pkg/containerd/rpm/containerd.spec +++ b/pkg/containerd/rpm/containerd.spec @@ -154,6 +154,9 @@ install -p -m 644 man/*.5 $RPM_BUILD_ROOT/%{_mandir}/man5 %changelog +* Thu Aug 15 2019 Sebastiaan van Stijn - 1.2.6-3.5 +- build with Go 1.11.13 (CVE-2019-9512, CVE-2019-9514) + * Tue Aug 13 2019 Eli Uriegas - 1.2.6-3.4 - Do not "Provides: runc" for RHEL 8 From 5012bfce2e611967698c93149bbb106ddf853ae0 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Fri, 14 Jun 2019 16:54:25 +0200 Subject: [PATCH 065/128] Release containerd 1.2.8 - containerd 1.2.8 release - build with Go 1.12.9 containerd changelog: https://github.com/containerd/containerd/releases/tag/v1.2.8 Signed-off-by: Sebastiaan van Stijn --- pkg/containerd/deb/changelog | 7 +++++++ pkg/containerd/rpm/containerd.spec | 4 ++++ 2 files changed, 11 insertions(+) diff --git a/pkg/containerd/deb/changelog b/pkg/containerd/deb/changelog index 7de58489..1fe95afe 100644 --- a/pkg/containerd/deb/changelog +++ b/pkg/containerd/deb/changelog @@ -1,3 +1,10 @@ +containerd.io (1.2.8-1) release; urgency=medium + + * containerd 1.2.8 release + * build with Go 1.12.9 + + -- Sebastiaan van Stijn Mon, 27 Aug 2019 22:40:56 +0000 + containerd.io (1.2.6-4) release; urgency=high * build with Go 1.11.13 (CVE-2019-9512, CVE-2019-9514) diff --git a/pkg/containerd/rpm/containerd.spec b/pkg/containerd/rpm/containerd.spec index 608b88e5..f773ff29 100644 --- a/pkg/containerd/rpm/containerd.spec +++ b/pkg/containerd/rpm/containerd.spec @@ -154,6 +154,10 @@ install -p -m 644 man/*.5 $RPM_BUILD_ROOT/%{_mandir}/man5 %changelog +* Mon Aug 27 2019 Sebastiaan van Stijn - 1.2.8-3.1 +- containerd 1.2.8 release +- build with Go 1.12.9 + * Thu Aug 15 2019 Sebastiaan van Stijn - 1.2.6-3.5 - build with Go 1.11.13 (CVE-2019-9512, CVE-2019-9514) From c88095ab23ad273774ebac99573ee4a90061280b Mon Sep 17 00:00:00 2001 From: Eli Uriegas Date: Fri, 6 Sep 2019 20:05:42 +0000 Subject: [PATCH 066/128] bump changelogs for containerd 1.2.9 Signed-off-by: Eli Uriegas --- pkg/containerd/deb/changelog | 8 ++++++++ pkg/containerd/rpm/containerd.spec | 6 +++++- 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/pkg/containerd/deb/changelog b/pkg/containerd/deb/changelog index 1fe95afe..71ed5d25 100644 --- a/pkg/containerd/deb/changelog +++ b/pkg/containerd/deb/changelog @@ -1,3 +1,11 @@ +containerd.io (1.2.9-1) release; urgency=high + + * containerd 1.2.9 release + * Addresses CVE-2019-9512 (Ping Flood), CVE-2019-9514 (Reset Flood), and + CVE-2019-9515 (Settings Flood). + + -- Eli Uriegas Fri, 06 Sep 2019 20:04:44 +0000 + containerd.io (1.2.8-1) release; urgency=medium * containerd 1.2.8 release diff --git a/pkg/containerd/rpm/containerd.spec b/pkg/containerd/rpm/containerd.spec index f773ff29..d599c76b 100644 --- a/pkg/containerd/rpm/containerd.spec +++ b/pkg/containerd/rpm/containerd.spec @@ -154,7 +154,11 @@ install -p -m 644 man/*.5 $RPM_BUILD_ROOT/%{_mandir}/man5 %changelog -* Mon Aug 27 2019 Sebastiaan van Stijn - 1.2.8-3.1 +* Fri Sep 06 2019 Eli Uriegas - 1.2.9-3.1 +- containerd 1.2.9 release +- Addresses CVE-2019-9512 (Ping Flood), CVE-2019-9514 (Reset Flood), and CVE-2019-9515 (Settings Flood). + +* Mon Aug 27 2019 Sebastiaan van Stijn - 1.2.8-3.1 - containerd 1.2.8 release - build with Go 1.12.9 From 4920a431d0c0c4745703a86838e3bb4e55459904 Mon Sep 17 00:00:00 2001 From: Eli Uriegas Date: Thu, 26 Sep 2019 21:00:49 +0000 Subject: [PATCH 067/128] bump version to 1.2.10-1 Signed-off-by: Eli Uriegas --- pkg/containerd/deb/changelog | 8 ++++++++ pkg/containerd/rpm/containerd.spec | 5 +++++ 2 files changed, 13 insertions(+) diff --git a/pkg/containerd/deb/changelog b/pkg/containerd/deb/changelog index 71ed5d25..5032b76f 100644 --- a/pkg/containerd/deb/changelog +++ b/pkg/containerd/deb/changelog @@ -1,3 +1,11 @@ +containerd.io (1.2.10-1) release; urgency=high + + * containerd 1.2.10 release + * Bump runc to 3e425f80a8c931f88e6d94a8c831b9d5aa481657 (1.0.0-rc8 + CVE-2019-16884) + * Addresses CVE-2019-16884 (AppArmor bypass) + + -- Eli Uriegas Thu, 26 Sep 2019 20:58:57 +0000 + containerd.io (1.2.9-1) release; urgency=high * containerd 1.2.9 release diff --git a/pkg/containerd/rpm/containerd.spec b/pkg/containerd/rpm/containerd.spec index d599c76b..ecf1f767 100644 --- a/pkg/containerd/rpm/containerd.spec +++ b/pkg/containerd/rpm/containerd.spec @@ -154,6 +154,11 @@ install -p -m 644 man/*.5 $RPM_BUILD_ROOT/%{_mandir}/man5 %changelog +* Thu Sep 26 2019 Eli Uriegas - 1.2.10-3.1 +- containerd 1.2.10 release +- Addresses CVE-2019-16884 (AppArmor bypass) +- Bump runc to 3e425f80a8c931f88e6d94a8c831b9d5aa481657 (1.0.0-rc8 + CVE-2019-16884) + * Fri Sep 06 2019 Eli Uriegas - 1.2.9-3.1 - containerd 1.2.9 release - Addresses CVE-2019-9512 (Ping Flood), CVE-2019-9514 (Reset Flood), and CVE-2019-9515 (Settings Flood). From 4b7dd16206399b34221f0a307d4b4c6a6a03aa00 Mon Sep 17 00:00:00 2001 From: Eli Uriegas Date: Mon, 30 Sep 2019 19:34:17 +0000 Subject: [PATCH 068/128] bump to golang 1.12.10 Signed-off-by: Eli Uriegas --- pkg/containerd/deb/changelog | 1 + pkg/containerd/rpm/containerd.spec | 1 + 2 files changed, 2 insertions(+) diff --git a/pkg/containerd/deb/changelog b/pkg/containerd/deb/changelog index 5032b76f..53ff7aaa 100644 --- a/pkg/containerd/deb/changelog +++ b/pkg/containerd/deb/changelog @@ -3,6 +3,7 @@ containerd.io (1.2.10-1) release; urgency=high * containerd 1.2.10 release * Bump runc to 3e425f80a8c931f88e6d94a8c831b9d5aa481657 (1.0.0-rc8 + CVE-2019-16884) * Addresses CVE-2019-16884 (AppArmor bypass) + * build with Go 1.12.10 -- Eli Uriegas Thu, 26 Sep 2019 20:58:57 +0000 diff --git a/pkg/containerd/rpm/containerd.spec b/pkg/containerd/rpm/containerd.spec index ecf1f767..93b5ba56 100644 --- a/pkg/containerd/rpm/containerd.spec +++ b/pkg/containerd/rpm/containerd.spec @@ -158,6 +158,7 @@ install -p -m 644 man/*.5 $RPM_BUILD_ROOT/%{_mandir}/man5 - containerd 1.2.10 release - Addresses CVE-2019-16884 (AppArmor bypass) - Bump runc to 3e425f80a8c931f88e6d94a8c831b9d5aa481657 (1.0.0-rc8 + CVE-2019-16884) +- build with Go 1.12.10 * Fri Sep 06 2019 Eli Uriegas - 1.2.9-3.1 - containerd 1.2.9 release From f59500a4c7cec614526921242bd2691265d3ec2f Mon Sep 17 00:00:00 2001 From: Eli Uriegas Date: Mon, 7 Oct 2019 23:58:21 +0000 Subject: [PATCH 069/128] bump to containerd 1.2.10-2 Signed-off-by: Eli Uriegas --- pkg/containerd/deb/changelog | 7 ++++++- pkg/containerd/rpm/containerd.spec | 4 +++- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/pkg/containerd/deb/changelog b/pkg/containerd/deb/changelog index 53ff7aaa..019413d8 100644 --- a/pkg/containerd/deb/changelog +++ b/pkg/containerd/deb/changelog @@ -1,9 +1,14 @@ +containerd.io (1.2.10-2) release; urgency=high + + * build with Go 1.12.10 + + -- Eli Uriegas Mon, 07 Oct 2019 23:57:42 +0000 + containerd.io (1.2.10-1) release; urgency=high * containerd 1.2.10 release * Bump runc to 3e425f80a8c931f88e6d94a8c831b9d5aa481657 (1.0.0-rc8 + CVE-2019-16884) * Addresses CVE-2019-16884 (AppArmor bypass) - * build with Go 1.12.10 -- Eli Uriegas Thu, 26 Sep 2019 20:58:57 +0000 diff --git a/pkg/containerd/rpm/containerd.spec b/pkg/containerd/rpm/containerd.spec index 93b5ba56..30f274d3 100644 --- a/pkg/containerd/rpm/containerd.spec +++ b/pkg/containerd/rpm/containerd.spec @@ -154,11 +154,13 @@ install -p -m 644 man/*.5 $RPM_BUILD_ROOT/%{_mandir}/man5 %changelog +* Mon Oct 07 2019 Eli Uriegas - 1.2.10-3.2 +- build with Go 1.12.10 + * Thu Sep 26 2019 Eli Uriegas - 1.2.10-3.1 - containerd 1.2.10 release - Addresses CVE-2019-16884 (AppArmor bypass) - Bump runc to 3e425f80a8c931f88e6d94a8c831b9d5aa481657 (1.0.0-rc8 + CVE-2019-16884) -- build with Go 1.12.10 * Fri Sep 06 2019 Eli Uriegas - 1.2.9-3.1 - containerd 1.2.9 release From 1db70e974e111d94735daac91f4ed6dd40e3593a Mon Sep 17 00:00:00 2001 From: Andrew Hsu Date: Thu, 17 Oct 2019 01:10:39 +0000 Subject: [PATCH 070/128] deb pkgs: restart after upgrade Signed-off-by: Andrew Hsu --- pkg/containerd/deb/rules | 3 +++ 1 file changed, 3 insertions(+) diff --git a/pkg/containerd/deb/rules b/pkg/containerd/deb/rules index 4d0787ef..7cc25856 100755 --- a/pkg/containerd/deb/rules +++ b/pkg/containerd/deb/rules @@ -19,6 +19,9 @@ bin/runc: override_dh_auto_build: $(CONTAINERD_BINARIES) +override_dh_systemd_start: + dh_systemd_start --restart-after-upgrade + override_dh_auto_install: $(CONTAINERD_BINARIES) bin/runc # set -x so we can see what's being installed where for binary in $(CONTAINERD_BINARIES); do \ From ae3baaf3126b77fd403c8c298b08ab9aee606207 Mon Sep 17 00:00:00 2001 From: Eli Uriegas Date: Thu, 17 Oct 2019 02:48:01 +0000 Subject: [PATCH 071/128] deb: Bump to 1.2.10-3 Signed-off-by: Eli Uriegas --- pkg/containerd/deb/changelog | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/pkg/containerd/deb/changelog b/pkg/containerd/deb/changelog index 019413d8..e272f193 100644 --- a/pkg/containerd/deb/changelog +++ b/pkg/containerd/deb/changelog @@ -1,3 +1,11 @@ +containerd.io (1.2.10-3) release; urgency=medium + + * Added explicit --restart-after-upgrade to dh_systemd_start due to + containerd services failing to restart automatically after an + upgrade from 1.2.X -> 1.2.10 + + -- Eli Uriegas Thu, 17 Oct 2019 02:46:43 +0000 + containerd.io (1.2.10-2) release; urgency=high * build with Go 1.12.10 From 512a6bab3b05fd006de8d2a31c444cab8209546e Mon Sep 17 00:00:00 2001 From: Eli Uriegas Date: Thu, 17 Oct 2019 21:37:39 +0000 Subject: [PATCH 072/128] deb: Replace all instances of try-restart with restart For debian packages `try-restart` doesn't function as expected when the service has been stopped due to a package removal. Later versions of debhelper have replaced `try-restart` altogether with `restart` so this PR just helps older distrubtions do that as well. Signed-off-by: Eli Uriegas --- pkg/containerd/deb/rules | 1 + 1 file changed, 1 insertion(+) diff --git a/pkg/containerd/deb/rules b/pkg/containerd/deb/rules index 7cc25856..b250525e 100755 --- a/pkg/containerd/deb/rules +++ b/pkg/containerd/deb/rules @@ -21,6 +21,7 @@ override_dh_auto_build: $(CONTAINERD_BINARIES) override_dh_systemd_start: dh_systemd_start --restart-after-upgrade + sed -i 's/_dh_action=try-restart/_dh_action=restart/g' ./debian/containerd.io.postinst.debhelper override_dh_auto_install: $(CONTAINERD_BINARIES) bin/runc # set -x so we can see what's being installed where From c62d498ef1c3d665418c21c6b6d776549fd34060 Mon Sep 17 00:00:00 2001 From: Evan Hazlett Date: Thu, 9 Jan 2020 14:16:17 -0500 Subject: [PATCH 073/128] update to 1.12.11 Signed-off-by: Evan Hazlett --- pkg/containerd/deb/changelog | 13 +++++++++++++ pkg/containerd/rpm/containerd.spec | 11 +++++++++++ 2 files changed, 24 insertions(+) diff --git a/pkg/containerd/deb/changelog b/pkg/containerd/deb/changelog index e272f193..610289a9 100644 --- a/pkg/containerd/deb/changelog +++ b/pkg/containerd/deb/changelog @@ -1,3 +1,16 @@ +containerd.io (1.2.11-1) release; urgency=medium + + * Update the runc vendor to v1.0.0-rc9 which includes an additional + mitigation for CVE-2019-16884 + * Add local-fs.target to service file to fix corrupt image after unexpected + host reboot + * Update Golang runtime to 1.12.13, which includes security fixes to the + crypto/dsa package made in Go 1.12.11 (CVE-2019-17596), and fixes to the + go command, runtime, syscall and net packages (Go 1.12.12) + * CRI: Fix shim delete error code to avoid unnecessary retries in the CRI plugin + + -- Evan Hazlett Thu, 9 Jan 2020 20:40:43 +0000 + containerd.io (1.2.10-3) release; urgency=medium * Added explicit --restart-after-upgrade to dh_systemd_start due to diff --git a/pkg/containerd/rpm/containerd.spec b/pkg/containerd/rpm/containerd.spec index 30f274d3..c4c391be 100644 --- a/pkg/containerd/rpm/containerd.spec +++ b/pkg/containerd/rpm/containerd.spec @@ -154,6 +154,17 @@ install -p -m 644 man/*.5 $RPM_BUILD_ROOT/%{_mandir}/man5 %changelog +* Thu Jan 09 2020 Evan Hazlett - 1.2.11-3.1 +- Update the runc vendor to v1.0.0-rc9 which includes an additional + mitigation for CVE-2019-16884 +- Add local-fs.target to service file to fix corrupt image after unexpected + host reboot +- Update Golang runtime to 1.12.13, which includes security fixes to the + crypto/dsa package made in Go 1.12.11 (CVE-2019-17596), and fixes to the + go command, runtime, syscall and net packages (Go 1.12.12) +- CRI: Fix shim delete error code to avoid unnecessary retries in the CRI plugin +- build with Go 1.12.13 + * Mon Oct 07 2019 Eli Uriegas - 1.2.10-3.2 - build with Go 1.12.10 From a173c64b5fed7f4d57a0adc1dc1040214990d2e0 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Wed, 22 Jan 2020 22:32:37 +0100 Subject: [PATCH 074/128] update golang to 1.12.15 Update Golang 1.12.15 --------------------------- full diff: https://github.com/golang/go/compare/go1.12.14...go1.12.15 go1.12.15 (released 2020/01/09) includes fixes to the runtime and the net/http package. See the Go 1.12.15 milestone on the issue tracker for details: https://github.com/golang/go/issues?q=milestone%3AGo1.12.15+label%3ACherryPickApproved Update Golang 1.12.14 --------------------------- go1.12.14 (released 2019/12/04) includes a fix to the runtime. See the Go 1.12.14 milestone on our issue tracker for details: https://github.com/golang/go/issues?q=milestone%3AGo1.12.14+label%3ACherryPickApproved Signed-off-by: Sebastiaan van Stijn --- pkg/containerd/deb/changelog | 7 +++++++ pkg/containerd/rpm/containerd.spec | 5 ++++- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/pkg/containerd/deb/changelog b/pkg/containerd/deb/changelog index 610289a9..45c7ebf8 100644 --- a/pkg/containerd/deb/changelog +++ b/pkg/containerd/deb/changelog @@ -1,3 +1,10 @@ +containerd.io (1.2.11-2) release; urgency=medium + + * Update Golang runtime to 1.12.15, which includes fixes in the net/http package + and the runtime on ARM64 + + -- Sebastiaan van Stijn + containerd.io (1.2.11-1) release; urgency=medium * Update the runc vendor to v1.0.0-rc9 which includes an additional diff --git a/pkg/containerd/rpm/containerd.spec b/pkg/containerd/rpm/containerd.spec index c4c391be..ee7df9ee 100644 --- a/pkg/containerd/rpm/containerd.spec +++ b/pkg/containerd/rpm/containerd.spec @@ -154,6 +154,10 @@ install -p -m 644 man/*.5 $RPM_BUILD_ROOT/%{_mandir}/man5 %changelog +* Fri Jan 24 2020 Sebastiaan van Stijn - 1.2.11-3.2 +- Update Golang runtime to 1.12.15, which includes fixes in the net/http package + and the runtime on ARM64 + * Thu Jan 09 2020 Evan Hazlett - 1.2.11-3.1 - Update the runc vendor to v1.0.0-rc9 which includes an additional mitigation for CVE-2019-16884 @@ -163,7 +167,6 @@ install -p -m 644 man/*.5 $RPM_BUILD_ROOT/%{_mandir}/man5 crypto/dsa package made in Go 1.12.11 (CVE-2019-17596), and fixes to the go command, runtime, syscall and net packages (Go 1.12.12) - CRI: Fix shim delete error code to avoid unnecessary retries in the CRI plugin -- build with Go 1.12.13 * Mon Oct 07 2019 Eli Uriegas - 1.2.10-3.2 - build with Go 1.12.10 From 46bfabb83d5133e1dc2d90302fe5c4a6cea14a7e Mon Sep 17 00:00:00 2001 From: Derek McGowan Date: Tue, 4 Feb 2020 00:49:19 -0800 Subject: [PATCH 075/128] Update packaging for containerd 1.2.12 Signed-off-by: Derek McGowan --- pkg/containerd/deb/changelog | 19 +++++++++++++++++++ pkg/containerd/rpm/containerd.spec | 16 ++++++++++++++++ 2 files changed, 35 insertions(+) diff --git a/pkg/containerd/deb/changelog b/pkg/containerd/deb/changelog index 45c7ebf8..59fcdd0b 100644 --- a/pkg/containerd/deb/changelog +++ b/pkg/containerd/deb/changelog @@ -1,3 +1,22 @@ +containerd.io (1.2.12-1) release; urgency=medium + + * Update the runc vendor to v1.0.0-rc10 which includes a mitigation for + CVE-2019-19921. + * Update the opencontainers/selinux which includes a mitigation for + CVE-2019-16884. + * Update Golang runtime to 1.12.16, mitigating the CVE-2020-0601 + certificate verification bypass on Windows, and CVE-2020-7919, + which only affects 32-bit architectures. + * A fix to prevent SIGSEGV when starting containerd-shim + * Fix to prevent high system load/CPU utilization with liveness and readiness + probes + * Fix to prevent docker exec hanging if an earlier docker exec left a zombie + process + * CRI: Update the gopkg.in/yaml.v2 vendor to v2.2.8 with a mitigation for + CVE-2019-11253 + + -- Derek McGowan Tue, 04 Feb 2020 9:43:30 +0000 + containerd.io (1.2.11-2) release; urgency=medium * Update Golang runtime to 1.12.15, which includes fixes in the net/http package diff --git a/pkg/containerd/rpm/containerd.spec b/pkg/containerd/rpm/containerd.spec index ee7df9ee..6253e23e 100644 --- a/pkg/containerd/rpm/containerd.spec +++ b/pkg/containerd/rpm/containerd.spec @@ -154,6 +154,22 @@ install -p -m 644 man/*.5 $RPM_BUILD_ROOT/%{_mandir}/man5 %changelog +* Tue Feb 04 2020 Derek McGowan - 1.2.12-3.1 +- Update the runc vendor to v1.0.0-rc10 which includes a mitigation for + CVE-2019-19921. +- Update the opencontainers/selinux which includes a mitigation for + CVE-2019-16884. +- Update Golang runtime to 1.12.16, mitigating the CVE-2020-0601 + certificate verification bypass on Windows, and CVE-2020-7919, + which only affects 32-bit architectures. +- A fix to prevent SIGSEGV when starting containerd-shim +- Fix to prevent high system load/CPU utilization with liveness and readiness + probes +- Fix to prevent docker exec hanging if an earlier docker exec left a zombie + process +- CRI: Update the gopkg.in/yaml.v2 vendor to v2.2.8 with a mitigation for + CVE-2019-11253 + * Fri Jan 24 2020 Sebastiaan van Stijn - 1.2.11-3.2 - Update Golang runtime to 1.12.15, which includes fixes in the net/http package and the runtime on ARM64 From 7a96ecbf35b3af101099a7cb520c54b1b7700960 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Mon, 17 Feb 2020 11:46:04 +0100 Subject: [PATCH 076/128] release 1.2.13-1 Signed-off-by: Sebastiaan van Stijn --- pkg/containerd/deb/changelog | 9 +++++++++ pkg/containerd/rpm/containerd.spec | 6 ++++++ 2 files changed, 15 insertions(+) diff --git a/pkg/containerd/deb/changelog b/pkg/containerd/deb/changelog index 59fcdd0b..1ccbb791 100644 --- a/pkg/containerd/deb/changelog +++ b/pkg/containerd/deb/changelog @@ -1,3 +1,12 @@ +containerd.io (1.2.13-1) release; urgency=medium + + * Update to containerd 1.2.13, which fixes a regression introduced in v1.2.12 + that caused container/shim to hang on single core machines, and fixes an issue + with blkio. + * Update Golang runtime to 1.12.17. + + -- Sebastiaan van Stijn + containerd.io (1.2.12-1) release; urgency=medium * Update the runc vendor to v1.0.0-rc10 which includes a mitigation for diff --git a/pkg/containerd/rpm/containerd.spec b/pkg/containerd/rpm/containerd.spec index 6253e23e..d0555c83 100644 --- a/pkg/containerd/rpm/containerd.spec +++ b/pkg/containerd/rpm/containerd.spec @@ -154,6 +154,12 @@ install -p -m 644 man/*.5 $RPM_BUILD_ROOT/%{_mandir}/man5 %changelog +* Mon Feb 17 2020 Sebastiaan van Stijn - 1.2.13-3.1 +- Update to containerd 1.2.13, which fixes a regression introduced in v1.2.12 + that caused container/shim to hang on single core machines, and fixes an issue + with blkio. +- Update Golang runtime to 1.12.17. + * Tue Feb 04 2020 Derek McGowan - 1.2.12-3.1 - Update the runc vendor to v1.0.0-rc10 which includes a mitigation for CVE-2019-19921. From 4503394b6c8a45bc8ee9dfcc5e09e608e2038c77 Mon Sep 17 00:00:00 2001 From: Guillaume Lours Date: Mon, 17 Feb 2020 15:27:04 +0100 Subject: [PATCH 077/128] Add Apache License to open source the repository Signed-off-by: Guillaume Lours --- pkg/containerd/deb/rules | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/pkg/containerd/deb/rules b/pkg/containerd/deb/rules index b250525e..c457810c 100755 --- a/pkg/containerd/deb/rules +++ b/pkg/containerd/deb/rules @@ -1,5 +1,19 @@ #!/usr/bin/make -f +# Copyright 2018-2020 Docker Inc. + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + INSTALL_DIR=debian/containerd.io CONTAINERD_BINARIES=bin/containerd bin/containerd-shim bin/ctr From 0f382c3764fddb9b9870648c48ba16b08b1dc1c0 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Mon, 23 Mar 2020 14:06:52 +0100 Subject: [PATCH 078/128] deb: fix formatting and missing dates in changelog These caused some warnings to be printed when building: dpkg-gencontrol: warning: debian/changelog(l8): badly formatted trailer line LINE: -- Sebastiaan van Stijn dpkg-gencontrol: warning: debian/changelog(l10): found start of entry where expected more change data or trailer LINE: containerd.io (1.2.12-1) release; urgency=medium dpkg-gencontrol: warning: debian/changelog(l10): found end of file where expected more change data or trailer dpkg-gencontrol: warning: debian/changelog(l8): badly formatted trailer line LINE: -- Sebastiaan van Stijn The dates added match the time/date of the commit that these lines were added in (a173c64b5fed7f4d57a0adc1dc1040214990d2e0 and 7a96ecbf35b3af101099a7cb520c54b1b7700960). Signed-off-by: Sebastiaan van Stijn --- pkg/containerd/deb/changelog | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/pkg/containerd/deb/changelog b/pkg/containerd/deb/changelog index 1ccbb791..fa0fd9a3 100644 --- a/pkg/containerd/deb/changelog +++ b/pkg/containerd/deb/changelog @@ -5,7 +5,7 @@ containerd.io (1.2.13-1) release; urgency=medium with blkio. * Update Golang runtime to 1.12.17. - -- Sebastiaan van Stijn + -- Sebastiaan van Stijn Mon, 17 Feb 2020 10:46:04 +0000 containerd.io (1.2.12-1) release; urgency=medium @@ -31,7 +31,7 @@ containerd.io (1.2.11-2) release; urgency=medium * Update Golang runtime to 1.12.15, which includes fixes in the net/http package and the runtime on ARM64 - -- Sebastiaan van Stijn + -- Sebastiaan van Stijn Fri, 24 Jan 2020 14:42:35 +0000 containerd.io (1.2.11-1) release; urgency=medium @@ -87,7 +87,7 @@ containerd.io (1.2.6-4) release; urgency=high * build with Go 1.11.13 (CVE-2019-9512, CVE-2019-9514) - -- Sebastiaan van Stijn Thu, 15 Aug 2019 21:02:17 +0000 + -- Sebastiaan van Stijn Thu, 15 Aug 2019 21:02:17 +0000 containerd.io (1.2.6-3) release; urgency=medium @@ -99,7 +99,7 @@ containerd.io (1.2.6-2) release; urgency=medium * update runc to v1.0.0-rc8 - -- Sebastiaan van Stijn Fri, 26 Apr 2019 00:59:05 +0000 + -- Sebastiaan van Stijn Fri, 26 Apr 2019 00:59:05 +0000 containerd.io (1.2.6-1) release; urgency=medium @@ -107,7 +107,7 @@ containerd.io (1.2.6-1) release; urgency=medium * update runc to 029124da7af7360afa781a0234d1b083550f797c * build with Go 1.11.8 - -- Sebastiaan van Stijn Wed, 9 Apr 2019 19:19:23 +0000 + -- Sebastiaan van Stijn Wed, 09 Apr 2019 19:19:23 +0000 containerd.io (1.2.5-1) release; urgency=medium From cd85ed78e0ccb24d855958b99d3c1a278aa39790 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Mon, 23 Mar 2020 17:25:44 +0100 Subject: [PATCH 079/128] Fix date in changelog It was a Tuesday, not a Monday ':-) warning: bogus date in %changelog: Mon Aug 27 2019 Sebastiaan van Stijn - 1.2.8-3.1 Signed-off-by: Sebastiaan van Stijn --- pkg/containerd/deb/changelog | 2 +- pkg/containerd/rpm/containerd.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/pkg/containerd/deb/changelog b/pkg/containerd/deb/changelog index fa0fd9a3..d8b3d0a9 100644 --- a/pkg/containerd/deb/changelog +++ b/pkg/containerd/deb/changelog @@ -81,7 +81,7 @@ containerd.io (1.2.8-1) release; urgency=medium * containerd 1.2.8 release * build with Go 1.12.9 - -- Sebastiaan van Stijn Mon, 27 Aug 2019 22:40:56 +0000 + -- Sebastiaan van Stijn Tue, 27 Aug 2019 22:40:56 +0000 containerd.io (1.2.6-4) release; urgency=high diff --git a/pkg/containerd/rpm/containerd.spec b/pkg/containerd/rpm/containerd.spec index d0555c83..05b2e936 100644 --- a/pkg/containerd/rpm/containerd.spec +++ b/pkg/containerd/rpm/containerd.spec @@ -202,7 +202,7 @@ install -p -m 644 man/*.5 $RPM_BUILD_ROOT/%{_mandir}/man5 - containerd 1.2.9 release - Addresses CVE-2019-9512 (Ping Flood), CVE-2019-9514 (Reset Flood), and CVE-2019-9515 (Settings Flood). -* Mon Aug 27 2019 Sebastiaan van Stijn - 1.2.8-3.1 +* Tue Aug 27 2019 Sebastiaan van Stijn - 1.2.8-3.1 - containerd 1.2.8 release - build with Go 1.12.9 From fd3430284ee9080ef188e70f0f0064a16762ae89 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Mon, 23 Mar 2020 19:01:26 +0100 Subject: [PATCH 080/128] rpm: add support for building on CentOS 8 armhf (arm32) is currently not supported, because no images exist on Docker Hub for CentOS 8 For arm64, the seccomp-devel package is in the PowerTools repository, so enabling that repository on CentOS 8 Signed-off-by: Sebastiaan van Stijn centos: enable PowerTools repo Signed-off-by: Sebastiaan van Stijn --- pkg/containerd/rpm/containerd.spec | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/pkg/containerd/rpm/containerd.spec b/pkg/containerd/rpm/containerd.spec index 05b2e936..908a08d3 100644 --- a/pkg/containerd/rpm/containerd.spec +++ b/pkg/containerd/rpm/containerd.spec @@ -99,7 +99,12 @@ cd %{_topdir}/BUILD make man pushd /go/src/%{import_path} -%define make_containerd(o:) make VERSION=%{getenv:VERSION} REVISION=%{getenv:REF} PACKAGE=%{getenv:PACKAGE} %{?**}; +BUILDTAGS="seccomp selinux" +%if 1%{!?el8:1} +BUILDTAGS="${BUILDTAGS} no_btrfs" +%endif + +%define make_containerd(o:) make VERSION=%{getenv:VERSION} REVISION=%{getenv:REF} PACKAGE=%{getenv:PACKAGE} GO_BUILDTAGS="${BUILDTAGS}" %{?**}; %make_containerd bin/containerd /go/src/%{import_path}/bin/containerd --version %make_containerd bin/containerd-shim From 7a521a854d5e76f11abc2c615878a69e4a090947 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Tue, 24 Mar 2020 16:21:46 +0100 Subject: [PATCH 081/128] deb: add missing format version dpkg-source: warning: no source format specified in debian/source/format, see dpkg-source(1) dpkg-source: warning: source directory 'containerd' is not - 'containerd.io-1.2.13' dpkg-source: info: using source format '1.0' Signed-off-by: Sebastiaan van Stijn --- pkg/containerd/deb/source/format | 1 + 1 file changed, 1 insertion(+) create mode 100644 pkg/containerd/deb/source/format diff --git a/pkg/containerd/deb/source/format b/pkg/containerd/deb/source/format new file mode 100644 index 00000000..d3827e75 --- /dev/null +++ b/pkg/containerd/deb/source/format @@ -0,0 +1 @@ +1.0 From eeaaaf662ea8d6b383f8aff85a03a54f9f4c29d3 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Thu, 26 Mar 2020 18:31:53 +0100 Subject: [PATCH 082/128] rpm: add libseccomp to "requires" Signed-off-by: Sebastiaan van Stijn --- pkg/containerd/rpm/containerd.spec | 1 + 1 file changed, 1 insertion(+) diff --git a/pkg/containerd/rpm/containerd.spec b/pkg/containerd/rpm/containerd.spec index 908a08d3..6eb989da 100644 --- a/pkg/containerd/rpm/containerd.spec +++ b/pkg/containerd/rpm/containerd.spec @@ -58,6 +58,7 @@ Source3: runc %if "%{?dist}" != ".amzn2" Requires: container-selinux >= 2:2.74 %endif +Requires: libseccomp %endif BuildRequires: make BuildRequires: gcc From 8d9bbd5e93809c170946e6ee4b9805e16e4d533a Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Mon, 23 Mar 2020 17:02:37 +0100 Subject: [PATCH 083/128] build all binaries instead of individual targets This allows upstream containerd to define all binaries that should be built. We exclude "containerd-stress", because it's a debugging tool. With this change, on the release/1.2 branch, the following binaries are built: bin/ctr bin/containerd bin/containerd-shim bin/containerd-shim-runc-v1 And on the release/1.3 branch (and on master), the following binaries are built: bin/ctr bin/containerd bin/containerd-shim bin/containerd-shim-runc-v1 bin/containerd-shim-runc-v2 Effectively, compared to the current build-scripts, these additional binaries are included: bin/containerd-shim-runc-v1 bin/containerd-shim-runc-v2 (for v1.3.0 and above) Signed-off-by: Sebastiaan van Stijn --- pkg/containerd/deb/rules | 33 ++++++++++++++++-------------- pkg/containerd/rpm/containerd.spec | 29 +++++++++----------------- 2 files changed, 28 insertions(+), 34 deletions(-) diff --git a/pkg/containerd/deb/rules b/pkg/containerd/deb/rules index c457810c..eb21e50e 100755 --- a/pkg/containerd/deb/rules +++ b/pkg/containerd/deb/rules @@ -15,34 +15,37 @@ # limitations under the License. INSTALL_DIR=debian/containerd.io -CONTAINERD_BINARIES=bin/containerd bin/containerd-shim bin/ctr %: dh $@ --with systemd # GO_SRC_PATH and PACKAGE are defined in the dockerfile # VERSION and REF are defined in scripts/build-deb -bin/%: ## Create containerd binaries - @echo "+ make -C $(GO_SRC_PATH) --no-print-directory VERSION=$${VERSION} REVISION=$${REF} PACKAGE=$${PACKAGE} $@" - @make -C $(GO_SRC_PATH) --no-print-directory VERSION=$${VERSION} REVISION=$${REF} PACKAGE=$${PACKAGE} $@ - mkdir -p $(@D) - mv -v $(GO_SRC_PATH)/$@ $@ +binaries: ## Create containerd binaries + @set -x; make -C $(GO_SRC_PATH) --no-print-directory \ + DESTDIR="$$(pwd)" \ + VERSION=$${VERSION} \ + REVISION=$${REF} \ + PACKAGE=$${PACKAGE} \ + binaries install + + # Remove containerd-stress, as we're not shipping it as part of the packages + rm -f bin/containerd-stress bin/runc: - make -C /go/src/github.com/opencontainers/runc BUILDTAGS='seccomp apparmor selinux' runc && mv -v /go/src/github.com/opencontainers/runc/runc $@ + @set -x; make -C /go/src/github.com/opencontainers/runc --no-print-directory \ + BINDIR="$$(pwd)/bin" \ + BUILDTAGS='seccomp apparmor selinux' \ + runc install -override_dh_auto_build: $(CONTAINERD_BINARIES) +override_dh_auto_build: binaries bin/runc override_dh_systemd_start: dh_systemd_start --restart-after-upgrade sed -i 's/_dh_action=try-restart/_dh_action=restart/g' ./debian/containerd.io.postinst.debhelper -override_dh_auto_install: $(CONTAINERD_BINARIES) bin/runc - # set -x so we can see what's being installed where - for binary in $(CONTAINERD_BINARIES); do \ - dest=$$(basename $$binary); \ - (set -x; install -D -m 0755 $$binary $(INSTALL_DIR)/usr/bin/$$dest); \ - done - install -D -m 0755 bin/runc $(INSTALL_DIR)/usr/bin/runc +override_dh_auto_install: binaries bin/runc + mkdir -p $(INSTALL_DIR)/usr/bin + install -D -m 0755 bin/* $(INSTALL_DIR)/usr/bin install -D -m 0644 /root/common/containerd.service $(INSTALL_DIR)/lib/systemd/system/containerd.service install -D -m 0644 /root/common/containerd.toml $(INSTALL_DIR)/etc/containerd/config.toml diff --git a/pkg/containerd/rpm/containerd.spec b/pkg/containerd/rpm/containerd.spec index 6eb989da..0644d28d 100644 --- a/pkg/containerd/rpm/containerd.spec +++ b/pkg/containerd/rpm/containerd.spec @@ -99,33 +99,27 @@ cd %{_topdir}/BUILD/ cd %{_topdir}/BUILD make man -pushd /go/src/%{import_path} BUILDTAGS="seccomp selinux" %if 1%{!?el8:1} BUILDTAGS="${BUILDTAGS} no_btrfs" %endif -%define make_containerd(o:) make VERSION=%{getenv:VERSION} REVISION=%{getenv:REF} PACKAGE=%{getenv:PACKAGE} GO_BUILDTAGS="${BUILDTAGS}" %{?**}; -%make_containerd bin/containerd -/go/src/%{import_path}/bin/containerd --version -%make_containerd bin/containerd-shim -%make_containerd bin/ctr -/go/src/%{import_path}/bin/ctr --version -popd +make -C /go/src/%{import_path} VERSION=%{getenv:VERSION} REVISION=%{getenv:REF} PACKAGE=%{getenv:PACKAGE} GO_BUILDTAGS="${BUILDTAGS}" -pushd /go/src/github.com/opencontainers/runc -make BUILDTAGS='seccomp apparmor selinux %{runc_nokmem}' runc -popd +# Remove containerd-stress, as we're not shipping it as part of the packages +rm -f bin/containerd-stress +bin/containerd --version +bin/ctr --version + +make -C /go/src/github.com/opencontainers/runc BINDIR=%{_topdir}/BUILD/bin BUILDTAGS='seccomp apparmor selinux %{runc_nokmem}' runc install %install cd %{_topdir}/BUILD -install -D -m 0755 bin/containerd %{buildroot}%{_bindir}/containerd -install -D -m 0755 bin/containerd-shim %{buildroot}%{_bindir}/containerd-shim -install -D -m 0755 bin/ctr %{buildroot}%{_bindir}/ctr +mkdir -p %{buildroot}%{_bindir} +install -D -m 0755 bin/* %{buildroot}%{_bindir} install -D -m 0644 %{S:1} %{buildroot}%{_unitdir}/containerd.service install -D -m 0644 %{S:2} %{buildroot}%{_sysconfdir}/containerd/config.toml -install -D -m 0755 /go/src/github.com/opencontainers/runc/runc %{buildroot}%{_bindir}/runc # install manpages install -d %{buildroot}%{_mandir}/man1 @@ -148,10 +142,7 @@ install -p -m 644 man/*.5 $RPM_BUILD_ROOT/%{_mandir}/man5 %files %license LICENSE %doc README.md -%{_bindir}/containerd -%{_bindir}/containerd-shim -%{?with_ctr:%{_bindir}/ctr} -%{_bindir}/runc +%{_bindir}/* %{_unitdir}/containerd.service %{_sysconfdir}/containerd /%{_mandir}/man1/* From 743aefd06eb5f62edfe1f3ae01d6b546540510e9 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Mon, 30 Mar 2020 18:00:16 +0200 Subject: [PATCH 084/128] deb: remove "INSTALL_DIR" variable We didn't use the variable for customization, and abstracting away the location made it harder to find where we're moving files to. Signed-off-by: Sebastiaan van Stijn --- pkg/containerd/deb/rules | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/pkg/containerd/deb/rules b/pkg/containerd/deb/rules index eb21e50e..0208ed02 100755 --- a/pkg/containerd/deb/rules +++ b/pkg/containerd/deb/rules @@ -14,8 +14,6 @@ # See the License for the specific language governing permissions and # limitations under the License. -INSTALL_DIR=debian/containerd.io - %: dh $@ --with systemd @@ -45,7 +43,7 @@ override_dh_systemd_start: sed -i 's/_dh_action=try-restart/_dh_action=restart/g' ./debian/containerd.io.postinst.debhelper override_dh_auto_install: binaries bin/runc - mkdir -p $(INSTALL_DIR)/usr/bin - install -D -m 0755 bin/* $(INSTALL_DIR)/usr/bin - install -D -m 0644 /root/common/containerd.service $(INSTALL_DIR)/lib/systemd/system/containerd.service - install -D -m 0644 /root/common/containerd.toml $(INSTALL_DIR)/etc/containerd/config.toml + mkdir -p debian/containerd.io/usr/bin + install -D -m 0755 bin/* debian/containerd.io/usr/bin + install -D -m 0644 /root/common/containerd.service debian/containerd.io/lib/systemd/system/containerd.service + install -D -m 0644 /root/common/containerd.toml debian/containerd.io/etc/containerd/config.toml From 6293f67fd424febdb2345b55ddab916a78a3a6c0 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Thu, 2 Apr 2020 14:47:16 +0200 Subject: [PATCH 085/128] deb: include man pages, and fix man pages in rpms The rpm spec did not take into account all man page sections, and would fail if an expected section was missing (sections were hardcoded). Signed-off-by: Sebastiaan van Stijn --- pkg/containerd/deb/manpages | 1 + pkg/containerd/deb/rules | 13 +++++++++++-- pkg/containerd/rpm/containerd.spec | 15 ++++++++------- 3 files changed, 20 insertions(+), 9 deletions(-) create mode 100644 pkg/containerd/deb/manpages diff --git a/pkg/containerd/deb/manpages b/pkg/containerd/deb/manpages new file mode 100644 index 00000000..85c5e001 --- /dev/null +++ b/pkg/containerd/deb/manpages @@ -0,0 +1 @@ +man/* diff --git a/pkg/containerd/deb/rules b/pkg/containerd/deb/rules index 0208ed02..9f02aaf0 100755 --- a/pkg/containerd/deb/rules +++ b/pkg/containerd/deb/rules @@ -36,13 +36,22 @@ bin/runc: BUILDTAGS='seccomp apparmor selinux' \ runc install -override_dh_auto_build: binaries bin/runc +man: ## Create containerd man pages + @echo "+ make -C $(GO_SRC_PATH) --no-print-directory man" + @make -C $(GO_SRC_PATH) --no-print-directory man + + # copy the generated man pages instead of using "make install-man" to allow + # dh_installman doing its magic + install -d man + install -D -m 0644 $(GO_SRC_PATH)/man/* man + +override_dh_auto_build: binaries bin/runc man override_dh_systemd_start: dh_systemd_start --restart-after-upgrade sed -i 's/_dh_action=try-restart/_dh_action=restart/g' ./debian/containerd.io.postinst.debhelper -override_dh_auto_install: binaries bin/runc +override_dh_auto_install: binaries bin/runc man mkdir -p debian/containerd.io/usr/bin install -D -m 0755 bin/* debian/containerd.io/usr/bin install -D -m 0644 /root/common/containerd.service debian/containerd.io/lib/systemd/system/containerd.service diff --git a/pkg/containerd/rpm/containerd.spec b/pkg/containerd/rpm/containerd.spec index 0644d28d..5f2466ef 100644 --- a/pkg/containerd/rpm/containerd.spec +++ b/pkg/containerd/rpm/containerd.spec @@ -121,11 +121,13 @@ install -D -m 0755 bin/* %{buildroot}%{_bindir} install -D -m 0644 %{S:1} %{buildroot}%{_unitdir}/containerd.service install -D -m 0644 %{S:2} %{buildroot}%{_sysconfdir}/containerd/config.toml -# install manpages -install -d %{buildroot}%{_mandir}/man1 -install -p -m 644 man/*.1 $RPM_BUILD_ROOT/%{_mandir}/man1 -install -d %{buildroot}%{_mandir}/man5 -install -p -m 644 man/*.5 $RPM_BUILD_ROOT/%{_mandir}/man5 +# install manpages, taking into account that not all sections may be present +for i in $(seq 1 8); do + if ls man/*.${i} 1> /dev/null 2>&1; then + install -d %{buildroot}%{_mandir}/man${i}; + install -p -m 644 man/*.${i} %{buildroot}%{_mandir}/man${i}; + fi +done %post %systemd_post containerd.service @@ -145,8 +147,7 @@ install -p -m 644 man/*.5 $RPM_BUILD_ROOT/%{_mandir}/man5 %{_bindir}/* %{_unitdir}/containerd.service %{_sysconfdir}/containerd -/%{_mandir}/man1/* -/%{_mandir}/man5/* +%{_mandir}/man*/* %config(noreplace) %{_sysconfdir}/containerd/config.toml From 06cd35b499e833e5df47ee5eefa45b2ac376fa25 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Thu, 26 Mar 2020 19:00:45 +0100 Subject: [PATCH 086/128] Dockerfiles: Use buildkit mounts to prevent copying things Also clean up apt cache where possible Signed-off-by: Sebastiaan van Stijn --- pkg/containerd/rpm/containerd.spec | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/pkg/containerd/rpm/containerd.spec b/pkg/containerd/rpm/containerd.spec index 5f2466ef..d61336c9 100644 --- a/pkg/containerd/rpm/containerd.spec +++ b/pkg/containerd/rpm/containerd.spec @@ -86,12 +86,17 @@ low-level storage and network attachments, etc. %prep rm -rf %{_topdir}/BUILD/ -# Copy over our source code from our gopath to our source directory -cp -rf /go/src/%{import_path} %{_topdir}/SOURCES/containerd +if [ ! -d %{_topdir}/SOURCES/containerd ]; then + # Copy over our source code from our gopath to our source directory + cp -rf /go/src/%{import_path} %{_topdir}/SOURCES/containerd; +fi # symlink the go source path to our build directory ln -s /go/src/%{import_path} %{_topdir}/BUILD -# Copy over our source code from our gopath to our source directory -cp -rf /go/src/github.com/opencontainers/runc %{_topdir}/SOURCES/runc + +if [ ! -d %{_topdir}/SOURCES/runc ]; then + # Copy over our source code from our gopath to our source directory + cp -rf /go/src/github.com/opencontainers/runc %{_topdir}/SOURCES/runc +fi cd %{_topdir}/BUILD/ From 45c1105dc4048a5d2b65201558d7feb3ca6d9da5 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Thu, 26 Mar 2020 23:48:58 +0100 Subject: [PATCH 087/128] Update readme's Signed-off-by: Sebastiaan van Stijn --- pkg/containerd/deb/README.md | 21 ++++++++++++++------- pkg/containerd/rpm/README.md | 18 ++++++++++++------ 2 files changed, 26 insertions(+), 13 deletions(-) diff --git a/pkg/containerd/deb/README.md b/pkg/containerd/deb/README.md index 1c4f2b70..14d4f280 100644 --- a/pkg/containerd/deb/README.md +++ b/pkg/containerd/deb/README.md @@ -6,16 +6,17 @@ For releases you should first have a tagged release on the [containerd](https://github.com/containerd/containerd/releases) repository. -Afterwards test if you can actually build the release with: +Afterwards test if you can actually build the release with (for example): -``` -make REF=${TAG} deb +```bash +make REF=${TAG} docker.io/library/ubuntu:bionic ``` If you can actually build the package then start prepping -your release by adding an entry in the [`debian/changelog`](changelog) with: +your release by adding an entry in the [`debian/changelog`](changelog) with the +format: -``` +```bash ./scripts/new-deb-release ``` @@ -23,12 +24,18 @@ This will add an entry into the changelog for the specified VERSION and will also increment the debian packaging version if the specified VERSION is already there. -**NOTE**: Make sure to fill out the bullets for the changelog +> **NOTE**: Make sure to fill out the bullets for the changelog ## Building the release: Releases can then be built with: +```bash +make REF=${TAG} docker.io/library/centos:7 ``` -make REF=${TAG} deb + +or + +```bash +make REF=${TAG} BUILD_IMAGE=docker.io/library/ubuntu:bionic ``` diff --git a/pkg/containerd/rpm/README.md b/pkg/containerd/rpm/README.md index 232e3fbb..fc7e2f09 100644 --- a/pkg/containerd/rpm/README.md +++ b/pkg/containerd/rpm/README.md @@ -6,17 +6,17 @@ For releases you should first have a tagged release on the [containerd](https://github.com/containerd/containerd/releases) repository. -Afterwards test if you can actually build the release with: +Afterwards test if you can actually build the release with (for example): -``` -make REF=${TAG} rpm +```bash +make REF=${TAG} docker.io/library/centos:7 ``` If you can actually build the package then start prepping your release by adding a changelog entry in the [`rpm/containerd.spec`](containerd.spec) with the format: -``` +```bash ./scripts/new-rpm-release ``` @@ -24,12 +24,18 @@ This will add an entry into the changelog for the specified VERSION and will also increment the rpm packaging version if the specified VERSION is already there. -**NOTE**: Make sure to fill out the bullets for the changelog +> **NOTE**: Make sure to fill out the bullets for the changelog ## Building the release: Releases can then be built with: +```bash +make REF=${TAG} docker.io/library/centos:7 ``` -make REF=${TAG} rpm + +or + +```bash +make REF=${TAG} BUILD_IMAGE=docker.io/library/centos:7 ``` From eaea00e8f4e6f11578a3dcd4789574ca337bb7a7 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Sat, 2 May 2020 01:37:54 +0200 Subject: [PATCH 088/128] Prepare 1.2.13-2 release Signed-off-by: Sebastiaan van Stijn --- pkg/containerd/deb/changelog | 8 ++++++++ pkg/containerd/rpm/containerd.spec | 4 ++++ 2 files changed, 12 insertions(+) diff --git a/pkg/containerd/deb/changelog b/pkg/containerd/deb/changelog index d8b3d0a9..c0b3ade9 100644 --- a/pkg/containerd/deb/changelog +++ b/pkg/containerd/deb/changelog @@ -1,3 +1,11 @@ +containerd.io (1.2.13-2) release; urgency=medium + + * Build packages for Ubuntu 20.04 + * Include man pages + * Add libseccomp as required dependency + + -- Sebastiaan van Stijn Fri, 01 May 2020 23:41:28 +0000 + containerd.io (1.2.13-1) release; urgency=medium * Update to containerd 1.2.13, which fixes a regression introduced in v1.2.12 diff --git a/pkg/containerd/rpm/containerd.spec b/pkg/containerd/rpm/containerd.spec index d61336c9..b718ae0d 100644 --- a/pkg/containerd/rpm/containerd.spec +++ b/pkg/containerd/rpm/containerd.spec @@ -157,6 +157,10 @@ done %changelog +* Fri May 01 2020 Sebastiaan van Stijn - 1.2.13-3.2 +- Build packages for RHEL-7 on s390x, CentOS 8, and Fedora 32 +- Add libseccomp as required dependency + * Mon Feb 17 2020 Sebastiaan van Stijn - 1.2.13-3.1 - Update to containerd 1.2.13, which fixes a regression introduced in v1.2.12 that caused container/shim to hang on single core machines, and fixes an issue From 06e2cc2c3e179aa73f76c2549834d497ac5ece68 Mon Sep 17 00:00:00 2001 From: Tibor Vass Date: Sat, 2 May 2020 06:22:45 +0000 Subject: [PATCH 089/128] rpm: containerd 1.2 compatible BUILDTAGS variable Starting from containerd 1.3, the BUILDTAGS variable is renamed to GO_BUILDTAGS. Since we still need to release containerd 1.2, this patch reverts to BUILDTAGS. When switching to containerd 1.3, this patch can be reverted. Signed-off-by: Tibor Vass --- pkg/containerd/rpm/containerd.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/containerd/rpm/containerd.spec b/pkg/containerd/rpm/containerd.spec index b718ae0d..a9f63af9 100644 --- a/pkg/containerd/rpm/containerd.spec +++ b/pkg/containerd/rpm/containerd.spec @@ -109,7 +109,7 @@ BUILDTAGS="seccomp selinux" BUILDTAGS="${BUILDTAGS} no_btrfs" %endif -make -C /go/src/%{import_path} VERSION=%{getenv:VERSION} REVISION=%{getenv:REF} PACKAGE=%{getenv:PACKAGE} GO_BUILDTAGS="${BUILDTAGS}" +make -C /go/src/%{import_path} VERSION=%{getenv:VERSION} REVISION=%{getenv:REF} PACKAGE=%{getenv:PACKAGE} BUILDTAGS="${BUILDTAGS}" # Remove containerd-stress, as we're not shipping it as part of the packages rm -f bin/containerd-stress From 394c6a82c06765d8cde6696c926d52348f80d854 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Wed, 9 Sep 2020 15:43:01 +0200 Subject: [PATCH 090/128] release 1.3.7-1 Signed-off-by: Sebastiaan van Stijn --- pkg/containerd/deb/changelog | 7 +++++++ pkg/containerd/rpm/containerd.spec | 4 ++++ 2 files changed, 11 insertions(+) diff --git a/pkg/containerd/deb/changelog b/pkg/containerd/deb/changelog index c0b3ade9..11f818f1 100644 --- a/pkg/containerd/deb/changelog +++ b/pkg/containerd/deb/changelog @@ -1,3 +1,10 @@ +containerd.io (1.3.7-1) release; urgency=medium + + * Update to containerd 1.3.7 + * Update Golang runtime to 1.13.12. + + -- Sebastiaan van Stijn Wed, 09 Sep 2020 15:40:28 +0000 + containerd.io (1.2.13-2) release; urgency=medium * Build packages for Ubuntu 20.04 diff --git a/pkg/containerd/rpm/containerd.spec b/pkg/containerd/rpm/containerd.spec index a9f63af9..b3ce6b10 100644 --- a/pkg/containerd/rpm/containerd.spec +++ b/pkg/containerd/rpm/containerd.spec @@ -157,6 +157,10 @@ done %changelog +* Wed Sep 09 2020 Sebastiaan van Stijn - 1.3.7-3.1 +- Update to containerd 1.3.7 +- Update Golang runtime to 1.13.12. + * Fri May 01 2020 Sebastiaan van Stijn - 1.2.13-3.2 - Build packages for RHEL-7 on s390x, CentOS 8, and Fedora 32 - Add libseccomp as required dependency From b88d5cb982b4e11bfdf4e59fca824a1f2106fe66 Mon Sep 17 00:00:00 2001 From: Tibor Vass Date: Tue, 6 Oct 2020 21:47:25 +0000 Subject: [PATCH 091/128] release 1.4.1-1 Signed-off-by: Tibor Vass --- pkg/containerd/deb/changelog | 7 +++++++ pkg/containerd/rpm/containerd.spec | 4 ++++ 2 files changed, 11 insertions(+) diff --git a/pkg/containerd/deb/changelog b/pkg/containerd/deb/changelog index 11f818f1..4bc57f1f 100644 --- a/pkg/containerd/deb/changelog +++ b/pkg/containerd/deb/changelog @@ -1,3 +1,10 @@ +containerd.io (1.4.1-1) release; urgency=medium + + * Update to containerd 1.4.1 + * Update Golang runtime to 1.13.15 + + -- Tibor Vass Tue, 06 Oct 2020 21:36:54 +0000 + containerd.io (1.3.7-1) release; urgency=medium * Update to containerd 1.3.7 diff --git a/pkg/containerd/rpm/containerd.spec b/pkg/containerd/rpm/containerd.spec index b3ce6b10..5f029e23 100644 --- a/pkg/containerd/rpm/containerd.spec +++ b/pkg/containerd/rpm/containerd.spec @@ -157,6 +157,10 @@ done %changelog +* Tue Oct 06 2020 Tibor Vass - 1.4.1-3.1 +- Update to containerd 1.4.1 +- Update Golang runtime to 1.13.15 + * Wed Sep 09 2020 Sebastiaan van Stijn - 1.3.7-3.1 - Update to containerd 1.3.7 - Update Golang runtime to 1.13.12. From f0245fb7dba0db009228bf80284cad33db9acd49 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Thu, 26 Nov 2020 14:39:50 +0100 Subject: [PATCH 092/128] release 1.4.2 - Update to containerd 1.4.2 - Update Golang runtime to 1.15.5 Upstream containerd 1.4.2 release notes: https://github.com/containerd/containerd/releases/tag/v1.4.2 Welcome to the v1.4.2 release of containerd! ------------------------------------------------------ The second patch release for containerd 1.4 includes multiple minor fixes and updates. Notable Updates - Fix bug limiting the number of layers by default containerd/cri#1602 - Fix selinux shared memory issue by relabeling /dev/shm containerd/cri#1605 - Fix unknown state preventing removal of containers containerd/containerd#4656 - Fix nil pointer error when restoring checkpoint containerd/containerd#4754 - Improve image pull performance when using HTTP 1.1 containerd/containerd#4653 - Update default seccomp profile for pidfd containerd/containerd#4730 - Update Go to 1.15 Windows - Fix integer overflow on Windows containerd/containerd#4589 - Fix lcow snapshotter to read trailing tar data containerd/containerd#4628 Signed-off-by: Sebastiaan van Stijn --- pkg/containerd/deb/changelog | 7 +++++++ pkg/containerd/rpm/containerd.spec | 4 ++++ 2 files changed, 11 insertions(+) diff --git a/pkg/containerd/deb/changelog b/pkg/containerd/deb/changelog index 4bc57f1f..906c3b18 100644 --- a/pkg/containerd/deb/changelog +++ b/pkg/containerd/deb/changelog @@ -1,3 +1,10 @@ +containerd.io (1.4.2-1) release; urgency=medium + + * Update to containerd 1.4.2 + * Update Golang runtime to 1.15.5 + + -- Sebastiaan van Stijn Thu, 26 Nov 2020 13:34:04 +0000 + containerd.io (1.4.1-1) release; urgency=medium * Update to containerd 1.4.1 diff --git a/pkg/containerd/rpm/containerd.spec b/pkg/containerd/rpm/containerd.spec index 5f029e23..4dfbc46b 100644 --- a/pkg/containerd/rpm/containerd.spec +++ b/pkg/containerd/rpm/containerd.spec @@ -157,6 +157,10 @@ done %changelog +* Thu Nov 26 2020 Sebastiaan van Stijn - 1.4.2-3.1 +- Update to containerd 1.4.2 +- Update Golang runtime to 1.15.5 + * Tue Oct 06 2020 Tibor Vass - 1.4.1-3.1 - Update to containerd 1.4.1 - Update Golang runtime to 1.13.15 From 5c28b0cb535a0427d1db47cf447c391be07f30e3 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Wed, 2 Dec 2020 15:40:06 +0100 Subject: [PATCH 093/128] release 1.4.3 (CVE-2020-15257) upstream release notes: Welcome to the v1.4.3 release of containerd! The third patch release for containerd 1.4 is a security release to address CVE-2020-15257. See GHSA-36xw-fx78-c5r4 for more details: https://github.com/containerd/containerd/security/advisories/GHSA-36xw-fx78-c5r4 Signed-off-by: Sebastiaan van Stijn --- pkg/containerd/deb/changelog | 7 ++++++- pkg/containerd/rpm/containerd.spec | 4 +++- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/pkg/containerd/deb/changelog b/pkg/containerd/deb/changelog index 906c3b18..3c0e19ff 100644 --- a/pkg/containerd/deb/changelog +++ b/pkg/containerd/deb/changelog @@ -1,7 +1,12 @@ +containerd.io (1.4.3-1) release; urgency=high + + * Update to containerd 1.4.3 to address CVE-2020-15257. + + -- Sebastiaan van Stijn Wed, 02 Dec 2020 14:33:09 +0000 + containerd.io (1.4.2-1) release; urgency=medium * Update to containerd 1.4.2 - * Update Golang runtime to 1.15.5 -- Sebastiaan van Stijn Thu, 26 Nov 2020 13:34:04 +0000 diff --git a/pkg/containerd/rpm/containerd.spec b/pkg/containerd/rpm/containerd.spec index 4dfbc46b..1be80f6f 100644 --- a/pkg/containerd/rpm/containerd.spec +++ b/pkg/containerd/rpm/containerd.spec @@ -157,9 +157,11 @@ done %changelog +* Wed Dec 02 2020 Sebastiaan van Stijn - 1.4.3-3.1 +- Update to containerd 1.4.3 to address CVE-2020-15257. + * Thu Nov 26 2020 Sebastiaan van Stijn - 1.4.2-3.1 - Update to containerd 1.4.2 -- Update Golang runtime to 1.15.5 * Tue Oct 06 2020 Tibor Vass - 1.4.1-3.1 - Update to containerd 1.4.1 From 6f4c764fe3e67b68197a116d7312c7233b18637a Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Thu, 21 Jan 2021 22:20:12 +0100 Subject: [PATCH 094/128] remove default "containerd.toml" config file This configuration file was used to disable the CRI plugin to work around an issue where CRI was automatically listening for remote connections. That problem was resolved, so we no longer need a customized configuration. Signed-off-by: Sebastiaan van Stijn --- pkg/containerd/deb/rules | 1 - pkg/containerd/rpm/containerd.spec | 6 +----- 2 files changed, 1 insertion(+), 6 deletions(-) diff --git a/pkg/containerd/deb/rules b/pkg/containerd/deb/rules index 9f02aaf0..9967dd89 100755 --- a/pkg/containerd/deb/rules +++ b/pkg/containerd/deb/rules @@ -55,4 +55,3 @@ override_dh_auto_install: binaries bin/runc man mkdir -p debian/containerd.io/usr/bin install -D -m 0755 bin/* debian/containerd.io/usr/bin install -D -m 0644 /root/common/containerd.service debian/containerd.io/lib/systemd/system/containerd.service - install -D -m 0644 /root/common/containerd.toml debian/containerd.io/etc/containerd/config.toml diff --git a/pkg/containerd/rpm/containerd.spec b/pkg/containerd/rpm/containerd.spec index 1be80f6f..2d15c28e 100644 --- a/pkg/containerd/rpm/containerd.spec +++ b/pkg/containerd/rpm/containerd.spec @@ -50,8 +50,7 @@ License: ASL 2.0 URL: https://containerd.io Source0: containerd Source1: containerd.service -Source2: containerd.toml -Source3: runc +Source2: runc # container-selinux isn't a thing in suse flavors %if %{undefined suse_version} # amazonlinux2 doesn't have container-selinux either @@ -124,7 +123,6 @@ cd %{_topdir}/BUILD mkdir -p %{buildroot}%{_bindir} install -D -m 0755 bin/* %{buildroot}%{_bindir} install -D -m 0644 %{S:1} %{buildroot}%{_unitdir}/containerd.service -install -D -m 0644 %{S:2} %{buildroot}%{_sysconfdir}/containerd/config.toml # install manpages, taking into account that not all sections may be present for i in $(seq 1 8); do @@ -151,9 +149,7 @@ done %doc README.md %{_bindir}/* %{_unitdir}/containerd.service -%{_sysconfdir}/containerd %{_mandir}/man*/* -%config(noreplace) %{_sysconfdir}/containerd/config.toml %changelog From e52b0ef7ff784a0a73067e86a5e37e14cdab36a8 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Tue, 12 Jan 2021 13:17:28 +0100 Subject: [PATCH 095/128] deb: remove dh-systemd dependency as it's deprecated dh-systemd has been integrated into debhelper, starting with version 9.20160709, and has been removed in Debian 11 "bullseye" This patch updates the control file to not require it as a dependency on current versions of debian that ship with that version of debhelper Related discussions: [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=822670 [2] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=958585 Signed-off-by: Sebastiaan van Stijn --- pkg/containerd/deb/control | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/pkg/containerd/deb/control b/pkg/containerd/deb/control index 0b0a60f7..2a90214b 100644 --- a/pkg/containerd/deb/control +++ b/pkg/containerd/deb/control @@ -3,8 +3,7 @@ Section: devel Priority: optional Maintainer: Containerd team Build-Depends: libbtrfs-dev | btrfs-tools , - debhelper, - dh-systemd, + debhelper (>= 10~) | dh-systemd, pkg-config, libseccomp-dev Standards-Version: 4.1.4 From 8cd7d1029498520c0193cae8946ef09391498730 Mon Sep 17 00:00:00 2001 From: Tibor Vass Date: Wed, 3 Mar 2021 01:48:37 +0000 Subject: [PATCH 096/128] Add changelog for containerd v1.4.3-2 Signed-off-by: Tibor Vass --- pkg/containerd/deb/changelog | 6 ++++++ pkg/containerd/rpm/containerd.spec | 3 +++ 2 files changed, 9 insertions(+) diff --git a/pkg/containerd/deb/changelog b/pkg/containerd/deb/changelog index 3c0e19ff..7ca73ac3 100644 --- a/pkg/containerd/deb/changelog +++ b/pkg/containerd/deb/changelog @@ -1,3 +1,9 @@ +containerd.io (1.4.3-2) release; urgency=medium + + * Update runc to v1.0.0-rc93 + + -- Tibor Vass Wed, 03 Mar 2021 01:45:49 +0000 + containerd.io (1.4.3-1) release; urgency=high * Update to containerd 1.4.3 to address CVE-2020-15257. diff --git a/pkg/containerd/rpm/containerd.spec b/pkg/containerd/rpm/containerd.spec index 1be80f6f..b171515c 100644 --- a/pkg/containerd/rpm/containerd.spec +++ b/pkg/containerd/rpm/containerd.spec @@ -157,6 +157,9 @@ done %changelog +* Wed Mar 03 2021 Tibor Vass - 1.4.3-3.2 +- Update runc to v1.0.0-rc93 + * Wed Dec 02 2020 Sebastiaan van Stijn - 1.4.3-3.1 - Update to containerd 1.4.3 to address CVE-2020-15257. From 7297473b82dbfa1ad233782b5aa34db9a810c3b8 Mon Sep 17 00:00:00 2001 From: Wei Fu Date: Mon, 8 Mar 2021 14:27:44 +0800 Subject: [PATCH 097/128] Add changelog for containerd v1.4.4-1 Signed-off-by: Wei Fu --- pkg/containerd/deb/changelog | 6 ++++++ pkg/containerd/rpm/containerd.spec | 3 +++ 2 files changed, 9 insertions(+) diff --git a/pkg/containerd/deb/changelog b/pkg/containerd/deb/changelog index 7ca73ac3..3df1fd20 100644 --- a/pkg/containerd/deb/changelog +++ b/pkg/containerd/deb/changelog @@ -1,3 +1,9 @@ +containerd.io (1.4.4-1) release; urgency=high + + * Update to containerd 1.4.4 to address CVE-2021-21334. + + -- Wei Fu Mon, 08 Mar 2021 14:14:44 +0000 + containerd.io (1.4.3-2) release; urgency=medium * Update runc to v1.0.0-rc93 diff --git a/pkg/containerd/rpm/containerd.spec b/pkg/containerd/rpm/containerd.spec index b171515c..12b0ce87 100644 --- a/pkg/containerd/rpm/containerd.spec +++ b/pkg/containerd/rpm/containerd.spec @@ -157,6 +157,9 @@ done %changelog +* Mon Mar 08 2021 Wei Fu - 1.4.4-3.1 +- Update to containerd 1.4.4 to address CVE-2021-21334. + * Wed Mar 03 2021 Tibor Vass - 1.4.3-3.2 - Update runc to v1.0.0-rc93 From 1f929f45cf3e7eb2fc0c61f5bab2d870a6d93313 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Mon, 8 Mar 2021 14:42:19 +0100 Subject: [PATCH 098/128] Disable go modules (GO111MODULE=off) to force using vendor directory on Go 1.16 Go 1.16 more aggressively forces use of go modules, and as a result for some steps will ignore the vendor directory, causing the build to fail: make REF=v1.4.2 RUNC_REF=59ad417c14143ae6b34e9cf88cf3f6e9c6d5f9e8 GOVERSION=1.16.0 docker.io/library/ubuntu:bionic #21 1.417 make[1]: Entering directory '/root/containerd' #21 1.418 + pwd #21 1.418 + make -C /go/src/github.com/containerd/containerd --no-print-directory DESTDIR=/root/containerd VERSION=1.4.2 REVISION=b321d358e6eef9c82fa3f3bb8826dca3724c58c6 PACKAGE=containerd.io binaries install #21 1.579 + bin/ctr #21 1.587 go: cannot find main module, but found vendor.conf in /go/src/github.com/containerd/containerd #21 1.587 to create a module there, run: #21 1.587 go mod init #21 1.589 Makefile:193: recipe for target 'bin/ctr' failed #21 1.589 make[2]: *** [bin/ctr] Error 1 #21 1.590 make[1]: *** [binaries] Error 2 #21 1.590 debian/rules:23: recipe for target 'binaries' failed #21 1.590 make[1]: Leaving directory '/root/containerd' #21 1.596 debian/rules:18: recipe for target 'build' failed #21 1.596 make: *** [build] Error 2 #21 1.596 dpkg-buildpackage: error: debian/rules build subprocess returned exit status 2 ------ executor failed running [/bin/sh -c /root/build-deb]: exit code: 2 make[1]: *** [build] Error 1 make: *** [docker.io/library/ubuntu:bionic] Error 2 make REF=v1.4.2 RUNC_REF=59ad417c14143ae6b34e9cf88cf3f6e9c6d5f9e8 GOVERSION=1.16.0 docker.io/library/centos:7 ... #23 3.267 + make man #23 5.145 + man/ctr.8 #23 5.146 go run cmd/gen-manpages/main.go ctr.8 man #23 5.366 cmd/gen-manpages/main.go:27:2: no required module provides package github.com/containerd/containerd/cmd/containerd/command: working directory is not part of a module #23 5.366 cmd/gen-manpages/main.go:28:2: no required module provides package github.com/containerd/containerd/cmd/ctr/app: working directory is not part of a module #23 5.366 cmd/gen-manpages/main.go:29:2: no required module provides package github.com/urfave/cli: working directory is not part of a module #23 5.368 make: *** [man/ctr.8] Error 1 #23 5.369 #23 5.369 #23 5.369 RPM build errors: #23 5.369 error: Bad exit status from /var/tmp/rpm-tmp.XNaFt7 (%build) #23 5.369 Bad exit status from /var/tmp/rpm-tmp.XNaFt7 (%build) ------ executor failed running [/bin/sh -c /root/build-rpm]: exit code: 1 make[1]: *** [build] Error 1 make: *** [docker.io/library/centos:7] Error 2 Signed-off-by: Sebastiaan van Stijn --- pkg/containerd/deb/rules | 7 +++---- pkg/containerd/rpm/containerd.spec | 6 +++--- 2 files changed, 6 insertions(+), 7 deletions(-) diff --git a/pkg/containerd/deb/rules b/pkg/containerd/deb/rules index 9f02aaf0..d534ee00 100755 --- a/pkg/containerd/deb/rules +++ b/pkg/containerd/deb/rules @@ -20,7 +20,7 @@ # GO_SRC_PATH and PACKAGE are defined in the dockerfile # VERSION and REF are defined in scripts/build-deb binaries: ## Create containerd binaries - @set -x; make -C $(GO_SRC_PATH) --no-print-directory \ + @set -x; GO111MODULE=off make -C $(GO_SRC_PATH) --no-print-directory \ DESTDIR="$$(pwd)" \ VERSION=$${VERSION} \ REVISION=$${REF} \ @@ -31,14 +31,13 @@ binaries: ## Create containerd binaries rm -f bin/containerd-stress bin/runc: - @set -x; make -C /go/src/github.com/opencontainers/runc --no-print-directory \ + @set -x; GO111MODULE=off make -C /go/src/github.com/opencontainers/runc --no-print-directory \ BINDIR="$$(pwd)/bin" \ BUILDTAGS='seccomp apparmor selinux' \ runc install man: ## Create containerd man pages - @echo "+ make -C $(GO_SRC_PATH) --no-print-directory man" - @make -C $(GO_SRC_PATH) --no-print-directory man + @set -x; GO111MODULE=off make -C $(GO_SRC_PATH) --no-print-directory man # copy the generated man pages instead of using "make install-man" to allow # dh_installman doing its magic diff --git a/pkg/containerd/rpm/containerd.spec b/pkg/containerd/rpm/containerd.spec index b171515c..42b054b5 100644 --- a/pkg/containerd/rpm/containerd.spec +++ b/pkg/containerd/rpm/containerd.spec @@ -102,21 +102,21 @@ cd %{_topdir}/BUILD/ %build cd %{_topdir}/BUILD -make man +GO111MODULE=off make man BUILDTAGS="seccomp selinux" %if 1%{!?el8:1} BUILDTAGS="${BUILDTAGS} no_btrfs" %endif -make -C /go/src/%{import_path} VERSION=%{getenv:VERSION} REVISION=%{getenv:REF} PACKAGE=%{getenv:PACKAGE} BUILDTAGS="${BUILDTAGS}" +GO111MODULE=off make -C /go/src/%{import_path} VERSION=%{getenv:VERSION} REVISION=%{getenv:REF} PACKAGE=%{getenv:PACKAGE} BUILDTAGS="${BUILDTAGS}" # Remove containerd-stress, as we're not shipping it as part of the packages rm -f bin/containerd-stress bin/containerd --version bin/ctr --version -make -C /go/src/github.com/opencontainers/runc BINDIR=%{_topdir}/BUILD/bin BUILDTAGS='seccomp apparmor selinux %{runc_nokmem}' runc install +GO111MODULE=off make -C /go/src/github.com/opencontainers/runc BINDIR=%{_topdir}/BUILD/bin BUILDTAGS='seccomp apparmor selinux %{runc_nokmem}' runc install %install From aea4411f7e1ecaeaf4a1636258a5698aab373f1c Mon Sep 17 00:00:00 2001 From: Wei Fu Date: Tue, 9 Mar 2021 12:41:00 +0800 Subject: [PATCH 099/128] debian: update image name Signed-off-by: Wei Fu --- pkg/containerd/deb/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/containerd/deb/README.md b/pkg/containerd/deb/README.md index 14d4f280..f9a4af21 100644 --- a/pkg/containerd/deb/README.md +++ b/pkg/containerd/deb/README.md @@ -31,7 +31,7 @@ VERSION is already there. Releases can then be built with: ```bash -make REF=${TAG} docker.io/library/centos:7 +make REF=${TAG} docker.io/library/ubuntu:bionic ``` or From 0cc4b7998dc64589d569d0040b9997b1f1c78c61 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Wed, 19 May 2021 14:31:54 +0200 Subject: [PATCH 100/128] Revert "remove default "containerd.toml" config file" This reverts commit 6f4c764fe3e67b68197a116d7312c7233b18637a. Relates to https://github.com/docker/containerd-packaging/pull/215#discussion_r632804641 > removing this does have some impact on rpm users who are currently overwriting > the rpm supplied config.toml with their own. This being removed above, causes > the user supplied override config.toml file also to be deleted, when they upgrade > to a rpm version with this change. rpm moves the file to.rpmsave/.rpmnew after > upgrading to the new version with the above change. Reverting this change (at least temporarily until we figure out an alternative) is the safest option for now. Signed-off-by: Sebastiaan van Stijn --- pkg/containerd/deb/rules | 1 + pkg/containerd/rpm/containerd.spec | 6 +++++- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/pkg/containerd/deb/rules b/pkg/containerd/deb/rules index 18293e29..d534ee00 100755 --- a/pkg/containerd/deb/rules +++ b/pkg/containerd/deb/rules @@ -54,3 +54,4 @@ override_dh_auto_install: binaries bin/runc man mkdir -p debian/containerd.io/usr/bin install -D -m 0755 bin/* debian/containerd.io/usr/bin install -D -m 0644 /root/common/containerd.service debian/containerd.io/lib/systemd/system/containerd.service + install -D -m 0644 /root/common/containerd.toml debian/containerd.io/etc/containerd/config.toml diff --git a/pkg/containerd/rpm/containerd.spec b/pkg/containerd/rpm/containerd.spec index c1fde145..44529e46 100644 --- a/pkg/containerd/rpm/containerd.spec +++ b/pkg/containerd/rpm/containerd.spec @@ -50,7 +50,8 @@ License: ASL 2.0 URL: https://containerd.io Source0: containerd Source1: containerd.service -Source2: runc +Source2: containerd.toml +Source3: runc # container-selinux isn't a thing in suse flavors %if %{undefined suse_version} # amazonlinux2 doesn't have container-selinux either @@ -123,6 +124,7 @@ cd %{_topdir}/BUILD mkdir -p %{buildroot}%{_bindir} install -D -m 0755 bin/* %{buildroot}%{_bindir} install -D -m 0644 %{S:1} %{buildroot}%{_unitdir}/containerd.service +install -D -m 0644 %{S:2} %{buildroot}%{_sysconfdir}/containerd/config.toml # install manpages, taking into account that not all sections may be present for i in $(seq 1 8); do @@ -149,7 +151,9 @@ done %doc README.md %{_bindir}/* %{_unitdir}/containerd.service +%{_sysconfdir}/containerd %{_mandir}/man*/* +%config(noreplace) %{_sysconfdir}/containerd/config.toml %changelog From 412105048da320b90efc0ff5be8b26c1a5bf704e Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Wed, 12 May 2021 10:33:28 +0200 Subject: [PATCH 101/128] prepare release v1.4.5 - Update to containerd 1.4.5 - Update runc to v1.0.0-rc94 containerd diff: https://github.com/containerd/containerd/compare/v1.4.4...v1.4.5 runc diff: https://github.com/opencontainers/runc/compare/v1.0.0-rc93...v1.0.0-rc94 containerd release notes: https://github.com/containerd/containerd/releases/tag/v1.4.5 - Update runc to rc94 - Fix leaking socket path in runc shim v2 - Fix cleanup logic in new container in runc shim v2 - Fix registry mirror authorization logic in CRI plugin - Add support for userxattr in overlay snapshotter for kernel 5.11+ runc release notes: https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc94 Potentially breaking changes: - cgroupv1: kernel memory limits are now always ignored, as kmemcg has been effectively deprecated by the kernel. Users should make use of regular memory cgroup controls. - libcontainer/cgroups: cgroup managers' Set now accept configs.Resources rather than configs.Cgroups - libcontainer/cgroups/systemd: reconnect and retry in case dbus connection is closed (after dbus restart) - libcontainer/cgroups/systemd: don't set limits in Apply Bugfixes: - seccomp: fix 32-bit compilation errors (regression in rc93) - cgroupv2: blkio weight value conversion fix - runc init: fix a hang caused by deadlock in seccomp/ebpf loading code (regression in rc93) - runc start: fix "chdir to cwd: permission denied" for some setups (regression in rc93) - s390: fix broken terminal (regression in rc93) Improvements: - runc start/exec: better diagnostics when container limits are too low - runc start/exec: better cleanup after failed runc init - cgroupv1: improve freezing chances - cgroupv2: multiple GetStats improvements - cgroupv2: fallback to setting io.weight if io.bfq.weight is not available - capabilities: WARN, not ERROR, for unknown / unavailable capabilities Signed-off-by: Sebastiaan van Stijn --- pkg/containerd/deb/changelog | 7 +++++++ pkg/containerd/rpm/containerd.spec | 4 ++++ 2 files changed, 11 insertions(+) diff --git a/pkg/containerd/deb/changelog b/pkg/containerd/deb/changelog index 3df1fd20..837802cd 100644 --- a/pkg/containerd/deb/changelog +++ b/pkg/containerd/deb/changelog @@ -1,3 +1,10 @@ +containerd.io (1.4.5-1) release; urgency=medium + + * Update to containerd 1.4.5 + * Update runc to v1.0.0-rc94 + + -- Sebastiaan van Stijn Wed, 12 May 2021 08:29:50 +0000 + containerd.io (1.4.4-1) release; urgency=high * Update to containerd 1.4.4 to address CVE-2021-21334. diff --git a/pkg/containerd/rpm/containerd.spec b/pkg/containerd/rpm/containerd.spec index c1fde145..e59fd50c 100644 --- a/pkg/containerd/rpm/containerd.spec +++ b/pkg/containerd/rpm/containerd.spec @@ -153,6 +153,10 @@ done %changelog +* Wed May 12 2021 Sebastiaan van Stijn - 1.4.5-3.1 +- Update to containerd 1.4.5 +- Update runc to v1.0.0-rc94 + * Mon Mar 08 2021 Wei Fu - 1.4.4-3.1 - Update to containerd 1.4.4 to address CVE-2021-21334. From 82e0b1c1f18897609d606b8d53f3a2c01784b18d Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Fri, 21 May 2021 09:34:57 +0200 Subject: [PATCH 102/128] prepare release v1.4.6 - Update to containerd 1.4.6 - Update runc to v1.0.0-rc95 containerd diff: https://github.com/containerd/containerd/compare/v1.4.5...v1.4.6 runc diff: https://github.com/opencontainers/runc/compare/v1.0.0-rc94...v1.0.0-rc95 containerd release notes: https://github.com/containerd/containerd/releases/tag/v1.4.6 The sixth patch release for containerd 1.4 is a security release to update runc for CVE-2021-30465 runc release notes: https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc95 This release of runc contains a fix for CVE-2021-30465, and users are strongly recommended to update (especially if you are providing semi-limited access to spawn containers to untrusted users). Aside from this security fix, only a few other changes were made since v1.0.0-rc94 (the only user-visible change was the addition of support for defaultErrnoRet in seccomp profiles). Signed-off-by: Sebastiaan van Stijn --- pkg/containerd/deb/changelog | 7 +++++++ pkg/containerd/rpm/containerd.spec | 4 ++++ 2 files changed, 11 insertions(+) diff --git a/pkg/containerd/deb/changelog b/pkg/containerd/deb/changelog index 837802cd..231f304e 100644 --- a/pkg/containerd/deb/changelog +++ b/pkg/containerd/deb/changelog @@ -1,3 +1,10 @@ +containerd.io (1.4.6-1) release; urgency=high + + * Update to containerd 1.4.6 + * Update runc to v1.0.0-rc95 to address CVE-2021-30465. + + -- Sebastiaan van Stijn Fri, 21 May 2021 07:30:42 +0000 + containerd.io (1.4.5-1) release; urgency=medium * Update to containerd 1.4.5 diff --git a/pkg/containerd/rpm/containerd.spec b/pkg/containerd/rpm/containerd.spec index cf8b0fd3..04caeeba 100644 --- a/pkg/containerd/rpm/containerd.spec +++ b/pkg/containerd/rpm/containerd.spec @@ -157,6 +157,10 @@ done %changelog +* Fri May 21 2021 Sebastiaan van Stijn - 1.4.6-3.1 +- Update to containerd 1.4.6 +- Update runc to v1.0.0-rc95 to address CVE-2021-30465. + * Wed May 12 2021 Sebastiaan van Stijn - 1.4.5-3.1 - Update to containerd 1.4.5 - Update runc to v1.0.0-rc94 From 3f8d92f392dfbcf7132813999c040c2165549589 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Fri, 25 Jun 2021 10:08:29 +0200 Subject: [PATCH 103/128] deb: fix use of PREFIX and DESTDIR for changes in containerd containerd commit https://github.com/containerd/containerd/commit/b5f530a15780ee443b8c568200d37d50d0449672 changed the handling of PREFIX and DESTDIR. As a result, the location in which the binaries are installed changed. This patch sets the PREFIX variable to match the old location, so that the build script can work with both the 1.4 and 1.5 release branches of containerd, and with current master/main. Once the upstream 1.4 and 1.5 release branches become obsolete, we should consider removing the custom PREFIX, and use (pwd)/usr/local/bin instead, and consider using a TEMP dir for the binaries (and set that as DESTDIR). Signed-off-by: Sebastiaan van Stijn --- pkg/containerd/deb/rules | 3 +++ 1 file changed, 3 insertions(+) diff --git a/pkg/containerd/deb/rules b/pkg/containerd/deb/rules index d534ee00..b182343e 100755 --- a/pkg/containerd/deb/rules +++ b/pkg/containerd/deb/rules @@ -19,9 +19,12 @@ # GO_SRC_PATH and PACKAGE are defined in the dockerfile # VERSION and REF are defined in scripts/build-deb +# TODO remove custom PREFIX variable once containerd release/1.4 and release/1.5 +# are obsolete. See https://github.com/containerd/containerd/commit/b5f530a157 binaries: ## Create containerd binaries @set -x; GO111MODULE=off make -C $(GO_SRC_PATH) --no-print-directory \ DESTDIR="$$(pwd)" \ + PREFIX="" \ VERSION=$${VERSION} \ REVISION=$${REF} \ PACKAGE=$${PACKAGE} \ From 2fea2dde7f45c498fc024722f240d25a2d953566 Mon Sep 17 00:00:00 2001 From: anujajakhade Date: Mon, 12 Jul 2021 15:07:54 +0530 Subject: [PATCH 104/128] RPM : Update libseccomp dependency name for SLES/openSUSE distros Signed-off-by: Anuja Jakhade Update containerd.spec --- pkg/containerd/rpm/containerd.spec | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/pkg/containerd/rpm/containerd.spec b/pkg/containerd/rpm/containerd.spec index 04caeeba..70a1a86f 100644 --- a/pkg/containerd/rpm/containerd.spec +++ b/pkg/containerd/rpm/containerd.spec @@ -59,6 +59,10 @@ Source3: runc Requires: container-selinux >= 2:2.74 %endif Requires: libseccomp +%else +# SUSE flavors do not have container-selinux, +# and libseccomp is named libseccomp2 +Requires: libseccomp2 %endif BuildRequires: make BuildRequires: gcc From 24e3ef39c740d9bc624f5f780c0636de4e915402 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Mon, 19 Jul 2021 11:46:31 +0200 Subject: [PATCH 105/128] prepare release v1.4.7 - Update to containerd 1.4.7 - Update runc to v1.0.0 - Update Golang runtime to 1.15.14 containerd: - diff: https://github.com/containerd/containerd/compare/v1.4.6...v1.4.7 - release notes: https://github.com/containerd/containerd/releases/tag/v1.4.7 runc: - diff: https://github.com/opencontainers/runc/compare/v1.0.0-rc95...v1.0.0 - release notes: https://github.com/opencontainers/runc/releases/tag/v1.0.0 golang: - release notes: https://golang.org/doc/devel/release#go1.15 Signed-off-by: Sebastiaan van Stijn --- pkg/containerd/deb/changelog | 8 ++++++++ pkg/containerd/rpm/containerd.spec | 5 +++++ 2 files changed, 13 insertions(+) diff --git a/pkg/containerd/deb/changelog b/pkg/containerd/deb/changelog index 231f304e..85a823ea 100644 --- a/pkg/containerd/deb/changelog +++ b/pkg/containerd/deb/changelog @@ -1,3 +1,11 @@ +containerd.io (1.4.7-1) release; urgency=medium + + * Update to containerd 1.4.7 + * Update runc to v1.0.0 + * Update Golang runtime to 1.15.14 + + -- Sebastiaan van Stijn Mon, 19 Jul 2021 09:30:34 +0000 + containerd.io (1.4.6-1) release; urgency=high * Update to containerd 1.4.6 diff --git a/pkg/containerd/rpm/containerd.spec b/pkg/containerd/rpm/containerd.spec index 70a1a86f..2dda6ea1 100644 --- a/pkg/containerd/rpm/containerd.spec +++ b/pkg/containerd/rpm/containerd.spec @@ -161,6 +161,11 @@ done %changelog +* Mon Jul 19 2021 Sebastiaan van Stijn - 1.4.7-3.1 +- Update to containerd 1.4.7 +- Update runc to v1.0.0 +- Update Golang runtime to 1.15.14 + * Fri May 21 2021 Sebastiaan van Stijn - 1.4.6-3.1 - Update to containerd 1.4.6 - Update runc to v1.0.0-rc95 to address CVE-2021-30465. From 40f93bcc98aa9da5cc580aff723cc53b2727cee6 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Mon, 19 Jul 2021 21:07:16 +0200 Subject: [PATCH 106/128] prepare release v1.4.8 Update to containerd 1.4.8 to address [CVE-2021-32760][1]. [1]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32760 Signed-off-by: Sebastiaan van Stijn --- pkg/containerd/deb/changelog | 6 ++++++ pkg/containerd/rpm/containerd.spec | 3 +++ 2 files changed, 9 insertions(+) diff --git a/pkg/containerd/deb/changelog b/pkg/containerd/deb/changelog index 85a823ea..777b23ef 100644 --- a/pkg/containerd/deb/changelog +++ b/pkg/containerd/deb/changelog @@ -1,3 +1,9 @@ +containerd.io (1.4.8-1) release; urgency=high + + * Update to containerd 1.4.8 to address CVE-2021-32760 + + -- Sebastiaan van Stijn Mon, 19 Jul 2021 19:03:08 +0000 + containerd.io (1.4.7-1) release; urgency=medium * Update to containerd 1.4.7 diff --git a/pkg/containerd/rpm/containerd.spec b/pkg/containerd/rpm/containerd.spec index 2dda6ea1..1b4bd734 100644 --- a/pkg/containerd/rpm/containerd.spec +++ b/pkg/containerd/rpm/containerd.spec @@ -161,6 +161,9 @@ done %changelog +* Mon Jul 19 2021 Sebastiaan van Stijn - 1.4.8-3.1 +- Update to containerd 1.4.8 to address CVE-2021-32760 + * Mon Jul 19 2021 Sebastiaan van Stijn - 1.4.7-3.1 - Update to containerd 1.4.7 - Update runc to v1.0.0 From 9c11883585c3c4f1aa0faaef2674fe707853027c Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Thu, 29 Jul 2021 22:47:10 +0200 Subject: [PATCH 107/128] prepare release v1.4.9 - Update to containerd 1.4.9 - Update runc to v1.0.1 Welcome to the v1.4.9 release of containerd! The ninth patch release for containerd 1.4 updates runc to 1.0.1 and contains other minor updates. Notable Updates - Update runc binary to 1.0.1 - Update pull authorization logic on redirect - Fix user agent used for fetching registry authentication tokens Signed-off-by: Sebastiaan van Stijn --- pkg/containerd/deb/changelog | 7 +++++++ pkg/containerd/rpm/containerd.spec | 4 ++++ 2 files changed, 11 insertions(+) diff --git a/pkg/containerd/deb/changelog b/pkg/containerd/deb/changelog index 777b23ef..451b637f 100644 --- a/pkg/containerd/deb/changelog +++ b/pkg/containerd/deb/changelog @@ -1,3 +1,10 @@ +containerd.io (1.4.9-1) release; urgency=medium + + * Update to containerd 1.4.8 + * Update runc to v1.0.1 + + -- Sebastiaan van Stijn Thu, 29 Jul 2021 20:43:55 +0000 + containerd.io (1.4.8-1) release; urgency=high * Update to containerd 1.4.8 to address CVE-2021-32760 diff --git a/pkg/containerd/rpm/containerd.spec b/pkg/containerd/rpm/containerd.spec index 1b4bd734..91fd6a52 100644 --- a/pkg/containerd/rpm/containerd.spec +++ b/pkg/containerd/rpm/containerd.spec @@ -161,6 +161,10 @@ done %changelog +* Thu Jul 29 2021 Sebastiaan van Stijn - 1.4.9-3.1 +- Update to containerd 1.4.9 +- Update runc to v1.0.1 + * Mon Jul 19 2021 Sebastiaan van Stijn - 1.4.8-3.1 - Update to containerd 1.4.8 to address CVE-2021-32760 From 2079c6f9c7290f445e0caa4128f9ec71f713a33e Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Thu, 16 Sep 2021 14:32:38 +0200 Subject: [PATCH 108/128] Use GO111MODULE=auto instead of "off" Using "auto" to work around an issue with a broken vendor package in containerd; GO111MODULE=off make -C /go/src/github.com/containerd/containerd --no-print-directory DESTDIR=/root/containerd PREFIX= VERSION=20210916.065010~7ddf5e5 REVISION=7ddf5e52ba738e868b70807797c79c8e54da3497 PACKAGE=containerd.io binaries install vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/internal/connection/connection.go:33:2: found import comments "go.opentelemetry.io/otel/exporters/otlp/internal/otlpconfig" (options.go) and "go.opentelemetry.io/otel/exporters/otlp/otlptrace/internal/otlpconfig" (optiontypes.go) in /go/src/github.com/containerd/containerd/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/internal/otlpconfig Using "auto" should (I hope) still use the vendored packages, but instead of "GOPATH" mode, will be using "go modules" mode, which ignores `// import` comments (which isn't a thing in go modules). Signed-off-by: Sebastiaan van Stijn --- pkg/containerd/deb/rules | 6 +++--- pkg/containerd/rpm/containerd.spec | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/pkg/containerd/deb/rules b/pkg/containerd/deb/rules index b182343e..9cfe0cd9 100755 --- a/pkg/containerd/deb/rules +++ b/pkg/containerd/deb/rules @@ -22,7 +22,7 @@ # TODO remove custom PREFIX variable once containerd release/1.4 and release/1.5 # are obsolete. See https://github.com/containerd/containerd/commit/b5f530a157 binaries: ## Create containerd binaries - @set -x; GO111MODULE=off make -C $(GO_SRC_PATH) --no-print-directory \ + @set -x; GO111MODULE=auto make -C $(GO_SRC_PATH) --no-print-directory \ DESTDIR="$$(pwd)" \ PREFIX="" \ VERSION=$${VERSION} \ @@ -34,13 +34,13 @@ binaries: ## Create containerd binaries rm -f bin/containerd-stress bin/runc: - @set -x; GO111MODULE=off make -C /go/src/github.com/opencontainers/runc --no-print-directory \ + @set -x; GO111MODULE=auto make -C /go/src/github.com/opencontainers/runc --no-print-directory \ BINDIR="$$(pwd)/bin" \ BUILDTAGS='seccomp apparmor selinux' \ runc install man: ## Create containerd man pages - @set -x; GO111MODULE=off make -C $(GO_SRC_PATH) --no-print-directory man + @set -x; GO111MODULE=auto make -C $(GO_SRC_PATH) --no-print-directory man # copy the generated man pages instead of using "make install-man" to allow # dh_installman doing its magic diff --git a/pkg/containerd/rpm/containerd.spec b/pkg/containerd/rpm/containerd.spec index 91fd6a52..ff6bc358 100644 --- a/pkg/containerd/rpm/containerd.spec +++ b/pkg/containerd/rpm/containerd.spec @@ -106,21 +106,21 @@ cd %{_topdir}/BUILD/ %build cd %{_topdir}/BUILD -GO111MODULE=off make man +GO111MODULE=auto make man BUILDTAGS="seccomp selinux" %if 1%{!?el8:1} BUILDTAGS="${BUILDTAGS} no_btrfs" %endif -GO111MODULE=off make -C /go/src/%{import_path} VERSION=%{getenv:VERSION} REVISION=%{getenv:REF} PACKAGE=%{getenv:PACKAGE} BUILDTAGS="${BUILDTAGS}" +GO111MODULE=auto make -C /go/src/%{import_path} VERSION=%{getenv:VERSION} REVISION=%{getenv:REF} PACKAGE=%{getenv:PACKAGE} BUILDTAGS="${BUILDTAGS}" # Remove containerd-stress, as we're not shipping it as part of the packages rm -f bin/containerd-stress bin/containerd --version bin/ctr --version -GO111MODULE=off make -C /go/src/github.com/opencontainers/runc BINDIR=%{_topdir}/BUILD/bin BUILDTAGS='seccomp apparmor selinux %{runc_nokmem}' runc install +GO111MODULE=auto make -C /go/src/github.com/opencontainers/runc BINDIR=%{_topdir}/BUILD/bin BUILDTAGS='seccomp apparmor selinux %{runc_nokmem}' runc install %install From 89cd560666dedec94a8110284987e66e065d8b9f Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Thu, 30 Sep 2021 17:25:48 +0200 Subject: [PATCH 109/128] prepare release v1.4.10 - Update to containerd 1.4.10 - Update runc to v1.0.2 - Update Golang runtime to 1.16.8 Signed-off-by: Sebastiaan van Stijn --- pkg/containerd/deb/changelog | 10 +++++++++- pkg/containerd/rpm/containerd.spec | 5 +++++ 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/pkg/containerd/deb/changelog b/pkg/containerd/deb/changelog index 451b637f..ef765f0c 100644 --- a/pkg/containerd/deb/changelog +++ b/pkg/containerd/deb/changelog @@ -1,6 +1,14 @@ +containerd.io (1.4.10-1) release; urgency=medium + + * Update to containerd 1.4.10 + * Update runc to v1.0.2 + * Update Golang runtime to 1.16.8 + + -- Sebastiaan van Stijn Thu, 30 Sep 2021 15:21:28 +0000 + containerd.io (1.4.9-1) release; urgency=medium - * Update to containerd 1.4.8 + * Update to containerd 1.4.9 * Update runc to v1.0.1 -- Sebastiaan van Stijn Thu, 29 Jul 2021 20:43:55 +0000 diff --git a/pkg/containerd/rpm/containerd.spec b/pkg/containerd/rpm/containerd.spec index ff6bc358..8dbe00bd 100644 --- a/pkg/containerd/rpm/containerd.spec +++ b/pkg/containerd/rpm/containerd.spec @@ -161,6 +161,11 @@ done %changelog +* Thu Sep 30 2021 Sebastiaan van Stijn - 1.4.10-3.1 +- Update to containerd 1.4.10 +- Update runc to v1.0.2 +- Update Golang runtime to 1.16.8 + * Thu Jul 29 2021 Sebastiaan van Stijn - 1.4.9-3.1 - Update to containerd 1.4.9 - Update runc to v1.0.1 From 947de92d2f043dcb550746c3ad2c7dbcfd52fe72 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Mon, 4 Oct 2021 13:25:21 +0200 Subject: [PATCH 110/128] prepare release v1.4.11 Update to containerd 1.4.11 to address CVE-2021-41103 Signed-off-by: Sebastiaan van Stijn --- pkg/containerd/deb/changelog | 6 ++++++ pkg/containerd/rpm/containerd.spec | 3 +++ 2 files changed, 9 insertions(+) diff --git a/pkg/containerd/deb/changelog b/pkg/containerd/deb/changelog index ef765f0c..c1f69f02 100644 --- a/pkg/containerd/deb/changelog +++ b/pkg/containerd/deb/changelog @@ -1,3 +1,9 @@ +containerd.io (1.4.11-1) release; urgency=high + + * Update to containerd 1.4.11 to address CVE-2021-41103 + + -- Sebastiaan van Stijn Mon, 04 Oct 2021 11:20:49 +0000 + containerd.io (1.4.10-1) release; urgency=medium * Update to containerd 1.4.10 diff --git a/pkg/containerd/rpm/containerd.spec b/pkg/containerd/rpm/containerd.spec index 8dbe00bd..012a3243 100644 --- a/pkg/containerd/rpm/containerd.spec +++ b/pkg/containerd/rpm/containerd.spec @@ -161,6 +161,9 @@ done %changelog +* Mon Oct 04 2021 Sebastiaan van Stijn - 1.4.11-3.1 +- Update to containerd 1.4.11 to address CVE-2021-41103 + * Thu Sep 30 2021 Sebastiaan van Stijn - 1.4.10-3.1 - Update to containerd 1.4.10 - Update runc to v1.0.2 From 7ef12fdee31ee4030aef09acf8904809104e1c53 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Wed, 20 Oct 2021 00:04:53 +0200 Subject: [PATCH 111/128] deb: force dpkg-build to use xz compression instead of zstd Ubuntu 21.10 switched the default compression for .deb packages to use zstd. While this change may bring some performance improvement, it is non-standard, and not all deb-related tooling currently support zstd compression. One of those tools, dpkg-sig, has not (yet) been modified to support zstd compression; we use this tool to sign our packages (and verify that packages are signed), which currently fails if packages use zstd compression; dpkg-sig --verify ./containerd.io_1.4.11-1_amd64.deb Processing ./containerd.io_1.4.11-1_amd64.deb... BADSIG _gpgbuilder It should be noted that signing individual packages is *optional* [1], and that dpkg-sig has not received updates since 2006 [2] (possibly better replaced with debsigs / debsig-verify), but changing would be a potential breaking change, as these tools are not interchangeable [3] [1]: https://www.debian.org/doc/manuals/securing-debian-manual/deb-pack-sign.en.html [2]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=995113 [3]: https://raphaelhertzog.com/2010/09/17/how-to-create-debian-packages-with-alternative-compression-methods/ This patch hard-codes the compression to use in the debian rules, instead of using the default that's used by the distro. xz appears to be the previous default for Ubuntu and Debian; to verify this does not change the compression used for other distros, I did a quick check of the existing packages; curl -O https://download.docker.com/linux/debian/dists/bullseye/pool/stable/amd64/containerd.io_1.4.11-1_amd64.deb ar t .containerd.io_1.4.11-1_amd64.deb debian-binary control.tar.xz data.tar.xz _gpgbuilder From a size perspective, it looks like xz is actually smaller than zstd, so no negative effect there; With zstd compression: -rw-r--r-- 1 sebastiaan staff 25M Oct 19 14:43 ./build/ubuntu/impish/amd64/containerd.io_1.4.11-1_amd64.deb With xz compression: -rw-r--r-- 1 sebastiaan staff 23M Oct 19 23:56 ./build/ubuntu/impish/amd64/containerd.io_1.4.11-1_amd64.deb Before this change: make docker.io/library/ubuntu:impish ar t ./build/ubuntu/impish/amd64/*.deb debian-binary control.tar.zst data.tar.zst _gpgbuilder After this change: make docker.io/library/ubuntu:impish ar t ./build/ubuntu/impish/amd64/*.deb debian-binary control.tar.xz data.tar.xz Signed-off-by: Sebastiaan van Stijn --- pkg/containerd/deb/rules | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pkg/containerd/deb/rules b/pkg/containerd/deb/rules index 9cfe0cd9..c9e9787a 100755 --- a/pkg/containerd/deb/rules +++ b/pkg/containerd/deb/rules @@ -47,6 +47,11 @@ man: ## Create containerd man pages install -d man install -D -m 0644 $(GO_SRC_PATH)/man/* man +# force packages to be built with xz compression, as Ubuntu 21.10 and up use +# zstd compression, which is non-standard, and breaks 'dpkg-sig --verify' +override_dh_builddeb: + dh_builddeb -- -Zxz + override_dh_auto_build: binaries bin/runc man override_dh_systemd_start: From 59101e339e17576053a99ec439093b8227da215b Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Wed, 17 Nov 2021 20:00:08 +0100 Subject: [PATCH 112/128] prepare release v1.4.12 Update to containerd 1.4.11 to address CVE-2021-41190 Signed-off-by: Sebastiaan van Stijn --- pkg/containerd/deb/changelog | 7 +++++++ pkg/containerd/rpm/containerd.spec | 4 ++++ 2 files changed, 11 insertions(+) diff --git a/pkg/containerd/deb/changelog b/pkg/containerd/deb/changelog index c1f69f02..ccbbc9ac 100644 --- a/pkg/containerd/deb/changelog +++ b/pkg/containerd/deb/changelog @@ -1,3 +1,10 @@ +containerd.io (1.4.12-1) release; urgency=high + + * Update containerd to v1.4.12 to address CVE-2021-41190 + * Update Golang runtime to 1.16.10 + + -- Sebastiaan van Stijn Wed, 17 Nov 2021 18:48:28 +0000 + containerd.io (1.4.11-1) release; urgency=high * Update to containerd 1.4.11 to address CVE-2021-41103 diff --git a/pkg/containerd/rpm/containerd.spec b/pkg/containerd/rpm/containerd.spec index 012a3243..4bcb9c37 100644 --- a/pkg/containerd/rpm/containerd.spec +++ b/pkg/containerd/rpm/containerd.spec @@ -161,6 +161,10 @@ done %changelog +* Wed Nov 17 2021 Sebastiaan van Stijn - 1.4.12-3.1 +- Update containerd to v1.4.12 to address CVE-2021-41190 +- Update Golang runtime to 1.16.10 + * Mon Oct 04 2021 Sebastiaan van Stijn - 1.4.11-3.1 - Update to containerd 1.4.11 to address CVE-2021-41103 From c8a9f267d3206da10d489fdbae15fd3f5448fff1 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Fri, 4 Mar 2022 10:13:16 +0100 Subject: [PATCH 113/128] prepare release v1.4.13 - Update containerd to v1.4.13 to address CVE-2022-23648 - Update runc to v1.0.3 - Update Golang runtime to 1.16.15 Signed-off-by: Sebastiaan van Stijn --- pkg/containerd/deb/changelog | 8 ++++++++ pkg/containerd/rpm/containerd.spec | 5 +++++ 2 files changed, 13 insertions(+) diff --git a/pkg/containerd/deb/changelog b/pkg/containerd/deb/changelog index ccbbc9ac..85f105ab 100644 --- a/pkg/containerd/deb/changelog +++ b/pkg/containerd/deb/changelog @@ -1,3 +1,11 @@ +containerd.io (1.4.13-1) release; urgency=high + + * Update containerd to v1.4.13 to address CVE-2022-23648 + * Update runc to v1.0.3 + * Update Golang runtime to 1.16.15 + + -- Sebastiaan van Stijn Thu, 03 Mar 2022 21:09:12 +0000 + containerd.io (1.4.12-1) release; urgency=high * Update containerd to v1.4.12 to address CVE-2021-41190 diff --git a/pkg/containerd/rpm/containerd.spec b/pkg/containerd/rpm/containerd.spec index 4bcb9c37..d061a526 100644 --- a/pkg/containerd/rpm/containerd.spec +++ b/pkg/containerd/rpm/containerd.spec @@ -161,6 +161,11 @@ done %changelog +* Thu Mar 03 2022 Sebastiaan van Stijn - 1.4.13-3.1 +- Update containerd to v1.4.13 to address CVE-2022-23648 +- Update runc to v1.0.3 +- Update Golang runtime to 1.16.15 + * Wed Nov 17 2021 Sebastiaan van Stijn - 1.4.12-3.1 - Update containerd to v1.4.12 to address CVE-2021-41190 - Update Golang runtime to 1.16.10 From a300e93446f5d270039c839ec2edd0572699db30 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Fri, 4 Mar 2022 10:30:39 +0100 Subject: [PATCH 114/128] update years in license headers Signed-off-by: Sebastiaan van Stijn --- pkg/containerd/deb/rules | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/containerd/deb/rules b/pkg/containerd/deb/rules index c9e9787a..f7522428 100755 --- a/pkg/containerd/deb/rules +++ b/pkg/containerd/deb/rules @@ -1,6 +1,6 @@ #!/usr/bin/make -f -# Copyright 2018-2020 Docker Inc. +# Copyright 2018-2022 Docker Inc. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. From 7287c6ff5112b988a48bc9e8c7576e9c2f107d3a Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Fri, 4 Mar 2022 18:51:13 +0100 Subject: [PATCH 115/128] prepare release v1.5.10 - Update containerd to v1.5.10 Signed-off-by: Sebastiaan van Stijn --- pkg/containerd/deb/changelog | 10 ++++++++-- pkg/containerd/rpm/containerd.spec | 3 +++ 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/pkg/containerd/deb/changelog b/pkg/containerd/deb/changelog index 85f105ab..e445f056 100644 --- a/pkg/containerd/deb/changelog +++ b/pkg/containerd/deb/changelog @@ -1,17 +1,23 @@ +containerd.io (1.5.10-1) release; urgency=medium + + * Update containerd to v1.5.10 + + -- Sebastiaan van Stijn Fri, 04 Mar 2022 17:47:48 +0000 + containerd.io (1.4.13-1) release; urgency=high * Update containerd to v1.4.13 to address CVE-2022-23648 * Update runc to v1.0.3 * Update Golang runtime to 1.16.15 - -- Sebastiaan van Stijn Thu, 03 Mar 2022 21:09:12 +0000 + -- Sebastiaan van Stijn Thu, 03 Mar 2022 21:09:12 +0000 containerd.io (1.4.12-1) release; urgency=high * Update containerd to v1.4.12 to address CVE-2021-41190 * Update Golang runtime to 1.16.10 - -- Sebastiaan van Stijn Wed, 17 Nov 2021 18:48:28 +0000 + -- Sebastiaan van Stijn Wed, 17 Nov 2021 18:48:28 +0000 containerd.io (1.4.11-1) release; urgency=high diff --git a/pkg/containerd/rpm/containerd.spec b/pkg/containerd/rpm/containerd.spec index d061a526..749e7270 100644 --- a/pkg/containerd/rpm/containerd.spec +++ b/pkg/containerd/rpm/containerd.spec @@ -161,6 +161,9 @@ done %changelog +* Fri Mar 04 2022 Sebastiaan van Stijn - 1.5.10-3.1 +- Update containerd to v1.5.10 + * Thu Mar 03 2022 Sebastiaan van Stijn - 1.4.13-3.1 - Update containerd to v1.4.13 to address CVE-2022-23648 - Update runc to v1.0.3 From da4af286cb9d05e100ce535da99371b579cb5fcb Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Wed, 23 Mar 2022 19:08:52 +0100 Subject: [PATCH 116/128] prepare release v1.5.11 Update containerd to v1.5.11 to address CVE-2022-24769 Signed-off-by: Sebastiaan van Stijn --- pkg/containerd/deb/changelog | 6 ++++++ pkg/containerd/rpm/containerd.spec | 3 +++ 2 files changed, 9 insertions(+) diff --git a/pkg/containerd/deb/changelog b/pkg/containerd/deb/changelog index e445f056..6a08d96e 100644 --- a/pkg/containerd/deb/changelog +++ b/pkg/containerd/deb/changelog @@ -1,3 +1,9 @@ +containerd.io (1.5.11-1) release; urgency=high + + * Update containerd to v1.5.11 to address CVE-2022-24769 + + -- Sebastiaan van Stijn Wed, 23 Mar 2022 18:05:21 +0000 + containerd.io (1.5.10-1) release; urgency=medium * Update containerd to v1.5.10 diff --git a/pkg/containerd/rpm/containerd.spec b/pkg/containerd/rpm/containerd.spec index 749e7270..90945bc1 100644 --- a/pkg/containerd/rpm/containerd.spec +++ b/pkg/containerd/rpm/containerd.spec @@ -161,6 +161,9 @@ done %changelog +* Wed Mar 23 2022 Sebastiaan van Stijn - 1.5.11-3.1 +- Update containerd to v1.5.11 to address CVE-2022-24769 + * Fri Mar 04 2022 Sebastiaan van Stijn - 1.5.10-3.1 - Update containerd to v1.5.10 From 8fbf7cc3f054a27f86ce939b1a0a6fbc739f0155 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Thu, 24 Mar 2022 00:46:24 +0100 Subject: [PATCH 117/128] changelog: add go 1.17.8 update upstream also updated to go 1.17.8 for the 1.5.11 release Signed-off-by: Sebastiaan van Stijn --- pkg/containerd/deb/changelog | 1 + pkg/containerd/rpm/containerd.spec | 1 + 2 files changed, 2 insertions(+) diff --git a/pkg/containerd/deb/changelog b/pkg/containerd/deb/changelog index 6a08d96e..71077b83 100644 --- a/pkg/containerd/deb/changelog +++ b/pkg/containerd/deb/changelog @@ -7,6 +7,7 @@ containerd.io (1.5.11-1) release; urgency=high containerd.io (1.5.10-1) release; urgency=medium * Update containerd to v1.5.10 + * Update Golang runtime to 1.17.8 -- Sebastiaan van Stijn Fri, 04 Mar 2022 17:47:48 +0000 diff --git a/pkg/containerd/rpm/containerd.spec b/pkg/containerd/rpm/containerd.spec index 90945bc1..fbf840fc 100644 --- a/pkg/containerd/rpm/containerd.spec +++ b/pkg/containerd/rpm/containerd.spec @@ -166,6 +166,7 @@ done * Fri Mar 04 2022 Sebastiaan van Stijn - 1.5.10-3.1 - Update containerd to v1.5.10 +- Update Golang runtime to 1.17.8 * Thu Mar 03 2022 Sebastiaan van Stijn - 1.4.13-3.1 - Update containerd to v1.4.13 to address CVE-2022-23648 From 1c9d72ed47a1b5b269e5db9d241170839873c120 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Mon, 28 Mar 2022 00:59:31 +0200 Subject: [PATCH 118/128] prepare release v1.6.2 - Update containerd to v1.6.2 - Update runc to v1.1.0 Signed-off-by: Sebastiaan van Stijn --- pkg/containerd/deb/changelog | 7 +++++++ pkg/containerd/rpm/containerd.spec | 4 ++++ 2 files changed, 11 insertions(+) diff --git a/pkg/containerd/deb/changelog b/pkg/containerd/deb/changelog index 71077b83..b3599ccb 100644 --- a/pkg/containerd/deb/changelog +++ b/pkg/containerd/deb/changelog @@ -1,3 +1,10 @@ +containerd.io (1.6.2-1) release; urgency=medium + + * Update containerd to v1.6.2 + * Update runc to v1.1.0 + + -- Sebastiaan van Stijn Sun, 27 Mar 2022 22:56:51 +0000 + containerd.io (1.5.11-1) release; urgency=high * Update containerd to v1.5.11 to address CVE-2022-24769 diff --git a/pkg/containerd/rpm/containerd.spec b/pkg/containerd/rpm/containerd.spec index fbf840fc..9c0b34b0 100644 --- a/pkg/containerd/rpm/containerd.spec +++ b/pkg/containerd/rpm/containerd.spec @@ -161,6 +161,10 @@ done %changelog +* Sun Mar 27 2022 Sebastiaan van Stijn - 1.6.2-3.1 +- Update containerd to v1.6.2 +- Update runc to v1.1.0 + * Wed Mar 23 2022 Sebastiaan van Stijn - 1.5.11-3.1 - Update containerd to v1.5.11 to address CVE-2022-24769 From 3a8d14811630bf9114ddd625f7bcb18d9d9f240f Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Thu, 28 Apr 2022 12:27:50 +0200 Subject: [PATCH 119/128] prepare release v1.6.3 - Update containerd to v1.6.3 - Update runc to v1.1.1 - Update Golang runtime to 1.17.9 Signed-off-by: Sebastiaan van Stijn --- pkg/containerd/deb/changelog | 8 ++++++++ pkg/containerd/rpm/containerd.spec | 5 +++++ 2 files changed, 13 insertions(+) diff --git a/pkg/containerd/deb/changelog b/pkg/containerd/deb/changelog index b3599ccb..9d6ac549 100644 --- a/pkg/containerd/deb/changelog +++ b/pkg/containerd/deb/changelog @@ -1,3 +1,11 @@ +containerd.io (1.6.3-1) release; urgency=medium + + * Update containerd to v1.6.3 + * Update runc to v1.1.1 + * Update Golang runtime to 1.17.9 + + -- Sebastiaan van Stijn Thu, 28 Apr 2022 10:24:07 +0000 + containerd.io (1.6.2-1) release; urgency=medium * Update containerd to v1.6.2 diff --git a/pkg/containerd/rpm/containerd.spec b/pkg/containerd/rpm/containerd.spec index 9c0b34b0..1092e748 100644 --- a/pkg/containerd/rpm/containerd.spec +++ b/pkg/containerd/rpm/containerd.spec @@ -161,6 +161,11 @@ done %changelog +* Thu Apr 28 2022 Sebastiaan van Stijn - 1.6.3-3.1 +- Update containerd to v1.6.3 +- Update runc to v1.1.1 +- Update Golang runtime to 1.17.9 + * Sun Mar 27 2022 Sebastiaan van Stijn - 1.6.2-3.1 - Update containerd to v1.6.2 - Update runc to v1.1.0 From 6d1d026d1923d08cde4ac11f85b3b9b87ae53815 Mon Sep 17 00:00:00 2001 From: Romain Geissler Date: Mon, 7 Mar 2022 09:32:40 +0000 Subject: [PATCH 120/128] Also build for CentOS 9. - do not "provide" runc on CentOS/RHEL >= 8 - do not build btrfs on CentOS/RHEL >= 8 - set the correct build-dependency for BTRFS on SUSE flavors and "others" Signed-off-by: Romain Geissler Signed-off-by: Sebastiaan van Stijn --- pkg/containerd/rpm/containerd.spec | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/pkg/containerd/rpm/containerd.spec b/pkg/containerd/rpm/containerd.spec index 1092e748..f3f4bb76 100644 --- a/pkg/containerd/rpm/containerd.spec +++ b/pkg/containerd/rpm/containerd.spec @@ -30,8 +30,8 @@ AutoReq: no Name: containerd.io Provides: containerd -# For some reason on rhel 8 if we "provide" runc then it makes this package unsearchable -%if 0%{!?el8:1} +# For some reason on rhel >= 8 if we "provide" runc then it makes this package unsearchable +%if %{undefined rhel} || 0%{?rhel} < 8 Provides: runc %endif @@ -69,11 +69,12 @@ BuildRequires: gcc BuildRequires: systemd BuildRequires: libseccomp-devel -# Should only return true if `el8` (rhel8) is NOT defined -%if 0%{!?el8:1} -%if 0%{?suse_version} +%if %{undefined rhel} || 0%{?rhel} < 8 +%if %{defined suse_version} +# SUSE flavors BuildRequires: libbtrfs-devel %else +# Fedora / others, and CentOS/RHEL < 8 BuildRequires: btrfs-progs-devel %endif %endif @@ -109,7 +110,8 @@ cd %{_topdir}/BUILD GO111MODULE=auto make man BUILDTAGS="seccomp selinux" -%if 1%{!?el8:1} +%if %{defined rhel} && 0%{?rhel} >= 8 +# btrfs support was removed in CentOS/RHEL 8 BUILDTAGS="${BUILDTAGS} no_btrfs" %endif From 8a93622cadbae3a1e3705df79dc3d7e46685b2f8 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Wed, 4 May 2022 11:07:30 +0200 Subject: [PATCH 121/128] prepare release v1.6.4 - Update containerd to v1.6.4 Signed-off-by: Sebastiaan van Stijn --- pkg/containerd/deb/changelog | 6 ++++++ pkg/containerd/rpm/containerd.spec | 3 +++ 2 files changed, 9 insertions(+) diff --git a/pkg/containerd/deb/changelog b/pkg/containerd/deb/changelog index 9d6ac549..456162a1 100644 --- a/pkg/containerd/deb/changelog +++ b/pkg/containerd/deb/changelog @@ -1,3 +1,9 @@ +containerd.io (1.6.4-1) release; urgency=medium + + * Update containerd to v1.6.4 + + -- Sebastiaan van Stijn Wed, 04 May 2022 09:04:53 +0000 + containerd.io (1.6.3-1) release; urgency=medium * Update containerd to v1.6.3 diff --git a/pkg/containerd/rpm/containerd.spec b/pkg/containerd/rpm/containerd.spec index f3f4bb76..9f2d52e6 100644 --- a/pkg/containerd/rpm/containerd.spec +++ b/pkg/containerd/rpm/containerd.spec @@ -163,6 +163,9 @@ done %changelog +* Wed May 04 2022 Sebastiaan van Stijn - 1.6.4-3.1 +- Update containerd to v1.6.4 + * Thu Apr 28 2022 Sebastiaan van Stijn - 1.6.3-3.1 - Update containerd to v1.6.3 - Update runc to v1.1.1 From 696d7c218875756f966967692ba8bd3d9020b54a Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Sat, 4 Jun 2022 22:54:38 +0200 Subject: [PATCH 122/128] remove deprecated containerd and runc build-tags containerd and runc (no longer) use the seccomp and apparmor build-tags, and runc has removed the runc_nokmem build-tag (now the default). seccomp is enabled by default for containerd and runc, but can be disabled on runc by setting BUILDTAGS to an empty string; https://github.com/opencontainers/runc/blob/v1.1.2/README.md#build-tags Given that we always want to include seccomp (with non-static builds), this patch removes the BUILDTAGS altogether for runc. For containerd, we still need a buildtag to disable btrfs on CentOS 8 and up; https://github.com/containerd/containerd/blob/v1.6.5/BUILDING.md#build-containerd Signed-off-by: Sebastiaan van Stijn --- pkg/containerd/deb/rules | 1 - pkg/containerd/rpm/containerd.spec | 5 ++--- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/pkg/containerd/deb/rules b/pkg/containerd/deb/rules index f7522428..e6e1a41f 100755 --- a/pkg/containerd/deb/rules +++ b/pkg/containerd/deb/rules @@ -36,7 +36,6 @@ binaries: ## Create containerd binaries bin/runc: @set -x; GO111MODULE=auto make -C /go/src/github.com/opencontainers/runc --no-print-directory \ BINDIR="$$(pwd)/bin" \ - BUILDTAGS='seccomp apparmor selinux' \ runc install man: ## Create containerd man pages diff --git a/pkg/containerd/rpm/containerd.spec b/pkg/containerd/rpm/containerd.spec index 9f2d52e6..421a1a0c 100644 --- a/pkg/containerd/rpm/containerd.spec +++ b/pkg/containerd/rpm/containerd.spec @@ -26,7 +26,6 @@ AutoReq: no %define SHA256SUM0 08f057ece7e518b14cce2e9737228a5a899a7b58b78248a03e02f4a6c079eeaf %global import_path github.com/containerd/containerd %global gopath %{getenv:GOPATH} -%global runc_nokmem %{getenv:RUNC_NOKMEM} Name: containerd.io Provides: containerd @@ -109,7 +108,7 @@ cd %{_topdir}/BUILD/ cd %{_topdir}/BUILD GO111MODULE=auto make man -BUILDTAGS="seccomp selinux" +BUILDTAGS="" %if %{defined rhel} && 0%{?rhel} >= 8 # btrfs support was removed in CentOS/RHEL 8 BUILDTAGS="${BUILDTAGS} no_btrfs" @@ -122,7 +121,7 @@ rm -f bin/containerd-stress bin/containerd --version bin/ctr --version -GO111MODULE=auto make -C /go/src/github.com/opencontainers/runc BINDIR=%{_topdir}/BUILD/bin BUILDTAGS='seccomp apparmor selinux %{runc_nokmem}' runc install +GO111MODULE=auto make -C /go/src/github.com/opencontainers/runc BINDIR=%{_topdir}/BUILD/bin runc install %install From 55c57d27043c5ee7f2abca8d87d3b2de4a36d55e Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Sat, 4 Jun 2022 22:58:22 +0200 Subject: [PATCH 123/128] prepare release v1.6.5 - Update containerd to v1.6.5 - Update runc to v1.1.2 - Update Golang runtime to 1.17.11 Signed-off-by: Sebastiaan van Stijn --- pkg/containerd/deb/changelog | 8 ++++++++ pkg/containerd/rpm/containerd.spec | 5 +++++ 2 files changed, 13 insertions(+) diff --git a/pkg/containerd/deb/changelog b/pkg/containerd/deb/changelog index 456162a1..3293eb20 100644 --- a/pkg/containerd/deb/changelog +++ b/pkg/containerd/deb/changelog @@ -1,3 +1,11 @@ +containerd.io (1.6.5-1) release; urgency=medium + + * Update containerd to v1.6.5 + * Update runc to v1.1.2 + * Update Golang runtime to 1.17.11 + + -- Sebastiaan van Stijn Sat, 04 Jun 2022 20:56:32 +0000 + containerd.io (1.6.4-1) release; urgency=medium * Update containerd to v1.6.4 diff --git a/pkg/containerd/rpm/containerd.spec b/pkg/containerd/rpm/containerd.spec index 9f2d52e6..3fcaaf5a 100644 --- a/pkg/containerd/rpm/containerd.spec +++ b/pkg/containerd/rpm/containerd.spec @@ -163,6 +163,11 @@ done %changelog +* Sat Jun 04 2022 Sebastiaan van Stijn - 1.6.5-3.1 +- Update containerd to v1.6.5 +- Update runc to v1.1.2 +- Update Golang runtime to 1.17.11 + * Wed May 04 2022 Sebastiaan van Stijn - 1.6.4-3.1 - Update containerd to v1.6.4 From 2794f75ba58549c13d1716d03d5891ecd17eed45 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Mon, 6 Jun 2022 22:48:08 +0200 Subject: [PATCH 124/128] prepare release v1.6.6 - Update containerd to v1.6.6 to address CVE-2022-31030 Signed-off-by: Sebastiaan van Stijn --- pkg/containerd/deb/changelog | 6 ++++++ pkg/containerd/rpm/containerd.spec | 3 +++ 2 files changed, 9 insertions(+) diff --git a/pkg/containerd/deb/changelog b/pkg/containerd/deb/changelog index 3293eb20..9a73f7e4 100644 --- a/pkg/containerd/deb/changelog +++ b/pkg/containerd/deb/changelog @@ -1,3 +1,9 @@ +containerd.io (1.6.6-1) release; urgency=high + + * Update containerd to v1.6.6 to address CVE-2022-31030 + + -- Sebastiaan van Stijn Mon, 06 Jun 2022 20:45:21 +0000 + containerd.io (1.6.5-1) release; urgency=medium * Update containerd to v1.6.5 diff --git a/pkg/containerd/rpm/containerd.spec b/pkg/containerd/rpm/containerd.spec index 4acbc968..820b2706 100644 --- a/pkg/containerd/rpm/containerd.spec +++ b/pkg/containerd/rpm/containerd.spec @@ -162,6 +162,9 @@ done %changelog +* Mon Jun 06 2022 Sebastiaan van Stijn - 1.6.6-3.1 +- Update containerd to v1.6.6 to address CVE-2022-31030 + * Sat Jun 04 2022 Sebastiaan van Stijn - 1.6.5-3.1 - Update containerd to v1.6.5 - Update runc to v1.1.2 From 9357d5267e303b6c6aef1b781760775ce0a7fb9b Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Fri, 5 Aug 2022 00:32:58 +0200 Subject: [PATCH 125/128] prepare release v1.6.7 - Update containerd to v1.6.7 - Update runc to v1.1.3 - Update Golang runtime to 1.17.13 to address CVE-2022-32189 Signed-off-by: Sebastiaan van Stijn --- pkg/containerd/deb/changelog | 12 ++++++++++-- pkg/containerd/rpm/containerd.spec | 5 +++++ 2 files changed, 15 insertions(+), 2 deletions(-) diff --git a/pkg/containerd/deb/changelog b/pkg/containerd/deb/changelog index 9a73f7e4..a70de5d0 100644 --- a/pkg/containerd/deb/changelog +++ b/pkg/containerd/deb/changelog @@ -1,8 +1,16 @@ +containerd.io (1.6.7-1) release; urgency=medium + + * Update containerd to v1.6.7 + * Update runc to v1.1.3 + * Update Golang runtime to 1.17.13 to address CVE-2022-32189 + + -- Sebastiaan van Stijn Thu, 04 Aug 2022 22:28:30 +0000 + containerd.io (1.6.6-1) release; urgency=high * Update containerd to v1.6.6 to address CVE-2022-31030 - -- Sebastiaan van Stijn Mon, 06 Jun 2022 20:45:21 +0000 + -- Sebastiaan van Stijn Mon, 06 Jun 2022 20:45:21 +0000 containerd.io (1.6.5-1) release; urgency=medium @@ -10,7 +18,7 @@ containerd.io (1.6.5-1) release; urgency=medium * Update runc to v1.1.2 * Update Golang runtime to 1.17.11 - -- Sebastiaan van Stijn Sat, 04 Jun 2022 20:56:32 +0000 + -- Sebastiaan van Stijn Sat, 04 Jun 2022 20:56:32 +0000 containerd.io (1.6.4-1) release; urgency=medium diff --git a/pkg/containerd/rpm/containerd.spec b/pkg/containerd/rpm/containerd.spec index 820b2706..1e966cc1 100644 --- a/pkg/containerd/rpm/containerd.spec +++ b/pkg/containerd/rpm/containerd.spec @@ -162,6 +162,11 @@ done %changelog +* Thu Aug 04 2022 Sebastiaan van Stijn - 1.6.7-3.1 +- Update containerd to v1.6.7 +- Update runc to v1.1.3 +- Update Golang runtime to 1.17.13 to address CVE-2022-32189 + * Mon Jun 06 2022 Sebastiaan van Stijn - 1.6.6-3.1 - Update containerd to v1.6.6 to address CVE-2022-31030 From 65d6876064614dfc5e76696d69efecc5a932d1dd Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Fri, 26 Aug 2022 00:41:10 +0200 Subject: [PATCH 126/128] prepare release v1.6.8 - Update containerd to v1.6.8 - Update runc to v1.1.4 Signed-off-by: Sebastiaan van Stijn --- pkg/containerd/deb/changelog | 7 +++++++ pkg/containerd/rpm/containerd.spec | 4 ++++ 2 files changed, 11 insertions(+) diff --git a/pkg/containerd/deb/changelog b/pkg/containerd/deb/changelog index a70de5d0..47b840cd 100644 --- a/pkg/containerd/deb/changelog +++ b/pkg/containerd/deb/changelog @@ -1,3 +1,10 @@ +containerd.io (1.6.8-1) release; urgency=medium + + * Update containerd to v1.6.8 + * Update runc to v1.1.4 + + -- Sebastiaan van Stijn Thu, 25 Aug 2022 22:38:41 +0000 + containerd.io (1.6.7-1) release; urgency=medium * Update containerd to v1.6.7 diff --git a/pkg/containerd/rpm/containerd.spec b/pkg/containerd/rpm/containerd.spec index 1e966cc1..2cffff76 100644 --- a/pkg/containerd/rpm/containerd.spec +++ b/pkg/containerd/rpm/containerd.spec @@ -162,6 +162,10 @@ done %changelog +* Thu Aug 25 2022 Sebastiaan van Stijn - 1.6.8-3.1 +- Update containerd to v1.6.8 +- Update runc to v1.1.4 + * Thu Aug 04 2022 Sebastiaan van Stijn - 1.6.7-3.1 - Update containerd to v1.6.7 - Update runc to v1.1.3 From 4012e723d18b13264f41d0ce3593b00225d81131 Mon Sep 17 00:00:00 2001 From: CrazyMax Date: Sun, 4 Sep 2022 19:32:25 +0200 Subject: [PATCH 127/128] containerd package Signed-off-by: CrazyMax --- .github/workflows/build.yml | 1 + common/vars.mk | 2 + pkg/containerd/.dockerignore | 1 + pkg/containerd/.gitignore | 1 + pkg/containerd/Dockerfile | 337 ++++++++++++++++++++++++ pkg/containerd/Makefile | 37 +++ pkg/containerd/deb/README.md | 41 --- pkg/containerd/deb/rules | 12 +- pkg/containerd/docker-bake.hcl | 164 ++++++++++++ pkg/containerd/internal/containerd.toml | 31 +++ pkg/containerd/rpm/README.md | 41 --- pkg/containerd/rpm/containerd.spec | 10 +- 12 files changed, 585 insertions(+), 93 deletions(-) create mode 100644 pkg/containerd/.dockerignore create mode 100644 pkg/containerd/.gitignore create mode 100644 pkg/containerd/Dockerfile create mode 100644 pkg/containerd/Makefile delete mode 100644 pkg/containerd/deb/README.md create mode 100644 pkg/containerd/docker-bake.hcl create mode 100644 pkg/containerd/internal/containerd.toml delete mode 100644 pkg/containerd/rpm/README.md diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index d825166b..bbe9c8d9 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -31,6 +31,7 @@ jobs: name: - docker-engine - docker-cli + - containerd - buildx - compose - credential-helpers diff --git a/common/vars.mk b/common/vars.mk index 008ac4ab..165b3009 100644 --- a/common/vars.mk +++ b/common/vars.mk @@ -22,12 +22,14 @@ export PKG_PACKAGER ?= Docker export DOCKER_ENGINE_REPO ?= https://github.com/docker/docker.git export DOCKER_CLI_REPO ?= https://github.com/docker/cli.git +export CONTAINERD_REPO ?= https://github.com/containerd/containerd.git export BUILDX_REPO ?= https://github.com/docker/buildx.git export COMPOSE_REPO ?= https://github.com/docker/compose.git export CREDENTIAL_HELPERS_REPO ?= https://github.com/docker/docker-credential-helpers.git export DOCKER_ENGINE_VERSION ?= v20.10.17 export DOCKER_CLI_VERSION ?= v20.10.17 +export CONTAINERD_VERSION ?= v1.6.8 export BUILDX_VERSION ?= v0.9.1 export COMPOSE_VERSION ?= v2.10.2 export CREDENTIAL_HELPERS_VERSION ?= v0.7.0-beta.1 diff --git a/pkg/containerd/.dockerignore b/pkg/containerd/.dockerignore new file mode 100644 index 00000000..5e56e040 --- /dev/null +++ b/pkg/containerd/.dockerignore @@ -0,0 +1 @@ +/bin diff --git a/pkg/containerd/.gitignore b/pkg/containerd/.gitignore new file mode 100644 index 00000000..5e56e040 --- /dev/null +++ b/pkg/containerd/.gitignore @@ -0,0 +1 @@ +/bin diff --git a/pkg/containerd/Dockerfile b/pkg/containerd/Dockerfile new file mode 100644 index 00000000..0bec2686 --- /dev/null +++ b/pkg/containerd/Dockerfile @@ -0,0 +1,337 @@ +# syntax=docker/dockerfile:1 + +# Copyright 2022 Docker Packaging authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ARG XX_VERSION="1.1.2" +ARG ALPINE_VERSION="3.16" +ARG DEBIAN_FRONTEND="noninteractive" + +ARG MD2MAN_VERSION="v2.0.1" +ARG RUNC_REPO="https://github.com/opencontainers/runc.git" + +# go +ARG GO_IMAGE="golang" +ARG GO_VERSION="1.18.5" +ARG GO_IMAGE_VARIANT="buster" + +# pkg matrix +ARG PKG_RELEASE="debian11" +ARG PKG_TYPE="deb" +ARG PKG_DISTRO="debian" +ARG PKG_SUITE="bullseye" +ARG PKG_BASE_IMAGE="debian:bullseye" + +# deb specific +ARG PKG_DEB_EPOCH="5" +ARG PKG_DEB_REVISION="0" + +# rpm specific +ARG PKG_RPM_RELEASE="1" + +# cross compilation helper +FROM --platform=$BUILDPLATFORM tonistiigi/xx:${XX_VERSION} AS xx + +# go base image to retrieve /usr/local/go +FROM --platform=$BUILDPLATFORM ${GO_IMAGE}:${GO_VERSION}-${GO_IMAGE_VARIANT} AS go + +# md2man +FROM go AS go-md2man +ARG GOPROXY="direct" +ARG GO111MODULE="on" +ARG MD2MAN_VERSION +RUN go install github.com/cpuguy83/go-md2man/v2@${MD2MAN_VERSION} + +# dummy stage for unsupported platforms +FROM --platform=$BUILDPLATFORM busybox AS builder-dummy +RUN mkdir -p /out +FROM scratch AS build-dummy +COPY --from=builder-dummy /out /out + +# base stage for fetching sources and create final release +FROM --platform=$BUILDPLATFORM alpine:${ALPINE_VERSION} AS base +RUN apk add --no-cache bash curl file git zip tar + +FROM base AS src +WORKDIR /src +ARG CONTAINERD_REPO +RUN git init . && git remote add origin "${CONTAINERD_REPO}" +ARG CONTAINERD_VERSION +RUN git fetch origin "${CONTAINERD_VERSION}" +refs/heads/*:refs/remotes/origin/* +refs/tags/*:refs/tags/* && git checkout -q FETCH_HEAD + +FROM base AS src-tgz +RUN --mount=from=src,source=/src,target=/containerd \ + mkdir /out && tar -C / -zcf /out/containerd.tgz --exclude .git containerd + +FROM base AS runc-src +WORKDIR /src +ARG RUNC_REPO +RUN git init . && git remote add origin "${RUNC_REPO}" +RUN --mount=from=src,source=/src,target=/containerd \ + git fetch origin "$(cat /containerd/script/setup/runc-version)" +refs/heads/*:refs/remotes/origin/* +refs/tags/*:refs/tags/* && git checkout -q FETCH_HEAD + +FROM base AS runc-src-tgz +RUN --mount=from=runc-src,source=/src,target=/runc \ + mkdir /out && tar -C / -zcf /out/runc.tgz --exclude .git runc + +# deb +FROM --platform=$BUILDPLATFORM ${PKG_BASE_IMAGE} AS build-base-deb +COPY --from=xx / / +ARG DEBIAN_FRONTEND +RUN apt-get update && apt-get install -y apt-utils bash ca-certificates curl devscripts equivs git lsb-release +ENV GOPROXY="https://proxy.golang.org|direct" +ENV GOPATH="/go" +ENV PATH="$PATH:/usr/local/go/bin:$GOPATH/bin" +COPY --from=go-md2man /go/bin/go-md2man $GOPATH/bin/go-md2man +ARG PKG_RELEASE + +FROM build-base-deb AS build-deb +COPY deb /root/package/debian +ARG TARGETPLATFORM +RUN mk-build-deps -t "xx-apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y" -i /root/package/debian/control +WORKDIR /root/package +COPY --from=src /src ./containerd +ARG CONTAINERD_VERSION +ARG PKG_NAME +ARG PKG_RELEASE +ARG PKG_DISTRO +ARG PKG_SUITE +ARG PKG_PACKAGER +ARG PKG_DEB_REVISION +ARG PKG_DEB_EPOCH +ARG SOURCE_DATE_EPOCH +RUN --mount=source=internal,target=/internal,rw \ + --mount=type=bind,from=runc-src,source=/src,target=/go/src/github.com/opencontainers/runc,rw \ + --mount=type=bind,from=go,source=/usr/local/go,target=/usr/local/go \ + --mount=type=cache,target=/root/.cache \ + --mount=type=cache,target=/go/pkg/mod < /internal/containerd.service + export GO_SRC_PATH=$GOPATH/src/github.com/containerd/containerd + export CONTAINERD_REVISION=$(git --git-dir ./containerd/.git rev-parse HEAD) + xx-go --wrap + set -x + chmod -x debian/compat debian/control debian/copyright debian/manpages + dpkg-buildpackage -us -uc + pkgoutput="/out/${PKG_DISTRO}/${PKG_SUITE}/$(xx-info arch)" + if [ -n "$(xx-info variant)" ]; then + pkgoutput="${pkgoutput}/$(xx-info variant)" + fi + mkdir -p "${pkgoutput}" + cp /root/${PKG_NAME}* ${pkgoutput}/ +EOT + +FROM build-dummy AS builder-deb-darwin +FROM build-deb AS builder-deb-linux +FROM build-dummy AS builder-deb-windows +FROM builder-deb-${TARGETOS} AS builder-deb + +# rpm +FROM --platform=$BUILDPLATFORM ${PKG_BASE_IMAGE} AS build-base-rpm +COPY --from=xx / / +ENV GOPROXY="https://proxy.golang.org|direct" +ENV GOPATH="/go" +ENV PATH="$PATH:/usr/local/go/bin:$GOPATH/bin" +COPY --from=go-md2man /go/bin/go-md2man $GOPATH/bin/go-md2man +ARG PKG_RELEASE +RUN < /root/.rpmmacros + case "$PKG_RELEASE" in + centos7|oraclelinux7) + yum-builddep -y /root/rpmbuild/SPECS/*.spec + ;; + *) + dnf builddep -y /root/rpmbuild/SPECS/*.spec + ;; + esac +EOT +WORKDIR /root/rpmbuild +COPY --from=src-tgz /out/containerd.tgz ./SOURCES/ +COPY --from=runc-src-tgz /out/runc.tgz ./SOURCES/ +ARG CONTAINERD_VERSION +ARG PKG_RELEASE +ARG PKG_DISTRO +ARG PKG_SUITE +ARG PKG_PACKAGER +ARG PKG_RPM_RELEASE +ARG SOURCE_DATE_EPOCH +RUN --mount=source=internal,target=/internal,rw \ + --mount=type=bind,from=src,source=/src,target=/usr/local/src/containerd,rw \ + --mount=type=bind,from=runc-src,source=/src,target=/go/src/github.com/opencontainers/runc,rw \ + --mount=type=bind,from=go,source=/usr/local/go,target=/usr/local/go \ + --mount=type=cache,target=/root/.cache \ + --mount=type=cache,target=/go/pkg/mod < /internal/containerd.service + cp /internal/* ./SOURCES/ + rpmVersion=${CONTAINERD_VERSION#v} + rpmVersion=$(echo $rpmVersion | sed "s/-/~/") + xx-go --wrap + set -x + rpmbuild -ba \ + --define "_version ${rpmVersion}" \ + --define "_origversion ${CONTAINERD_VERSION#v}" \ + --define "_release $PKG_RPM_RELEASE" \ + --define "_commit $(git --git-dir /usr/local/src/containerd/.git rev-parse HEAD)" \ + /root/rpmbuild/SPECS/*.spec + pkgoutput="/out/${PKG_DISTRO}/${PKG_SUITE}/$(xx-info arch)" + if [ -n "$(xx-info variant)" ]; then + pkgoutput="${pkgoutput}/$(xx-info variant)" + fi + mkdir -p "${pkgoutput}" + cp ./RPMS/*/*.* ./SRPMS/* ${pkgoutput}/ +EOT + +FROM build-dummy AS builder-rpm-darwin +FROM build-rpm AS builder-rpm-linux +FROM build-dummy AS builder-rpm-windows +FROM builder-rpm-${TARGETOS} AS builder-rpm + +# static +FROM --platform=$BUILDPLATFORM ${PKG_BASE_IMAGE} AS build-base-static +COPY --from=xx / / +ARG DEBIAN_FRONTEND +RUN apt-get update && apt-get install -y --no-install-recommends clang dpkg-dev file git lld llvm make pkg-config +ENV GOPROXY="https://proxy.golang.org|direct" +ENV GOPATH="/go" +ENV PATH="$PATH:/usr/local/go/bin:$GOPATH/bin" +ENV GO111MODULE="off" +ENV CGO_ENABLED="1" +ARG TARGETPLATFORM +RUN xx-apt-get install -y binutils dpkg-dev g++ gcc libbtrfs-dev libseccomp-dev libsecret-1-dev pkg-config + +FROM build-base-static AS build-static +ARG TARGETPLATFORM +ARG DOCKER_CLI_VERSION +ARG CGO_ENABLED +WORKDIR /go/src/github.com/containerd/containerd +RUN --mount=type=bind,from=src,source=/src,target=.,rw \ + --mount=type=bind,from=go,source=/usr/local/go,target=/usr/local/go,rw \ + --mount=type=cache,target=/root/.cache \ + --mount=type=cache,target=/go/pkg/mod < -``` - -This will add an entry into the changelog for the specified VERSION -and will also increment the debian packaging version if the specified -VERSION is already there. - -> **NOTE**: Make sure to fill out the bullets for the changelog - -## Building the release: - -Releases can then be built with: - -```bash -make REF=${TAG} docker.io/library/ubuntu:bionic -``` - -or - -```bash -make REF=${TAG} BUILD_IMAGE=docker.io/library/ubuntu:bionic -``` diff --git a/pkg/containerd/deb/rules b/pkg/containerd/deb/rules index e6e1a41f..f902b6cd 100755 --- a/pkg/containerd/deb/rules +++ b/pkg/containerd/deb/rules @@ -17,7 +17,7 @@ %: dh $@ --with systemd -# GO_SRC_PATH and PACKAGE are defined in the dockerfile +# GO_SRC_PATH and PKG_NAME are defined in the dockerfile # VERSION and REF are defined in scripts/build-deb # TODO remove custom PREFIX variable once containerd release/1.4 and release/1.5 # are obsolete. See https://github.com/containerd/containerd/commit/b5f530a157 @@ -25,9 +25,9 @@ binaries: ## Create containerd binaries @set -x; GO111MODULE=auto make -C $(GO_SRC_PATH) --no-print-directory \ DESTDIR="$$(pwd)" \ PREFIX="" \ - VERSION=$${VERSION} \ - REVISION=$${REF} \ - PACKAGE=$${PACKAGE} \ + VERSION=$${CONTAINERD_VERSION} \ + REVISION=$${CONTAINERD_REVISION} \ + PACKAGE=$${PKG_NAME} \ binaries install # Remove containerd-stress, as we're not shipping it as part of the packages @@ -60,5 +60,5 @@ override_dh_systemd_start: override_dh_auto_install: binaries bin/runc man mkdir -p debian/containerd.io/usr/bin install -D -m 0755 bin/* debian/containerd.io/usr/bin - install -D -m 0644 /root/common/containerd.service debian/containerd.io/lib/systemd/system/containerd.service - install -D -m 0644 /root/common/containerd.toml debian/containerd.io/etc/containerd/config.toml + install -D -m 0644 /internal/containerd.service debian/containerd.io/lib/systemd/system/containerd.service + install -D -m 0644 /internal/containerd.toml debian/containerd.io/etc/containerd/config.toml diff --git a/pkg/containerd/docker-bake.hcl b/pkg/containerd/docker-bake.hcl new file mode 100644 index 00000000..f2f2521a --- /dev/null +++ b/pkg/containerd/docker-bake.hcl @@ -0,0 +1,164 @@ +// Copyright 2022 Docker Packaging authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +# Sets the containerd repo. Will be used to clone the repo at +# CONTAINERD_VERSION ref to include the README.md and LICENSE for the +# static packages and also create version string. +variable "CONTAINERD_REPO" { + default = "https://github.com/containerd/containerd.git" +} + +# Sets the containerd version to build from source. +variable "CONTAINERD_VERSION" { + default = "v1.6.8" +} + +# Sets Go image, version and variant to use for building +variable "GO_IMAGE" { + default = "" +} +variable "GO_VERSION" { + default = "" +} +variable "GO_IMAGE_VARIANT" { + default = "" +} + +# Sets the pkg name. +variable "PKG_NAME" { + default = "containerd.io" +} + +# Sets the list of package types to build: apk, deb, rpm or static +variable "PKG_TYPE" { + default = "static" +} + +# Sets release flavor. See packages.hcl and packages.mk for more details. +variable "PKG_RELEASE" { + default = "static" +} +target "_pkg-static" { + args = { + PKG_RELEASE = "" + PKG_TYPE = "static" + } +} + +# Sets the vendor/maintainer name (only for linux packages) +variable "PKG_VENDOR" { + default = "Docker" +} + +# Sets the name of the company that produced the package (only for linux packages) +variable "PKG_PACKAGER" { + default = "Docker " +} + +# Include an extra `.0` in the version, in case we ever would have to re-build +# an already published release with a packaging-only change. +variable "PKG_DEB_REVISION" { + default = "0" +} + +# rpm "Release:" field ($rpmRelease) is used to set the "_release" macro, which +# is an incremental number for builds of the same release (Version: / #rpmVersion) +# - Version: 0 : Package was built, but no matching upstream release (e.g., can be used for "nightly" builds) +# - Version: 1 : Package was built for an upstream (pre)release version +# - Version: > 1 : Only to be used for packaging-only changes (new package built for a version for which a package was already built/released) +variable "PKG_RPM_RELEASE" { + default = "1" +} + +# Defines the output folder +variable "DESTDIR" { + default = "" +} +function "bindir" { + params = [defaultdir] + result = DESTDIR != "" ? DESTDIR : "./bin/${defaultdir}" +} + +# Defines cache scope for GitHub Actions cache exporter +variable "BUILD_CACHE_SCOPE" { + default = "" +} + +group "default" { + targets = ["pkg"] +} + +target "_common" { + inherits = ["_pkg-${PKG_RELEASE}"] + args = { + BUILDKIT_MULTI_PLATFORM = 1 + CONTAINERD_REPO = CONTAINERD_REPO + CONTAINERD_VERSION = CONTAINERD_VERSION + GO_IMAGE = GO_IMAGE + GO_VERSION = GO_VERSION + GO_IMAGE_VARIANT = GO_IMAGE_VARIANT + PKG_NAME = PKG_NAME + PKG_VENDOR = PKG_VENDOR + PKG_PACKAGER = PKG_PACKAGER + PKG_DEB_REVISION = PKG_DEB_REVISION + PKG_RPM_RELEASE = PKG_RPM_RELEASE + } + cache-from = [BUILD_CACHE_SCOPE != "" ? "type=gha,scope=${BUILD_CACHE_SCOPE}-${PKG_RELEASE}" : ""] + cache-to = [BUILD_CACHE_SCOPE != "" ? "type=gha,scope=${BUILD_CACHE_SCOPE}-${PKG_RELEASE}" : ""] +} + +target "_platforms" { + platforms = [ + "darwin/amd64", + "darwin/arm64", + "linux/amd64", + "linux/arm/v6", + "linux/arm/v7", + "linux/arm64", + "linux/ppc64le", + "linux/s390x", + "windows/amd64" + ] +} + +# $ PKG_RELEASE=debian11 docker buildx bake pkg +# $ docker buildx bake --set *.platform=linux/amd64 --set *.output=./bin pkg +target "pkg" { + inherits = ["_common"] + target = "pkg" + output = [bindir(PKG_RELEASE)] +} + +# Same as pkg but for all supported platforms +target "pkg-cross" { + inherits = ["pkg", "_platforms"] +} + +# Special target: https://github.com/docker/metadata-action#bake-definition +target "meta-helper" { + tags = ["dockereng/packaging:containerd-local"] +} + +# Create release image by using ./bin folder as named context. Therefore +# pkg-cross target must be run before using this target: +# $ PKG_RELEASE=debian11 docker buildx bake pkg-cross +# $ docker buildx bake release --push --set *.tags=docker/packaging:containerd-v1.6.8 +target "release" { + inherits = ["meta-helper", "_platforms"] + dockerfile = "../../common/release.Dockerfile" + target = "release" + contexts = { + bin-folder = "./bin" + } +} diff --git a/pkg/containerd/internal/containerd.toml b/pkg/containerd/internal/containerd.toml new file mode 100644 index 00000000..94003c7e --- /dev/null +++ b/pkg/containerd/internal/containerd.toml @@ -0,0 +1,31 @@ +# Copyright 2018-2022 Docker Inc. + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +disabled_plugins = ["cri"] + +#root = "/var/lib/containerd" +#state = "/run/containerd" +#subreaper = true +#oom_score = 0 + +#[grpc] +# address = "/run/containerd/containerd.sock" +# uid = 0 +# gid = 0 + +#[debug] +# address = "/run/containerd/debug.sock" +# uid = 0 +# gid = 0 +# level = "info" diff --git a/pkg/containerd/rpm/README.md b/pkg/containerd/rpm/README.md deleted file mode 100644 index fc7e2f09..00000000 --- a/pkg/containerd/rpm/README.md +++ /dev/null @@ -1,41 +0,0 @@ -# rpm package maintainers guide - -## Prepping a release - -For releases you should first have a tagged release on the -[containerd](https://github.com/containerd/containerd/releases) -repository. - -Afterwards test if you can actually build the release with (for example): - -```bash -make REF=${TAG} docker.io/library/centos:7 -``` - -If you can actually build the package then start prepping -your release by adding a changelog entry in the -[`rpm/containerd.spec`](containerd.spec) with the format: - -```bash -./scripts/new-rpm-release -``` - -This will add an entry into the changelog for the specified VERSION -and will also increment the rpm packaging version if the specified -VERSION is already there. - -> **NOTE**: Make sure to fill out the bullets for the changelog - -## Building the release: - -Releases can then be built with: - -```bash -make REF=${TAG} docker.io/library/centos:7 -``` - -or - -```bash -make REF=${TAG} BUILD_IMAGE=docker.io/library/centos:7 -``` diff --git a/pkg/containerd/rpm/containerd.spec b/pkg/containerd/rpm/containerd.spec index 2cffff76..dde08804 100644 --- a/pkg/containerd/rpm/containerd.spec +++ b/pkg/containerd/rpm/containerd.spec @@ -42,15 +42,15 @@ Obsoletes: runc Conflicts: containerd Conflicts: runc -Version: %{getenv:RPM_VERSION} -Release: %{getenv:RPM_RELEASE_VERSION}%{?dist} +Version: %{_version} +Release: %{_release}%{?dist} Summary: An industry-standard container runtime License: ASL 2.0 URL: https://containerd.io -Source0: containerd +Source0: containerd.tgz Source1: containerd.service Source2: containerd.toml -Source3: runc +Source3: runc.tgz # container-selinux isn't a thing in suse flavors %if %{undefined suse_version} # amazonlinux2 doesn't have container-selinux either @@ -114,7 +114,7 @@ BUILDTAGS="" BUILDTAGS="${BUILDTAGS} no_btrfs" %endif -GO111MODULE=auto make -C /go/src/%{import_path} VERSION=%{getenv:VERSION} REVISION=%{getenv:REF} PACKAGE=%{getenv:PACKAGE} BUILDTAGS="${BUILDTAGS}" +GO111MODULE=auto make -C /go/src/%{import_path} VERSION=%{_origversion} REVISION=%{_commit} PACKAGE=%{getenv:PKG_NAME} BUILDTAGS="${BUILDTAGS}" # Remove containerd-stress, as we're not shipping it as part of the packages rm -f bin/containerd-stress From 36908ae04a7e7ddd71c69e5cb683117a0716b714 Mon Sep 17 00:00:00 2001 From: CrazyMax Date: Mon, 5 Sep 2022 14:03:51 +0200 Subject: [PATCH 128/128] containerd: add RUNC_REPO and RUNC_VERSION vars Signed-off-by: CrazyMax --- pkg/containerd/Dockerfile | 7 +++++-- pkg/containerd/Makefile | 2 ++ pkg/containerd/docker-bake.hcl | 11 +++++++++++ 3 files changed, 18 insertions(+), 2 deletions(-) diff --git a/pkg/containerd/Dockerfile b/pkg/containerd/Dockerfile index 0bec2686..e41be751 100644 --- a/pkg/containerd/Dockerfile +++ b/pkg/containerd/Dockerfile @@ -77,9 +77,12 @@ RUN --mount=from=src,source=/src,target=/containerd \ FROM base AS runc-src WORKDIR /src ARG RUNC_REPO +ARG RUNC_VERSION RUN git init . && git remote add origin "${RUNC_REPO}" -RUN --mount=from=src,source=/src,target=/containerd \ - git fetch origin "$(cat /containerd/script/setup/runc-version)" +refs/heads/*:refs/remotes/origin/* +refs/tags/*:refs/tags/* && git checkout -q FETCH_HEAD +RUN --mount=from=src,source=/src,target=/containerd <