containerd/containerd.spec

%global goipath github.com/containerd/containerd
%global debug_package %{nil}
Version:        1.6.20
Name:           containerd
Release:        1
Summary:        An industry-standard container runtime
License:        ASL 2.0
URL:            https://containerd.io
Source0:        https://github.com/containerd/containerd/archive/v1.6.20.zip
Source1:        apply-patch

BuildRequires:  golang glibc-static make btrfs-progs-devel git

%description
containerd is an industry-standard container runtime with an emphasis on
simplicity, robustness and portability.  It is available as a daemon for Linux
and Windows, which can manage the complete container lifecycle of its host
system: image transfer and storage, container execution and supervision,
low-level storage and network attachments, etc.

%prep
cp %{SOURCE0} .
cp %{SOURCE1} .

%build
echo %{VERSION}.%{RELEASE} > containerd_version
bash ./apply-patch

GO_BUILD_PATH=$PWD/_build
install -m 0755 -vd $(dirname $GO_BUILD_PATH/src/%{goipath})
ln -fs $PWD $GO_BUILD_PATH/src/%{goipath}
cd $GO_BUILD_PATH/src/%{goipath}
export GO111MODULE=off
export GOPATH=$GO_BUILD_PATH:%{gopath}
export BUILDTAGS="no_btrfs no_cri"
make
strip ./bin/containerd ./bin/containerd-shim ./bin/ctr

%install
install -d $RPM_BUILD_ROOT/%{_bindir}
install -p -m 755 bin/containerd $RPM_BUILD_ROOT/%{_bindir}/containerd
install -p -m 755 bin/containerd-shim $RPM_BUILD_ROOT/%{_bindir}/containerd-shim
install -p -m 755 bin/ctr $RPM_BUILD_ROOT/%{_bindir}/ctr

%files
%{_bindir}/containerd
%{_bindir}/containerd-shim
%{_bindir}/ctr

%changelog
* Wed Apr 19 2023 xulei<xulei@xfusion.com> - 1.6.20-1
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:update to 1.6.20

* Mon Feb 27 2023 zhongjiawei<zhongjiawei1@huawei.com> - 1.2.0-309
- Type:CVE
- ID:NA
- SUG:NA
- DESC:fix CVE-2023-25153 and CVE-2023-25173

* Thu Dec 16 2022 zhongjiawei<zhongjiawei1@huawei.com> - 1.2.0-308
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:fix k8s build fail without import context

* Tue Dec 13 2022 zhongjiawei<zhongjiawei1@huawei.com> - 1.2.0-307
- Type:bugfix
- ID:NA
- SUG:NA
- DESC: Fix goroutine leak in Exec

* Wed Nov 16 2022 zhongjiawei<zhongjiawei1@huawei.com> - 1.2.0-306
- Type:bugfix
- ID:NA
- SUG:NA
- DESC: add ctr binary into package

* Wed Nov 16 2022 zhongjiawei<zhongjiawei1@huawei.com> - 1.2.0-305
- Type:bugfix
- ID:NA
- SUG:NA
- DESC: fix version number wrong

* Thu Sep 22 2022 zhongjiawei<zhongjiawei1@huawei.com> - 1.2.0-304
- Type:bugfix
- ID:NA
- SUG:NA
- DESC: bugfix and add CGO security build option

* Mon Jul 4 2022 zhongjiawei<zhongjiawei1@huawei.com> - 1.2.0-303
- Type:bugfix
- ID:NA
- SUG:NA
- DESC: Limit the response size of ExecSync to fix CVE-2022-31030

* Wed Jun 22 2022 zhangsong234<zhangsong34@huawei.com> - 1.2.0-302
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:put get pid lock after set process exited to avoid deadlock

* Tue May 10 2022 Vanient<xiadanni1@huawei.com> - 1.2.0-301
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:Use fs.RootPath when mounting volumes for bundle dir to fix CVE-2022-23648

* Sat Jan 22 2022 songyanting<songyanting@huawei.com> - 1.2.0-300
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:sync bugfix, include
       1. add check in spec
       2. kill container init process if runc start returns error
       3. fix containerd-shim residual when kill containerd durin
       4. fix deadlock on commit error
       5. backport upstream & ttrpc patches
       6. fix exec event missing due to pid reuse
       7. fix dm left when pause container and kill shim
       8. add CGO security build options
       9. fix start container failed with id exists
      10. drop opt package
      11. fix race access for mobySubscribed
      12. improve log for debugging
      13. reduce permission for bundle dir
      14. fix publish command wait block forever

* Mon Jan 10 2022 xiadanni<xiadanni1@huawei.com> - 1.2.0-109
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:disable go module build

* Thu Mar 18 2021 xiadanni<xiadanni1@huawei.com> - 1.2.0-108
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:compile option compliance

* Thu Mar 18 2021 xiadanni<xiadanni1@huawei.com> - 1.2.0-107
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:sync bugfix, include
       1. check task list to avoid unnecessary cleanup.
       2. fix dead loop
       3. cleanup dangling shim by brand new context
       4. fix potential panic for task in unknown state

* Fri Dec 11 2020 yangyanchao <yangyanchao6@huawei.com> 1.2.0-106
- Type:requirement
- ID:NA
- CVE:NA
- SUG:restart
- DESC:containerd:vendor:add some symbol to support riscv
first commit 2019-12-30 12:24:38 +08:00			`%global goipath github.com/containerd/containerd`
			`%global debug_package %{nil}`
update to 1.6.20 2023-04-19 21:43:42 +08:00			`Version: 1.6.20`
first commit 2019-12-30 12:24:38 +08:00			`Name: containerd`
update to 1.6.20 2023-04-19 21:43:42 +08:00			`Release: 1`
first commit 2019-12-30 12:24:38 +08:00			`Summary: An industry-standard container runtime`
			`License: ASL 2.0`
			`URL: https://containerd.io`
update to 1.6.20 2023-04-19 21:43:42 +08:00			`Source0: https://github.com/containerd/containerd/archive/v1.6.20.zip`
			`Source1: apply-patch`
first commit 2019-12-30 12:24:38 +08:00
containerd:Fix goroutine leak in Exec (cherry picked from commit 9fc75e44814de33a73f690764c2de4c7e9495efc) 2022-12-13 11:34:35 +08:00			`BuildRequires: golang glibc-static make btrfs-progs-devel git`
first commit 2019-12-30 12:24:38 +08:00
			`%description`
			`containerd is an industry-standard container runtime with an emphasis on`
			`simplicity, robustness and portability. It is available as a daemon for Linux`
			`and Windows, which can manage the complete container lifecycle of its host`
			`system: image transfer and storage, container execution and supervision,`
			`low-level storage and network attachments, etc.`

			`%prep`
containerd: use git-commit to store commit ID Signed-off-by: liuzekun <liuzekun@huawei.com> 2020-06-09 23:39:19 -04:00			`cp %{SOURCE0} .`
			`cp %{SOURCE1} .`
first commit 2019-12-30 12:24:38 +08:00
			`%build`
containerd: fix version number wrong (cherry picked from commit 6bbb86302fbc7c085c3f63d7e9cdd41570101549) 2022-11-16 12:39:54 +08:00			`echo %{VERSION}.%{RELEASE} > containerd_version`
containerd: use git-commit to store commit ID Signed-off-by: liuzekun <liuzekun@huawei.com> 2020-06-09 23:39:19 -04:00			`bash ./apply-patch`
first commit 2019-12-30 12:24:38 +08:00
			`GO_BUILD_PATH=$PWD/_build`
			`install -m 0755 -vd $(dirname $GO_BUILD_PATH/src/%{goipath})`
			`ln -fs $PWD $GO_BUILD_PATH/src/%{goipath}`
			`cd $GO_BUILD_PATH/src/%{goipath}`
containerd: update patches 0069-containerd-add-check-in-spec.patch 0070-containerd-kill-container-init-process-if-runc-start.patch 0071-containerd-fix-containerd-shim-residual-when-kill-co.patch 0072-containerd-fix-deadlock-on-commit-error.patch 0073-containerd-backport-upstream-patches.patch 0074-containerd-fix-exec-event-missing-due-to-pid-reuse.patch 0075-containerd-fix-dm-left-when-pause-contaienr-and-kill-shim.patch 0076-containerd-fix-start-container-failed-with-id-exists.patch 0077-containerd-drop-opt-package.patch 0078-containerd-bump-containerd-ttrpc-699c4e40d1.patch 0079-containerd-fix-race-access-for-mobySubcribed.patch 0080-containerd-improve-log-for-debugging.patch 0081-containerd-reduce-permissions-for-bundle-di.patch 0082-containerd-fix-publish-command-wait-block-for.patch 0083-containerd-optimize-cgo-compile-options.patch Signed-off-by:songyanting <songyanting@huawei.com> 2022-01-26 20:03:57 +08:00			`export GO111MODULE=off`
first commit 2019-12-30 12:24:38 +08:00			`export GOPATH=$GO_BUILD_PATH:%{gopath}`
			`export BUILDTAGS="no_btrfs no_cri"`
			`make`
containerd: add ctr binary into package (cherry picked from commit a3b05690f2c97b16018c4f236ea1a4fb782e9c4e) 2022-11-16 16:21:52 +08:00			`strip ./bin/containerd ./bin/containerd-shim ./bin/ctr`
first commit 2019-12-30 12:24:38 +08:00
			`%install`
			`install -d $RPM_BUILD_ROOT/%{_bindir}`
			`install -p -m 755 bin/containerd $RPM_BUILD_ROOT/%{_bindir}/containerd`
			`install -p -m 755 bin/containerd-shim $RPM_BUILD_ROOT/%{_bindir}/containerd-shim`
containerd: add ctr binary into package (cherry picked from commit a3b05690f2c97b16018c4f236ea1a4fb782e9c4e) 2022-11-16 16:21:52 +08:00			`install -p -m 755 bin/ctr $RPM_BUILD_ROOT/%{_bindir}/ctr`
first commit 2019-12-30 12:24:38 +08:00
			`%files`
			`%{_bindir}/containerd`
			`%{_bindir}/containerd-shim`
containerd: add ctr binary into package (cherry picked from commit a3b05690f2c97b16018c4f236ea1a4fb782e9c4e) 2022-11-16 16:21:52 +08:00			`%{_bindir}/ctr`
first commit 2019-12-30 12:24:38 +08:00
			`%changelog`
update to 1.6.20 2023-04-19 21:43:42 +08:00			`* Wed Apr 19 2023 xulei<xulei@xfusion.com> - 1.6.20-1`
			`- Type:bugfix`
			`- ID:NA`
			`- SUG:NA`
			`- DESC:update to 1.6.20`

containerd:fix CVE-2023-25153 and CVE-2023-25173 2023-02-27 16:52:55 +08:00			`* Mon Feb 27 2023 zhongjiawei<zhongjiawei1@huawei.com> - 1.2.0-309`
			`- Type:CVE`
			`- ID:NA`
			`- SUG:NA`
			`- DESC:fix CVE-2023-25153 and CVE-2023-25173`

containerd:fix k8s build fail without import context (cherry picked from commit cf1b0bc6ef5c80f78b1012246cd312b4dfa1c9a4) 2022-12-15 16:46:36 +08:00			`* Thu Dec 16 2022 zhongjiawei<zhongjiawei1@huawei.com> - 1.2.0-308`
			`- Type:bugfix`
			`- ID:NA`
			`- SUG:NA`
			`- DESC:fix k8s build fail without import context`

containerd:Fix goroutine leak in Exec (cherry picked from commit 9fc75e44814de33a73f690764c2de4c7e9495efc) 2022-12-13 11:34:35 +08:00			`* Tue Dec 13 2022 zhongjiawei<zhongjiawei1@huawei.com> - 1.2.0-307`
			`- Type:bugfix`
			`- ID:NA`
			`- SUG:NA`
			`- DESC: Fix goroutine leak in Exec`

containerd: add ctr binary into package (cherry picked from commit a3b05690f2c97b16018c4f236ea1a4fb782e9c4e) 2022-11-16 16:21:52 +08:00			`* Wed Nov 16 2022 zhongjiawei<zhongjiawei1@huawei.com> - 1.2.0-306`
			`- Type:bugfix`
			`- ID:NA`
			`- SUG:NA`
			`- DESC: add ctr binary into package`

containerd: fix version number wrong (cherry picked from commit 6bbb86302fbc7c085c3f63d7e9cdd41570101549) 2022-11-16 12:39:54 +08:00			`* Wed Nov 16 2022 zhongjiawei<zhongjiawei1@huawei.com> - 1.2.0-305`
			`- Type:bugfix`
			`- ID:NA`
			`- SUG:NA`
			`- DESC: fix version number wrong`

containerd: bugfix and add CGO security build option (cherry picked from commit eb136438cf63fae5754c31920a6bf8afaeded135) 2022-09-22 19:16:02 +08:00			`* Thu Sep 22 2022 zhongjiawei<zhongjiawei1@huawei.com> - 1.2.0-304`
			`- Type:bugfix`
			`- ID:NA`
			`- SUG:NA`
			`- DESC: bugfix and add CGO security build option`

containerd: Limit the response size of ExecSync fix CVE-2022-31030 Signed-off-by: zhongjiawei <zhongjiawei1@huawei.com> (cherry picked from commit 0436d058b39572dfa0d0a267b0518fd8a793dc49) 2022-07-04 17:06:29 +08:00			`* Mon Jul 4 2022 zhongjiawei<zhongjiawei1@huawei.com> - 1.2.0-303`
			`- Type:bugfix`
			`- ID:NA`
			`- SUG:NA`
			`- DESC: Limit the response size of ExecSync to fix CVE-2022-31030`

containerd:put get pid lock after set process exited to avoid deadlock Signed-off-by: zhangsong234 <zhangsong34@huawei.com> 2022-06-22 14:46:29 +08:00			`* Wed Jun 22 2022 zhangsong234<zhangsong34@huawei.com> - 1.2.0-302`
			`- Type:bugfix`
			`- ID:NA`
			`- SUG:NA`
			`- DESC:put get pid lock after set process exited to avoid deadlock`

containerd:Use fs.RootPath when mounting volumes 2022-05-23 10:34:51 +08:00			`* Tue May 10 2022 Vanient<xiadanni1@huawei.com> - 1.2.0-301`
			`- Type:bugfix`
			`- ID:NA`
			`- SUG:NA`
			`- DESC:Use fs.RootPath when mounting volumes for bundle dir to fix CVE-2022-23648`

			`* Sat Jan 22 2022 songyanting<songyanting@huawei.com> - 1.2.0-300`
containerd: update patches 0069-containerd-add-check-in-spec.patch 0070-containerd-kill-container-init-process-if-runc-start.patch 0071-containerd-fix-containerd-shim-residual-when-kill-co.patch 0072-containerd-fix-deadlock-on-commit-error.patch 0073-containerd-backport-upstream-patches.patch 0074-containerd-fix-exec-event-missing-due-to-pid-reuse.patch 0075-containerd-fix-dm-left-when-pause-contaienr-and-kill-shim.patch 0076-containerd-fix-start-container-failed-with-id-exists.patch 0077-containerd-drop-opt-package.patch 0078-containerd-bump-containerd-ttrpc-699c4e40d1.patch 0079-containerd-fix-race-access-for-mobySubcribed.patch 0080-containerd-improve-log-for-debugging.patch 0081-containerd-reduce-permissions-for-bundle-di.patch 0082-containerd-fix-publish-command-wait-block-for.patch 0083-containerd-optimize-cgo-compile-options.patch Signed-off-by:songyanting <songyanting@huawei.com> 2022-01-26 20:03:57 +08:00			`- Type:bugfix`
			`- ID:NA`
			`- SUG:NA`
			`- DESC:sync bugfix, include`
			`1. add check in spec`
			`2. kill container init process if runc start returns error`
containerd:Use fs.RootPath when mounting volumes 2022-05-23 10:34:51 +08:00			`3. fix containerd-shim residual when kill containerd durin`
containerd: update patches 0069-containerd-add-check-in-spec.patch 0070-containerd-kill-container-init-process-if-runc-start.patch 0071-containerd-fix-containerd-shim-residual-when-kill-co.patch 0072-containerd-fix-deadlock-on-commit-error.patch 0073-containerd-backport-upstream-patches.patch 0074-containerd-fix-exec-event-missing-due-to-pid-reuse.patch 0075-containerd-fix-dm-left-when-pause-contaienr-and-kill-shim.patch 0076-containerd-fix-start-container-failed-with-id-exists.patch 0077-containerd-drop-opt-package.patch 0078-containerd-bump-containerd-ttrpc-699c4e40d1.patch 0079-containerd-fix-race-access-for-mobySubcribed.patch 0080-containerd-improve-log-for-debugging.patch 0081-containerd-reduce-permissions-for-bundle-di.patch 0082-containerd-fix-publish-command-wait-block-for.patch 0083-containerd-optimize-cgo-compile-options.patch Signed-off-by:songyanting <songyanting@huawei.com> 2022-01-26 20:03:57 +08:00			`4. fix deadlock on commit error`
			`5. backport upstream & ttrpc patches`
			`6. fix exec event missing due to pid reuse`
			`7. fix dm left when pause container and kill shim`
			`8. add CGO security build options`
			`9. fix start container failed with id exists`
			`10. drop opt package`
			`11. fix race access for mobySubscribed`
			`12. improve log for debugging`
			`13. reduce permission for bundle dir`
			`14. fix publish command wait block forever`

containerd:Use fs.RootPath when mounting volumes 2022-05-23 10:34:51 +08:00			`* Mon Jan 10 2022 xiadanni<xiadanni1@huawei.com> - 1.2.0-109`
			`- Type:bugfix`
			`- ID:NA`
			`- SUG:NA`
			`- DESC:disable go module build`

containerd: compile option compliance Signed-off-by: xiadanni <xiadanni1@huawei.com> 2021-03-18 10:37:38 +08:00			`* Thu Mar 18 2021 xiadanni<xiadanni1@huawei.com> - 1.2.0-108`
			`- Type:bugfix`
			`- ID:NA`
			`- SUG:NA`
			`- DESC:compile option compliance`

sync patches 1. check task list to avoid unnecessary cleanup. 2. fix dead loop 3. cleanup dangling shim by brand new context 4. fix potential panic for task in unknown state Signed-off-by: xiadanni <xiadanni1@huawei.com> 2021-03-18 10:15:32 +08:00			`* Thu Mar 18 2021 xiadanni<xiadanni1@huawei.com> - 1.2.0-107`
			`- Type:bugfix`
			`- ID:NA`
			`- SUG:NA`
			`- DESC:sync bugfix, include`
			`1. check task list to avoid unnecessary cleanup.`
			`2. fix dead loop`
			`3. cleanup dangling shim by brand new context`
			`4. fix potential panic for task in unknown state`

containerd:all:add some symbol for riscv 2020-12-15 14:29:00 +08:00			`* Fri Dec 11 2020 yangyanchao <yangyanchao6@huawei.com> 1.2.0-106`
			`- Type:requirement`
			`- ID:NA`
			`- CVE:NA`
			`- SUG:restart`
			`- DESC:containerd:vendor:add some symbol to support riscv`