containerd/containerd.spec

%global goipath github.com/containerd/containerd
%global debug_package %{nil}
Version:        1.2.0
Name:           containerd
Release:        316
Summary:        An industry-standard container runtime
License:        ASL 2.0
URL:            https://containerd.io
Source0:        https://github.com/containerd/containerd/archive/v1.2.0.zip
Source1:        patch.tar.gz
Source2:        apply-patch
Source3:        series.conf
Source4:        git-commit
Source5:        gen-commit.sh
Source6:        net.tar.gz
Source7:        sys.tar.gz

BuildRequires:  golang glibc-static make btrfs-progs-devel git

%description
containerd is an industry-standard container runtime with an emphasis on
simplicity, robustness and portability.  It is available as a daemon for Linux
and Windows, which can manage the complete container lifecycle of its host
system: image transfer and storage, container execution and supervision,
low-level storage and network attachments, etc.

%prep
cp %{SOURCE0} .
cp %{SOURCE1} .
cp %{SOURCE2} .
cp %{SOURCE3} .
cp %{SOURCE4} .

%build
echo %{VERSION}.%{RELEASE} > containerd_version
bash ./apply-patch
%ifarch loongarch64
rm -rf vendor/golang.org/x/sys
rm -rf vendor/golang.org/x/net
tar -xf %{SOURCE6} -C vendor/golang.org/x/
tar -xf %{SOURCE7} -C vendor/golang.org/x/
%endif

%ifarch sw_64
cp -af %{_prefix}/lib/golang/src/cmd/vendor/golang.org/x/sys vendor/golang.org/x/
sed -i '/AAFS_MAGIC/aTIOCSWINSZ = 0x80087467' vendor/golang.org/x/sys/unix/zerrors_linux_sw64.go
sed -i '/SIGABRT /aSIGSTKFLT = syscall.Signal(0x10)' vendor/golang.org/x/sys/unix/zerrors_linux_sw64.go
%endif

GO_BUILD_PATH=$PWD/_build
install -m 0755 -vd $(dirname $GO_BUILD_PATH/src/%{goipath})
ln -fs $PWD $GO_BUILD_PATH/src/%{goipath}
cd $GO_BUILD_PATH/src/%{goipath}
export GO111MODULE=off
export GOPATH=$GO_BUILD_PATH:%{gopath}
export BUILDTAGS="no_btrfs no_cri"
%ifarch sw_64
sed -i 's/-buildmode=pie/-buildmode=exe/g' `grep buildmode=pie -rl .`
%endif
make
strip ./bin/containerd ./bin/containerd-shim ./bin/ctr

%install
install -d $RPM_BUILD_ROOT/%{_bindir}
install -p -m 755 bin/containerd $RPM_BUILD_ROOT/%{_bindir}/containerd
install -p -m 755 bin/containerd-shim $RPM_BUILD_ROOT/%{_bindir}/containerd-shim
install -p -m 755 bin/ctr $RPM_BUILD_ROOT/%{_bindir}/ctr

%files
%{_bindir}/containerd
%{_bindir}/containerd-shim
%{_bindir}/ctr

%changelog
* Tue Jan 30 2024 zhongjiawei<zhongjiawei1@huawei.com> - 1.2.0-316
- Type:CVE
- ID:NA
- SUG:NA
- DESC:fix CVE-2023-39325

* Thu Dec 21 2023 zhongjiawei<zhongjiawei1@huawei.com> - 1.2.0-315
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:sync some patches

* Wed Nov 08 2023 zhongjiawei<zhongjiawei1@huawei.com> - 1.2.0-314
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:bump ttrpc to fix containerd-shim socket connect increase leak after restart docker

* Tue Sep 19 2023 zhongjiawei<zhongjiawei1@huawei.com> - 1.2.0-313
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:sync some patches

* Thu Aug 10 2023 herengui <herengui@kylinsec.com.cn> - 1.2.0-312
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:add sw_64 support

* Sat Jun 17 2023 zhongjiawei<zhongjiawei1@huawei.com> - 1.2.0-311
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:fix journald stop container shim log stuck bug

* Tue Apr 18 2023 yangchenguang <yangchenguang@kylinsec.com.cn> - 1.2.0-310
- Sync 2203 loongarch support for containerd patch file

* Mon Feb 27 2023 zhongjiawei<zhongjiawei1@huawei.com> - 1.2.0-309
- Type:CVE
- ID:NA
- SUG:NA
- DESC:fix CVE-2023-25153 and CVE-2023-25173

* Thu Dec 16 2022 zhongjiawei<zhongjiawei1@huawei.com> - 1.2.0-308
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:fix k8s build fail without import context

* Tue Dec 13 2022 zhongjiawei<zhongjiawei1@huawei.com> - 1.2.0-307
- Type:bugfix
- ID:NA
- SUG:NA
- DESC: Fix goroutine leak in Exec

* Wed Nov 16 2022 zhongjiawei<zhongjiawei1@huawei.com> - 1.2.0-306
- Type:bugfix
- ID:NA
- SUG:NA
- DESC: add ctr binary into package

* Wed Nov 16 2022 zhongjiawei<zhongjiawei1@huawei.com> - 1.2.0-305
- Type:bugfix
- ID:NA
- SUG:NA
- DESC: fix version number wrong

* Thu Sep 22 2022 zhongjiawei<zhongjiawei1@huawei.com> - 1.2.0-304
- Type:bugfix
- ID:NA
- SUG:NA
- DESC: bugfix and add CGO security build option

* Mon Jul 4 2022 zhongjiawei<zhongjiawei1@huawei.com> - 1.2.0-303
- Type:bugfix
- ID:NA
- SUG:NA
- DESC: Limit the response size of ExecSync to fix CVE-2022-31030

* Wed Jun 22 2022 zhangsong234<zhangsong34@huawei.com> - 1.2.0-302
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:put get pid lock after set process exited to avoid deadlock

* Tue May 10 2022 Vanient<xiadanni1@huawei.com> - 1.2.0-301
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:Use fs.RootPath when mounting volumes for bundle dir to fix CVE-2022-23648

* Sat Jan 22 2022 songyanting<songyanting@huawei.com> - 1.2.0-300
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:sync bugfix, include
       1. add check in spec
       2. kill container init process if runc start returns error
       3. fix containerd-shim residual when kill containerd durin
       4. fix deadlock on commit error
       5. backport upstream & ttrpc patches
       6. fix exec event missing due to pid reuse
       7. fix dm left when pause container and kill shim
       8. add CGO security build options
       9. fix start container failed with id exists
      10. drop opt package
      11. fix race access for mobySubscribed
      12. improve log for debugging
      13. reduce permission for bundle dir
      14. fix publish command wait block forever

* Mon Jan 10 2022 xiadanni<xiadanni1@huawei.com> - 1.2.0-109
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:disable go module build

* Thu Mar 18 2021 xiadanni<xiadanni1@huawei.com> - 1.2.0-108
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:compile option compliance

* Thu Mar 18 2021 xiadanni<xiadanni1@huawei.com> - 1.2.0-107
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:sync bugfix, include
       1. check task list to avoid unnecessary cleanup.
       2. fix dead loop
       3. cleanup dangling shim by brand new context
       4. fix potential panic for task in unknown state

* Fri Dec 11 2020 yangyanchao <yangyanchao6@huawei.com> 1.2.0-106
- Type:requirement
- ID:NA
- CVE:NA
- SUG:restart
- DESC:containerd:vendor:add some symbol to support riscv