%bcond_without ctr %bcond_with debug %define tarball_name containerd %if %{with debug} %global _dwz_low_mem_die_limit 0 %else %global debug_package %{nil} %endif %define SHA256SUM0 08f057ece7e518b14cce2e9737228a5a899a7b58b78248a03e02f4a6c079eeaf %global import_path github.com/containerd/containerd %global runc_nokmem %{getenv:RUNC_NOKMEM} Name: containerd.io Provides: %{tarball_name} # Conflicting packages Version: 1.6.4 Release: 3.1%{?dist} Summary: An industry-standard container runtime License: ASL 2.0 URL: https://containerd.io Source0: %{tarball_name}-%{version}.tar Source2: containerd.toml # container-selinux isn't a thing in suse flavors %if %{undefined suse_version} # amazonlinux2 doesn't have container-selinux either %if "%{?dist}" != ".amzn2" Requires: container-selinux >= 2:2.74 %endif Requires: libseccomp %else # SUSE flavors do not have container-selinux, # and libseccomp is named libseccomp2 Requires: libseccomp2 Requires: runc %endif BuildRequires: make BuildRequires: gcc BuildRequires: systemd BuildRequires: libseccomp-devel BuildRequires: golang BuildRequires: go-md2man BuildRequires: runc %if %{undefined rhel} || 0%{?rhel} < 8 %if %{defined suse_version} # SUSE flavors BuildRequires: libbtrfs-devel %else # Fedora / others, and CentOS/RHEL < 8 BuildRequires: btrfs-progs-devel %endif %endif %{?systemd_requires} %description containerd is an industry-standard container runtime with an emphasis on simplicity, robustness and portability. It is available as a daemon for Linux and Windows, which can manage the complete container lifecycle of its host system: image transfer and storage, container execution and supervision, low-level storage and network attachments, etc. %prep %setup -q -n %{tarball_name}-%{version} # symlink the go source path to our build directory mkdir -p ${RPM_BUILD_DIR}/go/src/github.com/containerd/ ln -s %{_topdir}/BUILD/%{tarball_name}-%{version} ${RPM_BUILD_DIR}/go/src/%{import_path} %build GO111MODULE=auto make man BUILDTAGS="seccomp selinux" %if %{defined rhel} && 0%{?rhel} >= 8 # btrfs support was removed in CentOS/RHEL 8 BUILDTAGS="${BUILDTAGS} no_btrfs" %endif GO111MODULE=auto make -C ${RPM_BUILD_DIR}/go/src/%{import_path} VERSION=%{version} REVISION=%{release} PACKAGE=%{name} BUILDTAGS="${BUILDTAGS}" # Remove containerd-stress, as we're not shipping it as part of the packages rm -f bin/containerd-stress bin/containerd --version bin/ctr --version %install cd %{_topdir}/BUILD/%{tarball_name}-%{version} mkdir -p %{buildroot}%{_bindir} install -D -m 0755 bin/* %{buildroot}%{_bindir} install -D -m 0644 containerd.service %{buildroot}%{_prefix}/local/bin/containerd.service install -D -m 0644 %{S:2} %{buildroot}%{_sysconfdir}/containerd/config.toml # install manpages, taking into account that not all sections may be present for i in $(seq 1 8); do if ls man/*.${i} 1> /dev/null 2>&1; then install -d %{buildroot}%{_mandir}/man${i}; install -p -m 644 man/*.${i} %{buildroot}%{_mandir}/man${i}; fi done %post %systemd_post containerd.service %preun %systemd_preun containerd.service %postun %systemd_postun_with_restart containerd.service %files %license LICENSE %doc README.md %{_bindir}/* %{_prefix}/local/bin/containerd.service %{_sysconfdir}/containerd %{_mandir}/man*/* %config(noreplace) %{_sysconfdir}/containerd/config.toml %changelog * Wed May 04 2022 Sebastiaan van Stijn - 1.6.4-3.1 - Update containerd to v1.6.4 * Thu Apr 28 2022 Sebastiaan van Stijn - 1.6.3-3.1 - Update containerd to v1.6.3 - Update runc to v1.1.1 - Update Golang runtime to 1.17.9 * Sun Mar 27 2022 Sebastiaan van Stijn - 1.6.2-3.1 - Update containerd to v1.6.2 - Update runc to v1.1.0 * Wed Mar 23 2022 Sebastiaan van Stijn - 1.5.11-3.1 - Update containerd to v1.5.11 to address CVE-2022-24769 * Fri Mar 04 2022 Sebastiaan van Stijn - 1.5.10-3.1 - Update containerd to v1.5.10 - Update Golang runtime to 1.17.8 * Thu Mar 03 2022 Sebastiaan van Stijn - 1.4.13-3.1 - Update containerd to v1.4.13 to address CVE-2022-23648 - Update runc to v1.0.3 - Update Golang runtime to 1.16.15 * Wed Nov 17 2021 Sebastiaan van Stijn - 1.4.12-3.1 - Update containerd to v1.4.12 to address CVE-2021-41190 - Update Golang runtime to 1.16.10 * Mon Oct 04 2021 Sebastiaan van Stijn - 1.4.11-3.1 - Update to containerd 1.4.11 to address CVE-2021-41103 * Thu Sep 30 2021 Sebastiaan van Stijn - 1.4.10-3.1 - Update to containerd 1.4.10 - Update runc to v1.0.2 - Update Golang runtime to 1.16.8 * Thu Jul 29 2021 Sebastiaan van Stijn - 1.4.9-3.1 - Update to containerd 1.4.9 - Update runc to v1.0.1 * Mon Jul 19 2021 Sebastiaan van Stijn - 1.4.8-3.1 - Update to containerd 1.4.8 to address CVE-2021-32760 * Mon Jul 19 2021 Sebastiaan van Stijn - 1.4.7-3.1 - Update to containerd 1.4.7 - Update runc to v1.0.0 - Update Golang runtime to 1.15.14 * Fri May 21 2021 Sebastiaan van Stijn - 1.4.6-3.1 - Update to containerd 1.4.6 - Update runc to v1.0.0-rc95 to address CVE-2021-30465. * Wed May 12 2021 Sebastiaan van Stijn - 1.4.5-3.1 - Update to containerd 1.4.5 - Update runc to v1.0.0-rc94 * Mon Mar 08 2021 Wei Fu - 1.4.4-3.1 - Update to containerd 1.4.4 to address CVE-2021-21334. * Wed Mar 03 2021 Tibor Vass - 1.4.3-3.2 - Update runc to v1.0.0-rc93 * Wed Dec 02 2020 Sebastiaan van Stijn - 1.4.3-3.1 - Update to containerd 1.4.3 to address CVE-2020-15257. * Thu Nov 26 2020 Sebastiaan van Stijn - 1.4.2-3.1 - Update to containerd 1.4.2 * Tue Oct 06 2020 Tibor Vass - 1.4.1-3.1 - Update to containerd 1.4.1 - Update Golang runtime to 1.13.15 * Wed Sep 09 2020 Sebastiaan van Stijn - 1.3.7-3.1 - Update to containerd 1.3.7 - Update Golang runtime to 1.13.12. * Fri May 01 2020 Sebastiaan van Stijn - 1.2.13-3.2 - Build packages for RHEL-7 on s390x, CentOS 8, and Fedora 32 - Add libseccomp as required dependency * Mon Feb 17 2020 Sebastiaan van Stijn - 1.2.13-3.1 - Update to containerd 1.2.13, which fixes a regression introduced in v1.2.12 that caused container/shim to hang on single core machines, and fixes an issue with blkio. - Update Golang runtime to 1.12.17. * Tue Feb 04 2020 Derek McGowan - 1.2.12-3.1 - Update the runc vendor to v1.0.0-rc10 which includes a mitigation for CVE-2019-19921. - Update the opencontainers/selinux which includes a mitigation for CVE-2019-16884. - Update Golang runtime to 1.12.16, mitigating the CVE-2020-0601 certificate verification bypass on Windows, and CVE-2020-7919, which only affects 32-bit architectures. - A fix to prevent SIGSEGV when starting containerd-shim - Fix to prevent high system load/CPU utilization with liveness and readiness probes - Fix to prevent docker exec hanging if an earlier docker exec left a zombie process - CRI: Update the gopkg.in/yaml.v2 vendor to v2.2.8 with a mitigation for CVE-2019-11253 * Fri Jan 24 2020 Sebastiaan van Stijn - 1.2.11-3.2 - Update Golang runtime to 1.12.15, which includes fixes in the net/http package and the runtime on ARM64 * Thu Jan 09 2020 Evan Hazlett - 1.2.11-3.1 - Update the runc vendor to v1.0.0-rc9 which includes an additional mitigation for CVE-2019-16884 - Add local-fs.target to service file to fix corrupt image after unexpected host reboot - Update Golang runtime to 1.12.13, which includes security fixes to the crypto/dsa package made in Go 1.12.11 (CVE-2019-17596), and fixes to the go command, runtime, syscall and net packages (Go 1.12.12) - CRI: Fix shim delete error code to avoid unnecessary retries in the CRI plugin * Mon Oct 07 2019 Eli Uriegas - 1.2.10-3.2 - build with Go 1.12.10 * Thu Sep 26 2019 Eli Uriegas - 1.2.10-3.1 - containerd 1.2.10 release - Addresses CVE-2019-16884 (AppArmor bypass) - Bump runc to 3e425f80a8c931f88e6d94a8c831b9d5aa481657 (1.0.0-rc8 + CVE-2019-16884) * Fri Sep 06 2019 Eli Uriegas - 1.2.9-3.1 - containerd 1.2.9 release - Addresses CVE-2019-9512 (Ping Flood), CVE-2019-9514 (Reset Flood), and CVE-2019-9515 (Settings Flood). * Tue Aug 27 2019 Sebastiaan van Stijn - 1.2.8-3.1 - containerd 1.2.8 release - build with Go 1.12.9 * Thu Aug 15 2019 Sebastiaan van Stijn - 1.2.6-3.5 - build with Go 1.11.13 (CVE-2019-9512, CVE-2019-9514) * Tue Aug 13 2019 Eli Uriegas - 1.2.6-3.4 - Do not "Provides: runc" for RHEL 8 * Tue Jun 11 2019 Kir Kolyshkin - 1.2.6-3.3 - add requirement for container-selinux - move runc binary to %_bindir * Fri Apr 26 2019 Sebastiaan van Stijn - 1.2.6-3.2 - update runc to v1.0.0-rc8 * Tue Apr 09 2019 Sebastiaan van Stijn - 1.2.6-3.1 - containerd 1.2.6 release - update runc to 029124da7af7360afa781a0234d1b083550f797c - build with Go 1.11.8 * Thu Mar 14 2019 Sebastiaan van Stijn - 1.2.5-3.1 - containerd 1.2.5 release - update runc to 2b18fe1d885ee5083ef9f0838fee39b62d653e30 - build with Go 1.11.5 * Fri Feb 15 2019 Sebastiaan van Stijn - 1.2.4-3.1 - containerd 1.2.4 release - update runc to 6635b4f0c6af3810594d2770f662f34ddc15b40d * Thu Jan 31 2019 Eli Uriegas - 1.2.2-3.3 - [runc -> 09c8266] nsenter: clone /proc/self/exe to avoid exposing host binary to container (CVE-2019-5736) * Fri Jan 18 2019 Eli Uriegas - 1.2.2-3.2 - update runc to f7491ef134a6c41f3a99b0b539835d2472d17012 * Tue Jan 08 2019 Andrew Hsu - 1.2.2-3.1 - containerd 1.2.2 release * Thu Dec 06 2018 Andrew Hsu - 1.2.1-3.1 - containerd 1.2.1 release - update runc to 96ec2177ae841256168fcf76954f7177af9446eb * Tue Nov 27 2018 Sebastiaan van Stijn - 1.2.1-2.0.rc.0.1 - containerd 1.2.1-rc.0 release - update runc to 10d38b660a77168360df3522881e2dc2be5056bd * Mon Nov 05 2018 Eli Uriegas - 1.2.0-3.1 - containerd 1.2.0 release * Tue Oct 16 2018 Eli Uriegas - 1.2.0-2.2.rc.2.1 - containerd 1.2.0-rc.2 release * Fri Oct 05 2018 Eli Uriegas - 1.2.0-2.1.rc.1.1 - containerd 1.2.0-rc.1 release - Set Tasks=infinity in the systemd service file * Tue Sep 25 2018 Eli Uriegas - 1.2.0-2.0.rc.0.1 - containerd 1.2.0-rc.0 release * Wed Sep 05 2018 Eli Uriegas - 1.2.0-1.2.beta.2.2 - Hardcoded paths for libexec and var lib considering the macros are different on SUSE based distributions - Removed offline installer for runc, package as a binary instead * Tue Aug 28 2018 Andrew Hsu - 1.2.0-1.2.beta.2.1 - containerd 1.2.0 beta.2 * Thu Aug 16 2018 Eli Uriegas - 1.2.0-1.0.beta.0-1 - Intial release