containerd/SPECS/containerd.spec

%bcond_without ctr
%bcond_with debug
%define tarball_name containerd 

%if %{with debug}
%global _dwz_low_mem_die_limit 0
%else
%global debug_package %{nil}
%endif

%define SHA256SUM0 08f057ece7e518b14cce2e9737228a5a899a7b58b78248a03e02f4a6c079eeaf
%global import_path github.com/containerd/containerd
%global runc_nokmem %{getenv:RUNC_NOKMEM}

Name: containerd.io
Provides: %{tarball_name}

# Conflicting packages

Version: 1.6.4
Release: 3.1%{?dist}
Summary: An industry-standard container runtime
License: ASL 2.0
URL: https://containerd.io
Source0: %{tarball_name}-%{version}.tar
Source2: containerd.toml
# container-selinux isn't a thing in suse flavors
%if %{undefined suse_version}
# amazonlinux2 doesn't have container-selinux either
%if "%{?dist}" != ".amzn2"
Requires: container-selinux >= 2:2.74
%endif
Requires: libseccomp
%else
# SUSE flavors do not have container-selinux,
# and libseccomp is named libseccomp2
Requires: libseccomp2
%endif
BuildRequires: make
BuildRequires: gcc
BuildRequires: systemd
BuildRequires: libseccomp-devel
BuildRequires: golang
BuildRequires: go-md2man
BuildRequires: runc

%if %{undefined rhel} || 0%{?rhel} < 8
%if %{defined suse_version}
# SUSE flavors
BuildRequires: libbtrfs-devel
%else
# Fedora / others, and CentOS/RHEL < 8
BuildRequires: btrfs-progs-devel
%endif
%endif

Requires: runc
%{?systemd_requires}

%description
containerd is an industry-standard container runtime with an emphasis on
simplicity, robustness and portability. It is available as a daemon for Linux
and Windows, which can manage the complete container lifecycle of its host
system: image transfer and storage, container execution and supervision,
low-level storage and network attachments, etc.


%prep
%setup -q -n %{tarball_name}-%{version}
sed -i "s#/usr/local/bin/containerd#/usr/bin/containerd#" containerd.service
mkdir -p ${RPM_BUILD_DIR}/go/src/github.com/containerd/
# symlink the go source path to our build directory
ln -s %{_topdir}/BUILD/%{tarball_name}-%{version} ${RPM_BUILD_DIR}/go/src/%{import_path} 

%build
GO111MODULE=auto make man

BUILDTAGS="seccomp selinux"
%if %{defined rhel} && 0%{?rhel} >= 8
# btrfs support was removed in CentOS/RHEL 8
BUILDTAGS="${BUILDTAGS} no_btrfs"
%endif

GO111MODULE=auto make -C ${RPM_BUILD_DIR}/go/src/%{import_path} VERSION=%{version} REVISION=%{release} PACKAGE=%{name} BUILDTAGS="${BUILDTAGS}"

# Remove containerd-stress, as we're not shipping it as part of the packages
rm -f bin/containerd-stress
bin/containerd --version
bin/ctr --version

%install
cd %{_topdir}/BUILD/%{tarball_name}-%{version}
mkdir -p %{buildroot}%{_bindir}
install -D -m 0755 bin/* %{buildroot}%{_bindir}
install -D -m 0644 containerd.service %{buildroot}%{_unitdir}/containerd.service
install -D -m 0644 %{S:2} %{buildroot}%{_sysconfdir}/containerd/config.toml

# install manpages, taking into account that not all sections may be present
for i in $(seq 1 8); do
    if ls man/*.${i} 1> /dev/null 2>&1; then
        install -d %{buildroot}%{_mandir}/man${i};
        install -p -m 644 man/*.${i} %{buildroot}%{_mandir}/man${i};
    fi
done

%post
%systemd_post containerd.service


%preun
%systemd_preun containerd.service


%postun
%systemd_postun_with_restart containerd.service


%files
%license LICENSE
%doc README.md
%{_bindir}/*
%{_unitdir}/containerd.service
%{_sysconfdir}/containerd
%{_mandir}/man*/*
%config(noreplace) %{_sysconfdir}/containerd/config.toml


%changelog
* Wed May 04 2022 Sebastiaan van Stijn <thajeztah@docker.com> - 1.6.4-3.1
- Update containerd to v1.6.4

* Thu Apr 28 2022 Sebastiaan van Stijn <thajeztah@docker.com> - 1.6.3-3.1
- Update containerd to v1.6.3
- Update runc to v1.1.1
- Update Golang runtime to 1.17.9

* Sun Mar 27 2022 Sebastiaan van Stijn <thajeztah@docker.com> - 1.6.2-3.1
- Update containerd to v1.6.2
- Update runc to v1.1.0

* Wed Mar 23 2022 Sebastiaan van Stijn <thajeztah@docker.com> - 1.5.11-3.1
- Update containerd to v1.5.11 to address CVE-2022-24769

* Fri Mar 04 2022 Sebastiaan van Stijn <thajeztah@docker.com> - 1.5.10-3.1
- Update containerd to v1.5.10
- Update Golang runtime to 1.17.8

* Thu Mar 03 2022 Sebastiaan van Stijn <thajeztah@docker.com> - 1.4.13-3.1
- Update containerd to v1.4.13 to address CVE-2022-23648
- Update runc to v1.0.3
- Update Golang runtime to 1.16.15

* Wed Nov 17 2021 Sebastiaan van Stijn <thajeztah@docker.com> - 1.4.12-3.1
- Update containerd to v1.4.12 to address CVE-2021-41190
- Update Golang runtime to 1.16.10

* Mon Oct 04 2021 Sebastiaan van Stijn <thajeztah@docker.com> - 1.4.11-3.1
- Update to containerd 1.4.11 to address CVE-2021-41103

* Thu Sep 30 2021 Sebastiaan van Stijn <thajeztah@docker.com> - 1.4.10-3.1
- Update to containerd 1.4.10
- Update runc to v1.0.2
- Update Golang runtime to 1.16.8

* Thu Jul 29 2021 Sebastiaan van Stijn <thajeztah@docker.com> - 1.4.9-3.1
- Update to containerd 1.4.9
- Update runc to v1.0.1

* Mon Jul 19 2021 Sebastiaan van Stijn <thajeztah@docker.com> - 1.4.8-3.1
- Update to containerd 1.4.8 to address CVE-2021-32760

* Mon Jul 19 2021 Sebastiaan van Stijn <thajeztah@docker.com> - 1.4.7-3.1
- Update to containerd 1.4.7
- Update runc to v1.0.0
- Update Golang runtime to 1.15.14

* Fri May 21 2021 Sebastiaan van Stijn <thajeztah@docker.com> - 1.4.6-3.1
- Update to containerd 1.4.6
- Update runc to v1.0.0-rc95 to address CVE-2021-30465.

* Wed May 12 2021 Sebastiaan van Stijn <thajeztah@docker.com> - 1.4.5-3.1
- Update to containerd 1.4.5
- Update runc to v1.0.0-rc94

* Mon Mar 08 2021 Wei Fu <fuweid89@gmail.com> - 1.4.4-3.1
- Update to containerd 1.4.4 to address CVE-2021-21334.

* Wed Mar 03 2021 Tibor Vass <tibor@docker.com> - 1.4.3-3.2
- Update runc to v1.0.0-rc93

* Wed Dec 02 2020 Sebastiaan van Stijn <thajeztah@docker.com> - 1.4.3-3.1
- Update to containerd 1.4.3 to address CVE-2020-15257.

* Thu Nov 26 2020 Sebastiaan van Stijn <thajeztah@docker.com> - 1.4.2-3.1
- Update to containerd 1.4.2

* Tue Oct 06 2020 Tibor Vass <tibor@docker.com> - 1.4.1-3.1
- Update to containerd 1.4.1
- Update Golang runtime to 1.13.15

* Wed Sep 09 2020 Sebastiaan van Stijn <github@gone.nl> - 1.3.7-3.1
- Update to containerd 1.3.7
- Update Golang runtime to 1.13.12.

* Fri May 01 2020 Sebastiaan van Stijn <thajeztah@docker.com> - 1.2.13-3.2
- Build packages for RHEL-7 on s390x, CentOS 8, and Fedora 32
- Add libseccomp as required dependency

* Mon Feb 17 2020 Sebastiaan van Stijn <thajeztah@docker.com> - 1.2.13-3.1
- Update to containerd 1.2.13, which fixes a regression introduced in v1.2.12
  that caused container/shim to hang on single core machines, and fixes an issue
  with blkio.
- Update Golang runtime to 1.12.17.

* Tue Feb 04 2020 Derek McGowan <derek@docker.com> - 1.2.12-3.1
- Update the runc vendor to v1.0.0-rc10 which includes a mitigation for
  CVE-2019-19921.
- Update the opencontainers/selinux which includes a mitigation for
  CVE-2019-16884.
- Update Golang runtime to 1.12.16, mitigating the CVE-2020-0601
  certificate verification bypass on Windows, and CVE-2020-7919,
  which only affects 32-bit architectures.
- A fix to prevent SIGSEGV when starting containerd-shim
- Fix to prevent high system load/CPU utilization with liveness and readiness
  probes
- Fix to prevent docker exec hanging if an earlier docker exec left a zombie
  process
- CRI: Update the gopkg.in/yaml.v2 vendor to v2.2.8 with a mitigation for
  CVE-2019-11253

* Fri Jan 24 2020 Sebastiaan van Stijn <thajeztah@docker.com> - 1.2.11-3.2
- Update Golang runtime to 1.12.15, which includes fixes in the net/http package
  and the runtime on ARM64

* Thu Jan 09 2020 Evan Hazlett <evan@docker.com> - 1.2.11-3.1
- Update the runc vendor to v1.0.0-rc9 which includes an additional
  mitigation for CVE-2019-16884
- Add local-fs.target to service file to fix corrupt image after unexpected
  host reboot
- Update Golang runtime to 1.12.13, which includes security fixes to the
  crypto/dsa package made in Go 1.12.11 (CVE-2019-17596), and fixes to the
  go command, runtime, syscall and net packages (Go 1.12.12)
- CRI: Fix shim delete error code to avoid unnecessary retries in the CRI plugin

* Mon Oct 07 2019 Eli Uriegas <eli.uriegas@docker.com> - 1.2.10-3.2
- build with Go 1.12.10

* Thu Sep 26 2019 Eli Uriegas <eli.uriegas@docker.com> - 1.2.10-3.1
- containerd 1.2.10 release
- Addresses CVE-2019-16884 (AppArmor bypass)
- Bump runc to 3e425f80a8c931f88e6d94a8c831b9d5aa481657 (1.0.0-rc8 + CVE-2019-16884)

* Fri Sep 06 2019 Eli Uriegas <eli.uriegas@docker.com> - 1.2.9-3.1
- containerd 1.2.9 release
- Addresses CVE-2019-9512 (Ping Flood), CVE-2019-9514 (Reset Flood), and CVE-2019-9515 (Settings Flood).

* Tue Aug 27 2019 Sebastiaan van Stijn <thajeztah@docker.com> - 1.2.8-3.1
- containerd 1.2.8 release
- build with Go 1.12.9

* Thu Aug 15 2019 Sebastiaan van Stijn <thajeztah@docker.com> - 1.2.6-3.5
- build with Go 1.11.13 (CVE-2019-9512, CVE-2019-9514)

* Tue Aug 13 2019 Eli Uriegas <eli.uriegas@docker.com> - 1.2.6-3.4
- Do not "Provides: runc" for RHEL 8

* Tue Jun 11 2019 Kir Kolyshkin <kolyshkin@gmail.com> - 1.2.6-3.3
- add requirement for container-selinux
- move runc binary to %_bindir

* Fri Apr 26 2019 Sebastiaan van Stijn <thajeztah@docker.com> - 1.2.6-3.2
- update runc to v1.0.0-rc8

* Tue Apr 09 2019 Sebastiaan van Stijn <thajeztah@docker.com> - 1.2.6-3.1
- containerd 1.2.6 release
- update runc to 029124da7af7360afa781a0234d1b083550f797c
- build with Go 1.11.8

* Thu Mar 14 2019  Sebastiaan van Stijn <thajeztah@docker.com> - 1.2.5-3.1
- containerd 1.2.5 release
- update runc to 2b18fe1d885ee5083ef9f0838fee39b62d653e30
- build with Go 1.11.5

* Fri Feb 15 2019 Sebastiaan van Stijn <thajeztah@docker.com> - 1.2.4-3.1
- containerd 1.2.4 release
- update runc to 6635b4f0c6af3810594d2770f662f34ddc15b40d

* Thu Jan 31 2019 Eli Uriegas <eli.uriegas@docker.com> - 1.2.2-3.3
- [runc -> 09c8266] nsenter: clone /proc/self/exe to avoid exposing
  host binary to container (CVE-2019-5736)

* Fri Jan 18 2019 Eli Uriegas <eli.uriegas@docker.com> - 1.2.2-3.2
- update runc to f7491ef134a6c41f3a99b0b539835d2472d17012

* Tue Jan 08 2019 Andrew Hsu <andrewhsu@docker.com> - 1.2.2-3.1
- containerd 1.2.2 release

* Thu Dec 06 2018 Andrew Hsu <andrewhsu@docker.com> - 1.2.1-3.1
- containerd 1.2.1 release
- update runc to 96ec2177ae841256168fcf76954f7177af9446eb

* Tue Nov 27 2018  Sebastiaan van Stijn <thajeztah@docker.com> - 1.2.1-2.0.rc.0.1
- containerd 1.2.1-rc.0 release
- update runc to 10d38b660a77168360df3522881e2dc2be5056bd

* Mon Nov 05 2018 Eli Uriegas <eli.uriegas@docker.com> - 1.2.0-3.1
- containerd 1.2.0 release

* Tue Oct 16 2018 Eli Uriegas <eli.uriegas@docker.com> - 1.2.0-2.2.rc.2.1
- containerd 1.2.0-rc.2 release

* Fri Oct 05 2018 Eli Uriegas <eli.uriegas@docker.com> - 1.2.0-2.1.rc.1.1
- containerd 1.2.0-rc.1 release
- Set Tasks=infinity in the systemd service file

* Tue Sep 25 2018 Eli Uriegas <eli.uriegas@docker.com> - 1.2.0-2.0.rc.0.1
- containerd 1.2.0-rc.0 release

* Wed Sep 05 2018 Eli Uriegas <eli.uriegas@docker.com> - 1.2.0-1.2.beta.2.2
- Hardcoded paths for libexec and var lib considering the macros are different on SUSE based distributions
- Removed offline installer for runc, package as a binary instead

* Tue Aug 28 2018 Andrew Hsu <andrewhsu@docker.com> - 1.2.0-1.2.beta.2.1
- containerd 1.2.0 beta.2

* Thu Aug 16 2018 Eli Uriegas <eli.uriegas@docker.com> - 1.2.0-1.0.beta.0-1
- Intial release