ALP-pool/containerd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Sync from SUSE:ALP:Source:Standard:1.0 containerd revision 393dec61c7ab8ec3e692628c9056e8d1

Browse Source
This commit is contained in:
Adrian Schröter 2024-02-16 15:03:56 +01:00
commit 3d13a3a4af
9 changed files with 4184 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
.gitattributes vendored Normal file
View File

@ -0,0 +1,23 @@
## Default LFS
*.7z filter=lfs diff=lfs merge=lfs -text
*.bsp filter=lfs diff=lfs merge=lfs -text
*.bz2 filter=lfs diff=lfs merge=lfs -text
*.gem filter=lfs diff=lfs merge=lfs -text
*.gz filter=lfs diff=lfs merge=lfs -text
*.jar filter=lfs diff=lfs merge=lfs -text
*.lz filter=lfs diff=lfs merge=lfs -text
*.lzma filter=lfs diff=lfs merge=lfs -text
*.obscpio filter=lfs diff=lfs merge=lfs -text
*.oxt filter=lfs diff=lfs merge=lfs -text
*.pdf filter=lfs diff=lfs merge=lfs -text
*.png filter=lfs diff=lfs merge=lfs -text
*.rpm filter=lfs diff=lfs merge=lfs -text
*.tbz filter=lfs diff=lfs merge=lfs -text
*.tbz2 filter=lfs diff=lfs merge=lfs -text
*.tgz filter=lfs diff=lfs merge=lfs -text
*.ttf filter=lfs diff=lfs merge=lfs -text
*.txz filter=lfs diff=lfs merge=lfs -text
*.whl filter=lfs diff=lfs merge=lfs -text
*.xz filter=lfs diff=lfs merge=lfs -text
*.zip filter=lfs diff=lfs merge=lfs -text
*.zst filter=lfs diff=lfs merge=lfs -text

3158
0001-BUILD-SLE12-revert-btrfs-depend-on-kernel-UAPI-inste.patch Normal file
View File

File diff suppressed because it is too large Load Diff

75
0002-shim-Create-pid-file-with-0644-permissions.patch Normal file
View File

@ -0,0 +1,75 @@
From 260963a354d972201ffe9a6ce882f1c0e9b319d9 Mon Sep 17 00:00:00 2001
From: Jaroslav Jindrak <dzejrou@gmail.com>
Date: Sat, 23 Dec 2023 21:41:54 +0100
Subject: [PATCH 1/2] shim: Create pid-file with 0644 permissions
Fixes ae7021300
In ae7021300 the WritePidFile and WriteAddress functions were
changed to use AtomicFile instead of os.CreateFile. However,
AtomicFile creates a temporary file and then changes its permissions
with os.Chmod which alters the previously observed behavior of
os.CreateFile which takes the system's umask into account.
This means that on Linux-based systems these files suddenly
became world writable (#9363). The address file has since been
removed, but pid-file was still created as world writable. This
commit explicitly requests 0644 permissions as even on systems
without default umask of 0022 there is no reason to have these
two files world writable.
Signed-off-by: Jaroslav Jindrak <dzejrou@gmail.com>
(cherry picked from commit 9d328410a5c7bab106fe81cd37a36e4534ce9205)
Signed-off-by: Jaroslav Jindrak <dzejrou@gmail.com>
---
runtime/v2/shim/util.go | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/runtime/v2/shim/util.go b/runtime/v2/shim/util.go
index fce1318a63ad..3740d87dbf8a 100644
--- a/runtime/v2/shim/util.go
+++ b/runtime/v2/shim/util.go
@@ -126,7 +126,7 @@ func WritePidFile(path string, pid int) error {
if err != nil {
return err
}
- f, err := atomicfile.New(path, 0o666)
+ f, err := atomicfile.New(path, 0o644)
if err != nil {
return err
}
From 8d82242eb525f87b91bbc2c2499559855dd363cf Mon Sep 17 00:00:00 2001
From: Jaroslav Jindrak <dzejrou@gmail.com>
Date: Sat, 23 Dec 2023 21:46:12 +0100
Subject: [PATCH 2/2] shim: Create address file with 0644 permissions
Fixes ae70213
In ae70213 the WritePidFile and WriteAddress functions were
changed to use AtomicFile instead of os.CreateFile. However,
AtomicFile creates a temporary file and then changes its permissions
with os.Chmod which alters the previously observed behavior of
os.CreateFile which takes the system's umask into account.
This means that on Linux-based systems these files suddenly
became world writable (#9363).
Signed-off-by: Jaroslav Jindrak <dzejrou@gmail.com>
---
runtime/v2/shim/util.go | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/runtime/v2/shim/util.go b/runtime/v2/shim/util.go
index 3740d87dbf8a..e8cfeec077c5 100644
--- a/runtime/v2/shim/util.go
+++ b/runtime/v2/shim/util.go
@@ -144,7 +144,7 @@ func WriteAddress(path, address string) error {
if err != nil {
return err
}
- f, err := atomicfile.New(path, 0o666)
+ f, err := atomicfile.New(path, 0o644)
if err != nil {
return err
}

14
_service Normal file
View File

@ -0,0 +1,14 @@
<services>
<service name="tar_scm" mode="manual">
<param name="url">https://github.com/containerd/containerd.git</param>
<param name="scm">git</param>
<param name="filename">containerd</param>
<param name="versionformat">1.7.10_%h</param>
<param name="revision">v1.7.10</param>
<param name="exclude">.git</param>
</service>
<service name="recompress" mode="manual">
<param name="file">*.tar</param>
<param name="compression">xz</param>
</service>
</services>

BIN
containerd-1.7.10_4e1fe7492b9d.tar.xz (Stored with Git LFS) Normal file
View File

Binary file not shown.

1
containerd-rpmlintrc Normal file
View File

@ -0,0 +1 @@
addFilter ("^containerd(-kubic)?.*: E: statically-linked-binary /usr/sbin/containerd-shim*")

685
containerd.changes Normal file
View File

@ -0,0 +1,685 @@
-------------------------------------------------------------------
Mon Jan 15 11:12:05 UTC 2024 - Dan Čermák <dcermak@suse.com>
- Enable manpage generation
- Make devel package noarch
- adjust rpmlint filters
-------------------------------------------------------------------
Mon Jan 8 12:12:00 UTC 2024 - Danish Prakash <danish.prakash@suse.com>
- Add patch for bsc#1217952:
+ 0002-shim-Create-pid-file-with-0644-permissions.patch
-------------------------------------------------------------------
Mon Dec 4 08:44:40 UTC 2023 - Aleksa Sarai <asarai@suse.com>
- Update to containerd v1.7.10. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.7.10>
- Rebase patches:
* 0001-BUILD-SLE12-revert-btrfs-depend-on-kernel-UAPI-inste.patch
-------------------------------------------------------------------
Fri Oct 27 21:13:23 UTC 2023 - Aleksa Sarai <asarai@suse.com>
- Update to containerd v1.7.8. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.7.8> bsc#1200528
- Rebase patches:
* 0001-BUILD-SLE12-revert-btrfs-depend-on-kernel-UAPI-inste.patch
-------------------------------------------------------------------
Fri Oct 13 05:33:18 UTC 2023 - Aleksa Sarai <asarai@suse.com>
- Update to containerd v1.7.7. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.7.7>
- Add patch to fix build on SLE-12:
+ 0001-BUILD-SLE12-revert-btrfs-depend-on-kernel-UAPI-inste.patch
-------------------------------------------------------------------
Thu Sep 14 04:27:07 UTC 2023 - Aleksa Sarai <asarai@suse.com>
- Update to containerd v1.7.6 for Docker v24.0.6-ce. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.7.6> bsc#1215323
-------------------------------------------------------------------
Thu Aug 31 09:20:32 UTC 2023 - Priyanka Saggu <priyanka.saggu@suse.com>
- Add `Provides: cri-runtime` to use containerd as container runtime in Factory
Kubernetes packages
-------------------------------------------------------------------
Sun May 21 11:16:18 UTC 2023 - Aleksa Sarai <asarai@suse.com>
- Update to containerd v1.6.21 for Docker v23.0.6-ce. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.6.21> bsc#1211578
- Require a minimum Go version explicitly rather than using golang(API).
Fixes the change for bsc#1210298.
-------------------------------------------------------------------
Thu May 4 12:50:57 UTC 2023 - Marcus Meissner <meissner@suse.com>
[ This was only released in SLE. ]
- unversion to golang requires to always use the current default go.
(bsc#1210298)
-------------------------------------------------------------------
Tue Apr 18 14:52:44 UTC 2023 - Aleksa Sarai <asarai@suse.com>
- Update to containerd v1.6.20 for Docker v23.0.4-ce. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.6.20>
-------------------------------------------------------------------
Wed Mar 29 04:53:24 UTC 2023 - Aleksa Sarai <asarai@suse.com>
- Update to containerd v1.6.19 for Docker v23.0.2-ce. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.6.19>
Includes fixes for:
- CVE-2023-25153 bsc#1208423
- CVE-2023-25173 bsc#1208426
-------------------------------------------------------------------
Wed Mar 1 05:29:46 UTC 2023 - Aleksa Sarai <asarai@suse.com>
- Re-build containerd to use updated golang-packaging. jsc#1342
-------------------------------------------------------------------
Thu Feb 9 01:58:07 UTC 2023 - Aleksa Sarai <asarai@suse.com>
- Update to containerd v1.6.16 for Docker v23.0.1-ce. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.6.16>
-------------------------------------------------------------------
Thu Dec 8 01:28:48 UTC 2022 - Aleksa Sarai <asarai@suse.com>
- Update to containerd v1.6.12 to fix CVE-2022-23471 bsc#1206235. Upstream
release notes:
<https://github.com/containerd/containerd/releases/tag/v1.6.12>
-------------------------------------------------------------------
Tue Dec 6 22:41:50 UTC 2022 - Aleksa Sarai <asarai@suse.com>
- Update to containerd v1.6.11. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.6.11>
-------------------------------------------------------------------
Tue Dec 6 04:48:06 UTC 2022 - Aleksa Sarai <asarai@suse.com>
- Update to containerd v1.6.9 for Docker v20.10.21-ce. Also includes a fix for
CVE-2022-27191. boo#1206065 bsc#1197284 Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.6.9>
-------------------------------------------------------------------
Tue Nov 29 16:01:11 UTC 2022 - Dirk Müller <dmueller@suse.com>
- add devel subpackage, which is needed by open-vm-tools
-------------------------------------------------------------------
Tue Jun 7 07:22:02 UTC 2022 - Aleksa Sarai <asarai@suse.com>
- Update to containerd v1.6.6 to fix CVE-2022-31030 and meet the requirements
of Docker v20.10.17-ce. bsc#1200145
- Remove upstreamed patches:
- bsc1200145-Limit-the-response-size-of-ExecSync.patch
-------------------------------------------------------------------
Mon Jun 6 05:49:56 UTC 2022 - Aleksa Sarai <asarai@suse.com>
[ This patch was only released in SLES and Leap. ]
- Backport patch to fix GHSA-5ffw-gxpp-mxpf CVE-2022-31030. bsc#1200145
+ bsc1200145-Limit-the-response-size-of-ExecSync.patch
-------------------------------------------------------------------
Mon Jun 6 05:41:10 UTC 2022 - Aleksa Sarai <asarai@suse.com>
- Update to containerd v1.5.12. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.5.12>
-------------------------------------------------------------------
Thu Apr 14 04:15:16 UTC 2022 - Aleksa Sarai <asarai@suse.com>
- Update to containerd v1.5.11 to fix CVE-2022-24769. bsc#1197517
-------------------------------------------------------------------
Thu Mar 3 07:24:10 UTC 2022 - Aleksa Sarai <asarai@suse.com>
- Update to containerd v1.4.13 to fix CVE-2022-23648. bsc#1196441
- Remove upstreamed patch:
- CVE-2022-23648.patch
-------------------------------------------------------------------
Wed Mar 2 12:48:05 UTC 2022 - Aleksa Sarai <asarai@suse.com>
[ This patch was only released in SLES and Leap. ]
- Add patch for CVE-2022-23648. bsc#1196441
+ CVE-2022-23648.patch
-------------------------------------------------------------------
Fri Nov 19 00:01:23 UTC 2021 - Aleksa Sarai <asarai@suse.com>
- Update to containerd v1.4.12 for Docker 20.10.11-ce. bsc#1192814
bsc#1193273 CVE-2021-41190
-------------------------------------------------------------------
Wed Oct 6 02:54:49 UTC 2021 - Aleksa Sarai <asarai@suse.com>
- Update to containerd v1.4.11, to fix CVE-2021-41103. bsc#1191355
- Switch to Go 1.16.x compiler, in line with upstream.
-------------------------------------------------------------------
Wed Oct 6 02:54:49 UTC 2021 - Aleksa Sarai <asarai@suse.com>
- Update to containerd v1.4.11, to fix CVE-2021-41103 bsc#1191121. bsc#1191355
- Switch to Go 1.16.x compiler, in line with upstream.
-------------------------------------------------------------------
Fri Oct 1 06:59:50 UTC 2021 - Dan Čermák <dcermak@suse.com>
- Install systemd service file as well (fixes bsc#1190826)
-------------------------------------------------------------------
Tue Jul 20 09:30:30 UTC 2021 - Aleksa Sarai <asarai@suse.com>
- Update to containerd v1.4.8, to fix CVE-2021-32760. bsc#1188282
- Remove upstreamed patches:
- bsc1188282-use-chmod-path-for-checking-symlink.patch
-------------------------------------------------------------------
Wed Jul 14 10:23:38 UTC 2021 - Aleksa Sarai <asarai@suse.com>
[ This patch was only released in SLES and Leap. ]
- Add patch for GHSA-c72p-9xmj-rx3w. CVE-2021-32760 bsc#1188282
+ bsc1188282-use-chmod-path-for-checking-symlink.patch
-------------------------------------------------------------------
Wed Jul 7 17:20:53 UTC 2021 - Bernhard Wiedemann <bwiedemann@suse.com>
- Build with go1.15 for reproducible build results (boo#1102408)
-------------------------------------------------------------------
Fri Apr 16 05:25:40 UTC 2021 - Aleksa Sarai <asarai@suse.com>
- Drop long-since upstreamed patch, originally needed to fix i386 builds on
SLES:
- 0001-makefile-remove-emoji.patch
-------------------------------------------------------------------
Sat Mar 6 07:17:00 UTC 2021 - Aleksa Sarai <asarai@suse.com>
- Update to containerd v1.4.4, to fix CVE-2021-21334.
-------------------------------------------------------------------
Tue Feb 2 05:33:02 UTC 2021 - Aleksa Sarai <asarai@suse.com>
- Update to handle the docker-runc removal, and drop the -kubic flavour.
bsc#1181677 bsc#1181749
-------------------------------------------------------------------
Fri Jan 29 23:24:30 UTC 2021 - Aleksa Sarai <asarai@suse.com>
- Update to containerd v1.4.3, which is needed for Docker v20.10.2-ce.
bsc#1181594
- Install the containerd-shim* binaries and stop creating
docker-containerd-shim because that isn't used by Docker anymore.
bsc#1183024
-------------------------------------------------------------------
Mon Dec 21 06:53:15 UTC 2020 - Aleksa Sarai <asarai@suse.com>
- Update to containerd v1.3.9, which is needed for Docker v19.03.14-ce and
fixes CVE-2020-15257. bsc#1178969 bsc#1180243
-------------------------------------------------------------------
Fri Sep 18 08:16:20 UTC 2020 - Aleksa Sarai <asarai@suse.com>
- Update to containerd v1.3.7, which is required for Docker 19.03.13-ce.
boo#1176708 bsc#1177598 CVE-2020-15157
- Refresh patches:
* 0001-makefile-remove-emoji.patch
-------------------------------------------------------------------
Thu Jun 25 22:32:08 UTC 2020 - Aleksa Sarai <asarai@suse.com>
- Use Go 1.13 for build.
-------------------------------------------------------------------
Tue Jun 2 08:57:36 UTC 2020 - Aleksa Sarai <asarai@suse.com>
- Update to containerd v1.2.13, which is required for Docker 19.03.11-ce.
bsc#1172377
-------------------------------------------------------------------
Tue Oct 8 23:35:36 UTC 2019 - Aleksa Sarai <asarai@suse.com>
- Update to containerd v1.2.10, which is required for Docker 19.03.3-ce.
bsc#1153367 bsc#1157330
-------------------------------------------------------------------
Fri Jun 28 01:45:50 UTC 2019 - Aleksa Sarai <asarai@suse.com>
- Update to containerd v1.2.6, which is required for Docker v18.09.7-ce.
bsc#1139649
- Remove containerd-test (it's not useful for actual testing).
-------------------------------------------------------------------
Fri May 3 13:32:05 UTC 2019 - Aleksa Sarai <asarai@suse.com>
- Update to containerd v1.2.5, which is required for v18.09.5-ce.
bsc#1128376 boo#1134068
https://github.com/containerd/containerd/releases/tag/v1.2.5
-------------------------------------------------------------------
Thu Mar 21 14:30:03 UTC 2019 - Sascha Grunert <sgrunert@suse.com>
- Update containerd to v1.2.4
* cri: Set /etc/hostname
* cri: Fix env performance issue
* runc updated to 6635b4f0c6af3810594d2770f662f34ddc15b40d to solve
bsc#1121967 CVE-2019-5736
* cri updated to da0c016c830b2ea97fd1d737c49a568a816bf964
* Windows: NewDirectIOFromFIFOSet
* Changelogs from previous versions also included in this update:
https://github.com/containerd/containerd/releases/tag/v1.2.3
-------------------------------------------------------------------
Tue Feb 5 11:16:46 UTC 2019 - Aleksa Sarai <asarai@suse.com>
- Update to containerd v1.2.2, which is required for Docker v18.09.1-ce.
bsc#1124308
* Fix rare deadlock on FIFO creation with timeout
* Fix a bug that a container can't be stopped or inspected when its
corresponding image is deleted
* Fix a bug that the cri plugin handles containerd events outside of
k8s.io namespace
more changes at:
https://github.com/containerd/containerd/releases/tag/v1.2.2
Changelogs from previous versions also included in this update:
https://github.com/containerd/containerd/releases/tag/v1.2.1
https://github.com/containerd/containerd/releases/tag/v1.2.0
https://github.com/containerd/containerd/releases/tag/v1.1.4
https://github.com/containerd/containerd/releases/tag/v1.1.3
- Remove required_dockerrunc commit pinning, as it just lead to issues.
- Remove upstreamed patches.
- 0001-docs-man-rename-config.toml-5-to-be-more-descriptive.patch
-------------------------------------------------------------------
Fri Jan 11 09:57:32 UTC 2019 - Sascha Grunert <sgrunert@suse.com>
- Disable leap based builds for kubic flavor. bsc#1121412
-------------------------------------------------------------------
Thu Dec 20 18:05:24 UTC 2018 - clee@suse.com
- Update go requirements to >= go1.10 to fix
* bsc#1118897 CVE-2018-16873
go#29230 cmd/go: remote command execution during "go get -u"
* bsc#1118898 CVE-2018-16874
go#29231 cmd/go: directory traversal in "go get" via curly braces in import paths
* bsc#1118899 CVE-2018-16875
go#29233 crypto/x509: CPU denial of service
-------------------------------------------------------------------
Mon Nov 5 10:28:13 UTC 2018 - Aleksa Sarai <asarai@suse.com>
- Add backport of https://github.com/containerd/containerd/pull/2764, which is
required for us to build containerd on i586 SLE-12 (where /bin/sh doesn't
like emoji in shell scripts). bsc#1102522 bsc#1113313
+ 0001-makefile-remove-emoji.patch
-------------------------------------------------------------------
Wed Aug 22 10:10:09 UTC 2018 - asarai@suse.com
- Upgrade to containerd v1.1.2, which is required for Docker v18.06.1-ce.
bsc#1102522
-------------------------------------------------------------------
Thu Aug 16 02:00:31 UTC 2018 - asarai@suse.com
- Merge -kubic packages back into the main Virtualization:containers packages.
This is done using _multibuild to add a "kubic" flavour, which is then used
to conditionally compile patches and other kubic-specific features.
bsc#1105000
-------------------------------------------------------------------
Wed Aug 1 09:40:59 UTC 2018 - asarai@suse.com
- Enable seccomp support on SLE12, since libseccomp is now a new enough vintage
to work with Docker and containerd. fate#325877
-------------------------------------------------------------------
Wed Jul 25 08:54:33 UTC 2018 - asarai@suse.com
- Update to containerd v1.1.1, which is the required version for the Docker
v18.06.0-ce upgrade. bsc#1102522
- Add backport of https://github.com/containerd/containerd/pull/2534 to make
the man page no longer pollute the global namespace.
+ 0001-docs-man-rename-config.toml-5-to-be-more-descriptive.patch
- Remove the following patch since it has already been merged upstream.
- bsc1065109-0001-makefile-add-support-for-build_flags.patch
- Remove systemd-related files and add docker-containerd-* symlinks; this
aligns with the upstream defaults where dockerd will execute
docker-containerd. Version upgrades of docker are expected to work more
smoothly as much of the upgrade logic is implemented in dockerd.
- Add containerd-rpmlintrc (or containerd-kubic-rpmlintrc) to deal with
/usr/src/containerd/* rpmlint errors (which don't affect normal users of this
package).
-------------------------------------------------------------------
Wed Jun 13 10:15:51 UTC 2018 - dcassany@suse.com
- Make use of %license macro
-------------------------------------------------------------------
Tue Jun 5 06:38:40 UTC 2018 - asarai@suse.com
- Remove 'go test' from %check section, as it has only ever caused us problems
and hasn't (as far as I remember) ever caught a release-blocking issue. Smoke
testing has been far more useful. boo#1095817
-------------------------------------------------------------------
Wed May 16 10:10:10 UTC 2018 - jmassaguerpla@suse.com
- Review obsoletes tag to fix bsc#1080978
-------------------------------------------------------------------
Thu Apr 12 12:48:16 UTC 2018 - fcastelli@suse.com
- Put containerd under the podruntime slice. This the recommended
deployment to allow fine resource control on Kubernetes.
bsc#1086185
-------------------------------------------------------------------
Mon Feb 12 10:52:49 UTC 2018 - rbrown@suse.com
- Add ${version} to equivalent non-kubic package provides
-------------------------------------------------------------------
Thu Feb 8 12:34:13 UTC 2018 - rbrown@suse.com
- Add Provides for equivalent non-kubic packages
-------------------------------------------------------------------
Thu Feb 1 16:57:14 CET 2018 - ro@suse.de
- do not build on s390, only on s390x (no go on s390)
-------------------------------------------------------------------
Wed Dec 27 11:15:36 UTC 2017 - dimstar@opensuse.org
- Fix build with RPM 4.14: exclude is not meant for files to NOT be
packaged, but should only be used if the files are to be excluded
from a glob when they end up in a different package. Rather
remove the unwanted files in the install section.
-------------------------------------------------------------------
Mon Dec 11 12:30:31 UTC 2017 - asarai@suse.com
- Update to containerd@06b9cb35161009dcb7123345749fef02f7cea8e0, which is
requried by Docker 17.09.1_ce.
-------------------------------------------------------------------
Thu Nov 23 13:48:04 UTC 2017 - rbrown@suse.com
- Replace references to /var/adm/fillup-templates with new
%_fillupdir macro (boo#1069468)
-------------------------------------------------------------------
Thu Oct 26 19:27:48 UTC 2017 - asarai@suse.com
- Set --start-timeout=2m by default to match upstream. bsc#1064926
-------------------------------------------------------------------
Thu Oct 26 17:31:18 UTC 2017 - asarai@suse.com
- Use the upstream makefile so that Docker can get the commit ID in `docker
info`. This also will avoid possible future warnings being spit out like
bsc#1065109 and boo#1053532.
- Backport https://github.com/containerd/containerd/pull/1686, which is
required for the above fix. bsc#1065109 boo#1053532
+ bsc1065109-0001-makefile-add-support-for-build_flags.patch
-------------------------------------------------------------------
Wed Oct 18 04:40:53 UTC 2017 - asarai@suse.com
- Update to containerd@3addd840653146c90a254301d6c3a663c7fd6429, which is
required by Docker 17.07.0_ce (this commit is effectively v0.2.9 with a few
bugfixes missing).
-------------------------------------------------------------------
Thu Aug 3 14:50:09 UTC 2017 - asarai@suse.com
- Use -buildmode=pie for tests and binary build. bsc#1048046 bsc#1051429
-------------------------------------------------------------------
Thu Jul 6 14:22:16 UTC 2017 - thipp@suse.de
- change dependency to docker-runc
-------------------------------------------------------------------
Thu May 4 19:02:18 UTC 2017 - jmassaguerpla@suse.com
- fix golang requirement to 1.7 for the subpackages
-------------------------------------------------------------------
Tue May 2 15:48:53 UTC 2017 - jmassaguerpla@suse.com
- fix golang requirement to 1.7
-------------------------------------------------------------------
Fri Apr 28 16:18:44 UTC 2017 - jengelh@inai.de
- Replace %__-type macro indirections
-------------------------------------------------------------------
Thu Apr 13 16:17:55 UTC 2017 - jmassaguerpla@suse.com
- update containerd to the commit version needed for
docker-v17.04.0-ce (bsc#1034053)
fix bsc#1032769: containerd spurious messages filling journal
-------------------------------------------------------------------
Wed Apr 12 09:56:54 UTC 2017 - jmassaguerpla@suse.com
- make sure this package is being built with go 1.7
-------------------------------------------------------------------
Wed Apr 12 09:13:44 UTC 2017 - jmassaguerpla@suse.com
- remove the go_arches macro because we are using go1.7 which
is available in all archs
-------------------------------------------------------------------
Wed Apr 12 08:02:59 UTC 2017 - asarai@suse.com
- Set TasksMax=infinity to make sure runC doesn't start failing randomly.
-------------------------------------------------------------------
Fri Feb 24 18:08:41 UTC 2017 - jmassaguerpla@suse.com
- update to docker 1.13.0 requirement
-------------------------------------------------------------------
Sat Jan 14 06:38:29 UTC 2017 - asarai@suse.com
- Update docker to the version used in Docker 1.12.6. This is necessary to fix
CVE-2016-9962 (bsc#1012568).
-------------------------------------------------------------------
Mon Dec 19 12:46:14 UTC 2016 - jmassaguerpla@suse.com
- update containerd to the version used in docker 1.12.5 (bsc#1016307).
This fixes bsc#1015661
-------------------------------------------------------------------
Thu Nov 24 16:10:41 UTC 2016 - jmassaguerpla@suse.com
- fix runc version
fix bsc#1009961
-------------------------------------------------------------------
Thu Nov 24 12:09:48 UTC 2016 - jmassaguerpla@suse.com
- fix version so that it contains a sequence number and zypper does
not think is a downgrade
-------------------------------------------------------------------
Tue Oct 25 11:15:13 UTC 2016 - jmassaguerpla@suse.com
- fix bsc#1006368: docker/containerd is broken when installed by
SuSE Studio in an appliance: We were missing the
Requires(post): %fillup_prereq
-------------------------------------------------------------------
Tue Oct 25 08:32:22 UTC 2016 - jmassaguerpla@suse.com
- update runc requirement to 02f8fa7863dd3f82909a73e2061897828460d52f
(see RUNC_COMMIT in Dockerfile)
-------------------------------------------------------------------
Thu Oct 13 11:14:39 UTC 2016 - jmassaguerpla@suse.com
- update to commit 0366d7e which is the one required for docker-1.12.2
(bsc#1004490)
-------------------------------------------------------------------
Mon Sep 19 11:58:44 UTC 2016 - jmassaguerpla@suse.com
- fix go_arches definition: use global instead of define, otherwise
it fails to build
-------------------------------------------------------------------
Thu Aug 25 15:54:38 UTC 2016 - jmassaguerpla@suse.com
- Remove GOPATH at the end of the GOPATH assignment
cause GOPATH is empty and if we do that, we get the path ""
appended, which causes gcc6-go to complain
-------------------------------------------------------------------
Wed Aug 24 12:25:46 UTC 2016 - jmassaguerpla@suse.com
- add go_arches in project configuration: this way, we can use the
same spec file but decide in the project configuration if to
use gc-go or gcc-go for some archs.
-------------------------------------------------------------------
Mon Aug 22 18:14:40 UTC 2016 - jmassaguerpla@suse.com
- update to v2.3.0 (bsc#995058)
- Remove patches which were already merged upstream:
* socket-activation-01-vendor.patch
* socket-activation-02-daemon.patch
* socket-activation-03-ctr.patch
-------------------------------------------------------------------
Thu Aug 18 10:34:29 UTC 2016 - jmassaguerpla@suse.com
- use gcc6-go instead of gcc5-go (bsc#988408)
- build ppc64le with gc-go because this version builds with gc-go 1.6
-------------------------------------------------------------------
Thu Aug 18 10:33:29 UTC 2016 - cbrauner@suse.com
- bump git commit id to the one required by docker v1.12.0
- run test during build
- only run tests on architectures that provide the go list and got test tools
- add aarch64 to go arches
-------------------------------------------------------------------
Thu Aug 18 09:44:56 UTC 2016 - cbrauner@suse.de
- Add containerd-test package which contains the source code and the test. This
package will be used to run the integration tests.
- Simplify package build and check sections: Instead of symlinking we default to
cp -avr. go list gets confused by symlinks hence, we need to copy the source
code anyway if we want to run unit tests during package build at some point.
-------------------------------------------------------------------
Tue Aug 16 09:51:37 UTC 2016 - asarai@suse.com
* Explicitly state the version dependency for runC, to avoid potential
issues with incompatible component versions. These must be updated
*each time we do a release*. Unfortunately we cannot create a hard
dependency because that would conflict with Docker, and was a mistake
on upstream's part. bsc#993847
-------------------------------------------------------------------
Wed Jul 20 10:32:45 UTC 2016 - asarai@suse.com
* Set --runtime option specifically to runC. bsc#978260
-------------------------------------------------------------------
Fri Jun 17 14:42:43 UTC 2016 - asarai@suse.de
* Update to containerd v0.2.2. (bsc#989566 FATE#320763)
* Includes updates to the out-of-tree patches.
-------------------------------------------------------------------
Mon May 2 07:34:53 UTC 2016 - asarai@suse.de
* Remove MountFlags=slave from containerd.service. This causes many issues with
interactions with Docker.
-------------------------------------------------------------------
Fri Apr 29 09:54:28 UTC 2016 - asarai@suse.de
* Added /usr/sbin/rccontainerd symlink as per suse-missing-rclink.
* Updated socket activation patches to use the same patchset that was merged
upstream (https://github.com/docker/containerd/pull/178):
* socket-activation-01-vendor.patch
* socket-activation-02-daemon.patch
* socket-activation-03-ctr.patch
* Removed aarch64 that was patched upstream:
- fix-aarch64-epoll.patch
* Update containerd to 0.2.1. Upstream changelog:
* Fixes for cgroup memory updates and process labeling.
* Truncate the event log on disk and in memory so that it does not
grow forever. This is mainly used for higher levels to receive past
events if they miss any.
-------------------------------------------------------------------
Tue Apr 19 10:23:09 UTC 2016 - asarai@suse.de
* Use the gc compiler for aarch64 builds.
* Add a patch to fix the new aarch64 build support, which has not yet been
merged upstream (https://github.com/docker/containerd/pull/195):
+ fix-aarch64-epoll.patch
* Rebase the socket activation patchset which has yet to be merged
(https://github.com/docker/containerd/pull/178):
* socket-activation-01-vendor.patch
* socket-activation-02-daemon.patch
* socket-activation-03-ctr.patch
* Update to containerd 0.2.0. Changelog:
+ Add Limit to PidsStats
+ Add timeout flag for container start times.
+ Add timeout option for GRPC connection.
+ Add no_pivot_root support.
+ Add runtimeArgs to pass to shim
* Move epoll syscall to a separate package so we can build on aarch64.
* Fix ctr termios restoration isssues.
* Several bug fixes.
- Remove dependencies on larger packages.
-------------------------------------------------------------------
Thu Mar 31 03:42:39 UTC 2016 - asarai@suse.de
* Use socket activation with the containerd-daemon. This requires a
not-yet-upstream patchset (https://github.com/docker/containerd/pull/178):
+ socket-activation-01-vendor.patch
+ socket-activation-02-daemon.patch
+ socket-activation-03-ctr.patch
* Remove MountFlags=slave since it's not relevant to containerd and might cause
issues in the future.
* Update to containerd 0.1.0. This required quite a few fixes.
-------------------------------------------------------------------
Sun Mar 27 10:19:02 UTC 2016 - asarai@suse.de
* Add initial packaging of containerd 0.0.5.
* Add service and sysconfig files.
* Separately package the client from the server.
* Install to /usr/sbin.

43
containerd.service Normal file
View File

@ -0,0 +1,43 @@
# Copyright The containerd Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# Modifications by SUSE LLC under the same license
[Unit]
Description=containerd container runtime
Documentation=https://containerd.io
After=network.target local-fs.target
Conflicts=docker.service
[Service]
ExecStartPre=-/sbin/modprobe overlay
ExecStart=/usr/sbin/containerd
Type=notify
Delegate=yes
KillMode=process
Restart=always
RestartSec=5
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNPROC=infinity
LimitCORE=infinity
LimitNOFILE=1048576
# Comment TasksMax if your systemd version does not supports it.
# Only systemd 226 and above support this version.
TasksMax=infinity
OOMScoreAdjust=-999
[Install]
WantedBy=multi-user.target

182
containerd.spec Normal file
View File

@ -0,0 +1,182 @@
#
# spec file for package containerd
#
# Copyright (c) 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
# nodebuginfo
#Compat macro for new _fillupdir macro introduced in Nov 2017
%if ! %{defined _fillupdir}
%define _fillupdir /var/adm/fillup-templates
%endif
# MANUAL: Update the git_version.
%define git_version 4e1fe7492b9df85914c389d1f15a3ceedbb280ac
%define git_short 4e1fe7492b9d
%global provider_prefix github.com/containerd/containerd
%global import_path %{provider_prefix}
Name: containerd
Version: 1.7.10
Release: 0
Summary: Standalone OCI Container Daemon
License: Apache-2.0
Group: System/Management
URL: https://containerd.tools
Source: %{name}-%{version}_%{git_short}.tar.xz
Source1: %{name}-rpmlintrc
Source2: %{name}.service
# UPSTREAM: Revert <https://github.com/containerd/containerd/pull/7933> to fix build on SLE-12.
Patch1: 0001-BUILD-SLE12-revert-btrfs-depend-on-kernel-UAPI-inste.patch
# https://github.com/containerd/containerd/pull/9571
Patch2: 0002-shim-Create-pid-file-with-0644-permissions.patch
BuildRequires: fdupes
BuildRequires: glibc-devel-static
BuildRequires: go >= 1.19
BuildRequires: go-go-md2man
BuildRequires: golang-packaging
BuildRequires: libbtrfs-devel >= 3.8
BuildRequires: libseccomp-devel >= 2.2
BuildRequires: pkg-config
# We provide a git revision so that Docker can require it properly.
Provides: %{name}-git = %{git_version}
# Currently runc is the only supported runtime for containerd. We pin the same
# flavour as us, to avoid mixing (the version pinning is done by docker.spec).
Requires: runc
Requires(post): %fillup_prereq
# KUBIC-SPECIFIC: There used to be a kubic-specific containerd package, but now
# it's been merged into the one package. bsc#1181677
Obsoletes: %{name}-kubic < %{version}
Provides: %{name}-kubic = %{version}
Obsoletes: %{name} = 0.2.5+gitr569_2a5e70c
Obsoletes: %{name}_2a5e70c
ExcludeArch: s390
Provides: cri-runtime
%description
Containerd is a daemon with an API and a command line client, to manage
containers on one machine. It uses runC to run containers according to the OCI
specification. Containerd has advanced features such as seccomp and user
namespace support as well as checkpoint and restore for cloning and live
migration of containers.
%package ctr
Summary: Client for %{name}
Group: System/Management
Requires: %{name} = %{version}
# KUBIC-SPECIFIC: There used to be a kubic-specific containerd package, but now
# it's been merged into the one package.
Obsoletes: %{name}-ctr = 0.2.5+gitr569_2a5e70c
Obsoletes: %{name}-ctr-kubic <= %{version}
Obsoletes: %{name}-ctr_2a5e70c
%description ctr
Standalone client for containerd, which allows management of containerd containers
separately from Docker.
%package devel
Summary: Source code for containerd
Group: Development/Libraries/Go
Requires: %{name} = %{version}
BuildArch: noarch
%description devel
This package contains the source code needed for building packages that
reference the following Go import paths: github.com/containerd/containerd
%prep
%setup -q -n %{name}-%{version}_%{git_short}
%if 0%{?sle_version} == 120000
%patch1 -p1
%endif
%patch2 -p1
%build
%goprep %{import_path}
BUILDTAGS="apparmor selinux seccomp"
make \
BUILDTAGS="$BUILDTAGS" \
VERSION="v%{version}" \
REVISION="%{git_version}"
make man
cp -r "$PROJECT/bin" bin
%install
%gosrc
# Install binaries.
pushd bin/
for bin in containerd{,-shim*}
do
install -D -m755 "$bin" "%{buildroot}/%{_sbindir}/$bin"
done
# "ctr" is a bit too generic.
install -D -m755 ctr %{buildroot}/%{_sbindir}/%{name}-ctr
popd
# Set up dummy configuration.
install -d -m755 %{buildroot}/%{_sysconfdir}/%{name}
echo "# See containerd-config.toml(5) for documentation." >%{buildroot}/%{_sysconfdir}/%{name}/config.toml
# Install system service
install -Dp -m644 %{SOURCE2} %{buildroot}%{_unitdir}/%{name}.service
# Man pages.
for file in man/*
do
section="${file##*.}"
install -D -m644 "$file" "%{buildroot}/%{_mandir}/man$section/$(basename "$file")"
done
mv %{buildroot}/%{_mandir}/man8/{ctr.8,%{name}-ctr.8}
%fdupes %{buildroot}
%pre
%service_add_pre %{name}.service
%post
%service_add_post %{name}.service
%preun
%service_del_preun %{name}.service
%postun
%service_del_postun %{name}.service
%files
%defattr(-,root,root)
%doc README.md
%license LICENSE
%dir %{_sysconfdir}/%{name}
%config %{_sysconfdir}/%{name}/config.toml
%{_sbindir}/containerd
%{_sbindir}/containerd-shim*
%{_unitdir}/%{name}.service
%{_mandir}/man*/%{name}*
%exclude %{_mandir}/man8/*ctr.8*
%files ctr
%{_sbindir}/%{name}-ctr
%{_mandir}/man8/%{name}-ctr.8*
%files devel
%license LICENSE
%dir %{go_contribsrcdir}/github.com
%dir %{go_contribsrcdir}/github.com/containerd
%{go_contribsrcdir}/%{import_path}
%changelog