alvistack/v1.27.7

git clean -xdf go mod download go mod vendor curl -skL https://github.com/containers/common/pull/2004.patch | patch -p1 -d ./vendor/github.com/containers/common tar zcvf ../cri-o_1.27.7.orig.tar.gz --exclude=.git . debuild -uc -us cp cri-o.spec ../cri-o_1.27.7-1.spec cp ../cri-o*1.27.7*.{gz,xz,spec,dsc} /osc/home\:alvistack/cri-o-cri-o-1.27.7/ rm -rf ../cri-o*1.27.7*.* See containers/common#2004 Signed-off-by: Wong Hoi Sing Edison <hswong3i@pantarei-design.com>
alvistack · Jun 2, 2024 · d42737e · d42737e
1 parent 593a9a9
commit d42737e
Show file tree

Hide file tree

Showing 14 changed files with 352 additions and 10 deletions.
diff --git a/contrib/systemd/crio-wipe.service b/contrib/systemd/crio-wipe.service
@@ -1,19 +1,18 @@
 [Unit]
 Description=CRI-O Auto Update Script
 Before=crio.service
-RequiresMountsFor=/var/lib/containers
+Wants=crio.service
 
 [Service]
-EnvironmentFile=-/etc/sysconfig/crio
-ExecStart=/usr/local/bin/crio \
+Type=oneshot
+EnvironmentFile=-/etc/default/crio
+ExecStart=/usr/bin/crio \
           $CRIO_CONFIG_OPTIONS \
           $CRIO_RUNTIME_OPTIONS \
           $CRIO_STORAGE_OPTIONS \
           $CRIO_NETWORK_OPTIONS \
           $CRIO_METRICS_OPTIONS \
           wipe
 
-Type=oneshot
-
 [Install]
 WantedBy=multi-user.target
diff --git a/contrib/systemd/crio.service b/contrib/systemd/crio.service
@@ -1,15 +1,14 @@
 [Unit]
 Description=Container Runtime Interface for OCI (CRI-O)
 Documentation=https://github.com/cri-o/cri-o
-Wants=network-online.target
-Before=kubelet.service
-After=network-online.target
+After=network-online.target local-fs.target remote-fs.target time-sync.target
+Wants=network-online.target local-fs.target remote-fs.target time-sync.target
 
 [Service]
 Type=notify
-EnvironmentFile=-/etc/sysconfig/crio
+EnvironmentFile=-/etc/default/crio
 Environment=GOTRACEBACK=crash
-ExecStart=/usr/local/bin/crio \
+ExecStart=/usr/bin/crio \
           $CRIO_CONFIG_OPTIONS \
           $CRIO_RUNTIME_OPTIONS \
           $CRIO_STORAGE_OPTIONS \

diff --git a/cri-o.spec b/cri-o.spec
@@ -0,0 +1,154 @@
+# Copyright 2024 Wong Hoi Sing Edison <hswong3i@pantarei-design.com>
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+%global debug_package %{nil}
+
+%global source_date_epoch_from_changelog 0
+
+Name: cri-o
+Epoch: 100
+Version: 1.27.7
+Release: 1%{?dist}
+Summary: OCI-based implementation of Kubernetes Container Runtime Interface
+License: Apache-2.0
+URL: https://github.com/cri-o/cri-o/tags
+Source0: %{name}_%{version}.orig.tar.gz
+BuildRequires: glib2-devel
+BuildRequires: glibc-static
+BuildRequires: golang-1.22
+BuildRequires: gpgme-devel
+BuildRequires: libassuan-devel
+BuildRequires: libgpg-error-devel
+BuildRequires: libseccomp-devel
+BuildRequires: make
+BuildRequires: pkgconfig
+BuildRequires: systemd-devel
+BuildRequires: tzdata
+Requires: conmon
+Requires: conntrack-tools
+Requires: containernetworking-plugins
+Requires: containers-common
+Requires: iproute
+Requires: iptables
+Requires: oci-runtime
+Requires: socat
+Requires: tzdata
+
+%description
+CRI-O provides an integration path between OCI conformant runtimes and
+the kubelet. Specifically, it implements the Kubelet Container Runtime
+Interface (CRI) using OCI conformant runtimes. The scope of CRI-O is
+tied to the scope of the CRI.
+
+%prep
+%autosetup -T -c -n %{name}_%{version}-%{release}
+tar -zx -f %{S:0} --strip-components=1 -C .
+
+%build
+mkdir -p bin
+set -ex && \
+    export CGO_ENABLED=1 && \
+    go build \
+        -mod vendor -buildmode pie -v \
+        -ldflags "-s -w" \
+        -tags "netgo osusergo exclude_graphdriver_devicemapper exclude_graphdriver_btrfs containers_image_openpgp seccomp selinux" \
+        -o ./bin/crio ./cmd/crio && \
+    go build \
+        -mod vendor -buildmode pie -v \
+        -ldflags "-s -w" \
+        -tags "netgo osusergo exclude_graphdriver_devicemapper exclude_graphdriver_btrfs containers_image_openpgp seccomp selinux" \
+        -o ./bin/crio-status ./cmd/crio-status && \
+    make bin/pinns
+./bin/crio --config="" --config-dir "" \
+    --apparmor-profile "crio-default" \
+    --cni-config-dir "/etc/cni/net.d" \
+    --cni-plugin-dir "/usr/local/libexec/cni" \
+    --cni-plugin-dir "/usr/libexec/cni" \
+    --cni-plugin-dir "/usr/local/lib/cni" \
+    --cni-plugin-dir "/usr/lib/cni" \
+    --cni-plugin-dir "/opt/cni/bin" \
+    --conmon-cgroup "system.slice" \
+    --conmon-env "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" \
+    --conmon-env "TERM=xterm" \
+    --decryption-keys-path "/etc/crio/keys" \
+    --default-capabilities "AUDIT_WRITE" \
+    --default-capabilities "CHOWN" \
+    --default-capabilities "DAC_OVERRIDE" \
+    --default-capabilities "FOWNER" \
+    --default-capabilities "FSETID" \
+    --default-capabilities "KILL" \
+    --default-capabilities "MKNOD" \
+    --default-capabilities "NET_BIND_SERVICE" \
+    --default-capabilities "NET_RAW" \
+    --default-capabilities "SETFCAP" \
+    --default-capabilities "SETGID" \
+    --default-capabilities "SETPCAP" \
+    --default-capabilities "SETUID" \
+    --default-capabilities "SYS_CHROOT" \
+    --pause-image "registry.k8s.io/pause:3.9" \
+    --root "/var/lib/containers/storage" \
+    --runroot "/run/containers/storage" \
+    --seccomp-profile "/usr/share/containers/seccomp.json" \
+    --storage-driver "overlay" \
+    --storage-opt "overlay.mount_program=/usr/bin/fuse-overlayfs" \
+    --storage-opt "overlay.mountopt=nodev" \
+    --version-file "/var/run/crio/version" \
+    --version-file-persist "/var/run/crio/version" \
+    config > crio.conf
+
+%install
+install -Dpm755 -d %{buildroot}%{_sysconfdir}/default
+install -Dpm755 -d %{buildroot}%{_bindir}
+install -Dpm644 -T contrib/sysconfig/crio %{buildroot}%{_sysconfdir}/default/crio
+install -Dpm755 -t %{buildroot}%{_bindir}/ bin/crio
+install -Dpm755 -t %{buildroot}%{_bindir}/ bin/crio-status
+install -Dpm755 -t %{buildroot}%{_bindir}/ bin/pinns
+DESTDIR=%{buildroot} \
+PREFIX=%{buildroot}%{_prefix} \
+    make install.completions install.config-nobuild
+PREFIX=%{buildroot}%{_prefix} \
+        make install.systemd
+
+%files
+%license LICENSE
+%doc contrib/cni/10-crio-bridge.conflist
+%doc contrib/cni/11-crio-ipv4-bridge.conflist
+%doc contrib/cni/99-loopback.conflist
+%dir %{_sysconfdir}/crio
+%dir %{_sysconfdir}/crio/crio.conf.d
+%dir %{_sysconfdir}/default
+%dir %{_datadir}/containers
+%dir %{_datadir}/containers/oci
+%dir %{_datadir}/containers/oci/hooks.d
+%dir %{_datadir}/fish
+%dir %{_datadir}/fish/completions
+%dir %{_datadir}/oci-umount
+%dir %{_datadir}/oci-umount/oci-umount.d
+%{_bindir}/crio
+%{_bindir}/crio-status
+%{_bindir}/pinns
+%{_datadir}/bash-completion/completions/crio
+%{_datadir}/bash-completion/completions/crio-status
+%{_datadir}/fish/completions/crio-status.fish
+%{_datadir}/fish/completions/crio.fish
+%{_datadir}/oci-umount/oci-umount.d/crio-umount.conf
+%{_datadir}/zsh/site-functions/_crio
+%{_datadir}/zsh/site-functions/_crio-status
+%{_sysconfdir}/crictl.yaml
+%{_sysconfdir}/crio/crio.conf
+%{_sysconfdir}/default/crio
+%{_unitdir}/crio-wipe.service
+%{_unitdir}/crio.service
+
+%changelog
diff --git a/debian/.gitignore b/debian/.gitignore
@@ -0,0 +1,6 @@
+*.substvars
+*debhelper*
+.debhelper
+cri-o
+files
+tmp
diff --git a/debian/changelog b/debian/changelog
@@ -0,0 +1,5 @@
+cri-o (100:1.27.7-1) UNRELEASED; urgency=medium
+
+  * https://github.com/cri-o/cri-o/releases/tag/v1.27.7
+
+ -- Wong Hoi Sing Edison <hswong3i@pantarei-design.com>  Sun, 02 Jun 2024 10:24:48 +0800
diff --git a/debian/control b/debian/control
@@ -0,0 +1,47 @@
+Source: cri-o
+Section: devel
+Priority: optional
+Standards-Version: 4.5.0
+Maintainer: Wong Hoi Sing Edison <hswong3i@pantarei-design.com>
+Homepage: https://github.com/cri-o/cri-o/tags
+Vcs-Browser: https://github.com/alvistack/cri-o-cri-o
+Vcs-Git: https://github.com/alvistack/cri-o-cri-o.git
+Build-Depends:
+ debhelper,
+ debhelper-compat (= 10),
+ golang-1.22,
+ libapparmor-dev,
+ libassuan-dev,
+ libglib2.0-dev,
+ libgpg-error-dev,
+ libgpgme-dev,
+ libseccomp-dev,
+ libsystemd-dev,
+ tzdata,
+
+Package: cri-o
+Architecture: amd64
+Description: OCI-based implementation of Kubernetes Container Runtime Interface
+ CRI-O provides an integration path between OCI conformant runtimes and
+ the kubelet. Specifically, it implements the Kubelet Container Runtime
+ Interface (CRI) using OCI conformant runtimes. The scope of CRI-O is
+ tied to the scope of the CRI.
+Depends:
+ ${shlibs:Depends},
+ ${misc:Depends},
+ conmon,
+ conntrack,
+ containernetworking-plugins,
+ containers-common,
+ iproute2,
+ iptables,
+ libapparmor1,
+ libassuan0,
+ libglib2.0-0,
+ libgpg-error0,
+ libgpgme11,
+ libseccomp2,
+ libsystemd0,
+ oci-runtime,
+ socat,
+ tzdata,
diff --git a/debian/copyright b/debian/copyright
@@ -0,0 +1,21 @@
+Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+
+Files: debian/*
+Copyright: 2024 Wong Hoi Sing Edison <hswong3i@pantarei-design.com>
+License: Apache-2.0
+
+License: Apache-2.0
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+ .
+ http://www.apache.org/licenses/LICENSE-2.0
+ .
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ .
+ The complete text of the Apache version 2.0 license
+ can be found in "/usr/share/common-licenses/Apache-2.0".
diff --git a/debian/cri-o.dirs b/debian/cri-o.dirs
@@ -0,0 +1,9 @@
+etc/cni
+etc/cni/net.d
+etc/crio
+etc/crio/crio.conf.d
+usr/share/containers
+usr/share/containers/oci
+usr/share/containers/oci/hooks.d
+usr/share/oci-umount
+usr/share/oci-umount/oci-umount.d
diff --git a/debian/cri-o.docs b/debian/cri-o.docs
@@ -0,0 +1,3 @@
+contrib/cni/10-crio-bridge.conflist
+contrib/cni/11-crio-ipv4-bridge.conflist
+contrib/cni/99-loopback.conflist
diff --git a/debian/cri-o.install b/debian/cri-o.install
@@ -0,0 +1,15 @@
+etc/crictl.yaml
+etc/crio/crio.conf
+etc/default/crio
+lib/systemd/system/crio-wipe.service
+lib/systemd/system/crio.service
+usr/bin/crio
+usr/bin/crio-status
+usr/bin/pinns
+usr/share/bash-completion/completions/crio
+usr/share/bash-completion/completions/crio-status
+usr/share/fish/completions/crio-status.fish
+usr/share/fish/completions/crio.fish
+usr/share/oci-umount/oci-umount.d/crio-umount.conf
+usr/share/zsh/site-functions/_crio
+usr/share/zsh/site-functions/_crio-status
diff --git a/debian/cri-o.lintian-overrides b/debian/cri-o.lintian-overrides
@@ -0,0 +1,6 @@
+cri-o: copyright-without-copyright-notice
+cri-o: hardening-no-pie
+cri-o: initial-upload-closes-no-bugs
+cri-o: no-manual-page
+cri-o: statically-linked-binary
+cri-o: zero-byte-file-in-doc-directory
diff --git a/debian/rules b/debian/rules
@@ -0,0 +1,75 @@
+#!/usr/bin/make -f
+
+SHELL := /bin/bash
+
+override_dh_auto_build:
+	mkdir -p bin
+	set -ex && \
+		export CGO_ENABLED=1 && \
+		go build \
+			-mod vendor -buildmode pie -v \
+			-ldflags "-s -w" \
+			-tags "netgo osusergo exclude_graphdriver_devicemapper exclude_graphdriver_btrfs containers_image_openpgp seccomp apparmor" \
+			-o ./bin/crio ./cmd/crio && \
+		go build \
+			-mod vendor -buildmode pie -v \
+			-ldflags "-s -w" \
+			-tags "netgo osusergo exclude_graphdriver_devicemapper exclude_graphdriver_btrfs containers_image_openpgp seccomp apparmor" \
+			-o ./bin/crio-status ./cmd/crio-status && \
+		make bin/pinns
+	./bin/crio --config="" --config-dir "" \
+		--apparmor-profile "crio-default" \
+		--cni-config-dir "/etc/cni/net.d" \
+		--cni-plugin-dir "/usr/local/libexec/cni" \
+		--cni-plugin-dir "/usr/libexec/cni" \
+		--cni-plugin-dir "/usr/local/lib/cni" \
+		--cni-plugin-dir "/usr/lib/cni" \
+		--cni-plugin-dir "/opt/cni/bin" \
+		--conmon-cgroup "system.slice" \
+		--conmon-env "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" \
+		--conmon-env "TERM=xterm" \
+		--decryption-keys-path "/etc/crio/keys" \
+		--default-capabilities "AUDIT_WRITE" \
+		--default-capabilities "CHOWN" \
+		--default-capabilities "DAC_OVERRIDE" \
+		--default-capabilities "FOWNER" \
+		--default-capabilities "FSETID" \
+		--default-capabilities "KILL" \
+		--default-capabilities "MKNOD" \
+		--default-capabilities "NET_BIND_SERVICE" \
+		--default-capabilities "NET_RAW" \
+		--default-capabilities "SETFCAP" \
+		--default-capabilities "SETGID" \
+		--default-capabilities "SETPCAP" \
+		--default-capabilities "SETUID" \
+		--default-capabilities "SYS_CHROOT" \
+		--pause-image "registry.k8s.io/pause:3.9" \
+		--root "/var/lib/containers/storage" \
+		--runroot "/run/containers/storage" \
+		--seccomp-profile "/usr/share/containers/seccomp.json" \
+		--storage-driver "overlay" \
+		--storage-opt "overlay.mount_program=/usr/bin/fuse-overlayfs" \
+		--storage-opt "overlay.mountopt=nodev" \
+		--version-file "/var/run/crio/version" \
+		--version-file-persist "/var/run/crio/version" \
+		config > crio.conf
+
+override_dh_auto_install:
+	install -Dpm755 -d debian/tmp/etc/default
+	install -Dpm755 -d debian/tmp/usr/bin
+	install -Dpm755 -T contrib/sysconfig/crio debian/tmp/etc/default/crio
+	install -Dpm755 -t debian/tmp/usr/bin bin/crio
+	install -Dpm755 -t debian/tmp/usr/bin bin/crio-status
+	install -Dpm755 -t debian/tmp/usr/bin bin/pinns
+	DESTDIR=debian/tmp \
+	PREFIX=debian/tmp/usr \
+		make install.completions install.config-nobuild
+	PREFIX=debian/tmp \
+		make install.systemd
+
+override_dh_auto_test:
+
+override_dh_auto_clean:
+
+%:
+	dh $@
diff --git a/debian/source/format b/debian/source/format
@@ -0,0 +1 @@
+3.0 (quilt)
diff --git a/debian/source/lintian-overrides b/debian/source/lintian-overrides
@@ -0,0 +1,2 @@
+cri-o source: file-without-copyright-information
+cri-o source: no-debian-changes