forked from bottlerocket-os/bottlerocket
-
Notifications
You must be signed in to change notification settings - Fork 0
/
containerd.spec
104 lines (87 loc) · 2.97 KB
/
containerd.spec
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
%global goproject github.com/containerd
%global gorepo containerd
%global goimport %{goproject}/%{gorepo}
%global gover 1.5.5
%global rpmver %{gover}
%global gitrev 72cec4be58a9eb6b2910f5d10f1c01ca47d231c0
%global _dwz_low_mem_die_limit 0
Name: %{_cross_os}%{gorepo}
Version: %{rpmver}
Release: 1%{?dist}
Summary: An industry-standard container runtime
License: Apache-2.0
URL: https://%{goimport}
Source0: https://%{goimport}/archive/v%{gover}/%{gorepo}-%{gover}.tar.gz
Source1: containerd.service
Source2: containerd-config-toml_k8s
Source3: containerd-config-toml_basic
Source5: containerd-tmpfiles.conf
Source1000: clarify.toml
# TODO: submit this upstream, including a unit test.
Patch1001: 1001-cri-set-default-RLIMIT_NOFILE.patch
# TODO: drop this when https://github.com/containerd/containerd/pull/5104/ is merged
Patch1002: 1002-cri-filter-selinux-xattr-for-image-volumes.patch
# CVE-2021-41103
Patch2001: 0001-v2-runtime-reduce-permissions-for-bundle-dir.patch
Patch2002: 0002-v1-runtime-reduce-permissions-for-bundle-dir.patch
Patch2003: 0003-btrfs-reduce-permissions-on-plugin-directories.patch
BuildRequires: git
BuildRequires: %{_cross_os}glibc-devel
Requires: %{_cross_os}runc
%description
%{summary}.
%prep
%autosetup -Sgit -n %{gorepo}-%{gover} -p1
%cross_go_setup %{gorepo}-%{gover} %{goproject} %{goimport}
%build
%cross_go_configure %{goimport}
export BUILDTAGS="no_btrfs selinux"
export LD_VERSION="-X github.com/containerd/containerd/version.Version=%{gover}+bottlerocket"
export LD_REVISION="-X github.com/containerd/containerd/version.Revision=%{gitrev}"
for bin in \
containerd \
containerd-shim \
containerd-shim-runc-v1 \
containerd-shim-runc-v2 \
ctr ;
do
go build \
-buildmode=pie \
-ldflags="-linkmode=external ${LD_VERSION} ${LD_REVISION}" \
-tags="${BUILDTAGS}" \
-o ${bin} \
%{goimport}/cmd/${bin}
done
%install
install -d %{buildroot}%{_cross_bindir}
for bin in \
containerd \
containerd-shim \
containerd-shim-runc-v1 \
containerd-shim-runc-v2 \
ctr ;
do
install -p -m 0755 ${bin} %{buildroot}%{_cross_bindir}
done
install -d %{buildroot}%{_cross_unitdir}
install -p -m 0644 %{S:1} %{buildroot}%{_cross_unitdir}/containerd.service
install -d %{buildroot}%{_cross_templatedir}
install -d %{buildroot}%{_cross_factorydir}%{_cross_sysconfdir}/containerd
install -p -m 0644 %{S:2} %{S:3} %{buildroot}%{_cross_templatedir}
install -d %{buildroot}%{_cross_tmpfilesdir}
install -p -m 0644 %{S:5} %{buildroot}%{_cross_tmpfilesdir}/containerd.conf
%cross_scan_attribution --clarify %{S:1000} go-vendor vendor
%files
%license LICENSE NOTICE
%{_cross_attribution_file}
%{_cross_attribution_vendor_dir}
%{_cross_bindir}/containerd
%{_cross_bindir}/containerd-shim
%{_cross_bindir}/containerd-shim-runc-v1
%{_cross_bindir}/containerd-shim-runc-v2
%{_cross_bindir}/ctr
%{_cross_unitdir}/containerd.service
%dir %{_cross_factorydir}%{_cross_sysconfdir}/containerd
%{_cross_templatedir}/containerd-config-toml*
%{_cross_tmpfilesdir}/containerd.conf
%changelog