2022-10-26 19:28:57 +08:00
|
|
|
%global goipath github.com/k3s-io/containerd
|
|
|
|
|
%global debug_package %{nil}
|
|
|
|
|
%global version_suffix k3s1
|
|
|
|
|
Version: 1.6.6
|
|
|
|
|
Name: k3s-containerd
|
2024-03-21 11:39:54 +08:00
|
|
|
Release: 9
|
2022-10-26 19:28:57 +08:00
|
|
|
Summary: An industry-standard container runtime
|
|
|
|
|
License: Apache-2.0
|
|
|
|
|
URL: https://github.com/k3s-io/containerd
|
|
|
|
|
Source0: https://github.com/k3s-io/containerd/archive/refs/tags/v%{version}-%{version_suffix}.tar.gz
|
|
|
|
|
|
2024-03-13 15:08:38 +08:00
|
|
|
Patch0001: 0001-Fix-CVE-2023-25153.patch
|
2024-03-15 09:48:52 +08:00
|
|
|
Patch0002: 0002-Fix-CVE-2022-23471.patch
|
2024-03-18 15:38:20 +08:00
|
|
|
Patch0003: 0003-fix-PLATYPUS-attack-of-RAPL-accessible-to-a-containe.patch
|
2024-03-19 10:25:27 +08:00
|
|
|
Patch0004: 0004-fix-CVE-2023-25173.patch
|
2024-03-21 11:39:54 +08:00
|
|
|
Patch0005: 0005-fix-CVE-2023-39325.patch
|
2024-03-13 15:08:38 +08:00
|
|
|
|
2022-10-26 19:28:57 +08:00
|
|
|
BuildRequires: golang glibc-static make btrfs-progs-devel
|
|
|
|
|
|
|
|
|
|
%description
|
|
|
|
|
containerd is an industry-standard container runtime with an emphasis on
|
|
|
|
|
simplicity, robustness and portability. It is available as a daemon for Linux
|
|
|
|
|
and Windows, which can manage the complete container lifecycle of its host
|
|
|
|
|
system: image transfer and storage, container execution and supervision,
|
|
|
|
|
low-level storage and network attachments, etc.
|
|
|
|
|
|
|
|
|
|
%prep
|
2024-03-13 15:08:38 +08:00
|
|
|
%autosetup -p1 -n containerd-%{version}-%{version_suffix}
|
2022-10-26 19:28:57 +08:00
|
|
|
|
|
|
|
|
%build
|
|
|
|
|
mkdir -p k3s-containerd/bin
|
|
|
|
|
|
|
|
|
|
PKG="github.com/k3s-io/k3s"
|
|
|
|
|
PKG_CONTAINERD="github.com/containerd/containerd"
|
|
|
|
|
PKG_K3S_CONTAINERD="github.com/k3s-io/containerd"
|
|
|
|
|
PKG_CRICTL="github.com/kubernetes-sigs/cri-tools/pkg"
|
|
|
|
|
PKG_K8S_BASE="k8s.io/component-base"
|
|
|
|
|
PKG_K8S_CLIENT="k8s.io/client-go/pkg"
|
|
|
|
|
PKG_CNI_PLUGINS="github.com/containernetworking/plugins"
|
|
|
|
|
|
|
|
|
|
buildDate=$(date -u '+%Y-%m-%dT%H:%M:%SZ')
|
|
|
|
|
|
|
|
|
|
VERSIONFLAGS="
|
|
|
|
|
-X ${PKG}/pkg/version.Version=v1.24.2+k3s-
|
|
|
|
|
-X ${PKG}/pkg/version.GitCommit=
|
|
|
|
|
-X ${PKG_K8S_CLIENT}/version.gitVersion=v1.24.2+k3s-
|
|
|
|
|
-X ${PKG_K8S_CLIENT}/version.gitCommit=
|
|
|
|
|
-X ${PKG_K8S_CLIENT}/version.gitTreeState=clean
|
|
|
|
|
-X ${PKG_K8S_CLIENT}/version.buildDate=${buildDate}
|
|
|
|
|
-X ${PKG_K8S_BASE}/version.gitVersion=v1.24.2+k3s-
|
|
|
|
|
-X ${PKG_K8S_BASE}/version.gitCommit=
|
|
|
|
|
-X ${PKG_K8S_BASE}/version.gitTreeState=clean
|
|
|
|
|
-X ${PKG_K8S_BASE}/version.buildDate=${buildDate}
|
|
|
|
|
-X ${PKG_CRICTL}/version.Version=v1.24.0-k3s1
|
|
|
|
|
-X ${PKG_CONTAINERD}/version.Version=v1.6.6-k3s1
|
|
|
|
|
-X ${PKG_CONTAINERD}/version.Package=${PKG_K3S_CONTAINERD}
|
|
|
|
|
-X ${PKG_CNI_PLUGINS}/pkg/buildversion.BuildVersion=v1.1.1-k3s1
|
|
|
|
|
"
|
|
|
|
|
TAGS="apparmor seccomp netgo osusergo providerless urfave_cli_no_docs"
|
|
|
|
|
LDFLAGS=" -w -s"
|
|
|
|
|
CGO_ENABLED=1 go build -tags "$TAGS" -ldflags "$VERSIONFLAGS $LDFLAGS" -o k3s-containerd/bin ./cmd/containerd
|
2023-03-03 11:07:27 +08:00
|
|
|
CGO_ENABLED=1 go build -buildmode=pie -tags "$TAGS" -ldflags "$VERSIONFLAGS $LDFLAGS -linkmode=external -extldflags '-Wl,-z,relro -Wl,-z,now'" -o k3s-containerd/bin ./cmd/containerd-shim-runc-v2
|
2022-10-26 19:28:57 +08:00
|
|
|
|
|
|
|
|
%install
|
|
|
|
|
install -d -p %{buildroot}%{_libexecdir}/containerd/
|
|
|
|
|
cp k3s-containerd/bin/* %{buildroot}%{_libexecdir}/containerd/
|
|
|
|
|
mkdir -p %{buildroot}%{_libexecdir}/containerd/containerd-%{version}
|
|
|
|
|
cp -rf %{_builddir}/containerd-%{version}-%{version_suffix}/. %{buildroot}%{_libexecdir}/containerd/containerd-%{version}
|
|
|
|
|
|
|
|
|
|
%files
|
|
|
|
|
%{_libexecdir}/containerd/containerd
|
|
|
|
|
%{_libexecdir}/containerd/containerd-shim-runc-v2
|
|
|
|
|
%{_libexecdir}/containerd/containerd-%{version}/.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
%changelog
|
2024-03-21 11:39:54 +08:00
|
|
|
* Thu Mar 21 2024 zhangbowei <zhangbowei@kylinos.cn> - 1.6.6-k3s1-9
|
|
|
|
|
- Type:bugfix
|
|
|
|
|
- CVE:NA
|
|
|
|
|
- SUG:NA
|
|
|
|
|
- DESC: fix CVE-2023-39325
|
|
|
|
|
|
2024-03-19 10:25:27 +08:00
|
|
|
* Tue Mar 19 2024 zhangbowei <zhangbowei@kylinos.cn> - 1.6.6-k3s1-8
|
|
|
|
|
- Type:bugfix
|
|
|
|
|
- CVE:NA
|
|
|
|
|
- SUG:NA
|
|
|
|
|
- DESC: fix CVE-2023-2517
|
|
|
|
|
|
2024-03-18 15:38:20 +08:00
|
|
|
* Mon Mar 18 2024 zhangbowei <zhangbowei@kylinos.cn> - 1.6.6-k3s1-7
|
|
|
|
|
- Type:bugfix
|
|
|
|
|
- CVE:NA
|
|
|
|
|
- SUG:NA
|
|
|
|
|
- DESC:fix PLATYPUS attack of RAPL accessible to a container
|
|
|
|
|
|
2024-03-15 09:48:52 +08:00
|
|
|
* Fri Mar 15 2024 zhangbowei <zhangbowei@kylinos.cn> - 1.6.6-k3s1-6
|
|
|
|
|
- Type:bugfix
|
|
|
|
|
- CVE:NA
|
|
|
|
|
- SUG:NA
|
|
|
|
|
- DESC: fix CVE-2022-23471
|
|
|
|
|
|
2024-03-13 15:08:38 +08:00
|
|
|
* Wed Mar 13 2024 zhangbowei <zhangbowei@kylinos.cn> - 1.6.6-k3s1-5
|
|
|
|
|
- Type:bugfix
|
|
|
|
|
- CVE:NA
|
|
|
|
|
- SUG:NA
|
|
|
|
|
- DESC: fix CVE-2023-25153
|
|
|
|
|
|
2023-03-03 11:07:27 +08:00
|
|
|
* Fri Mar 03 2023 wangkai <wangkai385@h-partners.com> - 1.6.6-k3s1-4
|
|
|
|
|
- Add PIE,BIND_NOW,RELRO secure compilation options
|
|
|
|
|
|
2022-10-26 19:28:57 +08:00
|
|
|
* Wed Aug 03 2022 liukuo <liukuo@kylinos.cn> - 1.6.6-k3s1-3
|
|
|
|
|
- License compliance rectification
|
|
|
|
|
|
|
|
|
|
* Tue Aug 02 2022 Ge Wang <wangge20@h-partners.com> - 1.6.6-k3s1-2
|
|
|
|
|
- Add src code to package, which is dependended by k3s
|
|
|
|
|
|
|
|
|
|
* Fri Jul 22 2022 Ge Wang <wangge20@h-partners.com> - 1.6.6-k3s1-1
|
|
|
|
|
- Init package
|
