├── .dockerignore ├── .github └── PULL_REQUEST_TEMPLATE.md ├── .gitignore ├── CONTRIBUTING.md ├── Jenkinsfile ├── LICENSE ├── Makefile ├── Makefile.win ├── NOTICE ├── README.md ├── common ├── common.mk └── containerd.toml ├── debian ├── README.md ├── changelog ├── compat ├── control ├── copyright ├── manpages ├── rules └── source │ └── format ├── dockerfiles ├── deb.dockerfile ├── rpm.dockerfile └── win.dockerfile ├── rpm ├── README.md └── containerd.spec └── scripts ├── .helpers ├── .rpm-helpers ├── build-deb ├── build-rpm ├── checkout.sh ├── deb-or-rpm ├── determine-base ├── determine-runc-version ├── new-deb-release ├── new-rpm-release └── validate ├── fileheader └── template ├── bash.txt ├── dockerfile.txt └── makefile.txt /.dockerignore: -------------------------------------------------------------------------------- 1 | /.dockerignore 2 | /.gitignore 3 | /.git 4 | /archive 5 | /build 6 | /common/*.mk 7 | /*.md 8 | /Jenkinsfile 9 | /Makefile 10 | /Makefile.win 11 | -------------------------------------------------------------------------------- /.github/PULL_REQUEST_TEMPLATE.md: -------------------------------------------------------------------------------- 1 | 15 | 16 | **- What I did** 17 | 18 | **- How I did it** 19 | 20 | **- How to verify it** 21 | 22 | **- Description for the changelog** 23 | 27 | 28 | 29 | **- A picture of a cute animal (not mandatory but encouraged)** 30 | 31 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | archive/ 2 | artifacts/ 3 | build/ 4 | common/containerd.service 5 | src/ 6 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # Contributing 2 | 3 | Contributions should be made via pull requests. Pull requests will be reviewed 4 | by one or more maintainers and merged when acceptable. 5 | 6 | The goal of the containerd packaging project is to enable developers to package [containerd](https://github.com/containerd/containerd). 7 | 8 | ## Applying License Header to New Files 9 | 10 | If you submit a contribution that adds a new file, please add the license 11 | header. You can do so manually or use the `ltag` tool: 12 | 13 | ```console 14 | $ go get github.com/kunalkushwaha/ltag 15 | $ ltag -t ./script/validate/template 16 | ``` 17 | 18 | The above will add the appropriate license header to Go language source files, 19 | Makefiles, Dockerfiles, and shell scripts. New templates will need to be added 20 | if other kinds of files are added. Please consult the 21 | documentation at https://github.com/kunalkushwaha/ltag 22 | 23 | ## Sign your work 24 | 25 | The sign-off is a simple line at the end of the explanation for the patch. Your 26 | signature certifies that you wrote the patch or otherwise have the right to pass 27 | it on as an open-source patch. The rules are pretty simple: if you can certify 28 | the below (from [developercertificate.org](http://developercertificate.org/)): 29 | 30 | ``` 31 | Developer Certificate of Origin 32 | Version 1.1 33 | 34 | Copyright (C) 2004, 2006 The Linux Foundation and its contributors. 35 | 660 York Street, Suite 102, 36 | San Francisco, CA 94110 USA 37 | 38 | Everyone is permitted to copy and distribute verbatim copies of this 39 | license document, but changing it is not allowed. 40 | 41 | Developer's Certificate of Origin 1.1 42 | 43 | By making a contribution to this project, I certify that: 44 | 45 | (a) The contribution was created in whole or in part by me and I 46 | have the right to submit it under the open source license 47 | indicated in the file; or 48 | 49 | (b) The contribution is based upon previous work that, to the best 50 | of my knowledge, is covered under an appropriate open source 51 | license and I have the right under that license to submit that 52 | work with modifications, whether created in whole or in part 53 | by me, under the same open source license (unless I am 54 | permitted to submit under a different license), as indicated 55 | in the file; or 56 | 57 | (c) The contribution was provided directly to me by some other 58 | person who certified (a), (b) or (c) and I have not modified 59 | it. 60 | 61 | (d) I understand and agree that this project and the contribution 62 | are public and that a record of the contribution (including all 63 | personal information I submit with it, including my sign-off) is 64 | maintained indefinitely and may be redistributed consistent with 65 | this project or the open source license(s) involved. 66 | ``` 67 | 68 | Then you just add a line to every git commit message: 69 | 70 | Signed-off-by: Joe Smith 71 | 72 | Use your real name (sorry, no pseudonyms or anonymous contributions.) 73 | 74 | If you set your `user.name` and `user.email` git configs, you can sign your 75 | commit automatically with `git commit -s`. 76 | -------------------------------------------------------------------------------- /Jenkinsfile: -------------------------------------------------------------------------------- 1 | #!groovy 2 | 3 | // List of packages to build. Note that this list is overridden in the packaging 4 | // repository, where additional variants may be added for enterprise. 5 | // 6 | // This list is ordered by Distro (alphabetically), and release (chronologically). 7 | // When adding a distro here, also open a pull request in the release repository. 8 | def images = [ 9 | [image: "docker.io/library/amazonlinux:2", arches: ["aarch64"]], 10 | [image: "quay.io/centos/centos:stream9", arches: ["amd64", "aarch64"]], // CentOS Stream 9 (EOL: 2027) 11 | [image: "quay.io/centos/centos:stream10", arches: ["amd64", "aarch64"]], // CentOS Stream 10 (EOL: 2030) 12 | [image: "docker.io/library/rockylinux:8", arches: ["amd64", "aarch64"]], // Rocky Linux 8 (EOL: 2029-05-31) 13 | [image: "docker.io/library/rockylinux:9", arches: ["amd64", "aarch64"]], // Rocky Linux 9 (EOL: 2032-05-31) 14 | [image: "docker.io/library/almalinux:8", arches: ["amd64", "aarch64"]], // AlmaLinux 8 (EOL: 2029) 15 | [image: "docker.io/library/almalinux:9", arches: ["amd64", "aarch64"]], // AlmaLinux 9 (EOL: 2032) 16 | [image: "docker.io/library/debian:bullseye", arches: ["amd64", "aarch64", "armhf"]], // Debian 11 (oldstable, EOL: 2024-08-14, EOL (LTS): 2026-08-31) 17 | [image: "docker.io/library/debian:bookworm", arches: ["amd64", "aarch64", "armhf"]], // Debian 12 (stable, EOL: 2026-06-10, EOL (LTS): 2028-06-30) 18 | [image: "docker.io/library/debian:trixie", arches: ["amd64", "aarch64", "armhf"]], // Debian 13 (testing) 19 | [image: "docker.io/library/fedora:41", arches: ["amd64", "aarch64"]], // Fedora 41 (EOL: November, 2025) 20 | [image: "docker.io/library/fedora:42", arches: ["amd64", "aarch64"]], // Fedora 42 (EOL: May 13, 2026) 21 | [image: "docker.io/library/fedora:rawhide", arches: ["amd64", "aarch64"]], // Rawhide is the name given to the current development version of Fedora 22 | [image: "docker.io/opensuse/leap:15", arches: ["amd64"]], 23 | [image: "docker.io/balenalib/rpi-raspbian:bullseye",arches: ["armhf"]], 24 | [image: "docker.io/balenalib/rpi-raspbian:bookworm",arches: ["armhf"]], 25 | [image: "docker.io/library/ubuntu:jammy", arches: ["amd64", "aarch64", "armhf"]], // Ubuntu 22.04 LTS (End of support: April, 2027. EOL: April, 2032) 26 | [image: "docker.io/library/ubuntu:noble", arches: ["amd64", "aarch64", "armhf"]], // Ubuntu 24.04 LTS (End of support: April, 2029. EOL: April, 2034) 27 | [image: "docker.io/library/ubuntu:oracular", arches: ["amd64", "aarch64", "armhf"]], // Ubuntu 24.10 (EOL: July, 2025) 28 | [image: "docker.io/library/ubuntu:plucky", arches: ["amd64", "aarch64", "armhf"]], // Ubuntu 25.04 (EOL: January, 2026) 29 | ] 30 | 31 | def generatePackageStep(opts, arch) { 32 | return { 33 | wrappedNode(label: "ubuntu-2004 && ${arch}") { 34 | stage("${opts.image}-${arch}") { 35 | // This is just a "dummy" stage to make the distro/arch visible 36 | // in Jenkins' BlueOcean view, which truncates names.... 37 | sh 'echo starting...' 38 | } 39 | stage("info") { 40 | sh 'docker version' 41 | sh 'docker info' 42 | sh ''' 43 | curl -fsSL "https://raw.githubusercontent.com/moby/moby/master/contrib/check-config.sh" | bash || true 44 | ''' 45 | } 46 | stage("checkout") { 47 | checkout scm 48 | sh 'make clean' 49 | } 50 | stage("build") { 51 | sh "make CREATE_ARCHIVE=1 ARCH=${arch} ${opts.image}" 52 | archiveArtifacts(artifacts: 'archive/*.tar.gz', onlyIfSuccessful: true) 53 | } 54 | stage("build-main") { 55 | // We're not archiving these builds as they have the same name 56 | // as the 1.7 builds, so would replace those. We're building 57 | // the main branch to verify that the scripts work for main (2.0) 58 | sh "make REF=main ARCH=${arch} ${opts.image}" 59 | } 60 | } 61 | } 62 | } 63 | 64 | def generatePackageSteps(opts) { 65 | return opts.arches.collectEntries { 66 | ["${opts.image}-${it}": generatePackageStep(opts, it)] 67 | } 68 | } 69 | 70 | def packageBuildSteps = [ 71 | "windows": { -> 72 | node("windows-2022") { 73 | stage("windows") { 74 | catchError(buildResult: 'SUCCESS', stageResult: 'FAILURE') { 75 | try { 76 | checkout scm 77 | sh("make -f Makefile.win archive") 78 | } finally { 79 | deleteDir() 80 | } 81 | } 82 | } 83 | } 84 | } 85 | ] 86 | 87 | packageBuildSteps << images.collectEntries { generatePackageSteps(it) } 88 | 89 | pipeline { 90 | agent none 91 | stages { 92 | stage('Check file headers') { 93 | agent { label 'ubuntu-2004 && amd64' } 94 | steps{ 95 | script{ 96 | checkout scm 97 | sh "make validate" 98 | } 99 | } 100 | } 101 | stage('Build packages') { 102 | steps { 103 | script { 104 | parallel(packageBuildSteps) 105 | } 106 | } 107 | } 108 | } 109 | } 110 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | 2 | Apache License 3 | Version 2.0, January 2004 4 | http://www.apache.org/licenses/ 5 | 6 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 7 | 8 | 1. Definitions. 9 | 10 | "License" shall mean the terms and conditions for use, reproduction, 11 | and distribution as defined by Sections 1 through 9 of this document. 12 | 13 | "Licensor" shall mean the copyright owner or entity authorized by 14 | the copyright owner that is granting the License. 15 | 16 | "Legal Entity" shall mean the union of the acting entity and all 17 | other entities that control, are controlled by, or are under common 18 | control with that entity. For the purposes of this definition, 19 | "control" means (i) the power, direct or indirect, to cause the 20 | direction or management of such entity, whether by contract or 21 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 22 | outstanding shares, or (iii) beneficial ownership of such entity. 23 | 24 | "You" (or "Your") shall mean an individual or Legal Entity 25 | exercising permissions granted by this License. 26 | 27 | "Source" form shall mean the preferred form for making modifications, 28 | including but not limited to software source code, documentation 29 | source, and configuration files. 30 | 31 | "Object" form shall mean any form resulting from mechanical 32 | transformation or translation of a Source form, including but 33 | not limited to compiled object code, generated documentation, 34 | and conversions to other media types. 35 | 36 | "Work" shall mean the work of authorship, whether in Source or 37 | Object form, made available under the License, as indicated by a 38 | copyright notice that is included in or attached to the work 39 | (an example is provided in the Appendix below). 40 | 41 | "Derivative Works" shall mean any work, whether in Source or Object 42 | form, that is based on (or derived from) the Work and for which the 43 | editorial revisions, annotations, elaborations, or other modifications 44 | represent, as a whole, an original work of authorship. For the purposes 45 | of this License, Derivative Works shall not include works that remain 46 | separable from, or merely link (or bind by name) to the interfaces of, 47 | the Work and Derivative Works thereof. 48 | 49 | "Contribution" shall mean any work of authorship, including 50 | the original version of the Work and any modifications or additions 51 | to that Work or Derivative Works thereof, that is intentionally 52 | submitted to Licensor for inclusion in the Work by the copyright owner 53 | or by an individual or Legal Entity authorized to submit on behalf of 54 | the copyright owner. For the purposes of this definition, "submitted" 55 | means any form of electronic, verbal, or written communication sent 56 | to the Licensor or its representatives, including but not limited to 57 | communication on electronic mailing lists, source code control systems, 58 | and issue tracking systems that are managed by, or on behalf of, the 59 | Licensor for the purpose of discussing and improving the Work, but 60 | excluding communication that is conspicuously marked or otherwise 61 | designated in writing by the copyright owner as "Not a Contribution." 62 | 63 | "Contributor" shall mean Licensor and any individual or Legal Entity 64 | on behalf of whom a Contribution has been received by Licensor and 65 | subsequently incorporated within the Work. 66 | 67 | 2. Grant of Copyright License. Subject to the terms and conditions of 68 | this License, each Contributor hereby grants to You a perpetual, 69 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 70 | copyright license to reproduce, prepare Derivative Works of, 71 | publicly display, publicly perform, sublicense, and distribute the 72 | Work and such Derivative Works in Source or Object form. 73 | 74 | 3. Grant of Patent License. Subject to the terms and conditions of 75 | this License, each Contributor hereby grants to You a perpetual, 76 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 77 | (except as stated in this section) patent license to make, have made, 78 | use, offer to sell, sell, import, and otherwise transfer the Work, 79 | where such license applies only to those patent claims licensable 80 | by such Contributor that are necessarily infringed by their 81 | Contribution(s) alone or by combination of their Contribution(s) 82 | with the Work to which such Contribution(s) was submitted. If You 83 | institute patent litigation against any entity (including a 84 | cross-claim or counterclaim in a lawsuit) alleging that the Work 85 | or a Contribution incorporated within the Work constitutes direct 86 | or contributory patent infringement, then any patent licenses 87 | granted to You under this License for that Work shall terminate 88 | as of the date such litigation is filed. 89 | 90 | 4. Redistribution. You may reproduce and distribute copies of the 91 | Work or Derivative Works thereof in any medium, with or without 92 | modifications, and in Source or Object form, provided that You 93 | meet the following conditions: 94 | 95 | (a) You must give any other recipients of the Work or 96 | Derivative Works a copy of this License; and 97 | 98 | (b) You must cause any modified files to carry prominent notices 99 | stating that You changed the files; and 100 | 101 | (c) You must retain, in the Source form of any Derivative Works 102 | that You distribute, all copyright, patent, trademark, and 103 | attribution notices from the Source form of the Work, 104 | excluding those notices that do not pertain to any part of 105 | the Derivative Works; and 106 | 107 | (d) If the Work includes a "NOTICE" text file as part of its 108 | distribution, then any Derivative Works that You distribute must 109 | include a readable copy of the attribution notices contained 110 | within such NOTICE file, excluding those notices that do not 111 | pertain to any part of the Derivative Works, in at least one 112 | of the following places: within a NOTICE text file distributed 113 | as part of the Derivative Works; within the Source form or 114 | documentation, if provided along with the Derivative Works; or, 115 | within a display generated by the Derivative Works, if and 116 | wherever such third-party notices normally appear. The contents 117 | of the NOTICE file are for informational purposes only and 118 | do not modify the License. You may add Your own attribution 119 | notices within Derivative Works that You distribute, alongside 120 | or as an addendum to the NOTICE text from the Work, provided 121 | that such additional attribution notices cannot be construed 122 | as modifying the License. 123 | 124 | You may add Your own copyright statement to Your modifications and 125 | may provide additional or different license terms and conditions 126 | for use, reproduction, or distribution of Your modifications, or 127 | for any such Derivative Works as a whole, provided Your use, 128 | reproduction, and distribution of the Work otherwise complies with 129 | the conditions stated in this License. 130 | 131 | 5. Submission of Contributions. Unless You explicitly state otherwise, 132 | any Contribution intentionally submitted for inclusion in the Work 133 | by You to the Licensor shall be under the terms and conditions of 134 | this License, without any additional terms or conditions. 135 | Notwithstanding the above, nothing herein shall supersede or modify 136 | the terms of any separate license agreement you may have executed 137 | with Licensor regarding such Contributions. 138 | 139 | 6. Trademarks. This License does not grant permission to use the trade 140 | names, trademarks, service marks, or product names of the Licensor, 141 | except as required for reasonable and customary use in describing the 142 | origin of the Work and reproducing the content of the NOTICE file. 143 | 144 | 7. Disclaimer of Warranty. Unless required by applicable law or 145 | agreed to in writing, Licensor provides the Work (and each 146 | Contributor provides its Contributions) on an "AS IS" BASIS, 147 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 148 | implied, including, without limitation, any warranties or conditions 149 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 150 | PARTICULAR PURPOSE. You are solely responsible for determining the 151 | appropriateness of using or redistributing the Work and assume any 152 | risks associated with Your exercise of permissions under this License. 153 | 154 | 8. Limitation of Liability. In no event and under no legal theory, 155 | whether in tort (including negligence), contract, or otherwise, 156 | unless required by applicable law (such as deliberate and grossly 157 | negligent acts) or agreed to in writing, shall any Contributor be 158 | liable to You for damages, including any direct, indirect, special, 159 | incidental, or consequential damages of any character arising as a 160 | result of this License or out of the use or inability to use the 161 | Work (including but not limited to damages for loss of goodwill, 162 | work stoppage, computer failure or malfunction, or any and all 163 | other commercial damages or losses), even if such Contributor 164 | has been advised of the possibility of such damages. 165 | 166 | 9. Accepting Warranty or Additional Liability. While redistributing 167 | the Work or Derivative Works thereof, You may choose to offer, 168 | and charge a fee for, acceptance of support, warranty, indemnity, 169 | or other liability obligations and/or rights consistent with this 170 | License. However, in accepting such obligations, You may act only 171 | on Your own behalf and on Your sole responsibility, not on behalf 172 | of any other Contributor, and only if You agree to indemnify, 173 | defend, and hold each Contributor harmless for any liability 174 | incurred by, or claims asserted against, such Contributor by reason 175 | of your accepting any such warranty or additional liability. 176 | 177 | END OF TERMS AND CONDITIONS 178 | 179 | APPENDIX: How to apply the Apache License to your work. 180 | 181 | To apply the Apache License to your work, attach the following 182 | boilerplate notice, with the fields enclosed by brackets "[]" 183 | replaced with your own identifying information. (Don't include 184 | the brackets!) The text should be enclosed in the appropriate 185 | comment syntax for the file format. We also recommend that a 186 | file or class name and description of purpose be included on the 187 | same "printed page" as the copyright notice for easier 188 | identification within third-party archives. 189 | 190 | Copyright [yyyy] [name of copyright owner] 191 | 192 | Licensed under the Apache License, Version 2.0 (the "License"); 193 | you may not use this file except in compliance with the License. 194 | You may obtain a copy of the License at 195 | 196 | http://www.apache.org/licenses/LICENSE-2.0 197 | 198 | Unless required by applicable law or agreed to in writing, software 199 | distributed under the License is distributed on an "AS IS" BASIS, 200 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 201 | See the License for the specific language governing permissions and 202 | limitations under the License. -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | # Copyright 2018-2022 Docker Inc. 2 | 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | include common/common.mk 16 | 17 | ARCH=$(shell uname -m) 18 | BUILD_IMAGE=ubuntu:noble 19 | BUILD_TYPE=$(shell ./scripts/deb-or-rpm $(BUILD_IMAGE)) 20 | BUILD_BASE=$(shell ./scripts/determine-base $(BUILD_IMAGE)) 21 | 22 | # The PROGRESS variable allows overriding the docker build --progress option. 23 | # For example, use "make PROGRESS=plain ..." to show build progress in plain test 24 | PROGRESS=auto 25 | TARGET=packages 26 | 27 | all: build 28 | 29 | .PHONY: clean 30 | clean: 31 | -$(RM) -r archive 32 | -$(RM) -r artifacts 33 | -$(RM) -r build 34 | -$(RM) -r src 35 | -$(RM) common/containerd.service 36 | -docker builder prune -f --filter until=24h 37 | 38 | .PHONY: src 39 | src: src/github.com/containerd/containerd src/github.com/opencontainers/runc 40 | 41 | common/containerd.service: checkout 42 | # upstream systemd unit uses /usr/local/bin, whereas our packages use /usr/bin 43 | sed 's#/usr/local/bin/containerd#/usr/bin/containerd#g' src/github.com/containerd/containerd/containerd.service > $@ 44 | 45 | ifdef RUNC_DIR 46 | src/github.com/opencontainers/runc: 47 | mkdir -p "$(@D)" 48 | cp -r "$(RUNC_DIR)" $@ 49 | else 50 | src/github.com/opencontainers/runc: 51 | git init $@ 52 | git -C $@ remote add origin "$(RUNC_REMOTE)" 53 | endif 54 | 55 | ifdef CONTAINERD_DIR 56 | src/github.com/containerd/containerd: 57 | mkdir -p "$(@D)" 58 | cp -r "$(CONTAINERD_DIR)" $@ 59 | else 60 | src/github.com/containerd/containerd: 61 | git init $@ 62 | git -C $@ remote add origin "$(CONTAINERD_REMOTE)" 63 | endif 64 | 65 | # This targets allows building multiple distros at once, for example: 66 | # 67 | # make docker.io/library/ubuntu:jammy docker.io/library/centos:7 68 | # make quay.io/centos/centos:stream8 69 | # 70 | # It is a shorthand for "make BUILD_IMAGE=mydistro:version build" 71 | .PHONY: docker.io/% quay.io/% registry.access.redhat.com/% 72 | docker.io/% quay.io/% registry.access.redhat.com/%: 73 | $(MAKE) BUILD_IMAGE="$@" build 74 | 75 | .PHONY: checkout 76 | checkout: src 77 | ./scripts/checkout.sh src/github.com/containerd/containerd "$(REF)" 78 | ./scripts/checkout.sh src/github.com/opencontainers/runc "$$(./scripts/determine-runc-version)" 79 | 80 | .PHONY: build 81 | build: checkout common/containerd.service 82 | build: 83 | @echo "--------------------------------------------------------------------" 84 | @echo "Building $(TARGET) on $(BUILD_IMAGE)" 85 | @echo "" 86 | @echo "containerd : $(REF) (commit: $(shell git -C "src/github.com/containerd/containerd" log -1 --pretty='%h'))" 87 | @echo "runc : $$(./scripts/determine-runc-version) (commit: $$(git -C "src/github.com/opencontainers/runc" log -1 --pretty='%h'))" 88 | @echo "architecture : $(ARCH)" 89 | @echo "build image : $(BUILD_IMAGE)" 90 | @echo "golang image : $(GOLANG_IMAGE)" 91 | @echo "--------------------------------------------------------------------" 92 | 93 | @docker pull "$(BUILD_IMAGE)" 94 | 95 | @if [ -z "$(BUILD_BASE)" ]; then echo "Invalid build image $(BUILD_IMAGE) no build base found"; exit 1; fi 96 | @if [ -z "$(BUILD_TYPE)" ]; then echo "Invalid build image $(BUILD_IMAGE) no build type found"; exit 1; fi 97 | 98 | @set -x; DOCKER_BUILDKIT=1 docker build \ 99 | --pull \ 100 | --secret id=rh-user,env=RH_USER \ 101 | --secret id=rh-pass,env=RH_PASS \ 102 | --platform linux/$(ARCH) \ 103 | --build-arg GOLANG_IMAGE="$(GOLANG_IMAGE)" \ 104 | --build-arg BUILD_IMAGE="$(BUILD_IMAGE)" \ 105 | --build-arg BASE="$(BUILD_BASE)" \ 106 | --build-arg CREATE_ARCHIVE="$(CREATE_ARCHIVE)" \ 107 | --build-arg UID="$(shell id -u)" \ 108 | --build-arg GID="$(shell id -g)" \ 109 | --file="dockerfiles/$(BUILD_TYPE).dockerfile" \ 110 | --progress="$(PROGRESS)" \ 111 | --target="$(TARGET)" \ 112 | --output=. \ 113 | . 114 | 115 | .PHONY: validate 116 | validate: ## Validate files license header 117 | docker run --rm -v $(CURDIR):/work -w /work golang:alpine sh -c 'go install github.com/containerd/ltag@latest && ./scripts/validate/fileheader' 118 | -------------------------------------------------------------------------------- /Makefile.win: -------------------------------------------------------------------------------- 1 | # Copyright 2018-2022 Docker Inc. 2 | 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | include common/common.mk 16 | 17 | .PHONY: src 18 | src: src/github.com/containerd/containerd 19 | 20 | ifdef CONTAINERD_DIR 21 | src/github.com/containerd/containerd: 22 | Xcopy /E /I "$(CONTAINERD_DIR)" $@ 23 | else 24 | src/github.com/containerd/containerd: 25 | git init $@ 26 | git -C $@ remote add origin "$(CONTAINERD_REMOTE)" 27 | endif 28 | 29 | .PHONY: checkout 30 | checkout: src 31 | @git -C src/github.com/containerd/containerd fetch --depth 1 origin "$(REF)" 32 | @git -C src/github.com/containerd/containerd checkout -q FETCH_HEAD 33 | 34 | # Windows builder, only difference is we installed make 35 | windows-image: checkout 36 | docker build \ 37 | --pull \ 38 | --build-arg GOLANG_IMAGE=$(GOLANG_IMAGE) \ 39 | -t dockereng/containerd-windows-builder \ 40 | -f dockerfiles/win.dockerfile \ 41 | . 42 | echo 1 > $@ 43 | 44 | build/windows/%.exe: windows-image 45 | Powershell.exe New-Item -ItemType Directory -Force -Path build/windows/ 46 | docker run \ 47 | --rm \ 48 | -v "$(CURDIR)/src/:C:/gopath/src" \ 49 | -v "$(CURDIR)/build/windows:C:/gopath/src/github.com/containerd/containerd/bin" \ 50 | -w "C:/gopath/src/github.com/containerd/containerd" \ 51 | dockereng/containerd-windows-builder \ 52 | make bin/$* 53 | 54 | build/windows/containerd.zip: build/windows/containerd.exe build/windows/ctr.exe 55 | Powershell.exe Compress-Archive -Force -Path 'build/windows/*.exe' -DestinationPath '$@' 56 | 57 | .PHONY: archive 58 | archive: build/windows/containerd.zip 59 | 60 | .PHONY: clean 61 | clean: 62 | -$(RM) src 63 | -$(RM) windows-image 64 | -$(RM) build/windows 65 | -------------------------------------------------------------------------------- /NOTICE: -------------------------------------------------------------------------------- 1 | Docker containerd-packaging 2 | Copyright 2018-2022 Docker Inc. 3 | 4 | This product includes software developed at 5 | Docker Inc. (http://www.docker.com/). 6 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # containerd-packaging 2 | 3 | # Usage: 4 | 5 | To build a distro-specific package (rpm or deb): 6 | 7 | ```bash 8 | make clean 9 | make docker.io/library/: [docker.io/library/: ...] 10 | 11 | # for example: 12 | # make quay.io/centos/centos:stream9 13 | # make docker.io/library/ubuntu:24.04 14 | ``` 15 | 16 | After build completes, packages can be found in the `build` directory. 17 | 18 | ## Specifying the version to build 19 | 20 | By default, packages are built from HEAD of the `release/1.7` branch, as 21 | defines in [common/common.mk]. The version of runc defaults to the version 22 | as specified by the containerd project through the [script/setup/runc-version] 23 | file in the containerd repository. 24 | 25 | Use the `REF` and `RUNC_REF` make variables to specify the versions to build. 26 | The provided values must be a valid Git reference, which can be a commit 27 | (e.g., `ae71819` or `ae71819c4f5e67bb4d5ae76a6b735f29cc25774e`), branch 28 | (e.g. `main` or `release/1.7`), or tag (e.g. `v1.7.18`). 29 | 30 | The following example builds packages for containerd v1.7.18 with 31 | runc v1.1.12 for Ubuntu 24.04: 32 | 33 | ```bash 34 | make REF=v1.7.18 RUNC_REF=v1.1.12 docker.io/library/ubuntu:24.04 35 | ``` 36 | 37 | ## Building a package from a local source directory 38 | 39 | Specify the path to the local source directory using `CONTAINERD_DIR` and/or 40 | `RUNC_DIR`: 41 | 42 | ```bash 43 | make REF= CONTAINERD_DIR= docker.io/library/: 44 | ``` 45 | 46 | For example: 47 | 48 | ```bash 49 | make clean 50 | make REF=HEAD CONTAINERD_DIR=/home/me/go/src/github.com/containerd/containerd docker.io/library/ubuntu:jammy 51 | ``` 52 | 53 | ## For package maintainers: 54 | 55 | * [deb package maintainers guide](debian/README.md) 56 | * [rpm package maintainers guide](rpm/README.md) 57 | 58 | 59 | [common/common.mk]: https://github.com/docker/containerd-packaging/blob/main/common/common.mk#L19 60 | [script/setup/runc-version]: https://github.com/containerd/containerd/blob/v1.7.18/script/setup/runc-version 61 | -------------------------------------------------------------------------------- /common/common.mk: -------------------------------------------------------------------------------- 1 | # Copyright 2018-2022 Docker Inc. 2 | 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | # NOTE: When overriding CONTAINERD_REMOTE, make sure to also specify 16 | # GOVERSION, as it's hardcoded to look in the upstream repository 17 | CONTAINERD_REMOTE ?=https://github.com/containerd/containerd.git 18 | RUNC_REMOTE ?=https://github.com/opencontainers/runc.git 19 | REF?=release/1.7 20 | 21 | # Select the default version of Golang and runc based on the containerd source. 22 | GOLANG_VERSION?=$(shell grep "ARG GOLANG_VERSION" src/github.com/containerd/containerd/contrib/Dockerfile.test | awk -F'=' '{print $$2}') 23 | 24 | # Allow GOLANG_VERSION to be overridden through GOVERSION. 25 | # 26 | # We're using a separate variable for this to account for make being called as 27 | # either `GOVERSION=x make foo` or `make GOVERSION=x foo`, while also accounting 28 | # for `GOVERSION` to be an empty string (which may happen when triggered by some 29 | # Jenkins jobs in our pipeline). 30 | ifneq ($(strip $(GOVERSION)),) 31 | GOLANG_VERSION=$(GOVERSION) 32 | endif 33 | 34 | GOLANG_IMAGE=golang:$(GOLANG_VERSION) 35 | -------------------------------------------------------------------------------- /common/containerd.toml: -------------------------------------------------------------------------------- 1 | # Copyright 2018-2022 Docker Inc. 2 | 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | disabled_plugins = ["cri"] 16 | 17 | #root = "/var/lib/containerd" 18 | #state = "/run/containerd" 19 | #subreaper = true 20 | #oom_score = 0 21 | 22 | #[grpc] 23 | # address = "/run/containerd/containerd.sock" 24 | # uid = 0 25 | # gid = 0 26 | 27 | #[debug] 28 | # address = "/run/containerd/debug.sock" 29 | # uid = 0 30 | # gid = 0 31 | # level = "info" 32 | -------------------------------------------------------------------------------- /debian/README.md: -------------------------------------------------------------------------------- 1 | # Debian package maintainers guide 2 | 3 | ## Prepping a release 4 | 5 | For releases you should first have a tagged release on the 6 | [containerd](https://github.com/containerd/containerd/releases) 7 | repository. 8 | 9 | Afterwards test if you can actually build the release with (for example): 10 | 11 | ```bash 12 | make REF=${TAG} docker.io/library/ubuntu:24.04 13 | ``` 14 | 15 | If you can actually build the package then start prepping 16 | your release by adding an entry in the [`debian/changelog`](changelog) with the 17 | format: 18 | 19 | ```bash 20 | ./scripts/new-deb-release 21 | ``` 22 | 23 | This will add an entry into the changelog for the specified VERSION 24 | and will also increment the debian packaging version if the specified 25 | VERSION is already there. 26 | 27 | > **NOTE**: Make sure to fill out the bullets for the changelog 28 | 29 | ## Building the release: 30 | 31 | Releases can then be built with: 32 | 33 | ```bash 34 | make REF=${TAG} docker.io/library/ubuntu:24.04 35 | ``` 36 | 37 | or 38 | 39 | ```bash 40 | make REF=${TAG} BUILD_IMAGE=docker.io/library/ubuntu:24.04 41 | ``` 42 | -------------------------------------------------------------------------------- /debian/changelog: -------------------------------------------------------------------------------- 1 | containerd.io (1.7.27-1) release; urgency=medium 2 | 3 | * Update containerd binary to v1.7.27 4 | 5 | -- Paweł Gronowski Mon, 31 Mar 2025 12:35:03 +0000 6 | 7 | containerd.io (1.7.26-1) release; urgency=medium 8 | 9 | * Update containerd binary to v1.7.26 10 | * Update runc binary to v1.2.5 11 | 12 | -- Paweł Gronowski Wed, 12 Mar 2025 18:31:31 +0000 13 | 14 | containerd.io (1.7.25-1) release; urgency=medium 15 | 16 | * Update containerd binary to v1.7.25 17 | * Update runc binary to v1.2.4 18 | 19 | -- Paweł Gronowski Fri, 10 Jan 2025 13:41:35 +0000 20 | 21 | containerd.io (1.7.24-1) release; urgency=medium 22 | 23 | * Update containerd binary to v1.7.24 24 | * Update systemd unit to start containerd service after dbus.service 25 | * Update runc binary to v1.2.2 26 | 27 | -- Sebastiaan van Stijn Thu, 21 Nov 2024 16:37:21 +0000 28 | 29 | containerd.io (1.7.23-1) release; urgency=medium 30 | 31 | * Update containerd binary to v1.7.23 32 | * Update Golang runtime to 1.22.9 33 | 34 | -- Sebastiaan van Stijn Mon, 11 Nov 2024 14:37:29 +0000 35 | 36 | containerd.io (1.7.22-1) release; urgency=medium 37 | 38 | * Update containerd binary to v1.7.22 39 | * Update runc binary to v1.1.14 40 | * Update Golang runtime to 1.22.7 41 | 42 | -- Sebastiaan van Stijn Tue, 10 Sep 2024 13:49:46 +0000 43 | 44 | containerd.io (1.7.21-1) release; urgency=medium 45 | 46 | * Update containerd binary to v1.7.21 47 | * Update Golang runtime to 1.22.6 48 | 49 | -- Paweł Gronowski Tue, 27 Aug 2024 11:39:01 +0000 50 | 51 | containerd.io (1.7.20-1) release; urgency=medium 52 | 53 | * Update containerd binary to v1.7.20 54 | * Fix runc binary showing the incorrect version. 55 | 56 | -- Sebastiaan van Stijn Thu, 08 Aug 2024 14:20:22 +0000 57 | 58 | containerd.io (1.7.19-1) release; urgency=medium 59 | 60 | * Update containerd binary to v1.7.19 61 | * Update Golang runtime to 1.21.12, which includes a fix for CVE-2024-24791. 62 | 63 | -- Sebastiaan van Stijn Tue, 16 Jul 2024 21:05:17 +0000 64 | 65 | containerd.io (1.7.18-1) release; urgency=medium 66 | 67 | * Update containerd binary to v1.7.18 68 | * Update runc binary to v1.1.13 69 | 70 | -- Sebastiaan van Stijn Tue, 18 Jun 2024 19:00:07 +0000 71 | 72 | containerd.io (1.6.33-1) release; urgency=high 73 | 74 | * Update containerd binary to v1.6.33 75 | * Update Golang runtime to 1.21.11, which includes fixes for CVE-2024-24789, CVE-2024-24790. 76 | 77 | -- Sebastiaan van Stijn Tue, 04 Jun 2024 22:38:00 +0000 78 | 79 | -------------------------------------------------------------------------------- /debian/compat: -------------------------------------------------------------------------------- 1 | 10 2 | -------------------------------------------------------------------------------- /debian/control: -------------------------------------------------------------------------------- 1 | Source: containerd.io 2 | Section: devel 3 | Priority: optional 4 | Maintainer: Containerd team 5 | Build-Depends: debhelper (>= 10~) | dh-systemd, 6 | pkg-config, 7 | libseccomp-dev 8 | Standards-Version: 4.1.4 9 | Homepage: https://containerd.io 10 | Vcs-Browser: https://github.com/containerd/containerd 11 | XS-Go-Import-Path: github.com/containerd/containerd 12 | 13 | Package: containerd.io 14 | Architecture: any 15 | Depends: ${misc:Depends}, 16 | ${shlibs:Depends} 17 | Provides: containerd, runc 18 | Conflicts: containerd, runc 19 | Replaces: containerd, runc 20 | Description: An open and reliable container runtime 21 | -------------------------------------------------------------------------------- /debian/copyright: -------------------------------------------------------------------------------- 1 | Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ 2 | Upstream-Name: containerd 3 | Source: https://github.com/containerd/containerd 4 | 5 | Files: * 6 | Copyright: 2015 containerd 7 | License: Apache-2.0 8 | 9 | Files: debian/* 10 | Copyright: 2018 Eli Uriegas 11 | License: Apache-2.0 12 | Comment: Debian packaging is licensed under the same terms as upstream 13 | 14 | License: Apache-2.0 15 | Licensed under the Apache License, Version 2.0 (the "License"); 16 | you may not use this file except in compliance with the License. 17 | You may obtain a copy of the License at 18 | . 19 | http://www.apache.org/licenses/LICENSE-2.0 20 | . 21 | Unless required by applicable law or agreed to in writing, software 22 | distributed under the License is distributed on an "AS IS" BASIS, 23 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 24 | See the License for the specific language governing permissions and 25 | limitations under the License. 26 | . 27 | On Debian systems, the complete text of the Apache version 2.0 license 28 | can be found in "/usr/share/common-licenses/Apache-2.0". 29 | -------------------------------------------------------------------------------- /debian/manpages: -------------------------------------------------------------------------------- 1 | man/* 2 | -------------------------------------------------------------------------------- /debian/rules: -------------------------------------------------------------------------------- 1 | #!/usr/bin/make -f 2 | 3 | # Copyright 2018-2022 Docker Inc. 4 | 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | # Include default Makefile variables. 18 | include /usr/share/dpkg/default.mk 19 | 20 | # Build all armhf binaries as ARMv6 with hard float, to support both 21 | # Debian armhf and Raspbian armhf. 22 | ifeq ($(DEB_TARGET_ARCH),armhf) 23 | export CFLAGS += -marm -march=armv6+fp 24 | export GOARM := 6 25 | endif 26 | 27 | %: 28 | dh $@ 29 | 30 | # GO_SRC_PATH and PACKAGE are defined in the dockerfile 31 | # VERSION and REF are defined in scripts/build-deb 32 | # TODO remove custom PREFIX variable once containerd release/1.4 and release/1.5 33 | # are obsolete. See https://github.com/containerd/containerd/commit/b5f530a157 34 | binaries: ## Create containerd binaries 35 | @set -x; make -C $(GO_SRC_PATH) --no-print-directory \ 36 | DESTDIR="$$(pwd)" \ 37 | PREFIX="" \ 38 | VERSION=$${VERSION} \ 39 | REVISION=$${REF} \ 40 | PACKAGE=$${PACKAGE} \ 41 | binaries install 42 | 43 | # Remove containerd-stress, as we're not shipping it as part of the packages 44 | rm -f bin/containerd-stress 45 | 46 | bin/runc: 47 | # Unset the VERSION variable as it's meant for containerd's version, not runc. 48 | @set -x; env -u VERSION make -C /go/src/github.com/opencontainers/runc --no-print-directory \ 49 | BINDIR="$$(pwd)/bin" \ 50 | runc install 51 | 52 | man: ## Create containerd man pages 53 | @set -x; make -C $(GO_SRC_PATH) --no-print-directory man 54 | 55 | # copy the generated man pages instead of using "make install-man" to allow 56 | # dh_installman doing its magic 57 | install -d man 58 | install -D -m 0644 $(GO_SRC_PATH)/man/* man 59 | 60 | # force packages to be built with xz compression, as Ubuntu 21.10 and up use 61 | # zstd compression, which is non-standard, and breaks 'dpkg-sig --verify' 62 | override_dh_builddeb: 63 | dh_builddeb -- -Zxz 64 | 65 | override_dh_auto_build: binaries bin/runc man 66 | 67 | override_dh_systemd_start: 68 | dh_systemd_start --restart-after-upgrade 69 | sed -i 's/_dh_action=try-restart/_dh_action=restart/g' ./debian/containerd.io.postinst.debhelper 70 | 71 | override_dh_auto_install: binaries bin/runc man 72 | mkdir -p debian/containerd.io/usr/bin 73 | install -D -m 0755 bin/* debian/containerd.io/usr/bin 74 | install -D -m 0644 /root/common/containerd.service debian/containerd.io/lib/systemd/system/containerd.service 75 | install -D -m 0644 /root/common/containerd.toml debian/containerd.io/etc/containerd/config.toml 76 | -------------------------------------------------------------------------------- /debian/source/format: -------------------------------------------------------------------------------- 1 | 1.0 2 | -------------------------------------------------------------------------------- /dockerfiles/deb.dockerfile: -------------------------------------------------------------------------------- 1 | # syntax=docker/dockerfile:1 2 | 3 | 4 | # Copyright 2018-2022 Docker Inc. 5 | 6 | # Licensed under the Apache License, Version 2.0 (the "License"); 7 | # you may not use this file except in compliance with the License. 8 | # You may obtain a copy of the License at 9 | 10 | # http://www.apache.org/licenses/LICENSE-2.0 11 | 12 | # Unless required by applicable law or agreed to in writing, software 13 | # distributed under the License is distributed on an "AS IS" BASIS, 14 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 | # See the License for the specific language governing permissions and 16 | # limitations under the License. 17 | 18 | ARG BUILD_IMAGE=ubuntu:noble 19 | ARG GOLANG_IMAGE=golang:latest 20 | 21 | # Install golang from the official image, since the package managed 22 | # one probably is too old and ppa's don't cover all distros 23 | FROM ${GOLANG_IMAGE} AS golang 24 | 25 | FROM golang AS go-md2man 26 | ARG GOPROXY=direct 27 | ARG MD2MAN_VERSION=v2.0.7 28 | RUN go install github.com/cpuguy83/go-md2man/v2@${MD2MAN_VERSION} 29 | 30 | FROM ${BUILD_IMAGE} AS distro-image 31 | 32 | FROM distro-image AS build-env 33 | RUN mkdir -p /go 34 | ENV GOPATH=/go 35 | ENV GOTOOLCHAIN=local 36 | ENV PATH="${PATH}:/usr/local/go/bin:${GOPATH}/bin" 37 | ENV IMPORT_PATH=github.com/containerd/containerd 38 | ENV GO_SRC_PATH="/go/src/${IMPORT_PATH}" 39 | ARG DEBIAN_FRONTEND=noninteractive 40 | WORKDIR /root/containerd 41 | 42 | # Install some pre-reqs 43 | # NOTE: not using a cache-mount for apt, to prevent issues when building multiple 44 | # distros on the same machine / build-cache 45 | RUN apt-get update -q && apt-get install -y --no-install-recommends \ 46 | ca-certificates \ 47 | curl \ 48 | devscripts \ 49 | equivs \ 50 | git \ 51 | lsb-release \ 52 | && rm -rf /var/lib/apt/lists/* 53 | 54 | # FIXME(vvoland): workaround for building on arm64 without ld.gold 55 | # 56 | # go1.21 and up have a patch that enforces the use of ld.gold to work around 57 | # a bug in GNU binutils. See; 58 | # - https://github.com/golang/go/issues/22040. 59 | # - https://github.com/golang/go/commit/cd77738198ffe0c4a1db58352c89f9b2d2a4e85e 60 | # 61 | # Debian Trixie and up has a fixed version of binutils, and no longer requires that 62 | # patch, but will fail without ld.gold installed; 63 | # 64 | # /usr/bin/gcc -s -Wl,-z,relro -pie -Wl,-z,now -Wl,-z,nocopyreloc -fuse-ld=gold -Wl,--build-id=0x180b1b07171bd43d595eecf91a69ed0ef8a1e41f -o $WORK/b001/exe/a.out -rdynamic /tmp/go-link-443338093/go.o /tmp/go-link-443338093/000000.o /tmp/go-link-443338093/000001.o /tmp/go-link-443338093/000002.o /tmp/go-link-443338093/000003.o /tmp/go-link-443338093/000004.o /tmp/go-link-443338093/000005.o /tmp/go-link-443338093/000006.o /tmp/go-link-443338093/000007.o /tmp/go-link-443338093/000008.o /tmp/go-link-443338093/000009.o /tmp/go-link-443338093/000010.o /tmp/go-link-443338093/000011.o /tmp/go-link-443338093/000012.o /tmp/go-link-443338093/000013.o /tmp/go-link-443338093/000014.o /tmp/go-link-443338093/000015.o /tmp/go-link-443338093/000016.o /tmp/go-link-443338093/000017.o /tmp/go-link-443338093/000018.o /tmp/go-link-443338093/000019.o /tmp/go-link-443338093/000020.o /tmp/go-link-443338093/000021.o /tmp/go-link-443338093/000022.o /tmp/go-link-443338093/000023.o /tmp/go-link-443338093/000024.o /tmp/go-link-443338093/000025.o /tmp/go-link-443338093/000026.o /tmp/go-link-443338093/000027.o /tmp/go-link-443338093/000028.o /tmp/go-link-443338093/000029.o /tmp/go-link-443338093/000030.o /tmp/go-link-443338093/000031.o /tmp/go-link-443338093/000032.o -O2 -g -lresolv -O2 -g -lpthread -O2 -g -ldl -O2 -g -O2 -g -O2 -g -ldl 65 | # collect2: fatal error: cannot find 'ld' 66 | # 67 | # Since Trixie, binutils-gold is no longer installed as a part of the binutils package and needs to be installed separately. 68 | # 69 | # As a workaround; install binutils-gold if it's not installed 70 | RUN if [ "$(dpkg --print-architecture)" = 'arm64' ] && ! command -v ld.gold; then apt-get update && apt-get install -y binutils-gold; fi 71 | 72 | # Install build dependencies and build scripts 73 | COPY --link --from=go-md2man /go/bin/go-md2man /go/bin/go-md2man 74 | COPY --link debian/ debian/ 75 | # NOTE: not using a cache-mount for apt, to prevent issues when building multiple 76 | # distros on the same machine / build-cache 77 | # 78 | # NOTE: DO NOT REMOVE '/var/lib/apt/lists/', to allow building for Debian unstable. 79 | # 80 | # Debian "unstable" releases use apt caching information to get the codename 81 | # see discussion on https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845651: 82 | # 83 | # > That's all to say that this bug is (to my belief) actually expected behaviour; 84 | # > and fixing it through forcing the codename to be interpreted as "stretch" when 85 | # > apt-cache information is unavailable would be wrong. When /etc/debian_version 86 | # > contains "potato/sid", the codename is either potato xor sid, and only apt- 87 | # > cache can discriminate a testing host from a sid host. Therefore, in such a 88 | # > situation, the correct answer is actually "I can't tell", aka "n/a". 89 | # 90 | # From testing on https://github.com/docker/containerd-packaging/pull/213#issuecomment-782172567, 91 | # it reads the information from these files: 92 | # 93 | # - /var/lib/apt/lists/deb.debian.org_debian_dists_bullseye_InRelease 94 | # - /var/lib/apt/lists/deb.debian.org_debian_dists_bullseye_main_binary-amd64_Packages.lz4 95 | # 96 | # Removing these files (`rm -rf /var/lib/apt/lists/*`) causes 'lsb_release -sc` 97 | # to print 'n/a'. While we could use '/etc/debian_version' as a fallback for our 98 | # own scripts (stripping everything after '/' (e.g. bullseye/sid -> bullseye), 99 | # dpkg-buildpackage will still depend on this information to be present, and 100 | # if not present, renames packages to use 'n/a' in their path: 101 | # 102 | # dpkg-buildpackage: info: full upload; Debian-native package (full source is included) 103 | # renamed '../containerd.io-dbgsym_0.20210219.014044~e58be59-1_amd64.deb' -> '/build/debian/n/a/amd64/containerd.io-dbgsym_0.20210219.014044~e58be59-1_amd64.deb' 104 | # renamed '../containerd.io_0.20210219.014044~e58be59-1_amd64.deb' -> '/build/debian/n/a/amd64/containerd.io_0.20210219.014044~e58be59-1_amd64.deb' 105 | # 106 | # Given that we don't need the final image (as we only use it as a build environment 107 | # and copy the artifacts out), keeping some of the cache files should not be a problem. 108 | RUN apt-get update -q \ 109 | && mk-build-deps -t "apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y" -i debian/control 110 | COPY --link scripts/build-deb /root/ 111 | COPY --link scripts/.helpers /root/ 112 | 113 | ARG PACKAGE 114 | ENV PACKAGE=${PACKAGE:-containerd.io} 115 | 116 | FROM build-env AS build-packages 117 | RUN mkdir -p /archive /build 118 | COPY common/containerd.service common/containerd.toml /root/common/ 119 | ARG CREATE_ARCHIVE 120 | # NOTE: not using a cache-mount for /root/.cache/go-build, to prevent issues 121 | # with CGO when building multiple distros on the same machine / build-cache 122 | RUN --mount=type=bind,from=golang,source=/usr/local/go/,target=/usr/local/go/ \ 123 | --mount=type=bind,source=/src,target=/go/src,rw \ 124 | /root/build-deb 125 | ARG UID=0 126 | ARG GID=0 127 | RUN chown -R ${UID}:${GID} /archive /build 128 | 129 | # Verify that installing the package succeeds succesfully, and if we're able 130 | # to run both containerd and runc. This is just a rudimentary check to make 131 | # sure that package dependencies are installed and that the binaries are not 132 | # completely defunct. 133 | FROM distro-image AS verify-packages 134 | COPY --link --from=build-packages /build /build 135 | # NOTE: not using a cache-mount for apt, to prevent issues when building multiple 136 | # distros on the same machine / build-cache 137 | RUN apt-get update -q \ 138 | && dpkg --force-depends -i $(find /build -mindepth 3 -type f -name containerd.io_*.deb) || true; \ 139 | apt-get -y install --no-install-recommends --fix-broken \ 140 | && rm -rf /var/lib/apt/lists/* 141 | RUN containerd --version 142 | RUN ctr --version 143 | RUN runc --version 144 | 145 | FROM scratch AS packages 146 | COPY --link --from=build-packages /archive /archive 147 | COPY --link --from=verify-packages /build /build 148 | 149 | # This stage is mainly for debugging (running the build interactively with mounted source) 150 | FROM build-env AS runtime 151 | ENV GOTOOLCHAIN=local 152 | COPY --link --from=golang /usr/local/go/ /usr/local/go/ 153 | COPY --link common/containerd.service common/containerd.toml /root/common/ 154 | -------------------------------------------------------------------------------- /dockerfiles/rpm.dockerfile: -------------------------------------------------------------------------------- 1 | # syntax=docker/dockerfile:1 2 | 3 | 4 | # Copyright 2018-2022 Docker Inc. 5 | 6 | # Licensed under the Apache License, Version 2.0 (the "License"); 7 | # you may not use this file except in compliance with the License. 8 | # You may obtain a copy of the License at 9 | 10 | # http://www.apache.org/licenses/LICENSE-2.0 11 | 12 | # Unless required by applicable law or agreed to in writing, software 13 | # distributed under the License is distributed on an "AS IS" BASIS, 14 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 | # See the License for the specific language governing permissions and 16 | # limitations under the License. 17 | 18 | ARG BUILD_IMAGE=quay.io/centos/centos:stream9 19 | ARG BASE=centos 20 | ARG GOLANG_IMAGE=golang:latest 21 | 22 | # Install golang from the official image, since the package managed 23 | # one probably is too old and ppa's don't cover all distros 24 | FROM ${GOLANG_IMAGE} AS golang 25 | 26 | FROM golang AS go-md2man 27 | ARG GOPROXY=direct 28 | ARG MD2MAN_VERSION=v2.0.7 29 | RUN go install github.com/cpuguy83/go-md2man/v2@${MD2MAN_VERSION} 30 | 31 | FROM ${BUILD_IMAGE} AS redhat-base 32 | RUN dnf install -y rpm-build git dnf-plugins-core 33 | 34 | FROM redhat-base AS rhel-base 35 | RUN --mount=type=secret,id=rh-user --mount=type=secret,id=rh-pass <<-EOT 36 | rm -f /etc/rhsm-host 37 | 38 | if [ ! -f /run/secrets/rh-user ] || [ ! -f /run/secrets/rh-pass ]; then 39 | echo "Either RH_USER or RH_PASS is not set. Running build without subscription." 40 | else 41 | subscription-manager register \ 42 | --username="$(cat /run/secrets/rh-user)" \ 43 | --password="$(cat /run/secrets/rh-pass)" 44 | 45 | subscription-manager repos --enable codeready-builder-for-rhel-$(source /etc/os-release && echo "${VERSION_ID%.*}"-$(arch)-rpms) 46 | fi 47 | EOT 48 | 49 | FROM redhat-base AS centos-base 50 | RUN dnf config-manager --set-enabled crb 51 | 52 | FROM redhat-base AS ol-base 53 | RUN dnf config-manager --set-enabled ol8_addons 54 | 55 | FROM redhat-base AS rocky-base 56 | 57 | FROM redhat-base AS almalinux-base 58 | 59 | FROM redhat-base AS fedora-base 60 | # FIXME(thaJeztah): workaround for building on Fedora 41 on arm64 61 | # 62 | # go1.21 and up have a patch that enforces the use of ld.gold to work around 63 | # a bug in GNU binutils. See; 64 | # - https://github.com/golang/go/issues/22040. 65 | # - https://github.com/golang/go/commit/cd77738198ffe0c4a1db58352c89f9b2d2a4e85e 66 | # 67 | # Fedora 41 and up has a fixed version of binutils, and no longer requires that 68 | # patch, but will fail without ld.gold installed; 69 | # 70 | # /usr/bin/gcc -Wl,-z,now -Wl,-z,nocopyreloc -fuse-ld=gold -o $WORK/b001/exe/a.out -rdynamic /tmp/go-link-1738353519/go.o /tmp/go-link-1738353519/000000.o /tmp/go-link-1738353519/000001.o /tmp/go-link-1738353519/000002.o /tmp/go-link-1738353519/000003.o /tmp/go-link-1738353519/000004.o /tmp/go-link-1738353519/000005.o /tmp/go-link-1738353519/000006.o /tmp/go-link-1738353519/000007.o /tmp/go-link-1738353519/000008.o /tmp/go-link-1738353519/000009.o /tmp/go-link-1738353519/000010.o /tmp/go-link-1738353519/000011.o /tmp/go-link-1738353519/000012.o /tmp/go-link-1738353519/000013.o /tmp/go-link-1738353519/000014.o /tmp/go-link-1738353519/000015.o /tmp/go-link-1738353519/000016.o /tmp/go-link-1738353519/000017.o /tmp/go-link-1738353519/000018.o /tmp/go-link-1738353519/000019.o /tmp/go-link-1738353519/000020.o /tmp/go-link-1738353519/000021.o /tmp/go-link-1738353519/000022.o /tmp/go-link-1738353519/000023.o /tmp/go-link-1738353519/000024.o -O2 -g -lresolv -O2 -g -lpthread -O2 -g -ldl -O2 -g 71 | # collect2: fatal error: cannot find 'ld' 72 | # 73 | # Fedora's build of Go carries a patch for that, but it's not (yet) in upstream; 74 | # - https://src.fedoraproject.org/rpms/golang/blob/a867bd88a656c1d6e91e7b18bab696dc3fcf1e77/f/0006-Default-to-ld.bfd-on-ARM64.patch 75 | # - https://src.fedoraproject.org/rpms/golang/c/a867bd88a656c1d6e91e7b18bab696dc3fcf1e77?branch=rawhide 76 | # 77 | # As a workaround; install binutils-gold if it's not installed 78 | RUN if [ "$(rpm --query --queryformat='%{ARCH}' rpm)" = 'aarch64' ] && ! command -v ld.gold; then dnf -y install binutils-gold; fi 79 | 80 | FROM ${BUILD_IMAGE} AS amzn-base 81 | RUN yum install -y yum-utils rpm-build git 82 | 83 | FROM ${BUILD_IMAGE} AS suse-base 84 | RUN zypper -n install rpm-build git 85 | 86 | # Align the rpm directories used with other rpm-distros. 87 | # 88 | # CentOS, RHEL, and Fedora all use "~/rpmbuild" ("/root/rpmbuild") as default, 89 | # but SUSE uses "/usr/src/packages". Align the directory so that we can keep 90 | # our scripts universal. 91 | RUN echo "%_topdir /root/rpmbuild" > /root/.rpmmacros 92 | 93 | FROM ${BASE}-base AS distro-image 94 | 95 | FROM distro-image AS build-env 96 | RUN mkdir -p /go 97 | ENV GOPATH=/go 98 | ENV GOTOOLCHAIN=local 99 | ENV PATH="${PATH}:/usr/local/go/bin:${GOPATH}/bin" 100 | ENV IMPORT_PATH=github.com/containerd/containerd 101 | ENV GO_SRC_PATH="/go/src/${IMPORT_PATH}" 102 | ENV CC=gcc 103 | WORKDIR /root/rpmbuild 104 | 105 | # Install build dependencies and build scripts 106 | COPY --link --from=go-md2man /go/bin/go-md2man /go/bin/go-md2man 107 | COPY --link rpm/containerd.spec SPECS/containerd.spec 108 | COPY --link scripts/build-rpm /root/ 109 | COPY --link scripts/.rpm-helpers /root/ 110 | RUN . /root/.rpm-helpers; install_build_deps SPECS/containerd.spec 111 | 112 | ARG PACKAGE 113 | ENV PACKAGE=${PACKAGE:-containerd.io} 114 | 115 | FROM build-env AS build-packages 116 | RUN mkdir -p /archive /build 117 | COPY common/containerd.service common/containerd.toml SOURCES/ 118 | ARG CREATE_ARCHIVE 119 | # NOTE: not using a cache-mount for /root/.cache/go-build, to prevent issues 120 | # with CGO when building multiple distros on the same machine / build-cache 121 | RUN --mount=type=bind,from=golang,source=/usr/local/go/,target=/usr/local/go/ \ 122 | --mount=type=bind,source=/src,target=/go/src,rw \ 123 | --mount=type=bind,source=/src/github.com/containerd/containerd,target=/root/rpmbuild/SOURCES/containerd \ 124 | --mount=type=bind,source=/src/github.com/opencontainers/runc,target=/root/rpmbuild/SOURCES/runc \ 125 | /root/build-rpm 126 | ARG UID=0 127 | ARG GID=0 128 | RUN chown -R ${UID}:${GID} /archive /build 129 | 130 | # Verify that installing the package succeeds succesfully, and if we're able 131 | # to run both containerd and runc. This is just a rudimentary check to make 132 | # sure that package dependencies are installed and that the binaries are not 133 | # completely defunct. 134 | # 135 | # For rpms, installing packages with 'rpm -ivh my-local-package.rpm' or 136 | # 'yum --nogpgcheck localinstall packagename.arch.rpm' does not perform 137 | # dependency resolution, so we need to setup a local repository to verify the 138 | # installation (including dependencies). 139 | # 140 | # NOTE: Installation of source-packages is not currently tested here. 141 | FROM distro-image AS verify-packages 142 | COPY scripts/.rpm-helpers /root/ 143 | # On OpenSUSE/SLES, the package is now named `createrepo_c` 144 | RUN . /root/.rpm-helpers; if [ -d "/etc/zypp/repos.d/" ]; then install_package createrepo_c; else install_package createrepo; fi 145 | RUN if [ -d "/etc/zypp/repos.d/" ]; then ln -s "/etc/zypp/repos.d" "/etc/yum.repos.d"; fi \ 146 | && echo -e "[local]\nname=Test Repo\nbaseurl=file:///build/\nenabled=1\ngpgcheck=0" > "/etc/yum.repos.d/local.repo" 147 | COPY --from=build-packages /build/. /build/ 148 | RUN createrepo /build \ 149 | && . /root/.rpm-helpers \ 150 | && install_package containerd.io \ 151 | && rm -rf /build/repodata 152 | RUN containerd --version 153 | RUN ctr --version 154 | RUN runc --version 155 | 156 | FROM scratch AS packages 157 | COPY --link --from=build-packages /archive /archive 158 | COPY --link --from=verify-packages /build /build 159 | 160 | # This stage is mainly for debugging (running the build interactively with mounted source) 161 | FROM build-env AS runtime 162 | ENV GOTOOLCHAIN=local 163 | COPY --link --from=golang /usr/local/go/ /usr/local/go/ 164 | COPY --link common/containerd.service common/containerd.toml SOURCES/ 165 | -------------------------------------------------------------------------------- /dockerfiles/win.dockerfile: -------------------------------------------------------------------------------- 1 | # Copyright 2018-2022 Docker Inc. 2 | 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | ARG GOLANG_IMAGE=golang:latest 16 | FROM ${GOLANG_IMAGE} AS golang 17 | ENV chocolateyUseWindowsCompression=false 18 | # Install make and gcc 19 | # We install an older version of MinGW to workaround issues in CGO; 20 | # see https://github.com/golang/go/issues/51007 21 | RUN iex ((new-object net.webclient).DownloadString('https://chocolatey.org/install.ps1')); \ 22 | choco feature disable --name showDownloadProgress; \ 23 | choco install -y make; \ 24 | choco install -y mingw --version 10.2.0 --allow-downgrade 25 | -------------------------------------------------------------------------------- /rpm/README.md: -------------------------------------------------------------------------------- 1 | # rpm package maintainers guide 2 | 3 | ## Prepping a release 4 | 5 | For releases you should first have a tagged release on the 6 | [containerd](https://github.com/containerd/containerd/releases) 7 | repository. 8 | 9 | Afterwards test if you can actually build the release with (for example): 10 | 11 | ```bash 12 | make REF=${TAG} quay.io/centos/centos:stream9 13 | ``` 14 | 15 | If you can actually build the package then start prepping 16 | your release by adding a changelog entry in the 17 | [`rpm/containerd.spec`](containerd.spec) with the format: 18 | 19 | ```bash 20 | ./scripts/new-rpm-release 21 | ``` 22 | 23 | This will add an entry into the changelog for the specified VERSION 24 | and will also increment the rpm packaging version if the specified 25 | VERSION is already there. 26 | 27 | > **NOTE**: Make sure to fill out the bullets for the changelog 28 | 29 | ## Building the release: 30 | 31 | Releases can then be built with: 32 | 33 | ```bash 34 | make REF=${TAG} quay.io/centos/centos:stream9 35 | ``` 36 | 37 | or 38 | 39 | ```bash 40 | make REF=${TAG} BUILD_IMAGE=quay.io/centos/centos:stream9 41 | ``` 42 | -------------------------------------------------------------------------------- /rpm/containerd.spec: -------------------------------------------------------------------------------- 1 | BuildRoot: /root/.tmp/rpmrebuild.95/work/root 2 | AutoProv: no 3 | %undefine __find_provides 4 | AutoReq: no 5 | %undefine __find_requires 6 | 7 | %undefine __check_files 8 | %undefine __find_prereq 9 | %undefine __find_conflicts 10 | %undefine __find_obsoletes 11 | 12 | # Build policy set to nothing 13 | %define __spec_install_post %{nil} 14 | # For rmp-4.1 15 | %define __missing_doc_files_terminate_build 0 16 | 17 | %bcond_without ctr 18 | %bcond_with debug 19 | 20 | %if %{with debug} 21 | %global _dwz_low_mem_die_limit 0 22 | %else 23 | %global debug_package %{nil} 24 | %endif 25 | 26 | %define SHA256SUM0 08f057ece7e518b14cce2e9737228a5a899a7b58b78248a03e02f4a6c079eeaf 27 | %global import_path github.com/containerd/containerd 28 | %global gopath %{getenv:GOPATH} 29 | 30 | %global major_minor %(echo "${RPM_VERSION%%.*}") 31 | 32 | Name: containerd.io 33 | Provides: containerd 34 | # For some reason on rhel >= 8 if we "provide" runc then it makes this package unsearchable 35 | %if %{undefined rhel} || 0%{?rhel} < 8 36 | Provides: runc 37 | %endif 38 | 39 | # Obsolete packages 40 | Obsoletes: containerd 41 | Obsoletes: runc 42 | 43 | # Conflicting packages 44 | Conflicts: containerd 45 | Conflicts: runc 46 | 47 | Version: %{getenv:RPM_VERSION} 48 | Release: %{getenv:RPM_RELEASE_VERSION}%{?dist} 49 | Summary: An industry-standard container runtime 50 | License: Apache-2.0 51 | URL: https://containerd.io 52 | Source0: containerd 53 | Source1: containerd.service 54 | Source2: containerd.toml 55 | Source3: runc 56 | # container-selinux isn't a thing in suse flavors 57 | %if %{undefined suse_version} 58 | # amazonlinux2 doesn't have container-selinux either 59 | %if "%{?dist}" != ".amzn2" 60 | Requires: container-selinux 61 | %endif 62 | Requires: libseccomp 63 | %else 64 | # SUSE flavors do not have container-selinux, 65 | # and libseccomp is named libseccomp2 66 | Requires: libseccomp2 67 | %endif 68 | BuildRequires: make 69 | BuildRequires: gcc 70 | BuildRequires: systemd 71 | BuildRequires: libseccomp-devel 72 | 73 | %{?systemd_requires} 74 | 75 | %description 76 | containerd is an industry-standard container runtime with an emphasis on 77 | simplicity, robustness and portability. It is available as a daemon for Linux 78 | and Windows, which can manage the complete container lifecycle of its host 79 | system: image transfer and storage, container execution and supervision, 80 | low-level storage and network attachments, etc. 81 | 82 | 83 | %prep 84 | rm -rf %{_builddir} 85 | if [ ! -d %{_sourcedir}/containerd ]; then 86 | # Copy over our source code from our gopath to our source directory 87 | cp -rf /go/src/%{import_path} %{_sourcedir}/containerd; 88 | fi 89 | # symlink the go source path to our build directory 90 | ln -s /go/src/%{import_path} %{_builddir} 91 | 92 | if [ ! -d %{_sourcedir}/runc ]; then 93 | # Copy over our source code from our gopath to our source directory 94 | cp -rf /go/src/github.com/opencontainers/runc %{_sourcedir}/runc 95 | fi 96 | cd %{_builddir} 97 | 98 | 99 | %build 100 | cd %{_builddir} 101 | make man 102 | 103 | BUILDTAGS="" 104 | 105 | # TODO(thaJeztah): can we remove the version compare, or would that exclude other RHEL derivatives (Fedora, etc)? 106 | %if %{defined rhel} && 0%{?rhel} >= 7 107 | # btrfs support was removed in CentOS/RHEL 8, and containerd 1.7+ uses 108 | # linux kernel headers for btrfs, which are not provided by CentOS/RHEL 7 109 | # so build without btrfs support for any CentOS/RHEL version. 110 | BUILDTAGS="${BUILDTAGS} no_btrfs" 111 | %endif 112 | 113 | make -C /go/src/%{import_path} VERSION=%{getenv:VERSION} REVISION=%{getenv:REF} PACKAGE=%{getenv:PACKAGE} BUILDTAGS="${BUILDTAGS}" 114 | 115 | # Remove containerd-stress, as we're not shipping it as part of the packages 116 | rm -f bin/containerd-stress 117 | bin/containerd --version 118 | bin/ctr --version 119 | 120 | # Unset the VERSION variable as it's meant for containerd's version, not runc. 121 | env -u VERSION make -C /go/src/github.com/opencontainers/runc BINDIR=%{_builddir}/bin runc install 122 | 123 | 124 | %install 125 | cd %{_builddir} 126 | mkdir -p %{buildroot}%{_bindir} 127 | install -D -m 0755 bin/* %{buildroot}%{_bindir} 128 | install -D -m 0644 %{S:1} %{buildroot}%{_unitdir}/containerd.service 129 | install -D -m 0644 %{S:2} %{buildroot}%{_sysconfdir}/containerd/config.toml 130 | 131 | # install manpages, taking into account that not all sections may be present 132 | for i in $(seq 1 8); do 133 | if ls man/*.${i} 1> /dev/null 2>&1; then 134 | install -d %{buildroot}%{_mandir}/man${i}; 135 | install -p -m 644 man/*.${i} %{buildroot}%{_mandir}/man${i}; 136 | fi 137 | done 138 | 139 | %post 140 | %systemd_post containerd.service 141 | 142 | 143 | %preun 144 | %systemd_preun containerd.service 145 | 146 | 147 | %postun 148 | %systemd_postun_with_restart containerd.service 149 | 150 | 151 | %files 152 | %license LICENSE 153 | %doc README.md 154 | %{_bindir}/* 155 | %{_unitdir}/containerd.service 156 | %{_sysconfdir}/containerd 157 | %{_mandir}/man*/* 158 | %config(noreplace) %{_sysconfdir}/containerd/config.toml 159 | 160 | 161 | %changelog 162 | * Mon Mar 31 2025 Paweł Gronowski - 1.7.27-3.1 163 | - Update containerd binary to v1.7.27 164 | 165 | * Wed Mar 12 2025 Paweł Gronowski - 1.7.26-3.1 166 | - Update containerd binary to v1.7.26 167 | - Update runc binary to v1.2.5 168 | 169 | * Fri Jan 10 2025 Paweł Gronowski - 1.7.25-3.1 170 | - Update containerd binary to v1.7.25 171 | - Update runc binary to v1.2.4 172 | - Update the license fields to use the recommented SPDX identifier 173 | 174 | * Thu Nov 21 2024 Sebastiaan van Stijn - 1.7.24-3.1 175 | - Update containerd binary to v1.7.24 176 | - Update systemd unit to start containerd service after dbus.service 177 | - Update runc binary to v1.2.2 178 | 179 | * Mon Nov 11 2024 Sebastiaan van Stijn - 1.7.23-3.1 180 | - Update containerd binary to v1.7.23 181 | - Update Golang runtime to 1.22.9 182 | 183 | * Tue Sep 10 2024 Sebastiaan van Stijn - 1.7.22-3.1 184 | - Update containerd binary to v1.7.22 185 | - Update runc binary to v1.1.14 186 | - Update Golang runtime to 1.22.7 187 | 188 | * Tue Aug 27 2024 Paweł Gronowski - 1.7.21-3.1 189 | - Update containerd binary to v1.7.21 190 | - Update Golang runtime to 1.22.6 191 | 192 | * Thu Aug 08 2024 Sebastiaan van Stijn - 1.7.20-3.1 193 | - Update containerd binary to v1.7.20 194 | - Fix runc binary showing the incorrect version. 195 | 196 | * Tue Jul 16 2024 Sebastiaan van Stijn - 1.7.19-3.1 197 | - Update containerd binary to v1.7.19 198 | - Update Golang runtime to 1.21.12, which includes a fix for CVE-2024-24791. 199 | 200 | * Tue Jun 18 2024 Sebastiaan van Stijn - 1.7.18-3.1 201 | - Update containerd binary to v1.7.18 202 | - Update runc binary to v1.1.13 203 | 204 | * Tue Jun 04 2024 Sebastiaan van Stijn - 1.6.33-3.1 205 | - Update containerd binary to v1.6.33 206 | - Update Golang runtime to 1.21.11, which includes fixes for CVE-2024-24789, CVE-2024-24790. 207 | -------------------------------------------------------------------------------- /scripts/.helpers: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env sh 2 | 3 | control_field() ( 4 | field=$1 5 | if ! grep "${field}" debian/control >/dev/null 2>&1; then 6 | echo "Field '${field}' not available in debian/control, is that a mistake?" 7 | exit 1 8 | fi 9 | # strip field itself and trailing/leading whitespace 10 | grep "${field}" debian/control | sed -e "s/${field}://" -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//' 11 | ) 12 | -------------------------------------------------------------------------------- /scripts/.rpm-helpers: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env sh 2 | 3 | gen_test_ver() ( 4 | version=$1 5 | suffix=$2 6 | base_release_ver=$3 7 | spec_file=${SPEC_FILE:-SPECS/containerd.spec} 8 | test_num=${version#*-${suffix}.} 9 | without_rpm_ver="${base_release_ver}.${test_num}.${suffix}.${test_num}" 10 | # This only really matters for blessed builds (i.e. builds that are only rpm specific or have a version specific in the spec) 11 | # should output the latest rpm build number so that it gets placed accordingly in the repo 12 | if grep -q "${version%-${suffix}.*}-${without_rpm_ver}" "${spec_file}"; then 13 | grep -o "${version%-${suffix}.*}-${without_rpm_ver}.[0-9]*" "${spec_file}" | head -n 1 | cut -d"-" -f 2 14 | else 15 | echo "${without_rpm_ver}.1" 16 | fi 17 | ) 18 | 19 | gen_rpm_ver_bits() ( 20 | version=$1 21 | ver_dot=$(gen_rpm_release_ver_dot "${version}") 22 | case "${version}" in 23 | *beta*) 24 | result="${version%-beta.*} $(gen_test_ver "${version}" beta 1)${ver_dot}" 25 | ;; 26 | *rc*) 27 | result="${version%-rc.*} $(gen_test_ver "${version}" rc 2)${ver_dot}" 28 | ;; 29 | *) 30 | result="${version} 3${ver_dot}" 31 | ;; 32 | esac 33 | echo "$result" 34 | ) 35 | 36 | gen_rpm_release_ver_dot() ( 37 | version=$1 38 | spec_file=${SPEC_FILE:-SPECS/containerd.spec} 39 | # Find if the version is just releasing a package version 40 | if grep -q "${version}-" "${spec_file}"; then 41 | echo ".$(grep -c "${version}-" "${spec_file}")" 42 | fi 43 | ) 44 | 45 | install_build_deps() ( 46 | set -e -x 47 | 48 | SPEC_FILE="${1?USAGE: install_build_deps SPEC_FILE}" 49 | 50 | # set dummy NPM_VERSION and RPM_RELEASE_VERSION if they're not set to make the spec valid 51 | export RPM_VERSION="${RPM_VERSION:=0.0.1}" 52 | export RPM_RELEASE_VERSION="${RPM_RELEASE_VERSION:=dev}" 53 | 54 | if type dnf >/dev/null 2>/dev/null; then 55 | # shellcheck disable=SC2086 56 | dnf builddep -y ${EXTRA_REPOS} "${SPEC_FILE}" 57 | elif type yum-builddep >/dev/null 2>/dev/null; then 58 | # shellcheck disable=SC2086 59 | yum-builddep -y ${EXTRA_REPOS} "${SPEC_FILE}" 60 | else 61 | # either dnf core-utils is not installed, or we're running on SUSE/openSuSE. 62 | # Zypper does not have a proper equivalent for installing build dependencies. 63 | # 64 | # This manual approach does an attempt to install dependencies 65 | if type zypper >/dev/null 2>/dev/null; then 66 | pkg_manager="zypper -n ${EXTRA_REPOS}" 67 | elif type yum >/dev/null 2>/dev/null; then 68 | pkg_manager="yum -y ${EXTRA_REPOS}" 69 | else 70 | echo "unable to detect package manager"; 71 | exit 1; 72 | fi 73 | # shellcheck disable=SC2046 74 | ${pkg_manager} install $(rpmspec -P "${SPEC_FILE}" | grep BuildRequires | cut -d' ' -f2 | xargs) 75 | fi 76 | ) 77 | 78 | install_package() ( 79 | if type dnf >/dev/null 2>/dev/null; then 80 | pkg_manager="dnf -y" 81 | elif type yum >/dev/null 2>/dev/null; then 82 | pkg_manager="yum -y" 83 | elif type zypper >/dev/null 2>/dev/null; then 84 | pkg_manager="zypper -n" 85 | else 86 | echo "unable to detect package manager" 87 | exit 1 88 | fi 89 | # shellcheck disable=SC2046 90 | ${pkg_manager} install "$@" 91 | ) 92 | -------------------------------------------------------------------------------- /scripts/build-deb: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env sh 2 | 3 | # Copyright 2018-2022 Docker Inc. 4 | 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | # shellcheck disable=SC1090 18 | . "$(dirname "$0")/.helpers" 19 | 20 | set -e 21 | 22 | VERSION="$(git --git-dir "${GO_SRC_PATH}/.git" describe --tags | sed 's/^v//')" 23 | # Check if we're on a tagged version, change VERSION to dev build if not 24 | if ! git --git-dir "${GO_SRC_PATH}/.git" describe --exact-match HEAD > /dev/null 2>&1; then 25 | git_date=$(TZ=UTC date --date "@$(git --git-dir "${GO_SRC_PATH}/.git" log -1 --pretty='%at')" +'%Y%m%d.%H%M%S') 26 | git_sha=$(git --git-dir "${GO_SRC_PATH}/.git" log -1 --pretty='%h') 27 | VERSION="${git_date}~${git_sha}" 28 | # prepend a `0` so it'll never be greater than non-dev versions 29 | cat > debian/nightly.changelog <<- EOF 30 | $(control_field Package) (0.${VERSION}-1) development; urgency=medium 31 | 32 | * Release for ${git_sha} 33 | 34 | -- $(control_field Maintainer) $(TZ=UTC date --rfc-2822) 35 | 36 | EOF 37 | cat debian/changelog >> debian/nightly.changelog 38 | cat debian/nightly.changelog 39 | mv debian/nightly.changelog debian/changelog 40 | fi 41 | 42 | REF=$(git --git-dir "${GO_SRC_PATH}/.git" rev-parse HEAD) 43 | export REF 44 | export VERSION 45 | 46 | ( 47 | set -x 48 | dpkg-buildpackage -uc -us 49 | ) 50 | 51 | DIST_ID="$(. /etc/os-release; echo "${ID}")" 52 | DIST_VERSION=$(lsb_release -sc) 53 | ARCH=$(dpkg --print-architecture) 54 | DEST_DIR="/build/${DIST_ID}/${DIST_VERSION}/${ARCH}/" 55 | mkdir -p "${DEST_DIR}" 56 | mv -v ../*.deb "${DEST_DIR}" 57 | 58 | if [ "${DIST_VERSION}" = 'n/a' ]; then 59 | # Give a more useful error message if we failed to get the "codename", 60 | # which can be the case on Debian "unstable" releases. For more background: 61 | # https://github.com/docker/containerd-packaging/pull/213#issuecomment-782172567 62 | echo "Failed to get release codename" 63 | exit 1 64 | fi 65 | 66 | # Only create an archive if env variable is specified 67 | if [ -n "${CREATE_ARCHIVE}" ]; then 68 | tar -C /build -cvzf "/archive/${DIST_ID}-${DIST_VERSION}-${ARCH}.tar.gz" "${DIST_ID}/${DIST_VERSION}/${ARCH}" 69 | fi 70 | -------------------------------------------------------------------------------- /scripts/build-rpm: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env sh 2 | 3 | # Copyright 2018-2022 Docker Inc. 4 | 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | # shellcheck disable=SC1090 18 | . "$(dirname "$0")/.rpm-helpers" 19 | 20 | SPEC_FILE=SPECS/containerd.spec 21 | 22 | set -e 23 | 24 | # copied from get.docker.com 25 | get_distribution() { 26 | lsb_dist="" 27 | # Every system that we officially support has /etc/os-release 28 | if [ -r /etc/os-release ]; then 29 | lsb_dist="$(. /etc/os-release && echo "$ID")" 30 | fi 31 | # Returning an empty string here should be alright since the 32 | # case statements don't act unless you provide an actual value 33 | echo "$lsb_dist" 34 | } 35 | 36 | VERSION="$(git --git-dir "${GO_SRC_PATH}/.git" describe --tags | sed 's/^v//')" 37 | RPM_VER_BITS=$(gen_rpm_ver_bits "${VERSION}") 38 | RPM_VERSION=$(echo "${RPM_VER_BITS}" | cut -f1 -d' ') 39 | RPM_RELEASE_VERSION=$(echo "${RPM_VER_BITS}" | cut -f2 -d' ') 40 | 41 | # Check if we're on a tagged version, change VERSION to dev build if not 42 | if ! git --git-dir "${GO_SRC_PATH}/.git" describe --exact-match HEAD > /dev/null 2>&1; then 43 | git_date=$(TZ=UTC date --date "@$(git --git-dir "${GO_SRC_PATH}/.git" log -1 --pretty='%at')" +'%Y%m%d.%H%M%S') 44 | git_sha=$(git --git-dir "${GO_SRC_PATH}/.git" log -1 --pretty='%h') 45 | VERSION="0.${git_date}~${git_sha}" 46 | RPM_RELEASE_VERSION=0 47 | RPM_VERSION="$VERSION" 48 | fi 49 | REF=$(git --git-dir "${GO_SRC_PATH}/.git" rev-parse HEAD) 50 | 51 | export REF 52 | export RPM_RELEASE_VERSION 53 | export RPM_VERSION 54 | export VERSION 55 | 56 | install_build_deps "${SPEC_FILE}" 57 | 58 | DIST_ID="$(. /etc/os-release; echo "${ID}")" 59 | DIST_VERSION="$(. /etc/os-release; echo "${VERSION_ID}" | cut -d'.' -f1)" 60 | ARCH="$(uname -m)" 61 | DEST_DIR="/build/${DIST_ID}/${DIST_VERSION}/${ARCH}/" 62 | ( 63 | set -x 64 | rpmbuild -ba "${SPEC_FILE}" 65 | mkdir -p "${DEST_DIR}" 66 | mv -v RPMS/*/*.rpm "${DEST_DIR}" 67 | mv -v SRPMS/*.rpm "${DEST_DIR}" 68 | ) 69 | 70 | # Only create an archive if env variable is specified 71 | if [ -n "${CREATE_ARCHIVE}" ]; then 72 | tar -C /build -cvzf "/archive/${DIST_ID}-${DIST_VERSION}-${ARCH}.tar.gz" "${DIST_ID}/${DIST_VERSION}/${ARCH}" 73 | fi 74 | -------------------------------------------------------------------------------- /scripts/checkout.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env sh 2 | 3 | # Copyright 2018-2022 Docker Inc. 4 | 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | checkout() ( 18 | set -ex 19 | SRC="$1" 20 | REF="$2" 21 | REF_FETCH="$REF" 22 | 23 | # git ls-remote's argument [1] is a glob [2], and matches anything 24 | # ending with the given string. This is problematic if multiple tags or 25 | # branches end with the given pattern. In containerd's case, this returns 26 | # both tags for the main module ("refs/tags/v1.7.19") and # the API module 27 | # ("refs/tags/api/v1.7.19"). 28 | # 29 | # To prevent both of those being found, we check if the given reference starts 30 | # with a "v"; if it does, we can assume it's a tag, and prefix the pattern with 31 | # "refs/tags/" to make it less ambiguous. 32 | # 33 | # We're using a case statement here to avoid introducing Bashisms. 34 | # 35 | # [1]: https://git-scm.com/docs/git-ls-remote#Documentation/git-ls-remote.txt-ltpatternsgt82308203 36 | # [2]: https://git-scm.com/docs/gitglossary#Documentation/gitglossary.txt-glob 37 | ref_glob="$REF" 38 | case $ref_glob in 39 | "v"*) 40 | ref_glob="refs/tags/$ref_glob" 41 | ;; 42 | esac 43 | 44 | # if ref is branch or tag, retrieve its canonical form 45 | REF=$(git -C "$SRC" ls-remote --refs --heads --tags origin "$ref_glob" | awk '{print $2}') 46 | if [ -n "$REF" ]; then 47 | # if branch or tag then create it locally too 48 | REF_FETCH="$REF:$REF" 49 | else 50 | REF="FETCH_HEAD" 51 | fi 52 | git -C "$SRC" fetch --update-head-ok --depth 1 origin "$REF_FETCH" 53 | git -C "$SRC" checkout -q "$REF" 54 | ) 55 | 56 | # Only execute checkout function above if this file is executed, not sourced from another script 57 | prog=checkout.sh # needs to be in sync with this file's name 58 | if [ "$(basename -- $0)" = "$prog" ]; then 59 | checkout $* 60 | fi 61 | -------------------------------------------------------------------------------- /scripts/deb-or-rpm: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env sh 2 | 3 | # Copyright 2018-2022 Docker Inc. 4 | 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | IMAGE=$1 18 | 19 | run() { 20 | docker run --rm -i "${IMAGE}" sh -c "$*" > /dev/null 2> /dev/null 21 | } 22 | 23 | if run rpm --version; then 24 | echo "rpm" 25 | elif run dpkg --version; then 26 | echo "deb" 27 | else 28 | exit 1 29 | fi 30 | -------------------------------------------------------------------------------- /scripts/determine-base: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env sh 2 | 3 | # Copyright 2018-2022 Docker Inc. 4 | 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | IMAGE=$1 18 | potential=$(docker run --rm -i "$IMAGE" cat /etc/os-release 2> /dev/null | grep "^ID=" | cut -d'=' -f2 | sed 's/"//g') 19 | 20 | if [ -z "$potential" ]; then 21 | exit 1 22 | fi 23 | 24 | case $potential in 25 | # Since we use both opensuse and sles to compile these 26 | *sles* | *suse*) 27 | echo suse 28 | ;; 29 | *) 30 | echo "$potential" 31 | ;; 32 | esac 33 | -------------------------------------------------------------------------------- /scripts/determine-runc-version: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env sh 2 | 3 | # Copyright 2018-2022 Docker Inc. 4 | 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | # Select the default version of runc based on the containerd source if no 18 | # RUNC_REF is set manually. 19 | # 20 | # See the install-runc script in the containerd repository: 21 | # https://github.com/containerd/containerd/blob/v1.5.0/script/setup/install-runc#L24-L27 22 | runc_version() { 23 | if [ -n "${RUNC_REF}" ]; then 24 | # just a safe-guard if this script is called when RUNC_REF was already set. 25 | echo "${RUNC_REF}" 26 | >&2 echo "INFO: using runc version (${RUNC_REF}) from RUNC_REF." 27 | return 28 | fi 29 | 30 | # shellcheck disable=SC2164 31 | repo_abspath="$(cd -- "$(dirname -- "$0")/.." > /dev/null 2>&1; pwd -P)" 32 | containerd_src_dir="${repo_abspath}/src/github.com/containerd/containerd" 33 | 34 | if [ -f "${containerd_src_dir}/script/setup/runc-version" ]; then 35 | # starting with v1.5.0-beta.4 and up, and v1.4.5, containerd specifies 36 | # the version of runc to use in script/setup/runc-version. 37 | runc_ref=$(cat "${containerd_src_dir}/script/setup/runc-version") 38 | >&2 echo "INFO: detected runc version (${runc_ref}) from script/setup/runc-version" 39 | echo "${runc_ref}" 40 | return 41 | fi 42 | 43 | # if all else fails 44 | >&2 echo "WARNING: unable to detect runc version, using HEAD" 45 | echo "HEAD" 46 | } 47 | 48 | runc_version 49 | -------------------------------------------------------------------------------- /scripts/new-deb-release: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env sh 2 | 3 | # Copyright 2018-2022 Docker Inc. 4 | 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | # shellcheck disable=SC1090 18 | . "$(dirname "$0")/.helpers" 19 | 20 | VERSION=$1 21 | if [ -z "$VERSION" ]; then 22 | echo "Usage: $0 " 23 | exit 1 24 | fi 25 | URGENCY=${URGENCY:-medium} 26 | 27 | NEW_DEB_VERSION="$(echo "${VERSION}" | sed -e 's/-/\~/g')" 28 | DEB_ITERATION=1 29 | 30 | while grep "$NEW_DEB_VERSION-$DEB_ITERATION" debian/changelog > /dev/null 2>&1; do 31 | DEB_ITERATION=$((DEB_ITERATION + 1)) 32 | done 33 | 34 | cat > debian/new.changelog <<- EOF 35 | $(control_field Package) (${NEW_DEB_VERSION}-${DEB_ITERATION}) release; urgency=${URGENCY} 36 | 37 | * TODO: Insert release changes here 38 | 39 | -- $(git config user.name) <$(git config user.email)> $(TZ=UTC date -R) 40 | 41 | EOF 42 | cat debian/changelog >> debian/new.changelog 43 | cat debian/new.changelog 44 | ( 45 | set -x 46 | mv debian/new.changelog debian/changelog 47 | ) 48 | -------------------------------------------------------------------------------- /scripts/new-rpm-release: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env sh 2 | 3 | # Copyright 2018-2022 Docker Inc. 4 | 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | set -e 18 | 19 | SPEC_FILE="rpm/containerd.spec" 20 | export SPEC_FILE 21 | 22 | # shellcheck disable=SC1090 23 | . "$(dirname "$0")/.rpm-helpers" 24 | 25 | VERSION="$1" 26 | if [ -z "$VERSION" ]; then 27 | echo "Usage: $0 " 28 | exit 1 29 | fi 30 | RPM_VER_BITS=$(gen_rpm_ver_bits "${VERSION}") 31 | RPM_VERSION=$(echo "${RPM_VER_BITS}" | cut -f1 -d' ') 32 | RPM_RELEASE_VERSION=$(echo "${RPM_VER_BITS}" | cut -f2 -d' ' | sed 's/\.[0-9]*$//') 33 | RPM_ITERATION=1 34 | 35 | while grep "$RPM_VERSION-$RPM_RELEASE_VERSION.$RPM_ITERATION" "${SPEC_FILE}" > /dev/null 2>&1; do 36 | RPM_ITERATION=$((RPM_ITERATION + 1)) 37 | done 38 | 39 | cat > rpm/new.changelog << EOF 40 | * $(TZ=UTC date +"%a %b %d %Y") $(git config user.name) <$(git config user.email)> - $RPM_VERSION-$RPM_RELEASE_VERSION.$RPM_ITERATION 41 | - TODO: Insert release changes here 42 | 43 | EOF 44 | 45 | cleanup() { 46 | rm rpm/new.changelog 47 | rm "${SPEC_FILE}.bak" 48 | } 49 | 50 | trap cleanup EXIT 51 | 52 | sed -i'.bak' '/%changelog/ r rpm/new.changelog' "${SPEC_FILE}" 53 | -------------------------------------------------------------------------------- /scripts/validate/fileheader: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env sh 2 | 3 | # Copyright The containerd Authors. 4 | 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | set -eu -o 18 | 19 | if ! command -v ltag; then 20 | echo >&2 "ERROR: ltag not found. Install with:" 21 | echo >&2 " go get -u github.com/kunalkushwaha/ltag" 22 | exit 1 23 | fi 24 | 25 | BASEPATH="${1-}" 26 | 27 | ltag -t "${BASEPATH}scripts/validate/template" --excludes "archive artifacts build src validate vendor" --check -v 28 | -------------------------------------------------------------------------------- /scripts/validate/template/bash.txt: -------------------------------------------------------------------------------- 1 | # Copyright 2018-2022 Docker Inc. 2 | 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | -------------------------------------------------------------------------------- /scripts/validate/template/dockerfile.txt: -------------------------------------------------------------------------------- 1 | # Copyright 2018-2022 Docker Inc. 2 | 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | -------------------------------------------------------------------------------- /scripts/validate/template/makefile.txt: -------------------------------------------------------------------------------- 1 | # Copyright 2018-2022 Docker Inc. 2 | 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | --------------------------------------------------------------------------------