From 5993c6715c645f39eb0258b62ec38a9e6eeb57bb Mon Sep 17 00:00:00 2001
From: Daniel Safta <daniel.safta@windriver.com>
Date: Fri, 22 Oct 2021 06:57:20 +0000
Subject: [PATCH] Add debian package for containerd

- created required debian structured
- succesfully built the package
- applied stx changes
- unit tests run successfully

NOTE: patches/0003, patches/0004, patches/0005
provide the upstream changes between v1.4.5
and v1.4.6, such that we provide a 1.4.6 containerd.
We want 1.4.6 to align with CentOS.

Story: 2009221
Task: 43585
Signed-off-by: Daniel Safta <daniel.safta@windriver.com>
Change-Id: I5af677c90342bae7c10101bf465e1db79c716671
---
 .../debian/deb_folder/containerd.links        |  1 +
 .../deb_folder/containerd.lintian-overrides   |  2 ++
 kubernetes/containerd/debian/meta_data.yaml   | 10 ++++++
 .../debian/patches/0001-add_build_flags.patch | 35 +++++++++++++++++++
 .../debian/patches/0002-fix_errorcode.patch   | 28 +++++++++++++++
 ...03-update-runc-binary-to-v1.0.0-rc95.patch | 21 +++++++++++
 ...004-Prepare-release-notes-for-v1.4.6.patch | 35 +++++++++++++++++++
 .../patches/0005-Update-v1.4.6-version.patch  | 26 ++++++++++++++
 kubernetes/containerd/debian/patches/series   |  5 +++
 9 files changed, 163 insertions(+)
 create mode 100644 kubernetes/containerd/debian/deb_folder/containerd.links
 create mode 100644 kubernetes/containerd/debian/deb_folder/containerd.lintian-overrides
 create mode 100644 kubernetes/containerd/debian/meta_data.yaml
 create mode 100644 kubernetes/containerd/debian/patches/0001-add_build_flags.patch
 create mode 100644 kubernetes/containerd/debian/patches/0002-fix_errorcode.patch
 create mode 100644 kubernetes/containerd/debian/patches/0003-update-runc-binary-to-v1.0.0-rc95.patch
 create mode 100644 kubernetes/containerd/debian/patches/0004-Prepare-release-notes-for-v1.4.6.patch
 create mode 100644 kubernetes/containerd/debian/patches/0005-Update-v1.4.6-version.patch
 create mode 100644 kubernetes/containerd/debian/patches/series

diff --git a/kubernetes/containerd/debian/deb_folder/containerd.links b/kubernetes/containerd/debian/deb_folder/containerd.links
new file mode 100644
index 000000000..dd9f3d020
--- /dev/null
+++ b/kubernetes/containerd/debian/deb_folder/containerd.links
@@ -0,0 +1 @@
+/usr/bin/containerd /usr/local/bin/containerd
diff --git a/kubernetes/containerd/debian/deb_folder/containerd.lintian-overrides b/kubernetes/containerd/debian/deb_folder/containerd.lintian-overrides
new file mode 100644
index 000000000..184f14509
--- /dev/null
+++ b/kubernetes/containerd/debian/deb_folder/containerd.lintian-overrides
@@ -0,0 +1,2 @@
+file-in-usr-local
+dir-in-usr-local
diff --git a/kubernetes/containerd/debian/meta_data.yaml b/kubernetes/containerd/debian/meta_data.yaml
new file mode 100644
index 000000000..e67a7a408
--- /dev/null
+++ b/kubernetes/containerd/debian/meta_data.yaml
@@ -0,0 +1,10 @@
+---
+debname: containerd
+debver: 1.4.5~ds1-2
+dl_path:
+  name: containerd-debian-1.4.5_ds1-2.tar.gz
+  url: https://salsa.debian.org/go-team/packages/containerd/-/archive/debian/1.4.5_ds1-2/containerd-debian-1.4.5_ds1-2.tar.gz
+  md5sum: 4c88399bd3aa387b8640d721743d62cf
+revision:
+  dist: $STX_DIST
+  PKG_GITREVCOUNT: true
diff --git a/kubernetes/containerd/debian/patches/0001-add_build_flags.patch b/kubernetes/containerd/debian/patches/0001-add_build_flags.patch
new file mode 100644
index 000000000..e5b974d87
--- /dev/null
+++ b/kubernetes/containerd/debian/patches/0001-add_build_flags.patch
@@ -0,0 +1,35 @@
+From 5625d5ed827cf3983f55d462a75b4ffcd9e7cf25 Mon Sep 17 00:00:00 2001
+From: Daniel Safta <daniel.safta@windriver.com>
+Date: Fri, 8 Oct 2021 13:21:26 +0300
+Subject: [PATCH] add build flags
+1. disable btrfs to avoid needing to pull in the devel package
+2. hardcode version info due to miss git info in tarball.
+---
+ Makefile | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/Makefile b/Makefile
+index c0fecb9..8b7b1a5 100644
+--- a/Makefile
++++ b/Makefile
+@@ -20,7 +20,8 @@ ROOTDIR=$(dir $(abspath $(lastword $(MAKEFILE_LIST))))
+ DESTDIR ?= /usr/local
+ 
+ # Used to populate variables in version package.
+-VERSION=$(shell git describe --match 'v[0-9]*' --dirty='.m' --always)
++# VERSION=$(shell git describe --match 'v[0-9]*' --dirty='.m' --always)
++VERSION=v1.4.6
+ REVISION=$(shell git rev-parse HEAD)$(shell if ! git diff --no-ext-diff --quiet --exit-code; then echo .m; fi)
+ PACKAGE=github.com/containerd/containerd
+ SHIM_CGO_ENABLED ?= 0
+@@ -78,6 +79,7 @@ endif
+ # Build tags apparmor and selinux are needed by CRI plugin.
+ GO_BUILDTAGS ?= apparmor selinux
+ GO_BUILDTAGS += ${DEBUG_TAGS}
++GO_BUILDTAGS += no_btrfs
+ GO_TAGS=$(if $(GO_BUILDTAGS),-tags "$(GO_BUILDTAGS)",)
+ GO_LDFLAGS=-ldflags '-X $(PKG)/version.Version=$(VERSION) -X $(PKG)/version.Revision=$(REVISION) -X $(PKG)/version.Package=$(PACKAGE) $(EXTRA_LDFLAGS)'
+ SHIM_GO_LDFLAGS=-ldflags '-X $(PKG)/version.Version=$(VERSION) -X $(PKG)/version.Revision=$(REVISION) -X $(PKG)/version.Package=$(PACKAGE) -extldflags "-static" $(EXTRA_LDFLAGS)'
+-- 
+2.17.1
+
diff --git a/kubernetes/containerd/debian/patches/0002-fix_errorcode.patch b/kubernetes/containerd/debian/patches/0002-fix_errorcode.patch
new file mode 100644
index 000000000..66ca7aba2
--- /dev/null
+++ b/kubernetes/containerd/debian/patches/0002-fix_errorcode.patch
@@ -0,0 +1,28 @@
+From 7bdbc31f47a801dc9215163ae5cd84581f1d83e2 Mon Sep 17 00:00:00 2001
+From: Daniel Safta <daniel.safta@windriver.com>
+Date: Mon, 11 Oct 2021 12:13:15 +0300
+Subject: [PATCH] fix errorcode
+docker registry in StarlingX 3.0 branch doesn't support POST method
+for token and will return 400. Switch to GET method to get token if
+StatusCode is 400.
+
+---
+ remotes/docker/authorizer.go | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/remotes/docker/authorizer.go b/remotes/docker/authorizer.go
+index 67e4aea..c06b222 100644
+--- a/remotes/docker/authorizer.go
++++ b/remotes/docker/authorizer.go
+@@ -284,7 +284,7 @@ func (ah *authHandler) doBearerAuth(ctx context.Context) (token string, err erro
+ 				// Registries without support for POST may return 404 for POST /v2/token.
+ 				// As of September 2017, GCR is known to return 404.
+ 				// As of February 2018, JFrog Artifactory is known to return 401.
+-				if (errStatus.StatusCode == 405 && to.Username != "") || errStatus.StatusCode == 404 || errStatus.StatusCode == 401 {
++				if (errStatus.StatusCode == 405 && to.Username != "") || errStatus.StatusCode == 404 || errStatus.StatusCode == 401 || errStatus.StatusCode == 400 {
+ 					resp, err := auth.FetchToken(ctx, ah.client, ah.header, to)
+ 					if err != nil {
+ 						return "", err
+-- 
+2.17.1
+
diff --git a/kubernetes/containerd/debian/patches/0003-update-runc-binary-to-v1.0.0-rc95.patch b/kubernetes/containerd/debian/patches/0003-update-runc-binary-to-v1.0.0-rc95.patch
new file mode 100644
index 000000000..91e64c171
--- /dev/null
+++ b/kubernetes/containerd/debian/patches/0003-update-runc-binary-to-v1.0.0-rc95.patch
@@ -0,0 +1,21 @@
+From 5ab8e65d580831184f6c10b40e479da9ce0e8b67 Mon Sep 17 00:00:00 2001
+From: Daniel Safta <daniel.safta@windriver.com>
+Date: Tue, 19 Oct 2021 13:17:46 +0000
+Subject: [PATCH] update runc binary to v1.0.0-rc95 Signed-off-by: Akihiro Suda
+ <akihiro.suda.cz@hco.ntt.co.jp> (cherry picked from commit 599127f)
+ Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
+
+---
+ script/setup/runc-version | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/script/setup/runc-version b/script/setup/runc-version
+index fd84c98..ded5e1b 100644
+--- a/script/setup/runc-version
++++ b/script/setup/runc-version
+@@ -1 +1 @@
+-v1.0.0-rc94
++v1.0.0-rc95
+-- 
+2.30.2
+
diff --git a/kubernetes/containerd/debian/patches/0004-Prepare-release-notes-for-v1.4.6.patch b/kubernetes/containerd/debian/patches/0004-Prepare-release-notes-for-v1.4.6.patch
new file mode 100644
index 000000000..44c8202ef
--- /dev/null
+++ b/kubernetes/containerd/debian/patches/0004-Prepare-release-notes-for-v1.4.6.patch
@@ -0,0 +1,35 @@
+From 3731fefcb230c11e50d18f21aabc2f8573a0f329 Mon Sep 17 00:00:00 2001
+From: Daniel Safta <daniel.safta@windriver.com>
+Date: Tue, 19 Oct 2021 13:24:00 +0000
+Subject: [PATCH] Prepare release notes for v1.4.6 Signed-off-by: Derek McGowan
+ <derek@mcg.dev>
+
+---
+ releases/v1.4.6.toml | 15 +++++++++++++++
+ 1 file changed, 15 insertions(+)
+ create mode 100644 releases/v1.4.6.toml
+
+diff --git a/releases/v1.4.6.toml b/releases/v1.4.6.toml
+new file mode 100644
+index 0000000..6b88d07
+--- /dev/null
++++ b/releases/v1.4.6.toml
+@@ -0,0 +1,15 @@
++# commit to be tagged for new release
++commit = "HEAD"
++
++project_name = "containerd"
++github_repo = "containerd/containerd"
++match_deps = "^github.com/(containerd/[a-zA-Z0-9-]+)$"
++
++# previous release
++previous = "v1.4.5"
++
++pre_release = false
++
++preface = """\
++The sixth patch release for containerd 1.4 is a security release to update
++runc for [CVE-2021-30465](https://github.com/opencontainers/runc/security/advisories/GHSA-c3xm-pvg7-gh7r)"""
+-- 
+2.30.2
+
diff --git a/kubernetes/containerd/debian/patches/0005-Update-v1.4.6-version.patch b/kubernetes/containerd/debian/patches/0005-Update-v1.4.6-version.patch
new file mode 100644
index 000000000..c319a2719
--- /dev/null
+++ b/kubernetes/containerd/debian/patches/0005-Update-v1.4.6-version.patch
@@ -0,0 +1,26 @@
+From d676fb16812f068009bf23bbe68dcb24e60d3e14 Mon Sep 17 00:00:00 2001
+From: Daniel Safta <daniel.safta@windriver.com>
+Date: Tue, 19 Oct 2021 13:25:38 +0000
+Subject: [PATCH] Update v1.4.6 version Signed-off-by: Derek McGowan
+ <derek@mcg.dev>
+
+---
+ version/version.go | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/version/version.go b/version/version.go
+index b4d3a5f..05bde28 100644
+--- a/version/version.go
++++ b/version/version.go
+@@ -23,7 +23,7 @@ var (
+ 	Package = "github.com/containerd/containerd"
+ 
+ 	// Version holds the complete version number. Filled in at linking time.
+-	Version = "1.4.5+unknown"
++	Version = "1.4.6+unknown"
+ 
+ 	// Revision is filled with the VCS (e.g. git) revision being used to build
+ 	// the program at linking time.
+-- 
+2.30.2
+
diff --git a/kubernetes/containerd/debian/patches/series b/kubernetes/containerd/debian/patches/series
new file mode 100644
index 000000000..347c98455
--- /dev/null
+++ b/kubernetes/containerd/debian/patches/series
@@ -0,0 +1,5 @@
+0001-add_build_flags.patch
+0002-fix_errorcode.patch
+0003-update-runc-binary-to-v1.0.0-rc95.patch
+0004-Prepare-release-notes-for-v1.4.6.patch
+0005-Update-v1.4.6-version.patch