From 4c682e9c434db74f616a039d6ab4415f36fedc03 Mon Sep 17 00:00:00 2001 From: Mihnea Saracin Date: Fri, 25 Jun 2021 18:53:54 +0300 Subject: [PATCH] Update containerd to 1.4.6 This updates containerd from 1.3.3 to 1.4.6, runc from 1.0.0-rc10 to 1.0.0-rc95 and crictl from 1.18 to 1.21 to align with what was used upstream for Kubernetes 1.21 testing. We could also remove the "no_btrfs" build flag by adding the btrfs-progs-devel RPM to the CentOS mirror. But we don't use btrfs anyway, so this way we make the package a bit smaller. Story: 2008972 Task: 42640 Change-Id: I2391ca7987d8f28a6f8efa1cd908b91004029e33 Signed-off-by: Chris Friesen Signed-off-by: Mihnea Saracin --- centos_tarball-dl.lst | 6 +-- kubernetes/containerd/centos/build_srpm.data | 6 +-- kubernetes/containerd/centos/containerd.spec | 20 ++++----- ...1-customize-containerd-for-StarlingX.patch | 44 +++++++++---------- ...-archive-skip-chmod-IsNotExist-error.patch | 33 -------------- 5 files changed, 37 insertions(+), 72 deletions(-) delete mode 100644 kubernetes/containerd/centos/files/0002-archive-skip-chmod-IsNotExist-error.patch diff --git a/centos_tarball-dl.lst b/centos_tarball-dl.lst index ff97a3bfc..8b905891b 100644 --- a/centos_tarball-dl.lst +++ b/centos_tarball-dl.lst @@ -6,8 +6,8 @@ ceph-object-corpus-e32bf8ca3dc6151ebe7f205ba187815bc18e1cef.tar.gz#ceph-object-c chartmuseum-0.12.0.tar.gz#chartmuseum#https://github.com/helm/chartmuseum/archive/v0.12.0.tar.gz#https## !chartmuseum-v0.12.0-amd64#chartmuseum-bin#https://s3.amazonaws.com/chartmuseum/release/v0.12.0/bin/linux/amd64/chartmuseum#https## civetweb-ff2881e2cd5869a71ca91083bad5d12cccd22136.tar.gz#civetweb#https://api.github.com/repos/ceph/civetweb/tarball/ff2881e2cd5869a71ca91083bad5d12cccd22136#https## -containerd-v1.3.3.tar.gz#containerd#https://github.com/containerd/containerd/archive/v1.3.3.tar.gz#https## -crictl-v1.18.0-linux-amd64.tar.gz#crictl#https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.18.0/crictl-v1.18.0-linux-amd64.tar.gz#https## +containerd-1.4.6.tar.gz#containerd#https://github.com/containerd/containerd/archive/refs/tags/v1.4.6.tar.gz#https## +crictl-v1.21.0-linux-amd64.tar.gz#crictl#https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.21.0/crictl-v1.21.0-linux-amd64.tar.gz#https## docker-distribution-v2.7.1.tar.gz#docker-distribution-2.7.1#https://github.com/docker/distribution/archive/v2.7.1.tar.gz#http## # docker-libtrust-fa567046d9b14f6aa788882a950d69651d230b21.tar.gz#docker-libtrust#https://github.com/docker/libtrust/archive/fa567046d9b14f6aa788882a950d69651d230b21.tar.gz#http## dpdk-18.11.tar.xz#dpdk-18.11#http://fast.dpdk.org/rel/dpdk-18.11.tar.xz#http## @@ -60,7 +60,7 @@ rapidjson-f54b0e47a08782a6131cc3d60f94d038fa6e0a51.tar.gz#rapidjson#https://api. Redfishtool-1.1.0.tar.gz#Redfishtool-1.1.0#https://github.com/DMTF/Redfishtool/archive/1.1.0.tar.gz#http## requests-toolbelt-0.9.1.tar.gz#requests-toolbelt-0.9.1#https://github.com/requests/toolbelt/archive/0.9.1.tar.gz#http## rocksdb-f4a857da0b720691effc524469f6db895ad00d8e.tar.gz#rocksdb#https://api.github.com/repos/ceph/rocksdb/tarball/f4a857da0b720691effc524469f6db895ad00d8e#https## -runc-1.0.0-rc10.tar.gz#runc#https://github.com/opencontainers/runc/archive/v1.0.0-rc10.tar.gz#https## +runc-1.0.0-rc95.tar.gz#runc#https://github.com/opencontainers/runc/archive/v1.0.0-rc95.tar.gz#https## !rt-setup-2.1-2.el8.src.rpm#rt-setup#https://git.centos.org/rpms/rt-setup#http_script#201aeb6d3d06c556cee369b9833539ecb67ce943#post-dl-script/rt-setup.sh # Sirupsen-logrus-55eb11d21d2a31a3cc93838241d04800f52e823d.tar.gz#Sirupsen-logrus#github.com/Sirupsen/logrus/archive/55eb11d21d2a31a3cc93838241d04800f52e823d.tar.gz#http## spdk-f474ce6930f0a44360e1cc4ecd606d2348481c4c.tar.gz#spdk#https://api.github.com/repos/ceph/spdk/tarball/f474ce6930f0a44360e1cc4ecd606d2348481c4c#https## diff --git a/kubernetes/containerd/centos/build_srpm.data b/kubernetes/containerd/centos/build_srpm.data index 7412ab2d3..743828cbc 100644 --- a/kubernetes/containerd/centos/build_srpm.data +++ b/kubernetes/containerd/centos/build_srpm.data @@ -1,6 +1,6 @@ -COPY_LIST="${STX_BASE}/downloads/containerd-v1.3.3.tar.gz - ${STX_BASE}/downloads/runc-1.0.0-rc10.tar.gz - ${STX_BASE}/downloads/crictl-v1.18.0-linux-amd64.tar.gz +COPY_LIST="${STX_BASE}/downloads/containerd-1.4.6.tar.gz + ${STX_BASE}/downloads/runc-1.0.0-rc95.tar.gz + ${STX_BASE}/downloads/crictl-v1.21.0-linux-amd64.tar.gz ${FILES_BASE}/*" TIS_PATCH_VER=PKG_GITREVCOUNT diff --git a/kubernetes/containerd/centos/containerd.spec b/kubernetes/containerd/centos/containerd.spec index 62e7cd825..941968fed 100644 --- a/kubernetes/containerd/centos/containerd.spec +++ b/kubernetes/containerd/centos/containerd.spec @@ -3,17 +3,16 @@ # Copyright (C) 2019 Intel Corporation # Name: containerd -Version: 1.3.3 +Version: 1.4.6 Release: %{tis_patch_ver}%{?_tis_dist} Summary: Open and reliable container runtime Group: Kubernetes License: ASL 2.0 -Source0: containerd-v%{version}.tar.gz -Source1: runc-1.0.0-rc10.tar.gz -Source2: crictl-v1.18.0-linux-amd64.tar.gz +Source0: containerd-%{version}.tar.gz +Source1: runc-1.0.0-rc95.tar.gz +Source2: crictl-v1.21.0-linux-amd64.tar.gz Source3: crictl.yaml -Patch5: 0001-customize-containerd-for-StarlingX.patch -Patch6: 0002-archive-skip-chmod-IsNotExist-error.patch +Patch1: 0001-customize-containerd-for-StarlingX.patch URL: https://www.starlingx.io Vendor: StarlingX Packager: StarlingX @@ -53,20 +52,21 @@ low-level storage and network attachments, etc. %prep %setup -q -c -n src -a 1 %setup -q -c -T -D -n src -a 2 -%patch5 -p1 -%patch6 -p1 +%patch1 -p1 %build # build containerd +rm -rf %{CONTAINERD_DIR} mkdir -p %{CONTAINERD_DIR} -mv %{_builddir}/src/containerd/* %{CONTAINERD_DIR}/ +cp -a %{_builddir}/src/containerd-%{version}/* %{CONTAINERD_DIR}/ pushd %{CONTAINERD_DIR} make popd # build runc +rm -rf %{RUNC_DIR} mkdir -p %{RUNC_DIR} -mv %{_builddir}/src/runc/* %{RUNC_DIR}/ +cp -a %{_builddir}/src/runc-1.0.0-rc95/* %{RUNC_DIR}/ pushd %{RUNC_DIR} make popd diff --git a/kubernetes/containerd/centos/files/0001-customize-containerd-for-StarlingX.patch b/kubernetes/containerd/centos/files/0001-customize-containerd-for-StarlingX.patch index 67239c248..33a06ca5f 100644 --- a/kubernetes/containerd/centos/files/0001-customize-containerd-for-StarlingX.patch +++ b/kubernetes/containerd/centos/files/0001-customize-containerd-for-StarlingX.patch @@ -1,55 +1,53 @@ -From 311301438b0366004e238cbcc2ca07d38d8a9369 Mon Sep 17 00:00:00 2001 -From: Shuicheng Lin -Date: Wed, 25 Sep 2019 20:02:34 +0800 +From a8466190118c114d5ddeec381bbafa8441d7e638 Mon Sep 17 00:00:00 2001 +From: Chris Friesen +Date: Thu, 17 Jun 2021 10:27:09 -0400 Subject: [PATCH] customize containerd for StarlingX -1. disable btrfs to pass build. +1. disable btrfs to avoid needing to pull in the devel package 2. docker registry in StarlingX 3.0 branch doesn't support POST method for token and will return 400. Switch to GET method to get token if StatusCode is 400. 3. hardcode version info due to miss git info in tarball. - -Signed-off-by: Shuicheng Lin --- - containerd/Makefile | 3 ++- - containerd/remotes/docker/authorizer.go | 3 ++- + containerd-1.4.6/Makefile | 3 ++- + containerd-1.4.6/remotes/docker/authorizer.go | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) -diff --git a/containerd/Makefile b/containerd/Makefile -index 37012e8..7ab6a22 100644 ---- a/containerd/Makefile -+++ b/containerd/Makefile +diff --git a/containerd-1.4.6/Makefile b/containerd-1.4.6/Makefile +index c0fecb9..44dd5ad 100644 +--- a/containerd-1.4.6/Makefile ++++ b/containerd-1.4.6/Makefile @@ -20,7 +20,7 @@ ROOTDIR=$(dir $(abspath $(lastword $(MAKEFILE_LIST)))) DESTDIR ?= /usr/local # Used to populate variables in version package. -VERSION=$(shell git describe --match 'v[0-9]*' --dirty='.m' --always) -+VERSION=v1.3.3 ++VERSION=v1.4.6 REVISION=$(shell git rev-parse HEAD)$(shell if ! git diff --no-ext-diff --quiet --exit-code; then echo .m; fi) PACKAGE=github.com/containerd/containerd - -@@ -95,6 +95,7 @@ endif - # Build tags seccomp and apparmor are needed by CRI plugin. - GO_BUILDTAGS ?= seccomp apparmor + SHIM_CGO_ENABLED ?= 0 +@@ -78,6 +78,7 @@ endif + # Build tags apparmor and selinux are needed by CRI plugin. + GO_BUILDTAGS ?= apparmor selinux GO_BUILDTAGS += ${DEBUG_TAGS} +GO_BUILDTAGS += no_btrfs GO_TAGS=$(if $(GO_BUILDTAGS),-tags "$(GO_BUILDTAGS)",) GO_LDFLAGS=-ldflags '-X $(PKG)/version.Version=$(VERSION) -X $(PKG)/version.Revision=$(REVISION) -X $(PKG)/version.Package=$(PACKAGE) $(EXTRA_LDFLAGS)' SHIM_GO_LDFLAGS=-ldflags '-X $(PKG)/version.Version=$(VERSION) -X $(PKG)/version.Revision=$(REVISION) -X $(PKG)/version.Package=$(PACKAGE) -extldflags "-static" $(EXTRA_LDFLAGS)' -diff --git a/containerd/remotes/docker/authorizer.go b/containerd/remotes/docker/authorizer.go -index 9652d3a..72a6f3a 100644 ---- a/containerd/remotes/docker/authorizer.go -+++ b/containerd/remotes/docker/authorizer.go +diff --git a/containerd-1.4.6/remotes/docker/authorizer.go b/containerd-1.4.6/remotes/docker/authorizer.go +index 001423a..2db8d60 100644 +--- a/containerd-1.4.6/remotes/docker/authorizer.go ++++ b/containerd-1.4.6/remotes/docker/authorizer.go @@ -366,7 +366,8 @@ func (ah *authHandler) fetchTokenWithOAuth(ctx context.Context, to tokenOptions) // Registries without support for POST may return 404 for POST /v2/token. // As of September 2017, GCR is known to return 404. // As of February 2018, JFrog Artifactory is known to return 401. - if (resp.StatusCode == 405 && to.username != "") || resp.StatusCode == 404 || resp.StatusCode == 401 { -+ // Current Registry in StarlingX returns 400 for POST /v2/token. ++ // Registry in StarlingX 3.0 returns 400 for POST /v2/token. Should check if still applicable. + if (resp.StatusCode == 405 && to.username != "") || resp.StatusCode == 404 || resp.StatusCode == 401 || resp.StatusCode == 400 { return ah.fetchToken(ctx, to) } else if resp.StatusCode < 200 || resp.StatusCode >= 400 { b, _ := ioutil.ReadAll(io.LimitReader(resp.Body, 64000)) // 64KB -- -2.16.6 +2.29.2 diff --git a/kubernetes/containerd/centos/files/0002-archive-skip-chmod-IsNotExist-error.patch b/kubernetes/containerd/centos/files/0002-archive-skip-chmod-IsNotExist-error.patch deleted file mode 100644 index 6925c0ea6..000000000 --- a/kubernetes/containerd/centos/files/0002-archive-skip-chmod-IsNotExist-error.patch +++ /dev/null @@ -1,33 +0,0 @@ -From e2269f2ae0a8bb996b13d98ed6ffbdad7cdafd0f Mon Sep 17 00:00:00 2001 -From: Mikko Ylinen -Date: Mon, 23 Mar 2020 20:52:14 +0200 -Subject: [PATCH] archive: skip chmod IsNotExist error - -handleLChmod() does not properly check that files behind the handlinks exist -before calling os.Chmod(). We've seen base images where this results in -"no such file or directory" error from os.Chmod() when unpacking the image. - -To keep the existing logic but fix the problem, this commit simply skips -IsNotExist error. - -Signed-off-by: Mikko Ylinen ---- - containerd/archive/tar_unix.go | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/containerd/archive/tar_unix.go b/containerd/archive/tar_unix.go -index d081351..2134083 100644 ---- a/containerd/archive/tar_unix.go -+++ b/containerd/archive/tar_unix.go -@@ -125,7 +125,7 @@ func handleTarTypeBlockCharFifo(hdr *tar.Header, path string) error { - func handleLChmod(hdr *tar.Header, path string, hdrInfo os.FileInfo) error { - if hdr.Typeflag == tar.TypeLink { - if fi, err := os.Lstat(hdr.Linkname); err == nil && (fi.Mode()&os.ModeSymlink == 0) { -- if err := os.Chmod(path, hdrInfo.Mode()); err != nil { -+ if err := os.Chmod(path, hdrInfo.Mode()); err != nil && !os.IsNotExist(err) { - return err - } - } --- -1.8.3.1 -