%if (0%{?fedora} && 0%{?fedora >= 31}) %define have_go_rpm_macros 1 %else %define have_go_rpm_macros 0 %endif %global with_debug 0 %if 0%{?with_debug} %global _find_debuginfo_dwz_opts %{nil} %global _dwz_low_mem_die_limit 0 %else %global debug_package %{nil} %endif %global domain github.com %global org kata-containers %global repo runtime %global download %{domain}/%{org}/%{repo} %global importname %{download} %global qemu qemu-kvm %global katacache %{_localstatedir}/cache # Release candidate version tracking # global rcver rc0 %if 0%{?rcver:1} %global rcrel .%{rcver} %global rcstr -%{rcver} %endif Version: 1.12.0 # https://github.com/kata-containers/runtime %global tag %{version}%{?rcstr} # Document additional imported license (as generated by go2rpm) # These licenses are, at the moment, all ASL 2.0, so only # one copy would be needed in the rpm, but they are technically # different licenses for different components, so just in case... %global golicenses LICENSE virtcontainers/LICENSE\\\ virtcontainers/pkg/oci/LICENSE # List of documents in the source package (as generated by go2rpm) # These documents are copied into the RPM as a courtesy. %global godocs README.md CONTRIBUTING.md CODE_OF_CONDUCT.md\\\ virtcontainers/README.md\\\ virtcontainers/experimental/README.md\\\ virtcontainers/documentation/Developers.md\\\ virtcontainers/documentation/api/1.0/api.md\\\ virtcontainers/pkg/firecracker/README\\\ virtcontainers/persist/plugin/README.md pkg/README.md\\\ pkg/signals/README.md pkg/katautils/README.md\\\ pkg/katatestutils/README.md # Do not use {goname}, which is golang-github-kata-containers-runtime Name: kata-%{repo} Release: 2%{?rcrel}%{?dist} Url: https://%{download} Source0: https://%{download}/archive/%{version}%{?rcstr}/%{repo}-%{version}%{?rcstr}.tar.gz # keep: Minor local patches Patch0001: 0001-Remove-shebang-in-non-executable-completion-script.patch Patch0002: 0002-virtcontainers-Don-t-set-Ctty.patch Patch0003: 0003-virtcontainers-qemu-irqchip.patch Summary: Kata runtime to run containers in virtual machines License: ASL 2.0 BuildRequires: compiler(go-compiler) Requires: qemu-kvm-core >= 4.2.0-4 %if 0%{?fedora} Requires: kata-proxy >= %{version} %endif Recommends: kata-shim >= %{version} Requires: kata-osbuilder >= %{version} BuildRequires: libselinux-devel # The following architectures lack the required qemu support ExcludeArch: %{arm} %{ix86} %description %{summary} Kata Containers is an open source project and community working to build a standard implementation of lightweight Virtual Machines (VMs) that feel and perform like containers, but provide the workload isolation and security advantages of VMs. %gopkg Provides: bundled(golang(github.com/blang/semver)) Provides: bundled(golang(github.com/BurntSushi/toml)) Provides: bundled(golang(github.com/containerd/cgroups)) Provides: bundled(golang(github.com/containerd/containerd/api/events)) Provides: bundled(golang(github.com/containerd/containerd/api/types)) Provides: bundled(golang(github.com/containerd/containerd/api/types/task)) Provides: bundled(golang(github.com/containerd/containerd/errdefs)) Provides: bundled(golang(github.com/containerd/containerd/events)) Provides: bundled(golang(github.com/containerd/containerd/mount)) Provides: bundled(golang(github.com/containerd/containerd/namespaces)) Provides: bundled(golang(github.com/containerd/containerd/runtime)) Provides: bundled(golang(github.com/containerd/containerd/runtime/linux/runctypes)) Provides: bundled(golang(github.com/containerd/containerd/runtime/v2/shim)) Provides: bundled(golang(github.com/containerd/containerd/runtime/v2/task)) Provides: bundled(golang(github.com/containerd/cri-containerd/pkg/annotations)) Provides: bundled(golang(github.com/containerd/cri-containerd/pkg/api/runtimeoptions/v1)) Provides: bundled(golang(github.com/containerd/fifo)) Provides: bundled(golang(github.com/containerd/typeurl)) Provides: bundled(golang(github.com/containernetworking/plugins/pkg/ns)) Provides: bundled(golang(github.com/cri-o/cri-o/pkg/annotations)) Provides: bundled(golang(github.com/dlespiau/covertool/pkg/cover)) Provides: bundled(golang(github.com/docker/go-units)) Provides: bundled(golang(github.com/gogo/protobuf/proto)) Provides: bundled(golang(github.com/gogo/protobuf/types)) Provides: bundled(golang(github.com/go-ini/ini)) Provides: bundled(golang(github.com/go-openapi/errors)) Provides: bundled(golang(github.com/go-openapi/runtime)) Provides: bundled(golang(github.com/go-openapi/runtime/client)) Provides: bundled(golang(github.com/go-openapi/strfmt)) Provides: bundled(golang(github.com/go-openapi/swag)) Provides: bundled(golang(github.com/go-openapi/validate)) Provides: bundled(golang(github.com/hashicorp/go-multierror)) Provides: bundled(golang(github.com/intel/govmm/qemu)) Provides: bundled(golang(github.com/kata-containers/agent/pkg/types)) Provides: bundled(golang(github.com/kata-containers/agent/protocols/client)) Provides: bundled(golang(github.com/kata-containers/agent/protocols/grpc)) Provides: bundled(golang(github.com/mitchellh/mapstructure)) Provides: bundled(golang(github.com/opencontainers/runc/libcontainer/configs)) Provides: bundled(golang(github.com/opencontainers/runc/libcontainer/specconv)) Provides: bundled(golang(github.com/opencontainers/runc/libcontainer/utils)) Provides: bundled(golang(github.com/opencontainers/runtime-spec/specs-go)) Provides: bundled(golang(github.com/opentracing/opentracing-go)) Provides: bundled(golang(github.com/opentracing/opentracing-go/log)) Provides: bundled(golang(github.com/pkg/errors)) Provides: bundled(golang(github.com/prometheus/procfs)) Provides: bundled(golang(github.com/safchain/ethtool)) Provides: bundled(golang(github.com/sirupsen/logrus)) Provides: bundled(golang(github.com/sirupsen/logrus/hooks/syslog)) Provides: bundled(golang(github.com/stretchr/testify/assert)) Provides: bundled(golang(github.com/uber/jaeger-client-go)) Provides: bundled(golang(github.com/uber/jaeger-client-go/config)) Provides: bundled(golang(github.com/urfave/cli)) Provides: bundled(golang(github.com/vishvananda/netlink)) Provides: bundled(golang(github.com/vishvananda/netns)) Provides: bundled(golang(golang.org/x/net/context)) Provides: bundled(golang(golang.org/x/sys/unix)) Provides: bundled(golang(google.golang.org/grpc)) Provides: bundled(golang(google.golang.org/grpc/codes)) Provides: bundled(golang(google.golang.org/grpc/status)) # Common variables to pass to 'make' # The machine type uses a modern default # The kernel parameters workaround an issue with cgroupsv2 after kernel 5.3 # To-do: add BUILDFLAGS=gobuildflags when the macro becomes available %if 0%{?fedora} %define qemupath %{_bindir}/%{qemu} %else %define qemupath %{_libexecdir}/%{qemu} %endif # The machine type to be used is architecture specific: # aarch64: virt # ppc64le: pseries # s390x: s390-ccw-virtio # x86_64: q35 %ifarch aarch64 %define machinetype "virt" %endif %ifarch ppc64le %define machinetype "pseries" %endif %ifarch s390x %define machinetype "s390-ccw-virtio" %endif %ifarch x86_64 %define machinetype "q35" %endif # SharedFS type to be used is architecture specific: # aarch64: virtiofs # ppc64le: 9p # s390x: 9p # x86_64: virtiofs # # It's important to note that setting up virtio_fs_daemon # and virtio_fs_cache_size has no issue when 9p is used. # # For 1.11.1 ppc64le will also be using "virtio-fs", see: # https://github.com/kata-containers/runtime/pull/2691 %ifarch aarch64 x86_64 %define sharedfs "virtio-fs" %endif %ifarch ppc64le s390x %define sharedfs "virtio-9p" %endif # FEATURE_SELINUX must be disabled for CentOS till the # podman package support it is avaiable. %if 0%{?centos} %define feature_selinux "no" %else %define feature_selinux "yes" %endif %global make_vars QEMUPATH=%{qemupath} \\\ DEFSHAREDFS=%{sharedfs} \\\ DEFVIRTIOFSDAEMON=%{_libexecdir}/"virtiofsd" \\\ DEFVIRTIOFSCACHESIZE=0 \\\ DEFSANDBOXCGROUPONLY=true \\\ SKIP_GO_VERSION_CHECK=y \\\ MACHINETYPE=%{machinetype} \\\ SCRIPTS_DIR=%{_bindir} \\\ DESTDIR=%{buildroot} \\\ PREFIX=/usr \\\ DEFAULTSDIR=%{_datadir}/kata-containers/defaults \\\ CONFDIR=%{_datadir}/kata-containers/defaults \\\ FEATURE_SELINUX=%{feature_selinux} %prep %autosetup -p1 -n %{repo}-%{version}%{?rcstr} # Not using gobuild here in order to stick to how upstream builds # (This builds multiple binaries) %build export PATH=$PATH:"$(pwd)/go/bin" export GOPATH="$(pwd)/go" export GO111MODULE=auto mkdir -p go/src/%{domain}/%{org} ln -s $(pwd)/../%{repo}-%{version}%{?rcstr} go/src/%{importname} cd go/src/%{importname} %make_build %{make_vars} # Not using gopkginstall here in order to stick to how upstream builds %install export GOPATH=$(pwd)/go export PATH=$PATH:$GOPATH/bin cd go/src/%{importname} %make_install %{make_vars} # Disable the image= option, so we use initrd= by default # The kernels kata-osbuilder creates are in /var/cache now, see rhbz#1792216 sed -i -e 's|^image = "%{_datadir}|#image = "%{katacache}|' \ -e 's|^kernel = "%{_datadir}|kernel = "%{katacache}|' \ -e 's|^initrd = "%{_datadir}|initrd = "%{katacache}|' \ %{buildroot}%{_datadir}/kata-containers/defaults/configuration.toml # Enable vsock as transport instead of virtio-serial sed -i -e 's/^#use_vsock =/use_vsock =/' %{buildroot}%{_datadir}/kata-containers/defaults/configuration.toml # Temporarily enforce cgroupsv1 inside the guest sed -i -e 's/^kernel_params = ""/kernel_params = "systemd.unified_cgroup_hierarchy=0"/' %{buildroot}%{_datadir}/kata-containers/defaults/configuration.toml %if ! 0%{?fedora} # Disable proxy, as we're using vsock sed -i -e 's|^\[proxy\.kata\]|#[proxy.kata]|' \ -e 's|^path = "%{_libexecdir}/kata-containers/kata-proxy"|#path = "%{_libexecdir}/kata-containers/kata-proxy"|' \ %{buildroot}%{_datadir}/kata-containers/defaults/configuration.toml %endif # Remove non-tested / non-supported configuration files rm %{buildroot}%{_datadir}/kata-containers/defaults/configuration-*.toml %files %dir %{_libexecdir}/kata-containers %{_bindir}/kata-runtime %{_bindir}/containerd-shim-kata-v2 %{_libexecdir}/kata-containers/kata-netmon %{_bindir}/kata-collect-data.sh %dir %{_datadir}/kata-containers %dir %{_datadir}/kata-containers/defaults %{_datadir}/kata-containers/defaults/configuration.toml %{_datadir}/bash-completion/completions/kata-runtime %license LICENSE %doc README.md CONTRIBUTING.md %changelog * Fri Nov 20 2020 Fabiano Fidêncio - 1.12.0-2 - Don't set Ctty when building withgolang 15.2 onwards. - Temporarily use cgroupsv1 inside the guest. * Thu Nov 19 2020 Eduardo Lima (Etrunko) - 1.12.0-1 - Update to version 1.12.0 * Tue Nov 10 2020 Eduardo Lima (Etrunko) - 1.11.4-1 - Update to version 1.11.4 * Fri Oct 9 2020 Fabiano Fidêncio - 1.11.1-3 - Set kata-shim as recommended - Don't reenable SELinux support for CentOS * Thu Jul 30 2020 Fabiano Fidêncio - 1.11.1-2 - Reenable SELinux as podman 2.0 is already out * Tue Jul 28 2020 Fedora Release Engineering - 1.11.1-1.1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Fri Jun 26 2020 Pavel Mores - 1.11.1-1 - Update to version 1.11.1 * Fri May 15 2020 Fabiano Fidêncio - 1.11.0-3 - Use the right machine type according to the architecture - Removed non-used / non-tested configuration files - Use the right SharedFS type according ro the architecture * Wed May 13 2020 Cole Robinson - 1.11.0-2 - Disable selinux until new podman is available * Fri May 08 2020 Cole Robinson - 1.11.0-1 - Update to version 1.11.0 * Mon Apr 20 2020 Cole Robinson - 1.11.0-0.2.rc0 - Add libselinux-devel build dep * Mon Apr 20 2020 Cole Robinson - 1.11.0-0.1.rc0 - Update to 1.11.0-rc0 * Mon Mar 23 2020 Fabiano Fidêncio - 1.11.0-0.alpha1 - Update to 1.11.0-alpha1 upstream release * Mon Feb 17 2020 Cole Robinson - 1.10.0-3 - Switch to virtio-fs default * Wed Jan 29 2020 Fedora Release Engineering - 1.10.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild * Tue Jan 21 2020 Christophe de Dinechin - 1.10.0-1 - Update to release 1.10.0 Large number of changes * Fri Jan 17 2020 Christophe de Dinechin - 1.9.2-1 - Update to release 1.9.3 Include firecracker release v0.18.1 to address CVE-2019-18960 Several upstream bug fixes: 3d5e0db rootless: Disable vhost-net for rootless 71d6d22 release: Kata Containers 1.9.3 b7fa015 versions: bump fc version to v0.18.1 c46fdff virtcontainers: don't consider non-running container resources 2777cb2 virtcontainers: update resources after adding container to sandbox 9204973 virtcontainers/store: make VCStoreUUIDPath rootless c818711 vc: Don't adjust block index on error 10a977d vc: Persist file handle may leak in FS#ToDisk * Fri Jan 17 2020 Christophe de Dinechin - 1.9.2-1 - Update to release 1.9.2 - Fix rangeUID parsing - Fix cgroup creation logic for rootless * Fri Jan 17 2020 Christophe de Dinechin - 1.9.1-2 - Adjust paths to match fix in kata-osbuilder * Fri Nov 29 2019 Christophe de Dinechin - 1.9.1-1 - Update to release 1.9.1 * Tue Nov 19 2019 Christophe de Dinechin - 1.9.0-2 - Address rpmlint warning rpm-buildroot-usage * Thu Nov 14 2019 Christophe de Dinechin - 1.9.0-1 - Update to release 1.9.0 * Thu Oct 17 2019 Christophe de Dinechin - 1.8.2-4 - Exclude armv7hl and i686 architectures, which lack required qemu * Thu Oct 10 2019 Christophe de Dinechin - 1.8.2-3 - Integrate changes related to package review * Mon Sep 30 2019 Christophe de Dinechin - 1.8.2-2 - Integrate a number of changes suggested by Cole Robinson * Fri Sep 20 2019 Christophe de Dinechin - 1.8.2-1 - Update to 1.8.2 release * Fri Sep 13 2019 Christophe de Dinechin - 1.8.0-5 - Move binaries to libexec (no man page, not directly accessible) * Thu Sep 12 2019 Christophe de Dinechin - 1.8.0-4 - Remove shebang in bash completion script * Wed Aug 28 2019 Christophe de Dinechin - 1.8.0-2 - Remove nonexistent packages * Tue Jul 30 2019 Christophe de Dinechin - 1.8.0-1 - Update to 1.8.0 release * Fri Jul 12 2019 Christophe de Dinechin - 1.7.3-5 - Update to 1.7.3 release, cleanup spec file