%if (0%{?fedora} && 0%{?fedora >= 31}) %define have_go_rpm_macros 1 %else %define have_go_rpm_macros 0 %endif %global with_debug 0 %if 0%{?with_debug} %global _find_debuginfo_dwz_opts %{nil} %global _dwz_low_mem_die_limit 0 %else %global debug_package %{nil} %endif %global domain github.com %global org kata-containers %global repo kata-containers %global download %{domain}/%{org}/%{repo} %global importname %{download} %global qemu qemu-kvm %global katacache %{_localstatedir}/cache # Release candidate version tracking # global rcver rc0 %if 0%{?rcver:1} %global rcrel .%{rcver} %global rcstr -%{rcver} %endif Version: 2.0.0 # https://github.com/kata-containers/runtime %global tag %{version}%{?rcstr} # Document additional imported license (as generated by go2rpm) # These licenses are, at the moment, all ASL 2.0, so only # one copy would be needed in the rpm, but they are technically # different licenses for different components, so just in case... %global golicenses LICENSE virtcontainers/LICENSE\\\ virtcontainers/pkg/oci/LICENSE # List of documents in the source package (as generated by go2rpm) # These documents are copied into the RPM as a courtesy. %global godocs README.md CONTRIBUTING.md CODE_OF_CONDUCT.md\\\ virtcontainers/README.md\\\ virtcontainers/experimental/README.md\\\ virtcontainers/documentation/Developers.md\\\ virtcontainers/documentation/api/1.0/api.md\\\ virtcontainers/pkg/firecracker/README\\\ virtcontainers/persist/plugin/README.md pkg/README.md\\\ pkg/signals/README.md pkg/katautils/README.md\\\ pkg/katatestutils/README.md # Do not use {goname}, which is golang-github-kata-containers-runtime Name: %{repo} Release: 0%{?rcrel}%{?dist} Url: https://%{download} Source0: https://%{download}/archive/%{version}%{?rcstr}/%{repo}-%{version}%{?rcstr}.tar.xz Source1: kata-osbuilder.sh Source2: kata-osbuilder-generate.service %if 0%{?fedora} Source3: 15-dracut-fedora.conf %else Source3: 15-dracut-rhel.conf %endif Patch0001: 0001-tools-fix-for-agent.patch Summary: Kata runtime to run containers in virtual machines License: ASL 2.0 BuildRequires: compiler(go-compiler) Requires: qemu-kvm-core >= 4.2.0-4 BuildRequires: libselinux-devel %if 0%{?have_go_rpm_macros} BuildRequires: go-rpm-macros %else BuildRequires: compiler(go-compiler) BuildRequires: golang %endif BuildRequires: git BuildRequires: make #osbuilder BuildRequires: gcc BuildRequires: git BuildRequires: make BuildRequires: systemd %{?systemd_requires} # %check requirements BuildRequires: kernel BuildRequires: dracut %if 0%{?fedora} BuildRequires: busybox %endif #osbuilder # dracut/rootfs build deps Requires: kernel Requires: dracut %if 0%{?fedora} Requires: busybox %endif #agent #BuildRequires: rust-packaging #BuildRequires: (crate(anyhow/default) >= 1.0.32 with crate(anyhow/default) < 2.0.0) #BuildRequires: (crate(lazy_static/default) >= 1.3.0 with crate(lazy_static/default) < 2.0.0) #BuildRequires: (crate(libc/default) >= 0.2.58 with crate(libc/default) < 0.3.0) #BuildRequires: (crate(log/default) >= 0.4.11 with crate(log/default) < 0.5.0) #BuildRequires: (crate(nix/default) >= 0.17.0 with crate(nix/default) < 0.18.0) #BuildRequires: (crate(prctl/default) >= 1.0.0 with crate(prctl/default) < 2.0.0) #BuildRequires: (crate(procfs/default) >= 0.7.9 with crate(procfs/default) < 0.8.0) #BuildRequires: (crate(prometheus/default) >= 0.9.0 with crate(prometheus/default) < 0.10.0) #BuildRequires: (crate(prometheus/process) >= 0.9.0 with crate(prometheus/process) < 0.10.0) #BuildRequires: (crate(regex/default) >= 1.0.0 with crate(regex/default) < 2.0.0) #BuildRequires: (crate(scan_fmt/default) >= 0.2.3 with crate(scan_fmt/default) < 0.3.0) #BuildRequires: (crate(scopeguard/default) >= 1.0.0 with crate(scopeguard/default) < 2.0.0) #BuildRequires: (crate(serde_json/default) >= 1.0.39 with crate(serde_json/default) < 2.0.0) #BuildRequires: (crate(signal-hook/default) >= 0.1.9 with crate(signal-hook/default) < 0.2.0) #BuildRequires: (crate(slog-scope/default) >= 4.1.2 with crate(slog-scope/default) < 5.0.0) #BuildRequires: (crate(slog-stdlog/default) >= 4.0.0 with crate(slog-stdlog/default) < 5.0.0) #BuildRequires: (crate(slog/default) >= 2.5.2 with crate(slog/default) < 3.0.0) #BuildRequires: (crate(slog/dynamic-keys) >= 2.5.2 with crate(slog/dynamic-keys) < 3.0.0) #BuildRequires: (crate(slog/max_level_trace) >= 2.5.2 with crate(slog/max_level_trace) < 3.0.0) #BuildRequires: (crate(slog/release_max_level_info) >= 2.5.2 with crate(slog/release_max_level_info) < 3.0.0) #BuildRequires: (crate(tempfile/default) >= 3.1.0 with crate(tempfile/default) < 4.0.0) #BuildRequires: crate(cgroups/default) >= 0.0.0 #BuildRequires: crate(logging/default) >= 0.0.0 #BuildRequires: crate(netlink/default) >= 0.0.0 #BuildRequires: crate(netlink/with-agent-handler) >= 0.0.0 #BuildRequires: crate(netlink/with-log) >= 0.0.0 #BuildRequires: crate(oci/default) >= 0.0.0 #BuildRequires: crate(protobuf/default) = 2.14.0 #BuildRequires: crate(protocols/default) >= 0.0.0 #BuildRequires: crate(rustjail/default) >= 0.0.0 #BuildRequires: crate(ttrpc/default) >= 0.0.0 BuildRequires: cargo BuildRequires: rust BuildRequires: rust-srpm-macros BuildRequires: rust-std-static # The following architectures lack the required qemu support ExcludeArch: %{arm} %{ix86} %description %{summary} Kata Containers is an open source project and community working to build a standard implementation of lightweight Virtual Machines (VMs) that feel and perform like containers, but provide the workload isolation and security advantages of VMs. %gopkg Provides: bundled(golang(github.com/blang/semver)) Provides: bundled(golang(github.com/BurntSushi/toml)) Provides: bundled(golang(github.com/containerd/cgroups)) Provides: bundled(golang(github.com/containerd/containerd/api/events)) Provides: bundled(golang(github.com/containerd/containerd/api/types)) Provides: bundled(golang(github.com/containerd/containerd/api/types/task)) Provides: bundled(golang(github.com/containerd/containerd/errdefs)) Provides: bundled(golang(github.com/containerd/containerd/events)) Provides: bundled(golang(github.com/containerd/containerd/mount)) Provides: bundled(golang(github.com/containerd/containerd/namespaces)) Provides: bundled(golang(github.com/containerd/containerd/runtime)) Provides: bundled(golang(github.com/containerd/containerd/runtime/linux/runctypes)) Provides: bundled(golang(github.com/containerd/containerd/runtime/v2/shim)) Provides: bundled(golang(github.com/containerd/containerd/runtime/v2/task)) Provides: bundled(golang(github.com/containerd/cri-containerd/pkg/annotations)) Provides: bundled(golang(github.com/containerd/cri-containerd/pkg/api/runtimeoptions/v1)) Provides: bundled(golang(github.com/containerd/fifo)) Provides: bundled(golang(github.com/containerd/typeurl)) Provides: bundled(golang(github.com/containernetworking/plugins/pkg/ns)) Provides: bundled(golang(github.com/cri-o/cri-o/pkg/annotations)) Provides: bundled(golang(github.com/dlespiau/covertool/pkg/cover)) Provides: bundled(golang(github.com/docker/go-units)) Provides: bundled(golang(github.com/gogo/protobuf/proto)) Provides: bundled(golang(github.com/gogo/protobuf/types)) Provides: bundled(golang(github.com/go-ini/ini)) Provides: bundled(golang(github.com/go-openapi/errors)) Provides: bundled(golang(github.com/go-openapi/runtime)) Provides: bundled(golang(github.com/go-openapi/runtime/client)) Provides: bundled(golang(github.com/go-openapi/strfmt)) Provides: bundled(golang(github.com/go-openapi/swag)) Provides: bundled(golang(github.com/go-openapi/validate)) Provides: bundled(golang(github.com/hashicorp/go-multierror)) Provides: bundled(golang(github.com/intel/govmm/qemu)) Provides: bundled(golang(github.com/kata-containers/agent/pkg/types)) Provides: bundled(golang(github.com/kata-containers/agent/protocols/client)) Provides: bundled(golang(github.com/kata-containers/agent/protocols/grpc)) Provides: bundled(golang(github.com/mitchellh/mapstructure)) Provides: bundled(golang(github.com/opencontainers/runc/libcontainer/configs)) Provides: bundled(golang(github.com/opencontainers/runc/libcontainer/specconv)) Provides: bundled(golang(github.com/opencontainers/runc/libcontainer/utils)) Provides: bundled(golang(github.com/opencontainers/runtime-spec/specs-go)) Provides: bundled(golang(github.com/opentracing/opentracing-go)) Provides: bundled(golang(github.com/opentracing/opentracing-go/log)) Provides: bundled(golang(github.com/pkg/errors)) Provides: bundled(golang(github.com/prometheus/procfs)) Provides: bundled(golang(github.com/safchain/ethtool)) Provides: bundled(golang(github.com/sirupsen/logrus)) Provides: bundled(golang(github.com/sirupsen/logrus/hooks/syslog)) Provides: bundled(golang(github.com/stretchr/testify/assert)) Provides: bundled(golang(github.com/uber/jaeger-client-go)) Provides: bundled(golang(github.com/uber/jaeger-client-go/config)) Provides: bundled(golang(github.com/urfave/cli)) Provides: bundled(golang(github.com/vishvananda/netlink)) Provides: bundled(golang(github.com/vishvananda/netns)) Provides: bundled(golang(golang.org/x/net/context)) Provides: bundled(golang(golang.org/x/sys/unix)) Provides: bundled(golang(google.golang.org/grpc)) Provides: bundled(golang(google.golang.org/grpc/codes)) Provides: bundled(golang(google.golang.org/grpc/status)) # Common variables to pass to 'make' # The machine type uses a modern default # The kernel parameters workaround an issue with cgroupsv2 after kernel 5.3 # To-do: add BUILDFLAGS=gobuildflags when the macro becomes available %if 0%{?fedora} %define qemupath %{_bindir}/%{qemu} %else %define qemupath %{_libexecdir}/%{qemu} %endif # The machine type to be used is architecture specific: # aarch64: virt # ppc64le: pseries # s390x: s390-ccw-virtio # x86_64: q35 %ifarch aarch64 %define machinetype "virt" %endif %ifarch ppc64le %define machinetype "pseries" %endif %ifarch s390x %define machinetype "s390-ccw-virtio" %endif %ifarch x86_64 %define machinetype "q35" %endif # SharedFS type to be used is architecture specific: # aarch64: virtiofs # ppc64le: 9p # s390x: 9p # x86_64: virtiofs # # It's important to note that setting up virtio_fs_daemon # and virtio_fs_cache_size has no issue when 9p is used. # # For 1.11.1 ppc64le will also be using "virtio-fs", see: # https://github.com/kata-containers/runtime/pull/2691 %ifarch aarch64 x86_64 %define sharedfs "virtio-fs" %endif %ifarch ppc64le s390x %define sharedfs "virtio-9p" %endif # FEATURE_SELINUX must be disabled for CentOS till the # podman package support it is avaiable. %if 0%{?centos} %define feature_selinux "no" %else %define feature_selinux "yes" %endif %global runtime_make_vars QEMUPATH=%{qemupath} \\\ DEFSHAREDFS=%{sharedfs} \\\ DEFVIRTIOFSDAEMON=%{_libexecdir}/"virtiofsd" \\\ DEFVIRTIOFSCACHESIZE=0 \\\ DEFSANDBOXCGROUPONLY=true \\\ SKIP_GO_VERSION_CHECK=y \\\ MACHINETYPE=%{machinetype} \\\ SCRIPTS_DIR=%{_bindir} \\\ DESTDIR=%{buildroot} \\\ PREFIX=/usr \\\ DEFAULTSDIR=%{_datadir}/kata-containers/defaults \\\ CONFDIR=%{_datadir}/kata-containers/defaults \\\ FEATURE_SELINUX=%{feature_selinux} %global katalibexecdir %{_libexecdir}/kata-containers %global kataagentdir %{katalibexecdir}/agent %global katalocalstatecachedir %{_localstatedir}/cache/kata-containers %global agent_make_vars LIBC=gnu \\\ DESTDIR=%{buildroot}%{kataagentdir} %global katalibexecdir %{_libexecdir}/kata-containers %global kataosbuilderdir %{katalibexecdir}/osbuilder %global katalocalstatecachedir %{_localstatedir}/cache/kata-containers %prep %autosetup -S git -p1 -n %{repo}-%{version}%{?rcstr} # Not using gobuild here in order to stick to how upstream builds # (This builds multiple binaries) %build export PATH=$PATH:"$(pwd)/go/bin" export GOPATH="$(pwd)/go" mkdir -p go/src/%{domain}/%{org} ln -s $(pwd)/../%{repo}-%{version}%{?rcstr} go/src/%{importname} cd go/src/%{importname} pushd src/runtime %make_build %{runtime_make_vars} popd pushd src/agent %make_build %{agent_make_vars} touch kata-agent popd pushd tools/osbuilder # Manually build nsdax tool gcc %{build_cflags} image-builder/nsdax.gpl.c -o nsdax popd # Not using gopkginstall here in order to stick to how upstream builds %install export GOPATH=$(pwd)/go export PATH=$PATH:$GOPATH/bin cd go/src/%{importname} pushd src/runtime %make_install %{runtime_make_vars} popd pushd src/agent %make_install %{agent_make_vars} popd pushd tools/osbuilder mkdir -p %{buildroot}%{kataosbuilderdir} mkdir -p %{buildroot}%{katalocalstatecachedir} rm rootfs-builder/.gitignore cp -aR nsdax %{buildroot}/%{kataosbuilderdir} cp -aR rootfs-builder %{buildroot}/%{kataosbuilderdir} cp -aR image-builder %{buildroot}/%{kataosbuilderdir} cp -aR initrd-builder %{buildroot}/%{kataosbuilderdir} cp -aR scripts %{buildroot}%{kataosbuilderdir} cp -aR dracut %{buildroot}%{kataosbuilderdir} cp -a %{SOURCE3} %{buildroot}%{kataosbuilderdir}/dracut/dracut.conf.d/ cp -a %{SOURCE1} %{buildroot}%{kataosbuilderdir} cp -L VERSION %{buildroot}%{katalibexecdir} chmod +x %{buildroot}/%{kataosbuilderdir}/scripts/lib.sh install -m 0644 -D -t %{buildroot}%{_unitdir} %{_sourcedir}/kata-osbuilder-generate.service popd # Disable the image= option, so we use initrd= by default # The kernels kata-osbuilder creates are in /var/cache now, see rhbz#1792216 sed -i -e 's|^image = "%{_datadir}|#image = "%{katacache}|' \ -e 's|^kernel = "%{_datadir}|kernel = "%{katacache}|' \ -e 's|^initrd = "%{_datadir}|initrd = "%{katacache}|' \ %{buildroot}%{_datadir}/kata-containers/defaults/configuration.toml # Enable vsock as transport instead of virtio-serial sed -i -e 's/^#use_vsock =/use_vsock =/' %{buildroot}%{_datadir}/kata-containers/defaults/configuration.toml # Temporarily enforce cgroupsv1 inside the guest sed -i -e 's/^kernel_params = ""/kernel_params = "systemd.unified_cgroup_hierarchy=0"/' %{buildroot}%{_datadir}/kata-containers/defaults/configuration.toml %if ! 0%{?fedora} # Disable proxy, as we're using vsock sed -i -e 's|^\[proxy\.kata\]|#[proxy.kata]|' \ -e 's|^path = "%{_libexecdir}/kata-containers/kata-proxy"|#path = "%{_libexecdir}/kata-containers/kata-proxy"|' \ %{buildroot}%{_datadir}/kata-containers/defaults/configuration.toml %endif # Remove non-tested / non-supported configuration files rm %{buildroot}%{_datadir}/kata-containers/defaults/configuration-*.toml # We could be run in a mock chroot, where uname will report # different kernel than what we have installed in the chroot. # So we need to determine a valid kernel version to test against. for kernelpath in /lib/modules/*/vmlinu*; do KVERSION="$(echo $kernelpath | cut -d "/" -f 4)" break done TEST_MODE=1 %{buildroot}%{kataosbuilderdir}/kata-osbuilder.sh \ -o %{buildroot}%{kataosbuilderdir} \ -k "$KVERSION" \ -a %{buildroot} %preun %systemd_preun kata-osbuilder-generate.service %postun %systemd_postun kata-osbuilder-generate.service %post # Skip running this on Fedora CoreOS / Red Hat CoreOS if test -w %{katalocalstatecachedir}; then %systemd_post kata-osbuilder-generate.service TMPOUT="$(mktemp -t kata-rpm-post-XXXXXX.log)" echo "Creating kata appliance initrd..." bash %{kataosbuilderdir}/kata-osbuilder.sh > ${TMPOUT} 2>&1 if test "$?" != "0" ; then echo "Building failed. Here is the log details:" cat ${TMPOUT} exit 1 fi fi %files # runtime %dir %{_libexecdir}/kata-containers %{_bindir}/kata-runtime %{_bindir}/kata-monitor %{_bindir}/containerd-shim-kata-v2 %{_libexecdir}/kata-containers/VERSION %{_libexecdir}/kata-containers/kata-netmon %{_bindir}/kata-collect-data.sh %dir %{_datadir}/kata-containers %dir %{_datadir}/kata-containers/defaults %{_datadir}/kata-containers/defaults/configuration.toml %{_datadir}/bash-completion/completions/kata-runtime %license LICENSE %doc README.md CONTRIBUTING.md #agent %dir %{katalibexecdir} %dir %{kataagentdir} %{kataagentdir}/* #osbuilder %dir %{katalibexecdir} %dir %{kataosbuilderdir} %dir %{katalocalstatecachedir} %{kataosbuilderdir}/* %{_unitdir}/kata-osbuilder-generate.service # Remove some scripts we don't use %exclude %{kataosbuilderdir}/rootfs-builder/alpine %exclude %{kataosbuilderdir}/rootfs-builder/centos %exclude %{kataosbuilderdir}/rootfs-builder/clearlinux %exclude %{kataosbuilderdir}/rootfs-builder/debian %exclude %{kataosbuilderdir}/rootfs-builder/fedora %exclude %{kataosbuilderdir}/rootfs-builder/template %exclude %{kataosbuilderdir}/rootfs-builder/suse %exclude %{kataosbuilderdir}/rootfs-builder/ubuntu %exclude %{kataosbuilderdir}/scripts/install-yq.sh %changelog * Thu Nov 26 2020 Fabiano FidĂȘncio - 2.0.0-0 - Initial packaging