Update containerd to 1.4.6 (with fixed paths)

This updates containerd from 1.3.3 to 1.4.6,
runc from 1.0.0-rc10 to 1.0.0-rc95 and crictl from 1.18 to 1.21
to align with what was used upstream for Kubernetes 1.21 testing.

We could also remove the "no_btrfs" build flag by adding the
btrfs-progs-devel RPM to the CentOS mirror.  But we don't use btrfs
anyway, so this way we make the package a bit smaller.

Story: 2008972
Task: 42640

Change-Id: I3dc5465a80209eab34224e9e6e2d5aee49a8266e
Signed-off-by: Chris Friesen <chris.friesen@windriver.com>
Signed-off-by: Mihnea Saracin <Mihnea.Saracin@windriver.com>

centos_tarball-dl.lst

@@ -6,8 +6,8 @@ ceph-object-corpus-e32bf8ca3dc6151ebe7f205ba187815bc18e1cef.tar.gz#ceph-object-c
 chartmuseum-0.12.0.tar.gz#chartmuseum#https://github.com/helm/chartmuseum/archive/v0.12.0.tar.gz#https##
 !chartmuseum-v0.12.0-amd64#chartmuseum-bin#https://s3.amazonaws.com/chartmuseum/release/v0.12.0/bin/linux/amd64/chartmuseum#https##
 civetweb-ff2881e2cd5869a71ca91083bad5d12cccd22136.tar.gz#civetweb#https://api.github.com/repos/ceph/civetweb/tarball/ff2881e2cd5869a71ca91083bad5d12cccd22136#https##
-containerd-v1.3.3.tar.gz#containerd#https://github.com/containerd/containerd/archive/v1.3.3.tar.gz#https##
-crictl-v1.18.0-linux-amd64.tar.gz#crictl#https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.18.0/crictl-v1.18.0-linux-amd64.tar.gz#https##
+containerd-1.4.6.tar.gz#containerd#https://github.com/containerd/containerd/archive/refs/tags/v1.4.6.tar.gz#https##
+crictl-v1.21.0-linux-amd64.tar.gz#crictl#https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.21.0/crictl-v1.21.0-linux-amd64.tar.gz#https##
 docker-distribution-v2.7.1.tar.gz#docker-distribution-2.7.1#https://github.com/docker/distribution/archive/v2.7.1.tar.gz#http##
 # docker-libtrust-fa567046d9b14f6aa788882a950d69651d230b21.tar.gz#docker-libtrust#https://github.com/docker/libtrust/archive/fa567046d9b14f6aa788882a950d69651d230b21.tar.gz#http##
 dpdk-18.11.tar.xz#dpdk-18.11#http://fast.dpdk.org/rel/dpdk-18.11.tar.xz#http##
@@ -60,7 +60,7 @@ rapidjson-f54b0e47a08782a6131cc3d60f94d038fa6e0a51.tar.gz#rapidjson#https://api.
 Redfishtool-1.1.0.tar.gz#Redfishtool-1.1.0#https://github.com/DMTF/Redfishtool/archive/1.1.0.tar.gz#http##
 requests-toolbelt-0.9.1.tar.gz#requests-toolbelt-0.9.1#https://github.com/requests/toolbelt/archive/0.9.1.tar.gz#http##
 rocksdb-f4a857da0b720691effc524469f6db895ad00d8e.tar.gz#rocksdb#https://api.github.com/repos/ceph/rocksdb/tarball/f4a857da0b720691effc524469f6db895ad00d8e#https##
-runc-1.0.0-rc10.tar.gz#runc#https://github.com/opencontainers/runc/archive/v1.0.0-rc10.tar.gz#https##
+runc-1.0.0-rc95.tar.gz#runc#https://github.com/opencontainers/runc/archive/v1.0.0-rc95.tar.gz#https##
 !rt-setup-2.1-2.el8.src.rpm#rt-setup#https://git.centos.org/rpms/rt-setup#http_script#201aeb6d3d06c556cee369b9833539ecb67ce943#post-dl-script/rt-setup.sh
 # Sirupsen-logrus-55eb11d21d2a31a3cc93838241d04800f52e823d.tar.gz#Sirupsen-logrus#github.com/Sirupsen/logrus/archive/55eb11d21d2a31a3cc93838241d04800f52e823d.tar.gz#http##
 spdk-f474ce6930f0a44360e1cc4ecd606d2348481c4c.tar.gz#spdk#https://api.github.com/repos/ceph/spdk/tarball/f474ce6930f0a44360e1cc4ecd606d2348481c4c#https##

kubernetes/containerd/centos/build_srpm.data

@@ -1,6 +1,6 @@
-COPY_LIST="${STX_BASE}/downloads/containerd-v1.3.3.tar.gz
-           ${STX_BASE}/downloads/runc-1.0.0-rc10.tar.gz
-           ${STX_BASE}/downloads/crictl-v1.18.0-linux-amd64.tar.gz
+COPY_LIST="${STX_BASE}/downloads/containerd-1.4.6.tar.gz
+           ${STX_BASE}/downloads/runc-1.0.0-rc95.tar.gz
+           ${STX_BASE}/downloads/crictl-v1.21.0-linux-amd64.tar.gz
            ${FILES_BASE}/*"
 
 TIS_PATCH_VER=PKG_GITREVCOUNT

kubernetes/containerd/centos/containerd.spec

@@ -3,17 +3,16 @@
 # Copyright (C) 2019 Intel Corporation
 #
 Name: containerd
-Version: 1.3.3
+Version: 1.4.6
 Release: %{tis_patch_ver}%{?_tis_dist}
 Summary: Open and reliable container runtime
 Group: Kubernetes
 License: ASL 2.0
-Source0: containerd-v%{version}.tar.gz
-Source1: runc-1.0.0-rc10.tar.gz
-Source2: crictl-v1.18.0-linux-amd64.tar.gz
+Source0: containerd-%{version}.tar.gz
+Source1: runc-1.0.0-rc95.tar.gz
+Source2: crictl-v1.21.0-linux-amd64.tar.gz
 Source3: crictl.yaml
-Patch5: 0001-customize-containerd-for-StarlingX.patch
-Patch6: 0002-archive-skip-chmod-IsNotExist-error.patch
+Patch1: 0001-customize-containerd-for-StarlingX.patch
 URL: https://www.starlingx.io
 Vendor: StarlingX
 Packager: StarlingX
@@ -53,20 +52,21 @@ low-level storage and network attachments, etc.
 %prep
 %setup -q -c -n src -a 1
 %setup -q -c -T -D -n src -a 2
-%patch5 -p1
-%patch6 -p1
+%patch1 -p1
 
 %build
 # build containerd
+rm -rf %{CONTAINERD_DIR}
 mkdir -p %{CONTAINERD_DIR}
-mv %{_builddir}/src/containerd/* %{CONTAINERD_DIR}/
+cp -a %{_builddir}/src/containerd/* %{CONTAINERD_DIR}/
 pushd %{CONTAINERD_DIR}
 make
 popd
 
 # build runc
+rm -rf %{RUNC_DIR}
 mkdir -p %{RUNC_DIR}
-mv %{_builddir}/src/runc/* %{RUNC_DIR}/
+cp -a %{_builddir}/src/runc/* %{RUNC_DIR}/
 pushd %{RUNC_DIR}
 make
 popd

kubernetes/containerd/centos/files/0001-customize-containerd-for-StarlingX.patch

@@ -1,22 +1,20 @@
-From 311301438b0366004e238cbcc2ca07d38d8a9369 Mon Sep 17 00:00:00 2001
-From: Shuicheng Lin <shuicheng.lin@intel.com>
-Date: Wed, 25 Sep 2019 20:02:34 +0800
+From a8466190118c114d5ddeec381bbafa8441d7e638 Mon Sep 17 00:00:00 2001
+From: Chris Friesen <chris.friesen@windriver.com>
+Date: Thu, 17 Jun 2021 10:27:09 -0400
 Subject: [PATCH] customize containerd for StarlingX
 
-1. disable btrfs to pass build.
+1. disable btrfs to avoid needing to pull in the devel package
 2. docker registry in StarlingX 3.0 branch doesn't support POST method
 for token and will return 400. Switch to GET method to get token if
 StatusCode is 400.
 3. hardcode version info due to miss git info in tarball.
-
-Signed-off-by: Shuicheng Lin <shuicheng.lin@intel.com>
 ---
  containerd/Makefile                     | 3 ++-
  containerd/remotes/docker/authorizer.go | 3 ++-
  2 files changed, 4 insertions(+), 2 deletions(-)
 
 diff --git a/containerd/Makefile b/containerd/Makefile
-index 37012e8..7ab6a22 100644
+index c0fecb9..44dd5ad 100644
 --- a/containerd/Makefile
 +++ b/containerd/Makefile
 @@ -20,7 +20,7 @@ ROOTDIR=$(dir $(abspath $(lastword $(MAKEFILE_LIST))))
@@ -24,20 +22,20 @@ index 37012e8..7ab6a22 100644
  
  # Used to populate variables in version package.
 -VERSION=$(shell git describe --match 'v[0-9]*' --dirty='.m' --always)
-+VERSION=v1.3.3
++VERSION=v1.4.6
  REVISION=$(shell git rev-parse HEAD)$(shell if ! git diff --no-ext-diff --quiet --exit-code; then echo .m; fi)
  PACKAGE=github.com/containerd/containerd
- 
-@@ -95,6 +95,7 @@ endif
- # Build tags seccomp and apparmor are needed by CRI plugin.
- GO_BUILDTAGS ?= seccomp apparmor
+ SHIM_CGO_ENABLED ?= 0
+@@ -78,6 +78,7 @@ endif
+ # Build tags apparmor and selinux are needed by CRI plugin.
+ GO_BUILDTAGS ?= apparmor selinux
  GO_BUILDTAGS += ${DEBUG_TAGS}
 +GO_BUILDTAGS += no_btrfs
  GO_TAGS=$(if $(GO_BUILDTAGS),-tags "$(GO_BUILDTAGS)",)
  GO_LDFLAGS=-ldflags '-X $(PKG)/version.Version=$(VERSION) -X $(PKG)/version.Revision=$(REVISION) -X $(PKG)/version.Package=$(PACKAGE) $(EXTRA_LDFLAGS)'
  SHIM_GO_LDFLAGS=-ldflags '-X $(PKG)/version.Version=$(VERSION) -X $(PKG)/version.Revision=$(REVISION) -X $(PKG)/version.Package=$(PACKAGE) -extldflags "-static" $(EXTRA_LDFLAGS)'
 diff --git a/containerd/remotes/docker/authorizer.go b/containerd/remotes/docker/authorizer.go
-index 9652d3a..72a6f3a 100644
+index 001423a..2db8d60 100644
 --- a/containerd/remotes/docker/authorizer.go
 +++ b/containerd/remotes/docker/authorizer.go
 @@ -366,7 +366,8 @@ func (ah *authHandler) fetchTokenWithOAuth(ctx context.Context, to tokenOptions)
@@ -45,11 +43,11 @@ index 9652d3a..72a6f3a 100644
  	// As of September 2017, GCR is known to return 404.
  	// As of February 2018, JFrog Artifactory is known to return 401.
 -	if (resp.StatusCode == 405 && to.username != "") || resp.StatusCode == 404 || resp.StatusCode == 401 {
-+	// Current Registry in StarlingX returns 400 for POST /v2/token.
++       // Registry in StarlingX 3.0 returns 400 for POST /v2/token.  Should check if still applicable.
 +	if (resp.StatusCode == 405 && to.username != "") || resp.StatusCode == 404 || resp.StatusCode == 401 || resp.StatusCode == 400 {
  		return ah.fetchToken(ctx, to)
  	} else if resp.StatusCode < 200 || resp.StatusCode >= 400 {
  		b, _ := ioutil.ReadAll(io.LimitReader(resp.Body, 64000)) // 64KB
 -- 
-2.16.6
+2.29.2
 

kubernetes/containerd/centos/files/0002-archive-skip-chmod-IsNotExist-error.patch

@@ -1,33 +0,0 @@
-From e2269f2ae0a8bb996b13d98ed6ffbdad7cdafd0f Mon Sep 17 00:00:00 2001
-From: Mikko Ylinen <mikko.ylinen@intel.com>
-Date: Mon, 23 Mar 2020 20:52:14 +0200
-Subject: [PATCH] archive: skip chmod IsNotExist error
-
-handleLChmod() does not properly check that files behind the handlinks exist
-before calling os.Chmod(). We've seen base images where this results in
-"no such file or directory" error from os.Chmod() when unpacking the image.
-
-To keep the existing logic but fix the problem, this commit simply skips
-IsNotExist error.
-
-Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
----
- containerd/archive/tar_unix.go | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/containerd/archive/tar_unix.go b/containerd/archive/tar_unix.go
-index d081351..2134083 100644
---- a/containerd/archive/tar_unix.go
-+++ b/containerd/archive/tar_unix.go
-@@ -125,7 +125,7 @@ func handleTarTypeBlockCharFifo(hdr *tar.Header, path string) error {
- func handleLChmod(hdr *tar.Header, path string, hdrInfo os.FileInfo) error {
- 	if hdr.Typeflag == tar.TypeLink {
- 		if fi, err := os.Lstat(hdr.Linkname); err == nil && (fi.Mode()&os.ModeSymlink == 0) {
--			if err := os.Chmod(path, hdrInfo.Mode()); err != nil {
-+			if err := os.Chmod(path, hdrInfo.Mode()); err != nil && !os.IsNotExist(err) {
- 				return err
- 			}
- 		}
--- 
-1.8.3.1
-