Add containerd2 package and upgrade runc version to 1.2.1 and libseccomp to 2.5.5 #11029
Conversation
| @@ -1,6 +1,6 @@ | |||
| Summary: Enhanced seccomp library | |||
| Name: libseccomp | |||
| Version: 2.5.4 | |||
| Version: 2.5.5 | |||
There was a problem hiding this comment.
Was this version bump required to build containerd/runc?
There was a problem hiding this comment.
Yes, runc requires libseccomp 2.5.5, and libseccomp v2.5.4 is no longer supported upstream, a more recent release is suggested to use. I will add the version bump of libseccomp and runc into the containerd changelog as well.
SPECS/containerd2/containerd2.spec
Outdated
|
|
||
| # This package replaces the old name of moby-containerd | ||
| Provides: moby-containerd = %{version}-%{release} | ||
| Obsoletes: moby-containerd < %{version}-%{release} |
There was a problem hiding this comment.
I would get rid of these moby-containerd provides/obsoletes. Users still calling containerd "moby-containerd" in their install scripts could unknowingly get this 2.0 package because of this.
SPECS/containerd2/containerd2.spec
Outdated
| %{?systemd_requires} | ||
|
|
||
| BuildRequires: git | ||
| BuildRequires: golang < 1.23 |
There was a problem hiding this comment.
Is there a reason we need to pin to a lower version of golang?
There was a problem hiding this comment.
Great point. containerd 2.0 requires golang1.22 or above (doc) and runc is also built with both golang 1.22 and1.23 in its CI workflow. so I think we can remove this golang version restriction. @mfrw could you please confirm we could remove it?
There was a problem hiding this comment.
Confirmed by Falak and removed the golang version restriction.
There was a problem hiding this comment.
Ack on removal on golang version constraint.
liunan-ms
changed the title
| @@ -2,8 +2,8 @@ | |||
| Summary: CLI tool for spawning and running containers per OCI spec. | |||
| Name: runc | |||
| # update "commit_hash" above when upgrading version | |||
| Version: 1.1.12 | |||
There was a problem hiding this comment.
Have we reviewed the changelog to see what's changed between 1.1.12 and 1.2.1? Were there breaking changes that would affect containerd v1 and/or other container hosting scenarios? What other risks might there be of this upgrade?
Also, I see that runc 1.2.2 has already been released and claims to have fixes for some regressions introduced in 1.2.0. Should we be picking that up instead?
There was a problem hiding this comment.
I see a number of "breaking changes" listed in the 1.2.0 series in the release notes for runc, but don't have the right domain knowledge to know how likely they are to be impactful to any of our customers. Is this something that's been previously evaluated?
Merge Checklist
All boxes should be checked before merging the PR (just tick any boxes which don't apply to this PR)
*-staticsubpackages, etc.) have had theirReleasetag incremented../cgmanifest.json,./toolkit/scripts/toolchain/cgmanifest.json,.github/workflows/cgmanifest.json)./LICENSES-AND-NOTICES/SPECS/data/licenses.json,./LICENSES-AND-NOTICES/SPECS/LICENSES-MAP.md,./LICENSES-AND-NOTICES/SPECS/LICENSE-EXCEPTIONS.PHOTON)*.signatures.jsonfilessudo make go-tidy-allandsudo make go-test-coveragepassSummary
What does the PR accomplish, why was it needed?
As containerd 2.0 GA recently, we want to provide containerd 2.0 in azure linux 3.0 to enhance our distro. Before fully validating it, we wanted to keep the current containerd version in the existing package and offer container 2.0 in a new package so that users can try and test as their needs.
Change Log
Does this affect the toolchain?
NO
Test Methodology