Merge pull request #174 from crazy-max/containerd-1.6_cherry-picks

[containerd/1.6 backport] cherry-picks

Makefile

@@ -40,7 +40,7 @@ include common/packages.mk
 
 GHA_MATRIX ?= minimal
 ifeq ($(GHA_MATRIX),minimal)
-	GHA_RELEASES := debian10 debian11 debian12 ubuntu2004 ubuntu2204 ubuntu2304 centos7 centos9 oraclelinux7 fedora37 fedora38 static
+	GHA_RELEASES := debian10 debian11 debian12 ubuntu2004 ubuntu2204 ubuntu2304 ubuntu2310 centos7 centos9 oraclelinux7 fedora38 fedora39 static
 else ifeq ($(GHA_MATRIX),all)
 	GHA_RELEASES := $(PKG_DEB_RELEASES) $(PKG_RPM_RELEASES) static
 else

common/packages.hcl

@@ -163,6 +163,17 @@ target "_pkg-ubuntu2304" {
   }
 }
 
+target "_pkg-ubuntu2310" {
+  args = {
+    PKG_RELEASE = "ubuntu2310"
+    PKG_TYPE = "deb"
+    PKG_DISTRO = "ubuntu"
+    PKG_DISTRO_ID = "23.10"
+    PKG_DISTRO_SUITE = "mantic"
+    PKG_BASE_IMAGE = "ubuntu:mantic"
+  }
+}
+
 target "_pkg-centos7" {
   args = {
     PKG_RELEASE = "centos7"
@@ -218,6 +229,17 @@ target "_pkg-fedora38" {
   }
 }
 
+target "_pkg-fedora39" {
+  args = {
+    PKG_RELEASE = "fedora39"
+    PKG_TYPE = "rpm"
+    PKG_DISTRO = "fedora"
+    PKG_DISTRO_ID = "39"
+    PKG_DISTRO_SUITE = "39"
+    PKG_BASE_IMAGE = "fedora:39"
+  }
+}
+
 target "_pkg-oraclelinux7" {
   args = {
     PKG_RELEASE = "oraclelinux7"

common/packages.mk

@@ -15,8 +15,8 @@
 # don't forget to add/update pkg-info-* rule and update packages.hcl as well
 # if you add a new release
 PKG_APK_RELEASES ?= alpine314 alpine315 alpine316
-PKG_DEB_RELEASES ?= debian10 debian11 debian12 ubuntu2004 ubuntu2204 ubuntu2304 raspbian10 raspbian11 raspbian12
-PKG_RPM_RELEASES ?= centos7 centos8 centos9 fedora37 fedora38 oraclelinux7 oraclelinux8 oraclelinux9
+PKG_DEB_RELEASES ?= debian10 debian11 debian12 ubuntu2004 ubuntu2204 ubuntu2304 ubuntu2310 raspbian10 raspbian11 raspbian12
+PKG_RPM_RELEASES ?= centos7 centos8 centos9 fedora37 fedora38 fedora39 oraclelinux7 oraclelinux8 oraclelinux9
 
 # PKG_SUPPORTED_PLATFORMS could be replaced by:
 # docker buildx imagetools inspect centos:7 --format "{{json .Manifest}}" | jq -r '.manifests[] | "\(.platform.os)/\(.platform.architecture)/\(.platform.variant)"' | sed 's#/null$##' | tr '\n' ',' | sed 's#,$##'
@@ -148,6 +148,16 @@ pkg-info-ubuntu2304:
 	@# FIXME: linux/riscv64 is not supported (golang base image does not support riscv64)
 	$(eval PKG_SUPPORTED_PLATFORMS = linux/amd64 linux/arm64 linux/arm/v7 linux/ppc64le linux/s390x)
 
+.PHONY: pkg-info-ubuntu2310
+pkg-info-ubuntu2310:
+	$(eval PKG_TYPE = deb)
+	$(eval PKG_DISTRO = ubuntu)
+	$(eval PKG_DISTRO_ID = 23.10)
+	$(eval PKG_DISTRO_SUITE = mantic)
+	$(eval PKG_BASE_IMAGE = ubuntu:mantic)
+	@# FIXME: linux/riscv64 is not supported (golang base image does not support riscv64)
+	$(eval PKG_SUPPORTED_PLATFORMS = linux/amd64 linux/arm64 linux/arm/v7 linux/ppc64le linux/s390x)
+
 .PHONY: pkg-info-centos7
 pkg-info-centos7:
 	$(eval PKG_TYPE = rpm)
@@ -195,6 +205,15 @@ pkg-info-fedora38:
 	$(eval PKG_BASE_IMAGE = fedora:38)
 	$(eval PKG_SUPPORTED_PLATFORMS = linux/amd64 linux/arm64 linux/ppc64le linux/s390x)
 
+.PHONY: pkg-info-fedora39
+pkg-info-fedora39:
+	$(eval PKG_TYPE = rpm)
+	$(eval PKG_DISTRO = fedora)
+	$(eval PKG_DISTRO_ID = 39)
+	$(eval PKG_DISTRO_SUITE = 39)
+	$(eval PKG_BASE_IMAGE = fedora:39)
+	$(eval PKG_SUPPORTED_PLATFORMS = linux/amd64 linux/arm64 linux/ppc64le linux/s390x)
+
 .PHONY: pkg-info-oraclelinux7
 pkg-info-oraclelinux7:
 	$(eval PKG_TYPE = rpm)

common/scripts/rpm-builddep.sh

@@ -0,0 +1,38 @@
+#!/usr/bin/env bash
+
+# Copyright 2023 Docker Packaging authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+arch=$1
+specsDir=$2
+
+if [[ -z "$arch" ]] || [[ -z "$specsDir" ]]; then
+  echo "usage: ./rpm-builddep <arch> <specs-dir>" >&2
+  exit 1
+fi
+
+set -e
+
+builddepCmd=""
+if command -v dnf &> /dev/null; then
+  builddepCmd="setarch $arch dnf builddep --nobest"
+elif command -v yum-builddep &> /dev/null; then
+  builddepCmd="yum-builddep --target $arch"
+else
+  echo "unable to detect package manager" >&2
+  exit 1
+fi
+
+set -x
+$builddepCmd -y "$specsDir"/*.spec

pkg/buildx/Dockerfile

@@ -124,20 +124,8 @@ RUN --mount=type=bind,from=common-scripts,source=rpm-init.sh,target=/usr/local/b
   rpm-init $PKG_RELEASE
 COPY rpm /root/rpmbuild/SPECS
 ARG TARGETPLATFORM
-RUN <<EOT
-  set -e
-  builddepCmd=""
-  if command -v dnf &> /dev/null; then
-    builddepCmd="setarch $(xx-info rhel-arch) dnf builddep --nobest"
-  elif command -v yum-builddep &> /dev/null; then
-    builddepCmd="yum-builddep --target $(xx-info rhel-arch)"
-  else
-    echo >&2 "unable to detect package manager"
-    exit 1
-  fi
-  set -x
-  $builddepCmd -y /root/rpmbuild/SPECS/*.spec
-EOT
+RUN --mount=type=bind,from=common-scripts,source=rpm-builddep.sh,target=/usr/local/bin/rpm-builddep \
+  rpm-builddep $(xx-info rhel-arch) /root/rpmbuild/SPECS
 WORKDIR /root/rpmbuild
 ARG BUILDX_REF
 ARG NIGHTLY_BUILD

pkg/compose/Dockerfile

@@ -127,20 +127,8 @@ RUN --mount=type=bind,from=common-scripts,source=rpm-init.sh,target=/usr/local/b
   rpm-init $PKG_RELEASE
 COPY rpm /root/rpmbuild/SPECS
 ARG TARGETPLATFORM
-RUN <<EOT
-  set -e
-  builddepCmd=""
-  if command -v dnf &> /dev/null; then
-    builddepCmd="setarch $(xx-info rhel-arch) dnf builddep --nobest"
-  elif command -v yum-builddep &> /dev/null; then
-    builddepCmd="yum-builddep --target $(xx-info rhel-arch)"
-  else
-    echo >&2 "unable to detect package manager"
-    exit 1
-  fi
-  set -x
-  $builddepCmd -y /root/rpmbuild/SPECS/*.spec
-EOT
+RUN --mount=type=bind,from=common-scripts,source=rpm-builddep.sh,target=/usr/local/bin/rpm-builddep \
+  rpm-builddep $(xx-info rhel-arch) /root/rpmbuild/SPECS
 WORKDIR /root/rpmbuild
 ARG COMPOSE_REF
 ARG NIGHTLY_BUILD

pkg/containerd/Dockerfile

@@ -44,8 +44,8 @@ FROM --platform=$BUILDPLATFORM ${GO_IMAGE}:${GO_VERSION}-${GO_IMAGE_VARIANT} AS
 
 # md2man
 FROM go AS go-md2man
-ARG GOPROXY="direct"
-ARG GO111MODULE="on"
+ENV GOPROXY="https://proxy.golang.org|direct"
+ENV GO111MODULE="on"
 ARG MD2MAN_VERSION
 RUN go install github.com/cpuguy83/go-md2man/v2@${MD2MAN_VERSION}
 
@@ -120,6 +120,7 @@ COPY --from=xx / /
 ARG DEBIAN_FRONTEND
 ENV GOPROXY="https://proxy.golang.org|direct"
 ENV GOPATH="/go"
+ENV GO111MODULE="on"
 ENV PATH="$PATH:/usr/local/go/bin:$GOPATH/bin"
 COPY --from=go-md2man /go/bin/go-md2man $GOPATH/bin/go-md2man
 ARG PKG_RELEASE
@@ -154,27 +155,16 @@ FROM ${PKG_BASE_IMAGE} AS builder-rpm
 COPY --from=xx / /
 ENV GOPROXY="https://proxy.golang.org|direct"
 ENV GOPATH="/go"
+ENV GO111MODULE="on"
 ENV PATH="$PATH:/usr/local/go/bin:$GOPATH/bin"
 COPY --from=go-md2man /go/bin/go-md2man $GOPATH/bin/go-md2man
 ARG PKG_RELEASE
 RUN --mount=type=bind,from=common-scripts,source=rpm-init.sh,target=/usr/local/bin/rpm-init \
   rpm-init $PKG_RELEASE
 COPY rpm /root/rpmbuild/SPECS
 ARG TARGETPLATFORM
-RUN <<EOT
-  set -e
-  builddepCmd=""
-  if command -v dnf &> /dev/null; then
-    builddepCmd="setarch $(xx-info rhel-arch) dnf builddep --nobest"
-  elif command -v yum-builddep &> /dev/null; then
-    builddepCmd="yum-builddep --target $(xx-info rhel-arch)"
-  else
-    echo >&2 "unable to detect package manager"
-    exit 1
-  fi
-  set -x
-  $builddepCmd -y /root/rpmbuild/SPECS/*.spec
-EOT
+RUN --mount=type=bind,from=common-scripts,source=rpm-builddep.sh,target=/usr/local/bin/rpm-builddep \
+  rpm-builddep $(xx-info rhel-arch) /root/rpmbuild/SPECS
 WORKDIR /root/rpmbuild
 ARG CONTAINERD_REF
 ARG NIGHTLY_BUILD
@@ -206,7 +196,7 @@ RUN apt-get update && apt-get install -y --no-install-recommends bash ca-certifi
 ENV GOPROXY="https://proxy.golang.org|direct"
 ENV GOPATH="/go"
 ENV PATH="$PATH:/usr/local/go/bin:$GOPATH/bin"
-ENV GO111MODULE="off"
+ENV GO111MODULE="on"
 ENV CGO_ENABLED="1"
 ARG PKG_NAME
 ARG CONTAINERD_REF

pkg/credential-helpers/Dockerfile

@@ -87,6 +87,7 @@ ARG DEBIAN_FRONTEND
 ENV GOPROXY="https://proxy.golang.org|direct"
 ENV GOPATH="/go"
 ENV PATH="$PATH:/usr/local/go/bin:$GOPATH/bin"
+ENV GO111MODULE="on"
 ARG PKG_RELEASE
 RUN apt-get update && apt-get install -y --no-install-recommends apt-utils bash ca-certificates curl devscripts equivs git
 COPY deb /root/package/debian
@@ -118,25 +119,14 @@ COPY --from=xx / /
 ENV GOPROXY="https://proxy.golang.org|direct"
 ENV GOPATH="/go"
 ENV PATH="$PATH:/usr/local/go/bin:$GOPATH/bin"
+ENV GO111MODULE="on"
 ARG PKG_RELEASE
 RUN --mount=type=bind,from=common-scripts,source=rpm-init.sh,target=/usr/local/bin/rpm-init \
   rpm-init $PKG_RELEASE
 COPY rpm /root/rpmbuild/SPECS
 ARG TARGETPLATFORM
-RUN <<EOT
-  set -e
-  builddepCmd=""
-  if command -v dnf &> /dev/null; then
-    builddepCmd="setarch $(xx-info rhel-arch) dnf builddep --nobest"
-  elif command -v yum-builddep &> /dev/null; then
-    builddepCmd="yum-builddep --target $(xx-info rhel-arch)"
-  else
-    echo >&2 "unable to detect package manager"
-    exit 1
-  fi
-  set -x
-  $builddepCmd -y /root/rpmbuild/SPECS/*.spec
-EOT
+RUN --mount=type=bind,from=common-scripts,source=rpm-builddep.sh,target=/usr/local/bin/rpm-builddep \
+  rpm-builddep $(xx-info rhel-arch) /root/rpmbuild/SPECS
 WORKDIR /root/rpmbuild
 ARG CREDENTIAL_HELPERS_REF
 ARG NIGHTLY_BUILD

pkg/docker-cli/Dockerfile

@@ -96,7 +96,7 @@ RUN apt-get update && apt-get install -y --no-install-recommends apt-utils bash
 RUN <<EOT
   set -e
   case "$PKG_RELEASE" in
-    ubuntu2004|ubuntu2204|ubuntu2304)
+    ubuntu2004|ubuntu2204|ubuntu2304|ubuntu2310)
       if [ "$(dpkg-divert --truename /usr/bin/man)" = "/usr/bin/man.REAL" ]; then
         rm -f /usr/bin/man
         dpkg-divert --quiet --remove --rename /usr/bin/man
@@ -139,20 +139,8 @@ RUN --mount=type=bind,from=common-scripts,source=rpm-init.sh,target=/usr/local/b
   rpm-init $PKG_RELEASE
 COPY rpm /root/rpmbuild/SPECS
 ARG TARGETPLATFORM
-RUN <<EOT
-  set -e
-  builddepCmd=""
-  if command -v dnf &> /dev/null; then
-    builddepCmd="setarch $(xx-info rhel-arch) dnf builddep --nobest"
-  elif command -v yum-builddep &> /dev/null; then
-    builddepCmd="yum-builddep --target $(xx-info rhel-arch)"
-  else
-    echo >&2 "unable to detect package manager"
-    exit 1
-  fi
-  set -x
-  $builddepCmd -y /root/rpmbuild/SPECS/*.spec
-EOT
+RUN --mount=type=bind,from=common-scripts,source=rpm-builddep.sh,target=/usr/local/bin/rpm-builddep \
+  rpm-builddep $(xx-info rhel-arch) /root/rpmbuild/SPECS
 WORKDIR /root/rpmbuild
 ARG DOCKER_CLI_REF
 ARG NIGHTLY_BUILD

pkg/docker-engine/Dockerfile

@@ -95,7 +95,7 @@ RUN apt-get update && apt-get install -y --no-install-recommends apt-utils bash
 RUN <<EOT
   set -e
   case "$PKG_RELEASE" in
-    ubuntu2004|ubuntu2204|ubuntu2304)
+    ubuntu2004|ubuntu2204|ubuntu2304|ubuntu2310)
       if [ "$(dpkg-divert --truename /usr/bin/man)" = "/usr/bin/man.REAL" ]; then
         rm -f /usr/bin/man
         dpkg-divert --quiet --remove --rename /usr/bin/man
@@ -141,20 +141,8 @@ RUN --mount=type=bind,from=common-scripts,source=rpm-init.sh,target=/usr/local/b
   rpm-init $PKG_RELEASE
 COPY rpm /root/rpmbuild/SPECS
 ARG TARGETPLATFORM
-RUN <<EOT
-  set -e
-  builddepCmd=""
-  if command -v dnf &> /dev/null; then
-    builddepCmd="setarch $(xx-info rhel-arch) dnf builddep --nobest"
-  elif command -v yum-builddep &> /dev/null; then
-    builddepCmd="yum-builddep --target $(xx-info rhel-arch)"
-  else
-    echo >&2 "unable to detect package manager"
-    exit 1
-  fi
-  set -x
-  $builddepCmd -y /root/rpmbuild/SPECS/*.spec
-EOT
+RUN --mount=type=bind,from=common-scripts,source=rpm-builddep.sh,target=/usr/local/bin/rpm-builddep \
+  rpm-builddep $(xx-info rhel-arch) /root/rpmbuild/SPECS
 WORKDIR /root/rpmbuild
 ARG DOCKER_ENGINE_REF
 ARG NIGHTLY_BUILD

pkg/sbom/Dockerfile

@@ -124,20 +124,8 @@ RUN --mount=type=bind,from=common-scripts,source=rpm-init.sh,target=/usr/local/b
   rpm-init $PKG_RELEASE
 COPY rpm /root/rpmbuild/SPECS
 ARG TARGETPLATFORM
-RUN <<EOT
-  set -e
-  builddepCmd=""
-  if command -v dnf &> /dev/null; then
-    builddepCmd="setarch $(xx-info rhel-arch) dnf builddep --nobest"
-  elif command -v yum-builddep &> /dev/null; then
-    builddepCmd="yum-builddep --target $(xx-info rhel-arch)"
-  else
-    echo >&2 "unable to detect package manager"
-    exit 1
-  fi
-  set -x
-  $builddepCmd -y /root/rpmbuild/SPECS/*.spec
-EOT
+RUN --mount=type=bind,from=common-scripts,source=rpm-builddep.sh,target=/usr/local/bin/rpm-builddep \
+  rpm-builddep $(xx-info rhel-arch) /root/rpmbuild/SPECS
 WORKDIR /root/rpmbuild
 ARG SBOM_REF
 ARG NIGHTLY_BUILD

pkg/scan/Dockerfile

@@ -124,20 +124,8 @@ RUN --mount=type=bind,from=common-scripts,source=rpm-init.sh,target=/usr/local/b
   rpm-init $PKG_RELEASE
 COPY rpm /root/rpmbuild/SPECS
 ARG TARGETPLATFORM
-RUN <<EOT
-  set -e
-  builddepCmd=""
-  if command -v dnf &> /dev/null; then
-    builddepCmd="setarch $(xx-info rhel-arch) dnf builddep --nobest"
-  elif command -v yum-builddep &> /dev/null; then
-    builddepCmd="yum-builddep --target $(xx-info rhel-arch)"
-  else
-    echo >&2 "unable to detect package manager"
-    exit 1
-  fi
-  set -x
-  $builddepCmd -y /root/rpmbuild/SPECS/*.spec
-EOT
+RUN --mount=type=bind,from=common-scripts,source=rpm-builddep.sh,target=/usr/local/bin/rpm-builddep \
+  rpm-builddep $(xx-info rhel-arch) /root/rpmbuild/SPECS
 WORKDIR /root/rpmbuild
 ARG SCAN_REF
 ARG NIGHTLY_BUILD