From a7c57e2f88ee2da0da501465181f5be8b8d34d2f Mon Sep 17 00:00:00 2001
From: zhongjiawei <zhongjiawei1@huawei.com>
Date: Tue, 8 Oct 2024 12:06:46 +0800
Subject: [PATCH] containerd:enable cri

(cherry picked from commit bebf565d655f8c01038a03eddf38b62e8115a81f)
---
 containerd.spec                               | 10 ++-
 git-commit                                    |  2 +-
 ...modify-Makefile-for-go-build-options.patch | 62 +++++++++++++++++++
 ...6-containerd-modify-makefile-options.patch | 60 ++++++++++++++++++
 series.conf                                   |  2 +
 5 files changed, 133 insertions(+), 3 deletions(-)
 create mode 100644 patch/0035-containerd-modify-Makefile-for-go-build-options.patch
 create mode 100644 patch/0036-containerd-modify-makefile-options.patch

diff --git a/containerd.spec b/containerd.spec
index 86eb9fe..078d2b6 100644
--- a/containerd.spec
+++ b/containerd.spec
@@ -2,7 +2,7 @@
 %global debug_package %{nil}
 Version:        1.6.22
 Name:           containerd
-Release:        11
+Release:        12
 Summary:        An industry-standard container runtime
 License:        ASL 2.0
 URL:            https://containerd.io
@@ -42,7 +42,7 @@ ln -fs $PWD $GO_BUILD_PATH/src/%{goipath}
 cd $GO_BUILD_PATH/src/%{goipath}
 export GO111MODULE=off
 export GOPATH=$GO_BUILD_PATH:%{gopath}
-export BUILDTAGS="no_btrfs no_cri"
+export BUILDTAGS="no_btrfs"
 make
 
 %install
@@ -68,6 +68,12 @@ install -D -p -m 0644 %{S:7} %{buildroot}%{_sysconfdir}/containerd/config.toml
 %exclude %{_bindir}/containerd-stress
 
 %changelog
+* Tue Oct 08 2024 zhongjiawei<zhongjiawei1@huawei.com> - 1.6.22-12
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC:enable cri
+
 * Thu Mar 21 2024 tiberium<jinzhe.oerv@isrc.iscas.ac.cn> - 1.6.22-11
 - Type:bugfix
 - ID:NA
diff --git a/git-commit b/git-commit
index 23e5588..8513bb5 100644
--- a/git-commit
+++ b/git-commit
@@ -1 +1 @@
-4d153fc0e0ed7a2cf8b54c7de8632cbe7a4281ec
+a2decd9fb3ad6805245709f6f4fe791f3908507e
diff --git a/patch/0035-containerd-modify-Makefile-for-go-build-options.patch b/patch/0035-containerd-modify-Makefile-for-go-build-options.patch
new file mode 100644
index 0000000..7f84e06
--- /dev/null
+++ b/patch/0035-containerd-modify-Makefile-for-go-build-options.patch
@@ -0,0 +1,62 @@
+From 9683e5c946c3f72aaa13822e485b17197f5e3ff7 Mon Sep 17 00:00:00 2001
+From: zhongjiawei <zhongjiawei1@huawei.com>
+Date: Sun, 7 Apr 2024 09:54:07 +0800
+Subject: [PATCH] =?UTF-8?q?containerd=EF=BC=9Amodify=20Makefile=20for=20go?=
+ =?UTF-8?q?=20build=20options?=
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+---
+ Makefile | 18 ++++++++++++++----
+ 1 file changed, 14 insertions(+), 4 deletions(-)
+
+diff --git a/Makefile b/Makefile
+index 8bf9530..9d3b3e5 100644
+--- a/Makefile
++++ b/Makefile
+@@ -97,7 +97,7 @@ GO_TAGS=$(if $(GO_BUILDTAGS),-tags "$(strip $(GO_BUILDTAGS))",)
+ BEP_DIR=/tmp/containerd-build-bep
+ BEP_FLAGS=-tmpdir=/tmp/containerd-build-bep
+ 
+-GO_LDFLAGS=-ldflags ' -buildid=IdByIsula -extldflags=-Wl,-z,relro,-z,now $(BEP_FLAGS) -X $(PKG)/version.Version=$(VERSION) -X $(PKG)/version.Revision=$(REVISION) $(EXTRA_LDFLAGS)'
++GO_LDFLAGS=-ldflags ' -buildid=IdByIsula -extldflags=-Wl,-z,relro,-z,now $(BEP_FLAGS) -X $(PKG)/version.Version=$(VERSION) -X $(PKG)/version.Revision=$(REVISION)'
+ SHIM_GO_LDFLAGS=-ldflags '-extldflags=-static' -ldflags '-buildid=IdByIsula $(BEP_FLAGS) -X $(PKG)/version.Version=$(VERSION) -X $(PKG)/version.Revision=$(REVISION) -linkmode=external -extldflags=-Wl,-z,relro,-z,now'
+ 
+ # Project packages.
+@@ -246,7 +246,7 @@ bin/%: cmd/% FORCE
+ 	CGO_CPPFLAGS="-fstack-protector-strong -D_FORTIFY_SOURCE=2 -O2" \
+ 	CGO_LDFLAGS_ALLOW='-Wl,-z,relro,-z,now' \
+ 	CGO_LDFLAGS="-Wl,-z,relro,-z,now -Wl,-z,noexecstack" \
+-	go build ${GO_GCFLAGS} ${GO_BUILD_FLAGS} -o $@${BINARY_SUFFIX} ${GO_LDFLAGS} ${GO_TAGS}  ./$<
++	go build ${GO_GCFLAGS} ${GO_BUILD_FLAGS} -o $@${BINARY_SUFFIX} ${SHIM_GO_LDFLAGS} ${GO_TAGS}  ./$<
+ 
+ bin/containerd-shim: cmd/containerd-shim FORCE # set !cgo and omit pie for a static shim build: https://github.com/golang/go/issues/17789#issuecomment-258542220
+ 	@echo "$(WHALE) $@"
+@@ -259,11 +259,21 @@ bin/containerd-shim: cmd/containerd-shim FORCE # set !cgo and omit pie for a sta
+ 
+ bin/containerd-shim-runc-v1: cmd/containerd-shim-runc-v1 FORCE # set !cgo and omit pie for a static shim build: https://github.com/golang/go/issues/17789#issuecomment-258542220
+ 	@echo "$(WHALE) $@"
+-	@CGO_ENABLED=${SHIM_CGO_ENABLED} $(GO) build ${GO_BUILD_FLAGS} -o $@ ${SHIM_GO_LDFLAGS} ${GO_TAGS} ./cmd/containerd-shim-runc-v1
++	CGO_ENABLED=1 \
++	CGO_CFLAGS="-fstack-protector-strong -fPIE -D_FORTIFY_SOURCE=2 -O2" \
++	CGO_CPPFLAGS="-fstack-protector-strong -fPIE -D_FORTIFY_SOURCE=2 -O2" \
++	CGO_LDFLAGS_ALLOW='-Wl,-z,relro,-z,now' \
++	CGO_LDFLAGS="-Wl,-z,relro,-z,now -Wl,-z,noexecstack" \
++	$(GO) build -buildmode=pie ${GO_BUILD_FLAGS} -o $@ ${SHIM_GO_LDFLAGS} ${GO_TAGS} ./cmd/containerd-shim-runc-v1
+ 
+ bin/containerd-shim-runc-v2: cmd/containerd-shim-runc-v2 FORCE # set !cgo and omit pie for a static shim build: https://github.com/golang/go/issues/17789#issuecomment-258542220
+ 	@echo "$(WHALE) $@"
+-	@CGO_ENABLED=${SHIM_CGO_ENABLED} $(GO) build ${GO_BUILD_FLAGS} -o $@ ${SHIM_GO_LDFLAGS} ${GO_TAGS} ./cmd/containerd-shim-runc-v2
++	CGO_ENABLED=1 \
++	CGO_CFLAGS="-fstack-protector-strong -fPIE -D_FORTIFY_SOURCE=2 -O2" \
++	CGO_CPPFLAGS="-fstack-protector-strong -fPIE -D_FORTIFY_SOURCE=2 -O2" \
++	CGO_LDFLAGS_ALLOW='-Wl,-z,relro,-z,now' \
++	CGO_LDFLAGS="-Wl,-z,relro,-z,now -Wl,-z,noexecstack" \
++	$(GO) build -buildmode=pie ${GO_BUILD_FLAGS} -o $@ ${SHIM_GO_LDFLAGS} ${GO_TAGS} ./cmd/containerd-shim-runc-v2
+ 
+ binaries: $(BINARIES) ## build binaries
+ 	@echo "$(WHALE) $@"
+-- 
+2.33.0
+
diff --git a/patch/0036-containerd-modify-makefile-options.patch b/patch/0036-containerd-modify-makefile-options.patch
new file mode 100644
index 0000000..547a61d
--- /dev/null
+++ b/patch/0036-containerd-modify-makefile-options.patch
@@ -0,0 +1,60 @@
+From c4c6839a0284188abc5d931e73a73f9730f0509a Mon Sep 17 00:00:00 2001
+From: zhongjiawei <zhongjiawei1@huawei.com>
+Date: Wed, 12 Jun 2024 11:25:10 +0800
+Subject: [PATCH] containerd:modify makefile options
+
+---
+ Makefile | 16 ++++++++--------
+ 1 file changed, 8 insertions(+), 8 deletions(-)
+
+diff --git a/Makefile b/Makefile
+index 9d3b3e5..09957ce 100644
+--- a/Makefile
++++ b/Makefile
+@@ -242,8 +242,8 @@ bin/%: cmd/% FORCE
+ 	mkdir -p $(BEP_DIR)
+ 	@echo "$(WHALE) $@${BINARY_SUFFIX}"
+ 	CGO_ENABLED=1 \
+-	CGO_CFLAGS="-fstack-protector-strong -D_FORTIFY_SOURCE=2 -O2" \
+-	CGO_CPPFLAGS="-fstack-protector-strong -D_FORTIFY_SOURCE=2 -O2" \
++	CGO_CFLAGS="-fstack-protector-all -D_FORTIFY_SOURCE=2 -O2" \
++	CGO_CPPFLAGS="-fstack-protector-all -D_FORTIFY_SOURCE=2 -O2" \
+ 	CGO_LDFLAGS_ALLOW='-Wl,-z,relro,-z,now' \
+ 	CGO_LDFLAGS="-Wl,-z,relro,-z,now -Wl,-z,noexecstack" \
+ 	go build ${GO_GCFLAGS} ${GO_BUILD_FLAGS} -o $@${BINARY_SUFFIX} ${SHIM_GO_LDFLAGS} ${GO_TAGS}  ./$<
+@@ -251,8 +251,8 @@ bin/%: cmd/% FORCE
+ bin/containerd-shim: cmd/containerd-shim FORCE # set !cgo and omit pie for a static shim build: https://github.com/golang/go/issues/17789#issuecomment-258542220
+ 	@echo "$(WHALE) $@"
+ 	CGO_ENABLED=1 \
+-	CGO_CFLAGS="-fstack-protector-strong -fPIE -D_FORTIFY_SOURCE=2 -O2" \
+-	CGO_CPPFLAGS="-fstack-protector-strong -fPIE -D_FORTIFY_SOURCE=2 -O2" \
++	CGO_CFLAGS="-fstack-protector-all -fPIE -D_FORTIFY_SOURCE=2 -O2" \
++	CGO_CPPFLAGS="-fstack-protector-all -fPIE -D_FORTIFY_SOURCE=2 -O2" \
+ 	CGO_LDFLAGS_ALLOW='-Wl,-z,relro,-z,now' \
+ 	CGO_LDFLAGS="-Wl,-z,relro,-z,now -Wl,-z,noexecstack" \
+ 	go build -buildmode=pie ${GO_BUILD_FLAGS} -o bin/containerd-shim ${SHIM_GO_LDFLAGS} ${GO_TAGS} ./cmd/containerd-shim
+@@ -260,8 +260,8 @@ bin/containerd-shim: cmd/containerd-shim FORCE # set !cgo and omit pie for a sta
+ bin/containerd-shim-runc-v1: cmd/containerd-shim-runc-v1 FORCE # set !cgo and omit pie for a static shim build: https://github.com/golang/go/issues/17789#issuecomment-258542220
+ 	@echo "$(WHALE) $@"
+ 	CGO_ENABLED=1 \
+-	CGO_CFLAGS="-fstack-protector-strong -fPIE -D_FORTIFY_SOURCE=2 -O2" \
+-	CGO_CPPFLAGS="-fstack-protector-strong -fPIE -D_FORTIFY_SOURCE=2 -O2" \
++	CGO_CFLAGS="-fstack-protector-all -fPIC -D_FORTIFY_SOURCE=2 -O2" \
++	CGO_CPPFLAGS="-fstack-protector-all -fPIC -D_FORTIFY_SOURCE=2 -O2" \
+ 	CGO_LDFLAGS_ALLOW='-Wl,-z,relro,-z,now' \
+ 	CGO_LDFLAGS="-Wl,-z,relro,-z,now -Wl,-z,noexecstack" \
+ 	$(GO) build -buildmode=pie ${GO_BUILD_FLAGS} -o $@ ${SHIM_GO_LDFLAGS} ${GO_TAGS} ./cmd/containerd-shim-runc-v1
+@@ -269,8 +269,8 @@ bin/containerd-shim-runc-v1: cmd/containerd-shim-runc-v1 FORCE # set !cgo and om
+ bin/containerd-shim-runc-v2: cmd/containerd-shim-runc-v2 FORCE # set !cgo and omit pie for a static shim build: https://github.com/golang/go/issues/17789#issuecomment-258542220
+ 	@echo "$(WHALE) $@"
+ 	CGO_ENABLED=1 \
+-	CGO_CFLAGS="-fstack-protector-strong -fPIE -D_FORTIFY_SOURCE=2 -O2" \
+-	CGO_CPPFLAGS="-fstack-protector-strong -fPIE -D_FORTIFY_SOURCE=2 -O2" \
++	CGO_CFLAGS="-fstack-protector-all -fPIC -D_FORTIFY_SOURCE=2 -O2" \
++	CGO_CPPFLAGS="-fstack-protector-all -fPIC -D_FORTIFY_SOURCE=2 -O2" \
+ 	CGO_LDFLAGS_ALLOW='-Wl,-z,relro,-z,now' \
+ 	CGO_LDFLAGS="-Wl,-z,relro,-z,now -Wl,-z,noexecstack" \
+ 	$(GO) build -buildmode=pie ${GO_BUILD_FLAGS} -o $@ ${SHIM_GO_LDFLAGS} ${GO_TAGS} ./cmd/containerd-shim-runc-v2
+-- 
+2.33.0
+
diff --git a/series.conf b/series.conf
index ed23048..a60945a 100644
--- a/series.conf
+++ b/series.conf
@@ -31,3 +31,5 @@ patch/0031-containerd-fix-some-containerd-bug.patch
 patch/0032-containerd-vendor-golang.org-x-net-v0.17.0.patch
 patch/0033-containerd-Fix-missing-closed-fifo.patch
 patch/0034-containerd-disable-Transparent-HugePage-for-shim-pro.patch
+patch/0035-containerd-modify-Makefile-for-go-build-options.patch
+patch/0036-containerd-modify-makefile-options.patch
-- 
Gitee