From 5abb220c09ad15a993a8404aa2858496f69b6c3d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=B6ran=20Uddeborg?= Date: Fri, 30 Apr 2021 17:29:29 +0200 Subject: [PATCH] Use OS native runc rather than bundling on RHEL8 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The RPM does provide on runc for most platforms, but not for RHEL8. It does not work there, since there is native package that provides runc that lives in a module stream. Yum fails to find or install a non-modular package when a module provides the same name. For those with access to RedHat pages, some more information is available here: https://access.redhat.com/solutions/5588101 A problem with simply omitting the "provides" from the package is that it will then come in conflict with the native package. It is for example not possible to install both docker and the native podman in parallel. This patch changes the contanerd.io package on RHEL8 to require the native OS version instead of bundling its own copy. With this, parallel installation of docker and podman is again possible. Signed-off-by: Göran Uddeborg --- rpm/containerd.spec | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/rpm/containerd.spec b/rpm/containerd.spec index c1fde145..f3dd589b 100644 --- a/rpm/containerd.spec +++ b/rpm/containerd.spec @@ -30,18 +30,23 @@ AutoReq: no Name: containerd.io Provides: containerd -# For some reason on rhel 8 if we "provide" runc then it makes this package unsearchable +# Since runc lives in in a module stream on RHEL 8, it won't work to provide +# it here. Better to use the OS version. %if 0%{!?el8:1} Provides: runc %endif # Obsolete packages Obsoletes: containerd +%if 0%{!?el8:1} Obsoletes: runc +%endif # Conflicting packages Conflicts: containerd +%if 0%{!?el8:1} Conflicts: runc +%endif Version: %{getenv:RPM_VERSION} Release: %{getenv:RPM_RELEASE_VERSION}%{?dist} @@ -59,6 +64,9 @@ Requires: container-selinux >= 2:2.74 %endif Requires: libseccomp %endif +%if 0%{?el8:1} +Requires: runc +%endif BuildRequires: make BuildRequires: gcc BuildRequires: systemd @@ -92,10 +100,12 @@ fi # symlink the go source path to our build directory ln -s /go/src/%{import_path} %{_topdir}/BUILD +%if 0%{!?el8:1} if [ ! -d %{_topdir}/SOURCES/runc ]; then # Copy over our source code from our gopath to our source directory cp -rf /go/src/github.com/opencontainers/runc %{_topdir}/SOURCES/runc fi +%endif cd %{_topdir}/BUILD/ @@ -115,8 +125,9 @@ rm -f bin/containerd-stress bin/containerd --version bin/ctr --version +%if 0%{!?el8:1} GO111MODULE=off make -C /go/src/github.com/opencontainers/runc BINDIR=%{_topdir}/BUILD/bin BUILDTAGS='seccomp apparmor selinux %{runc_nokmem}' runc install - +%endif %install cd %{_topdir}/BUILD @@ -153,6 +164,9 @@ done %changelog +* Fri Apr 30 2021 Göran Uddeborg +- Use OS version of runc on RHEL8 to avoid conflict with podman. + * Mon Mar 08 2021 Wei Fu - 1.4.4-3.1 - Update to containerd 1.4.4 to address CVE-2021-21334.