From ab8c5496e00c53fae43ded602a322f1e271f286a Mon Sep 17 00:00:00 2001
From: Nan Liu <108544011+liunan-ms@users.noreply.github.com>
Date: Wed, 18 Dec 2024 10:25:19 -0800
Subject: [PATCH] Add containerd2 package (#11427)

As containerd 2.0 GA recently, we want to provide containerd 2.0 in azure linux 3.0 to enhance our distro. Currently we wanted to keep the current containerd version in the existing package and offer container 2.0 in a new package so that users can try and test as their needs. This PR is adds a new containerd2 package with version 2.0.0.
---
 LICENSES-AND-NOTICES/SPECS/LICENSES-MAP.md    |  2 +-
 LICENSES-AND-NOTICES/SPECS/data/licenses.json |  1 +
 SPECS/containerd2/containerd.service          | 15 ++++
 SPECS/containerd2/containerd.toml             |  9 ++
 SPECS/containerd2/containerd2.signatures.json |  7 ++
 SPECS/containerd2/containerd2.spec            | 85 +++++++++++++++++++
 cgmanifest.json                               | 10 +++
 7 files changed, 128 insertions(+), 1 deletion(-)
 create mode 100644 SPECS/containerd2/containerd.service
 create mode 100644 SPECS/containerd2/containerd.toml
 create mode 100644 SPECS/containerd2/containerd2.signatures.json
 create mode 100644 SPECS/containerd2/containerd2.spec

diff --git a/LICENSES-AND-NOTICES/SPECS/LICENSES-MAP.md b/LICENSES-AND-NOTICES/SPECS/LICENSES-MAP.md
index bf93a05d117..a9942f9ccd1 100644
--- a/LICENSES-AND-NOTICES/SPECS/LICENSES-MAP.md
+++ b/LICENSES-AND-NOTICES/SPECS/LICENSES-MAP.md
@@ -9,7 +9,7 @@ The Azure Linux SPEC files originated from a variety of sources with varying lic
 | Fedora (Copyright Remi Collet) | [CC-BY-SA 4.0](https://creativecommons.org/licenses/by-sa/4.0/legalcode) | libmemcached-awesome <br> librabbitmq |
 | Fedora (ISC) | [ISC License](https://github.com/sarugaku/resolvelib/blob/main/LICENSE) | python-resolvelib |
 | Magnus Edenhill Open Source | [Magnus Edenhill Open Source BSD License](https://github.com/jemalloc/jemalloc/blob/dev/COPYING) | librdkafka |
-| Microsoft | [Microsoft MIT License](/LICENSES-AND-NOTICES/LICENSE.md) | application-gateway-kubernetes-ingress <br> asc <br> azcopy <br> azure-iot-sdk-c <br> azure-nvme-utils <br> azure-storage-cpp <br> azurelinux-release <br> azurelinux-repos <br> azurelinux-rpm-macros <br> azurelinux-sysinfo <br> bazel <br> blobfuse2 <br> bmon <br> bpftrace <br> ccache <br> cert-manager <br> cf-cli <br> check-restart <br> clamav <br> cloud-hypervisor-cvm <br> cmake-fedora <br> containerd <br> coredns <br> dcos-cli <br> debugedit <br> dejavu-fonts <br> distroless-packages <br> docker-buildx <br> docker-cli <br> docker-compose <br> doxygen <br> dtc <br> elixir <br> espeak-ng <br> espeakup <br> flannel <br> fluent-bit <br> freefont <br> gflags <br> gh <br> go-md2man <br> grpc <br> grub2-efi-binary-signed <br> GSL <br> gtk-update-icon-cache <br> helm <br> ig <br> intel-pf-bb-config <br> ivykis <br> jsonbuilder <br> jx <br> kata-containers-cc <br> kata-packages-uvm <br> keda <br> keras <br> kernel-64k-signed <br> kernel-signed <br> kernel-uki <br> kernel-uki-signed <br> kpatch <br> kube-vip-cloud-provider <br> kubernetes <br> libacvp <br> libconfini <br> libconfuse <br> libgdiplus <br> libmaxminddb <br> libmetalink <br> libsafec <br> libuv <br> libxml++ <br> lld <br> local-path-provisioner <br> lsb-release <br> ltp <br> lttng-consume <br> mm-common <br> moby-containerd-cc <br> moby-engine <br> msgpack <br> ncompress <br> networkd-dispatcher <br> nlohmann-json <br> nmap <br> node-problem-detector <br> ntopng <br> opentelemetry-cpp <br> packer <br> pcaudiolib <br> pcre2 <br> perl-Test-Warnings <br> perl-Text-Template <br> pigz <br> prebuilt-ca-certificates <br> prebuilt-ca-certificates-base <br> prometheus-adapter <br> python-cachetools <br> python-cherrypy <br> python-cstruct <br> python-execnet <br> python-google-pasta <br> python-libclang <br> python-libevdev <br> python-logutils <br> python-ml-dtypes <br> python-namex <br> python-nocasedict <br> python-omegaconf <br> python-opt-einsum <br> python-optree <br> python-pecan <br> python-pip <br> python-pyrpm <br> python-remoto <br> python-repoze-lru <br> python-routes <br> python-rsa <br> python-setuptools <br> python-sphinxcontrib-websupport <br> python-tensorboard <br> python-tensorboard-plugin-wit <br> python-yamlloader <br> R <br> rabbitmq-server <br> rocksdb <br> rubygem-addressable <br> rubygem-asciidoctor <br> rubygem-async <br> rubygem-async-http <br> rubygem-async-io <br> rubygem-async-pool <br> rubygem-bindata <br> rubygem-concurrent-ruby <br> rubygem-connection_pool <br> rubygem-console <br> rubygem-cool.io <br> rubygem-deep_merge <br> rubygem-digest-crc <br> rubygem-elastic-transport <br> rubygem-elasticsearch <br> rubygem-elasticsearch-api <br> rubygem-eventmachine <br> rubygem-excon <br> rubygem-faraday <br> rubygem-faraday-em_http <br> rubygem-faraday-em_synchrony <br> rubygem-faraday-excon <br> rubygem-faraday-httpclient <br> rubygem-faraday-multipart <br> rubygem-faraday-net_http <br> rubygem-faraday-net_http_persistent <br> rubygem-faraday-patron <br> rubygem-faraday-rack <br> rubygem-faraday-retry <br> rubygem-ffi <br> rubygem-fiber-local <br> rubygem-fluent-config-regexp-type <br> rubygem-fluent-logger <br> rubygem-fluent-plugin-elasticsearch <br> rubygem-fluent-plugin-kafka <br> rubygem-fluent-plugin-prometheus <br> rubygem-fluent-plugin-prometheus_pushgateway <br> rubygem-fluent-plugin-record-modifier <br> rubygem-fluent-plugin-rewrite-tag-filter <br> rubygem-fluent-plugin-systemd <br> rubygem-fluent-plugin-webhdfs <br> rubygem-fluent-plugin-windows-exporter <br> rubygem-fluentd <br> rubygem-hirb <br> rubygem-hocon <br> rubygem-hoe <br> rubygem-http_parser <br> rubygem-httpclient <br> rubygem-io-event <br> rubygem-jmespath <br> rubygem-ltsv <br> rubygem-mini_portile2 <br> rubygem-minitest <br> rubygem-mocha <br> rubygem-msgpack <br> rubygem-multi_json <br> rubygem-multipart-post <br> rubygem-net-http-persistent <br> rubygem-nio4r <br> rubygem-nokogiri <br> rubygem-oj <br> rubygem-parallel <br> rubygem-power_assert <br> rubygem-prometheus-client <br> rubygem-protocol-hpack <br> rubygem-protocol-http <br> rubygem-protocol-http1 <br> rubygem-protocol-http2 <br> rubygem-public_suffix <br> rubygem-puppet-resource_api <br> rubygem-rdiscount <br> rubygem-rdkafka <br> rubygem-rexml <br> rubygem-ruby-kafka <br> rubygem-ruby-progressbar <br> rubygem-rubyzip <br> rubygem-semantic_puppet <br> rubygem-serverengine <br> rubygem-sigdump <br> rubygem-strptime <br> rubygem-systemd-journal <br> rubygem-test-unit <br> rubygem-thor <br> rubygem-timers <br> rubygem-tzinfo <br> rubygem-tzinfo-data <br> rubygem-webhdfs <br> rubygem-webrick <br> rubygem-yajl-ruby <br> rubygem-zip-zip <br> runc <br> sdbus-cpp <br> sgx-backwards-compatibility <br> shim <br> skopeo <br> span-lite <br> sriov-network-device-plugin <br> SymCrypt <br> SymCrypt-OpenSSL <br> systemd-boot-signed <br> tensorflow <br> tinyxml2 <br> toml11 <br> tracelogging <br> umoci <br> usrsctp <br> vala <br> valkey <br> vnstat <br> zstd |
+| Microsoft | [Microsoft MIT License](/LICENSES-AND-NOTICES/LICENSE.md) | application-gateway-kubernetes-ingress <br> asc <br> azcopy <br> azure-iot-sdk-c <br> azure-nvme-utils <br> azure-storage-cpp <br> azurelinux-release <br> azurelinux-repos <br> azurelinux-rpm-macros <br> azurelinux-sysinfo <br> bazel <br> blobfuse2 <br> bmon <br> bpftrace <br> ccache <br> cert-manager <br> cf-cli <br> check-restart <br> clamav <br> cloud-hypervisor-cvm <br> cmake-fedora <br> containerd <br> containerd2 <br> coredns <br> dcos-cli <br> debugedit <br> dejavu-fonts <br> distroless-packages <br> docker-buildx <br> docker-cli <br> docker-compose <br> doxygen <br> dtc <br> elixir <br> espeak-ng <br> espeakup <br> flannel <br> fluent-bit <br> freefont <br> gflags <br> gh <br> go-md2man <br> grpc <br> grub2-efi-binary-signed <br> GSL <br> gtk-update-icon-cache <br> helm <br> ig <br> intel-pf-bb-config <br> ivykis <br> jsonbuilder <br> jx <br> kata-containers-cc <br> kata-packages-uvm <br> keda <br> keras <br> kernel-64k-signed <br> kernel-signed <br> kernel-uki <br> kernel-uki-signed <br> kpatch <br> kube-vip-cloud-provider <br> kubernetes <br> libacvp <br> libconfini <br> libconfuse <br> libgdiplus <br> libmaxminddb <br> libmetalink <br> libsafec <br> libuv <br> libxml++ <br> lld <br> local-path-provisioner <br> lsb-release <br> ltp <br> lttng-consume <br> mm-common <br> moby-containerd-cc <br> moby-engine <br> msgpack <br> ncompress <br> networkd-dispatcher <br> nlohmann-json <br> nmap <br> node-problem-detector <br> ntopng <br> opentelemetry-cpp <br> packer <br> pcaudiolib <br> pcre2 <br> perl-Test-Warnings <br> perl-Text-Template <br> pigz <br> prebuilt-ca-certificates <br> prebuilt-ca-certificates-base <br> prometheus-adapter <br> python-cachetools <br> python-cherrypy <br> python-cstruct <br> python-execnet <br> python-google-pasta <br> python-libclang <br> python-libevdev <br> python-logutils <br> python-ml-dtypes <br> python-namex <br> python-nocasedict <br> python-omegaconf <br> python-opt-einsum <br> python-optree <br> python-pecan <br> python-pip <br> python-pyrpm <br> python-remoto <br> python-repoze-lru <br> python-routes <br> python-rsa <br> python-setuptools <br> python-sphinxcontrib-websupport <br> python-tensorboard <br> python-tensorboard-plugin-wit <br> python-yamlloader <br> R <br> rabbitmq-server <br> rocksdb <br> rubygem-addressable <br> rubygem-asciidoctor <br> rubygem-async <br> rubygem-async-http <br> rubygem-async-io <br> rubygem-async-pool <br> rubygem-bindata <br> rubygem-concurrent-ruby <br> rubygem-connection_pool <br> rubygem-console <br> rubygem-cool.io <br> rubygem-deep_merge <br> rubygem-digest-crc <br> rubygem-elastic-transport <br> rubygem-elasticsearch <br> rubygem-elasticsearch-api <br> rubygem-eventmachine <br> rubygem-excon <br> rubygem-faraday <br> rubygem-faraday-em_http <br> rubygem-faraday-em_synchrony <br> rubygem-faraday-excon <br> rubygem-faraday-httpclient <br> rubygem-faraday-multipart <br> rubygem-faraday-net_http <br> rubygem-faraday-net_http_persistent <br> rubygem-faraday-patron <br> rubygem-faraday-rack <br> rubygem-faraday-retry <br> rubygem-ffi <br> rubygem-fiber-local <br> rubygem-fluent-config-regexp-type <br> rubygem-fluent-logger <br> rubygem-fluent-plugin-elasticsearch <br> rubygem-fluent-plugin-kafka <br> rubygem-fluent-plugin-prometheus <br> rubygem-fluent-plugin-prometheus_pushgateway <br> rubygem-fluent-plugin-record-modifier <br> rubygem-fluent-plugin-rewrite-tag-filter <br> rubygem-fluent-plugin-systemd <br> rubygem-fluent-plugin-webhdfs <br> rubygem-fluent-plugin-windows-exporter <br> rubygem-fluentd <br> rubygem-hirb <br> rubygem-hocon <br> rubygem-hoe <br> rubygem-http_parser <br> rubygem-httpclient <br> rubygem-io-event <br> rubygem-jmespath <br> rubygem-ltsv <br> rubygem-mini_portile2 <br> rubygem-minitest <br> rubygem-mocha <br> rubygem-msgpack <br> rubygem-multi_json <br> rubygem-multipart-post <br> rubygem-net-http-persistent <br> rubygem-nio4r <br> rubygem-nokogiri <br> rubygem-oj <br> rubygem-parallel <br> rubygem-power_assert <br> rubygem-prometheus-client <br> rubygem-protocol-hpack <br> rubygem-protocol-http <br> rubygem-protocol-http1 <br> rubygem-protocol-http2 <br> rubygem-public_suffix <br> rubygem-puppet-resource_api <br> rubygem-rdiscount <br> rubygem-rdkafka <br> rubygem-rexml <br> rubygem-ruby-kafka <br> rubygem-ruby-progressbar <br> rubygem-rubyzip <br> rubygem-semantic_puppet <br> rubygem-serverengine <br> rubygem-sigdump <br> rubygem-strptime <br> rubygem-systemd-journal <br> rubygem-test-unit <br> rubygem-thor <br> rubygem-timers <br> rubygem-tzinfo <br> rubygem-tzinfo-data <br> rubygem-webhdfs <br> rubygem-webrick <br> rubygem-yajl-ruby <br> rubygem-zip-zip <br> runc <br> sdbus-cpp <br> sgx-backwards-compatibility <br> shim <br> skopeo <br> span-lite <br> sriov-network-device-plugin <br> SymCrypt <br> SymCrypt-OpenSSL <br> systemd-boot-signed <br> tensorflow <br> tinyxml2 <br> toml11 <br> tracelogging <br> umoci <br> usrsctp <br> vala <br> valkey <br> vnstat <br> zstd |
 | Netplan source | [GPLv3](https://github.com/canonical/netplan/blob/main/COPYING) | netplan |
 | Numad source | [LGPLv2 License](https://www.gnu.org/licenses/old-licenses/lgpl-2.1.txt) | numad |
 | NVIDIA | [ASL 2.0 License and spec specific licenses](http://www.apache.org/licenses/LICENSE-2.0) | libnvidia-container <br> mlnx-tools <br> mlx-bootctl <br> nvidia-container-toolkit <br> ofed-scripts <br> perftest |
diff --git a/LICENSES-AND-NOTICES/SPECS/data/licenses.json b/LICENSES-AND-NOTICES/SPECS/data/licenses.json
index 51aec95013e..80f62df89c0 100644
--- a/LICENSES-AND-NOTICES/SPECS/data/licenses.json
+++ b/LICENSES-AND-NOTICES/SPECS/data/licenses.json
@@ -2223,6 +2223,7 @@
                 "cloud-hypervisor-cvm",
                 "cmake-fedora",
                 "containerd",
+                "containerd2",
                 "coredns",
                 "dcos-cli",
                 "debugedit",
diff --git a/SPECS/containerd2/containerd.service b/SPECS/containerd2/containerd.service
new file mode 100644
index 00000000000..06b501178b9
--- /dev/null
+++ b/SPECS/containerd2/containerd.service
@@ -0,0 +1,15 @@
+[Unit]
+Description=containerd container runtime
+Documentation=https://containerd.io
+After=network.target
+
+[Service]
+ExecStartPre=/sbin/modprobe overlay
+ExecStart=/usr/bin/containerd
+Restart=always
+Delegate=yes
+KillMode=process
+OOMScoreAdjust=-999
+
+[Install]
+WantedBy=multi-user.target
diff --git a/SPECS/containerd2/containerd.toml b/SPECS/containerd2/containerd.toml
new file mode 100644
index 00000000000..422716a3c33
--- /dev/null
+++ b/SPECS/containerd2/containerd.toml
@@ -0,0 +1,9 @@
+version = 2
+[plugins]
+  [plugins."io.containerd.grpc.v1.cri"]
+   [plugins."io.containerd.grpc.v1.cri".containerd]
+      [plugins."io.containerd.grpc.v1.cri".containerd.runtimes]
+        [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
+          runtime_type = "io.containerd.runc.v2"
+          [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
+            SystemdCgroup = true
\ No newline at end of file
diff --git a/SPECS/containerd2/containerd2.signatures.json b/SPECS/containerd2/containerd2.signatures.json
new file mode 100644
index 00000000000..d49f7f913eb
--- /dev/null
+++ b/SPECS/containerd2/containerd2.signatures.json
@@ -0,0 +1,7 @@
+{
+ "Signatures": {
+  "containerd.service": "a07bfcf412669b06673190b0779f48e652c9adcf1758289e849a00802804eec8",
+  "containerd.toml": "5b3821236f09b4c858e0e098bbe1400f4dbbb47d360e39d21c61858b088c2896",
+  "containerd-2.0.0.tar.gz": "346d644e1b96e1f4a39bfe9d1eb0eb01ca676f806c12d95e5dbe35325bbc1780"
+ }
+}
\ No newline at end of file
diff --git a/SPECS/containerd2/containerd2.spec b/SPECS/containerd2/containerd2.spec
new file mode 100644
index 00000000000..79013cc94f4
--- /dev/null
+++ b/SPECS/containerd2/containerd2.spec
@@ -0,0 +1,85 @@
+%global debug_package %{nil}
+%define upstream_name containerd
+%define commit_hash 207ad711eabd375a01713109a8a197d197ff6542
+
+Summary: Industry-standard container runtime
+Name: %{upstream_name}2
+Version: 2.0.0
+Release: 1%{?dist}
+License: ASL 2.0
+Group: Tools/Container
+URL: https://www.containerd.io
+Vendor: Microsoft Corporation
+Distribution: Azure Linux
+
+Source0: https://github.com/containerd/containerd/archive/v%{version}.tar.gz#/%{upstream_name}-%{version}.tar.gz
+Source1: containerd.service
+Source2: containerd.toml
+
+%{?systemd_requires}
+
+BuildRequires: golang
+BuildRequires: go-md2man
+BuildRequires: make
+BuildRequires: systemd-rpm-macros
+
+Requires: runc >= 1.2.2
+
+%description
+containerd is an industry-standard container runtime with an emphasis on
+simplicity, robustness and portability. It is available as a daemon for Linux
+and Windows, which can manage the complete container lifecycle of its host
+system: image transfer and storage, container execution and supervision,
+low-level storage and network attachments, etc.
+
+containerd is designed to be embedded into a larger system, rather than being
+used directly by developers or end-users.
+
+%prep
+%autosetup -p1 -n %{upstream_name}-%{version}
+
+%build
+export BUILDTAGS="-mod=vendor"
+make VERSION="%{version}" REVISION="%{commit_hash}" binaries man
+
+%check
+export BUILDTAGS="-mod=vendor"
+make VERSION="%{version}" REVISION="%{commit_hash}" test
+
+%install
+make VERSION="%{version}" REVISION="%{commit_hash}" DESTDIR="%{buildroot}" PREFIX="/usr" install install-man
+
+mkdir -p %{buildroot}/%{_unitdir}
+install -D -p -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/containerd.service
+install -D -p -m 0644 %{SOURCE2} %{buildroot}%{_sysconfdir}/containerd/config.toml
+install -vdm 755 %{buildroot}/opt/containerd/{bin,lib}
+
+%post
+%systemd_post containerd.service
+
+if [ $1 -eq 1 ]; then # Package install
+	systemctl enable containerd.service > /dev/null 2>&1 || :
+	systemctl start containerd.service > /dev/null 2>&1 || :
+fi
+
+%preun
+%systemd_preun containerd.service
+
+%postun
+%systemd_postun_with_restart containerd.service
+
+%files
+%license LICENSE NOTICE
+%{_bindir}/*
+%{_mandir}/*
+%config(noreplace) %{_unitdir}/containerd.service
+%config(noreplace) %{_sysconfdir}/containerd/config.toml
+%dir /opt/containerd
+%dir /opt/containerd/bin
+%dir /opt/containerd/lib
+
+%changelog
+* Wed Dec 11 2024 Nan Liu <liunan@microsoft.com> - 2.0.0-1
+- Created a standalone package for containerd 2.0.0
+- Initial CBL-Mariner import from Azure
+- Initial version and License verified
\ No newline at end of file
diff --git a/cgmanifest.json b/cgmanifest.json
index f5b99318796..a835a331c21 100644
--- a/cgmanifest.json
+++ b/cgmanifest.json
@@ -2022,6 +2022,16 @@
         }
       }
     },
+    {
+      "component": {
+        "type": "other",
+        "other": {
+          "name": "containerd2",
+          "version": "2.0.0",
+          "downloadUrl": "https://github.com/containerd/containerd/archive/v2.0.0.tar.gz"
+        }
+      }
+    },
     {
       "component": {
         "type": "other",