%global _trivial .0 %global _buildid .2 %global debug_package %{nil} %if 0%{?amzn} > 2 %global requires_systemd_macros false %endif # soci-snapshotter %global soci_release 0.11.1 %global soci_commit 28781de6731978b2e2f0f43573a345e9fa14dbd1 %global soci_package github.com/awslabs/soci-snapshotter %global soci_go_ldflags -ldflags '-s -w -X %{soci_package}/version.Version=v%{soci_release} -X %{soci_package}/version.Revision=%{soci_commit}' Name: soci-snapshotter Version: %{soci_release} Release: 1%{?dist}%{?_trivial}%{?_buildid} License: ASL 2.0 Summary: A containerd snapshotter plugin which enables standard OCI images to be lazily loaded without requiring a build-time conversion step. # from https://%{soci_package}/archive/refs/tags/v%{soci_release}.tar.gz Source0: soci-snapshotter-v%{soci_release}.tar.gz Source1: soci-snapshotter-v%{soci_release}-vendor.tar.gz Source2: soci-snapshotter.service Source3: soci-snapshotter-grpc.toml Patch1000: 1000-Remove-image-if-rebase-or-initial-fetch-fails.patch # Runtime requirements Provides: soci-snapshotter = %{soci_release} # Compilation requirements BuildRequires: golang >= 1.24.4, git, make, zlib-devel, zlib, zlib-static %if 0%{?amzn} > 2 # this macro package doesn't exist on AL2 BuildRequires: systemd-rpm-macros %endif %description SOCI Snapshotter is a containerd snapshotter plugin. It enables standard OCI images to be lazily loaded without requiring a build-time conversion step. "SOCI" is short for "Seekable OCI", and is pronounced "so-CHEE". %prep # extract soci %setup %patch1000 -p1 # extract vendor archive %setup -T -D -b 1 %build pushd ./cmd go build -o "./../out/soci-snapshotter-grpc" %{soci_go_ldflags} ./soci-snapshotter-grpc go build -o "./../out/soci" %{soci_go_ldflags} ./soci popd %install install -d %{buildroot}%{_bindir} install -D -p -m 0744 ./out/soci %{buildroot}%{_bindir}/soci install -D -p -m 0744 ./out/soci-snapshotter-grpc %{buildroot}%{_bindir}/soci-snapshotter-grpc install -d %{buildroot}%{_sharedstatedir}/soci-snapshotter-grpc install -D -p -m 0644 %{S:2} %{buildroot}%{_unitdir}/soci-snapshotter.service install -D -p -m 0644 %{S:3} %{buildroot}%{_sysconfdir}/soci-snapshotter-grpc/config.toml %if 0%{?amzn} == 2 # On a fresh install of container-selinux, or updating from selinux-policy in # amzn2-core to one that more closely tracks upstream, we need to relabel critical # files to pick up changes to file_contexts introduced by those packages. %define selinux_relabel_paths %{_bindir}/soci \ %{_bindir}/soci-snapshotter-grpc \ %{_sysconfdir}/soci-snapshotter-grpc \ %{_sharedstatedir}/soci-snapshotter-grpc %define do_selinux_relabel() /usr/sbin/selinuxenabled && /usr/sbin/restorecon -r %* %triggerin -- container-selinux if [ $1 -eq 1 ]; then # new install, not update %{do_selinux_relabel} %{selinux_relabel_paths} ||: fi %endif %files # soci-snapshotter %config(noreplace) %{_sysconfdir}/soci-snapshotter-grpc/config.toml %{_bindir}/soci %{_bindir}/soci-snapshotter-grpc %{_unitdir}/soci-snapshotter.service %{_sharedstatedir}/soci-snapshotter-grpc %post %systemd_post soci-snapshotter-grpc %preun %systemd_preun soci-snapshotter-grpc %postun %systemd_postun_with_restart soci-snapshotter-grpc %changelog * Tue Aug 12 2025 David Son - soci-snapshotter-0.11.1-1.amzn2.0.2 - Drop containerd dependency * Wed Jul 09 2025 David Son - soci-snapshotter-0.11.1-1.amzn2.0.1 - Update to 0.11.1 from upstream * Wed Jun 18 2025 Justin Alvarez - soci-snapshotter-0.9.0-1.amzn2023.0.4 - Rebuild with golang 1.24.4 to fix CVE-2025-4673 and CVE-2025-22874 * Fri May 09 2025 Arjun Raja Yogidas - soci-snapshotter-0.9.0-1.amzn2023.0.3 - Fix CVE-2025-22872 - Backport patch https://github.com/awslabs/soci-snapshotter/pull/1514 * Fri May 09 2025 Arjun Raja Yogidas - soci-snapshotter-0.9.0-1.amzn2023.0.2 - Fix CVE-2025-22872 - Backport patch https://github.com/awslabs/soci-snapshotter/pull/1514 * Thu Feb 06 2025 Austin Vazquez - soci-snapshotter-0.9.0-1.amzn2023.0.1 - Update to 0.9.0 from upstream * Mon Nov 04 2024 David Son - soci-snapshotter-0.8.0-1.amzn2023.0.1 - Update to 0.8.0 from upstream * Mon Sep 23 2024 Justin Alvarez - soci-snapshotter-0.7.0-1.amzn2023.0.2 - Update systemd service name * Fri Sep 06 2024 Justin Alvarez - soci-snapshotter-0.7.0-1.amzn2023.0.1 - First release on Amazon Linux * Mon Jul 22 2024 Justin Alvarez - 0.7.0 - Update to 0.7.0 from upstream