From 5e2df8316b2a140b1fbe4b597e83e5a283011873 Mon Sep 17 00:00:00 2001
From: Tianon Gravi <admwiggin@gmail.com>
Date: Mon, 25 Nov 2024 22:21:00 -0800
Subject: [PATCH] Add explicit containerd 1.7.x builds

Closes #859
---
 containerd/Dockerfile.1.7 | 75 +++++++++++++++++++++++++++++++++++++++
 containerd/versions.json  | 39 ++++++++++++++++++++
 containerd/versions.sh    |  4 ++-
 3 files changed, 117 insertions(+), 1 deletion(-)
 create mode 100644 containerd/Dockerfile.1.7

diff --git a/containerd/Dockerfile.1.7 b/containerd/Dockerfile.1.7
new file mode 100644
index 00000000000..c4db32b60ce
--- /dev/null
+++ b/containerd/Dockerfile.1.7
@@ -0,0 +1,75 @@
+#
+# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh"
+#
+# PLEASE DO NOT EDIT IT DIRECTLY.
+#
+
+FROM debian:bookworm-slim
+
+# runtime deps
+RUN set -eux; \
+	apt-get update; \
+	apt-get install -y --no-install-recommends \
+		ca-certificates \
+		wget \
+	; \
+	rm -rf /var/lib/apt/lists/*
+
+# https://github.com/docker/docker/tree/master/hack/dind
+ENV DIND_COMMIT 65cfcc28ab37cb75e1560e4b4738719c07c6618e
+RUN set -eux; \
+	wget -O /usr/local/bin/dind "https://raw.githubusercontent.com/docker/docker/${DIND_COMMIT}/hack/dind"; \
+	sh -n /usr/local/bin/dind; \
+	chmod +x /usr/local/bin/dind
+
+# https://github.com/opencontainers/runc/releases
+ENV RUNC_VERSION 1.2.2
+RUN set -eux; \
+	dpkgArch="$(dpkg --print-architecture)"; \
+	case "$dpkgArch" in \
+		'amd64') url='https://github.com/opencontainers/runc/releases/download/v1.2.2/runc.amd64'; sha256='a34f5ab4fc1df1f456293c3d797a76f2d41cf3cd970bb49fc53ba94bbc8a5cf6' ;; \
+		'i386') url='https://github.com/opencontainers/runc/releases/download/v1.2.2/runc.386'; sha256='7d05edbb10405f3fa77d8e6b3646cab4ca07a67c21110fcdc05d2e33224bf253' ;; \
+		'arm64') url='https://github.com/opencontainers/runc/releases/download/v1.2.2/runc.arm64'; sha256='bfd3e6c58bd6060eaa725520c31cbc8f6386ac7606e65bfa7fe9084100aa1789' ;; \
+		'armhf') url='https://github.com/opencontainers/runc/releases/download/v1.2.2/runc.armhf'; sha256='78b8eb427e4b55431edc1d73772889f0905b7ae9f1273839fe9478edc1a99949' ;; \
+		'ppc64el') url='https://github.com/opencontainers/runc/releases/download/v1.2.2/runc.ppc64le'; sha256='9af46fe0bdc654c72593a937806ca034ffbbf4f62f25c1de7a40b5b0f4374de7' ;; \
+		'riscv64') url='https://github.com/opencontainers/runc/releases/download/v1.2.2/runc.riscv64'; sha256='cc169ba3fe80981759034c5ebcb20534d90c4d3e8e6825950bc2c192f800bd0b' ;; \
+		's390x') url='https://github.com/opencontainers/runc/releases/download/v1.2.2/runc.s390x'; sha256='33fe3bab8d12a43f0499fc018abbac2536e61c0c30bc9e962df363549ae58b34' ;; \
+		*) echo >&2 "error: unsupported architecture: '$dpkgArch'"; exit 1 ;; \
+	esac; \
+# TODO $url.asc (see https://github.com/opencontainers/runc/releases)
+	wget -O /usr/local/bin/runc "$url" --progress=dot:giga; \
+	echo "$sha256 */usr/local/bin/runc" | sha256sum --strict --check -; \
+	chmod +x /usr/local/bin/runc; \
+	runc --version
+
+# https://github.com/containerd/containerd/releases
+ENV CONTAINERD_VERSION 1.7.24
+RUN set -eux; \
+	dpkgArch="$(dpkg --print-architecture)"; \
+	case "$dpkgArch" in \
+		'amd64') url='https://github.com/containerd/containerd/releases/download/v1.7.24/containerd-1.7.24-linux-amd64.tar.gz'; sha256='1a94f15139f37633f39e24f08a4071f4533b285df3cbee6478972d26147bcaef' ;; \
+		'arm64') url='https://github.com/containerd/containerd/releases/download/v1.7.24/containerd-1.7.24-linux-arm64.tar.gz'; sha256='420406d2b34ebb422ab3755fbeede59bf3bfcfccf5cfa584b558c93769d99064' ;; \
+		'ppc64el') url='https://github.com/containerd/containerd/releases/download/v1.7.24/containerd-1.7.24-linux-ppc64le.tar.gz'; sha256='2ca4d527dac68132a2a6b3971d82ddfd18edc7fa838b7cfcfe6eb11efd017871' ;; \
+		'riscv64') url='https://github.com/containerd/containerd/releases/download/v1.7.24/containerd-1.7.24-linux-riscv64.tar.gz'; sha256='e570544ef0339caedc5daf54360d385d84dbc6d0070577ac561f19d51b5d59de' ;; \
+		's390x') url='https://github.com/containerd/containerd/releases/download/v1.7.24/containerd-1.7.24-linux-s390x.tar.gz'; sha256='353ed879ff2e298d97f9d690b96bf9f1ece58b5adf291da32f900b5352bcc690' ;; \
+		*) echo >&2 "error: unsupported architecture: '$dpkgArch'"; exit 1 ;; \
+	esac; \
+	wget -O containerd.tar.gz "$url" --progress=dot:giga; \
+	echo "$sha256 *containerd.tar.gz" | sha256sum --strict --check -; \
+	tar -xvf containerd.tar.gz -C /usr/local/; \
+	rm containerd.tar.gz; \
+	containerd --version
+
+RUN set -eux; \
+	mkdir -p /run/containerd /var/lib/containerd; \
+	chmod 1777 /run/containerd /var/lib/containerd
+
+VOLUME /var/lib/containerd
+
+# add an entrypoint that does clever things if the container is run as non-root (cannot run containers, but content/image stores should work fine)
+COPY docker-entrypoint.sh /usr/local/bin/
+ENTRYPOINT ["docker-entrypoint.sh"]
+CMD ["containerd"]
+
+# the entrypoint will try to automatically determine intent based on uid/gid (and include the "dind" wrapper automatically)
+# if it does not, use "docker run ... dind containerd" if you want to run real containers (with "--privileged")
diff --git a/containerd/versions.json b/containerd/versions.json
index 6032ba25678..3deebe83bc1 100644
--- a/containerd/versions.json
+++ b/containerd/versions.json
@@ -38,6 +38,7 @@
   "variants": [
     "",
     "rc",
+    "1.7",
     "1.6"
   ],
   "rc": {
@@ -78,6 +79,44 @@
       }
     }
   },
+  "1.7": {
+    "commit": "88bf19b2105c8b17560993bee28a01ddc2f97182",
+    "ref": "refs/tags/v1.7.24^{}",
+    "tag": "v1.7.24",
+    "version": "1.7.24",
+    "arches": {
+      "amd64": {
+        "url": "https://github.com/containerd/containerd/releases/download/v1.7.24/containerd-1.7.24-linux-amd64.tar.gz",
+        "sha256": "1a94f15139f37633f39e24f08a4071f4533b285df3cbee6478972d26147bcaef",
+        "dpkgArch": "amd64"
+      },
+      "arm64v8": {
+        "url": "https://github.com/containerd/containerd/releases/download/v1.7.24/containerd-1.7.24-linux-arm64.tar.gz",
+        "sha256": "420406d2b34ebb422ab3755fbeede59bf3bfcfccf5cfa584b558c93769d99064",
+        "dpkgArch": "arm64"
+      },
+      "ppc64le": {
+        "url": "https://github.com/containerd/containerd/releases/download/v1.7.24/containerd-1.7.24-linux-ppc64le.tar.gz",
+        "sha256": "2ca4d527dac68132a2a6b3971d82ddfd18edc7fa838b7cfcfe6eb11efd017871",
+        "dpkgArch": "ppc64el"
+      },
+      "riscv64": {
+        "url": "https://github.com/containerd/containerd/releases/download/v1.7.24/containerd-1.7.24-linux-riscv64.tar.gz",
+        "sha256": "e570544ef0339caedc5daf54360d385d84dbc6d0070577ac561f19d51b5d59de",
+        "dpkgArch": "riscv64"
+      },
+      "s390x": {
+        "url": "https://github.com/containerd/containerd/releases/download/v1.7.24/containerd-1.7.24-linux-s390x.tar.gz",
+        "sha256": "353ed879ff2e298d97f9d690b96bf9f1ece58b5adf291da32f900b5352bcc690",
+        "dpkgArch": "s390x"
+      },
+      "windows-amd64": {
+        "url": "https://github.com/containerd/containerd/releases/download/v1.7.24/containerd-1.7.24-windows-amd64.tar.gz",
+        "sha256": "3260984ce37c927a8d1de4c25471ebb0533abb5b9e6c4e30e3685df0ecbfb629",
+        "dpkgArch": null
+      }
+    }
+  },
   "1.6": {
     "commit": "88c3d9bc5b5a193f40b7c14fa996d23532d6f956",
     "ref": "refs/tags/v1.6.36^{}",
diff --git a/containerd/versions.sh b/containerd/versions.sh
index 4f227ede1d4..39c2600504f 100755
--- a/containerd/versions.sh
+++ b/containerd/versions.sh
@@ -11,7 +11,9 @@ variants=(
 	''
 	'rc'
 
-	#'1.7' # TODO add this once 2.0 is stable
+	# https://containerd.io/releases/#support-horizon
+	# https://endoflife.date/containerd
+	'1.7'
 	'1.6'
 
 	# TODO add this when I figure out a clean way to do something more akin to a "weekly snapshot" or something so it doesn't have an update every single day (see also "buildkit")