# Bellow definitions are used to deliver config files from a particular branch

# of c/image, c/common, c/storage vendored in all podman, skopeo, buildah.

# These vendored components must have the same version. If it is not the case,

# pick the oldest version on c/image, c/common, c/storage vendored in

# podman/skopeo/podman.

%global skopeo_branch main

%global image_branch v5.16.0

%global common_branch v0.44.3

%global storage_branch v1.36.0

%global shortnames_branch main

Epoch: 2

Name: containers-common

Version: 1

Release: 13%{?dist}

Summary: Common configuration and documentation for containers

License: ASL 2.0

BuildArch: noarch

BuildRequires: go-md2man

Provides: skopeo-containers = %{epoch}:%{version}-%{release}

Requires: (container-selinux >= 2:2.162.1 if selinux-policy)

Requires: oci-runtime

%if 0%{?rhel} >= 9 || 0%{?fedora}

Requires: crun >= 0.19

%else

Requires: runc

%endif

Requires: system-release

Suggests: subscription-manager

Recommends: fuse-overlayfs

Recommends: slirp4netns

Source1: https://raw.githubusercontent.com/containers/storage/%{storage_branch}/storage.conf

Source2: https://raw.githubusercontent.com/containers/storage/%{storage_branch}/docs/containers-storage.conf.5.md

Source3: mounts.conf

Source4: https://raw.githubusercontent.com/containers/image/%{image_branch}/docs/containers-registries.conf.5.md

#Source5: https://raw.githubusercontent.com/containers/image/%%{image_branch}/registries.conf

Source5: registries.conf

Source6: https://raw.githubusercontent.com/containers/image/%{image_branch}/docs/containers-policy.json.5.md

Source7: https://raw.githubusercontent.com/containers/common/%{common_branch}/pkg/seccomp/seccomp.json

Source8: https://raw.githubusercontent.com/containers/common/%{common_branch}/docs/containers-mounts.conf.5.md

Source9: https://raw.githubusercontent.com/containers/image/%{image_branch}/docs/containers-signature.5.md

Source10: https://raw.githubusercontent.com/containers/image/%{image_branch}/docs/containers-transports.5.md

Source11: https://raw.githubusercontent.com/containers/image/%{image_branch}/docs/containers-certs.d.5.md

Source12: https://raw.githubusercontent.com/containers/image/%{image_branch}/docs/containers-registries.d.5.md

Source13: https://raw.githubusercontent.com/containers/common/%{common_branch}/pkg/config/containers.conf

Source14: https://raw.githubusercontent.com/containers/common/%{common_branch}/docs/containers.conf.5.md

Source15: https://raw.githubusercontent.com/containers/image/%{image_branch}/docs/containers-auth.json.5.md

Source16: https://raw.githubusercontent.com/containers/image/%{image_branch}/docs/containers-registries.conf.d.5.md

Source17: https://raw.githubusercontent.com/containers/shortnames/%{shortnames_branch}/shortnames.conf

Source19: 001-rhel-shortnames-pyxis.conf

Source20: 002-rhel-shortnames-overrides.conf

Source21: RPM-GPG-KEY-redhat-release

Source22: registry.access.redhat.com.yaml

Source23: registry.redhat.io.yaml

#Source24: https://raw.githubusercontent.com/containers/skopeo/%%{skopeo_branch}/default-policy.json

Source24: default-policy.json

Source25: https://raw.githubusercontent.com/containers/skopeo/%{skopeo_branch}/default.yaml

# scripts used for synchronization with upstream and shortname generation

Source100: update.sh

Source101: update-vendored.sh

Source102: pyxis.sh

%description

This package contains common configuration files and documentation for container

tools ecosystem, such as Podman, Buildah and Skopeo.

It is required because the most of configuration files and docs come from projects

which are vendored into Podman, Buildah, Skopeo, etc. but they are not packaged

separately.

%prep

%build

%install

install -dp %{buildroot}%{_sysconfdir}/containers/{certs.d,oci/hooks.d,registries.d,registries.conf.d}

install -m0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/containers/storage.conf

install -m0644 %{SOURCE5} %{buildroot}%{_sysconfdir}/containers/registries.conf

install -m0644 %{SOURCE17} %{buildroot}%{_sysconfdir}/containers/registries.conf.d/000-shortnames.conf

install -m0644 %{SOURCE19} %{buildroot}%{_sysconfdir}/containers/registries.conf.d/001-rhel-shortnames.conf

install -m0644 %{SOURCE20} %{buildroot}%{_sysconfdir}/containers/registries.conf.d/002-rhel-shortnames-overrides.conf

# for signature verification

%if !0%{?rhel} || 0%{?centos}

install -dp %{buildroot}%{_sysconfdir}/pki/rpm-gpg

install -m0644 %{SOURCE21} %{buildroot}%{_sysconfdir}/pki/rpm-gpg

%endif

install -dp %{buildroot}%{_sysconfdir}/containers/registries.d

install -m0644 %{SOURCE22} %{buildroot}%{_sysconfdir}/containers/registries.d

install -m0644 %{SOURCE23} %{buildroot}%{_sysconfdir}/containers/registries.d

install -m0644 %{SOURCE24} %{buildroot}%{_sysconfdir}/containers/policy.json

install -dp %{buildroot}%{_sharedstatedir}/containers/sigstore

install -m0644 %{SOURCE25} %{buildroot}%{_sysconfdir}/containers/registries.d/default.yaml

# for containers-common

install -dp %{buildroot}%{_mandir}/man5

go-md2man -in %{SOURCE2} -out %{buildroot}%{_mandir}/man5/containers-storage.conf.5

go-md2man -in %{SOURCE4} -out %{buildroot}%{_mandir}/man5/containers-registries.conf.5

go-md2man -in %{SOURCE6} -out %{buildroot}%{_mandir}/man5/containers-policy.json.5

go-md2man -in %{SOURCE8} -out %{buildroot}%{_mandir}/man5/containers-mounts.conf.5

go-md2man -in %{SOURCE9} -out %{buildroot}%{_mandir}/man5/containers-signature.5

go-md2man -in %{SOURCE10} -out %{buildroot}%{_mandir}/man5/containers-transports.5

go-md2man -in %{SOURCE11} -out %{buildroot}%{_mandir}/man5/containers-certs.d.5

go-md2man -in %{SOURCE12} -out %{buildroot}%{_mandir}/man5/containers-registries.d.5

go-md2man -in %{SOURCE14} -out %{buildroot}%{_mandir}/man5/containers.conf.5

go-md2man -in %{SOURCE15} -out %{buildroot}%{_mandir}/man5/containers-auth.json.5

go-md2man -in %{SOURCE16} -out %{buildroot}%{_mandir}/man5/containers-registries.conf.d.5

install -dp %{buildroot}%{_datadir}/containers

install -m0644 %{SOURCE3} %{buildroot}%{_datadir}/containers/mounts.conf

install -m0644 %{SOURCE7} %{buildroot}%{_datadir}/containers/seccomp.json

install -m0644 %{SOURCE13} %{buildroot}%{_datadir}/containers/containers.conf

# install secrets patch directory

install -d -p -m 755 %{buildroot}/%{_datadir}/rhel/secrets

# rhbz#1110876 - update symlinks for subscription management

ln -s %{_sysconfdir}/pki/entitlement %{buildroot}%{_datadir}/rhel/secrets/etc-pki-entitlement

ln -s %{_sysconfdir}/rhsm %{buildroot}%{_datadir}/rhel/secrets/rhsm

ln -s %{_sysconfdir}/yum.repos.d/redhat.repo %{buildroot}%{_datadir}/rhel/secrets/redhat.repo

# ship preconfigured /etc/containers/registries.d/ files with containers-common - #1903813

cat <<EOF > %{buildroot}%{_sysconfdir}/containers/registries.d/registry.access.redhat.com.yaml

docker:

     registry.access.redhat.com:

         sigstore: https://access.redhat.com/webassets/docker/content/sigstore

EOF

cat <<EOF > %{buildroot}%{_sysconfdir}/containers/registries.d/registry.redhat.io.yaml

docker:

     registry.redhat.io:

         sigstore: https://registry.redhat.io/containers/sigstore

EOF

%files

%dir %{_sysconfdir}/containers

%dir %{_sysconfdir}/containers/certs.d

%dir %{_sysconfdir}/containers/registries.d

%{_sysconfdir}/containers/registries.d/registry.redhat.io.yaml

%{_sysconfdir}/containers/registries.d/registry.access.redhat.com.yaml

%dir %{_sysconfdir}/containers/oci

%dir %{_sysconfdir}/containers/oci/hooks.d

%dir %{_sysconfdir}/containers/registries.conf.d

%if !0%{?rhel} || 0%{?centos}

%{_sysconfdir}/pki/rpm-gpg/RPM-GPG-KEY-redhat-release

%endif

%config(noreplace) %{_sysconfdir}/containers/policy.json

%config(noreplace) %{_sysconfdir}/containers/registries.d/default.yaml

%config(noreplace) %{_sysconfdir}/containers/storage.conf

%config(noreplace) %{_sysconfdir}/containers/registries.conf

%config(noreplace) %{_sysconfdir}/containers/registries.conf.d/*.conf

%config(noreplace) %{_sysconfdir}/containers/registries.d/*.yaml

%ghost %{_sysconfdir}/containers/containers.conf

%dir %{_sharedstatedir}/containers/sigstore

%{_mandir}/man5/*

%dir %{_datadir}/containers

%{_datadir}/containers/mounts.conf

%{_datadir}/containers/seccomp.json

%{_datadir}/containers/containers.conf

%dir %{_datadir}/rhel/secrets

%{_datadir}/rhel/secrets/*

%changelog

* Tue Nov 30 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-13

- use log_driver = "journald" and events_logger = "journald" for RHEL9

- Related: #2000051

* Tue Nov 16 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-12

- consume seccomp.json from the oldest vendored version of c/common,

  not main branch

- Related: #2000051

* Fri Nov 12 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-11

- use ubi8/pause as ubi9/pause is not available yet

- Related: #2000051

* Wed Nov 10 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-10

- update vendored components

- Related: #2000051

* Tue Nov 02 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-9

- make log_driver = "k8s-file" default in containers.conf

- Related: #2000051

* Fri Oct 01 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-8

- perform only sanity/installability tests for now

- Related: #2000051

* Wed Sep 29 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-7

- update to the new vendored components

- Related: #2000051

* Wed Sep 29 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-6

- add gating.yaml

- Related: #2000051

* Fri Sep 24 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-5

- update to the new vendored components

- Related: #2000051

* Fri Sep 10 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-4

- fix updating scripts

- Related: #2000051

* Thu Sep 09 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-3

- update to the new vendored components

- Related: #2000051

* Fri Aug 20 2021 Lokesh Mandvekar <lsm5@fedoraproject.org> - 2:1-2

- bump configs to latest versions

- replace ubi9 references with ubi8

- Related: #1970747

* Wed Aug 11 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-1

- initial import

- Related: #1970747