# Bellow definitions are used to deliver config files from a particular branch
# of c/image, c/common, c/storage vendored in all podman, skopeo, buildah.
# These vendored components must have the same version. If it is not the case,
# pick the oldest version on c/image, c/common, c/storage vendored in
# podman/skopeo/podman.
%global skopeo_branch main
%global image_branch v5.21.1
%global common_branch v0.48.0
%global storage_branch v1.40.2
%global shortnames_branch main
Epoch: 2
Name: containers-common
Version: 1
Release: 39%{?dist}
Summary: Common configuration and documentation for containers
License: ASL 2.0
BuildRequires: /usr/bin/go-md2man
Provides: skopeo-containers = %{epoch}:%{version}-%{release}
Conflicts: %{name} <= 2:1-22
Obsoletes: %{name} <= 2:1-22
Requires: (container-selinux >= 2:2.162.1 if selinux-policy)
Requires: oci-runtime
%if 0%{?rhel} >= 9 || 0%{?fedora}
Requires: crun >= 0.19
%else
Requires: runc
%endif
Requires: system-release
Suggests: subscription-manager
Recommends: fuse-overlayfs
Recommends: slirp4netns
Source1: https://raw.githubusercontent.com/containers/storage/%{storage_branch}/storage.conf
Source2: https://raw.githubusercontent.com/containers/storage/%{storage_branch}/docs/containers-storage.conf.5.md
Source3: mounts.conf
Source4: https://raw.githubusercontent.com/containers/image/%{image_branch}/docs/containers-registries.conf.5.md
#Source5: https://raw.githubusercontent.com/containers/image/%%{image_branch}/registries.conf
Source5: registries.conf
Source6: https://raw.githubusercontent.com/containers/image/%{image_branch}/docs/containers-policy.json.5.md
Source7: https://raw.githubusercontent.com/containers/common/%{common_branch}/pkg/seccomp/seccomp.json
Source8: https://raw.githubusercontent.com/containers/common/%{common_branch}/docs/containers-mounts.conf.5.md
Source9: https://raw.githubusercontent.com/containers/image/%{image_branch}/docs/containers-signature.5.md
Source10: https://raw.githubusercontent.com/containers/image/%{image_branch}/docs/containers-transports.5.md
Source11: https://raw.githubusercontent.com/containers/image/%{image_branch}/docs/containers-certs.d.5.md
Source12: https://raw.githubusercontent.com/containers/image/%{image_branch}/docs/containers-registries.d.5.md
Source13: https://raw.githubusercontent.com/containers/common/%{common_branch}/pkg/config/containers.conf
Source14: https://raw.githubusercontent.com/containers/common/%{common_branch}/docs/containers.conf.5.md
Source15: https://raw.githubusercontent.com/containers/image/%{image_branch}/docs/containers-auth.json.5.md
Source16: https://raw.githubusercontent.com/containers/image/%{image_branch}/docs/containers-registries.conf.d.5.md
Source17: https://raw.githubusercontent.com/containers/shortnames/%{shortnames_branch}/shortnames.conf
Source19: 001-rhel-shortnames-pyxis.conf
Source20: 002-rhel-shortnames-overrides.conf
Source21: RPM-GPG-KEY-redhat-release
Source22: registry.access.redhat.com.yaml
Source23: registry.redhat.io.yaml
#Source24: https://raw.githubusercontent.com/containers/skopeo/%%{skopeo_branch}/default-policy.json
Source24: default-policy.json
Source25: https://raw.githubusercontent.com/containers/skopeo/%{skopeo_branch}/default.yaml
# FIXME: fix the branch once these are available via regular c/common branch
Source26: https://raw.githubusercontent.com/containers/common/main/docs/Containerfile.5.md
Source27: https://raw.githubusercontent.com/containers/common/main/docs/containerignore.5.md
# scripts used for synchronization with upstream and shortname generation
Source100: update.sh
Source101: update-vendored.sh
Source102: pyxis.sh
%global aardvark_dns_version v1.0.1
%global aardvark_dns_branch v1.0.1-rhel
%global aardvark_dns_commit0 95a32bf243b4c96138e84bae2a9426fa0b472338
%global aardvark_dns_shortcommit0 %(c=%{aardvark_dns_commit0}; echo ${c:0:7})
%if 0%{?aardvark_dns_branch:1}
Source200: https://github.com/containers/aardvark-dns/tarball/%{aardvark_dns_commit0}/%{aardvark_dns_branch}-%{aardvark_dns_shortcommit0}.tar.gz
%else
Source200: https://github.com/containers/aardvark-dns/archive/%{aardvark_dns_commit0}/aardvark-dns-%{aardvark_dns_version}-%{aardvark_dns_shortcommit0}.tar.gz
%endif
Source201: https://github.com/containers/aardvark-dns/releases/download/%{aardvark_dns_version}/aardvark-dns-%{aardvark_dns_branch}-vendor.tar.gz
%global netavark_version v1.0.1
%global netavark_branch v1.0.1-rhel
%global netavark_commit0 03e1d60312898d1ab83bfeb044ecda103ac90401
%global netavark_shortcommit0 %(c=%{netavark_commit0}; echo ${c:0:7})
%if 0%{?netavark_branch:1}
Source300: https://github.com/containers/netavark/tarball/%{netavark_commit0}/%{netavark_branch}-%{netavark_shortcommit0}.tar.gz
%else
Source300: https://github.com/containers/netavark/archive/%{netavark_commit0}/netavark-%{netavark_version}-%{netavark_shortcommit0}.tar.gz
%endif
Source301: https://github.com/containers/netavark/releases/download/%{netavark_version}/netavark-1.0.1-rhel-vendor.tar.gz
%description
This package contains common configuration files and documentation for container
tools ecosystem, such as Podman, Buildah and Skopeo.
It is required because the most of configuration files and docs come from projects
which are vendored into Podman, Buildah, Skopeo, etc. but they are not packaged
separately.
%package -n aardvark-dns
Version: 1.0.1
Release: 39%{?dist}
URL: https://github.com/containers/aardvark-dns
Summary: Authoritative DNS server for A/AAAA container records
License: ASL 2.0 and BSD and MIT
BuildRequires: cargo
BuildRequires: git-core
BuildRequires: make
BuildRequires: rust-srpm-macros
BuildRequires: rust-toolset
#ExclusiveArch: %%{rust_arches}
ExclusiveArch: aarch64 ppc64le s390x x86_64
%description -n aardvark-dns
%{summary}
Forwards other request to configured resolvers.
Read more about configuration in `src/backend/mod.rs`.
%package -n netavark
Version: 1.0.1
Release: 39%{?dist}
URL: https://github.com/containers/netavark
Summary: OCI network stack
License: ASL 2.0 and BSD and MIT
BuildRequires: cargo
BuildRequires: make
BuildRequires: rust-srpm-macros
BuildRequires: git-core
BuildRequires: /usr/bin/go-md2man
Recommends: aardvark-dns
Provides: container-network-stack = 2
BuildRequires: rust-toolset
#ExclusiveArch: #%%{rust_arches}
ExclusiveArch: aarch64 ppc64le s390x x86_64
%description -n netavark
%{summary}
Netavark is a rust based network stack for containers. It is being
designed to work with Podman but is also applicable for other OCI
container management applications.
Netavark is a tool for configuring networking for Linux containers.
Its features include:
* Configuration of container networks via JSON configuration file
* Creation and management of required network interfaces,
including MACVLAN networks
* All required firewall configuration to perform NAT and port
forwarding as required for containers
* Support for iptables and firewalld at present, with support
for nftables planned in a future release
* Support for rootless containers
* Support for IPv4 and IPv6
* Support for container DNS resolution via aardvark-dns.
%prep
tar fx %{SOURCE200}
%if 0%{?aardvark_dns_branch:1}
pushd containers-aardvark-dns-%{aardvark_dns_shortcommit0}
%else
pushd aardvark-dns-%{aardvark_dns_commit0}
%endif
tar fx %{SOURCE201}
mkdir -p .cargo
cat >.cargo/config << EOF
[source.crates-io]
replace-with = "vendored-sources"
[source.vendored-sources]
directory = "vendor"
EOF
popd
tar fx %{SOURCE300}
%if 0%{?netavark_branch:1}
pushd containers-netavark-%{netavark_shortcommit0}
%else
pushd netavark-%{netavark_commit0}
%endif
tar fx %{SOURCE301}
mkdir -p .cargo
cat >.cargo/config << EOF
[source.crates-io]
replace-with = "vendored-sources"
[source.vendored-sources]
directory = "vendor"
EOF
popd
%build
%if 0%{?build_rustflags:1}
export RUSTFLAGS="%{build_rustflags}"
%endif
%if 0%{?aardvark_dns_branch:1}
pushd containers-aardvark-dns-%{aardvark_dns_shortcommit0}
%else
pushd aardvark-dns-%{aardvark_dns_commit0}
%endif
%__scm_setup_git -q
%make_build build
popd
%if 0%{?netavark_branch:1}
pushd containers-netavark-%{netavark_shortcommit0}
%else
pushd netavark-%{netavark_commit0}
%endif
%__scm_setup_git -q
%make_build build
pushd docs
go-md2man -in netavark.1.md -out netavark.1
popd
%{__make} DESTDIR=%{buildroot} PREFIX=%{_prefix} install
popd
%install
%if 0%{?aardvark_dns_branch:1}
pushd containers-aardvark-dns-%{aardvark_dns_shortcommit0}
%else
pushd aardvark-dns-%{aardvark_dns_commit0}
%endif
%{__make} DESTDIR=%{buildroot} PREFIX=%{_prefix} install
popd
%if 0%{?netavark_branch:1}
pushd containers-netavark-%{netavark_shortcommit0}
%else
pushd netavark-%{netavark_commit0}
%endif
%{__make} DESTDIR=%{buildroot} PREFIX=%{_prefix} install
popd
install -dp %{buildroot}%{_sysconfdir}/containers/{certs.d,oci/hooks.d,registries.d,registries.conf.d}
install -m0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/containers/storage.conf
install -m0644 %{SOURCE5} %{buildroot}%{_sysconfdir}/containers/registries.conf
install -m0644 %{SOURCE17} %{buildroot}%{_sysconfdir}/containers/registries.conf.d/000-shortnames.conf
install -m0644 %{SOURCE19} %{buildroot}%{_sysconfdir}/containers/registries.conf.d/001-rhel-shortnames.conf
install -m0644 %{SOURCE20} %{buildroot}%{_sysconfdir}/containers/registries.conf.d/002-rhel-shortnames-overrides.conf
# for signature verification
%if !0%{?rhel} || 0%{?centos}
install -dp %{buildroot}%{_sysconfdir}/pki/rpm-gpg
install -m0644 %{SOURCE21} %{buildroot}%{_sysconfdir}/pki/rpm-gpg
%endif
install -dp %{buildroot}%{_sysconfdir}/containers/registries.d
install -m0644 %{SOURCE22} %{buildroot}%{_sysconfdir}/containers/registries.d
install -m0644 %{SOURCE23} %{buildroot}%{_sysconfdir}/containers/registries.d
install -m0644 %{SOURCE24} %{buildroot}%{_sysconfdir}/containers/policy.json
install -dp %{buildroot}%{_sharedstatedir}/containers/sigstore
install -m0644 %{SOURCE25} %{buildroot}%{_sysconfdir}/containers/registries.d/default.yaml
# for containers-common
install -dp %{buildroot}%{_mandir}/man5
go-md2man -in %{SOURCE2} -out %{buildroot}%{_mandir}/man5/containers-storage.conf.5
go-md2man -in %{SOURCE4} -out %{buildroot}%{_mandir}/man5/containers-registries.conf.5
go-md2man -in %{SOURCE6} -out %{buildroot}%{_mandir}/man5/containers-policy.json.5
go-md2man -in %{SOURCE8} -out %{buildroot}%{_mandir}/man5/containers-mounts.conf.5
go-md2man -in %{SOURCE9} -out %{buildroot}%{_mandir}/man5/containers-signature.5
go-md2man -in %{SOURCE10} -out %{buildroot}%{_mandir}/man5/containers-transports.5
go-md2man -in %{SOURCE11} -out %{buildroot}%{_mandir}/man5/containers-certs.d.5
go-md2man -in %{SOURCE12} -out %{buildroot}%{_mandir}/man5/containers-registries.d.5
go-md2man -in %{SOURCE14} -out %{buildroot}%{_mandir}/man5/containers.conf.5
go-md2man -in %{SOURCE15} -out %{buildroot}%{_mandir}/man5/containers-auth.json.5
go-md2man -in %{SOURCE16} -out %{buildroot}%{_mandir}/man5/containers-registries.conf.d.5
go-md2man -in %{SOURCE26} -out %{buildroot}%{_mandir}/man5/Containerfile.5
go-md2man -in %{SOURCE27} -out %{buildroot}%{_mandir}/man5/containerignore.5
install -dp %{buildroot}%{_datadir}/containers
install -m0644 %{SOURCE3} %{buildroot}%{_datadir}/containers/mounts.conf
install -m0644 %{SOURCE7} %{buildroot}%{_datadir}/containers/seccomp.json
install -m0644 %{SOURCE13} %{buildroot}%{_datadir}/containers/containers.conf
# install secrets patch directory
install -d -p -m 755 %{buildroot}/%{_datadir}/rhel/secrets
# rhbz#1110876 - update symlinks for subscription management
ln -s %{_sysconfdir}/pki/entitlement %{buildroot}%{_datadir}/rhel/secrets/etc-pki-entitlement
ln -s %{_sysconfdir}/rhsm %{buildroot}%{_datadir}/rhel/secrets/rhsm
ln -s %{_sysconfdir}/yum.repos.d/redhat.repo %{buildroot}%{_datadir}/rhel/secrets/redhat.repo
# ship preconfigured /etc/containers/registries.d/ files with containers-common - #1903813
cat <<EOF > %{buildroot}%{_sysconfdir}/containers/registries.d/registry.access.redhat.com.yaml
docker:
registry.access.redhat.com:
sigstore: https://access.redhat.com/webassets/docker/content/sigstore
EOF
cat <<EOF > %{buildroot}%{_sysconfdir}/containers/registries.d/registry.redhat.io.yaml
docker:
registry.redhat.io:
sigstore: https://registry.redhat.io/containers/sigstore
EOF
%files
%dir %{_sysconfdir}/containers
%dir %{_sysconfdir}/containers/certs.d
%dir %{_sysconfdir}/containers/registries.d
%{_sysconfdir}/containers/registries.d/registry.redhat.io.yaml
%{_sysconfdir}/containers/registries.d/registry.access.redhat.com.yaml
%dir %{_sysconfdir}/containers/oci
%dir %{_sysconfdir}/containers/oci/hooks.d
%dir %{_sysconfdir}/containers/registries.conf.d
%if !0%{?rhel} || 0%{?centos}
%{_sysconfdir}/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
%endif
%config(noreplace) %{_sysconfdir}/containers/policy.json
%config(noreplace) %{_sysconfdir}/containers/registries.d/default.yaml
%config(noreplace) %{_sysconfdir}/containers/storage.conf
%config(noreplace) %{_sysconfdir}/containers/registries.conf
%config(noreplace) %{_sysconfdir}/containers/registries.conf.d/*.conf
%config(noreplace) %{_sysconfdir}/containers/registries.d/*.yaml
%ghost %{_sysconfdir}/containers/containers.conf
%dir %{_sharedstatedir}/containers/sigstore
%{_mandir}/man5/*
%dir %{_datadir}/containers
%{_datadir}/containers/mounts.conf
%{_datadir}/containers/seccomp.json
%{_datadir}/containers/containers.conf
%dir %{_datadir}/rhel/secrets
%{_datadir}/rhel/secrets/*
%files -n aardvark-dns
%if 0%{?aardvark_dns_branch:1}
%license containers-aardvark-dns-%{aardvark_dns_shortcommit0}/LICENSE
%else
%license aardvark-dns-%{aardvark_dns_commit0}/LICENSE
%endif
%dir %{_libexecdir}/podman
%{_libexecdir}/podman/aardvark-dns
%files -n netavark
%if 0%{?netavark_branch:1}
%license containers-netavark-%{netavark_shortcommit0}/LICENSE
%else
%license netavark-%{netavark_commit0}/LICENSE
%endif
%dir %{_libexecdir}/podman
%{_libexecdir}/podman/netavark
%{_mandir}/man1/netavark.1*
%changelog
* Wed Oct 12 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-39
- use proper vendor tarball for aardvark-dns
- Related: #2133391
* Wed Oct 12 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-38
- revert to latest buildable version
- Related: #2133391
* Tue Oct 11 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-37
- also update aardvark-dns to v1.0.1-rhel branch
- Related: #2133391
* Tue Oct 11 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-36
- fix podman container got global IPv6 address unexpectedly even when macvlan
network is created for pure IPv4 network
- Resolves: #2133391
* Mon Jun 27 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-35
- remove rhel-els and update shortnames
* Thu Jun 16 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-34
- update shortnames
- Related: #2061390
* Wed Jun 15 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-33
- additional fix for unqualified registries
- Related: #2061390
* Wed Jun 15 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-33
- additional fix for unqualified registries
- Related: #2061390
* Wed Jun 15 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-33
- additional fix for unqualified registries
- Related: #2061390
* Wed Jun 15 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-33
- additional fix for unqualified registries
- Related: #2061390
* Mon Jun 13 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-33
- additional fix for unqualified registries
- Related: #2061390
* Thu Jun 09 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-33
- additional fix for unqualified registries
- Related: #2061390
* Tue Jun 07 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-30
- update unqualified registries list
- Related: #2061390
* Mon May 09 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-29
- update aardvark-dns and netavark to 1.0.3
- update vendored components
- Related: #2061390
* Fri May 06 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-28
- add man page sources too
- Related: #2061390
* Wed Apr 27 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-28
- add man page sources too
- Related: #2061390
* Wed Apr 27 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-28
- add man page sources too
- Related: #2061390
* Wed Apr 20 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-27
- add missing man pages from Fedora
- Related: #2061390
* Thu Apr 07 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-26
- allow consuming aardvark-dns and netavark from upstream branch
- Related: #2061390
* Thu Apr 07 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-26
- allow consuming aardvark-dns and netavark from upstream branch
- Related: #2061390
* Wed Apr 06 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-26
- allow consuming aardvark-dns and netavark from upstream branch
- Related: #2061390
* Mon Mar 07 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-10
- update to netavark and aardvark-dns 1.0.1
- Related: #2001445
* Tue Nov 16 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-9
- consume seccomp.json from the oldest vendored version of c/common,
not main branch
- Related: #2001445
* Wed Nov 10 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-8
- update vendored components
- Related: #2001445
* Tue Nov 02 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-7
- make log_driver = "k8s-file" default in containers.conf
- Related: #2001445
* Wed Oct 13 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-6
- sync vendored components
- Related: #2001445
* Wed Sep 29 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-5
- update to the new vendored components
- Related: #2001445
* Fri Sep 24 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-4
- update to the new vendored components
- Related: #2001445
* Fri Sep 10 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-3
- update to the new vendored components
- Related: #2001445
* Wed Aug 11 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-2
- synchronize config files for RHEL-8.5
- Related: #1934415
* Wed Aug 11 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-1
- initial import
- Related: #1934415