# Bellow definitions are used to deliver config files from a particular branch # of c/image, c/common, c/storage vendored in all podman, skopeo, buildah. # These vendored components must have the same version. If it is not the case, # pick the oldest version on c/image, c/common, c/storage vendored in # podman/skopeo/podman. %global skopeo_branch main %global image_branch v5.16.0 %global common_branch v0.44.2 %global storage_branch v1.36.0 %global shortnames_branch main Epoch: 2 Name: containers-common Version: 1 Release: 8%{?dist} Summary: Common configuration and documentation for containers License: ASL 2.0 BuildArch: noarch BuildRequires: go-md2man Provides: skopeo-containers = %{epoch}:%{version}-%{release} Requires: (container-selinux >= 2:2.162.1 if selinux-policy) Requires: oci-runtime %if 0%{?rhel} >= 9 || 0%{?fedora} Requires: crun >= 0.19 %else Requires: runc %endif Requires: system-release Suggests: subscription-manager Recommends: fuse-overlayfs Recommends: slirp4netns Source1: https://raw.githubusercontent.com/containers/storage/%{storage_branch}/storage.conf Source2: https://raw.githubusercontent.com/containers/storage/%{storage_branch}/docs/containers-storage.conf.5.md Source3: mounts.conf Source4: https://raw.githubusercontent.com/containers/image/%{image_branch}/docs/containers-registries.conf.5.md #Source5: https://raw.githubusercontent.com/containers/image/%%{image_branch}/registries.conf Source5: registries.conf Source6: https://raw.githubusercontent.com/containers/image/%{image_branch}/docs/containers-policy.json.5.md Source7: https://raw.githubusercontent.com/containers/common/%{common_branch}/pkg/seccomp/seccomp.json Source8: https://raw.githubusercontent.com/containers/common/%{common_branch}/docs/containers-mounts.conf.5.md Source9: https://raw.githubusercontent.com/containers/image/%{image_branch}/docs/containers-signature.5.md Source10: https://raw.githubusercontent.com/containers/image/%{image_branch}/docs/containers-transports.5.md Source11: https://raw.githubusercontent.com/containers/image/%{image_branch}/docs/containers-certs.d.5.md Source12: https://raw.githubusercontent.com/containers/image/%{image_branch}/docs/containers-registries.d.5.md Source13: https://raw.githubusercontent.com/containers/common/%{common_branch}/pkg/config/containers.conf Source14: https://raw.githubusercontent.com/containers/common/%{common_branch}/docs/containers.conf.5.md Source15: https://raw.githubusercontent.com/containers/image/%{image_branch}/docs/containers-auth.json.5.md Source16: https://raw.githubusercontent.com/containers/image/%{image_branch}/docs/containers-registries.conf.d.5.md Source17: https://raw.githubusercontent.com/containers/shortnames/%{shortnames_branch}/shortnames.conf Source19: 001-rhel-shortnames-pyxis.conf Source20: 002-rhel-shortnames-overrides.conf Source21: RPM-GPG-KEY-redhat-release Source22: registry.access.redhat.com.yaml Source23: registry.redhat.io.yaml #Source24: https://raw.githubusercontent.com/containers/skopeo/%%{skopeo_branch}/default-policy.json Source24: default-policy.json Source25: https://raw.githubusercontent.com/containers/skopeo/%{skopeo_branch}/default.yaml # scripts used for synchronization with upstream and shortname generation Source100: update.sh Source101: update-vendored.sh Source102: pyxis.sh %description This package contains common configuration files and documentation for container tools ecosystem, such as Podman, Buildah and Skopeo. It is required because the most of configuration files and docs come from projects which are vendored into Podman, Buildah, Skopeo, etc. but they are not packaged separately. %prep %build %install install -dp %{buildroot}%{_sysconfdir}/containers/{certs.d,oci/hooks.d,registries.d,registries.conf.d} install -m0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/containers/storage.conf install -m0644 %{SOURCE5} %{buildroot}%{_sysconfdir}/containers/registries.conf install -m0644 %{SOURCE17} %{buildroot}%{_sysconfdir}/containers/registries.conf.d/000-shortnames.conf install -m0644 %{SOURCE19} %{buildroot}%{_sysconfdir}/containers/registries.conf.d/001-rhel-shortnames.conf install -m0644 %{SOURCE20} %{buildroot}%{_sysconfdir}/containers/registries.conf.d/002-rhel-shortnames-overrides.conf # for signature verification %if !0%{?rhel} || 0%{?centos} install -dp %{buildroot}%{_sysconfdir}/pki/rpm-gpg install -m0644 %{SOURCE21} %{buildroot}%{_sysconfdir}/pki/rpm-gpg %endif install -dp %{buildroot}%{_sysconfdir}/containers/registries.d install -m0644 %{SOURCE22} %{buildroot}%{_sysconfdir}/containers/registries.d install -m0644 %{SOURCE23} %{buildroot}%{_sysconfdir}/containers/registries.d install -m0644 %{SOURCE24} %{buildroot}%{_sysconfdir}/containers/policy.json install -dp %{buildroot}%{_sharedstatedir}/containers/sigstore install -m0644 %{SOURCE25} %{buildroot}%{_sysconfdir}/containers/registries.d/default.yaml # for containers-common install -dp %{buildroot}%{_mandir}/man5 go-md2man -in %{SOURCE2} -out %{buildroot}%{_mandir}/man5/containers-storage.conf.5 go-md2man -in %{SOURCE4} -out %{buildroot}%{_mandir}/man5/containers-registries.conf.5 go-md2man -in %{SOURCE6} -out %{buildroot}%{_mandir}/man5/containers-policy.json.5 go-md2man -in %{SOURCE8} -out %{buildroot}%{_mandir}/man5/containers-mounts.conf.5 go-md2man -in %{SOURCE9} -out %{buildroot}%{_mandir}/man5/containers-signature.5 go-md2man -in %{SOURCE10} -out %{buildroot}%{_mandir}/man5/containers-transports.5 go-md2man -in %{SOURCE11} -out %{buildroot}%{_mandir}/man5/containers-certs.d.5 go-md2man -in %{SOURCE12} -out %{buildroot}%{_mandir}/man5/containers-registries.d.5 go-md2man -in %{SOURCE14} -out %{buildroot}%{_mandir}/man5/containers.conf.5 go-md2man -in %{SOURCE15} -out %{buildroot}%{_mandir}/man5/containers-auth.json.5 go-md2man -in %{SOURCE16} -out %{buildroot}%{_mandir}/man5/containers-registries.conf.d.5 install -dp %{buildroot}%{_datadir}/containers install -m0644 %{SOURCE3} %{buildroot}%{_datadir}/containers/mounts.conf install -m0644 %{SOURCE7} %{buildroot}%{_datadir}/containers/seccomp.json install -m0644 %{SOURCE13} %{buildroot}%{_datadir}/containers/containers.conf # install secrets patch directory install -d -p -m 755 %{buildroot}/%{_datadir}/rhel/secrets # rhbz#1110876 - update symlinks for subscription management ln -s %{_sysconfdir}/pki/entitlement %{buildroot}%{_datadir}/rhel/secrets/etc-pki-entitlement ln -s %{_sysconfdir}/rhsm %{buildroot}%{_datadir}/rhel/secrets/rhsm ln -s %{_sysconfdir}/yum.repos.d/redhat.repo %{buildroot}%{_datadir}/rhel/secrets/redhat.repo # ship preconfigured /etc/containers/registries.d/ files with containers-common - #1903813 cat < %{buildroot}%{_sysconfdir}/containers/registries.d/registry.access.redhat.com.yaml docker: registry.access.redhat.com: sigstore: https://access.redhat.com/webassets/docker/content/sigstore EOF cat < %{buildroot}%{_sysconfdir}/containers/registries.d/registry.redhat.io.yaml docker: registry.redhat.io: sigstore: https://registry.redhat.io/containers/sigstore EOF %files %dir %{_sysconfdir}/containers %dir %{_sysconfdir}/containers/certs.d %dir %{_sysconfdir}/containers/registries.d %{_sysconfdir}/containers/registries.d/registry.redhat.io.yaml %{_sysconfdir}/containers/registries.d/registry.access.redhat.com.yaml %dir %{_sysconfdir}/containers/oci %dir %{_sysconfdir}/containers/oci/hooks.d %dir %{_sysconfdir}/containers/registries.conf.d %if !0%{?rhel} || 0%{?centos} %{_sysconfdir}/pki/rpm-gpg/RPM-GPG-KEY-redhat-release %endif %config(noreplace) %{_sysconfdir}/containers/policy.json %config(noreplace) %{_sysconfdir}/containers/registries.d/default.yaml %config(noreplace) %{_sysconfdir}/containers/storage.conf %config(noreplace) %{_sysconfdir}/containers/registries.conf %config(noreplace) %{_sysconfdir}/containers/registries.conf.d/*.conf %config(noreplace) %{_sysconfdir}/containers/registries.d/*.yaml %ghost %{_sysconfdir}/containers/containers.conf %dir %{_sharedstatedir}/containers/sigstore %{_mandir}/man5/* %dir %{_datadir}/containers %{_datadir}/containers/mounts.conf %{_datadir}/containers/seccomp.json %{_datadir}/containers/containers.conf %dir %{_datadir}/rhel/secrets %{_datadir}/rhel/secrets/* %changelog * Mon Jan 17 2022 Jindrich Novy - 2:1-8 - do not allow broken content from Pyxis to land in shortnames.conf - Related: #2021990 * Mon Jan 17 2022 Jindrich Novy - 2:1-7 - update shortnames from Pyxis - Related: #2021990 * Thu Dec 09 2021 Jindrich Novy - 2:1-6 - do not allow broken content from Pyxis to land in shortnames.conf - Related: #2021990 * Wed Dec 08 2021 Jindrich Novy - 2:1-5 - sync vendored components - update shortnames from Pyxis - Related: #2021990 * Tue Nov 16 2021 Jindrich Novy - 2:1-4 - consume seccomp.json from the oldest vendored version of c/common, not main branch - Related: #2021990 * Wed Nov 10 2021 Jindrich Novy - 2:1-3 - update vendored components - Related: #2001445 * Wed Aug 11 2021 Jindrich Novy - 2:1-2 - synchronize config files for RHEL-8.5 - Related: #1934415 * Wed Aug 11 2021 Jindrich Novy - 2:1-1 - initial import - Related: #1934415