2024-07-29 08:52:48 +00:00
|
|
|
#!/bin/bash
|
|
|
|
# This script delivers current documentation/configs and assures it has the intended
|
|
|
|
# settings for a particular branch/release.
|
|
|
|
# For questions reach to Jindrich Novy <jnovy@redhat.com>
|
2024-01-05 10:42:55 +00:00
|
|
|
|
2024-07-29 08:52:48 +00:00
|
|
|
ensure() {
|
|
|
|
if grep ^$2[[:blank:]].*= $1 > /dev/null
|
|
|
|
then
|
|
|
|
sed -i "s;^$2[[:blank:]]=.*;$2 = $3;" $1
|
|
|
|
else
|
|
|
|
if grep ^\#.*$2[[:blank:]].*= $1 > /dev/null
|
|
|
|
then
|
|
|
|
sed -i "/^#.*$2[[:blank:]].*=/a \
|
|
|
|
$2 = $3" $1
|
|
|
|
else
|
|
|
|
echo "$2 = $3" >> $1
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
}
|
2021-01-20 20:16:15 +00:00
|
|
|
|
2024-07-29 08:52:48 +00:00
|
|
|
#./pyxis.sh
|
|
|
|
#./update-vendored.sh
|
|
|
|
spectool -f -g containers-common.spec
|
|
|
|
for FILE in *; do
|
|
|
|
[ -s "$FILE" ]
|
|
|
|
if [ $? == 1 ] && [ "$FILE" != "sources" ]; then
|
|
|
|
echo "empty file: $FILE"
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
done
|
|
|
|
ensure storage.conf driver \"overlay\"
|
|
|
|
ensure storage.conf mountopt \"nodev,metacopy=on\"
|
2024-09-05 09:39:49 +00:00
|
|
|
ensure registries.conf unqualified-search-registries [\"registry.access.redhat.com\",\ \"registry.redhat.io\",\ \"docker.io\"]
|
|
|
|
|
|
|
|
if pwd | grep -e rhel-8 -e c8s > /dev/null
|
2024-07-29 08:52:48 +00:00
|
|
|
then
|
|
|
|
awk -i inplace '/#default_capabilities/,/#\]/{gsub("#","",$0)}1' containers.conf
|
|
|
|
ensure registries.conf short-name-mode \"permissive\"
|
|
|
|
ensure containers.conf runtime \"runc\"
|
|
|
|
ensure containers.conf events_logger \"file\"
|
|
|
|
ensure containers.conf log_driver \"k8s-file\"
|
|
|
|
ensure containers.conf network_backend \"cni\"
|
|
|
|
if ! grep \"NET_RAW\" containers.conf > /dev/null
|
|
|
|
then
|
|
|
|
sed -i '/^default_capabilities/a \
|
|
|
|
"NET_RAW",' containers.conf
|
2024-01-05 10:42:55 +00:00
|
|
|
fi
|
2024-07-29 08:52:48 +00:00
|
|
|
if ! grep \"SYS_CHROOT\" containers.conf > /dev/null
|
|
|
|
then
|
|
|
|
sed -i '/^default_capabilities/a \
|
|
|
|
"SYS_CHROOT",' containers.conf
|
2021-02-18 15:19:40 +00:00
|
|
|
fi
|
2024-09-05 09:39:49 +00:00
|
|
|
|
|
|
|
elif pwd | grep -e rhel-9 -e c9s > /dev/null
|
|
|
|
then
|
2024-07-29 08:52:48 +00:00
|
|
|
ensure registries.conf short-name-mode \"enforcing\"
|
|
|
|
ensure containers.conf runtime \"crun\"
|
2024-09-05 09:39:49 +00:00
|
|
|
|
|
|
|
elif pwd | grep -e rhel-10 -e c10s > /dev/null
|
|
|
|
then
|
|
|
|
ensure registries.conf short-name-mode \"enforcing\"
|
|
|
|
ensure containers.conf runtime \"crun\"
|
|
|
|
ensure containers.conf log_driver \"file\"
|
|
|
|
else
|
|
|
|
echo "Unknown release"
|
2024-07-29 08:52:48 +00:00
|
|
|
fi
|
2024-09-05 09:39:49 +00:00
|
|
|
|
2024-07-29 08:52:48 +00:00
|
|
|
[ `grep \"keyctl\", seccomp.json | wc -l` == 0 ] && sed -i '/\"kill\",/i \
|
|
|
|
"keyctl",' seccomp.json
|
|
|
|
[ `grep \"socket\", seccomp.json | wc -l` == 0 ] && sed -i '/\"socketcall\",/i \
|
|
|
|
"socket",' seccomp.json
|