containers-common-1-93.el9

- update vendored components - Resolves: RHEL-69402 Signed-off-by: Jindrich Novy <jnovy@redhat.com>
2024-11-28 01:59:29 +01:00 · 2024-11-28 01:59:29 +01:00 · 04400f45d9
commit 04400f45d9
parent 556dc2220d
8 changed files with 198 additions and 100 deletions
--- a/containers-common.spec
+++ b/containers-common.spec
@ -4,15 +4,15 @@
 # pick the oldest version on c/image, c/common, c/storage vendored in
 # podman/skopeo/podman.
 %global skopeo_branch main
-%global image_branch v5.32.2
-%global common_branch v0.60.2
-%global storage_branch v1.55.0
+%global image_branch v5.33.0
+%global common_branch v0.61.0
+%global storage_branch v1.56.0
 %global shortnames_branch main

 Epoch: 2
 Name: containers-common
 Version: 1
-Release: 92%{?dist}
+Release: 93%{?dist}
 Summary: Common configuration and documentation for containers
 License: ASL 2.0
 ExclusiveArch: %{go_arches}
@ -173,6 +173,10 @@ EOF
 %{_datadir}/rhel/secrets/*

 %changelog
+* Thu Nov 28 2024 Jindrich Novy <jnovy@redhat.com> - 2:1-93
+- update vendored components
+- Resolves: RHEL-69402
+
 * Tue Aug 27 2024 Jindrich Novy <jnovy@redhat.com> - 2:1-92
 - update vendored components
 - Related: RHEL-27608
--- a/containers-storage.conf.5.md
+++ b/containers-storage.conf.5.md
@ -71,7 +71,7 @@ Default directory to store all temporary writable content created by container s
 By default, the storage driver is set via the `driver` option. If it is not defined, then the best driver will be picked according to the current platform. This option allows you to override this internal priority list with a custom one to prefer certain drivers.
 Setting this option only has an effect if the local storage has not been initialized yet and the driver name is not set.

-**transient_store** = "false" | "true"
+**transient_store** = "false"|"true"

 Transient store mode makes all container metadata be saved in temporary storage
 (i.e. runroot above). This is faster, but doesn't persist across reboots.
@ -84,33 +84,6 @@ The `storage.options` table supports the following options:
 **additionalimagestores**=[]
  Paths to additional container image stores. Usually these are read/only and stored on remote network shares.

-**pull_options** = {enable_partial_images = "true", use_hard_links = "false", ostree_repos=""}
-
-Allows specification of how storage is populated when pulling images. This
-option can speed the pulling process of images compressed with format zstd:chunked. Containers/storage looks
-for files within images that are being pulled from a container registry that
-were previously pulled to the host.  It can copy or create
-a hard link to the existing file when it finds them, eliminating the need to pull them from the
-container registry. These options can deduplicate pulling of content, disk
-storage of content and can allow the kernel to use less memory when running
-containers.
-
-containers/storage supports four keys
-  * enable_partial_images="true" | "false"
-    Tells containers/storage to look for files previously pulled in storage
-    rather then always pulling them from the container registry.
-  * use_hard_links = "false" | "true"
-    Tells containers/storage to use hard links rather then create new files in
-    the image, if an identical file already existed in storage.
-  * ostree_repos = ""
-    Tells containers/storage where an ostree repository exists that might have
-    previously pulled content which can be used when attempting to avoid
-    pulling content from the container registry
-  * convert_images = "false" | "true"
-    If set to true, containers/storage will convert images to a format compatible with
-    partial pulls in order to take advantage of local deduplication and hardlinking.  It is an
-    expensive operation so it is not enabled by default.
-
 **root-auto-userns-user**=""
  Root-auto-userns-user is a user name which can be used to look up one or more UID/GID ranges in the /etc/subuid and /etc/subgid file.  These ranges will be partitioned to containers configured to create automatically a user namespace.  Containers configured to automatically create a user namespace can still overlap with containers having an explicit mapping set.  This setting is ignored when running as rootless.

@ -123,6 +96,34 @@ containers/storage supports four keys
 **disable-volatile**=true
  If disable-volatile is set, then the "volatile" mount optimization is disabled for all the containers.

+### STORAGE PULL OPTIONS TABLE
+
+The `storage.options.pull_options` table supports the following keys:
+
+**enable_partial_images="true"|"false"**
+  Enable the "zstd:chunked" feature, which allows partial pulls, reusing
+  content that already exists on the system. This is disabled by default,
+  and must be explicitly enabled to be used. For more on zstd:chunked, see
+  <https://github.com/containers/storage/blob/main/docs/containers-storage-zstd-chunked.md>.
+  This is a "string bool": "false"|"true" (cannot be native TOML boolean)
+
+**use_hard_links="false"|"true"**
+  Tells containers/storage to use hard links rather then create new files in
+  the image, if an identical file already existed in storage.
+  This is a "string bool": "false"|"true" (cannot be native TOML boolean)
+
+**ostree_repos=""**
+  Path to an ostree repository that might have
+  previously pulled content which can be used when attempting to avoid
+  pulling content from the container registry.
+
+**convert_images="false"|"true"**
+  If set to "true", containers/storage will convert images that are
+  not already in zstd:chunked format to that format before processing
+  in order to take advantage of local deduplication and hard linking.
+  It is an expensive operation so it is not enabled by default.
+  This is a "string bool": "false"|"true" (cannot be native TOML boolean)
+
 ### STORAGE OPTIONS FOR AUFS TABLE

 The `storage.options.aufs` table supports the following options:
@ -145,7 +146,8 @@ The `storage.options.btrfs` table supports the following options:
 The `storage.options.overlay` table supports the following options:

 **ignore_chown_errors** = "false"
-  ignore_chown_errors can be set to allow a non privileged user running with a  single UID within a user namespace to run containers. The user can pull and use any image even those with multiple uids.  Note multiple UIDs will be squashed down to the default uid in the container.  These images will have no separation between the users in the container. (default: false)
+  ignore_chown_errors can be set to allow a non privileged user running with a  single UID within a user namespace to run containers. The user can pull and use any image even those with multiple uids.  Note multiple UIDs will be squashed down to the default uid in the container.  These images will have no separation between the users in the container. (default: "false")
+  This is a "string bool": "false"|"true" (cannot be native TOML boolean)

 **inodes**=""
  Maximum inodes in a read/write layer.   This flag can be used to set a quota on the inodes allocated for a read/write layer of a container.
@ -194,21 +196,26 @@ based file systems.
 **mountopt**=""
  Comma separated list of default options to be used to mount container images.  Suggested value "nodev". Mount options are documented in the mount(8) man page.

-**skip_mount_home=""**
+**skip_mount_home="false"**
  Tell storage drivers to not create a PRIVATE bind mount on their home directory.
+  This is a "string bool": "false"|"true" (cannot be native TOML boolean)

 **size**=""
  Maximum size of a read/write layer.   This flag can be used to set quota on the size of a read/write layer of a container. (format: <number>[<unit>], where unit = b (bytes), k (kilobytes), m (megabytes), or g (gigabytes))

 **use_composefs** = "false"
-    Use ComposeFS to mount the data layers image.  ComposeFS support is experimental and not recommended for production use.  (default: false)
+    Use ComposeFS to mount the data layers image.  ComposeFS support is experimental and not recommended for production use.
+    This is a "string bool": "false"|"true" (cannot be native TOML boolean)
+

 ### STORAGE OPTIONS FOR VFS TABLE

 The `storage.options.vfs` table supports the following options:

 **ignore_chown_errors** = "false"
-  ignore_chown_errors can be set to allow a non privileged user running with a  single UID within a user namespace to run containers. The user can pull and use any image even those with multiple uids.  Note multiple UIDs will be squashed down to the default uid in the container.  These images will have no separation between the users in the container. (default: false)
+  ignore_chown_errors can be set to allow a non privileged user running with a  single UID within a user namespace to run containers. The user can pull and use any image even those with multiple uids.  Note multiple UIDs will be squashed down to the default uid in the container.  These images will have no separation between the users in the container.
+  This is a "string bool": "false"|"true" (cannot be native TOML boolean)
+

 ### STORAGE OPTIONS FOR ZFS TABLE

--- a/containers.conf
+++ b/containers.conf
@ -27,16 +27,19 @@
 #
 #apparmor_profile = "container-default"

-# The hosts entries from the base hosts file are added to the containers hosts
-# file. This must be either an absolute path or as special values "image" which
-# uses the hosts file from the container image or "none" which means
-# no base hosts file is used. The default is "" which will use /etc/hosts.
+# Base file to create the `/etc/hosts` file inside the container. This must either
+# be an absolute path to a file on the host system, or one of the following
+# special flags:
+# ""      Use the host's `/etc/hosts` file (the default)
+# `none`  Do not use a base file (i.e. start with an empty file)
+# `image` Use the container image's `/etc/hosts` file as base file
 #
 #base_hosts_file = ""

 # List of cgroup_conf entries specifying a list of cgroup files to write to and
 # their values. For example `memory.high=1073741824` sets the
 # memory.high limit to 1GB.
+#
 # cgroup_conf = []

 # Default way to to create a cgroup namespace for the container
@ -126,13 +129,25 @@ default_sysctls = [
 #
 #env_host = false

-# Set the ip for the host.containers.internal entry in the containers /etc/hosts
-# file. This can be set to "none" to disable adding this entry. By default it
-# will automatically choose the host ip.
+# Set the IP address the container should expect to connect to the host. The IP
+# address is used by Podman to automatically add the `host.containers.internal`
+# and `host.docker.internal` hostnames to the container's `/etc/hosts` file. It
+# is also used for the *host-gateway* flag of Podman's `--add-host` CLI option.
+# If no IP address is configured (the default), Podman will try to determine it
+# automatically, but might fail to do so depending on the container's network
+# setup. Adding these internal hostnames to `/etc/hosts` is silently skipped then.
+# Set this config to `none` to never add the internal hostnames to `/etc/hosts`.
 #
-# NOTE: When using podman machine this entry will never be added to the containers
-# hosts file instead the gvproxy dns resolver will resolve this hostname. Therefore
-# it is not possible to disable the entry in this case.
+# Note: If Podman is running in a virtual machine using `podman machine` (this
+# includes Mac and Windows hosts), Podman will silently skip adding the internal
+# hostnames to `/etc/hosts`, unless an IP address was configured manually. The
+# internal hostnames are resolved by the gvproxy DNS resolver instead. This config
+# has no effect on gvproxy. However, since `/etc/hosts` bypasses the DNS resolver,
+# a manually configured IP address still takes precedence.
+#
+# Note: This config doesn't affect the actual network setup, it just tells Podman
+# the IP address it should expect. Configuring an IP address here doesn't ensure
+# that the container can actually reach the host using this IP address.
 #
 #host_containers_internal_ip = ""

@ -221,8 +236,10 @@ default_sysctls = [
 #
 #netns = "private"

-# Create /etc/hosts for the container.  By default, container engine manage
-# /etc/hosts, automatically adding  the container's  own  IP  address.
+# Do not modify the `/etc/hosts` file in the container. Podman assumes control
+# over the container's `/etc/hosts` file by default; refer to the `--add-host`
+# CLI option for details. To disable this, either set this config to `true`, or
+# use the functionally identical `--no-hosts` CLI option.
 #
 #no_hosts = false

@ -416,6 +433,8 @@ default_sysctls = [
 #List of compression algorithms. If set makes sure that requested compression variant
 #for each platform is added to the manifest list keeping original instance intact in
 #the same manifest list on every `manifest push`. Supported values are (`gzip`, `zstd` and `zstd:chunked`).
+#`zstd:chunked` is incompatible with encrypting images, and will be treated as `zstd` with a warning
+#in that case.
 #
 #add_compression = ["gzip", "zstd", "zstd:chunked"]

@ -438,6 +457,8 @@ default_sysctls = [
 # This field is ignored when pushing images to the docker-daemon and
 # docker-archive formats. It is also ignored when the manifest format is set
 # to v2s2.
+# `zstd:chunked` is incompatible with encrypting images, and will be treated as `zstd` with a warning
+# in that case.
 #
 #compression_format = "gzip"

@ -866,7 +887,15 @@ runtime = "crun"

 # Virtualization provider used to run Podman machine.
 # If it is empty or commented out, the default provider will be used.
-#
+# Linux:
+#    qemu    - Open source machine emulator and virtualizer. (Default)
+# Windows: there are currently two options:
+#    wsl     - Windows Subsystem for Linux (Default) 
+#    hyperv  - Windows Server Virtualization
+# Mac: there are currently two options:
+#    applehv - Default Apple Hypervisor (Default)
+#    libkrun - Launch virtual machines using the libkrun platform, optimized
+#              for sharing GPU with the machine.
 #provider = ""

 # Rosetta supports running x86_64 Linux binaries on a Podman machine on Apple silicon.
--- a/containers.conf.5.md
+++ b/containers.conf.5.md
@ -96,10 +96,12 @@ The default profile name is "container-default".

 **base_hosts_file**=""

-The hosts entries from the base hosts file are added to the containers hosts
-file. This must be either an absolute path or as special values "image" which
-uses the hosts file from the container image or "none" which means
-no base hosts file is used. The default is "" which will use /etc/hosts.
+Base file to create the `/etc/hosts` file inside the container. This must either
+be an absolute path to a file on the host system, or one of the following
+special flags:
+  ""      Use the host's `/etc/hosts` file (the default)
+  `none`  Do not use a base file (i.e. start with an empty file)
+  `image` Use the container image's `/etc/hosts` file as base file

 **cgroup_conf**=[]

@ -195,13 +197,25 @@ Pass all host environment variables into the container.

 **host_containers_internal_ip**=""

-Set the ip for the host.containers.internal entry in the containers /etc/hosts
-file. This can be set to "none" to disable adding this entry. By default it
-will automatically choose the host ip.
+Set the IP address the container should expect to connect to the host. The IP
+address is used by Podman to automatically add the `host.containers.internal`
+and `host.docker.internal` hostnames to the container's `/etc/hosts` file. It
+is also used for the *host-gateway* flag of Podman's `--add-host` CLI option.
+If no IP address is configured (the default), Podman will try to determine it
+automatically, but might fail to do so depending on the container's network
+setup. Adding these internal hostnames to `/etc/hosts` is silently skipped then.
+Set this config to `none` to never add the internal hostnames to `/etc/hosts`.

-NOTE: When using podman machine this entry will never be added to the containers
-hosts file instead the gvproxy dns resolver will resolve this hostname. Therefore
-it is not possible to disable the entry in this case.
+Note: If Podman is running in a virtual machine using `podman machine` (this
+includes Mac and Windows hosts), Podman will silently skip adding the internal
+hostnames to `/etc/hosts`, unless an IP address was configured manually. The
+internal hostnames are resolved by the gvproxy DNS resolver instead. This config
+has no effect on gvproxy. However, since `/etc/hosts` bypasses the DNS resolver,
+a manually configured IP address still takes precedence.
+
+Note: This config doesn't affect the actual network setup, it just tells Podman
+the IP address it should expect. Configuring an IP address here doesn't ensure
+that the container can actually reach the host using this IP address.

 **http_proxy**=true

@ -290,8 +304,10 @@ Options are:

 **no_hosts**=false

-Create /etc/hosts for the container. By default, container engines manage
-/etc/hosts, automatically adding  the container's  own  IP  address.
+Do not modify the `/etc/hosts` file in the container. Podman assumes control
+over the container's `/etc/hosts` file by default; refer to the `--add-host`
+CLI option for details. To disable this, either set this config to `true`, or
+use the functionally identical `--no-hosts` CLI option.

 **oom_score_adj**=0

@ -486,6 +502,9 @@ Name of destination for accessing the Podman service. See SERVICE DESTINATION TA
 List of compression algorithms. If set makes sure that requested compression variant
 for each platform is added to the manifest list keeping original instance intact in
 the same manifest list on every `manifest push`. Supported values are (`gzip`, `zstd` and `zstd:chunked`).
+`zstd:chunked` is incompatible with encrypting images, and will be treated as `zstd` with a warning
+in that case.
+

 Note: This is different from `compression_format` which allows users to select a default
 compression format for `push` and `manifest push`, while `add_compression` is limited to
@ -593,7 +612,7 @@ The default method is different based on the platform that
 Podman is being run upon.  To determine the current value,
 use this command:

-`podman info --format {{.Host.EventLogger}`
+`podman info --format {{.Host.EventLogger}}`

 Valid values are: `file`, `journald`, and `none`.

@ -855,6 +874,8 @@ Specifies the compression format to use when pushing an image. Supported values
 are: `gzip`, `zstd` and `zstd:chunked`. This field is ignored when pushing
 images to the docker-daemon and docker-archive formats. It is also ignored
 when the manifest format is set to v2s2.
+`zstd:chunked` is incompatible with encrypting images, and will be treated as `zstd` with a warning
+in that case.

 **compression_level**="5"

@ -950,8 +971,14 @@ On Mac, the default volumes are:
 **provider**=""

 Virtualization provider to be used for running a podman-machine VM. Empty value
-is interpreted as the default provider for the current host OS. On Linux/Mac
-default is `QEMU` and on Windows it is `WSL`.
+is interpreted as the default provider for the current host OS.
+
+| Platform | Default Virtualization provider         | Optional |
+| -------- | --------------------------------------- | -------- |
+| Linux    | "" (qemu)                               | None     |
+| Windows  | "" ("wsl": Windows Subsystem for Linux) | "hyperv" (Windows Server Virtualization) |
+| Mac      | "" ("applehv": Apple Hypervisor)        | "libkrun" (Launch machine via libkrun platform, optimized for sharing GPU with the machine) |
+

 **rosetta**="true"

--- a/shortnames.conf
+++ b/shortnames.conf
@ -38,6 +38,21 @@
  "leap-dnf" = "registry.opensuse.org/opensuse/leap-dnf"
  "leap-microdnf" = "registry.opensuse.org/opensuse/leap-microdnf"
  "tw-busybox" = "registry.opensuse.org/opensuse/busybox"
+  # OTel (Open Telemetry) - opentelemetry.io
+  "otel/autoinstrumentation-go" = "docker.io/otel/autoinstrumentation-go"
+  "otel/autoinstrumentation-nodejs" = "docker.io/otel/autoinstrumentation-nodejs"
+  "otel/autoinstrumentation-python" = "docker.io/otel/autoinstrumentation-python"
+  "otel/autoinstrumentation-java" = "docker.io/otel/autoinstrumentation-java"
+  "otel/autoinstrumentation-dotnet" = "docker.io/otel/autoinstrumentation-dotnet"
+  "otel/opentelemetry-collector" = "docker.io/otel/opentelemetry-collector"
+  "otel/opentelemetry-collector-contrib" = "docker.io/otel/opentelemetry-collector-contrib"
+  "otel/opentelemetry-collector-contrib-dev" = "docker.io/otel/opentelemetry-collector-contrib-dev"
+  "otel/opentelemetry-collector-k8s" = "docker.io/otel/opentelemetry-collector-k8s"
+  "otel/opentelemetry-operator" = "docker.io/otel/opentelemetry-operator"
+  "otel/opentelemetry-operator-bundle" = "docker.io/otel/opentelemetry-operator-bundle"
+  "otel/operator-opamp-bridge" = "docker.io/otel/operator-opamp-bridge"
+  "otel/semconvgen" = "docker.io/otel/semconvgen"
+  "otel/weaver" = "docker.io/otel/weaver"
  # SUSE
  "suse/sle15" = "registry.suse.com/suse/sle15"
  "suse/sles12sp5" = "registry.suse.com/suse/sles12sp5"
--- a/storage.conf
+++ b/storage.conf
@ -8,12 +8,12 @@
 #      /usr/containers/storage.conf
 #      /etc/containers/storage.conf
 #      $HOME/.config/containers/storage.conf
-#      $XDG_CONFIG_HOME/containers/storage.conf (If XDG_CONFIG_HOME is set)
+#      $XDG_CONFIG_HOME/containers/storage.conf (if XDG_CONFIG_HOME is set)
 # See man 5 containers-storage.conf for more information
-# The "container storage" table contains all of the server options.
+# The "storage" table contains all of the server options.
 [storage]

-# Default Storage Driver, Must be set for proper operation.
+# Default storage driver, must be set for proper operation.
 driver = "overlay"

 # Temporary storage location
@ -24,8 +24,8 @@ runroot = "/run/containers/storage"
 # driver_priority = ["overlay", "btrfs"]

 # Primary Read/Write location of container storage
-# When changing the graphroot location on an SELINUX system, you must
-# ensure  the labeling matches the default locations labels with the
+# When changing the graphroot location on an SELinux system, you must
+# ensure the labeling matches the default location's labels with the
 # following commands:
 # semanage fcontext -a -e /var/lib/containers/storage /NEWSTORAGEPATH
 # restorecon -R -v /NEWSTORAGEPATH
@ -54,32 +54,31 @@ graphroot = "/var/lib/containers/storage"
 additionalimagestores = [
 ]

-# Allows specification of how storage is populated when pulling images. This
-# option can speed the pulling process of images compressed with format
-# zstd:chunked. Containers/storage looks for files within images that are being
-# pulled from a container registry that were previously pulled to the host.  It
-# can copy or create a hard link to the existing file when it finds them,
-# eliminating the need to pull them from the container registry. These options
-# can deduplicate pulling of content, disk storage of content and can allow the
-# kernel to use less memory when running containers.
+# Options controlling how storage is populated when pulling images.
+[storage.options.pull_options]
+# Enable the "zstd:chunked" feature, which allows partial pulls, reusing
+# content that already exists on the system. This is disabled by default,
+# and must be explicitly enabled to be used. For more on zstd:chunked, see
+# https://github.com/containers/storage/blob/main/docs/containers-storage-zstd-chunked.md
+# This is a "string bool": "false" | "true" (cannot be native TOML boolean)
+# enable_partial_images = "false"

-# containers/storage supports four keys
-#   * enable_partial_images="true" | "false"
-#     Tells containers/storage to look for files previously pulled in storage
-#     rather then always pulling them from the container registry.
-#   * use_hard_links = "false" | "true"
-#     Tells containers/storage to use hard links rather then create new files in
-#     the image, if an identical file already existed in storage.
-#   * ostree_repos = ""
-#     Tells containers/storage where an ostree repository exists that might have
-#     previously pulled content which can be used when attempting to avoid
-#     pulling content from the container registry
-#   * convert_images = "false" | "true"
-#     If set to true, containers/storage will convert images to a
-#     format compatible with partial pulls in order to take advantage
-#     of local deduplication and hard linking.  It is an expensive
-#     operation so it is not enabled by default.
-pull_options = {enable_partial_images = "true", use_hard_links = "false", ostree_repos=""}
+# Tells containers/storage to use hard links rather then create new files in
+# the image, if an identical file already existed in storage.
+# This is a "string bool": "false" | "true" (cannot be native TOML boolean)
+# use_hard_links = "false"
+
+# Path to an ostree repository that might have
+# previously pulled content which can be used when attempting to avoid
+# pulling content from the container registry.
+# ostree_repos=""
+
+# If set to "true", containers/storage will convert images that are
+# not already in zstd:chunked format to that format before processing
+# in order to take advantage of local deduplication and hard linking.
+# It is an expensive operation so it is not enabled by default.
+# This is a "string bool": "false" | "true" (cannot be native TOML boolean)
+# convert_images = "false"

 # Root-auto-userns-user is a user name which can be used to look up one or more UID/GID
 # ranges in the /etc/subuid and /etc/subgid file.  These ranges will be partitioned
@ -102,6 +101,7 @@ pull_options = {enable_partial_images = "true", use_hard_links = "false", ostree
 # squashed down to the default uid in the container.  These images will have no
 # separation between the users in the container. Only supported for the overlay
 # and vfs drivers.
+# This is a "string bool": "false" | "true" (cannot be native TOML boolean)
 #ignore_chown_errors = "false"

 # Inodes is used to set a maximum inodes of the container image.
@ -115,9 +115,11 @@ pull_options = {enable_partial_images = "true", use_hard_links = "false", ostree
 mountopt = "nodev,metacopy=on"

 # Set to skip a PRIVATE bind mount on the storage home directory.
+# This is a "string bool": "false" | "true" (cannot be native TOML boolean)
 # skip_mount_home = "false"

 # Set to use composefs to mount data layers with overlay.
+# This is a "string bool": "false" | "true" (cannot be native TOML boolean)
 # use_composefs = "false"

 # Size is used to set a maximum size of the container image.
--- a/update-vendored.sh
+++ b/update-vendored.sh
@ -25,6 +25,9 @@ for P in podman skopeo buildah; do
  fi
  rm -rf *SPECPARTS
  DIR=`ls -d -- */ | grep "$P"`
+  if [[ $DIR == *-build/ ]]; then
+    DIR=`ls -d $DIR/* | grep -v SPECPARTS`
+  fi
  grep github.com/containers/image $DIR/go.mod | cut -d\  -f2 | sed 's,-.*,,'>> /tmp/ver_image
  grep github.com/containers/common $DIR/go.mod | cut -d\  -f2 | sed 's,-.*,,' >> /tmp/ver_common
  grep github.com/containers/storage $DIR/go.mod | cut -d\  -f2 | sed 's,-.*,,' >> /tmp/ver_storage
--- a/update.sh
+++ b/update.sh
@ -30,10 +30,11 @@ for FILE in *; do
 done
 ensure storage.conf    driver                        \"overlay\"
 ensure storage.conf    mountopt                      \"nodev,metacopy=on\"
-if pwd | grep rhel-8 > /dev/null
+ensure registries.conf unqualified-search-registries [\"registry.access.redhat.com\",\ \"registry.redhat.io\",\ \"docker.io\"]
+
+if pwd | grep -e rhel-8 -e c8s > /dev/null
 then
 awk -i inplace '/#default_capabilities/,/#\]/{gsub("#","",$0)}1' containers.conf
-ensure registries.conf unqualified-search-registries [\"registry.access.redhat.com\",\ \"registry.redhat.io\",\ \"docker.io\"]
 ensure registries.conf short-name-mode               \"permissive\"
 ensure containers.conf runtime                       \"runc\"
 ensure containers.conf events_logger                 \"file\"
@ -49,19 +50,29 @@ then
  sed -i '/^default_capabilities/a \
  "SYS_CHROOT",' containers.conf
 fi
-else
-ensure registries.conf unqualified-search-registries [\"registry.access.redhat.com\",\ \"registry.redhat.io\",\ \"docker.io\"]
+
+elif pwd | grep -e rhel-9 -e c9s > /dev/null
+then
 ensure registries.conf short-name-mode               \"enforcing\"
 ensure containers.conf runtime                       \"crun\"
+
+elif pwd | grep -e rhel-10 -e c10s > /dev/null
+then
+ensure registries.conf short-name-mode               \"enforcing\"
+ensure containers.conf runtime                       \"crun\"
+ensure containers.conf log_driver                    \"k8s-file\"
+else
+echo "Unknown release"
 fi
+
 [ `grep \"keyctl\", seccomp.json | wc -l` == 0 ] && sed -i '/\"kill\",/i \
 				"keyctl",' seccomp.json
 [ `grep \"socket\", seccomp.json | wc -l` == 0 ] && sed -i '/\"socketcall\",/i \
 				"socket",' seccomp.json
 rhpkg clone redhat-release
 cd redhat-release
-rhpkg switch-branch rhel-9.4.0
+rhpkg switch-branch rhel-9-main
 rhpkg prep
-cp -f redhat-release-*/RPM-GPG* ../
+cp -f redhat-release-*/redhat-release-*/RPM-GPG* ../../
 cd -
 rm -rf redhat-release