containers-common-1-93.el9

- update vendored components
- Resolves: RHEL-69402

Signed-off-by: Jindrich Novy <jnovy@redhat.com>
This commit is contained in:
Jindrich Novy 2024-11-28 01:59:29 +01:00
parent 556dc2220d
commit 04400f45d9
8 changed files with 198 additions and 100 deletions

View File

@ -4,15 +4,15 @@
# pick the oldest version on c/image, c/common, c/storage vendored in # pick the oldest version on c/image, c/common, c/storage vendored in
# podman/skopeo/podman. # podman/skopeo/podman.
%global skopeo_branch main %global skopeo_branch main
%global image_branch v5.32.2 %global image_branch v5.33.0
%global common_branch v0.60.2 %global common_branch v0.61.0
%global storage_branch v1.55.0 %global storage_branch v1.56.0
%global shortnames_branch main %global shortnames_branch main
Epoch: 2 Epoch: 2
Name: containers-common Name: containers-common
Version: 1 Version: 1
Release: 92%{?dist} Release: 93%{?dist}
Summary: Common configuration and documentation for containers Summary: Common configuration and documentation for containers
License: ASL 2.0 License: ASL 2.0
ExclusiveArch: %{go_arches} ExclusiveArch: %{go_arches}
@ -173,6 +173,10 @@ EOF
%{_datadir}/rhel/secrets/* %{_datadir}/rhel/secrets/*
%changelog %changelog
* Thu Nov 28 2024 Jindrich Novy <jnovy@redhat.com> - 2:1-93
- update vendored components
- Resolves: RHEL-69402
* Tue Aug 27 2024 Jindrich Novy <jnovy@redhat.com> - 2:1-92 * Tue Aug 27 2024 Jindrich Novy <jnovy@redhat.com> - 2:1-92
- update vendored components - update vendored components
- Related: RHEL-27608 - Related: RHEL-27608

View File

@ -71,7 +71,7 @@ Default directory to store all temporary writable content created by container s
By default, the storage driver is set via the `driver` option. If it is not defined, then the best driver will be picked according to the current platform. This option allows you to override this internal priority list with a custom one to prefer certain drivers. By default, the storage driver is set via the `driver` option. If it is not defined, then the best driver will be picked according to the current platform. This option allows you to override this internal priority list with a custom one to prefer certain drivers.
Setting this option only has an effect if the local storage has not been initialized yet and the driver name is not set. Setting this option only has an effect if the local storage has not been initialized yet and the driver name is not set.
**transient_store** = "false" | "true" **transient_store** = "false"|"true"
Transient store mode makes all container metadata be saved in temporary storage Transient store mode makes all container metadata be saved in temporary storage
(i.e. runroot above). This is faster, but doesn't persist across reboots. (i.e. runroot above). This is faster, but doesn't persist across reboots.
@ -84,33 +84,6 @@ The `storage.options` table supports the following options:
**additionalimagestores**=[] **additionalimagestores**=[]
Paths to additional container image stores. Usually these are read/only and stored on remote network shares. Paths to additional container image stores. Usually these are read/only and stored on remote network shares.
**pull_options** = {enable_partial_images = "true", use_hard_links = "false", ostree_repos=""}
Allows specification of how storage is populated when pulling images. This
option can speed the pulling process of images compressed with format zstd:chunked. Containers/storage looks
for files within images that are being pulled from a container registry that
were previously pulled to the host. It can copy or create
a hard link to the existing file when it finds them, eliminating the need to pull them from the
container registry. These options can deduplicate pulling of content, disk
storage of content and can allow the kernel to use less memory when running
containers.
containers/storage supports four keys
* enable_partial_images="true" | "false"
Tells containers/storage to look for files previously pulled in storage
rather then always pulling them from the container registry.
* use_hard_links = "false" | "true"
Tells containers/storage to use hard links rather then create new files in
the image, if an identical file already existed in storage.
* ostree_repos = ""
Tells containers/storage where an ostree repository exists that might have
previously pulled content which can be used when attempting to avoid
pulling content from the container registry
* convert_images = "false" | "true"
If set to true, containers/storage will convert images to a format compatible with
partial pulls in order to take advantage of local deduplication and hardlinking. It is an
expensive operation so it is not enabled by default.
**root-auto-userns-user**="" **root-auto-userns-user**=""
Root-auto-userns-user is a user name which can be used to look up one or more UID/GID ranges in the /etc/subuid and /etc/subgid file. These ranges will be partitioned to containers configured to create automatically a user namespace. Containers configured to automatically create a user namespace can still overlap with containers having an explicit mapping set. This setting is ignored when running as rootless. Root-auto-userns-user is a user name which can be used to look up one or more UID/GID ranges in the /etc/subuid and /etc/subgid file. These ranges will be partitioned to containers configured to create automatically a user namespace. Containers configured to automatically create a user namespace can still overlap with containers having an explicit mapping set. This setting is ignored when running as rootless.
@ -123,6 +96,34 @@ containers/storage supports four keys
**disable-volatile**=true **disable-volatile**=true
If disable-volatile is set, then the "volatile" mount optimization is disabled for all the containers. If disable-volatile is set, then the "volatile" mount optimization is disabled for all the containers.
### STORAGE PULL OPTIONS TABLE
The `storage.options.pull_options` table supports the following keys:
**enable_partial_images="true"|"false"**
Enable the "zstd:chunked" feature, which allows partial pulls, reusing
content that already exists on the system. This is disabled by default,
and must be explicitly enabled to be used. For more on zstd:chunked, see
<https://github.com/containers/storage/blob/main/docs/containers-storage-zstd-chunked.md>.
This is a "string bool": "false"|"true" (cannot be native TOML boolean)
**use_hard_links="false"|"true"**
Tells containers/storage to use hard links rather then create new files in
the image, if an identical file already existed in storage.
This is a "string bool": "false"|"true" (cannot be native TOML boolean)
**ostree_repos=""**
Path to an ostree repository that might have
previously pulled content which can be used when attempting to avoid
pulling content from the container registry.
**convert_images="false"|"true"**
If set to "true", containers/storage will convert images that are
not already in zstd:chunked format to that format before processing
in order to take advantage of local deduplication and hard linking.
It is an expensive operation so it is not enabled by default.
This is a "string bool": "false"|"true" (cannot be native TOML boolean)
### STORAGE OPTIONS FOR AUFS TABLE ### STORAGE OPTIONS FOR AUFS TABLE
The `storage.options.aufs` table supports the following options: The `storage.options.aufs` table supports the following options:
@ -145,7 +146,8 @@ The `storage.options.btrfs` table supports the following options:
The `storage.options.overlay` table supports the following options: The `storage.options.overlay` table supports the following options:
**ignore_chown_errors** = "false" **ignore_chown_errors** = "false"
ignore_chown_errors can be set to allow a non privileged user running with a single UID within a user namespace to run containers. The user can pull and use any image even those with multiple uids. Note multiple UIDs will be squashed down to the default uid in the container. These images will have no separation between the users in the container. (default: false) ignore_chown_errors can be set to allow a non privileged user running with a single UID within a user namespace to run containers. The user can pull and use any image even those with multiple uids. Note multiple UIDs will be squashed down to the default uid in the container. These images will have no separation between the users in the container. (default: "false")
This is a "string bool": "false"|"true" (cannot be native TOML boolean)
**inodes**="" **inodes**=""
Maximum inodes in a read/write layer. This flag can be used to set a quota on the inodes allocated for a read/write layer of a container. Maximum inodes in a read/write layer. This flag can be used to set a quota on the inodes allocated for a read/write layer of a container.
@ -194,21 +196,26 @@ based file systems.
**mountopt**="" **mountopt**=""
Comma separated list of default options to be used to mount container images. Suggested value "nodev". Mount options are documented in the mount(8) man page. Comma separated list of default options to be used to mount container images. Suggested value "nodev". Mount options are documented in the mount(8) man page.
**skip_mount_home=""** **skip_mount_home="false"**
Tell storage drivers to not create a PRIVATE bind mount on their home directory. Tell storage drivers to not create a PRIVATE bind mount on their home directory.
This is a "string bool": "false"|"true" (cannot be native TOML boolean)
**size**="" **size**=""
Maximum size of a read/write layer. This flag can be used to set quota on the size of a read/write layer of a container. (format: <number>[<unit>], where unit = b (bytes), k (kilobytes), m (megabytes), or g (gigabytes)) Maximum size of a read/write layer. This flag can be used to set quota on the size of a read/write layer of a container. (format: <number>[<unit>], where unit = b (bytes), k (kilobytes), m (megabytes), or g (gigabytes))
**use_composefs** = "false" **use_composefs** = "false"
Use ComposeFS to mount the data layers image. ComposeFS support is experimental and not recommended for production use. (default: false) Use ComposeFS to mount the data layers image. ComposeFS support is experimental and not recommended for production use.
This is a "string bool": "false"|"true" (cannot be native TOML boolean)
### STORAGE OPTIONS FOR VFS TABLE ### STORAGE OPTIONS FOR VFS TABLE
The `storage.options.vfs` table supports the following options: The `storage.options.vfs` table supports the following options:
**ignore_chown_errors** = "false" **ignore_chown_errors** = "false"
ignore_chown_errors can be set to allow a non privileged user running with a single UID within a user namespace to run containers. The user can pull and use any image even those with multiple uids. Note multiple UIDs will be squashed down to the default uid in the container. These images will have no separation between the users in the container. (default: false) ignore_chown_errors can be set to allow a non privileged user running with a single UID within a user namespace to run containers. The user can pull and use any image even those with multiple uids. Note multiple UIDs will be squashed down to the default uid in the container. These images will have no separation between the users in the container.
This is a "string bool": "false"|"true" (cannot be native TOML boolean)
### STORAGE OPTIONS FOR ZFS TABLE ### STORAGE OPTIONS FOR ZFS TABLE

View File

@ -27,16 +27,19 @@
# #
#apparmor_profile = "container-default" #apparmor_profile = "container-default"
# The hosts entries from the base hosts file are added to the containers hosts # Base file to create the `/etc/hosts` file inside the container. This must either
# file. This must be either an absolute path or as special values "image" which # be an absolute path to a file on the host system, or one of the following
# uses the hosts file from the container image or "none" which means # special flags:
# no base hosts file is used. The default is "" which will use /etc/hosts. # "" Use the host's `/etc/hosts` file (the default)
# `none` Do not use a base file (i.e. start with an empty file)
# `image` Use the container image's `/etc/hosts` file as base file
# #
#base_hosts_file = "" #base_hosts_file = ""
# List of cgroup_conf entries specifying a list of cgroup files to write to and # List of cgroup_conf entries specifying a list of cgroup files to write to and
# their values. For example `memory.high=1073741824` sets the # their values. For example `memory.high=1073741824` sets the
# memory.high limit to 1GB. # memory.high limit to 1GB.
#
# cgroup_conf = [] # cgroup_conf = []
# Default way to to create a cgroup namespace for the container # Default way to to create a cgroup namespace for the container
@ -126,13 +129,25 @@ default_sysctls = [
# #
#env_host = false #env_host = false
# Set the ip for the host.containers.internal entry in the containers /etc/hosts # Set the IP address the container should expect to connect to the host. The IP
# file. This can be set to "none" to disable adding this entry. By default it # address is used by Podman to automatically add the `host.containers.internal`
# will automatically choose the host ip. # and `host.docker.internal` hostnames to the container's `/etc/hosts` file. It
# is also used for the *host-gateway* flag of Podman's `--add-host` CLI option.
# If no IP address is configured (the default), Podman will try to determine it
# automatically, but might fail to do so depending on the container's network
# setup. Adding these internal hostnames to `/etc/hosts` is silently skipped then.
# Set this config to `none` to never add the internal hostnames to `/etc/hosts`.
# #
# NOTE: When using podman machine this entry will never be added to the containers # Note: If Podman is running in a virtual machine using `podman machine` (this
# hosts file instead the gvproxy dns resolver will resolve this hostname. Therefore # includes Mac and Windows hosts), Podman will silently skip adding the internal
# it is not possible to disable the entry in this case. # hostnames to `/etc/hosts`, unless an IP address was configured manually. The
# internal hostnames are resolved by the gvproxy DNS resolver instead. This config
# has no effect on gvproxy. However, since `/etc/hosts` bypasses the DNS resolver,
# a manually configured IP address still takes precedence.
#
# Note: This config doesn't affect the actual network setup, it just tells Podman
# the IP address it should expect. Configuring an IP address here doesn't ensure
# that the container can actually reach the host using this IP address.
# #
#host_containers_internal_ip = "" #host_containers_internal_ip = ""
@ -221,8 +236,10 @@ default_sysctls = [
# #
#netns = "private" #netns = "private"
# Create /etc/hosts for the container. By default, container engine manage # Do not modify the `/etc/hosts` file in the container. Podman assumes control
# /etc/hosts, automatically adding the container's own IP address. # over the container's `/etc/hosts` file by default; refer to the `--add-host`
# CLI option for details. To disable this, either set this config to `true`, or
# use the functionally identical `--no-hosts` CLI option.
# #
#no_hosts = false #no_hosts = false
@ -416,6 +433,8 @@ default_sysctls = [
#List of compression algorithms. If set makes sure that requested compression variant #List of compression algorithms. If set makes sure that requested compression variant
#for each platform is added to the manifest list keeping original instance intact in #for each platform is added to the manifest list keeping original instance intact in
#the same manifest list on every `manifest push`. Supported values are (`gzip`, `zstd` and `zstd:chunked`). #the same manifest list on every `manifest push`. Supported values are (`gzip`, `zstd` and `zstd:chunked`).
#`zstd:chunked` is incompatible with encrypting images, and will be treated as `zstd` with a warning
#in that case.
# #
#add_compression = ["gzip", "zstd", "zstd:chunked"] #add_compression = ["gzip", "zstd", "zstd:chunked"]
@ -438,6 +457,8 @@ default_sysctls = [
# This field is ignored when pushing images to the docker-daemon and # This field is ignored when pushing images to the docker-daemon and
# docker-archive formats. It is also ignored when the manifest format is set # docker-archive formats. It is also ignored when the manifest format is set
# to v2s2. # to v2s2.
# `zstd:chunked` is incompatible with encrypting images, and will be treated as `zstd` with a warning
# in that case.
# #
#compression_format = "gzip" #compression_format = "gzip"
@ -866,7 +887,15 @@ runtime = "crun"
# Virtualization provider used to run Podman machine. # Virtualization provider used to run Podman machine.
# If it is empty or commented out, the default provider will be used. # If it is empty or commented out, the default provider will be used.
# # Linux:
# qemu - Open source machine emulator and virtualizer. (Default)
# Windows: there are currently two options:
# wsl - Windows Subsystem for Linux (Default)
# hyperv - Windows Server Virtualization
# Mac: there are currently two options:
# applehv - Default Apple Hypervisor (Default)
# libkrun - Launch virtual machines using the libkrun platform, optimized
# for sharing GPU with the machine.
#provider = "" #provider = ""
# Rosetta supports running x86_64 Linux binaries on a Podman machine on Apple silicon. # Rosetta supports running x86_64 Linux binaries on a Podman machine on Apple silicon.

View File

@ -96,10 +96,12 @@ The default profile name is "container-default".
**base_hosts_file**="" **base_hosts_file**=""
The hosts entries from the base hosts file are added to the containers hosts Base file to create the `/etc/hosts` file inside the container. This must either
file. This must be either an absolute path or as special values "image" which be an absolute path to a file on the host system, or one of the following
uses the hosts file from the container image or "none" which means special flags:
no base hosts file is used. The default is "" which will use /etc/hosts. "" Use the host's `/etc/hosts` file (the default)
`none` Do not use a base file (i.e. start with an empty file)
`image` Use the container image's `/etc/hosts` file as base file
**cgroup_conf**=[] **cgroup_conf**=[]
@ -195,13 +197,25 @@ Pass all host environment variables into the container.
**host_containers_internal_ip**="" **host_containers_internal_ip**=""
Set the ip for the host.containers.internal entry in the containers /etc/hosts Set the IP address the container should expect to connect to the host. The IP
file. This can be set to "none" to disable adding this entry. By default it address is used by Podman to automatically add the `host.containers.internal`
will automatically choose the host ip. and `host.docker.internal` hostnames to the container's `/etc/hosts` file. It
is also used for the *host-gateway* flag of Podman's `--add-host` CLI option.
If no IP address is configured (the default), Podman will try to determine it
automatically, but might fail to do so depending on the container's network
setup. Adding these internal hostnames to `/etc/hosts` is silently skipped then.
Set this config to `none` to never add the internal hostnames to `/etc/hosts`.
NOTE: When using podman machine this entry will never be added to the containers Note: If Podman is running in a virtual machine using `podman machine` (this
hosts file instead the gvproxy dns resolver will resolve this hostname. Therefore includes Mac and Windows hosts), Podman will silently skip adding the internal
it is not possible to disable the entry in this case. hostnames to `/etc/hosts`, unless an IP address was configured manually. The
internal hostnames are resolved by the gvproxy DNS resolver instead. This config
has no effect on gvproxy. However, since `/etc/hosts` bypasses the DNS resolver,
a manually configured IP address still takes precedence.
Note: This config doesn't affect the actual network setup, it just tells Podman
the IP address it should expect. Configuring an IP address here doesn't ensure
that the container can actually reach the host using this IP address.
**http_proxy**=true **http_proxy**=true
@ -290,8 +304,10 @@ Options are:
**no_hosts**=false **no_hosts**=false
Create /etc/hosts for the container. By default, container engines manage Do not modify the `/etc/hosts` file in the container. Podman assumes control
/etc/hosts, automatically adding the container's own IP address. over the container's `/etc/hosts` file by default; refer to the `--add-host`
CLI option for details. To disable this, either set this config to `true`, or
use the functionally identical `--no-hosts` CLI option.
**oom_score_adj**=0 **oom_score_adj**=0
@ -486,6 +502,9 @@ Name of destination for accessing the Podman service. See SERVICE DESTINATION TA
List of compression algorithms. If set makes sure that requested compression variant List of compression algorithms. If set makes sure that requested compression variant
for each platform is added to the manifest list keeping original instance intact in for each platform is added to the manifest list keeping original instance intact in
the same manifest list on every `manifest push`. Supported values are (`gzip`, `zstd` and `zstd:chunked`). the same manifest list on every `manifest push`. Supported values are (`gzip`, `zstd` and `zstd:chunked`).
`zstd:chunked` is incompatible with encrypting images, and will be treated as `zstd` with a warning
in that case.
Note: This is different from `compression_format` which allows users to select a default Note: This is different from `compression_format` which allows users to select a default
compression format for `push` and `manifest push`, while `add_compression` is limited to compression format for `push` and `manifest push`, while `add_compression` is limited to
@ -593,7 +612,7 @@ The default method is different based on the platform that
Podman is being run upon. To determine the current value, Podman is being run upon. To determine the current value,
use this command: use this command:
`podman info --format {{.Host.EventLogger}` `podman info --format {{.Host.EventLogger}}`
Valid values are: `file`, `journald`, and `none`. Valid values are: `file`, `journald`, and `none`.
@ -855,6 +874,8 @@ Specifies the compression format to use when pushing an image. Supported values
are: `gzip`, `zstd` and `zstd:chunked`. This field is ignored when pushing are: `gzip`, `zstd` and `zstd:chunked`. This field is ignored when pushing
images to the docker-daemon and docker-archive formats. It is also ignored images to the docker-daemon and docker-archive formats. It is also ignored
when the manifest format is set to v2s2. when the manifest format is set to v2s2.
`zstd:chunked` is incompatible with encrypting images, and will be treated as `zstd` with a warning
in that case.
**compression_level**="5" **compression_level**="5"
@ -950,8 +971,14 @@ On Mac, the default volumes are:
**provider**="" **provider**=""
Virtualization provider to be used for running a podman-machine VM. Empty value Virtualization provider to be used for running a podman-machine VM. Empty value
is interpreted as the default provider for the current host OS. On Linux/Mac is interpreted as the default provider for the current host OS.
default is `QEMU` and on Windows it is `WSL`.
| Platform | Default Virtualization provider | Optional |
| -------- | --------------------------------------- | -------- |
| Linux | "" (qemu) | None |
| Windows | "" ("wsl": Windows Subsystem for Linux) | "hyperv" (Windows Server Virtualization) |
| Mac | "" ("applehv": Apple Hypervisor) | "libkrun" (Launch machine via libkrun platform, optimized for sharing GPU with the machine) |
**rosetta**="true" **rosetta**="true"

View File

@ -38,6 +38,21 @@
"leap-dnf" = "registry.opensuse.org/opensuse/leap-dnf" "leap-dnf" = "registry.opensuse.org/opensuse/leap-dnf"
"leap-microdnf" = "registry.opensuse.org/opensuse/leap-microdnf" "leap-microdnf" = "registry.opensuse.org/opensuse/leap-microdnf"
"tw-busybox" = "registry.opensuse.org/opensuse/busybox" "tw-busybox" = "registry.opensuse.org/opensuse/busybox"
# OTel (Open Telemetry) - opentelemetry.io
"otel/autoinstrumentation-go" = "docker.io/otel/autoinstrumentation-go"
"otel/autoinstrumentation-nodejs" = "docker.io/otel/autoinstrumentation-nodejs"
"otel/autoinstrumentation-python" = "docker.io/otel/autoinstrumentation-python"
"otel/autoinstrumentation-java" = "docker.io/otel/autoinstrumentation-java"
"otel/autoinstrumentation-dotnet" = "docker.io/otel/autoinstrumentation-dotnet"
"otel/opentelemetry-collector" = "docker.io/otel/opentelemetry-collector"
"otel/opentelemetry-collector-contrib" = "docker.io/otel/opentelemetry-collector-contrib"
"otel/opentelemetry-collector-contrib-dev" = "docker.io/otel/opentelemetry-collector-contrib-dev"
"otel/opentelemetry-collector-k8s" = "docker.io/otel/opentelemetry-collector-k8s"
"otel/opentelemetry-operator" = "docker.io/otel/opentelemetry-operator"
"otel/opentelemetry-operator-bundle" = "docker.io/otel/opentelemetry-operator-bundle"
"otel/operator-opamp-bridge" = "docker.io/otel/operator-opamp-bridge"
"otel/semconvgen" = "docker.io/otel/semconvgen"
"otel/weaver" = "docker.io/otel/weaver"
# SUSE # SUSE
"suse/sle15" = "registry.suse.com/suse/sle15" "suse/sle15" = "registry.suse.com/suse/sle15"
"suse/sles12sp5" = "registry.suse.com/suse/sles12sp5" "suse/sles12sp5" = "registry.suse.com/suse/sles12sp5"

View File

@ -8,12 +8,12 @@
# /usr/containers/storage.conf # /usr/containers/storage.conf
# /etc/containers/storage.conf # /etc/containers/storage.conf
# $HOME/.config/containers/storage.conf # $HOME/.config/containers/storage.conf
# $XDG_CONFIG_HOME/containers/storage.conf (If XDG_CONFIG_HOME is set) # $XDG_CONFIG_HOME/containers/storage.conf (if XDG_CONFIG_HOME is set)
# See man 5 containers-storage.conf for more information # See man 5 containers-storage.conf for more information
# The "container storage" table contains all of the server options. # The "storage" table contains all of the server options.
[storage] [storage]
# Default Storage Driver, Must be set for proper operation. # Default storage driver, must be set for proper operation.
driver = "overlay" driver = "overlay"
# Temporary storage location # Temporary storage location
@ -24,8 +24,8 @@ runroot = "/run/containers/storage"
# driver_priority = ["overlay", "btrfs"] # driver_priority = ["overlay", "btrfs"]
# Primary Read/Write location of container storage # Primary Read/Write location of container storage
# When changing the graphroot location on an SELINUX system, you must # When changing the graphroot location on an SELinux system, you must
# ensure the labeling matches the default locations labels with the # ensure the labeling matches the default location's labels with the
# following commands: # following commands:
# semanage fcontext -a -e /var/lib/containers/storage /NEWSTORAGEPATH # semanage fcontext -a -e /var/lib/containers/storage /NEWSTORAGEPATH
# restorecon -R -v /NEWSTORAGEPATH # restorecon -R -v /NEWSTORAGEPATH
@ -54,32 +54,31 @@ graphroot = "/var/lib/containers/storage"
additionalimagestores = [ additionalimagestores = [
] ]
# Allows specification of how storage is populated when pulling images. This # Options controlling how storage is populated when pulling images.
# option can speed the pulling process of images compressed with format [storage.options.pull_options]
# zstd:chunked. Containers/storage looks for files within images that are being # Enable the "zstd:chunked" feature, which allows partial pulls, reusing
# pulled from a container registry that were previously pulled to the host. It # content that already exists on the system. This is disabled by default,
# can copy or create a hard link to the existing file when it finds them, # and must be explicitly enabled to be used. For more on zstd:chunked, see
# eliminating the need to pull them from the container registry. These options # https://github.com/containers/storage/blob/main/docs/containers-storage-zstd-chunked.md
# can deduplicate pulling of content, disk storage of content and can allow the # This is a "string bool": "false" | "true" (cannot be native TOML boolean)
# kernel to use less memory when running containers. # enable_partial_images = "false"
# containers/storage supports four keys # Tells containers/storage to use hard links rather then create new files in
# * enable_partial_images="true" | "false" # the image, if an identical file already existed in storage.
# Tells containers/storage to look for files previously pulled in storage # This is a "string bool": "false" | "true" (cannot be native TOML boolean)
# rather then always pulling them from the container registry. # use_hard_links = "false"
# * use_hard_links = "false" | "true"
# Tells containers/storage to use hard links rather then create new files in # Path to an ostree repository that might have
# the image, if an identical file already existed in storage. # previously pulled content which can be used when attempting to avoid
# * ostree_repos = "" # pulling content from the container registry.
# Tells containers/storage where an ostree repository exists that might have # ostree_repos=""
# previously pulled content which can be used when attempting to avoid
# pulling content from the container registry # If set to "true", containers/storage will convert images that are
# * convert_images = "false" | "true" # not already in zstd:chunked format to that format before processing
# If set to true, containers/storage will convert images to a # in order to take advantage of local deduplication and hard linking.
# format compatible with partial pulls in order to take advantage # It is an expensive operation so it is not enabled by default.
# of local deduplication and hard linking. It is an expensive # This is a "string bool": "false" | "true" (cannot be native TOML boolean)
# operation so it is not enabled by default. # convert_images = "false"
pull_options = {enable_partial_images = "true", use_hard_links = "false", ostree_repos=""}
# Root-auto-userns-user is a user name which can be used to look up one or more UID/GID # Root-auto-userns-user is a user name which can be used to look up one or more UID/GID
# ranges in the /etc/subuid and /etc/subgid file. These ranges will be partitioned # ranges in the /etc/subuid and /etc/subgid file. These ranges will be partitioned
@ -102,6 +101,7 @@ pull_options = {enable_partial_images = "true", use_hard_links = "false", ostree
# squashed down to the default uid in the container. These images will have no # squashed down to the default uid in the container. These images will have no
# separation between the users in the container. Only supported for the overlay # separation between the users in the container. Only supported for the overlay
# and vfs drivers. # and vfs drivers.
# This is a "string bool": "false" | "true" (cannot be native TOML boolean)
#ignore_chown_errors = "false" #ignore_chown_errors = "false"
# Inodes is used to set a maximum inodes of the container image. # Inodes is used to set a maximum inodes of the container image.
@ -115,9 +115,11 @@ pull_options = {enable_partial_images = "true", use_hard_links = "false", ostree
mountopt = "nodev,metacopy=on" mountopt = "nodev,metacopy=on"
# Set to skip a PRIVATE bind mount on the storage home directory. # Set to skip a PRIVATE bind mount on the storage home directory.
# This is a "string bool": "false" | "true" (cannot be native TOML boolean)
# skip_mount_home = "false" # skip_mount_home = "false"
# Set to use composefs to mount data layers with overlay. # Set to use composefs to mount data layers with overlay.
# This is a "string bool": "false" | "true" (cannot be native TOML boolean)
# use_composefs = "false" # use_composefs = "false"
# Size is used to set a maximum size of the container image. # Size is used to set a maximum size of the container image.

View File

@ -25,6 +25,9 @@ for P in podman skopeo buildah; do
fi fi
rm -rf *SPECPARTS rm -rf *SPECPARTS
DIR=`ls -d -- */ | grep "$P"` DIR=`ls -d -- */ | grep "$P"`
if [[ $DIR == *-build/ ]]; then
DIR=`ls -d $DIR/* | grep -v SPECPARTS`
fi
grep github.com/containers/image $DIR/go.mod | cut -d\ -f2 | sed 's,-.*,,'>> /tmp/ver_image grep github.com/containers/image $DIR/go.mod | cut -d\ -f2 | sed 's,-.*,,'>> /tmp/ver_image
grep github.com/containers/common $DIR/go.mod | cut -d\ -f2 | sed 's,-.*,,' >> /tmp/ver_common grep github.com/containers/common $DIR/go.mod | cut -d\ -f2 | sed 's,-.*,,' >> /tmp/ver_common
grep github.com/containers/storage $DIR/go.mod | cut -d\ -f2 | sed 's,-.*,,' >> /tmp/ver_storage grep github.com/containers/storage $DIR/go.mod | cut -d\ -f2 | sed 's,-.*,,' >> /tmp/ver_storage

View File

@ -30,10 +30,11 @@ for FILE in *; do
done done
ensure storage.conf driver \"overlay\" ensure storage.conf driver \"overlay\"
ensure storage.conf mountopt \"nodev,metacopy=on\" ensure storage.conf mountopt \"nodev,metacopy=on\"
if pwd | grep rhel-8 > /dev/null ensure registries.conf unqualified-search-registries [\"registry.access.redhat.com\",\ \"registry.redhat.io\",\ \"docker.io\"]
if pwd | grep -e rhel-8 -e c8s > /dev/null
then then
awk -i inplace '/#default_capabilities/,/#\]/{gsub("#","",$0)}1' containers.conf awk -i inplace '/#default_capabilities/,/#\]/{gsub("#","",$0)}1' containers.conf
ensure registries.conf unqualified-search-registries [\"registry.access.redhat.com\",\ \"registry.redhat.io\",\ \"docker.io\"]
ensure registries.conf short-name-mode \"permissive\" ensure registries.conf short-name-mode \"permissive\"
ensure containers.conf runtime \"runc\" ensure containers.conf runtime \"runc\"
ensure containers.conf events_logger \"file\" ensure containers.conf events_logger \"file\"
@ -49,19 +50,29 @@ then
sed -i '/^default_capabilities/a \ sed -i '/^default_capabilities/a \
"SYS_CHROOT",' containers.conf "SYS_CHROOT",' containers.conf
fi fi
else
ensure registries.conf unqualified-search-registries [\"registry.access.redhat.com\",\ \"registry.redhat.io\",\ \"docker.io\"] elif pwd | grep -e rhel-9 -e c9s > /dev/null
then
ensure registries.conf short-name-mode \"enforcing\" ensure registries.conf short-name-mode \"enforcing\"
ensure containers.conf runtime \"crun\" ensure containers.conf runtime \"crun\"
elif pwd | grep -e rhel-10 -e c10s > /dev/null
then
ensure registries.conf short-name-mode \"enforcing\"
ensure containers.conf runtime \"crun\"
ensure containers.conf log_driver \"k8s-file\"
else
echo "Unknown release"
fi fi
[ `grep \"keyctl\", seccomp.json | wc -l` == 0 ] && sed -i '/\"kill\",/i \ [ `grep \"keyctl\", seccomp.json | wc -l` == 0 ] && sed -i '/\"kill\",/i \
"keyctl",' seccomp.json "keyctl",' seccomp.json
[ `grep \"socket\", seccomp.json | wc -l` == 0 ] && sed -i '/\"socketcall\",/i \ [ `grep \"socket\", seccomp.json | wc -l` == 0 ] && sed -i '/\"socketcall\",/i \
"socket",' seccomp.json "socket",' seccomp.json
rhpkg clone redhat-release rhpkg clone redhat-release
cd redhat-release cd redhat-release
rhpkg switch-branch rhel-9.4.0 rhpkg switch-branch rhel-9-main
rhpkg prep rhpkg prep
cp -f redhat-release-*/RPM-GPG* ../ cp -f redhat-release-*/redhat-release-*/RPM-GPG* ../../
cd - cd -
rm -rf redhat-release rm -rf redhat-release