rpms/containers-common
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import CS containers-common-5.8-1.el9

Browse Source
This commit is contained in:
AlmaLinux RelEng Bot 2026-03-30 10:21:22 -04:00
parent 12f4561a65
commit 12dbbdbcb8
14 changed files with 955 additions and 409 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

993
SOURCES/001-rhel-shortnames-pyxis.conf
View File

File diff suppressed because it is too large Load Diff

26
SOURCES/002-rhel-shortnames-overrides.conf
View File

@ -1,10 +1,22 @@
[aliases]
"skopeo" = "registry.access.redhat.com/ubi8/skopeo"
"ubi8/skopeo" = "registry.access.redhat.com/ubi8/skopeo"
"rhel9/skopeo" = "registry.redhat.io/rhel9/skopeo"
"buildah" = "registry.access.redhat.com/ubi8/buildah"
"ubi8/buildah" = "registry.access.redhat.com/ubi8/buildah"
"buildah" = "registry.access.redhat.com/ubi10/buildah"
"podman" = "registry.access.redhat.com/ubi10/podman"
"skopeo" = "registry.access.redhat.com/ubi10/skopeo"
"rhel8/buildah" = "registry.redhat.io/rhel8/buildah"
"rhel8/podman" = "registry.redhat.io/rhel8/podman"
"rhel8/skopeo" = "registry.redhat.io/rhel8/skopeo"
"rhel9/buildah" = "registry.redhat.io/rhel9/buildah"
"podman" = "registry.access.redhat.com/ubi8/podman"
"ubi8/podman" = "registry.access.redhat.com/ubi8/podman"
"rhel9/podman" = "registry.redhat.io/rhel9/podman"
"rhel9/skopeo" = "registry.redhat.io/rhel9/skopeo"
"rhel10/buildah" = "registry.redhat.io/rhel10/buildah"
"rhel10/podman" = "registry.redhat.io/rhel10/podman"
"rhel10/skopeo" = "registry.redhat.io/rhel10/skopeo"
"ubi8/buildah" = "registry.access.redhat.com/ubi8/buildah"
"ubi8/podman" = "registry.access.redhat.com/ubi8/podman"
"ubi8/skopeo" = "registry.access.redhat.com/ubi8/skopeo"
"ubi9/buildah" = "registry.access.redhat.com/ubi9/buildah"
"ubi9/podman" = "registry.access.redhat.com/ubi9/podman"
"ubi9/skopeo" = "registry.access.redhat.com/ubi9/skopeo"
"ubi10/buildah" = "registry.access.redhat.com/ubi10/buildah"
"ubi10/podman" = "registry.access.redhat.com/ubi10/podman"
"ubi10/skopeo" = "registry.access.redhat.com/ubi10/skopeo"

9
SOURCES/containers-certs.d.5.md
View File

@ -5,7 +5,12 @@ containers-certs.d - Directory for storing custom container-registry TLS configu
# DESCRIPTION
A custom TLS configuration for a container registry can be configured by creating a directory under `$HOME/.config/containers/certs.d` or `/etc/containers/certs.d`.
The name of the directory must correspond to the `host:port` of the registry (e.g., `my-registry.com:5000`).
The name of the directory must correspond to the `host`[`:port`] of the registry (e.g., `my-registry.com:5000`).
The port part presence / absence must precisely match the port usage in image references,
e.g. to affect `podman pull registry.example/foo`,
use a directory named `registry.example`, not `registry.example:443`.
`registry.example:443` would affect `podman pull registry.example:443/foo`.
## Directory Structure
A certs directory can contain one or more files with the following extensions:
@ -18,7 +23,7 @@ Note that the client certificate-key pair will be selected by the file name (e.g
An exemplary setup for a registry running at `my-registry.com:5000` may look as follows:
```
/etc/containers/certs.d/ <- Certificate directory
└── my-registry.com:5000 <- Hostname:port
└── my-registry.com:5000 <- Hostname[:port]
├── client.cert <- Client certificate
├── client.key <- Client key
└── ca.crt <- Certificate authority that signed the registry certificate

6
SOURCES/containers-signature.5.md
View File

@ -7,9 +7,9 @@ container-signature - Container signature format
# DESCRIPTION
This document describes the format of container signatures,
as implemented by the `github.com/containers/image/signature` package.
as implemented by the `go.podman.io/image/v5/signature` package.
Most users should be able to consume these signatures by using the `github.com/containers/image/signature` package
Most users should be able to consume these signatures by using the `go.podman.io/image/v5/signature` package
(preferably through the higher-level `signature.PolicyContext` interface)
without having to care about the details of the format described below.
This documentation exists primarily for maintainers of the package
@ -65,7 +65,7 @@ or in any way usable for making policy decisions about the image.)
When verifying a cryptographic signature in the OpenPGP format,
the consumer MUST verify at least the following aspects of the signature
(like the `github.com/containers/image/signature` package does):
(like the `go.podman.io/image/v5/signature` package does):
- The blob MUST be a “Signed Message” as defined RFC 4880 section 11.3.
(e.g. it MUST NOT be an unsigned “Literal Message”,

11
SOURCES/containers-storage.conf.5.md
View File

@ -27,7 +27,7 @@ No bare options are used. The format of TOML can be simplified to:
The `storage` table supports the following options:
**driver**=""
Copy On Write (COW) container storage driver. Valid drivers are "overlay", "vfs", "aufs", "btrfs", and "zfs". Some drivers (for example, "zfs", "btrfs", and "aufs") may not work if your kernel lacks support for the filesystem.
Copy On Write (COW) container storage driver. Valid drivers are "overlay", "vfs", "btrfs", and "zfs". Some drivers (for example, "zfs" and "btrfs") may not work if your kernel lacks support for the filesystem.
This field is required to guarantee proper operation.
Valid rootless drivers are "btrfs", "overlay", and "vfs".
Rootless users default to the driver defined in the system configuration when possible.
@ -145,13 +145,6 @@ The `storage.options.pull_options` table supports the following keys:
This is a "string bool": "false"|"true" (cannot be native TOML boolean)
### STORAGE OPTIONS FOR AUFS TABLE
The `storage.options.aufs` table supports the following options:
**mountopt**=""
Comma separated list of default options to be used to mount container images. Suggested value "nodev". Mount options are documented in the mount(8) man page.
### STORAGE OPTIONS FOR BTRFS TABLE
The `storage.options.btrfs` table supports the following options:
@ -210,7 +203,7 @@ attribute permissions to processes within containers rather than the
for mounting the file system. In rootless mode, without the CAP_SYS_ADMIN
capability, many kernels prevent mounting of overlay file systems, requiring
you to specify a mount_program. The mount_program option is also required on
systems where the underlying storage is btrfs, aufs, zfs, overlay, or ecryptfs
systems where the underlying storage is btrfs, zfs, overlay, or ecryptfs
based file systems.
mount_program = "/usr/bin/fuse-overlayfs"

54
SOURCES/containers.conf
View File

@ -216,6 +216,14 @@ default_sysctls = [
#
#log_driver = "k8s-file"
# Default path for container logs to be stored in. When empty, logs will be stored
# in the container's default storage and removed when the container is removed.
# A subdirectory named with the container ID will be created under the specified
# path, and the log file will have the default name `ctr.log` within that directory.
# This option can be overridden by the `--log-opt` flag.
#
#log_path = ""
# Maximum size allowed for the container log file. Negative numbers indicate
# that no size limit is imposed. If positive, it must be >= 8192 to match or
# exceed conmon's read buffer. The file is truncated and re-opened so the
@ -309,11 +317,13 @@ default_sysctls = [
#
#umask = "0022"
# Default way to to create a User namespace for the container
# Default way to create a USER namespace for the container.
# Options are:
# `auto` Create unique User Namespace for the container.
# `host` Share host User Namespace with the container.
#
# `private` Create private USER Namespace for the container, without adding any UID mappings.
# `host` Share host USER Namespace with the container. Root in the container is mapped to the host user UID.
# `auto` Automatically create a USER namespace with a unique mapping.
# `keep-id` Like `private`, but container UIDs are mapped to the host user's subordinate UIDs listed in `/etc/subuid`, and the current user's `UID:GID` are mapped to the same values in the container.
# `no-map` Like `keep-id`, but the current user's `UID:GID` does not map to any `UID:GID` inside the container.
#userns = "host"
# Default way to to create a UTS namespace for the container
@ -532,10 +542,14 @@ default_sysctls = [
#
#enable_port_reservation = true
# Environment variables to be used when running the container engine (e.g., Podman, Buildah).
# For example "http_proxy=internal.proxy.company.com".
# Note these environment variables will not be used within the container.
# Set the env section under [containers] table, if you want to set environment variables for the container.
# Environment variables to be used when running the container engine (e.g.,
# Podman, Buildah). For example "MYVAR=value". These environment variables
# will not be used within the container. Set the env section under the
# [containers] table, if you want to set environment variables for the
# container.
# Note when using this to set http proxy variables then they might get
# leaked into the container depending on if `http_proxy` (under the
# [containers] table) is set to to true (default) or false.
#
#env = []
@ -770,10 +784,17 @@ runtime = "crun"
# rootful "unix:///run/podman/podman.sock (Default)
# remote rootless ssh://engineering.lab.company.com/run/user/1000/podman/podman.sock
# remote rootful ssh://root@10.10.1.136:22/run/podman/podman.sock
# tcp/tls remote tcp://10.10.1.136:9443
#
# uri = "ssh://user@production.example.com/run/user/1001/podman/podman.sock"
# Path to file containing ssh identity key
# identity = "~/.ssh/id_rsa"
# Path to PEM file containing TLS client certificate
# tls_cert = "/path/to/certs/podman/tls.crt"
# Path to PEM file containing TLS client certificate private key
# tls_key = "/path/to/certs/podman/tls.key"
# Path to PEM file containing TLS certificate authority (CA) bundle
# tls_ca = "/path/to/certs/podman/ca.crt"
# Directory for temporary files. Must be tmpfs (wiped after reboot)
#
@ -856,6 +877,23 @@ runtime = "crun"
# "/usr/local/bin/krun",
#]
# Default flags for a valid OCI runtime (crun, runc, kata, runsc, krun, etc)
# Note: Do not pass the leading -- to the flag. To pass the runc flag --log-format json, the option given is log-format=json.
[engine.runtimes_flags]
#crun = []
#crun-vm = []
#kata = []
#runc = []
#runsc = []
#youki = []
#krun = []
[engine.volume_plugins]
#testplugin = "/run/podman/plugins/test.sock"

47
SOURCES/containers.conf.5.md
View File

@ -11,7 +11,9 @@ a TOML format that can be easily modified and versioned.
Container engines read the __/usr/share/containers/containers.conf__,
__/etc/containers/containers.conf__, and __/etc/containers/containers.conf.d/\*.conf__
for global configuration that effects all users.
for global configuration that affects all users.
For global configuration that only affects rootless users use __/etc/containers/containers.rootless.conf__,
__/etc/containers/containers.rootless.d/\*.conf__ and __/etc/containers/containers.rootless.d/\$UID/\*.conf__. The UID is the user's uid which podman runs under so it can be used to specify a certain config for only a single user without having to put the config into the user's home directory.
For user specific configuration it reads __\$XDG_CONFIG_HOME/containers/containers.conf__ and
__\$XDG_CONFIG_HOME/containers/containers.conf.d/\*.conf__ files. When `$XDG_CONFIG_HOME` is not set it falls back to using `$HOME/.config` instead.
@ -25,7 +27,7 @@ Not all options are supported in all container engines.
Note, container engines also use other configuration files for configuring the environment.
* `storage.conf` for configuration of container and images storage.
* `registries.conf` for definition of container registries to search while pulling.
* `registries.conf` for definition of container registries to search while pulling
container images.
* `policy.conf` for controlling which images can be pulled to the system.
@ -294,6 +296,14 @@ the user system_u, and the role system_r.
Logging driver for the container. Currently available options are k8s-file, journald, none and passthrough, with json-file aliased to k8s-file for scripting compatibility. The journald driver is used by default if the systemd journal is readable and writable. Otherwise, the k8s-file driver is used.
**log_path**=""
Default path for container logs to be stored in. When empty, logs will be stored
in the container's default storage and removed when the container is removed.
A subdirectory named with the container ID will be created under the specified
path, and the log file will have the default name `ctr.log` within that directory.
This option can be overridden by the `--log-opt` flag.
**log_size_max**=-1
Maximum size allowed for the container's log file. Negative numbers indicate
@ -387,8 +397,11 @@ Sets umask inside the container.
Default way to create a USER namespace for the container.
Options are:
`private` Create private USER Namespace for the container.
`host` Share host USER Namespace with the container.
`private` Create private USER Namespace for the container, without adding any UID mappings.
`host` Share host USER Namespace with the container. Root in the container is mapped to the host user UID.
`auto` Automatically create a USER namespace with a unique mapping.
`keep-id` Like `private`, but container UIDs are mapped to the host user's subordinate UIDs listed in `/etc/subuid`, and the current user's `UID:GID` are mapped to the same values in the container.
`no-map` Like `keep-id`, but the current user's `UID:GID` does not map to any `UID:GID` inside the container.
**utsns**="private"
@ -608,10 +621,13 @@ Disabling this can save memory.
**env**=[]
Environment variables to be used when running the container engine (e.g., Podman, Buildah). For example "http_proxy=internal.proxy.company.com".
Note these environment variables will not be used within the container. Set the env section under [containers] table,
Environment variables to be used when running the container engine (e.g., Podman, Buildah). For example "MYVAR=value".
These environment variables will not be used within the container. Set the env section under the [containers] table,
if you want to set environment variables for the container.
Note when using this to set http proxy variables then they might get leaked into the container depending on
if `http_proxy` (under the [containers] table) is set to to true (default) or false.
**events_logfile_path**=""
Define where event logs will be stored, when events_logger is "file".
@ -919,11 +935,30 @@ URI to access the Podman service
- **rootless remote** - ssh://user@engineering.lab.company.com/run/user/1000/podman/podman.sock
- **rootful local** - unix:///run/podman/podman.sock
- **rootful remote** - ssh://root@10.10.1.136:22/run/podman/podman.sock
- **tcp/tls remote** - tcp://10.10.1.136:9443
**identity="~/.ssh/id_rsa**
Path to file containing ssh identity key
**tls_cert="/path/to/certs/podman/tls.crt"**
Path to PEM file containing TLS client certificate
**tls_key="/path/to/certs/podman/tls.key"**
Path to PEM file containing TLS client certificate private key
**tls_ca="/path/to/certs/podman/ca.crt"**
Path to PEM file containing TLS certificate authority (CA) bundle
**[engine.runtimes_flags]**
Lists of default runtime flags for each valid OCI runtime (crun, runc, kata, runsc, krun, etc).
To list the supported flags, please consult the documentation of the selected container runtime.
**[engine.volume_plugins]**
A table of all the enabled volume plugins on the system. Volume plugins can be

1
SOURCES/default.yaml
View File

@ -25,4 +25,3 @@ default-docker:
# privateregistry.com:
# lookaside: https://privateregistry.com/sigstore/
# lookaside-staging: /mnt/nfs/privateregistry/sigstore

1
SOURCES/pyxis.sh
View File

@ -28,6 +28,7 @@ while [ $IDX -lt ${#lines[@]} ]; do
[ "$REPOSITORY" != \"\" ] &&
[[ $REPOSITORY != *[@:]* ]] &&
[[ $REPOSITORY != *[* ]] &&
! [[ ${REPOSITORY%%/*} == *.* ]] &&
[[ $REGISTRY == *.* ]] &&
[ "$REGISTRY" != "non_registry" ]; then
if [[ $REGISTRY == *quay.io* ]] ||

14
SOURCES/registries.conf
View File

@ -18,14 +18,14 @@
# of these registries, it should be added at the end of the list.
#
# # An array of host[:port] registries to try when pulling an unqualified image, in order.
# unqualified-search-registries = ["example.com"]
unqualified-search-registries = ["registry.access.redhat.com", "registry.redhat.io", "docker.io"]
#
# [[registry]]
# # The "prefix" field is used to choose the relevant [[registry]] TOML table;
# # (only) the TOML table with the longest match for the input image name
# # (taking into account namespace/repo/tag/digest separators) is used.
# #
# #
# # The prefix can also be of the form: *.example.com for wildcard subdomain
# # matching.
# #
@ -46,11 +46,11 @@ unqualified-search-registries = ["registry.access.redhat.com", "registry.redhat.
# #
# # Example: Given
# # prefix = "example.com/foo"
# # location = "internal-registry-for-example.net/bar"
# # location = "internal-registry-for-example.com/bar"
# # requests for the image example.com/foo/myimage:latest will actually work with the
# # internal-registry-for-example.net/bar/myimage:latest image.
# # internal-registry-for-example.com/bar/myimage:latest image.
#
# # The location can be empty iff prefix is in a
# # The location can be empty if prefix is in a
# # wildcarded format: "*.example.com". In this case, the input reference will
# # be used as-is without any rewrite.
# location = internal-registry-for-example.com/bar"
@ -74,6 +74,6 @@ unqualified-search-registries = ["registry.access.redhat.com", "registry.redhat.
# # Given the above, a pull of example.com/foo/image:latest will try:
# # 1. example-mirror-0.local/mirror-for-foo/image:latest
# # 2. example-mirror-1.local/mirrors/foo/image:latest
# # 3. internal-registry-for-example.net/bar/image:latest
# # 3. internal-registry-for-example.com/bar/image:latest
# # in order, and use the first one that exists.
short-name-mode = "enforcing"

43
SOURCES/seccomp.json
View File

@ -958,6 +958,25 @@
"errnoRet": 1,
"errno": "EPERM"
},
{
"names": [
"socket"
],
"action": "SCMP_ACT_ERRNO",
"args": [
{
"index": 0,
"value": 40,
"valueTwo": 0,
"op": "SCMP_CMP_EQ"
}
],
"comment": "",
"includes": {},
"excludes": {},
"errnoRet": 1,
"errno": "EPERM"
},
{
"names": [
"socket"
@ -993,6 +1012,12 @@
],
"action": "SCMP_ACT_ALLOW",
"args": [
{
"index": 0,
"value": 16,
"valueTwo": 0,
"op": "SCMP_CMP_EQ"
},
{
"index": 2,
"value": 9,
@ -1036,27 +1061,13 @@
"action": "SCMP_ACT_ALLOW",
"args": [
{
"index": 2,
"value": 9,
"index": 0,
"value": 40,
"valueTwo": 0,
"op": "SCMP_CMP_NE"
}
],
"comment": "",
"includes": {},
"excludes": {
"caps": [
"CAP_AUDIT_WRITE"
]
}
},
{
"names": [
"socket"
],
"action": "SCMP_ACT_ALLOW",
"args": null,
"comment": "",
"includes": {
"caps": [
"CAP_AUDIT_WRITE"

6
SOURCES/shortnames.conf
View File

@ -148,6 +148,7 @@
"node" = "docker.io/library/node"
# Grafana Labs
"grafana/agent" = "docker.io/grafana/agent"
"grafana" = "docker.io/grafana/grafana"
"grafana/grafana" = "docker.io/grafana/grafana"
"grafana/k6" = "docker.io/grafana/k6"
"grafana/loki" = "docker.io/grafana/loki"
@ -161,3 +162,8 @@
"nginx" = "docker.io/library/nginx"
# QUBIP
"qubip/pq-container" = "quay.io/qubip/pq-container"
# SonarQube
"sonarqube" = "docker.io/library/sonarqube"
# Aqua Security
"aquasec/trivy" = "docker.io/aquasec/trivy"
"trivy" = "docker.io/aquasec/trivy"

43
SOURCES/update-vendored.sh
View File

@ -1,43 +0,0 @@
#!/bin/bash
# This script assures we always deliver the current documentation/configs
# for the c/storage, c/image and c/common vendored in podman, skopeo, buildah
# For questions reach to Jindrich Novy <jnovy@redhat.com>
rm -f /tmp/ver_image /tmp/ver_common /tmp/ver_storage
CENTOS=""
pwd | grep /tmp/centos > /dev/null
if [ $? == 0 ]; then
CENTOS=1
PKG=centpkg
else
PKG=rhpkg
fi
set -e
for P in podman skopeo buildah; do
BRN=`pwd | sed 's,^.*/,,'`
rm -rf $P
$PKG clone $P
cd $P
$PKG switch-branch $BRN
if [ $BRN != stream-container-tools-rhel8 ]; then
$PKG prep
else
$PKG --release rhel-8 prep
fi
rm -rf *SPECPARTS
DIR=`ls -d -- */ | grep "$P"`
if [[ $DIR == *-build/ ]]; then
DIR=`ls -d $DIR/* | grep -v SPECPARTS`
fi
grep github.com/containers/image $DIR/go.mod | cut -d\ -f2 | sed 's,-.*,,'>> /tmp/ver_image
grep github.com/containers/common $DIR/go.mod | cut -d\ -f2 | sed 's,-.*,,' >> /tmp/ver_common
grep github.com/containers/storage $DIR/go.mod | cut -d\ -f2 | sed 's,-.*,,' >> /tmp/ver_storage
cd -
done
IMAGE_VER=`sort -n /tmp/ver_image | head -n1`
COMMON_VER=`sort -n /tmp/ver_common | head -n1`
STORAGE_VER=`sort -n /tmp/ver_storage | head -n1`
sed -i "s,^%global[ \t]*image_branch.*,%global image_branch $IMAGE_VER," containers-common.spec
sed -i "s,^%global[ \t]*common_branch.*,%global common_branch $COMMON_VER," containers-common.spec
sed -i "s,^%global[ \t]*storage_branch.*,%global storage_branch $STORAGE_VER," containers-common.spec
rm -f /tmp/ver_image /tmp/ver_common /tmp/ver_storage
rm -rf podman skopeo buildah

110
SPECS/containers-common.spec
View File

@ -1,18 +1,12 @@
# Bellow definitions are used to deliver config files from a particular branch
# of c/image, c/common, c/storage vendored in all podman, skopeo, buildah.
# These vendored components must have the same version. If it is not the case,
# pick the oldest version on c/image, c/common, c/storage vendored in
# podman/skopeo/podman.
%global skopeo_branch main
%global image_branch v5.36.0
%global common_branch v0.64.0
%global storage_branch v1.59.0
%global shortnames_branch main
%global container_libs_branch podman-5.8
%global container_libs_url https://raw.githubusercontent.com/containers/container-libs/refs/heads/%{container_libs_branch}
%global container_libs_version %(v=%{container_libs_branch}; echo ${v:7})
Epoch: 4
Name: containers-common
Version: 1
Release: 134%{?dist}
Epoch: 5
Version: %{container_libs_version}
Release: 1%{?dist}
Summary: Common configuration and documentation for containers
License: ASL 2.0
ExclusiveArch: %{go_arches}
@ -27,45 +21,41 @@ Requires: crun >= 0.19
%else
Requires: runc
%endif
Requires: system-release
Suggests: subscription-manager
Recommends: fuse-overlayfs
Recommends: slirp4netns
Source1: https://raw.githubusercontent.com/containers/storage/%{storage_branch}/storage.conf
Source2: https://raw.githubusercontent.com/containers/storage/%{storage_branch}/docs/containers-storage.conf.5.md
Source3: mounts.conf
Source4: https://raw.githubusercontent.com/containers/image/%{image_branch}/docs/containers-registries.conf.5.md
#Source5: https://raw.githubusercontent.com/containers/image/%%{image_branch}/registries.conf
Source5: registries.conf
Source6: https://raw.githubusercontent.com/containers/image/%{image_branch}/docs/containers-policy.json.5.md
Source7: https://raw.githubusercontent.com/containers/common/%{common_branch}/pkg/seccomp/seccomp.json
Source8: https://raw.githubusercontent.com/containers/common/%{common_branch}/docs/containers-mounts.conf.5.md
Source9: https://raw.githubusercontent.com/containers/image/%{image_branch}/docs/containers-signature.5.md
Source10: https://raw.githubusercontent.com/containers/image/%{image_branch}/docs/containers-transports.5.md
Source11: https://raw.githubusercontent.com/containers/image/%{image_branch}/docs/containers-certs.d.5.md
Source12: https://raw.githubusercontent.com/containers/image/%{image_branch}/docs/containers-registries.d.5.md
Source13: https://raw.githubusercontent.com/containers/common/%{common_branch}/pkg/config/containers.conf
Source14: https://raw.githubusercontent.com/containers/common/%{common_branch}/docs/containers.conf.5.md
Source15: https://raw.githubusercontent.com/containers/image/%{image_branch}/docs/containers-auth.json.5.md
Source16: https://raw.githubusercontent.com/containers/image/%{image_branch}/docs/containers-registries.conf.d.5.md
Source17: https://raw.githubusercontent.com/containers/shortnames/%{shortnames_branch}/shortnames.conf
Source18: https://raw.githubusercontent.com/containers/common/refs/heads/main/pkg/hooks/docs/oci-hooks.5.md
URL: https://github.com/containers/container-libs/
Source1: %{container_libs_url}/storage/storage.conf
Source2: %{container_libs_url}/storage/docs/containers-storage.conf.5.md
Source3: %{container_libs_url}/common/pkg/subscriptions/mounts.conf
Source4: %{container_libs_url}/image/docs/containers-registries.conf.5.md
Source5: %{container_libs_url}/image/registries.conf
Source6: %{container_libs_url}/image/docs/containers-policy.json.5.md
Source7: %{container_libs_url}/common/pkg/seccomp/seccomp.json
Source8: %{container_libs_url}/common/docs/containers-mounts.conf.5.md
Source9: %{container_libs_url}/image/docs/containers-signature.5.md
Source10: %{container_libs_url}/image/docs/containers-transports.5.md
Source11: %{container_libs_url}/image/docs/containers-certs.d.5.md
Source12: %{container_libs_url}/image/docs/containers-registries.d.5.md
Source13: %{container_libs_url}/common/pkg/config/containers.conf
Source14: %{container_libs_url}/common/docs/containers.conf.5.md
Source15: %{container_libs_url}/image/docs/containers-auth.json.5.md
Source16: %{container_libs_url}/image/docs/containers-registries.conf.d.5.md
Source17: https://raw.githubusercontent.com/containers/shortnames/refs/heads/main/shortnames.conf
Source18: %{container_libs_url}/common/pkg/hooks/docs/oci-hooks.5.md
Source19: 001-rhel-shortnames-pyxis.conf
Source20: 002-rhel-shortnames-overrides.conf
Source21: RPM-GPG-KEY-redhat-release
Source22: registry.access.redhat.com.yaml
Source23: registry.redhat.io.yaml
#Source24: https://raw.githubusercontent.com/containers/skopeo/%%{skopeo_branch}/default-policy.json
Source24: default-policy.json
Source25: https://raw.githubusercontent.com/containers/skopeo/%{skopeo_branch}/default.yaml
# FIXME: fix the branch once these are available via regular c/common branch
Source26: https://raw.githubusercontent.com/containers/common/main/docs/Containerfile.5.md
Source27: https://raw.githubusercontent.com/containers/common/main/docs/containerignore.5.md
Source25: %{container_libs_url}/image//default.yaml
Source26: %{container_libs_url}/common/docs/Containerfile.5.md
Source27: %{container_libs_url}/common/docs/containerignore.5.md
Source28: RPM-GPG-KEY-redhat-beta
# scripts used for synchronization with upstream and shortname generation
Source100: update.sh
Source101: update-vendored.sh
Source102: pyxis.sh
%description
@ -132,6 +122,7 @@ go-md2man -in %{SOURCE16} -out %{buildroot}%{_mandir}/man5/containers-registries
go-md2man -in %{SOURCE18} -out %{buildroot}%{_mandir}/man5/oci-hooks.5
go-md2man -in %{SOURCE26} -out %{buildroot}%{_mandir}/man5/Containerfile.5
go-md2man -in %{SOURCE27} -out %{buildroot}%{_mandir}/man5/containerignore.5
ln -s containerignore.5 %{buildroot}%{_mandir}/man5/.containerignore.5
install -dp %{buildroot}%{_datadir}/containers
install -m0644 %{SOURCE3} %{buildroot}%{_datadir}/containers/mounts.conf
@ -141,22 +132,9 @@ install -m0644 %{SOURCE13} %{buildroot}%{_datadir}/containers/containers.conf
# install secrets patch directory
install -d -p -m 755 %{buildroot}/%{_datadir}/rhel/secrets
# rhbz#1110876 - update symlinks for subscription management
ln -s %{_sysconfdir}/pki/entitlement %{buildroot}%{_datadir}/rhel/secrets/etc-pki-entitlement
ln -s %{_sysconfdir}/rhsm %{buildroot}%{_datadir}/rhel/secrets/rhsm
ln -s %{_sysconfdir}/yum.repos.d/redhat.repo %{buildroot}%{_datadir}/rhel/secrets/redhat.repo
# ship preconfigured /etc/containers/registries.d/ files with containers-common - #1903813
cat <<EOF > %{buildroot}%{_sysconfdir}/containers/registries.d/registry.access.redhat.com.yaml
docker:
registry.access.redhat.com:
sigstore: https://access.redhat.com/webassets/docker/content/sigstore
EOF
cat <<EOF > %{buildroot}%{_sysconfdir}/containers/registries.d/registry.redhat.io.yaml
docker:
registry.redhat.io:
sigstore: https://registry.redhat.io/containers/sigstore
EOF
ln -s ../../../..%{_sysconfdir}/pki/entitlement %{buildroot}%{_datadir}/rhel/secrets/etc-pki-entitlement
ln -s ../../../..%{_sysconfdir}/rhsm %{buildroot}%{_datadir}/rhel/secrets/rhsm
ln -s ../../../..%{_sysconfdir}/yum.repos.d/redhat.repo %{buildroot}%{_datadir}/rhel/secrets/redhat.repo
# Placeholder check to silence rpmlint
%check
@ -164,10 +142,10 @@ EOF
%files
%dir %{_sysconfdir}/containers
%dir %{_sysconfdir}/containers/certs.d
%dir %{_sysconfdir}/containers/registries.d
%dir %{_sysconfdir}/containers/oci
%dir %{_sysconfdir}/containers/oci/hooks.d
%dir %{_sysconfdir}/containers/registries.conf.d
%dir %{_sysconfdir}/containers/registries.d
%dir %{_sysconfdir}/containers/systemd
%dir %{_datadir}/containers/systemd
%if !0%{?rhel} || 0%{?centos}
@ -183,17 +161,35 @@ EOF
%config(noreplace) %{_sysconfdir}/containers/registries.d/registry.access.redhat.com.yaml
%ghost %{_sysconfdir}/containers/containers.conf
%dir %{_sharedstatedir}/containers/sigstore
%{_mandir}/man5/*
%{_mandir}/man5/.*.5.gz
%{_mandir}/man5/*.5.gz
%dir %{_datadir}/containers
%{_datadir}/containers/mounts.conf
%{_datadir}/containers/seccomp.json
%{_datadir}/containers/containers.conf
%dir %{_datadir}/rhel
%dir %{_datadir}/rhel/secrets
%{_datadir}/rhel/secrets/*
%files extra
%changelog
* Mon Feb 16 2026 Jindrich Novy <jnovy@redhat.com> - 5:5.8-1
- convert to container_libs
- Related: RHEL-111919
* Thu Feb 05 2026 Jindrich Novy <jnovy@redhat.com> - 4:1-137
- do not allow the shortname to contain registry
- Related: RHEL-111919
* Thu Feb 05 2026 Jindrich Novy <jnovy@redhat.com> - 4:1-136
- update shortnames and vendored components for RHEL-9.8
- Resolves: RHEL-146878
* Thu Sep 25 2025 Jindrich Novy <jnovy@redhat.com> - 4:1-135
- Update rhel-shortnames-overrides to include complete list of UBI/RHEL images
- Related: RHEL-111919
* Mon Aug 18 2025 Jindrich Novy <jnovy@redhat.com> - 4:1-134
- update vendored components for RHEL9.7
- Related: RHEL-80816