import containers-common-1-4.module+el8.6.0+12734+7d3a79c8

SOURCES/002-rhel-shortnames-overrides.conf

@@ -1,10 +1,10 @@
 [aliases]
 "skopeo"  = "registry.access.redhat.com/ubi8/skopeo"
 "ubi8/skopeo" = "registry.access.redhat.com/ubi8/skopeo"
-"rhel8/skopeo" = "registry.redhat.io/rhel8/skopeo"
+"rhel9/skopeo" = "registry.redhat.io/rhel9/skopeo"
 "buildah" = "registry.access.redhat.com/ubi8/buildah"
 "ubi8/buildah" = "registry.access.redhat.com/ubi8/buildah"
-"rhel8/buildah" = "registry.redhat.io/rhel8/buildah"
+"rhel9/buildah" = "registry.redhat.io/rhel9/buildah"
 "podman" = "registry.access.redhat.com/ubi8/podman"
 "ubi8/podman" = "registry.access.redhat.com/ubi8/podman"
-"rhel8/podman" = "registry.redhat.io/rhel8/podman"
+"rhel9/podman" = "registry.redhat.io/rhel9/podman"

SOURCES/containers.conf

@@ -62,7 +62,7 @@ default_capabilities = [
 
 # A list of sysctls to be set in containers by default,
 # specified as "name=value",
-# for example:"net.ipv4.ping_group_range = 0 0".
+# for example:"net.ipv4.ping_group_range=0 0".
 #
 default_sysctls = [
   "net.ipv4.ping_group_range=0 0",
@@ -263,7 +263,13 @@ default_sysctls = [
 
 # Path to directory where CNI plugin binaries are located.
 #
-#cni_plugin_dirs = ["/usr/libexec/cni"]
+#cni_plugin_dirs = [
+#  "/usr/local/libexec/cni",
+#  "/usr/libexec/cni",
+#  "/usr/local/lib/cni",
+#  "/usr/lib/cni",
+#  "/opt/cni/bin",
+#]
 
 # The network name of the default CNI network to attach pods to.
 #
@@ -337,6 +343,15 @@ default_sysctls = [
 #events_logger = "journald"
 events_logger = "file"
 
+# A is a list of directories which are used to search for helper binaries.
+#
+#helper_binaries_dir = [
+#  "/usr/local/libexec/podman",
+#  "/usr/local/lib/podman",
+#  "/usr/libexec/podman",
+#  "/usr/lib/podman",
+#]
+
 # Path to OCI hooks directories for automatically executed hooks.
 #
 #hooks_dir = [
@@ -384,6 +399,10 @@ infra_image = "registry.access.redhat.com/ubi8/pause"
 #
 #machine_enabled = false
 
+# The image used when creating a podman-machine VM.
+#
+#machine_image = "testing"
+
 # MultiImageArchive - if true, the container engine allows for storing archives
 # (e.g., of the docker-archive transport) with multiple images.  By default,
 # Podman creates single-image archives.
@@ -406,7 +425,7 @@ infra_image = "registry.access.redhat.com/ubi8/pause"
 # Default options to pass to the slirp4netns binary.
 # For example "allow_host_loopback=true"
 #
-#network_cmd_options = []
+#network_cmd_options = ["enable_ipv6=true",]
 
 # Whether to use chroot instead of pivot_root in the runtime
 #
@@ -436,15 +455,25 @@ runtime = "runc"
 # List of the OCI runtimes that support --format=json.  When json is supported
 # engine will use it for reporting nicer errors.
 #
-#runtime_supports_json = ["crun", "runc", "kata", "runsc"]
+#runtime_supports_json = ["crun", "runc", "kata", "runsc", "krun"]
 
 # List of the OCI runtimes that supports running containers with KVM Separation.
 #
-#runtime_supports_kvm = ["kata"]
+#runtime_supports_kvm = ["kata", "krun"]
 
 # List of the OCI runtimes that supports running containers without cgroups.
 #
-#runtime_supports_nocgroups = ["crun"]
+#runtime_supports_nocgroups = ["crun", "krun"]
+
+# Default location for storing temporary container image content.  Can be overridden with the TMPDIR environment
+# variable.  If you specify "storage", then the location of the
+# container/storage tmp directory will be used.
+# image_copy_tmp_dir="/var/tmp"
+
+# Number of seconds to wait without a connection
+# before the `podman system service` times out and exits
+#
+#service_timeout = 5
 
 # Directory for persistent engine files (database, etc)
 # By default, this will be configured relative to where the containers/storage
@@ -483,7 +512,7 @@ runtime = "runc"
 #
 #volume_path = "/var/lib/containers/storage/volumes"
 
-# Paths to look for a valid OCI runtime (crun, runc, kata, runsc, etc)
+# Paths to look for a valid OCI runtime (crun, runc, kata, runsc, krun, etc)
 [engine.runtimes]
 #crun = [
 #  "/usr/bin/crun",
@@ -526,6 +555,11 @@ runtime = "runc"
 #  "/run/current-system/sw/bin/runsc",
 #]
 
+#krun = [
+#  "/usr/bin/krun",
+#  "/usr/local/bin/krun",
+#]
+
 [engine.volume_plugins]
 #testplugin = "/run/podman/plugins/test.sock"
 

SOURCES/containers.conf.5.md

@@ -1,4 +1,4 @@
-% containers.conf(5) Container engine configuration file
+% containers.conf 5 Container engine configuration file
 
 # NAME
 containers.conf - The container engine configuration file specifies default
@@ -279,10 +279,21 @@ Options are:
 The `network` table contains settings pertaining to the management of CNI
 plugins.
 
-**cni_plugin_dirs**=["/opt/cni/bin/",]
+**cni_plugin_dirs**=[]
 
 List of paths to directories where CNI plugin binaries are located.
 
+The default list is:
+```
+cni_plugin_dirs = [
+  "/usr/local/libexec/cni",
+  "/usr/libexec/cni",
+  "/usr/local/lib/cni",
+  "/usr/lib/cni",
+  "/opt/cni/bin",
+]
+```
+
 **default_network**="podman"
 
 The network name of the default CNI network to attach pods to.
@@ -367,6 +378,29 @@ if you want to set environment variables for the container.
 Default method to use when logging events.
 Valid values: `file`, `journald`, and `none`.
 
+**helper_binaries_dir**=["/usr/libexec/podman", ...]
+
+A is a list of directories which are used to search for helper binaries.
+
+The default paths on Linux are:
+- `/usr/local/libexec/podman`
+- `/usr/local/lib/podman`
+- `/usr/libexec/podman`
+- `/usr/lib/podman`
+
+The default paths on macOS are:
+- `/usr/local/opt/podman/libexec`
+-	`/opt/homebrew/bin`
+-	`/opt/homebrew/opt/podman/libexec`
+- `/usr/local/bin`
+-	`/usr/local/libexec/podman`
+-	`/usr/local/lib/podman`
+-	`/usr/libexec/podman`
+-	`/usr/lib/podman`
+
+The default path on Windows is:
+- `C:\Program Files\RedHat\Podman`
+
 **hooks_dir**=["/etc/containers/oci/hooks.d", ...]
 
 Path to the OCI hooks directories for automatically executed hooks.
@@ -412,6 +446,11 @@ Indicates if Podman is running inside a VM via Podman Machine.
 Podman uses this value to do extra setup around networking from the
 container inside the VM to to host.
 
+**machine_image**="testing"
+
+Default image used when creating a new VM using `podman machine init`.
+Options: `testing`, `stable`, or a custom path or download URL to an image
+
 **multi_image_archive**=false
 
 Allows for creating archives (e.g., tarballs) with more than one image.  Some container engines, such as Podman, interpret additional arguments as tags for one image and hence do not store more than one image.  The default behavior can be altered with this option.
@@ -428,11 +467,23 @@ and pods are visible.
 
 Path to the slirp4netns binary.
 
-**network_cmd_options**=[]
+**network_cmd_options**=["enable_ipv6=true",]
 
 Default options to pass to the slirp4netns binary.
 
-Example "allow_host_loopback=true"
+Valid options values are:
+
+  - **allow_host_loopback=true|false**: Allow the slirp4netns to reach the host loopback IP (`10.0.2.2`, which is added to `/etc/hosts` as `host.containers.internal` for your convenience). Default is false.
+  - **mtu=MTU**: Specify the MTU to use for this network. (Default is `65520`).
+  - **cidr=CIDR**: Specify ip range to use for this network. (Default is `10.0.2.0/24`).
+  - **enable_ipv6=true|false**: Enable IPv6. Default is false. (Required for `outbound_addr6`).
+  - **outbound_addr=INTERFACE**: Specify the outbound interface slirp should bind to (ipv4 traffic only).
+  - **outbound_addr=IPv4**: Specify the outbound ipv4 address slirp should bind to.
+  - **outbound_addr6=INTERFACE**: Specify the outbound interface slirp should bind to (ipv6 traffic only).
+  - **outbound_addr6=IPv6**: Specify the outbound ipv6 address slirp should bind to.
+  - **port_handler=rootlesskit**: Use rootlesskit for port forwarding. Default.
+  Note: Rootlesskit changes the source IP address of incoming packets to a IP address in the container network namespace, usually `10.0.2.100`. If your application requires the real source IP address, e.g. web server logs, use the slirp4netns port handler. The rootlesskit port handler is also used for rootless containers when connected to user-defined networks.
+  - **port_handler=slirp4netns**: Use the slirp4netns port forwarding, it is slower than rootlesskit but preserves the correct source IP address. This port handler cannot be used for user-defined networks.
 
 **no_pivot_root**=false
 
@@ -463,18 +514,31 @@ Default OCI specific runtime in runtimes that will be used by default. Must
 refer to a member of the runtimes table. Default runtime will be searched for
 on the system using the priority: "crun", "runc", "kata".
 
-**runtime_supports_json**=["crun", "runc", "kata", "runsc"]
+**runtime_supports_json**=["crun", "runc", "kata", "runsc", "krun"]
 
 The list of the OCI runtimes that support `--format=json`.
 
-**runtime_supports_kvm**=["kata"]
+**runtime_supports_kvm**=["kata", "krun"]
 
 The list of OCI runtimes that support running containers with KVM separation.
 
-**runtime_supports_nocgroups**=["crun"]
+**runtime_supports_nocgroups**=["crun", "krun"]
 
 The list of OCI runtimes that support running containers without CGroups.
 
+**image_copy_tmp_dir**="/var/tmp"
+
+Default location for storing temporary container image content.  Can be
+overridden with the TMPDIR environment variable.  If you specify "storage", then
+the location of the container/storage tmp directory will be used. If set then it
+is the users responsibility to cleanup storage. Configure tmpfiles.d(5) to
+cleanup storage.
+
+**service_timeout**=**5**
+
+Number of seconds to wait without a connection  before the
+`podman system service` times out and exits
+
 **static_dir**="/var/lib/containers/storage/libpod"
 
 Directory for persistent libpod files (database, etc).
@@ -570,6 +634,6 @@ is used for the storage.conf file rather than the default.
 This is primarily used for testing.
 
 # SEE ALSO
-containers-storage.conf(5), containers-policy.json(5), containers-registries.conf(5)
+containers-storage.conf(5), containers-policy.json(5), containers-registries.conf(5), tmpfiles.d(5)
 
 [toml]: https://github.com/toml-lang/toml

SOURCES/seccomp.json

@@ -242,6 +242,7 @@
 				"madvise",
 				"mbind",
 				"memfd_create",
+				"memfd_secret",
 				"mincore",
 				"mkdir",
 				"mkdirat",

SOURCES/shortnames.conf

@@ -61,5 +61,7 @@
   "busybox" = "docker.io/library/busybox"
   # php
   "php" = "docker.io/library/php"
-  #python
+  # python
   "python" = "docker.io/library/python"
+  # node
+  "node" = "docker.io/library/node"

SOURCES/update-vendored.sh

@@ -3,20 +3,18 @@
 # for the c/storage, c/image and c/common vendored in podman, skopeo, buildah
 # For questions reach to Jindrich Novy <jnovy@redhat.com>
 rm -f /tmp/ver_image /tmp/ver_common /tmp/ver_storage
-B=`pkg switch-branch | grep ^* | cut -d\  -f2`
 CENTOS=""
 pwd | grep /tmp/centos > /dev/null
 if [ $? == 0 ]; then
   CENTOS=1
 fi
-set -xe
+set -e
-echo $B
 for P in podman skopeo buildah; do
   BRN=`pwd | sed 's,^.*/,,'`
   rm -rf $P
   pkg clone $P
   cd $P
-  [ -z "$CENTOS" ] && pkg switch-branch $B
+  [ -z "$CENTOS" ] && pkg switch-branch $BRN
   if [ $BRN != stream-container-tools-rhel8 ]; then
     pkg prep
   else

SPECS/containers-common.spec

@@ -3,17 +3,17 @@
 # These vendored components must have the same version. If it is not the case,
 # pick the oldest version on c/image, c/common, c/storage vendored in
 # podman/skopeo/podman.
-%global skopeo_branch release-1.4
+%global skopeo_branch main
-%global podman_branch v3.3
+%global podman_branch main
-%global image_branch v5.15.0
+%global image_branch v5.16.0
-%global common_branch v0.42.0
+%global common_branch v0.45.0
-%global storage_branch v1.33.1
+%global storage_branch v1.36.0
 %global shortnames_branch main
 
 Epoch: 2
 Name: containers-common
 Version: 1
-Release: 2%{?dist}
+Release: 4%{?dist}
 Summary: Common configuration and documentation for containers
 License: ASL 2.0
 BuildArch: noarch
@@ -161,6 +161,14 @@ EOF
 %{_datadir}/rhel/secrets/*
 
 %changelog
+* Fri Sep 24 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-4
+- update to the new vendored components
+- Related: #2001445
+
+* Fri Sep 10 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-3
+- update to the new vendored components
+- Related: #2001445
+
 * Wed Aug 11 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-2
 - synchronize config files for RHEL-8.5
 - Related: #1934415