diff --git a/containers-common.spec b/containers-common.spec index 98c2487..377c61a 100644 --- a/containers-common.spec +++ b/containers-common.spec @@ -4,15 +4,15 @@ # pick the oldest version on c/image, c/common, c/storage vendored in # Buildah/Podman/Skopeo. %global image_branch main -%global common_branch main +%global common_branch v%{version} %global storage_branch main %global shortnames_branch main %global github_containers https://raw.githubusercontent.com/containers -Epoch: 4 +Epoch: 5 Name: containers-common -Version: 1 +Version: 0.57.1 Release: %autorelease License: Apache-2.0 BuildArch: noarch diff --git a/containers-storage.conf.5.md b/containers-storage.conf.5.md index 80306d9..e5f1019 100644 --- a/containers-storage.conf.5.md +++ b/containers-storage.conf.5.md @@ -278,6 +278,9 @@ based file systems. **size**="" Maximum size of a read/write layer. This flag can be used to set quota on the size of a read/write layer of a container. (format: [], where unit = b (bytes), k (kilobytes), m (megabytes), or g (gigabytes)) +**use_composefs** = "false" + Use ComposeFS to mount the data layers image. ComposeFS support is experimental and not recommended for production use. (default: false) + ### STORAGE OPTIONS FOR VFS TABLE The `storage.options.vfs` table supports the following options: diff --git a/containers.conf b/containers.conf index 377221d..a9b4ca3 100644 --- a/containers.conf +++ b/containers.conf @@ -340,14 +340,6 @@ log_driver = "journald" # "/usr/lib/netavark", #] -# The firewall driver to be used by netavark. -# The default is empty which means netavark will pick one accordingly. Current supported -# drivers are "iptables", "none" (no firewall rules will be created) and "firewalld" (firewalld is -# experimental at the moment and not recommend outside of testing). In the future we are -# planning to add support for a "nftables" driver. -#firewall_driver = "" - - # The network name of the default network to attach pods to. # #default_network = "podman" diff --git a/containers.conf.5.md b/containers.conf.5.md index df61681..a96ebb5 100644 --- a/containers.conf.5.md +++ b/containers.conf.5.md @@ -449,14 +449,6 @@ and __$HOME/.config/cni/net.d__ as rootless. For the netavark backend "/etc/containers/networks" is used as root and "$graphroot/networks" as rootless. -**firewall_driver**="" - -The firewall driver to be used by netavark. -The default is empty which means netavark will pick one accordingly. Current supported -drivers are "iptables", "none" (no firewall rules will be created) and "firewalld" (firewalld is -experimental at the moment and not recommend outside of testing). In the future we are -planning to add support for a "nftables" driver. - **dns_bind_port**=53 Port to use for dns forwarding daemon with netavark in rootful bridge diff --git a/default-policy.json b/default-policy.json index 7ed16d6..dffc54a 100644 --- a/default-policy.json +++ b/default-policy.json @@ -4,29 +4,11 @@ "type": "insecureAcceptAnything" } ], - "transports": { - "docker": { - "registry.access.redhat.com": [ - { - "type": "signedBy", - "keyType": "GPGKeys", - "keyPath": "/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release" - } - ], - "registry.redhat.io": [ - { - "type": "signedBy", - "keyType": "GPGKeys", - "keyPath": "/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release" - } - ] - }, - "docker-daemon": { - "": [ - { - "type": "insecureAcceptAnything" - } - ] - } - } + "transports": + { + "docker-daemon": + { + "": [{"type":"insecureAcceptAnything"}] + } + } } diff --git a/registries.conf b/registries.conf index 9bee379..db62524 100644 --- a/registries.conf +++ b/registries.conf @@ -75,5 +75,3 @@ unqualified-search-registries = ["registry.fedoraproject.org", "registry.access. # # 2. example-mirror-1.local/mirrors/foo/image:latest # # 3. internal-registry-for-example.com/bar/image:latest # # in order, and use the first one that exists. - -short-name-mode="enforcing" diff --git a/storage.conf b/storage.conf index 2289947..f15e18b 100644 --- a/storage.conf +++ b/storage.conf @@ -47,9 +47,8 @@ graphroot = "/var/lib/containers/storage" # AdditionalImageStores is used to pass paths to additional Read/Only image stores # Must be comma separated list. -#additionalimagestores = [ -#"/usr/lib/containers/storage", -#] +additionalimagestores = [ +] # Allows specification of how storage is populated when pulling images. This # option can speed the pulling process of images compressed with format @@ -71,7 +70,7 @@ graphroot = "/var/lib/containers/storage" # Tells containers/storage where an ostree repository exists that might have # previously pulled content which can be used when attempting to avoid # pulling content from the container registry -pull_options = {enable_partial_images = "false", use_hard_links = "false", ostree_repos=""} +pull_options = {enable_partial_images = "true", use_hard_links = "false", ostree_repos=""} # Remap-UIDs/GIDs is the mapping from UIDs/GIDs as they should appear inside of # a container, to the UIDs/GIDs as they should appear outside of the container, @@ -131,6 +130,9 @@ mountopt = "nodev,metacopy=on" # Set to skip a PRIVATE bind mount on the storage home directory. # skip_mount_home = "false" +# Set to use composefs to mount data layers with overlay. +# use_composefs = "false" + # Size is used to set a maximum size of the container image. # size = "" diff --git a/update.sh b/update.sh index 521f6be..7ceafbc 100755 --- a/update.sh +++ b/update.sh @@ -1,19 +1,28 @@ -#!/usr/bin/bash +#!/usr/bin/env bash + +set -eox pipefail spectool -fg containers-common.spec -echo "Changing storage.conf..." -sed -i -e 's/^driver.*=.*/driver = "overlay"/' -e 's/^mountopt.*=.*/mountopt = "nodev,metacopy=on"/' \ - -e '/additionalimage.*/a "/usr/lib/containers/storage",' \ - storage.conf +if [[ $(git rev-parse --abbrev-ref HEAD) == "rawhide" ]]; then + sed -i -e 's/^driver.*=.*/driver = "overlay"/' -e 's/^mountopt.*=.*/mountopt = "nodev,metacopy=on"/' \ + -e 's/^pull_options.*=.*/pull_options = {enable_partial_images = \"true\", use_hard_links = \"false\", ostree_repos=""}/' \ + storage.conf + sed -i -e 's/^#.*log_driver.*=.*/log_driver = "journald"/' \ + containers.conf +else + sed -i -e 's/^driver.*=.*/driver = "overlay"/' -e 's/^mountopt.*=.*/mountopt = "nodev,metacopy=on"/' \ + -e '/additionalimage.*/a "/usr/lib/containers/storage",' \ + storage.conf + sed -i -e 's/^#.*log_driver.*=.*/log_driver = "journald"/' \ + containers.conf +fi -echo "Changing seccomp.json..." [ `grep "keyctl" seccomp.json | wc -l` == 0 ] && sed -i '/\"kill\",/i \ "keyctl",' seccomp.json sed -i '/\"socketcall\",/i \ "socket",' seccomp.json -echo "Changing registries.conf..." sed -i 's/^#.*unqualified-search-registries.*=.*/unqualified-search-registries = ["registry.fedoraproject.org", "registry.access.redhat.com", "docker.io", "quay.io"]/g' \ registries.conf @@ -22,8 +31,4 @@ if [[ $? == 1 ]]; then echo -e '\nshort-name-mode="enforcing"' >> registries.conf fi -echo "Changing containers.conf..." -sed -i -e 's/^#.*log_driver.*=.*/log_driver = "journald"/' \ - containers.conf - git checkout origin default-policy.json diff --git a/update.sh.rawhide b/update.sh.rawhide deleted file mode 100755 index 6be4a60..0000000 --- a/update.sh.rawhide +++ /dev/null @@ -1,29 +0,0 @@ -#!/usr/bin/bash - -spectool -fg containers-common.spec - -echo "Changing storage.conf..." -sed -i -e 's/^driver.*=.*/driver = "overlay"/' -e 's/^mountopt.*=.*/mountopt = "nodev,metacopy=on"/' -e 's/^pull_options.*=.*/pull_options = {enable_partial_images = \"true\", use_hard_links = \"false\", ostree_repos=""}/' \ - storage.conf - -echo "Changing seccomp.json..." -[ `grep "keyctl" seccomp.json | wc -l` == 0 ] && sed -i '/\"kill\",/i \ - "keyctl",' seccomp.json -sed -i '/\"socketcall\",/i \ - "socket",' seccomp.json - -echo "Changing registries.conf..." -sed -i 's/^#.*unqualified-search-registries.*=.*/unqualified-search-registries = ["registry.fedoraproject.org", "registry.access.redhat.com", "docker.io", "quay.io"]/g' \ - registries.conf - -grep '\nshort-name-mode="enforcing"' registries.conf -if [[ $? == 1 ]]; then - echo -e '\nshort-name-mode="enforcing"' >> registries.conf -fi - -echo "Changing containers.conf..." -sed -i -e 's/^#.*log_driver.*=.*/log_driver = "journald"/' \ - -e 's/^#.*compression_format.*=.*/compression_format = "zstd:chunked"/' \ - containers.conf - -git checkout origin default-policy.json