rpms/containers-common
6
0
Fork 0
Code Issues Pull Requests Releases Activity

Use c/common upstream version for rpm with Epoch bump

Browse Source 
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2254254

Keeping the Version set to `1` with autorelease can cause installation
issues.

With this commit, the c/common upstream version will be used for rpm
version so that there will be regular rpm version changes. Packages
dependent on containers-common can then use `>= epoch:version` for
dependency resolution.

Another change with this commit is that `update.sh.rawhide` has been
removed and all the rawhide specific logic has been added to `update.sh`
itself.

Signed-off-by: Lokesh Mandvekar <lsm5@redhat.com>
This commit is contained in:
Lokesh Mandvekar 2024-01-05 16:12:55 +05:30
parent 28c879f872
commit 1c296038d7
No known key found for this signature in database
GPG Key ID: 1C1EDD7CC7C3A0DD
9 changed files with 35 additions and 90 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
containers-common.spec
View File

@ -4,15 +4,15 @@
# pick the oldest version on c/image, c/common, c/storage vendored in # pick the oldest version on c/image, c/common, c/storage vendored in
# Buildah/Podman/Skopeo. # Buildah/Podman/Skopeo.
%global image_branch main %global image_branch main
%global common_branch main %global common_branch v%{version}
%global storage_branch main %global storage_branch main
%global shortnames_branch main %global shortnames_branch main
%global github_containers https://raw.githubusercontent.com/containers %global github_containers https://raw.githubusercontent.com/containers
Epoch: 4 Epoch: 5
Name: containers-common Name: containers-common
Version: 1 Version: 0.57.1
Release: %autorelease Release: %autorelease
License: Apache-2.0 License: Apache-2.0
BuildArch: noarch BuildArch: noarch

3
containers-storage.conf.5.md
View File

@ -278,6 +278,9 @@ based file systems.
**size**="" **size**=""
Maximum size of a read/write layer. This flag can be used to set quota on the size of a read/write layer of a container. (format: <number>[<unit>], where unit = b (bytes), k (kilobytes), m (megabytes), or g (gigabytes)) Maximum size of a read/write layer. This flag can be used to set quota on the size of a read/write layer of a container. (format: <number>[<unit>], where unit = b (bytes), k (kilobytes), m (megabytes), or g (gigabytes))
**use_composefs** = "false"
Use ComposeFS to mount the data layers image. ComposeFS support is experimental and not recommended for production use. (default: false)
### STORAGE OPTIONS FOR VFS TABLE ### STORAGE OPTIONS FOR VFS TABLE
The `storage.options.vfs` table supports the following options: The `storage.options.vfs` table supports the following options:

8
containers.conf
View File

@ -340,14 +340,6 @@ log_driver = "journald"
# "/usr/lib/netavark", # "/usr/lib/netavark",
#] #]
# The firewall driver to be used by netavark.
# The default is empty which means netavark will pick one accordingly. Current supported
# drivers are "iptables", "none" (no firewall rules will be created) and "firewalld" (firewalld is
# experimental at the moment and not recommend outside of testing). In the future we are
# planning to add support for a "nftables" driver.
#firewall_driver = ""
# The network name of the default network to attach pods to. # The network name of the default network to attach pods to.
# #
#default_network = "podman" #default_network = "podman"

8
containers.conf.5.md
View File

@ -449,14 +449,6 @@ and __$HOME/.config/cni/net.d__ as rootless.
For the netavark backend "/etc/containers/networks" is used as root For the netavark backend "/etc/containers/networks" is used as root
and "$graphroot/networks" as rootless. and "$graphroot/networks" as rootless.
**firewall_driver**=""
The firewall driver to be used by netavark.
The default is empty which means netavark will pick one accordingly. Current supported
drivers are "iptables", "none" (no firewall rules will be created) and "firewalld" (firewalld is
experimental at the moment and not recommend outside of testing). In the future we are
planning to add support for a "nftables" driver.
**dns_bind_port**=53 **dns_bind_port**=53
Port to use for dns forwarding daemon with netavark in rootful bridge Port to use for dns forwarding daemon with netavark in rootful bridge

32
default-policy.json
View File

@ -4,29 +4,11 @@
"type": "insecureAcceptAnything" "type": "insecureAcceptAnything"
} }
], ],
"transports": { "transports":
"docker": { {
"registry.access.redhat.com": [ "docker-daemon":
{ {
"type": "signedBy", "": [{"type":"insecureAcceptAnything"}]
"keyType": "GPGKeys", }
"keyPath": "/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release" }
}
],
"registry.redhat.io": [
{
"type": "signedBy",
"keyType": "GPGKeys",
"keyPath": "/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release"
}
]
},
"docker-daemon": {
"": [
{
"type": "insecureAcceptAnything"
}
]
}
}
} }

2
registries.conf
View File

@ -75,5 +75,3 @@ unqualified-search-registries = ["registry.fedoraproject.org", "registry.access.
# # 2. example-mirror-1.local/mirrors/foo/image:latest # # 2. example-mirror-1.local/mirrors/foo/image:latest
# # 3. internal-registry-for-example.com/bar/image:latest # # 3. internal-registry-for-example.com/bar/image:latest
# # in order, and use the first one that exists. # # in order, and use the first one that exists.
short-name-mode="enforcing"

10
storage.conf
View File

@ -47,9 +47,8 @@ graphroot = "/var/lib/containers/storage"
# AdditionalImageStores is used to pass paths to additional Read/Only image stores # AdditionalImageStores is used to pass paths to additional Read/Only image stores
# Must be comma separated list. # Must be comma separated list.
#additionalimagestores = [ additionalimagestores = [
#"/usr/lib/containers/storage", ]
#]
# Allows specification of how storage is populated when pulling images. This # Allows specification of how storage is populated when pulling images. This
# option can speed the pulling process of images compressed with format # option can speed the pulling process of images compressed with format
@ -71,7 +70,7 @@ graphroot = "/var/lib/containers/storage"
# Tells containers/storage where an ostree repository exists that might have # Tells containers/storage where an ostree repository exists that might have
# previously pulled content which can be used when attempting to avoid # previously pulled content which can be used when attempting to avoid
# pulling content from the container registry # pulling content from the container registry
pull_options = {enable_partial_images = "false", use_hard_links = "false", ostree_repos=""} pull_options = {enable_partial_images = "true", use_hard_links = "false", ostree_repos=""}
# Remap-UIDs/GIDs is the mapping from UIDs/GIDs as they should appear inside of # Remap-UIDs/GIDs is the mapping from UIDs/GIDs as they should appear inside of
# a container, to the UIDs/GIDs as they should appear outside of the container, # a container, to the UIDs/GIDs as they should appear outside of the container,
@ -131,6 +130,9 @@ mountopt = "nodev,metacopy=on"
# Set to skip a PRIVATE bind mount on the storage home directory. # Set to skip a PRIVATE bind mount on the storage home directory.
# skip_mount_home = "false" # skip_mount_home = "false"
# Set to use composefs to mount data layers with overlay.
# use_composefs = "false"
# Size is used to set a maximum size of the container image. # Size is used to set a maximum size of the container image.
# size = "" # size = ""

27
update.sh
View File

@ -1,19 +1,28 @@
#!/usr/bin/bash #!/usr/bin/env bash
set -eox pipefail
spectool -fg containers-common.spec spectool -fg containers-common.spec
echo "Changing storage.conf..." if [[ $(git rev-parse --abbrev-ref HEAD) == "rawhide" ]]; then
sed -i -e 's/^driver.*=.*/driver = "overlay"/' -e 's/^mountopt.*=.*/mountopt = "nodev,metacopy=on"/' \ sed -i -e 's/^driver.*=.*/driver = "overlay"/' -e 's/^mountopt.*=.*/mountopt = "nodev,metacopy=on"/' \
-e '/additionalimage.*/a "/usr/lib/containers/storage",' \ -e 's/^pull_options.*=.*/pull_options = {enable_partial_images = \"true\", use_hard_links = \"false\", ostree_repos=""}/' \
storage.conf storage.conf
sed -i -e 's/^#.*log_driver.*=.*/log_driver = "journald"/' \
containers.conf
else
sed -i -e 's/^driver.*=.*/driver = "overlay"/' -e 's/^mountopt.*=.*/mountopt = "nodev,metacopy=on"/' \
-e '/additionalimage.*/a "/usr/lib/containers/storage",' \
storage.conf
sed -i -e 's/^#.*log_driver.*=.*/log_driver = "journald"/' \
containers.conf
fi
echo "Changing seccomp.json..."
[ `grep "keyctl" seccomp.json | wc -l` == 0 ] && sed -i '/\"kill\",/i \ [ `grep "keyctl" seccomp.json | wc -l` == 0 ] && sed -i '/\"kill\",/i \
"keyctl",' seccomp.json "keyctl",' seccomp.json
sed -i '/\"socketcall\",/i \ sed -i '/\"socketcall\",/i \
"socket",' seccomp.json "socket",' seccomp.json
echo "Changing registries.conf..."
sed -i 's/^#.*unqualified-search-registries.*=.*/unqualified-search-registries = ["registry.fedoraproject.org", "registry.access.redhat.com", "docker.io", "quay.io"]/g' \ sed -i 's/^#.*unqualified-search-registries.*=.*/unqualified-search-registries = ["registry.fedoraproject.org", "registry.access.redhat.com", "docker.io", "quay.io"]/g' \
registries.conf registries.conf
@ -22,8 +31,4 @@ if [[ $? == 1 ]]; then
echo -e '\nshort-name-mode="enforcing"' >> registries.conf echo -e '\nshort-name-mode="enforcing"' >> registries.conf
fi fi
echo "Changing containers.conf..."
sed -i -e 's/^#.*log_driver.*=.*/log_driver = "journald"/' \
containers.conf
git checkout origin default-policy.json git checkout origin default-policy.json

29
update.sh.rawhide
View File

@ -1,29 +0,0 @@
#!/usr/bin/bash
spectool -fg containers-common.spec
echo "Changing storage.conf..."
sed -i -e 's/^driver.*=.*/driver = "overlay"/' -e 's/^mountopt.*=.*/mountopt = "nodev,metacopy=on"/' -e 's/^pull_options.*=.*/pull_options = {enable_partial_images = \"true\", use_hard_links = \"false\", ostree_repos=""}/' \
storage.conf
echo "Changing seccomp.json..."
[ `grep "keyctl" seccomp.json | wc -l` == 0 ] && sed -i '/\"kill\",/i \
"keyctl",' seccomp.json
sed -i '/\"socketcall\",/i \
"socket",' seccomp.json
echo "Changing registries.conf..."
sed -i 's/^#.*unqualified-search-registries.*=.*/unqualified-search-registries = ["registry.fedoraproject.org", "registry.access.redhat.com", "docker.io", "quay.io"]/g' \
registries.conf
grep '\nshort-name-mode="enforcing"' registries.conf
if [[ $? == 1 ]]; then
echo -e '\nshort-name-mode="enforcing"' >> registries.conf
fi
echo "Changing containers.conf..."
sed -i -e 's/^#.*log_driver.*=.*/log_driver = "journald"/' \
-e 's/^#.*compression_format.*=.*/compression_format = "zstd:chunked"/' \
containers.conf
git checkout origin default-policy.json