import containers-common-1-8.module+el8.5.0+13954+1b78b731

2022-02-01 15:12:39 -05:00 · 2022-02-01 15:12:39 -05:00 · 37ca84e7be
commit 37ca84e7be
parent 4fb0442cc1
10 changed files with 1548 additions and 225 deletions
--- a/SOURCES/001-rhel-shortnames-pyxis.conf
+++ b/SOURCES/001-rhel-shortnames-pyxis.conf
--- a/SOURCES/002-rhel-shortnames-overrides.conf
+++ b/SOURCES/002-rhel-shortnames-overrides.conf
@ -1,10 +1,10 @@
 [aliases]
 "skopeo"  = "registry.access.redhat.com/ubi8/skopeo"
 "ubi8/skopeo" = "registry.access.redhat.com/ubi8/skopeo"
-"rhel8/skopeo" = "registry.redhat.io/rhel8/skopeo"
+"rhel9/skopeo" = "registry.redhat.io/rhel9/skopeo"
 "buildah" = "registry.access.redhat.com/ubi8/buildah"
 "ubi8/buildah" = "registry.access.redhat.com/ubi8/buildah"
-"rhel8/buildah" = "registry.redhat.io/rhel8/buildah"
+"rhel9/buildah" = "registry.redhat.io/rhel9/buildah"
 "podman" = "registry.access.redhat.com/ubi8/podman"
 "ubi8/podman" = "registry.access.redhat.com/ubi8/podman"
-"rhel8/podman" = "registry.redhat.io/rhel8/podman"
+"rhel9/podman" = "registry.redhat.io/rhel9/podman"
--- a/SOURCES/containers.conf
+++ b/SOURCES/containers.conf
@ -62,7 +62,7 @@ default_capabilities = [

 # A list of sysctls to be set in containers by default,
 # specified as "name=value",
-# for example:"net.ipv4.ping_group_range = 0 0".
+# for example:"net.ipv4.ping_group_range=0 0".
 #
 default_sysctls = [
  "net.ipv4.ping_group_range=0 0",
@ -153,6 +153,7 @@ default_sysctls = [
 # Logging driver for the container. Available options: k8s-file and journald.
 #
 #log_driver = "k8s-file"
+log_driver = "k8s-file"

 # Maximum size allowed for the container log file. Negative numbers indicate
 # that no size limit is imposed. If positive, it must be >= 8192 to match or
@ -263,7 +264,13 @@ default_sysctls = [

 # Path to directory where CNI plugin binaries are located.
 #
-#cni_plugin_dirs = ["/usr/libexec/cni"]
+#cni_plugin_dirs = [
+#  "/usr/local/libexec/cni",
+#  "/usr/libexec/cni",
+#  "/usr/local/lib/cni",
+#  "/usr/lib/cni",
+#  "/opt/cni/bin",
+#]

 # The network name of the default CNI network to attach pods to.
 #
@ -337,6 +344,15 @@ default_sysctls = [
 #events_logger = "journald"
 events_logger = "file"

+# A is a list of directories which are used to search for helper binaries.
+#
+#helper_binaries_dir = [
+#  "/usr/local/libexec/podman",
+#  "/usr/local/lib/podman",
+#  "/usr/libexec/podman",
+#  "/usr/lib/podman",
+#]
+
 # Path to OCI hooks directories for automatically executed hooks.
 #
 #hooks_dir = [
@ -529,8 +545,25 @@ runtime = "runc"
 [engine.volume_plugins]
 #testplugin = "/run/podman/plugins/test.sock"

-# The [engine.volume_plugins] table MUST be the last entry in this file.
+[machine]
+# Number of CPU's a machine is created with.
+#
+#cpus=1
+
+# The size of the disk in GB created when init-ing a podman-machine VM.
+#
+#disk_size=10
+
+# The image used when creating a podman-machine VM.
+#
+#image = "testing"
+
+# Memory in MB a machine is created with.
+#
+#memory=2048
+
+# The [machine] table MUST be the last entry in this file.
 # (Unless another table is added)
 # TOML does not provide a way to end a table other than a further table being
-# defined, so every key hereafter will be part of [volume_plugins] and not the
+# defined, so every key hereafter will be part of [machine] and not the
 # main config.
--- a/SOURCES/containers.conf.5.md
+++ b/SOURCES/containers.conf.5.md
@ -1,4 +1,4 @@
-% containers.conf(5) Container engine configuration file
+% containers.conf 5 Container engine configuration file

 # NAME
 containers.conf - The container engine configuration file specifies default
@ -279,10 +279,21 @@ Options are:
 The `network` table contains settings pertaining to the management of CNI
 plugins.

-**cni_plugin_dirs**=["/opt/cni/bin/",]
+**cni_plugin_dirs**=[]

 List of paths to directories where CNI plugin binaries are located.

+The default list is:
+```
+cni_plugin_dirs = [
+  "/usr/local/libexec/cni",
+  "/usr/libexec/cni",
+  "/usr/local/lib/cni",
+  "/usr/lib/cni",
+  "/opt/cni/bin",
+]
+```
+
 **default_network**="podman"

 The network name of the default CNI network to attach pods to.
@ -367,6 +378,29 @@ if you want to set environment variables for the container.
 Default method to use when logging events.
 Valid values: `file`, `journald`, and `none`.

+**helper_binaries_dir**=["/usr/libexec/podman", ...]
+
+A is a list of directories which are used to search for helper binaries.
+
+The default paths on Linux are:
+- `/usr/local/libexec/podman`
+- `/usr/local/lib/podman`
+- `/usr/libexec/podman`
+- `/usr/lib/podman`
+
+The default paths on macOS are:
+- `/usr/local/opt/podman/libexec`
+-	`/opt/homebrew/bin`
+-	`/opt/homebrew/opt/podman/libexec`
+- `/usr/local/bin`
+-	`/usr/local/libexec/podman`
+-	`/usr/local/lib/podman`
+-	`/usr/libexec/podman`
+-	`/usr/lib/podman`
+
+The default path on Windows is:
+- `C:\Program Files\RedHat\Podman`
+
 **hooks_dir**=["/etc/containers/oci/hooks.d", ...]

 Path to the OCI hooks directories for automatically executed hooks.
@ -543,6 +577,25 @@ Currently valid values are:

 The driver specific options object.

+## MACHINE TABLE
+The `machine` table contains configurations for podman machine VMs
+
+**cpus**=1
+Number of CPU's a machine is created with.
+
+**disk_size**=10
+
+The size of the disk in GB created when init-ing a podman-machine VM
+
+**image**="testing"
+
+Default image used when creating a new VM using `podman machine init`.
+Options: `testing`, `stable`, `next`, or a custom path or download URL to an image
+
+**memory**=2048
+
+Memory in MB a machine is created with.
+
 # FILES

 **containers.conf**
--- a/SOURCES/pyxis.sh
+++ b/SOURCES/pyxis.sh
@ -20,6 +20,7 @@ while read -r LINE; do
       [  $REPOSITORY == \"\" ] ||
       [ "$AVAILABLE" != "Generally Available" ] ||
       [[ $REPOSITORY == *[@:]* ]] ||
+       [[ $REPOSITORY == *[* ]] ||
       [[ "$REGISTRY" == *non_registry* ]] ||
       [[ $REGISTRY != *.* ]]
     then
--- a/SOURCES/seccomp.json
+++ b/SOURCES/seccomp.json
@ -242,6 +242,7 @@
 				"madvise",
 				"mbind",
 				"memfd_create",
+				"memfd_secret",
 				"mincore",
 				"mkdir",
 				"mkdirat",
--- a/SOURCES/shortnames.conf
+++ b/SOURCES/shortnames.conf
@ -1,4 +1,7 @@
 [aliases]
+  # almalinux
+  "almalinux" = "docker.io/library/almalinux"
+  "almalinux-minimal" = "docker.io/library/almalinux-minimal"
  # centos
  "centos" = "quay.io/centos/centos"
  # containers
@ -61,5 +64,7 @@
  "busybox" = "docker.io/library/busybox"
  # php
  "php" = "docker.io/library/php"
-  #python
+  # python
  "python" = "docker.io/library/python"
+  # node
+  "node" = "docker.io/library/node"
--- a/SOURCES/update-vendored.sh
+++ b/SOURCES/update-vendored.sh
@ -3,20 +3,18 @@
 # for the c/storage, c/image and c/common vendored in podman, skopeo, buildah
 # For questions reach to Jindrich Novy <jnovy@redhat.com>
 rm -f /tmp/ver_image /tmp/ver_common /tmp/ver_storage
-B=`pkg switch-branch | grep ^* | cut -d\  -f2`
 CENTOS=""
 pwd | grep /tmp/centos > /dev/null
 if [ $? == 0 ]; then
  CENTOS=1
 fi
-set -xe
-echo $B
+set -e
 for P in podman skopeo buildah; do
  BRN=`pwd | sed 's,^.*/,,'`
  rm -rf $P
  pkg clone $P
  cd $P
-  [ -z "$CENTOS" ] && pkg switch-branch $B
+  [ -z "$CENTOS" ] && pkg switch-branch $BRN
  if [ $BRN != stream-container-tools-rhel8 ]; then
    pkg prep
  else
--- a/SOURCES/update.sh
+++ b/SOURCES/update.sh
@ -23,18 +23,21 @@ $2 = $3" $1
 spectool -f -g containers-common.spec
 ensure storage.conf    driver                        \"overlay\"
 ensure storage.conf    mountopt                      \"nodev,metacopy=on\"
-ensure containers.conf events_logger                 \"file\"
 if pwd | grep rhel-8 > /dev/null
 then
 ensure registries.conf unqualified-search-registries [\"registry.fedoraproject.org\",\ \"registry.access.redhat.com\",\ \"registry.centos.org\",\ \"docker.io\"]
 ensure registries.conf short-name-mode               \"permissive\"
 ensure containers.conf infra_image                   \"registry.access.redhat.com/ubi8/pause\"
 ensure containers.conf runtime                       \"runc\"
+ensure containers.conf events_logger                 \"file\"
+ensure containers.conf log_driver                    \"k8s-file\"
 else
 ensure registries.conf unqualified-search-registries [\"registry.fedoraproject.org\",\ \"registry.access.redhat.com\",\ \"registry.centos.org\",\ \"quay.io\",\ \"docker.io\"]
 ensure registries.conf short-name-mode               \"enforcing\"
-ensure containers.conf infra_image                   \"registry.access.redhat.com/ubi9/pause\"
+ensure containers.conf infra_image                   \"registry.access.redhat.com/ubi8/pause\"
 ensure containers.conf runtime                       \"crun\"
+ensure containers.conf events_logger                 \"journald\"
+ensure containers.conf log_driver                    \"journald\"
 fi
 [ `grep "keyctl" seccomp.json | wc -l` == 0 ] && sed -i '/\"kill\",/i \
 				"keyctl",' seccomp.json
--- a/SPECS/containers-common.spec
+++ b/SPECS/containers-common.spec
@ -3,17 +3,16 @@
 # These vendored components must have the same version. If it is not the case,
 # pick the oldest version on c/image, c/common, c/storage vendored in
 # podman/skopeo/podman.
-%global skopeo_branch release-1.4
-%global podman_branch v3.3
-%global image_branch v5.15.0
-%global common_branch v0.42.0
-%global storage_branch v1.33.1
+%global skopeo_branch main
+%global image_branch v5.16.0
+%global common_branch v0.44.2
+%global storage_branch v1.36.0
 %global shortnames_branch main

 Epoch: 2
 Name: containers-common
 Version: 1
-Release: 2%{?dist}
+Release: 8%{?dist}
 Summary: Common configuration and documentation for containers
 License: ASL 2.0
 BuildArch: noarch
@ -37,7 +36,7 @@ Source4: https://raw.githubusercontent.com/containers/image/%{image_branch}/docs
 #Source5: https://raw.githubusercontent.com/containers/image/%%{image_branch}/registries.conf
 Source5: registries.conf
 Source6: https://raw.githubusercontent.com/containers/image/%{image_branch}/docs/containers-policy.json.5.md
-Source7: https://raw.githubusercontent.com/containers/common/main/pkg/seccomp/seccomp.json
+Source7: https://raw.githubusercontent.com/containers/common/%{common_branch}/pkg/seccomp/seccomp.json
 Source8: https://raw.githubusercontent.com/containers/common/%{common_branch}/docs/containers-mounts.conf.5.md
 Source9: https://raw.githubusercontent.com/containers/image/%{image_branch}/docs/containers-signature.5.md
 Source10: https://raw.githubusercontent.com/containers/image/%{image_branch}/docs/containers-transports.5.md
@ -161,6 +160,32 @@ EOF
 %{_datadir}/rhel/secrets/*

 %changelog
+* Mon Jan 17 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-8
+- do not allow broken content from Pyxis to land in shortnames.conf
+- Related: #2021990
+
+* Mon Jan 17 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-7
+- update shortnames from Pyxis
+- Related: #2021990
+
+* Thu Dec 09 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-6
+- do not allow broken content from Pyxis to land in shortnames.conf
+- Related: #2021990
+
+* Wed Dec 08 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-5
+- sync vendored components
+- update shortnames from Pyxis
+- Related: #2021990
+
+* Tue Nov 16 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-4
+- consume seccomp.json from the oldest vendored version of c/common,
+  not main branch
+- Related: #2021990
+
+* Wed Nov 10 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-3
+- update vendored components
+- Related: #2001445
+
 * Wed Aug 11 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-2
 - synchronize config files for RHEL-8.5
 - Related: #1934415