diff --git a/containers-common.spec b/containers-common.spec
index 5bd2e63..985e97b 100644
--- a/containers-common.spec
+++ b/containers-common.spec
@@ -20,7 +20,7 @@
 Epoch: 4
 Name: containers-common
 Version: 0.33.0
-Release: 2%{?dist}
+Release: 3%{?dist}
 Summary: Common configuration and documentation for containers
 License: ASL 2.0
 BuildArch: noarch
@@ -47,8 +47,6 @@ Source16: %{github_containers}/image/%{image_branch}/docs/containers-registries.
 Source17: %{github_containers}/skopeo/%{skopeo_branch}/integration/fixtures/policy.json
 Source18: %{github_containers}/skopeo/%{skopeo_branch}/default.yaml
 Source19: %{github_containers}/shortnames/%{shortnames_branch}/shortnames.conf
-# use this script to update sources above - it assures it contains required content
-#Source20: update.sh
 
 %description
 This package contains common configuration files and documentation for container
@@ -59,35 +57,48 @@ which are vendored into Podman, Buildah, Skopeo, etc. but they are not packaged
 separately.
 
 %prep
+cp %{_sourcedir}/{*.json,*.conf,*.5.md,*.yaml} .
+
+sed -i -e 's/^driver.*=.*/driver = "overlay"/' -e 's/^mountopt.*=.*/mountopt = "nodev,metacopy=on"/' \
+        storage.conf
+[ `grep "keyctl" seccomp.json | wc -l` == 0 ] && sed -i '/\"kill\",/i \
+				"keyctl",' seccomp.json
+sed -i '/\"socketcall\",/i \
+				"socket",' seccomp.json
+sed -i 's/^#.*unqualified-search-registries.*=.*/unqualified-search-registries = ["registry.fedoraproject.org", "registry.access.redhat.com", "registry.centos.org", "docker.io"]/g' \
+        registries.conf
 
 %build
 
 %install
+# install config and policy files for registries
 install -dp %{buildroot}%{_sysconfdir}/containers/{certs.d,oci/hooks.d,registries.conf.d,registries.d}
 install -dp %{buildroot}%{_sharedstatedir}/containers/sigstore
-install -m0644 %{SOURCE18} %{buildroot}%{_sysconfdir}/containers/registries.d/default.yaml
-install -m0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/containers/storage.conf
-install -m0644 %{SOURCE5} %{buildroot}%{_sysconfdir}/containers/registries.conf
-install -m0644 %{SOURCE19} %{buildroot}%{_sysconfdir}/containers/registries.conf.d/shortnames.conf
-install -m0644 %{SOURCE17} %{buildroot}%{_sysconfdir}/containers/policy.json
+install -m0644 default.yaml %{buildroot}%{_sysconfdir}/containers/registries.d/default.yaml
+install -m0644 storage.conf %{buildroot}%{_sysconfdir}/containers/storage.conf
+install -m0644 registries.conf %{buildroot}%{_sysconfdir}/containers/registries.conf
+install -m0644 shortnames.conf %{buildroot}%{_sysconfdir}/containers/registries.conf.d/shortnames.conf
+install -m0644 policy.json %{buildroot}%{_sysconfdir}/containers/policy.json
+
+# install manpages
 install -dp %{buildroot}%{_mandir}/man5
+go-md2man -in containers-storage.conf.5.md -out %{buildroot}%{_mandir}/man5/containers-storage.conf.5
+go-md2man -in containers-registries.conf.5.md -out %{buildroot}%{_mandir}/man5/containers-registries.conf.5
+go-md2man -in containers-policy.json.5.md -out %{buildroot}%{_mandir}/man5/containers-policy.json.5
+go-md2man -in containers-mounts.conf.5.md -out %{buildroot}%{_mandir}/man5/containers-mounts.conf.5
+go-md2man -in containers-signature.5.md -out %{buildroot}%{_mandir}/man5/containers-signature.5
+go-md2man -in containers-transports.5.md -out %{buildroot}%{_mandir}/man5/containers-transports.5
+go-md2man -in containers-certs.d.5.md -out %{buildroot}%{_mandir}/man5/containers-certs.d.5
+go-md2man -in containers-registries.d.5.md -out %{buildroot}%{_mandir}/man5/containers-registries.d.5
+go-md2man -in containers.conf.5.md -out %{buildroot}%{_mandir}/man5/containers.conf.5
+go-md2man -in containers-auth.json.5.md -out %{buildroot}%{_mandir}/man5/containers-auth.json.5
+go-md2man -in containers-registries.conf.d.5.md -out %{buildroot}%{_mandir}/man5/containers-registries.conf.d.5
 
-go-md2man -in %{SOURCE2} -out %{buildroot}%{_mandir}/man5/containers-storage.conf.5
-go-md2man -in %{SOURCE4} -out %{buildroot}%{_mandir}/man5/containers-registries.conf.5
-go-md2man -in %{SOURCE6} -out %{buildroot}%{_mandir}/man5/containers-policy.json.5
-go-md2man -in %{SOURCE8} -out %{buildroot}%{_mandir}/man5/containers-mounts.conf.5
-go-md2man -in %{SOURCE9} -out %{buildroot}%{_mandir}/man5/containers-signature.5
-go-md2man -in %{SOURCE10} -out %{buildroot}%{_mandir}/man5/containers-transports.5
-go-md2man -in %{SOURCE11} -out %{buildroot}%{_mandir}/man5/containers-certs.d.5
-go-md2man -in %{SOURCE12} -out %{buildroot}%{_mandir}/man5/containers-registries.d.5
-go-md2man -in %{SOURCE14} -out %{buildroot}%{_mandir}/man5/containers.conf.5
-go-md2man -in %{SOURCE15} -out %{buildroot}%{_mandir}/man5/containers-auth.json.5
-go-md2man -in %{SOURCE16} -out %{buildroot}%{_mandir}/man5/containers-registries.conf.d.5
-
+# install config files for mounts, containers and seccomp
 install -dp %{buildroot}%{_datadir}/containers
-install -m0644 %{SOURCE3} %{buildroot}%{_datadir}/containers/mounts.conf
-install -m0644 %{SOURCE7} %{buildroot}%{_datadir}/containers/seccomp.json
-install -m0644 %{SOURCE13} %{buildroot}%{_datadir}/containers/containers.conf
+install -m0644 mounts.conf %{buildroot}%{_datadir}/containers/mounts.conf
+install -m0644 seccomp.json %{buildroot}%{_datadir}/containers/seccomp.json
+install -m0644 containers.conf %{buildroot}%{_datadir}/containers/containers.conf
 
 # install secrets patch directory
 install -d -p -m 755 %{buildroot}/%{_datadir}/rhel/secrets
@@ -96,15 +107,6 @@ ln -s %{_sysconfdir}/pki/entitlement %{buildroot}%{_datadir}/rhel/secrets/etc-pk
 ln -s %{_sysconfdir}/rhsm %{buildroot}%{_datadir}/rhel/secrets/rhsm
 ln -s %{_sysconfdir}/yum.repos.d/redhat.repo %{buildroot}%{_datadir}/rhel/secrets/redhat.repo
 
-sed -i -e 's/^driver.*=.*/driver = "overlay"/' -e 's/^mountopt.*=.*/mountopt = "nodev,metacopy=on"/' \
-        %{buildroot}%{_sysconfdir}/containers/storage.conf
-[ `grep "keyctl" %{buildroot}%{_datadir}/containers/seccomp.json | wc -l` == 0 ] && sed -i '/\"kill\",/i \
-				"keyctl",' %{buildroot}%{_datadir}/containers/seccomp.json
-sed -i '/\"socketcall\",/i \
-				"socket",' %{buildroot}%{_datadir}/containers/seccomp.json
-sed -i 's/^#.*unqualified-search-registries.*=.*/unqualified-search-registries = ["registry.fedoraproject.org", "registry.access.redhat.com", "registry.centos.org", "docker.io"]/g' \
-        %{buildroot}%{_sysconfdir}/containers/registries.conf
-
 %files
 %dir %{_sysconfdir}/containers
 %dir %{_sysconfdir}/containers/certs.d
@@ -127,6 +129,9 @@ sed -i 's/^#.*unqualified-search-registries.*=.*/unqualified-search-registries =
 %{_datadir}/rhel/secrets/*
 
 %changelog
+* Wed Jan 13 2021 Lokesh Mandvekar <lsm5@fedoraproject.org> - 4:0.33.0-3
+- copy source files into builddir and change them there before installation
+
 * Tue Jan 12 2021 Lokesh Mandvekar <lsm5@fedoraproject.org> - 4:0.33.0-2
 - move update.sh code to spec file itself