containers-common-0.60.2-13.el10

- update vendored components
- Related: RHEL-58990

Signed-off-by: Jindrich Novy <jnovy@redhat.com>
This commit is contained in:
Jindrich Novy 2024-11-26 02:58:27 +01:00
parent 3aac15a93a
commit 455b4b4aed
7 changed files with 98 additions and 67 deletions

View File

@ -6,8 +6,8 @@
# Packit will automatically update the image and storage versions on Fedora and
# CentOS Stream dist-git PRs.
%global image_branch v5.32.2
%global storage_branch v1.55.0
%global image_branch v5.33.0
%global storage_branch v1.56.0
%global shortnames_branch main
%global project containers
@ -40,7 +40,7 @@ Epoch: 5
# copr and koji builds.
# If you're reading this on dist-git, the version is automatically filled in by Packit.
Version: 0.60.2
Release: 12%{?dist}
Release: 13%{?dist}
License: Apache-2.0
BuildArch: noarch
# for BuildRequires: go-md2man
@ -255,6 +255,10 @@ ln -s ../../../..%{_sysconfdir}/yum.repos.d/redhat.repo %{buildroot}%{_datadir}/
%files extra
%changelog
* Tue Nov 26 2024 Jindrich Novy <jnovy@redhat.com> - 5:0.60.2-13
- update vendored components
- Related: RHEL-58990
* Mon Nov 25 2024 Jindrich Novy <jnovy@redhat.com> - 5:0.60.2-12
- Use proper log_driver: k8s-file
- Resolves: RHEL-68081

View File

@ -71,7 +71,7 @@ Default directory to store all temporary writable content created by container s
By default, the storage driver is set via the `driver` option. If it is not defined, then the best driver will be picked according to the current platform. This option allows you to override this internal priority list with a custom one to prefer certain drivers.
Setting this option only has an effect if the local storage has not been initialized yet and the driver name is not set.
**transient_store** = "false" | "true"
**transient_store** = "false"|"true"
Transient store mode makes all container metadata be saved in temporary storage
(i.e. runroot above). This is faster, but doesn't persist across reboots.
@ -84,33 +84,6 @@ The `storage.options` table supports the following options:
**additionalimagestores**=[]
Paths to additional container image stores. Usually these are read/only and stored on remote network shares.
**pull_options** = {enable_partial_images = "true", use_hard_links = "false", ostree_repos=""}
Allows specification of how storage is populated when pulling images. This
option can speed the pulling process of images compressed with format zstd:chunked. Containers/storage looks
for files within images that are being pulled from a container registry that
were previously pulled to the host. It can copy or create
a hard link to the existing file when it finds them, eliminating the need to pull them from the
container registry. These options can deduplicate pulling of content, disk
storage of content and can allow the kernel to use less memory when running
containers.
containers/storage supports four keys
* enable_partial_images="true" | "false"
Tells containers/storage to look for files previously pulled in storage
rather then always pulling them from the container registry.
* use_hard_links = "false" | "true"
Tells containers/storage to use hard links rather then create new files in
the image, if an identical file already existed in storage.
* ostree_repos = ""
Tells containers/storage where an ostree repository exists that might have
previously pulled content which can be used when attempting to avoid
pulling content from the container registry
* convert_images = "false" | "true"
If set to true, containers/storage will convert images to a format compatible with
partial pulls in order to take advantage of local deduplication and hardlinking. It is an
expensive operation so it is not enabled by default.
**root-auto-userns-user**=""
Root-auto-userns-user is a user name which can be used to look up one or more UID/GID ranges in the /etc/subuid and /etc/subgid file. These ranges will be partitioned to containers configured to create automatically a user namespace. Containers configured to automatically create a user namespace can still overlap with containers having an explicit mapping set. This setting is ignored when running as rootless.
@ -123,6 +96,34 @@ containers/storage supports four keys
**disable-volatile**=true
If disable-volatile is set, then the "volatile" mount optimization is disabled for all the containers.
### STORAGE PULL OPTIONS TABLE
The `storage.options.pull_options` table supports the following keys:
**enable_partial_images="true"|"false"**
Enable the "zstd:chunked" feature, which allows partial pulls, reusing
content that already exists on the system. This is disabled by default,
and must be explicitly enabled to be used. For more on zstd:chunked, see
<https://github.com/containers/storage/blob/main/docs/containers-storage-zstd-chunked.md>.
This is a "string bool": "false"|"true" (cannot be native TOML boolean)
**use_hard_links="false"|"true"**
Tells containers/storage to use hard links rather then create new files in
the image, if an identical file already existed in storage.
This is a "string bool": "false"|"true" (cannot be native TOML boolean)
**ostree_repos=""**
Path to an ostree repository that might have
previously pulled content which can be used when attempting to avoid
pulling content from the container registry.
**convert_images="false"|"true"**
If set to "true", containers/storage will convert images that are
not already in zstd:chunked format to that format before processing
in order to take advantage of local deduplication and hard linking.
It is an expensive operation so it is not enabled by default.
This is a "string bool": "false"|"true" (cannot be native TOML boolean)
### STORAGE OPTIONS FOR AUFS TABLE
The `storage.options.aufs` table supports the following options:
@ -145,7 +146,8 @@ The `storage.options.btrfs` table supports the following options:
The `storage.options.overlay` table supports the following options:
**ignore_chown_errors** = "false"
ignore_chown_errors can be set to allow a non privileged user running with a single UID within a user namespace to run containers. The user can pull and use any image even those with multiple uids. Note multiple UIDs will be squashed down to the default uid in the container. These images will have no separation between the users in the container. (default: false)
ignore_chown_errors can be set to allow a non privileged user running with a single UID within a user namespace to run containers. The user can pull and use any image even those with multiple uids. Note multiple UIDs will be squashed down to the default uid in the container. These images will have no separation between the users in the container. (default: "false")
This is a "string bool": "false"|"true" (cannot be native TOML boolean)
**inodes**=""
Maximum inodes in a read/write layer. This flag can be used to set a quota on the inodes allocated for a read/write layer of a container.
@ -194,21 +196,26 @@ based file systems.
**mountopt**=""
Comma separated list of default options to be used to mount container images. Suggested value "nodev". Mount options are documented in the mount(8) man page.
**skip_mount_home=""**
**skip_mount_home="false"**
Tell storage drivers to not create a PRIVATE bind mount on their home directory.
This is a "string bool": "false"|"true" (cannot be native TOML boolean)
**size**=""
Maximum size of a read/write layer. This flag can be used to set quota on the size of a read/write layer of a container. (format: <number>[<unit>], where unit = b (bytes), k (kilobytes), m (megabytes), or g (gigabytes))
**use_composefs** = "false"
Use ComposeFS to mount the data layers image. ComposeFS support is experimental and not recommended for production use. (default: false)
Use ComposeFS to mount the data layers image. ComposeFS support is experimental and not recommended for production use.
This is a "string bool": "false"|"true" (cannot be native TOML boolean)
### STORAGE OPTIONS FOR VFS TABLE
The `storage.options.vfs` table supports the following options:
**ignore_chown_errors** = "false"
ignore_chown_errors can be set to allow a non privileged user running with a single UID within a user namespace to run containers. The user can pull and use any image even those with multiple uids. Note multiple UIDs will be squashed down to the default uid in the container. These images will have no separation between the users in the container. (default: false)
ignore_chown_errors can be set to allow a non privileged user running with a single UID within a user namespace to run containers. The user can pull and use any image even those with multiple uids. Note multiple UIDs will be squashed down to the default uid in the container. These images will have no separation between the users in the container.
This is a "string bool": "false"|"true" (cannot be native TOML boolean)
### STORAGE OPTIONS FOR ZFS TABLE

View File

@ -183,7 +183,7 @@ default_sysctls = [
# Logging driver for the container. Available options: k8s-file and journald.
#
log_driver = "k8s-file"
log_driver = "file"
# Maximum size allowed for the container log file. Negative numbers indicate
# that no size limit is imposed. If positive, it must be >= 8192 to match or

View File

@ -38,6 +38,21 @@
"leap-dnf" = "registry.opensuse.org/opensuse/leap-dnf"
"leap-microdnf" = "registry.opensuse.org/opensuse/leap-microdnf"
"tw-busybox" = "registry.opensuse.org/opensuse/busybox"
# OTel (Open Telemetry) - opentelemetry.io
"otel/autoinstrumentation-go" = "docker.io/otel/autoinstrumentation-go"
"otel/autoinstrumentation-nodejs" = "docker.io/otel/autoinstrumentation-nodejs"
"otel/autoinstrumentation-python" = "docker.io/otel/autoinstrumentation-python"
"otel/autoinstrumentation-java" = "docker.io/otel/autoinstrumentation-java"
"otel/autoinstrumentation-dotnet" = "docker.io/otel/autoinstrumentation-dotnet"
"otel/opentelemetry-collector" = "docker.io/otel/opentelemetry-collector"
"otel/opentelemetry-collector-contrib" = "docker.io/otel/opentelemetry-collector-contrib"
"otel/opentelemetry-collector-contrib-dev" = "docker.io/otel/opentelemetry-collector-contrib-dev"
"otel/opentelemetry-collector-k8s" = "docker.io/otel/opentelemetry-collector-k8s"
"otel/opentelemetry-operator" = "docker.io/otel/opentelemetry-operator"
"otel/opentelemetry-operator-bundle" = "docker.io/otel/opentelemetry-operator-bundle"
"otel/operator-opamp-bridge" = "docker.io/otel/operator-opamp-bridge"
"otel/semconvgen" = "docker.io/otel/semconvgen"
"otel/weaver" = "docker.io/otel/weaver"
# SUSE
"suse/sle15" = "registry.suse.com/suse/sle15"
"suse/sles12sp5" = "registry.suse.com/suse/sles12sp5"

View File

@ -8,12 +8,12 @@
# /usr/containers/storage.conf
# /etc/containers/storage.conf
# $HOME/.config/containers/storage.conf
# $XDG_CONFIG_HOME/containers/storage.conf (If XDG_CONFIG_HOME is set)
# $XDG_CONFIG_HOME/containers/storage.conf (if XDG_CONFIG_HOME is set)
# See man 5 containers-storage.conf for more information
# The "container storage" table contains all of the server options.
# The "storage" table contains all of the server options.
[storage]
# Default Storage Driver, Must be set for proper operation.
# Default storage driver, must be set for proper operation.
driver = "overlay"
# Temporary storage location
@ -24,8 +24,8 @@ runroot = "/run/containers/storage"
# driver_priority = ["overlay", "btrfs"]
# Primary Read/Write location of container storage
# When changing the graphroot location on an SELINUX system, you must
# ensure the labeling matches the default locations labels with the
# When changing the graphroot location on an SELinux system, you must
# ensure the labeling matches the default location's labels with the
# following commands:
# semanage fcontext -a -e /var/lib/containers/storage /NEWSTORAGEPATH
# restorecon -R -v /NEWSTORAGEPATH
@ -54,32 +54,31 @@ graphroot = "/var/lib/containers/storage"
additionalimagestores = [
]
# Allows specification of how storage is populated when pulling images. This
# option can speed the pulling process of images compressed with format
# zstd:chunked. Containers/storage looks for files within images that are being
# pulled from a container registry that were previously pulled to the host. It
# can copy or create a hard link to the existing file when it finds them,
# eliminating the need to pull them from the container registry. These options
# can deduplicate pulling of content, disk storage of content and can allow the
# kernel to use less memory when running containers.
# Options controlling how storage is populated when pulling images.
[storage.options.pull_options]
# Enable the "zstd:chunked" feature, which allows partial pulls, reusing
# content that already exists on the system. This is disabled by default,
# and must be explicitly enabled to be used. For more on zstd:chunked, see
# https://github.com/containers/storage/blob/main/docs/containers-storage-zstd-chunked.md
# This is a "string bool": "false" | "true" (cannot be native TOML boolean)
# enable_partial_images = "false"
# containers/storage supports four keys
# * enable_partial_images="true" | "false"
# Tells containers/storage to look for files previously pulled in storage
# rather then always pulling them from the container registry.
# * use_hard_links = "false" | "true"
# Tells containers/storage to use hard links rather then create new files in
# the image, if an identical file already existed in storage.
# * ostree_repos = ""
# Tells containers/storage where an ostree repository exists that might have
# This is a "string bool": "false" | "true" (cannot be native TOML boolean)
# use_hard_links = "false"
# Path to an ostree repository that might have
# previously pulled content which can be used when attempting to avoid
# pulling content from the container registry
# * convert_images = "false" | "true"
# If set to true, containers/storage will convert images to a
# format compatible with partial pulls in order to take advantage
# of local deduplication and hard linking. It is an expensive
# operation so it is not enabled by default.
pull_options = {enable_partial_images = "true", use_hard_links = "false", ostree_repos=""}
# pulling content from the container registry.
# ostree_repos=""
# If set to "true", containers/storage will convert images that are
# not already in zstd:chunked format to that format before processing
# in order to take advantage of local deduplication and hard linking.
# It is an expensive operation so it is not enabled by default.
# This is a "string bool": "false" | "true" (cannot be native TOML boolean)
# convert_images = "false"
# Root-auto-userns-user is a user name which can be used to look up one or more UID/GID
# ranges in the /etc/subuid and /etc/subgid file. These ranges will be partitioned
@ -102,6 +101,7 @@ pull_options = {enable_partial_images = "true", use_hard_links = "false", ostree
# squashed down to the default uid in the container. These images will have no
# separation between the users in the container. Only supported for the overlay
# and vfs drivers.
# This is a "string bool": "false" | "true" (cannot be native TOML boolean)
#ignore_chown_errors = "false"
# Inodes is used to set a maximum inodes of the container image.
@ -115,9 +115,11 @@ pull_options = {enable_partial_images = "true", use_hard_links = "false", ostree
mountopt = "nodev,metacopy=on"
# Set to skip a PRIVATE bind mount on the storage home directory.
# This is a "string bool": "false" | "true" (cannot be native TOML boolean)
# skip_mount_home = "false"
# Set to use composefs to mount data layers with overlay.
# This is a "string bool": "false" | "true" (cannot be native TOML boolean)
# use_composefs = "false"
# Size is used to set a maximum size of the container image.

View File

@ -25,6 +25,9 @@ for P in podman skopeo buildah; do
fi
rm -rf *SPECPARTS
DIR=`ls -d -- */ | grep "$P"`
if [[ $DIR == *-build/ ]]; then
DIR=`ls -d $DIR/* | grep -v SPECPARTS`
fi
grep github.com/containers/image $DIR/go.mod | cut -d\ -f2 | sed 's,-.*,,'>> /tmp/ver_image
grep github.com/containers/common $DIR/go.mod | cut -d\ -f2 | sed 's,-.*,,' >> /tmp/ver_common
grep github.com/containers/storage $DIR/go.mod | cut -d\ -f2 | sed 's,-.*,,' >> /tmp/ver_storage

View File

@ -60,7 +60,7 @@ elif pwd | grep -e rhel-10 -e c10s > /dev/null
then
ensure registries.conf short-name-mode \"enforcing\"
ensure containers.conf runtime \"crun\"
ensure containers.conf log_driver \"file\"
ensure containers.conf log_driver \"k8s-file\"
else
echo "Unknown release"
fi