From 77b80fb1ff2336b8c4a644efc64caa6888a4ac2f Mon Sep 17 00:00:00 2001
From: Jindrich Novy <jnovy@redhat.com>
Date: Mon, 18 Aug 2025 14:04:35 +0200
Subject: [PATCH] containers-common-0.64.0-4.el10

- update vendored components for 10.1
- Related: RHEL-80817

Signed-off-by: Jindrich Novy <jnovy@redhat.com>
---
 containers-common.spec      | 12 ++++++++----
 containers-policy.json.5.md | 10 ----------
 containers-transports.5.md  |  7 +------
 containers.conf             |  1 +
 containers.conf.5.md        | 15 +++++++++------
 shortnames.conf             |  4 ++++
 storage.conf                |  1 +
 update.sh                   |  1 +
 8 files changed, 25 insertions(+), 26 deletions(-)

diff --git a/containers-common.spec b/containers-common.spec
index 45a5146..04772cf 100644
--- a/containers-common.spec
+++ b/containers-common.spec
@@ -7,17 +7,17 @@
 # Packit will automatically update the image and storage versions on Fedora and
 # CentOS Stream dist-git PRs.
 %global skopeo_branch main
-%global image_branch v5.35.0
-%global storage_branch v1.58.0
+%global image_branch v5.36.0
+%global storage_branch v1.59.0
 %global shortnames_branch main
-%global common_branch v0.63.1
+%global common_branch v0.64.0
 
 %global common_version %(v=%{common_branch}; echo ${v:1})
 
 Name: containers-common
 Epoch: 5
 Version: %{common_version}
-Release: 3%{?dist}
+Release: 4%{?dist}
 License: Apache-2.0
 BuildArch: noarch
 # for BuildRequires: go-md2man
@@ -203,6 +203,10 @@ ln -s ../../../..%{_sysconfdir}/yum.repos.d/redhat.repo %{buildroot}%{_datadir}/
 %files extra
 
 %changelog
+* Mon Aug 18 2025 Jindrich Novy <jnovy@redhat.com> - 5:0.64.0-4
+- update vendored components for 10.1
+- Related: RHEL-80817
+
 * Tue Aug 12 2025 Jindrich Novy <jnovy@redhat.com> - 5:0.63.1-3
 - remove the ugly installation hack in tests
 - Related: RHEL-80817
diff --git a/containers-policy.json.5.md b/containers-policy.json.5.md
index 2dedd6d..1408e65 100644
--- a/containers-policy.json.5.md
+++ b/containers-policy.json.5.md
@@ -160,16 +160,6 @@ The _reference_ annotation value, if any, is not used.
 - The top-level scope `"/"` is forbidden; use the transport default scope `""`,
   for consistency with other transports.
 
-### `ostree`:
-
-Supported scopes have the form _repo-path_`:`_image-scope_; _repo_path_ is the path to the OSTree repository.
-
-_image-scope_ is the _docker_reference_ part of the reference, with with a `:latest` tag implied if no tag is present,
-and parent namespaces of the _docker_reference_ value (by omitting the tag, or a prefix specifying a higher-level namespace).
-
-*Note:*
-- The _repo_path_ must be absolute and contain no symlinks. Paths violating these requirements may be silently ignored.
-
 ### `sif:`
 
 Supported scopes are paths to Singularity images, and their parent directories
diff --git a/containers-transports.5.md b/containers-transports.5.md
index 1312d44..25ae41a 100644
--- a/containers-transports.5.md
+++ b/containers-transports.5.md
@@ -91,11 +91,6 @@ The _path_ value terminates at the first `:` character; any further `:` characte
 The _reference_ is used to set, or match, the `org.opencontainers.image.ref.name` annotation in the top-level index.
 If _reference_ is not specified when reading an archive, the archive must contain exactly one image.
 
-### **ostree:**_docker-reference_[`@`_/absolute/repo/path_]
-
-An image in the local ostree(1) repository.
-_/absolute/repo/path_ defaults to `/ostree/repo`.
-
 ### **sif:**_path_
 
 An image using the Singularity image format at _path_.
@@ -138,7 +133,7 @@ $ skopeo copy docker://docker.io/library/alpine:latest containers-storage:alpine
 
 ## SEE ALSO
 
-docker-login(1), docker-save(1), ostree(1), podman-login(1), skopeo-copy(1), skopeo-inspect(1), tar(1), container-registries.conf(5), containers-storage.conf(5)
+docker-login(1), docker-save(1), podman-login(1), skopeo-copy(1), skopeo-inspect(1), tar(1), container-registries.conf(5), containers-storage.conf(5)
 
 ## AUTHORS
 
diff --git a/containers.conf b/containers.conf
index d5cf1a2..b56579f 100644
--- a/containers.conf
+++ b/containers.conf
@@ -588,6 +588,7 @@ default_sysctls = [
 #
 #cdi_spec_dirs = [
 #  "/etc/cdi",
+#  "/var/run/cdi",
 #]
 
 # Manifest Type (oci, v2s2, or v2s1) to use when pulling, pushing, building
diff --git a/containers.conf.5.md b/containers.conf.5.md
index 8551cb9..4af6df5 100644
--- a/containers.conf.5.md
+++ b/containers.conf.5.md
@@ -29,6 +29,10 @@ Note, container engines also use other configuration files for configuring the e
 container images.
 * `policy.conf` for controlling which images can be pulled to the system.
 
+Note: If Podman is running in a virtual machine using `podman machine` (this
+includes Mac and Windows hosts), ensure that the configuration files are edited in the
+virtual machine by using `podman machine ssh`.
+
 ## ENVIRONMENT VARIABLES
 If the `CONTAINERS_CONF` environment variable is set, all system and user
 config files are ignored and only the specified config file will be loaded.
@@ -222,11 +226,10 @@ setup. Adding these internal hostnames to `/etc/hosts` is silently skipped then.
 Set this config to `none` to never add the internal hostnames to `/etc/hosts`.
 
 Note: If Podman is running in a virtual machine using `podman machine` (this
-includes Mac and Windows hosts), Podman will silently skip adding the internal
-hostnames to `/etc/hosts`, unless an IP address was configured manually. The
-internal hostnames are resolved by the gvproxy DNS resolver instead. This config
-has no effect on gvproxy. However, since `/etc/hosts` bypasses the DNS resolver,
-a manually configured IP address still takes precedence.
+includes Mac and Windows hosts), Podman resolves the `host.containers.internal`
+hostname via the podman machine (gvproxy) DNS resolver instead when it is empty.
+Also because the name will be resolved by the DNS name in gvproxy setting this
+to `none` has no effect. This option does not change the gvproxy behavior.
 
 Note: This config doesn't affect the actual network setup, it just tells Podman
 the IP address it should expect. Configuring an IP address here doesn't ensure
@@ -692,7 +695,7 @@ The default path on Windows is:
 
 Path to the OCI hooks directories for automatically executed hooks.
 
-**cdi_spec_dirs**=["/etc/cdi", ...]
+**cdi_spec_dirs**=["/etc/cdi", "/var/run/cdi", ...]
 
 Directories to scan for CDI Spec files.
 
diff --git a/shortnames.conf b/shortnames.conf
index 55bbf85..870d8d6 100644
--- a/shortnames.conf
+++ b/shortnames.conf
@@ -157,3 +157,7 @@
   "grafana/tempo" = "docker.io/grafana/tempo"
   # curl
   "curl" = "quay.io/curl/curl"
+  # nginx
+  "nginx" = "docker.io/library/nginx"
+  # QUBIP
+  "qubip/pq-container" = "quay.io/qubip/pq-container"
diff --git a/storage.conf b/storage.conf
index 9bd9fc1..fb2ee1f 100644
--- a/storage.conf
+++ b/storage.conf
@@ -62,6 +62,7 @@ additionalimagestores = [
 # https://github.com/containers/storage/blob/main/docs/containers-storage-zstd-chunked.md
 # This is a "string bool": "false" | "true" (cannot be native TOML boolean)
 # enable_partial_images = "false"
+enable_partial_images = "false"
 
 # Tells containers/storage to use hard links rather then create new files in
 # the image, if an identical file already existed in storage.
diff --git a/update.sh b/update.sh
index a4408c7..0c93a70 100755
--- a/update.sh
+++ b/update.sh
@@ -60,6 +60,7 @@ elif pwd | grep -e rhel-10 -e c10s > /dev/null
 then
 ensure registries.conf short-name-mode               \"enforcing\"
 ensure containers.conf runtime                       \"crun\"
+ensure storage.conf    enable_partial_images         \"false\"
 else
 echo "Unknown release"
 fi