rpms
/
containers-common
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import containers-common-1-35.module+el8.7.0+16520+2db5507d

This commit is contained in:
CentOS Sources 2022-11-08 01:39:32 -05:00 committed by Stepan Oksanichenko
parent e5c295c58e
commit b05bef4b34
11 changed files with 1083 additions and 156 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
.containers-common.metadata
View File

@ -1,4 +1,4 @@
5a594964d481c7bbcf748a43599391619866eebb SOURCES/aardvark-dns-v1.0.1-rhel-vendor.tar.gz
5c8d24e57860e54bc0b02e5f70bf4ce861eeb247 SOURCES/netavark-v1.0.1-rhel-vendor.tar.gz
8634b77bd1f0d5738a4e0e2b1ca0bf7c784afeb1 SOURCES/v1.0.1-rhel-0a8eabf.tar.gz
d42da7797a651a93df43f8cfbaa42101660c1b62 SOURCES/v1.0.1-rhel-93af394.tar.gz
92a2bbb50398d4326834e37c17d7ad0c2ed68e5f SOURCES/aardvark-dns-v1.0.3-a92337b.tar.gz
c43b8b3548ebc251461f5667d01142e4491691a3 SOURCES/aardvark-dns-v1.0.3-vendor.tar.gz
41313c08ae196941064c6b9c8a090be2381cce51 SOURCES/netavark-v1.0.3-ec7efb8.tar.gz
26c57cd7077cd8088720082889e3f3c9d776e75c SOURCES/netavark-v1.0.3-vendor.tar.gz

8
.gitignore vendored
View File

@ -1,4 +1,4 @@
SOURCES/aardvark-dns-v1.0.1-rhel-vendor.tar.gz
SOURCES/netavark-v1.0.1-rhel-vendor.tar.gz
SOURCES/v1.0.1-rhel-0a8eabf.tar.gz
SOURCES/v1.0.1-rhel-93af394.tar.gz
SOURCES/aardvark-dns-v1.0.3-a92337b.tar.gz
SOURCES/aardvark-dns-v1.0.3-vendor.tar.gz
SOURCES/netavark-v1.0.3-ec7efb8.tar.gz
SOURCES/netavark-v1.0.3-vendor.tar.gz

446
SOURCES/001-rhel-shortnames-pyxis.conf
View File

File diff suppressed because it is too large Load Diff

574
SOURCES/Containerfile.5.md Normal file
View File

@ -0,0 +1,574 @@
% "CONTAINERFILE" "5" "Aug 2021" "" "Container User Manuals"
# NAME
Containerfile(Dockerfile) - automate the steps of creating a container image
# INTRODUCTION
The **Containerfile** is a configuration file that automates the steps of creating a container image. It is similar to a Makefile. Container engines (Podman, Buildah, Docker) read instructions from the **Containerfile** to automate the steps otherwise performed manually to create an image. To build an image, create a file called **Containerfile**.
The **Containerfile** describes the steps taken to assemble the image. When the
**Containerfile** has been created, call the `buildah bud`, `podman build`, `docker build` command,
using the path of context directory that contains **Containerfile** as the argument. Podman and Buildah default to **Containerfile** and will fall back to **Dockerfile**. Docker only will search for **Dockerfile** in the context directory.
**Dockerfile** is an alternate name for the same object. **Containerfile** and **Dockerfile** support the same syntax.
# SYNOPSIS
INSTRUCTION arguments
For example:
FROM image
# DESCRIPTION
A Containerfile is a file that automates the steps of creating a container image.
A Containerfile is similar to a Makefile.
# USAGE
```
buildah bud .
podman build .
```
-- Runs the steps and commits them, building a final image.
The path to the source repository defines where to find the context of the
build.
```
buildah bud -t repository/tag .
podman build -t repository/tag .
```
-- specifies a repository and tag at which to save the new image if the build
succeeds. The container engine runs the steps one-by-one, committing the result
to a new image if necessary, before finally outputting the ID of the new
image.
Container engines re-use intermediate images whenever possible. This significantly
accelerates the *build* process.
# FORMAT
`FROM image`
`FROM image:tag`
`FROM image@digest`
-- The **FROM** instruction sets the base image for subsequent instructions. A
valid Containerfile must have either **ARG** or *FROM** as its first instruction.
If **FROM** is not the first instruction in the file, it may only be preceded by
one or more ARG instructions, which declare arguments that are used in the next FROM line in the Containerfile.
The image can be any valid image. It is easy to start by pulling an image from the public
repositories.
-- **FROM** must appear at least once in the Containerfile.
-- **FROM** The first **FROM** command must come before all other instructions in
the Containerfile except **ARG**
-- **FROM** may appear multiple times within a single Containerfile in order to create
multiple images. Make a note of the last image ID output by the commit before
each new **FROM** command.
-- If no tag is given to the **FROM** instruction, container engines apply the
`latest` tag. If the used tag does not exist, an error is returned.
-- If no digest is given to the **FROM** instruction, container engines apply the
`latest` tag. If the used tag does not exist, an error is returned.
**MAINTAINER**
-- **MAINTAINER** sets the Author field for the generated images.
Useful for providing users with an email or url for support.
**RUN**
-- **RUN** has two forms:
```
# the command is run in a shell - /bin/sh -c
RUN <command>
# Executable form
RUN ["executable", "param1", "param2"]
```
**RUN mounts**
**--mount**=*type=TYPE,TYPE-SPECIFIC-OPTION[,...]*
Attach a filesystem mount to the container
Current supported mount TYPES are bind, cache, secret and tmpfs.
e.g.
mount=type=bind,source=/path/on/host,destination=/path/in/container
mount=type=tmpfs,tmpfs-size=512M,destination=/path/in/container
mount=type=secret,id=mysecret cat /run/secrets/mysecret
Common Options:
· src, source: mount source spec for bind and volume. Mandatory for bind. If `from` is specified, `src` is the subpath in the `from` field.
· dst, destination, target: mount destination spec.
· ro, read-only: true or false (default).
Options specific to bind:
· bind-propagation: shared, slave, private, rshared, rslave, or rprivate(default). See also mount(2).
. bind-nonrecursive: do not setup a recursive bind mount. By default it is recursive.
· from: stage or image name for the root of the source. Defaults to the build context.
Options specific to tmpfs:
· tmpfs-size: Size of the tmpfs mount in bytes. Unlimited by default in Linux.
· tmpfs-mode: File mode of the tmpfs in octal. (e.g. 700 or 0700.) Defaults to 1777 in Linux.
· tmpcopyup: Path that is shadowed by the tmpfs mount is recursively copied up to the tmpfs itself.
Options specific to cache:
· id: Create a separate cache directory for a particular id.
· mode: File mode for new cache directory in octal. Default 0755.
· ro, readonly: read only cache if set.
· uid: uid for cache directory.
· gid: gid for cache directory.
· from: stage name for the root of the source. Defaults to host cache directory.
**RUN Secrets**
The RUN command has a feature to allow the passing of secret information into the image build. These secrets files can be used during the RUN command but are not committed to the final image. The `RUN` command supports the `--mount` option to identify the secret file. A secret file from the host is mounted into the container while the image is being built.
Container engines pass secret the secret file into the build using the `--secret` flag.
**--mount**=*type=secret,TYPE-SPECIFIC-OPTION[,...]*
- `id` is the identifier for the secret passed into the `buildah bud --secret` or `podman build --secret`. This identifier is associated with the RUN --mount identifier to use in the Containerfile.
- `dst`|`target`|`destination` rename the secret file to a specific file in the Containerfile RUN command to use.
- `type=secret` tells the --mount command that it is mounting in a secret file
```
# shows secret from default secret location:
RUN --mount=type=secret,id=mysecret cat /run/secrets/mysecret
```
```
# shows secret from custom secret location:
RUN --mount=type=secret,id=mysecret,dst=/foobar cat /foobar
```
The secret needs to be passed to the build using the --secret flag. The final image built does not container the secret file:
```
buildah bud --no-cache --secret id=mysecret,src=mysecret.txt .
```
-- The **RUN** instruction executes any commands in a new layer on top of the current
image and commits the results. The committed image is used for the next step in
Containerfile.
-- Layering **RUN** instructions and generating commits conforms to the core
concepts of container engines where commits are cheap and containers can be created from
any point in the history of an image. This is similar to source control. The
exec form makes it possible to avoid shell string munging. The exec form makes
it possible to **RUN** commands using a base image that does not contain `/bin/sh`.
Note that the exec form is parsed as a JSON array, which means that you must
use double-quotes (") around words, not single-quotes (').
**CMD**
-- **CMD** has three forms:
```
# Executable form
CMD ["executable", "param1", "param2"]`
# Provide default arguments to ENTRYPOINT
CMD ["param1", "param2"]`
# the command is run in a shell - /bin/sh -c
CMD command param1 param2
```
-- There should be only one **CMD** in a Containerfile. If more than one **CMD** is listed, only
the last **CMD** takes effect.
The main purpose of a **CMD** is to provide defaults for an executing container.
These defaults may include an executable, or they can omit the executable. If
they omit the executable, an **ENTRYPOINT** must be specified.
When used in the shell or exec formats, the **CMD** instruction sets the command to
be executed when running the image.
If you use the shell form of the **CMD**, the `<command>` executes in `/bin/sh -c`:
Note that the exec form is parsed as a JSON array, which means that you must
use double-quotes (") around words, not single-quotes (').
```
FROM ubuntu
CMD echo "This is a test." | wc -
```
-- If you run **command** without a shell, then you must express the command as a
JSON array and give the full path to the executable. This array form is the
preferred form of **CMD**. All additional parameters must be individually expressed
as strings in the array:
```
FROM ubuntu
CMD ["/usr/bin/wc","--help"]
```
-- To make the container run the same executable every time, use **ENTRYPOINT** in
combination with **CMD**.
If the user specifies arguments to `podman run` or `docker run`, the specified commands
override the default in **CMD**.
Do not confuse **RUN** with **CMD**. **RUN** runs a command and commits the result.
**CMD** executes nothing at build time, but specifies the intended command for
the image.
**LABEL**
-- `LABEL <key>=<value> [<key>=<value> ...]`or
```
LABEL <key>[ <value>]
LABEL <key>[ <value>]
...
```
The **LABEL** instruction adds metadata to an image. A **LABEL** is a
key-value pair. To specify a **LABEL** without a value, simply use an empty
string. To include spaces within a **LABEL** value, use quotes and
backslashes as you would in command-line parsing.
```
LABEL com.example.vendor="ACME Incorporated"
LABEL com.example.vendor "ACME Incorporated"
LABEL com.example.vendor.is-beta ""
LABEL com.example.vendor.is-beta=
LABEL com.example.vendor.is-beta=""
```
An image can have more than one label. To specify multiple labels, separate
each key-value pair by a space.
Labels are additive including `LABEL`s in `FROM` images. As the system
encounters and then applies a new label, new `key`s override any previous
labels with identical keys.
To display an image's labels, use the `buildah inspect` command.
**EXPOSE**
-- `EXPOSE <port> [<port>...]`
The **EXPOSE** instruction informs the container engine that the container listens on the
specified network ports at runtime. The container engine uses this information to
interconnect containers using links and to set up port redirection on the host
system.
**ENV**
-- `ENV <key> <value>`
The **ENV** instruction sets the environment variable <key> to
the value `<value>`. This value is passed to all future
**RUN**, **ENTRYPOINT**, and **CMD** instructions. This is
functionally equivalent to prefixing the command with `<key>=<value>`. The
environment variables that are set with **ENV** persist when a container is run
from the resulting image. Use `podman inspect` to inspect these values, and
change them using `podman run --env <key>=<value>`.
Note that setting "`ENV DEBIAN_FRONTEND=noninteractive`" may cause
unintended consequences, because it will persist when the container is run
interactively, as with the following command: `podman run -t -i image bash`
**ADD**
-- **ADD** has two forms:
```
ADD <src> <dest>
# Required for paths with whitespace
ADD ["<src>",... "<dest>"]
```
The **ADD** instruction copies new files, directories
or remote file URLs to the filesystem of the container at path `<dest>`.
Multiple `<src>` resources may be specified but if they are files or directories
then they must be relative to the source directory that is being built
(the context of the build). The `<dest>` is the absolute path, or path relative
to **WORKDIR**, into which the source is copied inside the target container.
If the `<src>` argument is a local file in a recognized compression format
(tar, gzip, bzip2, etc) then it is unpacked at the specified `<dest>` in the
container's filesystem. Note that only local compressed files will be unpacked,
i.e., the URL download and archive unpacking features cannot be used together.
All new directories are created with mode 0755 and with the uid and gid of **0**.
**COPY**
-- **COPY** has two forms:
```
COPY <src> <dest>
# Required for paths with whitespace
COPY ["<src>",... "<dest>"]
```
The **COPY** instruction copies new files from `<src>` and
adds them to the filesystem of the container at path <dest>. The `<src>` must be
the path to a file or directory relative to the source directory that is
being built (the context of the build) or a remote file URL. The `<dest>` is an
absolute path, or a path relative to **WORKDIR**, into which the source will
be copied inside the target container. If you **COPY** an archive file it will
land in the container exactly as it appears in the build context without any
attempt to unpack it. All new files and directories are created with mode **0755**
and with the uid and gid of **0**.
**ENTRYPOINT**
-- **ENTRYPOINT** has two forms:
```
# executable form
ENTRYPOINT ["executable", "param1", "param2"]`
# run command in a shell - /bin/sh -c
ENTRYPOINT command param1 param2
```
-- An **ENTRYPOINT** helps you configure a
container that can be run as an executable. When you specify an **ENTRYPOINT**,
the whole container runs as if it was only that executable. The **ENTRYPOINT**
instruction adds an entry command that is not overwritten when arguments are
passed to `podman run`. This is different from the behavior of **CMD**. This allows
arguments to be passed to the entrypoint, for instance `podman run <image> -d`
passes the -d argument to the **ENTRYPOINT**. Specify parameters either in the
**ENTRYPOINT** JSON array (as in the preferred exec form above), or by using a **CMD**
statement. Parameters in the **ENTRYPOINT** are not overwritten by the `podman run` arguments. Parameters specified via **CMD** are overwritten by `podman run` arguments. Specify a plain string for the **ENTRYPOINT**, and it will execute in
`/bin/sh -c`, like a **CMD** instruction:
```
FROM ubuntu
ENTRYPOINT wc -l -
```
This means that the Containerfile's image always takes stdin as input (that's
what "-" means), and prints the number of lines (that's what "-l" means). To
make this optional but default, use a **CMD**:
```
FROM ubuntu
CMD ["-l", "-"]
ENTRYPOINT ["/usr/bin/wc"]
```
**VOLUME**
-- `VOLUME ["/data"]`
The **VOLUME** instruction creates a mount point with the specified name and marks
it as holding externally-mounted volumes from the native host or from other
containers.
**USER**
-- `USER daemon`
Sets the username or UID used for running subsequent commands.
The **USER** instruction can optionally be used to set the group or GID. The
following examples are all valid:
USER [user | user:group | uid | uid:gid | user:gid | uid:group ]
Until the **USER** instruction is set, instructions will be run as root. The USER
instruction can be used any number of times in a Containerfile, and will only affect
subsequent commands.
**WORKDIR**
-- `WORKDIR /path/to/workdir`
The **WORKDIR** instruction sets the working directory for the **RUN**, **CMD**,
**ENTRYPOINT**, **COPY** and **ADD** Containerfile commands that follow it. It can
be used multiple times in a single Containerfile. Relative paths are defined
relative to the path of the previous **WORKDIR** instruction. For example:
```
WORKDIR /a
WORKDIR b
WORKDIR c
RUN pwd
```
In the above example, the output of the **pwd** command is **a/b/c**.
**ARG**
-- ARG <name>[=<default value>]
The `ARG` instruction defines a variable that users can pass at build-time to
the builder with the `podman build` and `buildah build` commands using the
`--build-arg <varname>=<value>` flag. If a user specifies a build argument that
was not defined in the Containerfile, the build outputs a warning.
Note that a second FROM in a Containerfile sets the values associated with an
Arg variable to nil and they must be reset if they are to be used later in
the Containerfile
```
[Warning] One or more build-args [foo] were not consumed
```
The Containerfile author can define a single variable by specifying `ARG` once or many
variables by specifying `ARG` more than once. For example, a valid Containerfile:
```
FROM busybox
ARG user1
ARG buildno
...
```
A Containerfile author may optionally specify a default value for an `ARG` instruction:
```
FROM busybox
ARG user1=someuser
ARG buildno=1
...
```
If an `ARG` value has a default and if there is no value passed at build-time, the
builder uses the default.
An `ARG` variable definition comes into effect from the line on which it is
defined in the `Containerfile` not from the argument's use on the command-line or
elsewhere. For example, consider this Containerfile:
```
1 FROM busybox
2 USER ${user:-some_user}
3 ARG user
4 USER $user
...
```
A user builds this file by calling:
```
$ podman build --build-arg user=what_user Containerfile
```
The `USER` at line 2 evaluates to `some_user` as the `user` variable is defined on the
subsequent line 3. The `USER` at line 4 evaluates to `what_user` as `user` is
defined and the `what_user` value was passed on the command line. Prior to its definition by an
`ARG` instruction, any use of a variable results in an empty string.
> **Warning:** It is not recommended to use build-time variables for
> passing secrets like github keys, user credentials etc. Build-time variable
> values are visible to any user of the image with the `podman history` command.
You can use an `ARG` or an `ENV` instruction to specify variables that are
available to the `RUN` instruction. Environment variables defined using the
`ENV` instruction always override an `ARG` instruction of the same name. Consider
this Containerfile with an `ENV` and `ARG` instruction.
```
1 FROM ubuntu
2 ARG CONT_IMG_VER
3 ENV CONT_IMG_VER=v1.0.0
4 RUN echo $CONT_IMG_VER
```
Then, assume this image is built with this command:
```
$ podman build --build-arg CONT_IMG_VER=v2.0.1 Containerfile
```
In this case, the `RUN` instruction uses `v1.0.0` instead of the `ARG` setting
passed by the user:`v2.0.1` This behavior is similar to a shell
script where a locally scoped variable overrides the variables passed as
arguments or inherited from environment, from its point of definition.
Using the example above but a different `ENV` specification you can create more
useful interactions between `ARG` and `ENV` instructions:
```
1 FROM ubuntu
2 ARG CONT_IMG_VER
3 ENV CONT_IMG_VER=${CONT_IMG_VER:-v1.0.0}
4 RUN echo $CONT_IMG_VER
```
Unlike an `ARG` instruction, `ENV` values are always persisted in the built
image. Consider a `podman build` without the --build-arg flag:
```
$ podman build Containerfile
```
Using this Containerfile example, `CONT_IMG_VER` is still persisted in the image but
its value would be `v1.0.0` as it is the default set in line 3 by the `ENV` instruction.
The variable expansion technique in this example allows you to pass arguments
from the command line and persist them in the final image by leveraging the
`ENV` instruction. Variable expansion is only supported for [a limited set of
Containerfile instructions.](#environment-replacement)
Container engines have a set of predefined `ARG` variables that you can use without a
corresponding `ARG` instruction in the Containerfile.
* `HTTP_PROXY`
* `http_proxy`
* `HTTPS_PROXY`
* `https_proxy`
* `FTP_PROXY`
* `ftp_proxy`
* `NO_PROXY`
* `no_proxy`
* `ALL_PROXY`
* `all_proxy`
To use these, pass them on the command line using `--build-arg` flag, for
example:
```
$ podman build --build-arg HTTPS_PROXY=https://my-proxy.example.com .
```
**ONBUILD**
-- `ONBUILD [INSTRUCTION]`
The **ONBUILD** instruction adds a trigger instruction to an image. The
trigger is executed at a later time, when the image is used as the base for
another build. Container engines execute the trigger in the context of the downstream
build, as if the trigger existed immediately after the **FROM** instruction in
the downstream Containerfile.
You can register any build instruction as a trigger. A trigger is useful if
you are defining an image to use as a base for building other images. For
example, if you are defining an application build environment or a daemon that
is customized with a user-specific configuration.
Consider an image intended as a reusable python application builder. It must
add application source code to a particular directory, and might need a build
script called after that. You can't just call **ADD** and **RUN** now, because
you don't yet have access to the application source code, and it is different
for each application build.
-- Providing application developers with a boilerplate Containerfile to copy-paste
into their application is inefficient, error-prone, and
difficult to update because it mixes with application-specific code.
The solution is to use **ONBUILD** to register instructions in advance, to
run later, during the next build stage.
## SEE ALSO
buildah(1), podman(1), docker(1)
# HISTORY
```
May 2014, Compiled by Zac Dover (zdover at redhat dot com) based on docker.com Dockerfile documentation.
Feb 2015, updated by Brian Goff (cpuguy83@gmail.com) for readability
Sept 2015, updated by Sally O'Malley (somalley@redhat.com)
Oct 2016, updated by Addam Hardy (addam.hardy@gmail.com)
Aug 2021, converted Dockerfile man page to Containerfile by Dan Walsh (dwalsh@redhat.com)
```

87
SOURCES/containerignore.5.md Normal file
View File

@ -0,0 +1,87 @@
% ".containerignore" "28" "Sep 2021" "" "Container User Manuals"
# NAME
.containerignore(.dockerignore) - files to ignore buildah or podman build context directory
# INTRODUCTION
Before container engines build an image, they look for a file named .containerignore or .dockerignore in the root
context directory. If one of these file exists, the CLI modifies the context to exclude files and
directories that match patterns specified in the file. This avoids adding them to images using the ADD or COPY
instruction.
The CLI interprets the .containerignore or .dockerignore file as a newline-separated list of patterns similar to
the file globs of Unix shells. For the purposes of matching, the root of the context is considered to be both the
working and the root directory. For example, the patterns /foo/bar and foo/bar both exclude a file or directory
named bar in the foo subdirectory of PATH or in the root of the git repository located at URL. Neither excludes
anything else.
If a line in .containerignore or .dockerignore file starts with # in column 1, then this line is considered as a
comment and is ignored before interpreted by the CLI.
# EXAMPLES
Here is an example .containerignore file:
```
# comment
*/temp*
*/*/temp*
temp?
```
This file causes the following build behavior:
Rule Behavior
```
# comment Ignored.
*/temp* Exclude files and directories whose names start with temp in any immediate subdirectory of the root.
For example, the plain file /somedir/temporary.txt is excluded, as is the directory /somedir/temp.
*/*/temp* Exclude files and directories starting with temp from any subdirectory that is two levels below the
root. For example, /somedir/subdir/temporary.txt is excluded.
temp? Exclude files and directories in the root directory whose names are a one-character extension of temp. For example, /tempa and /tempb are excluded.
```
Matching is done using Gos filepath.Match rules. A preprocessing step removes leading and trailing whitespace and
eliminates . and .. elements using Gos filepath.Clean. Lines that are blank after preprocessing are ignored.
Beyond Gos filepath.Match rules, Docker also supports a special wildcard string ** that matches any number of
directories (including zero). For example, **/*.go will exclude all files that end with .go that are found in all
directories, including the root of the build context.
Lines starting with ! (exclamation mark) can be used to make exceptions to exclusions. The following is an example .containerignore file that uses this mechanism:
```
*.md
!README.md
```
All markdown files except README.md are excluded from the context.
The placement of ! exception rules influences the behavior: the last line of the .containerignore that matches a
particular file determines whether it is included or excluded. Consider the following example:
```
*.md
!README*.md
README-secret.md
```
No markdown files are included in the context except README files other than README-secret.md.
Now consider this example:
```
*.md
README-secret.md
!README*.md
```
All of the README files are included. The middle line has no effect because !README*.md matches README-secret.md and
comes last.
You can even use the .containerignore file to exclude the Containerfile or Dockerfile and .containerignore files.
These files are still sent to the daemon because it needs them to do its job. But the ADD and COPY instructions do
not copy them to the image.
Finally, you may want to specify which files to include in the context, rather than which to exclude. To achieve
this, specify * as the first pattern, followed by one or more ! exception patterns.
## SEE ALSO
buildah-build(1), podman-build(1), docker-build(1)
# HISTORY
*Sep 2021, Compiled by Dan Walsh (dwalsh at redhat dot com) based on docker.com .dockerignore documentation.

16
SOURCES/default.yaml
View File

@ -1,19 +1,19 @@
# This is a default registries.d configuration file. You may
# add to this file or create additional files in registries.d/.
#
# sigstore: indicates a location that is read and write
# sigstore-staging: indicates a location that is only for write
# lookaside: indicates a location that is read and write
# lookaside-staging: indicates a location that is only for write
#
# sigstore and sigstore-staging take a value of the following:
# sigstore: {schema}://location
# lookaside and lookaside-staging take a value of the following:
# lookaside: {schema}://location
#
# For reading signatures, schema may be http, https, or file.
# For writing signatures, schema may only be file.
# This is the default signature write location for docker registries.
default-docker:
# sigstore: file:///var/lib/containers/sigstore
sigstore-staging: file:///var/lib/containers/sigstore
# lookaside: file:///var/lib/containers/sigstore
lookaside-staging: file:///var/lib/containers/sigstore
# The 'docker' indicator here is the start of the configuration
# for docker registries.
@ -21,6 +21,6 @@ default-docker:
# docker:
#
# privateregistry.com:
# sigstore: http://privateregistry.com/sigstore/
# sigstore-staging: /mnt/nfs/privateregistry/sigstore
# lookaside: http://privateregistry.com/sigstore/
# lookaside-staging: /mnt/nfs/privateregistry/sigstore

1
SOURCES/pyxis.sh
View File

@ -73,5 +73,6 @@ for D in `cut -d\ -f1 /tmp/r.conf | sort | uniq -d`; do
fi
done
sed -i '/.*rhel.*-els\/.*$/d' /tmp/r.conf
echo "[aliases]" > 001-rhel-shortnames-pyxis.conf
sort /tmp/r.conf >> 001-rhel-shortnames-pyxis.conf

2
SOURCES/registries.conf
View File

@ -19,7 +19,7 @@
#
# # An array of host[:port] registries to try when pulling an unqualified image, in order.
unqualified-search-registries = ["registry.fedoraproject.org", "registry.access.redhat.com", "registry.centos.org", "docker.io"]
unqualified-search-registries = ["registry.access.redhat.com", "registry.redhat.io", "docker.io"]
# [[registry]]
# # The "prefix" field is used to choose the relevant [[registry]] TOML table;

9
SOURCES/shortnames.conf
View File

@ -10,11 +10,12 @@
"skopeo" = "quay.io/skopeo/stable"
"buildah" = "quay.io/buildah/stable"
"podman" = "quay.io/podman/stable"
"hello" = "quay.io/podman/hello"
"hello-world" = "quay.io/podman/hello"
# docker
"alpine" = "docker.io/library/alpine"
"docker" = "docker.io/library/docker"
"registry" = "docker.io/library/registry"
"hello-world" = "docker.io/library/hello-world"
"swarm" = "docker.io/library/swarm"
# Fedora
"fedora-minimal" = "registry.fedoraproject.org/fedora-minimal"
@ -72,6 +73,9 @@
"ubi8/ubi-minimal" = "registry.access.redhat.com/ubi8-minimal"
"ubi8/ubi-init" = "registry.access.redhat.com/ubi8-init"
"ubi8/ubi-micro" = "registry.access.redhat.com/ubi8-micro"
"ubi8/podman" = "registry.access.redhat.com/ubi8/podman"
"ubi8/buildah" = "registry.access.redhat.com/ubi8/buildah"
"ubi8/skopeo" = "registry.access.redhat.com/ubi8/skopeo"
"rhel9" = "registry.access.redhat.com/ubi9"
"rhel9-init" = "registry.access.redhat.com/ubi9-init"
"rhel9-minimal" = "registry.access.redhat.com/ubi9-minimal"
@ -84,6 +88,9 @@
"ubi9/ubi-minimal" = "registry.access.redhat.com/ubi9-minimal"
"ubi9/ubi-init" = "registry.access.redhat.com/ubi9-init"
"ubi9/ubi-micro" = "registry.access.redhat.com/ubi9-micro"
"ubi9/podman" = "registry.access.redhat.com/ubi9/podman"
"ubi9/buildah" = "registry.access.redhat.com/ubi9/buildah"
"ubi9/skopeo" = "registry.access.redhat.com/ubi9/skopeo"
# Rocky Linux
"rockylinux" = "docker.io/library/rockylinux"
# Debian

4
SOURCES/update.sh
View File

@ -25,14 +25,14 @@ ensure storage.conf driver \"overlay\"
ensure storage.conf mountopt \"nodev,metacopy=on\"
if pwd | grep rhel-8 > /dev/null
then
ensure registries.conf unqualified-search-registries [\"registry.fedoraproject.org\",\ \"registry.access.redhat.com\",\ \"registry.centos.org\",\ \"docker.io\"]
ensure registries.conf unqualified-search-registries [\"registry.access.redhat.com\",\ \"registry.redhat.io\",\ \"docker.io\"]
ensure registries.conf short-name-mode \"permissive\"
ensure containers.conf runtime \"runc\"
ensure containers.conf events_logger \"file\"
ensure containers.conf log_driver \"k8s-file\"
ensure containers.conf network_backend \"cni\"
else
ensure registries.conf unqualified-search-registries [\"registry.fedoraproject.org\",\ \"registry.access.redhat.com\",\ \"registry.centos.org\",\ \"quay.io\",\ \"docker.io\"]
ensure registries.conf unqualified-search-registries [\"registry.access.redhat.com\",\ \"registry.redhat.io\",\ \"docker.io\"]
ensure registries.conf short-name-mode \"enforcing\"
ensure containers.conf runtime \"crun\"
fi

84
SPECS/containers-common.spec
View File

@ -12,7 +12,7 @@
Epoch: 2
Name: containers-common
Version: 1
Release: 28%{?dist}
Release: 35%{?dist}
Summary: Common configuration and documentation for containers
License: ASL 2.0
BuildRequires: /usr/bin/go-md2man
@ -56,32 +56,36 @@ Source23: registry.redhat.io.yaml
#Source24: https://raw.githubusercontent.com/containers/skopeo/%%{skopeo_branch}/default-policy.json
Source24: default-policy.json
Source25: https://raw.githubusercontent.com/containers/skopeo/%{skopeo_branch}/default.yaml
# FIXME: fix the branch once these are available via regular c/common branch
Source26: https://raw.githubusercontent.com/containers/common/main/docs/Containerfile.5.md
Source27: https://raw.githubusercontent.com/containers/common/main/docs/containerignore.5.md
# scripts used for synchronization with upstream and shortname generation
Source100: update.sh
Source101: update-vendored.sh
Source102: pyxis.sh
%global aardvark_dns_version v1.0.1
%global aardvark_dns_branch v1.0.1-rhel
%global aardvark_dns_commit0 0a8eabf6f696f4f1ab14e5722578829362304e0b
%global aardvark_dns_version v1.0.3
#%%global aardvark_dns_branch v1.0.1-rhel
%global aardvark_dns_commit0 a92337b08fbd88c9eb10c1a5ebce2bf61aa59a7b
%global aardvark_dns_shortcommit0 %(c=%{aardvark_dns_commit0}; echo ${c:0:7})
%if 0%{?aardvark_dns_branch:1}
Source200: https://github.com/containers/aardvark-dns/tarball/%{aardvark_dns_commit0}/%{aardvark_dns_branch}-%{aardvark_dns_shortcommit0}.tar.gz
%else
Source200: https://github.com/containers/aardvark-dns/archive/%{aardvark_dns_commit0}/aardvark-dns-%{aardvark_dns_version}-%{aardvark_dns_shortcommit0}.tar.gz
%endif
Source201: https://github.com/containers/aardvark-dns/releases/download/%{aardvark_dns_version}/aardvark-dns-%{aardvark_dns_version}-rhel-vendor.tar.gz
Source201: https://github.com/containers/aardvark-dns/releases/download/%{aardvark_dns_version}/aardvark-dns-%{aardvark_dns_version}-vendor.tar.gz
%global netavark_version v1.0.1
%global netavark_branch v1.0.1-rhel
%global netavark_commit0 93af39418a38c9cc901816240c3e7ccb715108c0
%global netavark_version v1.0.3
#%%global netavark_branch v1.0.1-rhel
%global netavark_commit0 ec7efb85ef90db4a14c07cb003b65491f7eb4edf
%global netavark_shortcommit0 %(c=%{netavark_commit0}; echo ${c:0:7})
%if 0%{?netavark_branch:1}
Source300: https://github.com/containers/netavark/tarball/%{netavark_commit0}/%{netavark_branch}-%{netavark_shortcommit0}.tar.gz
%else
Source300: https://github.com/containers/netavark/archive/%{netavark_commit0}/netavark-%{netavark_version}-%{netavark_shortcommit0}.tar.gz
%endif
Source301: https://github.com/containers/netavark/releases/download/%{netavark_version}/netavark-%{netavark_version}-rhel-vendor.tar.gz
Source301: https://github.com/containers/netavark/releases/download/%{netavark_version}/netavark-%{netavark_version}-vendor.tar.gz
%description
This package contains common configuration files and documentation for container
@ -93,7 +97,7 @@ separately.
%package -n aardvark-dns
Version: 1.0.1
Release: 28%{?dist}
Release: 35%{?dist}
URL: https://github.com/containers/aardvark-dns
Summary: Authoritative DNS server for A/AAAA container records
License: ASL 2.0 and BSD and MIT
@ -113,7 +117,7 @@ Read more about configuration in `src/backend/mod.rs`.
%package -n netavark
Version: 1.0.1
Release: 28%{?dist}
Release: 35%{?dist}
URL: https://github.com/containers/netavark
Summary: OCI network stack
License: ASL 2.0 and BSD and MIT
@ -150,11 +154,7 @@ Its features include:
%prep
tar fx %{SOURCE200}
%if 0%{?aardvark_dns_branch:1}
pushd containers-aardvark-dns-%{aardvark_dns_shortcommit0}
%else
pushd aardvark-dns-%{aardvark_dns_commit0}
%endif
tar fx %{SOURCE201}
mkdir -p .cargo
cat >.cargo/config << EOF
@ -166,11 +166,7 @@ directory = "vendor"
EOF
popd
tar fx %{SOURCE300}
%if 0%{?netavark_branch:1}
pushd containers-netavark-%{netavark_shortcommit0}
%else
pushd netavark-%{netavark_commit0}
%endif
tar fx %{SOURCE301}
mkdir -p .cargo
cat >.cargo/config << EOF
@ -187,20 +183,12 @@ popd
export RUSTFLAGS="%{build_rustflags}"
%endif
%if 0%{?aardvark_dns_branch:1}
pushd containers-aardvark-dns-%{aardvark_dns_shortcommit0}
%else
pushd aardvark-dns-%{aardvark_dns_commit0}
%endif
%__scm_setup_git -q
%make_build build
popd
%if 0%{?netavark_branch:1}
pushd containers-netavark-%{netavark_shortcommit0}
%else
pushd netavark-%{netavark_commit0}
%endif
%__scm_setup_git -q
%make_build build
pushd docs
@ -210,19 +198,11 @@ popd
popd
%install
%if 0%{?aardvark_dns_branch:1}
pushd containers-aardvark-dns-%{aardvark_dns_shortcommit0}
%else
pushd aardvark-dns-%{aardvark_dns_commit0}
%endif
%{__make} DESTDIR=%{buildroot} PREFIX=%{_prefix} install
popd
%if 0%{?netavark_branch:1}
pushd containers-netavark-%{netavark_shortcommit0}
%else
pushd netavark-%{netavark_commit0}
%endif
%{__make} DESTDIR=%{buildroot} PREFIX=%{_prefix} install
popd
@ -258,6 +238,8 @@ go-md2man -in %{SOURCE12} -out %{buildroot}%{_mandir}/man5/containers-registries
go-md2man -in %{SOURCE14} -out %{buildroot}%{_mandir}/man5/containers.conf.5
go-md2man -in %{SOURCE15} -out %{buildroot}%{_mandir}/man5/containers-auth.json.5
go-md2man -in %{SOURCE16} -out %{buildroot}%{_mandir}/man5/containers-registries.conf.d.5
go-md2man -in %{SOURCE26} -out %{buildroot}%{_mandir}/man5/Containerfile.5
go-md2man -in %{SOURCE27} -out %{buildroot}%{_mandir}/man5/containerignore.5
install -dp %{buildroot}%{_datadir}/containers
install -m0644 %{SOURCE3} %{buildroot}%{_datadir}/containers/mounts.conf
@ -313,32 +295,36 @@ EOF
%{_datadir}/rhel/secrets/*
%files -n aardvark-dns
%license aardvark-dns-%{aardvark_dns_commit0}/LICENSE
%dir %{_libexecdir}/podman
%{_libexecdir}/podman/aardvark-dns
%files -n netavark
%license netavark-%{netavark_commit0}/LICENSE
%dir %{_libexecdir}/podman
%{_libexecdir}/podman/netavark
%{_mandir}/man1/netavark.1*
%changelog
* Fri Apr 01 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-28
- update vendored tarballs to avoid unwanted licenses
(thanks to Brent Baude)
- Related: #2065707
* Wed Jul 13 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-35
- update vendored components and configuration files
- Related: #2061390
* Thu Mar 31 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-28
- update vendored tarballs to avoid unwanted licenses
(thanks to Brent Baude)
- Related: #2065707
* Mon Jun 27 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-34
- update shortnames and be sure to remove rhel-els
- Related: #2061390
* Fri Mar 25 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-27
- remove broken license links from spec file
- Related: #2065707
* Thu Jun 09 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-33
- additional fix for unqualified registries
- Related: #2061390
* Thu Mar 24 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-26
- consume aardvark-dns and netavark off the v1.0.1-rhel branch
- Resolves: #2065707
* Wed May 11 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-26
- update vendored components and configuration files
- Related: #2061390
* Fri Apr 01 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-25
- update vendored components and configuration files
- Related: #2061390
* Mon Feb 28 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-23
- update to netavark and aardvark-dns 1.0.1