rpms/containers-common
7
0
Fork 0
Code Issues Pull Requests Releases Activity

containers-common-4:1-16

Browse Source 
- use latest configs from upstream

Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
This commit is contained in:
Lokesh Mandvekar 2021-04-12 08:59:58 -04:00
parent 32e1915f4e
commit c0dc80db85
3 changed files with 69 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

62
containers-common.spec
View File

@ -15,7 +15,7 @@
Epoch: 4 Epoch: 4
Name: containers-common Name: containers-common
Version: 1 Version: 1
Release: 15%{?dist} Release: 16%{?dist}
Summary: Common configuration and documentation for containers Summary: Common configuration and documentation for containers
License: ASL 2.0 License: ASL 2.0
BuildArch: noarch BuildArch: noarch
@ -52,6 +52,25 @@ which are vendored into Podman, Buildah, Skopeo, etc. but they are not packaged
separately. separately.
%prep %prep
cp %{SOURCE1} .
cp %{SOURCE2} .
cp %{SOURCE3} .
cp %{SOURCE4} .
cp %{SOURCE5} .
cp %{SOURCE6} .
cp %{SOURCE7} .
cp %{SOURCE8} .
cp %{SOURCE9} .
cp %{SOURCE10} .
cp %{SOURCE11} .
cp %{SOURCE12} .
cp %{SOURCE13} .
cp %{SOURCE14} .
cp %{SOURCE15} .
cp %{SOURCE16} .
cp %{SOURCE17} .
cp %{SOURCE18} .
cp %{SOURCE19} .
%build %build
@ -59,31 +78,31 @@ separately.
# install config and policy files for registries # install config and policy files for registries
install -dp %{buildroot}%{_sysconfdir}/containers/{certs.d,oci/hooks.d,registries.conf.d,registries.d} install -dp %{buildroot}%{_sysconfdir}/containers/{certs.d,oci/hooks.d,registries.conf.d,registries.d}
install -dp %{buildroot}%{_sharedstatedir}/containers/sigstore install -dp %{buildroot}%{_sharedstatedir}/containers/sigstore
install -m0644 %{_sourcedir}/default.yaml %{buildroot}%{_sysconfdir}/containers/registries.d/default.yaml install -m0644 default.yaml %{buildroot}%{_sysconfdir}/containers/registries.d/default.yaml
install -m0644 %{_sourcedir}/storage.conf %{buildroot}%{_sysconfdir}/containers/storage.conf install -m0644 storage.conf %{buildroot}%{_sysconfdir}/containers/storage.conf
install -m0644 %{_sourcedir}/registries.conf %{buildroot}%{_sysconfdir}/containers/registries.conf install -m0644 registries.conf %{buildroot}%{_sysconfdir}/containers/registries.conf
install -m0644 %{_sourcedir}/shortnames.conf %{buildroot}%{_sysconfdir}/containers/registries.conf.d/000-shortnames.conf install -m0644 shortnames.conf %{buildroot}%{_sysconfdir}/containers/registries.conf.d/000-shortnames.conf
install -m0644 %{_sourcedir}/default-policy.json %{buildroot}%{_sysconfdir}/containers/policy.json install -m0644 default-policy.json %{buildroot}%{_sysconfdir}/containers/policy.json
# install manpages # install manpages
install -dp %{buildroot}%{_mandir}/man5 install -dp %{buildroot}%{_mandir}/man5
go-md2man -in %{_sourcedir}/containers-storage.conf.5.md -out %{buildroot}%{_mandir}/man5/containers-storage.conf.5 go-md2man -in containers-storage.conf.5.md -out %{buildroot}%{_mandir}/man5/containers-storage.conf.5
go-md2man -in %{_sourcedir}/containers-registries.conf.5.md -out %{buildroot}%{_mandir}/man5/containers-registries.conf.5 go-md2man -in containers-registries.conf.5.md -out %{buildroot}%{_mandir}/man5/containers-registries.conf.5
go-md2man -in %{_sourcedir}/containers-policy.json.5.md -out %{buildroot}%{_mandir}/man5/containers-policy.json.5 go-md2man -in containers-policy.json.5.md -out %{buildroot}%{_mandir}/man5/containers-policy.json.5
go-md2man -in %{_sourcedir}/containers-mounts.conf.5.md -out %{buildroot}%{_mandir}/man5/containers-mounts.conf.5 go-md2man -in containers-mounts.conf.5.md -out %{buildroot}%{_mandir}/man5/containers-mounts.conf.5
go-md2man -in %{_sourcedir}/containers-signature.5.md -out %{buildroot}%{_mandir}/man5/containers-signature.5 go-md2man -in containers-signature.5.md -out %{buildroot}%{_mandir}/man5/containers-signature.5
go-md2man -in %{_sourcedir}/containers-transports.5.md -out %{buildroot}%{_mandir}/man5/containers-transports.5 go-md2man -in containers-transports.5.md -out %{buildroot}%{_mandir}/man5/containers-transports.5
go-md2man -in %{_sourcedir}/containers-certs.d.5.md -out %{buildroot}%{_mandir}/man5/containers-certs.d.5 go-md2man -in containers-certs.d.5.md -out %{buildroot}%{_mandir}/man5/containers-certs.d.5
go-md2man -in %{_sourcedir}/containers-registries.d.5.md -out %{buildroot}%{_mandir}/man5/containers-registries.d.5 go-md2man -in containers-registries.d.5.md -out %{buildroot}%{_mandir}/man5/containers-registries.d.5
go-md2man -in %{_sourcedir}/containers.conf.5.md -out %{buildroot}%{_mandir}/man5/containers.conf.5 go-md2man -in containers.conf.5.md -out %{buildroot}%{_mandir}/man5/containers.conf.5
go-md2man -in %{_sourcedir}/containers-auth.json.5.md -out %{buildroot}%{_mandir}/man5/containers-auth.json.5 go-md2man -in containers-auth.json.5.md -out %{buildroot}%{_mandir}/man5/containers-auth.json.5
go-md2man -in %{_sourcedir}/containers-registries.conf.d.5.md -out %{buildroot}%{_mandir}/man5/containers-registries.conf.d.5 go-md2man -in containers-registries.conf.d.5.md -out %{buildroot}%{_mandir}/man5/containers-registries.conf.d.5
# install config files for mounts, containers and seccomp # install config files for mounts, containers and seccomp
install -dp %{buildroot}%{_datadir}/containers install -dp %{buildroot}%{_datadir}/containers
install -m0644 %{_sourcedir}/mounts.conf %{buildroot}%{_datadir}/containers/mounts.conf install -m0644 mounts.conf %{buildroot}%{_datadir}/containers/mounts.conf
install -m0644 %{_sourcedir}/seccomp.json %{buildroot}%{_datadir}/containers/seccomp.json install -m0644 seccomp.json %{buildroot}%{_datadir}/containers/seccomp.json
install -m0644 %{_sourcedir}/containers.conf %{buildroot}%{_datadir}/containers/containers.conf install -m0644 containers.conf %{buildroot}%{_datadir}/containers/containers.conf
# install secrets patch directory # install secrets patch directory
install -d -p -m 755 %{buildroot}/%{_datadir}/rhel/secrets install -d -p -m 755 %{buildroot}/%{_datadir}/rhel/secrets
@ -115,6 +134,9 @@ ln -s %{_sysconfdir}/yum.repos.d/redhat.repo %{buildroot}%{_datadir}/rhel/secret
%{_datadir}/rhel/secrets/* %{_datadir}/rhel/secrets/*
%changelog %changelog
* Mon Apr 12 2021 Lokesh Mandvekar <lsm5@fedoraproject.org> - 4:1-16
- use latest configs from upstream
* Fri Apr 09 2021 Lokesh Mandvekar <lsm5@fedoraproject.org> - 4:1-15 * Fri Apr 09 2021 Lokesh Mandvekar <lsm5@fedoraproject.org> - 4:1-15
- pull latest files from upstream - pull latest files from upstream

20
containers-registries.conf.5.md
View File

@ -34,10 +34,15 @@ Given an image name, a single `[[registry]]` TOML table is chosen based on its `
- _host_[`:`_port_]`/`_namespace_[`/`_namespace_…] - _host_[`:`_port_]`/`_namespace_[`/`_namespace_…]
- _host_[`:`_port_]`/`_namespace_[`/`_namespace_…]`/`_repo_ - _host_[`:`_port_]`/`_namespace_[`/`_namespace_…]`/`_repo_
- _host_[`:`_port_]`/`_namespace_[`/`_namespace_…]`/`_repo_(`:`_tag|`@`_digest_) - _host_[`:`_port_]`/`_namespace_[`/`_namespace_…]`/`_repo_(`:`_tag|`@`_digest_)
- [`*.`]_host_
The user-specified image name must start with the specified `prefix` (and continue The user-specified image name must start with the specified `prefix` (and continue
with the appropriate separator) for a particular `[[registry]]` TOML table to be with the appropriate separator) for a particular `[[registry]]` TOML table to be
considered; (only) the TOML table with the longest match is used. considered; (only) the TOML table with the longest match is used. It can
also include wildcarded subdomains in the format `*.example.com` along as mentioned
above. The wildcard should only be present at the beginning as shown in the formats
above. Other cases will not work. For example, `*.example.com` is valid but
`example.*.com`, `*.example.com/foo` and `*.example.com:5000/foo/bar:baz` are not.
As a special case, the `prefix` field can be missing; if so, it defaults to the value As a special case, the `prefix` field can be missing; if so, it defaults to the value
of the `location` field (described below). of the `location` field (described below).
@ -77,6 +82,19 @@ internet without having to change `Dockerfile`s, or to add redundancy).
requests for the image `example.com/foo/myimage:latest` will actually work with the requests for the image `example.com/foo/myimage:latest` will actually work with the
`internal-registry-for-example.net/bar/myimage:latest` image. `internal-registry-for-example.net/bar/myimage:latest` image.
With a `prefix` containing a wildcard in the format: "*.example.com" for subdomain matching,
the location can be empty. In such a case,
prefix matching will occur, but no reference rewrite will occur. The
original requested image string will be used as-is. But other settings like
`insecure` / `blocked` / `mirrors` will be applied to matching images.
Example: Given
```
prefix = "*.example.com"
```
requests for the image `blah.example.com/foo/myimage:latest` will be used
as-is. But other settings like insecure/blocked/mirrors will be applied to matching images
`mirror` `mirror`
: An array of TOML tables specifying (possibly-partial) mirrors for the : An array of TOML tables specifying (possibly-partial) mirrors for the
`prefix`-rooted namespace. `prefix`-rooted namespace.

9
registries.conf
View File

@ -24,6 +24,9 @@ unqualified-search-registries = ["registry.fedoraproject.org", "registry.access.
# # The "prefix" field is used to choose the relevant [[registry]] TOML table; # # The "prefix" field is used to choose the relevant [[registry]] TOML table;
# # (only) the TOML table with the longest match for the input image name # # (only) the TOML table with the longest match for the input image name
# # (taking into account namespace/repo/tag/digest separators) is used. # # (taking into account namespace/repo/tag/digest separators) is used.
# #
# # The prefix can also be of the form: *.example.com for wildcard subdomain
# # matching.
# # # #
# # If the prefix field is missing, it defaults to be the same as the "location" field. # # If the prefix field is missing, it defaults to be the same as the "location" field.
# prefix = "example.com/foo" # prefix = "example.com/foo"
@ -37,7 +40,7 @@ unqualified-search-registries = ["registry.fedoraproject.org", "registry.access.
# #
# # The physical location of the "prefix"-rooted namespace. # # The physical location of the "prefix"-rooted namespace.
# # # #
# # By default, this equal to "prefix" (in which case "prefix" can be omitted # # By default, this is equal to "prefix" (in which case "prefix" can be omitted
# # and the [[registry]] TOML table can only specify "location"). # # and the [[registry]] TOML table can only specify "location").
# # # #
# # Example: Given # # Example: Given
@ -45,6 +48,10 @@ unqualified-search-registries = ["registry.fedoraproject.org", "registry.access.
# # location = "internal-registry-for-example.net/bar" # # location = "internal-registry-for-example.net/bar"
# # requests for the image example.com/foo/myimage:latest will actually work with the # # requests for the image example.com/foo/myimage:latest will actually work with the
# # internal-registry-for-example.net/bar/myimage:latest image. # # internal-registry-for-example.net/bar/myimage:latest image.
#
# # The location can be empty iff prefix is in a
# # wildcarded format: "*.example.com". In this case, the input reference will
# # be used as-is without any rewrite.
# location = internal-registry-for-example.com/bar" # location = internal-registry-for-example.com/bar"
# #
# # (Possibly-partial) mirrors for the "prefix"-rooted namespace. # # (Possibly-partial) mirrors for the "prefix"-rooted namespace.