containers-common-4:1-16
- use latest configs from upstream Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
This commit is contained in:
parent
32e1915f4e
commit
c0dc80db85
@ -15,7 +15,7 @@
|
||||
Epoch: 4
|
||||
Name: containers-common
|
||||
Version: 1
|
||||
Release: 15%{?dist}
|
||||
Release: 16%{?dist}
|
||||
Summary: Common configuration and documentation for containers
|
||||
License: ASL 2.0
|
||||
BuildArch: noarch
|
||||
@ -52,6 +52,25 @@ which are vendored into Podman, Buildah, Skopeo, etc. but they are not packaged
|
||||
separately.
|
||||
|
||||
%prep
|
||||
cp %{SOURCE1} .
|
||||
cp %{SOURCE2} .
|
||||
cp %{SOURCE3} .
|
||||
cp %{SOURCE4} .
|
||||
cp %{SOURCE5} .
|
||||
cp %{SOURCE6} .
|
||||
cp %{SOURCE7} .
|
||||
cp %{SOURCE8} .
|
||||
cp %{SOURCE9} .
|
||||
cp %{SOURCE10} .
|
||||
cp %{SOURCE11} .
|
||||
cp %{SOURCE12} .
|
||||
cp %{SOURCE13} .
|
||||
cp %{SOURCE14} .
|
||||
cp %{SOURCE15} .
|
||||
cp %{SOURCE16} .
|
||||
cp %{SOURCE17} .
|
||||
cp %{SOURCE18} .
|
||||
cp %{SOURCE19} .
|
||||
|
||||
%build
|
||||
|
||||
@ -59,31 +78,31 @@ separately.
|
||||
# install config and policy files for registries
|
||||
install -dp %{buildroot}%{_sysconfdir}/containers/{certs.d,oci/hooks.d,registries.conf.d,registries.d}
|
||||
install -dp %{buildroot}%{_sharedstatedir}/containers/sigstore
|
||||
install -m0644 %{_sourcedir}/default.yaml %{buildroot}%{_sysconfdir}/containers/registries.d/default.yaml
|
||||
install -m0644 %{_sourcedir}/storage.conf %{buildroot}%{_sysconfdir}/containers/storage.conf
|
||||
install -m0644 %{_sourcedir}/registries.conf %{buildroot}%{_sysconfdir}/containers/registries.conf
|
||||
install -m0644 %{_sourcedir}/shortnames.conf %{buildroot}%{_sysconfdir}/containers/registries.conf.d/000-shortnames.conf
|
||||
install -m0644 %{_sourcedir}/default-policy.json %{buildroot}%{_sysconfdir}/containers/policy.json
|
||||
install -m0644 default.yaml %{buildroot}%{_sysconfdir}/containers/registries.d/default.yaml
|
||||
install -m0644 storage.conf %{buildroot}%{_sysconfdir}/containers/storage.conf
|
||||
install -m0644 registries.conf %{buildroot}%{_sysconfdir}/containers/registries.conf
|
||||
install -m0644 shortnames.conf %{buildroot}%{_sysconfdir}/containers/registries.conf.d/000-shortnames.conf
|
||||
install -m0644 default-policy.json %{buildroot}%{_sysconfdir}/containers/policy.json
|
||||
|
||||
# install manpages
|
||||
install -dp %{buildroot}%{_mandir}/man5
|
||||
go-md2man -in %{_sourcedir}/containers-storage.conf.5.md -out %{buildroot}%{_mandir}/man5/containers-storage.conf.5
|
||||
go-md2man -in %{_sourcedir}/containers-registries.conf.5.md -out %{buildroot}%{_mandir}/man5/containers-registries.conf.5
|
||||
go-md2man -in %{_sourcedir}/containers-policy.json.5.md -out %{buildroot}%{_mandir}/man5/containers-policy.json.5
|
||||
go-md2man -in %{_sourcedir}/containers-mounts.conf.5.md -out %{buildroot}%{_mandir}/man5/containers-mounts.conf.5
|
||||
go-md2man -in %{_sourcedir}/containers-signature.5.md -out %{buildroot}%{_mandir}/man5/containers-signature.5
|
||||
go-md2man -in %{_sourcedir}/containers-transports.5.md -out %{buildroot}%{_mandir}/man5/containers-transports.5
|
||||
go-md2man -in %{_sourcedir}/containers-certs.d.5.md -out %{buildroot}%{_mandir}/man5/containers-certs.d.5
|
||||
go-md2man -in %{_sourcedir}/containers-registries.d.5.md -out %{buildroot}%{_mandir}/man5/containers-registries.d.5
|
||||
go-md2man -in %{_sourcedir}/containers.conf.5.md -out %{buildroot}%{_mandir}/man5/containers.conf.5
|
||||
go-md2man -in %{_sourcedir}/containers-auth.json.5.md -out %{buildroot}%{_mandir}/man5/containers-auth.json.5
|
||||
go-md2man -in %{_sourcedir}/containers-registries.conf.d.5.md -out %{buildroot}%{_mandir}/man5/containers-registries.conf.d.5
|
||||
go-md2man -in containers-storage.conf.5.md -out %{buildroot}%{_mandir}/man5/containers-storage.conf.5
|
||||
go-md2man -in containers-registries.conf.5.md -out %{buildroot}%{_mandir}/man5/containers-registries.conf.5
|
||||
go-md2man -in containers-policy.json.5.md -out %{buildroot}%{_mandir}/man5/containers-policy.json.5
|
||||
go-md2man -in containers-mounts.conf.5.md -out %{buildroot}%{_mandir}/man5/containers-mounts.conf.5
|
||||
go-md2man -in containers-signature.5.md -out %{buildroot}%{_mandir}/man5/containers-signature.5
|
||||
go-md2man -in containers-transports.5.md -out %{buildroot}%{_mandir}/man5/containers-transports.5
|
||||
go-md2man -in containers-certs.d.5.md -out %{buildroot}%{_mandir}/man5/containers-certs.d.5
|
||||
go-md2man -in containers-registries.d.5.md -out %{buildroot}%{_mandir}/man5/containers-registries.d.5
|
||||
go-md2man -in containers.conf.5.md -out %{buildroot}%{_mandir}/man5/containers.conf.5
|
||||
go-md2man -in containers-auth.json.5.md -out %{buildroot}%{_mandir}/man5/containers-auth.json.5
|
||||
go-md2man -in containers-registries.conf.d.5.md -out %{buildroot}%{_mandir}/man5/containers-registries.conf.d.5
|
||||
|
||||
# install config files for mounts, containers and seccomp
|
||||
install -dp %{buildroot}%{_datadir}/containers
|
||||
install -m0644 %{_sourcedir}/mounts.conf %{buildroot}%{_datadir}/containers/mounts.conf
|
||||
install -m0644 %{_sourcedir}/seccomp.json %{buildroot}%{_datadir}/containers/seccomp.json
|
||||
install -m0644 %{_sourcedir}/containers.conf %{buildroot}%{_datadir}/containers/containers.conf
|
||||
install -m0644 mounts.conf %{buildroot}%{_datadir}/containers/mounts.conf
|
||||
install -m0644 seccomp.json %{buildroot}%{_datadir}/containers/seccomp.json
|
||||
install -m0644 containers.conf %{buildroot}%{_datadir}/containers/containers.conf
|
||||
|
||||
# install secrets patch directory
|
||||
install -d -p -m 755 %{buildroot}/%{_datadir}/rhel/secrets
|
||||
@ -115,6 +134,9 @@ ln -s %{_sysconfdir}/yum.repos.d/redhat.repo %{buildroot}%{_datadir}/rhel/secret
|
||||
%{_datadir}/rhel/secrets/*
|
||||
|
||||
%changelog
|
||||
* Mon Apr 12 2021 Lokesh Mandvekar <lsm5@fedoraproject.org> - 4:1-16
|
||||
- use latest configs from upstream
|
||||
|
||||
* Fri Apr 09 2021 Lokesh Mandvekar <lsm5@fedoraproject.org> - 4:1-15
|
||||
- pull latest files from upstream
|
||||
|
||||
|
@ -34,10 +34,15 @@ Given an image name, a single `[[registry]]` TOML table is chosen based on its `
|
||||
- _host_[`:`_port_]`/`_namespace_[`/`_namespace_…]
|
||||
- _host_[`:`_port_]`/`_namespace_[`/`_namespace_…]`/`_repo_
|
||||
- _host_[`:`_port_]`/`_namespace_[`/`_namespace_…]`/`_repo_(`:`_tag|`@`_digest_)
|
||||
- [`*.`]_host_
|
||||
|
||||
The user-specified image name must start with the specified `prefix` (and continue
|
||||
with the appropriate separator) for a particular `[[registry]]` TOML table to be
|
||||
considered; (only) the TOML table with the longest match is used.
|
||||
considered; (only) the TOML table with the longest match is used. It can
|
||||
also include wildcarded subdomains in the format `*.example.com` along as mentioned
|
||||
above. The wildcard should only be present at the beginning as shown in the formats
|
||||
above. Other cases will not work. For example, `*.example.com` is valid but
|
||||
`example.*.com`, `*.example.com/foo` and `*.example.com:5000/foo/bar:baz` are not.
|
||||
|
||||
As a special case, the `prefix` field can be missing; if so, it defaults to the value
|
||||
of the `location` field (described below).
|
||||
@ -77,6 +82,19 @@ internet without having to change `Dockerfile`s, or to add redundancy).
|
||||
requests for the image `example.com/foo/myimage:latest` will actually work with the
|
||||
`internal-registry-for-example.net/bar/myimage:latest` image.
|
||||
|
||||
With a `prefix` containing a wildcard in the format: "*.example.com" for subdomain matching,
|
||||
the location can be empty. In such a case,
|
||||
prefix matching will occur, but no reference rewrite will occur. The
|
||||
original requested image string will be used as-is. But other settings like
|
||||
`insecure` / `blocked` / `mirrors` will be applied to matching images.
|
||||
|
||||
Example: Given
|
||||
```
|
||||
prefix = "*.example.com"
|
||||
```
|
||||
requests for the image `blah.example.com/foo/myimage:latest` will be used
|
||||
as-is. But other settings like insecure/blocked/mirrors will be applied to matching images
|
||||
|
||||
`mirror`
|
||||
: An array of TOML tables specifying (possibly-partial) mirrors for the
|
||||
`prefix`-rooted namespace.
|
||||
|
@ -24,6 +24,9 @@ unqualified-search-registries = ["registry.fedoraproject.org", "registry.access.
|
||||
# # The "prefix" field is used to choose the relevant [[registry]] TOML table;
|
||||
# # (only) the TOML table with the longest match for the input image name
|
||||
# # (taking into account namespace/repo/tag/digest separators) is used.
|
||||
# #
|
||||
# # The prefix can also be of the form: *.example.com for wildcard subdomain
|
||||
# # matching.
|
||||
# #
|
||||
# # If the prefix field is missing, it defaults to be the same as the "location" field.
|
||||
# prefix = "example.com/foo"
|
||||
@ -37,7 +40,7 @@ unqualified-search-registries = ["registry.fedoraproject.org", "registry.access.
|
||||
#
|
||||
# # The physical location of the "prefix"-rooted namespace.
|
||||
# #
|
||||
# # By default, this equal to "prefix" (in which case "prefix" can be omitted
|
||||
# # By default, this is equal to "prefix" (in which case "prefix" can be omitted
|
||||
# # and the [[registry]] TOML table can only specify "location").
|
||||
# #
|
||||
# # Example: Given
|
||||
@ -45,6 +48,10 @@ unqualified-search-registries = ["registry.fedoraproject.org", "registry.access.
|
||||
# # location = "internal-registry-for-example.net/bar"
|
||||
# # requests for the image example.com/foo/myimage:latest will actually work with the
|
||||
# # internal-registry-for-example.net/bar/myimage:latest image.
|
||||
#
|
||||
# # The location can be empty iff prefix is in a
|
||||
# # wildcarded format: "*.example.com". In this case, the input reference will
|
||||
# # be used as-is without any rewrite.
|
||||
# location = internal-registry-for-example.com/bar"
|
||||
#
|
||||
# # (Possibly-partial) mirrors for the "prefix"-rooted namespace.
|
||||
|
Loading…
Reference in New Issue
Block a user