.gitignore

@@ -0,0 +1 @@
+/*.tar.gz

containers-common.spec

@@ -12,11 +12,9 @@
 Epoch: 2
 Name: containers-common
 Version: 1
-Release: 81%{?dist}
+Release: 90%{?dist}
 Summary: Common configuration and documentation for containers
 License: ASL 2.0
-# arch limitation because of go-md2man (missing on i686)
-# https://fedoraproject.org/wiki/PackagingDrafts/Go#Go_Language_Architectures
 ExclusiveArch: %{go_arches}
 BuildRequires: /usr/bin/go-md2man
 Provides: skopeo-containers = %{epoch}:%{version}-%{release}
@@ -175,253 +173,264 @@ EOF
 %{_datadir}/rhel/secrets/*
 
 %changelog
-* Wed Feb 14 2024 Jindrich Novy <jnovy@redhat.com> - 2:1-81
-- Update shortnames from Pyxis
-- Related: Jira:RHEL-2110
+* Fri Apr 05 2024 Lokesh Mandvekar <lsm5@redhat.com> - 2:1-90
+- Bump release to way higher than rhel 8.10 to preserve upgrade path
+- Related: Jira:RHEL-31950
 
-* Mon Feb 12 2024 Jindrich Novy <jnovy@redhat.com> - 2:1-80
-- bump release to preserve upgrade path
-- Resolves: Jira:RHEL-12277
+* Wed Feb 14 2024 Jindrich Novy <jnovy@redhat.com> - 2:1-62
+- regenerate shortnames from Pyxis and update vendored components
+- Related: Jira:RHEL-2112
 
-* Thu Feb 08 2024 Jindrich Novy <jnovy@redhat.com> - 2:1-59
+* Thu Feb 08 2024 Jindrich Novy <jnovy@redhat.com> - 2:1-61
 - update vendored components
-- Related: Jira:RHEL-2110
+- Related: Jira:RHEL-2112
 
-* Tue Jan 02 2024 Jindrich Novy <jnovy@redhat.com> - 2:1-58
-- update vendored components
-- Related: Jira:RHEL-2110
+* Tue Jan 02 2024 Jindrich Novy <jnovy@redhat.com> - 2:1-60
+- Update vendored components
+- Related: Jira:RHEL-2112
 
-* Wed Oct 11 2023 Jindrich Novy <jnovy@redhat.com> - 2:1-57
-- fix shortnames for rhel-minimal
-- Related: Jira:RHEL-2110
+* Wed Oct 11 2023 Jindrich Novy <jnovy@redhat.com> - 2:1-59
+- fix shortnames
+- Related: Jira:RHEL-2112
 
-* Fri Sep 15 2023 Jindrich Novy <jnovy@redhat.com> - 2:1-56
+* Thu Sep 14 2023 Jindrich Novy <jnovy@redhat.com> - 2:1-58
 - implement GPG auto updating mechanism from redhat-release
-- Resolves: #RHEL-2110
+- Resolves: #RHEL-3164
 
-* Wed Sep 13 2023 Jindrich Novy <jnovy@redhat.com> - 2:1-55
+* Wed Sep 13 2023 Jindrich Novy <jnovy@redhat.com> - 2:1-57
 - update GPG keys to the current content of redhat-release
 - Resolves: #RHEL-3164
 
-* Fri Aug 25 2023 Jindrich Novy <jnovy@redhat.com> - 2:1-54
+* Fri Aug 25 2023 Jindrich Novy <jnovy@redhat.com> - 2:1-56
 - update vendored components and shortnames
-- Related: #2176055
+- Related: #2176063
 
-* Mon Jul 10 2023 Jindrich Novy <jnovy@redhat.com> - 2:1-53
+* Wed Jul 19 2023 Jindrich Novy <jnovy@redhat.com> - 2:1-55
+- fix vendoring script
+- Related: #2176063
+
+* Mon Jul 10 2023 Jindrich Novy <jnovy@redhat.com> - 2:1-54
 - update vendored components
-- Related: #2176055
+- Related: #2176063
 
-* Sat Jul 08 2023 Jindrich Novy <jnovy@redhat.com> - 2:1-52
+* Tue Jun 20 2023 Jindrich Novy <jnovy@redhat.com> - 2:1-53
+- rebuild
+- Resolves: #2178263
+
+* Fri Apr 21 2023 Jindrich Novy <jnovy@redhat.com> - 2:1-52
 - update vendored components
-- Related: #2176055
+- Related: #2176063
 
-* Tue Mar 21 2023 Jindrich Novy <jnovy@redhat.com> - 2:1-51
-- be sure default_capabilities contain SYS_CHROOT
-- Resolves: #2166195
+* Fri Mar 24 2023 Jindrich Novy <jnovy@redhat.com> - 2:1-51
+- regenerate shortnames, vendored components + fix pyxis script
+- Related: #2176063
 
-* Thu Mar 09 2023 Jindrich Novy <jnovy@redhat.com> - 2:1-50
+* Wed Feb 22 2023 Jindrich Novy <jnovy@redhat.com> - 2:1-50
 - improve shortnames generation
-- Related: #2176055
+- Related: #2124478
 
-* Mon Jan 02 2023 Jindrich Novy <jnovy@redhat.com> - 2:1-49
+* Tue Jan 31 2023 Jindrich Novy <jnovy@redhat.com> - 2:1-49
+- add missing systemd directories
+- Related: #2124478
+
+* Mon Jan 30 2023 Jindrich Novy <jnovy@redhat.com> - 2:1-48
 - update vendored components and configuration files
-- Related: #2123641
+- Related: #2124478
 
-* Fri Dec 02 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-48
-- update vendored components and configuration files
-- Related: #2123641
+* Thu Jan 05 2023 Jindrich Novy <jnovy@redhat.com> - 2:1-47
+- update vendored components, regenerate pyxis
+- Related: #2124478
 
-* Mon Nov 14 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-47
-- enable NET_RAW capability for RHEL8 only
-- Related: #2123641
-
-* Tue Nov 08 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-46
-- update vendored components and configuration files
-- Related: #2123641
+* Thu Nov 10 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-46
+- The NET_RAW capability was required in RHEL8 but no longer required in RHEL9
+- Resolves: #2141531
 
 * Fri Oct 21 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-45
-- update vendored components and configuration files
-- Related: #2123641
-
-* Mon Oct 17 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-44
-- update vendored components and configuration files
-- Related: #2123641
-
-* Thu Oct 06 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-43
-- update vendored components and configuration files
-- Related: #2123641
-
-* Wed Sep 21 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-42
-- update vendored components and configuration files
-- Related: #2123641
-
-* Tue Sep 06 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-41
 - add beta GPG key
-- Related: #2123641
+- Related: #2124478
 
-* Tue Aug 23 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-40
+* Tue Aug 23 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-44
+- exclude non-go arches because of go-md2man
+- Related: #2061316
+
+* Tue Aug 23 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-43
 - add beta keys to default-policy.json
-- Related: #2061390
+- Related: #2061316
 
-* Mon Aug 08 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-39
+* Mon Aug 08 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-42
 - update shortnames
-- Related: #2061390
+- Related: #2061316
 
-* Thu Aug 04 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-38
-- arch limitation because of go-md2man (missing on i686)
-- Related: #2061390
-
-* Wed Aug 03 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-37
-- add install section
+* Wed Aug 03 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-41
+- drop aardvark-dns and netavark - packaged separately
 - update vendored components
-- Related: #2061390
+- Related: #2061316
 
-* Wed Aug 03 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-36
-- remove aardvark-dns and netavark - packaged separately
-- update vendored components and configuration files
-- Related: #2061390
-
-* Tue Jul 26 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-35
-- update vendored components and configuration files
-- Related: #2061390
-
-* Mon Jun 27 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-34
+* Mon Jun 27 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-40
 - remove rhel-els and update shortnames
-- Related: #2061390
+- Related: #2061316
 
-* Thu Jun 16 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-33
+* Tue Jun 14 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-39
 - update shortnames
-- Related: #2061390
+- Related: #2061316
 
-* Thu Jun 09 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-32
-- additional fix for unqualified registries
-- Related: #2061390
+* Thu Jun 09 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-38
+- fix unqualified registries in registries.conf generation code
+- Related: #2088139
 
-* Thu Jun 09 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-31
-- fix unqualified registries
-- Related: #2061390
-
-* Thu Jun 09 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-30
-- update vendored components and configuration files
-- Related: #2061390
-
-* Mon May 23 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-29
+* Mon May 23 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-37
 - update unqualified registries list
-- Related: #2061390
+- Related: #2088139
 
-* Mon May 09 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-28
+* Mon May 09 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-36
 - update aardvark-dns and netavark to 1.0.3
 - update vendored components
-- Related: #2061390
+- Related: #2061316
 
-* Fri Apr 22 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-27
-- add man page sources too
-- Related: #2061390
-
-* Wed Apr 20 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-26
+* Wed Apr 20 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-35
 - add missing man pages from Fedora
-- Related: #2061390
+- Related: #2061316
 
-* Wed Apr 06 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-25
-- allow consuming aardvark-dns and netavark from upstream branch
-- Related: #2061390
-
-* Wed Apr 06 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-24
+* Wed Apr 06 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-34
 - update to netavark and aardvark-dns 1.0.2
 - update vendored components
-- Related: #2061390
+- Related: #2061316
 
-* Mon Feb 28 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-23
+* Mon Mar 21 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-33
+- allow consuming aardvark-dns and netavark from upstream branches
+- Related: #2061316
+
+* Mon Feb 28 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-32
+- build rust packages with RUSTFLAGS set to make ExecShield happy (Lokesh Mandvekar)
+- Related: #2000051
+
+* Mon Feb 28 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-31
 - update to netavark and aardvark-dns 1.0.1
-- Related: #2001445
+- Related: #2000051
 
-* Wed Feb 23 2022 Lokesh Mandvekar <lsm5@redhat.com> - 2:1-22
-- build rust packages with RUSTFLAGS set to make ExecShield happy
-- Related: #2001445
+* Wed Feb 23 2022 Lokesh Mandvekar <lsm5@redhat.com> - 2:1-30
+- archful package should conflict with older noarch package
+- Related: #2000051
 
-* Mon Feb 21 2022 Lokesh Mandvekar <lsm5@redhat.com> - 2:1-21
+* Tue Feb 22 2022 Lokesh Mandvekar <lsm5@redhat.com> - 2:1-29
+- consistent release tags for all packages
+- Related: #2000051
+
+* Tue Feb 22 2022 Lokesh Mandvekar <lsm5@redhat.com> - 2:1-28
+- main package should obsolete noarch versions upto 2:1-22
+- Related: #2000051
+
+* Mon Feb 21 2022 Lokesh Mandvekar <lsm5@redhat.com> - 2:1-27
 - do not specify infra_image in containers.conf
 - needed to resolve gating test failures
-- Related: #2001445
+- Related: #2000051
 
-* Fri Feb 18 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-20
+* Sat Feb 19 2022 Lokesh Mandvekar <lsm5@redhat.com> - 2:1-26
+- aardvark-dns built for same arches as netavark
+- Related: #2000051
+
+* Sat Feb 19 2022 Lokesh Mandvekar <lsm5@redhat.com> - 2:1-25
+- build netavark only for podman's arches
+- i686 can't find go-md2man which causes the build to fail otherwise
+- Related: #2000051
+
+* Fri Feb 18 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-24
 - update to netavark-1.0.0 and aardvark-dns-1.0.0
-- Related: #2001445
+- Related: #2000051
 
-* Thu Feb 17 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-19
+* Thu Feb 17 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-23
 - package aarvark-dns and netavark as part of the containers-common
-- Related: #2001445
+- Related: #2000051
 
-* Thu Feb 17 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-18
+* Thu Feb 17 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-22
 - update shortnames and vendored components
-- Related: #2001445
+- Related: #2000051
 
-* Wed Feb 16 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-17
+* Wed Feb 16 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-21
 - containers.conf should contain network_backend = "cni" in RHEL8.6
-- Related: #2001445
+- Related: #2000051
 
-* Fri Feb 11 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-16
-- update vendored components and configuration files
-- Related: #2001445
+* Wed Feb 09 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-20
+- update shortname aliases from upstream
+- Related: #2000051
 
-* Fri Feb 04 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-15
+* Fri Feb 04 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-19
 - sync vendored components
-- Related: #2001445
+- Related: #2000051
 
-* Fri Feb 04 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-14
+* Fri Feb 04 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-18
 - sync vendored components
-- Related: #2001445
+- Related: #2000051
 
-* Mon Jan 17 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-13
-- update shortnames from Pyxis
-- Related: #2001445
+* Mon Jan 17 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-17
+- sync shortname aliases via Pyxis
+- Related: #2000051
 
-* Thu Dec 09 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-12
+* Fri Dec 10 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-16
+- do not hardcode log_driver = "journald" and events_logger = "journald"
+  for RHEL9 and leave the rootful/rootless behaviour change based on
+  internal logic
+- Related: #2000051
+
+* Thu Dec 09 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-15
 - do not allow broken content from Pyxis to land in shortnames.conf
-- Related: #2001445
+- Related: #2000051
 
-* Wed Dec 08 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-11
-- sync vendored components
-- update shortnames from Pyxis
-- Related: #2001445
+* Wed Dec 08 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-14
+- update vendored component versions
+- sync shortname aliases via Pyxis
+- Related: #2000051
 
-* Wed Dec 01 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-10
+* Tue Nov 30 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-13
 - use log_driver = "journald" and events_logger = "journald" for RHEL9
-- Related: #2001445
+- Related: #2000051
 
-* Tue Nov 16 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-9
+* Tue Nov 16 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-12
 - consume seccomp.json from the oldest vendored version of c/common,
   not main branch
-- Related: #2001445
+- Related: #2000051
 
-* Wed Nov 10 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-8
+* Fri Nov 12 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-11
+- use ubi8/pause as ubi9/pause is not available yet
+- Related: #2000051
+
+* Wed Nov 10 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-10
 - update vendored components
-- Related: #2001445
+- Related: #2000051
 
-* Tue Nov 02 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-7
+* Tue Nov 02 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-9
 - make log_driver = "k8s-file" default in containers.conf
-- Related: #2001445
+- Related: #2000051
 
-* Wed Oct 13 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-6
-- sync vendored components
-- Related: #2001445
+* Fri Oct 01 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-8
+- perform only sanity/installability tests for now
+- Related: #2000051
 
-* Wed Sep 29 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-5
+* Wed Sep 29 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-7
 - update to the new vendored components
-- Related: #2001445
+- Related: #2000051
 
-* Fri Sep 24 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-4
+* Wed Sep 29 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-6
+- add gating.yaml
+- Related: #2000051
+
+* Fri Sep 24 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-5
 - update to the new vendored components
-- Related: #2001445
+- Related: #2000051
 
-* Fri Sep 10 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-3
+* Fri Sep 10 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-4
+- fix updating scripts
+- Related: #2000051
+
+* Thu Sep 09 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-3
 - update to the new vendored components
-- Related: #2001445
+- Related: #2000051
 
-* Wed Aug 11 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-2
-- synchronize config files for RHEL-8.5
-- Related: #1934415
+* Fri Aug 20 2021 Lokesh Mandvekar <lsm5@fedoraproject.org> - 2:1-2
+- bump configs to latest versions
+- replace ubi9 references with ubi8
+- Related: #1970747
 
 * Wed Aug 11 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-1
 - initial import
-- Related: #1934415
+- Related: #1970747

containers.conf

@@ -57,20 +57,19 @@
 # List of default capabilities for containers. If it is empty or commented out,
 # the default capabilities defined in the container engine will be added.
 #
-default_capabilities = [
-  "NET_RAW",
-  "CHOWN",
-  "DAC_OVERRIDE",
-  "FOWNER",
-  "FSETID",
-  "KILL",
-  "NET_BIND_SERVICE",
-  "SETFCAP",
-  "SETGID",
-  "SETPCAP",
-  "SETUID",
-  "SYS_CHROOT",
-]
+#default_capabilities = [
+#  "CHOWN",
+#  "DAC_OVERRIDE",
+#  "FOWNER",
+#  "FSETID",
+#  "KILL",
+#  "NET_BIND_SERVICE",
+#  "SETFCAP",
+#  "SETGID",
+#  "SETPCAP",
+#  "SETUID",
+#  "SYS_CHROOT",
+#]
 
 # A list of sysctls to be set in containers by default,
 # specified as "name=value",
@@ -185,7 +184,6 @@ default_sysctls = [
 # Logging driver for the container. Available options: k8s-file and journald.
 #
 #log_driver = "k8s-file"
-log_driver = "k8s-file"
 
 # Maximum size allowed for the container log file. Negative numbers indicate
 # that no size limit is imposed. If positive, it must be >= 8192 to match or
@@ -322,7 +320,6 @@ log_driver = "k8s-file"
 # iptables rules and network interfaces might leak on the host. A reboot will fix this.
 #
 #network_backend = ""
-network_backend = "cni"
 
 # Path to directory where CNI plugin binaries are located.
 #
@@ -508,7 +505,6 @@ network_backend = "cni"
 # Valid values are `journald`, `file` and `none`.
 #
 #events_logger = "journald"
-events_logger = "file"
 
 # Creates a more verbose container-create event which includes a JSON payload
 # with detailed information about the container.
@@ -646,7 +642,7 @@ events_logger = "file"
 # Default OCI runtime
 #
 #runtime = "crun"
-runtime = "runc"
+runtime = "crun"
 
 # List of the OCI runtimes that support --format=json. When json is supported
 # engine will use it for reporting nicer errors.

gating.yaml

@@ -0,0 +1,6 @@
+# recipients: jnovy, lsm5, santiago
+--- !Policy
+product_versions:
+  - rhel-9
+decision_context: osci_compose_gate
+rules: []

registries.conf

@@ -76,4 +76,4 @@ unqualified-search-registries = ["registry.access.redhat.com", "registry.redhat.
 # # 2. example-mirror-1.local/mirrors/foo/image:latest
 # # 3. internal-registry-for-example.net/bar/image:latest
 # # in order, and use the first one that exists.
-short-name-mode = "permissive"
+short-name-mode = "enforcing"