containers-common/containers-common.spec
Jindrich Novy c2dc7e4b3e containers-common-0.60.2-11.el10
- Install shortnames from Pyxis and overrides
- Resolves: RHEL-34940

Signed-off-by: Jindrich Novy <jnovy@redhat.com>
2024-10-31 12:51:32 +01:00

293 lines
11 KiB
RPMSpec

# Below definitions are used to deliver config files from a particular branch
# of c/image, c/storage and c/shortnames vendored in all of Buildah, Podman and Skopeo.
# These vendored components must have the same version. If it is not the case,
# pick the oldest version on c/image, c/storage and c/shortnames vendored in
# Buildah/Podman/Skopeo.
# Packit will automatically update the image and storage versions on Fedora and
# CentOS Stream dist-git PRs.
%global image_branch v5.32.2
%global storage_branch v1.55.0
%global shortnames_branch main
%global project containers
%global repo common
%global raw_github_url https://raw.githubusercontent.com/%{project}
%if %{defined copr_username}
%define copr_build 1
%endif
# See https://github.com/containers/netavark/blob/main/rpm/netavark.spec
# for netavark epoch
%if %{defined copr_build}
%define netavark_epoch 102
%else
%define netavark_epoch 2
%endif
Name: containers-common
%if %{defined copr_build}
Epoch: 102
%else
Epoch: 5
%endif
# DO NOT TOUCH the Version string!
# The TRUE source of this specfile is:
# https://github.com/containers/common/blob/main/rpm/containers-common.spec
# If that's what you're reading, Version must be 0, and will be updated by Packit for
# copr and koji builds.
# If you're reading this on dist-git, the version is automatically filled in by Packit.
Version: 0.60.2
Release: 11%{?dist}
License: Apache-2.0
BuildArch: noarch
# for BuildRequires: go-md2man
ExclusiveArch: %{golang_arches} noarch
Summary: Common configuration and documentation for containers
BuildRequires: git-core
BuildRequires: go-md2man
Provides: skopeo-containers = %{epoch}:%{version}-%{release}
Requires: (container-selinux >= 2:2.162.1 if selinux-policy)
Requires: netavark
Obsoletes: containernetworking-plugins < 2
Suggests: fuse-overlayfs
%if 0%{?rhel}
Requires: /etc/pki/sigstore/REKOR-signing-key
Requires: /etc/pki/sigstore/SIGSTORE-redhat-release3
%endif
URL: https://github.com/%{project}/%{repo}
Source0: %{url}/archive/v%{version_no_tilde}.tar.gz
Source1: %{raw_github_url}/image/%{image_branch}/docs/containers-auth.json.5.md
Source2: %{raw_github_url}/image/%{image_branch}/docs/containers-certs.d.5.md
Source3: %{raw_github_url}/image/%{image_branch}/docs/containers-policy.json.5.md
Source4: %{raw_github_url}/image/%{image_branch}/docs/containers-registries.conf.5.md
Source5: %{raw_github_url}/image/%{image_branch}/docs/containers-registries.conf.d.5.md
Source6: %{raw_github_url}/image/%{image_branch}/docs/containers-registries.d.5.md
Source7: %{raw_github_url}/image/%{image_branch}/docs/containers-signature.5.md
Source8: %{raw_github_url}/image/%{image_branch}/docs/containers-transports.5.md
Source9: %{raw_github_url}/storage/%{storage_branch}/docs/containers-storage.conf.5.md
Source10: %{raw_github_url}/shortnames/%{shortnames_branch}/shortnames.conf
Source11: %{raw_github_url}/image/%{image_branch}/default.yaml
Source12: default-policy.json
Source13: %{raw_github_url}/image/%{image_branch}/registries.conf
Source14: %{raw_github_url}/storage/%{storage_branch}/storage.conf
Source15: REKOR-signing-key
Source16: SIGSTORE-redhat-release3
Source17: registry.access.redhat.com.yaml
Source18: registry.redhat.io.yaml
Source19: 001-rhel-shortnames-pyxis.conf
Source20: 002-rhel-shortnames-overrides.conf
%description
This package contains common configuration files and documentation for container
tools ecosystem, such as Podman, Buildah and Skopeo.
It is required because the most of configuration files and docs come from projects
which are vendored into Podman, Buildah, Skopeo, etc. but they are not packaged
separately.
%package extra
Summary: Extra dependencies for Podman and Buildah
Requires: %{name} = %{epoch}:%{version}-%{release}
Requires: container-network-stack
Requires: oci-runtime
Requires: nftables
Requires: passt
%if %{defined fedora}
Requires: iptables
Conflicts: podman < 5:5.0.0~rc4-1
Recommends: composefs
Recommends: crun
Requires: (crun if fedora-release-identity-server)
Requires: netavark >= %{netavark_epoch}:1.10.3-1
Suggests: slirp4netns
Recommends: qemu-user-static
Requires: (qemu-user-static-aarch64 if fedora-release-identity-server)
Requires: (qemu-user-static-arm if fedora-release-identity-server)
Requires: (qemu-user-static-x86 if fedora-release-identity-server)
%endif
%description extra
This subpackage will handle dependencies common to Podman and Buildah which are
not required by Skopeo.
%prep
%autosetup -Sgit -n %{repo}-%{version_no_tilde}
# Copy manpages to docs subdir in builddir to build before installing.
cp %{SOURCE1} docs/.
cp %{SOURCE2} docs/.
cp %{SOURCE3} docs/.
cp %{SOURCE4} docs/.
cp %{SOURCE5} docs/.
cp %{SOURCE6} docs/.
cp %{SOURCE7} docs/.
cp %{SOURCE8} docs/.
cp %{SOURCE9} docs/.
# Copy config files to builddir to patch them before installing.
# Currently, only registries.conf and storage.conf files are patched before
# installing.
cp %{SOURCE10} shortnames.conf
cp %{SOURCE13} registries.conf
cp %{SOURCE14} storage.conf
# Fine-grain distro- and release-specific tuning of config files,
# e.g., seccomp, composefs, registries on different RHEL/Fedora versions
bash rpm/update-config-files.sh
%build
mkdir -p man5
for i in docs/*.5.md; do
go-md2man -in $i -out man5/$(basename $i .md)
done
%install
ensure() {
if grep ^$2[[:blank:]].*= $1 > /dev/null
then
sed -i "s;^$2[[:blank:]]=.*;$2 = $3;" $1
else
if grep ^\#.*$2[[:blank:]].*= $1 > /dev/null
then
sed -i "/^#.*$2[[:blank:]].*=/a \
$2 = $3" $1
else
echo "$2 = $3" >> $1
fi
fi
}
# ensure required configurations for RHEL10 is present
ensure pkg/config/containers.conf runtime \"crun\"
ensure pkg/config/containers.conf log_driver \"file\"
# install config and policy files for registries
install -dp %{buildroot}%{_sysconfdir}/containers/{certs.d,oci/hooks.d,systemd}
install -dp %{buildroot}%{_sharedstatedir}/containers/sigstore
install -dp %{buildroot}%{_datadir}/containers/systemd
install -dp %{buildroot}%{_prefix}/lib/containers/storage
install -dp -m 700 %{buildroot}%{_prefix}/lib/containers/storage/overlay-images
touch %{buildroot}%{_prefix}/lib/containers/storage/overlay-images/images.lock
install -dp -m 700 %{buildroot}%{_prefix}/lib/containers/storage/overlay-layers
touch %{buildroot}%{_prefix}/lib/containers/storage/overlay-layers/layers.lock
install -Dp -m0644 shortnames.conf %{buildroot}%{_sysconfdir}/containers/registries.conf.d/000-shortnames.conf
install -m0644 %{SOURCE19} %{buildroot}%{_sysconfdir}/containers/registries.conf.d/001-rhel-shortnames.conf
install -m0644 %{SOURCE20} %{buildroot}%{_sysconfdir}/containers/registries.conf.d/002-rhel-shortnames-overrides.conf
install -Dp -m0644 %{SOURCE11} %{buildroot}%{_sysconfdir}/containers/registries.d/default.yaml
install -Dp -m0644 %{SOURCE12} %{buildroot}%{_sysconfdir}/containers/policy.json
install -Dp -m0644 registries.conf %{buildroot}%{_sysconfdir}/containers/registries.conf
install -Dp -m0644 storage.conf %{buildroot}%{_datadir}/containers/storage.conf
%if 0%{?fedora} || 0%{?centos}
install -dp %{buildroot}%{_sysconfdir}/pki/sigstore
install -m0644 %{SOURCE15} %{buildroot}%{_sysconfdir}/pki/sigstore
install -m0644 %{SOURCE16} %{buildroot}%{_sysconfdir}/pki/sigstore
%endif
install -Dp -m0644 %{SOURCE17} -t %{buildroot}%{_sysconfdir}/containers/registries.d
install -Dp -m0644 %{SOURCE18} -t %{buildroot}%{_sysconfdir}/containers/registries.d
# install manpages
install -dp %{buildroot}%{_mandir}/man5
for i in man5/*.5; do
install -Dp -m0644 $i -t %{buildroot}%{_mandir}/man5
done
ln -s containerignore.5 %{buildroot}%{_mandir}/man5/.containerignore.5
# install config files for mounts, containers and seccomp
install -m0644 pkg/subscriptions/mounts.conf %{buildroot}%{_datadir}/containers/mounts.conf
install -m0644 pkg/seccomp/seccomp.json %{buildroot}%{_datadir}/containers/seccomp.json
install -m0644 pkg/config/containers.conf %{buildroot}%{_datadir}/containers/containers.conf
# install secrets patch directory
install -d -p -m 755 %{buildroot}/%{_datadir}/rhel/secrets
# rhbz#1110876 - update symlinks for subscription management
ln -s ../../../..%{_sysconfdir}/pki/entitlement %{buildroot}%{_datadir}/rhel/secrets/etc-pki-entitlement
ln -s ../../../..%{_sysconfdir}/rhsm %{buildroot}%{_datadir}/rhel/secrets/rhsm
ln -s ../../../..%{_sysconfdir}/yum.repos.d/redhat.repo %{buildroot}%{_datadir}/rhel/secrets/redhat.repo
%files
%dir %{_sysconfdir}/containers
%dir %{_sysconfdir}/containers/certs.d
%dir %{_sysconfdir}/containers/oci
%dir %{_sysconfdir}/containers/oci/hooks.d
%dir %{_sysconfdir}/containers/registries.conf.d
%dir %{_sysconfdir}/containers/registries.d
%dir %{_sysconfdir}/containers/systemd
%dir %{_prefix}/lib/containers
%dir %{_prefix}/lib/containers/storage
%dir %{_prefix}/lib/containers/storage/overlay-images
%dir %{_prefix}/lib/containers/storage/overlay-layers
%{_prefix}/lib/containers/storage/overlay-images/images.lock
%{_prefix}/lib/containers/storage/overlay-layers/layers.lock
%config(noreplace) %{_sysconfdir}/containers/policy.json
%config(noreplace) %{_sysconfdir}/containers/registries.conf
%config(noreplace) %{_sysconfdir}/containers/registries.conf.d/*.conf
%if 0%{?fedora} || 0%{?centos}
%{_sysconfdir}/pki/sigstore/REKOR-signing-key
%{_sysconfdir}/pki/sigstore/SIGSTORE-redhat-release3
%endif
%config(noreplace) %{_sysconfdir}/containers/registries.d/default.yaml
%config(noreplace) %{_sysconfdir}/containers/registries.d/registry.redhat.io.yaml
%config(noreplace) %{_sysconfdir}/containers/registries.d/registry.access.redhat.com.yaml
%ghost %{_sysconfdir}/containers/storage.conf
%ghost %{_sysconfdir}/containers/containers.conf
%dir %{_sharedstatedir}/containers/sigstore
%{_mandir}/man5/Containerfile.5.gz
%{_mandir}/man5/containerignore.5.gz
%{_mandir}/man5/.containerignore.5.gz
%{_mandir}/man5/containers*.5.gz
%dir %{_datadir}/containers
%dir %{_datadir}/containers/systemd
%{_datadir}/containers/storage.conf
%{_datadir}/containers/containers.conf
%{_datadir}/containers/mounts.conf
%{_datadir}/containers/seccomp.json
%dir %{_datadir}/rhel
%dir %{_datadir}/rhel/secrets
%{_datadir}/rhel/secrets/*
%files extra
%changelog
* Thu Oct 31 2024 Jindrich Novy <jnovy@redhat.com> - 5:0.60.2-11
- Install shortnames from Pyxis and overrides
- Resolves: RHEL-34940
* Wed Oct 30 2024 Jindrich Novy <jnovy@redhat.com> - 5:0.60.2-10
- don't use registry yaml files from upstream but RHEL10 dedicated ones
- Resolves: RHEL-65203
* Wed Oct 30 2024 Jindrich Novy <jnovy@redhat.com> - 5:0.60.2-9
- ensure required configurations for RHEL10 is present
- Resolves: RHEL-58990
* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 5:0.60.2-8
- Bump release for October 2024 mass rebuild:
Resolves: RHEL-64018
* Tue Oct 29 2024 Jindrich Novy <jnovy@redhat.com> - 5:0.60.2-7
- Enable sigstore support
- Resolves: RUN-2164
* Tue Sep 10 2024 Jindrich Novy <jnovy@redhat.com> - 5:0.60.2-6
- package GPG keys only on Fedora and CentOS
- Related: RHEL-39410
* Mon Sep 09 2024 Jindrich Novy <jnovy@redhat.com> - 5:0.60.2-5
- include relevant GPG keys
- Resolves: RHEL-57720
* Thu Sep 05 2024 Jindrich Novy <jnovy@redhat.com> - 5:0.60.2-4
- update update.sh script and set logdriver to file
- Resolves: RHEL-57101
* Wed Aug 28 2024 Jindrich Novy <jnovy@redhat.com> - 5:0.60.2-3
- Obsolete containernetworking-plugins
- Resolves: RHEL-39410