436 lines
16 KiB
RPMSpec
436 lines
16 KiB
RPMSpec
# Bellow definitions are used to deliver config files from a particular branch
|
|
# of c/image, c/common, c/storage vendored in all podman, skopeo, buildah.
|
|
# These vendored components must have the same version. If it is not the case,
|
|
# pick the oldest version on c/image, c/common, c/storage vendored in
|
|
# podman/skopeo/podman.
|
|
%global skopeo_branch main
|
|
%global image_branch v5.19.1
|
|
%global common_branch v0.47.4
|
|
%global storage_branch v1.38.2
|
|
%global shortnames_branch main
|
|
|
|
Epoch: 2
|
|
Name: containers-common
|
|
Version: 1
|
|
Release: 27%{?dist}
|
|
Summary: Common configuration and documentation for containers
|
|
License: ASL 2.0
|
|
BuildRequires: /usr/bin/go-md2man
|
|
Provides: skopeo-containers = %{epoch}:%{version}-%{release}
|
|
Conflicts: %{name} <= 2:1-22
|
|
Obsoletes: %{name} <= 2:1-22
|
|
Requires: (container-selinux >= 2:2.162.1 if selinux-policy)
|
|
Requires: oci-runtime
|
|
%if 0%{?rhel} >= 9 || 0%{?fedora}
|
|
Requires: crun >= 0.19
|
|
%else
|
|
Requires: runc
|
|
%endif
|
|
Requires: system-release
|
|
Suggests: subscription-manager
|
|
Recommends: fuse-overlayfs
|
|
Recommends: slirp4netns
|
|
Source1: https://raw.githubusercontent.com/containers/storage/%{storage_branch}/storage.conf
|
|
Source2: https://raw.githubusercontent.com/containers/storage/%{storage_branch}/docs/containers-storage.conf.5.md
|
|
Source3: mounts.conf
|
|
Source4: https://raw.githubusercontent.com/containers/image/%{image_branch}/docs/containers-registries.conf.5.md
|
|
#Source5: https://raw.githubusercontent.com/containers/image/%%{image_branch}/registries.conf
|
|
Source5: registries.conf
|
|
Source6: https://raw.githubusercontent.com/containers/image/%{image_branch}/docs/containers-policy.json.5.md
|
|
Source7: https://raw.githubusercontent.com/containers/common/%{common_branch}/pkg/seccomp/seccomp.json
|
|
Source8: https://raw.githubusercontent.com/containers/common/%{common_branch}/docs/containers-mounts.conf.5.md
|
|
Source9: https://raw.githubusercontent.com/containers/image/%{image_branch}/docs/containers-signature.5.md
|
|
Source10: https://raw.githubusercontent.com/containers/image/%{image_branch}/docs/containers-transports.5.md
|
|
Source11: https://raw.githubusercontent.com/containers/image/%{image_branch}/docs/containers-certs.d.5.md
|
|
Source12: https://raw.githubusercontent.com/containers/image/%{image_branch}/docs/containers-registries.d.5.md
|
|
Source13: https://raw.githubusercontent.com/containers/common/%{common_branch}/pkg/config/containers.conf
|
|
Source14: https://raw.githubusercontent.com/containers/common/%{common_branch}/docs/containers.conf.5.md
|
|
Source15: https://raw.githubusercontent.com/containers/image/%{image_branch}/docs/containers-auth.json.5.md
|
|
Source16: https://raw.githubusercontent.com/containers/image/%{image_branch}/docs/containers-registries.conf.d.5.md
|
|
Source17: https://raw.githubusercontent.com/containers/shortnames/%{shortnames_branch}/shortnames.conf
|
|
Source19: 001-rhel-shortnames-pyxis.conf
|
|
Source20: 002-rhel-shortnames-overrides.conf
|
|
Source21: RPM-GPG-KEY-redhat-release
|
|
Source22: registry.access.redhat.com.yaml
|
|
Source23: registry.redhat.io.yaml
|
|
#Source24: https://raw.githubusercontent.com/containers/skopeo/%%{skopeo_branch}/default-policy.json
|
|
Source24: default-policy.json
|
|
Source25: https://raw.githubusercontent.com/containers/skopeo/%{skopeo_branch}/default.yaml
|
|
# scripts used for synchronization with upstream and shortname generation
|
|
Source100: update.sh
|
|
Source101: update-vendored.sh
|
|
Source102: pyxis.sh
|
|
|
|
%global aardvark_dns_version v1.0.1
|
|
%global aardvark_dns_branch v1.0.1-rhel
|
|
%global aardvark_dns_commit0 0a8eabf6f696f4f1ab14e5722578829362304e0b
|
|
%global aardvark_dns_shortcommit0 %(c=%{aardvark_dns_commit0}; echo ${c:0:7})
|
|
%if 0%{?aardvark_dns_branch:1}
|
|
Source200: https://github.com/containers/aardvark-dns/tarball/%{aardvark_dns_commit0}/%{aardvark_dns_branch}-%{aardvark_dns_shortcommit0}.tar.gz
|
|
%else
|
|
Source200: https://github.com/containers/aardvark-dns/archive/%{aardvark_dns_commit0}/aardvark-dns-%{aardvark_dns_version}-%{aardvark_dns_shortcommit0}.tar.gz
|
|
%endif
|
|
Source201: https://github.com/containers/aardvark-dns/releases/download/%{aardvark_dns_version}/aardvark-dns-%{aardvark_dns_version}-rhel-vendor.tar.gz
|
|
|
|
%global netavark_version v1.0.1
|
|
%global netavark_branch v1.0.1-rhel
|
|
%global netavark_commit0 93af39418a38c9cc901816240c3e7ccb715108c0
|
|
%global netavark_shortcommit0 %(c=%{netavark_commit0}; echo ${c:0:7})
|
|
%if 0%{?netavark_branch:1}
|
|
Source300: https://github.com/containers/netavark/tarball/%{netavark_commit0}/%{netavark_branch}-%{netavark_shortcommit0}.tar.gz
|
|
%else
|
|
Source300: https://github.com/containers/netavark/archive/%{netavark_commit0}/netavark-%{netavark_version}-%{netavark_shortcommit0}.tar.gz
|
|
%endif
|
|
Source301: https://github.com/containers/netavark/releases/download/%{netavark_version}/netavark-%{netavark_version}-rhel-vendor.tar.gz
|
|
|
|
%description
|
|
This package contains common configuration files and documentation for container
|
|
tools ecosystem, such as Podman, Buildah and Skopeo.
|
|
|
|
It is required because the most of configuration files and docs come from projects
|
|
which are vendored into Podman, Buildah, Skopeo, etc. but they are not packaged
|
|
separately.
|
|
|
|
%package -n aardvark-dns
|
|
Version: 1.0.1
|
|
Release: 27%{?dist}
|
|
URL: https://github.com/containers/aardvark-dns
|
|
Summary: Authoritative DNS server for A/AAAA container records
|
|
License: ASL 2.0 and BSD and MIT
|
|
BuildRequires: cargo
|
|
BuildRequires: git-core
|
|
BuildRequires: make
|
|
BuildRequires: rust-srpm-macros
|
|
BuildRequires: rust-toolset
|
|
#ExclusiveArch: %%{rust_arches}
|
|
ExclusiveArch: aarch64 ppc64le s390x x86_64
|
|
|
|
%description -n aardvark-dns
|
|
%{summary}
|
|
|
|
Forwards other request to configured resolvers.
|
|
Read more about configuration in `src/backend/mod.rs`.
|
|
|
|
%package -n netavark
|
|
Version: 1.0.1
|
|
Release: 27%{?dist}
|
|
URL: https://github.com/containers/netavark
|
|
Summary: OCI network stack
|
|
License: ASL 2.0 and BSD and MIT
|
|
BuildRequires: cargo
|
|
BuildRequires: make
|
|
BuildRequires: rust-srpm-macros
|
|
BuildRequires: git-core
|
|
BuildRequires: /usr/bin/go-md2man
|
|
Recommends: aardvark-dns
|
|
Provides: container-network-stack = 2
|
|
BuildRequires: rust-toolset
|
|
#ExclusiveArch: #%%{rust_arches}
|
|
ExclusiveArch: aarch64 ppc64le s390x x86_64
|
|
|
|
%description -n netavark
|
|
%{summary}
|
|
|
|
Netavark is a rust based network stack for containers. It is being
|
|
designed to work with Podman but is also applicable for other OCI
|
|
container management applications.
|
|
|
|
Netavark is a tool for configuring networking for Linux containers.
|
|
Its features include:
|
|
* Configuration of container networks via JSON configuration file
|
|
* Creation and management of required network interfaces,
|
|
including MACVLAN networks
|
|
* All required firewall configuration to perform NAT and port
|
|
forwarding as required for containers
|
|
* Support for iptables and firewalld at present, with support
|
|
for nftables planned in a future release
|
|
* Support for rootless containers
|
|
* Support for IPv4 and IPv6
|
|
* Support for container DNS resolution via aardvark-dns.
|
|
|
|
%prep
|
|
tar fx %{SOURCE200}
|
|
%if 0%{?aardvark_dns_branch:1}
|
|
pushd containers-aardvark-dns-%{aardvark_dns_shortcommit0}
|
|
%else
|
|
pushd aardvark-dns-%{aardvark_dns_commit0}
|
|
%endif
|
|
tar fx %{SOURCE201}
|
|
mkdir -p .cargo
|
|
cat >.cargo/config << EOF
|
|
[source.crates-io]
|
|
replace-with = "vendored-sources"
|
|
|
|
[source.vendored-sources]
|
|
directory = "vendor"
|
|
EOF
|
|
popd
|
|
tar fx %{SOURCE300}
|
|
%if 0%{?netavark_branch:1}
|
|
pushd containers-netavark-%{netavark_shortcommit0}
|
|
%else
|
|
pushd netavark-%{netavark_commit0}
|
|
%endif
|
|
tar fx %{SOURCE301}
|
|
mkdir -p .cargo
|
|
cat >.cargo/config << EOF
|
|
[source.crates-io]
|
|
replace-with = "vendored-sources"
|
|
|
|
[source.vendored-sources]
|
|
directory = "vendor"
|
|
EOF
|
|
popd
|
|
|
|
%build
|
|
%if 0%{?build_rustflags:1}
|
|
export RUSTFLAGS="%{build_rustflags}"
|
|
%endif
|
|
|
|
%if 0%{?aardvark_dns_branch:1}
|
|
pushd containers-aardvark-dns-%{aardvark_dns_shortcommit0}
|
|
%else
|
|
pushd aardvark-dns-%{aardvark_dns_commit0}
|
|
%endif
|
|
%__scm_setup_git -q
|
|
%make_build build
|
|
popd
|
|
|
|
%if 0%{?netavark_branch:1}
|
|
pushd containers-netavark-%{netavark_shortcommit0}
|
|
%else
|
|
pushd netavark-%{netavark_commit0}
|
|
%endif
|
|
%__scm_setup_git -q
|
|
%make_build build
|
|
pushd docs
|
|
go-md2man -in netavark.1.md -out netavark.1
|
|
popd
|
|
%{__make} DESTDIR=%{buildroot} PREFIX=%{_prefix} install
|
|
popd
|
|
|
|
%install
|
|
%if 0%{?aardvark_dns_branch:1}
|
|
pushd containers-aardvark-dns-%{aardvark_dns_shortcommit0}
|
|
%else
|
|
pushd aardvark-dns-%{aardvark_dns_commit0}
|
|
%endif
|
|
%{__make} DESTDIR=%{buildroot} PREFIX=%{_prefix} install
|
|
popd
|
|
|
|
%if 0%{?netavark_branch:1}
|
|
pushd containers-netavark-%{netavark_shortcommit0}
|
|
%else
|
|
pushd netavark-%{netavark_commit0}
|
|
%endif
|
|
%{__make} DESTDIR=%{buildroot} PREFIX=%{_prefix} install
|
|
popd
|
|
|
|
install -dp %{buildroot}%{_sysconfdir}/containers/{certs.d,oci/hooks.d,registries.d,registries.conf.d}
|
|
install -m0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/containers/storage.conf
|
|
install -m0644 %{SOURCE5} %{buildroot}%{_sysconfdir}/containers/registries.conf
|
|
install -m0644 %{SOURCE17} %{buildroot}%{_sysconfdir}/containers/registries.conf.d/000-shortnames.conf
|
|
install -m0644 %{SOURCE19} %{buildroot}%{_sysconfdir}/containers/registries.conf.d/001-rhel-shortnames.conf
|
|
install -m0644 %{SOURCE20} %{buildroot}%{_sysconfdir}/containers/registries.conf.d/002-rhel-shortnames-overrides.conf
|
|
|
|
# for signature verification
|
|
%if !0%{?rhel} || 0%{?centos}
|
|
install -dp %{buildroot}%{_sysconfdir}/pki/rpm-gpg
|
|
install -m0644 %{SOURCE21} %{buildroot}%{_sysconfdir}/pki/rpm-gpg
|
|
%endif
|
|
install -dp %{buildroot}%{_sysconfdir}/containers/registries.d
|
|
install -m0644 %{SOURCE22} %{buildroot}%{_sysconfdir}/containers/registries.d
|
|
install -m0644 %{SOURCE23} %{buildroot}%{_sysconfdir}/containers/registries.d
|
|
install -m0644 %{SOURCE24} %{buildroot}%{_sysconfdir}/containers/policy.json
|
|
install -dp %{buildroot}%{_sharedstatedir}/containers/sigstore
|
|
install -m0644 %{SOURCE25} %{buildroot}%{_sysconfdir}/containers/registries.d/default.yaml
|
|
|
|
# for containers-common
|
|
install -dp %{buildroot}%{_mandir}/man5
|
|
go-md2man -in %{SOURCE2} -out %{buildroot}%{_mandir}/man5/containers-storage.conf.5
|
|
go-md2man -in %{SOURCE4} -out %{buildroot}%{_mandir}/man5/containers-registries.conf.5
|
|
go-md2man -in %{SOURCE6} -out %{buildroot}%{_mandir}/man5/containers-policy.json.5
|
|
go-md2man -in %{SOURCE8} -out %{buildroot}%{_mandir}/man5/containers-mounts.conf.5
|
|
go-md2man -in %{SOURCE9} -out %{buildroot}%{_mandir}/man5/containers-signature.5
|
|
go-md2man -in %{SOURCE10} -out %{buildroot}%{_mandir}/man5/containers-transports.5
|
|
go-md2man -in %{SOURCE11} -out %{buildroot}%{_mandir}/man5/containers-certs.d.5
|
|
go-md2man -in %{SOURCE12} -out %{buildroot}%{_mandir}/man5/containers-registries.d.5
|
|
go-md2man -in %{SOURCE14} -out %{buildroot}%{_mandir}/man5/containers.conf.5
|
|
go-md2man -in %{SOURCE15} -out %{buildroot}%{_mandir}/man5/containers-auth.json.5
|
|
go-md2man -in %{SOURCE16} -out %{buildroot}%{_mandir}/man5/containers-registries.conf.d.5
|
|
|
|
install -dp %{buildroot}%{_datadir}/containers
|
|
install -m0644 %{SOURCE3} %{buildroot}%{_datadir}/containers/mounts.conf
|
|
install -m0644 %{SOURCE7} %{buildroot}%{_datadir}/containers/seccomp.json
|
|
install -m0644 %{SOURCE13} %{buildroot}%{_datadir}/containers/containers.conf
|
|
|
|
# install secrets patch directory
|
|
install -d -p -m 755 %{buildroot}/%{_datadir}/rhel/secrets
|
|
# rhbz#1110876 - update symlinks for subscription management
|
|
ln -s %{_sysconfdir}/pki/entitlement %{buildroot}%{_datadir}/rhel/secrets/etc-pki-entitlement
|
|
ln -s %{_sysconfdir}/rhsm %{buildroot}%{_datadir}/rhel/secrets/rhsm
|
|
ln -s %{_sysconfdir}/yum.repos.d/redhat.repo %{buildroot}%{_datadir}/rhel/secrets/redhat.repo
|
|
|
|
# ship preconfigured /etc/containers/registries.d/ files with containers-common - #1903813
|
|
cat <<EOF > %{buildroot}%{_sysconfdir}/containers/registries.d/registry.access.redhat.com.yaml
|
|
docker:
|
|
registry.access.redhat.com:
|
|
sigstore: https://access.redhat.com/webassets/docker/content/sigstore
|
|
EOF
|
|
|
|
cat <<EOF > %{buildroot}%{_sysconfdir}/containers/registries.d/registry.redhat.io.yaml
|
|
docker:
|
|
registry.redhat.io:
|
|
sigstore: https://registry.redhat.io/containers/sigstore
|
|
EOF
|
|
|
|
%files
|
|
%dir %{_sysconfdir}/containers
|
|
%dir %{_sysconfdir}/containers/certs.d
|
|
%dir %{_sysconfdir}/containers/registries.d
|
|
%{_sysconfdir}/containers/registries.d/registry.redhat.io.yaml
|
|
%{_sysconfdir}/containers/registries.d/registry.access.redhat.com.yaml
|
|
%dir %{_sysconfdir}/containers/oci
|
|
%dir %{_sysconfdir}/containers/oci/hooks.d
|
|
%dir %{_sysconfdir}/containers/registries.conf.d
|
|
%if !0%{?rhel} || 0%{?centos}
|
|
%{_sysconfdir}/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
|
|
%endif
|
|
%config(noreplace) %{_sysconfdir}/containers/policy.json
|
|
%config(noreplace) %{_sysconfdir}/containers/registries.d/default.yaml
|
|
%config(noreplace) %{_sysconfdir}/containers/storage.conf
|
|
%config(noreplace) %{_sysconfdir}/containers/registries.conf
|
|
%config(noreplace) %{_sysconfdir}/containers/registries.conf.d/*.conf
|
|
%config(noreplace) %{_sysconfdir}/containers/registries.d/*.yaml
|
|
%ghost %{_sysconfdir}/containers/containers.conf
|
|
%dir %{_sharedstatedir}/containers/sigstore
|
|
%{_mandir}/man5/*
|
|
%dir %{_datadir}/containers
|
|
%{_datadir}/containers/mounts.conf
|
|
%{_datadir}/containers/seccomp.json
|
|
%{_datadir}/containers/containers.conf
|
|
%dir %{_datadir}/rhel/secrets
|
|
%{_datadir}/rhel/secrets/*
|
|
|
|
%files -n aardvark-dns
|
|
%dir %{_libexecdir}/podman
|
|
%{_libexecdir}/podman/aardvark-dns
|
|
|
|
%files -n netavark
|
|
%dir %{_libexecdir}/podman
|
|
%{_libexecdir}/podman/netavark
|
|
%{_mandir}/man1/netavark.1*
|
|
|
|
%changelog
|
|
* Thu Mar 31 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-27
|
|
- update vendored tarballs to avoid unwanted licenses
|
|
(thanks to Brent Baude)
|
|
- Related: #2065707
|
|
|
|
* Fri Mar 25 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-26
|
|
- remove broken license links from spec file
|
|
- Related: #2065707
|
|
|
|
* Thu Mar 24 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-25
|
|
- update netavark too
|
|
- Related: #2065707
|
|
|
|
* Thu Mar 24 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-24
|
|
- consume aardvark-dns and netavark off the v1.0.1-rhel branch
|
|
- Resolves: #2065707
|
|
|
|
* Mon Feb 28 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-23
|
|
- update to netavark and aardvark-dns 1.0.1
|
|
- Related: #2001445
|
|
|
|
* Wed Feb 23 2022 Lokesh Mandvekar <lsm5@redhat.com> - 2:1-22
|
|
- build rust packages with RUSTFLAGS set to make ExecShield happy
|
|
- Related: #2001445
|
|
|
|
* Mon Feb 21 2022 Lokesh Mandvekar <lsm5@redhat.com> - 2:1-21
|
|
- do not specify infra_image in containers.conf
|
|
- needed to resolve gating test failures
|
|
- Related: #2001445
|
|
|
|
* Fri Feb 18 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-20
|
|
- update to netavark-1.0.0 and aardvark-dns-1.0.0
|
|
- Related: #2001445
|
|
|
|
* Thu Feb 17 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-19
|
|
- package aarvark-dns and netavark as part of the containers-common
|
|
- Related: #2001445
|
|
|
|
* Thu Feb 17 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-18
|
|
- update shortnames and vendored components
|
|
- Related: #2001445
|
|
|
|
* Wed Feb 16 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-17
|
|
- containers.conf should contain network_backend = "cni" in RHEL8.6
|
|
- Related: #2001445
|
|
|
|
* Fri Feb 11 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-16
|
|
- update vendored components and configuration files
|
|
- Related: #2001445
|
|
|
|
* Fri Feb 04 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-15
|
|
- sync vendored components
|
|
- Related: #2001445
|
|
|
|
* Fri Feb 04 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-14
|
|
- sync vendored components
|
|
- Related: #2001445
|
|
|
|
* Mon Jan 17 2022 Jindrich Novy <jnovy@redhat.com> - 2:1-13
|
|
- update shortnames from Pyxis
|
|
- Related: #2001445
|
|
|
|
* Thu Dec 09 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-12
|
|
- do not allow broken content from Pyxis to land in shortnames.conf
|
|
- Related: #2001445
|
|
|
|
* Wed Dec 08 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-11
|
|
- sync vendored components
|
|
- update shortnames from Pyxis
|
|
- Related: #2001445
|
|
|
|
* Wed Dec 01 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-10
|
|
- use log_driver = "journald" and events_logger = "journald" for RHEL9
|
|
- Related: #2001445
|
|
|
|
* Tue Nov 16 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-9
|
|
- consume seccomp.json from the oldest vendored version of c/common,
|
|
not main branch
|
|
- Related: #2001445
|
|
|
|
* Wed Nov 10 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-8
|
|
- update vendored components
|
|
- Related: #2001445
|
|
|
|
* Tue Nov 02 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-7
|
|
- make log_driver = "k8s-file" default in containers.conf
|
|
- Related: #2001445
|
|
|
|
* Wed Oct 13 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-6
|
|
- sync vendored components
|
|
- Related: #2001445
|
|
|
|
* Wed Sep 29 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-5
|
|
- update to the new vendored components
|
|
- Related: #2001445
|
|
|
|
* Fri Sep 24 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-4
|
|
- update to the new vendored components
|
|
- Related: #2001445
|
|
|
|
* Fri Sep 10 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-3
|
|
- update to the new vendored components
|
|
- Related: #2001445
|
|
|
|
* Wed Aug 11 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-2
|
|
- synchronize config files for RHEL-8.5
|
|
- Related: #1934415
|
|
|
|
* Wed Aug 11 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-1
|
|
- initial import
|
|
- Related: #1934415
|